X-Git-Url: https://gerrit.akraino.org/r/gitweb?a=blobdiff_plain;f=ocd%2Finfra%2Fplaybooks%2Froles%2Feg_mep%2Ftasks%2Finstall.yml;h=f33094d87257ea6c17f8f466417485542a22c1d0;hb=refs%2Fchanges%2F95%2F3895%2F5;hp=62e103b85bb15febe83f2cf0e3cefd10e9d963d7;hpb=4274bc1e41bb0568bf72914248cf0a24b1f59f11;p=ealt-edge.git diff --git a/ocd/infra/playbooks/roles/eg_mep/tasks/install.yml b/ocd/infra/playbooks/roles/eg_mep/tasks/install.yml index 62e103b..f33094d 100644 --- a/ocd/infra/playbooks/roles/eg_mep/tasks/install.yml +++ b/ocd/infra/playbooks/roles/eg_mep/tasks/install.yml @@ -25,6 +25,10 @@ file: ../../../config.yml name: vardata +- name: Set a variable + ansible.builtin.set_fact: + comm_pwd: "{{ vardata.common_pwd.name }}" + - name: Remove old dir command: rm -rf /tmp/.mep_tmp_cer args: @@ -61,19 +65,15 @@ - name: Openssl rsa mep tls with common pwd # yamllint disable rule:line-length - command: openssl rsa -in mepserver_tls.key -aes256 -passout pass:{{ vardata.common_pwd.name}} -out mepserver_encryptedtls.key + command: openssl rsa -in /tmp/.mep_tmp_cer/mepserver_tls.key -aes256 -passout pass:{{ vardata.common_pwd.name}} -out /tmp/.mep_tmp_cer/mepserver_encryptedtls.key # yamllint disable rule:line-length - args: - chdir: /tmp/.mep_tmp_cer/ - when: '{{ vardata.common_pwd.name}}' + when: comm_pwd != "" - name: Openssl rsa mep tls # yamllint disable rule:line-length - command: openssl rsa -in mepserver_tls.key -aes256 -passout pass:{{ vardata.mep_cert_pwd.name}} -out mepserver_encryptedtls.key + command: openssl rsa -in /tmp/.mep_tmp_cer/mepserver_tls.key -aes256 -passout pass:{{ vardata.mep_cert_pwd.name}} -out /tmp/.mep_tmp_cer/mepserver_encryptedtls.key # yamllint disable rule:line-length - args: - chdir: /tmp/.mep_tmp_cer/ - when: '{{ vardata.mep_cert_pwd.name}}' + when: comm_pwd == "" - name: Openssl req new key mepserver tls key # yamllint disable rule:line-length @@ -101,19 +101,19 @@ - name: Openssl rsa in jwt with common pwd # yamllint disable rule:line-length - command: openssl rsa -in jwt_privatekey -aes256 -passout pass:{{ vardata.common_pwd.name}} -out jwt_encrypted_privatekey + command: openssl rsa -in /tmp/.mep_tmp_cer/jwt_privatekey -aes256 -passout pass:{{ vardata.common_pwd.name}} -out /tmp/.mep_tmp_cer/jwt_encrypted_privatekey + ignore_errors: yes + no_log: True # yamllint disable rule:line-length - args: - chdir: /tmp/.mep_tmp_cer/ - when: '{{ vardata.common_pwd.name}}' + when: comm_pwd != "" - name: Openssl rsa in jwt # yamllint disable rule:line-length - command: openssl rsa -in jwt_privatekey -aes256 -passout pass:{{ vardata.mep_cert_pwd.name}} -out jwt_encrypted_privatekey + command: openssl rsa -in /tmp/.mep_tmp_cer/jwt_privatekey -aes256 -passout pass:{{ vardata.mep_cert_pwd.name}} -out /tmp/.mep_tmp_cer/jwt_encrypted_privatekey # yamllint disable rule:line-length - args: - chdir: /tmp/.mep_tmp_cer/ - when: '{{ vardata.mep_cert_pwd.name}}' + ignore_errors: yes + no_log: True + when: comm_pwd == "" - name: Create mep namespace command: kubectl create ns mep @@ -122,39 +122,37 @@ - name: Create generic pg secret with common pwd # yamllint disable rule:line-length - command: kubectl -n mep create secret generic pg-secret --from-literal=pg_admin_pwd={{ vardata.common_pwd.name}} --from-literal=kong_pg_pwd={{ vardata.common_pwd.name}} + command: kubectl -n mep create secret generic pg-secret --from-literal=pg_admin_pwd={{ vardata.common_pwd.name}} --from-literal=kong_pg_pwd={{ vardata.mep_kong_pg_pwd.name}} --from-file=server.key=/tmp/.mep_tmp_cer/mepserver_tls.key --from-file=server.crt=/tmp/.mep_tmp_cer/mepserver_tls.crt + ignore_errors: yes + no_log: True # yamllint disable rule:line-length - args: - chdir: /tmp/ - when: '{{ vardata.common_pwd.name}}' + when: comm_pwd != "" - name: Create generic pg secret # yamllint disable rule:line-length command: kubectl -n mep create secret generic pg-secret --from-literal=pg_admin_pwd={{ vardata.mep_pg_admin_pwd.name}} --from-literal=kong_pg_pwd={{ vardata.mep_kong_pg_pwd.name}} --from-file=server.key=/tmp/.mep_tmp_cer/mepserver_tls.key --from-file=server.crt=/tmp/.mep_tmp_cer/mepserver_tls.crt + ignore_errors: yes + no_log: True # yamllint disable rule:line-length - args: - chdir: /tmp/ - when: '{{ vardata.mep_pg_admin_pwd.name}}' + when: comm_pwd == "" - name: Create mep generic for mep ssl with common pwd # yamllint disable rule:line-length command: kubectl -n mep create secret generic mep-ssl --from-literal=cert_pwd={{ vardata.common_pwd.name}} --from-file=server.cer=/tmp/.mep_tmp_cer/mepserver_tls.crt --from-file=server_key.pem=/tmp/.mep_tmp_cer/mepserver_encryptedtls.key --from-file=trust.cer=/tmp/.mep_tmp_cer/ca.crt + ignore_errors: yes + no_log: True # yamllint disable rule:line-length - args: - chdir: /tmp/ - when: '{{ vardata.common_pwd.name}}' + when: comm_pwd != "" - name: Create mep generic for mep ssl # yamllint disable rule:line-length command: kubectl -n mep create secret generic mep-ssl --from-literal=cert_pwd={{ vardata.mep_cert_pwd.name}} --from-file=server.cer=/tmp/.mep_tmp_cer/mepserver_tls.crt --from-file=server_key.pem=/tmp/.mep_tmp_cer/mepserver_encryptedtls.key --from-file=trust.cer=/tmp/.mep_tmp_cer/ca.crt # yamllint disable rule:line-length - args: - chdir: /tmp/ - when: '{{ vardata.mep_cert_pwd.name}}' + when: comm_pwd == "" - name: Create mep seret generic # yamllint disable rule:line-length @@ -211,7 +209,7 @@ replace: path: /tmp/eg_mep/deploy/conf/edge/network-isolation/eg-sp-controller.yaml regexp: 'edgegallery/edgegallery-secondary-ep-controller:latest' - replace: "swr.ap-southeast-1.myhuaweicloud.com/edgegallery/edgegallery-secondary-ep-controller:latest" + replace: "{{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/edgegallery-secondary-ep-controller:latest" - name: Running eg-sp-controller yaml files # yamllint disable rule:line-length