github.phpd.cn/cilium/cilium@v1.6.12/tests/k8s/Vagrantfile (about) 1 #!/usr/bin/env bash 2 # -*- mode: ruby -*- 3 # vi: set ft=ruby : 4 5 Vagrant.require_version ">= 1.8.3" 6 7 $build_docker_image = <<SCRIPT 8 # This may be removed when the box images are based on Ubuntu 17.10+. 9 sudo bash -c "cat <<EOF > /etc/apt/sources.list 10 deb http://old-releases.ubuntu.com/ubuntu/ yakkety main restricted 11 deb http://old-releases.ubuntu.com/ubuntu/ yakkety-updates main restricted 12 deb http://old-releases.ubuntu.com/ubuntu/ yakkety universe 13 deb http://old-releases.ubuntu.com/ubuntu/ yakkety-updates universe 14 deb http://old-releases.ubuntu.com/ubuntu/ yakkety multiverse 15 deb http://old-releases.ubuntu.com/ubuntu/ yakkety-updates multiverse 16 deb http://old-releases.ubuntu.com/ubuntu/ yakkety-backports main restricted universe multiverse 17 EOF 18 " 19 curl -s https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - 20 sudo bash -c "cat <<EOF > /etc/apt/sources.list.d/docker.list 21 deb [arch=amd64] https://download.docker.com/linux/ubuntu xenial stable 22 EOF 23 " 24 sudo apt-get -qq update && sudo apt-get -qq install -y apt-transport-https docker-ce 25 sudo usermod -aG docker vagrant 26 docker -v 27 certs_dir="/home/vagrant/go/src/github.com/cilium/cilium/tests/k8s/cluster/certs" 28 cd /home/vagrant/go/src/github.com/cilium/cilium/ 29 docker run -d -p 5000:5000 --name registry -v ${certs_dir}:/certs \ 30 -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/kubernetes.pem \ 31 -e REGISTRY_HTTP_TLS_KEY=/certs/kubernetes-key.pem \ 32 registry:2 33 make docker-image 34 docker tag cilium/cilium:${DOCKER_IMAGE_TAG} localhost:5000/cilium:${DOCKER_IMAGE_TAG} 35 docker push localhost:5000/cilium:${DOCKER_IMAGE_TAG} 36 SCRIPT 37 38 $load_docker_image = <<SCRIPT 39 certs_dir="/home/vagrant/go/src/github.com/cilium/cilium/tests/k8s/cluster/certs" 40 sudo mkdir -p /etc/docker/certs.d/192.168.36.10:5000 41 sudo cp ${certs_dir}/ca.pem /etc/docker/certs.d/192.168.36.10:5000/ca.crt 42 docker pull 192.168.36.10:5000/cilium:${DOCKER_IMAGE_TAG} 43 docker tag 192.168.36.10:5000/cilium:${DOCKER_IMAGE_TAG} cilium/cilium:${DOCKER_IMAGE_TAG} 44 SCRIPT 45 46 $k8s_install = <<SCRIPT 47 /home/vagrant/go/src/github.com/cilium/cilium/tests/k8s/cluster/cluster-manager.bash fresh_install 48 SCRIPT 49 50 $cilium_master = <<SCRIPT 51 ip -6 a a FD01::B/16 dev enp0s8 52 echo 'FD01::B k8s-1' >> /etc/hosts 53 echo "FD01::C k8s-2" >> /etc/hosts 54 SCRIPT 55 56 $cilium_slave = <<SCRIPT 57 ip -6 a a FD01::C/16 dev enp0s8 58 echo 'FD01::C k8s-1' >> /etc/hosts 59 echo "FD01::B k8s-2" >> /etc/hosts 60 SCRIPT 61 62 # allow setting up k8s_version remotely when executing the runtime tests via ssh 63 $install_sshd_env = <<SCRIPT 64 echo "AcceptEnv k8s_version" >> /etc/ssh/sshd_config 65 # Load options 66 sudo service sshd restart 67 SCRIPT 68 69 $job_name = ENV['JOB_BASE_NAME'] || "local" 70 71 $build_number = ENV['BUILD_NUMBER'] || "0" 72 $build_id = "#{$job_name}-#{$build_number}" 73 $docker_image_tag=ENV['DOCKER_IMAGE_TAG'] || "local_build" 74 75 # Only create the build_id_name for Jenkins environment so that 76 # we can run VMs locally without having any the `build_id` in the name. 77 if ENV['BUILD_NUMBER'] then 78 $build_id_name = "-build-#{$build_id}" 79 end 80 81 # We need this workaround since kube-proxy is not aware of multiple network 82 # interfaces. If we send a packet to a service IP that packet is sent 83 # to the default route, because the service IP is unknown by the linux routing 84 # table, with the source IP of the interface in the default routing table, even 85 # though the service IP should be routed to a different interface. 86 # This particular workaround is only needed for cilium, running on a pod on host 87 # network namespace, to reach out kube-api-server. 88 $kube_proxy_workaround = <<SCRIPT 89 sudo iptables -t nat -A POSTROUTING -o enp0s8 ! -s 192.168.36.12 -j MASQUERADE 90 SCRIPT 91 92 Vagrant.configure(2) do |config| 93 config.vm.box = "bento/ubuntu-16.10" 94 95 # http://foo-o-rama.com/vagrant--stdin-is-not-a-tty--fix.html 96 config.vm.provision "fix-no-tty", type: "shell" do |s| 97 s.privileged = false 98 s.inline = "sudo sed -i '/tty/!s/mesg n/tty -s \\&\\& mesg n/' /root/.profile" 99 end 100 101 # Set up 'builder' as Docker registry, running newer version of Docker to support staged 102 # builds and not running k8s. This VM will be idle after k8s[12] have pulled the 103 # newly built cilium image. 104 config.vm.define "builder#{$build_id_name}" do |s| 105 s.vm.hostname = "builder" 106 107 s.vm.provider "virtualbox" do |vb| 108 # Do not inherit DNS server from host, use proxy 109 vb.customize ["modifyvm", :id, "--natdnshostresolver1", "on"] 110 vb.customize ["modifyvm", :id, "--natdnsproxy1", "on"] 111 112 config.vm.synced_folder '../../', '/home/vagrant/go/src/github.com/cilium/cilium' 113 end 114 115 s.vm.network "private_network", ip: "192.168.36.10", virtualbox__intnet: "cilium-k8s-multi-test-#{$build_id}" 116 s.vm.network "private_network", ip: "192.168.37.10", bridge: "enp0s9" 117 118 s.vm.provision "build", type: "shell", env: {"DOCKER_IMAGE_TAG" => $docker_image_tag}, inline: $build_docker_image 119 end 120 121 (1..2).each do |i| 122 config.vm.define "k8s#{i}#{$build_id_name}" do |s| 123 s.vm.hostname = "k8s-#{i}" 124 s.vm.provision "k8s", type: "shell", env: {"k8s_version" => "1.6.6-00"}, inline: $k8s_install 125 s.vm.provision "ssh_accept_env", type: "shell", privileged: true, inline: $install_sshd_env 126 127 s.vm.provider "virtualbox" do |vb| 128 # Do not inherit DNS server from host, use proxy 129 vb.customize ["modifyvm", :id, "--natdnshostresolver1", "on"] 130 vb.customize ["modifyvm", :id, "--natdnsproxy1", "on"] 131 vb.memory = 3072 132 133 config.vm.synced_folder '../', '/home/vagrant/go/src/github.com/cilium/cilium/tests' 134 end 135 136 s.vm.network "private_network", ip: "192.168.36.1#{i}", virtualbox__intnet: "cilium-k8s-multi-test-#{$build_id}" 137 s.vm.network "private_network", ip: "192.168.37.1#{i}", bridge: "enp0s9" 138 139 # Hack to ensure that Kubernetes picks up the node-ip of the private_network 140 # instead of the NATed vagrant IP 141 s.vm.provision :shell, inline: "sed 's/127\.0\.0\.1.*k8s.*/192\.168\.36\.1#{i} k8s-#{i}/' -i /etc/hosts" 142 143 # Mount BPF filesystem 144 s.vm.provision :shell, inline: "mount bpffs /sys/fs/bpf -t bpf" 145 146 # first node is special and considered the master 147 if "#{i}" == "1" 148 s.vm.provision "cilium-master-netconfig", type: "shell", run: "always", inline: $cilium_master 149 else 150 s.vm.provision "kube-proxy-workaround", type: "shell", run: "always", inline: $kube_proxy_workaround 151 s.vm.provision "cilium-slave-netconfig", type: "shell", run: "always", inline: $cilium_slave 152 end 153 s.vm.provision "load-docker-image", type: "shell", env: {"DOCKER_IMAGE_TAG" => $docker_image_tag}, inline: $load_docker_image 154 end 155 end 156 end