aboutsummaryrefslogtreecommitdiffstats
path: root/ansible/roles/ansible-vvp-bootstrap/tasks/matchbox.yml
diff options
context:
space:
mode:
Diffstat (limited to 'ansible/roles/ansible-vvp-bootstrap/tasks/matchbox.yml')
-rwxr-xr-xansible/roles/ansible-vvp-bootstrap/tasks/matchbox.yml137
1 files changed, 137 insertions, 0 deletions
diff --git a/ansible/roles/ansible-vvp-bootstrap/tasks/matchbox.yml b/ansible/roles/ansible-vvp-bootstrap/tasks/matchbox.yml
new file mode 100755
index 0000000..7e4ea87
--- /dev/null
+++ b/ansible/roles/ansible-vvp-bootstrap/tasks/matchbox.yml
@@ -0,0 +1,137 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+- name: Create assets directory
+ file: path="{{coreos_assets_dir}}" state=directory mode="0755"
+ tags:
+ - bootstrap
+ - matchbox
+
+- name: Download PXE image
+ get_url: url="http://{{coreos_channel}}.release.core-os.net/amd64-usr/{{coreos_version}}/{{item}}" dest="{{coreos_assets_dir}}/{{item}}"
+ with_items:
+ - "coreos_production_pxe.vmlinuz"
+ - "coreos_production_pxe.vmlinuz.sig"
+ - "coreos_production_pxe_image.cpio.gz"
+ - "coreos_production_pxe_image.cpio.gz.sig"
+ - "coreos_production_image.bin.bz2"
+ - "coreos_production_image.bin.bz2.sig"
+ tags:
+ - bootstrap
+ - matchbox
+
+- name: Retrieve the signing key
+ get_url: url="https://coreos.com/security/image-signing-key/CoreOS_Image_Signing_Key.asc" dest="{{coreos_assets_dir}}/CoreOS_Image_Signing_Key.asc"
+ tags:
+ - bootstrap
+ - matchbox
+
+- name: Import signing key
+ command: "gpg --import {{coreos_assets_dir}}/CoreOS_Image_Signing_Key.asc"
+ tags:
+ - bootstrap
+ - matchbox
+
+- name: Adding trust for CoreOS Signing key
+ command: 'echo "04126D0BFABEC8871FFB2CCE50E0885593D2DCB4:6:" | gpg --import-ownertrust'
+ tags:
+ - bootstrap
+ - matchbox
+
+- name: Verifying vmlinuz
+ command: "gpg --verify {{coreos_assets_dir}}/{{item}}"
+ with_items:
+ - "coreos_production_pxe.vmlinuz.sig"
+ - "coreos_production_pxe_image.cpio.gz.sig"
+ tags:
+ - bootstrap
+ - matchbox
+
+
+- name: Create matchbox directory
+ file: path="{{matchbox_dir}}" state=directory mode=0754
+ tags:
+ - bootstrap
+ - matchbox
+
+- name: Create groups, profiles and ignition directories
+ file: path="{{matchbox_dir}}/{{item}}" state=directory mode=0754
+ with_items:
+ - groups
+ - profiles
+ - ignition
+
+- name: matchbox k7 groups templates
+ template:
+ src: "groups/group.json.j2"
+ dest: "{{matchbox_dir}}/groups/{{item.name}}.json"
+ with_items: "{{hosts}}"
+ when: item.os == "coreos"
+
+- name: Allow Inbound 8080 web requests
+ shell: iptables -A INPUT -p udp --dport 8080 -i {{ops_management_interface}} -j ACCEPT
+
+- name: Allow Outbound 8080 web replies
+ shell: iptables -A OUTPUT -p udp --sport 8080 -o {{ops_management_interface}} -j ACCEPT
+
+- name: Create TLS assets directory
+ file: path="{{assets_dir}}/tls" state=directory mode=643
+
+- name: matchbox k8 other templates
+ template:
+ src: "{{item}}.j2"
+ dest: "{{matchbox_dir}}/{{item}}"
+ with_items:
+ - groups/install.json
+ - profiles/controller.json
+ - profiles/worker.json
+ - profiles/install-reboot.json
+ - ignition/controller.yaml
+ - ignition/coreos-install.yaml
+ - ignition/worker.yaml
+
+- name: Is matchbox already running?
+ shell: docker ps | grep matchbox | awk '{ print $1 }'
+ register: matchbox_id
+
+- name: Kill matchbox!
+ shell: docker kill {{matchbox_id.stdout}}
+ when: matchbox_id.stdout != ""
+
+- name: matchbox docker
+ command: docker run -d -p {{ops_management_ip}}:8080:8080 -v {{assets_dir}}:/assets:Z -v {{matchbox_dir}}:/var/lib/matchbox:Z quay.io/coreos/matchbox:v0.5.0 -address=0.0.0.0:8080 -log-level=debug -assets-path=/assets