tcp_tests/templates/physical_mcp11_dvr/salt.yaml

{% from 'physical_mcp11_dvr/underlay.yaml' import HOSTNAME_CFG01 with context %}
{% from 'physical_mcp11_dvr/underlay.yaml' import REPOSITORY_SUITE with context %}

{% set SALT_MODELS_REPOSITORY = os_env('SALT_MODELS_REPOSITORY','https://gerrit.mcp.mirantis.net/salt-models/mcp-baremetal-lab') %}
{% set SALT_MODELS_COMMIT = os_env('SALT_MODELS_COMMIT','master') %}

# Address pools for reclass cluster model are taken in the following order:
# 1. environment variables,
# 2. config.underlay.address_pools based on fuel-devops address pools
#    (see generated '.ini' file after underlay is created),
# 3. defaults
{% set address_pools = config.underlay.address_pools %}

# Install salt to the config node

#- description: (moved to cloud-init config) Configure repository on the cfg01 node
#  cmd:
#    echo "172.18.248.114    jenkins.mcp.mirantis.net  gerrit.mcp.mirantis.net" >> /etc/hosts;
#    echo "185.135.196.10    apt-mk.mirantis.com" >> /etc/hosts;
#    echo "nameserver 172.18.208.44 >> /etc/resolv.conf;
#    echo "nameserver 8.8.8.8 >> /etc/resolv.conf;
#    which wget >/dev/null || (apt-get update; apt-get install -y wget);
#    echo "deb [arch=amd64] http://apt-mk.mirantis.com/xenial nightly salt extra" > /etc/apt/sources.list.d/mcp_salt.list;
#    wget -O - http://apt-mk.mirantis.com/public.gpg | apt-key add -;
#    echo "deb http://repo.saltstack.com/apt/ubuntu/16.04/amd64/2016.3 xenial main" > /etc/apt/sources.list.d/saltstack.list;
#    wget -O - https://repo.saltstack.com/apt/ubuntu/16.04/amd64/2016.3/SALTSTACK-GPG-KEY.pub | apt-key add -;
#  node_name: {{ HOSTNAME_CFG01 }}
#  retry: {count: 1, delay: 1}
#  skip_fail: false

#- description: Update packages on cfg01
#  cmd: apt-get clean; eatmydata apt-get update
#  node_name: {{ HOSTNAME_CFG01 }}
#  retry: {count: 1, delay: 1}
#  skip_fail: false

- description: Installing salt master on cfg01
  cmd:  eatmydata apt-get install -y reclass git salt-master
  node_name: {{ HOSTNAME_CFG01 }}
  retry: {count: 1, delay: 1}
  skip_fail: false

#- description: (moved to cloud-init config) Install common packages on cfg01
#  cmd: eatmydata apt-get install -y python-pip wget curl tmux byobu iputils-ping traceroute htop tree
#  node_name: {{ HOSTNAME_CFG01 }}
#  retry: {count: 1, delay: 1}
#  skip_fail: false

- description: Configure salt-master on cfg01
  cmd: |
    cat << 'EOF' >> /etc/salt/master.d/master.conf
    file_roots:
      base:
      - /usr/share/salt-formulas/env
    pillar_opts: False
    open_mode: True
    reclass: &reclass
      storage_type: yaml_fs
      inventory_base_uri: /srv/salt/reclass
    ext_pillar:
      - reclass: *reclass
    master_tops:
      reclass: *reclass
    EOF
  node_name: {{ HOSTNAME_CFG01 }}
  retry: {count: 1, delay: 1}
  skip_fail: false

- description: Configure GIT settings and certificates
  cmd: touch /root/.git_trusted_certs.pem;
    for server in git.tcpcloud.eu github.com; do
        openssl s_client -showcerts -connect $server:443 </dev/null
        | openssl x509 -outform PEM
        >> /root/.git_trusted_certs.pem;
    done;
    HOME=/root git config --global http.sslCAInfo /root/.git_trusted_certs.pem;
    HOME=/root git config --global user.email "tcp-qa@example.com";
    HOME=/root git config --global user.name "TCP QA";
  node_name: {{ HOSTNAME_CFG01 }}
  retry: {count: 1, delay: 1}
  skip_fail: false


- description: Clone reclass models with submodules
  cmd: |
    ssh-keyscan -H github.com >> ~/.ssh/known_hosts;
    git clone -b {{ SALT_MODELS_COMMIT }} --recurse-submodules {{ SALT_MODELS_REPOSITORY }} /srv/salt/reclass;

    mkdir -p /srv/salt/reclass/classes/service;

    # Replace firstly to an intermediate value to avoid intersection between
    # already replaced and replacing networks.
    # For example, if generated IPV4_NET_ADMIN_PREFIX=10.16.0 , then there is a risk of replacing twice:
    # 192.168.10 -> 10.16.0 (generated network for admin)
    # 10.16.0 -> <external network>
    # So let's replace constant networks to the keywords, and then keywords to the desired networks.

    find /srv/salt/reclass/ -type f -exec sed -i 's/apt_mk_version:.*/apt_mk_version: {{ REPOSITORY_SUITE }}/g' {} +

    # Disable checkouting the model from remote repository
    cat << 'EOF' >> /srv/salt/reclass/nodes/control/{{ HOSTNAME_CFG01 }}.yml
    # local storage
      reclass:
        storage:
          data_source:
            engine: local
    EOF

    # Show the changes to the console
    cd /srv/salt/reclass/; git diff
  node_name: {{ HOSTNAME_CFG01 }}
  retry: {count: 1, delay: 1}
  skip_fail: false

- description: Configure reclass
  cmd: |
    FORMULA_PATH=${FORMULA_PATH:-/usr/share/salt-formulas};
    FORMULA_REPOSITORY=${FORMULA_REPOSITORY:-deb [arch=amd64] http://apt-mk.mirantis.com/xenial stable salt};
    FORMULA_GPG=${FORMULA_GPG:-http://apt-mk.mirantis.com/public.gpg};
    which wget > /dev/null || (apt-get update; apt-get install -y wget);
    echo "${FORMULA_REPOSITORY}" > /etc/apt/sources.list.d/mcp_salt.list;
    wget -O - "${FORMULA_GPG}" | apt-key add -;
    apt-get clean; apt-get update;
    [ ! -d /srv/salt/reclass/classes/service ] && mkdir -p /srv/salt/reclass/classes/service;
    declare -a formula_services=("linux" "reclass" "salt" "openssh" "ntp" "git" "nginx" "collectd" "sensu" "heka" "sphinx" "keystone" "mysql" "grafana" "haproxy" "rsyslog" "horizon" "prometheus" "telegraf");
    echo -e "\nInstalling all required salt formulas\n";
    eatmydata apt-get install -y "${formula_services[@]/#/salt-formula-}";
    for formula_service in "${formula_services[@]}"; do
      echo -e "\nLink service metadata for formula ${formula_service} ...\n";
      [ ! -L "/srv/salt/reclass/classes/service/${formula_service}" ] && ln -s ${FORMULA_PATH}/reclass/service/${formula_service} /srv/salt/reclass/classes/service/${formula_service};
    done;
    [ ! -d /srv/salt/env ] && mkdir -p /srv/salt/env;
    [ ! -L /srv/salt/env/prd ] && ln -s ${FORMULA_PATH}/env /srv/salt/env/prd;
    [ ! -d /etc/reclass ] && mkdir /etc/reclass;

    cat << 'EOF' >> /etc/reclass/reclass-config.yml
    storage_type: yaml_fs
    pretty_print: True
    output: yaml
    inventory_base_uri: /srv/salt/reclass
    EOF
  node_name: {{ HOSTNAME_CFG01 }}
  retry: {count: 1, delay: 1}
  skip_fail: false

- description: Restart salt-master service
  cmd: |
     systemctl restart salt-master; sleep 60
  node_name: {{ HOSTNAME_CFG01 }}
  retry: {count: 1, delay: 5}
  skip_fail: false

{% for ssh in config.underlay.ssh %}
- description: Configure salt-minion on {{ ssh['node_name'] }}
  cmd: |
    [ ! -d /etc/salt/minion.d ] && mkdir -p /etc/salt/minion.d;
    cat << "EOF" >> /etc/salt/minion.d/minion.conf
    id: {{ ssh['node_name'] }}
    master: {{ config.salt.salt_master_host }}
    EOF
    eatmydata apt-get install -y salt-minion;
    echo "Check for system info and metadata availability ...";
    salt-call --no-color grains.items;
    salt-call --no-color pillar.items;
  node_name: {{ ssh['node_name'] }}
  retry: {count: 1, delay: 1}
  skip_fail: false
{% endfor %}


- description: Accept salt keys from all the nodes
  cmd: salt-key -A -y
  node_name: {{ HOSTNAME_CFG01 }}
  retry: {count: 1, delay: 5}
  skip_fail: true


- description: Configure salt adoptors on cfg01
  cmd: |
    ln -s /usr/lib/python2.7/dist-packages/reclass/adapters/salt.py /usr/local/sbin/reclass-salt;
    chmod +x /usr/lib/python2.7/dist-packages/reclass/adapters/salt.py
  node_name: {{ HOSTNAME_CFG01 }}
  retry: {count: 1, delay: 1}
  skip_fail: false


# Prepare salt services and nodes settings
- description: Run 'linux' formula on cfg01
  cmd: salt --hard-crash --state-output=mixed --state-verbose=False
    -C 'I@salt:master' state.sls linux;
  node_name: {{ HOSTNAME_CFG01 }}
  retry: {count: 3, delay: 5}
  skip_fail: false


- description: Run 'openssh' formula on cfg01
  cmd: salt --hard-crash --state-output=mixed --state-verbose=False
    -C 'I@salt:master' state.sls openssh;
    salt --hard-crash --state-output=mixed --state-verbose=False
    -C 'I@salt:master' cmd.run "sed -i 's/PasswordAuthentication no/PasswordAuthentication
    yes/' /etc/ssh/sshd_config && service ssh restart";
  node_name: {{ HOSTNAME_CFG01 }}
  retry: {count: 3, delay: 5}
  skip_fail: false


- description: '*Workaround* of the bug https://mirantis.jira.com/browse/PROD-7962'
  cmd: salt --hard-crash --state-output=mixed --state-verbose=False
    '*' cmd.run "echo '    StrictHostKeyChecking no' >> /root/.ssh/config"
  node_name: {{ HOSTNAME_CFG01 }}
  retry: {count: 1, delay: 1}
  skip_fail: false

- description: Run 'salt.master' formula on cfg01
  cmd: timeout 120 salt --hard-crash --state-output=mixed --state-verbose=False
    -C 'I@salt:master' state.sls salt.master.service;
  node_name: {{ HOSTNAME_CFG01 }}
  retry: {count: 2, delay: 5}
  skip_fail: false

- description: Run 'salt' formula on cfg01 with workaround proposed in PROD-10894
  cmd: salt --hard-crash --state-output=mixed --state-verbose=False
    -C 'I@salt:master' state.sls salt;
    salt --hard-crash --state-output=mixed --state-verbose=False
    -C 'I@salt:master' saltutil.sync_all
  node_name: {{ HOSTNAME_CFG01 }}
  retry: {count: 5, delay: 5}
  skip_fail: false

- description: Generate inventory for all the nodes to the /srv/salt/reclass/nodes/_generated
  cmd: salt --hard-crash --state-output=mixed --state-verbose=False
    -C 'I@salt:master' state.sls reclass
  node_name: {{ HOSTNAME_CFG01 }}
  retry: {count: 1, delay: 5}
  skip_fail: false



- description: Refresh pillars for present baremetal nodes
  cmd: salt --hard-crash --state-output=mixed --state-verbose=False '*' saltutil.refresh_pillar
  node_name: {{ HOSTNAME_CFG01 }}
  retry: {count: 1, delay: 5}
  skip_fail: false

- description: Sync all salt resources for present baremetal nodes
  cmd: salt --hard-crash --state-output=mixed --state-verbose=False '*' saltutil.sync_all
  node_name: {{ HOSTNAME_CFG01 }}
  retry: {count: 1, delay: 5}
  skip_fail: false

- description: Configure linux for present baremetal nodes
  cmd: salt --hard-crash --state-output=mixed --state-verbose=False -C '* and not
    cfg01*' state.sls linux
  node_name: {{ HOSTNAME_CFG01 }}
  retry: {count: 3, delay: 5}
  skip_fail: false

- description: '*Workaround* of the bug https://mirantis.jira.com/browse/PROD-9576 to get bond0-connectivity *without* rebooting nodes'
  cmd: salt --hard-crash --state-output=mixed --state-verbose=False '*' cmd.run
    "cat /etc/network/interfaces | grep bond-slaves | awk '{print \$2}' | xargs -I {} ifenslave bond0 {}"
  node_name: {{ HOSTNAME_CFG01 }}
  retry: {count: 1, delay: 5}
  skip_fail: false

- description: ovs-dvr-vlan model specific Execute 'libvirt' states to create necessary libvirt networks
  cmd: salt --hard-crash --state-output=mixed --state-verbose=False 'kvm*' state.sls libvirt
  node_name: {{ HOSTNAME_CFG01 }}
  retry: {count: 1, delay: 10}
  skip_fail: false

- description: Create VMs for control plane
  cmd: salt --hard-crash --state-output=mixed --state-verbose=False 'kvm*' state.sls salt.control
  node_name: {{ HOSTNAME_CFG01 }}
  retry: {count: 3, delay: 10}
  skip_fail: false



- description: Refresh pillars on all minions
  cmd: salt --hard-crash --state-output=mixed --state-verbose=False '*' saltutil.refresh_pillar
  node_name: {{ HOSTNAME_CFG01 }}
  retry: {count: 1, delay: 5}
  skip_fail: false

- description: Sync all salt resources
  cmd: salt --hard-crash --state-output=mixed --state-verbose=False '*' saltutil.sync_all
  node_name: {{ HOSTNAME_CFG01 }}
  retry: {count: 1, delay: 5}
  skip_fail: false

- description: Show  reclass-salt --top for generated nodes
  cmd: reclass-salt --top -u /srv/salt/reclass/nodes/_generated/
  node_name: {{ HOSTNAME_CFG01 }}
  retry: {count: 1, delay: 5}
  skip_fail: false

- description: Execute salt.minion.cert
  cmd: salt-call --no-color state.sls salt.minion.cert -l info;
  node_name: {{ HOSTNAME_CFG01 }}
  retry: {count: 1, delay: 5}
  skip_fail: false


# Bootstrap all nodes

- description: Configure linux on other nodes
  cmd: salt --hard-crash --state-output=mixed --state-verbose=False -C '* and not
    cfg01*' state.sls linux
  node_name: {{ HOSTNAME_CFG01 }}
  retry: {count: 3, delay: 5}
  skip_fail: false

- description: Configure openssh on all nodes
  cmd: salt --hard-crash --state-output=mixed --state-verbose=False -C '* and not
    cfg01*' state.sls openssh;salt --hard-crash --state-output=mixed --state-verbose=False
    -C '* and not cfg*' cmd.run "sed -i 's/PasswordAuthentication no/PasswordAuthentication
    yes/' /etc/ssh/sshd_config && service ssh restart"
  node_name: {{ HOSTNAME_CFG01 }}
  retry: {count: 1, delay: 5}
  skip_fail: false

- description: Configure salt.minion on other nodes
  cmd: salt --hard-crash --state-output=mixed --state-verbose=False -C '* and not
    cfg01*' state.sls salt.minion
  node_name: {{ HOSTNAME_CFG01 }}
  retry: {count: 3, delay: 5}
  skip_fail: false

- description: Check salt minion versions on slaves
  cmd: salt '*' test.version
  node_name: {{ HOSTNAME_CFG01 }}
  retry: {count: 1, delay: 5}
  skip_fail: false

- description: Check salt top states on nodes
  cmd: salt '*' state.show_top
  node_name: {{ HOSTNAME_CFG01 }}
  retry: {count: 1, delay: 5}
  skip_fail: false

- description: Configure ntp and rsyslog on nodes
  cmd: salt --hard-crash --state-output=mixed --state-verbose=False '*' state.sls ntp,rsyslog
  node_name: {{ HOSTNAME_CFG01 }}
  retry: {count: 1, delay: 10}
  skip_fail: false


#- description: Hack gtw node
#  cmd: salt 'gtw*' cmd.run "ip addr del {{ IPV4_NET_CONTROL_PREFIX }}.110/24 dev ens4; ip addr flush dev ens4";
#  node_name: {{ HOSTNAME_CFG01 }}
#  retry: {count: 1, delay: 10}
#  skip_fail: false

#- description: Hack cmp01 node
#  cmd: salt 'cmp01*' cmd.run "ip addr del {{ IPV4_NET_CONTROL_PREFIX }}.105/24 dev ens4; ip addr flush dev ens4";
#  node_name: {{ HOSTNAME_CFG01 }}
#  retry: {count: 1, delay: 10}
#  skip_fail: false

#- description: Hack cmp02 node
#  cmd: salt 'cmp02*' cmd.run "ip addr del {{ IPV4_NET_CONTROL_PREFIX }}.106/24 dev ens4; ip addr flush dev ens4";
#  node_name: {{ HOSTNAME_CFG01 }}
#  retry: {count: 1, delay: 10}
#  skip_fail: false