forked from karampok/telco-ocp-lab
-
Notifications
You must be signed in to change notification settings - Fork 0
272 lines (256 loc) · 10.5 KB
/
ztp-compact.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
---
run-name: ztp-compact-${{ github.ref_name }}-${{ github.event_name }}
name: ztp-compact
on: # yamllint disable-line rule:truthy
push:
branches:
- dev
- main
# schedule:
# - cron: '0 */4 * * *'
workflow_dispatch:
jobs:
stage0:
name: ZTP E2E
runs-on: [self-hosted, green]
outputs:
RUNNER: ${{ runner.name }}
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
token: ${{ secrets.GITHUB_TOKEN }}
- name: Clean Virtual Infra
run: |
./sinfra --clean -auto-timeout 0s --continue-on-error
env:
HOME: /root
- name: Setup Virtual Infra - ${{ runner.name }}
run: |
echo '${{ secrets.PULL_SECRET }}' > .pull-secret.json
echo '${{ secrets.WG_AUTH }}' > .wg-auth
./sinfra --setupInfra -auto-timeout 0s
virsh dumpxml 5gc-w0|grep emulator
env:
HOME: /root
# - name: Reserve Runner
# run: |
# podman exec workstation bash -ce '
# GITHUB_TOKEN='${{ secrets.GH_TOKEN }}' ./bin/label-runner.sh ${{ runner.name }} -green +taken -ready
stage1:
name: Deploy SNO Cluster - ${{needs.stage0.outputs.RUNNER}}
runs-on: ${{needs.stage0.outputs.RUNNER}}
needs: [stage0]
if: needs.stage0.result == 'success'
steps:
- name: Deploy SNO using agent-based - OCP 4.14.6 / gitops 1.9
timeout-minutes: 40
run: |
podman exec workstation bash -ce '
curl https://mirror.openshift.com/pub/openshift-v4/clients/ocp/4.14.6/openshift-install-linux-4.14.6.tar.gz -o openshift-install-linux.tar.gz
tar xvfz openshift-install-linux.tar.gz
mv openshift-install /usr/bin/
chmod +x /usr/bin/openshift-install
./deploy-ocp.sh
export KUBECONFIG=/share/hub/auth/kubeconfig
openshift-install agent wait-for install-complete --log-level info --dir /share/hub
oc get clusterversion && oc get co && oc get ns openshift-gitops || true
echo "${{ secrets.CI_SSH_KEY }}" > ~/.ssh/id_rsa && chmod 600 ~/.ssh/id_rsa
'
echo "wget http://10.0.0.1:9000/hub/auth/kubeconfig -O ~/.kube/hub.yaml"
echo "curl -s http://10.0.0.1:9000/hub/auth/kubeadmin-\password | xsel --input --clipboard"
stage1a:
name: Install Gitops Operator - ${{needs.stage0.outputs.RUNNER}}
runs-on: ${{needs.stage0.outputs.RUNNER}}
needs: [stage0, stage1]
if: needs.stage1.result == 'success'
steps:
- name: Verify gitops 1.9
timeout-minutes: 40
run: |
podman exec workstation bash -ce '
oc get ns openshift-gitops
oc -n openshift-operators delete pods --all
'
stage2:
name: Provision HUB Cluster
runs-on: ${{needs.stage0.outputs.RUNNER}}
needs: [stage0, stage1a]
if: needs.stage1.result == 'success'
timeout-minutes: 20
steps:
- name: Install ACM / LVM / TALM using gitops - release-2.9 / stable-4.1 / stable
timeout-minutes: 10
run: |
podman exec workstation bash -ce '
until oc get Application 2>/dev/null; do sleep 30; done
oc apply -f hub/hub-provision-argoapp.yaml
'
- name: Install ZTP - point to ${{ github.sha }}
run: |
podman exec workstation bash -ce '
BRANCH=${{ github.sha }} PULL_SECRET_PATH=.pull-secret.json ./hub/install-ztp.sh
'
- name: Wait HUB to be read
run: |
podman exec workstation bash -ce '
sleep 240
until oc get MultiClusterHub 2>/dev/null; do sleep 30; done
until oc get LVMCluster 2>/dev/null; do sleep 30; done
until oc -n openshift-storage get lvmcluster 2>/dev/null; do sleep 30; done
oc -n openshift-storage wait lvmcluster lvmcluster --for=jsonpath='{.status.state}'=Ready --timeout=1200s
oc -n open-cluster-management wait MultiClusterHub multiclusterhub --for=jsonpath='{.status.phase}'=Running --timeout=1200s
'
- name: Review argocd sync
run: |
podman exec workstation bash -ce '
pass=$(oc get secret -n openshift-gitops openshift-gitops-cluster -o jsonpath="{.data.admin\.password}" |base64 -d)
argocd login openshift-gitops-server-openshift-gitops.apps.hub.eric.vlab --username admin --insecure --password $pass
argocd app list
argocd app get hub-provision
argocd app get clusters
argocd app get policies
' || true
- name: Enable autosecrets hack
run: |
echo '${{ secrets.BMH_SECRET }}' > bmh-secret.yaml
ips=$(cat ztp-spokes/sites/5gc.yaml | grep "ip: 10.10.10" | awk '{print $3}' | paste -s -d, -)
podman exec --env ips="$ips" workstation bash -ce '
oc apply -f bmh-secret.yaml
oc apply -k github.com/karampok/autosecret/config/default
CSVPATH=/share/data ./bin/liveping $ips 1>liveping.log 2>&1 &
'
stage3:
name: Wait SPOKE
runs-on: ${{needs.stage0.outputs.RUNNER}}
needs: [stage0, stage2]
if: needs.stage2.result == 'success'
steps:
- name: Wait Siteconfig
timeout-minutes: 150
run: |
podman exec workstation bash -ce '
timeout 9000 ./bin/watch-ztp cluster 5gc
oc -n 5gc wait clusterdeployment 5gc --for=condition=Provisioned --timeout=30s
'
- name: Access spoke cluster
run: |
podman exec workstation bash -ce '
oc extract secret/5gc-admin-kubeconfig --to=- -n 5gc > /tmp/spoke.yaml
export KUBECONFIG=/tmp/spoke.yaml
oc get clusterversion
oc get nodes
oc get co
'
stage4:
name: Wait Policies
runs-on: ${{needs.stage0.outputs.RUNNER}}
needs: [stage0, stage3]
if: needs.stage2.result == 'success'
steps:
- name: Wait Policies
timeout-minutes: 120
run: |
podman exec workstation bash -ce '
timeout 9000 ./bin/watch-ztp policies 5gc
oc -n ztp-install wait cgu 5gc --for=condition=Succeeded --timeout=30s
'
stage5:
name: Test SPOKE
runs-on: ${{needs.stage0.outputs.RUNNER}}
needs: [stage0, stage1, stage2, stage3, stage4]
if: needs.stage4.result == 'success'
steps:
- name: Test Metallb setup
run: |
podman exec workstation bash -ce '
oc extract secret/5gc-admin-kubeconfig --to=- -n 5gc > /tmp/spoke.yaml
export KUBECONFIG=/tmp/spoke.yaml
oc wait --for=condition=Ready node --all --timeout=15m
kcli list vm ||true
oc apply -f dayX/macnet0-bridge.yaml
oc apply -f dayX/macnet1-private.yaml
oc apply -f dayX/red-net.yaml
oc apply -f dayX/icmp-frag-case.yaml
sleep 30
# configmap to enable bgp learning should have been
# before establishing the BGP sessiong, FRR limitation
oc -n metallb-system delete pods -l app=metallb,component=speaker
oc wait --for=condition=ready pod -l app=macvlan --timeout=320s
oc wait --for=condition=ready pod -l app=bigfile --timeout=320s
oc wait --for=condition=ready pod -l app=rednet --timeout=320s
oc get nodes || true
oc get pods || true
oc get svc || true
'
podman exec green bash -cex '
echo "from green client to access the service in green segment (static)"
wget --timeout=1 --tries=8 5.8.6.9:9000/big.iso
wget --timeout=1 --tries=8 5.8.6.1:9000/big.iso
' || true
podman exec red bash -cex '
echo "from red client to access the service in red segment (bgp learning)"
curl --retry 5 -s http://6.6.6.1/
'
- name: Test macvlan secondary interfaces
run: |
podman exec macnet bash -cex '
echo "macnet to access pods over secondary interface"
# test bridge mode access
nc -vz 172.100.125.100 1111
nc -vz 172.100.125.200 2222
# test private private access
nc -vz 172.100.127.100 1111
nc -vz 172.100.127.110 1111
nc -vz 172.100.127.200 2222
'
- name: Test DPDK setup
run: |
podman exec workstation bash -ce '
oc extract secret/5gc-admin-kubeconfig --to=- -n 5gc > /tmp/spoke.yaml
export KUBECONFIG=/tmp/spoke.yaml
oc apply -f dayX/dpdk-pod.yaml
oc wait --for=condition=ready pod dpdk --timeout=320s
sleep 30
oc get nodes || true
oc get pods || true
'
- name: Mark Runner
run: |
podman exec workstation bash -ce '
GITHUB_TOKEN='${{ secrets.GH_TOKEN }}' ./bin/label-runner.sh ${{ runner.name }} +ready -taken +green
pkill ping || true
'
on-fail:
name: Release Runner
runs-on: ${{needs.stage0.outputs.RUNNER}}
needs: [stage0, stage5]
if: ${{ failure() }}
steps:
- name: Readd Label
run: |
podman exec workstation bash -c '
oc extract secret/5gc-admin-kubeconfig --to=- -n 5gc > /tmp/spoke.yaml
export KUBECONFIG=/tmp/spoke.yaml
oc get clusterversion
oc get nodes
oc get co
pkill liveping || true
GITHUB_TOKEN='${{ secrets.GH_TOKEN }}' ./bin/label-runner.sh ${{ runner.name }} +green -taken
'
#oc api-resources --verbs=list -o name | xargs -t -n 1 -I{} sh -c 'oc get --show-kind --ignore-not-found -A -o yaml "$1" > "$1.yaml"' -- {}
# oc delete -f /tmp/out/clusters-app.yaml -f /tmp/out/policies-app.yaml
# oc delete ns 5gc
# kcli delete vm 5gc-m0 5gc-m1 5gc-m2 5gc-w0 5gc-w1 -y
# kcli create plan -f vbmh-kcli-plan.yaml vbmh
# oc apply -f /tmp/out/clusters-app.yaml -f /tmp/out/policies-app.yaml
# To add github action runner
# https://github.com/karampok/telco-ocp-lab/settings/actions/runners/new
# mkdir actions-runner && cd actions-runner
# curl -o actions-runner-linux-x64-2.309.0.tar.gz -L https://github.com/actions/runner/releases/download/v2.309.0/actions-runner-linux-x64-2.309.0.tar.gz
# tar xzf ./actions-runner-linux-x64-2.309.0.tar.gz
# ./bin/installdependencies.sh
# export RUNNER_ALLOW_RUNASROOT=1
# ./config.sh --url https://github.com/karampok/telco-ocp-lab --token XXXX
# dnf install tmux
# tmux new-session -d ./run.sh