diff options
author | pmikus <peter.mikus@protonmail.ch> | 2023-04-28 11:27:25 +0000 |
---|---|---|
committer | pmikus <peter.mikus@protonmail.ch> | 2023-04-28 11:27:25 +0000 |
commit | d14b7a69e628582b9132abc1b6e09aada68c0077 (patch) | |
tree | 4ac651bd5240093f82580656bf5a95639c976fa3 /fdio.infra.ansible/roles/docker_images | |
parent | f451c7a50bc663a6727f01873b8663bfa9ae22e1 (diff) |
feat(ansible): Refactor docker-image roles
Signed-off-by: pmikus <peter.mikus@protonmail.ch>
Change-Id: I6731e55b9643f46463c16f68e4986e3cb61f843f
Diffstat (limited to 'fdio.infra.ansible/roles/docker_images')
13 files changed, 531 insertions, 0 deletions
diff --git a/fdio.infra.ansible/roles/docker_images/files/base/Dockerfile b/fdio.infra.ansible/roles/docker_images/files/base/Dockerfile new file mode 100644 index 0000000000..0a17bf6404 --- /dev/null +++ b/fdio.infra.ansible/roles/docker_images/files/base/Dockerfile @@ -0,0 +1,152 @@ +FROM ubuntu:22.04 + +# Setup the environment +ENV DEBIAN_FRONTEND=noninteractive + +# Configure locales +RUN apt-get update -qq \ + && apt-get install -y \ + apt-utils \ + locales \ + && sed -i 's/# \(en_US\.UTF-8 .*\)/\1/' /etc/locale.gen \ + && locale-gen en_US.UTF-8 \ + && dpkg-reconfigure --frontend=noninteractive locales \ + && update-locale LANG=en_US.UTF-8 \ + && TZ=Etc/UTC && ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone \ + && rm -r /var/lib/apt/lists/* +ENV LANG="en_US.UTF-8" LANGUAGE="en_US" LC_ALL="en_US.UTF-8" + +# Install packages and Docker +RUN apt-get -q update \ + && apt-get install -y -qq \ + apt-transport-https \ + bridge-utils \ + ca-certificates \ + cgroup-tools \ + cloud-init \ + cmake \ + curl \ + dkms \ + gdb \ + gfortran \ + libapr1 \ + libblas-dev \ + libffi-dev \ + liblapack-dev \ + libmbedcrypto7 \ + libmbedtls14 \ + libmbedx509-1 \ + libnuma1 \ + libnuma-dev \ + libpcap-dev \ + libpixman-1-dev \ + libssl-dev \ + net-tools \ + openssh-server \ + pciutils \ + python3-all \ + python3-apt \ + python3-cffi \ + python3-cffi-backend \ + python3-dev \ + python3-pip \ + python3-setuptools \ + python3-virtualenv \ + qemu-system \ + rsyslog \ + socat \ + software-properties-common \ + strongswan \ + ssh \ + sshpass \ + sudo \ + supervisor \ + tar \ + tcpdump \ + unzip \ + vim \ + wget \ + zlib1g-dev \ + && curl -fsSL https://get.docker.com | sh \ + && rm -rf /var/lib/apt/lists/* + +# Fix permissions +RUN chown root:syslog /var/log \ + && chmod 755 /etc/default + +# Create directory structure +RUN mkdir -p /tmp/dumps \ + && mkdir -p /var/cache/vpp/python \ + && mkdir -p /var/run/sshd \ + && mkdir -p /var/log/vpp + +# CSIT PIP pre-cache +RUN pip3 install \ + ecdsa==0.18.0 \ + paramiko==2.9.3 \ + pycrypto==2.6.1 \ + PyYAML==5.4.1 \ + requests==2.25.1 \ + robotframework==5.0.1 \ + scapy==2.4.5 \ + scp==0.14.4 \ + ansible==5.10.0 \ + ansible-core==2.12.7 \ + dill==0.3.5.1 \ + numpy==1.22.4 \ + scipy==1.8.1 \ + boto3==1.17.78 \ + botocore==1.20.78 \ + hdrhistogram==0.6.1 \ + pandas==1.4.2 \ + plotly==4.1.1 \ + PTable==0.9.2 \ + Sphinx==3.5.4 \ + sphinx-rtd-theme==0.5.2 \ + sphinxcontrib-applehelp==1.0.2 \ + sphinxcontrib-devhelp==1.0.2 \ + sphinxcontrib-htmlhelp==2.0.0 \ + sphinxcontrib-jsmath==1.0.1 \ + sphinxcontrib-programoutput==0.17 \ + sphinxcontrib-qthelp==1.0.3 \ + sphinxcontrib-robotdoc==0.11.0 \ + sphinxcontrib-serializinghtml==1.1.5 \ + ply==3.11 \ + jsonschema==4.1.0 \ + rfc3339-validator==0.1.4 \ + rfc3987==1.3.8 \ + alabaster==0.7.12 \ + attrs==21.4.0 \ + Babel==2.10.3 \ + bcrypt==3.2.2 \ + certifi==2022.6.15 \ + cffi==1.15.1 \ + chardet==4.0.0 \ + cryptography==36.0.2 \ + docutils==0.16 \ + future==0.18.2 \ + idna==2.10 \ + imagesize==1.4.1 \ + Jinja2==3.0.3 \ + jmespath==0.10.0 \ + MarkupSafe==2.1.1 \ + packaging==21.3 \ + pbr==5.9.0 \ + pycparser==2.21 \ + Pygments==2.12.0 \ + PyNaCl==1.5.0 \ + pyparsing==3.0.9 \ + pyrsistent==0.18.1 \ + python-dateutil==2.8.2 \ + pytz==2022.1 \ + resolvelib==0.5.4 \ + retrying==1.3.3 \ + s3transfer==0.4.2 \ + six==1.16.0 \ + snowballstemmer==2.2.0 \ + urllib3==1.26.10 + +RUN useradd -rm -d /home/testuser -s /bin/bash -g root -G sudo -u 1000 testuser \ + && echo 'testuser:Csit1234' | chpasswd + +RUN service ssh start
\ No newline at end of file diff --git a/fdio.infra.ansible/roles/docker_images/files/csit-initialize-docker-sut.service b/fdio.infra.ansible/roles/docker_images/files/csit-initialize-docker-sut.service new file mode 100644 index 0000000000..431387c95c --- /dev/null +++ b/fdio.infra.ansible/roles/docker_images/files/csit-initialize-docker-sut.service @@ -0,0 +1,12 @@ +[Unit] +Description=CSIT Initialize Docker SUT +After=network.target + +[Service] +Type=oneshot +RemainAfterExit=True +ExecStart=docker compose -f /opt/csit-docker-images/docker-compose-sut.yaml up --detach +ExecStop=docker compose -f /opt/csit-docker-images/docker-compose-sut.yaml down + +[Install] +WantedBy=default.target diff --git a/fdio.infra.ansible/roles/docker_images/files/csit-initialize-docker-tg.service b/fdio.infra.ansible/roles/docker_images/files/csit-initialize-docker-tg.service new file mode 100644 index 0000000000..2c93724a4c --- /dev/null +++ b/fdio.infra.ansible/roles/docker_images/files/csit-initialize-docker-tg.service @@ -0,0 +1,12 @@ +[Unit] +Description=CSIT Initialize Docker TG +After=network.target + +[Service] +Type=oneshot +RemainAfterExit=True +ExecStart=docker compose -f /opt/csit-docker-images/docker-compose-tg.yaml up --detach +ExecStop=docker compose -f /opt/csit-docker-images/docker-compose-tg.yaml down + +[Install] +WantedBy=default.target diff --git a/fdio.infra.ansible/roles/docker_images/files/csit-initialize-docker-tg.sh b/fdio.infra.ansible/roles/docker_images/files/csit-initialize-docker-tg.sh new file mode 100755 index 0000000000..0f93def8b5 --- /dev/null +++ b/fdio.infra.ansible/roles/docker_images/files/csit-initialize-docker-tg.sh @@ -0,0 +1,43 @@ +#!/usr/bin/env bash + +set -euo pipefail + +case "${1:-start}" in + "start" ) + # Run TG + for cnt in $(seq 1 ${2:-1}); do + docker network create --driver bridge csit-nw-tg${cnt} || true + # If the IMAGE is not already loaded then docker run will pull the + # IMAGE, and all image dependencies, before it starts the container. + dcr_image="base-ubuntu2204:local" + # Run the container in the background and print the new container + # ID. + dcr_stc_params="--detach=true " + # Give extended privileges to this container. A "privileged" + # container is given access to all devices and able to run nested + # containers. + dcr_stc_params+="--privileged " + # Publish all exposed ports to random ports on the host interfaces. + dcr_stc_params+="--publish 600${cnt}:2222 " + # Automatically remove the container when it exits. + dcr_stc_params+="--rm " + # Size of /dev/shm. + dcr_stc_params+="--shm-size 4G " + # Mount vfio to be able to bind to see binded interfaces. We cannot + # use --device=/dev/vfio as this does not see newly binded + # interfaces. + dcr_stc_params+="--volume /dev:/dev " + # Mount /opt/boot/ where VM kernel and initrd are located. + dcr_stc_params+="--volume /opt:/opt " + # Mount host hugepages for VMs. + dcr_stc_params+="--volume /dev/hugepages:/dev/hugepages " + + params=(${dcr_stc_params} --name csit-tg-"${cnt}" "${dcr_image}") + docker run --network=csit-nw-tg${cnt} "${params[@]}" + done + ;; + "stop" ) + docker rm --force $(docker ps --all --quiet --filter name=csit) + docker network rm $(docker network ls --filter name=csit --quiet) + ;; +esac diff --git a/fdio.infra.ansible/roles/docker_images/files/csit-sut/Dockerfile b/fdio.infra.ansible/roles/docker_images/files/csit-sut/Dockerfile new file mode 100644 index 0000000000..26463db449 --- /dev/null +++ b/fdio.infra.ansible/roles/docker_images/files/csit-sut/Dockerfile @@ -0,0 +1,5 @@ +FROM base-ubuntu2204:local + +COPY supervisord.conf /etc/supervisor/supervisord.conf + +CMD ["sh", "-c", "rm -f /dev/shm/db /dev/shm/global_vm /dev/shm/vpe-api; /usr/bin/supervisord -c /etc/supervisor/supervisord.conf; /usr/sbin/sshd -D -p 2222"]
\ No newline at end of file diff --git a/fdio.infra.ansible/roles/docker_images/files/csit-sut/supervisord.conf b/fdio.infra.ansible/roles/docker_images/files/csit-sut/supervisord.conf new file mode 100644 index 0000000000..22a36be5c6 --- /dev/null +++ b/fdio.infra.ansible/roles/docker_images/files/csit-sut/supervisord.conf @@ -0,0 +1,24 @@ +[unix_http_server] +file = /tmp/supervisor.sock +chmod = 0777 + +[rpcinterface:supervisor] +supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface + +[supervisorctl] +serverurl = unix:///tmp/supervisor.sock + +[supervisord] +pidfile = /tmp/supervisord.pid +identifier = supervisor +directory = /tmp +logfile = /tmp/supervisord.log +loglevel = debug +nodaemon = false + +[program:vpp] +command = /usr/bin/vpp -c /etc/vpp/startup.conf +autostart = false +autorestart = true +redirect_stderr = true +priority = 1
\ No newline at end of file diff --git a/fdio.infra.ansible/roles/docker_images/handlers/main.yaml b/fdio.infra.ansible/roles/docker_images/handlers/main.yaml new file mode 100644 index 0000000000..766eec432a --- /dev/null +++ b/fdio.infra.ansible/roles/docker_images/handlers/main.yaml @@ -0,0 +1,18 @@ +--- +# file: handlers/main.yaml + +- name: "Start csit-initialize-docker-sut.service" + ansible.builtin.systemd: + enabled: true + state: "started" + name: "csit-initialize-docker-sut.service" + tags: + - docker-sut + +- name: "Start csit-initialize-docker-tg.service" + ansible.builtin.systemd: + enabled: true + state: "started" + name: "csit-initialize-docker-tg.service" + tags: + - docker-tg
\ No newline at end of file diff --git a/fdio.infra.ansible/roles/docker_images/tasks/base.yaml b/fdio.infra.ansible/roles/docker_images/tasks/base.yaml new file mode 100644 index 0000000000..69b3f6217d --- /dev/null +++ b/fdio.infra.ansible/roles/docker_images/tasks/base.yaml @@ -0,0 +1,63 @@ +--- +# file: tasks/base.yaml + +- name: "Create a Directory For Docker Images" + ansible.builtin.file: + path: "/opt/csit-docker-images/" + state: "directory" + mode: 0755 + tags: + - docker-base + +- name: "Copy Build Items" + ansible.builtin.copy: + src: "{{ item }}" + dest: "/opt/csit-docker-images/{{ item }}" + owner: "root" + group: "root" + mode: 0755 + with_items: + - "base/" + - "csit-sut/" + tags: + - docker-base + +- name: "Build CSIT Base Docker Image" + ansible.builtin.shell: "docker build -t base-ubuntu2204:local ." + args: + chdir: "/opt/csit-docker-images/base" + async: 3000 + poll: 0 + register: "docker_built" + tags: + - docker-base + +- name: "Check if CSIT Base Docker Image is Built" + async_status: + jid: "{{ docker_built.ansible_job_id }}" + register: "docker_built" + until: "docker_built.finished" + delay: 10 + retries: 300 + tags: + - docker-base + +- name: "Build CSIT OLD Docker Image" + ansible.builtin.shell: "docker build -t csit_sut-ubuntu2204:local ." + args: + chdir: "/opt/csit-docker-images/csit-sut" + async: 3000 + poll: 0 + register: "docker_built" + tags: + - docker-base + +- name: "Check if CSIT OLD Docker Image is Built" + async_status: + jid: "{{ docker_built.ansible_job_id }}" + register: "docker_built" + until: "docker_built.finished" + delay: 10 + retries: 300 + tags: + - docker-base
\ No newline at end of file diff --git a/fdio.infra.ansible/roles/docker_images/tasks/main.yaml b/fdio.infra.ansible/roles/docker_images/tasks/main.yaml new file mode 100644 index 0000000000..1005e024f2 --- /dev/null +++ b/fdio.infra.ansible/roles/docker_images/tasks/main.yaml @@ -0,0 +1,21 @@ +--- +# file: tasks/main.yaml + +- name: "Build Base Docker Images" + import_tasks: "base.yaml" + tags: + - docker-base + +- name: "Docker Orchestration for TG" + import_tasks: "tg.yaml" + when: > + docker_tg is defined + tags: + - docker-tg + +- name: "Docker Orchestration for SUT" + import_tasks: "sut.yaml" + when: > + docker_sut is defined + tags: + - docker-sut
\ No newline at end of file diff --git a/fdio.infra.ansible/roles/docker_images/tasks/sut.yaml b/fdio.infra.ansible/roles/docker_images/tasks/sut.yaml new file mode 100644 index 0000000000..8ac179573d --- /dev/null +++ b/fdio.infra.ansible/roles/docker_images/tasks/sut.yaml @@ -0,0 +1,28 @@ +--- +# file: tasks/sut.yaml + +- name: "Template Compose File" + ansible.builtin.template: + src: "{{ item }}.j2" + dest: "/opt/csit-docker-images/{{ item }}" + owner: "root" + group: "root" + mode: 0755 + with_items: + - "docker-compose-sut.yaml" + tags: + - docker-sut + +- name: "Copy csit-initialize-docker-sut.service" + ansible.builtin.copy: + src: "files/csit-initialize-docker-sut.service" + dest: "/etc/systemd/system/" + owner: "root" + group: "root" + mode: 0644 + notify: + - "Start csit-initialize-docker-sut.service" + tags: + - docker-sut + +- meta: flush_handlers
\ No newline at end of file diff --git a/fdio.infra.ansible/roles/docker_images/tasks/tg.yaml b/fdio.infra.ansible/roles/docker_images/tasks/tg.yaml new file mode 100644 index 0000000000..0623616073 --- /dev/null +++ b/fdio.infra.ansible/roles/docker_images/tasks/tg.yaml @@ -0,0 +1,28 @@ +--- +# file: tasks/tg.yaml + +- name: "Template Compose File" + ansible.builtin.template: + src: "{{ item }}.j2" + dest: "/opt/csit-docker-images/{{ item }}" + owner: "root" + group: "root" + mode: 0755 + with_items: + - "docker-compose-tg.yaml" + tags: + - docker-tg + +- name: "Start csit-initialize-docker-tg.service" + ansible.builtin.copy: + src: "files/csit-initialize-docker-tg.service" + dest: "/etc/systemd/system/" + owner: "root" + group: "root" + mode: 0644 + notify: + - "Start csit-initialize-docker-tg.service" + tags: + - docker-tg + +- meta: flush_handlers
\ No newline at end of file diff --git a/fdio.infra.ansible/roles/docker_images/templates/docker-compose-sut.yaml.j2 b/fdio.infra.ansible/roles/docker_images/templates/docker-compose-sut.yaml.j2 new file mode 100644 index 0000000000..bcb29f1ae0 --- /dev/null +++ b/fdio.infra.ansible/roles/docker_images/templates/docker-compose-sut.yaml.j2 @@ -0,0 +1,64 @@ +version: "3" +services: + numa-0: + build: + context: "base/" + dockerfile: "Dockerfile" + command: ["/usr/sbin/sshd","-D", "-p", "6001"] + expose: + - "6001" + hostname: "{{ ansible_hostname[:-1] }}1" + network_mode: "host" + privileged: true + restart: "always" + shm_size: "4G" + devices: + - "/dev/hugepages:/dev/hugepages" + - "/dev/vfio:/dev/vfio" + volumes: + - type: "bind" + source: "/etc/sudoers" + target: "/etc/sudoers" + - type: "bind" + source: "/dev/null" + target: "/etc/sysctl.d/80-vpp.conf" + - type: "bind" + source: "/opt/boot/" + target: "/opt/boot/" + - type: "bind" + source: "/var/run/docker.sock" + target: "/var/run/docker.sock" + - type: "bind" + source: "/usr/lib/firmware/" + target: "/usr/lib/firmware/" + numa-1: + build: + context: "base/" + dockerfile: "Dockerfile" + command: ["/usr/sbin/sshd","-D", "-p", "6002"] + expose: + - "6002" + hostname: "{{ ansible_hostname[:-1] }}2" + network_mode: "host" + privileged: true + restart: "always" + shm_size: "4G" + devices: + - "/dev/hugepages:/dev/hugepages" + - "/dev/vfio:/dev/vfio" + volumes: + - type: "bind" + source: "/etc/sudoers" + target: "/etc/sudoers" + - type: "bind" + source: "/dev/null" + target: "/etc/sysctl.d/80-vpp.conf" + - type: "bind" + source: "/opt/boot/" + target: "/opt/boot/" + - type: "bind" + source: "/var/run/docker.sock" + target: "/var/run/docker.sock" + - type: "bind" + source: "/usr/lib/firmware/" + target: "/usr/lib/firmware/"
\ No newline at end of file diff --git a/fdio.infra.ansible/roles/docker_images/templates/docker-compose-tg.yaml.j2 b/fdio.infra.ansible/roles/docker_images/templates/docker-compose-tg.yaml.j2 new file mode 100644 index 0000000000..0cbe6c5590 --- /dev/null +++ b/fdio.infra.ansible/roles/docker_images/templates/docker-compose-tg.yaml.j2 @@ -0,0 +1,61 @@ +version: "3" +services: + tg-0: + build: + context: "base/" + dockerfile: "Dockerfile" + command: ["/usr/sbin/sshd","-D", "-p", "6001"] + expose: + - "6001" + hostname: "{{ ansible_hostname }}" + networks: + tg-nw-0: + privileged: true + ports: + - "6001:6001" + restart: "always" + shm_size: "4G" + devices: + - "/dev/hugepages:/dev/hugepages" + - "/dev/vfio:/dev/vfio" + volumes: + - type: "bind" + source: "/etc/sudoers" + target: "/etc/sudoers" + - type: "bind" + source: "/opt/" + target: "/opt/" + - type: "bind" + source: "/usr/lib/firmware/" + target: "/usr/lib/firmware/" + tg-1: + build: + context: "base/" + dockerfile: "Dockerfile" + command: ["/usr/sbin/sshd","-D", "-p", "6002"] + expose: + - "6002" + hostname: "{{ ansible_hostname }}" + networks: + tg-nw-1: + privileged: true + ports: + - "6002:6002" + restart: "always" + shm_size: "4G" + devices: + - "/dev/hugepages:/dev/hugepages" + - "/dev/vfio:/dev/vfio" + volumes: + - type: "bind" + source: "/etc/sudoers" + target: "/etc/sudoers" + - type: "bind" + source: "/opt/" + target: "/opt/" + - type: "bind" + source: "/usr/lib/firmware/" + target: "/usr/lib/firmware/" +networks: + tg-nw-0: + tg-nw-1:
\ No newline at end of file |