Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / mcp / mcp-common-scripts / 5a63afc2b3f58cbdbc224841c25f7e9719addc29 / . / config-drive / master_config.yaml
blob: fde9d28bdcac0034c54fa24629499ea649ab3a59 [file] [log] [blame]
#cloud-config
output:
all: '| tee -a /var/log/cloud-init-output.log /dev/tty0'
write_files:
- owner: root:root
path: /etc/cloud/master_environment
permissions: '0644'
content: |
[ -f /etc/cloud/master_environment_override ] && . /etc/cloud/master_environment_override
export SALT_MASTER_DEPLOY_IP=${SALT_MASTER_DEPLOY_IP:-"172.16.164.15"}
export SALT_MASTER_MINION_ID=${SALT_MASTER_MINION_ID:-"cfg01.deploy-name.local"}
export DEPLOY_NETWORK_GW=${DEPLOY_NETWORK_GW:-"172.16.164.1"}
export DEPLOY_NETWORK_NETMASK=${DEPLOY_NETWORK_NETMASK:-"255.255.255.192"}
export DEPLOY_NETWORK_MTU=${DEPLOY_NETWORK_MTU:-"1500"}
export DNS_SERVERS=${DNS_SERVERS:-"8.8.8.8"}
export http_proxy=${http_proxy:-""}
export https_proxy=${https_proxy:-""}
export MCP_VERSION=${MCP_VERSION:-"stable"}
export PIPELINES_FROM_ISO=${PIPELINES_FROM_ISO:-"true"}
export PIPELINE_REPO_URL=${PIPELINE_REPO_URL:-"https://github.com/Mirantis"}
export MCP_SALT_REPO_URL=${MCP_SALT_REPO_URL:-"http://mirror.mirantis.com/"}
export MCP_SALT_REPO=${MCP_SALT_REPO:-"deb [arch=amd64] $MCP_SALT_REPO_URL/$MCP_VERSION/salt-formulas/xenial xenial main"}
export MCP_SALT_REPO_UPDATES=${MCP_SALT_REPO_UPDATES:-"deb [arch=amd64] $MCP_SALT_REPO_URL/update/$MCP_VERSION/salt-formulas/xenial xenial main"}
export MCP_SALT_REPO_KEY=${MCP_SALT_REPO_KEY:-"${MCP_SALT_REPO_URL}/${MCP_VERSION}/salt-formulas/xenial/archive-salt-formulas.key"}
export FORMULAS=${FORMULAS:-"salt-formula-*"}
export SALT_OPTS=${SALT_OPTS:-"-l debug -t 30 --retcode-passthrough --no-color"}
export CFG_BOOTSTRAP_DRIVE_URL=${CFG_BOOTSTRAP_DRIVE_URL:-""}
master_config:
- &master_config |
function _post_maas_cfg() {
source /var/lib/maas/.maas_login.sh
# disable backports for maas enlist pkg repo. Those operation enforce maas
# to re-create sources.list and drop [source] fetch-definition from it.
main_arch_id=$(maas ${PROFILE} package-repositories read | jq -r ".[] | select(.name==\"main_archive\") | .id")
maas ${PROFILE} package-repository update ${main_arch_id} "disabled_pockets=backports" || true
maas ${PROFILE} package-repository update ${main_arch_id} "disabled_components=multiverse" || true
maas ${PROFILE} package-repository update ${main_arch_id} "arches=amd64" || true
# Remove stale notifications, which appear during sources configuration.
for i in $(maas ${PROFILE} notifications read | jq ".[]| .id"); do
maas ${PROFILE} notification delete ${i} || true
done
}
function process_formulas(){
local RECLASS_ROOT=${RECLASS_ROOT:-/srv/salt/reclass/}
local FORMULAS_PATH=${FORMULAS_PATH:-/usr/share/salt-formulas}
curl -s ${MCP_SALT_REPO_KEY} | apt-key add -
echo "${MCP_SALT_REPO}" > /etc/apt/sources.list.d/mcp_salt.list
echo "${MCP_SALT_REPO_UPDATES}" >> /etc/apt/sources.list.d/mcp_salt.list
apt-get update
apt-get install -y salt-formula-*
[ ! -d ${RECLASS_ROOT}/classes/service ] && mkdir -p ${RECLASS_ROOT}/classes/service
for formula_service in $(ls /usr/share/salt-formulas/reclass/service/); do
#Since some salt formula names contain "-" and in symlinks they should contain "_" adding replacement
formula_service=${formula_service//-/$"_"}
if [ ! -L "${RECLASS_ROOT}/classes/service/${formula_service}" ]; then
ln -sf ${FORMULAS_PATH}/reclass/service/${formula_service} ${RECLASS_ROOT}/classes/service/${formula_service}
fi
done
}
function enable_services(){
local services="salt-api salt-master salt-minion"
if [ ! -f /opt/postgresql_in_docker ]; then
local services="${services} postgresql.service"
fi
for s in ${services} ; do
systemctl enable ${s} || true
systemctl restart ${s} || true
done
}
function process_network(){
echo "Configuring network interfaces"
find /etc/network/interfaces.d/ -type f -delete
kill $(pidof /sbin/dhclient) || /bin/true
envsubst < /root/interfaces > /etc/network/interfaces
ip a flush dev ens3
rm -f /var/run/network/ifstate.ens3
if [[ $(grep -E "^\ *gateway\ " /etc/network/interfaces) ]]; then
(ip r s | grep ^default) && ip r d default || /bin/true
fi;
ifup ens3
}
function process_maas(){
maas_cluster_enabled=$(salt-call --out=text pillar.get maas:cluster:enabled | awk '{print $2}' | tr "[:upper:]" "[:lower:]" )
_region=$(salt-call --out=text pillar.get maas:region:enabled | awk '{print $2}' | tr "[:upper:]" "[:lower:]" )
if ([ -f /opt/postgresql_in_docker ] && ([[ "${maas_cluster_enabled}" == "true" ]] || [[ "${_region}" == "true" ]])); then
systemctl disable postgresql.service
wait_for_postgresql
salt-call ${SALT_OPTS} state.sls postgresql.client
else
postgres_enabled=$(salt-call --out=text pillar.get postgresql:server:enabled | awk '{print $2}' | tr "[:upper:]" "[:lower:]")
if [[ "${postgres_enabled}" == "true" ]]; then
salt-call ${SALT_OPTS} state.sls postgresql.server
fi
fi
if [[ "${maas_cluster_enabled}" == "true" ]]; then
salt-call ${SALT_OPTS} state.sls maas.cluster
else
echo "WARNING: maas.cluster skipped!"
fi
if [[ "$_region" == "true" ]]; then
salt-call ${SALT_OPTS} state.sls maas.region
else
echo "WARNING: maas.region skipped!"
fi
# Do not move it under first cluster-only check!
if [[ "${maas_cluster_enabled}" == "true" ]]; then
_post_maas_cfg
fi
}
function wait_for_postgresql() {
salt_string="salt-call --out=text pillar.get postgresql:client:server:server01:admin"
pg_port=$(${salt_string}:port | awk '{print $2}')
pg_host=$(${salt_string}:host | awk '{print $2}')
wait_time=0
until [[ $(/usr/bin/pg_isready -h ${pg_host} -p ${pg_port} | awk '{ print $3 }' ) == 'accepting' ]] || [ $wait_time -eq 20 ];
do
echo "Waiting for postgres at: ${pg_host}:${pg_port}"
sleep $(( wait_time++ ));
done
}
function wait_for_jenkins() {
# Wait for jenkins to be functional
jport=$(salt-call --out=text pillar.get jenkins:master:http:port | awk '{print $2}')
jport=${jport:-8081}
wait_time=0
until [[ $(curl -sL -w "%{http_code}" localhost:$jport -o /dev/null) == 200 ]] || [ $wait_time -eq 20 ]; do
sleep $(( wait_time++ ))
done
}
function process_swarm() {
_swarm=$(salt-call --out=text pillar.get docker:swarm:advertise_addr | awk '{print $2}')
if [[ "${_swarm}" != "" ]]; then
salt-call ${SALT_OPTS} state.sls docker.swarm
fi
_docker=$(salt-call --out=text pillar.get docker:client:enabled | awk '{print $2}')
if [[ "${_docker}" != "" ]]; then
salt-call ${SALT_OPTS} state.sls docker.client
fi
}
# $1 is stack name
function wait_for_docker_images() {
local IMAGES=$(docker stack ps ${1} --format "{{.Image}}" | awk -F ':' '{print $1}' | uniq);
local NOT_PULLED="NOT_PULLED"
local counter=0
until [[ -z "${NOT_PULLED}" ]] || [ $counter -eq 90 ]; do
NOT_PULLED=""
for image in ${IMAGES}; do
local exist=$(docker images --format "{{if eq .Repository \"$image\"}}{{.Repository}}{{end}}" | tr -d '\n');
if [ -z "${exist}" ]; then
NOT_PULLED="${image} ${NOT_PULLED}"
fi;
done
if [ -n "${NOT_PULLED}" ]; then
echo "Images ${NOT_PULLED} are not pulled yet"
sleep 10;
counter=$((counter+1))
fi
done
}
function process_jenkins() {
# INFO: jenkins is in docker in 2019.x releases
if [ -f /opt/jenkins_in_docker ]; then
rm -v /opt/jenkins_in_docker
export JENKINS_HOME=/srv/volumes/jenkins
_nginx=$(salt-call --out=text pillar.get nginx:server:enabled | awk '{print $2}')
if [[ "${_nginx}" != "" ]]; then
salt-call ${SALT_OPTS} state.sls nginx
fi
_jenabled=$(salt-call --out=text pillar.get docker:client:stack:jenkins | awk '{print $2}')
_jclient=$(salt-call --out=text pillar.get jenkins:client | awk '{print $2}')
if [[ "${_jenabled}" != "" && "${_jclient}" != "" ]]; then
wait_for_jenkins
salt-call ${SALT_OPTS} state.sls jenkins.client
fi
else
export JENKINS_HOME=/var/lib/jenkins
systemctl enable jenkins
systemctl start jenkins
wait_for_jenkins
_jjobs=$(salt-call --out=text pillar.get jenkins:client:job | awk '{print $2}')
if [[ "${_jjobs}" != "" ]]; then
salt-call ${SALT_OPTS} state.sls jenkins.client
fi
systemctl stop jenkins
find ${JENKINS_HOME}/jenkins.model.JenkinsLocationConfiguration.xml -type f -print0 | xargs -0 sed -i -e "s/10.167.4.15/$SALT_MASTER_DEPLOY_IP/g"
fi
ssh-keyscan cfg01 > ${JENKINS_HOME}/.ssh/known_hosts && chmod a+r ${JENKINS_HOME}/.ssh/known_hosts || true
}
failsafe_ssh_key(){
if [ -f /mnt/root_auth_keys ]; then
echo "Installing failsafe public ssh key from /mnt/root_auth_keys to /root/.ssh/authorized_keys"
install -m 0700 -d /root/.ssh
cat /mnt/root_auth_keys >> /root/.ssh/authorized_keys
chmod 600 /root/.ssh/authorized_keys
sed -i "s/^PermitRootLogin.*/PermitRootLogin yes/g" /etc/ssh/sshd_config
sed -i "s/^PasswordAuthentication.*/PasswordAuthentication yes/g" /etc/ssh/sshd_config
service ssh restart
fi
}
function process_salt_base(){
# PROD-21179| PROD-21792 : To describe such trick's around salt.XX state ordering
salt-call ${SALT_OPTS} state.sls salt.master
# Wait for salt-master to wake up after restart
sleep 5
salt-call --timeout=120 test.ping
# Run salt.minion.ca to prepare CA certificate before salt.minion.cert is used
salt-call ${SALT_OPTS} state.sls salt.minion.ca
# Add sleep for completion of postponed restart of salt-minion. PROD-25986
sleep 15
salt-call ${SALT_OPTS} state.sls salt.minion
# Wait for salt-minion to wake up after restart
sleep 5
salt-call --timeout=120 test.ping
salt-call ${SALT_OPTS} state.sls salt
salt-call ${SALT_OPTS} state.sls reclass
}
#== Body ==================================================================#
. /etc/cloud/master_environment
printenv | sort -u
process_network
echo "Preparing metadata model"
if [[ -n "${CFG_BOOTSTRAP_DRIVE_URL}" ]]; then
echo "CFG_BOOTSTRAP_DRIVE_URL detected,downloading..."
_tname="cfg01_${RANDOM}.iso"
_wget_opts="--progress=dot:mega --waitretry=15 --retry-connrefused"
wget ${_wget_opts} -O /${_tname} "${CFG_BOOTSTRAP_DRIVE_URL}"
mount -o loop /${_tname} /mnt/
else
mount /dev/cdrom /mnt/
fi
cp -rT /mnt/model/model /srv/salt/reclass
chown -R root:root /srv/salt/reclass/* || true
chown -R root:root /srv/salt/reclass/.git* || true
chmod -R 644 /srv/salt/reclass/classes/cluster/* || true
chmod -R 644 /srv/salt/reclass/classes/system/* || true
failsafe_ssh_key
echo "Configuring salt"
envsubst < /root/minion.conf > /etc/salt/minion.d/minion.conf
if [ -f /mnt/gpg/salt_master_pillar.asc ]; then
mkdir /etc/salt/gpgkeys
chmod 700 /etc/salt/gpgkeys
GNUPGHOME=/etc/salt/gpgkeys gpg --import /mnt/gpg/salt_master_pillar.asc
fi
enable_services
# Wait for salt-master and salt-minion to wake up after restart
salt-call --timeout=120 test.ping
while true; do
salt-key | grep "$SALT_MASTER_MINION_ID" && break
sleep 5
done
echo "updating local git repos"
if [[ "$PIPELINES_FROM_ISO" == "true" ]] ; then
cp -r /mnt/mk-pipelines/* /home/repo/mk/mk-pipelines/
cp -r /mnt/pipeline-library/* /home/repo/mcp-ci/pipeline-library/
umount /mnt || true
chown -R git:www-data /home/repo/mk/mk-pipelines/*
chown -R git:www-data /home/repo/mcp-ci/pipeline-library/*
else
umount /mnt || true
git clone --mirror "${PIPELINE_REPO_URL}/mk-pipelines.git" /home/repo/mk/mk-pipelines/
git clone --mirror "${PIPELINE_REPO_URL}/pipeline-library.git" /home/repo/mcp-ci/pipeline-library/
chown -R git:www-data /home/repo/mk/mk-pipelines/*
chown -R git:www-data /home/repo/mcp-ci/pipeline-library/*
fi
process_formulas
salt-call saltutil.refresh_pillar
salt-call saltutil.sync_all
if ! $(reclass -n ${SALT_MASTER_MINION_ID} > /dev/null ) ; then
echo "ERROR: Reclass render failed!"
exit 1
fi
salt-call ${SALT_OPTS} state.sls linux.network,linux,openssh
process_salt_base
if [ -f /opt/jenkins_in_docker ] || [ -f /opt/postgresql_in_docker ]; then
process_swarm
wait_for_docker_images postgresql
wait_for_docker_images jenkins
fi
if [ -f /opt/jenkins_in_docker ] && [ ! -f /opt/postgresql_in_docker ]; then
docker stack rm postgresql || true
fi
process_jenkins
process_maas
stop_services="salt-api salt-master salt-minion maas-rackd.service maas-regiond.service postgresql.service"
for s in ${stop_services} ; do
systemctl stop ${s} || true
sleep 1
done
# Set bootstrap-done flag for future
mkdir -p /var/log/mcp/
touch /var/log/mcp/.bootstrap_done
sync
reboot
runcmd:
- [bash, -cex, *master_config]