.. This work is licensed under a Creative Commons Attribution 4.0 International License.
.. http://creativecommons.org/licenses/by/4.0
-.. Copyright 2019 Samsung Electronics Co., Ltd.
+.. Copyright 2021 Samsung Electronics Co., Ltd.
-OOM ONAP Offline Installer Package Build Guide
-=============================================================
+Offline Installer Package Build Guide
+=====================================
-This document is describing procedure for building offline installer packages. It is supposed to be triggered on server with internet connectivity and will download all artifacts required for ONAP deployment based on our static lists. The server used for the procedure in this guide is preferred to be separate build server.
+This document describes how to build offline installer packages. The build process should be triggered on a host with internet connectivity. It will retrieve all artifacts required for ONAP deployment based on both - static data list files and dynamically assembled ones. The host used for the procedure in this guide should be preferably a separate build server.
-Procedure was completely tested on RHEL 7.4 as it’s tested target platform, however with small adaptations it should be applicable also for other platforms.
+Procedure was completely tested on RHEL 7.9 as it’s the default target installation platform, however with small adaptations it should be applicable also for other platforms.
+Some discrepancies when Centos 7.9 is used are described below as well.
-Part 1. Preparations
---------------------
-We assume that procedure is executed on RHEL 7.4 server with \~300G disc space, 16G+ RAM and internet connectivity
+Part 1. Prerequisites
+---------------------
-More-over following sw packages has to be installed:
+We assume that procedure is executed on RHEL 7.9 server with \~300G disc space, 16G+ RAM and internet connectivity.
-* for the Preparation (Part 1), the Download artifacts for offline installer (Part 2) and the application helm charts preparation and patching (Part 4)
- - git
- - wget
+Some additional software packages are required by ONAP Offline platform building tooling. In order to install them following repos have to be configured for RHEL 7.9 platform.
-* for the Download artifacts for offline installer (Part 2) only
- - createrepo
- - dpkg-dev
- - python2-pip
-* for the Download artifacts for offline installer (Part 2) and the Populate local nexus (Part 3)
- - nodejs
- - jq
- - docker (exact version docker-ce-17.03.2)
-* for the Download artifacts for offline installer (Part 2) and for the Application helm charts preparation and patching (Part 4)
- - patch
-
-* for the Populate local nexus (Part 3)
- - twine
-
-This can be achieved by following commands:
+.. note::
+ All commands stated in this guide are meant to be run in root shell.
::
+ ############
+ # RHEL 7.9 #
+ ############
+
# Register server
subscription-manager register --username <rhel licence name> --password <password> --auto-attach
- # enable epel for npm and jq
+ # required by custom docker version recommended by ONAP
+ yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
+
+ # required by docker dependencies i.e. docker-selinux
+ subscription-manager repos --enable=rhel-7-server-extras-rpms
+
+ # epel is required by npm within blob build
rpm -ivh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
- # enable rhel-7-server-e4s-optional-rpms in /etc/yum.repos.d/redhat.repo
+Alternatively
+
+::
+
+ ##############
+ # Centos 7.9 #
+ ##############
+
+ # required by custom docker version recommended by ONAP
+ yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
+
+ # enable epel repo for npm and jq
+ yum install -y epel-release
+
+Subsequent steps are the same on both platforms:
+
+::
# install following packages
- yum install -y expect nodejs git wget createrepo python2-pip jq patch
+ yum install -y docker-ce-19.03.15 git createrepo expect nodejs npm jq
- pip install twine
+ # install Python 3
+ yum install -y python36 python36-pip
- # install docker
- curl https://releases.rancher.com/install-docker/17.03.sh | sh
+ # ensure docker daemon is running
+ service docker start
Then it is necessary to clone all installer and build related repositories and prepare the directory structure.
# prepare the onap build directory structure
cd /tmp
- git clone -b casablanca https://gerrit.onap.org/r/oom/offline-installer
+ git clone https://gerrit.onap.org/r/oom/offline-installer onap-offline
cd onap-offline
+ # install required pip packages for build and download scripts
+ pip3 install -r ./build/requirements.txt
+ pip3 install -r ./build/download/requirements.txt
+
Part 2. Download artifacts for offline installer
------------------------------------------------
-**Note: Skip this step if you have already all necessary resources and continue with Part 3. Populate local nexus**
-
-All artifacts should be downloaded by running the download script as follows:
-
-./build/download_offline_data_by_lists.sh <project>
-
-For example:
-
-``$ ./build/download_offline_data_by_lists.sh onap_3.0.0``
-
-Download is as reliable as network connectivity to internet, it is highly recommended to run it in screen and save log file from this script execution for checking if all artifacts were successfully collected. Each start and end of script call should contain timestamp in console output. Downloading consists of 10 steps, which should be checked at the end one-by-one.
-
-**Verify:** *Please take a look on following comments to respective
-parts of download script*
+Generate the actual list of docker images that are defined within OOM helm charts. Run the docker-images-collector.sh script (check script for runtime dependencies) from cloned OOM repository.
-[Step 1/10 Download collected docker images]
+At the beginning of the generated list file there is the OOM repo commit sha from which it was created - the same commit reference
+should be used in **Part 4. Packages preparation** as *--application-repository_reference* option value.
-=> image download step is quite reliable and contain retry logic
-
-E.g
+Following example will create the list to the default path (*build/data_lists/onap_docker_images.list*):
::
- == pkg #143 of 163 ==
- rancher/etc-host-updater:v0.0.3
- digest:sha256:bc156a5ae480d6d6d536aa454a9cc2a88385988617a388808b271e06dc309ce8
- Error response from daemon: Get https://registry-1.docker.io/v2/rancher/etc-host-updater/manifests/v0.0.3: Get
- https://auth.docker.io/token?scope=repository%3Arancher%2Fetc-host-updater%3Apull&service=registry.docker.io: net/http: TLS handshake timeout
- WARNING [!]: warning Command docker -l error pull rancher/etc-host-updater:v0.0.3 failed.
- Attempt: 2/5
- INFO: info waiting 10s for another try...
- v0.0.3: Pulling from rancher/etc-host-updater
- b3e1c725a85f: Already exists
- 6a710864a9fc: Already exists
- d0ac3b234321: Already exists
- 87f567b5cf58: Already exists
- 16914729cfd3: Already exists
- 83c2da5790af: Pulling fs layer
- 83c2da5790af: Verifying Checksum
- 83c2da5790af: Download complete
- 83c2da5790af: Pull complete
-
-[Step 2/10 Build own nginx image]
-
-=> there is no hardening in this step, if it failed needs to be
-retriggered. It should end with **Successfully built <id>**
+ # clone the OOM repository
+ git clone https://gerrit.onap.org/r/oom -b <branch> --recurse-submodules /tmp/oom
+ #run the collector providing path the the project
+ ./build/creating_data/docker-images-collector.sh /tmp/oom/kubernetes/onap
-[Step 3/10 Save docker images from docker cache to tarfiles]
+For the list of all available options check script usage info.
-=> quite reliable, retry logic in place
+.. note:: replace <branch> with OOM branch you want to build
-[Step 4/10 move infra related images to infra folder]
+.. note:: docker-images-collector.sh script uses oom/kubernetes/onap/resources/overrides/onap-all.yaml file to find what subsystems are enabled. By default all subsystems are enabled there. Modify the file to disable some of them if needed.
-=> should be safe, precondition is not failing step(3)
+.. note:: Skip this step if you have already all necessary resources and continue with **Part 3. Populate local nexus**
-[Step 5/10 Download git repos]
+.. note:: Docker images collector supports both helm v2 and v3. Please note that helm v3 support was added in Guilin release of OOM and as of Honolulu release helm v2 will be obsolete.
-=> potentially unsafe, no hardening in place. If it not download all git repos. It has to be executed again. Easiest way is probably to comment-out other steps in load script and run it again.
-
-E.g.
+Create repository containing OS packages to be installed on all nodes:
::
- Cloning into bare repository
- 'github.com/rancher/community-catalog.git'...
- error: RPC failed; result=28, HTTP code = 0
- fatal: The remote end hung up unexpectedly
- Cloning into bare repository 'git.rancher.io/rancher-catalog.git'...
- Cloning into bare repository
- 'gerrit.onap.org/r/testsuite/properties.git'...
- Cloning into bare repository 'gerrit.onap.org/r/portal.git'...
- Cloning into bare repository 'gerrit.onap.org/r/aaf/authz.git'...
- Cloning into bare repository 'gerrit.onap.org/r/demo.git'...
- Cloning into bare repository
- 'gerrit.onap.org/r/dmaap/messagerouter/messageservice.git'...
- Cloning into bare repository 'gerrit.onap.org/r/so/docker-config.git'...
+ # run create_repo.sh script to download all required packages with their dependencies
+ # set destination directory for packages with '-d' parameter
+ # optionally use '-t' parameter to set target platform (host platform by default)
+ ./offline-installer/build/create_repo.sh -d $(pwd) -t centos|rhel|ubuntu
-[Step 6/10 Download http files]
+.. note:: If script fails due to permissions issue, it could be a problem with SeLinux. It can be fixed by running:
+ ::
-[Step 7/10 Download npm pkgs]
+ # Change security context of directory
+ chcon -Rt svirt_sandbox_file_t $(pwd)
-[Step 8/10 Download bin tools]
+Download all required binaries and docker images. Run download.py twice (as shown below) as it does not support mixing downloading docker images to a local directory and pulling them to local docker engine cache in one run. Docker images from *infra_docker_images.list* need to be saved to resources directory while the rest of the images need to be just pulled locally:
-=> work quite reliably, If it not download all artifacts. Easiest way is probably to comment-out other steps in load script and run it again.
+::
-[Step 9/10 Download rhel pkgs]
+ # all data lists are taken from ./build/data_lists/ folder by default
+ # all resources will be stored in expected folder structure within "../resources" folder
+ ./build/download/download.py --docker ./build/data_lists/infra_docker_images.list ../resources/offline_data/docker_images_infra \
+ --http ./build/data_lists/infra_bin_utils.list ../resources/downloads \
+ --http ./build/data_lists/kube_prometheus_stack_http.list ../resources/downloads
-=> this is the step which will work on rhel only, for other platform different packages has to be downloaded.
+ # second argument for --docker is not present, images are just pulled and cached
+ ./build/download/download.py --docker ./build/data_lists/rke_docker_images.list \
+ --docker ./build/data_lists/k8s_docker_images.list \
+ --docker ./build/data_lists/onap_docker_images.list \
+ --docker ./build/data_lists/kube_prometheus_stack_docker_images.list
-Following is considered as sucessfull run of this part:
-::
-
- Available: 1:net-snmp-devel-5.7.2-32.el7.i686 (rhel-7-server-rpms)
- net-snmp-devel = 1:5.7.2-32.el7
- Available: 1:net-snmp-devel-5.7.2-33.el7_5.2.i686 (rhel-7-server-rpms)
- net-snmp-devel = 1:5.7.2-33.el7_5.2
- Dependency resolution failed, some packages will not be downloaded.
- No Presto metadata available for rhel-7-server-rpms
- https://ftp.icm.edu.pl/pub/Linux/fedora/linux/epel/7/x86_64/Packages/p/perl-CDB_File-0.98-9.el7.x86_64.rpm:
- [Errno 12\] Timeout on
- https://ftp.icm.edu.pl/pub/Linux/fedora/linux/epel/7/x86_64/Packages/p/perl-CDB_File-0.98-9.el7.x86_64.rpm:
- (28, 'Operation timed out after 30001 milliseconds with 0 out of 0 bytes
- received')
- Trying other mirror.
- Spawning worker 0 with 230 pkgs
- Spawning worker 1 with 230 pkgs
- Spawning worker 2 with 230 pkgs
- Spawning worker 3 with 230 pkgs
- Spawning worker 4 with 229 pkgs
- Spawning worker 5 with 229 pkgs
- Spawning worker 6 with 229 pkgs
- Spawning worker 7 with 229 pkgs
- Workers Finished
- Saving Primary metadata
- Saving file lists metadata
- Saving other metadata
- Generating sqlite DBs
- Sqlite DBs complete
-
-[Step 10/10 Download sdnc-ansible-server packages]
-
-=> there is again no retry logic in this part, it is collecting packages for sdnc-ansible-server in the exactly same way how that container is doing it, however there is a bug in upstream that image in place will not work with those packages as old ones are not available and newer are not compatible with other stuff inside that image
Part 3. Populate local nexus
----------------------------
-Prerequisites:
-
-- All data lists and resources which are pushed to local nexus repository are available
-- Following ports are not occupied buy another service: 80, 8081, 8082, 10001
-- There's no docker container called "nexus"
-
-**Note: In case you skipped the Part 2 for the artifacts download,
-please ensure that the copy of resources data are untarred in
-./install/onap-offline/resources/**
-
-Whole nexus blob data tarball will be created by running script
-build\_nexus\_blob.sh. It will load the listed docker images, run the
-Nexus, configure it as npm and docker repository. Then it will push all
-listed npm packages and docker images to the repositories. After all is
-done the repository container is stopped and from the nexus-data
-directory is created tarball.
-
-There are mandatory parameters need to be set in configuration file:
-
-+------------------------------+------------------------------------------------------------------------------------------+
-| Parameter | Description |
-+==============================+==========================================================================================+
-| NXS\_SRC\_DOCKER\_IMG\_DIR | resource directory of docker images |
-+------------------------------+------------------------------------------------------------------------------------------+
-| NXS\_SRC\_NPM\_DIR | resource directory of npm packages |
-+------------------------------+------------------------------------------------------------------------------------------+
-| NXS\_SRC\_PYPI\_DIR | resource directory of npm packages |
-+------------------------------+------------------------------------------------------------------------------------------+
-| NXS\_DOCKER\_IMG\_LIST | list of docker images to be pushed to Nexus repository |
-+------------------------------+------------------------------------------------------------------------------------------+
-| NXS\_DOCKER\_WO\_LIST | list of docker images which uses default repository |
-+------------------------------+------------------------------------------------------------------------------------------+
-| NXS\_NPM\_LIST | list of npm packages to be published to Nexus repository |
-+------------------------------+------------------------------------------------------------------------------------------+
-| NXS\_PYPI\_LIST | list of pypi packages to be published to Nexus repository |
-+------------------------------+------------------------------------------------------------------------------------------+
-| NEXUS\_DATA\_TAR | target tarball of Nexus data path/name |
-+------------------------------+------------------------------------------------------------------------------------------+
-| NEXUS\_DATA\_DIR | directory used for the Nexus blob build |
-+------------------------------+------------------------------------------------------------------------------------------+
-| NEXUS\_IMAGE | Sonatype/Nexus3 docker image which will be used for data blob creation for this script |
-+------------------------------+------------------------------------------------------------------------------------------+
-
-Some of the docker images using default registry requires special
-treatment (e.g. they use different ports or SSL connection), therefore
-there is the list NXS\_DOCKER\_WO\_LIST by which are the images retagged
-to be able to push them to our nexus repository.
-
-**Note: It's recomended to use abolute paths in the configuration file
-for the current script**
-
-Example of the configuration file:
-
-::
-
- NXS_SRC_DOCKER_IMG_DIR="/tmp/onap-offline/resources/offline_data/docker_images_for_nexus"
- NXS_SRC_NPM_DIR="/tmp/onap-offline/resources/offline_data/npm_tar"
- NXS_DOCKER_IMG_LIST="/tmp/onap-me-data_lists/docker_img.list"
- NXS_DOCKER_WO_LIST="/tmp/onap-me-data_lists/docker_no_registry.list"
- NXS_NPM_LIST="/tmp/onap-offline/bash/tools/data_list/npm_list.txt"
- NXS_SRC_PYPI_DIR="/tmp/onap-offline/resources/offline_data/pypi"
- NXS_DOCKER_IMG_LIST="/tmp/onap-me-data_lists/docker_img.list"
- NXS_DOCKER_WO_LIST="/tmp/onap-me-data_lists/docker_no_registry.list"
- NXS_NPM_LIST="/tmp/onap-offline/bash/tools/data_list/onap_3.0.0-npm.list"
- NEXUS_DATA_TAR="/root/nexus_data.tar"
- NEXUS_DATA_DIR="/tmp/onap-offline/resources/nexus_data"
- NEXUS_IMAGE="/tmp/onap-offline/resources/offline_data/docker_images_infra/sonatype_nexus3_latest.tar"
-
-Once everything is ready you can run the script as following example:
+In order to build nexus blob all docker images required for ONAP offline platform should be available locally (see Part 2).
-``$ ./install/onap-offline/build_nexus_blob.sh /root/nexus_build.conf``
+.. note:: In case you skipped the Part 2 for the artifacts download, please ensure that the onap docker images are cached and copy of resources data are untarred in *./onap-offline/../resources/*
-Where the nexus\_build.conf is the configuration file and the
-/root/nexus\_data.tar is the destination tarball
-
-**Note: Move, link or mount the NEXUS\_DATA\_DIR to the resources
-directory if there was different directory specified in configuration or
-use the resulting nexus\_data.tar for movement between machines.**
-
-Once the Nexus data blob is created, the docker images and npm packages
-can be deleted to reduce the package size as they won't be needed in the
-installation time:
-
-E.g.
+*build_nexus_blob.sh* script will run the Nexus container and configure it as docker repository. Then it will push all docker images from previously generated list to it. After that the repository container is stopped and its filesystem gets saved to resources directory.
::
- rm -f /tmp/onap-offline/resources/offline_data/docker_images_for_nexus/*
- rm -rf /tmp/onap-offline/resources/offline_data/npm_tar
+ ./onap-offline/build/build_nexus_blob.sh
-Part 4. Application helm charts preparation and patching
---------------------------------------------------------
+It will load the listed docker images, run the Nexus, configure it as npm, pypi and docker repositories. Then it will push all listed docker images to the repositories. After all is done the repository container is stopped.
-This is about to clone oom repository and patch it to be able to use it
-offline. Use the following command:
+.. note:: By default the script uses data lists from ./build/data_lists/ directory and saves the blob to ../resources/nexus_data.
-./build/fetch\_and\_patch\_charts.sh <helm charts repo>
-<commit/tag/branch> <patchfile> <target\_dir>
+.. note:: By default the script uses "nexus" for the container name and binds 8081 and 8082 ports. Should those names/ports be already used please check the script options on how to customize them.
-For example:
-``$ ./build/fetch_and_patch_charts.sh https://gerrit.onap.org/r/oom 3.0.0-ONAP /tmp/offline-installer/patches/casablanca_3.0.0.patch /tmp/oom-clone``
+Part 4. Packages preparation
+----------------------------
+
+ONAP offline deliverable consist of 3 packages:
-Part 5. Creating offline installation package
----------------------------------------------
++---------------------------------------+------------------------------------------------------------------------------------+
+| Package | Description |
++=======================================+====================================================================================+
+| sw_package.tar | Contains provisioning software and configuration for infrastructure and ONAP |
++---------------------------------------+------------------------------------------------------------------------------------+
+| resources_package.tar | Contains all binary data and config files needed to deploy infrastructure and ONAP |
++---------------------------------------+------------------------------------------------------------------------------------+
+| aux_package.tar | Contains auxiliary input files that can be added to ONAP |
++---------------------------------------+------------------------------------------------------------------------------------+
-For the packagin itself it's necessary to prepare configuration. You can
-use ./build/package.conf as template or
-directly modify it.
+All packages can be created using build/package.py script. Beside of archiving files gathered in the previous steps, script also builds docker images used on infra server.
-There are some parameters needs to be set in configuration file.
-Example values below are setup according to steps done in this guide to package ONAP.
+From onap-offline directory run:
-+---------------------------------------+------------------------------------------------------------------------------+
-| Parameter | Description |
-+=======================================+==============================================================================+
-| HELM\_CHARTS\_DIR | directory with Helm charts for the application |
-| | |
-| | Example: /tmp/oom-clone/kubernetes |
-+---------------------------------------+------------------------------------------------------------------------------+
-| APP\_CONFIGURATION | application install configuration (application_configuration.yml) for |
-| | ansible installer and custom ansible role code directories if any. |
-| | |
-| | Example:: |
-| | |
-| | APP_CONFIGURATION=( |
-| | /tmp/offline-installer/config/application_configuration.yml |
-| | /tmp/offline-installer/patches/onap-casablanca-patch-role |
-| | ) |
-| | |
-+---------------------------------------+------------------------------------------------------------------------------+
-| APP\_BINARY\_RESOURCES\_DIR | directory with all (binary) resources for offline infra and application |
-| | |
-| | Example: /tmp/onap-offline/resources |
-+---------------------------------------+------------------------------------------------------------------------------+
-| APP\_AUX\_BINARIES | additional binaries such as docker images loaded during runtime [optional] |
-+---------------------------------------+------------------------------------------------------------------------------+
+::
-Offline installer packages are created with prepopulated data via
-following command run from offline-installer directory
+ ./build/package.py <helm charts repo> --build-version <version> --application-repository_reference <commit/tag/branch> --output-dir <target\_dir> --resources-directory <target\_dir>
-./build/package.sh <project> <version> <packaging target directory>
+For example:
-E.g.
+::
-``$ ./build/package.sh onap 1.0.1 /tmp/package"``
+ ./build/package.py https://gerrit.onap.org/r/oom --application-repository_reference <branch> --output-dir /tmp/packages --resources-directory /tmp/resources
+.. note:: replace <branch> by branch you want to build
-So in the target directory you should find tar files with
+Above command should produce following tar files in the target directory:
-offline-<PROJECT\_NAME>-<PROJECT\_VERSION>-sw.tar
+::
-offline-<PROJECT\_NAME>-<PROJECT\_VERSION>-resources.tar
+ sw_package.tar
+ resources_package.tar
+ aux_package.tar
-offline-<PROJECT\_NAME>-<PROJECT\_VERSION>-aux-resources.tar
Code Review / oom / offline-installer.git / blobdiff