-#
# Copyright 2020 Huawei Technologies Co., Ltd.
#
# Licensed under the Apache License, Version 2.0 (the "License");
src: deploy
dest: /tmp/eg_mep/
-- name: Import vars
+- name: Import config file
include_vars:
file: ../../../config.yml
name: vardata
-- name: Setting pull image path
+- name: Remove old dir
+ command: rm -rf /tmp/.mep_tmp_cer
+ args:
+ chdir: /tmp/
+
+- name: Make dir
+ command: mkdir -p /tmp/.mep_tmp_cer
+ args:
+ chdir: /tmp/
+
+- name: Openssl genrsa
+ command: openssl genrsa -out ca.key 2048
+ args:
+ chdir: /tmp/.mep_tmp_cer/
+
+- name: Opnessl req
# yamllint disable rule:line-length
- command: kubectl create secret docker-registry swrregcred --docker-server=https://swr.ap-southeast-1.myhuaweicloud.com/v2/ --docker-username={{ vardata.swrusr.name}} --docker-password={{ vardata.swrpass.name}}
+ command: openssl req -new -key ca.key -subj /C=CN/ST=Peking/L=Beijing/O=edgegallery/CN=edgegallery -out ca.csr
# yamllint disable rule:line-length
args:
- chdir: /tmp/eg_mep/deploy/
+ chdir: /tmp/.mep_tmp_cer/
-- name: Copy macvln
- command: cp -r /tmp/remote-platform/cni/macvlan /opt/cni/bin/
+- name: Sing key with ca key and ca crt
+ # yamllint disable rule:line-length
+ command: openssl x509 -req -days 365 -in ca.csr -extensions v3_ca -signkey ca.key -out ca.crt
+ # yamllint disable rule:line-length
args:
- chdir: /tmp/eg_mep/deploy/
+ chdir: /tmp/.mep_tmp_cer/
-- name: Setup local-host
- command: cp -r /tmp/remote-platform/cni/host-local /opt/cni/bin/
+- name: Openssl genrsa
+ command: openssl genrsa -out mepserver_tls.key 2048
args:
- chdir: /tmp/eg_mep/deploy/
+ chdir: /tmp/.mep_tmp_cer/
+
+- name: Openssl rsa mep tls
+ # yamllint disable rule:line-length
+ command: openssl rsa -in mepserver_tls.key -aes256 -passout pass:{{ vardata.common_pwd.name}} -out mepserver_encryptedtls.key
+ # yamllint disable rule:line-length
+ args:
+ chdir: /tmp/.mep_tmp_cer/
+
+- name: Openssl req new key mepserver tls key
+ # yamllint disable rule:line-length
+ command: openssl req -new -key mepserver_tls.key -subj /C=CN/ST=Beijing/L=Beijing/O=edgegallery/CN=edgegallery -out mepserver_tls.csr
+ # yamllint disable rule:line-length
+ args:
+ chdir: /tmp/.mep_tmp_cer/
+
+- name: Openssl mepserver tls csr
+ # yamllint disable rule:line-length
+ command: openssl x509 -req -in mepserver_tls.csr -extensions v3_req -CA ca.crt -CAkey ca.key -CAcreateserial -out mepserver_tls.crt
+ # yamllint disable rule:line-length
+ args:
+ chdir: /tmp/.mep_tmp_cer/
+
+- name: Openssl genrsa out
+ command: openssl genrsa -out jwt_privatekey 2048
+ args:
+ chdir: /tmp/.mep_tmp_cer/
+
+- name: Openssl rsa jwt privatekey
+ command: openssl rsa -in jwt_privatekey -pubout -out jwt_publickey
+ args:
+ chdir: /tmp/.mep_tmp_cer/
+
+- name: Openssl rsa in jwt
+ # yamllint disable rule:line-length
+ command: openssl rsa -in jwt_privatekey -aes256 -passout pass:{{ vardata.common_pwd.name}} -out jwt_encrypted_privatekey
+ # yamllint disable rule:line-length
+ args:
+ chdir: /tmp/.mep_tmp_cer/
- name: Create mep namespace
command: kubectl create ns mep
- name: Create generic pg secret
# yamllint disable rule:line-length
- command: kubectl -n mep create secret generic pg-secret --from-literal=pg_admin_pwd={{ vardata.adminpwd.name}} --from-literal=kong_pg_pwd={{ vardata.kongpgpwd.name}} --from-file=server.key=/tmp/.mep_tmp_cer/mepserver_tls.key --from-file=server.crt=/tmp/.mep_tmp_cer/mepserver_tls.crt
+ command: kubectl -n mep create secret generic pg-secret --from-literal=pg_admin_pwd={{ vardata.common_pwd.name}} --from-literal=kong_pg_pwd={{ vardata.common_pwd.name}}
+ --from-file=server.key=/tmp/.mep_tmp_cer/mepserver_tls.key --from-file=server.crt=/tmp/.mep_tmp_cer/mepserver_tls.crt
# yamllint disable rule:line-length
args:
chdir: /tmp/
- name: Create mep generic for mep ssl
# yamllint disable rule:line-length
- command: kubectl -n mep create secret generic mep-ssl --from-literal=cert_pwd={{ vardata.firstvar.name}} --from-file=server.cer=/tmp/.mep_tmp_cer/mepserver_tls.crt --from-file=server_key.pem=/tmp/.mep_tmp_cer/mepserver_encryptedtls.key --from-file=trust.cer=/tmp/.mep_tmp_cer/ca.crt
+ command: kubectl -n mep create secret generic mep-ssl --from-literal=cert_pwd={{ vardata.common_pwd.name}} --from-file=server.cer=/tmp/.mep_tmp_cer/mepserver_tls.crt
+ --from-file=server_key.pem=/tmp/.mep_tmp_cer/mepserver_encryptedtls.key --from-file=trust.cer=/tmp/.mep_tmp_cer/ca.crt
# yamllint disable rule:line-length
args:
chdir: /tmp/
- name: Create mep seret generic
# yamllint disable rule:line-length
- command: kubectl -n mep create secret generic mepauth-secret --from-file=server.crt=/tmp/.mep_tmp_cer/mepserver_tls.crt --from-file=server.key=/tmp/.mep_tmp_cer/mepserver_tls.key --from-file=ca.crt=/tmp/.mep_tmp_cer/ca.crt --from-file=jwt_publickey=/tmp/.mep_tmp_cer/jwt_publickey --from-file=jwt_encrypted_privatekey=/tmp/.mep_tmp_cer/jwt_encrypted_privatekey
+ command: kubectl -n mep create secret generic mepauth-secret --from-file=server.crt=/tmp/.mep_tmp_cer/mepserver_tls.crt --from-file=server.key=/tmp/.mep_tmp_cer/mepserver_tls.key
+ --from-file=ca.crt=/tmp/.mep_tmp_cer/ca.crt --from-file=jwt_publickey=/tmp/.mep_tmp_cer/jwt_publickey --from-file=jwt_encrypted_privatekey=/tmp/.mep_tmp_cer/jwt_encrypted_privatekey
# yamllint disable rule:line-length
args:
chdir: /tmp/
+- name: Remove directory
+ command: rm -rf /tmp/.mep_tmp_cer
+ args:
+ chdir: /tmp/
+
- debug:
msg: Deploy_dns_metallb execution start
chdir: /tmp/eg_mep/deploy/
- name: Eg_Mep deployment create secret
+ # yamllint disable rule:line-length
command: kubectl create secret generic -n metallb-system memberlist --from-literal=secretkey="$(openssl rand -base64 128)"
+ # yamllint disable rule:line-length
args:
chdir: /tmp/eg_mep/deploy/
replace: "swr.ap-southeast-1.myhuaweicloud.com/edgegallery/edgegallery-secondary-ep-controller:latest"
- name: Running eg-sp-controller yaml files
+ # yamllint disable rule:line-length
command: kubectl apply -f /tmp/eg_mep/deploy/conf/edge/network-isolation/eg-sp-controller.yaml
args:
chdir: /tmp/eg_mep/deploy/
msg: Setup_interfaces execution start
- name: Link eg mep macvlan
- command: ip link add eg-mp1 link {{ vardata.interface1.name}} type macvlan mode bridge
+ # yamllint disable rule:line-length
+ command: ip link add eg-mp1 link {{ vardata.edge_management_interface.name}} type macvlan mode bridge
args:
chdir: /tmp/eg_mep/deploy/
ignore_errors: yes
no_log: True
- name: Link eg mep macvlan
- command: ip addr add {{ vardata.ipaddregmep1.name}} dev eg-mp1
+ command: ip addr add {{ vardata.eg-management-address.name}} dev eg-mp1
args:
chdir: /tmp/eg_mep/deploy/
ignore_errors: yes
no_log: True
- name: Link eg eg mm5 with eth1
- command: ip link add eg-mm5 link {{ vardata.interface2.name}} type macvlan mode bridge
+ # yamllint disable rule:line-length
+ command: ip link add eg-mm5 link {{ vardata.edge_dataplane_interface.name}} type macvlan mode bridge
args:
chdir: /tmp/eg_mep/deploy/
ignore_errors: yes
no_log: True
- name: Link eg eg mm5 ip addr
- command: ip addr add {{ vardata.ipaddregmep5.name}} dev eg-mm5
+ command: ip addr add {{ vardata.eg-dataplane-address.name}} dev eg-mm5
args:
chdir: /tmp/eg_mep/deploy/
ignore_errors: yes
ignore_errors: yes
no_log: True
-- name: Delete mep name space
- command: kubectl delete ns mep
- args:
- chdir: /tmp/eg_mep/deploy/
- ignore_errors: yes
- no_log: True
-
- debug:
msg: Pull helm repo start
-- name: Edge gallery mep installation pull chart
+- name: Edge gallery mep installation pull chart and image
# yamllint disable rule:line-length
- command: helm install mep-edgegallery edgegallery/mep --set networkIsolation.phyInterface.mp1={{ vardata.interface1.name}} --set networkIsolation.phyInterface.mm5={{ vardata.interface2.name}} --set ssl.secretName=mep-ssl
+ command: helm install mep-edgegallery edgegallery/mep --set networkIsolation.phyInterface.mp1={{ vardata.edge_management_interface.name}} --set networkIsolation.phyInterface.mm5={{ vardata.edge_dataplane_interface.name}} --set images.mep.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/mep --set images.mepauth.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/mepauth --set images.dns.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/mep-dns-server --set images.kong.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/kong --set images.postgres.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/postgres --set images.mep.tag={{ vardata.eg_image_tag.name}} --set images.mepauth.tag={{ vardata.eg_image_tag.name}} --set images.dns.tag={{ vardata.eg_image_tag.name}} --set images.mep.pullPolicy=IfNotPresent --set images.mepauth.pullPolicy=IfNotPresent --set images.dns.pullPolicy=IfNotPresent --set images.kong.pullPolicy=IfNotPresent --set images.postgres.pullPolicy=IfNotPresent --set ssl.secretName=mep-ssl
# yamllint disable rule:line-length
- args:
- chdir: /tmp/eg_mep/deploy/
- ignore_errors: yes
- no_log: True
Code Review / ealt-edge.git / blobdiff