Blame - config-drive/master_config.yaml - mcp/mcp-common-scripts

blob: 76ecf72d04a1ee06f6efec196e0104785caeb24e [file] [log] [blame]

Ivan Berezovskiy	7718717	2018-09-14 15:47:36 +0400	[diff] [blame]	1	#cloud-config
Ivan Berezovskiy	39fa656	2018-10-09 12:58:55 +0400	[diff] [blame]	2	output:
				3	all: '\| tee -a /var/log/cloud-init-output.log /dev/tty0'
Ivan Berezovskiy	7718717	2018-09-14 15:47:36 +0400	[diff] [blame]	4	write_files:
				5	- owner: root:root
				6	path: /etc/cloud/master_environment
				7	permissions: '0644'
				8	content: \|
				9	export SALT_MASTER_DEPLOY_IP="172.16.164.15"
				10	export SALT_MASTER_MINION_ID="cfg01.deploy-name.local"
				11	export DEPLOY_NETWORK_GW="172.16.164.1"
				12	export DEPLOY_NETWORK_NETMASK="255.255.255.192"
				13	export DEPLOY_NETWORK_MTU="1500"
				14	export DNS_SERVERS="8.8.8.8"
				15	export http_proxy=""
				16	export https_proxy=""
				17	export PIPELINES_FROM_ISO="true"
				18	export PIPELINE_REPO_URL="https://github.com/Mirantis"
				19	export MCP_VERSION="stable"
				20	export MCP_SALT_REPO_KEY="http://apt.mirantis.com/public.gpg"
				21	export MCP_SALT_REPO_URL="http://apt.mirantis.com/xenial"
				22	export MCP_SALT_REPO="deb [arch=amd64] $MCP_SALT_REPO_URL $MCP_VERSION salt"
				23	export FORMULAS="salt-formula-*"
				24	export SALT_OPTS="-l debug -t 10 --retcode-passthrough --no-color"
				25	export CFG_BOOTSTRAP_DRIVE_URL=""
				26	master_config:
				27	- &master_config \|
				28	function _post_maas_cfg() {
				29	source /var/lib/maas/.maas_login.sh
				30	# disable backports for maas enlist pkg repo. Those operation enforce maas
				31	# to re-create sources.list and drop [source] fetch-definition from it.
				32	main_arch_id=$(maas ${PROFILE} package-repositories read \| jq -r ".[] \| select(.name==\"main_archive\") \| .id")
				33	maas ${PROFILE} package-repository update ${main_arch_id} "disabled_pockets=backports" \|\| true
				34	maas ${PROFILE} package-repository update ${main_arch_id} "disabled_components=multiverse" \|\| true
				35	maas ${PROFILE} package-repository update ${main_arch_id} "arches=amd64" \|\| true
				36	# Remove stale notifications, which appear during sources configuration.
				37	for i in $(maas ${PROFILE} notifications read \| jq ".[]\| .id"); do
				38	maas ${PROFILE} notification delete ${i} \|\| true
				39	done
				40	}
				41
				42	function process_formulas(){
				43	local RECLASS_ROOT=${RECLASS_ROOT:-/srv/salt/reclass/}
				44	local FORMULAS_PATH=${FORMULAS_PATH:-/usr/share/salt-formulas}
				45
				46	curl -s $MCP_SALT_REPO_KEY \| apt-key add -
				47	echo $MCP_SALT_REPO > /etc/apt/sources.list.d/mcp_salt.list
				48	apt-get update
				49	apt-get install -y salt-formula-*
				50
				51	[ ! -d ${RECLASS_ROOT}/classes/service ] && mkdir -p ${RECLASS_ROOT}/classes/service
				52	for formula_service in $(ls /usr/share/salt-formulas/reclass/service/); do
				53	#Since some salt formula names contain "-" and in symlinks they should contain "_" adding replacement
				54	formula_service=${formula_service//-/$"_"}
				55	if [ ! -L "${RECLASS_ROOT}/classes/service/${formula_service}" ]; then
				56	ln -sf ${FORMULAS_PATH}/reclass/service/${formula_service} ${RECLASS_ROOT}/classes/service/${formula_service}
				57	fi
				58	done
				59	}
				60
				61	function enable_services(){
				62	local services="postgresql.service salt-api salt-master salt-minion jenkins"
				63	for s in ${services} ; do
				64	systemctl enable ${s} \|\| true
				65	systemctl restart ${s} \|\| true
				66	done
				67	}
				68
				69	function process_network(){
				70	echo "Configuring network interfaces"
				71	find /etc/network/interfaces.d/ -type f -delete
				72	kill $(pidof /sbin/dhclient) \|\| /bin/true
				73	envsubst < /root/interfaces > /etc/network/interfaces
				74	ip a flush dev ens3
				75	rm -f /var/run/network/ifstate.ens3
				76	if [[ $(grep -E "^\ *gateway\ " /etc/network/interfaces) ]]; then
				77	(ip r s \| grep ^default) && ip r d default \|\| /bin/true
				78	fi;
				79	ifup ens3
				80	}
				81
				82	function process_maas(){
				83	postgres_enabled=$(salt-call --out=text pillar.get postgresql:server:enabled \| awk '{print $2}' \| tr "[:upper:]" "[:lower:]")
				84	if [[ "${postgres_enabled}" == "true" ]]; then
				85	salt-call ${SALT_OPTS} state.sls postgresql.server
				86	fi
				87
				88	_region=$(salt-call --out=text pillar.get maas:region:enabled \| awk '{print $2}' \| tr "[:upper:]" "[:lower:]" )
				89	if [[ "${maas_cluster_enabled}" == "true" ]]; then
				90	salt-call ${SALT_OPTS} state.sls maas.cluster
				91	else
				92	echo "WARNING: maas.cluster skipped!"
				93	fi
				94	if [[ "$_region" == "true" ]]; then
				95	# FIXME MAAS still can fail in rare race condition.
				96	salt-call ${SALT_OPTS} state.sls maas.region \|\| salt-call ${SALT_OPTS} state.sls maas.region
				97	else
				98	echo "WARNING: maas.region skipped!"
				99	fi
				100	# Do not move it under first cluster-only check!
				101	if [[ "${maas_cluster_enabled}" == "true" ]]; then
				102	_post_maas_cfg
				103	fi
				104	}
				105
				106	function process_jenkins(){
				107	_jjobs=$(salt-call --out=text pillar.get jenkins:client:job \| awk '{print $2}')
				108	if [[ "${_jjobs}" != "" ]]; then
				109	salt-call ${SALT_OPTS} state.sls jenkins.client
				110	fi
				111	}
				112
				113	failsafe_ssh_key(){
				114	if [ -f /mnt/root_auth_keys ]; then
				115	echo "Installing failsafe public ssh key from /mnt/root_auth_keys to /root/.ssh/authorized_keys"
				116	install -m 0700 -d /root/.ssh
				117	cat /mnt/root_auth_keys >> /root/.ssh/authorized_keys
				118	chmod 600 /root/.ssh/authorized_keys
				119	sed -i "s/^PermitRootLogin.*/PermitRootLogin yes/g" /etc/ssh/sshd_config
				120	sed -i "s/^PasswordAuthentication.*/PasswordAuthentication yes/g" /etc/ssh/sshd_config
				121	service ssh restart
				122	fi
				123	}
				124
				125	. /etc/cloud/master_environment
				126	printenv \| sort -u
				127	process_network
				128
				129	echo "Preparing metadata model"
				130	if [[ -n "${CFG_BOOTSTRAP_DRIVE_URL}" ]]; then
				131	wget -O /tmp/cfg01.iso "$cfg_bootstrap_drive"
				132	mount -o loop /tmp/cfg01.iso /mnt/
				133	else
				134	mount /dev/cdrom /mnt/
				135	fi
				136	cp -rT /mnt/model/model /srv/salt/reclass
				137	chown -R root:root /srv/salt/reclass/* \|\| true
				138	chown -R root:root /srv/salt/reclass/.git* \|\| true
				139	chmod -R 644 /srv/salt/reclass/classes/cluster/* \|\| true
				140	chmod -R 644 /srv/salt/reclass/classes/system/* \|\| true
				141
				142	failsafe_ssh_key
				143
				144	echo "Configuring salt"
				145	envsubst < /root/minion.conf > /etc/salt/minion.d/minion.conf
				146	enable_services
				147
				148	# Wait for salt-master and salt-minion to wake up after restart
				149	salt-call --timeout=120 test.ping
				150
				151	while true; do
				152	salt-key \| grep "$SALT_MASTER_MINION_ID" && break
				153	sleep 5
				154	done
				155
				156	find /var/lib/jenkins/jenkins.model.JenkinsLocationConfiguration.xml -type f -print0 \| xargs -0 sed -i -e "s/10.167.4.15/$SALT_MASTER_DEPLOY_IP/g"
				157
				158	echo "updating local git repos"
				159	if [[ "$PIPELINES_FROM_ISO" == "true" ]] ; then
				160	cp -r /mnt/mk-pipelines/* /home/repo/mk/mk-pipelines/
				161	cp -r /mnt/pipeline-library/* /home/repo/mcp-ci/pipeline-library/
				162	umount /mnt \|\| true
				163	chown -R git:www-data /home/repo/mk/mk-pipelines/*
				164	chown -R git:www-data /home/repo/mcp-ci/pipeline-library/*
				165	else
				166	umount /mnt \|\| true
				167	git clone --mirror "${PIPELINE_REPO_URL}/mk-pipelines.git" /home/repo/mk/mk-pipelines/
				168	git clone --mirror "${PIPELINE_REPO_URL}/pipeline-library.git" /home/repo/mcp-ci/pipeline-library/
				169	chown -R git:www-data /home/repo/mk/mk-pipelines/*
				170	chown -R git:www-data /home/repo/mcp-ci/pipeline-library/*
				171	fi
				172
				173	process_formulas
				174
				175	salt-call saltutil.refresh_pillar
				176	salt-call saltutil.sync_all
				177	if ! $(reclass -n ${SALT_MASTER_MINION_ID} > /dev/null ) ; then
				178	echo "ERROR: Reclass render failed!"
				179	exit 1
				180	fi
				181
				182	salt-call ${SALT_OPTS} state.sls linux.network,linux,openssh
				183	# PROD-21179: Run salt.minion.ca to prepare CA certificate before salt.minion.cert is used
				184	salt-call ${SALT_OPTS} state.sls salt.minion.ca
				185	salt-call ${SALT_OPTS} state.sls salt
				186	salt-call ${SALT_OPTS} pkg.install salt-master,salt-minion
				187
				188	sleep 5
				189	# Wait for salt-master and salt-minion to wake up after restart
				190	salt-call --timeout=120 test.ping
				191
				192	salt-call ${SALT_OPTS} state.sls salt
				193	salt-call ${SALT_OPTS} state.sls reclass
				194
				195	maas_cluster_enabled=$(salt-call --out=text pillar.get maas:cluster:enabled \| awk '{print $2}' \| tr "[:upper:]" "[:lower:]" )
				196	process_maas
				197
				198	ssh-keyscan cfg01 > /var/lib/jenkins/.ssh/known_hosts \|\| true
				199
				200	process_jenkins
				201
				202	stop_services="salt-api salt-master salt-minion jenkins maas-rackd.service maas-regiond.service postgresql.service"
				203	for s in ${stop_services} ; do
				204	systemctl stop ${s} \|\| true
				205	sleep 1
				206	done
azvyagintsev	c1c6204	2018-09-26 11:47:49 +0300	[diff] [blame]	207	# Set bootstrap-done flag for future
				208	mkdir -p /var/log/mcp/
				209	touch /var/log/mcp/.bootstrap_done
Ivan Berezovskiy	7718717	2018-09-14 15:47:36 +0400	[diff] [blame]	210	sync
				211	reboot
				212	runcmd:
azvyagintsev	c1c6204	2018-09-26 11:47:49 +0300	[diff] [blame]	213	- [bash, -cex, *master_config]