Smart Edge Open 22.03 release

Pipfile

@@ -1,16 +1,15 @@
 # SPDX-License-Identifier: Apache-2.0
-# Copyright (c) 2021 Intel Corporation
+# Copyright (c) 2021-2022 Intel Corporation
 
 [[source]]
 url = "https://pypi.python.org/simple"
 verify_ssl = true
 name = "pypi"
 
 [packages]
-ansible = "==2.9.20"
+ansible = "==2.9.27"
 ansible-lint = "==5.0.8"
-bandit = "== 1.7.0"
-jinja2 = "==2.11.3"
+jinja2 = "==3.0.3"
 pylint = "==2.7.2"
 netaddr = "==0.7.18"
 sh = "==1.14.1"

default_config.yml

@@ -0,0 +1,227 @@
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
+
+# GitHub Credentials.
+#
+# Required if using non-public repositories.
+# It can be generated on following website https://github.com/settings/tokens (SSO authorization might be needed).
+#
+# If provided, both user and token are required.
+# It is assumed that every repository defined in this file is part of the same git instance (e.g. https://github.com).
+git:
+  user: ''
+  password: '' # The 'password' field accepts one of two values git password or token.
+
+# Edge Software Provisioner repository settings.
+esp:
+  # URL of the ESP's repository.
+  url: https://github.com/intel/Edge-Software-Provisioner
+  # Branch to be checked out.
+  branch: v2.0.3
+  # ESP destination path.
+  # This will be a path where ESP will be cloned to (relative to the script working directory).
+  dest_dir: './esp'
+
+# Settings related to dnsmasq which provides DHCP and PXE services.
+#
+# In case of USB-only provisioning (e.g. in corporate network with existing DHCP services),
+#   the dnsmasq should be disabled to not interfere with existing network infrastructure.
+#
+# Rest of the settings in this section are related to the DHCP configuration that
+#    will be sent to machines provisioned with PXE.
+# If left empty, these settings will be automatically deduced by the ESP,
+#   however custom values might be required in some cases.
+dnsmasq:
+  # If true, then the dnsmasq will be started with rest of the Provisioning System suite.
+  enabled: false
+
+  # Domain Name System (DNS) settings
+  # These values should be changed in case of default DNS (8.8.4.4 and 8.8.8.8) are not reachable.
+  network_dns_primary: ''     # e.g. 8.8.4.4
+  network_dns_secondary: ''   # e.g. 8.8.8.8
+
+  # DHCP and network settings
+  dhcp_range_minimum: ''      # e.g. 192.168.1.100
+  dhcp_range_maximum: ''      # e.g. 192.168.1.250
+  network_broadcast_ip: ''    # e.g. 192.168.1.255
+  network_gateway_ip: ''      # e.g. 192.168.1.1
+
+  # IP address of the Provisioning System
+  host_ip: ''                 # e.g. 192.168.1.2
+
+# Docker settings
+docker:
+  # List of registry mirrors
+  # The list will be propagated to the machine under provisioning.
+  #
+  # WARNING: This won't be applied to the Provisioning System.
+  registry_mirrors: []
+
+  # DockerHub Credentials
+  # If values are supplied, then docker login will be performed during Operating System provisioning.
+  #
+  # WARNING: This won't be applied neither to the Provisioning System
+  #   nor the machine under provisioning (with Experience Kits).
+  dockerhub:
+    username: ""
+    password: ""
+
+# Address of the NTP server used during deployment
+ntp_server: ''
+
+# List of ESP profiles for Smart Edge Open.
+profiles:
+  - name: Smart_Edge_Open_Developer_Experience_Kits
+
+    # Address of the profile repository
+    url: https://github.com/smart-edge-open/profiles.git
+
+    # Branch to be checked out
+    branch: smart-edge-open-22.03
+
+    # Profile scenario
+    # Possible values: single-node, multi-node
+    scenario: single-node
+
+    # Settings of Experience Kit that will be deployed
+    experience_kit:
+      # Address of the Experience Kit repository
+      url: https://github.com/smart-edge-open/open-developer-experience-kits.git
+      # Branch to be checked out
+      branch: smart-edge-open-22.03
+      # Deployment to be performed
+      # Possible values: dek
+      deployment: dek
+
+    # MAC address of the controlplane's primary interface.
+    # This value is used only in multi-node scenario.
+    controlplane_mac: ''
+
+    # Credentials of the operating system account that will be created.
+    # Account will be added to the sudoers.
+    account:
+      username: smartedge-open
+      password: smartedge-open
+
+    # Secure boot and trusted media platform options.
+    bios:
+      secure_boot: true
+      tpm: true
+
+
+    # Experience Kit group_vars overrides.
+    # This section can be used to supply extra variables to influence the deployment of the Experience Kit.
+    # The variables will be copied as-is to the destination group_vars on the machine.
+    # Refer to the Experience Kit documentation for more examples.
+    #
+    # Example:
+    # group_vars:
+    #   groups:
+    #     all:
+    #       topology_manager:
+    #         policy: "none"
+    #     controller_group:
+    #     edgeenode_group:
+    group_vars:
+      groups:
+        all:
+        controller_group:
+        edgenode_group:
+
+    # Experience Kit host_vars overrides.
+    # This section works analogous to the group_vars section, but influences the settings of specific host.
+    host_vars:
+      hosts:
+        controller:
+        node01:
+
+    # Experience Kit sideloads.
+    # This section can be used to copy certain files required in the process of Experience Kit deployments.
+    #
+    # It is a list of items with following fields:
+    #  file_path is an absolute path on the Provision System. It can point to a file or to a folder.
+    #  dest_path is a target path on the system under provisioning. The path can be absolute
+    #            or relative (relative to /opt/seo). If file_path points to a file and dest_path looks
+    #            like a dir path (ends with '/'), filename will be automatically appended to that dir path.
+    sideload:
+      # Example entries:
+      # This will cause a file /opt/extra_package.zip to be copied to /opt/seo/extra/extra_package_renamed.zip
+      # - file_path: "/opt/extra_package.zip"
+      #   dest_path: "./extra/extra_package_renamed.zip"
+      # This will cause a file /root/extra_package.zip to be copied to /opt/seo/extra/extra_package.zip
+      # - file_path: "/root/extra_package.zip"
+      #   dest_path: "extra/"
+      # This will cause a content of a folder /root/extra_sideload_dir to be copied under /opt/offline_files
+      # - file_path: "/root/extra_sideload_dir"
+      #   dest_path: "../offline_files"
+
+    # Define additional inventory groups where hosts belong to.
+    # Possible host names: controller, node01
+    # Note: some Experience Kits require to provide at least a group name with no hosts.
+    extra_inventory_groups:
+      # Example:
+      #   ptp_slave_group:
+      #     controller:
+      #     node01:
+      #   ptp_master:
+      #     controller:
+
+# example hosts section defining host special settings and bmc access data
+# hosts:
+#   # full example for this element
+#   - name: master # this will be set as a hostname
+#     mac: 11:22:33:44:55:66 # this host can be identified from the profile to set a hostname
+#     bmc: # bmc settings
+#       address: 1.2.3.4 # bmc address
+#       user: user # bmc user name
+#       password: password # bmc password
+#     bios: # bios settings
+#       tpm: false # TPM 
+#       secure_boot: false # Secure Boot
+#   # example without bmc, the profile will just set hostname
+#   - name: node1
+#     mac: AA:BB:CC:DD:EE:FF # this host can be identified from the profile to set a hostname
+#   # example node without mac, the profile cannot identify host and set a hostname so no hostname here
+#   - name: node2
+#     bios:
+#       tpm: false
+#       secure_boot: true
+#     bmc: # bmc data allows to switch TPM and Secure Boot
+#       address: 1.2.3.4
+#       user: user
+#       password: password
+
+# global bmc section used for uniform inhost bmc access
+# bmc:
+#   address: 169.254.0.1
+#   user: user
+#   password: password
+
+# global bios settings
+# bios:
+#   tpm: false
+#   secure_boot: false
+
+# Configuration of USB images.
+#
+# Generated images are in form of raw .img disk.
+# ESP's flashusb.sh utility can be used to the image onto the USB drive.
+usb_images:
+  # Build USB images.
+  # If false, then no USB image will be produced.
+  build: true
+
+  # Build images for legacy BIOS.
+  bios: true
+
+  # Build images for UEFI BIOS.
+  efi: true
+
+  # Build an all-in-one image for each BIOS.
+  # If false, then an image for each of the profiles will be produced separately.
+  # If true, then a single image per BIOS with all of the profiles will be produced.
+  all_in_one: false
+
+  # Path where built images will be placed.
+  # This is relative path to the script's working directory.
+  output_path: './out'

dek_provision.py

@@ -8,8 +8,6 @@
 import os
 import sys
 
-_CFG_FILE = "my.yml"
-
 if __name__ == "__main__":
     sys.path.insert(
         1, os.path.join(os.path.dirname(os.path.realpath(__file__)), "scripts", "deploy_esp"))

deploy.py

@@ -1,7 +1,7 @@
 #!/usr/bin/env python3
 
 # SPDX-License-Identifier: Apache-2.0
-# Copyright (c) 2021 Intel Corporation
+# Copyright (c) 2021-2022 Intel Corporation
 
 """
 Deploy Smart Edge with inventory.yml file.
@@ -187,7 +187,7 @@ def handle_cluster_inventory_dir(cluster_inventory_path, group_vars_path, host_v
     create_symlinks_for_inventory(DEFAULT_HOST_VARS_PATH, host_vars_path)
 
 
-def run_deployment(inventory):
+def run_deployment(inventory, cleanup=False, redeploy=False):
     """Deploys Smart Edge with given settings, returns Popen object"""
     inventory_dir = os.path.join(ALT_INVENTORIES_PATH, inventory.cluster_name)
     inventory_location = inventory.dump_to_yaml(inventory_dir)
@@ -197,10 +197,18 @@ def run_deployment(inventory):
 
     handle_deployment_type(inventory.deployment, group_vars_path)
 
-    if inventory.is_single_node:
-        playbook = "single_node_network_edge.yml"
+    # DEK do not support extra arguments like "clean" or "redeploy"
+    extra_options_supported = inventory.deployment in ["pwek-all-in-one"]
+
+    if extra_options_supported and cleanup:
+        playbook = "network_edge_5g_cleanup.yml"
+    elif extra_options_supported and redeploy:
+        playbook = "network_edge_5g_redeploy.yml"
     else:
-        playbook = "network_edge.yml"
+        if inventory.is_single_node:
+            playbook = "single_node_network_edge.yml"
+        else:
+            playbook = "network_edge.yml"
 
     playbook = os.path.join(SCRIPT_PARENT_DIR, playbook)
 
@@ -352,14 +360,22 @@ def print_deployment_recap(deployments):
 
 def parse_arguments():
     """Parse argument passed to function"""
-    script_description = ("Script for Deploying Smart Edge using inventory.yml file."
+    script_description = ("Script for deploying Smart Edge using inventory.yml file. "
                           "Deployment is controlled through inventory.yml.\n"
                           "Available deployments:\n")
     script_description += "\n".join([d.name for d in os.scandir(DEPLOYMENTS_PATH) if d.is_dir()])
     parser = argparse.ArgumentParser(
         description=script_description, formatter_class=argparse.RawTextHelpFormatter)
     parser.add_argument("-f", "--any-errors-fatal", dest="any_errors_fatal", action="store_true",
                         help="Terminate all running actions when any of them fail")
+    parser.add_argument("-c5g", "--clean5g", dest="clean", action="store_true",
+                        help="Run 5G cleanup scripts on clusters. Supported only in 5G "
+                             "Private Wireless Experience Kit. Not supported in Open Developer"
+                             "Experience Kit.")
+    parser.add_argument("-r5g", "--redeploy5g", dest="redeploy", action="store_true",
+                        help="Run 5G re-deployment scripts on clusters. Supported only in 5G "
+                             "Private Wireless Experience Kit. Not supported in Open Developer "
+                             "Experience Kit.")
     return parser.parse_args()
 
 
@@ -392,7 +408,7 @@ def main(args):
 
     prepare_alt_dir_layout()
     for inventory in inventory_handler.get_inventories:
-        deploy_wrapper = run_deployment(inventory)
+        deploy_wrapper = run_deployment(inventory, args.clean, args.redeploy)
         deployment_wrappers.append(deploy_wrapper)
         time.sleep(DEPLOYMENT_INTERVAL)
 

deployments/verification_controller/all.yml

@@ -7,20 +7,8 @@ sriov_network_operator_enable: false
 ## SR-IOV Network Operator configuration
 sriov_network_operator_configure_enable: false
 
-# Grafana
-telemetry_grafana_enable: false
-
-# Prometheus
-telemetry_prometheus_enable: false
-
-# Prometheus-statsd-exporter
-telemetry_statsd_exporter_enable: false
-
-# Collectd
-telemetry_collectd_enable: false
-
-# CAdvisor
-telemetry_cadvisor_enable: false
+# Disable telemetry
+telemetry_enable: false
 
 # Disable Harbor Registry
 harbor_registry_enable: false
@@ -45,5 +33,13 @@ isecl_ta_san_list: ""
 # Enable PCCS deployment
 pccs_enable: true
 
+# Enable KMRA app-hsm deployment
+kmra_enable: true
+
+# Enable Pod Security Policy. This option enables PSP admission controller and creates minimal set of rules.
+psp_enabled: true
+
+#SGX GID
+sgx_prv_gid: 1002
 # Disable CPU reservation for kubelet
 cpu: {}