summaryrefslogtreecommitdiffstats
path: root/ansible
diff options
context:
space:
mode:
Diffstat (limited to 'ansible')
-rw-r--r--ansible/.gitignore1
-rwxr-xr-xansible/group_vars/all.yml15
-rw-r--r--ansible/infrastructure.yml52
-rw-r--r--ansible/roles/firewall/defaults/main.yml6
-rw-r--r--ansible/roles/firewall/tasks/firewall-disable.yml14
-rw-r--r--ansible/roles/firewall/tasks/main.yml2
-rw-r--r--ansible/roles/nexus/defaults/main.yml8
-rw-r--r--ansible/roles/nexus/tasks/configure.yml6
-rw-r--r--ansible/roles/nexus/tasks/insert-images.yml3
-rw-r--r--ansible/roles/nexus/tasks/install.yml14
-rw-r--r--ansible/roles/nexus/tasks/main.yml9
-rw-r--r--ansible/roles/nexus/tasks/runtime-populate.yml1
-rw-r--r--ansible/roles/nexus/vars/main.yml1
-rw-r--r--ansible/roles/nginx/templates/nginx.conf.j215
-rw-r--r--ansible/roles/package-repository/defaults/main.yml2
-rw-r--r--ansible/roles/package-repository/tasks/main.yml19
-rw-r--r--ansible/roles/setup/defaults/main.yml3
-rw-r--r--ansible/roles/setup/tasks/main.yml30
-rw-r--r--ansible/setup.yml28
19 files changed, 121 insertions, 108 deletions
diff --git a/ansible/.gitignore b/ansible/.gitignore
index 5cddc2eb..521beaa8 100644
--- a/ansible/.gitignore
+++ b/ansible/.gitignore
@@ -1 +1,2 @@
ansible_chroot
+application/*
diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml
index cd8c7f58..dc40238c 100755
--- a/ansible/group_vars/all.yml
+++ b/ansible/group_vars/all.yml
@@ -59,9 +59,8 @@ certificates:
# Default value is to allow redeploy
redeploy_k8s_env: yes
-# Distribute offline rpm repository
-# Default value is to distribute rpm
-deploy_rpm_repository: yes
+# Distribute offline software package (rpm,apt) repository
+deploy_package_repository: yes
# Offline solution is deploying app specific rpm repository and requires some name
# also for k8s cluster
@@ -78,13 +77,17 @@ app_name:
# prebuilt nexus blob in installation time.
# Component name must match with tar filename!
# e.g.
-# aaa-component-0.0.1.tar is expected in aux_data_path for aaa-component image
+# aaa/bbb-component-0.0.1.tar are expected in aux_data_path for component images.
#runtime_images:
-# aaa-component-0.0.1:
+# aaa-component-0.0.1:
# registry: "nexus3.onap.org:10001"
# path: "/onap/components/aaa-component"
# tag: "latest"
-runtime_images:
+# bbb-component-0.0.1:
+# registry: "nexus3.onap.org:10001"
+# path: "/onap/components/bbb-component"
+# tag: "latest"
+runtime_images: {}
###############################
# Application specific params #
diff --git a/ansible/infrastructure.yml b/ansible/infrastructure.yml
index e4715a9c..382ffd53 100644
--- a/ansible/infrastructure.yml
+++ b/ansible/infrastructure.yml
@@ -1,31 +1,9 @@
---
- name: Perform common environment setup for nodes
hosts: infrastructure, kubernetes
- tasks:
- - name: Setup resolv.conf
- lineinfile:
- line: "nameserver {{ hostvars[groups.infrastructure[0]].cluster_ip }}"
- path: /etc/resolv.conf
- state: present
- insertbefore: BOF
- become: yes
- - name: Add application offline rpm repository
- yum_repository:
- name: "{{ app_name }}"
- file: "{{ app_name | lower }}"
- description: "{{ app_name }} offline repository"
- baseurl: "{{ 'http://repo.infra-server/rhel' if 'infrastructure' not in group_names else 'file://' + app_data_path + '/pkg/rhel' }}"
- gpgcheck: no
- enabled: yes
- when: deploy_rpm_repository
- become: yes
-
-- name: Setup firewall
- hosts: infrastructure, kubernetes
roles:
+ - package-repository
- role: firewall
- vars:
- state: disable
- name: Setup infrastructure servers
hosts: infrastructure
@@ -34,34 +12,8 @@
- docker
- dns
- vncserver
- - role: nexus
- vars:
- phase: install
- nginx
- tasks:
- - name: "wait for nexus to come up"
- uri:
- url: "{{ nexus_url }}/service/metrics/healthcheck"
- user: admin
- password: admin123
- force_basic_auth: yes
- method: GET
- register: nexus_wait
- until: not nexus_wait.failed
- retries: 30
- delay: 10
-
-- name: Nexus changes in runtime
- hosts: infrastructure
- roles:
- - role: nexus
- vars:
- phase: configure
- when: populate_nexus | bool
- - role: nexus
- vars:
- phase: runtime-populate
- when: runtime_images is defined and runtime_images is not none
+ - nexus
- name: Setup base for Kubernetes nodes
hosts: kubernetes
diff --git a/ansible/roles/firewall/defaults/main.yml b/ansible/roles/firewall/defaults/main.yml
new file mode 100644
index 00000000..7cc9ae96
--- /dev/null
+++ b/ansible/roles/firewall/defaults/main.yml
@@ -0,0 +1,6 @@
+---
+firewall:
+ state: disable
+ package_name:
+ RedHat: 'firewalld'
+ Debian: 'ufw'
diff --git a/ansible/roles/firewall/tasks/firewall-disable.yml b/ansible/roles/firewall/tasks/firewall-disable.yml
index 9a8a2c10..f406d943 100644
--- a/ansible/roles/firewall/tasks/firewall-disable.yml
+++ b/ansible/roles/firewall/tasks/firewall-disable.yml
@@ -1,16 +1,14 @@
---
-- name: Check if firewalld is installed
- yum:
- list: firewalld
- disablerepo: "*"
- register: firewalld_check
+- name: Get installed packages list
+ package_facts:
+ manager: "auto"
-- name: Stop and disable firewalld if exists
+- name: Stop and disable default OS firewall if exists
service:
- name: firewalld
+ name: "{{ firewall.package_name[ansible_facts.os_family] }}"
state: stopped
enabled: no
- when: firewalld_check.results|selectattr('yumstate', 'match', 'installed')|list|length != 0
+ when: firewall.package_name[ansible_facts.os_family] in ansible_facts.packages
- name: Flush iptables
iptables:
diff --git a/ansible/roles/firewall/tasks/main.yml b/ansible/roles/firewall/tasks/main.yml
index f7bb7c74..29ea1958 100644
--- a/ansible/roles/firewall/tasks/main.yml
+++ b/ansible/roles/firewall/tasks/main.yml
@@ -1,2 +1,2 @@
---
-- include_tasks: "firewall-{{ state }}.yml"
+- include_tasks: "firewall-{{ firewall.state }}.yml"
diff --git a/ansible/roles/nexus/defaults/main.yml b/ansible/roles/nexus/defaults/main.yml
index 57a79f95..3776f44e 100644
--- a/ansible/roles/nexus/defaults/main.yml
+++ b/ansible/roles/nexus/defaults/main.yml
@@ -1,2 +1,6 @@
-#Defaults to install, can be set to configure.
-phase: install
+---
+# By default prepopulated nexus binary blob used.
+populate_nexus: false
+# By dafault no additional docker images pushed to nexus at runtime
+# but all images are pre-populated either at buildtime or at install time (populate_nexus).
+runtime_images: {}
diff --git a/ansible/roles/nexus/tasks/configure.yml b/ansible/roles/nexus/tasks/configure.yml
index 66712d8f..7e6c20e0 100644
--- a/ansible/roles/nexus/tasks/configure.yml
+++ b/ansible/roles/nexus/tasks/configure.yml
@@ -3,7 +3,7 @@
uri:
url: "{{ nexus_url }}/service/rest/v1/script/configure"
method: GET
- force_basic_auth: yes
+ force_basic_auth: true
user: admin
password: admin123
status_code: [200, 404]
@@ -13,7 +13,7 @@
uri:
url: "{{ nexus_url }}/service/rest/v1/script"
method: POST
- force_basic_auth: yes
+ force_basic_auth: true
user: admin
password: admin123
body_format: json
@@ -26,7 +26,7 @@
uri:
url: "{{ nexus_url }}/service/rest/v1/script/configure/run"
method: POST
- force_basic_auth: yes
+ force_basic_auth: true
user: admin
password: admin123
body_format: raw
diff --git a/ansible/roles/nexus/tasks/insert-images.yml b/ansible/roles/nexus/tasks/insert-images.yml
index fb8d7d82..f71d6990 100644
--- a/ansible/roles/nexus/tasks/insert-images.yml
+++ b/ansible/roles/nexus/tasks/insert-images.yml
@@ -14,6 +14,7 @@
docker_image:
name: "{{ runtime_images[component].registry }}{{ runtime_images[component].path }}"
tag: "{{ runtime_images[component].tag }}"
- push: yes
+ push: true
load_path: "{{ item.path }}"
timeout: 120
+ changed_when: false # for idenpotence
diff --git a/ansible/roles/nexus/tasks/install.yml b/ansible/roles/nexus/tasks/install.yml
index 1756b708..99d73dce 100644
--- a/ansible/roles/nexus/tasks/install.yml
+++ b/ansible/roles/nexus/tasks/install.yml
@@ -4,7 +4,7 @@
path: "{{ app_data_path }}/nexus_data"
owner: 200
group: 200
- recurse: yes
+ recurse: true
- name: Load nexus image
docker_image:
@@ -28,3 +28,15 @@
- "{{ app_data_path }}/nexus_data:/nexus-data:rw"
state: started
restart_policy: unless-stopped
+
+- name: Wait for nexus to come up
+ uri:
+ url: "{{ nexus_url }}/service/metrics/healthcheck"
+ user: admin
+ password: admin123
+ force_basic_auth: true
+ method: GET
+ retries: 30
+ delay: 10
+ register: nexus_wait
+ until: not nexus_wait.failed
diff --git a/ansible/roles/nexus/tasks/main.yml b/ansible/roles/nexus/tasks/main.yml
index c5905b13..c1d83515 100644
--- a/ansible/roles/nexus/tasks/main.yml
+++ b/ansible/roles/nexus/tasks/main.yml
@@ -1,2 +1,9 @@
---
-- include_tasks: "{{ phase }}.yml"
+- include_tasks: install.yml
+- include_tasks: configure.yml
+ when: populate_nexus | bool
+- include_tasks: runtime-populate.yml
+ when:
+ - runtime_images is defined
+ - runtime_images is not none
+ - runtime_images.keys() | length > 0
diff --git a/ansible/roles/nexus/tasks/runtime-populate.yml b/ansible/roles/nexus/tasks/runtime-populate.yml
index e22b650e..ac947ec7 100644
--- a/ansible/roles/nexus/tasks/runtime-populate.yml
+++ b/ansible/roles/nexus/tasks/runtime-populate.yml
@@ -9,4 +9,3 @@
# need to iterate over those tasks in include
- include: "insert-images.yml"
with_items: "{{ tar_images.files }}"
-
diff --git a/ansible/roles/nexus/vars/main.yml b/ansible/roles/nexus/vars/main.yml
index 63944161..5ec51869 100644
--- a/ansible/roles/nexus/vars/main.yml
+++ b/ansible/roles/nexus/vars/main.yml
@@ -1 +1,2 @@
+---
nexus_url: "https://nexus.{{ hostvars[groups.infrastructure[0]].ansible_nodename }}"
diff --git a/ansible/roles/nginx/templates/nginx.conf.j2 b/ansible/roles/nginx/templates/nginx.conf.j2
index fb48565f..ff9d2a9c 100644
--- a/ansible/roles/nginx/templates/nginx.conf.j2
+++ b/ansible/roles/nginx/templates/nginx.conf.j2
@@ -12,14 +12,6 @@ http {
proxy_send_timeout 120;
proxy_read_timeout 300;
- upstream nexus {
- server nexus:8081;
- }
-
- upstream registry {
- server nexus:8082;
- }
-
# http simulations
server {
listen 80;
@@ -38,6 +30,7 @@ http {
# nexus simulations
server {
+ resolver 127.0.0.11 valid=30s;
listen 80;
listen 443 ssl;
server_name {% for host in simulated_hosts.nexus -%}
@@ -53,11 +46,13 @@ http {
client_max_body_size 3G;
location / {
+ set $upstream_nexus nexus:8081;
+ set $upstream_registry nexus:8082;
# redirect to docker registry
if ($http_user_agent ~ docker ) {
- proxy_pass http://registry;
+ proxy_pass http://$upstream_registry;
}
- proxy_pass http://nexus;
+ proxy_pass http://$upstream_nexus;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
diff --git a/ansible/roles/package-repository/defaults/main.yml b/ansible/roles/package-repository/defaults/main.yml
new file mode 100644
index 00000000..ea5796df
--- /dev/null
+++ b/ansible/roles/package-repository/defaults/main.yml
@@ -0,0 +1,2 @@
+---
+deploy_package_repository: true
diff --git a/ansible/roles/package-repository/tasks/main.yml b/ansible/roles/package-repository/tasks/main.yml
new file mode 100644
index 00000000..686310e4
--- /dev/null
+++ b/ansible/roles/package-repository/tasks/main.yml
@@ -0,0 +1,19 @@
+---
+- name: Setup resolv.conf for node to find package repository by name from infra
+ lineinfile:
+ line: "nameserver {{ hostvars[groups.infrastructure[0]].cluster_ip }}"
+ path: /etc/resolv.conf
+ state: present
+ insertbefore: BOF
+ become: true
+
+- name: Add application offline package repository
+ yum_repository:
+ name: "{{ app_name }}"
+ file: "{{ app_name | lower }}"
+ description: "{{ app_name | upper }} offline repository"
+ baseurl: "{{ 'http://repo.infra-server/rhel' if 'infrastructure' not in group_names else 'file://' + app_data_path + '/pkg/rhel' }}"
+ gpgcheck: false
+ enabled: true
+ when: deploy_package_repository
+ become: true
diff --git a/ansible/roles/setup/defaults/main.yml b/ansible/roles/setup/defaults/main.yml
new file mode 100644
index 00000000..e7e89721
--- /dev/null
+++ b/ansible/roles/setup/defaults/main.yml
@@ -0,0 +1,3 @@
+---
+ssh_dir: ~/.ssh
+offline_ssh_key_file_name: offline_ssh_key \ No newline at end of file
diff --git a/ansible/roles/setup/tasks/main.yml b/ansible/roles/setup/tasks/main.yml
new file mode 100644
index 00000000..5ffcbab9
--- /dev/null
+++ b/ansible/roles/setup/tasks/main.yml
@@ -0,0 +1,30 @@
+---
+- name: "Check and generate key if needed"
+ block:
+ - name: ssh dir
+ file:
+ path: "{{ ssh_dir }}"
+ state: directory
+ mode: 0700
+
+ - name: check ssh pub key exists
+ stat:
+ path: '{{ private_key }}.pub'
+ register: p
+
+ - name: generate ssh keys
+ command: ssh-keygen -f {{ private_key }} -t rsa -N ''
+ when: not p.stat.exists
+ vars:
+ private_key: "{{ ssh_dir }}/{{ offline_ssh_key_file_name }}"
+ delegate_to: localhost
+ run_once: true
+
+- name: Setup authorized_keys file
+ authorized_key:
+ user: root
+ state: present
+ key: "{{ lookup('file', public_key) }}"
+ become: true
+ vars:
+ public_key: "{{ ssh_dir }}/{{ offline_ssh_key_file_name }}.pub"
diff --git a/ansible/setup.yml b/ansible/setup.yml
index ec572973..9e4f051d 100644
--- a/ansible/setup.yml
+++ b/ansible/setup.yml
@@ -1,26 +1,6 @@
---
-- hosts: localhost
+- name: Setup nodes for installer
+ hosts: all
gather_facts: false
- tasks:
- - name: "Check and generate key if needed"
- block:
- - stat:
- path: '{{ private_key }}.pub'
- register: p
-
- - command: ssh-keygen -f {{ private_key }} -t rsa -N ''
- when: not p.stat.exists
- vars:
- private_key: /root/.ssh/offline_ssh_key
-
-- hosts: all
- gather_facts: false
- tasks:
- - name: Setup authorized_keys file
- authorized_key:
- user: root
- state: present
- key: "{{ lookup('file', public_key) }}"
- become: true
- vars:
- public_key: /root/.ssh/offline_ssh_key.pub
+ roles:
+ - setup