From 3a7e073323bf1fa24e9f45bd849fb7657f20e859 Mon Sep 17 00:00:00 2001 From: Michal Zegan Date: Wed, 19 Dec 2018 11:51:26 +0100 Subject: Add nexus ansible role This role deploys the internal nexus used as offline source of docker images/npm packages for onap. Change-Id: Iaf398eb03614749d2b3c100c241726144ccae1a0 Issue-ID: OOM-1551 Signed-off-by: Michal Zegan --- ansible/roles/nexus/defaults/main.yml | 2 ++ ansible/roles/nexus/files/configure.groovy | 37 ++++++++++++++++++++++++++ ansible/roles/nexus/tasks/configure.yml | 34 +++++++++++++++++++++++ ansible/roles/nexus/tasks/insert-images.yml | 19 +++++++++++++ ansible/roles/nexus/tasks/install.yml | 29 ++++++++++++++++++++ ansible/roles/nexus/tasks/main.yml | 2 ++ ansible/roles/nexus/tasks/runtime-populate.yml | 12 +++++++++ ansible/roles/nexus/vars/main.yml | 1 + 8 files changed, 136 insertions(+) create mode 100644 ansible/roles/nexus/defaults/main.yml create mode 100644 ansible/roles/nexus/files/configure.groovy create mode 100644 ansible/roles/nexus/tasks/configure.yml create mode 100644 ansible/roles/nexus/tasks/insert-images.yml create mode 100644 ansible/roles/nexus/tasks/install.yml create mode 100644 ansible/roles/nexus/tasks/main.yml create mode 100644 ansible/roles/nexus/tasks/runtime-populate.yml create mode 100644 ansible/roles/nexus/vars/main.yml (limited to 'ansible/roles') diff --git a/ansible/roles/nexus/defaults/main.yml b/ansible/roles/nexus/defaults/main.yml new file mode 100644 index 00000000..57a79f95 --- /dev/null +++ b/ansible/roles/nexus/defaults/main.yml @@ -0,0 +1,2 @@ +#Defaults to install, can be set to configure. +phase: install diff --git a/ansible/roles/nexus/files/configure.groovy b/ansible/roles/nexus/files/configure.groovy new file mode 100644 index 00000000..5691fe64 --- /dev/null +++ b/ansible/roles/nexus/files/configure.groovy @@ -0,0 +1,37 @@ +import org.sonatype.nexus.security.realm.RealmManager +import org.sonatype.nexus.repository.attributes.AttributesFacet +import org.sonatype.nexus.security.user.UserManager +import org.sonatype.nexus.repository.manager.RepositoryManager +import org.sonatype.nexus.security.user.UserNotFoundException + +/* Use the container to look up some services. */ +realmManager = container.lookup(RealmManager.class) +userManager = container.lookup(UserManager.class, "default") //default user manager +repositoryManager = container.lookup(RepositoryManager.class) + +/* Managers are used when scripting api cannot. Note that scripting api can only create mostly, and that creation methods return objects of created entities. */ +/* Perform cleanup by removing all repos and users. Realms do not need to be re-disabled, admin and anonymous user will not be removed. */ +userManager.listUserIds().each({ id -> + if (id != "anonymous" && id != "admin") + userManager.deleteUser(id) +}) + +repositoryManager.browse().each { + repositoryManager.delete(it.getName()) +} + +/* Add bearer token realms at the end of realm lists... */ +realmManager.enableRealm("NpmToken") +realmManager.enableRealm("DockerToken") + +/* Create the docker user. */ +security.addUser("docker", "docker", "docker", "docker@example.com", true, "docker", ["nx-anonymous"]) + +/* Create npm and docker repositories. Their default configuration should be compliant with our requirements, except the docker registry creation. */ +repository.createNpmHosted("npm-private") +def r = repository.createDockerHosted("docker", 8082, 0) + +/* force basic authentication true by default, must set to false for docker repo. */ +conf=r.getConfiguration() +conf.attributes("docker").set("forceBasicAuth", false) +repositoryManager.update(conf) diff --git a/ansible/roles/nexus/tasks/configure.yml b/ansible/roles/nexus/tasks/configure.yml new file mode 100644 index 00000000..66712d8f --- /dev/null +++ b/ansible/roles/nexus/tasks/configure.yml @@ -0,0 +1,34 @@ +--- +- name: "check if the configuration script is uploaded" + uri: + url: "{{ nexus_url }}/service/rest/v1/script/configure" + method: GET + force_basic_auth: yes + user: admin + password: admin123 + status_code: [200, 404] + register: script +- block: + - name: "upload the configuration script" + uri: + url: "{{ nexus_url }}/service/rest/v1/script" + method: POST + force_basic_auth: yes + user: admin + password: admin123 + body_format: json + body: + name: configure + type: groovy + content: "{{ lookup('file', 'files/configure.groovy') }}" + status_code: [204] + - name: "execute configuration script" + uri: + url: "{{ nexus_url }}/service/rest/v1/script/configure/run" + method: POST + force_basic_auth: yes + user: admin + password: admin123 + body_format: raw + headers: { "Content-Type": "text/plain" } + when: script.status == 404 diff --git a/ansible/roles/nexus/tasks/insert-images.yml b/ansible/roles/nexus/tasks/insert-images.yml new file mode 100644 index 00000000..2e2a45c3 --- /dev/null +++ b/ansible/roles/nexus/tasks/insert-images.yml @@ -0,0 +1,19 @@ +--- +- name: Load docker images and push into registry + block: + - set_fact: + component: "{{ (item.path | basename | splitext)[0] }}" + + - name: Docker login + docker_login: + registry: "{{ runtime_images[component].registry }}" + username: admin + password: admin123 + + - name: Load and push component {{ component }} + docker_image: + name: "{{ runtime_images[component].registry }}{{ runtime_images[component].path }}" + tag: "{{ runtime_images[component].tag }}" + push: yes + load_path: "{{ item.path }}" + diff --git a/ansible/roles/nexus/tasks/install.yml b/ansible/roles/nexus/tasks/install.yml new file mode 100644 index 00000000..6dc82fe6 --- /dev/null +++ b/ansible/roles/nexus/tasks/install.yml @@ -0,0 +1,29 @@ +--- +- name: Change ownership of nexus_data + file: + path: "{{ app_data_path }}/nexus_data" + owner: 200 + group: 200 + recurse: yes + +- name: Load nexus image + docker_image: + name: sonatype/nexus3 + load_path: "{{ app_data_path }}/offline_data/docker_images_infra/sonatype_nexus3_latest.tar" + state: present + +- name: Create nexus network + docker_network: + name: nexus_network + state: present + +- name: Run nexus container + docker_container: + name: nexus + image: sonatype/nexus3 + networks: + - name: nexus_network + volumes: + - "{{ app_data_path }}/nexus_data:/nexus-data:rw" + state: started + restart_policy: unless-stopped diff --git a/ansible/roles/nexus/tasks/main.yml b/ansible/roles/nexus/tasks/main.yml new file mode 100644 index 00000000..c5905b13 --- /dev/null +++ b/ansible/roles/nexus/tasks/main.yml @@ -0,0 +1,2 @@ +--- +- include_tasks: "{{ phase }}.yml" diff --git a/ansible/roles/nexus/tasks/runtime-populate.yml b/ansible/roles/nexus/tasks/runtime-populate.yml new file mode 100644 index 00000000..e22b650e --- /dev/null +++ b/ansible/roles/nexus/tasks/runtime-populate.yml @@ -0,0 +1,12 @@ +--- +- name: Find images to be inserted into nexus in runtime + find: + paths: "{{ aux_data_path }}" + patterns: '*.tar' + register: tar_images + +# WA: block of tasks cant be executed in iterations +# need to iterate over those tasks in include +- include: "insert-images.yml" + with_items: "{{ tar_images.files }}" + diff --git a/ansible/roles/nexus/vars/main.yml b/ansible/roles/nexus/vars/main.yml new file mode 100644 index 00000000..63944161 --- /dev/null +++ b/ansible/roles/nexus/vars/main.yml @@ -0,0 +1 @@ +nexus_url: "https://nexus.{{ hostvars[groups.infrastructure[0]].ansible_nodename }}" -- cgit 1.2.3-korg