Skip to content
This repository has been archived by the owner on Jan 24, 2023. It is now read-only.

Commit

Permalink
deployment on edge nodes with Ubuntu 20.04
Browse files Browse the repository at this point in the history
  • Loading branch information
oEscal committed Sep 22, 2021
1 parent 2b42fda commit faee0b3
Show file tree
Hide file tree
Showing 37 changed files with 431 additions and 81 deletions.
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -3,3 +3,4 @@
*.pyc
/inventory/default/group_vars/*/30_*_flavor.yml
/inventory/automated/
*.log
6 changes: 6 additions & 0 deletions inventory/default/group_vars/edgenode_group/10-default.yml
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,12 @@ os_yum_base_packages:
moreutils,jq,python-devel,createrepo,psmisc,bash-completion,rsync,patch,libselinux-python,libselinux-python3"
_os_yum_exclude_rpm_packages: "exclude=kernel-3* kernel-rt* kernel-rt-kvm* kernel-rt-devel*"

os_ubuntu_base_packages:
"vim-common,curl,lvm2,python3,wget,bridge-utils,libboost-all-dev,libpcre3,libpcre3-dev,zlib1g-dev,libglib2.0-dev,\
autoconf,automake,libtool,flex,bison,cmake,pciutils,python-websocket,libjsoncpp-dev,libfcgi-dev,libhiredis-dev,libnuma-dev,\
build-essential,psmisc,python-httplib2,libpixman-1-dev,moreutils,jq,python-dev-is-python2,psmisc,bash-completion,rsync,\
patch"

# URLs to docker images saved with `docker save <image>:<ver> | gzip > <image>.tar.gz` that are going to be preloaded after docker setup
docker_images: []

Expand Down
145 changes: 140 additions & 5 deletions roles/infrastructure/docker/tasks/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
# Copyright (c) 2019-2020 Intel Corporation

---
- name: add Docker repository
- name: add Docker repository in CentOs
yum_repository:
name: docker
description: Docker CE repository
Expand All @@ -14,14 +14,58 @@
retries: "{{ number_of_retries }}"
until: result is succeeded
delay: "{{ retry_delay }}"
when: not offline_enable
when:
- not offline_enable
- ansible_distribution == "CentOS"

- name: Install aptitude on Ubuntu
apt:
name: aptitude
state: latest
update_cache: yes
force_apt_get: yes
when: ansible_distribution == "Ubuntu"
become: yes

- name: Install required system packages on Ubuntu
apt:
name: "{{ item }}"
state: present
update_cache: yes
with_items:
- apt-transport-https
- ca-certificates
- curl
- software-properties-common
- python3-pip
- virtualenv
- libcurl4-gnutls-dev
- python3-setuptools
become: yes
when: ansible_distribution == "Ubuntu"

- name: gather the package facts
package_facts:
manager: "apt"
when: ansible_distribution == "Ubuntu"

- name: Install Docker in Ubuntu
apt:
name: docker.io
state: present
update_cache: yes
when:
- ansible_distribution == "Ubuntu"
become: yes

- name: clear yum cache
command: yum clean all
args:
warn: false
changed_when: true
when: not offline_enable
when:
- not offline_enable
- ansible_distribution == "CentOS"

- name: add group "docker"
group:
Expand All @@ -39,19 +83,29 @@
- name: reset connection
meta: reset_connection

- name: install Docker CE
- name: install Docker CE for CentOS
yum:
name: "{{ _docker_packages }}"
state: present
become: yes
notify:
- enable and start docker service
when: ansible_distribution == "CentOS"

- name: get runc version
shell: set -o pipefail && runc --version | grep -oP '{{ _runc_ver_pattern }}\K(.+)'
register: runc_rc_ver
ignore_errors: true
changed_when: false
when: ansible_distribution == "CentOS"

- name: get runc for Ubuntu
apt:
name: runc
state: present
update_cache: yes
become: yes
when: ansible_distribution == "Ubuntu"

- name: Check if offline mode
set_fact:
Expand All @@ -75,19 +129,89 @@
dest: /usr/bin/runc
checksum: "sha256:{{ _runc_checksum }}"
become: yes
when: runc_rc_ver.rc == 0 and runc_rc_ver.stdout|int < _runc_min_rc
when:
- ansible_distribution == "CentOS"
- runc_rc_ver.rc == 0
- runc_rc_ver.stdout|int < _runc_min_rc

- name: install pip dependencies
block:
- name: copy requirements.txt
copy:
src: requirements.txt
dest: /tmp/requirements.txt
- name: remove non working requirements in Ubuntu
lineinfile:
dest: /tmp/requirements.txt
state: absent
regexp: '^(perf==|pygobject==|python-linux-procfs==|schedutils==|urlgrabber==|yum-metadata-parser==|pycurl==)'
when: ansible_distribution == "Ubuntu"
- name: download and install python requirements that failed using pip on Ubuntu
vars:
packages:
python-linux-procfs: http://ftp.br.debian.org/debian/pool/main/p/python-linux-procfs/python-linux-procfs_0.6.1-1_amd64.deb
schedutils: http://ftp.br.debian.org/debian/pool/main/p/python-schedutils/python-schedutils_0.6-1_amd64.deb
urlgrabber: http://ftp.br.debian.org/debian/pool/main/u/urlgrabber/python-urlgrabber_3.10.2-1_all.deb
when: ansible_distribution == "Ubuntu"
block:
- name: download python packages on Ubuntu
get_url:
url: "{{ item.value }}"
dest: "/tmp/{{ item.key }}.deb"
loop: "{{ packages | dict2items }}"
- name: install python packages on Ubuntu
apt: "deb=/tmp/{{ item.key }}.deb"
loop: "{{ packages | dict2items }}"
become: yes
- name: install pygobject # 3.24
block:
- name: install pygobject dependencies
apt:
name:
- pkg-config
- libglib2.0-0
- libglib2.0-dev
- libgirepository1.0-dev
- libgtk-3-dev
- libcairo-gobject2
- gir1.2-freedesktop
- python3-cairo
- python3-cairo-dev
- python3-cairo-doc
state: present
update_cache: yes
become: yes
- unarchive:
src: https://ftp-stud.hs-esslingen.de/pub/Mirrors/ftp.gnome.org/sources/pygobject/3.22/pygobject-3.22.0.tar.xz
dest: /tmp/
remote_src: yes
- shell: ./configure; make; make install
args:
chdir: /tmp/pygobject-3.22.0/
become: yes
- name: install pycurl
apt:
name: python-pycurl
update_cache: yes
become: yes

- name: install some Ubuntu necessary dependencies
apt:
name:
- python-dev
- libattr1-dev # for pyxattr
- libgpgme11-dev # for pygpgme
- liblzma-dev # pyliblzma
state: present
update_cache: yes
become: yes
when: ansible_distribution == "Ubuntu"
- name: install dependencies
pip:
requirements: /tmp/requirements.txt
state: present
extra_args: "{{ local_pip | default(omit) }}"
executable: pip2
register: result
retries: "{{ number_of_retries }}"
until: result is succeeded
Expand All @@ -98,6 +222,7 @@
name: "{{ _docker_compose_package }}"
state: present
extra_args: "{{ local_pip | default(omit) }}"
executable: pip2
register: result
retries: "{{ number_of_retries }}"
until: result is succeeded
Expand Down Expand Up @@ -140,6 +265,15 @@
when: item.stat.exists
with_items: "{{ stats.results }}"

- name: install auditd on Ubuntu
apt:
name:
- auditd
- audispd-plugins
update-cache: yes
become: yes
when: ansible_distribution == 'Ubuntu'

- name: restart auditd
command: service auditd restart # noqa 303
become: yes
Expand All @@ -165,6 +299,7 @@
url: "{{ _docker_compose_completion_url }}"
dest: "/etc/bash_completion.d"
become: yes

- name: create the directory for docker images
file:
path: "{{ docker_images_dir }}"
Expand Down
13 changes: 12 additions & 1 deletion roles/infrastructure/docker/tasks/uninstall.yml
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
file:
name: "/etc/audit/rules.d/docker.rules"
state: absent
become: yes

- name: Restart auditd
command: service auditd restart # noqa 303
Expand All @@ -22,11 +23,19 @@
ignore_errors: yes
become: yes

- name: uninstall
- name: uninstall on CentOS
yum:
name: "{{ _docker_packages_to_remove }}"
state: absent
become: yes
when: ansible_distribution == "CentOS"

- name: uninstall on Ubuntu
apt:
name: docker.io
state: absent
become: yes
when: ansible_distribution == "Ubuntu"

- name: remove docker-compose
pip:
Expand Down Expand Up @@ -55,12 +64,14 @@
name: docker
state: absent
become: yes
when: ansible_distribution == "CentOS"

- name: clear yum cache
command: yum clean all
args:
warn: false
changed_when: true
when: ansible_distribution == "CentOS"

- name: remove group "docker"
group:
Expand Down
4 changes: 4 additions & 0 deletions roles/infrastructure/docker/templates/daemon.json.j2
Original file line number Diff line number Diff line change
Expand Up @@ -22,4 +22,8 @@
"Soft": 4096
}
}
}{% if ansible_distribution == 'Ubuntu' %},
{
"dns": ["8.8.8.8"]
}
{% endif %}
21 changes: 19 additions & 2 deletions roles/infrastructure/grub/tasks/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,12 @@
- name: set GRUB config path (BIOS)
set_fact:
grub_file_path: /boot/grub2/grub.cfg
when: ansible_distribution == "CentOS"

- name: set GRUB config path (BIOS)
set_fact:
grub_file_path: /boot/grub/grub.cfg
when: ansible_distribution == "Ubuntu"

- name: check if host is using EFI
stat:
Expand Down Expand Up @@ -40,25 +46,36 @@
command: grub2-mkconfig -o {{ grub_file_path }}
changed_when: true
become: yes
when: ansible_distribution == "CentOS"

- name: regenerate grub.cfg
command: grub-mkconfig -o {{ grub_file_path }}
changed_when: true
become: yes
when: ansible_distribution == "Ubuntu"

- name: get current CMDLINE
command: cat /proc/cmdline
register: current_cmdline
changed_when: false

- name: get future cmdline
- name: get future cmdline CentOS
shell: set -o pipefail && grubby --info=$(grubby --default-kernel) | grep args
register: future_cmdline
changed_when: false
become: yes
when: ansible_distribution == "CentOS"

- name: extract proper parts from the outputs
set_fact:
current_args: "{{ current_cmdline.stdout | regex_replace('BOOT_IMAGE=.*? root=.*? (.*)', '\\1') | trim }}"
future_args: "{{ future_cmdline.stdout | regex_replace('args=\"(.*)\"', '\\1') | trim }}"
when: ansible_distribution == "CentOS"

# role `conditional_reboot` checks if `perform_reboot` is defined, is so machine is rebooted
- name: request reboot (will be performed by `conditional_reboot` role)
set_fact:
perform_reboot: "{{ perform_reboot|default([]) + [ 'grub' ] }}"
when: current_args != future_args
when:
- ansible_distribution == "CentOS"
- current_args != future_args
1 change: 1 addition & 0 deletions roles/infrastructure/os_setup/tasks/add_yum_excludes.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,4 +10,5 @@
when:
- _os_yum_exclude_rpm_packages is defined
- _os_yum_exclude_rpm_packages|length > 0
- ansible_distribution == "CentOS"
become: yes
11 changes: 11 additions & 0 deletions roles/infrastructure/os_setup/tasks/change_default_sh_ubuntu.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@

---
- name: set bash as the default shell (sh)
when: ansible_distribution == 'Ubuntu'
become: yes
block:
- name: set dash/sh to false
shell: echo "dash dash/sh boolean false" | debconf-set-selections

- name: set the default sh as bash on Ubuntu
shell: dpkg-reconfigure -p critical dash
27 changes: 16 additions & 11 deletions roles/infrastructure/os_setup/tasks/disable_fingerprint.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,14 +2,19 @@
# Copyright (c) 2019-2020 Intel Corporation

---

- name: install authconfig
yum:
name: authconfig
state: present
become: yes

- name: disable fingerprint to avoid ssh timeout issues
command: authconfig --disablefingerprint --update
changed_when: false
become: yes
- name: disable fingerprint on CentOS
when: ansible_distribution == "CentOS"
block:
- name: debug os distribution
debug: msg=" OS Distribution {{ansible_distribution}}"

- name: install authconfig
yum:
name: authconfig
state: present
become: yes

- name: disable fingerprint to avoid ssh timeout issues
command: authconfig --disablefingerprint --update
changed_when: false
become: yes
Loading

0 comments on commit faee0b3

Please sign in to comment.