X-Git-Url: https://osm.etsi.org/gitweb/?a=blobdiff_plain;f=installers%2Fcharmed_install.sh;h=975cbbdcb8de601e10304f0ca1d92a9651564bf3;hb=d8b4673088b0a120e3e6a2dcdafd40aee8799662;hp=a1e5001f1efafaf9f919c334c26d6027c6dc615f;hpb=ce7b460470a5a68524533472dbb12beb5376281a;p=osm%2Fdevops.git diff --git a/installers/charmed_install.sh b/installers/charmed_install.sh index a1e5001f..975cbbdc 100755 --- a/installers/charmed_install.sh +++ b/installers/charmed_install.sh @@ -15,17 +15,20 @@ # set -eux -LXD_VERSION=4.0 +LXD_VERSION=5.0 JUJU_VERSION=2.9 -JUJU_AGENT_VERSION=2.9.22 +JUJU_AGENT_VERSION=2.9.43 K8S_CLOUD_NAME="k8s-cloud" KUBECTL="microk8s.kubectl" -MICROK8S_VERSION=1.23 +MICROK8S_VERSION=1.26 OSMCLIENT_VERSION=latest IMAGES_OVERLAY_FILE=~/.osm/images-overlay.yaml PASSWORD_OVERLAY_FILE=~/.osm/password-overlay.yaml PATH=/snap/bin:${PATH} OSM_DEVOPS="$( cd "$( dirname "${BASH_SOURCE[0]}" )"/.. &> /dev/null && pwd )" +INSTALL_PLA="" +PLA_OVERLAY_FILE=~/.osm/pla-overlay.yaml + if [ -f ${OSM_DEVOPS}/common/all_funcs ] ; then source ${OSM_DEVOPS}/common/all_funcs else @@ -41,7 +44,7 @@ MODEL_NAME=osm OSM_BUNDLE=ch:osm OSM_HA_BUNDLE=ch:osm-ha -CHARMHUB_CHANNEL=latest/edge +CHARMHUB_CHANNEL=latest/beta unset TAG function check_arguments(){ @@ -51,6 +54,7 @@ function check_arguments(){ --overlay) OVERLAY="$2" ;; --k8s) KUBECFG="$2" ;; --vca) CONTROLLER="$2" ;; + --small-profile) INSTALL_NOLXD=y;; --lxd) LXD_CLOUD="$2" ;; --lxd-cred) LXD_CREDENTIALS="$2" ;; --microstack) MICROSTACK=y ;; @@ -58,6 +62,7 @@ function check_arguments(){ --tag) TAG="$2" ;; --registry) REGISTRY_INFO="$2" ;; --only-vca) ONLY_VCA=y ;; + --pla) INSTALL_PLA=y ;; esac shift done @@ -132,7 +137,7 @@ EOF else sg ${KUBEGRP} -c "echo ${DEFAULT_IP}-${DEFAULT_IP} | microk8s.enable metallb" sg ${KUBEGRP} -c "microk8s.enable ingress" - sg ${KUBEGRP} -c "microk8s.enable storage dns" + sg ${KUBEGRP} -c "microk8s.enable hostpath-storage dns" TIME_TO_WAIT=30 start_time="$(date -u +%s)" while true @@ -157,30 +162,33 @@ EOF fi track bootstrap_k8s bootstrap_k8s_ok - if [ -v LXD_CLOUD ]; then - if [ ! -v LXD_CREDENTIALS ]; then - echo "The installer needs the LXD server certificate if the LXD is external" - FATAL_TRACK bootstrap_lxd "No LXD certificate supplied" - fi - else - LXDENDPOINT=$DEFAULT_IP - LXD_CLOUD=~/.osm/lxd-cloud.yaml - LXD_CREDENTIALS=~/.osm/lxd-credentials.yaml - # Apply sysctl production values for optimal performance - sudo cp /usr/share/osm-devops/installers/60-lxd-production.conf /etc/sysctl.d/60-lxd-production.conf - sudo sysctl --system - # Install LXD snap - sudo apt-get remove --purge -y liblxc1 lxc-common lxcfs lxd lxd-client - sudo snap install lxd --channel $LXD_VERSION/stable - # Configure LXD - sudo usermod -a -G lxd `whoami` - cat /usr/share/osm-devops/installers/lxd-preseed.conf | sed 's/^config: {}/config:\n core.https_address: '$LXDENDPOINT':8443/' | sg lxd -c "lxd init --preseed" - sg lxd -c "lxd waitready" - DEFAULT_MTU=$(ip addr show $DEFAULT_IF | perl -ne 'if (/mtu\s(\d+)/) {print $1;}') - sg lxd -c "lxc profile device set default eth0 mtu $DEFAULT_MTU" - sg lxd -c "lxc network set lxdbr0 bridge.mtu $DEFAULT_MTU" - - cat << EOF > $LXD_CLOUD + if [ ! -v INSTALL_NOLXD ]; then + if [ -v LXD_CLOUD ]; then + if [ ! -v LXD_CREDENTIALS ]; then + echo "The installer needs the LXD server certificate if the LXD is external" + FATAL_TRACK bootstrap_lxd "No LXD certificate supplied" + fi + else + LXDENDPOINT=$DEFAULT_IP + LXD_CLOUD=~/.osm/lxd-cloud.yaml + LXD_CREDENTIALS=~/.osm/lxd-credentials.yaml + # Apply sysctl production values for optimal performance + sudo cp /usr/share/osm-devops/installers/60-lxd-production.conf /etc/sysctl.d/60-lxd-production.conf + sudo sysctl --system + # Install LXD snap + sudo apt-get remove --purge -y liblxc1 lxc-common lxcfs lxd lxd-client + snap info lxd | grep installed > /dev/null + if [ $? -eq 0 ]; then + sudo snap refresh lxd --channel $LXD_VERSION/stable + else + sudo snap install lxd --channel $LXD_VERSION/stable + fi + # Configure LXD + sudo usermod -a -G lxd `whoami` + cat /usr/share/osm-devops/installers/lxd-preseed.conf | sed 's/^config: {}/config:\n core.https_address: '$LXDENDPOINT':8443/' | sg lxd -c "lxd init --preseed" + sg lxd -c "lxd waitready" + + cat << EOF > $LXD_CLOUD clouds: lxd-cloud: type: lxd @@ -189,31 +197,25 @@ clouds: config: ssl-hostname-verification: false EOF - openssl req -nodes -new -x509 -keyout ~/.osm/client.key -out ~/.osm/client.crt -days 365 -subj "/C=FR/ST=Nice/L=Nice/O=ETSI/OU=OSM/CN=osm.etsi.org" - local server_cert=`cat /var/snap/lxd/common/lxd/server.crt | sed 's/^/ /'` - local client_cert=`cat ~/.osm/client.crt | sed 's/^/ /'` - local client_key=`cat ~/.osm/client.key | sed 's/^/ /'` - - cat << EOF > $LXD_CREDENTIALS + openssl req -nodes -new -x509 -keyout ~/.osm/client.key -out ~/.osm/client.crt -days 365 -subj "/C=FR/ST=Nice/L=Nice/O=ETSI/OU=OSM/CN=osm.etsi.org" + cat << EOF > $LXD_CREDENTIALS credentials: lxd-cloud: lxd-cloud: auth-type: certificate - server-cert: | -$server_cert - client-cert: | -$client_cert - client-key: | -$client_key + server-cert: /var/snap/lxd/common/lxd/server.crt + client-cert: ~/.osm/client.crt + client-key: ~/.osm/client.key EOF - lxc config trust add local: ~/.osm/client.crt + lxc config trust add local: ~/.osm/client.crt + fi + + juju add-cloud -c $CONTROLLER_NAME lxd-cloud $LXD_CLOUD --force + juju add-credential -c $CONTROLLER_NAME lxd-cloud -f $LXD_CREDENTIALS + sg lxd -c "lxd waitready" + juju controller-config features=[k8s-operators] + track bootstrap_lxd bootstrap_lxd_ok fi - - juju add-cloud -c $CONTROLLER_NAME lxd-cloud $LXD_CLOUD --force - juju add-credential -c $CONTROLLER_NAME lxd-cloud -f $LXD_CREDENTIALS - sg lxd -c "lxd waitready" - juju controller-config features=[k8s-operators] - track bootstrap_lxd bootstrap_lxd_ok } function deploy_charmed_osm(){ @@ -258,10 +260,12 @@ function deploy_charmed_osm(){ generate_password_overlay && secret_overlay="--overlay $PASSWORD_OVERLAY_FILE" + [ -n "$INSTALL_PLA" ] && create_pla_overlay && pla_overlay="--overlay $PLA_OVERLAY_FILE" + if [ -v BUNDLE ]; then - juju deploy --trust --channel $CHARMHUB_CHANNEL -m $MODEL_NAME $BUNDLE --overlay ~/.osm/vca-overlay.yaml $images_overlay $extra_overlay $secret_overlay + juju deploy --trust --channel $CHARMHUB_CHANNEL -m $MODEL_NAME $BUNDLE $images_overlay $extra_overlay $secret_overlay $pla_overlay else - juju deploy --trust --channel $CHARMHUB_CHANNEL -m $MODEL_NAME $OSM_BUNDLE --overlay ~/.osm/vca-overlay.yaml $images_overlay $extra_overlay $secret_overlay + juju deploy --trust --channel $CHARMHUB_CHANNEL -m $MODEL_NAME $OSM_BUNDLE $images_overlay $extra_overlay $secret_overlay $pla_overlay fi if [ ! -v KUBECFG ]; then @@ -274,25 +278,90 @@ function deploy_charmed_osm(){ hostport="$(echo ${url/$user@/} | cut -d/ -f1)" API_SERVER="$(echo $hostport | sed -e 's,:.*,,g')" fi - # Expose OSM services - juju config -m $MODEL_NAME nbi site_url=https://nbi.${API_SERVER}.nip.io - juju config -m $MODEL_NAME ng-ui site_url=https://ui.${API_SERVER}.nip.io - juju config -m $MODEL_NAME grafana site_url=https://grafana.${API_SERVER}.nip.io - juju config -m $MODEL_NAME prometheus site_url=https://prometheus.${API_SERVER}.nip.io + configure_vca_integrator + expose_osm_services echo "Waiting for deployment to finish..." - check_osm_deployed - grafana_leader=`juju status -m $MODEL_NAME grafana | grep "*" | cut -d "*" -f 1` - grafana_admin_password=`juju run -m $MODEL_NAME --unit $grafana_leader "echo \\$GF_SECURITY_ADMIN_PASSWORD"` - juju config -m $MODEL_NAME mon grafana_password=$grafana_admin_password - check_osm_deployed + check_osm_deployed_before_config + config_grafana_and_prometheus + check_osm_deployed_after_config echo "OSM with charms deployed" } -function check_osm_deployed() { +function configure_vca_integrator(){ + if [ ! -v INSTALL_NOLXD ]; then + juju config vca \ + k8s-cloud=microk8s \ + lxd-cloud=lxd-cloud:lxd-cloud \ + controllers="`cat ~/.local/share/juju/controllers.yaml`" \ + accounts="`cat ~/.local/share/juju/accounts.yaml`" \ + public-key="`cat ~/.local/share/juju/ssh/juju_id_rsa.pub`" + else + juju config vca \ + k8s-cloud=microk8s \ + controllers="`cat ~/.local/share/juju/controllers.yaml`" \ + accounts="`cat ~/.local/share/juju/accounts.yaml`" \ + public-key="`cat ~/.local/share/juju/ssh/juju_id_rsa.pub`" + fi +} + +function expose_osm_services(){ + juju config -m $MODEL_NAME nbi external-hostname=nbi.${API_SERVER}.nip.io + juju config -m $MODEL_NAME ng-ui external-hostname=ui.${API_SERVER}.nip.io + juju config -m $MODEL_NAME grafana web_external_url=https://grafana.${API_SERVER}.nip.io +} + +function config_grafana_and_prometheus() { + echo "Setting Grafana and Prometheus configuration" + grafana_leader=`juju status -m $MODEL_NAME grafana | grep "*" | cut -d "*" -f 1` + grafana_admin_password=`juju run-action -m $MODEL_NAME $grafana_leader get-admin-password --wait | grep "admin-password" | cut -d ":" -f 2` + juju config -m $MODEL_NAME mon grafana-password="$grafana_admin_password" + juju config -m $MODEL_NAME mon grafana-user=admin + juju config -m $MODEL_NAME mon grafana-url=http://grafana:3000 + prometheus_url="http://prometheus:9090" + juju config -m $MODEL_NAME mon prometheus-url=$prometheus_url + juju config -m $MODEL_NAME nbi prometheus-url=$prometheus_url + mon_leader=`juju status -m $MODEL_NAME mon | grep "*" | cut -d "*" -f 1` + juju run-action --m $MODEL_NAME $mon_leader create-datasource name=osm_prometheus url=$prometheus_url --wait +} + +function check_osm_deployed_before_config() { TIME_TO_WAIT=600 start_time="$(date -u +%s)" - total_service_count=14 + total_active_services=13 + [ -n "$INSTALL_PLA" ] && total_active_services=$((total_active_services + 1)) + previous_count=0 + while true + do + juju_status=$(juju status --format json -m $MODEL_NAME) + active_service_count=$(echo $juju_status | jq '.applications[]."application-status".current'| grep active | wc -l) + echo "$active_service_count / $total_active_services services active" + if [ $active_service_count -eq $total_active_services ]; then + mon_is_blocked=$(echo $juju_status | jq '.applications["mon"].units[]."workload-status".current' | grep blocked | wc -l) + nbi_is_blocked=$(echo $juju_status | jq '.applications["nbi"].units[]."workload-status".current' | grep blocked | wc -l) + if [ $mon_is_blocked -a $nbi_is_blocked ]; then + echo "MON and NBI are blocked" + break + fi + fi + if [ $active_service_count -ne $previous_count ]; then + previous_count=$active_service_count + start_time="$(date -u +%s)" + fi + now="$(date -u +%s)" + if [[ $(( now - start_time )) -gt $TIME_TO_WAIT ]];then + echo "Timed out waiting for OSM services to become ready" + FATAL_TRACK deploy_osm "Timed out waiting for services to become ready" + fi + sleep 10 + done +} + +function check_osm_deployed_after_config() { + TIME_TO_WAIT=600 + start_time="$(date -u +%s)" + total_service_count=15 + [ -n "$INSTALL_PLA" ] && total_service_count=$((total_service_count + 1)) previous_count=0 while true do @@ -315,20 +384,15 @@ function check_osm_deployed() { } function generate_password_overlay() { - # prometheus - web_config_password=`openssl rand -base64 16` # keystone - keystone_db_password=`openssl rand -base64 16` - keystone_admin_password=`openssl rand -base64 16` - keystone_service_password=`openssl rand -base64 16` + keystone_db_password=`openssl rand -hex 16` + keystone_admin_password=`openssl rand -hex 16` + keystone_service_password=`openssl rand -hex 16` # mariadb mariadb_password=`openssl rand -hex 16` mariadb_root_password=`openssl rand -hex 16` cat << EOF > /tmp/password-overlay.yaml applications: - prometheus: - options: - web_config_password: $web_config_password keystone: options: keystone-db-password: $keystone_db_password @@ -342,50 +406,34 @@ EOF mv /tmp/password-overlay.yaml $PASSWORD_OVERLAY_FILE } -function create_overlay() { - sudo snap install jq - sudo snap install yq - local HOME=/home/$USER - local vca_user=$(cat $HOME/.local/share/juju/accounts.yaml | yq e .controllers.$CONTROLLER_NAME.user - ) - local vca_secret=$(cat $HOME/.local/share/juju/accounts.yaml | yq e .controllers.$CONTROLLER_NAME.password - ) - local vca_host=$(cat $HOME/.local/share/juju/controllers.yaml | yq e .controllers.$CONTROLLER_NAME.api-endpoints[0] - | cut -d ":" -f 1) - local vca_port=$(cat $HOME/.local/share/juju/controllers.yaml | yq e .controllers.$CONTROLLER_NAME.api-endpoints[0] - | cut -d ":" -f 2) - local vca_pubkey=\"$(cat $HOME/.local/share/juju/ssh/juju_id_rsa.pub)\" - local vca_cloud="lxd-cloud" - # Get the VCA Certificate - local vca_cacert=$(cat $HOME/.local/share/juju/controllers.yaml | yq e .controllers.$CONTROLLER_NAME.ca-cert - | base64 | tr -d \\n) - - # Calculate the default route of this machine - local DEFAULT_IF=`ip route list match 0.0.0.0 | awk '{print $5}'` - - # Generate a new overlay.yaml, overriding any existing one - cat << EOF > /tmp/vca-overlay.yaml +function create_pla_overlay(){ + echo "Creating PLA Overlay" + [ $BUNDLE == $OSM_HA_BUNDLE ] && scale=3 || scale=1 + cat << EOF > /tmp/pla-overlay.yaml applications: - lcm: - options: - vca_user: $vca_user - vca_secret: $vca_secret - vca_host: $vca_host - vca_port: $vca_port - vca_pubkey: $vca_pubkey - vca_cacert: $vca_cacert - vca_cloud: $vca_cloud - vca_k8s_cloud: $K8S_CLOUD_NAME - mon: + pla: + charm: osm-pla + channel: latest/stable + scale: $scale + series: kubernetes options: - vca_user: $vca_user - vca_secret: $vca_secret - vca_host: $vca_host - vca_cacert: $vca_cacert + log_level: DEBUG + resources: + image: opensourcemano/pla:testing-daily +relations: + - - pla:kafka + - kafka:kafka + - - pla:mongodb + - mongodb:database EOF - mv /tmp/vca-overlay.yaml ~/.osm/ - OSM_VCA_HOST=$vca_host + mv /tmp/pla-overlay.yaml $PLA_OVERLAY_FILE } function generate_images_overlay(){ echo "applications:" > /tmp/images-overlay.yaml - charms_with_resources="nbi lcm mon pol ng-ui ro pla" + charms_with_resources="nbi lcm mon pol ng-ui ro" + [ -n "$INSTALL_PLA" ] && charms_with_resources+=" pla" for charm in $charms_with_resources; do cat << EOF > /tmp/${charm}_registry.yaml registrypath: ${REGISTRY_URL}opensourcemano/${charm}:$TAG @@ -398,7 +446,7 @@ EOF cat << EOF >> /tmp/images-overlay.yaml ${charm}: resources: - image: /tmp/${charm}_registry.yaml + ${charm}-image: /tmp/${charm}_registry.yaml EOF done @@ -539,27 +587,22 @@ check_arguments $@ mkdir -p ~/.osm install_snaps bootstrap_k8s_lxd -create_overlay if [ -v ONLY_VCA ]; then HOME=/home/$USER - vca_user=$(cat $HOME/.local/share/juju/accounts.yaml | yq e .controllers.$CONTROLLER_NAME.user - ) - vca_secret=$(cat $HOME/.local/share/juju/accounts.yaml | yq e .controllers.$CONTROLLER_NAME.password - ) - vca_host=$(cat $HOME/.local/share/juju/controllers.yaml | yq e .controllers.$CONTROLLER_NAME.api-endpoints[0] - | cut -d ":" -f 1) - vca_port=$(cat $HOME/.local/share/juju/controllers.yaml | yq e .controllers.$CONTROLLER_NAME.api-endpoints[0] - | cut -d ":" -f 2) - vca_pubkey=\"$(cat $HOME/.local/share/juju/ssh/juju_id_rsa.pub)\" - vca_cloud="lxd-cloud" - vca_cacert=$(cat $HOME/.local/share/juju/controllers.yaml | yq e .controllers.$CONTROLLER_NAME.ca-cert - | base64 | tr -d \\n) - hostname=`cat /etc/hostname` - - echo "Use the following command to register the installed VCA to your OSM:" - echo -e " osm vca-add --endpoints $vca_host:$vca_port \\\n --user $vca_user \\\n --secret $vca_secret \\\n --cacert $vca_cacert \\\n --lxd-cloud lxd-cloud \\\n --lxd-credentials lxd-cloud \\\n --k8s-cloud microk8s \\\n --k8s-credentials microk8s\\\n $hostname-vca" + k8scloud=microk8s + lxdcloud=lxd-cloud:lxd-cloud + controllers="`cat $HOME/.local/share/juju/controllers.yaml`" + accounts="`cat $HOME/.local/share/juju/accounts.yaml`" + publickey="`cat $HOME/.local/share/juju/ssh/juju_id_rsa.pub`" + echo "Use the following command to register the installed VCA to your OSM VCA integrator charm" + echo -e " juju config vca \\\n k8s-cloud=$k8scloud \\\n lxd-cloud=$lxdcloud \\\n controllers=$controllers \\\n accounts=$accounts \\\n public-key=$publickey" track deploy_osm deploy_vca_only_ok else deploy_charmed_osm track deploy_osm deploy_osm_services_k8s_ok install_osmclient track osmclient osmclient_ok - export OSM_HOSTNAME=$(juju config -m $MODEL_NAME nbi site_url | sed "s/http.*\?:\/\///"):443 + export OSM_HOSTNAME=$(juju config -m $MODEL_NAME nbi external-hostname):443 export OSM_PASSWORD=$keystone_admin_password sleep 10 add_local_k8scluster