Refactor config scripts to cloud-init yamls
This is initial part of refactoring of config scripts
to native cloud-init functions. This patch is related
only to transition from sh to yaml.
Change-Id: Id1aba5d3581aafd94af59b88c08dd01b0c761ac0
Related-Bug: #PROD-23147 (PROD:23147)
diff --git a/config-drive/master_config.sh b/config-drive/master_config.sh.old
similarity index 96%
rename from config-drive/master_config.sh
rename to config-drive/master_config.sh.old
index bf15ff3..b3b7598 100644
--- a/config-drive/master_config.sh
+++ b/config-drive/master_config.sh.old
@@ -1,6 +1,11 @@
#!/bin/bash -xe
#==============================================================================
+# This file is no longer used for cfg node configuration.
+# Please use master_config.yaml for that purpose.
+#==============================================================================
+
+#==============================================================================
# Required packages:
# apt-get install -y jq
#==============================================================================
diff --git a/config-drive/master_config.yaml b/config-drive/master_config.yaml
new file mode 100644
index 0000000..0ca6e24
--- /dev/null
+++ b/config-drive/master_config.yaml
@@ -0,0 +1,209 @@
+#cloud-config
+output: {all: '| tee -a /var/log/cloud-init-output.log'}
+write_files:
+ - owner: root:root
+ path: /etc/cloud/master_environment
+ permissions: '0644'
+ content: |
+ export SALT_MASTER_DEPLOY_IP="172.16.164.15"
+ export SALT_MASTER_MINION_ID="cfg01.deploy-name.local"
+ export DEPLOY_NETWORK_GW="172.16.164.1"
+ export DEPLOY_NETWORK_NETMASK="255.255.255.192"
+ export DEPLOY_NETWORK_MTU="1500"
+ export DNS_SERVERS="8.8.8.8"
+ export http_proxy=""
+ export https_proxy=""
+ export PIPELINES_FROM_ISO="true"
+ export PIPELINE_REPO_URL="https://github.com/Mirantis"
+ export MCP_VERSION="stable"
+ export MCP_SALT_REPO_KEY="http://apt.mirantis.com/public.gpg"
+ export MCP_SALT_REPO_URL="http://apt.mirantis.com/xenial"
+ export MCP_SALT_REPO="deb [arch=amd64] $MCP_SALT_REPO_URL $MCP_VERSION salt"
+ export FORMULAS="salt-formula-*"
+ export SALT_OPTS="-l debug -t 10 --retcode-passthrough --no-color"
+ export CFG_BOOTSTRAP_DRIVE_URL=""
+master_config:
+ - &master_config |
+ function _post_maas_cfg() {
+ source /var/lib/maas/.maas_login.sh
+ # disable backports for maas enlist pkg repo. Those operation enforce maas
+ # to re-create sources.list and drop [source] fetch-definition from it.
+ main_arch_id=$(maas ${PROFILE} package-repositories read | jq -r ".[] | select(.name==\"main_archive\") | .id")
+ maas ${PROFILE} package-repository update ${main_arch_id} "disabled_pockets=backports" || true
+ maas ${PROFILE} package-repository update ${main_arch_id} "disabled_components=multiverse" || true
+ maas ${PROFILE} package-repository update ${main_arch_id} "arches=amd64" || true
+ # Remove stale notifications, which appear during sources configuration.
+ for i in $(maas ${PROFILE} notifications read | jq ".[]| .id"); do
+ maas ${PROFILE} notification delete ${i} || true
+ done
+ }
+
+ function process_formulas(){
+ local RECLASS_ROOT=${RECLASS_ROOT:-/srv/salt/reclass/}
+ local FORMULAS_PATH=${FORMULAS_PATH:-/usr/share/salt-formulas}
+
+ curl -s $MCP_SALT_REPO_KEY | apt-key add -
+ echo $MCP_SALT_REPO > /etc/apt/sources.list.d/mcp_salt.list
+ apt-get update
+ apt-get install -y salt-formula-*
+
+ [ ! -d ${RECLASS_ROOT}/classes/service ] && mkdir -p ${RECLASS_ROOT}/classes/service
+ for formula_service in $(ls /usr/share/salt-formulas/reclass/service/); do
+ #Since some salt formula names contain "-" and in symlinks they should contain "_" adding replacement
+ formula_service=${formula_service//-/$"_"}
+ if [ ! -L "${RECLASS_ROOT}/classes/service/${formula_service}" ]; then
+ ln -sf ${FORMULAS_PATH}/reclass/service/${formula_service} ${RECLASS_ROOT}/classes/service/${formula_service}
+ fi
+ done
+ }
+
+ function enable_services(){
+ local services="postgresql.service salt-api salt-master salt-minion jenkins"
+ for s in ${services} ; do
+ systemctl enable ${s} || true
+ systemctl restart ${s} || true
+ done
+ }
+
+ function process_network(){
+ echo "Configuring network interfaces"
+ find /etc/network/interfaces.d/ -type f -delete
+ kill $(pidof /sbin/dhclient) || /bin/true
+ envsubst < /root/interfaces > /etc/network/interfaces
+ ip a flush dev ens3
+ rm -f /var/run/network/ifstate.ens3
+ if [[ $(grep -E "^\ *gateway\ " /etc/network/interfaces) ]]; then
+ (ip r s | grep ^default) && ip r d default || /bin/true
+ fi;
+ ifup ens3
+ }
+
+ function process_maas(){
+ postgres_enabled=$(salt-call --out=text pillar.get postgresql:server:enabled | awk '{print $2}' | tr "[:upper:]" "[:lower:]")
+ if [[ "${postgres_enabled}" == "true" ]]; then
+ salt-call ${SALT_OPTS} state.sls postgresql.server
+ fi
+
+ _region=$(salt-call --out=text pillar.get maas:region:enabled | awk '{print $2}' | tr "[:upper:]" "[:lower:]" )
+ if [[ "${maas_cluster_enabled}" == "true" ]]; then
+ salt-call ${SALT_OPTS} state.sls maas.cluster
+ else
+ echo "WARNING: maas.cluster skipped!"
+ fi
+ if [[ "$_region" == "true" ]]; then
+ # FIXME MAAS still can fail in rare race condition.
+ salt-call ${SALT_OPTS} state.sls maas.region || salt-call ${SALT_OPTS} state.sls maas.region
+ else
+ echo "WARNING: maas.region skipped!"
+ fi
+ # Do not move it under first cluster-only check!
+ if [[ "${maas_cluster_enabled}" == "true" ]]; then
+ _post_maas_cfg
+ fi
+ }
+
+ function process_jenkins(){
+ _jjobs=$(salt-call --out=text pillar.get jenkins:client:job | awk '{print $2}')
+ if [[ "${_jjobs}" != "" ]]; then
+ salt-call ${SALT_OPTS} state.sls jenkins.client
+ fi
+ }
+
+ failsafe_ssh_key(){
+ if [ -f /mnt/root_auth_keys ]; then
+ echo "Installing failsafe public ssh key from /mnt/root_auth_keys to /root/.ssh/authorized_keys"
+ install -m 0700 -d /root/.ssh
+ cat /mnt/root_auth_keys >> /root/.ssh/authorized_keys
+ chmod 600 /root/.ssh/authorized_keys
+ sed -i "s/^PermitRootLogin.*/PermitRootLogin yes/g" /etc/ssh/sshd_config
+ sed -i "s/^PasswordAuthentication.*/PasswordAuthentication yes/g" /etc/ssh/sshd_config
+ service ssh restart
+ fi
+ }
+
+ . /etc/cloud/master_environment
+ printenv | sort -u
+ process_network
+
+ echo "Preparing metadata model"
+ if [[ -n "${CFG_BOOTSTRAP_DRIVE_URL}" ]]; then
+ wget -O /tmp/cfg01.iso "$cfg_bootstrap_drive"
+ mount -o loop /tmp/cfg01.iso /mnt/
+ else
+ mount /dev/cdrom /mnt/
+ fi
+ cp -rT /mnt/model/model /srv/salt/reclass
+ chown -R root:root /srv/salt/reclass/* || true
+ chown -R root:root /srv/salt/reclass/.git* || true
+ chmod -R 644 /srv/salt/reclass/classes/cluster/* || true
+ chmod -R 644 /srv/salt/reclass/classes/system/* || true
+
+ failsafe_ssh_key
+
+ echo "Configuring salt"
+ envsubst < /root/minion.conf > /etc/salt/minion.d/minion.conf
+ enable_services
+
+ # Wait for salt-master and salt-minion to wake up after restart
+ salt-call --timeout=120 test.ping
+
+ while true; do
+ salt-key | grep "$SALT_MASTER_MINION_ID" && break
+ sleep 5
+ done
+
+ find /var/lib/jenkins/jenkins.model.JenkinsLocationConfiguration.xml -type f -print0 | xargs -0 sed -i -e "s/10.167.4.15/$SALT_MASTER_DEPLOY_IP/g"
+
+ echo "updating local git repos"
+ if [[ "$PIPELINES_FROM_ISO" == "true" ]] ; then
+ cp -r /mnt/mk-pipelines/* /home/repo/mk/mk-pipelines/
+ cp -r /mnt/pipeline-library/* /home/repo/mcp-ci/pipeline-library/
+ umount /mnt || true
+ chown -R git:www-data /home/repo/mk/mk-pipelines/*
+ chown -R git:www-data /home/repo/mcp-ci/pipeline-library/*
+ else
+ umount /mnt || true
+ git clone --mirror "${PIPELINE_REPO_URL}/mk-pipelines.git" /home/repo/mk/mk-pipelines/
+ git clone --mirror "${PIPELINE_REPO_URL}/pipeline-library.git" /home/repo/mcp-ci/pipeline-library/
+ chown -R git:www-data /home/repo/mk/mk-pipelines/*
+ chown -R git:www-data /home/repo/mcp-ci/pipeline-library/*
+ fi
+
+ process_formulas
+
+ salt-call saltutil.refresh_pillar
+ salt-call saltutil.sync_all
+ if ! $(reclass -n ${SALT_MASTER_MINION_ID} > /dev/null ) ; then
+ echo "ERROR: Reclass render failed!"
+ exit 1
+ fi
+
+ salt-call ${SALT_OPTS} state.sls linux.network,linux,openssh
+ # PROD-21179: Run salt.minion.ca to prepare CA certificate before salt.minion.cert is used
+ salt-call ${SALT_OPTS} state.sls salt.minion.ca
+ salt-call ${SALT_OPTS} state.sls salt
+ salt-call ${SALT_OPTS} pkg.install salt-master,salt-minion
+
+ sleep 5
+ # Wait for salt-master and salt-minion to wake up after restart
+ salt-call --timeout=120 test.ping
+
+ salt-call ${SALT_OPTS} state.sls salt
+ salt-call ${SALT_OPTS} state.sls reclass
+
+ maas_cluster_enabled=$(salt-call --out=text pillar.get maas:cluster:enabled | awk '{print $2}' | tr "[:upper:]" "[:lower:]" )
+ process_maas
+
+ ssh-keyscan cfg01 > /var/lib/jenkins/.ssh/known_hosts || true
+
+ process_jenkins
+
+ stop_services="salt-api salt-master salt-minion jenkins maas-rackd.service maas-regiond.service postgresql.service"
+ for s in ${stop_services} ; do
+ systemctl stop ${s} || true
+ sleep 1
+ done
+ sync
+ reboot
+runcmd:
+ - [bash, -cex, *master_config]
\ No newline at end of file