blob: 82884f11902e361a3ff650eda7afff62e9601a49 [file] [log] [blame]
Ivan Berezovskiy77187172018-09-14 15:47:36 +04001#cloud-config
Ivan Berezovskiy39fa6562018-10-09 12:58:55 +04002output:
3 all: '| tee -a /var/log/cloud-init-output.log /dev/tty0'
Ivan Berezovskiy77187172018-09-14 15:47:36 +04004write_files:
5 - owner: root:root
6 path: /etc/cloud/master_environment
7 permissions: '0644'
8 content: |
Dennis Dmitriev8fa33f92018-10-10 01:13:48 +03009 [ -f /etc/cloud/master_environment_override ] && . /etc/cloud/master_environment_override
10 export SALT_MASTER_DEPLOY_IP=${SALT_MASTER_DEPLOY_IP:-"172.16.164.15"}
11 export SALT_MASTER_MINION_ID=${SALT_MASTER_MINION_ID:-"cfg01.deploy-name.local"}
12 export DEPLOY_NETWORK_GW=${DEPLOY_NETWORK_GW:-"172.16.164.1"}
13 export DEPLOY_NETWORK_NETMASK=${DEPLOY_NETWORK_NETMASK:-"255.255.255.192"}
14 export DEPLOY_NETWORK_MTU=${DEPLOY_NETWORK_MTU:-"1500"}
15 export DNS_SERVERS=${DNS_SERVERS:-"8.8.8.8"}
16 export http_proxy=${http_proxy:-""}
17 export https_proxy=${https_proxy:-""}
18 export PIPELINES_FROM_ISO=${PIPELINES_FROM_ISO:-"true"}
19 export PIPELINE_REPO_URL=${PIPELINE_REPO_URL:-"https://github.com/Mirantis"}
20 export MCP_VERSION=${MCP_VERSION:-"stable"}
21 export MCP_SALT_REPO_KEY=${MCP_SALT_REPO_KEY:-"http://apt.mirantis.com/public.gpg"}
22 export MCP_SALT_REPO_URL=${MCP_SALT_REPO_URL:-"http://apt.mirantis.com/xenial"}
23 export MCP_SALT_REPO=${MCP_SALT_REPO:-"deb [arch=amd64] $MCP_SALT_REPO_URL $MCP_VERSION salt"}
24 export FORMULAS=${FORMULAS:-"salt-formula-*"}
25 export SALT_OPTS=${SALT_OPTS:-"-l debug -t 10 --retcode-passthrough --no-color"}
26 export CFG_BOOTSTRAP_DRIVE_URL=${CFG_BOOTSTRAP_DRIVE_URL:-""}
Ivan Berezovskiy77187172018-09-14 15:47:36 +040027master_config:
28 - &master_config |
29 function _post_maas_cfg() {
30 source /var/lib/maas/.maas_login.sh
31 # disable backports for maas enlist pkg repo. Those operation enforce maas
32 # to re-create sources.list and drop [source] fetch-definition from it.
33 main_arch_id=$(maas ${PROFILE} package-repositories read | jq -r ".[] | select(.name==\"main_archive\") | .id")
34 maas ${PROFILE} package-repository update ${main_arch_id} "disabled_pockets=backports" || true
35 maas ${PROFILE} package-repository update ${main_arch_id} "disabled_components=multiverse" || true
36 maas ${PROFILE} package-repository update ${main_arch_id} "arches=amd64" || true
37 # Remove stale notifications, which appear during sources configuration.
38 for i in $(maas ${PROFILE} notifications read | jq ".[]| .id"); do
39 maas ${PROFILE} notification delete ${i} || true
40 done
41 }
42
43 function process_formulas(){
44 local RECLASS_ROOT=${RECLASS_ROOT:-/srv/salt/reclass/}
45 local FORMULAS_PATH=${FORMULAS_PATH:-/usr/share/salt-formulas}
46
47 curl -s $MCP_SALT_REPO_KEY | apt-key add -
48 echo $MCP_SALT_REPO > /etc/apt/sources.list.d/mcp_salt.list
49 apt-get update
50 apt-get install -y salt-formula-*
51
52 [ ! -d ${RECLASS_ROOT}/classes/service ] && mkdir -p ${RECLASS_ROOT}/classes/service
53 for formula_service in $(ls /usr/share/salt-formulas/reclass/service/); do
54 #Since some salt formula names contain "-" and in symlinks they should contain "_" adding replacement
55 formula_service=${formula_service//-/$"_"}
56 if [ ! -L "${RECLASS_ROOT}/classes/service/${formula_service}" ]; then
57 ln -sf ${FORMULAS_PATH}/reclass/service/${formula_service} ${RECLASS_ROOT}/classes/service/${formula_service}
58 fi
59 done
60 }
61
62 function enable_services(){
Stanislav Riazanovc69bfc02018-12-07 16:52:14 +040063 local services="salt-api salt-master salt-minion"
64 if [ ! -f /opt/postgresql_in_docker ]; then
65 local services="${services} postgresql.service"
66 fi
67 for s in ${services} ; do
Ivan Berezovskiy77187172018-09-14 15:47:36 +040068 systemctl enable ${s} || true
69 systemctl restart ${s} || true
70 done
71 }
72
73 function process_network(){
74 echo "Configuring network interfaces"
75 find /etc/network/interfaces.d/ -type f -delete
76 kill $(pidof /sbin/dhclient) || /bin/true
77 envsubst < /root/interfaces > /etc/network/interfaces
78 ip a flush dev ens3
79 rm -f /var/run/network/ifstate.ens3
80 if [[ $(grep -E "^\ *gateway\ " /etc/network/interfaces) ]]; then
81 (ip r s | grep ^default) && ip r d default || /bin/true
82 fi;
83 ifup ens3
84 }
85
86 function process_maas(){
Stanislav Riazanovc69bfc02018-12-07 16:52:14 +040087 if [ -f /opt/postgresql_in_docker ]; then
88 systemctl disable postgresql.service
89 wait_for_postgresql
90 salt-call ${SALT_OPTS} state.sls postgresql.client
91 else
92 postgres_enabled=$(salt-call --out=text pillar.get postgresql:server:enabled | awk '{print $2}' | tr "[:upper:]" "[:lower:]")
93 if [[ "${postgres_enabled}" == "true" ]]; then
94 salt-call ${SALT_OPTS} state.sls postgresql.server
95 fi
Ivan Berezovskiy77187172018-09-14 15:47:36 +040096 fi
97
98 _region=$(salt-call --out=text pillar.get maas:region:enabled | awk '{print $2}' | tr "[:upper:]" "[:lower:]" )
99 if [[ "${maas_cluster_enabled}" == "true" ]]; then
100 salt-call ${SALT_OPTS} state.sls maas.cluster
101 else
102 echo "WARNING: maas.cluster skipped!"
103 fi
104 if [[ "$_region" == "true" ]]; then
105 # FIXME MAAS still can fail in rare race condition.
106 salt-call ${SALT_OPTS} state.sls maas.region || salt-call ${SALT_OPTS} state.sls maas.region
107 else
108 echo "WARNING: maas.region skipped!"
109 fi
110 # Do not move it under first cluster-only check!
111 if [[ "${maas_cluster_enabled}" == "true" ]]; then
112 _post_maas_cfg
113 fi
114 }
115
Stanislav Riazanovc69bfc02018-12-07 16:52:14 +0400116 function wait_for_postgresql() {
117 salt_string="salt-call --out=text pillar.get postgresql:client:server:server01:admin"
118 pg_port=$(${salt_string}:port | awk '{print $2}')
119 pg_host=$(${salt_string}:host | awk '{print $2}')
120 wait_time=0
121 until [[ $(/usr/bin/pg_isready -h ${pg_host} -p ${pg_port} | awk '{ print $3 }' ) == 'accepting' ]] || [ $wait_time -eq 20 ];
122 do
123 echo "Waiting for postgres at: ${pg_host}:${pg_port}"
124 sleep $(( wait_time++ ));
125 done
126 }
127
Ivan Berezovskiy11d374b2018-11-26 18:00:23 +0400128 function wait_for_jenkins() {
129 # Wait for jenkins to be functional
130 jport=$(salt-call --out=text pillar.get jenkins:master:http:port | awk '{print $2}')
131 jport=${jport:-8081}
132 wait_time=0
Ivan Berezovskiyc05ce492018-12-11 12:32:43 +0400133 until [[ $(curl -sL -w "%{http_code}" localhost:$jport -o /dev/null) == 200 ]] || [ $wait_time -eq 20 ]; do
Ivan Berezovskiy11d374b2018-11-26 18:00:23 +0400134 sleep $(( wait_time++ ))
135 done
136 }
137
Stanislav Riazanovc69bfc02018-12-07 16:52:14 +0400138 function process_swarm() {
139 _swarm=$(salt-call --out=text pillar.get docker:swarm:advertise_addr | awk '{print $2}')
140 if [[ "${_swarm}" != "" ]]; then
141 salt-call ${SALT_OPTS} state.sls docker.swarm
142 fi
143 _docker=$(salt-call --out=text pillar.get docker:client:enabled | awk '{print $2}')
144 if [[ "${_docker}" != "" ]]; then
145 salt-call ${SALT_OPTS} state.sls docker.client
146 fi
147 }
148
Ivan Berezovskiy5f7a80f2018-12-17 18:08:31 +0400149 # $1 is stack name
150 function wait_for_docker_images() {
151 local IMAGES=$(docker stack ps ${1} --format "{{.Image}}" | awk -F ':' '{print $1}' | uniq);
Ivan Berezovskiy101a2d82018-12-17 19:20:57 +0400152 local NOT_PULLED="NOT_PULLED"
Ivan Berezovskiy5f7a80f2018-12-17 18:08:31 +0400153 local counter=0
Ivan Berezovskiy101a2d82018-12-17 19:20:57 +0400154 until [[ -z "${NOT_PULLED}" ]] || [ $counter -eq 90 ]; do
155 NOT_PULLED=""
Ivan Berezovskiy5f7a80f2018-12-17 18:08:31 +0400156 for image in ${IMAGES}; do
Ivan Berezovskiy101a2d82018-12-17 19:20:57 +0400157 local exist=$(docker images --format "{{if eq .Repository \"$image\"}}{{.Repository}}{{end}}" | tr -d '\n');
Ivan Berezovskiy5f7a80f2018-12-17 18:08:31 +0400158 if [ -z "${exist}" ]; then
159 NOT_PULLED="${image} ${NOT_PULLED}"
160 fi;
161 done
Ivan Berezovskiy101a2d82018-12-17 19:20:57 +0400162 if [ -n "${NOT_PULLED}" ]; then
163 echo "Images ${NOT_PULLED} are not pulled yet"
164 sleep 10;
Ivan Berezovskiy7d32f7e2018-12-17 21:30:50 +0400165 counter=$((counter+1))
Ivan Berezovskiy101a2d82018-12-17 19:20:57 +0400166 fi
Ivan Berezovskiy5f7a80f2018-12-17 18:08:31 +0400167 done
168 }
169
Ivan Berezovskiyfba80942018-11-16 13:11:44 +0400170 function process_jenkins() {
171 # INFO: jenkins is in docker in 2019.x releases
Ivan Berezovskiy040c3c62018-11-30 16:48:49 +0400172 if [ -f /opt/jenkins_in_docker ]; then
173 rm -v /opt/jenkins_in_docker
Ivan Berezovskiyfba80942018-11-16 13:11:44 +0400174 export JENKINS_HOME=/srv/volumes/jenkins
Ivan Berezovskiyfba80942018-11-16 13:11:44 +0400175 _nginx=$(salt-call --out=text pillar.get nginx:server:enabled | awk '{print $2}')
176 if [[ "${_nginx}" != "" ]]; then
177 salt-call ${SALT_OPTS} state.sls nginx
178 fi
Ivan Berezovskiy11d374b2018-11-26 18:00:23 +0400179 _jenabled=$(salt-call --out=text pillar.get docker:client:stack:jenkins | awk '{print $2}')
180 _jclient=$(salt-call --out=text pillar.get jenkins:client | awk '{print $2}')
181 if [[ "${_jenabled}" != "" && "${_jclient}" != "" ]]; then
182 wait_for_jenkins
Ivan Berezovskiyfba80942018-11-16 13:11:44 +0400183 salt-call ${SALT_OPTS} state.sls jenkins.client
184 fi
185 else
186 export JENKINS_HOME=/var/lib/jenkins
187 systemctl enable jenkins
188 systemctl start jenkins
Ivan Berezovskiy11d374b2018-11-26 18:00:23 +0400189 wait_for_jenkins
Ivan Berezovskiyfba80942018-11-16 13:11:44 +0400190 _jjobs=$(salt-call --out=text pillar.get jenkins:client:job | awk '{print $2}')
191 if [[ "${_jjobs}" != "" ]]; then
192 salt-call ${SALT_OPTS} state.sls jenkins.client
193 fi
194 systemctl stop jenkins
195 find ${JENKINS_HOME}/jenkins.model.JenkinsLocationConfiguration.xml -type f -print0 | xargs -0 sed -i -e "s/10.167.4.15/$SALT_MASTER_DEPLOY_IP/g"
Ivan Berezovskiy77187172018-09-14 15:47:36 +0400196 fi
Ivan Berezovskiyfba80942018-11-16 13:11:44 +0400197
Ivan Berezovskiy73cad8e2018-11-23 18:53:13 +0400198 ssh-keyscan cfg01 > ${JENKINS_HOME}/.ssh/known_hosts && chmod a+r ${JENKINS_HOME}/.ssh/known_hosts || true
Ivan Berezovskiy77187172018-09-14 15:47:36 +0400199 }
200
201 failsafe_ssh_key(){
202 if [ -f /mnt/root_auth_keys ]; then
203 echo "Installing failsafe public ssh key from /mnt/root_auth_keys to /root/.ssh/authorized_keys"
204 install -m 0700 -d /root/.ssh
205 cat /mnt/root_auth_keys >> /root/.ssh/authorized_keys
206 chmod 600 /root/.ssh/authorized_keys
207 sed -i "s/^PermitRootLogin.*/PermitRootLogin yes/g" /etc/ssh/sshd_config
208 sed -i "s/^PasswordAuthentication.*/PasswordAuthentication yes/g" /etc/ssh/sshd_config
209 service ssh restart
210 fi
211 }
212
azvyagintsev9a0d7e52018-10-17 20:15:22 +0300213 function process_salt_base(){
214 # PROD-21179| PROD-21792 : To describe such trick's around salt.XX state ordering
215 salt-call ${SALT_OPTS} state.sls salt.master
216 # Wait for salt-master to wake up after restart
217 sleep 5
218 salt-call --timeout=120 test.ping
219 # Run salt.minion.ca to prepare CA certificate before salt.minion.cert is used
220 salt-call ${SALT_OPTS} state.sls salt.minion.ca
221 salt-call ${SALT_OPTS} state.sls salt.minion
222 # Wait for salt-minion to wake up after restart
223 sleep 5
224 salt-call --timeout=120 test.ping
225 salt-call ${SALT_OPTS} state.sls salt
226 salt-call ${SALT_OPTS} state.sls reclass
227 }
228 #== Body ==================================================================#
229
Ivan Berezovskiy77187172018-09-14 15:47:36 +0400230 . /etc/cloud/master_environment
231 printenv | sort -u
232 process_network
233
234 echo "Preparing metadata model"
235 if [[ -n "${CFG_BOOTSTRAP_DRIVE_URL}" ]]; then
236 wget -O /tmp/cfg01.iso "$cfg_bootstrap_drive"
237 mount -o loop /tmp/cfg01.iso /mnt/
238 else
239 mount /dev/cdrom /mnt/
240 fi
241 cp -rT /mnt/model/model /srv/salt/reclass
242 chown -R root:root /srv/salt/reclass/* || true
243 chown -R root:root /srv/salt/reclass/.git* || true
244 chmod -R 644 /srv/salt/reclass/classes/cluster/* || true
245 chmod -R 644 /srv/salt/reclass/classes/system/* || true
246
247 failsafe_ssh_key
248
249 echo "Configuring salt"
250 envsubst < /root/minion.conf > /etc/salt/minion.d/minion.conf
Dmitry Pyzhov15c0ac42018-12-11 17:10:08 +0300251 if [ -f /mnt/gpg/salt_master_pillar.asc ]; then
252 mkdir /etc/salt/gpgkeys
253 chmod 700 /etc/salt/gpgkeys
254 GNUPGHOME=/etc/salt/gpgkeys gpg --import /mnt/gpg/salt_master_pillar.asc
255 fi
Ivan Berezovskiy77187172018-09-14 15:47:36 +0400256 enable_services
257
258 # Wait for salt-master and salt-minion to wake up after restart
259 salt-call --timeout=120 test.ping
260
261 while true; do
262 salt-key | grep "$SALT_MASTER_MINION_ID" && break
263 sleep 5
264 done
265
Ivan Berezovskiy77187172018-09-14 15:47:36 +0400266 echo "updating local git repos"
267 if [[ "$PIPELINES_FROM_ISO" == "true" ]] ; then
268 cp -r /mnt/mk-pipelines/* /home/repo/mk/mk-pipelines/
269 cp -r /mnt/pipeline-library/* /home/repo/mcp-ci/pipeline-library/
270 umount /mnt || true
271 chown -R git:www-data /home/repo/mk/mk-pipelines/*
272 chown -R git:www-data /home/repo/mcp-ci/pipeline-library/*
273 else
274 umount /mnt || true
275 git clone --mirror "${PIPELINE_REPO_URL}/mk-pipelines.git" /home/repo/mk/mk-pipelines/
276 git clone --mirror "${PIPELINE_REPO_URL}/pipeline-library.git" /home/repo/mcp-ci/pipeline-library/
277 chown -R git:www-data /home/repo/mk/mk-pipelines/*
278 chown -R git:www-data /home/repo/mcp-ci/pipeline-library/*
279 fi
280
281 process_formulas
282
283 salt-call saltutil.refresh_pillar
284 salt-call saltutil.sync_all
285 if ! $(reclass -n ${SALT_MASTER_MINION_ID} > /dev/null ) ; then
286 echo "ERROR: Reclass render failed!"
287 exit 1
288 fi
289
290 salt-call ${SALT_OPTS} state.sls linux.network,linux,openssh
azvyagintsev9a0d7e52018-10-17 20:15:22 +0300291 process_salt_base
Ivan Berezovskiy77187172018-09-14 15:47:36 +0400292 maas_cluster_enabled=$(salt-call --out=text pillar.get maas:cluster:enabled | awk '{print $2}' | tr "[:upper:]" "[:lower:]" )
Stanislav Riazanovc69bfc02018-12-07 16:52:14 +0400293
294 if [ -f /opt/jenkins_in_docker ] || [ -f /opt/postgresql_in_docker ]; then
295 process_swarm
Ivan Berezovskiy5f7a80f2018-12-17 18:08:31 +0400296 wait_for_docker_images postgresql
297 wait_for_docker_images jenkins
Stanislav Riazanovc69bfc02018-12-07 16:52:14 +0400298 fi
299 if [ -f /opt/jenkins_in_docker ] && [ ! -f /opt/postgresql_in_docker ]; then
300 docker stack rm postgresql || true
301 fi
Ivan Berezovskiy77187172018-09-14 15:47:36 +0400302
Ivan Berezovskiy77187172018-09-14 15:47:36 +0400303 process_jenkins
Stanislav Riazanovc69bfc02018-12-07 16:52:14 +0400304 process_maas
Ivan Berezovskiy77187172018-09-14 15:47:36 +0400305
Ivan Berezovskiyfba80942018-11-16 13:11:44 +0400306 stop_services="salt-api salt-master salt-minion maas-rackd.service maas-regiond.service postgresql.service"
Ivan Berezovskiy77187172018-09-14 15:47:36 +0400307 for s in ${stop_services} ; do
308 systemctl stop ${s} || true
309 sleep 1
310 done
azvyagintsevc1c62042018-09-26 11:47:49 +0300311 # Set bootstrap-done flag for future
312 mkdir -p /var/log/mcp/
313 touch /var/log/mcp/.bootstrap_done
Ivan Berezovskiy77187172018-09-14 15:47:36 +0400314 sync
315 reboot
316runcmd:
azvyagintsevc1c62042018-09-26 11:47:49 +0300317 - [bash, -cex, *master_config]