diff options
Diffstat (limited to 'resources/tools/testbed-setup/ansible/roles')
28 files changed, 746 insertions, 98 deletions
diff --git a/resources/tools/testbed-setup/ansible/roles/cleanup/tasks/kill_containers.yaml b/resources/tools/testbed-setup/ansible/roles/cleanup/tasks/kill_containers.yaml index 1cd64351a8..ad4fb37681 100644 --- a/resources/tools/testbed-setup/ansible/roles/cleanup/tasks/kill_containers.yaml +++ b/resources/tools/testbed-setup/ansible/roles/cleanup/tasks/kill_containers.yaml @@ -1,29 +1,38 @@ --- # file: roles/cleanup/tasks/kill_containers.yaml -- name: Kill containers +- name: Kill Docker Containers block: - - name: Kill container - Get running Docker containers + - name: Kill container - Get Running Docker Containers shell: "docker ps -aq" register: running_containers changed_when: no tags: kill-containers - - name: Kill container - Remove all Docker containers + - name: Kill container - Remove All Docker Containers shell: "docker rm --force {{ item }}" with_items: "{{ running_containers.stdout_lines }}" tags: kill-containers - - name: Kill container - Get running LXC containers + rescue: + - name: Restart Docker Daemon + systemd: + name: "docker" + state: "restarted" + +- name: Kill LXC Containers + block: + - name: Kill container - Get Running LXC Containers shell: "lxc-ls" register: running_containers changed_when: no tags: kill-containers - - name: Kill container - Remove all LXC containers + - name: Kill container - Remove All LXC Containers shell: "lxc-destroy --force -n {{ item }}" with_items: "{{ running_containers.stdout_lines }}" tags: kill-containers + rescue: - fail: - msg: "Kill containers failed!" + msg: "Kill LXC containers failed!"
\ No newline at end of file diff --git a/resources/tools/testbed-setup/ansible/roles/cleanup/tasks/kill_process.yaml b/resources/tools/testbed-setup/ansible/roles/cleanup/tasks/kill_process.yaml index a593fc7616..30a9f459b5 100644 --- a/resources/tools/testbed-setup/ansible/roles/cleanup/tasks/kill_process.yaml +++ b/resources/tools/testbed-setup/ansible/roles/cleanup/tasks/kill_process.yaml @@ -27,6 +27,7 @@ shell: "kill -9 {{ item }}" with_items: "{{ killed_processes.results | select('failed') | map(attribute='item') | list }}" tags: kill-process + rescue: - fail: msg: "Kill process {{ process }} failed!" diff --git a/resources/tools/testbed-setup/ansible/roles/cleanup/tasks/sut.yaml b/resources/tools/testbed-setup/ansible/roles/cleanup/tasks/sut.yaml index c24b5e6a7f..53a65dd608 100644 --- a/resources/tools/testbed-setup/ansible/roles/cleanup/tasks/sut.yaml +++ b/resources/tools/testbed-setup/ansible/roles/cleanup/tasks/sut.yaml @@ -33,26 +33,38 @@ process: "vpp_echo" tags: kill-process + - name: Find file or dir - Core zip file + find: + paths: "/tmp/" + patterns: "*tar.lzo.lrz.xz*" + register: files_to_delete + tags: remove-file-dir + - name: Remove file or dir - Core zip file file: + path: "{{ item.path }}" state: absent - path: "/tmp/*tar.lzo.lrz.xz*" + with_items: "{{ files_to_delete.files }}" + tags: remove-file-dir + + - name: Find file or dir - Core dump file + find: + paths: "/tmp/" + patterns: "*core*" + register: files_to_delete tags: remove-file-dir - name: Remove file or dir - Core dump file file: + path: "{{ item.path }}" state: absent - path: "/tmp/*core*" + with_items: "{{ files_to_delete.files }}" tags: remove-file-dir - name: Kill containers - Remove all containers import_tasks: kill_containers.yaml tags: kill-containers - - name: Kubernetes - Reset - raw: 'kubeadm reset --force' - tags: kill-kubernetes - - name: Remove packages - Remove VPP import_tasks: remove_package.yaml vars: diff --git a/resources/tools/testbed-setup/ansible/roles/consul/defaults/main.yaml b/resources/tools/testbed-setup/ansible/roles/consul/defaults/main.yaml new file mode 100644 index 0000000000..786554eb58 --- /dev/null +++ b/resources/tools/testbed-setup/ansible/roles/consul/defaults/main.yaml @@ -0,0 +1,110 @@ +--- +# file: roles/consul/defaults/main.yaml + +# Inst - Prerequisites. +packages: "{{ packages_base + packages_by_distro[ansible_distribution | lower] + packages_by_arch[ansible_machine] }}" + +packages_base: + - "cgroup-bin" + - "curl" + - "git" + - "libcgroup1" + - "unzip" + - "htop" +packages_by_distro: + ubuntu: + - [] +packages_by_arch: + aarch64: + - [] + x86_64: + - [] + +# Inst - Download Consul. +consul_architecture_map: + amd64: "amd64" + x86_64: "amd64" + armv7l: "arm" + aarch64: "arm64" + 32-bit: "386" + 64-bit: "amd64" +consul_architecture: "{{ consul_architecture_map[ansible_architecture] }}" +consul_version: "1.8.6" +consul_pkg: "consul_{{ consul_version }}_linux_{{ consul_architecture }}.zip" +consul_zip_url: "https://releases.hashicorp.com/consul/{{ consul_version }}/{{ consul_pkg }}" + +# Inst - System paths. +consul_bin_dir: "/usr/local/bin" +consul_config_dir: "/etc/consul.d" +consul_data_dir: "/var/consul" +consul_inst_dir: "/opt" +consul_lockfile: "/var/lock/subsys/consul" +consul_run_dir: "/var/run/consul" +consul_ssl_dir: "/etc/consul.d/ssl" +nomad_config_dir: "/etc/nomad.d" + +# Conf - Service. +consul_node_role: "both" +consul_restart_handler_state: "restarted" +nomad_restart_handler_state: "restarted" +systemd_resolved_state: "stopped" + +# Conf - User and group. +consul_group: "consul" +consul_group_state: "present" +consul_manage_group: true +consul_manage_user: true +consul_user: "consul" +consul_user_groups: [ docker, nomad, consul, root ] +consul_user_state: "present" + +# Conf - nomad.d/consul.hcl +consul_nomad_integration: true +consul_certificates: + - src: "{{ vault_consul_v1_ca_file }}" + dest: "{{ consul_ca_file }}" + - src: "{{ vault_consul_v1_cert_file }}" + dest: "{{ consul_cert_file }}" + - src: "{{ vault_consul_v1_key_file }}" + dest: "{{ consul_key_file }}" + +consul_auto_advertise: true +consul_checks_use_advertise: true +consul_server_service_name: "nomad" +consul_client_service_name: "nomad-client" +consul_server_auto_join: false +consul_client_auto_join: true +consul_ACL_token_set: false +consul_token: "consul_token_default" + +# Conf - base.hcl +consul_bind_addr: "{{ ansible_default_ipv4.address }}" +consul_client_addr: "0.0.0.0" +consul_datacenter: "dc1" +consul_disable_update_check: true +consul_enable_debug: false +consul_enable_syslog: true +consul_log_level: "INFO" +consul_node_name: "{{ inventory_hostname }}" +consul_retry_join: true +consul_bootstrap_expect: 2 +consul_encrypt: "" +consul_ca_file: "{{ consul_ssl_dir }}/ca.pem" +consul_cert_file: "{{ consul_ssl_dir }}/consul.pem" +consul_key_file: "{{ consul_ssl_dir }}/consul-key.pem" +consul_ui: true +consul_recursors: + - 1.1.1.1 + - 8.8.8.8 + +# Conf - ports.hcl +consul_port_dns: 53 +consul_port_http: 8500 +consul_port_https: 8501 +consul_port_grpc: 8502 +consul_port_serf_lan: 8301 +consul_port_serf_wan: 8302 +consul_port_server: 8300 + +# Conf - services.json +consul_services: false
\ No newline at end of file diff --git a/resources/tools/testbed-setup/ansible/roles/consul/handlers/main.yaml b/resources/tools/testbed-setup/ansible/roles/consul/handlers/main.yaml new file mode 100644 index 0000000000..338baea74e --- /dev/null +++ b/resources/tools/testbed-setup/ansible/roles/consul/handlers/main.yaml @@ -0,0 +1,23 @@ +--- +# file roles/consul/handlers/main.yaml + +- name: Restart Nomad + systemd: + daemon_reload: true + enabled: true + name: "nomad" + state: "{{ nomad_restart_handler_state }}" + +- name: Restart Consul + systemd: + daemon_reload: true + enabled: true + name: "consul" + state: "{{ consul_restart_handler_state }}" + +- name: Stop Systemd-resolved + systemd: + daemon_reload: true + enabled: false + name: "systemd-resolved" + state: "{{ systemd_resolved_state }}"
\ No newline at end of file diff --git a/resources/tools/testbed-setup/ansible/roles/consul/meta/main.yaml b/resources/tools/testbed-setup/ansible/roles/consul/meta/main.yaml new file mode 100644 index 0000000000..4ada8efad6 --- /dev/null +++ b/resources/tools/testbed-setup/ansible/roles/consul/meta/main.yaml @@ -0,0 +1,9 @@ +--- +# file: roles/consul/meta/main.yaml + +# desc: Install consul from stable branch and configure service. +# inst: Consul +# conf: ? +# info: 1.0 - added role + +dependencies: [ ] diff --git a/resources/tools/testbed-setup/ansible/roles/consul/tasks/main.yaml b/resources/tools/testbed-setup/ansible/roles/consul/tasks/main.yaml new file mode 100644 index 0000000000..9d1ca1980d --- /dev/null +++ b/resources/tools/testbed-setup/ansible/roles/consul/tasks/main.yaml @@ -0,0 +1,164 @@ +--- +# file: roles/consul/tasks/main.yaml + +- name: Inst - Prerequisites + package: + name: "{{ packages | flatten(levels=1) }}" + state: latest + update_cache: true + tags: + - consul-inst-prerequisites + +- name: Conf - Add Consul Group + group: + name: "{{ consul_group }}" + state: "{{ consul_group_state }}" + when: + - consul_manage_group | bool + tags: + - consul-conf-user + +- name: Conf - Add Consul user + user: + name: "{{ consul_user }}" + group: "{{ consul_group }}" + groups: "{{ consul_user_groups }}" + state: "{{ consul_user_state }}" + system: true + when: + - consul_manage_user | bool + tags: + - consul-conf-user + +- name: Inst - Clean Consul + file: + path: "{{ consul_inst_dir }}/consul" + state: "absent" + tags: + - consul-inst-package + +- name: Inst - Download Consul + get_url: + url: "{{ consul_zip_url }}" + dest: "{{ consul_inst_dir }}/{{ consul_pkg }}" + tags: + - consul-inst-package + +- name: Inst - Unarchive Consul + unarchive: + src: "{{ consul_inst_dir }}/{{ consul_pkg }}" + dest: "{{ consul_inst_dir }}/" + creates: "{{ consul_inst_dir }}/consul" + remote_src: true + tags: + - consul-inst-package + +- name: Inst - Consul + copy: + src: "{{ consul_inst_dir }}/consul" + dest: "{{ consul_bin_dir }}" + owner: "{{ consul_user }}" + group: "{{ consul_group }}" + force: true + mode: 0755 + remote_src: true + tags: + - consul-inst-package + +- name: Conf - Create Directories "{{ consul_data_dir }}" + file: + dest: "{{ consul_data_dir }}" + state: directory + owner: "{{ consul_user }}" + group: "{{ consul_group }}" + tags: + - consul-conf + +- name: Conf - Create Directories "{{ consul_ssl_dir }}" + file: + dest: "{{ consul_ssl_dir }}" + state: directory + owner: "{{ consul_user }}" + group: "{{ consul_group }}" + tags: + - consul-conf + +- name: Conf - Create Config Directory + file: + dest: "{{ consul_config_dir }}" + state: directory + owner: "{{ consul_user }}" + group: "{{ consul_group }}" + mode: 0755 + tags: + - consul-conf + +- name: Conf - Nomad integration Consul Configuration + template: + src: consul.hcl.j2 + dest: "{{ nomad_config_dir }}/consul.hcl" + owner: "nomad" + group: "nomad" + mode: 0644 + when: + - consul_nomad_integration | bool + tags: + - consul-conf + +- name: Conf - Base Configuration + template: + src: base.hcl.j2 + dest: "{{ consul_config_dir }}/base.hcl" + owner: "{{ consul_user }}" + group: "{{ consul_group }}" + mode: 0644 + tags: + - consul-conf + +- name: Conf - Ports Configuration + template: + src: ports.hcl.j2 + dest: "{{ consul_config_dir }}/ports.hcl" + owner: "{{ consul_user }}" + group: "{{ consul_group }}" + mode: 0644 + tags: + - consul-conf + +- name: Conf - Services Configuration + template: + src: services.json.j2 + dest: "{{ consul_config_dir }}/services.json" + owner: "{{ consul_user }}" + group: "{{ consul_group }}" + mode: 0644 + when: + - consul_services + tags: + - consul-conf + +- name: Conf - Copy Certificates And Keys + copy: + content: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: "{{ consul_user }}" + group: "{{ consul_group }}" + mode: 0600 + no_log: true + loop: "{{ consul_certificates | flatten(levels=1) }}" + tags: + - consul-conf + +- name: Conf - System.d Script + template: + src: "consul_systemd.service.j2" + dest: "/lib/systemd/system/consul.service" + owner: "root" + group: "root" + mode: 0644 + notify: + - "Restart Consul" +# - "Stop Systemd-resolved" +# - "Restart Nomad" + tags: + - consul-conf diff --git a/resources/tools/testbed-setup/ansible/roles/consul/templates/base.hcl.j2 b/resources/tools/testbed-setup/ansible/roles/consul/templates/base.hcl.j2 new file mode 100644 index 0000000000..e220c8f687 --- /dev/null +++ b/resources/tools/testbed-setup/ansible/roles/consul/templates/base.hcl.j2 @@ -0,0 +1,43 @@ +node_name = "{{ consul_node_name }}" +datacenter = "{{ consul_datacenter }}" + +bind_addr = "{{ consul_bind_addr }}" +client_addr = "{{ consul_client_addr }}" +data_dir = "{{ consul_data_dir }}" + +enable_syslog = {{ consul_enable_syslog | bool | lower }} +enable_debug = {{ consul_enable_debug | bool | lower }} +disable_update_check = {{ consul_disable_update_check | bool | lower }} +log_level = "{{ consul_log_level }}" + +server = {{ consul_node_server | bool | lower }} +encrypt = "{{ consul_encrypt }}" +{% if consul_node_server | bool == True %} +bootstrap_expect = {{ consul_bootstrap_expect }} +verify_incoming = true +verify_outgoing = true +verify_server_hostname = true +ca_file = "{{ consul_ca_file }}" +cert_file = "{{ consul_cert_file }}" +key_file = "{{ consul_key_file }}" +auto_encrypt { + allow_tls = true +} +{% else %} +verify_incoming = false +verify_outgoing = true +verify_server_hostname = true +ca_file = "{{ consul_ca_file }}" +auto_encrypt { + tls = true +} +{% endif %} +{% if consul_retry_join | bool -%} +retry_join = [ {% for ip_port in consul_retry_servers -%} "{{ ip_port }}"{% if not loop.last %}, {% endif %}{%- endfor -%} ] +{%- endif %} + +ui = {{ consul_ui | bool | lower }} + +{% if consul_recursors -%} +recursors = [ {% for server in consul_recursors -%} "{{ server }}"{% if not loop.last %}, {% endif %}{%- endfor -%} ] +{%- endif %}
\ No newline at end of file diff --git a/resources/tools/testbed-setup/ansible/roles/consul/templates/consul.hcl.j2 b/resources/tools/testbed-setup/ansible/roles/consul/templates/consul.hcl.j2 new file mode 100644 index 0000000000..c78e5e1ce5 --- /dev/null +++ b/resources/tools/testbed-setup/ansible/roles/consul/templates/consul.hcl.j2 @@ -0,0 +1,12 @@ +consul { + auto_advertise = {{ consul_auto_advertise | bool | lower }} + checks_use_advertise = {{ consul_checks_use_advertise | bool | lower }} + client_auto_join = {{ consul_client_auto_join | bool | lower }} + client_service_name = "{{ consul_client_service_name }}" + server_service_name = "{{ consul_server_service_name }}" + server_auto_join = {{ consul_server_auto_join | bool | lower }} +{% if consul_ACL_token_set == True %} + token = "{{ consul_token }}" +{% endif %} + +}
\ No newline at end of file diff --git a/resources/tools/testbed-setup/ansible/roles/consul/templates/consul_systemd.service.j2 b/resources/tools/testbed-setup/ansible/roles/consul/templates/consul_systemd.service.j2 new file mode 100644 index 0000000000..8e1ef1310d --- /dev/null +++ b/resources/tools/testbed-setup/ansible/roles/consul/templates/consul_systemd.service.j2 @@ -0,0 +1,21 @@ +[Unit] +Description=Consul Service +Documentation=https://www.nomadproject.io/docs/ +Wants=network-online.target +After=network-online.target + +[Service] +# TODO: Decrease privilege +ExecReload=/bin/kill -SIGHUP $MAINPID +ExecStart={{ consul_bin_dir }}/consul agent -config-dir {{ consul_config_dir }} +KillSignal=SIGTERM +LimitNOFILE=infinity +LimitNPROC=infinity +Restart=on-failure +RestartSec=1 +User=root +Group=root +Environment="GOMAXPROCS=2" + +[Install] +WantedBy=multi-user.target diff --git a/resources/tools/testbed-setup/ansible/roles/consul/templates/ports.hcl.j2 b/resources/tools/testbed-setup/ansible/roles/consul/templates/ports.hcl.j2 new file mode 100644 index 0000000000..a658060ce8 --- /dev/null +++ b/resources/tools/testbed-setup/ansible/roles/consul/templates/ports.hcl.j2 @@ -0,0 +1,9 @@ +ports { + dns = {{ consul_port_dns }} + http = {{ consul_port_http }} + https = {{ consul_port_https }} + grpc = {{ consul_port_grpc }} + serf_lan = {{ consul_port_serf_lan }} + serf_wan = {{ consul_port_serf_wan }} + server = {{ consul_port_server }} +}
\ No newline at end of file diff --git a/resources/tools/testbed-setup/ansible/roles/consul/templates/services.json.j2 b/resources/tools/testbed-setup/ansible/roles/consul/templates/services.json.j2 new file mode 100644 index 0000000000..3245ba92a4 --- /dev/null +++ b/resources/tools/testbed-setup/ansible/roles/consul/templates/services.json.j2 @@ -0,0 +1,13 @@ +{ + "services": [ +{% for item in consul_services %} + { + "name": "{{ item.name }}", + "port": {{ item.port }} + } +{%- if not loop.last %}, +{% endif %} +{% endfor %} + + ] +}
\ No newline at end of file diff --git a/resources/tools/testbed-setup/ansible/roles/consul/vars/main.yaml b/resources/tools/testbed-setup/ansible/roles/consul/vars/main.yaml new file mode 100644 index 0000000000..b46333a7a7 --- /dev/null +++ b/resources/tools/testbed-setup/ansible/roles/consul/vars/main.yaml @@ -0,0 +1,5 @@ +--- +# file: roles/consul/vars/main.yaml + +consul_node_client: "{{ (consul_node_role == 'client') or (consul_node_role == 'both') }}" +consul_node_server: "{{ (consul_node_role == 'server') or (consul_node_role == 'both') }}" diff --git a/resources/tools/testbed-setup/ansible/roles/csit_shim_image/files/Dockerfile b/resources/tools/testbed-setup/ansible/roles/csit_shim_image/files/Dockerfile new file mode 100644 index 0000000000..2b2e1eae55 --- /dev/null +++ b/resources/tools/testbed-setup/ansible/roles/csit_shim_image/files/Dockerfile @@ -0,0 +1,61 @@ +# Copyright (c) 2020 Cisco and/or its affiliates. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FROM ubuntu:18.04 +LABEL Description="CSIT vpp-device ubuntu 18.04 shim image" +LABEL Version="master" + +# Setup the environment +ENV DEBIAN_FRONTEND=noninteractive +ENV NOTVISIBLE "in users profile" +RUN echo "export VISIBLE=now" >> /etc/profile + +ADD files/wrapdocker /usr/local/bin/wrapdocker +RUN chmod +x /usr/local/bin/wrapdocker + +# Install packages and Docker +RUN apt-get -q update \ + && apt-get install -y -qq \ + bash \ + curl \ + iproute2 \ + locales \ + ssh \ + sudo \ + tzdata \ + uuid-runtime \ + && curl -fsSL https://get.docker.com | sh \ + && rm -rf /var/lib/apt/lists/* + +# Configure locales +RUN locale-gen en_US + +RUN mkdir /var/run/sshd +RUN echo 'root:Csit1234' | chpasswd +RUN sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config + +# SSH login fix. Otherwise user is kicked off after login +RUN sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd + +# Need volume for sidecar docker launches +VOLUME /var/lib/docker + +# SSH to listen on port 6022 in shim +RUN echo 'Port 6022' >>/etc/ssh/sshd_config +RUN echo 'Port 6023' >>/etc/ssh/sshd_config +ADD files/badkeypub /root/.ssh/authorized_keys +ADD files/sshconfig /root/.ssh/config + +# Start sshd by default +EXPOSE 22 +CMD ["/usr/sbin/sshd", "-D"]
\ No newline at end of file diff --git a/resources/tools/testbed-setup/ansible/roles/csit_shim_image/files/files/badkeypub b/resources/tools/testbed-setup/ansible/roles/csit_shim_image/files/files/badkeypub new file mode 100644 index 0000000000..4530b66b05 --- /dev/null +++ b/resources/tools/testbed-setup/ansible/roles/csit_shim_image/files/files/badkeypub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyUNd/iRk5Ajw4ZBB0gXyjzecEzQHh/MctgvHGJjasqJDkwYyZBrunUorOZ3n82W8VGdd5+eNINCWOM/ERjuaHjnutfade+ocPgZRdk+kEgTvetDVNWIgBd0PMVcnp57jJfx7CZVqTNgGeVQ8OJ2RbJGeOb/EKApQI74IPkAfc0PSieSw5gC0eqEOHb39Awgp0ycrzsUHF/OEicfCmo+6vvrMGenDe7frKUoTKYMWs7l3DOyFC8NaOxhGD3J1Ne5u3A/r4w6mN1HVI0rFwIcoms+t0B4lb2ODWKZiZikQdn8/eqwsmbSEZZsWN3FkshgjPS83+dNqVwB6pPY5Yqte7 ejk@bhima.local
\ No newline at end of file diff --git a/resources/tools/testbed-setup/ansible/roles/csit_shim_image/files/files/sshconfig b/resources/tools/testbed-setup/ansible/roles/csit_shim_image/files/files/sshconfig new file mode 100644 index 0000000000..e7bd90757e --- /dev/null +++ b/resources/tools/testbed-setup/ansible/roles/csit_shim_image/files/files/sshconfig @@ -0,0 +1,3 @@ +Host 172.17.0.* + StrictHostKeyChecking no + UserKnownHostsFile=/dev/null
\ No newline at end of file diff --git a/resources/tools/testbed-setup/ansible/roles/csit_shim_image/files/files/wrapdocker b/resources/tools/testbed-setup/ansible/roles/csit_shim_image/files/files/wrapdocker new file mode 100644 index 0000000000..d13f8b7c5e --- /dev/null +++ b/resources/tools/testbed-setup/ansible/roles/csit_shim_image/files/files/wrapdocker @@ -0,0 +1,113 @@ +#!/bin/bash + +# Ensure that all nodes in /dev/mapper correspond to mapped devices currently loaded by the device-mapper kernel driver +dmsetup mknodes + +# First, make sure that cgroups are mounted correctly. +CGROUP=/sys/fs/cgroup +: {LOG:=stdio} + +[ -d $CGROUP ] || + mkdir $CGROUP + +mountpoint -q $CGROUP || + mount -n -t tmpfs -o uid=0,gid=0,mode=0755 cgroup $CGROUP || { + echo "Could not make a tmpfs mount. Did you use --privileged?" + exit 1 + } + +if [ -d /sys/kernel/security ] && ! mountpoint -q /sys/kernel/security +then + mount -t securityfs none /sys/kernel/security || { + echo "Could not mount /sys/kernel/security." + echo "AppArmor detection and --privileged mode might break." + } +fi + +# Mount the cgroup hierarchies exactly as they are in the parent system. +for SUBSYS in $(cut -d: -f2 /proc/1/cgroup) +do + [ -d $CGROUP/$SUBSYS ] || mkdir $CGROUP/$SUBSYS + mountpoint -q $CGROUP/$SUBSYS || + mount -n -t cgroup -o $SUBSYS cgroup $CGROUP/$SUBSYS + + # The two following sections address a bug which manifests itself + # by a cryptic "lxc-start: no ns_cgroup option specified" when + # trying to start containers withina container. + # The bug seems to appear when the cgroup hierarchies are not + # mounted on the exact same directories in the host, and in the + # container. + + # Named, control-less cgroups are mounted with "-o name=foo" + # (and appear as such under /proc/<pid>/cgroup) but are usually + # mounted on a directory named "foo" (without the "name=" prefix). + # Systemd and OpenRC (and possibly others) both create such a + # cgroup. To avoid the aforementioned bug, we symlink "foo" to + # "name=foo". This shouldn't have any adverse effect. + echo $SUBSYS | grep -q ^name= && { + NAME=$(echo $SUBSYS | sed s/^name=//) + ln -s $SUBSYS $CGROUP/$NAME + } + + # Likewise, on at least one system, it has been reported that + # systemd would mount the CPU and CPU accounting controllers + # (respectively "cpu" and "cpuacct") with "-o cpuacct,cpu" + # but on a directory called "cpu,cpuacct" (note the inversion + # in the order of the groups). This tries to work around it. + [ $SUBSYS = cpuacct,cpu ] && ln -s $SUBSYS $CGROUP/cpu,cpuacct +done + +# Note: as I write those lines, the LXC userland tools cannot setup +# a "sub-container" properly if the "devices" cgroup is not in its +# own hierarchy. Let's detect this and issue a warning. +grep -q :devices: /proc/1/cgroup || + echo "WARNING: the 'devices' cgroup should be in its own hierarchy." +grep -qw devices /proc/1/cgroup || + echo "WARNING: it looks like the 'devices' cgroup is not mounted." + +# Now, close extraneous file descriptors. +pushd /proc/self/fd >/dev/null +for FD in * +do + case "$FD" in + # Keep stdin/stdout/stderr + [012]) + ;; + # Nuke everything else + *) + eval exec "$FD>&-" + ;; + esac +done +popd >/dev/null + + +# If a pidfile is still around (for example after a container restart), +# delete it so that docker can start. +rm -rf /var/run/docker.pid + +# If we were given a PORT environment variable, start as a simple daemon; +# otherwise, spawn a shell as well +if [ "$PORT" ] +then + exec dockerd -H 0.0.0.0:$PORT -H unix:///var/run/docker.sock \ + $DOCKER_DAEMON_ARGS +else + if [ "$LOG" == "file" ] + then + dockerd $DOCKER_DAEMON_ARGS &>/var/log/docker.log & + else + dockerd $DOCKER_DAEMON_ARGS & + fi + (( timeout = 60 + SECONDS )) + until docker info >/dev/null 2>&1 + do + if (( SECONDS >= timeout )); then + echo 'Timed out trying to connect to internal docker host.' >&2 + break + fi + sleep 1 + done + [[ $1 ]] && exec "$@" + exec bash --login +fi
\ No newline at end of file diff --git a/resources/tools/testbed-setup/ansible/roles/csit_shim_image/tasks/main.yaml b/resources/tools/testbed-setup/ansible/roles/csit_shim_image/tasks/main.yaml new file mode 100644 index 0000000000..bdba4f6563 --- /dev/null +++ b/resources/tools/testbed-setup/ansible/roles/csit_shim_image/tasks/main.yaml @@ -0,0 +1,32 @@ +--- +# file: roles/csit_shim_image/tasks/main.yaml + +- name: Create a directory if it does not exist + file: + path: "{{ item }}" + state: "directory" + mode: 0755 + with_items: + - "/opt/csit-shim/" + - "/opt/csit-shim/files" + tags: csit-shim-image + +- name: Copy Build Items + copy: + src: "{{ item }}" + dest: "/opt/csit-shim/{{ item }}" + owner: "root" + group: "root" + mode: 0655 + with_items: + - "Dockerfile" + - "files/badkeypub" + - "files/sshconfig" + - "files/wrapdocker" + tags: csit-shim-image + +- name: Build CSIT shim Docker Image + shell: "docker build -t csit_shim-ubuntu1804:local ." + args: + chdir: "/opt/csit-shim" + tags: csit-shim-image
\ No newline at end of file diff --git a/resources/tools/testbed-setup/ansible/roles/docker/defaults/main.yaml b/resources/tools/testbed-setup/ansible/roles/docker/defaults/main.yaml index 6c445aa42a..9b182de4c4 100644 --- a/resources/tools/testbed-setup/ansible/roles/docker/defaults/main.yaml +++ b/resources/tools/testbed-setup/ansible/roles/docker/defaults/main.yaml @@ -4,7 +4,7 @@ # Version options. docker_edition: "ce" docker_package: "docker-{{ docker_edition }}" -docker_package_state: present +docker_package_state: latest # Service options. docker_service_state: started @@ -13,10 +13,17 @@ docker_restart_handler_state: restarted # Used only for Debian/Ubuntu. docker_apt_release_channel: "stable" -docker_apt_key: "https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg" -docker_apt_key_state: present docker_apt_repository: "deb https://download.docker.com/linux/{{ ansible_distribution|lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}" docker_apt_repository_state: present +docker_apt_ignore_key_error: true +docker_apt_gpg_key: "https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg" +docker_apt_gpg_key_state: present + +# Used only for RedHat/CentOS/Fedora. +docker_yum_repo_url: https://download.docker.com/linux/{{ (ansible_distribution == "Fedora") | ternary("fedora","centos") }}/docker-{{ docker_edition }}.repo +docker_yum_repo_enable_edge: '0' +docker_yum_repo_enable_test: '0' +docker_yum_gpg_key: https://download.docker.com/linux/centos/gpg # A list of users who will be added to the docker group. docker_users: @@ -28,4 +35,4 @@ docker_daemon_environment_http: - "NO_PROXY={{ proxy_env.no_proxy }}" docker_daemon_environment_https: - "HTTPS_PROXY={{ proxy_env.https_proxy }}" - - "NO_PROXY={{ proxy_env.no_proxy }}" + - "NO_PROXY={{ proxy_env.no_proxy }}"
\ No newline at end of file diff --git a/resources/tools/testbed-setup/ansible/roles/docker/meta/main.yaml b/resources/tools/testbed-setup/ansible/roles/docker/meta/main.yaml index 0dc7d19507..ab3d197791 100644 --- a/resources/tools/testbed-setup/ansible/roles/docker/meta/main.yaml +++ b/resources/tools/testbed-setup/ansible/roles/docker/meta/main.yaml @@ -1,6 +1,4 @@ --- # file: roles/docker/meta/main.yaml -dependencies: [] - - +dependencies: []
\ No newline at end of file diff --git a/resources/tools/testbed-setup/ansible/roles/docker/tasks/main.yaml b/resources/tools/testbed-setup/ansible/roles/docker/tasks/main.yaml index f0cb0d19cf..8158af51b4 100644 --- a/resources/tools/testbed-setup/ansible/roles/docker/tasks/main.yaml +++ b/resources/tools/testbed-setup/ansible/roles/docker/tasks/main.yaml @@ -7,7 +7,9 @@ - name: Inst - Docker package: - name: "{{ docker_package }}" + name: + - "{{ docker_package }}" + - "{{ docker_package }}-cli" state: "{{ docker_package_state }}" tags: - docker-inst-package diff --git a/resources/tools/testbed-setup/ansible/roles/docker/tasks/ubuntu_bionic.yaml b/resources/tools/testbed-setup/ansible/roles/docker/tasks/ubuntu_bionic.yaml index a38a0af110..2e82c552be 100644 --- a/resources/tools/testbed-setup/ansible/roles/docker/tasks/ubuntu_bionic.yaml +++ b/resources/tools/testbed-setup/ansible/roles/docker/tasks/ubuntu_bionic.yaml @@ -15,8 +15,8 @@ - name: Conf - Add APT Key apt_key: - url: "{{ docker_apt_key }}" - state: "{{ docker_apt_key_state }}" + url: "{{ docker_apt_gpg_key }}" + state: "{{ docker_apt_gpg_key_state }}" tags: docker-conf-apt - name: Conf - Install APT Repository diff --git a/resources/tools/testbed-setup/ansible/roles/nomad/defaults/main.yaml b/resources/tools/testbed-setup/ansible/roles/nomad/defaults/main.yaml index f88e882fce..864890c11e 100644 --- a/resources/tools/testbed-setup/ansible/roles/nomad/defaults/main.yaml +++ b/resources/tools/testbed-setup/ansible/roles/nomad/defaults/main.yaml @@ -84,6 +84,7 @@ nomad_node_class: "" nomad_no_host_uuid: true nomad_options: {} nomad_servers: [] +nomad_volumes: [] # Conf - server.hcl nomad_bootstrap_expect: 2 diff --git a/resources/tools/testbed-setup/ansible/roles/nomad/templates/client.hcl.j2 b/resources/tools/testbed-setup/ansible/roles/nomad/templates/client.hcl.j2 index f15616144f..f245697a22 100644 --- a/resources/tools/testbed-setup/ansible/roles/nomad/templates/client.hcl.j2 +++ b/resources/tools/testbed-setup/ansible/roles/nomad/templates/client.hcl.j2 @@ -19,4 +19,13 @@ client { } {% endif %} + {% if nomad_volumes -%} + {% for volume in nomad_volumes -%} + host_volume "{{ volume.name }}" { + path = "{{ volume.path }}" + read_only = {{ volume.read_only | bool | lower }} + } + {% endfor -%} + {% endif %} + } diff --git a/resources/tools/testbed-setup/ansible/roles/nomad/templates/nomad_systemd.service.j2 b/resources/tools/testbed-setup/ansible/roles/nomad/templates/nomad_systemd.service.j2 index efe2e30bd6..2a87c65063 100644 --- a/resources/tools/testbed-setup/ansible/roles/nomad/templates/nomad_systemd.service.j2 +++ b/resources/tools/testbed-setup/ansible/roles/nomad/templates/nomad_systemd.service.j2 @@ -6,7 +6,7 @@ After=network-online.target [Service] # TODO: Decrease privilege -ExecReload=/bin/kill -SIGKILL $MAINPID +ExecReload=/bin/kill -SIGHUP $MAINPID ExecStart={{ nomad_bin_dir }}/nomad agent -config={{ nomad_config_dir }} KillSignal=SIGTERM LimitNOFILE=infinity diff --git a/resources/tools/testbed-setup/ansible/roles/trex/defaults/main.yaml b/resources/tools/testbed-setup/ansible/roles/trex/defaults/main.yaml index 77d0aaa08a..c3caf52d76 100644 --- a/resources/tools/testbed-setup/ansible/roles/trex/defaults/main.yaml +++ b/resources/tools/testbed-setup/ansible/roles/trex/defaults/main.yaml @@ -28,6 +28,12 @@ packages_by_arch: trex_target_dir: "/opt" trex_url: "https://github.com/cisco-system-traffic-generator/trex-core/archive/" trex_version: + # rls1908 - "2.54" + # rls2001 + # rls2005 - "2.73" + # rls2009 - "2.82" + # rls2101 + - "2.86" diff --git a/resources/tools/testbed-setup/ansible/roles/trex/tasks/deploy_block.yaml b/resources/tools/testbed-setup/ansible/roles/trex/tasks/deploy_block.yaml new file mode 100644 index 0000000000..1513a0a617 --- /dev/null +++ b/resources/tools/testbed-setup/ansible/roles/trex/tasks/deploy_block.yaml @@ -0,0 +1,55 @@ +--- +# file: roles/trex/tasks/deploy_block.yaml + +- name: "Get Release {{ item }}" + get_url: + url: "{{ trex_url }}/v{{ item }}.tar.gz" + dest: "{{ trex_target_dir }}/trex-core-{{ item }}.tar.gz" + validate_certs: False + mode: 0644 + register: trex_downloaded + +- name: "Create Directory {{ item }}" + file: + path: "{{ trex_target_dir }}/trex-core-{{ item }}" + state: "directory" + +- name: "Extract Release {{ item }}" + unarchive: + remote_src: true + src: "{{ trex_target_dir }}/trex-core-{{ item }}.tar.gz" + dest: "{{ trex_target_dir }}/" + creates: "{{ trex_target_dir }}/trex-core-{{ item }}/linux_dpdk/" + register: trex_extracted + +- name: Patch Azure + patch: + src: "files/t-rex.patch" + basedir: "{{ trex_target_dir }}/trex-core-{{ item }}" + strip: 1 + when: + - azure is defined and item == "2.73" + +- name: "Compile Release {{ item }} Part I" + command: "./b configure" + args: + chdir: "{{ trex_target_dir }}/trex-core-{{ item }}/linux_dpdk/" + when: trex_extracted.changed + +- name: "Compile Release {{ item }} Part II" + command: "./b build" + args: + chdir: "{{ trex_target_dir }}/trex-core-{{ item }}/linux_dpdk/" + when: trex_extracted.changed + +- name: "Compile Release {{ item }} Part III" + command: "make -j 16" + args: + chdir: "{{ trex_target_dir }}/trex-core-{{ item }}/scripts/ko/src" + when: trex_extracted.changed + +- name: "Compile Release {{ item }} Part IV" + command: "make install" + args: + chdir: "{{ trex_target_dir }}/trex-core-{{ item }}/scripts/ko/src" + when: trex_extracted.changed
\ No newline at end of file diff --git a/resources/tools/testbed-setup/ansible/roles/trex/tasks/main.yaml b/resources/tools/testbed-setup/ansible/roles/trex/tasks/main.yaml index 4e6715152b..019a27f79d 100644 --- a/resources/tools/testbed-setup/ansible/roles/trex/tasks/main.yaml +++ b/resources/tools/testbed-setup/ansible/roles/trex/tasks/main.yaml @@ -1,7 +1,7 @@ --- # file: roles/trex/tasks/main.yaml -- name: T-Rex - Distribution - Release - Machine Prerequisites +- name: Install Distribution - Release - Machine Prerequisites package: name: "{{ packages | flatten(levels=1) }}" state: latest @@ -9,79 +9,8 @@ tags: - install-dependencies -- name: T-Rex - Get Release Archive - get_url: - url: "{{ trex_url }}/v{{ item }}.tar.gz" - dest: "{{ trex_target_dir }}/trex-core-{{ item }}.tar.gz" - validate_certs: False - mode: 0644 +- name: Deploy Multiple T-Rex Versions + include_tasks: deploy_block.yaml loop: "{{ trex_version }}" - register: trex_downloaded tags: - - install-trex - -- name: T-Rex - Ensure Directory Exists - file: - path: "{{ trex_target_dir }}/trex-core-{{ item }}" - state: "directory" - loop: "{{ trex_version }}" - tags: - - install-trex - -- name: T-Rex - Extract Release Archive - unarchive: - remote_src: true - src: "{{ trex_target_dir }}/trex-core-{{ item }}.tar.gz" - dest: "{{ trex_target_dir }}/" - creates: "{{ trex_target_dir }}/trex-core-{{ item }}/linux_dpdk/" - loop: "{{ trex_version }}" - register: trex_extracted - tags: - - install-trex - -- name: T-Rex - Azure patch I - patch: - src: "files/t-rex.patch" - basedir: "{{ trex_target_dir }}/trex-core-{{ item }}" - strip: 1 - loop: "{{ trex_version }}" - when: - - azure is defined and "{{ item }}" == "2.73" - tags: - - install-trex - -- name: T-Rex - Compile Release I - command: "./b configure" - args: - chdir: "{{ trex_target_dir }}/trex-core-{{ item }}/linux_dpdk/" - loop: "{{ trex_version }}" - when: trex_extracted - tags: - - install-trex - -- name: T-Rex - Compile Release II - command: "./b build" - args: - chdir: "{{ trex_target_dir }}/trex-core-{{ item }}/linux_dpdk/" - loop: "{{ trex_version }}" - when: trex_extracted - tags: - - install-trex - -- name: T-Rex - Compile Release III - command: "make -j 16" - args: - chdir: "{{ trex_target_dir }}/trex-core-{{ item }}/scripts/ko/src" - loop: "{{ trex_version }}" - when: trex_extracted - tags: - - install-trex - -- name: T-Rex - Compile Release IV - command: "make install" - args: - chdir: "{{ trex_target_dir }}/trex-core-{{ item }}/scripts/ko/src" - loop: "{{ trex_version }}" - when: trex_extracted - tags: - - install-trex + - install-trex
\ No newline at end of file |