--- /dev/null
+#
+# Copyright 2021 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# The image tag here could only be latest, and helm tag could only be 1.1.0
+EG_IMAGE_TAG: latest
+HELM_TAG: 1.1.0
+
+# Mode for online or offline install, currently only support offline
+NETWORK_MODE: offline
+
+# Absolute file path of source offline .tar.gz file on ansible host node
+TARBALL_FILE: "{{ inventory_dir }}/../ansible-{{ EG_IMAGE_TAG }}.tar.gz"
+
+# Target path where offline tarball be decompossed into
+TARBALL_PATH: /home/edgegallery-offline
+
+# Whether copy the offline package from the ansible host node to other node
+COPY_TAR_TO_TARGET: yes
+
+# Whether clean the TARBALL_PATH before install and after uninstall
+# true means clean and false means not clean
+TARBALL_PATH_CLEANUP: true
+
+HELM_CHARTS_PATH: "{{ TARBALL_PATH }}/helm/helm-charts"
+
+APPSTORE_HELM_RELEASE_NAME: appstore-edgegallery
+DEVELOPER_HELM_RELEASE_NAME: developer-edgegallery
+MECM_FE_HELM_RELEASE_NAME: mecm-fe-edgegallery
+ATP_HELM_RELEASE_NAME: atp-edgegallery
+
+APPSTORE_PORT: 30091
+DEVELOPER_PORT: 30092
+MECM_PORT: 30093
+ATP_PORT: 30094
+USER_MGMT_PORT: 30067
+LAB_PORT: 30096
+
+# Could be true or false, currently only support false
+ENABLE_PERSISTENCE: false
+
+# Should set the following 2 params if ENABLE_PERSISTENCE is true
+# NFS_SERVER_IP:
+# NFS_PATH:
+++ /dev/null
-#
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
----
-
-############ Master ############
-
-### EdgeGallery related ###
-
-- hosts: egmaster
- become: yes
- tags:
- - egmaster
- - master
-
- roles:
- - eg_mecm-meo
- - eg_mecm-fe
- - eg_appstore
- - eg_developer
- - eg_user-mgmt
- - service_center
- - eg_secret
-
-### Other 3rd party related ###
-
-- hosts: thirdpartymaster
- become: yes
- tags:
- - thirdpartymaster
- - master
-
- roles:
- - grafana
-
-### Pre-Requisites ###
-
-- hosts: prerequisitemaster
- become: yes
- tags:
- - prerequisitemaster
- - master
-
- roles:
- - kubeconfig
- - helm
-
-############ Edge ############
-
-### EdgeGallery related ###
-
-- hosts: egedge
- become: yes
- tags:
- - egedge
- - edge
-
- roles:
- - eg_secret
- - eg_mep
- - eg_mecm-mepm
-
-### Other 3rd party related ###
-
-- hosts: thirdpartyedge
- become: yes
- tags:
- - thirdpartyedge
- - edge
-
- roles:
- - el_hawkbit
- - rabbitmq
- - prometheus
- - kubeconfig
- - mepkubeconfig
- - cadvisor
-
-### Pre-Requisites ###
-
-- hosts: prerequisiteedge
- become: yes
- tags:
- - prerequisiteedge
- - edge
-
- roles:
- - helm
-
-### Infrastructure ###
-- hosts: edge-infra
- become: yes
- tags:
- - edge-infra
- - edge
-
- roles:
- - k3s
- - docker
-
-############ OCD ############
-
-- hosts: ocdconsolidated
- become: yes
- tags:
- - ocdhost
- - ocdconsolidated
-
- roles:
- - eg_helm-repo
- - eg_registry
- - eg_certs
- - helm
- - k8s
- - docker
#
-# Copyright 2020 Huawei Technologies Co., Ltd.
+# Copyright 2021 Huawei Technologies Co., Ltd.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
---
-############ OCD ############
-
-- hosts: ocdconsolidated
- become: yes
- tags:
- - ocdhost
- - ocdconsolidated
-
- roles:
- - k8s
- - helm
- - docker
- - eg_prerequisite
- - eg_registry
- - eg_helm-repo
- - eg_certs
-
-############ Master ############
-
-### Pre-Requisites ###
-
-- hosts: prerequisitemaster
- become: yes
- tags:
- - prerequisitemaster
- - master
-
- roles:
- - eg_trans_certs
- - eg_prerequisite
- - helm
- - eg_set-helm-repo
- - kubeconfig
+############ Center ############
### Other 3rd party related ###
-- hosts: thirdpartymaster
+- hosts: thirdpartycenter
become: yes
tags:
- - thirdpartymaster
- - master
+ - thirdpartycenter
+ - center
roles:
- grafana
-### EdgeGallery related ###
-
-- hosts: egmaster
- become: yes
- tags:
- - egmaster
- - master
-
- roles:
- - eg_secret
- - service_center
- - eg_user-mgmt
- - eg_mecm-meo
- - eg_mecm-fe
- - eg_appstore
- - eg_developer
-
-
############ Edge ############
-### Infrastructure ###
-- hosts: edge-infra
- become: yes
- tags:
- - edge-infra
- - edge
-
- roles:
- - eg_trans_certs
- - docker
- - eg_prerequisite
- - k3s
-
-### Pre-Requisites ###
-
-- hosts: prerequisiteedge
- become: yes
- tags:
- - prerequisiteedge
- - edge
-
- roles:
- - helm
-
### Other 3rd party related ###
- hosts: thirdpartyedge
roles:
- rabbitmq
- - prometheus
- - kubeconfig
- - mepkubeconfig
- cadvisor
- el_edgex
- - el_opc-au
- el_hawkbit
-
-### EdgeGallery related ###
-
-- hosts: egedge
- become: yes
- tags:
- - egedge
- - edge
-
- roles:
- - eg_secret
- - eg_set-helm-repo
- - eg_mep
- - eg_mecm-mepm
+# - el_opc-au
#
-# Copyright 2020 Huawei Technologies Co., Ltd.
+# Copyright 2021 Huawei Technologies Co., Ltd.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
---
-- name: Uninstall developer
- command: helm uninstall developer-edgegallery
- ignore_errors: yes
- no_log: True
+# Edgegallery installation
+
+- hosts: master
+ become: yes
+ roles:
+ - egallery-tar
+ - egallery-all-aiomode
#
-# Copyright 2020 Huawei Technologies Co., Ltd.
+# Copyright 2021 Huawei Technologies Co., Ltd.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
---
-# tasks file for eg_trans_certs
-- include: "install.yml"
- static: false
- when: operation == 'install'
+# playbook file for EG-MUNO
+
+- hosts: master
+ become: yes
+ roles:
+ - egallery-munomode-controller
#
-# Copyright 2020 Huawei Technologies Co., Ltd.
+# Copyright 2021 Huawei Technologies Co., Ltd.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
---
-- name: Remove generated certificates
- command: rm -rf /tmp/ssl-eg-keys-certs
- args:
- chdir: /tmp/
- ignore_errors: yes
- no_log: True
+# playbook file for EG-MUNO
+
+- hosts: master
+ become: yes
+ vars_files:
+ - ./muno-config/edge/var.yml
+ roles:
+ - egallery-munomode-edge
[egedge:children]
edge
+
+[thirdpartycenter:children]
+master
#
-# Copyright 2020 Huawei Technologies Co., Ltd.
+# Copyright 2021 Huawei Technologies Co., Ltd.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-#
-apiVersion: v1
-kind: Namespace
-metadata:
- name: metallb-system
- labels:
- app: metallb
+
+[master]
+master-ip
#
-# Copyright 2020 Huawei Technologies Co., Ltd.
+# Copyright 2021 Huawei Technologies Co., Ltd.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-#
-apiVersion: v1
-kind: ConfigMap
-metadata:
- namespace: metallb-system
- name: config
-data:
- config: |
- address-pools:
- - name: address-pool-1
- protocol: layer2
- addresses:
- - 192.168.100.120/32
+
+[master]
+controller-ip
--- /dev/null
+#
+# Copyright 2021 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Set the Password of Harbor admin account, no default value,
+# must set by users here
+HARBOR_ADMIN_PASSWORD: any_password
+
+# Could be true or false
+# true: Deploy k8s NFS Server to keep the persistence of all pods' data
+# false: No need to keep the persistence of all pods' data
+
+# ENABLE_PERSISTENCE: true
+ENABLE_PERSISTENCE: false
+
+# ip for portals, will be set to private IP of master node default or
+# reset it to be the public IP of master node here
+# PORTAL_IP: xxx.xxx.xxx.xxx
+PORTAL_IP: IP_master_node
#
-# Copyright 2020 Huawei Technologies Co., Ltd.
+# Copyright 2021 Huawei Technologies Co., Ltd.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-#
----
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: ClusterRoleBinding
-metadata:
- name: fabric8-rbac
-subjects:
- - kind: ServiceAccount
- # Reference to upper's `metadata.name`
- name: default
- # Reference to upper's `metadata.namespace`
- namespace: default
-roleRef:
- kind: ClusterRole
- name: cluster-admin
- apiGroup: rbac.authorization.k8s.io
+
+[master]
+edge-ip-1
+edge-ip-2
+
+# Here you can add edge nodes
--- /dev/null
+#
+# Copyright 2021 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Set the Password of Harbor admin account, no default value,
+# must set by users here
+HARBOR_ADMIN_PASSWORD: Harbor@edge
+
+# Could be true or false
+# true: Deploy k8s NFS Server to keep the persistence of all pods' data
+# false: No need to keep the persistence of all pods' data
+ENABLE_PERSISTENCE: false
+
+# ip for portals, will be set to private IP of master node default or
+# reset it to be the public IP of master node here
+# PORTAL_IP: xxx.xxx.xxx.xxx
+
+# NIC name of master node
+# If master node is with single NIC, not need to set it here and will get
+# the default NIC name during the run time
+# If master node is with multiple NICs, should set it here to be
+# 2 different NICs
+# EG_NODE_EDGE_MP1: eth0
+# EG_NODE_EDGE_MM5: eth0
+
+OCD_IP: 10.0.0.33
+++ /dev/null
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
----
-- name: Check whether docker is already installed
- command: which docker
- register: result
- ignore_errors: yes
- no_log: True
-
-- debug:
- msg: Docker is already present
- when: result.stdout != ""
-
-- debug:
-# yamllint disable rule:line-length
- msg: Ignore Uninstall Log , Docker not installed continue with Installation
-# yamllint disable rule:line-length
- when: result.stdout == ""
-
-- name: "INSTALL: Installing docker update"
- command: apt-get update -y
- ignore_errors: yes
- failed_when: false
- no_log: True
-
-- name: "INSTALL: Installing docker upgrade"
-# yamllint disable rule:line-length
- command: apt-get install -y apt-transport-https ca-certificates curl gnupg-agent software-properties-common
-# yamllint disable rule:line-length
- ignore_errors: yes
- when: result is failed and ansible_architecture == 'aarch64'
-
-- name: "INSTALL: Add repository"
- shell: curl -sL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
- when: result is failed and ansible_architecture == 'aarch64'
-
-- name: "INSTALL: CA-Certificates"
-# yamllint disable rule:line-length
- shell: sudo add-apt-repository "deb [arch=arm64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
-# yamllint disable rule:line-length
- ignore_errors: yes
- failed_when: false
- no_log: True
- when: result is failed and ansible_architecture == 'aarch64'
-
-- name: "INSTALL: Update....."
- command: apt-get update -y
- ignore_errors: yes
- failed_when: false
- no_log: True
- when: result is failed and ansible_architecture == 'aarch64'
-
-- name: "INSTALL: Installed docker"
- command: apt-get install -y docker-ce docker-ce-cli containerd.io
- ignore_errors: yes
- when: result is failed and ansible_architecture == 'aarch64'
-
-- debug:
- msg: "CentOS commands start"
-
-- name: "INSTALL:Installing docker "
- command: yum install -y yum-utils
- when: ansible_facts['distribution'] == "CentOS" and result is failed
- ignore_errors: yes
- no_log: true
-
-- name: "INSTALL: Add repo"
- command: yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
- when: ansible_facts['distribution'] == "CentOS" and result is failed
- #ignore_error: yes
- no_log: true
-
-- name: "INSTALL: install containerd.io"
- command: yum -y install docker-ce-19.03.8 docker-ce-cli-19.03.8 containerd.io
- when: ansible_facts['distribution'] == "CentOS" and result is failed
- ignore_errors: yes
- no_log: true
-
-- name: "Start Docker:"
- command: systemctl start docker
- when: ansible_facts['distribution'] == "CentOS" and result is failed
- ignore_errors: yes
- #no_log: true
-
-- name: "Start Docker: enable"
- command: systemctl enable docker
- when: ansible_facts['distribution'] == "CentOS" and result is failed
- ignore_errors: yes
+++ /dev/null
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
----
-# tasks file for docker
-- include: "install.yml"
- static: false
- when: operation == 'install'
-
-#- include: "uninstall.yml"
-# static: false
-# when: operation == 'uninstall'
+++ /dev/null
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
----
-- name: Check whether docker is installed before deleting
- command: which docker
- register: result
- ignore_errors: yes
- no_log: True
-
-- debug:
- msg: Uninstalling docker...
- when: result.stdout != ""
-
-- debug:
-# yamllint disable rule:line-length
- msg: Ignore Uninstall Log , Docker not installed
-# yamllint disable rule:line-length
- when: result.stdout == ""
-
-- name: "UNINSTALL: Uninstall docker engine"
- command: apt-get purge -y docker-engine
- ignore_errors: yes
- when: result is succeeded and ansible_architecture == 'aarch64'
-
-- name: "UNINSTALL: Uninstall docker"
- command: apt-get purge -y docker
- ignore_errors: yes
- when: result is succeeded and ansible_architecture == 'aarch64'
- #when: result is succeeded and ansible_architecture == 'x86_64'
-
-- name: "UNINSTALL: Uninstall docker.io"
- command: apt-get purge -y docker.io
- ignore_errors: yes
- when: result is succeeded and ansible_architecture == 'aarch64'
-
-- name: "UNINSTALL: Uninstall docker-ce"
- command: apt-get purge -y docker-ce
- ignore_errors: yes
- when: result is succeeded and ansible_architecture == 'aarch64'
- #when: result is succeeded and ansible_architecture == 'aarch64'
-
-- name: "UNINSTALL: Uninstall docker"
- command: apt-get purge -y docker-ce-cli
- ignore_errors: yes
- when: result is succeeded and ansible_architecture == 'aarch64'
- #when: result is succeeded
-
-- name: "UNINSTALL: Uninstall docker engine"
- command: apt-get purge -y docker-engine
- ignore_errors: yes
- when: result is succeeded and ansible_architecture == 'x86_64'
-
-- name: "UNINSTALL: Uninstall docker"
- command: apt-get purge -y docker
- ignore_errors: yes
- when: result is succeeded and ansible_architecture == 'x86_64'
-
-- name: "UNINSTALL: Uninstall docker.io"
- command: apt-get purge -y docker.io
- ignore_errors: yes
- when: result is succeeded and ansible_architecture == 'x86_64'
-
-- name: "UNINSTALL: Uninstall docker.io"
- command: apt-get purge docker-ce docker-ce-cli containerd.io
- ignore_errors: yes
- when: result is succeeded and ansible_architecture == 'x86_64'
-
-- debug:
- msg: "CentOS commands start"
-
-- name: "UNINSTALL:Uninstalled docker "
- shell:
- cmd: yes | yum remove docker-ce docker-ce-cli containerd.io
- ignore_errors: yes
- no_log: true
- when: ansible_facts['distribution'] == "CentOS"
+++ /dev/null
-#
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
----
-
-- name: Import vars
- include_vars:
- file: ../../../config.yml
- name: vardata
-
-- name: Helm install appstore
- # yamllint disable rule:line-length
- command: helm install appstore-edgegallery edgegallery/appstore --set global.oauth2.authServerAddress=https://{{ ansible_host }}:{{ vardata.usermgmt_port.name}} --set images.appstoreFe.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/appstore-fe --set images.appstoreBe.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/appstore-be --set images.postgres.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/postgres --set images.initservicecenter.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/curl --set images.appstoreFe.tag={{vardata.eg_image_tag.name}} --set images.appstoreBe.tag={{vardata.eg_image_tag.name}} --set images.appstoreFe.pullPolicy=IfNotPresent --set images.appstoreBe.pullPolicy=IfNotPresent --set images.postgres.pullPolicy=IfNotPresent --set images.initservicecenter.pullPolicy=IfNotPresent --set global.ssl.enabled=true --set global.ssl.secretName=edgegallery-ssl-secret
+++ /dev/null
-#
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
----
-
-# tasks file for eg_appstore
-- include: "install.yml"
- static: false
- when: operation == 'install'
-
-- include: "uninstall.yml"
- static: false
- when: operation == 'uninstall'
+++ /dev/null
-#
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
----
-
-- name: Import config file
- include_vars:
- file: ../../../config.yml
- name: vardata
-
-- name: Remove old ssl key dir
- command: rm -rf /tmp/ssl-eg-keys-certs
- args:
- chdir: /tmp/
-
-- name: Make new ssl key dir
- command: mkdir -p /tmp/ssl-eg-keys-certs
- args:
- chdir: /tmp/
-
-- name: generate cert
- # yamllint disable rule:line-length
- command: docker run -e CERT_VALIDITY_IN_DAYS=365 -v /tmp/ssl-eg-keys-certs:/certs {{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/deploy-tool:latest
- # yamllint disable rule:line-length
+++ /dev/null
-#
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
----
-
-- name: Import config file
- include_vars:
- file: ../../../config.yml
- name: vardata
-
-- name: Developer chart installing
- # yamllint disable rule:line-length
- command: helm install developer-edgegallery edgegallery/developer --set global.oauth2.authServerAddress=https://{{ ansible_host }}:{{ vardata.usermgmt_port.name}} --set images.developerFe.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/developer-fe --set images.developerBe.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/developer-be --set images.postgres.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/postgres --set images.initservicecenter.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/curl --set images.developerFe.tag={{vardata.eg_image_tag.name}} --set images.developerBe.tag={{vardata.eg_image_tag.name}} --set images.developerFe.pullPolicy=IfNotPresent --set images.developerBe.pullPolicy=IfNotPresent --set images.postgres.pullPolicy=IfNotPresent --set images.initservicecenter.pullPolicy=IfNotPresent --set global.ssl.enabled=true --set global.ssl.secretName=edgegallery-ssl-secret
+++ /dev/null
-#
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
----
-# tasks file for eg_developer
-- include: "install.yml"
- static: false
- when: operation == 'install'
-
-- include: "uninstall.yml"
- static: false
- when: operation == 'uninstall'
+++ /dev/null
-#
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
----
-
-- name: Doing deployment setup for edge gallery
- copy:
- src: deploy
- dest: /tmp/eg_helm-repo/
-
-- name: Import config file
- include_vars:
- file: ../../../config.yml
- name: vardata
-
-- name: Helm repo index edgegallery
- command: helm repo index edgegallery/
- args:
- chdir: /tmp/eg_helm-repo/deploy/helm/helm-charts/
-
-- name: Helm repo index stable
- command: helm repo index stable/
- args:
- chdir: /tmp/eg_helm-repo/deploy/helm/helm-charts/
-
-- name: Changing permisiion
- command: chmod -R 755 /tmp/eg_helm-repo
-
-- name: Creating helm repo
- # yamllint disable rule:line-length
- command: docker run --name helm-repo -v /tmp/eg_helm-repo/deploy/helm/helm-charts/:/usr/share/nginx/html:ro -d -p 8080:80 nginx:stable
- args:
- chdir: /tmp/eg_helm-repo/deploy/helm/helm-charts/
-
-- name: Helm repo add edgegallery
- # yamllint disable rule:line-length
- command: helm repo add edgegallery http://{{ vardata.private_repo_ip.name}}:8080/edgegallery
- args:
- chdir: /tmp/eg_helm-repo/deploy/helm/helm-charts/
-
-- name: Helm repo add stable
- command: helm repo add stable http://{{ vardata.private_repo_ip.name}}:8080/stable
- args:
- chdir: /tmp/eg_helm-repo/deploy/helm/helm-charts/
-
-- debug:
- msg: "Helm repo created"
+++ /dev/null
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
----
-
-# tasks file for eg_helm_repo_add
-- include: "install.yml"
- static: false
- when: operation == 'install'
-
-- include: "uninstall.yml"
- static: false
- when: operation == 'uninstall'
+++ /dev/null
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
----
-
-- name: Docker stop helm repo
- command: docker stop helm-repo
- ignore_errors: yes
- no_log: True
-
-- name: Docker rm helm repo
- command: docker rm helm-repo
- ignore_errors: yes
- no_log: True
-
-- name: Remove tmp folder
- command: rm -rf /tmp/eg_helm-repo
- ignore_errors: yes
- no_log: True
+++ /dev/null
-#
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
----
-
-- name: Import config file
- include_vars:
- file: ../../../config.yml
- name: vardata
-
-- name: Install mecm-fe
- # yamllint disable rule:line-length
- command: helm install mecm-fe-edgegallery edgegallery/mecm-fe --set global.oauth2.authServerAddress=https://{{ ansible_host }}:{{vardata.usermgmt_port.name}} --set images.mecmFe.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/mecm-fe --set images.initservicecenter.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/curl --set images.mecmFe.tag={{vardata.eg_image_tag.name}} --set images.mecmFe.pullPolicy=IfNotPresent --set images.initservicecenter.pullPolicy=IfNotPresent --set global.ssl.enabled=true --set global.ssl.secretName=edgegallery-ssl-secret
+++ /dev/null
-#
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
----
-# tasks file for eg_mecm-fe
-- include: "install.yml"
- static: false
- when: operation == 'install'
-
-- include: "uninstall.yml"
- static: false
- when: operation == 'uninstall'
+++ /dev/null
-#
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
----
-
-- name: Uninstall mecm fe
- command: helm uninstall mecm-fe-edgegallery
- ignore_errors: yes
- no_log: True
+++ /dev/null
-CREATE USER inventory WITH PASSWORD 'PASSWORD_VALUE' CREATEDB;
-CREATE DATABASE inventorydb
- WITH
- OWNER = inventory
- ENCODING = 'UTF8'
- LC_COLLATE = 'en_US.utf8'
- LC_CTYPE = 'en_US.utf8'
- TABLESPACE = pg_default
- CONNECTION LIMIT = -1;
-
-CREATE USER appo WITH PASSWORD 'PASSWORD_VALUE' CREATEDB;
-CREATE DATABASE appodb
- WITH
- OWNER = appo
- ENCODING = 'UTF8'
- LC_COLLATE = 'en_US.utf8'
- LC_CTYPE = 'en_US.utf8'
- TABLESPACE = pg_default
- CONNECTION LIMIT = -1;
-
-CREATE USER apm WITH PASSWORD 'PASSWORD_VALUE' CREATEDB;
-CREATE DATABASE apmdb
- WITH
- OWNER = apm
- ENCODING = 'UTF8'
- LC_COLLATE = 'en_US.utf8'
- LC_CTYPE = 'en_US.utf8'
- TABLESPACE = pg_default
- CONNECTION LIMIT = -1;
+++ /dev/null
-#
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
----
-
-- name: Doing deployment eg_mecm-meo setup for edge gallery eg_mecm-meo
- copy:
- src: deploy
- dest: /tmp/eg_mecm-meo/
-
-- name: Import config file
- include_vars:
- file: ../../../config.yml
- name: vardata
-
-- name: Replacing pwd sql
- replace:
- path: /tmp/eg_mecm-meo/deploy/conf/keys/postgres_init.sql
- regexp: 'PASSWORD_VALUE'
- replace: "{{ vardata.common_pwd.name }}"
-
-- name: Set a variable
- ansible.builtin.set_fact:
- comm_pwd: "{{ vardata.common_pwd.name }}"
-
-- name: Create mecm-ssl-secret with common pwd
- # yamllint disable rule:line-length
- command: kubectl create secret generic mecm-ssl-secret --from-file=keystore.p12=/tmp/ssl-eg-keys-certs/keystore.p12 --from-file=keystore.jks=/tmp/ssl-eg-keys-certs/keystore.jks --from-literal=keystorePassword={{ vardata.common_pwd.name}} --from-literal=keystoreType=PKCS12 --from-literal=keyAlias=edgegallery --from-literal=truststorePassword={{ vardata.common_pwd.name}}
- # yamllint disable rule:line-length
- when: comm_pwd != ""
-
-- name: Generates certificate mecm-ssl-secret
- # yamllint disable rule:line-length
- command: kubectl create secret generic mecm-ssl-secret --from-file=keystore.p12=/tmp/ssl-eg-keys-certs/keystore.p12 --from-file=keystore.jks=/tmp/ssl-eg-keys-certs/keystore.jks --from-literal=keystorePassword={{ vardata.mecm_meo_keystorePassword.name}} --from-literal=keystoreType=PKCS12 --from-literal=keyAlias=edgegallery --from-literal=truststorePassword={{ vardata.mecm_meo_truststorePassword.name}}
- # yamllint disable rule:line-length
- when: comm_pwd == ""
-
-- name: Create certificate edgegallery-mecm-secret with common pwd
- # yamllint disable rule:line-length
- command: kubectl create secret generic edgegallery-mecm-secret --from-file=postgres_init.sql=/tmp/eg_mecm-meo/deploy/conf/keys/postgres_init.sql --from-literal=postgresPassword={{ vardata.common_pwd.name}} --from-literal=postgresApmPassword={{ vardata.common_pwd.name}} --from-literal=postgresAppoPassword={{ vardata.common_pwd.name}} --from-literal=postgresInventoryPassword={{ vardata.common_pwd.name}} --from-literal=edgeRepoUserName=admin --from-literal=edgeRepoPassword={{ vardata.common_pwd.name}}
- # yamllint disable rule:line-length
- args:
- chdir: /tmp/eg_mecm-meo/deploy/
- when: comm_pwd != ""
-
-- name: Generates certificate edgegallery-mecm-secret
- # yamllint disable rule:line-length
- command: kubectl create secret generic edgegallery-mecm-secret --from-file=postgres_init.sql=/tmp/eg_mecm-meo/deploy/conf/keys/postgres_init.sql --from-literal=postgresPassword={{ vardata.mecm_meo_postgresPassword.name}} --from-literal=postgresApmPassword={{ vardata.mecm_meo_postgresApmPassword.name}} --from-literal=postgresAppoPassword={{ vardata.mecm_meo_postgresAppoPassword.name}} --from-literal=postgresInventoryPassword={{ vardata.mecm_meo_postgresInventoryPassword.name}} --from-literal=edgeRepoUserName=admin --from-literal=edgeRepoPassword={{ vardata.common_pwd.name}}
- # yamllint disable rule:line-length
- args:
- chdir: /tmp/eg_mecm-meo/deploy/
- when: comm_pwd == ""
-
-- name: Fs group value
- shell: 'getent group docker | cut -d: -f3'
- register: result
-
-- name: Helm install
- # yamllint disable rule:line-length
- command: helm install mecm-meo-edgegallery edgegallery/mecm-meo --set ssl.secretName=mecm-ssl-secret --set mecm.secretName=edgegallery-mecm-secret --set images.inventory.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/mecm-inventory --set images.appo.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/mecm-appo --set images.apm.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/mecm-apm --set images.postgres.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/postgres --set images.inventory.tag={{ vardata.eg_image_tag.name}} --set images.appo.tag={{ vardata.eg_image_tag.name}} --set images.apm.tag={{ vardata.eg_image_tag.name}} --set images.postgres.tag=12.3 --set images.inventory.pullPolicy=IfNotPresent --set images.appo.pullPolicy=IfNotPresent --set images.apm.pullPolicy=IfNotPresent --set images.postgres.pullPolicy=IfNotPresent --set mecm.docker.fsgroup="{{result.stdout}}"
+++ /dev/null
-#
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
----
-
-# tasks file for eg_mecm-meo
-- include: "install.yml"
- static: false
- when: operation == 'install'
-
-- include: "uninstall.yml"
- static: false
- when: operation == 'uninstall'
+++ /dev/null
-#
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
----
-
-- name: Uninstall mecm meo
- command: helm uninstall mecm-meo-edgegallery
- ignore_errors: yes
- no_log: True
-
-- name: Delete mecm-ssl-secret and edgegallery-mecm-secret
- command: kubectl delete secret mecm-ssl-secret edgegallery-mecm-secret
- ignore_errors: yes
- no_log: True
+++ /dev/null
-CREATE USER lcmcontroller WITH PASSWORD 'PASSWORD_VALUE' CREATEDB;
-CREATE DATABASE lcmcontrollerdb
- WITH
- OWNER = lcmcontroller
- ENCODING = 'UTF8'
- LC_COLLATE = 'en_US.utf8'
- LC_CTYPE = 'en_US.utf8'
- TABLESPACE = pg_default
- CONNECTION LIMIT = -1;
-
-CREATE USER k8splugin WITH PASSWORD 'PASSWORD_VALUE' CREATEDB;
-CREATE DATABASE k8splugindb
- WITH
- OWNER = k8splugin
- ENCODING = 'UTF8'
- LC_COLLATE = 'en_US.utf8'
- LC_CTYPE = 'en_US.utf8'
- TABLESPACE = pg_default
- CONNECTION LIMIT = -1;
-
+++ /dev/null
-#
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
----
-
-- name: Doing deployment eg_mecm-mepm setup for edge gallery eg_mecm-mepm
- copy:
- src: deploy
- dest: /tmp/eg_mecm-mepm/
-
-- name: Import config file
- include_vars:
- file: ../../../config.yml
- name: vardata
-
-- name: Set a variable
- ansible.builtin.set_fact:
- comm_pwd: "{{ vardata.common_pwd.name }}"
-
-- name: Replacing password
- replace:
- path: /tmp/eg_mecm-mepm/deploy/conf/keys/postgres_init.sql
- regexp: 'PASSWORD_VALUE'
- replace: "{{ vardata.common_pwd.name }}"
-
-- name: Create mecm-mepm-ssl-secret secret
- # yamllint disable rule:line-length
- command: kubectl create secret generic mecm-mepm-jwt-public-secret --from-file=publicKey=/tmp/ssl-eg-keys-certs/encryptedtls.key
- # yamllint disable rule:line-length
- args:
- chdir: /tmp/ssl-eg-keys-certs/
-
-- name: Create mecm-mepm-ssl-secret secret
- # yamllint disable rule:line-length
- command: kubectl create secret generic mecm-mepm-ssl-secret --from-file=server_tls.key=/tmp/ssl-eg-keys-certs/tls.key --from-file=server_tls.crt=/tmp/ssl-eg-keys-certs/tls.crt --from-file=ca.crt=/tmp/ssl-eg-keys-certs/ca.crt
- # yamllint disable rule:line-length
- args:
- chdir: /tmp/ssl-eg-keys-certs/
-
-- name: Create edgegallery-mepm-secret secret with common pwd
- # yamllint disable rule:line-length
- command: kubectl create secret generic edgegallery-mepm-secret --from-file=postgres_init.sql=/tmp/eg_mecm-mepm/deploy/conf/keys/postgres_init.sql --from-literal=postgresPassword={{ vardata.common_pwd.name}} --from-literal=postgresLcmCntlrPassword={{ vardata.common_pwd.name}} --from-literal=postgresk8sPluginPassword={{ vardata.common_pwd.name}}
- # yamllint disable rule:line-length
- when: comm_pwd != ""
-
-- name: Create edgegallery-mepm-secret secret
- # yamllint disable rule:line-length
- command: kubectl create secret generic edgegallery-mepm-secret --from-file=postgres_init.sql=/tmp/eg_mecm-mepm/deploy/conf/keys/postgres_init.sql --from-literal=postgresPassword={{ vardata.mecm_mepm_postgresPassword.name}} --from-literal=postgresLcmCntlrPassword={{ vardata.mecm_mepm_postgresLcmCntlrPassword.name}} --from-literal=postgresk8sPluginPassword={{ vardata.mecm_mepm_postgresk8sPluginPassword.name}}
- # yamllint disable rule:line-length
- when: comm_pwd == ""
-
-- name: Create mepm service account
- command: kubectl apply -f /tmp/eg_mecm-mepm/deploy/conf/manifest/mepm/mepm-service-account.yaml
- args:
- chdir: /tmp/eg_mecm-mepm/deploy/
-
-- name: Install mecm-mepm
- # yamllint disable rule:line-length
- command: helm install mecm-mepm-edgegaller edgegallery/mecm-mepm --set jwt.publicKeySecretName=mecm-mepm-jwt-public-secret --set mepm.secretName=edgegallery-mepm-secret --set ssl.secretName=mecm-mepm-ssl-secret --set images.lcmcontroller.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/mecm-applcm --set images.k8splugin.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/mecm-applcm-k8splugin --set images.postgres.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/postgres --set images.lcmcontroller.tag={{ vardata.eg_image_tag.name}} --set images.k8splugin.tag={{ vardata.eg_image_tag.name}} --set images.postgres.tag=12.3 --set images.lcmcontroller.pullPolicy=IfNotPresent --set images.k8splugin.pullPolicy=IfNotPresent --set images.postgres.pullPolicy=IfNotPresent
- # yamllint disable rule:line-length
+++ /dev/null
-#
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
----
-
-# tasks file for eg_mecm-mepm
-- include: "install.yml"
- static: false
- when: operation == 'install'
-
-- include: "uninstall.yml"
- static: false
- when: operation == 'uninstall'
+++ /dev/null
-#
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
----
-
-- name: Mecm mepm jwt delete
- # yamllint disable rule:line-length
- command: kubectl delete secret mecm-mepm-jwt-public-secret mecm-mepm-ssl-secret edgegallery-mepm-secret
- # yamllint disable rule:line-length
- ignore_errors: yes
- no_log: True
-
-- name: Delete mep-service-account
- # yamllint disable rule:line-length
- command: kubectl delete -f /tmp/eg_mecm-mepm/deploy/conf/manifest/mepm/mepm-service-account.yaml
- ignore_errors: yes
- no_log: True
+++ /dev/null
-#
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-apiVersion: policy/v1beta1
-kind: PodSecurityPolicy
-metadata:
- labels:
- app: metallb
- name: controller
- namespace: metallb-system
-spec:
- allowPrivilegeEscalation: false
- allowedCapabilities: []
- allowedHostPaths: []
- defaultAddCapabilities: []
- defaultAllowPrivilegeEscalation: false
- fsGroup:
- ranges:
- - max: 65535
- min: 1
- rule: MustRunAs
- hostIPC: false
- hostNetwork: false
- hostPID: false
- privileged: false
- readOnlyRootFilesystem: true
- requiredDropCapabilities:
- - ALL
- runAsUser:
- ranges:
- - max: 65535
- min: 1
- rule: MustRunAs
- seLinux:
- rule: RunAsAny
- supplementalGroups:
- ranges:
- - max: 65535
- min: 1
- rule: MustRunAs
- volumes:
- - configMap
- - secret
- - emptyDir
----
-apiVersion: policy/v1beta1
-kind: PodSecurityPolicy
-metadata:
- labels:
- app: metallb
- name: speaker
- namespace: metallb-system
-spec:
- allowPrivilegeEscalation: false
- allowedCapabilities:
- - NET_ADMIN
- - NET_RAW
- - SYS_ADMIN
- allowedHostPaths: []
- defaultAddCapabilities: []
- defaultAllowPrivilegeEscalation: false
- fsGroup:
- rule: RunAsAny
- hostIPC: false
- hostNetwork: true
- hostPID: false
- hostPorts:
- - max: 7472
- min: 7472
- privileged: true
- readOnlyRootFilesystem: true
- requiredDropCapabilities:
- - ALL
- runAsUser:
- rule: RunAsAny
- seLinux:
- rule: RunAsAny
- supplementalGroups:
- rule: RunAsAny
- volumes:
- - configMap
- - secret
- - emptyDir
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- labels:
- app: metallb
- name: controller
- namespace: metallb-system
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- labels:
- app: metallb
- name: speaker
- namespace: metallb-system
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
- labels:
- app: metallb
- name: metallb-system:controller
-rules:
- - apiGroups:
- - ''
- resources:
- - services
- verbs:
- - get
- - list
- - watch
- - update
- - apiGroups:
- - ''
- resources:
- - services/status
- verbs:
- - update
- - apiGroups:
- - ''
- resources:
- - events
- verbs:
- - create
- - patch
- - apiGroups:
- - policy
- resourceNames:
- - controller
- resources:
- - podsecuritypolicies
- verbs:
- - use
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
- labels:
- app: metallb
- name: metallb-system:speaker
-rules:
- - apiGroups:
- - ''
- resources:
- - services
- - endpoints
- - nodes
- verbs:
- - get
- - list
- - watch
- - apiGroups:
- - ''
- resources:
- - events
- verbs:
- - create
- - patch
- - apiGroups:
- - policy
- resourceNames:
- - speaker
- resources:
- - podsecuritypolicies
- verbs:
- - use
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
- labels:
- app: metallb
- name: config-watcher
- namespace: metallb-system
-rules:
- - apiGroups:
- - ''
- resources:
- - configmaps
- verbs:
- - get
- - list
- - watch
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
- labels:
- app: metallb
- name: pod-lister
- namespace: metallb-system
-rules:
- - apiGroups:
- - ''
- resources:
- - pods
- verbs:
- - list
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- labels:
- app: metallb
- name: metallb-system:controller
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: metallb-system:controller
-subjects:
- - kind: ServiceAccount
- name: controller
- namespace: metallb-system
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- labels:
- app: metallb
- name: metallb-system:speaker
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: metallb-system:speaker
-subjects:
- - kind: ServiceAccount
- name: speaker
- namespace: metallb-system
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
- labels:
- app: metallb
- name: config-watcher
- namespace: metallb-system
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: Role
- name: config-watcher
-subjects:
- - kind: ServiceAccount
- name: controller
- - kind: ServiceAccount
- name: speaker
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
- labels:
- app: metallb
- name: pod-lister
- namespace: metallb-system
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: Role
- name: pod-lister
-subjects:
- - kind: ServiceAccount
- name: speaker
----
-apiVersion: apps/v1
-kind: DaemonSet
-metadata:
- labels:
- app: metallb
- component: speaker
- name: speaker
- namespace: metallb-system
-spec:
- selector:
- matchLabels:
- app: metallb
- component: speaker
- template:
- metadata:
- annotations:
- prometheus.io/port: '7472'
- prometheus.io/scrape: 'true'
- labels:
- app: metallb
- component: speaker
- spec:
- containers:
- - args:
- - --port=7472
- - --config=config
- env:
- - name: METALLB_NODE_NAME
- valueFrom:
- fieldRef:
- fieldPath: spec.nodeName
- - name: METALLB_HOST
- valueFrom:
- fieldRef:
- fieldPath: status.hostIP
- - name: METALLB_ML_BIND_ADDR
- valueFrom:
- fieldRef:
- fieldPath: status.podIP
- - name: METALLB_ML_LABELS
- value: "app=metallb,component=speaker"
- - name: METALLB_ML_NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- - name: METALLB_ML_SECRET_KEY
- valueFrom:
- secretKeyRef:
- name: memberlist
- key: secretkey
- image: metallb/speaker:v0.9.3
- imagePullPolicy: IfNotPresent
- name: speaker
- ports:
- - containerPort: 7472
- name: monitoring
- resources:
- limits:
- cpu: 100m
- memory: 100Mi
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- add:
- - NET_ADMIN
- - NET_RAW
- - SYS_ADMIN
- drop:
- - ALL
- readOnlyRootFilesystem: true
- hostNetwork: true
- nodeSelector:
- beta.kubernetes.io/os: linux
- serviceAccountName: speaker
- terminationGracePeriodSeconds: 2
- tolerations:
- - effect: NoSchedule
- key: node-role.kubernetes.io/master
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- labels:
- app: metallb
- component: controller
- name: controller
- namespace: metallb-system
-spec:
- revisionHistoryLimit: 3
- selector:
- matchLabels:
- app: metallb
- component: controller
- template:
- metadata:
- annotations:
- prometheus.io/port: '7472'
- prometheus.io/scrape: 'true'
- labels:
- app: metallb
- component: controller
- spec:
- containers:
- - args:
- - --port=7472
- - --config=config
- image: metallb/controller:v0.9.3
- imagePullPolicy: IfNotPresent
- name: controller
- ports:
- - containerPort: 7472
- name: monitoring
- resources:
- limits:
- cpu: 100m
- memory: 100Mi
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - all
- readOnlyRootFilesystem: true
- nodeSelector:
- beta.kubernetes.io/os: linux
- securityContext:
- runAsNonRoot: true
- runAsUser: 65534
- serviceAccountName: controller
- terminationGracePeriodSeconds: 0
+++ /dev/null
-#
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-kind: ServiceAccount
-apiVersion: v1
-metadata:
- name: edgegallery-secondary-ep-controller
- namespace: kube-system
----
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
- name: multi-ip-controller
-rules:
- - apiGroups: [""]
- resources: ["services", "pods"]
- verbs: ["get", "watch", "list"]
- - apiGroups: [""]
- resources: ["endpoints", "events"]
- verbs: ["*"]
- - apiGroups: ["k8s.cni.cncf.io"]
- resources: ["network-attachment-definitions"]
- verbs: ["*"]
----
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
- name: watch-update-secondary-endpoints
-subjects:
- - kind: ServiceAccount
- name: edgegallery-secondary-ep-controller
- namespace: kube-system
-roleRef:
- kind: ClusterRole
- name: multi-ip-controller
- apiGroup: rbac.authorization.k8s.io
+++ /dev/null
-#
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- name: network-attachment-definitions.k8s.cni.cncf.io
-spec:
- group: k8s.cni.cncf.io
- scope: Namespaced
- names:
- plural: network-attachment-definitions
- singular: network-attachment-definition
- kind: NetworkAttachmentDefinition
- shortNames:
- - net-attach-def
- versions:
- - name: v1
- served: true
- storage: true
- schema:
- openAPIV3Schema:
- # yamllint disable rule:line-length
- description: 'NetworkAttachmentDefinition is a CRD schema specified by the Network Plumbing
- Working Group to express the intent for attaching pods to one or more logical or physical
- networks. More information available at: https://github.com/k8snetworkplumbingwg/multi-net-spec'
- # yamllint disable rule:line-length
- type: object
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this represen
- tation of an object. Servers should convert recognized schemas to the
- latest internal value, and may reject unrecognized values. More info:
- https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: 'NetworkAttachmentDefinition spec defines the desired state of a network attachment'
- type: object
- properties:
- config:
- description: 'NetworkAttachmentDefinition config is a JSON-formatted CNI configuration'
- type: string
----
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
- name: multus
-rules:
- - apiGroups: ["k8s.cni.cncf.io"]
- resources:
- - '*'
- verbs:
- - '*'
- - apiGroups:
- - ""
- resources:
- - pods
- - pods/status
- verbs:
- - get
- - update
- - apiGroups:
- - ""
- - events.k8s.io
- resources:
- - events
- verbs:
- - create
- - patch
- - update
----
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
- name: multus
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: multus
-subjects:
- - kind: ServiceAccount
- name: multus
- namespace: kube-system
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- name: multus
- namespace: kube-system
----
-kind: ConfigMap
-apiVersion: v1
-metadata:
- name: multus-cni-config
- namespace: kube-system
- labels:
- tier: node
- app: multus
-data:
- # NOTE: If you'd prefer to manually apply a configuration file, you may create one here.
- # In the case you'd like to customize the Multus installation, you should change the arguments to the Multus pod
- # change the "args" line below from
- # - "--multus-conf-file=auto"
- # to:
- # "--multus-conf-file=/tmp/multus-conf/70-multus.conf"
- # Additionally -- you should ensure that the name "70-multus.conf" is the alphabetically first name in the
- # /etc/cni/net.d/ directory on each node, otherwise, it will not be used by the Kubelet.
- cni-conf.json: |
- {
- "name": "multus-cni-network",
- "type": "multus",
- "capabilities": {
- "portMappings": true
- },
- "delegates": [
- {
- "cniVersion": "0.3.1",
- "name": "default-cni-network",
- "plugins": [
- {
- "type": "flannel",
- "name": "flannel.1",
- "delegate": {
- "isDefaultGateway": true,
- "hairpinMode": true
- }
- },
- {
- "type": "portmap",
- "capabilities": {
- "portMappings": true
- }
- }
- ]
- }
- ],
- "kubeconfig": "/etc/cni/net.d/multus.d/multus.kubeconfig"
- }
----
-apiVersion: apps/v1
-kind: DaemonSet
-metadata:
- name: kube-multus-ds-amd64
- namespace: kube-system
- labels:
- tier: node
- app: multus
- name: multus
-spec:
- selector:
- matchLabels:
- name: multus
- updateStrategy:
- type: RollingUpdate
- template:
- metadata:
- labels:
- tier: node
- app: multus
- name: multus
- spec:
- hostNetwork: true
- nodeSelector:
- kubernetes.io/arch: amd64
- tolerations:
- - operator: Exists
- effect: NoSchedule
- serviceAccountName: multus
- containers:
- - name: kube-multus
- image: docker.io/nfvpe/multus:stable
- command: ["/entrypoint.sh"]
- args:
- - "--multus-conf-file=auto"
- - "--cni-version=0.3.1"
- resources:
- requests:
- cpu: "100m"
- memory: "50Mi"
- limits:
- cpu: "100m"
- memory: "50Mi"
- securityContext:
- privileged: true
- volumeMounts:
- - name: cni
- mountPath: /host/etc/cni/net.d
- - name: cnibin
- mountPath: /host/opt/cni/bin
- - name: multus-cfg
- mountPath: /tmp/multus-conf
- volumes:
- - name: cni
- hostPath:
- path: /etc/cni/net.d
- - name: cnibin
- hostPath:
- path: /opt/cni/bin
- - name: multus-cfg
- configMap:
- name: multus-cni-config
- items:
- - key: cni-conf.json
- path: 70-multus.conf
----
-apiVersion: apps/v1
-kind: DaemonSet
-metadata:
- name: kube-multus-ds-ppc64le
- namespace: kube-system
- labels:
- tier: node
- app: multus
- name: multus
-spec:
- selector:
- matchLabels:
- name: multus
- updateStrategy:
- type: RollingUpdate
- template:
- metadata:
- labels:
- tier: node
- app: multus
- name: multus
- spec:
- hostNetwork: true
- nodeSelector:
- kubernetes.io/arch: ppc64le
- tolerations:
- - operator: Exists
- effect: NoSchedule
- serviceAccountName: multus
- containers:
- - name: kube-multus
- # ppc64le support requires multus:latest for now. support 3.3 or later.
- image: docker.io/nfvpe/multus:stable-ppc64le
- command: ["/entrypoint.sh"]
- args:
- - "--multus-conf-file=auto"
- - "--cni-version=0.3.1"
- resources:
- requests:
- cpu: "100m"
- memory: "90Mi"
- limits:
- cpu: "100m"
- memory: "90Mi"
- securityContext:
- privileged: true
- volumeMounts:
- - name: cni
- mountPath: /host/etc/cni/net.d
- - name: cnibin
- mountPath: /host/opt/cni/bin
- - name: multus-cfg
- mountPath: /tmp/multus-conf
- volumes:
- - name: cni
- hostPath:
- path: /etc/cni/net.d
- - name: cnibin
- hostPath:
- path: /opt/cni/bin
- - name: multus-cfg
- configMap:
- name: multus-cni-config
- items:
- - key: cni-conf.json
- path: 70-multus.conf
----
-apiVersion: apps/v1
-kind: DaemonSet
-metadata:
- name: kube-multus-ds-arm64v8
- namespace: kube-system
- labels:
- tier: node
- app: multus
- name: multus
-spec:
- selector:
- matchLabels:
- name: multus
- updateStrategy:
- type: RollingUpdate
- template:
- metadata:
- labels:
- tier: node
- app: multus
- name: multus
- spec:
- hostNetwork: true
- nodeSelector:
- kubernetes.io/arch: arm64
- tolerations:
- - operator: Exists
- effect: NoSchedule
- serviceAccountName: multus
- containers:
- - name: kube-multus
- image: docker.io/nfvpe/multus:stable-arm64v8
- command: ["/entrypoint.sh"]
- args:
- - "--multus-conf-file=auto"
- - "--cni-version=0.3.1"
- resources:
- requests:
- cpu: "100m"
- memory: "90Mi"
- limits:
- cpu: "100m"
- memory: "90Mi"
- securityContext:
- privileged: true
- volumeMounts:
- - name: cni
- mountPath: /host/etc/cni/net.d
- - name: cnibin
- mountPath: /host/opt/cni/bin
- - name: multus-cfg
- mountPath: /tmp/multus-conf
- volumes:
- - name: cni
- hostPath:
- path: /etc/cni/net.d
- - name: cnibin
- hostPath:
- path: /opt/cni/bin
- - name: multus-cfg
- configMap:
- name: multus-cni-config
- items:
- - key: cni-conf.json
- path: 70-multus.conf
+++ /dev/null
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
----
-
-- name: Doing deployment setup for edge gallery
- copy:
- src: deploy
- dest: /tmp/eg_mep/
-
-- name: Import config file
- include_vars:
- file: ../../../config.yml
- name: vardata
-
-- name: Set a variable
- ansible.builtin.set_fact:
- comm_pwd: "{{ vardata.common_pwd.name }}"
-
-- name: Remove old dir
- command: rm -rf /tmp/.mep_tmp_cer
- args:
- chdir: /tmp/
-
-- name: Make dir
- command: mkdir -p /tmp/.mep_tmp_cer
- args:
- chdir: /tmp/
-
-- name: Openssl genrsa
- command: openssl genrsa -out ca.key 2048
- args:
- chdir: /tmp/.mep_tmp_cer/
-
-- name: Opnessl req
- # yamllint disable rule:line-length
- command: openssl req -new -key ca.key -subj /C=CN/ST=Peking/L=Beijing/O=edgegallery/CN=edgegallery -out ca.csr
- # yamllint disable rule:line-length
- args:
- chdir: /tmp/.mep_tmp_cer/
-
-- name: Sing key with ca key and ca crt
- # yamllint disable rule:line-length
- command: openssl x509 -req -days 365 -in ca.csr -extensions v3_ca -signkey ca.key -out ca.crt
- # yamllint disable rule:line-length
- args:
- chdir: /tmp/.mep_tmp_cer/
-
-- name: Openssl genrsa
- command: openssl genrsa -out mepserver_tls.key 2048
- args:
- chdir: /tmp/.mep_tmp_cer/
-
-- name: Openssl rsa mep tls with common pwd
- # yamllint disable rule:line-length
- command: openssl rsa -in /tmp/.mep_tmp_cer/mepserver_tls.key -aes256 -passout pass:{{ vardata.common_pwd.name}} -out /tmp/.mep_tmp_cer/mepserver_encryptedtls.key
- # yamllint disable rule:line-length
- when: comm_pwd != ""
-
-- name: Openssl rsa mep tls
- # yamllint disable rule:line-length
- command: openssl rsa -in /tmp/.mep_tmp_cer/mepserver_tls.key -aes256 -passout pass:{{ vardata.mep_cert_pwd.name}} -out /tmp/.mep_tmp_cer/mepserver_encryptedtls.key
- # yamllint disable rule:line-length
- when: comm_pwd == ""
-
-- name: Openssl req new key mepserver tls key
- # yamllint disable rule:line-length
- command: openssl req -new -key mepserver_tls.key -subj /C=CN/ST=Beijing/L=Beijing/O=edgegallery/CN=edgegallery -out mepserver_tls.csr
- # yamllint disable rule:line-length
- args:
- chdir: /tmp/.mep_tmp_cer/
-
-- name: Openssl mepserver tls csr
- # yamllint disable rule:line-length
- command: openssl x509 -req -in mepserver_tls.csr -extensions v3_req -CA ca.crt -CAkey ca.key -CAcreateserial -out mepserver_tls.crt
- # yamllint disable rule:line-length
- args:
- chdir: /tmp/.mep_tmp_cer/
-
-- name: Openssl genrsa out
- command: openssl genrsa -out jwt_privatekey 2048
- args:
- chdir: /tmp/.mep_tmp_cer/
-
-- name: Openssl rsa jwt privatekey
- command: openssl rsa -in jwt_privatekey -pubout -out jwt_publickey
- args:
- chdir: /tmp/.mep_tmp_cer/
-
-- name: Openssl rsa in jwt with common pwd
- # yamllint disable rule:line-length
- command: openssl rsa -in /tmp/.mep_tmp_cer/jwt_privatekey -aes256 -passout pass:{{ vardata.common_pwd.name}} -out /tmp/.mep_tmp_cer/jwt_encrypted_privatekey
- ignore_errors: yes
- no_log: True
- # yamllint disable rule:line-length
- when: comm_pwd != ""
-
-- name: Openssl rsa in jwt
- # yamllint disable rule:line-length
- command: openssl rsa -in /tmp/.mep_tmp_cer/jwt_privatekey -aes256 -passout pass:{{ vardata.mep_cert_pwd.name}} -out /tmp/.mep_tmp_cer/jwt_encrypted_privatekey
- # yamllint disable rule:line-length
- ignore_errors: yes
- no_log: True
- when: comm_pwd == ""
-
-- name: Create mep namespace
- command: kubectl create ns mep
- args:
- chdir: /tmp/
-
-- name: Create generic pg secret with common pwd
- # yamllint disable rule:line-length
- command: kubectl -n mep create secret generic pg-secret --from-literal=pg_admin_pwd={{ vardata.common_pwd.name}} --from-literal=kong_pg_pwd={{ vardata.mep_kong_pg_pwd.name}}
- --from-file=server.key=/tmp/.mep_tmp_cer/mepserver_tls.key --from-file=server.crt=/tmp/.mep_tmp_cer/mepserver_tls.crt
- ignore_errors: yes
- no_log: True
- # yamllint disable rule:line-length
- when: comm_pwd != ""
-
-- name: Create generic pg secret
- # yamllint disable rule:line-length
- command: kubectl -n mep create secret generic pg-secret --from-literal=pg_admin_pwd={{ vardata.mep_pg_admin_pwd.name}} --from-literal=kong_pg_pwd={{ vardata.mep_kong_pg_pwd.name}}
- --from-file=server.key=/tmp/.mep_tmp_cer/mepserver_tls.key --from-file=server.crt=/tmp/.mep_tmp_cer/mepserver_tls.crt
- ignore_errors: yes
- no_log: True
- # yamllint disable rule:line-length
- when: comm_pwd == ""
-
-- name: Create mep generic for mep ssl with common pwd
- # yamllint disable rule:line-length
- command: kubectl -n mep create secret generic mep-ssl --from-literal=cert_pwd={{ vardata.common_pwd.name}} --from-file=server.cer=/tmp/.mep_tmp_cer/mepserver_tls.crt
- --from-file=server_key.pem=/tmp/.mep_tmp_cer/mepserver_encryptedtls.key --from-file=trust.cer=/tmp/.mep_tmp_cer/ca.crt
- ignore_errors: yes
- no_log: True
- # yamllint disable rule:line-length
- when: comm_pwd != ""
-
-- name: Create mep generic for mep ssl
- # yamllint disable rule:line-length
- command: kubectl -n mep create secret generic mep-ssl --from-literal=cert_pwd={{ vardata.mep_cert_pwd.name}} --from-file=server.cer=/tmp/.mep_tmp_cer/mepserver_tls.crt
- --from-file=server_key.pem=/tmp/.mep_tmp_cer/mepserver_encryptedtls.key --from-file=trust.cer=/tmp/.mep_tmp_cer/ca.crt
- # yamllint disable rule:line-length
- when: comm_pwd == ""
-
-- name: Create mep seret generic
- # yamllint disable rule:line-length
- command: kubectl -n mep create secret generic mepauth-secret --from-file=server.crt=/tmp/.mep_tmp_cer/mepserver_tls.crt --from-file=server.key=/tmp/.mep_tmp_cer/mepserver_tls.key
- --from-file=ca.crt=/tmp/.mep_tmp_cer/ca.crt --from-file=jwt_publickey=/tmp/.mep_tmp_cer/jwt_publickey --from-file=jwt_encrypted_privatekey=/tmp/.mep_tmp_cer/jwt_encrypted_privatekey
- # yamllint disable rule:line-length
- args:
- chdir: /tmp/
-
-- name: Remove directory
- command: rm -rf /tmp/.mep_tmp_cer
- args:
- chdir: /tmp/
-
-- debug:
- msg: Deploy_dns_metallb execution start
-
-- name: Eg_Mep deployment execution of namesapce
- command: kubectl apply -f /tmp/eg_mep/deploy/conf/edge/metallb/namespace.yaml
- args:
- chdir: /tmp/eg_mep/deploy/
-
-- name: Eg_Mep deployment execution of metallb
- command: kubectl apply -f /tmp/eg_mep/deploy/conf/edge/metallb/metallb.yaml
- args:
- chdir: /tmp/eg_mep/deploy/
-
-- name: Eg_Mep deployment create secret
- # yamllint disable rule:line-length
- command: kubectl create secret generic -n metallb-system memberlist --from-literal=secretkey="$(openssl rand -base64 128)"
- # yamllint disable rule:line-length
- args:
- chdir: /tmp/eg_mep/deploy/
-
-- name: Eg_Mep deployment execution of config-mep
- command: kubectl apply -f /tmp/eg_mep/deploy/conf/edge/metallb/config-map.yaml
- args:
- chdir: /tmp/eg_mep/deploy/
-
-- debug:
- msg: Deploy_network_isolation_multus execution start
-
-- name: Running multus yaml files
- command: kubectl apply -f /tmp/eg_mep/deploy/conf/edge/network-isolation/multus.yaml
- args:
- chdir: /tmp/eg_mep/deploy/
-
-- name: Running eg-sp-rbac yaml files
- command: kubectl apply -f /tmp/eg_mep/deploy/conf/edge/network-isolation/eg-sp-rbac.yaml
- args:
- chdir: /tmp/eg_mep/deploy/
-
-- name: Replacing image
- replace:
- path: /tmp/eg_mep/deploy/conf/edge/network-isolation/eg-sp-controller.yaml
- regexp: 'edgegallery/edgegallery-secondary-ep-controller:latest'
- replace: "{{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/edgegallery-secondary-ep-controller:latest"
-
-- name: Running eg-sp-controller yaml files
- # yamllint disable rule:line-length
- command: kubectl apply -f /tmp/eg_mep/deploy/conf/edge/network-isolation/eg-sp-controller.yaml
- args:
- chdir: /tmp/eg_mep/deploy/
-
-- debug:
- msg: Setup_interfaces execution start
-
-- name: Link eg mep macvlan
- # yamllint disable rule:line-length
- command: ip link add eg-mp1 link {{ vardata.edge_management_interface.name}} type macvlan mode bridge
- args:
- chdir: /tmp/eg_mep/deploy/
- ignore_errors: yes
- no_log: True
-
-- name: Link eg mep macvlan
- command: ip addr add {{ vardata.eg-management-address.name}} dev eg-mp1
- args:
- chdir: /tmp/eg_mep/deploy/
- ignore_errors: yes
- no_log: True
-
-- name: Link eg me1 up
- command: ip link set dev eg-mp1 up
- args:
- chdir: /tmp/eg_mep/deploy/
- ignore_errors: yes
- no_log: True
-
-- name: Link eg eg mm5 with eth1
- # yamllint disable rule:line-length
- command: ip link add eg-mm5 link {{ vardata.edge_dataplane_interface.name}} type macvlan mode bridge
- args:
- chdir: /tmp/eg_mep/deploy/
- ignore_errors: yes
- no_log: True
-
-- name: Link eg eg mm5 ip addr
- command: ip addr add {{ vardata.eg-dataplane-address.name}} dev eg-mm5
- args:
- chdir: /tmp/eg_mep/deploy/
- ignore_errors: yes
- no_log: True
-
-- name: Link eg eg mm5 set dev
- command: ip link set dev eg-mm5 up
- args:
- chdir: /tmp/eg_mep/deploy/
- ignore_errors: yes
- no_log: True
-
-- debug:
- msg: Pull helm repo start
-
-- name: Edge gallery mep installation pull chart and image
- # yamllint disable rule:line-length
- command: helm install mep-edgegallery edgegallery/mep --set networkIsolation.phyInterface.mp1={{ vardata.edge_management_interface.name}} --set networkIsolation.phyInterface.mm5={{ vardata.edge_dataplane_interface.name}} --set images.mep.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/mep --set images.mepauth.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/mepauth --set images.dns.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/mep-dns-server --set images.kong.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/kong --set images.postgres.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/postgres --set images.mep.tag={{ vardata.eg_image_tag.name}} --set images.mepauth.tag={{ vardata.eg_image_tag.name}} --set images.dns.tag={{ vardata.eg_image_tag.name}} --set images.mep.pullPolicy=IfNotPresent --set images.mepauth.pullPolicy=IfNotPresent --set images.dns.pullPolicy=IfNotPresent --set images.kong.pullPolicy=IfNotPresent --set images.postgres.pullPolicy=IfNotPresent --set ssl.secretName=mep-ssl
- # yamllint disable rule:line-length
+++ /dev/null
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
----
-
-- name: Uninstall ssl config mep helm chart
- command: helm uninstall mep-edgegallery
- ignore_errors: yes
- no_log: True
-
-- name: Delete ssl config pg secret
- command: kubectl delete secret pg-secret -n mep
- ignore_errors: yes
- no_log: True
-
-- name: Delete ssl config mep ssl
- command: kubectl delete secret mep-ssl -n mep
- ignore_errors: yes
- no_log: True
-
-- name: Delete ssl config mep mep auth
- command: kubectl delete secret mepauth-secret -n mep
- ignore_errors: yes
- no_log: True
-
-- name: Delete dns namesapce metallb
- command: kubectl delete secret memberlist -n metallb-system
- ignore_errors: yes
- no_log: True
-
-- name: Delete ssl config namesapce mep
- command: kubectl delete ns mep
- ignore_errors: yes
- no_log: True
-
-- name: Delete network isolation multus eg sp controller
- # yamllint disable rule:line-length
- command: kubectl delete -f /tmp/eg_mep/deploy/conf/edge/network-isolation/eg-sp-controller.yaml
- ignore_errors: yes
- no_log: True
-
-- name: Delete network isolation multus eg sp rbac
- # yamllint disable rule:line-length
- command: kubectl delete -f /tmp/eg_mep/deploy/conf/edge/network-isolation/eg-sp-rbac.yaml
- ignore_errors: yes
- no_log: True
-
-- name: Delete network isolation multus
- # yamllint disable rule:line-length
- command: kubectl delete -f /tmp/eg_mep/deploy/conf/edge/network-isolation/multus.yaml
- ignore_errors: yes
- no_log: True
-
-- name: Delete network isolation eg mp1
- command: ip link set dev eg-mp1 down
- ignore_errors: yes
- no_log: True
-
-- name: Delete nnetwork isolation eg mp1 link
- command: ip link delete eg-mp1
- ignore_errors: yes
- no_log: True
-
-- name: Delete network isolation eg mm5
- command: ip link set dev eg-mm5 down
- ignore_errors: yes
- no_log: True
-
-- name: Delete network isolation eg mm5 link
- command: ip link delete eg-mm5
- ignore_errors: yes
- no_log: True
-
-- name: Delete network isolation multus rm
- command: rm -rf /opt/cni/bin/multus
- ignore_errors: yes
- no_log: True
-
-- name: Uninstall dns metallb config mep
- # yamllint disable rule:line-length
- command: kubectl delete -f /tmp/eg_mep/deploy/conf/edge/metallb/config-map.yaml
- ignore_errors: yes
- no_log: True
-
-- name: Delete dns metallb
- # yamllint disable rule:line-length
- command: kubectl delete -f /tmp/eg_mep/deploy/conf/edge/metallb/metallb.yaml
- ignore_errors: yes
- no_log: True
-
-- name: Delete dns metallb namespace
- # yamllint disable rule:line-length
- command: kubectl delete -f /tmp/eg_mep/deploy/conf/edge/metallb/namespace.yaml
- ignore_errors: yes
- no_log: True
+++ /dev/null
-#!/bin/bash
-
-function _help_insecure_registry()
-{
- grep -i "insecure-registries" /etc/docker/daemon.json | grep "REGISTRIES_IP:REGISTRIES_PORT" >/dev/null 2>&1
- if [ $? != 0 ]; then
- mkdir -p /etc/docker
-cat <<EOF | tee /etc/docker/daemon.json
-{
- "insecure-registries" : ["REGISTRIES_IP:REGISTRIES_PORT"]
-}
-EOF
- service docker restart
- fi
-}
-
-##############################################################
-############################################
-function main(){
- _help_insecure_registry
-}
-#########################################
-#skip main in case of source
- main $@
-######################
+++ /dev/null
-#
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
----
-
-- name: Doing deployment setup for edge gallery
- copy:
- src: deploy
- dest: /tmp/eg_prerequisite/
- mode: 750
-
-- name: Import config file
- include_vars:
- file: ../../../config.yml
- name: vardata
-
-- name: Replacing private ip
- replace:
- path: /tmp/eg_prerequisite/deploy/eg_daemon.sh
- regexp: REGISTRIES_IP
- replace: "{{ vardata.private_repo_ip.name }}"
-
-- name: Replacing private port
- replace:
- path: /tmp/eg_prerequisite/deploy/eg_daemon.sh
- regexp: REGISTRIES_PORT
- replace: "{{ vardata.docker_registry_port.name }}"
-
-- name: Execute script for docker daemon
- shell:
- cmd: /tmp/eg_prerequisite/deploy/eg_daemon.sh
-
-- name: Delete Execute script for docker daemon
- command: rm -rf /tmp/eg_prerequisite
+++ /dev/null
-#
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
----
-
-# tasks file for eg_prerequisite
-- include: "install.yml"
- static: false
- when: operation == 'install'
+++ /dev/null
-#!/bin/bash
-TARBALL_PATH=/tmp/eg_registry/deploy/
-
-function _load_and_run_docker_registry()
-{
-
- docker ps | grep registry >/dev/null
- if [ $? != 0 ]; then
- cd "$TARBALL_PATH"/registry
- docker load --input registry-2.tar.gz
- docker run -d -p 5000:5000 --restart=always --name registry registry:2
- fi
-}
-
-function _load_swr_images_and_push_to_private_registry()
-{
- IP=REGISTRIES_IP
- PORT="REGISTRIES_PORT"
- cd "$TARBALL_PATH"/eg_swr_images
-
- for f in *.tar.gz;
- do
- cat $f | docker load
- IMAGE_NAME=`echo $f|rev|cut -c8-|rev|sed -e "s/\#/:/g" | sed -e "s/\@/\//g"`;
- docker image tag $IMAGE_NAME $IP:$PORT/$IMAGE_NAME
- docker push $IP:$PORT/$IMAGE_NAME
- done
-}
-
-##############################################################
-############################################
-function main(){
- _load_and_run_docker_registry
- _load_swr_images_and_push_to_private_registry
-}
-#########################################
-#skip main in case of source
- main $@
-######################
+++ /dev/null
-#
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
----
-
-- name: Doing deployment setup for edge gallery
- copy:
- src: deploy
- dest: /tmp/eg_registry/
- mode: 750
-
-- name: Import config file
- include_vars:
- file: ../../../config.yml
- name: vardata
-
-- name: Make dir for arm images
- command: mkdir -p /tmp/eg_registry/armtarball
- args:
- chdir: /tmp/
-
-- name: Set a variable
- ansible.builtin.set_fact:
- processor: "{{ vardata.master_edge_processor.name}}"
-
-- name: Downloading based on master_edge_processor value x86_64 tarball
- command: wget http://release.edgegallery.org/x86/all/0.9.tar.gz
- args:
- chdir: /tmp/eg_registry/deploy/
- when: processor == "x86_64"
-
-- name: Download 0.9 tar arms based on master_edge_processor value
- command: wget http://release.edgegallery.org/arm64/all/0.9.tar.gz
- args:
- chdir: /tmp/eg_registry/armtarball/
- when: ansible_architecture == 'aarch64' and processor == "x86_64"
-
-- name: Download 0.9 tar arms
- command: wget http://release.edgegallery.org/arm64/all/0.9.tar.gz
- args:
- chdir: /tmp/eg_registry/deploy/
- when: ansible_architecture == 'aarch64' and processor != "x86_64"
-
-- name: Download 0.9 tar x86
- command: wget http://release.edgegallery.org/x86/all/0.9.tar.gz
- args:
- chdir: /tmp/eg_registry/deploy/
- when: ansible_architecture == 'x86_64'
-
-- name: Untar the donwloaded tar
- command: tar -zxf 0.9.tar.gz
- args:
- chdir: /tmp/eg_registry/deploy/
-
-- name: Untar the donwloaded tar
- command: tar -zxf 0.9.tar.gz
- args:
- chdir: /tmp/eg_registry/armtarball/
- when: processor == "x86_64"
-
-- name: Registry replaced for cross playform
- command: rm -rf /tmp/eg_registry/deploy/registry
- when: processor == "x86_64"
-
-- name: Docker image replaced for cross playform
- command: rm -rf /tmp/eg_registry/deploy/eg_swr_images/nginx#stable.tar.gz
- when: processor == "x86_64"
-
-- name: Docker image replaced for cross playform tool chain
- # yamllint disable rule:line-length
- command: rm -rf /tmp/eg_registry/deploy/eg_swr_images/edgegallery@deploy-tool#latest.tar.gz
- # yamllint disable rule:line-length
- when: processor == "x86_64"
-
-- name: Copy registry from x86 tarball
- command: cp -r /tmp/eg_registry/armtarball/registry /tmp/eg_registry/deploy/
- when: processor == "x86_64"
-
-- name: Copy docker image from x86 tarball
- # yamllint disable rule:line-length
- command: cp -r /tmp/eg_registry/armtarball/eg_swr_images/nginx#stable.tar.gz /tmp/eg_registry/deploy/eg_swr_images/
- # yamllint disable rule:line-length
- when: processor == "x86_64"
-
-- name: Copy docker image from x86 tarball tool chain
- # yamllint disable rule:line-length
- command: cp -r /tmp/eg_registry/armtarball/eg_swr_images/edgegallery@deploy-tool#latest.tar.gz /tmp/eg_registry/deploy/eg_swr_images/
- # yamllint disable rule:line-length
- when: processor == "x86_64"
-
-- name: Replacing private ip
- replace:
- path: /tmp/eg_registry/deploy/load-images.sh
- regexp: 'REGISTRIES_IP'
- replace: "{{ vardata.private_repo_ip.name }}"
-
-- name: Replacing private port
- replace:
- path: /tmp/eg_registry/deploy/load-images.sh
- regexp: 'REGISTRIES_PORT'
- replace: "{{ vardata.docker_registry_port.name }}"
-
-- name: Execute the script
- shell:
- cmd: /tmp/eg_registry/deploy/load-images.sh
+++ /dev/null
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
----
-
-# tasks file for eg_load-iamges
-- include: "install.yml"
- static: false
- when: operation == 'install'
-
-- include: "uninstall.yml"
- static: false
- when: operation == 'uninstall'
+++ /dev/null
-#
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
----
-
-- name: Stop registry
- command: docker stop registry
- ignore_errors: yes
- no_log: True
-
-- name: Remove registry
- command: docker rm -v registry
- ignore_errors: yes
- no_log: True
-
-- name: Remove tmp file
- command: rm -rf /tmp/eg_registry
- ignore_errors: yes
- no_log: True
+++ /dev/null
-#
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
----
-
-- name: Import config file
- include_vars:
- file: ../../../config.yml
- name: vardata
-
-- name: Generate secret
- # yamllint disable rule:line-length
- command: kubectl create secret generic edgegallery-ssl-secret --from-file=keystore.p12=/tmp/ssl-eg-keys-certs/keystore.p12 --from-literal=keystorePassword={{ vardata.common_pwd.name}} --from-literal=keystoreType=PKCS12 --from-literal=keyAlias=edgegallery --from-file=trust.cer=/tmp/ssl-eg-keys-certs/ca.crt --from-file=server.cer=/tmp/ssl-eg-keys-certs/tls.crt --from-file=server_key.pem=/tmp/ssl-eg-keys-certs/encryptedtls.key --from-literal=cert_pwd={{ vardata.common_pwd.name}}
- args:
- chdir: /tmp/ssl-eg-keys-certs/
+++ /dev/null
-#
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
----
-
-# tasks file for eg_secret
-- include: "install.yml"
- static: false
- when: operation == 'install'
-
-- include: "uninstall.yml"
- static: false
- when: operation == 'uninstall'
+++ /dev/null
-#
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
----
-
-- name: Delete edgegallery ssl secret
- command: kubectl delete secret edgegallery-ssl-secret
- ignore_errors: yes
- no_log: True
+++ /dev/null
-#
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
----
-
-- name: Import config file
- include_vars:
- file: ../../../config.yml
- name: vardata
-
-- name: Helm repo add edgegallery
- # yamllint disable rule:line-length
- command: helm repo add edgegallery http://{{ vardata.private_repo_ip.name}}:8080/edgegallery
-
-- name: Helm repo add stable
- # yamllint disable rule:line-length
- command: helm repo add stable http://{{ vardata.private_repo_ip.name}}:8080/stable
+++ /dev/null
-#
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
----
-
-# tasks file for eg_set-helm-repo
-- include: "install.yml"
- static: false
- when: operation == 'install'
+++ /dev/null
-#
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
----
-
-- name: Certificate copy
- debug:
- msg: Copy certificate from ocd to center and edge
-
-- synchronize:
- src: /tmp/ssl-eg-keys-certs
- dest: /tmp/
+++ /dev/null
-#
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
----
-
-- name: Import config file
- include_vars:
- file: ../../../config.yml
- name: vardata
-
-- name: Set a variable
- ansible.builtin.set_fact:
- comm_pwd: "{{ vardata.common_pwd.name }}"
-
-- name: Create certificates for usermanagment with common pwd
- # yamllint disable rule:line-length
- command: kubectl create secret generic user-mgmt-jwt-secret --from-file=publicKey=/tmp/ssl-eg-keys-certs/rsa_public_key.pem --from-file=encryptedPrivateKey=/tmp/ssl-eg-keys-certs/encrypted_rsa_private_key.pem --from-literal=encryptPassword={{ vardata.common_pwd.name}}
- # yamllint disable rule:line-length
- when: comm_pwd != ""
-
-- name: Generating certificates for usermanagment
- # yamllint disable rule:line-length
- command: kubectl create secret generic user-mgmt-jwt-secret --from-file=publicKey=/tmp/ssl-eg-keys-certs/rsa_public_key.pem --from-file=encryptedPrivateKey=/tmp/ssl-eg-keys-certs/encrypted_rsa_private_key.pem --from-literal=encryptPassword={{ vardata.user_mgmt_encryptPassword.name}}
- # yamllint disable rule:line-length
- when: comm_pwd == ""
-
-- name: Install user-mgmt
- # yamllint disable rule:line-length
- command: helm install user-mgmt-edgegallery edgegallery/usermgmt --set global.oauth2.clients.appstore.clientUrl=https://{{ ansible_host }}:{{vardata.appstore_port.name}},global.oauth2.clients.developer.clientUrl=https://{{ ansible_host }}:{{vardata.developer_port.name}},global.oauth2.clients.mecm.clientUrl=https://{{ ansible_host }}:{{vardata.mecm_port.name}}, --set jwt.secretName=user-mgmt-jwt-secret --set images.usermgmt.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/user-mgmt --set images.postgres.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/postgres --set images.redis.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/redis --set images.initservicecenter.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/curl --set images.usermgmt.tag={{ vardata.eg_image_tag.name}} --set images.usermgmt.pullPolicy=IfNotPresent --set images.postgres.pullPolicy=IfNotPresent --set images.redis.pullPolicy=IfNotPresent --set images.initservicecenter.pullPolicy=IfNotPresent --set global.ssl.enabled=true --set global.ssl.secretName=edgegallery-ssl-secret
+++ /dev/null
-#
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
----
-
-# tasks file for eg_user-mgmt
-- include: "install.yml"
- static: false
- when: operation == 'install'
-
-- include: "uninstall.yml"
- static: false
- when: operation == 'uninstall'
+++ /dev/null
-#
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
----
-
-- name: Uninstall user management
- command: helm uninstall user-mgmt-edgegallery
- ignore_errors: yes
- no_log: True
-
-- name: Delete user-mgmt-jwt-secret
- command: kubectl delete secret user-mgmt-jwt-secret
- ignore_errors: yes
- no_log: True
--- /dev/null
+# Copyright 2021 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+# tasks file
+- name: Install edgegallery
+ shell:
+ # yamllint disable rule:line-length
+ cmd: ansible-playbook --inventory hosts-aio -e "ansible_user=root" eg_all_aio_install.yml >> aio_log
+ # yamllint disable rule:line-length
+ chdir: /tmp/eg_download/deploy/ansible-all-arm-latest/install
+ when: ansible_architecture == 'aarch64'
+
+- name: Install edgegallery
+ shell:
+ # yamllint disable rule:line-length
+ cmd: ansible-playbook --inventory hosts-aio -e "ansible_user=root" eg_all_aio_install.yml >> aio_log
+ # yamllint disable rule:line-length
+ chdir: /tmp/eg_download/deploy/ansible-all-x86-latest/install
+ when: ansible_architecture == 'x86_64'
-#
-# Copyright 2020 Huawei Technologies Co., Ltd.
+# Copyright 2021 Huawei Technologies Co., Ltd.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-#
---
-
-# tasks file for eg_mep
+# tasks file for eg muno all
- include: "install.yml"
static: false
when: operation == 'install'
--- /dev/null
+# Copyright 2021 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+- name: Uninstall edgegallery on arm
+ shell:
+ # yamllint disable rule:line-length
+ cmd: ansible-playbook --inventory hosts-aio eg_all_aio_uninstall.yml -e "ansible_user=root" >> aio_remove.log
+ # yamllint disable rule:line-length
+ chdir: /tmp/eg_download/deploy/ansible-all-arm-latest/install
+ when: ansible_architecture == 'aarch64'
+
+- name: Uninstall edgegallery on x86
+ shell:
+ # yamllint disable rule:line-length
+ cmd: ansible-playbook --inventory hosts-aio eg_all_aio_uninstall.yml -e "ansible_user=root" >> aio_remove.log
+ # yamllint disable rule:line-length
+ chdir: /tmp/eg_download/deploy/ansible-all-x86-latest/install
+ when: ansible_architecture == 'x86_64'
+
+- name: Remove edgegallery tar
+ shell:
+ cmd: rm -rf ansible-all*
+ chdir: /tmp/eg_download/deploy/
+
+- name: Remove aio log
+ shell:
+ cmd: rm -rf aio_log
+ chdir: /tmp/eg_download/deploy/
--- /dev/null
+# Copyright 2021 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+# tasks file for MUNO controller
+
+### MUNO controller installation ###
+
+- name: Create directory to download EG-TAR
+ command: mkdir -p /tmp/eg_download/deploy
+ args:
+ chdir: "{{playbook_dir}}"
+ ignore_errors: yes
+
+- name: Check edgegallery tar ball present
+ stat:
+ path: /tmp/eg_download/deploy/EdgeGallery-v1.1.1-controller-x86.tar.gz
+ register: tar_var
+
+- name: Download 1.1 edgegallery x86 controller
+# yamllint disable rule:line-length
+ command: wget https://edgegallery.obs.cn-east-3.myhuaweicloud.com/releases/v1.1.1/x86/EdgeGallery-v1.1.1-controller-x86.tar.gz
+# yamllint disable rule:line-length
+ args:
+ chdir: /tmp/eg_download/deploy/
+ when: not tar_var.stat.exists
+
+- name: Untar Edgegallery offline controller tar file
+ command: tar -xvf EdgeGallery-v1.1.1-controller-x86
+ args:
+ chdir: /tmp/eg_download/deploy/
+ when: not tar_var.stat.exists
+
+- name: Set inventory file for muno controller
+# yamllint disable rule:line-length
+ command: cp muno-config/controller/hosts-muno-controller /tmp/eg_download/deploy/EdgeGallery-v1.1.1-controller-x86/install
+# yamllint disable rule:line-length
+ args:
+ chdir: "{{playbook_dir}}"
+
+- name: Set var.yml file for muno controller
+# yamllint disable rule:line-length
+ command: cp muno-config/controller/var.yml /tmp/eg_download/deploy/EdgeGallery-v1.1.1-controller-x86/install
+# yamllint disable rule:line-length
+ args:
+ chdir: "{{playbook_dir}}"
+
+- name: Install edgegallery controller
+ shell:
+ # yamllint disable rule:line-length
+ cmd: ansible-playbook --inventory hosts-muno-controller -e "ansible_user=root" eg_controller_aio_install.yml >> muno_controller_log
+ # yamllint disable rule:line-length
+ chdir: /tmp/eg_download/deploy/EdgeGallery-v1.1.1-controller-x86/install
+ when: ansible_architecture == 'x86_64'
-# Copyright 2020 Huawei Technologies Co., Ltd.
+# Copyright 2021 Huawei Technologies Co., Ltd.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
----
-# tasks file for helm
+---
+# tasks file for eg muno mode
- include: "install.yml"
static: false
when: operation == 'install'
--- /dev/null
+# Copyright 2021 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+
+- name: Uninstall edgegallery controller on x86
+ shell:
+ # yamllint disable rule:line-length
+ cmd: ansible-playbook --inventory hosts-muno-controller eg_controller_aio_uninstall.yml -e "ansible_user=root" >> muno_controller_remove.log
+ # yamllint disable rule:line-length
+ chdir: /tmp/eg_download/deploy/EdgeGallery-v1.1.1-controller-x86/install
+ when: ansible_architecture == 'x86_64'
+
+- name: Remove edgegallery tar ball
+ shell:
+ cmd: rm -rf EdgeGallery-v1.1.1-*
+ chdir: /tmp/eg_download/deploy/
+ when: ansible_architecture == 'x86_64'
--- /dev/null
+# Copyright 2021 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+### MUNO edge installation ###
+
+- name: Check edgegallery tar ball present
+ stat:
+ path: /tmp/eg_download/deploy/EdgeGallery-v1.1.1-edge-x86.tar.gz
+ register: edge_tar_var
+
+- name: Download 1.1 edgegallery x86 edge
+# yamllint disable rule:line-length
+ command: wget https://edgegallery.obs.cn-east-3.myhuaweicloud.com/releases/v1.1.1/x86/EdgeGallery-v1.1.1-edge-x86.tar.gz
+# yamllint disable rule:line-length
+ args:
+ chdir: /tmp/eg_download/deploy/
+ when: not edge_tar_var.stat.exists
+
+- name: Untar Edgegallery offline edge tar file
+ command: tar -xvf EdgeGallery-v1.1.1-edge-x86
+ args:
+ chdir: /tmp/eg_download/deploy/
+ when: not edge_tar_var.stat.exists
+
+- name: Set inventory file for muno edge
+# yamllint disable rule:line-length
+ command: scp root@{{ OCD_IP }}:"{{playbook_dir}}"/muno-config/edge/hosts-muno-edge .
+# yamllint disable rule:line-length
+ args:
+ chdir: "{{playbook_dir}}"
+
+- name: Set var.yml file for muno edge
+# yamllint disable rule:line-length
+ command: scp root@{{ OCD_IP }}:"{{playbook_dir}}"/muno-config/edge/var.yml .
+# yamllint disable rule:line-length
+ args:
+ chdir: "{{playbook_dir}}"
+
+- name: Install edgegallery edge
+ shell:
+ # yamllint disable rule:line-length
+ cmd: ansible-playbook --inventory hosts-muno-edge -e "ansible_user=root" eg_edge_aio_install.yml >> muno_edge_log
+ # yamllint disable rule:line-length
+ chdir: /tmp/eg_download/deploy/EdgeGallery-v1.1.1-edge-x86/install
+ when: ansible_architecture == 'x86_64'
-#
-# Copyright 2020 Huawei Technologies Co., Ltd.
+# Copyright 2021 Huawei Technologies Co., Ltd.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-#
---
-# tasks file for eg_certs
+# tasks file for eg muno mode
- include: "install.yml"
static: false
when: operation == 'install'
--- /dev/null
+# Copyright 2021 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+# uninstallation of edge
+
+- name: Uninstall edgegallery edge on x86
+ shell:
+ # yamllint disable rule:line-length
+ cmd: ansible-playbook --inventory hosts-muno-edge eg_edge_aio_uninstall.yml -e "ansible_user=root" >> muno_edge_remove.log
+ # yamllint disable rule:line-length
+ chdir: /tmp/eg_download/deploy/EdgeGallery-v1.1.1-edge-x86/install
+ when: ansible_architecture == 'x86_64'
+
+- name: Remove edgegallery tar ball
+ shell:
+ cmd: rm -rf EdgeGallery-v1.1.1-*
+ chdir: /tmp/eg_download/deploy/
+ when: ansible_architecture == 'x86_64'
--- /dev/null
+# Copyright 2021 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+
+- name: Create directory to download EG-TAR
+ command: mkdir -p /tmp/eg_download/deploy
+ args:
+ chdir: "{{playbook_dir}}"
+ ignore_errors: yes
+
+- name: Download 1.1 edgegallery x86
+# yamllint disable rule:line-length
+ command: wget https://edgegallery.obs.cn-east-3.myhuaweicloud.com/releases/v1.1/x86/EdgeGallery-v1.1-all-x86.tar.gz
+# yamllint disable rule:line-length
+ args:
+ chdir: /tmp/eg_download/deploy/
+ when: ansible_architecture == 'x86_64'
+
+- name: Untar Edgegallery offline tarbal file
+ command: tar -xvf EdgeGallery-v1.1-all-x86.tar.gz
+ args:
+ chdir: /tmp/eg_download/deploy/
+ when: ansible_architecture == 'x86_64'
+
+- name: Set inventory file for aio
+ command: cp hosts-aio /tmp/eg_download/deploy/ansible-all-x86-latest/install
+ args:
+ chdir: "{{playbook_dir}}"
+ when: ansible_architecture == 'x86_64'
+
+- name: Set inventory file for muno
+ command: cp hosts-muno /tmp/eg_download/deploy/ansible-all-x86-latest/install
+ args:
+ chdir: "{{playbook_dir}}"
+ when: ansible_architecture == 'x86_64'
+
+- name: Set var.yml to eg path
+ # yamllint disable rule:line-length
+ command: cp var.yml /tmp/eg_download/deploy/ansible-all-x86-latest/install
+ # yamllint disable rule:line-length
+ args:
+ chdir: "{{playbook_dir}}"
+ when: ansible_architecture == 'x86_64'
+
+- name: Set default-var.yml to eg path
+ # yamllint disable rule:line-length
+ command: cp default-var.yml /tmp/eg_download/deploy/ansible-all-x86-latest/install
+ # yamllint disable rule:line-length
+ args:
+ chdir: "{{playbook_dir}}"
+ when: ansible_architecture == 'x86_64'
-# Copyright 2020 Huawei Technologies Co., Ltd.
+# Copyright 2021 Huawei Technologies Co., Ltd.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# limitations under the License.
---
+# tasks file
+
- include: "install.yml"
static: false
when: operation == 'install'
-#
# Copyright 2020 Huawei Technologies Co., Ltd.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-#
---
-
-- name: Uninstall appstore
- command: helm uninstall appstore-edgegallery
- ignore_errors: yes
- no_log: True
+- name: Remove edgegallery tar
+ shell:
+ cmd: ls
+ #cmd: rm -rf ansible-all*
+ chdir: /tmp/eg_download/deploy/
---
- name: check if grafana is already installed
shell:
- cmd: helm status mec-grafana
+ cmd: helm status grafana
register: result
ignore_errors: yes
no_log: True
# yamllint disable rule:line-length
when: result.stdout == ""
+- name: "INSTALL: Add Grafana Repo on x86"
+ shell:
+ cmd: helm repo add grafana https://grafana.github.io/helm-charts
+ when: result is failed and ansible_architecture == 'x86_64'
+ ignore_errors: yes
+
+- name: "INSTALL: Update helm repo"
+ shell:
+ cmd: helm repo update
+ when: result is failed and ansible_architecture == 'x86_64'
+ ignore_errors: yes
+
- name: "INSTALL: Install grafana on x86_64"
shell:
- cmd: helm install mec-grafana stable/grafana
+ cmd: helm install grafana grafana/grafana
when: result is failed and ansible_architecture == 'x86_64'
+ ignore_errors: yes
- name: "INSTALL: copy values.yaml to host"
copy:
- name: "INSTALL: Install grafana on aarch64"
shell:
- cmd: helm install mec-grafana stable/grafana -f /tmp/grafana/values.yaml
+ cmd: helm install grafana stable/grafana -f /tmp/grafana/values.yaml
when: result is failed and ansible_architecture == 'aarch64'
---
- name: check if grafana is installed before deleting
shell:
- cmd: helm status mec-grafana
+ cmd: helm status grafana
register: result
ignore_errors: yes
no_log: True
msg: Ignore Uninstall Log , Grafana not installed
when: result.stdout == ""
-- name: Uninstall grafana
+- name: Uninstall grafana on arm
shell:
- cmd: helm uninstall mec-grafana
- when: result is succeeded
+ cmd: helm uninstall grafana
+ when: result is succeeded and ansible_architecture == 'aarch64'
+
+- name: Uninstall grafana on x86
+ shell:
+ cmd: helm uninstall grafana
+ when: result is succeeded and ansible_architecture == 'x86_64'
+++ /dev/null
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-
-- name: check whether helm is already installed
- command: which helm
- register: result
- ignore_errors: yes
- no_log: True
-
-- debug:
- msg: helm is already present
- when: result.stdout != ""
-
-- debug:
-# yamllint disable rule:line-length
- msg: Ignore Uninstall Log , Helm not installed continue with Installation
-# yamllint disable rule:line-length
- when: result.stdout == ""
-
-- name: "INSTALL: Helm download command on x86_64"
- command: wget https://get.helm.sh/helm-v3.0.2-linux-amd64.tar.gz
- when: result is failed and ansible_architecture == 'x86_64'
-
-- name: "INSTALL: Untar helm on x86_64"
- command: tar -zxvf helm-v3.0.2-linux-amd64.tar.gz
- when: result is failed and ansible_architecture == 'x86_64'
-
-- name: "INSTALL: Helm move to bin folder on x86_64"
- command: mv linux-amd64/helm /usr/local/bin/
- when: result is failed and ansible_architecture == 'x86_64'
-
-- name: "INSTALL: Helm download command on aarch64"
- command: wget https://get.helm.sh/helm-v3.0.2-linux-arm64.tar.gz
- when: result is failed and ansible_architecture == 'aarch64'
-
-- name: "INSTALL: Untar helm on aarch64"
- command: tar -zxvf helm-v3.0.2-linux-arm64.tar.gz
- when: result is failed and ansible_architecture == 'aarch64'
-
-- name: "INSTALL: Helm move to bin folder on aarch64"
- command: mv linux-arm64/helm /usr/local/bin/
- when: result is failed and ansible_architecture == 'aarch64'
-
-- name: "INSTALL: Add helm repo"
-# yamllint disable rule:line-length
- command: helm repo add stable https://charts.helm.sh/stable
-# yamllint disable rule:line-length
- when: result is failed
-
-- name: "INSTALL: Updated helm repo"
- command: helm repo update
- when: result is failed
-
-- name: "INSTALLED List helm repo"
- command: helm repo list
- when: result is failed
+++ /dev/null
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
----
-- name: check whether helm is installed before deleting
- command: which helm
- register: result
- ignore_errors: yes
- no_log: True
-
-- debug:
- msg: Uninstalling helm...
- when: result.stdout != ""
-
-- debug:
- msg: Ignore Uninstall Log ,Helm not installed
- when: result.stdout == ""
-
-- name: "UNINSTALL: Helm Uninstall on x86_64"
- command: rm -rf linux-amd64/helm
- ignore_errors: yes
- no_log: True
- when: result is succeeded and ansible_architecture == 'x86_64'
-
-- name: "UNINSTALL: Remove download helm file on x86_64"
- command: rm ~/helm-v3.0.2-linux-amd64.tar.gz
- ignore_errors: yes
- no_log: True
- when: result is succeeded and ansible_architecture == 'x86_64'
-
-- name: "UNINSTALL: Helm Uninstall on aarch64"
- command: rm -rf linux-arm64/helm
- ignore_errors: yes
- no_log: True
- when: result is succeeded and ansible_architecture == 'aarch64'
-
-- name: "UNINSTALL: Remove download helm file on aarch64"
- command: rm helm-v3.0.2-linux-arm64.tar.gz
- ignore_errors: yes
- no_log: True
- when: result is succeeded and ansible_architecture == 'aarch64'
-
-- name: "UNINSTALL: Remove helm from bin"
- command: rm /usr/local/bin/helm
- ignore_errors: yes
- no_log: True
- when: result is succeeded
+++ /dev/null
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
----
-- name: check whether k3s is already installed
- shell:
- cmd: which k3s
- register: result
- ignore_errors: yes
- no_log: True
-
-- debug:
- msg: k3s is already present
- when: result.stdout != ""
-
-- debug:
-# yamllint disable rule:line-length
- msg: Ignore Uninstall Log , k3s not installed continue with Installation
-# yamllint disable rule:line-length
- when: result.stdout == ""
-
-- debug:
- msg: K3 Installation started on {{ ansible_facts['distribution'] }} MEP Node
-
-- name: "INSTALL: Disabling firewall for successfull k3s installation on CentOs"
- shell:
- cmd: systemctl stop firewalld
- when: ansible_facts['distribution'] == "CentOS" and result is failed
-
-- name: "INSTALL: install container-selinux"
- shell:
- cmd: yum install -y container-selinux selinux-policy-base
- when: ansible_facts['distribution'] == "CentOS" and result is failed
- ignore_errors: true
-
-- name: "INSTALL: get interface name"
- shell:
- cmd: ip a |grep {{ ansible_host }} |awk '{print $NF}'
- register: ifName
- when: result is failed
-
-# yamllint disable rule:line-length
-- name: "INSTALL: install k3s"
- shell:
- cmd: curl -sfL https://get.k3s.io | INSTALL_K3S_EXEC="--node-ip={{ ansible_host }} --node-external-ip={{ ansible_host }} --bind-address={{ ansible_host }} --flannel-iface=eth0 --docker --no-deploy=servicelb --no-deploy=traefik --write-kubeconfig-mode 644 --kube-apiserver-arg="service-node-port-range=30000-36000"" sh -
- when: result is failed
-
-# yamllint disable rule:line-length
-
-#- name: "INSTALL: install k3s"
-# shell:
-# cmd: curl -sfL https://get.k3s.io | sh -
-# when: result is failed
-
-- name: "INSTALL: create .kube dir"
- shell:
- cmd: mkdir -p $HOME/.kube/
- when: result is failed
-
-- name: "INSTALL: copy kubeconfig"
- shell:
- cmd: cp /etc/rancher/k3s/k3s.yaml $HOME/.kube/config
- when: result is failed
+++ /dev/null
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
----
-- name: check whether k3s is already installed
- shell:
- cmd: which k3s
- register: result
- ignore_errors: yes
- no_log: True
-
-- debug:
- msg: Uninstalling k3s...
- when: result.stdout != ""
-
-- debug:
- msg: "UNINSTALL: Ignore Uninstall Log , K3s not installed"
- when: result.stdout == ""
-
-- name: "UNINSTALL: kill k3s"
- shell:
- cmd: k3s-killall.sh
- when: result is succeeded
-
-- name: "UNINSTALL: uninstall k3s"
- shell:
- cmd: k3s-uninstall.sh
- when: result is succeeded
+++ /dev/null
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
----
-# tasks file for k8s
-- name: Check whether k8s is already installed
- command: which k8s
- register: result
- ignore_errors: yes
- no_log: True
-
-- debug:
- msg: k8s is already present
- when: result.stdout != ""
-
-- debug:
-# yamllint disable rule:line-length
- msg: Ignore Uninstall Log , k8s not installed continue with Installation
-# yamllint disable rule:line-length
- when: result.stdout == ""
-
-- name: Install k8s
- shell:
-# yamllint disable rule:line-length
- cmd: ansible-playbook -i inventory/mycluster/hosts.yaml --become --become-user=root cluster.yml
-# yamllint disable rule:line-length
- chdir: /root/eliotkubesprey/kubespray/
+++ /dev/null
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
----
-# tasks file for k8s
-- include: "install.yml"
- static: false
- when: operation == 'install'
-
-- include: "uninstall.yml"
- static: false
- when: operation == 'uninstall'
+++ /dev/null
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
----
-# Uninstall file for k8s
-- name: Check whether k8s is already installed
- command: kubectl version
- register: result
- ignore_errors: yes
- no_log: True
-
-- debug:
- msg: k8s is already present
- when: result.stdout != ""
-
-- name: Remove k8s
- shell:
- cmd: yes | ansible-playbook -i inventory/mycluster/hosts.yaml reset.yml
- chdir: /root/eliotkubesprey/kubespray/
- when: result.stdout != ""
+++ /dev/null
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
----
-# tasks file for transferring kubeconfig files
-- name: debug msg
- debug:
- msg: transfering config file to OCD Host
-
-- name: Fetch the file from the controller and edge nodes to ocd-host
- fetch:
- src: /root/.kube/config
- dest: /root/.kube/config-{{ ansible_host }}
- flat: yes
+++ /dev/null
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
----
-# tasks file for kubeconfig transfer
-- include: "install.yml"
- when: operation == 'install'
-
-#- include: "uninstall.yml"
- #when: operation == 'uninstall'
+++ /dev/null
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
----
-# tasks file for k3s kube-config file transfer
-- name: debug msg
- debug:
- msg: transfering mep config file to OCD Host
-
-- name: Fetch the file from the mep edge nodes to ocd-host
- fetch:
- src: /root/.kube/config
- dest: /root/.kube/kubeconfig/{{ ansible_host }}
- flat: yes
+++ /dev/null
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
----
-# tasks file for kubeconfig transfer
-- include: "install.yml"
- when: operation == 'install'
+++ /dev/null
-#
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
----
-
-- name: Import config file
- include_vars:
- file: ../../../config.yml
- name: vardata
-
-- name: Install service center
- # yamllint disable rule:line-length
- command: helm install service-center-edgegallery edgegallery/servicecenter --set images.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/service-center --set images.pullPolicy=IfNotPresent --set global.ssl.enabled=true --set global.ssl.secretName=edgegallery-ssl-secret
- # yamllint disable rule:line-length
+++ /dev/null
-#
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
----
-
-# tasks file for service-center
-- include: "install.yml"
- static: false
- when: operation == 'install'
-
-- include: "uninstall.yml"
- static: false
- when: operation == 'uninstall'
+++ /dev/null
-#
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
----
-
-- name: Uninstall service center
- command: helm uninstall service-center-edgegallery
- ignore_errors: yes
- no_log: True
#
-# Copyright 2020 Huawei Technologies Co., Ltd.
+# Copyright 2021 Huawei Technologies Co., Ltd.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-#
-kind: Pod
-apiVersion: v1
-metadata:
- name: edgegallery-secondary-ep-controller
- namespace: kube-system
-spec:
- serviceAccount: edgegallery-secondary-ep-controller
- containers:
- - name: edgegallery-secondary-ep-controller
- image: edgegallery/edgegallery-secondary-ep-controller:latest
- imagePullPolicy: IfNotPresent
- command: ["/bin/sh", "-c", "--"]
- args: ["edgegallery-secondary-ep-controller"]
+
+# Password of Harbor admin
+HARBOR_ADMIN_PASSWORD: Harbor@edge
+
+# ip for portals,will be set to private
+# iP of master node default or reset it here
+# PORTAL_IP: 111.222.333.444
+
+# If not set, will get the default one during the run time
+# EG_NODE_EDGE_MP1: eth0
+# EG_NODE_EDGE_MM5: eth0
Code Review / eliot.git / commitdiff