file: ../../../config.yml
name: vardata
+- name: Set a variable
+ ansible.builtin.set_fact:
+ comm_pwd: "{{ vardata.common_pwd.name }}"
+
- name: Remove old dir
command: rm -rf /tmp/.mep_tmp_cer
args:
args:
chdir: /tmp/.mep_tmp_cer/
+- name: Openssl rsa mep tls with common pwd
+ # yamllint disable rule:line-length
+ command: openssl rsa -in /tmp/.mep_tmp_cer/mepserver_tls.key -aes256 -passout pass:{{ vardata.common_pwd.name}} -out /tmp/.mep_tmp_cer/mepserver_encryptedtls.key
+ # yamllint disable rule:line-length
+ when: comm_pwd != ""
+
- name: Openssl rsa mep tls
# yamllint disable rule:line-length
- command: openssl rsa -in mepserver_tls.key -aes256 -passout pass:{{ vardata.secret_pwd.name}} -out mepserver_encryptedtls.key
+ command: openssl rsa -in /tmp/.mep_tmp_cer/mepserver_tls.key -aes256 -passout pass:{{ vardata.mep_cert_pwd.name}} -out /tmp/.mep_tmp_cer/mepserver_encryptedtls.key
# yamllint disable rule:line-length
- args:
- chdir: /tmp/.mep_tmp_cer/
+ when: comm_pwd == ""
- name: Openssl req new key mepserver tls key
# yamllint disable rule:line-length
args:
chdir: /tmp/.mep_tmp_cer/
+- name: Openssl rsa in jwt with common pwd
+ # yamllint disable rule:line-length
+ command: openssl rsa -in /tmp/.mep_tmp_cer/jwt_privatekey -aes256 -passout pass:{{ vardata.common_pwd.name}} -out /tmp/.mep_tmp_cer/jwt_encrypted_privatekey
+ ignore_errors: yes
+ no_log: True
+ # yamllint disable rule:line-length
+ when: comm_pwd != ""
+
- name: Openssl rsa in jwt
# yamllint disable rule:line-length
- command: openssl rsa -in jwt_privatekey -aes256 -passout pass:{{ vardata.secret_pwd.name}} -out jwt_encrypted_privatekey
+ command: openssl rsa -in /tmp/.mep_tmp_cer/jwt_privatekey -aes256 -passout pass:{{ vardata.mep_cert_pwd.name}} -out /tmp/.mep_tmp_cer/jwt_encrypted_privatekey
# yamllint disable rule:line-length
- args:
- chdir: /tmp/.mep_tmp_cer/
+ ignore_errors: yes
+ no_log: True
+ when: comm_pwd == ""
- name: Create mep namespace
command: kubectl create ns mep
args:
chdir: /tmp/
+- name: Create generic pg secret with common pwd
+ # yamllint disable rule:line-length
+ command: kubectl -n mep create secret generic pg-secret --from-literal=pg_admin_pwd={{ vardata.common_pwd.name}} --from-literal=kong_pg_pwd={{ vardata.mep_kong_pg_pwd.name}}
+ --from-file=server.key=/tmp/.mep_tmp_cer/mepserver_tls.key --from-file=server.crt=/tmp/.mep_tmp_cer/mepserver_tls.crt
+ ignore_errors: yes
+ no_log: True
+ # yamllint disable rule:line-length
+ when: comm_pwd != ""
+
- name: Create generic pg secret
# yamllint disable rule:line-length
- command: kubectl -n mep create secret generic pg-secret --from-literal=pg_admin_pwd={{ vardata.secret_pwd.name}} --from-literal=kong_pg_pwd={{ vardata.secret_pwd.name}}
+ command: kubectl -n mep create secret generic pg-secret --from-literal=pg_admin_pwd={{ vardata.mep_pg_admin_pwd.name}} --from-literal=kong_pg_pwd={{ vardata.mep_kong_pg_pwd.name}}
--from-file=server.key=/tmp/.mep_tmp_cer/mepserver_tls.key --from-file=server.crt=/tmp/.mep_tmp_cer/mepserver_tls.crt
+ ignore_errors: yes
+ no_log: True
# yamllint disable rule:line-length
- args:
- chdir: /tmp/
+ when: comm_pwd == ""
+
+- name: Create mep generic for mep ssl with common pwd
+ # yamllint disable rule:line-length
+ command: kubectl -n mep create secret generic mep-ssl --from-literal=cert_pwd={{ vardata.common_pwd.name}} --from-file=server.cer=/tmp/.mep_tmp_cer/mepserver_tls.crt
+ --from-file=server_key.pem=/tmp/.mep_tmp_cer/mepserver_encryptedtls.key --from-file=trust.cer=/tmp/.mep_tmp_cer/ca.crt
+ ignore_errors: yes
+ no_log: True
+ # yamllint disable rule:line-length
+ when: comm_pwd != ""
- name: Create mep generic for mep ssl
# yamllint disable rule:line-length
- command: kubectl -n mep create secret generic mep-ssl --from-literal=cert_pwd={{ vardata.secret_pwd.name}} --from-file=server.cer=/tmp/.mep_tmp_cer/mepserver_tls.crt
+ command: kubectl -n mep create secret generic mep-ssl --from-literal=cert_pwd={{ vardata.mep_cert_pwd.name}} --from-file=server.cer=/tmp/.mep_tmp_cer/mepserver_tls.crt
--from-file=server_key.pem=/tmp/.mep_tmp_cer/mepserver_encryptedtls.key --from-file=trust.cer=/tmp/.mep_tmp_cer/ca.crt
# yamllint disable rule:line-length
- args:
- chdir: /tmp/
+ when: comm_pwd == ""
- name: Create mep seret generic
# yamllint disable rule:line-length
replace:
path: /tmp/eg_mep/deploy/conf/edge/network-isolation/eg-sp-controller.yaml
regexp: 'edgegallery/edgegallery-secondary-ep-controller:latest'
- replace: "swr.ap-southeast-1.myhuaweicloud.com/edgegallery/edgegallery-secondary-ep-controller:latest"
+ replace: "{{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/edgegallery-secondary-ep-controller:latest"
- name: Running eg-sp-controller yaml files
# yamllint disable rule:line-length
no_log: True
- name: Link eg mep macvlan
- command: ip addr add {{ vardata.eg-mp1-address.name}} dev eg-mp1
+ command: ip addr add {{ vardata.eg-management-address.name}} dev eg-mp1
args:
chdir: /tmp/eg_mep/deploy/
ignore_errors: yes
no_log: True
- name: Link eg eg mm5 ip addr
- command: ip addr add {{ vardata.eg-mm5-address.name}} dev eg-mm5
+ command: ip addr add {{ vardata.eg-dataplane-address.name}} dev eg-mm5
args:
chdir: /tmp/eg_mep/deploy/
ignore_errors: yes
- name: Edge gallery mep installation pull chart and image
# yamllint disable rule:line-length
- command: helm install mep-edgegallery edgegallery/mep --set networkIsolation.phyInterface.mp1={{ vardata.edge_management_interface.name}} --set networkIsolation.phyInterface.mm5={{ vardata.edge_dataplane_interface.name}} --set images.mep.tag={{ vardata.eg_image_tag.name}} --set images.mepauth.tag={{ vardata.eg_image_tag.name}} --set images.dns.tag={{ vardata.eg_image_tag.name}} --set ssl.secretName=mep-ssl
+ command: helm install mep-edgegallery edgegallery/mep --set networkIsolation.phyInterface.mp1={{ vardata.edge_management_interface.name}} --set networkIsolation.phyInterface.mm5={{ vardata.edge_dataplane_interface.name}} --set images.mep.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/mep --set images.mepauth.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/mepauth --set images.dns.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/mep-dns-server --set images.kong.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/kong --set images.postgres.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/postgres --set images.mep.tag={{ vardata.eg_image_tag.name}} --set images.mepauth.tag={{ vardata.eg_image_tag.name}} --set images.dns.tag={{ vardata.eg_image_tag.name}} --set images.mep.pullPolicy=IfNotPresent --set images.mepauth.pullPolicy=IfNotPresent --set images.dns.pullPolicy=IfNotPresent --set images.kong.pullPolicy=IfNotPresent --set images.postgres.pullPolicy=IfNotPresent --set ssl.secretName=mep-ssl
# yamllint disable rule:line-length