X-Git-Url: https://osm.etsi.org/gitweb/?a=blobdiff_plain;f=installers%2Fcharmed_install.sh;h=844e64630e0cee3b58402ca9c382dc8b34034e78;hb=abef99c585c997ec39a2eba77cca75edef9880fd;hp=a1e5001f1efafaf9f919c334c26d6027c6dc615f;hpb=ce7b460470a5a68524533472dbb12beb5376281a;p=osm%2Fdevops.git diff --git a/installers/charmed_install.sh b/installers/charmed_install.sh index a1e5001f..844e6463 100755 --- a/installers/charmed_install.sh +++ b/installers/charmed_install.sh @@ -17,7 +17,7 @@ LXD_VERSION=4.0 JUJU_VERSION=2.9 -JUJU_AGENT_VERSION=2.9.22 +JUJU_AGENT_VERSION=2.9.33 K8S_CLOUD_NAME="k8s-cloud" KUBECTL="microk8s.kubectl" MICROK8S_VERSION=1.23 @@ -41,7 +41,7 @@ MODEL_NAME=osm OSM_BUNDLE=ch:osm OSM_HA_BUNDLE=ch:osm-ha -CHARMHUB_CHANNEL=latest/edge +CHARMHUB_CHANNEL=latest/beta unset TAG function check_arguments(){ @@ -51,6 +51,7 @@ function check_arguments(){ --overlay) OVERLAY="$2" ;; --k8s) KUBECFG="$2" ;; --vca) CONTROLLER="$2" ;; + --small-profile) INSTALL_NOLXD=y;; --lxd) LXD_CLOUD="$2" ;; --lxd-cred) LXD_CREDENTIALS="$2" ;; --microstack) MICROSTACK=y ;; @@ -157,30 +158,31 @@ EOF fi track bootstrap_k8s bootstrap_k8s_ok - if [ -v LXD_CLOUD ]; then - if [ ! -v LXD_CREDENTIALS ]; then - echo "The installer needs the LXD server certificate if the LXD is external" - FATAL_TRACK bootstrap_lxd "No LXD certificate supplied" - fi - else - LXDENDPOINT=$DEFAULT_IP - LXD_CLOUD=~/.osm/lxd-cloud.yaml - LXD_CREDENTIALS=~/.osm/lxd-credentials.yaml - # Apply sysctl production values for optimal performance - sudo cp /usr/share/osm-devops/installers/60-lxd-production.conf /etc/sysctl.d/60-lxd-production.conf - sudo sysctl --system - # Install LXD snap - sudo apt-get remove --purge -y liblxc1 lxc-common lxcfs lxd lxd-client - sudo snap install lxd --channel $LXD_VERSION/stable - # Configure LXD - sudo usermod -a -G lxd `whoami` - cat /usr/share/osm-devops/installers/lxd-preseed.conf | sed 's/^config: {}/config:\n core.https_address: '$LXDENDPOINT':8443/' | sg lxd -c "lxd init --preseed" - sg lxd -c "lxd waitready" - DEFAULT_MTU=$(ip addr show $DEFAULT_IF | perl -ne 'if (/mtu\s(\d+)/) {print $1;}') - sg lxd -c "lxc profile device set default eth0 mtu $DEFAULT_MTU" - sg lxd -c "lxc network set lxdbr0 bridge.mtu $DEFAULT_MTU" - - cat << EOF > $LXD_CLOUD + if [ ! -v INSTALL_NOLXD ]; then + if [ -v LXD_CLOUD ]; then + if [ ! -v LXD_CREDENTIALS ]; then + echo "The installer needs the LXD server certificate if the LXD is external" + FATAL_TRACK bootstrap_lxd "No LXD certificate supplied" + fi + else + LXDENDPOINT=$DEFAULT_IP + LXD_CLOUD=~/.osm/lxd-cloud.yaml + LXD_CREDENTIALS=~/.osm/lxd-credentials.yaml + # Apply sysctl production values for optimal performance + sudo cp /usr/share/osm-devops/installers/60-lxd-production.conf /etc/sysctl.d/60-lxd-production.conf + sudo sysctl --system + # Install LXD snap + sudo apt-get remove --purge -y liblxc1 lxc-common lxcfs lxd lxd-client + sudo snap install lxd --channel $LXD_VERSION/stable + # Configure LXD + sudo usermod -a -G lxd `whoami` + cat /usr/share/osm-devops/installers/lxd-preseed.conf | sed 's/^config: {}/config:\n core.https_address: '$LXDENDPOINT':8443/' | sg lxd -c "lxd init --preseed" + sg lxd -c "lxd waitready" + DEFAULT_MTU=$(ip addr show $DEFAULT_IF | perl -ne 'if (/mtu\s(\d+)/) {print $1;}') + sg lxd -c "lxc profile device set default eth0 mtu $DEFAULT_MTU" + sg lxd -c "lxc network set lxdbr0 bridge.mtu $DEFAULT_MTU" + + cat << EOF > $LXD_CLOUD clouds: lxd-cloud: type: lxd @@ -189,31 +191,25 @@ clouds: config: ssl-hostname-verification: false EOF - openssl req -nodes -new -x509 -keyout ~/.osm/client.key -out ~/.osm/client.crt -days 365 -subj "/C=FR/ST=Nice/L=Nice/O=ETSI/OU=OSM/CN=osm.etsi.org" - local server_cert=`cat /var/snap/lxd/common/lxd/server.crt | sed 's/^/ /'` - local client_cert=`cat ~/.osm/client.crt | sed 's/^/ /'` - local client_key=`cat ~/.osm/client.key | sed 's/^/ /'` - - cat << EOF > $LXD_CREDENTIALS + openssl req -nodes -new -x509 -keyout ~/.osm/client.key -out ~/.osm/client.crt -days 365 -subj "/C=FR/ST=Nice/L=Nice/O=ETSI/OU=OSM/CN=osm.etsi.org" + cat << EOF > $LXD_CREDENTIALS credentials: lxd-cloud: lxd-cloud: auth-type: certificate - server-cert: | -$server_cert - client-cert: | -$client_cert - client-key: | -$client_key + server-cert: /var/snap/lxd/common/lxd/server.crt + client-cert: ~/.osm/client.crt + client-key: ~/.osm/client.key EOF - lxc config trust add local: ~/.osm/client.crt + lxc config trust add local: ~/.osm/client.crt + fi + + juju add-cloud -c $CONTROLLER_NAME lxd-cloud $LXD_CLOUD --force + juju add-credential -c $CONTROLLER_NAME lxd-cloud -f $LXD_CREDENTIALS + sg lxd -c "lxd waitready" + juju controller-config features=[k8s-operators] + track bootstrap_lxd bootstrap_lxd_ok fi - - juju add-cloud -c $CONTROLLER_NAME lxd-cloud $LXD_CLOUD --force - juju add-credential -c $CONTROLLER_NAME lxd-cloud -f $LXD_CREDENTIALS - sg lxd -c "lxd waitready" - juju controller-config features=[k8s-operators] - track bootstrap_lxd bootstrap_lxd_ok } function deploy_charmed_osm(){ @@ -259,9 +255,9 @@ function deploy_charmed_osm(){ generate_password_overlay && secret_overlay="--overlay $PASSWORD_OVERLAY_FILE" if [ -v BUNDLE ]; then - juju deploy --trust --channel $CHARMHUB_CHANNEL -m $MODEL_NAME $BUNDLE --overlay ~/.osm/vca-overlay.yaml $images_overlay $extra_overlay $secret_overlay + juju deploy --trust --channel $CHARMHUB_CHANNEL -m $MODEL_NAME $BUNDLE $images_overlay $extra_overlay $secret_overlay else - juju deploy --trust --channel $CHARMHUB_CHANNEL -m $MODEL_NAME $OSM_BUNDLE --overlay ~/.osm/vca-overlay.yaml $images_overlay $extra_overlay $secret_overlay + juju deploy --trust --channel $CHARMHUB_CHANNEL -m $MODEL_NAME $OSM_BUNDLE $images_overlay $extra_overlay $secret_overlay fi if [ ! -v KUBECFG ]; then @@ -274,9 +270,16 @@ function deploy_charmed_osm(){ hostport="$(echo ${url/$user@/} | cut -d/ -f1)" API_SERVER="$(echo $hostport | sed -e 's,:.*,,g')" fi + # Configure VCA Integrator + juju config vca \ + k8s-cloud=microk8s \ + lxd-cloud=lxd-cloud:lxd-cloud \ + controllers="`cat ~/.local/share/juju/controllers.yaml`" \ + accounts="`cat ~/.local/share/juju/accounts.yaml`" \ + public-key="`cat ~/.local/share/juju/ssh/juju_id_rsa.pub`" # Expose OSM services - juju config -m $MODEL_NAME nbi site_url=https://nbi.${API_SERVER}.nip.io - juju config -m $MODEL_NAME ng-ui site_url=https://ui.${API_SERVER}.nip.io + juju config -m $MODEL_NAME nbi external-hostname=nbi.${API_SERVER}.nip.io + juju config -m $MODEL_NAME ng-ui external-hostname=ui.${API_SERVER}.nip.io juju config -m $MODEL_NAME grafana site_url=https://grafana.${API_SERVER}.nip.io juju config -m $MODEL_NAME prometheus site_url=https://prometheus.${API_SERVER}.nip.io @@ -284,7 +287,7 @@ function deploy_charmed_osm(){ check_osm_deployed grafana_leader=`juju status -m $MODEL_NAME grafana | grep "*" | cut -d "*" -f 1` grafana_admin_password=`juju run -m $MODEL_NAME --unit $grafana_leader "echo \\$GF_SECURITY_ADMIN_PASSWORD"` - juju config -m $MODEL_NAME mon grafana_password=$grafana_admin_password + juju config -m $MODEL_NAME mon grafana-password=$grafana_admin_password check_osm_deployed echo "OSM with charms deployed" } @@ -292,7 +295,7 @@ function deploy_charmed_osm(){ function check_osm_deployed() { TIME_TO_WAIT=600 start_time="$(date -u +%s)" - total_service_count=14 + total_service_count=16 previous_count=0 while true do @@ -316,11 +319,11 @@ function check_osm_deployed() { function generate_password_overlay() { # prometheus - web_config_password=`openssl rand -base64 16` + web_config_password=`openssl rand -hex 16` # keystone - keystone_db_password=`openssl rand -base64 16` - keystone_admin_password=`openssl rand -base64 16` - keystone_service_password=`openssl rand -base64 16` + keystone_db_password=`openssl rand -hex 16` + keystone_admin_password=`openssl rand -hex 16` + keystone_service_password=`openssl rand -hex 16` # mariadb mariadb_password=`openssl rand -hex 16` mariadb_root_password=`openssl rand -hex 16` @@ -342,46 +345,6 @@ EOF mv /tmp/password-overlay.yaml $PASSWORD_OVERLAY_FILE } -function create_overlay() { - sudo snap install jq - sudo snap install yq - local HOME=/home/$USER - local vca_user=$(cat $HOME/.local/share/juju/accounts.yaml | yq e .controllers.$CONTROLLER_NAME.user - ) - local vca_secret=$(cat $HOME/.local/share/juju/accounts.yaml | yq e .controllers.$CONTROLLER_NAME.password - ) - local vca_host=$(cat $HOME/.local/share/juju/controllers.yaml | yq e .controllers.$CONTROLLER_NAME.api-endpoints[0] - | cut -d ":" -f 1) - local vca_port=$(cat $HOME/.local/share/juju/controllers.yaml | yq e .controllers.$CONTROLLER_NAME.api-endpoints[0] - | cut -d ":" -f 2) - local vca_pubkey=\"$(cat $HOME/.local/share/juju/ssh/juju_id_rsa.pub)\" - local vca_cloud="lxd-cloud" - # Get the VCA Certificate - local vca_cacert=$(cat $HOME/.local/share/juju/controllers.yaml | yq e .controllers.$CONTROLLER_NAME.ca-cert - | base64 | tr -d \\n) - - # Calculate the default route of this machine - local DEFAULT_IF=`ip route list match 0.0.0.0 | awk '{print $5}'` - - # Generate a new overlay.yaml, overriding any existing one - cat << EOF > /tmp/vca-overlay.yaml -applications: - lcm: - options: - vca_user: $vca_user - vca_secret: $vca_secret - vca_host: $vca_host - vca_port: $vca_port - vca_pubkey: $vca_pubkey - vca_cacert: $vca_cacert - vca_cloud: $vca_cloud - vca_k8s_cloud: $K8S_CLOUD_NAME - mon: - options: - vca_user: $vca_user - vca_secret: $vca_secret - vca_host: $vca_host - vca_cacert: $vca_cacert -EOF - mv /tmp/vca-overlay.yaml ~/.osm/ - OSM_VCA_HOST=$vca_host -} - function generate_images_overlay(){ echo "applications:" > /tmp/images-overlay.yaml @@ -539,27 +502,22 @@ check_arguments $@ mkdir -p ~/.osm install_snaps bootstrap_k8s_lxd -create_overlay if [ -v ONLY_VCA ]; then HOME=/home/$USER - vca_user=$(cat $HOME/.local/share/juju/accounts.yaml | yq e .controllers.$CONTROLLER_NAME.user - ) - vca_secret=$(cat $HOME/.local/share/juju/accounts.yaml | yq e .controllers.$CONTROLLER_NAME.password - ) - vca_host=$(cat $HOME/.local/share/juju/controllers.yaml | yq e .controllers.$CONTROLLER_NAME.api-endpoints[0] - | cut -d ":" -f 1) - vca_port=$(cat $HOME/.local/share/juju/controllers.yaml | yq e .controllers.$CONTROLLER_NAME.api-endpoints[0] - | cut -d ":" -f 2) - vca_pubkey=\"$(cat $HOME/.local/share/juju/ssh/juju_id_rsa.pub)\" - vca_cloud="lxd-cloud" - vca_cacert=$(cat $HOME/.local/share/juju/controllers.yaml | yq e .controllers.$CONTROLLER_NAME.ca-cert - | base64 | tr -d \\n) - hostname=`cat /etc/hostname` - - echo "Use the following command to register the installed VCA to your OSM:" - echo -e " osm vca-add --endpoints $vca_host:$vca_port \\\n --user $vca_user \\\n --secret $vca_secret \\\n --cacert $vca_cacert \\\n --lxd-cloud lxd-cloud \\\n --lxd-credentials lxd-cloud \\\n --k8s-cloud microk8s \\\n --k8s-credentials microk8s\\\n $hostname-vca" + k8scloud=microk8s + lxdcloud=lxd-cloud:lxd-cloud + controllers="`cat $HOME/.local/share/juju/controllers.yaml`" + accounts="`cat $HOME/.local/share/juju/accounts.yaml`" + publickey="`cat $HOME/.local/share/juju/ssh/juju_id_rsa.pub`" + echo "Use the following command to register the installed VCA to your OSM VCA integrator charm" + echo -e " juju config vca \\\n k8s-cloud=$k8scloud \\\n lxd-cloud=$lxdcloud \\\n controllers=$controllers \\\n accounts=$accounts \\\n public-key=$publickey" track deploy_osm deploy_vca_only_ok else deploy_charmed_osm track deploy_osm deploy_osm_services_k8s_ok install_osmclient track osmclient osmclient_ok - export OSM_HOSTNAME=$(juju config -m $MODEL_NAME nbi site_url | sed "s/http.*\?:\/\///"):443 + export OSM_HOSTNAME=$(juju config -m $MODEL_NAME nbi external-hostname):443 export OSM_PASSWORD=$keystone_admin_password sleep 10 add_local_k8scluster