aboutsummaryrefslogtreecommitdiffstats
path: root/resources/tools/testbed-setup/ansible/roles
diff options
context:
space:
mode:
Diffstat (limited to 'resources/tools/testbed-setup/ansible/roles')
-rw-r--r--resources/tools/testbed-setup/ansible/roles/csit_shim_image/files/Dockerfile61
-rw-r--r--resources/tools/testbed-setup/ansible/roles/csit_shim_image/files/files/badkeypub1
-rw-r--r--resources/tools/testbed-setup/ansible/roles/csit_shim_image/files/files/sshconfig3
-rw-r--r--resources/tools/testbed-setup/ansible/roles/csit_shim_image/files/files/wrapdocker113
-rw-r--r--resources/tools/testbed-setup/ansible/roles/csit_shim_image/tasks/main.yaml32
-rw-r--r--resources/tools/testbed-setup/ansible/roles/csit_sut_image/files/Dockerfile91
-rw-r--r--resources/tools/testbed-setup/ansible/roles/csit_sut_image/tasks/main.yaml2
-rw-r--r--resources/tools/testbed-setup/ansible/roles/docker/defaults/main.yaml8
8 files changed, 45 insertions, 266 deletions
diff --git a/resources/tools/testbed-setup/ansible/roles/csit_shim_image/files/Dockerfile b/resources/tools/testbed-setup/ansible/roles/csit_shim_image/files/Dockerfile
deleted file mode 100644
index 2b2e1eae55..0000000000
--- a/resources/tools/testbed-setup/ansible/roles/csit_shim_image/files/Dockerfile
+++ /dev/null
@@ -1,61 +0,0 @@
-# Copyright (c) 2020 Cisco and/or its affiliates.
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at:
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-FROM ubuntu:18.04
-LABEL Description="CSIT vpp-device ubuntu 18.04 shim image"
-LABEL Version="master"
-
-# Setup the environment
-ENV DEBIAN_FRONTEND=noninteractive
-ENV NOTVISIBLE "in users profile"
-RUN echo "export VISIBLE=now" >> /etc/profile
-
-ADD files/wrapdocker /usr/local/bin/wrapdocker
-RUN chmod +x /usr/local/bin/wrapdocker
-
-# Install packages and Docker
-RUN apt-get -q update \
- && apt-get install -y -qq \
- bash \
- curl \
- iproute2 \
- locales \
- ssh \
- sudo \
- tzdata \
- uuid-runtime \
- && curl -fsSL https://get.docker.com | sh \
- && rm -rf /var/lib/apt/lists/*
-
-# Configure locales
-RUN locale-gen en_US
-
-RUN mkdir /var/run/sshd
-RUN echo 'root:Csit1234' | chpasswd
-RUN sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config
-
-# SSH login fix. Otherwise user is kicked off after login
-RUN sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd
-
-# Need volume for sidecar docker launches
-VOLUME /var/lib/docker
-
-# SSH to listen on port 6022 in shim
-RUN echo 'Port 6022' >>/etc/ssh/sshd_config
-RUN echo 'Port 6023' >>/etc/ssh/sshd_config
-ADD files/badkeypub /root/.ssh/authorized_keys
-ADD files/sshconfig /root/.ssh/config
-
-# Start sshd by default
-EXPOSE 22
-CMD ["/usr/sbin/sshd", "-D"] \ No newline at end of file
diff --git a/resources/tools/testbed-setup/ansible/roles/csit_shim_image/files/files/badkeypub b/resources/tools/testbed-setup/ansible/roles/csit_shim_image/files/files/badkeypub
deleted file mode 100644
index 4530b66b05..0000000000
--- a/resources/tools/testbed-setup/ansible/roles/csit_shim_image/files/files/badkeypub
+++ /dev/null
@@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyUNd/iRk5Ajw4ZBB0gXyjzecEzQHh/MctgvHGJjasqJDkwYyZBrunUorOZ3n82W8VGdd5+eNINCWOM/ERjuaHjnutfade+ocPgZRdk+kEgTvetDVNWIgBd0PMVcnp57jJfx7CZVqTNgGeVQ8OJ2RbJGeOb/EKApQI74IPkAfc0PSieSw5gC0eqEOHb39Awgp0ycrzsUHF/OEicfCmo+6vvrMGenDe7frKUoTKYMWs7l3DOyFC8NaOxhGD3J1Ne5u3A/r4w6mN1HVI0rFwIcoms+t0B4lb2ODWKZiZikQdn8/eqwsmbSEZZsWN3FkshgjPS83+dNqVwB6pPY5Yqte7 ejk@bhima.local \ No newline at end of file
diff --git a/resources/tools/testbed-setup/ansible/roles/csit_shim_image/files/files/sshconfig b/resources/tools/testbed-setup/ansible/roles/csit_shim_image/files/files/sshconfig
deleted file mode 100644
index e7bd90757e..0000000000
--- a/resources/tools/testbed-setup/ansible/roles/csit_shim_image/files/files/sshconfig
+++ /dev/null
@@ -1,3 +0,0 @@
-Host 172.17.0.*
- StrictHostKeyChecking no
- UserKnownHostsFile=/dev/null \ No newline at end of file
diff --git a/resources/tools/testbed-setup/ansible/roles/csit_shim_image/files/files/wrapdocker b/resources/tools/testbed-setup/ansible/roles/csit_shim_image/files/files/wrapdocker
deleted file mode 100644
index d13f8b7c5e..0000000000
--- a/resources/tools/testbed-setup/ansible/roles/csit_shim_image/files/files/wrapdocker
+++ /dev/null
@@ -1,113 +0,0 @@
-#!/bin/bash
-
-# Ensure that all nodes in /dev/mapper correspond to mapped devices currently loaded by the device-mapper kernel driver
-dmsetup mknodes
-
-# First, make sure that cgroups are mounted correctly.
-CGROUP=/sys/fs/cgroup
-: {LOG:=stdio}
-
-[ -d $CGROUP ] ||
- mkdir $CGROUP
-
-mountpoint -q $CGROUP ||
- mount -n -t tmpfs -o uid=0,gid=0,mode=0755 cgroup $CGROUP || {
- echo "Could not make a tmpfs mount. Did you use --privileged?"
- exit 1
- }
-
-if [ -d /sys/kernel/security ] && ! mountpoint -q /sys/kernel/security
-then
- mount -t securityfs none /sys/kernel/security || {
- echo "Could not mount /sys/kernel/security."
- echo "AppArmor detection and --privileged mode might break."
- }
-fi
-
-# Mount the cgroup hierarchies exactly as they are in the parent system.
-for SUBSYS in $(cut -d: -f2 /proc/1/cgroup)
-do
- [ -d $CGROUP/$SUBSYS ] || mkdir $CGROUP/$SUBSYS
- mountpoint -q $CGROUP/$SUBSYS ||
- mount -n -t cgroup -o $SUBSYS cgroup $CGROUP/$SUBSYS
-
- # The two following sections address a bug which manifests itself
- # by a cryptic "lxc-start: no ns_cgroup option specified" when
- # trying to start containers withina container.
- # The bug seems to appear when the cgroup hierarchies are not
- # mounted on the exact same directories in the host, and in the
- # container.
-
- # Named, control-less cgroups are mounted with "-o name=foo"
- # (and appear as such under /proc/<pid>/cgroup) but are usually
- # mounted on a directory named "foo" (without the "name=" prefix).
- # Systemd and OpenRC (and possibly others) both create such a
- # cgroup. To avoid the aforementioned bug, we symlink "foo" to
- # "name=foo". This shouldn't have any adverse effect.
- echo $SUBSYS | grep -q ^name= && {
- NAME=$(echo $SUBSYS | sed s/^name=//)
- ln -s $SUBSYS $CGROUP/$NAME
- }
-
- # Likewise, on at least one system, it has been reported that
- # systemd would mount the CPU and CPU accounting controllers
- # (respectively "cpu" and "cpuacct") with "-o cpuacct,cpu"
- # but on a directory called "cpu,cpuacct" (note the inversion
- # in the order of the groups). This tries to work around it.
- [ $SUBSYS = cpuacct,cpu ] && ln -s $SUBSYS $CGROUP/cpu,cpuacct
-done
-
-# Note: as I write those lines, the LXC userland tools cannot setup
-# a "sub-container" properly if the "devices" cgroup is not in its
-# own hierarchy. Let's detect this and issue a warning.
-grep -q :devices: /proc/1/cgroup ||
- echo "WARNING: the 'devices' cgroup should be in its own hierarchy."
-grep -qw devices /proc/1/cgroup ||
- echo "WARNING: it looks like the 'devices' cgroup is not mounted."
-
-# Now, close extraneous file descriptors.
-pushd /proc/self/fd >/dev/null
-for FD in *
-do
- case "$FD" in
- # Keep stdin/stdout/stderr
- [012])
- ;;
- # Nuke everything else
- *)
- eval exec "$FD>&-"
- ;;
- esac
-done
-popd >/dev/null
-
-
-# If a pidfile is still around (for example after a container restart),
-# delete it so that docker can start.
-rm -rf /var/run/docker.pid
-
-# If we were given a PORT environment variable, start as a simple daemon;
-# otherwise, spawn a shell as well
-if [ "$PORT" ]
-then
- exec dockerd -H 0.0.0.0:$PORT -H unix:///var/run/docker.sock \
- $DOCKER_DAEMON_ARGS
-else
- if [ "$LOG" == "file" ]
- then
- dockerd $DOCKER_DAEMON_ARGS &>/var/log/docker.log &
- else
- dockerd $DOCKER_DAEMON_ARGS &
- fi
- (( timeout = 60 + SECONDS ))
- until docker info >/dev/null 2>&1
- do
- if (( SECONDS >= timeout )); then
- echo 'Timed out trying to connect to internal docker host.' >&2
- break
- fi
- sleep 1
- done
- [[ $1 ]] && exec "$@"
- exec bash --login
-fi \ No newline at end of file
diff --git a/resources/tools/testbed-setup/ansible/roles/csit_shim_image/tasks/main.yaml b/resources/tools/testbed-setup/ansible/roles/csit_shim_image/tasks/main.yaml
deleted file mode 100644
index bdba4f6563..0000000000
--- a/resources/tools/testbed-setup/ansible/roles/csit_shim_image/tasks/main.yaml
+++ /dev/null
@@ -1,32 +0,0 @@
----
-# file: roles/csit_shim_image/tasks/main.yaml
-
-- name: Create a directory if it does not exist
- file:
- path: "{{ item }}"
- state: "directory"
- mode: 0755
- with_items:
- - "/opt/csit-shim/"
- - "/opt/csit-shim/files"
- tags: csit-shim-image
-
-- name: Copy Build Items
- copy:
- src: "{{ item }}"
- dest: "/opt/csit-shim/{{ item }}"
- owner: "root"
- group: "root"
- mode: 0655
- with_items:
- - "Dockerfile"
- - "files/badkeypub"
- - "files/sshconfig"
- - "files/wrapdocker"
- tags: csit-shim-image
-
-- name: Build CSIT shim Docker Image
- shell: "docker build -t csit_shim-ubuntu1804:local ."
- args:
- chdir: "/opt/csit-shim"
- tags: csit-shim-image \ No newline at end of file
diff --git a/resources/tools/testbed-setup/ansible/roles/csit_sut_image/files/Dockerfile b/resources/tools/testbed-setup/ansible/roles/csit_sut_image/files/Dockerfile
index 936de52c0f..73ff5c5e86 100644
--- a/resources/tools/testbed-setup/ansible/roles/csit_sut_image/files/Dockerfile
+++ b/resources/tools/testbed-setup/ansible/roles/csit_sut_image/files/Dockerfile
@@ -1,4 +1,4 @@
-# Copyright (c) 2020 Cisco and/or its affiliates.
+# Copyright (c) 2021 Cisco and/or its affiliates.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at:
@@ -11,55 +11,54 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-FROM ubuntu:18.04
-LABEL Description="CSIT vpp-device ubuntu 18.04 SUT image"
+FROM ubuntu:20.04
+LABEL Description="CSIT vpp-device ubuntu 20.04 SUT image"
LABEL Version="master"
# Setup the environment
ENV DEBIAN_FRONTEND=noninteractive
-ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8'
-ENV NOTVISIBLE "in users profile"
-ENV VPP_PYTHON_PREFIX=/var/cache/vpp/python
+
+# Configure locales
+RUN apt-get update -qq \
+ && apt-get install -y \
+ apt-utils \
+ locales \
+ && sed -i 's/# \(en_US\.UTF-8 .*\)/\1/' /etc/locale.gen \
+ && locale-gen en_US.UTF-8 \
+ && dpkg-reconfigure --frontend=noninteractive locales \
+ && update-locale LANG=en_US.UTF-8 \
+ && TZ=Etc/UTC && ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone \
+ && rm -r /var/lib/apt/lists/*
+ENV LANG="en_US.UTF-8" LANGUAGE="en_US" LC_ALL="en_US.UTF-8"
# Install packages and Docker
RUN apt-get -q update \
&& apt-get install -y -qq \
- # general tools
apt-transport-https \
bridge-utils \
+ ca-certificates \
cloud-init \
- curl \
- gdb \
- locales \
- net-tools \
- openssh-server \
- pciutils \
- rsyslog \
- software-properties-common \
- ssh \
- sudo \
- supervisor \
- tar \
- vim \
- wget \
- # csit requirements
cmake \
+ curl \
dkms \
+ gdb \
gfortran \
+ libapr1 \
libblas-dev \
libffi-dev \
liblapack-dev \
+ libmbedcrypto3 \
+ libmbedtls12 \
+ libmbedx509-0 \
+ libnuma1 \
+ libnuma-dev \
libpcap-dev \
+ libpixman-1-dev \
libssl-dev \
- python-all \
- python-apt \
- python-cffi \
- python-cffi-backend \
- python-dev \
- python-enum34 \
- python-pip \
- python-setuptools \
- python-virtualenv \
+ locales \
+ net-tools \
+ openssh-server \
+ pciutils \
python3-all \
python3-apt \
python3-cffi \
@@ -69,28 +68,23 @@ RUN apt-get -q update \
python3-setuptools \
python3-virtualenv \
qemu-system \
+ rsyslog \
socat \
+ software-properties-common \
strongswan \
- unzip \
+ ssh \
+ sshpass \
+ sudo \
+ supervisor \
+ tar \
tcpdump \
+ unzip \
+ vim \
+ wget \
zlib1g-dev \
- # vpp requirements
- ca-certificates \
- libapr1 \
- libmbedcrypto1 \
- libmbedtls10 \
- libmbedx509-0 \
- libnuma1 \
- sshpass \
- && curl -L https://packagecloud.io/fdio/master/gpgkey | sudo apt-key add - \
- && curl -s https://packagecloud.io/install/repositories/fdio/master/script.deb.sh | sudo bash \
&& curl -fsSL https://get.docker.com | sh \
&& rm -rf /var/lib/apt/lists/*
-# Configure locales
-RUN locale-gen en_US.UTF-8 \
- && dpkg-reconfigure locales
-
# Fix permissions
RUN chown root:syslog /var/log \
&& chmod 755 /etc/default
@@ -111,7 +105,7 @@ RUN pip3 install \
robotframework==3.1.2 \
scapy==2.4.3 \
scp==0.13.2 \
- ansible==2.7.8 \
+ ansible==2.10.7 \
dill==0.2.8.2 \
numpy==1.17.3 \
hdrhistogram==0.6.1 \
@@ -121,6 +115,7 @@ RUN pip3 install \
sphinx-rtd-theme==0.4.0 \
sphinxcontrib-programoutput==0.15 \
sphinxcontrib-robotdoc==0.11.0 \
+ ply==3.11 \
alabaster==0.7.12 \
Babel==2.7.0 \
bcrypt==3.1.7 \
@@ -156,7 +151,7 @@ RUN pip3 install \
# ARM workaround
RUN pip3 install \
pandas==0.25.3 \
- scipy==1.1.0
+ scipy==1.5.4
# SSH settings
RUN echo 'root:Csit1234' | chpasswd \
diff --git a/resources/tools/testbed-setup/ansible/roles/csit_sut_image/tasks/main.yaml b/resources/tools/testbed-setup/ansible/roles/csit_sut_image/tasks/main.yaml
index 8712060b48..2affe4b18e 100644
--- a/resources/tools/testbed-setup/ansible/roles/csit_sut_image/tasks/main.yaml
+++ b/resources/tools/testbed-setup/ansible/roles/csit_sut_image/tasks/main.yaml
@@ -23,7 +23,7 @@
- csit-sut-image
- name: Build CSIT SUT Docker Image
- shell: "docker build -t csit_sut-ubuntu1804:local ."
+ shell: "docker build -t csit_sut-ubuntu2004:local ."
args:
chdir: "/opt/csit-sut"
tags:
diff --git a/resources/tools/testbed-setup/ansible/roles/docker/defaults/main.yaml b/resources/tools/testbed-setup/ansible/roles/docker/defaults/main.yaml
index e665860dfb..8343558238 100644
--- a/resources/tools/testbed-setup/ansible/roles/docker/defaults/main.yaml
+++ b/resources/tools/testbed-setup/ansible/roles/docker/defaults/main.yaml
@@ -35,10 +35,4 @@ docker_daemon_environment_http:
- "NO_PROXY={{ proxy_env.no_proxy }}"
docker_daemon_environment_https:
- "HTTPS_PROXY={{ proxy_env.https_proxy }}"
- - "NO_PROXY={{ proxy_env.no_proxy }}"
-
-docker_daemon:
- # https://docs.docker.com/engine/reference/commandline/dockerd/#daemon-configuration-file
- dns: [ "172.17.0.1" ]
- dns-opts: []
- dns-search: [ "{{ansible_hostname}}" ] \ No newline at end of file
+ - "NO_PROXY={{ proxy_env.no_proxy }}" \ No newline at end of file