Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / mcp / mcp-common-scripts / 9a0d7e5c43d16e4a1416a8c050d3b8218bda5815 / . / config-drive / master_config.yaml
blob: 84c398513291989aeedfab2bcda7ca7049422c81 [file] [log] [blame]
Ivan Berezovskiy77187172018-09-14 15:47:36 +0400[diff] [blame]1#cloud-config
Ivan Berezovskiy39fa6562018-10-09 12:58:55 +0400[diff] [blame]2output:
3 all: '| tee -a /var/log/cloud-init-output.log /dev/tty0'
Ivan Berezovskiy77187172018-09-14 15:47:36 +0400[diff] [blame]4write_files:
5 - owner: root:root
6 path: /etc/cloud/master_environment
7 permissions: '0644'
8 content: |
Dennis Dmitriev8fa33f92018-10-10 01:13:48 +0300[diff] [blame]9 [ -f /etc/cloud/master_environment_override ] && . /etc/cloud/master_environment_override
10 export SALT_MASTER_DEPLOY_IP=${SALT_MASTER_DEPLOY_IP:-"172.16.164.15"}
11 export SALT_MASTER_MINION_ID=${SALT_MASTER_MINION_ID:-"cfg01.deploy-name.local"}
12 export DEPLOY_NETWORK_GW=${DEPLOY_NETWORK_GW:-"172.16.164.1"}
13 export DEPLOY_NETWORK_NETMASK=${DEPLOY_NETWORK_NETMASK:-"255.255.255.192"}
14 export DEPLOY_NETWORK_MTU=${DEPLOY_NETWORK_MTU:-"1500"}
15 export DNS_SERVERS=${DNS_SERVERS:-"8.8.8.8"}
16 export http_proxy=${http_proxy:-""}
17 export https_proxy=${https_proxy:-""}
18 export PIPELINES_FROM_ISO=${PIPELINES_FROM_ISO:-"true"}
19 export PIPELINE_REPO_URL=${PIPELINE_REPO_URL:-"https://github.com/Mirantis"}
20 export MCP_VERSION=${MCP_VERSION:-"stable"}
21 export MCP_SALT_REPO_KEY=${MCP_SALT_REPO_KEY:-"http://apt.mirantis.com/public.gpg"}
22 export MCP_SALT_REPO_URL=${MCP_SALT_REPO_URL:-"http://apt.mirantis.com/xenial"}
23 export MCP_SALT_REPO=${MCP_SALT_REPO:-"deb [arch=amd64] $MCP_SALT_REPO_URL $MCP_VERSION salt"}
24 export FORMULAS=${FORMULAS:-"salt-formula-*"}
25 export SALT_OPTS=${SALT_OPTS:-"-l debug -t 10 --retcode-passthrough --no-color"}
26 export CFG_BOOTSTRAP_DRIVE_URL=${CFG_BOOTSTRAP_DRIVE_URL:-""}
Ivan Berezovskiy77187172018-09-14 15:47:36 +0400[diff] [blame]27master_config:
28 - &master_config |
29 function _post_maas_cfg() {
30 source /var/lib/maas/.maas_login.sh
31 # disable backports for maas enlist pkg repo. Those operation enforce maas
32 # to re-create sources.list and drop [source] fetch-definition from it.
33 main_arch_id=$(maas ${PROFILE} package-repositories read | jq -r ".[] | select(.name==\"main_archive\") | .id")
34 maas ${PROFILE} package-repository update ${main_arch_id} "disabled_pockets=backports" || true
35 maas ${PROFILE} package-repository update ${main_arch_id} "disabled_components=multiverse" || true
36 maas ${PROFILE} package-repository update ${main_arch_id} "arches=amd64" || true
37 # Remove stale notifications, which appear during sources configuration.
38 for i in $(maas ${PROFILE} notifications read | jq ".[]| .id"); do
39 maas ${PROFILE} notification delete ${i} || true
40 done
41 }
42
43 function process_formulas(){
44 local RECLASS_ROOT=${RECLASS_ROOT:-/srv/salt/reclass/}
45 local FORMULAS_PATH=${FORMULAS_PATH:-/usr/share/salt-formulas}
46
47 curl -s $MCP_SALT_REPO_KEY | apt-key add -
48 echo $MCP_SALT_REPO > /etc/apt/sources.list.d/mcp_salt.list
49 apt-get update
50 apt-get install -y salt-formula-*
51
52 [ ! -d ${RECLASS_ROOT}/classes/service ] && mkdir -p ${RECLASS_ROOT}/classes/service
53 for formula_service in $(ls /usr/share/salt-formulas/reclass/service/); do
54 #Since some salt formula names contain "-" and in symlinks they should contain "_" adding replacement
55 formula_service=${formula_service//-/$"_"}
56 if [ ! -L "${RECLASS_ROOT}/classes/service/${formula_service}" ]; then
57 ln -sf ${FORMULAS_PATH}/reclass/service/${formula_service} ${RECLASS_ROOT}/classes/service/${formula_service}
58 fi
59 done
60 }
61
62 function enable_services(){
63 local services="postgresql.service salt-api salt-master salt-minion jenkins"
64 for s in ${services} ; do
65 systemctl enable ${s} || true
66 systemctl restart ${s} || true
67 done
68 }
69
70 function process_network(){
71 echo "Configuring network interfaces"
72 find /etc/network/interfaces.d/ -type f -delete
73 kill $(pidof /sbin/dhclient) || /bin/true
74 envsubst < /root/interfaces > /etc/network/interfaces
75 ip a flush dev ens3
76 rm -f /var/run/network/ifstate.ens3
77 if [[ $(grep -E "^\ *gateway\ " /etc/network/interfaces) ]]; then
78 (ip r s | grep ^default) && ip r d default || /bin/true
79 fi;
80 ifup ens3
81 }
82
83 function process_maas(){
84 postgres_enabled=$(salt-call --out=text pillar.get postgresql:server:enabled | awk '{print $2}' | tr "[:upper:]" "[:lower:]")
85 if [[ "${postgres_enabled}" == "true" ]]; then
86 salt-call ${SALT_OPTS} state.sls postgresql.server
87 fi
88
89 _region=$(salt-call --out=text pillar.get maas:region:enabled | awk '{print $2}' | tr "[:upper:]" "[:lower:]" )
90 if [[ "${maas_cluster_enabled}" == "true" ]]; then
91 salt-call ${SALT_OPTS} state.sls maas.cluster
92 else
93 echo "WARNING: maas.cluster skipped!"
94 fi
95 if [[ "$_region" == "true" ]]; then
96 # FIXME MAAS still can fail in rare race condition.
97 salt-call ${SALT_OPTS} state.sls maas.region || salt-call ${SALT_OPTS} state.sls maas.region
98 else
99 echo "WARNING: maas.region skipped!"
100 fi
101 # Do not move it under first cluster-only check!
102 if [[ "${maas_cluster_enabled}" == "true" ]]; then
103 _post_maas_cfg
104 fi
105 }
106
107 function process_jenkins(){
108 _jjobs=$(salt-call --out=text pillar.get jenkins:client:job | awk '{print $2}')
109 if [[ "${_jjobs}" != "" ]]; then
110 salt-call ${SALT_OPTS} state.sls jenkins.client
111 fi
112 }
113
114 failsafe_ssh_key(){
115 if [ -f /mnt/root_auth_keys ]; then
116 echo "Installing failsafe public ssh key from /mnt/root_auth_keys to /root/.ssh/authorized_keys"
117 install -m 0700 -d /root/.ssh
118 cat /mnt/root_auth_keys >> /root/.ssh/authorized_keys
119 chmod 600 /root/.ssh/authorized_keys
120 sed -i "s/^PermitRootLogin.*/PermitRootLogin yes/g" /etc/ssh/sshd_config
121 sed -i "s/^PasswordAuthentication.*/PasswordAuthentication yes/g" /etc/ssh/sshd_config
122 service ssh restart
123 fi
124 }
125
azvyagintsev9a0d7e52018-10-17 20:15:22 +0300[diff] [blame^]126 function process_salt_base(){
127 # PROD-21179| PROD-21792 : To describe such trick's around salt.XX state ordering
128 salt-call ${SALT_OPTS} state.sls salt.master
129 # Wait for salt-master to wake up after restart
130 sleep 5
131 salt-call --timeout=120 test.ping
132 # Run salt.minion.ca to prepare CA certificate before salt.minion.cert is used
133 salt-call ${SALT_OPTS} state.sls salt.minion.ca
134 salt-call ${SALT_OPTS} state.sls salt.minion
135 # Wait for salt-minion to wake up after restart
136 sleep 5
137 salt-call --timeout=120 test.ping
138 salt-call ${SALT_OPTS} state.sls salt
139 salt-call ${SALT_OPTS} state.sls reclass
140 }
141 #== Body ==================================================================#
142
Ivan Berezovskiy77187172018-09-14 15:47:36 +0400[diff] [blame]143 . /etc/cloud/master_environment
144 printenv | sort -u
145 process_network
146
147 echo "Preparing metadata model"
148 if [[ -n "${CFG_BOOTSTRAP_DRIVE_URL}" ]]; then
149 wget -O /tmp/cfg01.iso "$cfg_bootstrap_drive"
150 mount -o loop /tmp/cfg01.iso /mnt/
151 else
152 mount /dev/cdrom /mnt/
153 fi
154 cp -rT /mnt/model/model /srv/salt/reclass
155 chown -R root:root /srv/salt/reclass/* || true
156 chown -R root:root /srv/salt/reclass/.git* || true
157 chmod -R 644 /srv/salt/reclass/classes/cluster/* || true
158 chmod -R 644 /srv/salt/reclass/classes/system/* || true
159
160 failsafe_ssh_key
161
162 echo "Configuring salt"
163 envsubst < /root/minion.conf > /etc/salt/minion.d/minion.conf
164 enable_services
165
166 # Wait for salt-master and salt-minion to wake up after restart
167 salt-call --timeout=120 test.ping
168
169 while true; do
170 salt-key | grep "$SALT_MASTER_MINION_ID" && break
171 sleep 5
172 done
173
174 find /var/lib/jenkins/jenkins.model.JenkinsLocationConfiguration.xml -type f -print0 | xargs -0 sed -i -e "s/10.167.4.15/$SALT_MASTER_DEPLOY_IP/g"
175
176 echo "updating local git repos"
177 if [[ "$PIPELINES_FROM_ISO" == "true" ]] ; then
178 cp -r /mnt/mk-pipelines/* /home/repo/mk/mk-pipelines/
179 cp -r /mnt/pipeline-library/* /home/repo/mcp-ci/pipeline-library/
180 umount /mnt || true
181 chown -R git:www-data /home/repo/mk/mk-pipelines/*
182 chown -R git:www-data /home/repo/mcp-ci/pipeline-library/*
183 else
184 umount /mnt || true
185 git clone --mirror "${PIPELINE_REPO_URL}/mk-pipelines.git" /home/repo/mk/mk-pipelines/
186 git clone --mirror "${PIPELINE_REPO_URL}/pipeline-library.git" /home/repo/mcp-ci/pipeline-library/
187 chown -R git:www-data /home/repo/mk/mk-pipelines/*
188 chown -R git:www-data /home/repo/mcp-ci/pipeline-library/*
189 fi
190
191 process_formulas
192
193 salt-call saltutil.refresh_pillar
194 salt-call saltutil.sync_all
195 if ! $(reclass -n ${SALT_MASTER_MINION_ID} > /dev/null ) ; then
196 echo "ERROR: Reclass render failed!"
197 exit 1
198 fi
199
200 salt-call ${SALT_OPTS} state.sls linux.network,linux,openssh
azvyagintsev9a0d7e52018-10-17 20:15:22 +0300[diff] [blame^]201 process_salt_base
Ivan Berezovskiy77187172018-09-14 15:47:36 +0400[diff] [blame]202 maas_cluster_enabled=$(salt-call --out=text pillar.get maas:cluster:enabled | awk '{print $2}' | tr "[:upper:]" "[:lower:]" )
203 process_maas
204
205 ssh-keyscan cfg01 > /var/lib/jenkins/.ssh/known_hosts || true
206
207 process_jenkins
208
209 stop_services="salt-api salt-master salt-minion jenkins maas-rackd.service maas-regiond.service postgresql.service"
210 for s in ${stop_services} ; do
211 systemctl stop ${s} || true
212 sleep 1
213 done
azvyagintsevc1c62042018-09-26 11:47:49 +0300[diff] [blame]214 # Set bootstrap-done flag for future
215 mkdir -p /var/log/mcp/
216 touch /var/log/mcp/.bootstrap_done
Ivan Berezovskiy77187172018-09-14 15:47:36 +0400[diff] [blame]217 sync
218 reboot
219runcmd:
azvyagintsevc1c62042018-09-26 11:47:49 +0300[diff] [blame]220 - [bash, -cex, *master_config]