Multiply fixes
* Migrate to new salt mirror
* Add salt-formulas update repo be default
* Fix custom clouddisk download
* Remove outdated files
Change-Id: I7b61afbfac5a1b0a0dfccad5777bef1ca8edd1b6
diff --git a/config-drive/master_config.sh.old b/config-drive/master_config.sh.old
deleted file mode 100644
index b3b7598..0000000
--- a/config-drive/master_config.sh.old
+++ /dev/null
@@ -1,209 +0,0 @@
-#!/bin/bash -xe
-
-#==============================================================================
-# This file is no longer used for cfg node configuration.
-# Please use master_config.yaml for that purpose.
-#==============================================================================
-
-#==============================================================================
-# Required packages:
-# apt-get install -y jq
-#==============================================================================
-export SALT_MASTER_DEPLOY_IP=${SALT_MASTER_DEPLOY_IP:-"172.16.164.15"}
-export SALT_MASTER_MINION_ID=${SALT_MASTER_MINION_ID:-"cfg01.deploy-name.local"}
-export DEPLOY_NETWORK_GW=${DEPLOY_NETWORK_GW:-"172.16.164.1"}
-export DEPLOY_NETWORK_NETMASK=${DEPLOY_NETWORK_NETMASK:-"255.255.255.192"}
-export DEPLOY_NETWORK_MTU=${DEPLOY_NETWORK_MTU:-"1500"}
-export DNS_SERVERS=${DNS_SERVERS:-"8.8.8.8"}
-export http_proxy=${http_proxy:-""}
-export https_proxy=${https_proxy:-""}
-export PIPELINES_FROM_ISO=${PIPELINES_FROM_ISO:-"true"}
-export PIPELINE_REPO_URL=${PIPELINE_REPO_URL:-"https://github.com/Mirantis"}
-export MCP_VERSION=${MCP_VERSION:-"stable"}
-export MCP_SALT_REPO_KEY=${MCP_SALT_REPO_KEY:-"http://apt.mirantis.com/public.gpg"}
-export MCP_SALT_REPO_URL=${MCP_SALT_REPO_URL:-"http://apt.mirantis.com/xenial"}
-export MCP_SALT_REPO="deb [arch=amd64] $MCP_SALT_REPO_URL $MCP_VERSION salt"
-export FORMULAS="salt-formula-*"
-# for cloning from aptly image use port 8088
-#export PIPELINE_REPO_URL=http://172.16.47.182:8088
-#
-SALT_OPTS="-l debug -t 10 --retcode-passthrough --no-color"
-
-# Funcs =======================================================================
-function _post_maas_cfg(){
- chmod 0755 /var/lib/maas/.maas_login.sh
- source /var/lib/maas/.maas_login.sh
- # disable backports for maas enlist pkg repo. Those operation enforce maas
- # to re-create sources.list and drop [source] fetch-definition from it.
- main_arch_id=$(maas ${PROFILE} package-repositories read | jq -r '.[] | select(.name=="main_archive") | .id')
- maas ${PROFILE} package-repository update ${main_arch_id} "disabled_pockets=backports" || true
- maas ${PROFILE} package-repository update ${main_arch_id} "disabled_components=multiverse" || true
- maas ${PROFILE} package-repository update ${main_arch_id} "arches=amd64" || true
- # Remove stale notifications, which appear during sources configuration.
- for i in $(maas ${PROFILE} notifications read | jq '.[]| .id'); do
- maas ${PROFILE} notification delete ${i} || true
- done
-}
-
-function process_formulas(){
- local RECLASS_ROOT=${RECLASS_ROOT:-/srv/salt/reclass/}
- local FORMULAS_PATH=${FORMULAS_PATH:-/usr/share/salt-formulas}
-
- echo "Configuring formulas ..."
- curl -s $MCP_SALT_REPO_KEY | apt-key add -
- echo $MCP_SALT_REPO > /etc/apt/sources.list.d/mcp_salt.list
- apt-get update
- apt-get install -y $FORMULAS
-
- [ ! -d ${RECLASS_ROOT}/classes/service ] && mkdir -p ${RECLASS_ROOT}/classes/service
- for formula_service in $(ls /usr/share/salt-formulas/reclass/service/); do
- #Since some salt formula names contain "-" and in symlinks they should contain "_" adding replacement
- formula_service=${formula_service//-/$'_'}
- if [ ! -L "${RECLASS_ROOT}/classes/service/${formula_service}" ]; then
- ln -sf ${FORMULAS_PATH}/reclass/service/${formula_service} ${RECLASS_ROOT}/classes/service/${formula_service}
- fi
- done
-}
-
-function enable_services(){
- local services="postgresql.service salt-api salt-master salt-minion jenkins"
- for s in ${services} ; do
- systemctl enable ${s} || true
- systemctl restart ${s} || true
- done
-}
-
-function process_network(){
- echo "Configuring network interfaces"
- find /etc/network/interfaces.d/ -type f -delete
- kill $(pidof /sbin/dhclient) || /bin/true
- envsubst < /root/interfaces > /etc/network/interfaces
- ip a flush dev ens3
- rm -f /var/run/network/ifstate.ens3
- if [[ $(grep -E '^\ *gateway\ ' /etc/network/interfaces) ]]; then
- (ip r s | grep ^default) && ip r d default || /bin/true
- fi;
- ifup ens3
-}
-
-function process_maas(){
- postgres_enabled=$(salt-call --out=text pillar.get postgresql:server:enabled | awk '{print $2}' | tr "[:upper:]" "[:lower:]")
- if [[ "${postgres_enabled}" == "true" ]]; then
- salt-call ${SALT_OPTS} state.sls postgresql.server
- fi
-
- _region=$(salt-call --out=text pillar.get maas:region:enabled | awk '{print $2}' | tr "[:upper:]" "[:lower:]" )
- if [[ "${maas_cluster_enabled}" == 'true' ]]; then
- salt-call ${SALT_OPTS} state.sls maas.cluster
- else
- echo 'WARNING: maas.cluster skipped!'
- fi
- if [[ "$_region" == 'true' ]]; then
- # FIXME MAAS still can fail in rare race condition.
- salt-call ${SALT_OPTS} state.sls maas.region || salt-call ${SALT_OPTS} state.sls maas.region
- else
- echo 'WARNING: maas.region skipped!'
- fi
- # Don't move it under first cluster-only check!
- if [[ "${maas_cluster_enabled}" == 'true' ]]; then
- _post_maas_cfg
- fi
-}
-
-function process_jenkins(){
- _jjobs=$(salt-call --out=text pillar.get jenkins:client:job | awk '{print $2}')
- if [[ "${_jjobs}" != '' ]]; then
- salt-call ${SALT_OPTS} state.sls jenkins.client
- fi
-}
-
-failsafe_ssh_key(){
- if [ -f /mnt/root_auth_keys ]; then
- echo "Installing failsafe public ssh key from /mnt/root_auth_keys to /root/.ssh/authorized_keys"
- install -m 0700 -d /root/.ssh
- cat /mnt/root_auth_keys >> /root/.ssh/authorized_keys
- chmod 600 /root/.ssh/authorized_keys
- sed -i 's/^PermitRootLogin.*/PermitRootLogin yes/g' /etc/ssh/sshd_config
- sed -i 's/^PasswordAuthentication.*/PasswordAuthentication yes/g' /etc/ssh/sshd_config
- service ssh restart
- fi
-}
-
-# Body ========================================================================
-process_network
-
-echo "Preparing metadata model"
-mount /dev/cdrom /mnt/
-cp -rT /mnt/model/model /srv/salt/reclass
-chown -R root:root /srv/salt/reclass/* || true
-chown -R root:root /srv/salt/reclass/.git* || true
-chmod -R 644 /srv/salt/reclass/classes/cluster/* || true
-chmod -R 644 /srv/salt/reclass/classes/system/* || true
-
-failsafe_ssh_key
-
-echo "Configuring salt"
-envsubst < /root/minion.conf > /etc/salt/minion.d/minion.conf
-enable_services
-
-# Wait for salt-master and salt-minion to wake up after restart
-salt-call --timeout=120 test.ping
-
-while true; do
- salt-key | grep "$SALT_MASTER_MINION_ID" && break
- sleep 5
-done
-
-find /var/lib/jenkins/jenkins.model.JenkinsLocationConfiguration.xml -type f -print0 | xargs -0 sed -i -e 's/10.167.4.15/'$SALT_MASTER_DEPLOY_IP'/g'
-
-echo "updating local git repos"
-if [[ "$PIPELINES_FROM_ISO" == "true" ]] ; then
- cp -r /mnt/mk-pipelines/* /home/repo/mk/mk-pipelines/
- cp -r /mnt/pipeline-library/* /home/repo/mcp-ci/pipeline-library/
- umount /dev/cdrom || true
- chown -R git:www-data /home/repo/mk/mk-pipelines/*
- chown -R git:www-data /home/repo/mcp-ci/pipeline-library/*
-else
- umount /dev/cdrom || true
- git clone --mirror "${PIPELINE_REPO_URL}/mk-pipelines.git" /home/repo/mk/mk-pipelines/
- git clone --mirror "${PIPELINE_REPO_URL}/pipeline-library.git" /home/repo/mcp-ci/pipeline-library/
- chown -R git:www-data /home/repo/mk/mk-pipelines/*
- chown -R git:www-data /home/repo/mcp-ci/pipeline-library/*
-fi
-
-process_formulas
-
-salt-call saltutil.refresh_pillar
-salt-call saltutil.sync_all
-if ! $(reclass -n ${SALT_MASTER_MINION_ID} > /dev/null ) ; then
- echo "ERROR: Reclass render failed!"
- exit 1
-fi
-
-salt-call ${SALT_OPTS} state.sls linux.network,linux,openssh
-# PROD-21179: Run salt.minion.ca to prepare CA certificate before salt.minion.cert is used
-salt-call ${SALT_OPTS} state.sls salt.minion.ca
-salt-call ${SALT_OPTS} state.sls salt
-salt-call ${SALT_OPTS} pkg.install salt-master,salt-minion
-
-sleep 5
-# Wait for salt-master and salt-minion to wake up after restart
-salt-call --timeout=120 test.ping
-
-salt-call ${SALT_OPTS} state.sls salt
-salt-call ${SALT_OPTS} state.sls reclass
-
-maas_cluster_enabled=$(salt-call --out=text pillar.get maas:cluster:enabled | awk '{print $2}' | tr "[:upper:]" "[:lower:]" )
-process_maas
-
-ssh-keyscan cfg01 > /var/lib/jenkins/.ssh/known_hosts || true
-
-process_jenkins
-
-stop_services="salt-api salt-master salt-minion jenkins maas-rackd.service maas-regiond.service postgresql.service"
-for s in ${stop_services} ; do
- systemctl stop ${s} || true
- sleep 1
-done
-sync
-reboot
diff --git a/config-drive/master_config.yaml b/config-drive/master_config.yaml
index 84fce9f..51649bb 100644
--- a/config-drive/master_config.yaml
+++ b/config-drive/master_config.yaml
@@ -13,17 +13,24 @@
export DEPLOY_NETWORK_NETMASK=${DEPLOY_NETWORK_NETMASK:-"255.255.255.192"}
export DEPLOY_NETWORK_MTU=${DEPLOY_NETWORK_MTU:-"1500"}
export DNS_SERVERS=${DNS_SERVERS:-"8.8.8.8"}
+
export http_proxy=${http_proxy:-""}
export https_proxy=${https_proxy:-""}
+
+ export MCP_VERSION=${MCP_VERSION:-"stable"}
+
export PIPELINES_FROM_ISO=${PIPELINES_FROM_ISO:-"true"}
export PIPELINE_REPO_URL=${PIPELINE_REPO_URL:-"https://github.com/Mirantis"}
- export MCP_VERSION=${MCP_VERSION:-"stable"}
- export MCP_SALT_REPO_KEY=${MCP_SALT_REPO_KEY:-"http://apt.mirantis.com/public.gpg"}
- export MCP_SALT_REPO_URL=${MCP_SALT_REPO_URL:-"http://apt.mirantis.com/xenial"}
- export MCP_SALT_REPO=${MCP_SALT_REPO:-"deb [arch=amd64] $MCP_SALT_REPO_URL $MCP_VERSION salt"}
+
+ export MCP_SALT_REPO_URL=${MCP_SALT_REPO_URL:-"http://mirror.mirantis.com/"}
+ export MCP_SALT_REPO=${MCP_SALT_REPO:-"deb [arch=amd64] $MCP_SALT_REPO_URL/$MCP_VERSION/salt-formulas/xenial xenial main"}
+ export MCP_SALT_REPO_UPDATES=${MCP_SALT_REPO_UPDATES:-"deb [arch=amd64] $MCP_SALT_REPO_URL/update/$MCP_VERSION/salt-formulas/xenial xenial main"}
+ export MCP_SALT_REPO_KEY=${MCP_SALT_REPO_KEY:-"${MCP_SALT_REPO_URL}/${MCP_VERSION}/salt-formulas/xenial/archive-salt-formulas.key"}
+
export FORMULAS=${FORMULAS:-"salt-formula-*"}
- export SALT_OPTS=${SALT_OPTS:-"-l debug -t 10 --retcode-passthrough --no-color"}
+ export SALT_OPTS=${SALT_OPTS:-"-l debug -t 30 --retcode-passthrough --no-color"}
export CFG_BOOTSTRAP_DRIVE_URL=${CFG_BOOTSTRAP_DRIVE_URL:-""}
+
master_config:
- &master_config |
function _post_maas_cfg() {
@@ -44,8 +51,9 @@
local RECLASS_ROOT=${RECLASS_ROOT:-/srv/salt/reclass/}
local FORMULAS_PATH=${FORMULAS_PATH:-/usr/share/salt-formulas}
- curl -s $MCP_SALT_REPO_KEY | apt-key add -
- echo $MCP_SALT_REPO > /etc/apt/sources.list.d/mcp_salt.list
+ curl -s ${MCP_SALT_REPO_KEY} | apt-key add -
+ echo "${MCP_SALT_REPO}" > /etc/apt/sources.list.d/mcp_salt.list
+ echo "${MCP_SALT_REPO_UPDATES}" >> /etc/apt/sources.list.d/mcp_salt.list
apt-get update
apt-get install -y salt-formula-*
@@ -233,8 +241,11 @@
echo "Preparing metadata model"
if [[ -n "${CFG_BOOTSTRAP_DRIVE_URL}" ]]; then
- wget -O /tmp/cfg01.iso "$cfg_bootstrap_drive"
- mount -o loop /tmp/cfg01.iso /mnt/
+ echo "CFG_BOOTSTRAP_DRIVE_URL detected,downloading..."
+ _tname="cfg01_${RANDOM}.iso"
+ _wget_opts="--progress=dot:mega --waitretry=15 --retry-connrefused"
+ wget ${_wget_opts} -O /${_tname} "${CFG_BOOTSTRAP_DRIVE_URL}"
+ mount -o loop /${_tname} /mnt/
else
mount /dev/cdrom /mnt/
fi
diff --git a/config-drive/mirror_config.sh.old b/config-drive/mirror_config.sh.old
deleted file mode 100644
index 387c16b..0000000
--- a/config-drive/mirror_config.sh.old
+++ /dev/null
@@ -1,71 +0,0 @@
-#!/bin/bash -xe
-
-export SALT_MASTER_DEPLOY_IP=10.1.0.14
-export APTLY_DEPLOY_IP=10.1.0.14
-export APTLY_DEPLOY_NETMASK=255.255.0.0
-export APTLY_MINION_ID=apt01.deploy-name.local
-
-# Funcs =======================================================================
-function docker_ca_wa(){
- crt="/var/lib/docker/swarm/certificates/swarm-node.crt"
- if ! $(openssl x509 -checkend 86400 -noout -in ${crt}); then
- echo "WARNING: swarm CA not expired yet.Something wrong with docker"
- echo "WARNING: docker CA WA not applied"
- exit 1
- fi
- echo 'WARNING: re-creating docker stack services!'
-
- systemctl stop docker || true
- rm -rf /var/lib/docker/swarm/*
- systemctl restart docker
- sleep 5
- docker swarm init --advertise-addr 127.0.0.1
- sleep 5
- for c in docker aptly; do
- pushd /etc/docker/compose/${c}/
- retry=5
- i=1
- while [[ $i -lt $retry ]]; do
- docker stack deploy --compose-file docker-compose.yml ${c};
- ret=$?;
- if [[ $ret -eq 0 ]]; then echo 'Stack created'; break;
- else
- echo "Stack creation failed, retrying in 3 seconds.." >&2;
- sleep 3;
- i=$(( i + 1 ));
- fi;
- if [[ $i -ge $retry ]]; then
- echo "Stack creation failed!"; exit 1;
- fi;
- done;
- popd
- sleep 1
- done
-}
-
-# Body ========================================================================
-echo "Configuring network interfaces"
-find /etc/network/interfaces.d/ -type f -delete
-kill $(pidof /sbin/dhclient) || /bin/true
-envsubst < /root/interfaces > /etc/network/interfaces
-ip a flush dev ens3
-rm -f /var/run/network/ifstate.ens3
-if [[ $(grep -E '^\ *gateway\ ' /etc/network/interfaces) ]]; then
-(ip r s | grep ^default) && ip r d default || /bin/true
-fi;
-ifup ens3
-
-echo "Configuring salt"
-rm -f /etc/salt/pki/minion/minion_master.pub
-envsubst < /root/minion.conf > /etc/salt/minion.d/minion.conf
-service salt-minion restart
-
-# Check for failed docker-start.
-# WA PROD-21676
-if [[ ! $(docker stack ls) ]] ; then
- docker_ca_wa
-fi
-
-# Set bootstrap-done flag for future
-mkdir -p /var/log/mcp/
-touch /var/log/mcp/.bootstrap_done
diff --git a/config-drive/mirror_config.yaml b/config-drive/mirror_config.yaml
index 80c65cf..55972b0 100644
--- a/config-drive/mirror_config.yaml
+++ b/config-drive/mirror_config.yaml
@@ -11,12 +11,13 @@
export APTLY_DEPLOY_IP=${APTLY_DEPLOY_IP:-"10.1.0.14"}
export APTLY_DEPLOY_NETMASK=${APTLY_DEPLOY_NETMASK:-"255.255.0.0"}
export APTLY_MINION_ID=${APTLY_MINION_ID:-"apt01.deploy-name.local"}
+
mirror_config:
- &mirror_config |
function docker_ca_wa(){
crt="/var/lib/docker/swarm/certificates/swarm-node.crt"
if ! $(openssl x509 -checkend 86400 -noout -in ${crt}); then
- echo "WARNING: swarm CA not expired yet.Something wrong with docker"
+ echo "WARNING: swarm CA not expired yet.Something other wrong with docker"
echo "WARNING: docker CA WA not applied"
exit 1
fi