1 # Copyright 2020 Huawei Technologies Co., Ltd.
3 # Licensed under the Apache License, Version 2.0 (the "License");
4 # you may not use this file except in compliance with the License.
5 # You may obtain a copy of the License at
7 # http://www.apache.org/licenses/LICENSE-2.0
9 # Unless required by applicable law or agreed to in writing, software
10 # distributed under the License is distributed on an "AS IS" BASIS,
11 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 # See the License for the specific language governing permissions and
13 # limitations under the License.
18 - name: Doing deployment setup for edge gallery
23 - name: Import config file
25 file: ../../../config.yml
28 - name: Remove old dir
29 command: rm -rf /tmp/.mep_tmp_cer
34 command: mkdir -p /tmp/.mep_tmp_cer
38 - name: Openssl genrsa
39 command: openssl genrsa -out ca.key 2048
41 chdir: /tmp/.mep_tmp_cer/
44 # yamllint disable rule:line-length
45 command: openssl req -new -key ca.key -subj /C=CN/ST=Peking/L=Beijing/O=edgegallery/CN=edgegallery -out ca.csr
46 # yamllint disable rule:line-length
48 chdir: /tmp/.mep_tmp_cer/
50 - name: Sing key with ca key and ca crt
51 # yamllint disable rule:line-length
52 command: openssl x509 -req -days 365 -in ca.csr -extensions v3_ca -signkey ca.key -out ca.crt
53 # yamllint disable rule:line-length
55 chdir: /tmp/.mep_tmp_cer/
57 - name: Openssl genrsa
58 command: openssl genrsa -out mepserver_tls.key 2048
60 chdir: /tmp/.mep_tmp_cer/
62 - name: Openssl rsa mep tls
63 # yamllint disable rule:line-length
64 command: openssl rsa -in mepserver_tls.key -aes256 -passout pass:{{ vardata.secret_pwd.name}} -out mepserver_encryptedtls.key
65 # yamllint disable rule:line-length
67 chdir: /tmp/.mep_tmp_cer/
69 - name: Openssl req new key mepserver tls key
70 # yamllint disable rule:line-length
71 command: openssl req -new -key mepserver_tls.key -subj /C=CN/ST=Beijing/L=Beijing/O=edgegallery/CN=edgegallery -out mepserver_tls.csr
72 # yamllint disable rule:line-length
74 chdir: /tmp/.mep_tmp_cer/
76 - name: Openssl mepserver tls csr
77 # yamllint disable rule:line-length
78 command: openssl x509 -req -in mepserver_tls.csr -extensions v3_req -CA ca.crt -CAkey ca.key -CAcreateserial -out mepserver_tls.crt
79 # yamllint disable rule:line-length
81 chdir: /tmp/.mep_tmp_cer/
83 - name: Openssl genrsa out
84 command: openssl genrsa -out jwt_privatekey 2048
86 chdir: /tmp/.mep_tmp_cer/
88 - name: Openssl rsa jwt privatekey
89 command: openssl rsa -in jwt_privatekey -pubout -out jwt_publickey
91 chdir: /tmp/.mep_tmp_cer/
93 - name: Openssl rsa in jwt
94 # yamllint disable rule:line-length
95 command: openssl rsa -in jwt_privatekey -aes256 -passout pass:{{ vardata.secret_pwd.name}} -out jwt_encrypted_privatekey
96 # yamllint disable rule:line-length
98 chdir: /tmp/.mep_tmp_cer/
100 - name: Create mep namespace
101 command: kubectl create ns mep
105 - name: Create generic pg secret
106 # yamllint disable rule:line-length
107 command: kubectl -n mep create secret generic pg-secret --from-literal=pg_admin_pwd={{ vardata.secret_pwd.name}} --from-literal=kong_pg_pwd={{ vardata.secret_pwd.name}}
108 --from-file=server.key=/tmp/.mep_tmp_cer/mepserver_tls.key --from-file=server.crt=/tmp/.mep_tmp_cer/mepserver_tls.crt
109 # yamllint disable rule:line-length
113 - name: Create mep generic for mep ssl
114 # yamllint disable rule:line-length
115 command: kubectl -n mep create secret generic mep-ssl --from-literal=cert_pwd={{ vardata.secret_pwd.name}} --from-file=server.cer=/tmp/.mep_tmp_cer/mepserver_tls.crt
116 --from-file=server_key.pem=/tmp/.mep_tmp_cer/mepserver_encryptedtls.key --from-file=trust.cer=/tmp/.mep_tmp_cer/ca.crt
117 # yamllint disable rule:line-length
121 - name: Create mep seret generic
122 # yamllint disable rule:line-length
123 command: kubectl -n mep create secret generic mepauth-secret --from-file=server.crt=/tmp/.mep_tmp_cer/mepserver_tls.crt --from-file=server.key=/tmp/.mep_tmp_cer/mepserver_tls.key
124 --from-file=ca.crt=/tmp/.mep_tmp_cer/ca.crt --from-file=jwt_publickey=/tmp/.mep_tmp_cer/jwt_publickey --from-file=jwt_encrypted_privatekey=/tmp/.mep_tmp_cer/jwt_encrypted_privatekey
125 # yamllint disable rule:line-length
129 - name: Remove directory
130 command: rm -rf /tmp/.mep_tmp_cer
135 msg: Deploy_dns_metallb execution start
137 - name: Eg_Mep deployment execution of namesapce
138 command: kubectl apply -f /tmp/eg_mep/deploy/conf/edge/metallb/namespace.yaml
140 chdir: /tmp/eg_mep/deploy/
142 - name: Eg_Mep deployment execution of metallb
143 command: kubectl apply -f /tmp/eg_mep/deploy/conf/edge/metallb/metallb.yaml
145 chdir: /tmp/eg_mep/deploy/
147 - name: Eg_Mep deployment create secret
148 # yamllint disable rule:line-length
149 command: kubectl create secret generic -n metallb-system memberlist --from-literal=secretkey="$(openssl rand -base64 128)"
150 # yamllint disable rule:line-length
152 chdir: /tmp/eg_mep/deploy/
154 - name: Eg_Mep deployment execution of config-mep
155 command: kubectl apply -f /tmp/eg_mep/deploy/conf/edge/metallb/config-map.yaml
157 chdir: /tmp/eg_mep/deploy/
160 msg: Deploy_network_isolation_multus execution start
162 - name: Running multus yaml files
163 command: kubectl apply -f /tmp/eg_mep/deploy/conf/edge/network-isolation/multus.yaml
165 chdir: /tmp/eg_mep/deploy/
167 - name: Running eg-sp-rbac yaml files
168 command: kubectl apply -f /tmp/eg_mep/deploy/conf/edge/network-isolation/eg-sp-rbac.yaml
170 chdir: /tmp/eg_mep/deploy/
172 - name: Replacing image
174 path: /tmp/eg_mep/deploy/conf/edge/network-isolation/eg-sp-controller.yaml
175 regexp: 'edgegallery/edgegallery-secondary-ep-controller:latest'
176 replace: "swr.ap-southeast-1.myhuaweicloud.com/edgegallery/edgegallery-secondary-ep-controller:latest"
178 - name: Running eg-sp-controller yaml files
179 # yamllint disable rule:line-length
180 command: kubectl apply -f /tmp/eg_mep/deploy/conf/edge/network-isolation/eg-sp-controller.yaml
182 chdir: /tmp/eg_mep/deploy/
185 msg: Setup_interfaces execution start
187 - name: Link eg mep macvlan
188 # yamllint disable rule:line-length
189 command: ip link add eg-mp1 link {{ vardata.edge_management_interface.name}} type macvlan mode bridge
191 chdir: /tmp/eg_mep/deploy/
195 - name: Link eg mep macvlan
196 command: ip addr add {{ vardata.eg-mp1-address.name}} dev eg-mp1
198 chdir: /tmp/eg_mep/deploy/
202 - name: Link eg me1 up
203 command: ip link set dev eg-mp1 up
205 chdir: /tmp/eg_mep/deploy/
209 - name: Link eg eg mm5 with eth1
210 # yamllint disable rule:line-length
211 command: ip link add eg-mm5 link {{ vardata.edge_dataplane_interface.name}} type macvlan mode bridge
213 chdir: /tmp/eg_mep/deploy/
217 - name: Link eg eg mm5 ip addr
218 command: ip addr add {{ vardata.eg-mm5-address.name}} dev eg-mm5
220 chdir: /tmp/eg_mep/deploy/
224 - name: Link eg eg mm5 set dev
225 command: ip link set dev eg-mm5 up
227 chdir: /tmp/eg_mep/deploy/
232 msg: Pull helm repo start
234 - name: Edge gallery mep installation pull chart and image
235 # yamllint disable rule:line-length
236 command: helm install mep-edgegallery edgegallery/mep --set networkIsolation.phyInterface.mp1={{ vardata.edge_management_interface.name}} --set networkIsolation.phyInterface.mm5={{ vardata.edge_dataplane_interface.name}} --set images.mep.tag={{ vardata.eg_image_tag.name}} --set images.mepauth.tag={{ vardata.eg_image_tag.name}} --set images.dns.tag={{ vardata.eg_image_tag.name}} --set ssl.secretName=mep-ssl
237 # yamllint disable rule:line-length