Ivan Berezovskiy | 7718717 | 2018-09-14 15:47:36 +0400 | [diff] [blame] | 1 | #cloud-config |
Ivan Berezovskiy | 39fa656 | 2018-10-09 12:58:55 +0400 | [diff] [blame] | 2 | output: |
| 3 | all: '| tee -a /var/log/cloud-init-output.log /dev/tty0' |
Ivan Berezovskiy | 7718717 | 2018-09-14 15:47:36 +0400 | [diff] [blame] | 4 | write_files: |
| 5 | - owner: root:root |
| 6 | path: /etc/cloud/master_environment |
| 7 | permissions: '0644' |
| 8 | content: | |
Dennis Dmitriev | 8fa33f9 | 2018-10-10 01:13:48 +0300 | [diff] [blame] | 9 | [ -f /etc/cloud/master_environment_override ] && . /etc/cloud/master_environment_override |
| 10 | export SALT_MASTER_DEPLOY_IP=${SALT_MASTER_DEPLOY_IP:-"172.16.164.15"} |
| 11 | export SALT_MASTER_MINION_ID=${SALT_MASTER_MINION_ID:-"cfg01.deploy-name.local"} |
| 12 | export DEPLOY_NETWORK_GW=${DEPLOY_NETWORK_GW:-"172.16.164.1"} |
| 13 | export DEPLOY_NETWORK_NETMASK=${DEPLOY_NETWORK_NETMASK:-"255.255.255.192"} |
| 14 | export DEPLOY_NETWORK_MTU=${DEPLOY_NETWORK_MTU:-"1500"} |
| 15 | export DNS_SERVERS=${DNS_SERVERS:-"8.8.8.8"} |
| 16 | export http_proxy=${http_proxy:-""} |
| 17 | export https_proxy=${https_proxy:-""} |
| 18 | export PIPELINES_FROM_ISO=${PIPELINES_FROM_ISO:-"true"} |
| 19 | export PIPELINE_REPO_URL=${PIPELINE_REPO_URL:-"https://github.com/Mirantis"} |
| 20 | export MCP_VERSION=${MCP_VERSION:-"stable"} |
| 21 | export MCP_SALT_REPO_KEY=${MCP_SALT_REPO_KEY:-"http://apt.mirantis.com/public.gpg"} |
| 22 | export MCP_SALT_REPO_URL=${MCP_SALT_REPO_URL:-"http://apt.mirantis.com/xenial"} |
| 23 | export MCP_SALT_REPO=${MCP_SALT_REPO:-"deb [arch=amd64] $MCP_SALT_REPO_URL $MCP_VERSION salt"} |
| 24 | export FORMULAS=${FORMULAS:-"salt-formula-*"} |
| 25 | export SALT_OPTS=${SALT_OPTS:-"-l debug -t 10 --retcode-passthrough --no-color"} |
| 26 | export CFG_BOOTSTRAP_DRIVE_URL=${CFG_BOOTSTRAP_DRIVE_URL:-""} |
Ivan Berezovskiy | 7718717 | 2018-09-14 15:47:36 +0400 | [diff] [blame] | 27 | master_config: |
| 28 | - &master_config | |
| 29 | function _post_maas_cfg() { |
| 30 | source /var/lib/maas/.maas_login.sh |
| 31 | # disable backports for maas enlist pkg repo. Those operation enforce maas |
| 32 | # to re-create sources.list and drop [source] fetch-definition from it. |
| 33 | main_arch_id=$(maas ${PROFILE} package-repositories read | jq -r ".[] | select(.name==\"main_archive\") | .id") |
| 34 | maas ${PROFILE} package-repository update ${main_arch_id} "disabled_pockets=backports" || true |
| 35 | maas ${PROFILE} package-repository update ${main_arch_id} "disabled_components=multiverse" || true |
| 36 | maas ${PROFILE} package-repository update ${main_arch_id} "arches=amd64" || true |
| 37 | # Remove stale notifications, which appear during sources configuration. |
| 38 | for i in $(maas ${PROFILE} notifications read | jq ".[]| .id"); do |
| 39 | maas ${PROFILE} notification delete ${i} || true |
| 40 | done |
| 41 | } |
| 42 | |
| 43 | function process_formulas(){ |
| 44 | local RECLASS_ROOT=${RECLASS_ROOT:-/srv/salt/reclass/} |
| 45 | local FORMULAS_PATH=${FORMULAS_PATH:-/usr/share/salt-formulas} |
| 46 | |
| 47 | curl -s $MCP_SALT_REPO_KEY | apt-key add - |
| 48 | echo $MCP_SALT_REPO > /etc/apt/sources.list.d/mcp_salt.list |
| 49 | apt-get update |
| 50 | apt-get install -y salt-formula-* |
| 51 | |
| 52 | [ ! -d ${RECLASS_ROOT}/classes/service ] && mkdir -p ${RECLASS_ROOT}/classes/service |
| 53 | for formula_service in $(ls /usr/share/salt-formulas/reclass/service/); do |
| 54 | #Since some salt formula names contain "-" and in symlinks they should contain "_" adding replacement |
| 55 | formula_service=${formula_service//-/$"_"} |
| 56 | if [ ! -L "${RECLASS_ROOT}/classes/service/${formula_service}" ]; then |
| 57 | ln -sf ${FORMULAS_PATH}/reclass/service/${formula_service} ${RECLASS_ROOT}/classes/service/${formula_service} |
| 58 | fi |
| 59 | done |
| 60 | } |
| 61 | |
| 62 | function enable_services(){ |
Stanislav Riazanov | c69bfc0 | 2018-12-07 16:52:14 +0400 | [diff] [blame] | 63 | local services="salt-api salt-master salt-minion" |
| 64 | if [ ! -f /opt/postgresql_in_docker ]; then |
| 65 | local services="${services} postgresql.service" |
| 66 | fi |
| 67 | for s in ${services} ; do |
Ivan Berezovskiy | 7718717 | 2018-09-14 15:47:36 +0400 | [diff] [blame] | 68 | systemctl enable ${s} || true |
| 69 | systemctl restart ${s} || true |
| 70 | done |
| 71 | } |
| 72 | |
| 73 | function process_network(){ |
| 74 | echo "Configuring network interfaces" |
| 75 | find /etc/network/interfaces.d/ -type f -delete |
| 76 | kill $(pidof /sbin/dhclient) || /bin/true |
| 77 | envsubst < /root/interfaces > /etc/network/interfaces |
| 78 | ip a flush dev ens3 |
| 79 | rm -f /var/run/network/ifstate.ens3 |
| 80 | if [[ $(grep -E "^\ *gateway\ " /etc/network/interfaces) ]]; then |
| 81 | (ip r s | grep ^default) && ip r d default || /bin/true |
| 82 | fi; |
| 83 | ifup ens3 |
| 84 | } |
| 85 | |
| 86 | function process_maas(){ |
Stanislav Riazanov | c69bfc0 | 2018-12-07 16:52:14 +0400 | [diff] [blame] | 87 | if [ -f /opt/postgresql_in_docker ]; then |
| 88 | systemctl disable postgresql.service |
| 89 | wait_for_postgresql |
| 90 | salt-call ${SALT_OPTS} state.sls postgresql.client |
| 91 | else |
| 92 | postgres_enabled=$(salt-call --out=text pillar.get postgresql:server:enabled | awk '{print $2}' | tr "[:upper:]" "[:lower:]") |
| 93 | if [[ "${postgres_enabled}" == "true" ]]; then |
| 94 | salt-call ${SALT_OPTS} state.sls postgresql.server |
| 95 | fi |
Ivan Berezovskiy | 7718717 | 2018-09-14 15:47:36 +0400 | [diff] [blame] | 96 | fi |
| 97 | |
| 98 | _region=$(salt-call --out=text pillar.get maas:region:enabled | awk '{print $2}' | tr "[:upper:]" "[:lower:]" ) |
| 99 | if [[ "${maas_cluster_enabled}" == "true" ]]; then |
| 100 | salt-call ${SALT_OPTS} state.sls maas.cluster |
| 101 | else |
| 102 | echo "WARNING: maas.cluster skipped!" |
| 103 | fi |
| 104 | if [[ "$_region" == "true" ]]; then |
| 105 | # FIXME MAAS still can fail in rare race condition. |
| 106 | salt-call ${SALT_OPTS} state.sls maas.region || salt-call ${SALT_OPTS} state.sls maas.region |
| 107 | else |
| 108 | echo "WARNING: maas.region skipped!" |
| 109 | fi |
| 110 | # Do not move it under first cluster-only check! |
| 111 | if [[ "${maas_cluster_enabled}" == "true" ]]; then |
| 112 | _post_maas_cfg |
| 113 | fi |
| 114 | } |
| 115 | |
Stanislav Riazanov | c69bfc0 | 2018-12-07 16:52:14 +0400 | [diff] [blame] | 116 | function wait_for_postgresql() { |
| 117 | salt_string="salt-call --out=text pillar.get postgresql:client:server:server01:admin" |
| 118 | pg_port=$(${salt_string}:port | awk '{print $2}') |
| 119 | pg_host=$(${salt_string}:host | awk '{print $2}') |
| 120 | wait_time=0 |
| 121 | until [[ $(/usr/bin/pg_isready -h ${pg_host} -p ${pg_port} | awk '{ print $3 }' ) == 'accepting' ]] || [ $wait_time -eq 20 ]; |
| 122 | do |
| 123 | echo "Waiting for postgres at: ${pg_host}:${pg_port}" |
| 124 | sleep $(( wait_time++ )); |
| 125 | done |
| 126 | } |
| 127 | |
Ivan Berezovskiy | 11d374b | 2018-11-26 18:00:23 +0400 | [diff] [blame] | 128 | function wait_for_jenkins() { |
| 129 | # Wait for jenkins to be functional |
| 130 | jport=$(salt-call --out=text pillar.get jenkins:master:http:port | awk '{print $2}') |
| 131 | jport=${jport:-8081} |
| 132 | wait_time=0 |
Ivan Berezovskiy | c05ce49 | 2018-12-11 12:32:43 +0400 | [diff] [blame] | 133 | until [[ $(curl -sL -w "%{http_code}" localhost:$jport -o /dev/null) == 200 ]] || [ $wait_time -eq 20 ]; do |
Ivan Berezovskiy | 11d374b | 2018-11-26 18:00:23 +0400 | [diff] [blame] | 134 | sleep $(( wait_time++ )) |
| 135 | done |
| 136 | } |
| 137 | |
Stanislav Riazanov | c69bfc0 | 2018-12-07 16:52:14 +0400 | [diff] [blame] | 138 | function process_swarm() { |
| 139 | _swarm=$(salt-call --out=text pillar.get docker:swarm:advertise_addr | awk '{print $2}') |
| 140 | if [[ "${_swarm}" != "" ]]; then |
| 141 | salt-call ${SALT_OPTS} state.sls docker.swarm |
| 142 | fi |
| 143 | _docker=$(salt-call --out=text pillar.get docker:client:enabled | awk '{print $2}') |
| 144 | if [[ "${_docker}" != "" ]]; then |
| 145 | salt-call ${SALT_OPTS} state.sls docker.client |
| 146 | fi |
| 147 | } |
| 148 | |
Ivan Berezovskiy | fba8094 | 2018-11-16 13:11:44 +0400 | [diff] [blame] | 149 | function process_jenkins() { |
| 150 | # INFO: jenkins is in docker in 2019.x releases |
Ivan Berezovskiy | 040c3c6 | 2018-11-30 16:48:49 +0400 | [diff] [blame] | 151 | if [ -f /opt/jenkins_in_docker ]; then |
| 152 | rm -v /opt/jenkins_in_docker |
Ivan Berezovskiy | fba8094 | 2018-11-16 13:11:44 +0400 | [diff] [blame] | 153 | export JENKINS_HOME=/srv/volumes/jenkins |
Ivan Berezovskiy | fba8094 | 2018-11-16 13:11:44 +0400 | [diff] [blame] | 154 | _nginx=$(salt-call --out=text pillar.get nginx:server:enabled | awk '{print $2}') |
| 155 | if [[ "${_nginx}" != "" ]]; then |
| 156 | salt-call ${SALT_OPTS} state.sls nginx |
| 157 | fi |
Ivan Berezovskiy | 11d374b | 2018-11-26 18:00:23 +0400 | [diff] [blame] | 158 | _jenabled=$(salt-call --out=text pillar.get docker:client:stack:jenkins | awk '{print $2}') |
| 159 | _jclient=$(salt-call --out=text pillar.get jenkins:client | awk '{print $2}') |
| 160 | if [[ "${_jenabled}" != "" && "${_jclient}" != "" ]]; then |
| 161 | wait_for_jenkins |
Ivan Berezovskiy | fba8094 | 2018-11-16 13:11:44 +0400 | [diff] [blame] | 162 | salt-call ${SALT_OPTS} state.sls jenkins.client |
| 163 | fi |
| 164 | else |
| 165 | export JENKINS_HOME=/var/lib/jenkins |
| 166 | systemctl enable jenkins |
| 167 | systemctl start jenkins |
Ivan Berezovskiy | 11d374b | 2018-11-26 18:00:23 +0400 | [diff] [blame] | 168 | wait_for_jenkins |
Ivan Berezovskiy | fba8094 | 2018-11-16 13:11:44 +0400 | [diff] [blame] | 169 | _jjobs=$(salt-call --out=text pillar.get jenkins:client:job | awk '{print $2}') |
| 170 | if [[ "${_jjobs}" != "" ]]; then |
| 171 | salt-call ${SALT_OPTS} state.sls jenkins.client |
| 172 | fi |
| 173 | systemctl stop jenkins |
| 174 | find ${JENKINS_HOME}/jenkins.model.JenkinsLocationConfiguration.xml -type f -print0 | xargs -0 sed -i -e "s/10.167.4.15/$SALT_MASTER_DEPLOY_IP/g" |
Ivan Berezovskiy | 7718717 | 2018-09-14 15:47:36 +0400 | [diff] [blame] | 175 | fi |
Ivan Berezovskiy | fba8094 | 2018-11-16 13:11:44 +0400 | [diff] [blame] | 176 | |
Ivan Berezovskiy | 73cad8e | 2018-11-23 18:53:13 +0400 | [diff] [blame] | 177 | ssh-keyscan cfg01 > ${JENKINS_HOME}/.ssh/known_hosts && chmod a+r ${JENKINS_HOME}/.ssh/known_hosts || true |
Ivan Berezovskiy | 7718717 | 2018-09-14 15:47:36 +0400 | [diff] [blame] | 178 | } |
| 179 | |
| 180 | failsafe_ssh_key(){ |
| 181 | if [ -f /mnt/root_auth_keys ]; then |
| 182 | echo "Installing failsafe public ssh key from /mnt/root_auth_keys to /root/.ssh/authorized_keys" |
| 183 | install -m 0700 -d /root/.ssh |
| 184 | cat /mnt/root_auth_keys >> /root/.ssh/authorized_keys |
| 185 | chmod 600 /root/.ssh/authorized_keys |
| 186 | sed -i "s/^PermitRootLogin.*/PermitRootLogin yes/g" /etc/ssh/sshd_config |
| 187 | sed -i "s/^PasswordAuthentication.*/PasswordAuthentication yes/g" /etc/ssh/sshd_config |
| 188 | service ssh restart |
| 189 | fi |
| 190 | } |
| 191 | |
azvyagintsev | 9a0d7e5 | 2018-10-17 20:15:22 +0300 | [diff] [blame] | 192 | function process_salt_base(){ |
| 193 | # PROD-21179| PROD-21792 : To describe such trick's around salt.XX state ordering |
| 194 | salt-call ${SALT_OPTS} state.sls salt.master |
| 195 | # Wait for salt-master to wake up after restart |
| 196 | sleep 5 |
| 197 | salt-call --timeout=120 test.ping |
| 198 | # Run salt.minion.ca to prepare CA certificate before salt.minion.cert is used |
| 199 | salt-call ${SALT_OPTS} state.sls salt.minion.ca |
| 200 | salt-call ${SALT_OPTS} state.sls salt.minion |
| 201 | # Wait for salt-minion to wake up after restart |
| 202 | sleep 5 |
| 203 | salt-call --timeout=120 test.ping |
| 204 | salt-call ${SALT_OPTS} state.sls salt |
| 205 | salt-call ${SALT_OPTS} state.sls reclass |
| 206 | } |
| 207 | #== Body ==================================================================# |
| 208 | |
Ivan Berezovskiy | 7718717 | 2018-09-14 15:47:36 +0400 | [diff] [blame] | 209 | . /etc/cloud/master_environment |
| 210 | printenv | sort -u |
| 211 | process_network |
| 212 | |
| 213 | echo "Preparing metadata model" |
| 214 | if [[ -n "${CFG_BOOTSTRAP_DRIVE_URL}" ]]; then |
| 215 | wget -O /tmp/cfg01.iso "$cfg_bootstrap_drive" |
| 216 | mount -o loop /tmp/cfg01.iso /mnt/ |
| 217 | else |
| 218 | mount /dev/cdrom /mnt/ |
| 219 | fi |
| 220 | cp -rT /mnt/model/model /srv/salt/reclass |
| 221 | chown -R root:root /srv/salt/reclass/* || true |
| 222 | chown -R root:root /srv/salt/reclass/.git* || true |
| 223 | chmod -R 644 /srv/salt/reclass/classes/cluster/* || true |
| 224 | chmod -R 644 /srv/salt/reclass/classes/system/* || true |
| 225 | |
| 226 | failsafe_ssh_key |
| 227 | |
| 228 | echo "Configuring salt" |
| 229 | envsubst < /root/minion.conf > /etc/salt/minion.d/minion.conf |
| 230 | enable_services |
| 231 | |
| 232 | # Wait for salt-master and salt-minion to wake up after restart |
| 233 | salt-call --timeout=120 test.ping |
| 234 | |
| 235 | while true; do |
| 236 | salt-key | grep "$SALT_MASTER_MINION_ID" && break |
| 237 | sleep 5 |
| 238 | done |
| 239 | |
Ivan Berezovskiy | 7718717 | 2018-09-14 15:47:36 +0400 | [diff] [blame] | 240 | echo "updating local git repos" |
| 241 | if [[ "$PIPELINES_FROM_ISO" == "true" ]] ; then |
| 242 | cp -r /mnt/mk-pipelines/* /home/repo/mk/mk-pipelines/ |
| 243 | cp -r /mnt/pipeline-library/* /home/repo/mcp-ci/pipeline-library/ |
| 244 | umount /mnt || true |
| 245 | chown -R git:www-data /home/repo/mk/mk-pipelines/* |
| 246 | chown -R git:www-data /home/repo/mcp-ci/pipeline-library/* |
| 247 | else |
| 248 | umount /mnt || true |
| 249 | git clone --mirror "${PIPELINE_REPO_URL}/mk-pipelines.git" /home/repo/mk/mk-pipelines/ |
| 250 | git clone --mirror "${PIPELINE_REPO_URL}/pipeline-library.git" /home/repo/mcp-ci/pipeline-library/ |
| 251 | chown -R git:www-data /home/repo/mk/mk-pipelines/* |
| 252 | chown -R git:www-data /home/repo/mcp-ci/pipeline-library/* |
| 253 | fi |
| 254 | |
| 255 | process_formulas |
| 256 | |
| 257 | salt-call saltutil.refresh_pillar |
| 258 | salt-call saltutil.sync_all |
| 259 | if ! $(reclass -n ${SALT_MASTER_MINION_ID} > /dev/null ) ; then |
| 260 | echo "ERROR: Reclass render failed!" |
| 261 | exit 1 |
| 262 | fi |
| 263 | |
| 264 | salt-call ${SALT_OPTS} state.sls linux.network,linux,openssh |
azvyagintsev | 9a0d7e5 | 2018-10-17 20:15:22 +0300 | [diff] [blame] | 265 | process_salt_base |
Ivan Berezovskiy | 7718717 | 2018-09-14 15:47:36 +0400 | [diff] [blame] | 266 | maas_cluster_enabled=$(salt-call --out=text pillar.get maas:cluster:enabled | awk '{print $2}' | tr "[:upper:]" "[:lower:]" ) |
Stanislav Riazanov | c69bfc0 | 2018-12-07 16:52:14 +0400 | [diff] [blame] | 267 | |
| 268 | if [ -f /opt/jenkins_in_docker ] || [ -f /opt/postgresql_in_docker ]; then |
| 269 | process_swarm |
| 270 | fi |
| 271 | if [ -f /opt/jenkins_in_docker ] && [ ! -f /opt/postgresql_in_docker ]; then |
| 272 | docker stack rm postgresql || true |
| 273 | fi |
Ivan Berezovskiy | 7718717 | 2018-09-14 15:47:36 +0400 | [diff] [blame] | 274 | |
Ivan Berezovskiy | 7718717 | 2018-09-14 15:47:36 +0400 | [diff] [blame] | 275 | process_jenkins |
Stanislav Riazanov | c69bfc0 | 2018-12-07 16:52:14 +0400 | [diff] [blame] | 276 | process_maas |
Ivan Berezovskiy | 7718717 | 2018-09-14 15:47:36 +0400 | [diff] [blame] | 277 | |
Ivan Berezovskiy | fba8094 | 2018-11-16 13:11:44 +0400 | [diff] [blame] | 278 | stop_services="salt-api salt-master salt-minion maas-rackd.service maas-regiond.service postgresql.service" |
Ivan Berezovskiy | 7718717 | 2018-09-14 15:47:36 +0400 | [diff] [blame] | 279 | for s in ${stop_services} ; do |
| 280 | systemctl stop ${s} || true |
| 281 | sleep 1 |
| 282 | done |
azvyagintsev | c1c6204 | 2018-09-26 11:47:49 +0300 | [diff] [blame] | 283 | # Set bootstrap-done flag for future |
| 284 | mkdir -p /var/log/mcp/ |
| 285 | touch /var/log/mcp/.bootstrap_done |
Ivan Berezovskiy | 7718717 | 2018-09-14 15:47:36 +0400 | [diff] [blame] | 286 | sync |
| 287 | reboot |
| 288 | runcmd: |
azvyagintsev | c1c6204 | 2018-09-26 11:47:49 +0300 | [diff] [blame] | 289 | - [bash, -cex, *master_config] |