diff options
Diffstat (limited to 'resources/tools/testbed-setup/ansible/roles')
8 files changed, 45 insertions, 266 deletions
diff --git a/resources/tools/testbed-setup/ansible/roles/csit_shim_image/files/Dockerfile b/resources/tools/testbed-setup/ansible/roles/csit_shim_image/files/Dockerfile deleted file mode 100644 index 2b2e1eae55..0000000000 --- a/resources/tools/testbed-setup/ansible/roles/csit_shim_image/files/Dockerfile +++ /dev/null @@ -1,61 +0,0 @@ -# Copyright (c) 2020 Cisco and/or its affiliates. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at: -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -FROM ubuntu:18.04 -LABEL Description="CSIT vpp-device ubuntu 18.04 shim image" -LABEL Version="master" - -# Setup the environment -ENV DEBIAN_FRONTEND=noninteractive -ENV NOTVISIBLE "in users profile" -RUN echo "export VISIBLE=now" >> /etc/profile - -ADD files/wrapdocker /usr/local/bin/wrapdocker -RUN chmod +x /usr/local/bin/wrapdocker - -# Install packages and Docker -RUN apt-get -q update \ - && apt-get install -y -qq \ - bash \ - curl \ - iproute2 \ - locales \ - ssh \ - sudo \ - tzdata \ - uuid-runtime \ - && curl -fsSL https://get.docker.com | sh \ - && rm -rf /var/lib/apt/lists/* - -# Configure locales -RUN locale-gen en_US - -RUN mkdir /var/run/sshd -RUN echo 'root:Csit1234' | chpasswd -RUN sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config - -# SSH login fix. Otherwise user is kicked off after login -RUN sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd - -# Need volume for sidecar docker launches -VOLUME /var/lib/docker - -# SSH to listen on port 6022 in shim -RUN echo 'Port 6022' >>/etc/ssh/sshd_config -RUN echo 'Port 6023' >>/etc/ssh/sshd_config -ADD files/badkeypub /root/.ssh/authorized_keys -ADD files/sshconfig /root/.ssh/config - -# Start sshd by default -EXPOSE 22 -CMD ["/usr/sbin/sshd", "-D"]
\ No newline at end of file diff --git a/resources/tools/testbed-setup/ansible/roles/csit_shim_image/files/files/badkeypub b/resources/tools/testbed-setup/ansible/roles/csit_shim_image/files/files/badkeypub deleted file mode 100644 index 4530b66b05..0000000000 --- a/resources/tools/testbed-setup/ansible/roles/csit_shim_image/files/files/badkeypub +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyUNd/iRk5Ajw4ZBB0gXyjzecEzQHh/MctgvHGJjasqJDkwYyZBrunUorOZ3n82W8VGdd5+eNINCWOM/ERjuaHjnutfade+ocPgZRdk+kEgTvetDVNWIgBd0PMVcnp57jJfx7CZVqTNgGeVQ8OJ2RbJGeOb/EKApQI74IPkAfc0PSieSw5gC0eqEOHb39Awgp0ycrzsUHF/OEicfCmo+6vvrMGenDe7frKUoTKYMWs7l3DOyFC8NaOxhGD3J1Ne5u3A/r4w6mN1HVI0rFwIcoms+t0B4lb2ODWKZiZikQdn8/eqwsmbSEZZsWN3FkshgjPS83+dNqVwB6pPY5Yqte7 ejk@bhima.local
\ No newline at end of file diff --git a/resources/tools/testbed-setup/ansible/roles/csit_shim_image/files/files/sshconfig b/resources/tools/testbed-setup/ansible/roles/csit_shim_image/files/files/sshconfig deleted file mode 100644 index e7bd90757e..0000000000 --- a/resources/tools/testbed-setup/ansible/roles/csit_shim_image/files/files/sshconfig +++ /dev/null @@ -1,3 +0,0 @@ -Host 172.17.0.* - StrictHostKeyChecking no - UserKnownHostsFile=/dev/null
\ No newline at end of file diff --git a/resources/tools/testbed-setup/ansible/roles/csit_shim_image/files/files/wrapdocker b/resources/tools/testbed-setup/ansible/roles/csit_shim_image/files/files/wrapdocker deleted file mode 100644 index d13f8b7c5e..0000000000 --- a/resources/tools/testbed-setup/ansible/roles/csit_shim_image/files/files/wrapdocker +++ /dev/null @@ -1,113 +0,0 @@ -#!/bin/bash - -# Ensure that all nodes in /dev/mapper correspond to mapped devices currently loaded by the device-mapper kernel driver -dmsetup mknodes - -# First, make sure that cgroups are mounted correctly. -CGROUP=/sys/fs/cgroup -: {LOG:=stdio} - -[ -d $CGROUP ] || - mkdir $CGROUP - -mountpoint -q $CGROUP || - mount -n -t tmpfs -o uid=0,gid=0,mode=0755 cgroup $CGROUP || { - echo "Could not make a tmpfs mount. Did you use --privileged?" - exit 1 - } - -if [ -d /sys/kernel/security ] && ! mountpoint -q /sys/kernel/security -then - mount -t securityfs none /sys/kernel/security || { - echo "Could not mount /sys/kernel/security." - echo "AppArmor detection and --privileged mode might break." - } -fi - -# Mount the cgroup hierarchies exactly as they are in the parent system. -for SUBSYS in $(cut -d: -f2 /proc/1/cgroup) -do - [ -d $CGROUP/$SUBSYS ] || mkdir $CGROUP/$SUBSYS - mountpoint -q $CGROUP/$SUBSYS || - mount -n -t cgroup -o $SUBSYS cgroup $CGROUP/$SUBSYS - - # The two following sections address a bug which manifests itself - # by a cryptic "lxc-start: no ns_cgroup option specified" when - # trying to start containers withina container. - # The bug seems to appear when the cgroup hierarchies are not - # mounted on the exact same directories in the host, and in the - # container. - - # Named, control-less cgroups are mounted with "-o name=foo" - # (and appear as such under /proc/<pid>/cgroup) but are usually - # mounted on a directory named "foo" (without the "name=" prefix). - # Systemd and OpenRC (and possibly others) both create such a - # cgroup. To avoid the aforementioned bug, we symlink "foo" to - # "name=foo". This shouldn't have any adverse effect. - echo $SUBSYS | grep -q ^name= && { - NAME=$(echo $SUBSYS | sed s/^name=//) - ln -s $SUBSYS $CGROUP/$NAME - } - - # Likewise, on at least one system, it has been reported that - # systemd would mount the CPU and CPU accounting controllers - # (respectively "cpu" and "cpuacct") with "-o cpuacct,cpu" - # but on a directory called "cpu,cpuacct" (note the inversion - # in the order of the groups). This tries to work around it. - [ $SUBSYS = cpuacct,cpu ] && ln -s $SUBSYS $CGROUP/cpu,cpuacct -done - -# Note: as I write those lines, the LXC userland tools cannot setup -# a "sub-container" properly if the "devices" cgroup is not in its -# own hierarchy. Let's detect this and issue a warning. -grep -q :devices: /proc/1/cgroup || - echo "WARNING: the 'devices' cgroup should be in its own hierarchy." -grep -qw devices /proc/1/cgroup || - echo "WARNING: it looks like the 'devices' cgroup is not mounted." - -# Now, close extraneous file descriptors. -pushd /proc/self/fd >/dev/null -for FD in * -do - case "$FD" in - # Keep stdin/stdout/stderr - [012]) - ;; - # Nuke everything else - *) - eval exec "$FD>&-" - ;; - esac -done -popd >/dev/null - - -# If a pidfile is still around (for example after a container restart), -# delete it so that docker can start. -rm -rf /var/run/docker.pid - -# If we were given a PORT environment variable, start as a simple daemon; -# otherwise, spawn a shell as well -if [ "$PORT" ] -then - exec dockerd -H 0.0.0.0:$PORT -H unix:///var/run/docker.sock \ - $DOCKER_DAEMON_ARGS -else - if [ "$LOG" == "file" ] - then - dockerd $DOCKER_DAEMON_ARGS &>/var/log/docker.log & - else - dockerd $DOCKER_DAEMON_ARGS & - fi - (( timeout = 60 + SECONDS )) - until docker info >/dev/null 2>&1 - do - if (( SECONDS >= timeout )); then - echo 'Timed out trying to connect to internal docker host.' >&2 - break - fi - sleep 1 - done - [[ $1 ]] && exec "$@" - exec bash --login -fi
\ No newline at end of file diff --git a/resources/tools/testbed-setup/ansible/roles/csit_shim_image/tasks/main.yaml b/resources/tools/testbed-setup/ansible/roles/csit_shim_image/tasks/main.yaml deleted file mode 100644 index bdba4f6563..0000000000 --- a/resources/tools/testbed-setup/ansible/roles/csit_shim_image/tasks/main.yaml +++ /dev/null @@ -1,32 +0,0 @@ ---- -# file: roles/csit_shim_image/tasks/main.yaml - -- name: Create a directory if it does not exist - file: - path: "{{ item }}" - state: "directory" - mode: 0755 - with_items: - - "/opt/csit-shim/" - - "/opt/csit-shim/files" - tags: csit-shim-image - -- name: Copy Build Items - copy: - src: "{{ item }}" - dest: "/opt/csit-shim/{{ item }}" - owner: "root" - group: "root" - mode: 0655 - with_items: - - "Dockerfile" - - "files/badkeypub" - - "files/sshconfig" - - "files/wrapdocker" - tags: csit-shim-image - -- name: Build CSIT shim Docker Image - shell: "docker build -t csit_shim-ubuntu1804:local ." - args: - chdir: "/opt/csit-shim" - tags: csit-shim-image
\ No newline at end of file diff --git a/resources/tools/testbed-setup/ansible/roles/csit_sut_image/files/Dockerfile b/resources/tools/testbed-setup/ansible/roles/csit_sut_image/files/Dockerfile index 936de52c0f..73ff5c5e86 100644 --- a/resources/tools/testbed-setup/ansible/roles/csit_sut_image/files/Dockerfile +++ b/resources/tools/testbed-setup/ansible/roles/csit_sut_image/files/Dockerfile @@ -1,4 +1,4 @@ -# Copyright (c) 2020 Cisco and/or its affiliates. +# Copyright (c) 2021 Cisco and/or its affiliates. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at: @@ -11,55 +11,54 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM ubuntu:18.04 -LABEL Description="CSIT vpp-device ubuntu 18.04 SUT image" +FROM ubuntu:20.04 +LABEL Description="CSIT vpp-device ubuntu 20.04 SUT image" LABEL Version="master" # Setup the environment ENV DEBIAN_FRONTEND=noninteractive -ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8' -ENV NOTVISIBLE "in users profile" -ENV VPP_PYTHON_PREFIX=/var/cache/vpp/python + +# Configure locales +RUN apt-get update -qq \ + && apt-get install -y \ + apt-utils \ + locales \ + && sed -i 's/# \(en_US\.UTF-8 .*\)/\1/' /etc/locale.gen \ + && locale-gen en_US.UTF-8 \ + && dpkg-reconfigure --frontend=noninteractive locales \ + && update-locale LANG=en_US.UTF-8 \ + && TZ=Etc/UTC && ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone \ + && rm -r /var/lib/apt/lists/* +ENV LANG="en_US.UTF-8" LANGUAGE="en_US" LC_ALL="en_US.UTF-8" # Install packages and Docker RUN apt-get -q update \ && apt-get install -y -qq \ - # general tools apt-transport-https \ bridge-utils \ + ca-certificates \ cloud-init \ - curl \ - gdb \ - locales \ - net-tools \ - openssh-server \ - pciutils \ - rsyslog \ - software-properties-common \ - ssh \ - sudo \ - supervisor \ - tar \ - vim \ - wget \ - # csit requirements cmake \ + curl \ dkms \ + gdb \ gfortran \ + libapr1 \ libblas-dev \ libffi-dev \ liblapack-dev \ + libmbedcrypto3 \ + libmbedtls12 \ + libmbedx509-0 \ + libnuma1 \ + libnuma-dev \ libpcap-dev \ + libpixman-1-dev \ libssl-dev \ - python-all \ - python-apt \ - python-cffi \ - python-cffi-backend \ - python-dev \ - python-enum34 \ - python-pip \ - python-setuptools \ - python-virtualenv \ + locales \ + net-tools \ + openssh-server \ + pciutils \ python3-all \ python3-apt \ python3-cffi \ @@ -69,28 +68,23 @@ RUN apt-get -q update \ python3-setuptools \ python3-virtualenv \ qemu-system \ + rsyslog \ socat \ + software-properties-common \ strongswan \ - unzip \ + ssh \ + sshpass \ + sudo \ + supervisor \ + tar \ tcpdump \ + unzip \ + vim \ + wget \ zlib1g-dev \ - # vpp requirements - ca-certificates \ - libapr1 \ - libmbedcrypto1 \ - libmbedtls10 \ - libmbedx509-0 \ - libnuma1 \ - sshpass \ - && curl -L https://packagecloud.io/fdio/master/gpgkey | sudo apt-key add - \ - && curl -s https://packagecloud.io/install/repositories/fdio/master/script.deb.sh | sudo bash \ && curl -fsSL https://get.docker.com | sh \ && rm -rf /var/lib/apt/lists/* -# Configure locales -RUN locale-gen en_US.UTF-8 \ - && dpkg-reconfigure locales - # Fix permissions RUN chown root:syslog /var/log \ && chmod 755 /etc/default @@ -111,7 +105,7 @@ RUN pip3 install \ robotframework==3.1.2 \ scapy==2.4.3 \ scp==0.13.2 \ - ansible==2.7.8 \ + ansible==2.10.7 \ dill==0.2.8.2 \ numpy==1.17.3 \ hdrhistogram==0.6.1 \ @@ -121,6 +115,7 @@ RUN pip3 install \ sphinx-rtd-theme==0.4.0 \ sphinxcontrib-programoutput==0.15 \ sphinxcontrib-robotdoc==0.11.0 \ + ply==3.11 \ alabaster==0.7.12 \ Babel==2.7.0 \ bcrypt==3.1.7 \ @@ -156,7 +151,7 @@ RUN pip3 install \ # ARM workaround RUN pip3 install \ pandas==0.25.3 \ - scipy==1.1.0 + scipy==1.5.4 # SSH settings RUN echo 'root:Csit1234' | chpasswd \ diff --git a/resources/tools/testbed-setup/ansible/roles/csit_sut_image/tasks/main.yaml b/resources/tools/testbed-setup/ansible/roles/csit_sut_image/tasks/main.yaml index 8712060b48..2affe4b18e 100644 --- a/resources/tools/testbed-setup/ansible/roles/csit_sut_image/tasks/main.yaml +++ b/resources/tools/testbed-setup/ansible/roles/csit_sut_image/tasks/main.yaml @@ -23,7 +23,7 @@ - csit-sut-image - name: Build CSIT SUT Docker Image - shell: "docker build -t csit_sut-ubuntu1804:local ." + shell: "docker build -t csit_sut-ubuntu2004:local ." args: chdir: "/opt/csit-sut" tags: diff --git a/resources/tools/testbed-setup/ansible/roles/docker/defaults/main.yaml b/resources/tools/testbed-setup/ansible/roles/docker/defaults/main.yaml index e665860dfb..8343558238 100644 --- a/resources/tools/testbed-setup/ansible/roles/docker/defaults/main.yaml +++ b/resources/tools/testbed-setup/ansible/roles/docker/defaults/main.yaml @@ -35,10 +35,4 @@ docker_daemon_environment_http: - "NO_PROXY={{ proxy_env.no_proxy }}" docker_daemon_environment_https: - "HTTPS_PROXY={{ proxy_env.https_proxy }}" - - "NO_PROXY={{ proxy_env.no_proxy }}" - -docker_daemon: - # https://docs.docker.com/engine/reference/commandline/dockerd/#daemon-configuration-file - dns: [ "172.17.0.1" ] - dns-opts: [] - dns-search: [ "{{ansible_hostname}}" ]
\ No newline at end of file + - "NO_PROXY={{ proxy_env.no_proxy }}"
\ No newline at end of file |