add packer based docker builds

packer/docker/centos/Dockerfile

@@ -0,0 +1,22 @@
+FROM centos:7
+
+# This Dockerfile is used to build the contiv/centos-systemd image, used by the packer script.
+# This is based on the Dockerfile sample here:
+# https://github.com/docker-library/docs/tree/master/centos#dockerfile-for-systemd-base-image
+MAINTAINER "Madhav Puri" <[email protected]>
+
+ENV container docker
+
+RUN (cd /lib/systemd/system/sysinit.target.wants/; \
+for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \
+rm -f /lib/systemd/system/multi-user.target.wants/*;\
+rm -f /etc/systemd/system/*.wants/*;\
+rm -f /lib/systemd/system/local-fs.target.wants/*; \
+rm -f /lib/systemd/system/sockets.target.wants/*udev*; \
+rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \
+rm -f /lib/systemd/system/basic.target.wants/*;\
+rm -f /lib/systemd/system/anaconda.target.wants/*;
+
+VOLUME [ "/sys/fs/cgroup" ]
+
+CMD ["/usr/sbin/init"]

packer/docker/centos/Makefile

@@ -0,0 +1,13 @@
+all: build start stop
+
+start:
+	docker run -it contiv/centos7 /bin/bash
+
+stop:
+	docker rm -f contiv/centos7
+
+build:
+	version=$$(cat VERSION) atlas_token="dummy" packer build --only build --force centos.json
+
+release-build:
+	version=$$(cat VERSION) atlas_token=${ATLAS_TOKEN} packer build --only release --force centos.json

packer/docker/centos/VERSION

@@ -0,0 +1 @@
+0.1

packer/docker/centos/centos.json

@@ -0,0 +1,85 @@
+{
+  "builders": [
+    {
+      "name": "build",
+      "type": "docker",
+      "image": "contiv/centos-systemd:latest",
+      "pull": true,
+      "commit": true,
+      "volumes": {
+          "/sys/fs/cgroup":"/sys/fs/cgroup:ro",
+          "/tmp/$(mktemp -d)":"/run"
+      },
+      "run_command": ["--privileged", "-d", "-i", "-t", "{{.Image}}", "/usr/sbin/init"]
+    },
+    {
+      "name": "release",
+      "type": "docker",
+      "image": "contiv/centos-systemd:latest",
+      "pull": true,
+      "commit": true,
+      "volumes": {
+          "/sys/fs/cgroup":"/sys/fs/cgroup:ro",
+          "/tmp/systemdtest":"/run"
+      },
+      "run_command": ["-privileged", "-d", "-i", "-t", "{{.Image}}", "/usr/sbin/init"]
+    }
+  ],
+  "post-processors": [[
+    {
+      "type": "docker-tag",
+      "repository": "contiv/centos7",
+      "tag": "{{ user `version` }}",
+      "only": ["build", "release"]
+    },
+    {
+      "type": "docker-push",
+      "only": ["release"]
+    }
+  ]],
+  "provisioners": [
+    {
+      "type": "shell",
+      "environment_vars": [
+        "http_proxy={{user `http_proxy`}}",
+        "https_proxy={{user `https_proxy`}}",
+        "ftp_proxy={{user `ftp_proxy`}}",
+        "rsync_proxy={{user `rsync_proxy`}}",
+        "no_proxy={{user `no_proxy`}}"
+      ],
+      "scripts": [
+        "../../centos/script/ansible.sh",
+        "script/packer.sh"
+      ]
+    },
+    {
+      "type": "ansible-local",
+      "playbook_dir": "../../../vendor/ansible",
+      "playbook_file": "../../../vendor/ansible/site.yml",
+      "inventory_groups": "devtest",
+      "extra_arguments": [
+        "--extra-vars",
+        "'{\"env\":{ \"http_proxy\":\"{{user `http_proxy`}}\", \"https_proxy\":\"{{user `https_proxy`}}\", \"no_proxy\":\"{{user `no_proxy`}}\", \"ftp_proxy\":\"{{user `ftp_proxy`}}\", \"rsync_proxy\":\"{{user `rsync_proxy`}}\" }, \"validate_certs\":\"no\", \"docker_version\":\"1.11.1\"}'",
+        "--tags",
+        "prebake-for-dev,prebake-for-test"
+      ]
+    },
+    {
+      "type": "shell",
+      "scripts": [
+        "script/post_provision.sh"
+      ]
+    }
+  ],
+  "variables": {
+    "ftp_proxy": "{{env `ftp_proxy`}}",
+    "http_proxy": "{{env `http_proxy`}}",
+    "https_proxy": "{{env `https_proxy`}}",
+    "no_proxy": "{{env `no_proxy`}}",
+    "rsync_proxy": "{{env `rsync_proxy`}}",
+    "ssh_password": "vagrant",
+    "ssh_username": "vagrant",
+    "atlas_token": "{{ env `atlas_token` }}",
+    "version": "{{ env `version` }}"
+  }
+}

packer/docker/centos/script/packer.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+
+set -xe
+
+rm -f /usr/sbin/packer

packer/docker/centos/script/post_provision.sh

@@ -0,0 +1,11 @@
+#!/bin/bash
+
+set -xe
+
+# enable docker for auto-restart, and cleanly shut it down
+# before stopping the container
+systemctl enable docker
+systemctl stop docker
+
+# cleanup any temp files created as part of provision
+rm -rf /tmp/*

vendor/ansible/Makefile

@@ -0,0 +1,10 @@
+.PHONY: test-up test-provision test-cleanup
+
+test-up:
+	vagrant up
+
+test-provision:
+	vagrant provision
+
+test-cleanup:
+	CONTIV_ANSIBLE_PLAYBOOK="./cleanup.yml" CONTIV_ANSIBLE_TAGS="all" vagrant provision

vendor/ansible/cleanup.yml

@@ -4,7 +4,7 @@
 # Note: cleanup is not expected to fail, so we set ignore_errors to yes here
 
 - hosts: all
-  sudo: true
+  become: true
   tasks:
     - include_vars: roles/{{ item }}/defaults/main.yml
       with_items:
@@ -20,7 +20,7 @@
         - contiv_storage
         - swarm
         - ucp
-        - docker
         - etcd
         - ucarp
+        - docker
       ignore_errors: yes

vendor/ansible/roles/base/tasks/redhat_tasks.yml

@@ -10,6 +10,7 @@
     update_cache: true
     state: latest
   with_items:
+    - yum-utils
     - ntp
     - unzip
     - bzip2
@@ -18,6 +19,8 @@
     - bash-completion
     - kernel #keep kernel up to date
     - libselinux-python
+    - e2fsprogs
+    - openssh-server
 
 - name: install and start ntp
   service: name=ntpd state=started enabled=yes

vendor/ansible/roles/base/tasks/ubuntu_tasks.yml

@@ -15,3 +15,5 @@
     - python-software-properties
     - bash-completion
     - python-selinux
+    - e2fsprogs
+    - openssh-server

vendor/ansible/roles/contiv_cluster/defaults/main.yml

@@ -9,7 +9,7 @@ collins_guest_port: 9000
 clusterm_args_file: "clusterm.args"
 clusterm_conf_file: "clusterm.conf"
 
-contiv_cluster_version: "v0.1-05-12-2016.08-27-16.UTC"
+contiv_cluster_version: "v0.1-05-14-2016.00-33-02.UTC"
 contiv_cluster_tar_file: "cluster-{{ contiv_cluster_version }}.tar.bz2"
 contiv_cluster_src_file: "https://github.com/contiv/cluster/releases/download/{{ contiv_cluster_version }}/{{ contiv_cluster_tar_file }}"
 contiv_cluster_dest_file: "/tmp/{{ contiv_cluster_tar_file }}"

vendor/ansible/roles/contiv_cluster/tasks/main.yml

@@ -45,12 +45,12 @@
 
 - name: copy conf files for clusterm
   copy:
-    src: "{{ item }}"
-    dest: /etc/default/clusterm/{{ item }}
-    force: yes
+    src: "{{ item.file }}"
+    dest: "/etc/default/clusterm/{{ item.file }}"
+    force: "{{ item.force }}"
   with_items:
-    - "{{ clusterm_args_file }}"
-    - "{{ clusterm_conf_file }}"
+    - { file: "{{ clusterm_args_file }}", force: "yes" }
+    - { file: "{{ clusterm_conf_file }}", force: "no" }
 
 - name: copy systemd units for clusterm
   template: src=clusterm.j2 dest=/etc/systemd/system/clusterm.service

vendor/ansible/roles/contiv_network/defaults/main.yml

@@ -16,15 +16,16 @@ bgp_port: 179
 vxlan_port: 4789
 netplugin_rule_comment: "contiv network traffic"
 
-contiv_network_version: "v0.1-05-08-2016.20-28-46.UTC"
+contiv_network_version: "v0.1-05-16-2016.08-29-25.UTC"
 contiv_network_tar_file: "netplugin-{{ contiv_network_version }}.tar.bz2"
 contiv_network_src_file: "https://github.com/contiv/netplugin/releases/download/{{ contiv_network_version }}/{{ contiv_network_tar_file }}"
 contiv_network_dest_file: "/tmp/{{ contiv_network_tar_file }}"
 
-contivctl_version: "v0.0.0-03-10-2016.22-13-24.UTC"
-contivctl_tar_file: "contivctl-{{ contivctl_version }}.tar.bz2"
-contivctl_src_file: "https://github.com/contiv/contivctl/releases/download/{{ contivctl_version }}/{{ contivctl_tar_file }}"
-contivctl_dest_file: "/tmp/{{ contivctl_tar_file }}"
+contivctl_version_no_v: "0.1-05-26-2016.22-31-22.UTC"
+contivctl_version: "v{{ contivctl_version_no_v }}"
+contivctl_tar_file: "{{ contivctl_version }}.tar.gz"
+contivctl_src_file: "https://github.com/contiv/contivctl/archive/{{ contivctl_tar_file }}"
+contivctl_dest_file: "/tmp/contivctl-{{ contivctl_tar_file }}"
 
 apic_epg_bridge_domain: "not_specified"
 apic_contracts_unrestricted_mode: "no"

vendor/ansible/roles/contiv_network/files/netplugin.service

@@ -5,4 +5,5 @@ After=auditd.service systemd-user-sessions.service time-sync.target etcd.service
 [Service]
 EnvironmentFile=/etc/default/netplugin
 ExecStart=/usr/bin/netplugin $NETPLUGIN_ARGS
+ExecStopPost=/usr/bin/rm -f /run/docker/plugins/netplugin.sock
 KillMode=control-group

vendor/ansible/roles/contiv_network/tasks/aci_tasks.yml

@@ -13,4 +13,4 @@
   service: name=aci-gw state=started
 
 - name: set aci mode
-  shell: contivctl net global set --fabric-mode aci
+  shell: contivctl network global set --fabric-mode aci

vendor/ansible/roles/contiv_network/tasks/main.yml

@@ -93,7 +93,7 @@
     force: no
 
 - name: install contivctl
-  shell: tar vxjf {{ contivctl_dest_file }}
+  shell: tar vxzf {{ contivctl_dest_file }} --strip-components=1 contivctl-{{ contivctl_version_no_v }}/contivctl
   args:
     chdir: /usr/bin/
 

vendor/ansible/roles/contiv_network/tasks/ovs.yml

@@ -8,15 +8,15 @@
     url: "{{ item.url }}"
   with_items:
     - {
-        url: "https://cisco.box.com/shared/static/51eo9dcw04qx2y1f14n99y4yt5kug3q4.rpm",
-        dest: /tmp/openvswitch-2.3.1-1.x86_64.rpm
+        url: "https://cisco.box.com/shared/static/zzmpe1zesdpf270k9pml40rlm4o8fs56.rpm",
+        dest: /tmp/openvswitch-2.3.1-2.el7.x86_64.rpm
       }
   when: ansible_os_family == "RedHat"
   tags:
     - prebake-for-dev
 
 - name: install ovs (redhat)
-  yum: name=/tmp/openvswitch-2.3.1-1.x86_64.rpm state=present
+  yum: name=/tmp/openvswitch-2.3.1-2.el7.x86_64.rpm state=present
   when: ansible_os_family == "RedHat"
   tags:
     - prebake-for-dev

vendor/ansible/roles/contiv_storage/defaults/main.yml

@@ -2,7 +2,7 @@
 
 # Role defaults for contiv_storage
 
-contiv_storage_version: "v0.0.0-05-12-2016.08-24-33.UTC"
+contiv_storage_version: "v0.0.0-05-12-2016.07-23-53.UTC"
 contiv_storage_tar_file: "volplugin-{{ contiv_storage_version }}.tar.bz2"
 contiv_storage_src_file: "https://github.com/contiv/volplugin/releases/download/{{ contiv_storage_version }}/{{ contiv_storage_tar_file }}"
 contiv_storage_dest_file: "/tmp/{{ contiv_storage_tar_file }}"

vendor/ansible/roles/contiv_storage/files/volplugin.service

@@ -5,4 +5,5 @@ After=auditd.service systemd-user-sessions.service time-sync.target etcd.service
 [Service]
 EnvironmentFile=/etc/default/volplugin
 ExecStart=/usr/bin/volplugin $VOLPLUGIN_ARGS
+ExecStopPost=/usr/bin/rm -f /run/docker/plugins/volplugin.sock
 KillMode=control-group

vendor/ansible/roles/dev/meta/main.yml

@@ -14,8 +14,8 @@
 dependencies:
 - { role: ceph-install, tags: 'prebake-for-dev' }
 - { role: ansible, tags: 'prebake-for-dev' }
-- { role: etcd }
 - { role: docker }
+- { role: etcd }
 - { role: swarm }
 - { role: ucp }
 - { role: contiv_cluster }

vendor/ansible/roles/docker/tasks/main.yml

@@ -9,20 +9,12 @@
   tags:
     - prebake-for-dev
 
-- name: install docker (debian)
-  shell: curl https://get.docker.com | sed 's/docker-engine/--force-yes docker-engine={{ docker_version }}-0~{{ ansible_distribution_release }}/' | bash
+- include: ubuntu_install_tasks.yml
   when: (ansible_os_family == "Debian") and not (docker_installed_version.stdout | match("Docker version {{ docker_version }}, build.*"))
   tags:
     - prebake-for-dev
 
-- name: remove docker (redhat)
-  yum: name=docker-engine state=absent
-  when: (ansible_os_family == "RedHat") and not (docker_installed_version.stdout | match("Docker version {{ docker_version }}, build.*"))
-  tags:
-    - prebake-for-dev
-
-- name: install docker (redhat)
-  shell: curl https://get.docker.com | sed 's/docker-engine/docker-engine-{{ docker_version }}/' | bash
+- include: redhat_install_tasks.yml
   when: (ansible_os_family == "RedHat") and not (docker_installed_version.stdout | match("Docker version {{ docker_version }}, build.*"))
   tags:
     - prebake-for-dev
@@ -41,7 +33,6 @@
   shell: >
       ( iptables -L INPUT | grep "{{ docker_rule_comment }} ({{ item }})" ) || \
       iptables -I INPUT 1 -p tcp --dport {{ item }} -j ACCEPT -m comment --comment "{{ docker_rule_comment }} ({{ item }})"
-  become: true
   with_items:
     - "{{ docker_api_port }}"
 
@@ -67,7 +58,7 @@
 
   # tcp socket service requires docker service to be started after it
 - name: reload systemd configuration
-  shell: sudo systemctl daemon-reload
+  shell: systemctl daemon-reload
   when: "(docker_tcp_socket | changed) or (docker_tcp_socket_state.stdout != 'Active: active')"
 
 - name: stop docker
@@ -83,7 +74,7 @@
   when: "(docker_tcp_socket | changed) or (docker_tcp_socket_state.stdout != 'Active: active')"
 
 - name: check docker service state
-  shell: sudo systemctl status docker | grep 'Active.*active' -o
+  shell: systemctl status docker | grep 'Active.*active' -o
   ignore_errors: true
   register: docker_service_state
   tags:
@@ -97,7 +88,7 @@
 # https://github.com/ansible/ansible-modules-core/issues/191
 - name: reload docker systemd configuration
   #service: name=docker state=restarted
-  shell: sudo systemctl daemon-reload
+  shell: systemctl daemon-reload
   when: "(docker_service_state.stderr | match('.*docker.service changed on disk.*')) or (docker_service_state.stdout != 'Active: active')"
   tags:
     - prebake-for-dev

vendor/ansible/roles/docker/tasks/redhat_install_tasks.yml

@@ -0,0 +1,22 @@
+---
+# This role contains tasks for installing docker service
+#
+
+- name: add docker's public key for CS-engine (redhat)
+  rpm_key:
+    key: "https://sks-keyservers.net/pks/lookup?op=get&search=0xee6d536cf7dc86e2d7d56f59a178ac6c6238f52e"
+    state: present
+    validate_certs: "{{ validate_certs }}"
+
+- name: add docker CS-engine repos (redhat)
+  shell: yum-config-manager --add-repo https://packages.docker.com/{{ item }}/yum/repo/main/centos/7
+  become: true
+  with_items:
+    - "1.10"
+    - "1.11"
+
+- name: remove docker (redhat)
+  yum: name=docker-engine state=absent
+
+- name: install docker (redhat)
+  shell: curl https://get.docker.com | sed 's/docker-engine/docker-engine-{{ docker_version }}/' | bash