X-Git-Url: https://gerrit.akraino.org/r/gitweb?a=blobdiff_plain;f=deploy%2Fsite%2Fvm%2Fvm.sh;h=51ad4c9c9130ae1e9d49aed24f240925aa6a93da;hb=refs%2Fchanges%2F04%2F4704%2F1;hp=841644b154e88345a1ba666c15f18031c33bd81d;hpb=245b963a4b4e0d179ab46eb52917bc569b83e607;p=icn.git diff --git a/deploy/site/vm/vm.sh b/deploy/site/vm/vm.sh old mode 100755 new mode 100644 index 841644b..51ad4c9 --- a/deploy/site/vm/vm.sh +++ b/deploy/site/vm/vm.sh @@ -10,16 +10,21 @@ source $SCRIPTDIR/../common.sh BUILDDIR=${SCRIPTDIR/deploy/build} mkdir -p ${BUILDDIR} +SITE_REPO=${SITE_REPO:-"https://gerrit.akraino.org/r/icn"} +SITE_BRANCH=${SITE_BRANCH:-"master"} +SITE_PATH=${SITE_PATH:-"deploy/site/vm"} + FLUX_SOPS_KEY_NAME=${FLUX_SOPS_KEY_NAME:-"icn-site-vm"} +FLUX_SOPS_PRIVATE_KEY="${SCRIPTDIR}/../secrets/sops.asc" # !!!NOTE!!! THE KEYS USED BELOW ARE FOR TEST PURPOSES ONLY. DO NOT # USE THESE OUTSIDE OF THIS ICN VIRTUAL TEST ENVIRONMENT. function build_source { # First decrypt the existing site YAML, otherwise we'll be # attempting to encrypt it twice below - if [[ -f ${SCRIPTDIR}/sops.asc ]]; then - gpg --import ${SCRIPTDIR}/sops.asc - sops_decrypt_site ${SCRIPTDIR}/site.yaml + if [[ -f ${FLUX_SOPS_PRIVATE_KEY} ]]; then + gpg --import ${FLUX_SOPS_PRIVATE_KEY} + sops_decrypt ${SCRIPTDIR}/site.yaml fi # Generate user password and authorized key in site YAML @@ -34,45 +39,49 @@ function build_source { # Encrypt the site YAML create_gpg_key ${FLUX_SOPS_KEY_NAME} - sops_encrypt_site ${SCRIPTDIR}/site.yaml ${FLUX_SOPS_KEY_NAME} + sops_encrypt ${SCRIPTDIR}/site.yaml ${FLUX_SOPS_KEY_NAME} # ONLY FOR TEST ENVIRONMENT: save the private key used - export_gpg_private_key ${FLUX_SOPS_KEY_NAME} >${SCRIPTDIR}/sops.asc + export_gpg_private_key ${FLUX_SOPS_KEY_NAME} >${FLUX_SOPS_PRIVATE_KEY} } function deploy { - gpg --import ${SCRIPTDIR}/sops.asc - flux_create_site https://gerrit.akraino.org/r/icn master deploy/site/vm ${FLUX_SOPS_KEY_NAME} + gpg --import ${FLUX_SOPS_PRIVATE_KEY} + flux_create_site ${SITE_REPO} ${SITE_BRANCH} ${SITE_PATH} ${FLUX_SOPS_KEY_NAME} } function clean { - kubectl -n flux-system delete kustomization icn-master-site-vm + kubectl -n flux-system delete kustomization $(flux_site_kustomization_name ${SITE_REPO} ${SITE_BRANCH} ${SITE_PATH}) } function is_cluster_ready { - [[ $(kubectl -n metal3 get cluster e2etest -o jsonpath='{.status.conditions[?(@.type=="Ready")].status}') == "True" ]] + [[ $(kubectl -n ${SITE_NAMESPACE} get cluster icn -o jsonpath='{.status.conditions[?(@.type=="Ready")].status}') == "True" ]] } function is_control_plane_ready { # Checking the Cluster resource status is not sufficient, it # reports the control plane as ready before the nodes forming the # control plane are ready - local -r replicas=$(kubectl -n metal3 get kubeadmcontrolplane e2etest -o jsonpath='{.spec.replicas}') - [[ $(kubectl --kubeconfig=${BUILDDIR}/e2etest-admin.conf get nodes -l node-role.kubernetes.io/control-plane -o jsonpath='{range .items[*]}{.status.conditions[?(@.type=="Ready")].status}{"\n"}{end}' | grep -c True) == ${replicas} ]] + local -r replicas=$(kubectl -n ${SITE_NAMESPACE} get kubeadmcontrolplane icn -o jsonpath='{.spec.replicas}') + [[ $(kubectl --kubeconfig=${BUILDDIR}/icn-admin.conf get nodes -l node-role.kubernetes.io/control-plane -o jsonpath='{range .items[*]}{.status.conditions[?(@.type=="Ready")].status}{"\n"}{end}' | grep -c True) == ${replicas} ]] } function insert_control_plane_network_identity_into_ssh_config { # This enables logging into the control plane machines from this # machine without specifying the identify file on the command line + if [[ ! $(which ipcalc) ]]; then + apt-get install -y ipcalc + fi + # Create ssh config if it doesn't exist mkdir -p ${HOME}/.ssh && chmod 700 ${HOME}/.ssh touch ${HOME}/.ssh/config chmod 600 ${HOME}/.ssh/config # Add the entry for the control plane network, host value in ssh # config is a wildcard - endpoint=$(helm -n metal3 get values -a cluster-e2etest | awk '/controlPlaneEndpoint:/ {print $2}') - prefix=$(helm -n metal3 get values -a cluster-e2etest | awk '/controlPlanePrefix:/ {print $2}') + endpoint=$(helm -n ${SITE_NAMESPACE} get values -a cluster-icn | awk '/controlPlaneEndpoint:/ {print $2}') + prefix=$(helm -n ${SITE_NAMESPACE} get values -a cluster-icn | awk '/controlPlanePrefix:/ {print $2}') host=$(ipcalc ${endpoint}/${prefix} | awk '/Network:/ {sub(/\.0.*/,".*"); print $2}') if [[ $(grep -c "Host ${host}" ${HOME}/.ssh/config) != 0 ]]; then sed -i -e '/Host '"${host}"'/,+1 d' ${HOME}/.ssh/config @@ -80,24 +89,40 @@ function insert_control_plane_network_identity_into_ssh_config { cat <>${HOME}/.ssh/config Host ${host} IdentityFile ${SCRIPTDIR}/id_rsa + StrictHostKeyChecking no + UserKnownHostsFile /dev/null EOF + # Add the identity to authorized keys on this host to enable ssh + # logins via its control plane address + cat ${SCRIPTDIR}/id_rsa.pub >> ~/.ssh/authorized_keys } function wait_for_all_ready { WAIT_FOR_INTERVAL=60s WAIT_FOR_TRIES=30 wait_for is_cluster_ready - clusterctl -n metal3 get kubeconfig e2etest >${BUILDDIR}/e2etest-admin.conf - chmod 600 ${BUILDDIR}/e2etest-admin.conf + clusterctl -n ${SITE_NAMESPACE} get kubeconfig icn >${BUILDDIR}/icn-admin.conf + chmod 600 ${BUILDDIR}/icn-admin.conf wait_for is_control_plane_ready insert_control_plane_network_identity_into_ssh_config } +function is_cluster_deleted { + ! kubectl -n ${SITE_NAMESPACE} get cluster icn +} + +function wait_for_all_deleted { + WAIT_FOR_INTERVAL=60s + WAIT_FOR_TRIES=30 + wait_for is_cluster_deleted +} + case $1 in "build-source") build_source ;; "clean") clean ;; "deploy") deploy ;; "wait") wait_for_all_ready ;; + "wait-clean") wait_for_all_deleted ;; *) cat <