diff options
author | edan.binshtok <eb578m@intl.att.com> | 2017-11-21 20:06:04 +0200 |
---|---|---|
committer | edan.binshtok <eb578m@intl.att.com> | 2017-11-21 20:09:14 +0200 |
commit | 307215471b50e1f27654819434fb08de4d003d82 (patch) | |
tree | 36e07c3fe747d17a6d1e7d2642f2afd567a7d4b9 /ansible/roles/ansible-vvp-templates/templates | |
parent | eb123edb162afc20da8d618df1e77d73b8236f6d (diff) |
Fix gitignore and missing files
Due to bad gitignore some files were missing.
Now .vault_passwords added and dirs under roles
Issue-ID: VVP-32
Change-Id: I2b9b7afe305603b37fbfe184dc36156c8461bc85
Signed-off-by: edan.binshtok <eb578m@intl.att.com>
Diffstat (limited to 'ansible/roles/ansible-vvp-templates/templates')
29 files changed, 2307 insertions, 0 deletions
diff --git a/ansible/roles/ansible-vvp-templates/templates/configmaps/haproxy-cfg-configmap.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/configmaps/haproxy-cfg-configmap.yaml.j2 new file mode 100644 index 0000000..3fd9055 --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/templates/configmaps/haproxy-cfg-configmap.yaml.j2 @@ -0,0 +1,198 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +kind: ConfigMap +apiVersion: v1 +metadata: + name: ext-haproxy-cfg + namespace: default +data: + file: | + resolvers dns + nameserver pod_dns "10.3.0.10:53" + resolve_retries 3 + timeout retry 1s + hold valid 30s + + defaults + mode http + timeout connect 5000ms + timeout client 50000ms + timeout server 50000ms + option httpclose + option redispatch + option abortonclose + option httplog + option dontlognull + default-server init-addr last,libc,none + + backend gitlab_ssh + mode tcp + option tcplog + timeout server 2h + server gitlabssh gitlab:22 resolvers dns + + frontend gitlab_ssh_frontend + mode tcp + option tcplog + timeout client 2h + bind 0.0.0.0:22 + acl is_ssh dst_port 22 + use_backend gitlab_ssh if is_ssh + + backend portal_backend + mode http + server ice_portal portal:8181 resolvers dns + + backend api + mode http + server engagement_manager em:80 resolvers dns + + backend s3 + mode http + balance roundrobin + option httpchk HEAD / +{% for host in rgws %} + server {{ host['name'] }} {{ host['ip'] }}:{{ hostvars[host['name']]['radosgw_civetweb_port'] }} check inter 10000ms +{% endfor %} + + frontend portal + mode http + redirect scheme https if !{ ssl_fc } + acl is_api_call path_beg -i /ice + acl is_s3 hdr_beg(host) s3. staging-s3. dev-s3. + use_backend api if is_api_call + use_backend s3 if is_s3 + bind 0.0.0.0:80 + bind 0.0.0.0:443 ssl crt /etc/haproxy/site.pem force-tlsv12 + default_backend portal_backend + + listen stats + bind 0.0.0.0:9001 + mode http + stats enable # Enable stats page + stats realm Haproxy\ Statistics + stats uri /haproxy_stats + stats auth "${HAPROXY_USER}:${HAPROXY_PASS}" + acl network_allowed src 10.252.0.0/16 127.0.0.1/32 10.2.0.0/16 + http-request deny if !network_allowed +--- +kind: ConfigMap +apiVersion: v1 +metadata: + name: int-haproxy-cfg + namespace: default +data: + file: | + resolvers dns + nameserver pod_dns "10.3.0.10:53" + resolve_retries 3 + timeout retry 1s + hold valid 30s + + defaults + mode http + timeout connect 5000ms + timeout client 50000ms + timeout server 50000ms + option httpclose + option redispatch + option abortonclose + option httplog + option dontlognull + default-server init-addr last,libc,none + + backend gitlab_web_backend + mode http + server gitlab_web_1 gitlab:80 resolvers dns + + frontend gitlab_web + mode http + bind 0.0.0.0:80 + + acl is_scanner path_beg /imagescanner + acl is_em_admin hdr_beg(host) em. staging-em. dev-em. + acl is_cms hdr_beg(host) cms. staging-cms. dev-cms. + acl is_ci_admin hdr_beg(host) staging-ci. dev-ci. + acl is_s3 hdr_beg(host) s3. staging-s3. dev-s3. + + use_backend imagescanner if is_em_admin is_scanner + use_backend cms if is_cms + use_backend api if is_em_admin + use_backend ci if is_ci_admin + use_backend s3 if is_s3 + + default_backend gitlab_web_backend + + backend s3 + mode http + balance roundrobin +{% for host in rgws %} + server {{ host['name'] }} {{ host['ip'] }}:{{ hostvars[host['name']]['radosgw_civetweb_port'] }} +{% endfor %} + + backend cms + mode http + server cms_server cms:80 resolvers dns + + backend api + mode http + server engagement_manager em:80 resolvers dns + + backend ci + mode http + server ci_test ci:8282 resolvers dns + + listen jenkins + bind 0.0.0.0:8080 + server jenkins jenkins:8080 resolvers dns + + backend imagescanner + mode http + server imagescanner imagescanner:80 resolvers dns + + listen stats + bind 0.0.0.0:9000 + mode http + stats enable # Enable stats page + stats realm Haproxy\ Statistics + stats uri /haproxy_stats + stats auth "${HAPROXY_USER}:${HAPROXY_PASS}" + acl network_allowed src 10.252.0.0/16 127.0.0.1/32 10.2.0.0/16 + block if !network_allowed diff --git a/ansible/roles/ansible-vvp-templates/templates/configmaps/s3provision-configmap.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/configmaps/s3provision-configmap.yaml.j2 new file mode 100644 index 0000000..6e30492 --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/templates/configmaps/s3provision-configmap.yaml.j2 @@ -0,0 +1,86 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +kind: ConfigMap +apiVersion: v1 +metadata: + name: s3provision + namespace: default +data: + s3cmd.cfg: | + [default] + access_key = {{ vault_aws_access_key_id }} + host_base = {{ rgws[0]['ip'] }}:{{ hostvars[rgws[0]['name']]['radosgw_civetweb_port'] }} + host_bucket = + secret_key = {{ vault_aws_secret_access_key }} + use_https = False + verbosity = INFO + corsconf.xml: | + <CORSConfiguration> + <CORSRule> + <ID>Allow GET and HEAD from our domain.</ID> + <AllowedOrigin>https://{{ domain }}</AllowedOrigin> + <AllowedOrigin>http://{{ cms_dns_name }}</AllowedOrigin> + <AllowedOrigin>http://{{ em_domain_name }}</AllowedOrigin> + <AllowedMethod>GET</AllowedMethod> + <AllowedMethod>HEAD</AllowedMethod> + <AllowedHeader>Content-*</AllowedHeader> + <AllowedHeader>Host</AllowedHeader> + <ExposeHeader>ETag</ExposeHeader> + <MaxAgeSeconds>1800</MaxAgeSeconds> + </CORSRule> + </CORSConfiguration> + entrypoint.sh: | + #!/bin/sh + set -ex + echo Running $0 ... + s3cmd="s3cmd -c /opt/configmaps/s3provision/s3cmd.cfg" + corsconf="/opt/configmaps/s3provision/corsconf.xml" + + pip install s3cmd + + for bucket in em-static cms-static em-media cms-media; do + $s3cmd mb s3://$bucket + done + + for bucket in em-static cms-static; do + $s3cmd setcors $corsconf s3://$bucket + done + + echo $0 complete. diff --git a/ansible/roles/ansible-vvp-templates/templates/deployments/10-gitlab-deployment.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/deployments/10-gitlab-deployment.yaml.j2 new file mode 100644 index 0000000..6771b1f --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/templates/deployments/10-gitlab-deployment.yaml.j2 @@ -0,0 +1,108 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: gitlab +spec: + replicas: 1 + template: + metadata: + labels: + run: gitlab + spec: + containers: + - name: gitlab + image: {{container_uri}}rkt-gitlab:{{container_tag}} + ports: + - containerPort: 80 + - containerPort: 22 + securityContext: + privileged: true + volumeMounts: + - mountPath: /var/opt/gitlab + name: gitlab + subPath: var/opt/gitlab + - mountPath: /etc/gitlab + name: gitlab + subPath: etc/gitlab + - mountPath: /var/log/gitlab + name: gitlab + subPath: var/log/gitlab + - mountPath: /tmp/deploykey + name: jenkins-deploykey + env: + - name: ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: gitlab-password + key: password + - name: AUTHENTICATION_TOKEN + valueFrom: + secretKeyRef: + name: gitlab-password + key: auth-token + - name: EXTERNAL_URL + value: "http://{{git_dns_name}}" +{% if enable_liveness_probes %} + livenessProbe: + httpGet: + path: / + port: 80 + initialDelaySeconds: {{livenessProbe_initialDelaySeconds.gitlab | default(120)}} + periodSeconds: 15 +{% endif %} + volumes: + - name: gitlab + rbd: + monitors: +{% for ip in mon_ips %} + - "{{ ip }}" +{% endfor %} + pool: rbd + image: gitlab + user: admin + secretRef: + name: "ceph-secret" + fsType: xfs + readOnly: false + - name: jenkins-deploykey + secret: + secretName: jenkins-deploykey diff --git a/ansible/roles/ansible-vvp-templates/templates/deployments/10-postgresql-deployment.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/deployments/10-postgresql-deployment.yaml.j2 new file mode 100644 index 0000000..e78bfc9 --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/templates/deployments/10-postgresql-deployment.yaml.j2 @@ -0,0 +1,108 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: postgresql +spec: + replicas: 1 + template: + metadata: + labels: + run: postgresql + spec: + containers: + - name: postgresql + image: {{container_uri}}rkt-postgresql:{{container_tag}} + ports: + - containerPort: 5432 + volumeMounts: + - mountPath: /var/lib/postgresql/data + name: postgresql-data + - mountPath: /etc/postgresql/conf.d/ + name: postgresql-conf + - mountPath: /docker-entrypoint-initdb.d/ + name: postgresql-initdb + env: + - name: POSTGRES_DB + value: icedb + - name: ICE_CMS_DB_NAME + value: icecmsdb + - name: POSTGRES_USER + value: {{vault_em_postgresql_user}} + - name: ICE_CMS_DB_USER + value: {{vault_cms_postgresql_user}} + - name: ICE_CMS_DB_PASSWORD + valueFrom: + secretKeyRef: + name: postgresql-passwords + key: cmsPassword + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: postgresql-passwords + key: emPassword +{% if enable_liveness_probes %} + livenessProbe: + timeoutSeconds: 1 + initialDelaySeconds: {{livenessProbe_initialDelaySeconds.postgresql | default(120)}} + tcpSocket: + port: 5432 +{% endif %} + volumes: + - name: postgresql-data + rbd: + monitors: +{% for ip in mon_ips %} + - "{{ ip }}" +{% endfor %} + pool: rbd + image: em_postgresql + user: admin + secretRef: + name: "ceph-secret" + fsType: xfs + readOnly: false + - name: postgresql-conf + configMap: + name: postgresql-conf + - name: postgresql-initdb + configMap: + name: postgresql-initdb diff --git a/ansible/roles/ansible-vvp-templates/templates/deployments/10-redis.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/deployments/10-redis.yaml.j2 new file mode 100644 index 0000000..523504a --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/templates/deployments/10-redis.yaml.j2 @@ -0,0 +1,55 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: redis +spec: + replicas: 1 + template: + metadata: + labels: + run: redis + spec: + containers: + - name: redis + image: redis:alpine + ports: + - containerPort: 6379 diff --git a/ansible/roles/ansible-vvp-templates/templates/deployments/20-ci-uwsgi-deployment.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/deployments/20-ci-uwsgi-deployment.yaml.j2 new file mode 100644 index 0000000..98a04b5 --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/templates/deployments/20-ci-uwsgi-deployment.yaml.j2 @@ -0,0 +1,165 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +{% if ice_environment != 'production' %} +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: ci-uwsgi +spec: + template: + spec: + volumes: + - name: ci-settings + configMap: + name: ci-settings + - name: site-crt + secret: + secretName: site-crt +{% if devenv is defined %} + - name: ci-rsync + hostPath: + path: /var/devenv/ice-ci/ +{% endif %} + containers: + - name: ci-uwsgi + image: {{container_uri}}rkt-ice-ci:{{container_tag}} + ports: + - containerPort: 80 + - containerPort: 8282 + - containerPort: 9000 + volumeMounts: + - name: ci-settings + mountPath: /opt/configmaps/settings/ + - name: site-crt + mountPath: /opt/secrets/site-crt/ +{% if devenv is defined %} + - name: ci-rsync + mountPath: /app +{% endif %} + env: + - name: ICE_ENVIRONMENT + value: "{{ice_environment}}" + - name: PROGRAM_NAME_URL_PREFIX + value: "ice" + - name: SECRET_KEY + valueFrom: + secretKeyRef: {name: em-secret, key: key} + - name: EM_DB_HOST + value: postgresql + - name: EM_DB_PORT + value: "5432" + - name: EM_DB_NAME + value: icedb + - name: EM_DB_USER + value: "{{vault_em_postgresql_user}}" + - name: EM_DB_PASSWORD + valueFrom: + secretKeyRef: {name: postgresql-passwords, key: emPassword} + - name: CMS_DB_HOST + value: postgresql + - name: CMS_DB_PORT + value: "5432" + - name: CMS_DB_NAME + value: "{{cms_postgresql_db|default('icecmsdb')}}" + - name: CMS_DB_USER + value: "{{vault_cms_postgresql_user}}" + - name: CMS_DB_PASSWORD + valueFrom: + secretKeyRef: {name: postgresql-passwords, key: cmsPassword} + - name: CI_DB_HOST + value: postgresql + - name: CI_DB_PORT + value: "5432" + - name: CI_DB_NAME + value: icedb + - name: CI_DB_USER + value: "{{vault_em_postgresql_user}}" + - name: CI_DB_PASSWORD + valueFrom: + secretKeyRef: {name: postgresql-passwords, key: ciPassword} + - name: STATIC_ROOT + value: "/app/htdocs" + - name: ICE_CONTACT_FROM_ADDRESS + value: "{{vault_email_host_user}}" + - name: SECRET_WEBHOOK_TOKEN + valueFrom: + secretKeyRef: {name: em-secret, key: em_webhook_token} + - name: SECRET_GITLAB_AUTH_TOKEN + valueFrom: + secretKeyRef: {name: gitlab-password, key: auth-token} + - name: SECRET_JENKINS_PASSWORD + valueFrom: + secretKeyRef: {name: em-secret, key: jenkins_admin_password} + - name: ICE_DOMAIN + value: https://{{domain}} + - name: ICE_EM_DOMAIN_NAME + value: https://{{em_domain_name}} + - name: OAUTHLIB_INSECURE_TRANSPORT + value: "1" + - name: CI_ADMIN_USER + value: "{{vault_ci_admin_user}}" + - name: CI_ADMIN_MAIL + value: "{{vault_ci_admin_mail}}" + - name: CI_ADMIN_PASSWORD + valueFrom: + secretKeyRef: {name: ci-secret, key: admin_password} + - name: S3_HOST + value: "{{s3_dns_name}}" + - name: S3_PORT + value: "443" + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: {name: em-secret, key: aws_access_key_id} + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: {name: em-secret, key: aws_secret_access_key} +{% if enable_liveness_probes %} + livenessProbe: + httpGet: + path: / + port: 9000 + initialDelaySeconds: 90 + periodSeconds: 15 +{% endif %} + command: ["/app/docker-entrypoint.sh", "/usr/local/bin/uwsgi", "--ini", "/opt/configmaps/settings/uwsgi.ini", "--static-map", "/static=/app/htdocs" {% if devenv is defined %}, "--py-auto-reload" , "3"{% endif %}] + metadata: + labels: + run: ci-uwsgi +{% endif %} diff --git a/ansible/roles/ansible-vvp-templates/templates/deployments/20-cms-uwsgi-deployment.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/deployments/20-cms-uwsgi-deployment.yaml.j2 new file mode 100644 index 0000000..8b601e9 --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/templates/deployments/20-cms-uwsgi-deployment.yaml.j2 @@ -0,0 +1,146 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: cms-uwsgi +spec: + template: + spec: + containers: + - name: cms-uwsgi + image: {{container_uri}}rkt-ice-cms:{{container_tag}} + ports: + - containerPort: 80 + - containerPort: 9000 + env: + - name: ENVIRONMENT + value: "{{ice_environment}}" + - name: SECRET_KEY + valueFrom: + secretKeyRef: {name: cms-secret, key: key} + - name: EMAIL_HOST + value: "{{vault_email_host}}" + - name: EMAIL_HOST_USER + value: "{{vault_email_host_user}}" + - name: EMAIL_PORT + value: "{{email_port|default(25)}}" + - name: EMAIL_HOST_PASSWORD + valueFrom: + secretKeyRef: {name: email-secret, key: password} + - name: PGHOST + value: postgresql + - name: PGPORT + value: "5432" + - name: PGDATABASE + value: "{{cms_postgresql_db|default('icecmsdb')}}" + - name: PGUSER + value: "{{vault_cms_postgresql_user}}" + - name: PGPASSWORD + valueFrom: + secretKeyRef: {name: postgresql-passwords, key: cmsPassword} + - name: ICE_CONTACT_FROM_ADDRESS + value: "{{vault_email_host_user}}" + - name: CMS_NEVERCACHE_KEY + valueFrom: + secretKeyRef: {name: cms-secret, key: nevercache_key} + - name: CMS_APP_USER + valueFrom: + secretKeyRef: {name: cms-secret, key: app_user} + - name: CMS_APP_USER_MAIL + valueFrom: + secretKeyRef: {name: cms-secret, key: app_user_mail} + - name: CMS_APP_USER_PASSWORD + valueFrom: + secretKeyRef: {name: cms-secret, key: app_user_password} + - name: CMS_APP_CLIENT_ID + valueFrom: + secretKeyRef: {name: cms-secret, key: app_client_id} + - name: CMS_APP_CLIENT_SECRET + valueFrom: + secretKeyRef: {name: cms-secret, key: app_client_secret} + - name: STATIC_ROOT + value: "/app/htdocs" + - name: DJANGO_DEBUG_MODE + value: "{{django_debug_mode}}" + - name: S3_HOST + value: "{{s3_dns_name}}" + - name: S3_PORT + value: "443" + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: {name: em-secret, key: aws_access_key_id} + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: {name: em-secret, key: aws_secret_access_key} +{% if enable_liveness_probes %} + livenessProbe: + httpGet: + path: / + port: 9000 + initialDelaySeconds: 30 + periodSeconds: 15 + timeoutSeconds: 10 +{% endif %} + command: ["/docker-entrypoint.sh", "/usr/local/bin/uwsgi", "--ini", "/opt/configmaps/settings/uwsgi.ini", {% if devenv is defined %}"--py-auto-reload" , "3",{% endif %}"--static-map", "/static=/app/htdocs"] + volumeMounts: + - name: settings + mountPath: /opt/configmaps/settings/ + - name: site-crt + mountPath: /opt/secrets/site-crt/ +{% if devenv is defined %} + - name: cms-rsync + mountPath: /srv +{% endif %} + volumes: + - name: settings + configMap: + name: cms-settings + - name: site-crt + secret: + secretName: site-crt +{% if devenv is defined %} + - name: cms-rsync + hostPath: + path: /var/devenv/rkt-ice-cms/django +{% endif %} + metadata: + labels: + run: cms-uwsgi diff --git a/ansible/roles/ansible-vvp-templates/templates/deployments/20-em-uwsgi-deployment.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/deployments/20-em-uwsgi-deployment.yaml.j2 new file mode 100644 index 0000000..8cedd29 --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/templates/deployments/20-em-uwsgi-deployment.yaml.j2 @@ -0,0 +1,162 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: em-uwsgi +spec: + template: + spec: + volumes: +{% if devenv is defined %} + - name: em-rsync + hostPath: + path: /var/devenv/rkt-ice-engagementmgr/django +{% endif %} + - name: site-crt + secret: + secretName: site-crt + - name: em-settings + configMap: + name: em-settings + containers: + - name: em-uwsgi + image: {{container_uri}}rkt-engagementmgr:{{container_tag}} + ports: + - containerPort: 80 + - containerPort: 9000 + volumeMounts: +{% if devenv is defined %} + - name: em-rsync + mountPath: /srv +{% endif %} + - name: em-settings + mountPath: /opt/configmaps/settings/ + - name: site-crt + mountPath: /opt/secrets/site-crt/ + env: + - name: ENVIRONMENT + value: "{{ice_environment}}" + - name: PROGRAM_NAME_URL_PREFIX + value: "ice" + - name: SECRET_KEY + valueFrom: + secretKeyRef: {name: em-secret, key: key} + - name: EMAIL_HOST + value: "{{vault_email_host}}" + - name: EMAIL_HOST_USER + value: "{{vault_email_host_user}}" + - name: EMAIL_PORT + value: "{{email_port|default(25)}}" + - name: EMAIL_HOST_PASSWORD + valueFrom: + secretKeyRef: {name: email-secret, key: password} + - name: PGHOST + value: postgresql + - name: PGPORT + value: "5432" + - name: PGDATABASE + value: icedb + - name: PGUSER + value: "{{vault_em_postgresql_user}}" + - name: PGPASSWORD + valueFrom: + secretKeyRef: {name: postgresql-passwords, key: emPassword} + - name: DOMAIN + value: https://{{domain}} + - name: ICE_EM_DOMAIN_NAME + value: https://{{em_domain_name}} + - name: CONTACT_FROM_ADDRESS + value: "{{vault_email_host_user}}" + - name: OAUTHLIB_INSECURE_TRANSPORT + value: "1" + - name: SECRET_WEBHOOK_TOKEN + valueFrom: + secretKeyRef: {name: em-secret, key: em_webhook_token} + - name: SECRET_GITLAB_AUTH_TOKEN + valueFrom: + secretKeyRef: {name: gitlab-password, key: auth-token} + - name: SECRET_JENKINS_PASSWORD + valueFrom: + secretKeyRef: {name: em-secret, key: jenkins_admin_password} + - name: SECRET_CMS_APP_CLIENT_ID + valueFrom: + secretKeyRef: {name: em-secret, key: cms_app_client_id} + - name: SECRET_CMS_APP_CLIENT_SECRET + valueFrom: + secretKeyRef: {name: em-secret, key: cms_app_client_secret} + - name: STATIC_ROOT + value: "/app/htdocs" + - name: DJANGO_DEBUG_MODE + value: "{{django_debug_mode}}" + - name: SLACK_API_TOKEN + valueFrom: + secretKeyRef: {name: em-secret, key: slack_api_token} + - name: ENGAGEMENTS_CHANNEL + value: "{{engagements_channel | default('')}}" + - name: ENGAGEMENTS_NOTIFICATIONS_CHANNEL + value: "{{engagements_notifications_channel | default('')}}" + - name: DEVOPS_CHANNEL + value: "{{devops_channel | default('')}}" + - name: DEVOPS_NOTIFICATIONS_CHANNEL + value: "{{devops_notifications_channel | default('')}}" + - name: S3_HOST + value: "{{s3_dns_name}}" + - name: S3_PORT + value: "443" + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: {name: em-secret, key: aws_access_key_id} + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: {name: em-secret, key: aws_secret_access_key} +{% if enable_liveness_probes %} + livenessProbe: + httpGet: + path: / + port: 9000 + initialDelaySeconds: {{livenessProbe_initialDelaySeconds.em | default(90)}} + periodSeconds: 15 + timeoutSeconds: 10 +{% endif %} + command: ["/docker-entrypoint.sh", "/usr/local/bin/uwsgi", "--ini", "/opt/configmaps/settings/uwsgi.ini", {% if devenv is defined %}"--py-auto-reload" , "3",{% endif %}"--static-map", "/static=/app/htdocs"] + metadata: + labels: + run: em-uwsgi diff --git a/ansible/roles/ansible-vvp-templates/templates/deployments/20-imagescanner.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/deployments/20-imagescanner.yaml.j2 new file mode 100644 index 0000000..775d341 --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/templates/deployments/20-imagescanner.yaml.j2 @@ -0,0 +1,107 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: imagescanner +spec: + template: + spec: + + containers: + - name: imagescanner-worker + image: {{container_uri}}ice-image-scanner:{{container_tag}} + command: ["/usr/local/bin/imagescanner-worker"] + securityContext: + privileged: true + volumeMounts: + - name: imagescanner-ssh + mountPath: /root/.ssh + - name: dev + mountPath: /dev + - name: logs + mountPath: /var/log/imagescanner + + - name: notifications-worker + image: {{container_uri}}ice-image-scanner:{{container_tag}} + command: ["/usr/local/bin/notifications-worker"] + securityContext: + privileged: true + env: + - name: SLACK_TOKEN + valueFrom: + secretKeyRef: {name: slack-tokens, key: notifications} + - name: DOMAIN + value: "{{em_internal_dns_name}}" + + - name: imagescanner-frontend + image: {{container_uri}}ice-image-scanner:{{container_tag}} + command: ["/usr/local/bin/imagescanner-frontend"] + {# + FIXME: No, the frontend does not require a privileged container. + However, it seems that if you run the frontend container without + this specification in the same pod as the worker, then the worker + loses its privileges! + -#} + securityContext: + privileged: true + ports: + - containerPort: 80 + volumeMounts: + - name: logs + mountPath: /var/log/imagescanner + env: + - name: DEFAULT_SLACK_CHANNEL + value: "#notifications" + + volumes: + - name: imagescanner-ssh + secret: + secretName: imagescanner-ssh + defaultMode: 0600 + - name: dev + hostPath: + path: /dev + - name: logs + emptyDir: {} + + metadata: + labels: + run: imagescanner diff --git a/ansible/roles/ansible-vvp-templates/templates/deployments/20-jenkins-deployment.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/deployments/20-jenkins-deployment.yaml.j2 new file mode 100644 index 0000000..61504f1 --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/templates/deployments/20-jenkins-deployment.yaml.j2 @@ -0,0 +1,89 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: jenkins +spec: + template: + spec: + containers: + - name: jenkins + image: {{container_uri}}rkt-jenkins:{{container_tag}} + ports: + - containerPort: 8080 + volumeMounts: + - name: jenkins-home + mountPath: /var/jenkins_home + - name: jenkins-users-admin + mountPath: /var/jenkins_home/users/admin + - name: jenkins-ssh + mountPath: /var/jenkins_home/.ssh +{% if enable_liveness_probes %} + livenessProbe: + httpGet: + path: /robots.txt + port: 8080 + initialDelaySeconds: 120 + periodSeconds: 15 +{% endif %} + volumes: + - name: jenkins-home + rbd: + monitors: +{% for ip in mon_ips %} + - "{{ ip }}" +{% endfor %} + pool: rbd + image: jenkins + user: admin + secretRef: + name: "ceph-secret" + fsType: xfs + readOnly: false + - name: jenkins-users-admin + secret: + secretName: jenkins-users-admin + - name: jenkins-ssh + secret: + secretName: jenkins-ssh + metadata: + labels: + run: jenkins diff --git a/ansible/roles/ansible-vvp-templates/templates/deployments/30-portal-deployment.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/deployments/30-portal-deployment.yaml.j2 new file mode 100644 index 0000000..f3505e5 --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/templates/deployments/30-portal-deployment.yaml.j2 @@ -0,0 +1,70 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: portal +spec: + replicas: 1 + template: + metadata: + labels: + run: portal + spec: + containers: + - name: portal + image: {{container_uri}}rkt-ice-portal:{{container_tag}} + ports: + - containerPort: 8181 + command: ["nginx", "-g", "daemon off;", "-c", "/tmp/nginx.conf"] + volumeMounts: + - mountPath: /tmp/ + name: portal-nginx-config +{% if devenv is defined %} + - name: portal-rsync + mountPath: /usr/share/nginx/html +{% endif %} + volumes: + - name: portal-nginx-config + configMap: + name: portal-nginx-config + items: + - key: file + path: nginx.conf diff --git a/ansible/roles/ansible-vvp-templates/templates/deployments/40-ext-haproxy-deployment.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/deployments/40-ext-haproxy-deployment.yaml.j2 new file mode 100644 index 0000000..729f98c --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/templates/deployments/40-ext-haproxy-deployment.yaml.j2 @@ -0,0 +1,95 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: ext-haproxy +spec: + replicas: 1 + template: + metadata: + labels: + run: ext-haproxy + spec: + containers: + - name: ext-haproxy + image: haproxy:1.7.2-alpine + ports: + - containerPort: 80 + - containerPort: 22 + - containerPort: 443 + - containerPort: 9001 + env: + - name: HAPROXY_USER + valueFrom: + secretKeyRef: + name: haproxy-auth + key: user + - name: HAPROXY_PASS + valueFrom: + secretKeyRef: + name: haproxy-auth + key: pass +{% if enable_liveness_probes %} + livenessProbe: + httpGet: + path: /haproxy_stats + port: 9001 + httpHeaders: + - name: Authorization + value: Basic {{(vault_haproxy_user+":"+vault_haproxy_pass)|b64encode}} + initialDelaySeconds: 15 + periodSeconds: 15 +{% endif %} + volumeMounts: + - mountPath: /usr/local/etc/haproxy/ + name: ext-haproxy-cfg + - mountPath: /etc/haproxy/ + name: site-pem + volumes: + - name: ext-haproxy-cfg + configMap: + name: ext-haproxy-cfg + items: + - key: file + path: haproxy.cfg + - name: site-pem + secret: + secretName: site-pem diff --git a/ansible/roles/ansible-vvp-templates/templates/deployments/40-int-haproxy-deployments.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/deployments/40-int-haproxy-deployments.yaml.j2 new file mode 100644 index 0000000..bc23c01 --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/templates/deployments/40-int-haproxy-deployments.yaml.j2 @@ -0,0 +1,89 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: int-haproxy +spec: + replicas: 1 + template: + metadata: + labels: + run: int-haproxy + spec: + containers: + - name: int-haproxy + image: haproxy:1.7.2-alpine + ports: + - containerPort: 80 + - containerPort: 8080 + - containerPort: 9000 + env: + - name: HAPROXY_USER + valueFrom: + secretKeyRef: + name: haproxy-auth + key: user + - name: HAPROXY_PASS + valueFrom: + secretKeyRef: + name: haproxy-auth + key: pass +{% if enable_liveness_probes %} + livenessProbe: + httpGet: + path: /haproxy_stats + port: 9000 + httpHeaders: + - name: Authorization + value: Basic {{(vault_haproxy_user+":"+vault_haproxy_pass)|b64encode}} + initialDelaySeconds: 15 + periodSeconds: 15 +{% endif %} + volumeMounts: + - mountPath: /usr/local/etc/haproxy/ + name: int-haproxy-cfg + volumes: + - name: int-haproxy-cfg + configMap: + name: int-haproxy-cfg + items: + - key: file + path: haproxy.cfg diff --git a/ansible/roles/ansible-vvp-templates/templates/secrets/ceph-secret.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/secrets/ceph-secret.yaml.j2 new file mode 100644 index 0000000..a0480ec --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/templates/secrets/ceph-secret.yaml.j2 @@ -0,0 +1,46 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +apiVersion: v1 +kind: Secret +metadata: + name: ceph-secret +type: "kubernetes.io/rbd" +data: + key: "{{ ceph_key | b64encode }}" diff --git a/ansible/roles/ansible-vvp-templates/templates/secrets/ci-secret.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/secrets/ci-secret.yaml.j2 new file mode 100644 index 0000000..dae5191 --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/templates/secrets/ci-secret.yaml.j2 @@ -0,0 +1,48 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +{% if ice_environment != 'production' %} +--- +apiVersion: v1 +kind: Secret +metadata: + name: ci-secret +type: Opaque +data: + admin_password: "{{vault_ci_admin_password | b64encode}}" +{% endif %}
\ No newline at end of file diff --git a/ansible/roles/ansible-vvp-templates/templates/secrets/cms-secret.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/secrets/cms-secret.yaml.j2 new file mode 100644 index 0000000..38c528c --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/templates/secrets/cms-secret.yaml.j2 @@ -0,0 +1,52 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +apiVersion: v1 +kind: Secret +metadata: + name: cms-secret +type: Opaque +data: + key: "{{ vault_cms_secret_key | b64encode }}" + app_user: "{{vault_cms_app_user | b64encode}}" + app_user_mail: "{{vault_cms_app_user_mail | b64encode}}" + app_user_password: "{{vault_cms_app_user_password | b64encode}}" + app_client_id: "{{vault_cms_app_client_id | b64encode}}" + app_client_secret: "{{vault_cms_app_client_secret | b64encode}}" + nevercache_key: "{{vault_cms_nevercache_key | b64encode}}" diff --git a/ansible/roles/ansible-vvp-templates/templates/secrets/em-secret.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/secrets/em-secret.yaml.j2 new file mode 100644 index 0000000..56cbb30 --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/templates/secrets/em-secret.yaml.j2 @@ -0,0 +1,54 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +apiVersion: v1 +kind: Secret +metadata: + name: em-secret +type: Opaque +data: + key: "{{ vault_em_secret_key | b64encode }}" + em_webhook_token: "{{ vault_engagementmgr_webhook_token | b64encode }}" + gitlab_admin_password: "{{ vault_gitlab_admin_password | b64encode }}" + jenkins_admin_password: "{{ vault_jenkins_admin_password | b64encode }}" + cms_app_client_id: "{{vault_cms_app_client_id | b64encode}}" + cms_app_client_secret: "{{vault_cms_app_client_secret | b64encode}}" + slack_api_token: "{{( vault_slack_api_token | default('') ) | b64encode}}" + aws_access_key_id: "{{ vault_aws_access_key_id | b64encode }}" + aws_secret_access_key: "{{ vault_aws_secret_access_key | b64encode }}" diff --git a/ansible/roles/ansible-vvp-templates/templates/secrets/email-secret.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/secrets/email-secret.yaml.j2 new file mode 100644 index 0000000..29d1319 --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/templates/secrets/email-secret.yaml.j2 @@ -0,0 +1,46 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +apiVersion: v1 +kind: Secret +metadata: + name: email-secret +type: Opaque +data: + password: "{{vault_email_host_password | b64encode }}" diff --git a/ansible/roles/ansible-vvp-templates/templates/secrets/gitlab-password-secret.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/secrets/gitlab-password-secret.yaml.j2 new file mode 100644 index 0000000..3621b45 --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/templates/secrets/gitlab-password-secret.yaml.j2 @@ -0,0 +1,47 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +apiVersion: v1 +kind: Secret +metadata: + name: gitlab-password +type: Opaque +data: + password: "{{ vault_gitlab_admin_password | b64encode }}" + auth-token: "{{ vault_gitlab_authentication_token | b64encode }}" diff --git a/ansible/roles/ansible-vvp-templates/templates/secrets/haproxy-auth-secret.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/secrets/haproxy-auth-secret.yaml.j2 new file mode 100644 index 0000000..c1a8fe1 --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/templates/secrets/haproxy-auth-secret.yaml.j2 @@ -0,0 +1,47 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +apiVersion: v1 +kind: Secret +metadata: + name: haproxy-auth +type: Opaque +data: + user: "{{ vault_haproxy_user | b64encode }}" + pass: "{{ vault_haproxy_pass | b64encode }}" diff --git a/ansible/roles/ansible-vvp-templates/templates/secrets/imagescanner-ssh-secret.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/secrets/imagescanner-ssh-secret.yaml.j2 new file mode 100644 index 0000000..0028baf --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/templates/secrets/imagescanner-ssh-secret.yaml.j2 @@ -0,0 +1,50 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +kind: Secret +apiVersion: v1 +metadata: + name: imagescanner-ssh + namespace: default +type: Opaque +data: + # FIXME the imagescanner really should have its own private key, but then we + # have to adjust the gitlab wrapper script to set two public keys as + # deploykeys. + id_ed25519: "{{vault_jenkins_deploy_key|b64encode}}" diff --git a/ansible/roles/ansible-vvp-templates/templates/secrets/jenkins-admin-secret.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/secrets/jenkins-admin-secret.yaml.j2 new file mode 100644 index 0000000..c44d898 --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/templates/secrets/jenkins-admin-secret.yaml.j2 @@ -0,0 +1,47 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +kind: Secret +apiVersion: v1 +metadata: + name: jenkins-users-admin + namespace: default +type: Opaque +data: + config.xml: "{{jenkins_admin_config_xml|b64encode}}" diff --git a/ansible/roles/ansible-vvp-templates/templates/secrets/jenkins-deploykey-secret.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/secrets/jenkins-deploykey-secret.yaml.j2 new file mode 100644 index 0000000..4dee827 --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/templates/secrets/jenkins-deploykey-secret.yaml.j2 @@ -0,0 +1,47 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +kind: Secret +apiVersion: v1 +metadata: + name: jenkins-deploykey + namespace: default +type: Opaque +data: + deploykey.pub: "{{vault_jenkins_deploy_key_pub|b64encode}}" diff --git a/ansible/roles/ansible-vvp-templates/templates/secrets/jenkins-ssh-secret.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/secrets/jenkins-ssh-secret.yaml.j2 new file mode 100644 index 0000000..633e1ae --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/templates/secrets/jenkins-ssh-secret.yaml.j2 @@ -0,0 +1,51 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +kind: Secret +apiVersion: v1 +metadata: + name: jenkins-ssh + namespace: default +type: Opaque +data: + # .ssh/config isn't really a secret, but it's the easiest way to get it into + # the same directory as the key + config: > + SG9zdCAqClVzZXJLbm93bkhvc3RzRmlsZSAvZGV2L251bGwKU3RyaWN0SG9zdEtleUNoZWNraW5nIG5vCklkZW50aXR5RmlsZSAiL3Zhci9qZW5raW5zX2hvbWUvLnNzaC9pZF9lZDI1NTE5Igo= + id_ed25519: "{{vault_jenkins_deploy_key|b64encode}}" diff --git a/ansible/roles/ansible-vvp-templates/templates/secrets/postgresql-passwords-secret.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/secrets/postgresql-passwords-secret.yaml.j2 new file mode 100644 index 0000000..03f1d9e --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/templates/secrets/postgresql-passwords-secret.yaml.j2 @@ -0,0 +1,50 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +apiVersion: v1 +kind: Secret +metadata: + name: postgresql-passwords +type: Opaque +data: + emPassword: "{{ vault_em_postgresql_password | b64encode }}" + cmsPassword: "{{vault_cms_postgresql_password | b64encode}}" +{% if ice_environment != 'production' %} + ciPassword: "{{vault_ci_postgresql_password | b64encode}}" +{% endif %} diff --git a/ansible/roles/ansible-vvp-templates/templates/secrets/site-crt-secret.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/secrets/site-crt-secret.yaml.j2 new file mode 100644 index 0000000..f529dcf --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/templates/secrets/site-crt-secret.yaml.j2 @@ -0,0 +1,47 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +apiVersion: v1 +kind: Secret +metadata: + name: site-crt +type: Opaque +data: + # the public part of the certificate, not actually a secret. + site.crt: "{{ site_pem_cert | b64encode }}" diff --git a/ansible/roles/ansible-vvp-templates/templates/secrets/site-pem-secret.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/secrets/site-pem-secret.yaml.j2 new file mode 100644 index 0000000..d045770 --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/templates/secrets/site-pem-secret.yaml.j2 @@ -0,0 +1,46 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +apiVersion: v1 +kind: Secret +metadata: + name: site-pem +type: Opaque +data: + site.pem: "{{ site_pem | b64encode }}" diff --git a/ansible/roles/ansible-vvp-templates/templates/secrets/slack-tokens-secret.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/secrets/slack-tokens-secret.yaml.j2 new file mode 100644 index 0000000..ae9f29d --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/templates/secrets/slack-tokens-secret.yaml.j2 @@ -0,0 +1,46 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +apiVersion: v1 +kind: Secret +metadata: + name: slack-tokens +type: Opaque +data: + notifications: "{{( vault_slack_tokens.notifications | default('') ) | b64encode}}" diff --git a/ansible/roles/ansible-vvp-templates/templates/services/haproxy-service.yaml.j2 b/ansible/roles/ansible-vvp-templates/templates/services/haproxy-service.yaml.j2 new file mode 100644 index 0000000..a1b6cd4 --- /dev/null +++ b/ansible/roles/ansible-vvp-templates/templates/services/haproxy-service.yaml.j2 @@ -0,0 +1,105 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +apiVersion: v1 +kind: Service +metadata: + name: ext-haproxy + labels: + run: ext-haproxy +spec: + ports: + - port: 80 + protocol: TCP + name: web + - port: 443 + protocol: TCP + name: ssl + - port: 22 + protocol: TCP + name: ssh + - port: 9000 + protocol: TCP + name: stats + externalIPs: +{% for ip in external_ips %} + - "{{ ip }}" +{% endfor %} + selector: + run: ext-haproxy +--- +apiVersion: v1 +kind: Service +metadata: + name: int-haproxy + labels: + run: int-haproxy +spec: + ports: + - port: 80 + protocol: TCP + name: web + - port: 8080 + protocol: TCP + name: jenkins + - port: 9000 + protocol: TCP + name: stats + externalIPs: +{% for ip in internal_ips %} + - "{{ ip }}" +{% endfor %} + selector: + run: int-haproxy +--- +apiVersion: v1 +kind: Service +metadata: + name: ext-haproxy-stats + labels: + run: ext-haproxy-stats +spec: + ports: + - port: 9001 + protocol: TCP + name: stats + externalIPs: + - "{{ internal_ips[0] }}" + selector: + run: ext-haproxy |