diff options
Diffstat (limited to 'ansible')
-rw-r--r-- | ansible/.gitignore | 1 | ||||
-rwxr-xr-x | ansible/group_vars/all.yml | 15 | ||||
-rw-r--r-- | ansible/infrastructure.yml | 52 | ||||
-rw-r--r-- | ansible/roles/firewall/defaults/main.yml | 6 | ||||
-rw-r--r-- | ansible/roles/firewall/tasks/firewall-disable.yml | 14 | ||||
-rw-r--r-- | ansible/roles/firewall/tasks/main.yml | 2 | ||||
-rw-r--r-- | ansible/roles/nexus/defaults/main.yml | 8 | ||||
-rw-r--r-- | ansible/roles/nexus/tasks/configure.yml | 6 | ||||
-rw-r--r-- | ansible/roles/nexus/tasks/insert-images.yml | 3 | ||||
-rw-r--r-- | ansible/roles/nexus/tasks/install.yml | 14 | ||||
-rw-r--r-- | ansible/roles/nexus/tasks/main.yml | 9 | ||||
-rw-r--r-- | ansible/roles/nexus/tasks/runtime-populate.yml | 1 | ||||
-rw-r--r-- | ansible/roles/nexus/vars/main.yml | 1 | ||||
-rw-r--r-- | ansible/roles/nginx/templates/nginx.conf.j2 | 15 | ||||
-rw-r--r-- | ansible/roles/package-repository/defaults/main.yml | 2 | ||||
-rw-r--r-- | ansible/roles/package-repository/tasks/main.yml | 19 | ||||
-rw-r--r-- | ansible/roles/setup/defaults/main.yml | 3 | ||||
-rw-r--r-- | ansible/roles/setup/tasks/main.yml | 30 | ||||
-rw-r--r-- | ansible/setup.yml | 28 |
19 files changed, 121 insertions, 108 deletions
diff --git a/ansible/.gitignore b/ansible/.gitignore index 5cddc2eb..521beaa8 100644 --- a/ansible/.gitignore +++ b/ansible/.gitignore @@ -1 +1,2 @@ ansible_chroot +application/* diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml index cd8c7f58..dc40238c 100755 --- a/ansible/group_vars/all.yml +++ b/ansible/group_vars/all.yml @@ -59,9 +59,8 @@ certificates: # Default value is to allow redeploy redeploy_k8s_env: yes -# Distribute offline rpm repository -# Default value is to distribute rpm -deploy_rpm_repository: yes +# Distribute offline software package (rpm,apt) repository +deploy_package_repository: yes # Offline solution is deploying app specific rpm repository and requires some name # also for k8s cluster @@ -78,13 +77,17 @@ app_name: # prebuilt nexus blob in installation time. # Component name must match with tar filename! # e.g. -# aaa-component-0.0.1.tar is expected in aux_data_path for aaa-component image +# aaa/bbb-component-0.0.1.tar are expected in aux_data_path for component images. #runtime_images: -# aaa-component-0.0.1: +# aaa-component-0.0.1: # registry: "nexus3.onap.org:10001" # path: "/onap/components/aaa-component" # tag: "latest" -runtime_images: +# bbb-component-0.0.1: +# registry: "nexus3.onap.org:10001" +# path: "/onap/components/bbb-component" +# tag: "latest" +runtime_images: {} ############################### # Application specific params # diff --git a/ansible/infrastructure.yml b/ansible/infrastructure.yml index e4715a9c..382ffd53 100644 --- a/ansible/infrastructure.yml +++ b/ansible/infrastructure.yml @@ -1,31 +1,9 @@ --- - name: Perform common environment setup for nodes hosts: infrastructure, kubernetes - tasks: - - name: Setup resolv.conf - lineinfile: - line: "nameserver {{ hostvars[groups.infrastructure[0]].cluster_ip }}" - path: /etc/resolv.conf - state: present - insertbefore: BOF - become: yes - - name: Add application offline rpm repository - yum_repository: - name: "{{ app_name }}" - file: "{{ app_name | lower }}" - description: "{{ app_name }} offline repository" - baseurl: "{{ 'http://repo.infra-server/rhel' if 'infrastructure' not in group_names else 'file://' + app_data_path + '/pkg/rhel' }}" - gpgcheck: no - enabled: yes - when: deploy_rpm_repository - become: yes - -- name: Setup firewall - hosts: infrastructure, kubernetes roles: + - package-repository - role: firewall - vars: - state: disable - name: Setup infrastructure servers hosts: infrastructure @@ -34,34 +12,8 @@ - docker - dns - vncserver - - role: nexus - vars: - phase: install - nginx - tasks: - - name: "wait for nexus to come up" - uri: - url: "{{ nexus_url }}/service/metrics/healthcheck" - user: admin - password: admin123 - force_basic_auth: yes - method: GET - register: nexus_wait - until: not nexus_wait.failed - retries: 30 - delay: 10 - -- name: Nexus changes in runtime - hosts: infrastructure - roles: - - role: nexus - vars: - phase: configure - when: populate_nexus | bool - - role: nexus - vars: - phase: runtime-populate - when: runtime_images is defined and runtime_images is not none + - nexus - name: Setup base for Kubernetes nodes hosts: kubernetes diff --git a/ansible/roles/firewall/defaults/main.yml b/ansible/roles/firewall/defaults/main.yml new file mode 100644 index 00000000..7cc9ae96 --- /dev/null +++ b/ansible/roles/firewall/defaults/main.yml @@ -0,0 +1,6 @@ +--- +firewall: + state: disable + package_name: + RedHat: 'firewalld' + Debian: 'ufw' diff --git a/ansible/roles/firewall/tasks/firewall-disable.yml b/ansible/roles/firewall/tasks/firewall-disable.yml index 9a8a2c10..f406d943 100644 --- a/ansible/roles/firewall/tasks/firewall-disable.yml +++ b/ansible/roles/firewall/tasks/firewall-disable.yml @@ -1,16 +1,14 @@ --- -- name: Check if firewalld is installed - yum: - list: firewalld - disablerepo: "*" - register: firewalld_check +- name: Get installed packages list + package_facts: + manager: "auto" -- name: Stop and disable firewalld if exists +- name: Stop and disable default OS firewall if exists service: - name: firewalld + name: "{{ firewall.package_name[ansible_facts.os_family] }}" state: stopped enabled: no - when: firewalld_check.results|selectattr('yumstate', 'match', 'installed')|list|length != 0 + when: firewall.package_name[ansible_facts.os_family] in ansible_facts.packages - name: Flush iptables iptables: diff --git a/ansible/roles/firewall/tasks/main.yml b/ansible/roles/firewall/tasks/main.yml index f7bb7c74..29ea1958 100644 --- a/ansible/roles/firewall/tasks/main.yml +++ b/ansible/roles/firewall/tasks/main.yml @@ -1,2 +1,2 @@ --- -- include_tasks: "firewall-{{ state }}.yml" +- include_tasks: "firewall-{{ firewall.state }}.yml" diff --git a/ansible/roles/nexus/defaults/main.yml b/ansible/roles/nexus/defaults/main.yml index 57a79f95..3776f44e 100644 --- a/ansible/roles/nexus/defaults/main.yml +++ b/ansible/roles/nexus/defaults/main.yml @@ -1,2 +1,6 @@ -#Defaults to install, can be set to configure. -phase: install +--- +# By default prepopulated nexus binary blob used. +populate_nexus: false +# By dafault no additional docker images pushed to nexus at runtime +# but all images are pre-populated either at buildtime or at install time (populate_nexus). +runtime_images: {} diff --git a/ansible/roles/nexus/tasks/configure.yml b/ansible/roles/nexus/tasks/configure.yml index 66712d8f..7e6c20e0 100644 --- a/ansible/roles/nexus/tasks/configure.yml +++ b/ansible/roles/nexus/tasks/configure.yml @@ -3,7 +3,7 @@ uri: url: "{{ nexus_url }}/service/rest/v1/script/configure" method: GET - force_basic_auth: yes + force_basic_auth: true user: admin password: admin123 status_code: [200, 404] @@ -13,7 +13,7 @@ uri: url: "{{ nexus_url }}/service/rest/v1/script" method: POST - force_basic_auth: yes + force_basic_auth: true user: admin password: admin123 body_format: json @@ -26,7 +26,7 @@ uri: url: "{{ nexus_url }}/service/rest/v1/script/configure/run" method: POST - force_basic_auth: yes + force_basic_auth: true user: admin password: admin123 body_format: raw diff --git a/ansible/roles/nexus/tasks/insert-images.yml b/ansible/roles/nexus/tasks/insert-images.yml index fb8d7d82..f71d6990 100644 --- a/ansible/roles/nexus/tasks/insert-images.yml +++ b/ansible/roles/nexus/tasks/insert-images.yml @@ -14,6 +14,7 @@ docker_image: name: "{{ runtime_images[component].registry }}{{ runtime_images[component].path }}" tag: "{{ runtime_images[component].tag }}" - push: yes + push: true load_path: "{{ item.path }}" timeout: 120 + changed_when: false # for idenpotence diff --git a/ansible/roles/nexus/tasks/install.yml b/ansible/roles/nexus/tasks/install.yml index 1756b708..99d73dce 100644 --- a/ansible/roles/nexus/tasks/install.yml +++ b/ansible/roles/nexus/tasks/install.yml @@ -4,7 +4,7 @@ path: "{{ app_data_path }}/nexus_data" owner: 200 group: 200 - recurse: yes + recurse: true - name: Load nexus image docker_image: @@ -28,3 +28,15 @@ - "{{ app_data_path }}/nexus_data:/nexus-data:rw" state: started restart_policy: unless-stopped + +- name: Wait for nexus to come up + uri: + url: "{{ nexus_url }}/service/metrics/healthcheck" + user: admin + password: admin123 + force_basic_auth: true + method: GET + retries: 30 + delay: 10 + register: nexus_wait + until: not nexus_wait.failed diff --git a/ansible/roles/nexus/tasks/main.yml b/ansible/roles/nexus/tasks/main.yml index c5905b13..c1d83515 100644 --- a/ansible/roles/nexus/tasks/main.yml +++ b/ansible/roles/nexus/tasks/main.yml @@ -1,2 +1,9 @@ --- -- include_tasks: "{{ phase }}.yml" +- include_tasks: install.yml +- include_tasks: configure.yml + when: populate_nexus | bool +- include_tasks: runtime-populate.yml + when: + - runtime_images is defined + - runtime_images is not none + - runtime_images.keys() | length > 0 diff --git a/ansible/roles/nexus/tasks/runtime-populate.yml b/ansible/roles/nexus/tasks/runtime-populate.yml index e22b650e..ac947ec7 100644 --- a/ansible/roles/nexus/tasks/runtime-populate.yml +++ b/ansible/roles/nexus/tasks/runtime-populate.yml @@ -9,4 +9,3 @@ # need to iterate over those tasks in include - include: "insert-images.yml" with_items: "{{ tar_images.files }}" - diff --git a/ansible/roles/nexus/vars/main.yml b/ansible/roles/nexus/vars/main.yml index 63944161..5ec51869 100644 --- a/ansible/roles/nexus/vars/main.yml +++ b/ansible/roles/nexus/vars/main.yml @@ -1 +1,2 @@ +--- nexus_url: "https://nexus.{{ hostvars[groups.infrastructure[0]].ansible_nodename }}" diff --git a/ansible/roles/nginx/templates/nginx.conf.j2 b/ansible/roles/nginx/templates/nginx.conf.j2 index fb48565f..ff9d2a9c 100644 --- a/ansible/roles/nginx/templates/nginx.conf.j2 +++ b/ansible/roles/nginx/templates/nginx.conf.j2 @@ -12,14 +12,6 @@ http { proxy_send_timeout 120; proxy_read_timeout 300; - upstream nexus { - server nexus:8081; - } - - upstream registry { - server nexus:8082; - } - # http simulations server { listen 80; @@ -38,6 +30,7 @@ http { # nexus simulations server { + resolver 127.0.0.11 valid=30s; listen 80; listen 443 ssl; server_name {% for host in simulated_hosts.nexus -%} @@ -53,11 +46,13 @@ http { client_max_body_size 3G; location / { + set $upstream_nexus nexus:8081; + set $upstream_registry nexus:8082; # redirect to docker registry if ($http_user_agent ~ docker ) { - proxy_pass http://registry; + proxy_pass http://$upstream_registry; } - proxy_pass http://nexus; + proxy_pass http://$upstream_nexus; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; diff --git a/ansible/roles/package-repository/defaults/main.yml b/ansible/roles/package-repository/defaults/main.yml new file mode 100644 index 00000000..ea5796df --- /dev/null +++ b/ansible/roles/package-repository/defaults/main.yml @@ -0,0 +1,2 @@ +--- +deploy_package_repository: true diff --git a/ansible/roles/package-repository/tasks/main.yml b/ansible/roles/package-repository/tasks/main.yml new file mode 100644 index 00000000..686310e4 --- /dev/null +++ b/ansible/roles/package-repository/tasks/main.yml @@ -0,0 +1,19 @@ +--- +- name: Setup resolv.conf for node to find package repository by name from infra + lineinfile: + line: "nameserver {{ hostvars[groups.infrastructure[0]].cluster_ip }}" + path: /etc/resolv.conf + state: present + insertbefore: BOF + become: true + +- name: Add application offline package repository + yum_repository: + name: "{{ app_name }}" + file: "{{ app_name | lower }}" + description: "{{ app_name | upper }} offline repository" + baseurl: "{{ 'http://repo.infra-server/rhel' if 'infrastructure' not in group_names else 'file://' + app_data_path + '/pkg/rhel' }}" + gpgcheck: false + enabled: true + when: deploy_package_repository + become: true diff --git a/ansible/roles/setup/defaults/main.yml b/ansible/roles/setup/defaults/main.yml new file mode 100644 index 00000000..e7e89721 --- /dev/null +++ b/ansible/roles/setup/defaults/main.yml @@ -0,0 +1,3 @@ +--- +ssh_dir: ~/.ssh +offline_ssh_key_file_name: offline_ssh_key
\ No newline at end of file diff --git a/ansible/roles/setup/tasks/main.yml b/ansible/roles/setup/tasks/main.yml new file mode 100644 index 00000000..5ffcbab9 --- /dev/null +++ b/ansible/roles/setup/tasks/main.yml @@ -0,0 +1,30 @@ +--- +- name: "Check and generate key if needed" + block: + - name: ssh dir + file: + path: "{{ ssh_dir }}" + state: directory + mode: 0700 + + - name: check ssh pub key exists + stat: + path: '{{ private_key }}.pub' + register: p + + - name: generate ssh keys + command: ssh-keygen -f {{ private_key }} -t rsa -N '' + when: not p.stat.exists + vars: + private_key: "{{ ssh_dir }}/{{ offline_ssh_key_file_name }}" + delegate_to: localhost + run_once: true + +- name: Setup authorized_keys file + authorized_key: + user: root + state: present + key: "{{ lookup('file', public_key) }}" + become: true + vars: + public_key: "{{ ssh_dir }}/{{ offline_ssh_key_file_name }}.pub" diff --git a/ansible/setup.yml b/ansible/setup.yml index ec572973..9e4f051d 100644 --- a/ansible/setup.yml +++ b/ansible/setup.yml @@ -1,26 +1,6 @@ --- -- hosts: localhost +- name: Setup nodes for installer + hosts: all gather_facts: false - tasks: - - name: "Check and generate key if needed" - block: - - stat: - path: '{{ private_key }}.pub' - register: p - - - command: ssh-keygen -f {{ private_key }} -t rsa -N '' - when: not p.stat.exists - vars: - private_key: /root/.ssh/offline_ssh_key - -- hosts: all - gather_facts: false - tasks: - - name: Setup authorized_keys file - authorized_key: - user: root - state: present - key: "{{ lookup('file', public_key) }}" - become: true - vars: - public_key: /root/.ssh/offline_ssh_key.pub + roles: + - setup |