From: davidplunkett Date: Thu, 31 Oct 2019 07:40:30 +0000 (+0000) Subject: multiple fixes for Airship treasuremap 1.3 X-Git-Tag: 2.0.0-AKRAINO~28 X-Git-Url: https://gerrit.akraino.org/r/gitweb?a=commitdiff_plain;h=refs%2Fchanges%2F86%2F1886%2F2;p=yaml_builds.git multiple fixes for Airship treasuremap 1.3 Signed-off-by: davidplunkett Change-Id: I91664c09808c6c5b66823e81c2c9a12bcef7ee3d Signed-off-by: davidplunkett --- diff --git a/dellgen10-sriov-a13.yaml b/dellgen10-sriov-a13.yaml index bfe58a8..b15ed46 100644 --- a/dellgen10-sriov-a13.yaml +++ b/dellgen10-sriov-a13.yaml @@ -194,8 +194,6 @@ masters: pxe: 172.30.2.41 ksn: 172.29.1.41 neutron: 10.0.102.41 - oob_user: root - oob_password: calvin - name : aknode42 oob: 192.168.41.42 host: 192.168.2.42 @@ -203,8 +201,6 @@ masters: pxe: 172.30.2.42 ksn: 172.29.1.42 neutron: 10.0.102.42 - oob_user: root - oob_password: calvin #workers: # - name : aknode43 # oob: 192.168.41.43 @@ -229,7 +225,7 @@ hardware: generation: '10' hw_version: '3' bios_version: '2.8' - bios_template: + bios_template: boot_template: dell_r740_g14_uefi_httpboot.xml.template http_boot_device: NIC.Slot.2-1-1 device_aliases: @@ -284,11 +280,8 @@ disks: - name: boot size: 1g mountpoint: /boot - - name: var_log - size: '100g' - mountpoint: /var/log - name: var - size: '>100g' + size: '300g' mountpoint: /var disks_compute: # - name : sdg @@ -314,7 +307,7 @@ disks_compute: - name: nova size: 99% mountpoint: /var/lib/nova -genesis_ssh_public_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC/n4mNLAj3XKG2fcm+8eVe0NUlNH0g8DA8KJ53rSLKccm8gm4UgLmGOJyBfUloQZMuOpU6a+hexN4ECCliqI7+KUmgJgsvLkJ3OUMNTEVu9tDX5mdXeffsufaqFkAdmbJ/9PMPiPQ3/UqbbtyEcqoZAwUWf4ggAWSp00SGE1Okg+skPSbDzPVHb4810eXZT1yoIg29HAenJNNrsVxvnMT2kw2OYmLfxgEUh1Ev4c5LnUog4GXBDHQtHAwaIoTu9s/q8VIvGav62RJVFn3U1D0jkiwDLSIFn8ezORQ4YkSidwdSrtqsqa2TJ0E5w/n5h5IVGO9neY8YlXrgynLd4Y+7 root@pocnjrsv132" +genesis_ssh_public_key: kubernetes: api_service_ip: 10.96.0.1 etcd_service_ip: 10.96.0.2 @@ -323,4 +316,3 @@ kubernetes: regional_server: ip: 135.16.101.85 ... - diff --git a/scripts/jcopy.py b/scripts/jcopy.py index d124f08..b48c5fd 100755 --- a/scripts/jcopy.py +++ b/scripts/jcopy.py @@ -25,7 +25,9 @@ import os.path import jinja2 import sys import yaml +import crypt import netaddr +from base64 import b64encode def cidr_netmask(value): if '/' in str(value): @@ -43,6 +45,16 @@ def cidr_subnet(value): result = "ERROR" return result +def crypt_sha512(value): + if not '$6$' in str(value): + if sys.hexversion < 0x3000000: + result = crypt.crypt(value, "$6$"+b64encode(os.urandom(16))) + else: + result = crypt.crypt(value, crypt.mksalt(crypt.METHOD_SHA512)) + else: + result = value + return result + def usage(msg=None): if not msg is None: print(msg) @@ -72,11 +84,13 @@ if os.path.isfile(j2in_name): j2_env = jinja2.Environment(loader=jinja2.FileSystemLoader(os.path.dirname(j2in_name)), trim_blocks=True, lstrip_blocks=True, keep_trailing_newline=True, undefined=jinja2.make_logging_undefined()) j2_env.filters['cidr_netmask'] = cidr_netmask j2_env.filters['cidr_subnet'] = cidr_subnet + j2_env.filters['crypt_sha512'] = crypt_sha512 expand_template(j2_env.get_template(name=os.path.basename(j2in_name)),yaml_out,len(j2in_name)) else: j2_env = jinja2.Environment(loader=jinja2.FileSystemLoader(j2in_name), trim_blocks=True, lstrip_blocks=True, keep_trailing_newline=True, undefined=jinja2.make_logging_undefined()) j2_env.filters['cidr_netmask'] = cidr_netmask j2_env.filters['cidr_subnet'] = cidr_subnet + j2_env.filters['crypt_sha512'] = crypt_sha512 templates=j2_env.list_templates(extensions=('j2')) fill=len(max(templates,key=len))+len(j2in_name) for f in templates: diff --git a/site_type/sriov-a13/templates/profiles/region.j2 b/site_type/sriov-a13/templates/profiles/region.j2 index c20a5e8..1394a58 100644 --- a/site_type/sriov-a13/templates/profiles/region.j2 +++ b/site_type/sriov-a13/templates/profiles/region.j2 @@ -24,7 +24,7 @@ metadata: schema: deckhand/PublicKey/v1 # This should match the "name" metadata of the SSH key which will be # substituted, located in site/seaworthy/secrets folder. - name: localadmin_ssh_public_key + name: airship_ssh_public_key path: . - dest: path: .repositories.main_archive @@ -33,14 +33,14 @@ metadata: name: software-versions path: .packages.repositories.main_archive # Second key example - #- dest: - # # Increment the list index - # path: .authorized_keys[1] - # src: - # schema: deckhand/PublicKey/v1 - # # your ssh key - # name: MY_USER_ssh_public_key - # path: . + - dest: + # Increment the list index + path: .authorized_keys[1] + src: + schema: deckhand/PublicKey/v1 + # your ssh key + name: localadmin_ssh_public_key + path: . data: tag_definitions: [] # This is the list of SSH keys which MaaS will register for the built-in diff --git a/site_type/sriov-a13/templates/secrets/passphrases/ubuntu_crypt_password.j2 b/site_type/sriov-a13/templates/secrets/passphrases/ubuntu_crypt_password.j2 index ace4e1e..5a21b81 100644 --- a/site_type/sriov-a13/templates/secrets/passphrases/ubuntu_crypt_password.j2 +++ b/site_type/sriov-a13/templates/secrets/passphrases/ubuntu_crypt_password.j2 @@ -8,5 +8,5 @@ metadata: layer: site storagePolicy: cleartext # Pass: password123 -data: {{yaml.genesis.root_password}} +data: {{yaml.genesis.root_password | crypt_sha512}} ... diff --git a/site_type/sriov-a13/templates/software/charts/kubernetes/container-networking/calico.j2 b/site_type/sriov-a13/templates/software/charts/kubernetes/container-networking/calico.j2 index 6a2b934..62978a3 100644 --- a/site_type/sriov-a13/templates/software/charts/kubernetes/container-networking/calico.j2 +++ b/site_type/sriov-a13/templates/software/charts/kubernetes/container-networking/calico.j2 @@ -54,7 +54,7 @@ data: peers: {% for peer in yaml.networks.ksn.peers %} - apiVersion: projectcalico.org/v3 - kind: bgpPeer + kind: BGPPeer metadata: name: peer-{{loop.index-1}} spec: diff --git a/site_type/sriov-a13/templates/software/charts/kubernetes/etcd/etcd.j2 b/site_type/sriov-a13/templates/software/charts/kubernetes/etcd/etcd.j2 index b99a105..4cfc13c 100644 --- a/site_type/sriov-a13/templates/software/charts/kubernetes/etcd/etcd.j2 +++ b/site_type/sriov-a13/templates/software/charts/kubernetes/etcd/etcd.j2 @@ -96,7 +96,11 @@ metadata: - src: schema: deckhand/CertificateKey/v1 name: kubernetes-etcd-{{server.name}}-peer +{% if loop.first %} path: . +{% else %} + path: $ +{% endif %} dest: path: .values.nodes[{{loop.index}}].tls.peer.key {% endfor %} diff --git a/site_type/sriov-a13/treasuremap.tgz b/site_type/sriov-a13/treasuremap.tgz index a03037a..64ffa65 100644 Binary files a/site_type/sriov-a13/treasuremap.tgz and b/site_type/sriov-a13/treasuremap.tgz differ diff --git a/tools/1prom-gen.sh b/tools/1prom-gen.sh index 144b7aa..e99970b 100755 --- a/tools/1prom-gen.sh +++ b/tools/1prom-gen.sh @@ -198,6 +198,10 @@ echo "# Copying scripts to $AIRSHIP_TREASUREMAP/${SITE}_bundle" tar cvf $YAML_BUILDS/tars/promenade-bundle-$SITE.tar -C $AIRSHIP_TREASUREMAP/${SITE}_bundle . ) +echo "#######################################" +echo "# $0 finished" +echo "#######################################" + exec 2>&- exec 1>&- exit 0 diff --git a/tools/2genesis.sh b/tools/2genesis.sh index 0da6f92..62a2e77 100755 --- a/tools/2genesis.sh +++ b/tools/2genesis.sh @@ -48,17 +48,25 @@ cd $YAML_BUILDS python $YAML_BUILDS/scripts/jcopy.py $SITE.yaml $YAML_BUILDS/tools/j2/serverrc.j2 $YAML_BUILDS/tools/"$GENESIS_NAME"rc /opt/akraino/redfish/install_server_os.sh --rc /opt/akraino/yaml_builds/tools/"$GENESIS_NAME"rc --skip-confirm +# Stage Airship files on Genesis scp $YAML_BUILDS/tars/promenade-bundle-$SITE.tar $GENESIS_HOST:/tmp/ ssh $GENESIS_HOST << EOF # TODO avoid following hard coding$ route add -net 192.168.41.0/24 gw 192.168.2.1 bond0.41 - mkdir -p /root/akraino - cp /tmp/promenade-bundle-$SITE.tar /root/akraino/ + mkdir -p /root/akraino/configs/promenade-bundle + mv /tmp/promenade-bundle-$SITE.tar /root/akraino/ cd /root/akraino/ tar -xmf promenade-bundle-$SITE.tar + # MOVE TO LOCATION EXPECTED BY WORKFLOW + mv genesis.sh /root/akraino/configs/promenade-bundle/ EOF -# Update BIOS Setting -#python $YAML_BUILDS/scripts/update_bios_settings.py $SITE.yaml + +# Update BIOS settings on master and worker nodes +python $YAML_BUILDS/scripts/update_bios_settings.py $SITE.yaml + +echo "#######################################" +echo "# $0 finished" +echo "#######################################" exec 2>&- exec 1>&- diff --git a/tools/3deploy_site.sh b/tools/3deploy_site.sh index 34fb3dc..2e998d5 100755 --- a/tools/3deploy_site.sh +++ b/tools/3deploy_site.sh @@ -39,13 +39,22 @@ source $(dirname $0)/env_$SITE.sh ssh $GENESIS_HOST << EOF cd /root/akraino + echo "#######################################################" + echo "# Running genesis.sh script " + echo "#######################################################" bash genesis.sh # Shipyard takes time to really come up and start responding. date sleep 900 # Following is a workaround, tested on dell servers. # TODO to be removed when not required. + echo "#######################################################" + echo "# Updating iptables " + echo "#######################################################" bash update_iptables.sh + echo "#######################################################" + echo "# Running deploy_site.sh script " + echo "#######################################################" #bash deploy_site.sh EOF diff --git a/tools/generate_yamls.sh b/tools/generate_yamls.sh index 9187e85..13d36dc 100755 --- a/tools/generate_yamls.sh +++ b/tools/generate_yamls.sh @@ -37,6 +37,10 @@ echo "#######################################" sed -E 's/(^.*password:).*/\1 ###PASSWORD REMOVED####/g' ${YAML_BUILDS}/${SITE}.yaml echo "#######################################" +echo "# NOTE: root ssh key will be used for genesis_ssh_public_key if no key is provided" +RCKEY=$(cat ~/.ssh/id_rsa.pub | sed -e 's/[\/&]/\\&/g') +sed -i -e "s/genesis_ssh_public_key\: */genesis_ssh_public_key: \'$RCKEY\'/" $SITE.yaml + python ./scripts/jcopy.py $SITE.yaml ./tools/j2/set_site_env.sh ./tools/env_$SITE.sh source ./tools/env_$SITE.sh @@ -73,10 +77,13 @@ echo "#######################################" echo "# Created site $AIRSHIP_TREASUREMAP/site/$SITE with $CONFIG_COUNT config files" echo "#######################################" -( -echo "# Linting config files in $AIRSHIP_TREASUREMAP/site/$SITE" -cd $AIRSHIP_TREASUREMAP -$AIRSHIP_TREASUREMAP/tools/airship pegleg site -r /target lint $SITE -x P001 -x P005 || true -) +# UNCOMMENT TO DEBUG/LINT GENERATED YAML FILES +#( +#echo "# Linting config files in $AIRSHIP_TREASUREMAP/site/$SITE" +#cd $AIRSHIP_TREASUREMAP +#$AIRSHIP_TREASUREMAP/tools/airship pegleg site -r /target lint $SITE -x P001 -x P005 || true +#) echo "#######################################" +echo "# $0 finished" +echo "#######################################"