cilium
/
Vagrantfile
370 строк · 14.9 Кб
1# -*- mode: ruby -*-
2# vi: set ft=ruby :
3
4# The source of truth for vagrant box versions.
5# Sets SERVER_BOX, SERVER_VERSION, NETNEXT_SERVER_BOX and NETNEXT_SERVER_VERSION
6# Accepts overrides from env variables
7require_relative 'vagrant_box_defaults.rb'
8$SERVER_BOX = (ENV['SERVER_BOX'] || $SERVER_BOX)
9$SERVER_VERSION= (ENV['SERVER_VERSION'] || $SERVER_VERSION)
10$NETNEXT_SERVER_BOX = (ENV['NETNEXT_SERVER_BOX'] || $NETNEXT_SERVER_BOX)
11$NETNEXT_SERVER_VERSION= (ENV['NETNEXT_SERVER_VERSION'] || $NETNEXT_SERVER_VERSION)
12$NO_BUILD = (ENV['NO_BUILD'] || "0")
13
14if ENV['NETNEXT'] == "true" || ENV['NETNEXT'] == "1" then
15$SERVER_BOX = $NETNEXT_SERVER_BOX
16$SERVER_VERSION = $NETNEXT_SERVER_VERSION
17$vm_kernel = '+'
18end
19
20Vagrant.require_version ">= 2.0.0"
21
22if ARGV.first == "up" && ENV['CILIUM_SCRIPT'] != 'true'
23raise Vagrant::Errors::VagrantError.new, <<END
24Calling 'vagrant up' directly is not supported. Instead, please run the
25following to deploy a single-node cluster:
26$ ./contrib/vagrant/start.sh
27
28See the development guide for available configuration options:
29https://docs.cilium.io/en/latest/contributing/development/dev_setup
30END
31end
32
33if ENV['IPV4'] == '0'
34raise Vagrant::Errors::VagrantError.new, <<END
35Disabling IPv4 is currently not allowed until k8s 1.9 is released
36END
37end
38
39# Workaround issue as described here:
40# https://github.com/cilium/cilium/pull/12520
41class VagrantPlugins::ProviderVirtualBox::Action::Network
42def dhcp_server_matches_config?(dhcp_server, config)
43true
44end
45end
46
47$cleanup = <<SCRIPT
48i=1
49while [ "$i" -le "$((num_workers+1))" ]; do
50VBoxManage natnetwork add --netname natnet$i --network 192.168.0.0/16 --ipv6 on --enable
51i=$((i+1))
52done 2>/dev/null
53
54res=0
55while [ "$res" == "0" ]; do
56VBoxManage natnetwork remove --netname natnet$i
57res=$?
58i=$((i+1))
59done 2>/dev/null
60SCRIPT
61
62$bootstrap = <<SCRIPT
63set -o errexit
64set -o nounset
65set -o pipefail
66
67if [ -x /home/vagrant/go/src/github.com/cilium/cilium/.devvmrc ] ; then
68echo "----------------------------------------------------------------"
69echo "Executing .devvmrc"
70/home/vagrant/go/src/github.com/cilium/cilium/.devvmrc || true
71fi
72
73echo "----------------------------------------------------------------"
74export PATH=/home/vagrant/go/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games
75
76echo "editing journald configuration"
77bash -c "echo RateLimitIntervalSec=1s >> /etc/systemd/journald.conf"
78bash -c "echo RateLimitBurst=10000 >> /etc/systemd/journald.conf"
79echo "restarting systemd-journald"
80systemctl restart systemd-journald
81echo "getting status of systemd-journald"
82service systemd-journald status
83echo "done configuring journald"
84
85service docker restart
86echo 'cd ~/go/src/github.com/cilium/cilium' >> /home/vagrant/.bashrc
87echo 'export GOPATH=$(go env GOPATH)' >> /home/vagrant/.bashrc
88chown -R vagrant:vagrant /home/vagrant 2>/dev/null || true
89curl -SsL https://github.com/cilium/bpf-map/releases/download/v1.0/bpf-map -o bpf-map
90chmod +x bpf-map
91mv bpf-map /usr/bin
92SCRIPT
93
94$makeclean = ENV['MAKECLEAN'] ? "export MAKECLEAN=1" : ""
95$build = <<SCRIPT
96set -o errexit
97set -o nounset
98set -o pipefail
99
100export PATH=/home/vagrant/go/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games
101#{$makeclean}
102~/go/src/github.com/cilium/cilium/contrib/vagrant/build.sh
103rm -fr ~/go/bin/cilium*
104SCRIPT
105
106$install = <<SCRIPT
107set -o errexit
108set -o nounset
109set -o pipefail
110
111# Add an exception for the cilium repo for the root user to fix the
112# "fatal: unsafe repository ('/home/vagrant/go/src/github.com/cilium/cilium' is owned by someone else)"
113# error condition when running `sudo make install`
114git config --global --add safe.directory /home/vagrant/go/src/github.com/cilium/cilium
115
116sudo -E make -C /home/vagrant/go/src/github.com/cilium/cilium/ install
117
118sudo mkdir -p /etc/sysconfig
119sudo cp /home/vagrant/go/src/github.com/cilium/cilium/contrib/systemd/cilium-consul.service /lib/systemd/system
120sudo cp /home/vagrant/go/src/github.com/cilium/cilium/contrib/systemd/cilium-docker.service /lib/systemd/system
121sudo cp /home/vagrant/go/src/github.com/cilium/cilium/contrib/systemd/cilium-etcd.service /lib/systemd/system
122sudo cp /home/vagrant/go/src/github.com/cilium/cilium/contrib/systemd/cilium.service /lib/systemd/system
123sudo cp /home/vagrant/go/src/github.com/cilium/cilium/contrib/systemd/cilium-operator.service /lib/systemd/system
124sudo cp /home/vagrant/go/src/github.com/cilium/cilium/contrib/systemd/cilium /etc/sysconfig
125
126getent group cilium >/dev/null || sudo groupadd -r cilium
127sudo usermod -a -G cilium vagrant
128SCRIPT
129
130$node_ip_base = ENV['IPV4_BASE_ADDR'] || ""
131$node_nfs_base_ip = ENV['IPV4_BASE_ADDR_NFS'] || ""
132$num_workers = (ENV['NWORKERS'] || 0).to_i
133$workers_ipv4_addrs = $num_workers.times.collect { |n| $node_ip_base + "#{n+(ENV['FIRST_IP_SUFFIX']).to_i+1}" }
134$workers_ipv4_addrs_nfs = $num_workers.times.collect { |n| $node_nfs_base_ip + "#{n+(ENV['FIRST_IP_SUFFIX_NFS']).to_i+1}" }
135$master_ip = ENV['MASTER_IPV4']
136$master_ipv6 = ENV['MASTER_IPV6_PUBLIC']
137$workers_ipv6_addrs_str = ENV['IPV6_PUBLIC_WORKERS_ADDRS'] || ""
138$workers_ipv6_addrs = $workers_ipv6_addrs_str.split(' ')
139
140# Create unique ID for use in vboxnet name so Jenkins pipeline can have concurrent builds.
141$job_name = ENV['JOB_BASE_NAME'] || "local"
142
143$build_number = ENV['BUILD_NUMBER'] || "0"
144$build_id = "#{$job_name}-#{$build_number}"
145
146# Only create the build_id_name for Jenkins environment so that
147# we can run VMs locally without having any the `build_id` in the name.
148if ENV['BUILD_NUMBER'] then
149$build_id_name = "-build-#{$build_id}"
150end
151
152if ENV['K8S'] then
153$vm_base_name = "k8s"
154else
155$vm_base_name = "runtime"
156end
157
158# Set locate to en_US.UTF-8
159ENV["LC_ALL"] = "en_US.UTF-8"
160ENV["LC_CTYPE"] = "en_US.UTF-8"
161
162if ENV['CILIUM_SCRIPT'] != 'true' then
163Vagrant.configure(2) do |config|
164config.vm.define "runtime1"
165config.vm.define "k8s1"
166config.vm.define "k8s2"
167config.vm.define "k8s1+"
168config.vm.define "k8s2+"
169end
170end
171
172Vagrant.configure(2) do |config|
173config.trigger.before :up, :provision, :reload do |trigger|
174trigger.run = {inline: "bash -c '#{$cleanup}'"}
175end
176
177config.vm.provision "bootstrap", type: "shell", inline: $bootstrap
178if $NO_BUILD == "0" then
179config.vm.provision "build", type: "shell", run: "always", privileged: false, inline: $build
180end
181config.vm.provision "install", type: "shell", run: "always", privileged: false, inline: $install
182config.vm.box_check_update = false
183
184config.vm.provider "virtualbox" do |vb|
185# Do not inherit DNS server from host, use proxy
186vb.customize ["modifyvm", :id, "--natdnshostresolver1", "on"]
187vb.customize ["modifyvm", :id, "--natdnsproxy1", "on"]
188
189# Prevent VirtualBox from interfering with host audio stack
190vb.customize ["modifyvm", :id, "--audio", "none"]
191
192# Enable HPET, the Go scheduler heavily relies on accurate timers.
193vb.customize ["modifyvm", :id, "--hpet", "on"]
194
195config.vm.box = $SERVER_BOX
196config.vm.box_version = $SERVER_VERSION
197vb.memory = ENV['VM_MEMORY'].to_i
198vb.cpus = ENV['VM_CPUS'].to_i
199end
200
201master_vm_name = "#{$vm_base_name}1#{$build_id_name}#{$vm_kernel}"
202config.vm.define master_vm_name, primary: true do |cm|
203node_ip = "#{$master_ip}"
204node_ipv6 = "#{$master_ipv6}"
205cm.vm.network "forwarded_port", guest: 6443, host: 7443, auto_correct: true
206cm.vm.network "forwarded_port", guest: 9081, host: 9081, auto_correct: true
207# 2345 is the default delv server port
208cm.vm.network "forwarded_port", guest: 2345, host: 2345, auto_correct: true
209cm.vm.network "private_network", ip: "#{$master_ip}",
210virtualbox__intnet: "cilium-test-#{$build_id}"
211if ENV['FIRST_IP_SUFFIX_NFS'] then
212$nfs_ipv4_master_addr = $node_nfs_base_ip + "#{ENV['FIRST_IP_SUFFIX_NFS']}"
213end
214cm.vm.network "private_network", ip: "#{$nfs_ipv4_master_addr}", bridge: "enp0s9"
215# Add IPv6 address this way or we get hit by a virtualbox bug
216cm.vm.provision "ipv6-config",
217type: "shell",
218run: "always",
219inline: "ip -6 a a #{$master_ipv6}/16 dev enp0s9"
220if ENV["IPV6_EXT"] then
221node_ip = "#{$master_ipv6}"
222end
223
224# Interface for the IPv6 NAT Service. The IP address doesn't matter as
225# it won't be used. We use an IPv4 address as newer versions of VBox
226# reject all IPv6 addresses.
227cm.vm.network "private_network",
228ip: "192.168.59.15"
229cm.vm.provider "virtualbox" do |vb|
230vb.customize ["modifyvm", :id, "--nic4", "natnetwork"]
231vb.customize ["modifyvm", :id, "--nat-network4", "natnet1"]
232end
233cm.vm.provision "ipv6-nat-config",
234type: "shell",
235run: "always",
236inline: "ip -6 r a default via fd17:625c:f037:2::1 dev enp0s10 || true"
237
238cm.vm.hostname = "#{$vm_base_name}1"
239if ENV['CILIUM_TEMP'] then
240if ENV["K8S"] then
241k8sinstall = "#{ENV['CILIUM_TEMP']}/cilium-k8s-install-1st-part.sh"
242cm.vm.provision "k8s-install-master-part-1",
243type: "shell",
244run: "always",
245env: {"node_ip" => node_ip, "node_ipv6" => node_ipv6},
246privileged: true,
247path: k8sinstall
248end
249script = "#{ENV['CILIUM_TEMP']}/node-1.sh"
250cm.vm.provision "config-install", type: "shell", privileged: true, run: "always", path: script
251# In k8s mode cilium needs etcd in order to run which was started in
252# the first part of the script. The 2nd part will install the
253# policies into kubernetes and cilium.
254if ENV["K8S"] then
255k8sinstall = "#{ENV['CILIUM_TEMP']}/cilium-k8s-install-2nd-part.sh"
256cm.vm.provision "k8s-install-master-part-2",
257type: "shell",
258run: "always",
259env: {"node_ip" => node_ip, "node_ipv6" => node_ipv6},
260privileged: true,
261path: k8sinstall
262end
263end
264end
265
266$num_workers.times do |n|
267# n starts with 0
268node_vm_name = "#{$vm_base_name}#{n+2}#{$build_id_name}#{$vm_kernel}"
269node_hostname = "#{$vm_base_name}#{n+2}"
270config.vm.define node_vm_name do |node|
271node_ip = $workers_ipv4_addrs[n]
272node_ipv6 = $workers_ipv6_addrs[n]
273node.vm.network "private_network", ip: "#{node_ip}",
274virtualbox__intnet: "cilium-test-#{$build_id}"
275nfs_ipv4_addr = $workers_ipv4_addrs_nfs[n]
276node.vm.network "private_network", ip: "#{nfs_ipv4_addr}", bridge: "enp0s9"
277# Add IPv6 address this way or we get hit by a virtualbox bug
278node.vm.provision "ipv6-config",
279type: "shell",
280run: "always",
281inline: "ip -6 a a #{node_ipv6}/16 dev enp0s9"
282
283# Interface for the IPv6 NAT Service. The IP address doesn't matter
284# as it won't be used. We use an IPv4 address as newer versions of
285# VBox reject all IPv6 addresses.
286node.vm.network "private_network",
287ip: "192.168.59.15"
288node.vm.provider "virtualbox" do |vb|
289vb.customize ["modifyvm", :id, "--nic4", "natnetwork"]
290vb.customize ["modifyvm", :id, "--nat-network4", "natnet#{n+2}"]
291end
292node.vm.provision "ipv6-nat-config",
293type: "shell",
294run: "always",
295inline: "ip -6 r a default via fd17:625c:f037:2::1 dev enp0s10 || true"
296
297if ENV["IPV6_EXT"] then
298node_ip = "#{node_ipv6}"
299end
300node.vm.hostname = "#{node_hostname}"
301if ENV['CILIUM_TEMP'] then
302if ENV["K8S"] then
303k8sinstall = "#{ENV['CILIUM_TEMP']}/cilium-k8s-install-1st-part.sh"
304node.vm.provision "k8s-install-node-part-1",
305type: "shell",
306run: "always",
307env: {"node_ip" => node_ip, "node_ipv6" => node_ipv6},
308privileged: true,
309path: k8sinstall
310end
311script = "#{ENV['CILIUM_TEMP']}/node-#{n+2}.sh"
312node.vm.provision "config-install", type: "shell", privileged: true, run: "always", path: script
313if ENV["K8S"] then
314k8sinstall = "#{ENV['CILIUM_TEMP']}/cilium-k8s-install-2nd-part.sh"
315node.vm.provision "k8s-install-node-part-2",
316type: "shell",
317run: "always",
318env: {"node_ip" => node_ip, "node_ipv6" => node_ipv6},
319privileged: true,
320path: k8sinstall
321end
322end
323end
324end
325cilium_dir = '.'
326cilium_path = '/home/vagrant/go/src/github.com/cilium/cilium'
327if ENV["SHARE_PARENT"] == "2" then
328cilium_dir = '../..'
329cilium_path = '/home/vagrant/go/src/github.com'
330elsif ENV["SHARE_PARENT"] then
331cilium_dir = '..'
332cilium_path = '/home/vagrant/go/src/github.com/cilium'
333end
334config.vm.synced_folder cilium_dir, cilium_path, type: "nfs", nfs_udp: false
335# Don't forget to enable this ports on your host before starting the VM
336# in order to have nfs working
337# iptables -I INPUT -s 192.168.61.0/24 -j ACCEPT"
338# if using nftables, in Fedora (with firewalld), use:
339# nft -f ./contrib/vagrant/nftables.rules
340
341if ENV['USER_MOUNTS'] then
342# Allow multiple mounts divided by commas
343ENV['USER_MOUNTS'].split(",").each do |mnt|
344# Split "<to>=<from>"
345user_mount = mnt.split("=", 2)
346# Only one element, assume a path relative to home directories in both ends
347if user_mount.length == 1 then
348user_mount_to = "/home/vagrant/" + user_mount[0]
349user_mount_from = "~/" + user_mount[0]
350else
351user_mount_to = user_mount[0]
352# Remove "~/" prefix if any.
353if user_mount_to.start_with?('~/') then
354user_mount_to[0..1] = ''
355end
356# Add home directory prefix for non-absolute paths
357if !user_mount_to.start_with?('/') then
358user_mount_to = "/home/vagrant/" + user_mount_to
359end
360user_mount_from = user_mount[1]
361# Add home prefix for host for any path in the project directory
362# as it is already mounted.
363if !user_mount_from.start_with?('/', '.', '~') then
364user_mount_from = "~/" + user_mount_from
365end
366end
367config.vm.synced_folder "#{user_mount_from}", "#{user_mount_to}", type: "nfs", nfs_udp: false
368end
369end
370end
371