feat(ansible): Refactor docker-image roles

Signed-off-by: pmikus <peter.mikus@protonmail.ch> Change-Id: I6731e55b9643f46463c16f68e4986e3cb61f843f
author: pmikus <peter.mikus@protonmail.ch> 2023-04-28 11:27:25 +0000
committer: pmikus <peter.mikus@protonmail.ch> 2023-04-28 11:27:25 +0000
commit: d14b7a69e628582b9132abc1b6e09aada68c0077 (patch)
tree: 4ac651bd5240093f82580656bf5a95639c976fa3 /fdio.infra.ansible/roles
parent: f451c7a50bc663a6727f01873b8663bfa9ae22e1 (diff)
17 files changed, 319 insertions, 138 deletions
diff --git a/fdio.infra.ansible/roles/csit_sut_image/tasks/main.yaml b/fdio.infra.ansible/roles/csit_sut_image/tasks/main.yaml
deleted file mode 100644
index f0a93c06ee..0000000000
--- a/fdio.infra.ansible/roles/csit_sut_image/tasks/main.yaml
+++ /dev/null
@@ -1,43 +0,0 @@
----
-# file: roles/csit_sut_image/tasks/main.yaml
-
-- name: Create a directory if it does not exist
-  ansible.builtin.file:
-    path: "/opt/csit-sut/"
-    state: "directory"
-    mode: 0755
-  tags:
-    - csit-sut-image
-
-- name: Copy Build Items
-  ansible.builtin.copy:
-    src: "{{ item }}"
-    dest: "/opt/csit-sut/"
-    owner: "root"
-    group: "root"
-    mode: 0755
-  with_items:
-    - Dockerfile
-    - supervisord.conf
-  tags:
-    - csit-sut-image
-
-- name: Build CSIT SUT Docker Image
-  ansible.builtin.shell: "docker build -t csit_sut-ubuntu2204:local ."
-  args:
-    chdir: "/opt/csit-sut"
-  async: 3000
-  poll: 0
-  register: docker_built
-  tags:
-    - csit-sut-image
-
-- name: Check if CSIT SUT Docker Image is Built
-  async_status:
-    jid: "{{ docker_built.ansible_job_id }}"
-  register: docker_built
-  until: docker_built.finished
-  delay: 10
-  retries: 300
-  tags:
-    - csit-sut-image
-\ No newline at end of file
diff --git a/fdio.infra.ansible/roles/csit_sut_image/files/Dockerfile b/fdio.infra.ansible/roles/docker_images/files/base/Dockerfile
index 1f72df8205..0a17bf6404 100644
--- a/fdio.infra.ansible/roles/csit_sut_image/files/Dockerfile
+++ b/fdio.infra.ansible/roles/docker_images/files/base/Dockerfile
@@ -1,19 +1,4 @@
-# Copyright (c) 2022 Cisco and/or its affiliates.
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at:
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
 FROM ubuntu:22.04
-LABEL Description="CSIT vpp-device ubuntu 22.04 SUT image"
-LABEL Version="master"
 
 # Setup the environment
 ENV DEBIAN_FRONTEND=noninteractive
@@ -37,6 +22,7 @@ RUN apt-get -q update \
         apt-transport-https \
         bridge-utils \
         ca-certificates \
+        cgroup-tools \
         cloud-init \
         cmake \
         curl \
@@ -55,7 +41,6 @@ RUN apt-get -q update \
         libpcap-dev \
         libpixman-1-dev \
         libssl-dev \
-        locales \
         net-tools \
         openssh-server \
         pciutils \
@@ -92,7 +77,8 @@ RUN chown root:syslog /var/log \
 # Create directory structure
 RUN mkdir -p /tmp/dumps \
  && mkdir -p /var/cache/vpp/python \
- && mkdir -p /var/run/sshd
+ && mkdir -p /var/run/sshd \
+ && mkdir -p /var/log/vpp
 
 # CSIT PIP pre-cache
 RUN pip3 install \
@@ -160,14 +146,7 @@ RUN pip3 install \
         snowballstemmer==2.2.0 \
         urllib3==1.26.10
 
-# SSH settings
-RUN echo 'root:Csit1234' | chpasswd \
- && sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config \
- && sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd \
- && echo "export VISIBLE=now" >> /etc/profile
-
-EXPOSE 2222
-
-COPY supervisord.conf /etc/supervisor/supervisord.conf
+RUN useradd -rm -d /home/testuser -s /bin/bash -g root -G sudo -u 1000 testuser \
+ && echo 'testuser:Csit1234' | chpasswd
 
-CMD ["sh", "-c", "rm -f /dev/shm/db /dev/shm/global_vm /dev/shm/vpe-api; /usr/bin/supervisord -c /etc/supervisor/supervisord.conf; /usr/sbin/sshd -D -p 2222"]
-\ No newline at end of file
+RUN service ssh start
+\ No newline at end of file
diff --git a/fdio.infra.ansible/roles/docker_images/files/csit-initialize-docker-sut.service b/fdio.infra.ansible/roles/docker_images/files/csit-initialize-docker-sut.service
new file mode 100644
index 0000000000..431387c95c
--- /dev/null
+++ b/fdio.infra.ansible/roles/docker_images/files/csit-initialize-docker-sut.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=CSIT Initialize Docker SUT
+After=network.target
+
+[Service]
+Type=oneshot
+RemainAfterExit=True
+ExecStart=docker compose -f /opt/csit-docker-images/docker-compose-sut.yaml up --detach
+ExecStop=docker compose -f /opt/csit-docker-images/docker-compose-sut.yaml down
+
+[Install]
+WantedBy=default.target
diff --git a/fdio.infra.ansible/roles/docker_images/files/csit-initialize-docker-tg.service b/fdio.infra.ansible/roles/docker_images/files/csit-initialize-docker-tg.service
new file mode 100644
index 0000000000..2c93724a4c
--- /dev/null
+++ b/fdio.infra.ansible/roles/docker_images/files/csit-initialize-docker-tg.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=CSIT Initialize Docker TG
+After=network.target
+
+[Service]
+Type=oneshot
+RemainAfterExit=True
+ExecStart=docker compose -f /opt/csit-docker-images/docker-compose-tg.yaml up --detach
+ExecStop=docker compose -f /opt/csit-docker-images/docker-compose-tg.yaml down
+
+[Install]
+WantedBy=default.target
diff --git a/fdio.infra.ansible/roles/tg/files/csit-initialize-docker-tg.sh b/fdio.infra.ansible/roles/docker_images/files/csit-initialize-docker-tg.sh
index 7776b4488d..0f93def8b5 100755
--- a/fdio.infra.ansible/roles/tg/files/csit-initialize-docker-tg.sh
+++ b/fdio.infra.ansible/roles/docker_images/files/csit-initialize-docker-tg.sh
@@ -1,20 +1,5 @@
 #!/usr/bin/env bash
 
-# Copyright (c) 2021 Cisco and/or its affiliates.
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at:
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# CSIT SRIOV VF initialization and isolation.
-
 set -euo pipefail
 
 case "${1:-start}" in
@@ -24,7 +9,7 @@ case "${1:-start}" in
             docker network create --driver bridge csit-nw-tg${cnt} || true
             # If the IMAGE is not already loaded then docker run will pull the
             # IMAGE, and all image dependencies, before it starts the container.
-            dcr_image="csit_sut-ubuntu2204:local"
+            dcr_image="base-ubuntu2204:local"
             # Run the container in the background and print the new container
             # ID.
             dcr_stc_params="--detach=true "
diff --git a/fdio.infra.ansible/roles/docker_images/files/csit-sut/Dockerfile b/fdio.infra.ansible/roles/docker_images/files/csit-sut/Dockerfile
new file mode 100644
index 0000000000..26463db449
--- /dev/null
+++ b/fdio.infra.ansible/roles/docker_images/files/csit-sut/Dockerfile
@@ -0,0 +1,5 @@
+FROM base-ubuntu2204:local
+
+COPY supervisord.conf /etc/supervisor/supervisord.conf
+
+CMD ["sh", "-c", "rm -f /dev/shm/db /dev/shm/global_vm /dev/shm/vpe-api; /usr/bin/supervisord -c /etc/supervisor/supervisord.conf; /usr/sbin/sshd -D -p 2222"]
+\ No newline at end of file
diff --git a/fdio.infra.ansible/roles/csit_sut_image/files/supervisord.conf b/fdio.infra.ansible/roles/docker_images/files/csit-sut/supervisord.conf
index 22a36be5c6..22a36be5c6 100644
--- a/fdio.infra.ansible/roles/csit_sut_image/files/supervisord.conf
+++ b/fdio.infra.ansible/roles/docker_images/files/csit-sut/supervisord.conf
diff --git a/fdio.infra.ansible/roles/docker_images/handlers/main.yaml b/fdio.infra.ansible/roles/docker_images/handlers/main.yaml
new file mode 100644
index 0000000000..766eec432a
--- /dev/null
+++ b/fdio.infra.ansible/roles/docker_images/handlers/main.yaml
@@ -0,0 +1,18 @@
+---
+# file: handlers/main.yaml
+
+- name: "Start csit-initialize-docker-sut.service"
+  ansible.builtin.systemd:
+    enabled: true
+    state: "started"
+    name: "csit-initialize-docker-sut.service"
+  tags:
+    - docker-sut
+
+- name: "Start csit-initialize-docker-tg.service"
+  ansible.builtin.systemd:
+    enabled: true
+    state: "started"
+    name: "csit-initialize-docker-tg.service"
+  tags:
+    - docker-tg
+\ No newline at end of file
diff --git a/fdio.infra.ansible/roles/docker_images/tasks/base.yaml b/fdio.infra.ansible/roles/docker_images/tasks/base.yaml
new file mode 100644
index 0000000000..69b3f6217d
--- /dev/null
+++ b/fdio.infra.ansible/roles/docker_images/tasks/base.yaml
@@ -0,0 +1,63 @@
+---
+# file: tasks/base.yaml
+
+- name: "Create a Directory For Docker Images"
+  ansible.builtin.file:
+    path: "/opt/csit-docker-images/"
+    state: "directory"
+    mode: 0755
+  tags:
+    - docker-base
+
+- name: "Copy Build Items"
+  ansible.builtin.copy:
+    src: "{{ item }}"
+    dest: "/opt/csit-docker-images/{{ item }}"
+    owner: "root"
+    group: "root"
+    mode: 0755
+  with_items:
+    - "base/"
+    - "csit-sut/"
+  tags:
+    - docker-base
+
+- name: "Build CSIT Base Docker Image"
+  ansible.builtin.shell: "docker build -t base-ubuntu2204:local ."
+  args:
+    chdir: "/opt/csit-docker-images/base"
+  async: 3000
+  poll: 0
+  register: "docker_built"
+  tags:
+    - docker-base
+
+- name: "Check if CSIT Base Docker Image is Built"
+  async_status:
+    jid: "{{ docker_built.ansible_job_id }}"
+  register: "docker_built"
+  until: "docker_built.finished"
+  delay: 10
+  retries: 300
+  tags:
+    - docker-base
+
+- name: "Build CSIT OLD Docker Image"
+  ansible.builtin.shell: "docker build -t csit_sut-ubuntu2204:local ."
+  args:
+    chdir: "/opt/csit-docker-images/csit-sut"
+  async: 3000
+  poll: 0
+  register: "docker_built"
+  tags:
+    - docker-base
+
+- name: "Check if CSIT OLD Docker Image is Built"
+  async_status:
+    jid: "{{ docker_built.ansible_job_id }}"
+  register: "docker_built"
+  until: "docker_built.finished"
+  delay: 10
+  retries: 300
+  tags:
+    - docker-base
+\ No newline at end of file
diff --git a/fdio.infra.ansible/roles/docker_images/tasks/main.yaml b/fdio.infra.ansible/roles/docker_images/tasks/main.yaml
new file mode 100644
index 0000000000..1005e024f2
--- /dev/null
+++ b/fdio.infra.ansible/roles/docker_images/tasks/main.yaml
@@ -0,0 +1,21 @@
+---
+# file: tasks/main.yaml
+
+- name: "Build Base Docker Images"
+  import_tasks: "base.yaml"
+  tags:
+    - docker-base
+
+- name: "Docker Orchestration for TG"
+  import_tasks: "tg.yaml"
+  when: >
+    docker_tg is defined
+  tags:
+    - docker-tg
+
+- name: "Docker Orchestration for SUT"
+  import_tasks: "sut.yaml"
+  when: >
+    docker_sut is defined
+  tags:
+    - docker-sut
+\ No newline at end of file
diff --git a/fdio.infra.ansible/roles/docker_images/tasks/sut.yaml b/fdio.infra.ansible/roles/docker_images/tasks/sut.yaml
new file mode 100644
index 0000000000..8ac179573d
--- /dev/null
+++ b/fdio.infra.ansible/roles/docker_images/tasks/sut.yaml
@@ -0,0 +1,28 @@
+---
+# file: tasks/sut.yaml
+
+- name: "Template Compose File"
+  ansible.builtin.template:
+    src: "{{ item }}.j2"
+    dest: "/opt/csit-docker-images/{{ item }}"
+    owner: "root"
+    group: "root"
+    mode: 0755
+  with_items:
+    - "docker-compose-sut.yaml"
+  tags:
+    - docker-sut
+
+- name: "Copy csit-initialize-docker-sut.service"
+  ansible.builtin.copy:
+    src: "files/csit-initialize-docker-sut.service"
+    dest: "/etc/systemd/system/"
+    owner: "root"
+    group: "root"
+    mode: 0644
+  notify:
+    - "Start csit-initialize-docker-sut.service"
+  tags:
+    - docker-sut
+
+- meta: flush_handlers
+\ No newline at end of file
diff --git a/fdio.infra.ansible/roles/docker_images/tasks/tg.yaml b/fdio.infra.ansible/roles/docker_images/tasks/tg.yaml
new file mode 100644
index 0000000000..0623616073
--- /dev/null
+++ b/fdio.infra.ansible/roles/docker_images/tasks/tg.yaml
@@ -0,0 +1,28 @@
+---
+# file: tasks/tg.yaml
+
+- name: "Template Compose File"
+  ansible.builtin.template:
+    src: "{{ item }}.j2"
+    dest: "/opt/csit-docker-images/{{ item }}"
+    owner: "root"
+    group: "root"
+    mode: 0755
+  with_items:
+    - "docker-compose-tg.yaml"
+  tags:
+    - docker-tg
+
+- name: "Start csit-initialize-docker-tg.service"
+  ansible.builtin.copy:
+    src: "files/csit-initialize-docker-tg.service"
+    dest: "/etc/systemd/system/"
+    owner: "root"
+    group: "root"
+    mode: 0644
+  notify:
+    - "Start csit-initialize-docker-tg.service"
+  tags:
+    - docker-tg
+
+- meta: flush_handlers
+\ No newline at end of file
diff --git a/fdio.infra.ansible/roles/docker_images/templates/docker-compose-sut.yaml.j2 b/fdio.infra.ansible/roles/docker_images/templates/docker-compose-sut.yaml.j2
new file mode 100644
index 0000000000..bcb29f1ae0
--- /dev/null
+++ b/fdio.infra.ansible/roles/docker_images/templates/docker-compose-sut.yaml.j2
@@ -0,0 +1,64 @@
+version: "3"
+services:
+  numa-0:
+    build:
+      context: "base/"
+      dockerfile: "Dockerfile"
+    command: ["/usr/sbin/sshd","-D", "-p", "6001"]
+    expose:
+      - "6001"
+    hostname: "{{ ansible_hostname[:-1] }}1"
+    network_mode: "host"
+    privileged: true
+    restart: "always"
+    shm_size: "4G"
+    devices:
+      - "/dev/hugepages:/dev/hugepages"
+      - "/dev/vfio:/dev/vfio"
+    volumes:
+      - type: "bind"
+        source: "/etc/sudoers"
+        target: "/etc/sudoers"
+      - type: "bind"
+        source: "/dev/null"
+        target: "/etc/sysctl.d/80-vpp.conf"
+      - type: "bind"
+        source: "/opt/boot/"
+        target: "/opt/boot/"
+      - type: "bind"
+        source: "/var/run/docker.sock"
+        target: "/var/run/docker.sock"
+      - type: "bind"
+        source: "/usr/lib/firmware/"
+        target: "/usr/lib/firmware/"
+  numa-1:
+    build:
+      context: "base/"
+      dockerfile: "Dockerfile"
+    command: ["/usr/sbin/sshd","-D", "-p", "6002"]
+    expose:
+      - "6002"
+    hostname: "{{ ansible_hostname[:-1] }}2"
+    network_mode: "host"
+    privileged: true
+    restart: "always"
+    shm_size: "4G"
+    devices:
+      - "/dev/hugepages:/dev/hugepages"
+      - "/dev/vfio:/dev/vfio"
+    volumes:
+      - type: "bind"
+        source: "/etc/sudoers"
+        target: "/etc/sudoers"
+      - type: "bind"
+        source: "/dev/null"
+        target: "/etc/sysctl.d/80-vpp.conf"
+      - type: "bind"
+        source: "/opt/boot/"
+        target: "/opt/boot/"
+      - type: "bind"
+        source: "/var/run/docker.sock"
+        target: "/var/run/docker.sock"
+      - type: "bind"
+        source: "/usr/lib/firmware/"
+        target: "/usr/lib/firmware/"
+\ No newline at end of file
diff --git a/fdio.infra.ansible/roles/docker_images/templates/docker-compose-tg.yaml.j2 b/fdio.infra.ansible/roles/docker_images/templates/docker-compose-tg.yaml.j2
new file mode 100644
index 0000000000..0cbe6c5590
--- /dev/null
+++ b/fdio.infra.ansible/roles/docker_images/templates/docker-compose-tg.yaml.j2
@@ -0,0 +1,61 @@
+version: "3"
+services:
+  tg-0:
+    build:
+      context: "base/"
+      dockerfile: "Dockerfile"
+    command: ["/usr/sbin/sshd","-D", "-p", "6001"]
+    expose:
+      - "6001"
+    hostname: "{{ ansible_hostname }}"
+    networks:
+      tg-nw-0:
+    privileged: true
+    ports:
+      - "6001:6001"
+    restart: "always"
+    shm_size: "4G"
+    devices:
+      - "/dev/hugepages:/dev/hugepages"
+      - "/dev/vfio:/dev/vfio"
+    volumes:
+      - type: "bind"
+        source: "/etc/sudoers"
+        target: "/etc/sudoers"
+      - type: "bind"
+        source: "/opt/"
+        target: "/opt/"
+      - type: "bind"
+        source: "/usr/lib/firmware/"
+        target: "/usr/lib/firmware/"
+  tg-1:
+    build:
+      context: "base/"
+      dockerfile: "Dockerfile"
+    command: ["/usr/sbin/sshd","-D", "-p", "6002"]
+    expose:
+      - "6002"
+    hostname: "{{ ansible_hostname }}"
+    networks:
+      tg-nw-1:
+    privileged: true
+    ports:
+      - "6002:6002"
+    restart: "always"
+    shm_size: "4G"
+    devices:
+      - "/dev/hugepages:/dev/hugepages"
+      - "/dev/vfio:/dev/vfio"
+    volumes:
+      - type: "bind"
+        source: "/etc/sudoers"
+        target: "/etc/sudoers"
+      - type: "bind"
+        source: "/opt/"
+        target: "/opt/"
+      - type: "bind"
+        source: "/usr/lib/firmware/"
+        target: "/usr/lib/firmware/"
+networks:
+  tg-nw-0:
+  tg-nw-1:
+\ No newline at end of file
diff --git a/fdio.infra.ansible/roles/tg/files/csit-initialize-docker-tg.service b/fdio.infra.ansible/roles/tg/files/csit-initialize-docker-tg.service
deleted file mode 100644
index 11911201d5..0000000000
--- a/fdio.infra.ansible/roles/tg/files/csit-initialize-docker-tg.service
+++ /dev/null
@@ -1,12 +0,0 @@
-[Unit]
-Description=CSIT Initialize Docker TG
-After=network.target
-
-[Service]
-Type=oneshot
-RemainAfterExit=True
-ExecStart=/usr/local/bin/csit-initialize-docker-tg.sh start 2
-ExecStop=/usr/local/bin/csit-initialize-docker-tg.sh stop
-
-[Install]
-WantedBy=default.target
diff --git a/fdio.infra.ansible/roles/tg/handlers/main.yaml b/fdio.infra.ansible/roles/tg/handlers/main.yaml
deleted file mode 100644
index 7edd60dc5b..0000000000
--- a/fdio.infra.ansible/roles/tg/handlers/main.yaml
+++ /dev/null
@@ -1,10 +0,0 @@
----
-# file: roles/tg/handlers/main.yaml
-
-- name: Start csit-initialize-docker-tg.service
-  ansible.builtin.systemd:
-    enabled: true
-    state: "started"
-    name: "csit-initialize-docker-tg.service"
-  tags:
-    - docker-tg
diff --git a/fdio.infra.ansible/roles/tg/tasks/main.yaml b/fdio.infra.ansible/roles/tg/tasks/main.yaml
deleted file mode 100644
index 1893fb4a93..0000000000
--- a/fdio.infra.ansible/roles/tg/tasks/main.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
----
-# file: roles/tg/tasks/main.yaml
-
-- name: Conf - csit-initialize-docker-tg.sh
-  ansible.builtin.copy:
-    src: "files/csit-initialize-docker-tg.sh"
-    dest: "/usr/local/bin/csit-initialize-docker-tg.sh"
-    owner: "root"
-    group: "root"
-    mode: 0744
-  when:
-    - docker_tg is defined
-  tags:
-    - tg-conf-docker
-
-- name: Conf - Start csit-initialize-docker-tg.service
-  ansible.builtin.copy:
-    src: "files/csit-initialize-docker-tg.service"
-    dest: "/etc/systemd/system/"
-    owner: "root"
-    group: "root"
-    mode: 0644
-  notify:
-    - "Start csit-initialize-docker-tg.service"
-  when:
-    - docker_tg is defined
-  tags:
-    - tg-conf-docker
-
-- meta: flush_handlers
author	pmikus <peter.mikus@protonmail.ch>	2023-04-28 11:27:25 +0000
committer	pmikus <peter.mikus@protonmail.ch>	2023-04-28 11:27:25 +0000
commit	d14b7a69e628582b9132abc1b6e09aada68c0077 (patch)
tree	4ac651bd5240093f82580656bf5a95639c976fa3 /fdio.infra.ansible/roles
parent	f451c7a50bc663a6727f01873b8663bfa9ae22e1 (diff)