name:
########## Edge config #############
+######### Mandatory #########
+mep_kong_pg_pwd:
+ name:
######### Optional #########
edge_management_interface:
name: eth0
# need common password for security purpose
mep_pg_admin_pwd:
name:
-mep_kong_pg_pwd:
- name:
mep_cert_pwd:
name:
generate_cert_pass:
- center
roles:
+ - eg_prerequisite
- helm
- kubeconfig
- center
roles:
- - eg_prerequisite
- eg_secret
- eg_set-helm-repo
- service_center
roles:
- docker
+ - eg_prerequisite
- k3s
### Pre-Requisites ###
- mepkubeconfig
- cadvisor
-
### EdgeGallery related ###
- hosts: egedge
- edge
roles:
- - eg_prerequisite
- eg_secret
- eg_set-helm-repo
- eg_mep
edge
[egedge:children]
-edge
\ No newline at end of file
+edge
---
-- name: Unisntall appstore
+- name: Uninstall appstore
command: helm uninstall appstore-edgegallery
+ ignore_errors: yes
+ no_log: True
command: rm -rf /tmp/ssl-eg-keys-certs
args:
chdir: /tmp/
+ ignore_errors: yes
+ no_log: True
- name: Uninstall developer
command: helm uninstall developer-edgegallery
+ ignore_errors: yes
+ no_log: True
- name: Docker stop helm repo
command: docker stop helm-repo
+ ignore_errors: yes
+ no_log: True
- name: Docker rm helm repo
command: docker rm helm-repo
+ ignore_errors: yes
+ no_log: True
- name: Uninstall mecm fe
command: helm uninstall mecm-fe-edgegallery
+ ignore_errors: yes
+ no_log: True
replace:
path: /tmp/eg_mecm-meo/deploy/conf/keys/postgres_init.sql
regexp: 'PASSWORD_VALUE'
- replace: "{{ vardata.db_password.name }}"
+ replace: "{{ vardata.common_pwd.name }}"
+
+- name: Set a variable
+ ansible.builtin.set_fact:
+ comm_pwd: "{{ vardata.common_pwd.name }}"
- name: Create mecm-ssl-secret with common pwd
# yamllint disable rule:line-length
command: kubectl create secret generic mecm-ssl-secret --from-file=keystore.p12=/tmp/ssl-eg-keys-certs/keystore.p12 --from-file=keystore.jks=/tmp/ssl-eg-keys-certs/keystore.jks --from-literal=keystorePassword={{ vardata.common_pwd.name}} --from-literal=keystoreType=PKCS12 --from-literal=keyAlias=edgegallery --from-literal=truststorePassword={{ vardata.common_pwd.name}}
# yamllint disable rule:line-length
- when: '{{ vardata.common_pwd.name}}'
+ when: comm_pwd != ""
- name: Generates certificate mecm-ssl-secret
# yamllint disable rule:line-length
command: kubectl create secret generic mecm-ssl-secret --from-file=keystore.p12=/tmp/ssl-eg-keys-certs/keystore.p12 --from-file=keystore.jks=/tmp/ssl-eg-keys-certs/keystore.jks --from-literal=keystorePassword={{ vardata.mecm_meo_keystorePassword.name}} --from-literal=keystoreType=PKCS12 --from-literal=keyAlias=edgegallery --from-literal=truststorePassword={{ vardata.mecm_meo_truststorePassword.name}}
# yamllint disable rule:line-length
- when: '{{ vardata.mecm_meo_keystorePassword.name}}'
+ when: comm_pwd == ""
- name: Create certificate edgegallery-mecm-secret with common pwd
# yamllint disable rule:line-length
# yamllint disable rule:line-length
args:
chdir: /tmp/eg_mecm-meo/deploy/
- when: '{{ vardata.common_pwd.name}}'
+ when: comm_pwd != ""
- name: Generates certificate edgegallery-mecm-secret
# yamllint disable rule:line-length
# yamllint disable rule:line-length
args:
chdir: /tmp/eg_mecm-meo/deploy/
- when: '{{ vardata.mecm_meo_postgresPassword.name}}'
+ when: comm_pwd == ""
- name: Fs group value
shell: 'getent group docker | cut -d: -f3'
- name: Helm install
# yamllint disable rule:line-length
- command: helm install mecm-meo-edgegallery edgegallery/mecm-meo --set ssl.secretName=mecm-ssl-secret --set mecm.secretName=edgegallery-mecm-secret --set images.inventory.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/mecm-inventory --set images.appo.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/mecm-appo --set images.apm.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/mecm-apm --set images.postgres.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/postgres --set images.inventory.tag={{ vardata.eg_image_tag.name}} --set images.appo.tag={{ vardata.eg_image_tag.name}} --set images.apm.tag={{ vardata.eg_image_tag.name}} --set images.postgres.tag=12.3 --set images.inventory.pullPolicy=IfNotPresent --set images.appo.pullPolicy=IfNotPresent --set images.apm.pullPolicy=IfNotPresent --set images.postgres.pullPolicy=IfNotPresent --set mecm.docker.fsgroup=result.stdout
- # yamllint disable rule:line-length
+ command: helm install mecm-meo-edgegallery edgegallery/mecm-meo --set ssl.secretName=mecm-ssl-secret --set mecm.secretName=edgegallery-mecm-secret --set images.inventory.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/mecm-inventory --set images.appo.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/mecm-appo --set images.apm.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/mecm-apm --set images.postgres.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/postgres --set images.inventory.tag={{ vardata.eg_image_tag.name}} --set images.appo.tag={{ vardata.eg_image_tag.name}} --set images.apm.tag={{ vardata.eg_image_tag.name}} --set images.postgres.tag=12.3 --set images.inventory.pullPolicy=IfNotPresent --set images.appo.pullPolicy=IfNotPresent --set images.apm.pullPolicy=IfNotPresent --set images.postgres.pullPolicy=IfNotPresent --set mecm.docker.fsgroup="{{result.stdout}}"
- name: Uninstall mecm meo
command: helm uninstall mecm-meo-edgegallery
+ ignore_errors: yes
+ no_log: True
-- name: Uninstall sercets
+- name: Delete mecm-ssl-secret and edgegallery-mecm-secret
command: kubectl delete secret mecm-ssl-secret edgegallery-mecm-secret
+ ignore_errors: yes
+ no_log: True
file: ../../../config.yml
name: vardata
+- name: Set a variable
+ ansible.builtin.set_fact:
+ comm_pwd: "{{ vardata.common_pwd.name }}"
+
- name: Replacing password
replace:
path: /tmp/eg_mecm-mepm/deploy/conf/keys/postgres_init.sql
regexp: 'PASSWORD_VALUE'
- replace: "{{ vardata.db_password.name }}"
+ replace: "{{ vardata.common_pwd.name }}"
- name: Create mecm-mepm-ssl-secret secret
# yamllint disable rule:line-length
- name: Create edgegallery-mepm-secret secret with common pwd
# yamllint disable rule:line-length
- command: kubectl create secret generic edgegallery-mepm-secret --from-file=postgres_init.sql=/tmp/eg_mecm-mepm/deploy/conf/keys/postgres_init.sql --from-literal=postgresPassword={{ vardata.db_password.name}} --from-literal=postgresLcmCntlrPassword={{ vardata.db_password.name}} --from-literal=postgresk8sPluginPassword={{ vardata.db_password.name}}
+ command: kubectl create secret generic edgegallery-mepm-secret --from-file=postgres_init.sql=/tmp/eg_mecm-mepm/deploy/conf/keys/postgres_init.sql --from-literal=postgresPassword={{ vardata.common_pwd.name}} --from-literal=postgresLcmCntlrPassword={{ vardata.common_pwd.name}} --from-literal=postgresk8sPluginPassword={{ vardata.common_pwd.name}}
# yamllint disable rule:line-length
- when: '{{ vardata.db_password.name}}'
+ when: comm_pwd != ""
- name: Create edgegallery-mepm-secret secret
# yamllint disable rule:line-length
command: kubectl create secret generic edgegallery-mepm-secret --from-file=postgres_init.sql=/tmp/eg_mecm-mepm/deploy/conf/keys/postgres_init.sql --from-literal=postgresPassword={{ vardata.mecm_mepm_postgresPassword.name}} --from-literal=postgresLcmCntlrPassword={{ vardata.mecm_mepm_postgresLcmCntlrPassword.name}} --from-literal=postgresk8sPluginPassword={{ vardata.mecm_mepm_postgresk8sPluginPassword.name}}
# yamllint disable rule:line-length
- when: '{{ vardata.mecm_mepm_postgresPassword.name}}'
+ when: comm_pwd == ""
- name: Create mepm service account
command: kubectl apply -f /tmp/eg_mecm-mepm/deploy/conf/manifest/mepm/mepm-service-account.yaml
- name: Delete mecm-mepm secret
command: helm uninstall mecm-mepm-edgegallery
+ ignore_errors: yes
+ no_log: True
- name: Mecm mepm jwt delete
# yamllint disable rule:line-length
command: kubectl delete secret mecm-mepm-jwt-public-secret mecm-mepm-ssl-secret edgegallery-mepm-secret
# yamllint disable rule:line-length
+ ignore_errors: yes
+ no_log: True
- name: Delete mep-service-account
# yamllint disable rule:line-length
command: kubectl delete -f /tmp/eg_mecm-mepm/deploy/conf/manifest/mepm/mepm-service-account.yaml
- # yamllint disable rule:line-length
+ ignore_errors: yes
+ no_log: True
- "--multus-conf-file=auto"
- "--cni-version=0.3.1"
resources:
- requests:
- cpu: "100m"
- memory: "50Mi"
- limits:
- cpu: "100m"
- memory: "50Mi"
+ requests:
+ cpu: "100m"
+ memory: "50Mi"
+ limits:
+ cpu: "100m"
+ memory: "50Mi"
securityContext:
- privileged: true
+ privileged: true
volumeMounts:
- name: cni
mountPath: /host/etc/cni/net.d
file: ../../../config.yml
name: vardata
+- name: Set a variable
+ ansible.builtin.set_fact:
+ comm_pwd: "{{ vardata.common_pwd.name }}"
+
- name: Remove old dir
command: rm -rf /tmp/.mep_tmp_cer
args:
- name: Openssl rsa mep tls with common pwd
# yamllint disable rule:line-length
- command: openssl rsa -in mepserver_tls.key -aes256 -passout pass:{{ vardata.common_pwd.name}} -out mepserver_encryptedtls.key
+ command: openssl rsa -in /tmp/.mep_tmp_cer/mepserver_tls.key -aes256 -passout pass:{{ vardata.common_pwd.name}} -out /tmp/.mep_tmp_cer/mepserver_encryptedtls.key
# yamllint disable rule:line-length
- args:
- chdir: /tmp/.mep_tmp_cer/
- when: '{{ vardata.common_pwd.name}}'
+ when: comm_pwd != ""
- name: Openssl rsa mep tls
# yamllint disable rule:line-length
- command: openssl rsa -in mepserver_tls.key -aes256 -passout pass:{{ vardata.mep_cert_pwd.name}} -out mepserver_encryptedtls.key
+ command: openssl rsa -in /tmp/.mep_tmp_cer/mepserver_tls.key -aes256 -passout pass:{{ vardata.mep_cert_pwd.name}} -out /tmp/.mep_tmp_cer/mepserver_encryptedtls.key
# yamllint disable rule:line-length
- args:
- chdir: /tmp/.mep_tmp_cer/
- when: '{{ vardata.mep_cert_pwd.name}}'
+ when: comm_pwd == ""
- name: Openssl req new key mepserver tls key
# yamllint disable rule:line-length
- name: Openssl rsa in jwt with common pwd
# yamllint disable rule:line-length
- command: openssl rsa -in jwt_privatekey -aes256 -passout pass:{{ vardata.common_pwd.name}} -out jwt_encrypted_privatekey
+ command: openssl rsa -in /tmp/.mep_tmp_cer/jwt_privatekey -aes256 -passout pass:{{ vardata.common_pwd.name}} -out /tmp/.mep_tmp_cer/jwt_encrypted_privatekey
+ ignore_errors: yes
+ no_log: True
# yamllint disable rule:line-length
- args:
- chdir: /tmp/.mep_tmp_cer/
- when: '{{ vardata.common_pwd.name}}'
+ when: comm_pwd != ""
- name: Openssl rsa in jwt
# yamllint disable rule:line-length
- command: openssl rsa -in jwt_privatekey -aes256 -passout pass:{{ vardata.mep_cert_pwd.name}} -out jwt_encrypted_privatekey
+ command: openssl rsa -in /tmp/.mep_tmp_cer/jwt_privatekey -aes256 -passout pass:{{ vardata.mep_cert_pwd.name}} -out /tmp/.mep_tmp_cer/jwt_encrypted_privatekey
# yamllint disable rule:line-length
- args:
- chdir: /tmp/.mep_tmp_cer/
- when: '{{ vardata.mep_cert_pwd.name}}'
+ ignore_errors: yes
+ no_log: True
+ when: comm_pwd == ""
- name: Create mep namespace
command: kubectl create ns mep
- name: Create generic pg secret with common pwd
# yamllint disable rule:line-length
- command: kubectl -n mep create secret generic pg-secret --from-literal=pg_admin_pwd={{ vardata.common_pwd.name}} --from-literal=kong_pg_pwd={{ vardata.common_pwd.name}}
+ command: kubectl -n mep create secret generic pg-secret --from-literal=pg_admin_pwd={{ vardata.common_pwd.name}} --from-literal=kong_pg_pwd={{ vardata.mep_kong_pg_pwd.name}}
--from-file=server.key=/tmp/.mep_tmp_cer/mepserver_tls.key --from-file=server.crt=/tmp/.mep_tmp_cer/mepserver_tls.crt
+ ignore_errors: yes
+ no_log: True
# yamllint disable rule:line-length
- args:
- chdir: /tmp/
- when: '{{ vardata.common_pwd.name}}'
+ when: comm_pwd != ""
- name: Create generic pg secret
# yamllint disable rule:line-length
command: kubectl -n mep create secret generic pg-secret --from-literal=pg_admin_pwd={{ vardata.mep_pg_admin_pwd.name}} --from-literal=kong_pg_pwd={{ vardata.mep_kong_pg_pwd.name}}
--from-file=server.key=/tmp/.mep_tmp_cer/mepserver_tls.key --from-file=server.crt=/tmp/.mep_tmp_cer/mepserver_tls.crt
+ ignore_errors: yes
+ no_log: True
# yamllint disable rule:line-length
- args:
- chdir: /tmp/
- when: '{{ vardata.mep_pg_admin_pwd.name}}'
+ when: comm_pwd == ""
- name: Create mep generic for mep ssl with common pwd
# yamllint disable rule:line-length
command: kubectl -n mep create secret generic mep-ssl --from-literal=cert_pwd={{ vardata.common_pwd.name}} --from-file=server.cer=/tmp/.mep_tmp_cer/mepserver_tls.crt
--from-file=server_key.pem=/tmp/.mep_tmp_cer/mepserver_encryptedtls.key --from-file=trust.cer=/tmp/.mep_tmp_cer/ca.crt
+ ignore_errors: yes
+ no_log: True
# yamllint disable rule:line-length
- args:
- chdir: /tmp/
- when: '{{ vardata.common_pwd.name}}'
+ when: comm_pwd != ""
- name: Create mep generic for mep ssl
# yamllint disable rule:line-length
command: kubectl -n mep create secret generic mep-ssl --from-literal=cert_pwd={{ vardata.mep_cert_pwd.name}} --from-file=server.cer=/tmp/.mep_tmp_cer/mepserver_tls.crt
--from-file=server_key.pem=/tmp/.mep_tmp_cer/mepserver_encryptedtls.key --from-file=trust.cer=/tmp/.mep_tmp_cer/ca.crt
# yamllint disable rule:line-length
- args:
- chdir: /tmp/
- when: '{{ vardata.mep_cert_pwd.name}}'
+ when: comm_pwd == ""
- name: Create mep seret generic
# yamllint disable rule:line-length
replace:
path: /tmp/eg_mep/deploy/conf/edge/network-isolation/eg-sp-controller.yaml
regexp: 'edgegallery/edgegallery-secondary-ep-controller:latest'
- replace: "swr.ap-southeast-1.myhuaweicloud.com/edgegallery/edgegallery-secondary-ep-controller:latest"
+ replace: "{{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/edgegallery-secondary-ep-controller:latest"
- name: Running eg-sp-controller yaml files
# yamllint disable rule:line-length
+#!/bin/bash
+
function _help_insecure_registry()
{
grep -i "insecure-registries" /etc/docker/daemon.json | grep "REGISTRIES_IP:REGISTRIES_PORT" >/dev/null 2>&1
#########################################
#skip main in case of source
main $@
-######################
\ No newline at end of file
+######################
#
---
+
- name: Doing deployment setup for edge gallery
copy:
src: deploy
dest: /tmp/eg_prerequisite/
+ mode: 750
- name: Import config file
include_vars:
replace: "{{ vardata.docker_registry_port.name }}"
- name: Execute script for docker daemon
- command: sh /tmp/eg_prerequisite/deploy/eg_daemon.sh
+ shell:
+ cmd: /tmp/eg_prerequisite/deploy/eg_daemon.sh
+
+- name: Delete Execute script for docker daemon
+ command: rm -rf /tmp/eg_prerequisite
- name: Certificate copy
debug:
---
-# tasks file for eg_comm
+# tasks file for eg_prerequisite
- include: "install.yml"
static: false
when: operation == 'install'
+#!/bin/bash
TARBALL_PATH=/tmp/eg_registry/deploy/
function _load_and_run_docker_registry()
#########################################
#skip main in case of source
main $@
-######################
\ No newline at end of file
+######################
copy:
src: deploy
dest: /tmp/eg_registry/
+ mode: 750
+
+- name: Import config file
+ include_vars:
+ file: ../../../config.yml
+ name: vardata
- name: Download 0.9 tar
command: wget http://release.edgegallery.org/arm64/all/0.9.tar.gz
- name: Replacing private ip
replace:
path: /tmp/eg_registry/deploy/load-images.sh
- regexp: REGISTRIES_IP
+ regexp: 'REGISTRIES_IP'
replace: "{{ vardata.private_repo_ip.name }}"
- name: Replacing private port
replace:
path: /tmp/eg_registry/deploy/load-images.sh
- regexp: REGISTRIES_PORT
+ regexp: 'REGISTRIES_PORT'
replace: "{{ vardata.docker_registry_port.name }}"
-- name: Execute load-images file
- command: sh /tmp/eg_registry/deploy/load-images.sh
+- name: Execute the script
+ shell:
+ cmd: /tmp/eg_registry/deploy/load-images.sh
- name: Stop registry
command: docker stop registry
+ ignore_errors: yes
+ no_log: True
- name: Remove registry
command: docker rm -v registry
+ ignore_errors: yes
+ no_log: True
- name: Remove tmp file
command: rm -v /tmp/eg_registry
+ ignore_errors: yes
+ no_log: True
- name: Import config file
include_vars:
- file: ../../../config.yml
- name: vardata
+ file: ../../../config.yml
+ name: vardata
- name: Generate secret
# yamllint disable rule:line-length
command: kubectl create secret generic edgegallery-ssl-secret --from-file=keystore.p12=/tmp/ssl-eg-keys-certs/keystore.p12 --from-literal=keystorePassword={{ vardata.common_pwd.name}} --from-literal=keystoreType=PKCS12 --from-literal=keyAlias=edgegallery --from-file=trust.cer=/tmp/ssl-eg-keys-certs/ca.crt --from-file=server.cer=/tmp/ssl-eg-keys-certs/tls.crt --from-file=server_key.pem=/tmp/ssl-eg-keys-certs/encryptedtls.key --from-literal=cert_pwd={{ vardata.common_pwd.name}}
- # yamllint disable rule:line-length
+ args:
+ chdir: /tmp/ssl-eg-keys-certs/
- name: Delete edgegallery ssl secret
command: kubectl delete secret edgegallery-ssl-secret
+ ignore_errors: yes
+ no_log: True
file: ../../../config.yml
name: vardata
+- name: Set a variable
+ ansible.builtin.set_fact:
+ comm_pwd: "{{ vardata.common_pwd.name }}"
+
- name: Create certificates for usermanagment with common pwd
# yamllint disable rule:line-length
command: kubectl create secret generic user-mgmt-jwt-secret --from-file=publicKey=/tmp/ssl-eg-keys-certs/rsa_public_key.pem --from-file=encryptedPrivateKey=/tmp/ssl-eg-keys-certs/encrypted_rsa_private_key.pem --from-literal=encryptPassword={{ vardata.common_pwd.name}}
# yamllint disable rule:line-length
- when: '{{ vardata.common_pwd.name}}'
+ when: comm_pwd != ""
- name: Generating certificates for usermanagment
# yamllint disable rule:line-length
command: kubectl create secret generic user-mgmt-jwt-secret --from-file=publicKey=/tmp/ssl-eg-keys-certs/rsa_public_key.pem --from-file=encryptedPrivateKey=/tmp/ssl-eg-keys-certs/encrypted_rsa_private_key.pem --from-literal=encryptPassword={{ vardata.user_mgmt_encryptPassword.name}}
# yamllint disable rule:line-length
- when: '{{ vardata.user_mgmt_encryptPassword.name}}'
+ when: comm_pwd == ""
- name: Install user-mgmt
# yamllint disable rule:line-length
command: helm install user-mgmt-edgegallery edgegallery/usermgmt --set global.oauth2.clients.appstore.clientUrl=https://{{ ansible_host }}:{{vardata.appstore_port.name}},global.oauth2.clients.developer.clientUrl=https://{{ ansible_host }}:{{vardata.developer_port.name}},global.oauth2.clients.mecm.clientUrl=https://{{ ansible_host }}:{{vardata.mecm_port.name}}, --set jwt.secretName=user-mgmt-jwt-secret --set images.usermgmt.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/user-mgmt --set images.postgres.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/postgres --set images.redis.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/redis --set images.initservicecenter.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/curl --set images.usermgmt.tag={{ vardata.eg_image_tag.name}} --set images.usermgmt.pullPolicy=IfNotPresent --set images.postgres.pullPolicy=IfNotPresent --set images.redis.pullPolicy=IfNotPresent --set images.initservicecenter.pullPolicy=IfNotPresent --set global.ssl.enabled=true --set global.ssl.secretName=edgegallery-ssl-secret
- # yamllint disable rule:line-length
- name: Uninstall user management
command: helm uninstall user-mgmt-edgegallery
+ ignore_errors: yes
+ no_log: True
-- name: Uninstall user mngmt jwt
+- name: Delete user-mgmt-jwt-secret
command: kubectl delete secret user-mgmt-jwt-secret
+ ignore_errors: yes
+ no_log: True
---
-- name: Doing deployment setup for service-center
- copy:
- src: deploy
- dest: /tmp/service_center/
-
- name: Import config file
include_vars:
file: ../../../config.yml
name: vardata
-- name: Pull helm chart service center
+- name: Install service center
# yamllint disable rule:line-length
command: helm install service-center-edgegallery edgegallery/servicecenter --set images.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/service-center --set images.pullPolicy=IfNotPresent --set global.ssl.enabled=true --set global.ssl.secretName=edgegallery-ssl-secret
# yamllint disable rule:line-length
- name: Uninstall service center
command: helm uninstall service-center-edgegallery
+ ignore_errors: yes
+ no_log: True