1 # Copyright 2020 Huawei Technologies Co., Ltd.
3 # Licensed under the Apache License, Version 2.0 (the "License");
4 # you may not use this file except in compliance with the License.
5 # You may obtain a copy of the License at
7 # http://www.apache.org/licenses/LICENSE-2.0
9 # Unless required by applicable law or agreed to in writing, software
10 # distributed under the License is distributed on an "AS IS" BASIS,
11 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 # See the License for the specific language governing permissions and
13 # limitations under the License.
18 - name: Doing deployment setup for edge gallery
23 - name: Import config file
25 file: ../../../config.yml
28 - name: Set a variable
29 ansible.builtin.set_fact:
30 comm_pwd: "{{ vardata.common_pwd.name }}"
32 - name: Remove old dir
33 command: rm -rf /tmp/.mep_tmp_cer
38 command: mkdir -p /tmp/.mep_tmp_cer
42 - name: Openssl genrsa
43 command: openssl genrsa -out ca.key 2048
45 chdir: /tmp/.mep_tmp_cer/
48 # yamllint disable rule:line-length
49 command: openssl req -new -key ca.key -subj /C=CN/ST=Peking/L=Beijing/O=edgegallery/CN=edgegallery -out ca.csr
50 # yamllint disable rule:line-length
52 chdir: /tmp/.mep_tmp_cer/
54 - name: Sing key with ca key and ca crt
55 # yamllint disable rule:line-length
56 command: openssl x509 -req -days 365 -in ca.csr -extensions v3_ca -signkey ca.key -out ca.crt
57 # yamllint disable rule:line-length
59 chdir: /tmp/.mep_tmp_cer/
61 - name: Openssl genrsa
62 command: openssl genrsa -out mepserver_tls.key 2048
64 chdir: /tmp/.mep_tmp_cer/
66 - name: Openssl rsa mep tls with common pwd
67 # yamllint disable rule:line-length
68 command: openssl rsa -in /tmp/.mep_tmp_cer/mepserver_tls.key -aes256 -passout pass:{{ vardata.common_pwd.name}} -out /tmp/.mep_tmp_cer/mepserver_encryptedtls.key
69 # yamllint disable rule:line-length
72 - name: Openssl rsa mep tls
73 # yamllint disable rule:line-length
74 command: openssl rsa -in /tmp/.mep_tmp_cer/mepserver_tls.key -aes256 -passout pass:{{ vardata.mep_cert_pwd.name}} -out /tmp/.mep_tmp_cer/mepserver_encryptedtls.key
75 # yamllint disable rule:line-length
78 - name: Openssl req new key mepserver tls key
79 # yamllint disable rule:line-length
80 command: openssl req -new -key mepserver_tls.key -subj /C=CN/ST=Beijing/L=Beijing/O=edgegallery/CN=edgegallery -out mepserver_tls.csr
81 # yamllint disable rule:line-length
83 chdir: /tmp/.mep_tmp_cer/
85 - name: Openssl mepserver tls csr
86 # yamllint disable rule:line-length
87 command: openssl x509 -req -in mepserver_tls.csr -extensions v3_req -CA ca.crt -CAkey ca.key -CAcreateserial -out mepserver_tls.crt
88 # yamllint disable rule:line-length
90 chdir: /tmp/.mep_tmp_cer/
92 - name: Openssl genrsa out
93 command: openssl genrsa -out jwt_privatekey 2048
95 chdir: /tmp/.mep_tmp_cer/
97 - name: Openssl rsa jwt privatekey
98 command: openssl rsa -in jwt_privatekey -pubout -out jwt_publickey
100 chdir: /tmp/.mep_tmp_cer/
102 - name: Openssl rsa in jwt with common pwd
103 # yamllint disable rule:line-length
104 command: openssl rsa -in /tmp/.mep_tmp_cer/jwt_privatekey -aes256 -passout pass:{{ vardata.common_pwd.name}} -out /tmp/.mep_tmp_cer/jwt_encrypted_privatekey
107 # yamllint disable rule:line-length
110 - name: Openssl rsa in jwt
111 # yamllint disable rule:line-length
112 command: openssl rsa -in /tmp/.mep_tmp_cer/jwt_privatekey -aes256 -passout pass:{{ vardata.mep_cert_pwd.name}} -out /tmp/.mep_tmp_cer/jwt_encrypted_privatekey
113 # yamllint disable rule:line-length
118 - name: Create mep namespace
119 command: kubectl create ns mep
123 - name: Create generic pg secret with common pwd
124 # yamllint disable rule:line-length
125 command: kubectl -n mep create secret generic pg-secret --from-literal=pg_admin_pwd={{ vardata.common_pwd.name}} --from-literal=kong_pg_pwd={{ vardata.mep_kong_pg_pwd.name}}
126 --from-file=server.key=/tmp/.mep_tmp_cer/mepserver_tls.key --from-file=server.crt=/tmp/.mep_tmp_cer/mepserver_tls.crt
129 # yamllint disable rule:line-length
132 - name: Create generic pg secret
133 # yamllint disable rule:line-length
134 command: kubectl -n mep create secret generic pg-secret --from-literal=pg_admin_pwd={{ vardata.mep_pg_admin_pwd.name}} --from-literal=kong_pg_pwd={{ vardata.mep_kong_pg_pwd.name}}
135 --from-file=server.key=/tmp/.mep_tmp_cer/mepserver_tls.key --from-file=server.crt=/tmp/.mep_tmp_cer/mepserver_tls.crt
138 # yamllint disable rule:line-length
141 - name: Create mep generic for mep ssl with common pwd
142 # yamllint disable rule:line-length
143 command: kubectl -n mep create secret generic mep-ssl --from-literal=cert_pwd={{ vardata.common_pwd.name}} --from-file=server.cer=/tmp/.mep_tmp_cer/mepserver_tls.crt
144 --from-file=server_key.pem=/tmp/.mep_tmp_cer/mepserver_encryptedtls.key --from-file=trust.cer=/tmp/.mep_tmp_cer/ca.crt
147 # yamllint disable rule:line-length
150 - name: Create mep generic for mep ssl
151 # yamllint disable rule:line-length
152 command: kubectl -n mep create secret generic mep-ssl --from-literal=cert_pwd={{ vardata.mep_cert_pwd.name}} --from-file=server.cer=/tmp/.mep_tmp_cer/mepserver_tls.crt
153 --from-file=server_key.pem=/tmp/.mep_tmp_cer/mepserver_encryptedtls.key --from-file=trust.cer=/tmp/.mep_tmp_cer/ca.crt
154 # yamllint disable rule:line-length
157 - name: Create mep seret generic
158 # yamllint disable rule:line-length
159 command: kubectl -n mep create secret generic mepauth-secret --from-file=server.crt=/tmp/.mep_tmp_cer/mepserver_tls.crt --from-file=server.key=/tmp/.mep_tmp_cer/mepserver_tls.key
160 --from-file=ca.crt=/tmp/.mep_tmp_cer/ca.crt --from-file=jwt_publickey=/tmp/.mep_tmp_cer/jwt_publickey --from-file=jwt_encrypted_privatekey=/tmp/.mep_tmp_cer/jwt_encrypted_privatekey
161 # yamllint disable rule:line-length
165 - name: Remove directory
166 command: rm -rf /tmp/.mep_tmp_cer
171 msg: Deploy_dns_metallb execution start
173 - name: Eg_Mep deployment execution of namesapce
174 command: kubectl apply -f /tmp/eg_mep/deploy/conf/edge/metallb/namespace.yaml
176 chdir: /tmp/eg_mep/deploy/
178 - name: Eg_Mep deployment execution of metallb
179 command: kubectl apply -f /tmp/eg_mep/deploy/conf/edge/metallb/metallb.yaml
181 chdir: /tmp/eg_mep/deploy/
183 - name: Eg_Mep deployment create secret
184 # yamllint disable rule:line-length
185 command: kubectl create secret generic -n metallb-system memberlist --from-literal=secretkey="$(openssl rand -base64 128)"
186 # yamllint disable rule:line-length
188 chdir: /tmp/eg_mep/deploy/
190 - name: Eg_Mep deployment execution of config-mep
191 command: kubectl apply -f /tmp/eg_mep/deploy/conf/edge/metallb/config-map.yaml
193 chdir: /tmp/eg_mep/deploy/
196 msg: Deploy_network_isolation_multus execution start
198 - name: Running multus yaml files
199 command: kubectl apply -f /tmp/eg_mep/deploy/conf/edge/network-isolation/multus.yaml
201 chdir: /tmp/eg_mep/deploy/
203 - name: Running eg-sp-rbac yaml files
204 command: kubectl apply -f /tmp/eg_mep/deploy/conf/edge/network-isolation/eg-sp-rbac.yaml
206 chdir: /tmp/eg_mep/deploy/
208 - name: Replacing image
210 path: /tmp/eg_mep/deploy/conf/edge/network-isolation/eg-sp-controller.yaml
211 regexp: 'edgegallery/edgegallery-secondary-ep-controller:latest'
212 replace: "{{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/edgegallery-secondary-ep-controller:latest"
214 - name: Running eg-sp-controller yaml files
215 # yamllint disable rule:line-length
216 command: kubectl apply -f /tmp/eg_mep/deploy/conf/edge/network-isolation/eg-sp-controller.yaml
218 chdir: /tmp/eg_mep/deploy/
221 msg: Setup_interfaces execution start
223 - name: Link eg mep macvlan
224 # yamllint disable rule:line-length
225 command: ip link add eg-mp1 link {{ vardata.edge_management_interface.name}} type macvlan mode bridge
227 chdir: /tmp/eg_mep/deploy/
231 - name: Link eg mep macvlan
232 command: ip addr add {{ vardata.eg-management-address.name}} dev eg-mp1
234 chdir: /tmp/eg_mep/deploy/
238 - name: Link eg me1 up
239 command: ip link set dev eg-mp1 up
241 chdir: /tmp/eg_mep/deploy/
245 - name: Link eg eg mm5 with eth1
246 # yamllint disable rule:line-length
247 command: ip link add eg-mm5 link {{ vardata.edge_dataplane_interface.name}} type macvlan mode bridge
249 chdir: /tmp/eg_mep/deploy/
253 - name: Link eg eg mm5 ip addr
254 command: ip addr add {{ vardata.eg-dataplane-address.name}} dev eg-mm5
256 chdir: /tmp/eg_mep/deploy/
260 - name: Link eg eg mm5 set dev
261 command: ip link set dev eg-mm5 up
263 chdir: /tmp/eg_mep/deploy/
268 msg: Pull helm repo start
270 - name: Edge gallery mep installation pull chart and image
271 # yamllint disable rule:line-length
272 command: helm install mep-edgegallery edgegallery/mep --set networkIsolation.phyInterface.mp1={{ vardata.edge_management_interface.name}} --set networkIsolation.phyInterface.mm5={{ vardata.edge_dataplane_interface.name}} --set images.mep.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/mep --set images.mepauth.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/mepauth --set images.dns.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/mep-dns-server --set images.kong.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/kong --set images.postgres.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/postgres --set images.mep.tag={{ vardata.eg_image_tag.name}} --set images.mepauth.tag={{ vardata.eg_image_tag.name}} --set images.dns.tag={{ vardata.eg_image_tag.name}} --set images.mep.pullPolicy=IfNotPresent --set images.mepauth.pullPolicy=IfNotPresent --set images.dns.pullPolicy=IfNotPresent --set images.kong.pullPolicy=IfNotPresent --set images.postgres.pullPolicy=IfNotPresent --set ssl.secretName=mep-ssl
273 # yamllint disable rule:line-length