aboutsummaryrefslogtreecommitdiffstats
path: root/fdio.infra.ansible/roles/docker_images
diff options
context:
space:
mode:
authorpmikus <peter.mikus@protonmail.ch>2023-04-28 11:27:25 +0000
committerpmikus <peter.mikus@protonmail.ch>2023-04-28 11:27:25 +0000
commitd14b7a69e628582b9132abc1b6e09aada68c0077 (patch)
tree4ac651bd5240093f82580656bf5a95639c976fa3 /fdio.infra.ansible/roles/docker_images
parentf451c7a50bc663a6727f01873b8663bfa9ae22e1 (diff)
feat(ansible): Refactor docker-image roles
Signed-off-by: pmikus <peter.mikus@protonmail.ch> Change-Id: I6731e55b9643f46463c16f68e4986e3cb61f843f
Diffstat (limited to 'fdio.infra.ansible/roles/docker_images')
-rw-r--r--fdio.infra.ansible/roles/docker_images/files/base/Dockerfile152
-rw-r--r--fdio.infra.ansible/roles/docker_images/files/csit-initialize-docker-sut.service12
-rw-r--r--fdio.infra.ansible/roles/docker_images/files/csit-initialize-docker-tg.service12
-rwxr-xr-xfdio.infra.ansible/roles/docker_images/files/csit-initialize-docker-tg.sh43
-rw-r--r--fdio.infra.ansible/roles/docker_images/files/csit-sut/Dockerfile5
-rw-r--r--fdio.infra.ansible/roles/docker_images/files/csit-sut/supervisord.conf24
-rw-r--r--fdio.infra.ansible/roles/docker_images/handlers/main.yaml18
-rw-r--r--fdio.infra.ansible/roles/docker_images/tasks/base.yaml63
-rw-r--r--fdio.infra.ansible/roles/docker_images/tasks/main.yaml21
-rw-r--r--fdio.infra.ansible/roles/docker_images/tasks/sut.yaml28
-rw-r--r--fdio.infra.ansible/roles/docker_images/tasks/tg.yaml28
-rw-r--r--fdio.infra.ansible/roles/docker_images/templates/docker-compose-sut.yaml.j264
-rw-r--r--fdio.infra.ansible/roles/docker_images/templates/docker-compose-tg.yaml.j261
13 files changed, 531 insertions, 0 deletions
diff --git a/fdio.infra.ansible/roles/docker_images/files/base/Dockerfile b/fdio.infra.ansible/roles/docker_images/files/base/Dockerfile
new file mode 100644
index 0000000000..0a17bf6404
--- /dev/null
+++ b/fdio.infra.ansible/roles/docker_images/files/base/Dockerfile
@@ -0,0 +1,152 @@
+FROM ubuntu:22.04
+
+# Setup the environment
+ENV DEBIAN_FRONTEND=noninteractive
+
+# Configure locales
+RUN apt-get update -qq \
+ && apt-get install -y \
+ apt-utils \
+ locales \
+ && sed -i 's/# \(en_US\.UTF-8 .*\)/\1/' /etc/locale.gen \
+ && locale-gen en_US.UTF-8 \
+ && dpkg-reconfigure --frontend=noninteractive locales \
+ && update-locale LANG=en_US.UTF-8 \
+ && TZ=Etc/UTC && ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone \
+ && rm -r /var/lib/apt/lists/*
+ENV LANG="en_US.UTF-8" LANGUAGE="en_US" LC_ALL="en_US.UTF-8"
+
+# Install packages and Docker
+RUN apt-get -q update \
+ && apt-get install -y -qq \
+ apt-transport-https \
+ bridge-utils \
+ ca-certificates \
+ cgroup-tools \
+ cloud-init \
+ cmake \
+ curl \
+ dkms \
+ gdb \
+ gfortran \
+ libapr1 \
+ libblas-dev \
+ libffi-dev \
+ liblapack-dev \
+ libmbedcrypto7 \
+ libmbedtls14 \
+ libmbedx509-1 \
+ libnuma1 \
+ libnuma-dev \
+ libpcap-dev \
+ libpixman-1-dev \
+ libssl-dev \
+ net-tools \
+ openssh-server \
+ pciutils \
+ python3-all \
+ python3-apt \
+ python3-cffi \
+ python3-cffi-backend \
+ python3-dev \
+ python3-pip \
+ python3-setuptools \
+ python3-virtualenv \
+ qemu-system \
+ rsyslog \
+ socat \
+ software-properties-common \
+ strongswan \
+ ssh \
+ sshpass \
+ sudo \
+ supervisor \
+ tar \
+ tcpdump \
+ unzip \
+ vim \
+ wget \
+ zlib1g-dev \
+ && curl -fsSL https://get.docker.com | sh \
+ && rm -rf /var/lib/apt/lists/*
+
+# Fix permissions
+RUN chown root:syslog /var/log \
+ && chmod 755 /etc/default
+
+# Create directory structure
+RUN mkdir -p /tmp/dumps \
+ && mkdir -p /var/cache/vpp/python \
+ && mkdir -p /var/run/sshd \
+ && mkdir -p /var/log/vpp
+
+# CSIT PIP pre-cache
+RUN pip3 install \
+ ecdsa==0.18.0 \
+ paramiko==2.9.3 \
+ pycrypto==2.6.1 \
+ PyYAML==5.4.1 \
+ requests==2.25.1 \
+ robotframework==5.0.1 \
+ scapy==2.4.5 \
+ scp==0.14.4 \
+ ansible==5.10.0 \
+ ansible-core==2.12.7 \
+ dill==0.3.5.1 \
+ numpy==1.22.4 \
+ scipy==1.8.1 \
+ boto3==1.17.78 \
+ botocore==1.20.78 \
+ hdrhistogram==0.6.1 \
+ pandas==1.4.2 \
+ plotly==4.1.1 \
+ PTable==0.9.2 \
+ Sphinx==3.5.4 \
+ sphinx-rtd-theme==0.5.2 \
+ sphinxcontrib-applehelp==1.0.2 \
+ sphinxcontrib-devhelp==1.0.2 \
+ sphinxcontrib-htmlhelp==2.0.0 \
+ sphinxcontrib-jsmath==1.0.1 \
+ sphinxcontrib-programoutput==0.17 \
+ sphinxcontrib-qthelp==1.0.3 \
+ sphinxcontrib-robotdoc==0.11.0 \
+ sphinxcontrib-serializinghtml==1.1.5 \
+ ply==3.11 \
+ jsonschema==4.1.0 \
+ rfc3339-validator==0.1.4 \
+ rfc3987==1.3.8 \
+ alabaster==0.7.12 \
+ attrs==21.4.0 \
+ Babel==2.10.3 \
+ bcrypt==3.2.2 \
+ certifi==2022.6.15 \
+ cffi==1.15.1 \
+ chardet==4.0.0 \
+ cryptography==36.0.2 \
+ docutils==0.16 \
+ future==0.18.2 \
+ idna==2.10 \
+ imagesize==1.4.1 \
+ Jinja2==3.0.3 \
+ jmespath==0.10.0 \
+ MarkupSafe==2.1.1 \
+ packaging==21.3 \
+ pbr==5.9.0 \
+ pycparser==2.21 \
+ Pygments==2.12.0 \
+ PyNaCl==1.5.0 \
+ pyparsing==3.0.9 \
+ pyrsistent==0.18.1 \
+ python-dateutil==2.8.2 \
+ pytz==2022.1 \
+ resolvelib==0.5.4 \
+ retrying==1.3.3 \
+ s3transfer==0.4.2 \
+ six==1.16.0 \
+ snowballstemmer==2.2.0 \
+ urllib3==1.26.10
+
+RUN useradd -rm -d /home/testuser -s /bin/bash -g root -G sudo -u 1000 testuser \
+ && echo 'testuser:Csit1234' | chpasswd
+
+RUN service ssh start \ No newline at end of file
diff --git a/fdio.infra.ansible/roles/docker_images/files/csit-initialize-docker-sut.service b/fdio.infra.ansible/roles/docker_images/files/csit-initialize-docker-sut.service
new file mode 100644
index 0000000000..431387c95c
--- /dev/null
+++ b/fdio.infra.ansible/roles/docker_images/files/csit-initialize-docker-sut.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=CSIT Initialize Docker SUT
+After=network.target
+
+[Service]
+Type=oneshot
+RemainAfterExit=True
+ExecStart=docker compose -f /opt/csit-docker-images/docker-compose-sut.yaml up --detach
+ExecStop=docker compose -f /opt/csit-docker-images/docker-compose-sut.yaml down
+
+[Install]
+WantedBy=default.target
diff --git a/fdio.infra.ansible/roles/docker_images/files/csit-initialize-docker-tg.service b/fdio.infra.ansible/roles/docker_images/files/csit-initialize-docker-tg.service
new file mode 100644
index 0000000000..2c93724a4c
--- /dev/null
+++ b/fdio.infra.ansible/roles/docker_images/files/csit-initialize-docker-tg.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=CSIT Initialize Docker TG
+After=network.target
+
+[Service]
+Type=oneshot
+RemainAfterExit=True
+ExecStart=docker compose -f /opt/csit-docker-images/docker-compose-tg.yaml up --detach
+ExecStop=docker compose -f /opt/csit-docker-images/docker-compose-tg.yaml down
+
+[Install]
+WantedBy=default.target
diff --git a/fdio.infra.ansible/roles/docker_images/files/csit-initialize-docker-tg.sh b/fdio.infra.ansible/roles/docker_images/files/csit-initialize-docker-tg.sh
new file mode 100755
index 0000000000..0f93def8b5
--- /dev/null
+++ b/fdio.infra.ansible/roles/docker_images/files/csit-initialize-docker-tg.sh
@@ -0,0 +1,43 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+case "${1:-start}" in
+ "start" )
+ # Run TG
+ for cnt in $(seq 1 ${2:-1}); do
+ docker network create --driver bridge csit-nw-tg${cnt} || true
+ # If the IMAGE is not already loaded then docker run will pull the
+ # IMAGE, and all image dependencies, before it starts the container.
+ dcr_image="base-ubuntu2204:local"
+ # Run the container in the background and print the new container
+ # ID.
+ dcr_stc_params="--detach=true "
+ # Give extended privileges to this container. A "privileged"
+ # container is given access to all devices and able to run nested
+ # containers.
+ dcr_stc_params+="--privileged "
+ # Publish all exposed ports to random ports on the host interfaces.
+ dcr_stc_params+="--publish 600${cnt}:2222 "
+ # Automatically remove the container when it exits.
+ dcr_stc_params+="--rm "
+ # Size of /dev/shm.
+ dcr_stc_params+="--shm-size 4G "
+ # Mount vfio to be able to bind to see binded interfaces. We cannot
+ # use --device=/dev/vfio as this does not see newly binded
+ # interfaces.
+ dcr_stc_params+="--volume /dev:/dev "
+ # Mount /opt/boot/ where VM kernel and initrd are located.
+ dcr_stc_params+="--volume /opt:/opt "
+ # Mount host hugepages for VMs.
+ dcr_stc_params+="--volume /dev/hugepages:/dev/hugepages "
+
+ params=(${dcr_stc_params} --name csit-tg-"${cnt}" "${dcr_image}")
+ docker run --network=csit-nw-tg${cnt} "${params[@]}"
+ done
+ ;;
+ "stop" )
+ docker rm --force $(docker ps --all --quiet --filter name=csit)
+ docker network rm $(docker network ls --filter name=csit --quiet)
+ ;;
+esac
diff --git a/fdio.infra.ansible/roles/docker_images/files/csit-sut/Dockerfile b/fdio.infra.ansible/roles/docker_images/files/csit-sut/Dockerfile
new file mode 100644
index 0000000000..26463db449
--- /dev/null
+++ b/fdio.infra.ansible/roles/docker_images/files/csit-sut/Dockerfile
@@ -0,0 +1,5 @@
+FROM base-ubuntu2204:local
+
+COPY supervisord.conf /etc/supervisor/supervisord.conf
+
+CMD ["sh", "-c", "rm -f /dev/shm/db /dev/shm/global_vm /dev/shm/vpe-api; /usr/bin/supervisord -c /etc/supervisor/supervisord.conf; /usr/sbin/sshd -D -p 2222"] \ No newline at end of file
diff --git a/fdio.infra.ansible/roles/docker_images/files/csit-sut/supervisord.conf b/fdio.infra.ansible/roles/docker_images/files/csit-sut/supervisord.conf
new file mode 100644
index 0000000000..22a36be5c6
--- /dev/null
+++ b/fdio.infra.ansible/roles/docker_images/files/csit-sut/supervisord.conf
@@ -0,0 +1,24 @@
+[unix_http_server]
+file = /tmp/supervisor.sock
+chmod = 0777
+
+[rpcinterface:supervisor]
+supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
+
+[supervisorctl]
+serverurl = unix:///tmp/supervisor.sock
+
+[supervisord]
+pidfile = /tmp/supervisord.pid
+identifier = supervisor
+directory = /tmp
+logfile = /tmp/supervisord.log
+loglevel = debug
+nodaemon = false
+
+[program:vpp]
+command = /usr/bin/vpp -c /etc/vpp/startup.conf
+autostart = false
+autorestart = true
+redirect_stderr = true
+priority = 1 \ No newline at end of file
diff --git a/fdio.infra.ansible/roles/docker_images/handlers/main.yaml b/fdio.infra.ansible/roles/docker_images/handlers/main.yaml
new file mode 100644
index 0000000000..766eec432a
--- /dev/null
+++ b/fdio.infra.ansible/roles/docker_images/handlers/main.yaml
@@ -0,0 +1,18 @@
+---
+# file: handlers/main.yaml
+
+- name: "Start csit-initialize-docker-sut.service"
+ ansible.builtin.systemd:
+ enabled: true
+ state: "started"
+ name: "csit-initialize-docker-sut.service"
+ tags:
+ - docker-sut
+
+- name: "Start csit-initialize-docker-tg.service"
+ ansible.builtin.systemd:
+ enabled: true
+ state: "started"
+ name: "csit-initialize-docker-tg.service"
+ tags:
+ - docker-tg \ No newline at end of file
diff --git a/fdio.infra.ansible/roles/docker_images/tasks/base.yaml b/fdio.infra.ansible/roles/docker_images/tasks/base.yaml
new file mode 100644
index 0000000000..69b3f6217d
--- /dev/null
+++ b/fdio.infra.ansible/roles/docker_images/tasks/base.yaml
@@ -0,0 +1,63 @@
+---
+# file: tasks/base.yaml
+
+- name: "Create a Directory For Docker Images"
+ ansible.builtin.file:
+ path: "/opt/csit-docker-images/"
+ state: "directory"
+ mode: 0755
+ tags:
+ - docker-base
+
+- name: "Copy Build Items"
+ ansible.builtin.copy:
+ src: "{{ item }}"
+ dest: "/opt/csit-docker-images/{{ item }}"
+ owner: "root"
+ group: "root"
+ mode: 0755
+ with_items:
+ - "base/"
+ - "csit-sut/"
+ tags:
+ - docker-base
+
+- name: "Build CSIT Base Docker Image"
+ ansible.builtin.shell: "docker build -t base-ubuntu2204:local ."
+ args:
+ chdir: "/opt/csit-docker-images/base"
+ async: 3000
+ poll: 0
+ register: "docker_built"
+ tags:
+ - docker-base
+
+- name: "Check if CSIT Base Docker Image is Built"
+ async_status:
+ jid: "{{ docker_built.ansible_job_id }}"
+ register: "docker_built"
+ until: "docker_built.finished"
+ delay: 10
+ retries: 300
+ tags:
+ - docker-base
+
+- name: "Build CSIT OLD Docker Image"
+ ansible.builtin.shell: "docker build -t csit_sut-ubuntu2204:local ."
+ args:
+ chdir: "/opt/csit-docker-images/csit-sut"
+ async: 3000
+ poll: 0
+ register: "docker_built"
+ tags:
+ - docker-base
+
+- name: "Check if CSIT OLD Docker Image is Built"
+ async_status:
+ jid: "{{ docker_built.ansible_job_id }}"
+ register: "docker_built"
+ until: "docker_built.finished"
+ delay: 10
+ retries: 300
+ tags:
+ - docker-base \ No newline at end of file
diff --git a/fdio.infra.ansible/roles/docker_images/tasks/main.yaml b/fdio.infra.ansible/roles/docker_images/tasks/main.yaml
new file mode 100644
index 0000000000..1005e024f2
--- /dev/null
+++ b/fdio.infra.ansible/roles/docker_images/tasks/main.yaml
@@ -0,0 +1,21 @@
+---
+# file: tasks/main.yaml
+
+- name: "Build Base Docker Images"
+ import_tasks: "base.yaml"
+ tags:
+ - docker-base
+
+- name: "Docker Orchestration for TG"
+ import_tasks: "tg.yaml"
+ when: >
+ docker_tg is defined
+ tags:
+ - docker-tg
+
+- name: "Docker Orchestration for SUT"
+ import_tasks: "sut.yaml"
+ when: >
+ docker_sut is defined
+ tags:
+ - docker-sut \ No newline at end of file
diff --git a/fdio.infra.ansible/roles/docker_images/tasks/sut.yaml b/fdio.infra.ansible/roles/docker_images/tasks/sut.yaml
new file mode 100644
index 0000000000..8ac179573d
--- /dev/null
+++ b/fdio.infra.ansible/roles/docker_images/tasks/sut.yaml
@@ -0,0 +1,28 @@
+---
+# file: tasks/sut.yaml
+
+- name: "Template Compose File"
+ ansible.builtin.template:
+ src: "{{ item }}.j2"
+ dest: "/opt/csit-docker-images/{{ item }}"
+ owner: "root"
+ group: "root"
+ mode: 0755
+ with_items:
+ - "docker-compose-sut.yaml"
+ tags:
+ - docker-sut
+
+- name: "Copy csit-initialize-docker-sut.service"
+ ansible.builtin.copy:
+ src: "files/csit-initialize-docker-sut.service"
+ dest: "/etc/systemd/system/"
+ owner: "root"
+ group: "root"
+ mode: 0644
+ notify:
+ - "Start csit-initialize-docker-sut.service"
+ tags:
+ - docker-sut
+
+- meta: flush_handlers \ No newline at end of file
diff --git a/fdio.infra.ansible/roles/docker_images/tasks/tg.yaml b/fdio.infra.ansible/roles/docker_images/tasks/tg.yaml
new file mode 100644
index 0000000000..0623616073
--- /dev/null
+++ b/fdio.infra.ansible/roles/docker_images/tasks/tg.yaml
@@ -0,0 +1,28 @@
+---
+# file: tasks/tg.yaml
+
+- name: "Template Compose File"
+ ansible.builtin.template:
+ src: "{{ item }}.j2"
+ dest: "/opt/csit-docker-images/{{ item }}"
+ owner: "root"
+ group: "root"
+ mode: 0755
+ with_items:
+ - "docker-compose-tg.yaml"
+ tags:
+ - docker-tg
+
+- name: "Start csit-initialize-docker-tg.service"
+ ansible.builtin.copy:
+ src: "files/csit-initialize-docker-tg.service"
+ dest: "/etc/systemd/system/"
+ owner: "root"
+ group: "root"
+ mode: 0644
+ notify:
+ - "Start csit-initialize-docker-tg.service"
+ tags:
+ - docker-tg
+
+- meta: flush_handlers \ No newline at end of file
diff --git a/fdio.infra.ansible/roles/docker_images/templates/docker-compose-sut.yaml.j2 b/fdio.infra.ansible/roles/docker_images/templates/docker-compose-sut.yaml.j2
new file mode 100644
index 0000000000..bcb29f1ae0
--- /dev/null
+++ b/fdio.infra.ansible/roles/docker_images/templates/docker-compose-sut.yaml.j2
@@ -0,0 +1,64 @@
+version: "3"
+services:
+ numa-0:
+ build:
+ context: "base/"
+ dockerfile: "Dockerfile"
+ command: ["/usr/sbin/sshd","-D", "-p", "6001"]
+ expose:
+ - "6001"
+ hostname: "{{ ansible_hostname[:-1] }}1"
+ network_mode: "host"
+ privileged: true
+ restart: "always"
+ shm_size: "4G"
+ devices:
+ - "/dev/hugepages:/dev/hugepages"
+ - "/dev/vfio:/dev/vfio"
+ volumes:
+ - type: "bind"
+ source: "/etc/sudoers"
+ target: "/etc/sudoers"
+ - type: "bind"
+ source: "/dev/null"
+ target: "/etc/sysctl.d/80-vpp.conf"
+ - type: "bind"
+ source: "/opt/boot/"
+ target: "/opt/boot/"
+ - type: "bind"
+ source: "/var/run/docker.sock"
+ target: "/var/run/docker.sock"
+ - type: "bind"
+ source: "/usr/lib/firmware/"
+ target: "/usr/lib/firmware/"
+ numa-1:
+ build:
+ context: "base/"
+ dockerfile: "Dockerfile"
+ command: ["/usr/sbin/sshd","-D", "-p", "6002"]
+ expose:
+ - "6002"
+ hostname: "{{ ansible_hostname[:-1] }}2"
+ network_mode: "host"
+ privileged: true
+ restart: "always"
+ shm_size: "4G"
+ devices:
+ - "/dev/hugepages:/dev/hugepages"
+ - "/dev/vfio:/dev/vfio"
+ volumes:
+ - type: "bind"
+ source: "/etc/sudoers"
+ target: "/etc/sudoers"
+ - type: "bind"
+ source: "/dev/null"
+ target: "/etc/sysctl.d/80-vpp.conf"
+ - type: "bind"
+ source: "/opt/boot/"
+ target: "/opt/boot/"
+ - type: "bind"
+ source: "/var/run/docker.sock"
+ target: "/var/run/docker.sock"
+ - type: "bind"
+ source: "/usr/lib/firmware/"
+ target: "/usr/lib/firmware/" \ No newline at end of file
diff --git a/fdio.infra.ansible/roles/docker_images/templates/docker-compose-tg.yaml.j2 b/fdio.infra.ansible/roles/docker_images/templates/docker-compose-tg.yaml.j2
new file mode 100644
index 0000000000..0cbe6c5590
--- /dev/null
+++ b/fdio.infra.ansible/roles/docker_images/templates/docker-compose-tg.yaml.j2
@@ -0,0 +1,61 @@
+version: "3"
+services:
+ tg-0:
+ build:
+ context: "base/"
+ dockerfile: "Dockerfile"
+ command: ["/usr/sbin/sshd","-D", "-p", "6001"]
+ expose:
+ - "6001"
+ hostname: "{{ ansible_hostname }}"
+ networks:
+ tg-nw-0:
+ privileged: true
+ ports:
+ - "6001:6001"
+ restart: "always"
+ shm_size: "4G"
+ devices:
+ - "/dev/hugepages:/dev/hugepages"
+ - "/dev/vfio:/dev/vfio"
+ volumes:
+ - type: "bind"
+ source: "/etc/sudoers"
+ target: "/etc/sudoers"
+ - type: "bind"
+ source: "/opt/"
+ target: "/opt/"
+ - type: "bind"
+ source: "/usr/lib/firmware/"
+ target: "/usr/lib/firmware/"
+ tg-1:
+ build:
+ context: "base/"
+ dockerfile: "Dockerfile"
+ command: ["/usr/sbin/sshd","-D", "-p", "6002"]
+ expose:
+ - "6002"
+ hostname: "{{ ansible_hostname }}"
+ networks:
+ tg-nw-1:
+ privileged: true
+ ports:
+ - "6002:6002"
+ restart: "always"
+ shm_size: "4G"
+ devices:
+ - "/dev/hugepages:/dev/hugepages"
+ - "/dev/vfio:/dev/vfio"
+ volumes:
+ - type: "bind"
+ source: "/etc/sudoers"
+ target: "/etc/sudoers"
+ - type: "bind"
+ source: "/opt/"
+ target: "/opt/"
+ - type: "bind"
+ source: "/usr/lib/firmware/"
+ target: "/usr/lib/firmware/"
+networks:
+ tg-nw-0:
+ tg-nw-1: \ No newline at end of file