diff options
Diffstat (limited to 'ansible/roles')
-rw-r--r-- | ansible/roles/nexus/defaults/main.yml | 2 | ||||
-rw-r--r-- | ansible/roles/nexus/files/configure.groovy | 37 | ||||
-rw-r--r-- | ansible/roles/nexus/tasks/configure.yml | 34 | ||||
-rw-r--r-- | ansible/roles/nexus/tasks/insert-images.yml | 19 | ||||
-rw-r--r-- | ansible/roles/nexus/tasks/install.yml | 29 | ||||
-rw-r--r-- | ansible/roles/nexus/tasks/main.yml | 2 | ||||
-rw-r--r-- | ansible/roles/nexus/tasks/runtime-populate.yml | 12 | ||||
-rw-r--r-- | ansible/roles/nexus/vars/main.yml | 1 | ||||
-rw-r--r-- | ansible/roles/rancher/tasks/main.yml | 2 | ||||
-rw-r--r-- | ansible/roles/rancher/tasks/rancher_agent.yml | 13 | ||||
-rw-r--r-- | ansible/roles/rancher/tasks/rancher_server.yml | 51 | ||||
-rw-r--r-- | ansible/roles/rancher/templates/kube_config.j2 | 19 |
12 files changed, 221 insertions, 0 deletions
diff --git a/ansible/roles/nexus/defaults/main.yml b/ansible/roles/nexus/defaults/main.yml new file mode 100644 index 00000000..57a79f95 --- /dev/null +++ b/ansible/roles/nexus/defaults/main.yml @@ -0,0 +1,2 @@ +#Defaults to install, can be set to configure. +phase: install diff --git a/ansible/roles/nexus/files/configure.groovy b/ansible/roles/nexus/files/configure.groovy new file mode 100644 index 00000000..5691fe64 --- /dev/null +++ b/ansible/roles/nexus/files/configure.groovy @@ -0,0 +1,37 @@ +import org.sonatype.nexus.security.realm.RealmManager +import org.sonatype.nexus.repository.attributes.AttributesFacet +import org.sonatype.nexus.security.user.UserManager +import org.sonatype.nexus.repository.manager.RepositoryManager +import org.sonatype.nexus.security.user.UserNotFoundException + +/* Use the container to look up some services. */ +realmManager = container.lookup(RealmManager.class) +userManager = container.lookup(UserManager.class, "default") //default user manager +repositoryManager = container.lookup(RepositoryManager.class) + +/* Managers are used when scripting api cannot. Note that scripting api can only create mostly, and that creation methods return objects of created entities. */ +/* Perform cleanup by removing all repos and users. Realms do not need to be re-disabled, admin and anonymous user will not be removed. */ +userManager.listUserIds().each({ id -> + if (id != "anonymous" && id != "admin") + userManager.deleteUser(id) +}) + +repositoryManager.browse().each { + repositoryManager.delete(it.getName()) +} + +/* Add bearer token realms at the end of realm lists... */ +realmManager.enableRealm("NpmToken") +realmManager.enableRealm("DockerToken") + +/* Create the docker user. */ +security.addUser("docker", "docker", "docker", "docker@example.com", true, "docker", ["nx-anonymous"]) + +/* Create npm and docker repositories. Their default configuration should be compliant with our requirements, except the docker registry creation. */ +repository.createNpmHosted("npm-private") +def r = repository.createDockerHosted("docker", 8082, 0) + +/* force basic authentication true by default, must set to false for docker repo. */ +conf=r.getConfiguration() +conf.attributes("docker").set("forceBasicAuth", false) +repositoryManager.update(conf) diff --git a/ansible/roles/nexus/tasks/configure.yml b/ansible/roles/nexus/tasks/configure.yml new file mode 100644 index 00000000..66712d8f --- /dev/null +++ b/ansible/roles/nexus/tasks/configure.yml @@ -0,0 +1,34 @@ +--- +- name: "check if the configuration script is uploaded" + uri: + url: "{{ nexus_url }}/service/rest/v1/script/configure" + method: GET + force_basic_auth: yes + user: admin + password: admin123 + status_code: [200, 404] + register: script +- block: + - name: "upload the configuration script" + uri: + url: "{{ nexus_url }}/service/rest/v1/script" + method: POST + force_basic_auth: yes + user: admin + password: admin123 + body_format: json + body: + name: configure + type: groovy + content: "{{ lookup('file', 'files/configure.groovy') }}" + status_code: [204] + - name: "execute configuration script" + uri: + url: "{{ nexus_url }}/service/rest/v1/script/configure/run" + method: POST + force_basic_auth: yes + user: admin + password: admin123 + body_format: raw + headers: { "Content-Type": "text/plain" } + when: script.status == 404 diff --git a/ansible/roles/nexus/tasks/insert-images.yml b/ansible/roles/nexus/tasks/insert-images.yml new file mode 100644 index 00000000..2e2a45c3 --- /dev/null +++ b/ansible/roles/nexus/tasks/insert-images.yml @@ -0,0 +1,19 @@ +--- +- name: Load docker images and push into registry + block: + - set_fact: + component: "{{ (item.path | basename | splitext)[0] }}" + + - name: Docker login + docker_login: + registry: "{{ runtime_images[component].registry }}" + username: admin + password: admin123 + + - name: Load and push component {{ component }} + docker_image: + name: "{{ runtime_images[component].registry }}{{ runtime_images[component].path }}" + tag: "{{ runtime_images[component].tag }}" + push: yes + load_path: "{{ item.path }}" + diff --git a/ansible/roles/nexus/tasks/install.yml b/ansible/roles/nexus/tasks/install.yml new file mode 100644 index 00000000..6dc82fe6 --- /dev/null +++ b/ansible/roles/nexus/tasks/install.yml @@ -0,0 +1,29 @@ +--- +- name: Change ownership of nexus_data + file: + path: "{{ app_data_path }}/nexus_data" + owner: 200 + group: 200 + recurse: yes + +- name: Load nexus image + docker_image: + name: sonatype/nexus3 + load_path: "{{ app_data_path }}/offline_data/docker_images_infra/sonatype_nexus3_latest.tar" + state: present + +- name: Create nexus network + docker_network: + name: nexus_network + state: present + +- name: Run nexus container + docker_container: + name: nexus + image: sonatype/nexus3 + networks: + - name: nexus_network + volumes: + - "{{ app_data_path }}/nexus_data:/nexus-data:rw" + state: started + restart_policy: unless-stopped diff --git a/ansible/roles/nexus/tasks/main.yml b/ansible/roles/nexus/tasks/main.yml new file mode 100644 index 00000000..c5905b13 --- /dev/null +++ b/ansible/roles/nexus/tasks/main.yml @@ -0,0 +1,2 @@ +--- +- include_tasks: "{{ phase }}.yml" diff --git a/ansible/roles/nexus/tasks/runtime-populate.yml b/ansible/roles/nexus/tasks/runtime-populate.yml new file mode 100644 index 00000000..e22b650e --- /dev/null +++ b/ansible/roles/nexus/tasks/runtime-populate.yml @@ -0,0 +1,12 @@ +--- +- name: Find images to be inserted into nexus in runtime + find: + paths: "{{ aux_data_path }}" + patterns: '*.tar' + register: tar_images + +# WA: block of tasks cant be executed in iterations +# need to iterate over those tasks in include +- include: "insert-images.yml" + with_items: "{{ tar_images.files }}" + diff --git a/ansible/roles/nexus/vars/main.yml b/ansible/roles/nexus/vars/main.yml new file mode 100644 index 00000000..63944161 --- /dev/null +++ b/ansible/roles/nexus/vars/main.yml @@ -0,0 +1 @@ +nexus_url: "https://nexus.{{ hostvars[groups.infrastructure[0]].ansible_nodename }}" diff --git a/ansible/roles/rancher/tasks/main.yml b/ansible/roles/rancher/tasks/main.yml new file mode 100644 index 00000000..1370a39f --- /dev/null +++ b/ansible/roles/rancher/tasks/main.yml @@ -0,0 +1,2 @@ +--- +- include_tasks: "rancher_{{ rancher_role }}.yml" diff --git a/ansible/roles/rancher/tasks/rancher_agent.yml b/ansible/roles/rancher/tasks/rancher_agent.yml new file mode 100644 index 00000000..4c9cb8dd --- /dev/null +++ b/ansible/roles/rancher/tasks/rancher_agent.yml @@ -0,0 +1,13 @@ +--- +- name: Add Rancher Agent + docker_container: + name: rancher_agent + image: "{{ server_hostvars.rancher_agent_image }}" + command: "{{ server_hostvars.rancher_agent_reg_url }}" + volumes: + - "/var/run/docker.sock:/var/run/docker.sock" + - "/var/lib/rancher:/var/lib/rancher" + auto_remove: yes + privileged: yes + vars: + server_hostvars: "{{ hostvars[groups.infrastructure.0] }}" diff --git a/ansible/roles/rancher/tasks/rancher_server.yml b/ansible/roles/rancher/tasks/rancher_server.yml new file mode 100644 index 00000000..9abf986b --- /dev/null +++ b/ansible/roles/rancher/tasks/rancher_server.yml @@ -0,0 +1,51 @@ +--- +# DO NOT ADD SPACE AROUND ';' +- name: Start rancher/server:v1.6.14 + docker_container: + name: rancher_server + image: rancher/server:v1.6.14 + command: ["sh", "-c", "/usr/sbin/update-ca-certificates;/usr/bin/entry /usr/bin/s6-svscan /service"] + ports: 8080:8080 + state: started + restart_policy: unless-stopped + volumes: + - "{{ app_data_path }}/certs:/usr/local/share/ca-certificates/extra:ro" + +- name: Wait for rancher server to be ready + uri: + url: "{{ rancher_server_url }}/v2-beta" + register: response + retries: 10 + delay: 30 + until: not response.failed + +- name: Create kubernetes environment + rancher_k8s_environment: + name: "{{ app_name }}" + descr: "Kubernetes environment for {{ app_name }}" + server: "{{ rancher_server_url }}" + delete_other_k8s: "{{ rancher_remove_other_env }}" + force: "{{ rancher_redeploy_k8s_env }}" + host_os: "{{ ansible_os_family }}" + register: env + retries: 10 + delay: 5 + until: env.data is defined + +- name: Set apikey values + set_fact: + k8s_env_id: "{{ env.data.environment.id }}" + key_public: "{{ env.data.apikey.public }}" + key_private: "{{ env.data.apikey.private }}" + rancher_agent_image: "{{ env.data.registration_tokens.image }}" + rancher_agent_reg_url: "{{ env.data.registration_tokens.reg_url }}" + +- name: Ensure .kube directory exists + file: + path: "{{ kube_directory }}" + state: directory + +- name: Create kube config + template: + src: kube_config.j2 + dest: "{{ kube_directory }}/config" diff --git a/ansible/roles/rancher/templates/kube_config.j2 b/ansible/roles/rancher/templates/kube_config.j2 new file mode 100644 index 00000000..87f332e6 --- /dev/null +++ b/ansible/roles/rancher/templates/kube_config.j2 @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Config +clusters: +- cluster: + api-version: v1 + insecure-skip-tls-verify: true + server: "https://{{ ansible_host }}:8080/r/projects/{{ k8s_env_id }}/kubernetes:6443" + name: "{{ app_name }}" +contexts: +- context: + cluster: "{{ app_name }}" + user: "{{ app_name }}" + name: "{{ app_name }}" +current-context: "{{ app_name }}" +users: +- name: "{{ app_name }}" + user: + token: "{{ (['Basic', [key_public, key_private] | join(':') | b64encode] | join(' ')) | b64encode }}" + |