Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / mcp / mcp-common-scripts / 39fa6568ce2518487f445e17e746676fecfc0802 / . / config-drive / master_config.sh.old
blob: b3b759873104b3430ffe5685a98c37c27f9c0dd5 [file] [log] [blame]
Richard Felkl4c4829d2017-11-11 00:12:20 +0100[diff] [blame]1#!/bin/bash -xe
alexzd90608b2018-04-12 23:49:03 +0200[diff] [blame]2
azvyagintsevb2a55792018-06-05 17:38:17 +0300[diff] [blame]3#==============================================================================
Ivan Berezovskiy77187172018-09-14 15:47:36 +0400[diff] [blame]4# This file is no longer used for cfg node configuration.
5# Please use master_config.yaml for that purpose.
6#==============================================================================
7
8#==============================================================================
azvyagintsevb2a55792018-06-05 17:38:17 +0300[diff] [blame]9# Required packages:
10# apt-get install -y jq
11#==============================================================================
Petr Ruzicka6f9aea02018-06-19 16:46:01 +0200[diff] [blame]12export SALT_MASTER_DEPLOY_IP=${SALT_MASTER_DEPLOY_IP:-"172.16.164.15"}
13export SALT_MASTER_MINION_ID=${SALT_MASTER_MINION_ID:-"cfg01.deploy-name.local"}
14export DEPLOY_NETWORK_GW=${DEPLOY_NETWORK_GW:-"172.16.164.1"}
15export DEPLOY_NETWORK_NETMASK=${DEPLOY_NETWORK_NETMASK:-"255.255.255.192"}
Petr Ruzickaa5407452018-07-03 12:30:16 +0200[diff] [blame]16export DEPLOY_NETWORK_MTU=${DEPLOY_NETWORK_MTU:-"1500"}
Petr Ruzicka6f9aea02018-06-19 16:46:01 +0200[diff] [blame]17export DNS_SERVERS=${DNS_SERVERS:-"8.8.8.8"}
18export http_proxy=${http_proxy:-""}
19export https_proxy=${https_proxy:-""}
20export PIPELINES_FROM_ISO=${PIPELINES_FROM_ISO:-"true"}
21export PIPELINE_REPO_URL=${PIPELINE_REPO_URL:-"https://github.com/Mirantis"}
22export MCP_VERSION=${MCP_VERSION:-"stable"}
23export MCP_SALT_REPO_KEY=${MCP_SALT_REPO_KEY:-"http://apt.mirantis.com/public.gpg"}
24export MCP_SALT_REPO_URL=${MCP_SALT_REPO_URL:-"http://apt.mirantis.com/xenial"}
Richard Felkl98b45342018-04-06 13:30:28 +0200[diff] [blame]25export MCP_SALT_REPO="deb [arch=amd64] $MCP_SALT_REPO_URL $MCP_VERSION salt"
26export FORMULAS="salt-formula-*"
azvyagintsevb2a55792018-06-05 17:38:17 +0300[diff] [blame]27# for cloning from aptly image use port 8088
Jiri Broulikcee20532018-01-08 13:30:15 +0100[diff] [blame]28#export PIPELINE_REPO_URL=http://172.16.47.182:8088
azvyagintsevb2a55792018-06-05 17:38:17 +0300[diff] [blame]29#
30SALT_OPTS="-l debug -t 10 --retcode-passthrough --no-color"
Richard Felkl4c4829d2017-11-11 00:12:20 +0100[diff] [blame]31
azvyagintsevb2a55792018-06-05 17:38:17 +0300[diff] [blame]32# Funcs =======================================================================
alexzd90608b2018-04-12 23:49:03 +0200[diff] [blame]33function _post_maas_cfg(){
azvyagintsevb2a55792018-06-05 17:38:17 +0300[diff] [blame]34 chmod 0755 /var/lib/maas/.maas_login.sh
35 source /var/lib/maas/.maas_login.sh
36 # disable backports for maas enlist pkg repo. Those operation enforce maas
37 # to re-create sources.list and drop [source] fetch-definition from it.
38 main_arch_id=$(maas ${PROFILE} package-repositories read | jq -r '.[] | select(.name=="main_archive") | .id')
39 maas ${PROFILE} package-repository update ${main_arch_id} "disabled_pockets=backports" || true
40 maas ${PROFILE} package-repository update ${main_arch_id} "disabled_components=multiverse" || true
41 maas ${PROFILE} package-repository update ${main_arch_id} "arches=amd64" || true
42 # Remove stale notifications, which appear during sources configuration.
43 for i in $(maas ${PROFILE} notifications read | jq '.[]| .id'); do
44 maas ${PROFILE} notification delete ${i} || true
Pavel Cizinsky5f8fb092018-05-30 17:27:19 +0200[diff] [blame]45 done
alexzd90608b2018-04-12 23:49:03 +0200[diff] [blame]46}
47
azvyagintsevb2a55792018-06-05 17:38:17 +0300[diff] [blame]48function process_formulas(){
49 local RECLASS_ROOT=${RECLASS_ROOT:-/srv/salt/reclass/}
50 local FORMULAS_PATH=${FORMULAS_PATH:-/usr/share/salt-formulas}
51
52 echo "Configuring formulas ..."
53 curl -s $MCP_SALT_REPO_KEY | apt-key add -
54 echo $MCP_SALT_REPO > /etc/apt/sources.list.d/mcp_salt.list
55 apt-get update
56 apt-get install -y $FORMULAS
57
58 [ ! -d ${RECLASS_ROOT}/classes/service ] && mkdir -p ${RECLASS_ROOT}/classes/service
59 for formula_service in $(ls /usr/share/salt-formulas/reclass/service/); do
60 #Since some salt formula names contain "-" and in symlinks they should contain "_" adding replacement
61 formula_service=${formula_service//-/$'_'}
Dennis Dmitrieve00716b2018-07-05 14:50:45 +0300[diff] [blame]62 if [ ! -L "${RECLASS_ROOT}/classes/service/${formula_service}" ]; then
azvyagintsevb2a55792018-06-05 17:38:17 +0300[diff] [blame]63 ln -sf ${FORMULAS_PATH}/reclass/service/${formula_service} ${RECLASS_ROOT}/classes/service/${formula_service}
Dennis Dmitrieve00716b2018-07-05 14:50:45 +0300[diff] [blame]64 fi
azvyagintsevb2a55792018-06-05 17:38:17 +0300[diff] [blame]65 done
66}
67
68function enable_services(){
69 local services="postgresql.service salt-api salt-master salt-minion jenkins"
70 for s in ${services} ; do
71 systemctl enable ${s} || true
72 systemctl restart ${s} || true
73 done
74}
75
76function process_network(){
77 echo "Configuring network interfaces"
78 find /etc/network/interfaces.d/ -type f -delete
79 kill $(pidof /sbin/dhclient) || /bin/true
80 envsubst < /root/interfaces > /etc/network/interfaces
81 ip a flush dev ens3
82 rm -f /var/run/network/ifstate.ens3
83 if [[ $(grep -E '^\ *gateway\ ' /etc/network/interfaces) ]]; then
84 (ip r s | grep ^default) && ip r d default || /bin/true
85 fi;
86 ifup ens3
87}
88
azvyagintsev42a47622018-07-06 13:12:08 +0300[diff] [blame]89function process_maas(){
Ivan Berezovskiy6b938d92018-09-11 16:12:39 +0400[diff] [blame]90 postgres_enabled=$(salt-call --out=text pillar.get postgresql:server:enabled | awk '{print $2}' | tr "[:upper:]" "[:lower:]")
91 if [[ "${postgres_enabled}" == "true" ]]; then
92 salt-call ${SALT_OPTS} state.sls postgresql.server
93 fi
94
azvyagintsev42a47622018-07-06 13:12:08 +0300[diff] [blame]95 _region=$(salt-call --out=text pillar.get maas:region:enabled | awk '{print $2}' | tr "[:upper:]" "[:lower:]" )
96 if [[ "${maas_cluster_enabled}" == 'true' ]]; then
97 salt-call ${SALT_OPTS} state.sls maas.cluster
98 else
99 echo 'WARNING: maas.cluster skipped!'
100 fi
101 if [[ "$_region" == 'true' ]]; then
azvyagintsevd453a712018-08-03 10:50:59 +0200[diff] [blame]102 # FIXME MAAS still can fail in rare race condition.
103 salt-call ${SALT_OPTS} state.sls maas.region || salt-call ${SALT_OPTS} state.sls maas.region
azvyagintsev42a47622018-07-06 13:12:08 +0300[diff] [blame]104 else
105 echo 'WARNING: maas.region skipped!'
106 fi
107 # Don't move it under first cluster-only check!
108 if [[ "${maas_cluster_enabled}" == 'true' ]]; then
109 _post_maas_cfg
110 fi
111}
112
113function process_jenkins(){
114 _jjobs=$(salt-call --out=text pillar.get jenkins:client:job | awk '{print $2}')
115 if [[ "${_jjobs}" != '' ]]; then
116 salt-call ${SALT_OPTS} state.sls jenkins.client
117 fi
118}
119
Petr Ruzicka6982da32018-08-09 15:11:06 +0200[diff] [blame]120failsafe_ssh_key(){
121 if [ -f /mnt/root_auth_keys ]; then
122 echo "Installing failsafe public ssh key from /mnt/root_auth_keys to /root/.ssh/authorized_keys"
123 install -m 0700 -d /root/.ssh
124 cat /mnt/root_auth_keys >> /root/.ssh/authorized_keys
125 chmod 600 /root/.ssh/authorized_keys
126 sed -i 's/^PermitRootLogin.*/PermitRootLogin yes/g' /etc/ssh/sshd_config
127 sed -i 's/^PasswordAuthentication.*/PasswordAuthentication yes/g' /etc/ssh/sshd_config
128 service ssh restart
129 fi
130}
131
azvyagintsevb2a55792018-06-05 17:38:17 +0300[diff] [blame]132# Body ========================================================================
133process_network
Richard Felkl4c4829d2017-11-11 00:12:20 +0100[diff] [blame]134
135echo "Preparing metadata model"
136mount /dev/cdrom /mnt/
Leontii Istomin68553f12018-02-21 18:10:12 +0100[diff] [blame]137cp -rT /mnt/model/model /srv/salt/reclass
azvyagintsevb2a55792018-06-05 17:38:17 +0300[diff] [blame]138chown -R root:root /srv/salt/reclass/* || true
alexzd90608b2018-04-12 23:49:03 +0200[diff] [blame]139chown -R root:root /srv/salt/reclass/.git* || true
140chmod -R 644 /srv/salt/reclass/classes/cluster/* || true
141chmod -R 644 /srv/salt/reclass/classes/system/* || true
Richard Felkl4c4829d2017-11-11 00:12:20 +0100[diff] [blame]142
Petr Ruzicka6982da32018-08-09 15:11:06 +0200[diff] [blame]143failsafe_ssh_key
144
Richard Felkl4c4829d2017-11-11 00:12:20 +0100[diff] [blame]145echo "Configuring salt"
Richard Felkl4c4829d2017-11-11 00:12:20 +0100[diff] [blame]146envsubst < /root/minion.conf > /etc/salt/minion.d/minion.conf
azvyagintsevb2a55792018-06-05 17:38:17 +0300[diff] [blame]147enable_services
Dennis Dmitrieve00716b2018-07-05 14:50:45 +0300[diff] [blame]148
149# Wait for salt-master and salt-minion to wake up after restart
150salt-call --timeout=120 test.ping
151
Richard Felkl4c4829d2017-11-11 00:12:20 +0100[diff] [blame]152while true; do
153 salt-key | grep "$SALT_MASTER_MINION_ID" && break
154 sleep 5
155done
azvyagintsevb2a55792018-06-05 17:38:17 +0300[diff] [blame]156
Richard Felkl4c4829d2017-11-11 00:12:20 +0100[diff] [blame]157find /var/lib/jenkins/jenkins.model.JenkinsLocationConfiguration.xml -type f -print0 | xargs -0 sed -i -e 's/10.167.4.15/'$SALT_MASTER_DEPLOY_IP'/g'
158
azvyagintsevb2a55792018-06-05 17:38:17 +0300[diff] [blame]159echo "updating local git repos"
alexzd90608b2018-04-12 23:49:03 +0200[diff] [blame]160if [[ "$PIPELINES_FROM_ISO" == "true" ]] ; then
Jiri Broulikcee20532018-01-08 13:30:15 +0100[diff] [blame]161 cp -r /mnt/mk-pipelines/* /home/repo/mk/mk-pipelines/
162 cp -r /mnt/pipeline-library/* /home/repo/mcp-ci/pipeline-library/
alexzd90608b2018-04-12 23:49:03 +0200[diff] [blame]163 umount /dev/cdrom || true
Jiri Broulikcee20532018-01-08 13:30:15 +0100[diff] [blame]164 chown -R git:www-data /home/repo/mk/mk-pipelines/*
165 chown -R git:www-data /home/repo/mcp-ci/pipeline-library/*
166else
alexzd90608b2018-04-12 23:49:03 +0200[diff] [blame]167 umount /dev/cdrom || true
168 git clone --mirror "${PIPELINE_REPO_URL}/mk-pipelines.git" /home/repo/mk/mk-pipelines/
169 git clone --mirror "${PIPELINE_REPO_URL}/pipeline-library.git" /home/repo/mcp-ci/pipeline-library/
Jiri Broulikcee20532018-01-08 13:30:15 +0100[diff] [blame]170 chown -R git:www-data /home/repo/mk/mk-pipelines/*
171 chown -R git:www-data /home/repo/mcp-ci/pipeline-library/*
172fi
173
azvyagintsevb2a55792018-06-05 17:38:17 +0300[diff] [blame]174process_formulas
Richard Felkl98b45342018-04-06 13:30:28 +0200[diff] [blame]175
Richard Felkl4c4829d2017-11-11 00:12:20 +0100[diff] [blame]176salt-call saltutil.refresh_pillar
177salt-call saltutil.sync_all
alexzd90608b2018-04-12 23:49:03 +0200[diff] [blame]178if ! $(reclass -n ${SALT_MASTER_MINION_ID} > /dev/null ) ; then
179 echo "ERROR: Reclass render failed!"
180 exit 1
Jiri Broulik0173a272018-04-11 10:56:35 +0200[diff] [blame]181fi
182
Dennis Dmitrievb5c17a02018-07-06 13:07:49 +0300[diff] [blame]183salt-call ${SALT_OPTS} state.sls linux.network,linux,openssh
Dennis Dmitrieve00716b2018-07-05 14:50:45 +0300[diff] [blame]184# PROD-21179: Run salt.minion.ca to prepare CA certificate before salt.minion.cert is used
185salt-call ${SALT_OPTS} state.sls salt.minion.ca
Dennis Dmitrievb5c17a02018-07-06 13:07:49 +0300[diff] [blame]186salt-call ${SALT_OPTS} state.sls salt
azvyagintsevb2a55792018-06-05 17:38:17 +0300[diff] [blame]187salt-call ${SALT_OPTS} pkg.install salt-master,salt-minion
Dennis Dmitrieve00716b2018-07-05 14:50:45 +0300[diff] [blame]188
Jiri Broulik6b7ca672018-04-19 13:16:32 +0200[diff] [blame]189sleep 5
Dennis Dmitrieve00716b2018-07-05 14:50:45 +0300[diff] [blame]190# Wait for salt-master and salt-minion to wake up after restart
191salt-call --timeout=120 test.ping
192
azvyagintsevb2a55792018-06-05 17:38:17 +0300[diff] [blame]193salt-call ${SALT_OPTS} state.sls salt
azvyagintsevb2a55792018-06-05 17:38:17 +0300[diff] [blame]194salt-call ${SALT_OPTS} state.sls reclass
Jiri Broulik1261ca32018-01-18 15:30:25 +0100[diff] [blame]195
azvyagintsev42a47622018-07-06 13:12:08 +0300[diff] [blame]196maas_cluster_enabled=$(salt-call --out=text pillar.get maas:cluster:enabled | awk '{print $2}' | tr "[:upper:]" "[:lower:]" )
197process_maas
alexzd90608b2018-04-12 23:49:03 +0200[diff] [blame]198
199ssh-keyscan cfg01 > /var/lib/jenkins/.ssh/known_hosts || true
200
azvyagintsev42a47622018-07-06 13:12:08 +0300[diff] [blame]201process_jenkins
Richard Felkl4c4829d2017-11-11 00:12:20 +0100[diff] [blame]202
azvyagintsevb2a55792018-06-05 17:38:17 +0300[diff] [blame]203stop_services="salt-api salt-master salt-minion jenkins maas-rackd.service maas-regiond.service postgresql.service"
204for s in ${stop_services} ; do
205 systemctl stop ${s} || true
206 sleep 1
207done
208sync
Dmitry Stremkouskia94b5f32017-12-02 00:41:54 +0300[diff] [blame]209reboot