From c8ad4495c81c8f975a9ecc9f188f62982c646f58 Mon Sep 17 00:00:00 2001 From: Peter Mikus Date: Fri, 31 Oct 2025 12:08:03 +0100 Subject: [PATCH] infra(ansible): Calico bits Signed-off-by: Peter Mikus Change-Id: I05b479ed490dadcb30c2ea9c0154a207c0aabd8b --- .github/actions/aws_s3_publish_logs/README.md | 32 -- .github/actions/aws_s3_publish_logs/action.yml | 137 ------- .github/actions/setup_executor_env/README.md | 32 -- .github/actions/setup_executor_env/action.yml | 109 ------ .../lf_inventory/host_vars/10.30.51.40.yaml | 4 +- fdio.infra.ansible/requirements.yml | 3 + .../roles/calico/defaults/{main.yaml => main.yml} | 5 +- .../roles/calico/handlers/{main.yaml => main.yml} | 0 fdio.infra.ansible/roles/calico/meta/main.yml | 20 + .../calico/tasks/{cleanup.yaml => cleanup.yml} | 2 +- .../roles/calico/tasks/{deploy.yaml => deploy.yml} | 16 +- fdio.infra.ansible/roles/calico/tasks/execute.yaml | 26 -- fdio.infra.ansible/roles/calico/tasks/main.yaml | 18 - fdio.infra.ansible/roles/calico/tasks/main.yml | 18 + .../roles/calico/tasks/post-action.yml | 38 ++ .../calico/tasks/{pre-set.yaml => pre-action.yml} | 15 +- .../calico/templates/calico-vpp-multinet.yaml.j2 | 410 +++++++++++++++++++++ .../roles/calico/templates/calico-vpp.yaml.j2 | 4 +- .../terraform-nomad-gha-dispatcher/README.md | 42 --- .../terraform-nomad-gha-dispatcher/main.tf | 24 -- .../nomad-gha-dispatcher.hcl.tftpl | 56 --- .../terraform-nomad-gha-dispatcher/providers.tf | 7 - .../terraform-nomad-gha-dispatcher/variables.tf | 72 ---- .../terraform-nomad-gha-dispatcher/versions.tf | 14 - 24 files changed, 525 insertions(+), 579 deletions(-) delete mode 100644 .github/actions/aws_s3_publish_logs/README.md delete mode 100644 .github/actions/aws_s3_publish_logs/action.yml delete mode 100644 .github/actions/setup_executor_env/README.md delete mode 100644 .github/actions/setup_executor_env/action.yml create mode 100644 fdio.infra.ansible/requirements.yml rename fdio.infra.ansible/roles/calico/defaults/{main.yaml => main.yml} (69%) rename fdio.infra.ansible/roles/calico/handlers/{main.yaml => main.yml} (100%) create mode 100644 fdio.infra.ansible/roles/calico/meta/main.yml rename fdio.infra.ansible/roles/calico/tasks/{cleanup.yaml => cleanup.yml} (87%) rename fdio.infra.ansible/roles/calico/tasks/{deploy.yaml => deploy.yml} (83%) delete mode 100644 fdio.infra.ansible/roles/calico/tasks/execute.yaml delete mode 100644 fdio.infra.ansible/roles/calico/tasks/main.yaml create mode 100644 fdio.infra.ansible/roles/calico/tasks/main.yml create mode 100644 fdio.infra.ansible/roles/calico/tasks/post-action.yml rename fdio.infra.ansible/roles/calico/tasks/{pre-set.yaml => pre-action.yml} (50%) create mode 100644 fdio.infra.ansible/roles/calico/templates/calico-vpp-multinet.yaml.j2 delete mode 100644 fdio.infra.terraform/terraform-nomad-gha-dispatcher/README.md delete mode 100644 fdio.infra.terraform/terraform-nomad-gha-dispatcher/main.tf delete mode 100644 fdio.infra.terraform/terraform-nomad-gha-dispatcher/nomad-gha-dispatcher.hcl.tftpl delete mode 100644 fdio.infra.terraform/terraform-nomad-gha-dispatcher/providers.tf delete mode 100644 fdio.infra.terraform/terraform-nomad-gha-dispatcher/variables.tf delete mode 100644 fdio.infra.terraform/terraform-nomad-gha-dispatcher/versions.tf diff --git a/.github/actions/aws_s3_publish_logs/README.md b/.github/actions/aws_s3_publish_logs/README.md deleted file mode 100644 index 9de762dc98..0000000000 --- a/.github/actions/aws_s3_publish_logs/README.md +++ /dev/null @@ -1,32 +0,0 @@ -# 🛠️ AWS S3 Publish Logs - -Uploads logs from archive folder into AWS S3 bucket. Logs are gzipped before -upload. - -## Usage Example - -An example workflow step using this action: - - -```yaml -- name: AWS S3 Publish Logs - uses: fdio/csit/.github/actions/aws_s3_publish_logs@master -``` - - -## Inputs - - - -| Variable Name | Description | -| --------------- | ----------------------------------------------- | -| S3_BUCKET | Name of the Amazon S3 bucket. | -| S3_PATH | Path within Amazon AWS S3 bucket. | -| ARCHIVES_PATH | Source directory with logs artifact to archive. | - - - -## Requirements/Dependencies - -The gzip command-line tool must be available in the environment for the action -to succeed. \ No newline at end of file diff --git a/.github/actions/aws_s3_publish_logs/action.yml b/.github/actions/aws_s3_publish_logs/action.yml deleted file mode 100644 index 99611b6130..0000000000 --- a/.github/actions/aws_s3_publish_logs/action.yml +++ /dev/null @@ -1,137 +0,0 @@ ---- -name: "🛠️ AWS S3 Publish Logs" -description: | - This GitHub Action uploads logs to AWS S3. - -inputs: - AWS_ACCESS_KEY_ID: - description: "Unique, public identifier for an AWS IAM user." - required: true - type: string - AWS_SECRET_ACCESS_KEY: - description: "Long-term security credential for AWS account or an IAM user." - required: true - type: string - AWS_REGION: - description: "Long-term security credential for AWS account or an IAM user." - required: true - type: string - S3_BUCKET: - description: "Name of the Amazon S3 bucket." - required: true - default: "fdio-logs-s3-cloudfront-index" - type: string - S3_PATH: - description: "Path within Amazon AWS S3 bucket." - required: false - default: "vex-yul-rot-jenkins-1/${{ github.job }}/${{ github.run_id }}" - type: string - ARCHIVES_PATH: - description: "Source directory with logs artifact to archive." - required: false - default: "${{ github.workspace }}/archives" - type: string - -runs: - using: "composite" - steps: - - name: Check if AWS CLI is pre-installed - id: aws-binary-check - shell: bash - run: | - if command -v aws >/dev/null 2>&1; then - echo "AWS CLI is already installed. Skipping install." - echo "AWS_CLI_PREINSTALLED=true" >> "$GITHUB_OUTPUT" - aws --version - exit 0 - fi - echo "AWS_CLI_PREINSTALLED=false" >> "$GITHUB_OUTPUT" - - - name: Cache or Restore the zip - if: ${{ steps.aws-binary-check.outputs.AWS_CLI_PREINSTALLED == 'false' }} - uses: actions/cache@v4 - id: aws-cli-cache - with: - path: ${{ runner.temp }}/aws-cli-cache/*.zip - key: ${{ runner.os }}-${{ runner.arch }}-aws-cli-v2-zip - - - name: Install AWS CLI - shell: bash - if: ${{ steps.aws-binary-check.outputs.AWS_CLI_PREINSTALLED == 'false' }} - env: - CACHE_HIT: ${{ steps.aws-cli-cache.outputs.cache-hit == 'true' }} - CACHE_PATH: ${{ runner.temp }}/aws-cli-cache - run: | - AWS_PACKAGE="awscli-exe-linux-$(uname -m).zip" - - mkdir -p "$CACHE_PATH" - cd "$CACHE_PATH" - - if [ "$CACHE_HIT" = "false" ]; then - curl -fsSL \ - --retry 3 \ - --retry-delay 5 \ - --connect-timeout 15 \ - --max-time 60 \ - -o "$AWS_PACKAGE" "https://awscli.amazonaws.com/$AWS_PACKAGE" - fi - - unzip -o -q "$AWS_PACKAGE" - sudo ./aws/install --update - rm -rf ./aws - - #- name: Configure AWS Credentials - # uses: aws-actions/configure-aws-credentials@v5.0.0 - # with: - # aws-access-key-id: ${{ inputs.AWS_ACCESS_KEY_ID }} - # aws-secret-access-key: ${{ inputs.AWS_SECRET_ACCESS_KEY }} - # aws-region: ${{ inputs.AWS_REGION }} - - - name: Upload archives directory content to S3 - shell: bash - run: | - get_content_type() { - local file_ext="${1##*.}" - case "$file_ext" in - xml) echo "application/xml" ;; - html) echo "text/html" ;; - txt) echo "text/plain" ;; - log) echo "text/plain" ;; - css) echo "text/css" ;; - md) echo "text/markdown" ;; - rst) echo "text/x-rst" ;; - csv) echo "text/csv" ;; - svg) echo "image/svg+xml" ;; - jpg|jpeg) echo "image/jpeg" ;; - png) echo "image/png" ;; - gif) echo "image/gif" ;; - js) echo "application/javascript" ;; - pdf) echo "application/pdf" ;; - json) echo "application/json" ;; - otf) echo "application/otf" ;; - ttf) echo "application/ttf" ;; - woff) echo "application/woff" ;; - woff2) echo "application/woff2" ;; - *) echo "application/octet-stream" ;; - esac - } - - export -f get_content_type - - pushd ${{ inputs.ARCHIVES_PATH }} - - # Traverse and upload - find . -type f | while read -r file; do - rel_path="${file#./}" # relative path - tmp_file="$(mktemp).gz" # temp gzip file - gzip -c "${file}" > "${tmp_file}" # compress - - content_type=$(get_content_type "${file}") - - S3_ARN="s3://${{ inputs.S3_BUCKET }}/${{ inputs.S3_PATH }}/${rel_path}.gz" - - echo "Uploading ${rel_path}.gz -> ${S3_ARN} (Content-Type: ${content_type}, gzip)" - #aws s3 cp "${tmp_file}" "${S3_ARN}" --content-type "${content_type}" --content-encoding "gzip" - - rm -f "${tmp_file}" - done diff --git a/.github/actions/setup_executor_env/README.md b/.github/actions/setup_executor_env/README.md deleted file mode 100644 index 038532ddbf..0000000000 --- a/.github/actions/setup_executor_env/README.md +++ /dev/null @@ -1,32 +0,0 @@ -# 🛠️ Setup Executor Environment - -Action to setup FD.io Nomad executor environment inside a GitHub -action/workflow. - -## Usage Example - -Sets the OS details used for Git operations inside other actions/workflows. - - -```yaml -- name: "Setup Environment" - uses: fdio/csit/.github/actions/setup_executor_env@master -``` - - -## Outputs - - - -| Variable Name | Description | -| --------------- | ------------------------------- | -| OS_ID | Operating system ID. | -| OS_VERSION_ID | Operating system Version ID. | -| OS_ARCH | Operating system architecture. | - - - -## Requirements/Dependencies - -The git command-line tool must be available in the environment for the action -to succeed. \ No newline at end of file diff --git a/.github/actions/setup_executor_env/action.yml b/.github/actions/setup_executor_env/action.yml deleted file mode 100644 index 439ff6688a..0000000000 --- a/.github/actions/setup_executor_env/action.yml +++ /dev/null @@ -1,109 +0,0 @@ ---- -name: "🛠️ Setup Executor Environment" -description: | - This GitHub Action prepares FD.io executor environment. - -outputs: - OS_ID: - description: "Operating system ID" - value: ${{ steps.attributes.outputs.OS_ID }} - OS_VERSION_ID: - description: "Operating system Version ID" - value: ${{ steps.attributes.outputs.OS_VERSION_ID }} - OS_ARCH: - description: "Operating system architecture" - value: ${{ steps.attributes.outputs.OS_ARCH }} - -runs: - using: "composite" - steps: - - name: "GitHub Runner Attributes" - id: attributes - shell: bash - run: | - . /etc/os-release - OS_ARCH=$(uname -m) - - echo "OS: ${ID:-unknown}-${VERSION_ID:-unknown}" - echo "Arch: ${OS_ARCH}" - echo "GitHub Runner: ${RUNNER_NAME:-Unknown}" - echo "GitHub Workflow: ${GITHUB_WORKFLOW:-Unknown}" - echo "GitHub Run ID: ${GITHUB_RUN_ID:-Unknown}" - echo "Runner Hostname: $(hostname)" - - # Set GitHub Outputs - echo "OS_ID=$ID" >> "$GITHUB_ENV" - echo "OS_ID=$ID" >> "$GITHUB_OUTPUT" - echo "OS_VERSION_ID=$VERSION_ID" >> "$GITHUB_ENV" - echo "OS_VERSION_ID=$VERSION_ID" >> "$GITHUB_OUTPUT" - echo "OS_ARCH=$OS_ARCH" >> "$GITHUB_ENV" - echo "OS_ARCH=$OS_ARCH" >> "$GITHUB_OUTPUT" - - - name: "GitHub Actions Environment" - id: environment - shell: bash - run: | - echo "GITHUB_WORKSPACE: ${GITHUB_WORKSPACE:-Not set}" - echo "GITHUB_REPOSITORY: ${GITHUB_REPOSITORY:-Not set}" - echo "GITHUB_REF: ${GITHUB_REF:-Not set}" - echo "GITHUB_SHA: ${GITHUB_SHA:-Not set}" - echo "GITHUB_EVENT_NAME: ${GITHUB_EVENT_NAME:-Not set}" - - - name: "Show Python Packages" - id: python_packages - shell: bash - run: | - pip3 list 2>/dev/null | column -t || true - - - name: "Show OS Packages" - id: os_packages - shell: bash - run: | - if [ "${OS_ID}" = "ubuntu" ] || [ "${OS_ID}" = "debian" ]; then - dpkg-query -W -f='${binary:Package}\t${Version}\n' | column -t || true - elif [ "${OS_ID}" = "centos" ]; then - yum list installed || true - else - echo "Unsupported OS for package listing" - fi - - - name: "Setup ccache" - id: ccache_packages - shell: bash - run: | - downloads_cache="/root/Downloads" - - # Toggle envs (can be overridden from workflow) - : "${VERBOSE_PACKAGES:=1}" # 1 to list installed OS packages - : "${VERBOSE_PY:=1}" # 1 to list python packages - : "${CCACHE_MAXSIZE:=20G}" # Max ccache size - : "${CCACHE_COMPILERCHECK:=content}" # Safer compiler change detection - - if command -v ccache >/dev/null 2>&1; then - # Ensure CCACHE_DIR is set and exists - if [ -z "${CCACHE_DIR:-}" ]; then - # Derive a default if not provided (caller may pass one via env) - CCACHE_DIR="/scratch/ccache/${OS_ID}-${OS_VERSION_ID}-${OS_ARCH}" - export CCACHE_DIR - fi - if [ ! -d "${CCACHE_DIR}" ]; then - echo "Creating CCACHE_DIR='${CCACHE_DIR}'" - if ! mkdir -p "${CCACHE_DIR}" 2>/dev/null; then - echo "Failed to create CCACHE_DIR; disabling ccache" - export CCACHE_DISABLE=1 - fi - fi - if [ -z "${CCACHE_DISABLE:-}" ]; then - export CCACHE_MAXSIZE CCACHE_COMPILERCHECK - echo "ccache enabled: dir='${CCACHE_DIR}' max='${CCACHE_MAXSIZE}' compilercheck='${CCACHE_COMPILERCHECK}'" - echo "Initial ccache stats:"; ccache -s || true - else - echo "ccache explicitly disabled (CCACHE_DISABLE='${CCACHE_DISABLE}')" - fi - else - echo "WARNING: ccache is not installed (will proceed without caching)" - export CCACHE_DISABLE=1 - fi - - downloads_cache="${GITHUB_WORKSPACE:-/github/workspace}/.cache" - mkdir -p "${downloads_cache}" 2>/dev/null || true \ No newline at end of file diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.40.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.40.yaml index 59d5651e2a..25ca54fa15 100644 --- a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.40.yaml +++ b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.40.yaml @@ -75,9 +75,11 @@ calico_uplink_interfaces: rxMode: "polling" pci: "0000:38:00.0" ip_addr: "192.168.1.2/24" + ip_route: "10.0.0.0/8 via 192.168.1.1" - interfaceName: "enp58s0np0" vppDriver: "avf" rx: 8 rxMode: "polling" pci: "0000:3a:00.0" - ip_addr: "192.168.2.2/24" \ No newline at end of file + ip_addr: "192.168.2.2/24" + ip_route: "20.0.0.0/8 via 192.168.2.1" \ No newline at end of file diff --git a/fdio.infra.ansible/requirements.yml b/fdio.infra.ansible/requirements.yml new file mode 100644 index 0000000000..fcc18c5ac1 --- /dev/null +++ b/fdio.infra.ansible/requirements.yml @@ -0,0 +1,3 @@ +- name: calico + src: https://github.com/pmikus/calico + version: master \ No newline at end of file diff --git a/fdio.infra.ansible/roles/calico/defaults/main.yaml b/fdio.infra.ansible/roles/calico/defaults/main.yml similarity index 69% rename from fdio.infra.ansible/roles/calico/defaults/main.yaml rename to fdio.infra.ansible/roles/calico/defaults/main.yml index c51a09e65f..e39c1d1650 100644 --- a/fdio.infra.ansible/roles/calico/defaults/main.yaml +++ b/fdio.infra.ansible/roles/calico/defaults/main.yml @@ -5,9 +5,12 @@ kubernetes_pod_network: cidr: "192.168.0.0/16" kubernetes_calico_version: "3.30.3" +calicovppctl_version: "3.30.0" kubernetes_calico_resources: tigera-operator.yaml: https://raw.githubusercontent.com/projectcalico/calico/v{{ kubernetes_calico_version }}/manifests/tigera-operator.yaml operator-crds.yaml: https://raw.githubusercontent.com/projectcalico/calico/v{{ kubernetes_calico_version }}/manifests/operator-crds.yaml -calico_vpp_state: "present" +calicovppctl_resource: https://raw.githubusercontent.com/projectcalico/vpp-dataplane/v{{ calicovppctl_version }}/test/scripts/vppdev.sh + +calico_vpp_state: present diff --git a/fdio.infra.ansible/roles/calico/handlers/main.yaml b/fdio.infra.ansible/roles/calico/handlers/main.yml similarity index 100% rename from fdio.infra.ansible/roles/calico/handlers/main.yaml rename to fdio.infra.ansible/roles/calico/handlers/main.yml diff --git a/fdio.infra.ansible/roles/calico/meta/main.yml b/fdio.infra.ansible/roles/calico/meta/main.yml new file mode 100644 index 0000000000..8a573ecd42 --- /dev/null +++ b/fdio.infra.ansible/roles/calico/meta/main.yml @@ -0,0 +1,20 @@ +--- +# file: meta/main.yaml + +dependencies: [] + +galaxy_info: + role_name: calico + author: pmikus + description: Calico VPP. + company: "none" + license: "license (BSD, MIT)" + min_ansible_version: "2.10" + platforms: + - name: "Ubuntu" + versions: + - "noble" + galaxy_tags: + - kubernetes + - cni + - vpp diff --git a/fdio.infra.ansible/roles/calico/tasks/cleanup.yaml b/fdio.infra.ansible/roles/calico/tasks/cleanup.yml similarity index 87% rename from fdio.infra.ansible/roles/calico/tasks/cleanup.yaml rename to fdio.infra.ansible/roles/calico/tasks/cleanup.yml index 536b694aa7..f2fe447c11 100644 --- a/fdio.infra.ansible/roles/calico/tasks/cleanup.yaml +++ b/fdio.infra.ansible/roles/calico/tasks/cleanup.yml @@ -1,5 +1,5 @@ --- -# file: tasks/cleanup.yaml +# file: tasks/cleanup.yml - name: reset network interface ansible.builtin.shell: | diff --git a/fdio.infra.ansible/roles/calico/tasks/deploy.yaml b/fdio.infra.ansible/roles/calico/tasks/deploy.yml similarity index 83% rename from fdio.infra.ansible/roles/calico/tasks/deploy.yaml rename to fdio.infra.ansible/roles/calico/tasks/deploy.yml index 9f5acc9721..c80529544f 100644 --- a/fdio.infra.ansible/roles/calico/tasks/deploy.yaml +++ b/fdio.infra.ansible/roles/calico/tasks/deploy.yml @@ -1,5 +1,5 @@ --- -# file: tasks/deploy.yaml +# file: tasks/deploy.yml - name: download calico manifest to the cluster ansible.builtin.get_url: @@ -27,7 +27,7 @@ dest: "/tmp/{{ item }}" src: "{{ item }}.j2" loop: - - "calico-vpp.yaml" + - "calico-vpp-multinet.yaml" when: - calico_sut is defined tags: @@ -65,4 +65,14 @@ - calico_sut is defined - pod_list['resources'] | length > 0 tags: - - calico-info \ No newline at end of file + - calico-info + +- name: download calicovppctl + ansible.builtin.get_url: + url: "{{ calicovppctl_resource }}" + dest: /usr/bin/calicovppctl + mode: 0740 + when: + - calico_sut is defined + tags: + - calico-deploy \ No newline at end of file diff --git a/fdio.infra.ansible/roles/calico/tasks/execute.yaml b/fdio.infra.ansible/roles/calico/tasks/execute.yaml deleted file mode 100644 index 94c2817950..0000000000 --- a/fdio.infra.ansible/roles/calico/tasks/execute.yaml +++ /dev/null @@ -1,26 +0,0 @@ ---- -# file: tasks/execute.yaml - -- name: execute command on calico-vpp-pod - kubernetes.core.k8s_exec: - namespace: calico-vpp-dataplane - pod: "{{ calico_pod_name }}" - container: vpp - command: vppctl sh version - register: command_status - when: - - calico_pod_name is defined - - calico_sut is defined - - calico_vpp_state == "present" - tags: - - calico-execute - -- name: check last command status - ansible.builtin.debug: - msg: "{{ command_status.stdout }}" - when: - - calico_pod_name is defined - - calico_sut is defined - - calico_vpp_state == "present" - tags: - - calico-execute \ No newline at end of file diff --git a/fdio.infra.ansible/roles/calico/tasks/main.yaml b/fdio.infra.ansible/roles/calico/tasks/main.yaml deleted file mode 100644 index 61c042a848..0000000000 --- a/fdio.infra.ansible/roles/calico/tasks/main.yaml +++ /dev/null @@ -1,18 +0,0 @@ ---- -# file: tasks/main.yaml - -- import_tasks: pre-set.yaml - tags: - - calico-pre-set - -- import_tasks: deploy.yaml - tags: - - calico-deploy - -- import_tasks: execute.yaml - tags: - - calico-execute - -- import_tasks: cleanup.yaml - tags: - - calico-cleanup \ No newline at end of file diff --git a/fdio.infra.ansible/roles/calico/tasks/main.yml b/fdio.infra.ansible/roles/calico/tasks/main.yml new file mode 100644 index 0000000000..3a6127d6f6 --- /dev/null +++ b/fdio.infra.ansible/roles/calico/tasks/main.yml @@ -0,0 +1,18 @@ +--- +# file: tasks/main.yml + +- import_tasks: pre-action.yml + tags: + - calico-pre-action + +- import_tasks: deploy.yml + tags: + - calico-deploy + +- import_tasks: post-action.yml + tags: + - calico-post-action + +- import_tasks: cleanup.yml + tags: + - calico-cleanup \ No newline at end of file diff --git a/fdio.infra.ansible/roles/calico/tasks/post-action.yml b/fdio.infra.ansible/roles/calico/tasks/post-action.yml new file mode 100644 index 0000000000..cd28d4813e --- /dev/null +++ b/fdio.infra.ansible/roles/calico/tasks/post-action.yml @@ -0,0 +1,38 @@ +--- +# file: tasks/post-action.yml + +#- name: executel command on calico-vpp-pod +# kubernetes.core.k8s_exec: +# namespace: calico-vpp-dataplane +# pod: "{{ calico_pod_name }}" +# container: vpp +# command: vppctl sh version +# register: command_status + +- name: wait for deploy + ansible.builtin.wait_for: + timeout: 5 + when: + - calico_sut is defined + - calico_vpp_state == "present" + tags: + - calico-pre-action + +- name: calicovppctl show version + ansible.builtin.shell: | + calicovppctl vppctl {{ hostname }} show version + register: command_status + when: + - calico_sut is defined + - calico_vpp_state == "present" + tags: + - calico-pre-action + +- name: check last command status + ansible.builtin.debug: + msg: "{{ command_status.stdout }}" + when: + - calico_sut is defined + - calico_vpp_state == "present" + tags: + - calico-pre-action \ No newline at end of file diff --git a/fdio.infra.ansible/roles/calico/tasks/pre-set.yaml b/fdio.infra.ansible/roles/calico/tasks/pre-action.yml similarity index 50% rename from fdio.infra.ansible/roles/calico/tasks/pre-set.yaml rename to fdio.infra.ansible/roles/calico/tasks/pre-action.yml index c89252bfaa..239ba66308 100644 --- a/fdio.infra.ansible/roles/calico/tasks/pre-set.yaml +++ b/fdio.infra.ansible/roles/calico/tasks/pre-action.yml @@ -1,14 +1,23 @@ --- -# file: tasks/pre-set.yaml +# file: tasks/pre-action.yml - name: pre-setup network interface ansible.builtin.shell: | ip l set dev {{ item.interfaceName }} up ip a add {{ item.ip_addr }} dev {{ item.interfaceName }} loop: "{{ calico_uplink_interfaces }}" - ignore_errors: True when: - calico_sut is defined - calico_vpp_state == "present" tags: - - calico-reset \ No newline at end of file + - calico-pre-action + +- name: pre-setup routing + ansible.builtin.shell: | + ip r add {{ item.ip_route }} + loop: "{{ calico_uplink_interfaces }}" + when: + - calico_sut is defined + - calico_vpp_state == "present" + tags: + - calico-pre-action \ No newline at end of file diff --git a/fdio.infra.ansible/roles/calico/templates/calico-vpp-multinet.yaml.j2 b/fdio.infra.ansible/roles/calico/templates/calico-vpp-multinet.yaml.j2 new file mode 100644 index 0000000000..b159e0c22e --- /dev/null +++ b/fdio.infra.ansible/roles/calico/templates/calico-vpp-multinet.yaml.j2 @@ -0,0 +1,410 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: calico-vpp-dataplane +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: calico-vpp-node-sa + namespace: calico-vpp-dataplane +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: calico-vpp-node-role +rules: +- apiGroups: + - "" + resources: + - pods + - nodes + - namespaces + verbs: + - get +- apiGroups: + - "" + resources: + - endpoints + - services + verbs: + - watch + - list + - get + - create + - update +- apiGroups: + - k8s.cni.cncf.io + resources: + - network-attachment-definitions + verbs: + - watch + - get + - list +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get +- apiGroups: + - "" + resources: + - nodes/status + verbs: + - patch + - update +- apiGroups: + - networking.k8s.io + resources: + - networkpolicies + verbs: + - watch + - list +- apiGroups: + - "" + resources: + - pods + - namespaces + - serviceaccounts + verbs: + - list + - watch +- apiGroups: + - "" + resources: + - pods/status + verbs: + - patch +- apiGroups: + - projectcalico.org + resources: + - networks + verbs: + - list + - get + - watch +- apiGroups: + - crd.projectcalico.org + resources: + - globalfelixconfigs + - felixconfigurations + - bgppeers + - bgpfilters + - globalbgpconfigs + - bgpconfigurations + - ippools + - ipamblocks + - globalnetworkpolicies + - globalnetworksets + - networkpolicies + - networksets + - clusterinformations + - hostendpoints + - blockaffinities + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch +- apiGroups: + - crd.projectcalico.org + resources: + - blockaffinities + - ipamblocks + - ipamhandles + verbs: + - get + - list + - create + - update + - delete +- apiGroups: + - crd.projectcalico.org + resources: + - ipamconfigs + verbs: + - get +- apiGroups: + - crd.projectcalico.org + resources: + - blockaffinities + verbs: + - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - watch + - list + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: calico-vpp-node +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: calico-vpp-node-role +subjects: +- kind: ServiceAccount + name: calico-vpp-node-sa + namespace: calico-vpp-dataplane +--- +apiVersion: v1 +data: + CALICOVPP_CONFIG_TEMPLATE: |- + unix { + nodaemon + full-coredump + cli-listen /var/run/vpp/cli.sock + pidfile /run/vpp/vpp.pid + exec /etc/vpp/startup.exec + } + api-trace { on } + cpu { + main-core 1 + corelist-workers {{ calico_corelist_workers }} + } + socksvr { + socket-name /var/run/vpp/vpp-api.sock + } + plugins { + plugin default { enable } + plugin dpdk_plugin.so { disable } + plugin calico_plugin.so { enable } + plugin ping_plugin.so { disable } + plugin dispatch_trace_plugin.so { enable } + } + buffers { + buffers-per-numa 131072 + } + CALICOVPP_FEATURE_GATES: |- + { + "memifEnabled": true, + "vclEnabled": true, + "multinetEnabled": true + } + CALICOVPP_INITIAL_CONFIG: |- + { + "vppStartupSleepSeconds": 1, + "corePattern": "/var/lib/vpp/vppcore.%e.%p" + } + CALICOVPP_INTERFACES: |- + { + "maxPodIfSpec": { + "rx": 10, "tx": 10, "rxqsz": 1024, "txqsz": 1024 + }, + "defaultPodIfSpec": { + "rx": 1, "tx":1, "isl3": true + }, + "vppHostTapSpec": { + "rx": 1, "tx":1, "rxqsz": 1024, "txqsz": 1024, "isl3": false + }, + "uplinkInterfaces": [ +{% for interface in calico_uplink_interfaces %} + { + "interfaceName": "{{ interface.interfaceName }}", + "vppDriver": "{{ interface.vppDriver }}", + "rx": {{ interface.rx }}, + "rxMode": "{{ interface.rxMode }}" + }{{ "," if not loop.last }} +{% endfor %} + ] + } + SERVICE_PREFIX: 10.96.0.0/12 +kind: ConfigMap +metadata: + name: calico-vpp-config + namespace: calico-vpp-dataplane +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + k8s-app: calico-vpp-node + name: multinet-monitor-deployment + namespace: calico-vpp-dataplane +spec: + replicas: 1 + selector: + matchLabels: + k8s-app: calico-vpp-node + template: + metadata: + labels: + k8s-app: calico-vpp-node + spec: + containers: + - image: docker.io/calicovpp/multinet-monitor:latest + imagePullPolicy: IfNotPresent + name: multinet-monitor + resources: + requests: + cpu: 250m + serviceAccountName: calico-vpp-node-sa +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + k8s-app: calico-vpp-node + name: calico-vpp-node + namespace: calico-vpp-dataplane +spec: + selector: + matchLabels: + k8s-app: calico-vpp-node + template: + metadata: + labels: + k8s-app: calico-vpp-node + spec: + containers: + - env: + - name: DATASTORE_TYPE + value: kubernetes + - name: WAIT_FOR_DATASTORE + value: "true" + - name: NODENAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + envFrom: + - configMapRef: + name: calico-vpp-config + image: docker.io/calicovpp/agent:latest + imagePullPolicy: IfNotPresent + name: agent + resources: + requests: + cpu: 250m + securityContext: + privileged: true + volumeMounts: + - mountPath: /var/run/calico + name: var-run-calico + readOnly: false + - mountPath: /var/lib/calico/felix-plugins + name: felix-plugins + readOnly: false + - mountPath: /var/run/vpp + name: vpp-rundir + - mountPath: /run/netns/ + mountPropagation: Bidirectional + name: netns + - env: + - name: DATASTORE_TYPE + value: kubernetes + - name: WAIT_FOR_DATASTORE + value: "true" + - name: NODENAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + envFrom: + - configMapRef: + name: calico-vpp-config + image: docker.io/calicovpp/vpp:latest + imagePullPolicy: IfNotPresent + name: vpp + resources: + limits: + hugepages-2Mi: 4096Mi + requests: + cpu: 500m + memory: 4096Mi + securityContext: + privileged: true + volumeMounts: + - mountPath: /lib/firmware + name: lib-firmware + - mountPath: /var/run/vpp + name: vpp-rundir + - mountPath: /var/lib/vpp + name: vpp-data + - mountPath: /etc/vpp + name: vpp-config + - mountPath: /dev + name: devices + - mountPath: /sys + name: hostsys + - mountPath: /run/netns/ + mountPropagation: Bidirectional + name: netns + - mountPath: /host + name: host-root + hostNetwork: true + hostPID: true + initContainers: + - command: + - /entrypoint + image: docker.io/calicovpp/install-whereabouts:latest + name: install-whereabouts + volumeMounts: + - mountPath: /host/opt/cni/bin + name: cni-bin-dir + nodeSelector: + kubernetes.io/os: linux + priorityClassName: system-node-critical + serviceAccountName: calico-vpp-node-sa + terminationGracePeriodSeconds: 10 + tolerations: + - effect: NoSchedule + operator: Exists + - key: CriticalAddonsOnly + operator: Exists + - effect: NoExecute + operator: Exists + volumes: + - hostPath: + path: /opt/cni/bin + name: cni-bin-dir + - hostPath: + path: /lib/firmware + name: lib-firmware + - hostPath: + path: /var/run/vpp + name: vpp-rundir + - hostPath: + path: /var/lib/vpp + type: DirectoryOrCreate + name: vpp-data + - hostPath: + path: /etc/vpp + name: vpp-config + - hostPath: + path: /dev + name: devices + - hostPath: + path: /sys + name: hostsys + - hostPath: + path: /var/run/calico + name: var-run-calico + - hostPath: + path: /run/netns + name: netns + - hostPath: + path: /var/lib/calico/felix-plugins + name: felix-plugins + - hostPath: + path: / + name: host-root + updateStrategy: + rollingUpdate: + maxUnavailable: 1 + type: RollingUpdate \ No newline at end of file diff --git a/fdio.infra.ansible/roles/calico/templates/calico-vpp.yaml.j2 b/fdio.infra.ansible/roles/calico/templates/calico-vpp.yaml.j2 index 7e724c930e..5b5ea2074f 100644 --- a/fdio.infra.ansible/roles/calico/templates/calico-vpp.yaml.j2 +++ b/fdio.infra.ansible/roles/calico/templates/calico-vpp.yaml.j2 @@ -164,7 +164,9 @@ data: } CALICOVPP_FEATURE_GATES: |- { - "memifEnabled": true + "memifEnabled": true, + "vclEnabled": true, + "multinetEnabled": true } CALICOVPP_INITIAL_CONFIG: |- { diff --git a/fdio.infra.terraform/terraform-nomad-gha-dispatcher/README.md b/fdio.infra.terraform/terraform-nomad-gha-dispatcher/README.md deleted file mode 100644 index 914f08af05..0000000000 --- a/fdio.infra.terraform/terraform-nomad-gha-dispatcher/README.md +++ /dev/null @@ -1,42 +0,0 @@ - -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | >= 1.12.1 | -| [nomad](#requirement\_nomad) | >= 2.5.0 | - -## Providers - -| Name | Version | -|------|---------| -| [nomad](#provider\_nomad) | 2.5.0 | - -## Modules - -No modules. - -## Resources - -| Name | Type | -|------|------| -| [nomad_job.gha-dispatcher](https://registry.terraform.io/providers/hashicorp/nomad/latest/docs/resources/job) | resource | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [cpu](#input\_cpu) | Specifies the CPU required to run this task in MHz. | `number` | `12000` | no | -| [datacenters](#input\_datacenters) | Specifies the list of DCs to be considered placing this task. | `list(string)` | 
[
  "yul1"
]
| no | -| [dispatchers](#input\_dispatchers) | n/a | 
list(object({
    namespace  = string
    repository = string
  }))
| 
[
  {
    "namespace": "sandbox",
    "repository": "fdio-csit"
  },
  {
    "namespace": "prod",
    "repository": "fdio-csit"
  }
]
| no | -| [image](#input\_image) | Specifies the Docker image to run. | `string` | `"pmikus/docker-gha-dispatcher"` | no | -| [job\_name](#input\_job\_name) | Specifies a name for the job. | `string` | `"gha-dispatcher"` | no | -| [memory](#input\_memory) | Specifies the memory required in MB. | `number` | `8000` | no | -| [node\_pool](#input\_node\_pool) | Specifies the node pool to place the job in. | `string` | `"default"` | no | -| [region](#input\_region) | The region in which to execute the job. | `string` | `"global"` | no | -| [type](#input\_type) | Specifies the Nomad scheduler to use. | `string` | `"service"` | no | - -## Outputs - -No outputs. - \ No newline at end of file diff --git a/fdio.infra.terraform/terraform-nomad-gha-dispatcher/main.tf b/fdio.infra.terraform/terraform-nomad-gha-dispatcher/main.tf deleted file mode 100644 index 5d0af622f0..0000000000 --- a/fdio.infra.terraform/terraform-nomad-gha-dispatcher/main.tf +++ /dev/null @@ -1,24 +0,0 @@ -locals { - datacenters = join(",", var.datacenters) - flat_dispatchers = { - for dispatcher in var.dispatchers : dispatcher.repository => dispatcher - } -} - -resource "nomad_job" "gha-dispatcher" { - for_each = local.flat_dispatchers - jobspec = templatefile( - "${path.cwd}/nomad-${var.job_name}.hcl.tftpl", - { - cpu = var.cpu, - datacenters = local.datacenters, - image = "${var.image}-${each.value.namespace}:latest", - job_name = "${var.job_name}-${each.value.namespace}-${each.value.repository}", - memory = var.memory, - namespace = each.value.namespace, - node_pool = var.node_pool, - region = var.region, - type = var.type - }) - detach = false -} \ No newline at end of file diff --git a/fdio.infra.terraform/terraform-nomad-gha-dispatcher/nomad-gha-dispatcher.hcl.tftpl b/fdio.infra.terraform/terraform-nomad-gha-dispatcher/nomad-gha-dispatcher.hcl.tftpl deleted file mode 100644 index f8ac992bb1..0000000000 --- a/fdio.infra.terraform/terraform-nomad-gha-dispatcher/nomad-gha-dispatcher.hcl.tftpl +++ /dev/null @@ -1,56 +0,0 @@ -job "${job_name}" { - datacenters = ["${datacenters}"] - type = "${type}" - node_pool = "${node_pool}" - region = "${region}" - namespace = "${namespace}" - - group "${job_name}" { - count = 1 - constraint { - attribute = "$${attr.cpu.arch}" - value = "amd64" - } - constraint { - attribute = "$${node.class}" - value = "builder" - } - ephemeral_disk { - migrate = false - size = 3000 - sticky = false - } - task "${job_name}" { - driver = "docker" - config { - image = "${image}" - } - template { - destination = "$${NOMAD_SECRETS_DIR}/.env" - env = true - data = <