| package com.mirantis.mk |
| /** |
| * Orchestration functions |
| * |
| */ |
| |
| /** |
| * Function runs Salt states to check infra |
| * @param master Salt Connection object or pepperEnv |
| * @param extra_tgt Extra target - adds ability to address commands using extra targeting to different clouds, e.g.: salt -C 'I@keystone:server and *ogrudev-deploy-heat-os-ha-ovs-82*' ... |
| */ |
| def validateFoundationInfra(master, extra_tgt = '') { |
| def salt = new com.mirantis.mk.Salt() |
| |
| salt.cmdRun(master, "I@salt:master ${extra_tgt}" ,'salt-key') |
| salt.runSaltProcessStep(master, "I@salt:minion ${extra_tgt}", 'test.version') |
| salt.cmdRun(master, "I@salt:master ${extra_tgt}" ,'reclass-salt --top') |
| salt.runSaltProcessStep(master, "I@reclass:storage ${extra_tgt}", 'reclass.inventory') |
| salt.runSaltProcessStep(master, "I@salt:minion ${extra_tgt}", 'state.show_top') |
| } |
| |
| def installFoundationInfra(master, staticMgmtNet=false, extra_tgt = '') { |
| def salt = new com.mirantis.mk.Salt() |
| def common = new com.mirantis.mk.Common() |
| |
| // NOTE(vsaienko) Apply reclass first, it may update cluster model |
| // apply linux and salt.master salt.minion states afterwards to make sure |
| // correct cluster model is used. |
| salt.enforceState(master, "I@salt:master ${extra_tgt}", ['reclass']) |
| |
| salt.enforceState(master, "I@salt:master ${extra_tgt}", ['linux.system']) |
| salt.enforceState(master, "I@salt:master ${extra_tgt}", ['salt.master'], true, false, null, false, 120, 2) |
| salt.fullRefresh(master, "* ${extra_tgt}") |
| |
| salt.enforceState(master, "I@salt:master ${extra_tgt}", ['salt.minion'], true, false, null, false, 60, 2) |
| salt.enforceState(master, "I@salt:master ${extra_tgt}", ['salt.minion']) |
| salt.fullRefresh(master, "* ${extra_tgt}") |
| salt.enforceState(master, "* ${extra_tgt}", ['linux.network.proxy'], true, false, null, false, 60, 2) |
| // Make sure all repositories are in place before proceeding with package installation from other states |
| salt.enforceState(master, "* ${extra_tgt}", ['linux.system.repo'], true, false, null, false, 60, 2) |
| try { |
| salt.enforceState(master, "* ${extra_tgt}", ['salt.minion.base'], true, false, null, false, 60, 2) |
| sleep(5) |
| } catch (Throwable e) { |
| common.warningMsg('Salt state salt.minion.base is not present in the Salt-formula yet.') |
| } |
| common.retry(2,5){ |
| salt.enforceState(master, "* ${extra_tgt}", ['linux.system']) |
| } |
| if (staticMgmtNet) { |
| salt.runSaltProcessStep(master, "* ${extra_tgt}", 'cmd.shell', ["salt-call state.sls linux.network; salt-call service.restart salt-minion"], null, true, 60) |
| } |
| common.retry(2,5){ |
| salt.enforceState(master, "I@linux:network:interface ${extra_tgt}", ['linux.network.interface']) |
| } |
| sleep(5) |
| salt.enforceState(master, "I@linux:system ${extra_tgt}", ['linux', 'openssh', 'ntp', 'rsyslog']) |
| |
| if (salt.testTarget(master, "I@octavia:manager ${extra_tgt}")) { |
| salt.enforceState(master, "I@octavia:manager ${extra_tgt}", 'salt.minion.ca') |
| |
| common.retry(3, 5) { |
| salt.enforceState(master, "I@octavia:manager ${extra_tgt}", 'salt.minion.cert') |
| } |
| } |
| |
| salt.enforceState(master, "* ${extra_tgt}", ['salt.minion'], true, false, null, false, 60, 2) |
| |
| sleep(5) |
| |
| salt.fullRefresh(master, "* ${extra_tgt}") |
| salt.runSaltProcessStep(master, "* ${extra_tgt}", 'mine.update', [], null, true) |
| salt.enforceState(master, "* ${extra_tgt}", ['linux.network.host']) |
| |
| // Install and configure iptables |
| salt.enforceStateWithTest(master, "I@iptables:service ${extra_tgt}", 'iptables') |
| |
| // Install and configure logrotate |
| salt.enforceStateWithTest(master, "I@logrotate:server ${extra_tgt}", 'logrotate') |
| |
| // Install and configure auditd |
| salt.enforceStateWithTest(master, "I@auditd:service ${extra_tgt}", 'auditd') |
| |
| // Install and configure openscap |
| salt.enforceStateWithTest(master, "I@openscap:service ${extra_tgt}", 'openscap') |
| } |
| |
| def installFoundationInfraOnTarget(master, target, staticMgmtNet=false, extra_tgt = '') { |
| def salt = new com.mirantis.mk.Salt() |
| def common = new com.mirantis.mk.Common() |
| |
| salt.enforceState(master, "I@salt:master ${extra_tgt}", ['reclass'], true, false, null, false, 120, 2) |
| salt.fullRefresh(master, target) |
| salt.enforceState(master, target, ['linux.network.proxy'], true, false, null, false, 60, 2) |
| try { |
| salt.enforceState(master, target, ['salt.minion.base'], true, false, null, false, 60, 2) |
| sleep(5) |
| } catch (Throwable e) { |
| common.warningMsg('Salt state salt.minion.base is not present in the Salt-formula yet.') |
| } |
| common.retry(2,5){ |
| salt.enforceState(master, target, ['linux.system']) |
| } |
| if (staticMgmtNet) { |
| salt.runSaltProcessStep(master, target, 'cmd.shell', ["salt-call state.sls linux.network; salt-call service.restart salt-minion"], null, true, 60) |
| } |
| salt.enforceState(master, target, ['salt.minion'], true, false, null, false, 60, 2) |
| salt.enforceState(master, target, ['salt.minion']) |
| salt.enforceState(master, target, ['linux.network.interface']) |
| sleep(5) |
| salt.enforceState(master, target, ['linux', 'openssh', 'ntp', 'rsyslog']) |
| sleep(5) |
| |
| salt.fullRefresh(master, target) |
| salt.runSaltProcessStep(master, target, 'mine.update', [], null, true) |
| salt.enforceState(master, target, ['linux.network.host']) |
| } |
| |
| def installInfraKvm(master, extra_tgt = '') { |
| def common = new com.mirantis.mk.Common() |
| def salt = new com.mirantis.mk.Salt() |
| def infra_compound = "I@salt:control ${extra_tgt}" |
| def minions = [] |
| def wait_timeout = 10 |
| def retries = wait_timeout * 30 |
| |
| salt.fullRefresh(master, "I@linux:system ${extra_tgt}") |
| salt.enforceState(master, "I@salt:control ${extra_tgt}", ['salt.minion'], true, false, null, false, 60, 2) |
| salt.enforceState(master, "I@salt:control ${extra_tgt}", ['linux.system', 'linux.network', 'ntp', 'rsyslog']) |
| salt.enforceState(master, "I@salt:control ${extra_tgt}", 'libvirt') |
| salt.enforceState(master, "I@salt:control ${extra_tgt}", 'salt.control') |
| |
| common.infoMsg("Building minions list...") |
| if (salt.testTarget(master, infra_compound)) { |
| // Gathering minions |
| for ( infra_node in salt.getMinionsSorted(master, infra_compound) ) { |
| def pillar = salt.getPillar(master, infra_node, 'salt:control:cluster') |
| if ( !pillar['return'].isEmpty() ) { |
| for ( cluster in pillar['return'][0].values() ) { |
| def engine = cluster.values()[0]['engine'] |
| def domain = cluster.values()[0]['domain'] |
| def node = cluster.values()[0]['node'] |
| if ( engine == "virt" ) { |
| def nodes = node.values() |
| if ( !nodes.isEmpty() ) { |
| for ( vm in nodes ) { |
| if ( vm['name'] != null ) { |
| def vm_fqdn = vm['name'] + '.' + domain |
| if ( !minions.contains(vm_fqdn) ) { |
| minions.add(vm_fqdn) |
| } |
| } |
| } |
| } |
| } |
| } |
| } |
| } |
| } |
| |
| def minions_compound = minions.join(' or ') |
| |
| common.infoMsg("Waiting for next minions to register within ${wait_timeout} minutes: " + minions_compound) |
| timeout(time: wait_timeout, unit: 'MINUTES') { |
| salt.minionsPresentFromList(master, "I@salt:master ${extra_tgt}", minions, true, null, true, retries, 1) |
| } |
| |
| common.infoMsg('Waiting for minions to respond') |
| timeout(time: wait_timeout, unit: 'MINUTES') { |
| salt.minionsReachable(master, "I@salt:master ${extra_tgt}", minions_compound) |
| } |
| |
| common.infoMsg("All minions are up.") |
| salt.fullRefresh(master, "* and not kvm* ${extra_tgt}") |
| |
| } |
| |
| def installInfra(master, extra_tgt = '') { |
| def common = new com.mirantis.mk.Common() |
| def salt = new com.mirantis.mk.Salt() |
| def first_target |
| |
| // Install glusterfs |
| if (salt.testTarget(master, "I@glusterfs:server ${extra_tgt}")) { |
| salt.enforceState(master, "I@glusterfs:server ${extra_tgt}", 'glusterfs.server.service') |
| |
| salt.enforceState(master, "I@glusterfs:server:role:primary ${extra_tgt}", 'glusterfs.server.setup', true, true, null, false, -1, 5) |
| sleep(10) |
| salt.cmdRun(master, "I@glusterfs:server ${extra_tgt}", "gluster peer status; gluster volume status") |
| } |
| |
| // Ensure glusterfs clusters is ready |
| salt.enforceStateWithTest(master, "I@glusterfs:client ${extra_tgt}", 'glusterfs.client', "", true, true, null, false, -1, 2) |
| |
| // Install galera |
| if (salt.testTarget(master, "I@galera:master ${extra_tgt}") || salt.testTarget(master, "I@galera:slave ${extra_tgt}")) { |
| salt.enforceState(master, "I@galera:master ${extra_tgt}", 'galera', true, true, null, false, -1, 2) |
| salt.enforceState(master, "I@galera:slave ${extra_tgt}", 'galera', true, true, null, false, -1, 2) |
| |
| // Check galera status |
| salt.runSaltProcessStep(master, "I@galera:master ${extra_tgt}", 'mysql.status') |
| salt.runSaltProcessStep(master, "I@galera:slave ${extra_tgt}", 'mysql.status') |
| // If galera is not enabled check if we need to install mysql:server |
| } else { |
| salt.enforceStateWithTest(master, "I@mysql:server ${extra_tgt}", 'mysql.server') |
| salt.enforceStateWithTest(master, "I@mysql:client ${extra_tgt}", 'mysql.client') |
| } |
| installBackup(master, 'mysql', extra_tgt) |
| |
| // Install docker |
| if (salt.testTarget(master, "I@docker:host ${extra_tgt}")) { |
| salt.enforceState(master, "I@docker:host ${extra_tgt}", 'docker.host', true, true, null, false, -1, 3) |
| salt.cmdRun(master, "I@docker:host and I@docker:host:enabled:true ${extra_tgt}", 'docker ps') |
| } |
| |
| // Install keepalived |
| if (salt.testTarget(master, "I@keepalived:cluster ${extra_tgt}")) { |
| first_target = salt.getFirstMinion(master, "I@keepalived:cluster ${extra_tgt}") |
| salt.enforceState(master, "${first_target} ${extra_tgt}", 'keepalived') |
| salt.enforceState(master, "I@keepalived:cluster ${extra_tgt}", 'keepalived') |
| } |
| |
| // Install rabbitmq |
| if (salt.testTarget(master, "I@rabbitmq:server ${extra_tgt}")) { |
| salt.enforceState(master, "I@rabbitmq:server ${extra_tgt}", 'rabbitmq', true, true, null, false, -1, 2) |
| |
| // Check the rabbitmq status |
| common.retry(3,5){ |
| salt.cmdRun(master, "I@rabbitmq:server ${extra_tgt}", 'rabbitmqctl cluster_status') |
| } |
| } |
| |
| // Install haproxy |
| if (salt.testTarget(master, "I@haproxy:proxy ${extra_tgt}")) { |
| salt.enforceState(master, "I@haproxy:proxy ${extra_tgt}", 'haproxy') |
| salt.runSaltProcessStep(master, "I@haproxy:proxy ${extra_tgt}", 'service.status', ['haproxy']) |
| salt.runSaltProcessStep(master, "I@haproxy:proxy ${extra_tgt}", 'service.restart', ['rsyslog']) |
| } |
| |
| // Install memcached |
| salt.enforceStateWithTest(master, "I@memcached:server ${extra_tgt}", 'memcached') |
| |
| // Install etcd |
| if (salt.testTarget(master, "I@etcd:server ${extra_tgt}")) { |
| salt.enforceState(master, "I@etcd:server ${extra_tgt}", 'etcd.server.service') |
| common.retry(3,5){ |
| salt.cmdRun(master, "I@etcd:server ${extra_tgt}", '. /var/lib/etcd/configenv && etcdctl cluster-health') |
| } |
| } |
| |
| // Install redis |
| if (salt.testTarget(master, "I@redis:server ${extra_tgt}")) { |
| salt.enforceStateWithTest(master, "I@redis:cluster:role:master ${extra_tgt}", 'redis') |
| salt.enforceState(master, "I@redis:server ${extra_tgt}", 'redis') |
| } |
| |
| // Install DNS services |
| if (salt.testTarget(master, "I@bind:server ${extra_tgt}")) { |
| salt.enforceState(master, "I@bind:server ${extra_tgt}", 'bind.server') |
| } |
| if (salt.testTarget(master, "I@powerdns:server ${extra_tgt}")) { |
| salt.enforceState(master, "I@powerdns:server ${extra_tgt}", 'powerdns.server') |
| } |
| |
| installBackup(master, 'common', extra_tgt) |
| } |
| |
| def installOpenstackInfra(master, extra_tgt = '') { |
| def common = new com.mirantis.mk.Common() |
| common.warningMsg("You calling orchestrate.installOpenstackInfra(). This function is deprecated please use orchestrate.installInfra() directly") |
| installInfra(master, extra_tgt) |
| } |
| |
| |
| def installOpenstackControl(master, extra_tgt = '') { |
| def salt = new com.mirantis.mk.Salt() |
| def common = new com.mirantis.mk.Common() |
| def first_target |
| |
| // Install horizon dashboard |
| salt.enforceStateWithTest(master, "I@horizon:server ${extra_tgt}", 'horizon') |
| // Install sphinx server |
| salt.enforceStateWithTest(master, "I@sphinx:server ${extra_tgt}", 'sphinx') |
| salt.enforceStateWithTest(master, "I@nginx:server ${extra_tgt}", 'salt.minion') |
| salt.enforceStateWithTest(master, "I@nginx:server ${extra_tgt}", 'nginx') |
| |
| // setup keystone service |
| if (salt.testTarget(master, "I@keystone:server ${extra_tgt}")) { |
| salt.enforceState(master, "I@keystone:server:role:primary ${extra_tgt}", 'keystone.server') |
| salt.enforceState(master, "I@keystone:server ${extra_tgt}", 'keystone.server') |
| // populate keystone services/tenants/roles/users |
| |
| // keystone:client must be called locally |
| //salt.runSaltProcessStep(master, 'I@keystone:client', 'cmd.run', ['salt-call state.sls keystone.client'], null, true) |
| salt.runSaltProcessStep(master, "I@keystone:server ${extra_tgt}", 'service.restart', ['apache2']) |
| sleep(30) |
| } |
| if (salt.testTarget(master, "I@keystone:client ${extra_tgt}")) { |
| first_target = salt.getFirstMinion(master, "I@keystone:client ${extra_tgt}") |
| salt.enforceState(master, "${first_target} ${extra_tgt}", 'keystone.client') |
| salt.enforceState(master, "I@keystone:client ${extra_tgt}", 'keystone.client') |
| } |
| if (salt.testTarget(master, "I@keystone:server ${extra_tgt}")) { |
| common.retry(3,5){ |
| salt.cmdRun(master, "I@keystone:server ${extra_tgt}", '. /root/keystonercv3; openstack service list') |
| } |
| } |
| |
| // Install glance |
| salt.enforceStateWithTest(master, "I@glance:server:role:primary ${extra_tgt}", 'glance.server', "I@glance:server ${extra_tgt}") |
| salt.enforceStateWithTest(master, "I@glance:server ${extra_tgt}", 'glance.server') |
| |
| // Check glance service |
| if (salt.testTarget(master, "I@glance:server ${extra_tgt}")) { |
| common.retry(3,5){ |
| salt.cmdRun(master, "I@keystone:server ${extra_tgt}", '. /root/keystonercv3; glance image-list') |
| } |
| } |
| |
| // Create glance resources |
| salt.enforceStateWithTest(master, "I@glance:client ${extra_tgt}", 'glance.client') |
| |
| // Install and check nova service |
| // run on first node first |
| salt.enforceStateWithTest(master, "I@nova:controller:role:primary ${extra_tgt}", 'nova.controller', "I@nova:controller ${extra_tgt}") |
| salt.enforceStateWithTest(master, "I@nova:controller ${extra_tgt}", 'nova.controller') |
| if (salt.testTarget(master, "I@keystone:server and I@nova:controller ${extra_tgt}")) { |
| common.retry(3,5){ |
| salt.cmdRun(master, "I@keystone:server ${extra_tgt}", '. /root/keystonercv3; nova service-list') |
| } |
| } |
| |
| |
| // Create nova resources |
| salt.enforceStateWithTest(master, "I@nova:client ${extra_tgt}", 'nova.client') |
| |
| // Install and check cinder service |
| // run on first node first |
| salt.enforceStateWithTest(master, "I@cinder:controller:role:primary ${extra_tgt}", 'cinder', "I@cinder:controller ${extra_tgt}") |
| salt.enforceStateWithTest(master, "I@cinder:controller ${extra_tgt}", 'cinder') |
| if (salt.testTarget(master, "I@keystone:server and I@cinder:controller ${extra_tgt}")) { |
| common.retry(3,5){ |
| salt.cmdRun(master, "I@keystone:server ${extra_tgt}", '. /root/keystonercv3; cinder list') |
| } |
| } |
| |
| // Install neutron service |
| // run on first node first |
| salt.enforceStateWithTest(master, "I@neutron:server:role:primary ${extra_tgt}", 'neutron.server', "I@neutron:server ${extra_tgt}") |
| salt.enforceStateWithTest(master, "I@neutron:server ${extra_tgt}", 'neutron.server') |
| if (salt.testTarget(master, "I@keystone:server and I@neutron:server ${extra_tgt}")) { |
| common.retry(3,5){ |
| salt.cmdRun(master, "I@keystone:server ${extra_tgt}",'. /root/keystonercv3; neutron agent-list') |
| } |
| } |
| |
| // Install heat service |
| salt.enforceStateWithTest(master, "I@heat:server:role:primary ${extra_tgt}", 'heat', "I@heat:server ${extra_tgt}") |
| salt.enforceStateWithTest(master, "I@heat:server ${extra_tgt}", 'heat') |
| if (salt.testTarget(master, "I@keystone:server and I@heat:server ${extra_tgt}")) { |
| common.retry(3,5){ |
| salt.cmdRun(master, "I@keystone:server ${extra_tgt}", '. /root/keystonercv3; openstack orchestration resource type list') |
| } |
| } |
| |
| // Restart nova api |
| if (salt.testTarget(master, "I@nova:controller ${extra_tgt}")) { |
| salt.runSaltProcessStep(master, "I@nova:controller ${extra_tgt}", 'service.restart', ['nova-api']) |
| } |
| |
| // Install ironic service |
| salt.enforceStateWithTest(master, "I@ironic:api:role:primary ${extra_tgt}", 'ironic.api', "I@ironic:api ${extra_tgt}") |
| salt.enforceStateWithTest(master, "I@ironic:api ${extra_tgt}", 'ironic.api') |
| |
| // Install manila service |
| salt.enforceStateWithTest(master, "I@manila:api:role:primary ${extra_tgt}", 'manila.api', "I@manila:api ${extra_tgt}") |
| salt.enforceStateWithTest(master, "I@manila:api ${extra_tgt}", 'manila.api') |
| salt.enforceStateWithTest(master, "I@manila:scheduler ${extra_tgt}", 'manila.scheduler') |
| |
| // Install designate services |
| if (salt.testTarget(master, "I@designate:server:enabled ${extra_tgt}")) { |
| salt.enforceState(master, "I@designate:server:role:primary ${extra_tgt}", 'designate.server') |
| salt.enforceState(master, "I@designate:server ${extra_tgt}", 'designate') |
| } |
| |
| // Install octavia api service |
| salt.enforceStateWithTest(master, "I@octavia:api:role:primary ${extra_tgt}", 'octavia.api', "I@octavia:api ${extra_tgt}") |
| salt.enforceStateWithTest(master, "I@octavia:api ${extra_tgt}", 'octavia.api') |
| |
| // Install DogTag server service |
| salt.enforceStateWithTest(master, "I@dogtag:server:role:master ${extra_tgt}", 'dogtag.server', "I@dogtag:server ${extra_tgt}") |
| salt.enforceStateWithTest(master, "I@dogtag:server ${extra_tgt}", 'dogtag.server') |
| |
| // Install barbican server service |
| salt.enforceStateWithTest(master, "I@barbican:server:role:primary ${extra_tgt}", 'barbican.server', "I@barbican:server ${extra_tgt}") |
| salt.enforceStateWithTest(master, "I@barbican:server ${extra_tgt}", 'barbican.server') |
| |
| // Install barbican client |
| salt.enforceStateWithTest(master, "I@barbican:client ${extra_tgt}", 'barbican.client') |
| |
| // Install gnocchi server |
| salt.enforceStateWithTest(master, "I@gnocchi:server:role:primary ${extra_tgt}", 'gnocchi.server', "I@gnocchi:server ${extra_tgt}") |
| salt.enforceStateWithTest(master, "I@gnocchi:server ${extra_tgt}", 'gnocchi.server') |
| |
| // Apply gnocchi client state to create gnocchi archive policies, due to possible |
| // races, apply on the first node initially |
| if (salt.testTarget(master, "I@gnocchi:client ${extra_tgt}")) { |
| first_target = salt.getFirstMinion(master, "I@gnocchi:client ${extra_tgt}") |
| salt.enforceState(master, "${first_target} ${extra_tgt}", 'gnocchi.client') |
| salt.enforceState(master, "I@gnocchi:client ${extra_tgt}", 'gnocchi.client') |
| } |
| |
| // Install gnocchi statsd |
| if (salt.testTarget(master, "I@gnocchi:statsd ${extra_tgt}")) { |
| first_target = salt.getFirstMinion(master, "I@gnocchi:statsd ${extra_tgt}") |
| salt.enforceState(master, "${first_target} ${extra_tgt}", 'gnocchi.statsd') |
| salt.enforceState(master, "I@gnocchi:statsd ${extra_tgt}", 'gnocchi.statsd') |
| } |
| |
| // Install panko server |
| if (salt.testTarget(master, "I@panko:server ${extra_tgt}")) { |
| first_target = salt.getFirstMinion(master, "I@panko:server ${extra_tgt}") |
| salt.enforceState(master, "${first_target} ${extra_tgt}", 'panko') |
| salt.enforceState(master, "I@panko:server ${extra_tgt}", 'panko') |
| } |
| |
| // Install ceilometer server |
| salt.enforceStateWithTest(master, "I@ceilometer:server:role:primary ${extra_tgt}", 'ceilometer', "I@ceilometer:server ${extra_tgt}") |
| salt.enforceStateWithTest(master, "I@ceilometer:server ${extra_tgt}", 'ceilometer') |
| |
| // Install aodh server |
| if (salt.testTarget(master, "I@aodh:server ${extra_tgt}")) { |
| first_target = salt.getFirstMinion(master, "I@aodh:server ${extra_tgt}") |
| salt.enforceState(master, "${first_target} ${extra_tgt}", 'aodh') |
| salt.enforceState(master, "I@aodh:server ${extra_tgt}", 'aodh') |
| } |
| } |
| |
| |
| def installIronicConductor(master, extra_tgt = ''){ |
| def salt = new com.mirantis.mk.Salt() |
| |
| salt.enforceStateWithTest(master, "I@ironic:conductor ${extra_tgt}", 'ironic.conductor') |
| salt.enforceStateWithTest(master, "I@ironic:conductor ${extra_tgt}", 'apache') |
| salt.enforceStateWithTest(master, "I@tftpd_hpa:server ${extra_tgt}", 'tftpd_hpa') |
| |
| if (salt.testTarget(master, "I@nova:compute ${extra_tgt}")) { |
| salt.runSaltProcessStep(master, "I@nova:compute ${extra_tgt}", 'service.restart', ['nova-compute']) |
| } |
| |
| salt.enforceStateWithTest(master, "I@baremetal_simulator:enabled ${extra_tgt}", 'baremetal_simulator') |
| salt.enforceStateWithTest(master, "I@ironic:client ${extra_tgt}", 'ironic.client') |
| } |
| |
| def installManilaShare(master, extra_tgt = ''){ |
| def salt = new com.mirantis.mk.Salt() |
| |
| salt.enforceStateWithTest(master, "I@manila:share ${extra_tgt}", 'manila.share') |
| salt.enforceStateWithTest(master, "I@manila:data ${extra_tgt}", 'manila.data') |
| salt.enforceStateWithTest(master, "I@manila:client ${extra_tgt}", 'manila.client') |
| } |
| |
| |
| def installOpenstackNetwork(master, extra_tgt = '') { |
| def salt = new com.mirantis.mk.Salt() |
| def common = new com.mirantis.mk.Common() |
| //run full neutron state on neutron.gateway - this will install |
| //neutron agents in addition to neutron server. Once neutron agents |
| //are up neutron resources can be created without hitting the situation when neutron resources are created |
| //prior to neutron agents which results in creating ports in non-usable state |
| salt.enforceStateWithTest(master, "I@neutron:gateway ${extra_tgt}", 'neutron') |
| |
| // Create neutron resources - this step was moved here to ensure that |
| //neutron resources are created after neutron agens are up. In this case neutron ports will be in |
| //usable state. More information: https://bugs.launchpad.net/neutron/+bug/1399249 |
| salt.enforceStateWithTest(master, "I@neutron:client ${extra_tgt}", 'neutron.client') |
| |
| salt.enforceHighstate(master, "I@neutron:gateway ${extra_tgt}") |
| |
| // install octavia manager services |
| if (salt.testTarget(master, "I@octavia:manager ${extra_tgt}")) { |
| salt.runSaltProcessStep(master, "I@neutron:client ${extra_tgt}", 'mine.update') |
| salt.enforceState(master, "I@octavia:manager ${extra_tgt}", 'octavia.manager') |
| salt.enforceState(master, "I@octavia:manager ${extra_tgt}", 'salt.minion.ca') |
| common.retry(2, 5) { |
| salt.enforceState(master, "I@octavia:manager ${extra_tgt}", 'salt.minion.cert') |
| } |
| salt.enforceState(master, "I@octavia:client ${extra_tgt}", 'octavia.client') |
| } |
| } |
| |
| |
| def installOpenstackCompute(master, extra_tgt = '') { |
| def salt = new com.mirantis.mk.Salt() |
| def common = new com.mirantis.mk.Common() |
| // Configure compute nodes |
| def compute_compound = "I@nova:compute ${extra_tgt}" |
| if (salt.testTarget(master, compute_compound)) { |
| // In case if infrastructure nodes are used as nova computes too |
| def gluster_compound = "I@glusterfs:server ${extra_tgt}" |
| def salt_ca_compound = "I@salt:minion:ca:salt_master_ca ${extra_tgt}" |
| // Enforce highstate asynchronous only on compute nodes which are not glusterfs and not salt ca servers |
| def hightstateTarget = "${compute_compound} and not ${gluster_compound} and not ${salt_ca_compound}" |
| if (salt.testTarget(master, hightstateTarget)) { |
| retry(2) { |
| salt.enforceHighstate(master, hightstateTarget) |
| } |
| } else { |
| common.infoMsg("No minions matching highstate target found for target ${hightstateTarget}") |
| } |
| // Iterate through salt ca servers and check if they have compute role |
| // TODO: switch to batch once salt 2017.7+ would be used |
| common.infoMsg("Checking whether ${salt_ca_compound} minions have ${compute_compound} compound") |
| for ( target in salt.getMinionsSorted(master, salt_ca_compound) ) { |
| for ( cmp_target in salt.getMinionsSorted(master, compute_compound) ) { |
| if ( target == cmp_target ) { |
| // Enforce highstate one by one on salt ca servers which are compute nodes |
| retry(2) { |
| salt.enforceHighstate(master, target) |
| } |
| } |
| } |
| } |
| // Iterate through glusterfs servers and check if they have compute role |
| // TODO: switch to batch once salt 2017.7+ would be used |
| common.infoMsg("Checking whether ${gluster_compound} minions have ${compute_compound} compound") |
| for ( target in salt.getMinionsSorted(master, gluster_compound) ) { |
| for ( cmp_target in salt.getMinionsSorted(master, compute_compound) ) { |
| if ( target == cmp_target ) { |
| // Enforce highstate one by one on glusterfs servers which are compute nodes |
| retry(2) { |
| salt.enforceHighstate(master, target) |
| } |
| } |
| } |
| } |
| } |
| |
| // Run nova:controller to map cmp with cells |
| salt.enforceState(master, "I@nova:controller:role:primary ${extra_tgt}", 'nova.controller', "I@nova:controller ${extra_tgt}") |
| } |
| |
| |
| def installContrailNetwork(master, extra_tgt = '') { |
| def common = new com.mirantis.mk.Common() |
| def salt = new com.mirantis.mk.Salt() |
| def first_target |
| |
| // Install opencontrail database services |
| first_target = salt.getFirstMinion(master, "I@opencontrail:database ${extra_tgt}") |
| salt.enforceState(master, "${first_target} ${extra_tgt}", 'opencontrail.database') |
| salt.enforceState(master, "I@opencontrail:database ${extra_tgt}", 'opencontrail.database') |
| |
| // Install opencontrail control services |
| first_target = salt.getFirstMinion(master, "I@opencontrail:control ${extra_tgt}") |
| salt.enforceStateWithExclude(master, "${first_target} ${extra_tgt}", "opencontrail", "opencontrail.client") |
| salt.enforceStateWithExclude(master, "I@opencontrail:control ${extra_tgt}", "opencontrail", "opencontrail.client") |
| first_target = salt.getFirstMinion(master, "I@opencontrail:collector ${extra_tgt}") |
| salt.enforceStateWithExclude(master, "${first_target} ${extra_tgt}", "opencontrail", "opencontrail.client") |
| salt.enforceStateWithExclude(master, "I@opencontrail:collector ${extra_tgt}", "opencontrail", "opencontrail.client") |
| |
| salt.enforceStateWithTest(master, "( I@opencontrail:control or I@opencontrail:collector ) ${extra_tgt}", 'docker.client', "I@docker:client and I@opencontrail:control ${extra_tgt}") |
| // NOTE(ivasilevskaya) call to installBackup here has been removed as it breaks deployment if done before computes are deployed |
| } |
| |
| |
| def installContrailCompute(master, extra_tgt = '') { |
| def salt = new com.mirantis.mk.Salt() |
| def common = new com.mirantis.mk.Common() |
| // Configure compute nodes |
| // Provision opencontrail control services |
| salt.enforceState(master, "I@opencontrail:database:id:1 ${extra_tgt}", 'opencontrail.client') |
| // Provision opencontrail virtual routers |
| |
| // Generate script /usr/lib/contrail/if-vhost0 for up vhost0 |
| if (salt.testTarget(master, "I@opencontrail:compute ${extra_tgt}")) { |
| salt.enforceStateWithExclude(master, "I@opencontrail:compute ${extra_tgt}", "opencontrail", "opencontrail.client") |
| } |
| |
| if (salt.testTarget(master, "I@nova:compute ${extra_tgt}")) { |
| salt.cmdRun(master, "I@nova:compute ${extra_tgt}", 'exec 0>&-; exec 1>&-; exec 2>&-; nohup bash -c "ip link | grep vhost && echo no_reboot || sleep 5 && reboot & "', false) |
| } |
| |
| sleep(300) |
| salt.enforceStateWithTest(master, "I@opencontrail:compute ${extra_tgt}", 'opencontrail.client') |
| salt.enforceStateWithTest(master, "I@opencontrail:compute ${extra_tgt}", 'opencontrail') |
| } |
| |
| |
| def installKubernetesInfra(master, extra_tgt = '') { |
| def common = new com.mirantis.mk.Common() |
| common.warningMsg("You calling orchestrate.installKubernetesInfra(). This function is deprecated please use orchestrate.installInfra() directly") |
| installInfra(master, extra_tgt) |
| } |
| |
| |
| def installKubernetesControl(master, extra_tgt = '') { |
| def salt = new com.mirantis.mk.Salt() |
| def first_target |
| salt.fullRefresh(master, "* ${extra_tgt}") |
| |
| // Bootstrap all nodes |
| salt.enforceState(master, "I@kubernetes:master ${extra_tgt}", 'linux') |
| salt.enforceState(master, "I@kubernetes:master ${extra_tgt}", 'salt.minion') |
| salt.enforceState(master, "I@kubernetes:master ${extra_tgt}", ['openssh', 'ntp']) |
| |
| // Create and distribute SSL certificates for services using salt state |
| salt.enforceState(master, "I@kubernetes:master ${extra_tgt}", 'salt.minion.cert') |
| |
| // Install docker |
| salt.enforceState(master, "I@docker:host ${extra_tgt}", 'docker.host') |
| |
| // If network engine is not opencontrail, run addons state for kubernetes |
| if (!salt.getPillar(master, "I@kubernetes:master ${extra_tgt}", 'kubernetes:master:network:opencontrail:enabled')) { |
| salt.enforceState(master, "I@kubernetes:master ${extra_tgt}", 'kubernetes.master.kube-addons') |
| } |
| |
| // Install Kubernetes pool and Calico |
| salt.enforceState(master, "I@kubernetes:master ${extra_tgt}", 'kubernetes.pool') |
| |
| if (salt.testTarget(master, "I@etcd:server:setup ${extra_tgt}")) { |
| // Setup etcd server |
| first_target = salt.getFirstMinion(master, "I@kubernetes:master ${extra_tgt}") |
| salt.enforceState(master, "${first_target} ${extra_tgt}", 'etcd.server.setup') |
| } |
| |
| // Run k8s master at *01* to simplify namespaces creation |
| first_target = salt.getFirstMinion(master, "I@kubernetes:master ${extra_tgt}") |
| |
| // If network engine is opencontrail, run master state for kubernetes without kube-addons |
| // The kube-addons state will be called later only in case of opencontrail |
| if (salt.getPillar(master, "I@kubernetes:master ${extra_tgt}", 'kubernetes:master:network:opencontrail:enabled')) { |
| // Run k8s on first node without master.setup and master.kube-addons |
| salt.enforceStateWithExclude(master, "${first_target} ${extra_tgt}", "kubernetes.master", "kubernetes.master.setup,kubernetes.master.kube-addons") |
| // Run k8s without master.setup and master.kube-addons |
| salt.enforceStateWithExclude(master, "I@kubernetes:master ${extra_tgt}", "kubernetes", "kubernetes.master.setup,kubernetes.master.kube-addons") |
| } else { |
| // Run k8s on first node without master.setup and master.kube-addons |
| salt.enforceStateWithExclude(master, "${first_target} ${extra_tgt}", "kubernetes.master", "kubernetes.master.setup") |
| // Run k8s without master.setup |
| salt.enforceStateWithExclude(master, "I@kubernetes:master ${extra_tgt}", "kubernetes", "kubernetes.master.setup") |
| } |
| |
| // Run k8s master setup |
| salt.enforceState(master, "I@kubernetes:master ${extra_tgt}", 'kubernetes.master.setup') |
| |
| // Restart kubelet |
| salt.runSaltProcessStep(master, "I@kubernetes:master ${extra_tgt}", 'service.restart', ['kubelet']) |
| } |
| |
| |
| def installKubernetesCompute(master, extra_tgt = '') { |
| def salt = new com.mirantis.mk.Salt() |
| salt.fullRefresh(master, "*") |
| |
| // Bootstrap all nodes |
| salt.enforceState(master, "I@kubernetes:pool and not I@kubernetes:master ${extra_tgt}", 'linux') |
| salt.enforceState(master, "I@kubernetes:pool and not I@kubernetes:master ${extra_tgt}", 'salt.minion') |
| salt.enforceState(master, "I@kubernetes:pool and not I@kubernetes:master ${extra_tgt}", ['openssh', 'ntp']) |
| |
| // Create and distribute SSL certificates for services using salt state |
| salt.enforceState(master, "I@kubernetes:pool and not I@kubernetes:master ${extra_tgt}", 'salt.minion.cert') |
| |
| // Install docker |
| salt.enforceState(master, "I@docker:host ${extra_tgt}", 'docker.host') |
| |
| // Install Kubernetes and Calico |
| salt.enforceState(master, "I@kubernetes:pool and not I@kubernetes:master ${extra_tgt}", 'kubernetes.pool') |
| |
| // Install Tiller and all configured releases |
| salt.enforceStateWithTest(master, "I@helm:client ${extra_tgt}", 'helm') |
| salt.runSaltProcessStep(master, "I@kubernetes:pool and not I@kubernetes:master ${extra_tgt}", 'service.restart', ['kubelet']) |
| } |
| |
| |
| def installDockerSwarm(master, extra_tgt = '') { |
| def salt = new com.mirantis.mk.Salt() |
| |
| //Install and Configure Docker |
| if (salt.testTarget(master, "I@docker:swarm ${extra_tgt}")) { |
| salt.enforceState(master, "I@docker:swarm ${extra_tgt}", 'docker.host') |
| salt.enforceState(master, "I@docker:swarm:role:master ${extra_tgt}", 'docker.swarm') |
| salt.enforceState(master, "I@docker:swarm ${extra_tgt}", 'salt.minion.grains') |
| salt.runSaltProcessStep(master, "I@docker:swarm ${extra_tgt}", 'mine.update') |
| salt.runSaltProcessStep(master, "I@docker:swarm ${extra_tgt}", 'saltutil.refresh_modules') |
| sleep(5) |
| salt.enforceState(master, "I@docker:swarm:role:master ${extra_tgt}", 'docker.swarm') |
| salt.enforceStateWithTest(master, "I@docker:swarm:role:manager ${extra_tgt}", 'docker.swarm') |
| sleep(10) |
| salt.cmdRun(master, "I@docker:swarm:role:master ${extra_tgt}", 'docker node ls') |
| } |
| } |
| |
| // Setup addons for kubernetes - For OpenContrail network engine |
| // Use after compute nodes are ready, because K8s addons like DNS should be placed on cmp nodes |
| def setupKubeAddonForContrail(master, extra_tgt = '') { |
| def salt = new com.mirantis.mk.Salt() |
| |
| if (salt.getPillar(master, "I@kubernetes:master ${extra_tgt}", 'kubernetes:master:network:opencontrail:enabled')){ |
| // Setup Addons for Kubernetes only in case of OpenContrail is used as neteork engine |
| salt.enforceState(master, "I@kubernetes:master ${extra_tgt}", 'kubernetes.master.kube-addons') |
| } |
| } |
| |
| def installCicd(master, extra_tgt = '') { |
| def salt = new com.mirantis.mk.Salt() |
| def common = new com.mirantis.mk.Common() |
| def gerrit_compound = "I@gerrit:client and ci* ${extra_tgt}" |
| def jenkins_compound = "I@jenkins:client and ci* ${extra_tgt}" |
| |
| salt.fullRefresh(master, gerrit_compound) |
| salt.fullRefresh(master, jenkins_compound) |
| |
| salt.enforceState(master, "I@docker:swarm:role:master and I@jenkins:client ${extra_tgt}", 'docker.client', true, true, null, false, -1, 2) |
| |
| // API timeout in minutes |
| def wait_timeout = 10 |
| |
| // Gerrit |
| def gerrit_master_url = salt.getPillar(master, gerrit_compound, '_param:gerrit_master_url') |
| |
| if(!gerrit_master_url['return'].isEmpty()) { |
| gerrit_master_url = gerrit_master_url['return'][0].values()[0] |
| } else { |
| gerrit_master_url = '' |
| } |
| |
| if (gerrit_master_url != '') { |
| common.infoMsg('Gerrit master url "' + gerrit_master_url + '" retrieved at _param:gerrit_master_url') |
| } else { |
| |
| common.infoMsg('Gerrit master url could not be retrieved at _param:gerrit_master_url. Falling back to gerrit pillar') |
| |
| def gerrit_host |
| def gerrit_http_port |
| def gerrit_http_scheme |
| |
| def host_pillar = salt.getPillar(master, gerrit_compound, 'gerrit:client:server:host') |
| gerrit_host = salt.getReturnValues(host_pillar) |
| |
| def port_pillar = salt.getPillar(master, gerrit_compound, 'gerrit:client:server:http_port') |
| gerrit_http_port = salt.getReturnValues(port_pillar) |
| |
| def scheme_pillar = salt.getPillar(master, gerrit_compound, 'gerrit:client:server:protocol') |
| gerrit_http_scheme = salt.getReturnValues(scheme_pillar) |
| |
| gerrit_master_url = gerrit_http_scheme + '://' + gerrit_host + ':' + gerrit_http_port |
| |
| } |
| |
| timeout(wait_timeout) { |
| common.infoMsg('Waiting for Gerrit to come up..') |
| def check_gerrit_cmd = 'while true; do curl -sI -m 3 -o /dev/null -w' + " '" + '%{http_code}' + "' " + gerrit_master_url + '/ | grep 200 && break || sleep 1; done' |
| salt.cmdRun(master, gerrit_compound, 'timeout ' + (wait_timeout*60+3) + ' /bin/sh -c -- ' + '"' + check_gerrit_cmd + '"') |
| } |
| |
| // Jenkins |
| def jenkins_master_url_pillar = salt.getPillar(master, jenkins_compound, '_param:jenkins_master_url') |
| jenkins_master_url = salt.getReturnValues(jenkins_master_url_pillar) |
| |
| timeout(wait_timeout) { |
| common.infoMsg('Waiting for Jenkins to come up..') |
| def check_jenkins_cmd = 'while true; do curl -sI -m 3 -o /dev/null -w' + " '" + '%{http_code}' + "' " + jenkins_master_url + '/whoAmI/ | grep 200 && break || sleep 1; done' |
| salt.cmdRun(master, jenkins_compound, 'timeout ' + (wait_timeout*60+3) + ' /bin/sh -c -- ' + '"' + check_jenkins_cmd + '"') |
| } |
| |
| salt.enforceStateWithTest(master, "I@openldap:client ${extra_tgt}", 'openldap', "", true, true, null, false, -1, 2) |
| |
| salt.enforceStateWithTest(master, "I@python:environment ${extra_tgt}", 'python') |
| |
| withEnv(['ASK_ON_ERROR=false']){ |
| retry(2){ |
| try{ |
| salt.enforceState(master, "I@gerrit:client ${extra_tgt}", 'gerrit') |
| }catch(e){ |
| salt.fullRefresh(master, "I@gerrit:client ${extra_tgt}") |
| throw e //rethrow for retry handler |
| } |
| } |
| retry(2){ |
| try{ |
| salt.enforceState(master, "I@jenkins:client ${extra_tgt}", 'jenkins') |
| }catch(e){ |
| salt.fullRefresh(master, "I@jenkins:client ${extra_tgt}") |
| throw e //rethrow for retry handler |
| } |
| } |
| } |
| } |
| |
| |
| def installStacklight(master, extra_tgt = '') { |
| def common = new com.mirantis.mk.Common() |
| def salt = new com.mirantis.mk.Salt() |
| def retries_wait = 20 |
| def retries = 15 |
| def first_target |
| |
| // Install core services for K8S environments: |
| // HAProxy, Nginx and glusterFS clients. |
| // glusterFS clients must be first one, since nginx should store certs on it. |
| // In case of OpenStack, those are already installed |
| if (common.checkContains('STACK_INSTALL', 'k8s')) { |
| salt.enforceStateWithTest(master, "I@glusterfs:client ${extra_tgt}", 'glusterfs.client', "", true, true, null, false, -1, 2) |
| common.retry(3, 5){ |
| salt.enforceState(master, "I@nginx:server ${extra_tgt}", 'salt.minion.cert') |
| } |
| |
| salt.enforceState(master, "I@haproxy:proxy ${extra_tgt}", 'haproxy') |
| salt.runSaltProcessStep(master, "I@haproxy:proxy ${extra_tgt}", 'service.status', ['haproxy']) |
| |
| salt.enforceStateWithTest(master, "I@nginx:server ${extra_tgt}", 'nginx') |
| } |
| |
| // Install MongoDB for Alerta |
| if (salt.testTarget(master, "I@mongodb:server ${extra_tgt}")) { |
| salt.enforceState(master, "I@mongodb:server ${extra_tgt}", 'mongodb.server') |
| |
| // Initialize mongodb replica set |
| common.retry(5,20){ |
| salt.enforceState(master, "I@mongodb:server ${extra_tgt}", 'mongodb.cluster') |
| } |
| } |
| |
| //Install Telegraf |
| salt.enforceState(master, "( I@telegraf:agent or I@telegraf:remote_agent ) ${extra_tgt}", 'telegraf') |
| |
| // Install Prometheus exporters |
| salt.enforceStateWithTest(master, "I@prometheus:exporters ${extra_tgt}", 'prometheus') |
| |
| //Install Elasticsearch and Kibana |
| if (salt.testTarget(master, "I@elasticsearch:server:enabled:true ${extra_tgt}")) { |
| first_target = salt.getFirstMinion(master, "I@elasticsearch:server:enabled:true ${extra_tgt}") |
| salt.enforceState(master, "${first_target} ${extra_tgt}", 'elasticsearch.server') |
| } |
| salt.enforceStateWithTest(master, "I@elasticsearch:server:enabled:true ${extra_tgt}", 'elasticsearch.server') |
| if (salt.testTarget(master, "I@kibana:server:enabled:true ${extra_tgt}")) { |
| first_target = salt.getFirstMinion(master, "I@kibana:server:enabled:true ${extra_tgt}") |
| salt.enforceState(master, "${first_target} ${extra_tgt}", 'kibana.server') |
| } |
| salt.enforceStateWithTest(master, "I@kibana:server:enabled:true ${extra_tgt}", 'kibana.server') |
| |
| // Check ES health cluster status |
| def pillar = salt.getPillar(master, "I@elasticsearch:client ${extra_tgt}", 'elasticsearch:client:server:host') |
| def elasticsearch_vip |
| if(!pillar['return'].isEmpty()) { |
| elasticsearch_vip = pillar['return'][0].values()[0] |
| } else { |
| common.errorMsg('[ERROR] Elasticsearch VIP address could not be retrieved') |
| } |
| pillar = salt.getPillar(master, "I@elasticsearch:client ${extra_tgt}", 'elasticsearch:client:server:port') |
| def elasticsearch_port |
| if(!pillar['return'].isEmpty()) { |
| elasticsearch_port = pillar['return'][0].values()[0] |
| } else { |
| common.errorMsg('[ERROR] Elasticsearch VIP port could not be retrieved') |
| } |
| common.retry(retries,retries_wait) { |
| common.infoMsg('Waiting for Elasticsearch to become green..') |
| salt.cmdRun(master, "I@elasticsearch:client ${extra_tgt}", "curl -sf ${elasticsearch_vip}:${elasticsearch_port}/_cat/health | awk '{print \$4}' | grep green") |
| } |
| |
| common.retry(retries,retries_wait) { |
| salt.enforceState(master, "I@elasticsearch:client ${extra_tgt}", 'elasticsearch.client') |
| } |
| |
| common.retry(retries,retries_wait) { |
| salt.enforceState(master, "I@kibana:client ${extra_tgt}", 'kibana.client') |
| } |
| |
| //Install InfluxDB |
| if (salt.testTarget(master, "I@influxdb:server ${extra_tgt}")) { |
| first_target = salt.getFirstMinion(master, "I@influxdb:server ${extra_tgt}") |
| salt.enforceState(master, "${first_target} ${extra_tgt}", 'influxdb') |
| salt.enforceState(master, "I@influxdb:server ${extra_tgt}", 'influxdb') |
| } |
| |
| // Install service for the log collection |
| if (salt.testTarget(master, "I@fluentd:agent ${extra_tgt}")) { |
| salt.enforceState(master, "I@fluentd:agent ${extra_tgt}", 'fluentd') |
| } else { |
| salt.enforceState(master, "I@heka:log_collector ${extra_tgt}", 'heka.log_collector') |
| } |
| |
| // Install heka ceilometer collector |
| if (salt.testTarget(master, "I@heka:ceilometer_collector:enabled ${extra_tgt}")) { |
| salt.enforceState(master, "I@heka:ceilometer_collector:enabled ${extra_tgt}", 'heka.ceilometer_collector') |
| salt.runSaltProcessStep(master, "I@heka:ceilometer_collector:enabled ${extra_tgt}", 'service.restart', ['ceilometer_collector'], null, true) |
| } |
| |
| // Install galera |
| if (common.checkContains('STACK_INSTALL', 'k8s')) { |
| salt.enforceState(master, "I@galera:master ${extra_tgt}", 'galera', true, true, null, false, -1, 2) |
| salt.enforceState(master, "I@galera:slave ${extra_tgt}", 'galera', true, true, null, false, -1, 2) |
| |
| // Check galera status |
| salt.runSaltProcessStep(master, "I@galera:master ${extra_tgt}", 'mysql.status') |
| salt.runSaltProcessStep(master, "I@galera:slave ${extra_tgt}", 'mysql.status') |
| } |
| |
| //Collect Grains |
| salt.enforceState(master, "I@salt:minion ${extra_tgt}", 'salt.minion.grains') |
| salt.runSaltProcessStep(master, "I@salt:minion ${extra_tgt}", 'saltutil.refresh_modules') |
| salt.runSaltProcessStep(master, "I@salt:minion ${extra_tgt}", 'mine.update') |
| sleep(5) |
| |
| // Configure Prometheus in Docker Swarm |
| salt.enforceState(master, "I@docker:swarm and I@prometheus:server ${extra_tgt}", 'prometheus') |
| |
| //Configure Remote Collector in Docker Swarm for Openstack deployments |
| if (!common.checkContains('STACK_INSTALL', 'k8s')) { |
| salt.enforceState(master, "I@docker:swarm and I@prometheus:server ${extra_tgt}", 'heka.remote_collector', true, false) |
| } |
| |
| // Launch containers |
| salt.enforceState(master, "I@docker:swarm:role:master and I@prometheus:server ${extra_tgt}", 'docker.client') |
| salt.runSaltProcessStep(master, "I@docker:swarm and I@prometheus:server ${extra_tgt}", 'dockerng.ps') |
| |
| //Install Prometheus LTS |
| salt.enforceStateWithTest(master, "I@prometheus:relay ${extra_tgt}", 'prometheus') |
| |
| // Install sphinx server |
| salt.enforceStateWithTest(master, "I@sphinx:server ${extra_tgt}", 'sphinx') |
| |
| //Configure Grafana |
| pillar = salt.getPillar(master, "ctl01* ${extra_tgt}", '_param:stacklight_monitor_address') |
| common.prettyPrint(pillar) |
| |
| def stacklight_vip |
| if(!pillar['return'].isEmpty()) { |
| stacklight_vip = pillar['return'][0].values()[0] |
| } else { |
| common.errorMsg('[ERROR] Stacklight VIP address could not be retrieved') |
| } |
| |
| common.infoMsg("Waiting for service on http://${stacklight_vip}:15013/ to start") |
| sleep(120) |
| salt.enforceState(master, "I@grafana:client ${extra_tgt}", 'grafana.client') |
| } |
| |
| def installStacklightv1Control(master, extra_tgt = '') { |
| def salt = new com.mirantis.mk.Salt() |
| |
| // infra install |
| // Install the StackLight backends |
| salt.enforceState(master, "*01* and I@elasticsearch:server ${extra_tgt}", 'elasticsearch.server') |
| salt.enforceState(master, "I@elasticsearch:server ${extra_tgt}", 'elasticsearch.server') |
| |
| salt.enforceState(master, "*01* and I@influxdb:server ${extra_tgt}", 'influxdb') |
| salt.enforceState(master, "I@influxdb:server ${extra_tgt}", 'influxdb') |
| |
| salt.enforceState(master, "*01* and I@kibana:server ${extra_tgt}", 'kibana.server') |
| salt.enforceState(master, "I@kibana:server ${extra_tgt}", 'kibana.server') |
| |
| salt.enforceState(master, "*01* and I@grafana:server ${extra_tgt}",'grafana.server') |
| salt.enforceState(master, "I@grafana:server ${extra_tgt}",'grafana.server') |
| |
| def alarming_service_pillar = salt.getPillar(master, "mon*01* ${extra_tgt}", '_param:alarming_service') |
| def alarming_service = alarming_service_pillar['return'][0].values()[0] |
| |
| switch (alarming_service) { |
| case 'sensu': |
| // Update Sensu |
| salt.enforceState(master, "I@sensu:server and I@rabbitmq:server ${extra_tgt}", 'rabbitmq') |
| salt.enforceState(master, "I@redis:cluster:role:master ${extra_tgt}", 'redis') |
| salt.enforceState(master, "I@redis:server ${extra_tgt}", 'redis') |
| salt.enforceState(master, "I@sensu:server ${extra_tgt}", 'sensu') |
| default: |
| // Update Nagios |
| salt.enforceState(master, "I@nagios:server ${extra_tgt}", 'nagios.server') |
| // Stop the Nagios service because the package starts it by default and it will |
| // started later only on the node holding the VIP address |
| salt.runSaltProcessStep(master, "I@nagios:server ${extra_tgt}", 'service.stop', ['nagios3'], null, true) |
| } |
| |
| salt.enforceState(master, "I@elasticsearch:client ${extra_tgt}", 'elasticsearch.client.service') |
| salt.enforceState(master, "I@kibana:client ${extra_tgt}", 'kibana.client') |
| |
| sleep(10) |
| } |
| |
| def installStacklightv1Client(master, extra_tgt = '') { |
| def salt = new com.mirantis.mk.Salt() |
| def common = new com.mirantis.mk.Common() |
| |
| salt.cmdRun(master, "I@elasticsearch:client ${extra_tgt}", 'salt-call state.sls elasticsearch.client') |
| // salt.enforceState(master, "I@elasticsearch:client", 'elasticsearch.client", true) |
| salt.cmdRun(master, "I@kibana:client ${extra_tgt}", 'salt-call state.sls kibana.client') |
| // salt.enforceState(master, "I@kibana:client", 'kibana.client", true) |
| |
| // Install collectd, heka and sensu services on the nodes, this will also |
| // generate the metadata that goes into the grains and eventually into Salt Mine |
| salt.enforceState(master, "* ${extra_tgt}", 'collectd') |
| salt.enforceState(master, "* ${extra_tgt}", 'salt.minion') |
| salt.enforceState(master, "* ${extra_tgt}", 'heka') |
| |
| // Gather the Grafana metadata as grains |
| salt.enforceState(master, "I@grafana:collector ${extra_tgt}", 'grafana.collector', true) |
| |
| // Update Salt Mine |
| salt.enforceState(master, "* ${extra_tgt}", 'salt.minion.grains') |
| salt.runSaltProcessStep(master, "* ${extra_tgt}", 'saltutil.refresh_modules') |
| salt.runSaltProcessStep(master, "* ${extra_tgt}", 'mine.update') |
| |
| sleep(5) |
| |
| // Update Heka |
| salt.enforceState(master, "( I@heka:aggregator:enabled:True or I@heka:remote_collector:enabled:True ) ${extra_tgt}", 'heka') |
| |
| // Update collectd |
| salt.enforceState(master, "I@collectd:remote_client:enabled:True ${extra_tgt}", 'collectd') |
| |
| def alarming_service_pillar = salt.getPillar(master, "mon*01* ${extra_tgt}", '_param:alarming_service') |
| def alarming_service = alarming_service_pillar['return'][0].values()[0] |
| |
| switch (alarming_service) { |
| case 'sensu': |
| // Update Sensu |
| // TODO for stacklight team, should be fixed in model |
| salt.enforceState(master, "I@sensu:client ${extra_tgt}", 'sensu') |
| default: |
| break |
| // Default is nagios, and was enforced in installStacklightControl() |
| } |
| |
| salt.cmdRun(master, "I@grafana:client and *01* ${extra_tgt}", 'salt-call state.sls grafana.client') |
| // salt.enforceState(master, "I@grafana:client and *01*", 'grafana.client", true) |
| |
| // Finalize the configuration of Grafana (add the dashboards...) |
| salt.enforceState(master, "I@grafana:client and *01* ${extra_tgt}", 'grafana.client') |
| salt.enforceState(master, "I@grafana:client and *02* ${extra_tgt}", 'grafana.client') |
| salt.enforceState(master, "I@grafana:client and *03* ${extra_tgt}", 'grafana.client') |
| // nw salt -C "I@grafana:client' --async service.restart salt-minion; sleep 10 |
| |
| // Get the StackLight monitoring VIP addres |
| //vip=$(salt-call pillar.data _param:stacklight_monitor_address --out key|grep _param: |awk '{print $2}') |
| //vip=${vip:=172.16.10.253} |
| def pillar = salt.getPillar(master, "ctl01* ${extra_tgt}", '_param:stacklight_monitor_address') |
| common.prettyPrint(pillar) |
| def stacklight_vip = pillar['return'][0].values()[0] |
| |
| if (stacklight_vip) { |
| // (re)Start manually the services that are bound to the monitoring VIP |
| common.infoMsg("restart services on node with IP: ${stacklight_vip}") |
| salt.runSaltProcessStep(master, "G@ipv4:${stacklight_vip} ${extra_tgt}", 'service.restart', ['remote_collectd']) |
| salt.runSaltProcessStep(master, "G@ipv4:${stacklight_vip} ${extra_tgt}", 'service.restart', ['remote_collector']) |
| salt.runSaltProcessStep(master, "G@ipv4:${stacklight_vip} ${extra_tgt}", 'service.restart', ['aggregator']) |
| salt.runSaltProcessStep(master, "G@ipv4:${stacklight_vip} ${extra_tgt}", 'service.restart', ['nagios3']) |
| } else { |
| throw new Exception("Missing stacklight_vip") |
| } |
| } |
| |
| // |
| // backups |
| // |
| |
| def installBackup(master, component='common', extra_tgt = '') { |
| def salt = new com.mirantis.mk.Salt() |
| if (component == 'common') { |
| // Install Backupninja |
| if (salt.testTarget(master, "I@backupninja:client ${extra_tgt}")) { |
| salt.enforceState(master, "I@backupninja:client ${extra_tgt}", 'salt.minion.grains') |
| salt.runSaltProcessStep(master, "I@backupninja:client ${extra_tgt}", 'saltutil.sync_grains') |
| salt.runSaltProcessStep(master, "I@backupninja:client ${extra_tgt}", 'mine.flush') |
| salt.runSaltProcessStep(master, "I@backupninja:client ${extra_tgt}", 'mine.update') |
| salt.enforceState(master, "I@backupninja:client ${extra_tgt}", 'backupninja') |
| } |
| salt.enforceStateWithTest(master, "I@backupninja:server ${extra_tgt}", 'salt.minion.grains') |
| salt.enforceStateWithTest(master, "I@backupninja:server ${extra_tgt}", 'backupninja') |
| } else if (component == 'mysql') { |
| // Install Xtrabackup |
| if (salt.testTarget(master, "I@xtrabackup:client ${extra_tgt}")) { |
| salt.enforceState(master, "I@xtrabackup:client ${extra_tgt}", 'salt.minion.grains') |
| salt.runSaltProcessStep(master, "I@xtrabackup:client ${extra_tgt}", 'saltutil.sync_grains') |
| salt.runSaltProcessStep(master, "I@xtrabackup:client ${extra_tgt}", 'mine.flush') |
| salt.runSaltProcessStep(master, "I@xtrabackup:client ${extra_tgt}", 'mine.update') |
| salt.enforceState(master, "I@xtrabackup:client ${extra_tgt}", 'xtrabackup') |
| } |
| salt.enforceStateWithTest(master, "I@xtrabackup:server ${extra_tgt}", 'xtrabackup') |
| } else if (component == 'contrail') { |
| |
| // Install Cassandra backup |
| if (salt.testTarget(master, "I@cassandra:backup:client ${extra_tgt}")) { |
| salt.enforceState(master, "I@cassandra:backup:client ${extra_tgt}", 'salt.minion.grains') |
| salt.runSaltProcessStep(master, "I@cassandra:backup:client ${extra_tgt}", 'saltutil.sync_grains') |
| salt.runSaltProcessStep(master, "I@cassandra:backup:client ${extra_tgt}", 'mine.flush') |
| salt.runSaltProcessStep(master, "I@cassandra:backup:client ${extra_tgt}", 'mine.update') |
| salt.enforceState(master, "I@cassandra:backup:client ${extra_tgt}", 'cassandra.backup') |
| } |
| salt.enforceStateWithTest(master, "I@cassandra:backup:server ${extra_tgt}", 'cassandra.backup') |
| // Install Zookeeper backup |
| if (salt.testTarget(master, "I@zookeeper:backup:client ${extra_tgt}")) { |
| salt.enforceState(master, "I@zookeeper:backup:client ${extra_tgt}", 'salt.minion.grains') |
| salt.runSaltProcessStep(master, "I@zookeeper:backup:client ${extra_tgt}", 'saltutil.sync_grains') |
| salt.runSaltProcessStep(master, "I@zookeeper:backup:client ${extra_tgt}", 'mine.flush') |
| salt.runSaltProcessStep(master, "I@zookeeper:backup:client ${extra_tgt}", 'mine.update') |
| salt.enforceState(master, "I@zookeeper:backup:client ${extra_tgt}", 'zookeeper.backup') |
| } |
| salt.enforceStateWithTest(master, "I@zookeeper:backup:server ${extra_tgt}", 'zookeeper.backup') |
| } else if (component == 'ceph') { |
| // Install Ceph backup |
| if (salt.testTarget(master, "I@ceph:backup:client ${extra_tgt}")) { |
| salt.enforceState(master, "I@ceph:backup:client ${extra_tgt}", 'salt.minion.grains') |
| salt.runSaltProcessStep(master, "I@ceph:backup:client ${extra_tgt}", 'saltutil.sync_grains') |
| salt.runSaltProcessStep(master, "I@ceph:backup:client ${extra_tgt}", 'mine.flush') |
| salt.runSaltProcessStep(master, "I@ceph:backup:client ${extra_tgt}", 'mine.update') |
| salt.enforceState(master, "I@ceph:backup:client ${extra_tgt}", 'ceph.backup') |
| } |
| salt.enforceStateWithTest(master, "I@ceph:backup:server ${extra_tgt}", 'ceph.backup') |
| } |
| |
| } |
| |
| // |
| // Ceph |
| // |
| |
| def installCephMon(master, target="I@ceph:mon", extra_tgt = '') { |
| def salt = new com.mirantis.mk.Salt() |
| |
| salt.enforceState(master, "I@ceph:common ${extra_tgt}", 'salt.minion.grains') |
| |
| // generate keyrings |
| if (salt.testTarget(master, "( I@ceph:mon:keyring:mon or I@ceph:common:keyring:admin ) ${extra_tgt}")) { |
| salt.enforceState(master, "( I@ceph:mon:keyring:mon or I@ceph:common:keyring:admin ) ${extra_tgt}", 'ceph.mon') |
| salt.runSaltProcessStep(master, "I@ceph:mon ${extra_tgt}", 'saltutil.sync_grains') |
| salt.runSaltProcessStep(master, "( I@ceph:mon:keyring:mon or I@ceph:common:keyring:admin ) ${extra_tgt}", 'mine.update') |
| |
| // on target nodes mine is used to get pillar from 'ceph:common:keyring:admin' via grain.items |
| // we need to refresh all pillar/grains to make data sharing work correctly |
| salt.fullRefresh(master, "( I@ceph:mon:keyring:mon or I@ceph:common:keyring:admin ) ${extra_tgt}") |
| |
| sleep(5) |
| } |
| // install Ceph Mons |
| salt.enforceState(master, target, 'ceph.mon') |
| salt.enforceStateWithTest(master, "I@ceph:mgr ${extra_tgt}", 'ceph.mgr') |
| } |
| |
| def installCephOsd(master, target="I@ceph:osd", setup=true, extra_tgt = '') { |
| def salt = new com.mirantis.mk.Salt() |
| |
| // install Ceph OSDs |
| salt.enforceState(master, target, 'ceph.osd') |
| salt.runSaltProcessStep(master, "I@ceph:osd ${extra_tgt}", 'saltutil.sync_grains') |
| salt.enforceState(master, target, 'ceph.osd.custom') |
| salt.runSaltProcessStep(master, "I@ceph:osd ${extra_tgt}", 'saltutil.sync_grains') |
| salt.runSaltProcessStep(master, "I@ceph:osd ${extra_tgt}", 'mine.update') |
| installBackup(master, 'ceph') |
| |
| // setup pools, keyrings and maybe crush |
| if (salt.testTarget(master, "I@ceph:setup ${extra_tgt}") && setup) { |
| sleep(5) |
| salt.enforceState(master, "I@ceph:setup ${extra_tgt}", 'ceph.setup') |
| } |
| } |
| |
| def installCephClient(master, extra_tgt = '') { |
| def salt = new com.mirantis.mk.Salt() |
| |
| // install Ceph Radosgw |
| if (salt.testTarget(master, "I@ceph:radosgw ${extra_tgt} and I@node_role.openstack-control")) { |
| salt.runSaltProcessStep(master, "I@ceph:radosgw ${extra_tgt}", 'saltutil.sync_grains') |
| salt.enforceState(master, "I@ceph:radosgw ${extra_tgt}", 'ceph.radosgw') |
| } |
| |
| // setup keyring for Openstack services |
| salt.enforceStateWithTest(master, "I@ceph:common and I@glance:server ${extra_tgt}", ['ceph.common', 'ceph.setup.keyring']) |
| |
| salt.enforceStateWithTest(master, "I@ceph:common and I@cinder:controller ${extra_tgt}", ['ceph.common', 'ceph.setup.keyring']) |
| |
| if (salt.testTarget(master, "I@ceph:common and I@nova:compute ${extra_tgt}")) { |
| salt.enforceState(master, "I@ceph:common and I@nova:compute ${extra_tgt}", ['ceph.common', 'ceph.setup.keyring']) |
| salt.runSaltProcessStep(master, "I@ceph:common and I@nova:compute ${extra_tgt}", 'saltutil.sync_grains') |
| } |
| |
| salt.enforceStateWithTest(master, "I@ceph:common and I@gnocchi:server ${extra_tgt}", ['ceph.common', 'ceph.setup.keyring']) |
| } |
| |
| def connectCeph(master, extra_tgt = '') { |
| def salt = new com.mirantis.mk.Salt() |
| |
| // setup Keystone service and endpoints for swift or / and S3 |
| salt.enforceStateWithTest(master, "I@keystone:client ${extra_tgt}", 'keystone.client') |
| |
| // connect Ceph to the env |
| if (salt.testTarget(master, "I@ceph:common and I@glance:server ${extra_tgt}")) { |
| salt.enforceState(master, "I@ceph:common and I@glance:server ${extra_tgt}", ['glance']) |
| salt.runSaltProcessStep(master, "I@ceph:common and I@glance:server ${extra_tgt}", 'service.restart', ['glance-api']) |
| } |
| if (salt.testTarget(master, "I@ceph:common and I@cinder:controller ${extra_tgt}")) { |
| salt.enforceState(master, "I@ceph:common and I@cinder:controller ${extra_tgt}", ['cinder']) |
| salt.runSaltProcessStep(master, "I@ceph:common and I@cinder:controller ${extra_tgt}", 'service.restart', ['cinder-volume']) |
| } |
| if (salt.testTarget(master, "I@ceph:common and I@nova:compute ${extra_tgt}")) { |
| salt.enforceState(master, "I@ceph:common and I@nova:compute ${extra_tgt}", ['nova']) |
| salt.runSaltProcessStep(master, "I@ceph:common and I@nova:compute ${extra_tgt}", 'service.restart', ['nova-compute']) |
| } |
| if (salt.testTarget(master, "I@ceph:common and I@gnocchi:server ${extra_tgt}")) { |
| salt.enforceState(master, "I@ceph:common and I@gnocchi:server:role:primary ${extra_tgt}", 'gnocchi.server') |
| salt.enforceState(master, "I@ceph:common and I@gnocchi:server ${extra_tgt}", 'gnocchi.server') |
| } |
| } |
| |
| def installOssInfra(master, extra_tgt = '') { |
| def common = new com.mirantis.mk.Common() |
| def salt = new com.mirantis.mk.Salt() |
| |
| salt.enforceStateWithTest(master, "I@devops_portal:config ${extra_tgt}", 'devops_portal.config', ) |
| salt.enforceStateWithTest(master, "I@rundeck:client ${extra_tgt}", ['linux.system.user', 'openssh'], "I@devops_portal:config ${extra_tgt}") |
| salt.enforceStateWithTest(master, "I@rundeck:server ${extra_tgt}", 'rundeck.server', "I@devops_portal:config ${extra_tgt}") |
| } |
| |
| def installOss(master, extra_tgt = '') { |
| def common = new com.mirantis.mk.Common() |
| def salt = new com.mirantis.mk.Salt() |
| |
| //Get oss VIP address |
| def pillar = salt.getPillar(master, "cfg01* ${extra_tgt}", '_param:stacklight_monitor_address') |
| common.prettyPrint(pillar) |
| |
| def oss_vip |
| if(!pillar['return'].isEmpty()) { |
| oss_vip = pillar['return'][0].values()[0] |
| } else { |
| common.errorMsg('[ERROR] Oss VIP address could not be retrieved') |
| } |
| |
| // Postgres client - initialize OSS services databases |
| timeout(120){ |
| common.infoMsg("Waiting for postgresql database to come up..") |
| salt.cmdRun(master, "I@postgresql:client ${extra_tgt}", 'while true; do if docker service logs postgresql_postgresql-db 2>&1 | grep "ready to accept"; then break; else sleep 5; fi; done') |
| } |
| // XXX: first run usually fails on some inserts, but we need to create databases at first |
| salt.enforceState(master, "I@postgresql:client ${extra_tgt}", 'postgresql.client', true, false) |
| |
| // Setup postgres database with integration between |
| // Pushkin notification service and Security Monkey security audit service |
| timeout(10) { |
| common.infoMsg("Waiting for Pushkin to come up..") |
| salt.cmdRun(master, "I@postgresql:client ${extra_tgt}", "while true; do curl -sf ${oss_vip}:8887/apps >/dev/null && break; done") |
| } |
| salt.enforceState(master, "I@postgresql:client ${extra_tgt}", 'postgresql.client') |
| |
| // Rundeck |
| timeout(10) { |
| common.infoMsg("Waiting for Rundeck to come up..") |
| salt.cmdRun(master, "I@rundeck:client ${extra_tgt}", "while true; do curl -sf ${oss_vip}:4440 >/dev/null && break; done") |
| } |
| salt.enforceState(master, "I@rundeck:client ${extra_tgt}", 'rundeck.client') |
| |
| // Elasticsearch |
| pillar = salt.getPillar(master, "I@elasticsearch:client ${extra_tgt}", 'elasticsearch:client:server:host') |
| def elasticsearch_vip |
| if(!pillar['return'].isEmpty()) { |
| elasticsearch_vip = pillar['return'][0].values()[0] |
| } else { |
| common.errorMsg('[ERROR] Elasticsearch VIP address could not be retrieved') |
| } |
| |
| timeout(10) { |
| common.infoMsg('Waiting for Elasticsearch to come up..') |
| salt.cmdRun(master, "I@elasticsearch:client ${extra_tgt}", "while true; do curl -sf ${elasticsearch_vip}:9200 >/dev/null && break; done") |
| } |
| salt.enforceState(master, "I@elasticsearch:client ${extra_tgt}", 'elasticsearch.client') |
| } |
| |
| /** |
| * Function receives connection string, target and configuration yaml pattern |
| * and retrieves config fom salt minion according to pattern. After that it |
| * sorts applications according to priorities and runs orchestration states |
| * @param master Salt Connection object or pepperEnv |
| * @param tgt Target |
| * @param conf Configuration pattern |
| */ |
| def OrchestrateApplications(master, tgt, conf) { |
| def salt = new com.mirantis.mk.Salt() |
| def common = new com.mirantis.mk.Common() |
| def _orch = salt.getConfig(master, tgt, conf) |
| if ( !_orch['return'][0].values()[0].isEmpty() ) { |
| Map<String,Integer> _orch_app = [:] |
| for (k in _orch['return'][0].values()[0].keySet()) { |
| _orch_app[k] = _orch['return'][0].values()[0][k].values()[0].toInteger() |
| } |
| def _orch_app_sorted = common.SortMapByValueAsc(_orch_app) |
| common.infoMsg("Applications will be deployed in following order:"+_orch_app_sorted.keySet()) |
| for (app in _orch_app_sorted.keySet()) { |
| salt.orchestrateSystem(master, ['expression': tgt, 'type': 'compound'], "${app}.orchestrate.deploy") |
| } |
| } |
| else { |
| common.infoMsg("No applications found for orchestration") |
| } |
| } |