Blame - config-drive/master_config.yaml - mcp/mcp-common-scripts

blob: 0ca6e2446e39ff21f9934bf2aaaee6b7853b15f1 [file] [log] [blame]

Ivan Berezovskiy	7718717	2018-09-14 15:47:36 +0400	[diff] [blame^]	1	#cloud-config
				2	output: {all: '\| tee -a /var/log/cloud-init-output.log'}
				3	write_files:
				4	- owner: root:root
				5	path: /etc/cloud/master_environment
				6	permissions: '0644'
				7	content: \|
				8	export SALT_MASTER_DEPLOY_IP="172.16.164.15"
				9	export SALT_MASTER_MINION_ID="cfg01.deploy-name.local"
				10	export DEPLOY_NETWORK_GW="172.16.164.1"
				11	export DEPLOY_NETWORK_NETMASK="255.255.255.192"
				12	export DEPLOY_NETWORK_MTU="1500"
				13	export DNS_SERVERS="8.8.8.8"
				14	export http_proxy=""
				15	export https_proxy=""
				16	export PIPELINES_FROM_ISO="true"
				17	export PIPELINE_REPO_URL="https://github.com/Mirantis"
				18	export MCP_VERSION="stable"
				19	export MCP_SALT_REPO_KEY="http://apt.mirantis.com/public.gpg"
				20	export MCP_SALT_REPO_URL="http://apt.mirantis.com/xenial"
				21	export MCP_SALT_REPO="deb [arch=amd64] $MCP_SALT_REPO_URL $MCP_VERSION salt"
				22	export FORMULAS="salt-formula-*"
				23	export SALT_OPTS="-l debug -t 10 --retcode-passthrough --no-color"
				24	export CFG_BOOTSTRAP_DRIVE_URL=""
				25	master_config:
				26	- &master_config \|
				27	function _post_maas_cfg() {
				28	source /var/lib/maas/.maas_login.sh
				29	# disable backports for maas enlist pkg repo. Those operation enforce maas
				30	# to re-create sources.list and drop [source] fetch-definition from it.
				31	main_arch_id=$(maas ${PROFILE} package-repositories read \| jq -r ".[] \| select(.name==\"main_archive\") \| .id")
				32	maas ${PROFILE} package-repository update ${main_arch_id} "disabled_pockets=backports" \|\| true
				33	maas ${PROFILE} package-repository update ${main_arch_id} "disabled_components=multiverse" \|\| true
				34	maas ${PROFILE} package-repository update ${main_arch_id} "arches=amd64" \|\| true
				35	# Remove stale notifications, which appear during sources configuration.
				36	for i in $(maas ${PROFILE} notifications read \| jq ".[]\| .id"); do
				37	maas ${PROFILE} notification delete ${i} \|\| true
				38	done
				39	}
				40
				41	function process_formulas(){
				42	local RECLASS_ROOT=${RECLASS_ROOT:-/srv/salt/reclass/}
				43	local FORMULAS_PATH=${FORMULAS_PATH:-/usr/share/salt-formulas}
				44
				45	curl -s $MCP_SALT_REPO_KEY \| apt-key add -
				46	echo $MCP_SALT_REPO > /etc/apt/sources.list.d/mcp_salt.list
				47	apt-get update
				48	apt-get install -y salt-formula-*
				49
				50	[ ! -d ${RECLASS_ROOT}/classes/service ] && mkdir -p ${RECLASS_ROOT}/classes/service
				51	for formula_service in $(ls /usr/share/salt-formulas/reclass/service/); do
				52	#Since some salt formula names contain "-" and in symlinks they should contain "_" adding replacement
				53	formula_service=${formula_service//-/$"_"}
				54	if [ ! -L "${RECLASS_ROOT}/classes/service/${formula_service}" ]; then
				55	ln -sf ${FORMULAS_PATH}/reclass/service/${formula_service} ${RECLASS_ROOT}/classes/service/${formula_service}
				56	fi
				57	done
				58	}
				59
				60	function enable_services(){
				61	local services="postgresql.service salt-api salt-master salt-minion jenkins"
				62	for s in ${services} ; do
				63	systemctl enable ${s} \|\| true
				64	systemctl restart ${s} \|\| true
				65	done
				66	}
				67
				68	function process_network(){
				69	echo "Configuring network interfaces"
				70	find /etc/network/interfaces.d/ -type f -delete
				71	kill $(pidof /sbin/dhclient) \|\| /bin/true
				72	envsubst < /root/interfaces > /etc/network/interfaces
				73	ip a flush dev ens3
				74	rm -f /var/run/network/ifstate.ens3
				75	if [[ $(grep -E "^\ *gateway\ " /etc/network/interfaces) ]]; then
				76	(ip r s \| grep ^default) && ip r d default \|\| /bin/true
				77	fi;
				78	ifup ens3
				79	}
				80
				81	function process_maas(){
				82	postgres_enabled=$(salt-call --out=text pillar.get postgresql:server:enabled \| awk '{print $2}' \| tr "[:upper:]" "[:lower:]")
				83	if [[ "${postgres_enabled}" == "true" ]]; then
				84	salt-call ${SALT_OPTS} state.sls postgresql.server
				85	fi
				86
				87	_region=$(salt-call --out=text pillar.get maas:region:enabled \| awk '{print $2}' \| tr "[:upper:]" "[:lower:]" )
				88	if [[ "${maas_cluster_enabled}" == "true" ]]; then
				89	salt-call ${SALT_OPTS} state.sls maas.cluster
				90	else
				91	echo "WARNING: maas.cluster skipped!"
				92	fi
				93	if [[ "$_region" == "true" ]]; then
				94	# FIXME MAAS still can fail in rare race condition.
				95	salt-call ${SALT_OPTS} state.sls maas.region \|\| salt-call ${SALT_OPTS} state.sls maas.region
				96	else
				97	echo "WARNING: maas.region skipped!"
				98	fi
				99	# Do not move it under first cluster-only check!
				100	if [[ "${maas_cluster_enabled}" == "true" ]]; then
				101	_post_maas_cfg
				102	fi
				103	}
				104
				105	function process_jenkins(){
				106	_jjobs=$(salt-call --out=text pillar.get jenkins:client:job \| awk '{print $2}')
				107	if [[ "${_jjobs}" != "" ]]; then
				108	salt-call ${SALT_OPTS} state.sls jenkins.client
				109	fi
				110	}
				111
				112	failsafe_ssh_key(){
				113	if [ -f /mnt/root_auth_keys ]; then
				114	echo "Installing failsafe public ssh key from /mnt/root_auth_keys to /root/.ssh/authorized_keys"
				115	install -m 0700 -d /root/.ssh
				116	cat /mnt/root_auth_keys >> /root/.ssh/authorized_keys
				117	chmod 600 /root/.ssh/authorized_keys
				118	sed -i "s/^PermitRootLogin.*/PermitRootLogin yes/g" /etc/ssh/sshd_config
				119	sed -i "s/^PasswordAuthentication.*/PasswordAuthentication yes/g" /etc/ssh/sshd_config
				120	service ssh restart
				121	fi
				122	}
				123
				124	. /etc/cloud/master_environment
				125	printenv \| sort -u
				126	process_network
				127
				128	echo "Preparing metadata model"
				129	if [[ -n "${CFG_BOOTSTRAP_DRIVE_URL}" ]]; then
				130	wget -O /tmp/cfg01.iso "$cfg_bootstrap_drive"
				131	mount -o loop /tmp/cfg01.iso /mnt/
				132	else
				133	mount /dev/cdrom /mnt/
				134	fi
				135	cp -rT /mnt/model/model /srv/salt/reclass
				136	chown -R root:root /srv/salt/reclass/* \|\| true
				137	chown -R root:root /srv/salt/reclass/.git* \|\| true
				138	chmod -R 644 /srv/salt/reclass/classes/cluster/* \|\| true
				139	chmod -R 644 /srv/salt/reclass/classes/system/* \|\| true
				140
				141	failsafe_ssh_key
				142
				143	echo "Configuring salt"
				144	envsubst < /root/minion.conf > /etc/salt/minion.d/minion.conf
				145	enable_services
				146
				147	# Wait for salt-master and salt-minion to wake up after restart
				148	salt-call --timeout=120 test.ping
				149
				150	while true; do
				151	salt-key \| grep "$SALT_MASTER_MINION_ID" && break
				152	sleep 5
				153	done
				154
				155	find /var/lib/jenkins/jenkins.model.JenkinsLocationConfiguration.xml -type f -print0 \| xargs -0 sed -i -e "s/10.167.4.15/$SALT_MASTER_DEPLOY_IP/g"
				156
				157	echo "updating local git repos"
				158	if [[ "$PIPELINES_FROM_ISO" == "true" ]] ; then
				159	cp -r /mnt/mk-pipelines/* /home/repo/mk/mk-pipelines/
				160	cp -r /mnt/pipeline-library/* /home/repo/mcp-ci/pipeline-library/
				161	umount /mnt \|\| true
				162	chown -R git:www-data /home/repo/mk/mk-pipelines/*
				163	chown -R git:www-data /home/repo/mcp-ci/pipeline-library/*
				164	else
				165	umount /mnt \|\| true
				166	git clone --mirror "${PIPELINE_REPO_URL}/mk-pipelines.git" /home/repo/mk/mk-pipelines/
				167	git clone --mirror "${PIPELINE_REPO_URL}/pipeline-library.git" /home/repo/mcp-ci/pipeline-library/
				168	chown -R git:www-data /home/repo/mk/mk-pipelines/*
				169	chown -R git:www-data /home/repo/mcp-ci/pipeline-library/*
				170	fi
				171
				172	process_formulas
				173
				174	salt-call saltutil.refresh_pillar
				175	salt-call saltutil.sync_all
				176	if ! $(reclass -n ${SALT_MASTER_MINION_ID} > /dev/null ) ; then
				177	echo "ERROR: Reclass render failed!"
				178	exit 1
				179	fi
				180
				181	salt-call ${SALT_OPTS} state.sls linux.network,linux,openssh
				182	# PROD-21179: Run salt.minion.ca to prepare CA certificate before salt.minion.cert is used
				183	salt-call ${SALT_OPTS} state.sls salt.minion.ca
				184	salt-call ${SALT_OPTS} state.sls salt
				185	salt-call ${SALT_OPTS} pkg.install salt-master,salt-minion
				186
				187	sleep 5
				188	# Wait for salt-master and salt-minion to wake up after restart
				189	salt-call --timeout=120 test.ping
				190
				191	salt-call ${SALT_OPTS} state.sls salt
				192	salt-call ${SALT_OPTS} state.sls reclass
				193
				194	maas_cluster_enabled=$(salt-call --out=text pillar.get maas:cluster:enabled \| awk '{print $2}' \| tr "[:upper:]" "[:lower:]" )
				195	process_maas
				196
				197	ssh-keyscan cfg01 > /var/lib/jenkins/.ssh/known_hosts \|\| true
				198
				199	process_jenkins
				200
				201	stop_services="salt-api salt-master salt-minion jenkins maas-rackd.service maas-regiond.service postgresql.service"
				202	for s in ${stop_services} ; do
				203	systemctl stop ${s} \|\| true
				204	sleep 1
				205	done
				206	sync
				207	reboot
				208	runcmd:
				209	- [bash, -cex, *master_config]