From: arvindpatel Date: Fri, 27 Nov 2020 14:19:12 +0000 (+0530) Subject: Ansible playbook added X-Git-Url: https://gerrit.akraino.org/r/gitweb?a=commitdiff_plain;ds=inline;h=98019264e44c1fb840c87ba81bc14f2df104f902;p=eliot.git Ansible playbook added Signed-off-by: arvindpatel Change-Id: I339f8b8b17b9fae0ba898bc0b43764f61cb0e368 --- diff --git a/blueprints/iotgateway/playbooks/config.yml b/blueprints/iotgateway/playbooks/config.yml new file mode 100644 index 0000000..da7eaf2 --- /dev/null +++ b/blueprints/iotgateway/playbooks/config.yml @@ -0,0 +1,94 @@ +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- + +######### Common parameters ######### +######### Mandatory ######### +private_repo_ip: + name: + +######### Optional ######### +eg_image_tag: + name: 0.9 +# User can either give common pwd or can opt to provide individual pwds +common_pwd: + name: + +########## Edge config ############# +######### Mandatory ######### +mep_kong_pg_pwd: + name: +######### Optional ######### +edge_management_interface: + name: eth0 +edge_dataplane_interface: + name: eth1 +eg-management-address: + name: 100.1.1.2/24 +eg-dataplane-address: + name: 200.1.1.2/24 + +# All Edge related password which needs to be specified if user doesn't +# need common password for security purpose +mep_pg_admin_pwd: + name: +mep_cert_pwd: + name: +generate_cert_pass: + name: +mecm_mepm_postgresPassword: + name: +mecm_mepm_postgresLcmCntlrPassword: + name: +mecm_mepm_postgresk8sPluginPassword: + name: + +########### Master config ########### +######### Mandatory ######### +mecm_meo_edgeRepoUserName: + name: +mecm_meo_edgeRepoPassword: + name: + +######### Optional ######### +usermgmt_port: + name: 30067 +appstore_port: + name: 30091 +developer_port: + name: 30092 +mecm_port: + name: 30093 +docker_registry_port: + name: 5000 + +# All Master related password which needs to be specified if user +# doesn't need common password for security purpose +user_mgmt_encryptPassword: + name: +mecm_meo_keystorePassword: + name: +mecm_meo_truststorePassword: + name: +mecm_meo_postgresPassword: + name: +mecm_meo_postgresApmPassword: + name: +mecm_meo_postgresAppoPassword: + name: +mecm_meo_postgresInventoryPassword: + name: +# Only if env structure, ocd in arm and master and edge in x86_64 +master_edge_processor: + name: "x86_64" diff --git a/blueprints/iotgateway/playbooks/eliot-all-uninstall.yml b/blueprints/iotgateway/playbooks/eliot-all-uninstall.yml new file mode 100644 index 0000000..b58890e --- /dev/null +++ b/blueprints/iotgateway/playbooks/eliot-all-uninstall.yml @@ -0,0 +1,125 @@ +# +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- + +############ OCD ############ + +- hosts: ocdconsolidated + become: yes + tags: + - ocdhost + - ocdconsolidated + + roles: + - eg_helm-repo + - eg_registry + - eg_certs + - helm + - k8s + +############ Master ############ + +### EdgeGallery related ### + +- hosts: egmaster + become: yes + tags: + - egmaster + - master + + roles: + - eg_mecm-meo + - eg_mecm-fe + - eg_appstore + - eg_developer + - eg_user-mgmt + - service_center + - eg_secret + +### Other 3rd party related ### + +- hosts: thirdpartymaster + become: yes + tags: + - thirdpartymaster + - master + + roles: + - grafana + +### Pre-Requisites ### + +- hosts: prerequisitemaster + become: yes + tags: + - prerequisitemaster + - master + + roles: + - kubeconfig + - helm + +############ Edge ############ + +### EdgeGallery related ### + +- hosts: egedge + become: yes + tags: + - egedge + - edge + + roles: + - eg_secret + - eg_mep + - eg_mecm-mepm + +### Other 3rd party related ### + +- hosts: thirdpartyedge + become: yes + tags: + - thirdpartyedge + - edge + + roles: + - rabbitmq + - prometheus + - kubeconfig + - mepkubeconfig + - cadvisor + +### Pre-Requisites ### + +- hosts: prerequisiteedge + become: yes + tags: + - prerequisiteedge + - edge + + roles: + - helm + +### Infrastructure ### +- hosts: edge-infra + become: yes + tags: + - edge-infra + - edge + + roles: + - k3s + - docker diff --git a/blueprints/iotgateway/playbooks/eliot-inventory.ini b/blueprints/iotgateway/playbooks/eliot-inventory.ini new file mode 100644 index 0000000..bb5c1e6 --- /dev/null +++ b/blueprints/iotgateway/playbooks/eliot-inventory.ini @@ -0,0 +1,57 @@ +# +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +[master] +controller1 ansible_host="" ansible_user="" ansible_password="" + +[edge] +edge1 ansible_host="" ansible_user="" ansible_password="" + +[ocdhost] +ocdhost ansible_host="" ansible_user="" ansible_password="" + +### OCD childrens ### + +[ocdconsolidated:children] +ocdhost + +### Master node childrens ### + +[master-infra:children] +master + +[prerequisitemaster:children] +master + +[thirdpartymaster:children] +master + +[egmaster:children] +master + +### Edge node childrens ### + +[edge-infra:children] +edge + +[prerequisiteedge:children] +edge + +[thirdpartyedge:children] +edge + +[egedge:children] +edge diff --git a/blueprints/iotgateway/playbooks/eloit-all.yml b/blueprints/iotgateway/playbooks/eloit-all.yml new file mode 100644 index 0000000..2ea2dec --- /dev/null +++ b/blueprints/iotgateway/playbooks/eloit-all.yml @@ -0,0 +1,131 @@ +# +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +--- + +############ OCD ############ + +- hosts: ocdconsolidated + become: yes + tags: + - ocdhost + - ocdconsolidated + + roles: + - k8s + - helm + - eg_certs + - eg_registry + - eg_helm-repo + +############ Master ############ + +### Pre-Requisites ### + +- hosts: prerequisitemaster + become: yes + tags: + - prerequisitemaster + - master + + roles: + - eg_prerequisite + - helm + - eg_set-helm-repo + - kubeconfig + +### Other 3rd party related ### + +- hosts: thirdpartymaster + become: yes + tags: + - thirdpartymaster + - master + + roles: + - grafana + +### EdgeGallery related ### + +- hosts: egmaster + become: yes + tags: + - egmaster + - master + + roles: + - eg_secret + - service_center + - eg_user-mgmt + - eg_mecm-meo + - eg_mecm-fe + - eg_appstore + - eg_developer + + +############ Edge ############ + +### Infrastructure ### +- hosts: edge-infra + become: yes + tags: + - edge-infra + - edge + + roles: + - docker + - eg_prerequisite + - k3s + +### Pre-Requisites ### + +- hosts: prerequisiteedge + become: yes + tags: + - prerequisiteedge + - edge + + roles: + - helm + +### Other 3rd party related ### + +- hosts: thirdpartyedge + become: yes + tags: + - thirdpartyedge + - edge + + roles: + - rabbitmq + - prometheus + - kubeconfig + - mepkubeconfig + - cadvisor + +### EdgeGallery related ### + +- hosts: egedge + become: yes + tags: + - egedge + - edge + + roles: + - eg_secret + - eg_set-helm-repo + - eg_mep + - eg_mecm-mepm diff --git a/blueprints/iotgateway/playbooks/roles/cadvisor/files/dep.yaml b/blueprints/iotgateway/playbooks/roles/cadvisor/files/dep.yaml new file mode 100644 index 0000000..aaf38b4 --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/cadvisor/files/dep.yaml @@ -0,0 +1,91 @@ +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +# cadvisor pod +--- +apiVersion: v1 +kind: Pod +metadata: + name: cadvisor + namespace: default + labels: + app: cadvisor + annotations: + seccomp.security.alpha.kubernetes.io/pod: 'docker/default' +spec: + containers: + - image: unibaktr/cadvisor:v0.36.0 + imagePullPolicy: Always + name: cadvisor-pod + ports: + - containerPort: 8080 + hostPort: 8081 + protocol: TCP + resources: + requests: + memory: 200Mi + cpu: 150m + limits: + memory: 2000Mi + cpu: 300m + volumeMounts: + - mountPath: /rootfs + name: rootfs + readOnly: true + # yamllint disable-line rule:key-duplicates + volumeMounts: + - mountPath: /var/run + name: varrun + readOnly: true + # yamllint disable-line rule:key-duplicates + volumeMounts: + - mountPath: /sys + name: sys + readOnly: true + # yamllint disable-line rule:key-duplicates + volumeMounts: + - mountPath: /var/lib/docker + name: varlibdocker + readOnly: true + # yamllint disable-line rule:key-duplicates + volumeMounts: + - mountPath: /dev/disk + name: devdisk + readOnly: true + terminationGracePeriodSeconds: 30 + volumes: + - name: rootfs + hostPath: + path: / + # yamllint disable-line rule:key-duplicates + volumes: + - name: varrun + hostPath: + path: /var/run + # yamllint disable-line rule:key-duplicates + volumes: + - name: sys + hostPath: + path: /sys + # yamllint disable-line rule:key-duplicates + volumes: + - name: varlibdocker + hostPath: + path: /var/lib/docker + # yamllint disable-line rule:key-duplicates + volumes: + - name: devdisk + hostPath: + path: /dev/disk diff --git a/blueprints/iotgateway/playbooks/roles/cadvisor/tasks/install.yml b/blueprints/iotgateway/playbooks/roles/cadvisor/tasks/install.yml new file mode 100644 index 0000000..e6ead6c --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/cadvisor/tasks/install.yml @@ -0,0 +1,24 @@ +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +- name: copy deploy folder to mep node to install mepserver + copy: + src: dep.yaml + dest: /tmp/cadvisor/ + +- name: Installation of cadvisor + shell: + cmd: kubectl apply -f /tmp/cadvisor/dep.yaml + ignore_errors: 'True' diff --git a/blueprints/iotgateway/playbooks/roles/cadvisor/tasks/main.yml b/blueprints/iotgateway/playbooks/roles/cadvisor/tasks/main.yml new file mode 100644 index 0000000..ce13bd1 --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/cadvisor/tasks/main.yml @@ -0,0 +1,23 @@ +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- + +# tasks file for cAdvisor + +- include: "install.yml" + when: operation == 'install' + +- include: "uninstall.yml" + when: operation == 'uninstall' diff --git a/blueprints/iotgateway/playbooks/roles/cadvisor/tasks/uninstall.yml b/blueprints/iotgateway/playbooks/roles/cadvisor/tasks/uninstall.yml new file mode 100644 index 0000000..93e6b7d --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/cadvisor/tasks/uninstall.yml @@ -0,0 +1,26 @@ +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +- name: check if cadvisor is installed before removing + shell: + cmd: kubectl get pods | grep cadvisor + register: result + ignore_errors: 'True' + +- name: Uninstallation of cadvisor + shell: + cmd: kubectl delete -f /tmp/cadvisor/dep.yaml + when: result is succeeded + ignore_errors: 'True' diff --git a/blueprints/iotgateway/playbooks/roles/certmanager/tasks/install.yml b/blueprints/iotgateway/playbooks/roles/certmanager/tasks/install.yml new file mode 100644 index 0000000..c70ed66 --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/certmanager/tasks/install.yml @@ -0,0 +1,20 @@ +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +- name: Installation of cert-manager + shell: +# yamllint disable rule:line-length + cmd: kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v0.15.0/cert-manager.yaml + ignore_errors: 'True' diff --git a/blueprints/iotgateway/playbooks/roles/certmanager/tasks/main.yml b/blueprints/iotgateway/playbooks/roles/certmanager/tasks/main.yml new file mode 100644 index 0000000..7c34071 --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/certmanager/tasks/main.yml @@ -0,0 +1,25 @@ +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- + +# tasks file for cert-manager + +- include: "install.yml" + static: false + when: operation == 'install' + +- include: "uninstall.yml" + static: false + when: operation == 'uninstall' diff --git a/blueprints/iotgateway/playbooks/roles/certmanager/tasks/uninstall.yml b/blueprints/iotgateway/playbooks/roles/certmanager/tasks/uninstall.yml new file mode 100644 index 0000000..260e16f --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/certmanager/tasks/uninstall.yml @@ -0,0 +1,32 @@ +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +- name: check whether cert-manager applied or not + shell: + cmd: kubectl get pods -n cert-manager + register: result + ignore_errors: yes + no_log: True + +- debug: + msg: Removing cert-manager pods... + when: result.stdout != "" + +- name: Uninstallation of cert-manager + shell: +# yamllint disable rule:line-length + cmd: kubectl delete -f https://github.com/jetstack/cert-manager/releases/download/v0.15.0/cert-manager.yaml + ignore_errors: 'True' + when: result.stdout != "" diff --git a/blueprints/iotgateway/playbooks/roles/docker/tasks/install.yml b/blueprints/iotgateway/playbooks/roles/docker/tasks/install.yml new file mode 100644 index 0000000..c72fe26 --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/docker/tasks/install.yml @@ -0,0 +1,100 @@ +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +- name: Check whether docker is already installed + command: which docker + register: result + ignore_errors: yes + no_log: True + +- debug: + msg: Docker is already present + when: result.stdout != "" + +- debug: +# yamllint disable rule:line-length + msg: Ignore Uninstall Log , Docker not installed continue with Installation +# yamllint disable rule:line-length + when: result.stdout == "" + +- name: "INSTALL: Installing docker update" + command: apt-get update -y + ignore_errors: yes + failed_when: false + no_log: True + +- name: "INSTALL: Installing docker upgrade" +# yamllint disable rule:line-length + command: apt-get install -y apt-transport-https ca-certificates curl gnupg-agent software-properties-common +# yamllint disable rule:line-length + ignore_errors: yes + when: result is failed and ansible_architecture == 'aarch64' + +- name: "INSTALL: Add repository" + shell: curl -sL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - + when: result is failed and ansible_architecture == 'aarch64' + +- name: "INSTALL: CA-Certificates" +# yamllint disable rule:line-length + shell: sudo add-apt-repository "deb [arch=arm64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" +# yamllint disable rule:line-length + ignore_errors: yes + failed_when: false + no_log: True + when: result is failed and ansible_architecture == 'aarch64' + +- name: "INSTALL: Update....." + command: apt-get update -y + ignore_errors: yes + failed_when: false + no_log: True + when: result is failed and ansible_architecture == 'aarch64' + +- name: "INSTALL: Installed docker" + command: apt-get install -y docker-ce docker-ce-cli containerd.io + ignore_errors: yes + when: result is failed and ansible_architecture == 'aarch64' + +- debug: + msg: "CentOS commands start" + +- name: "INSTALL:Installing docker " + command: yum install -y yum-utils + when: ansible_facts['distribution'] == "CentOS" and result is failed + ignore_errors: yes + no_log: true + +- name: "INSTALL: Add repo" + command: yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo + when: ansible_facts['distribution'] == "CentOS" and result is failed + #ignore_error: yes + no_log: true + +- name: "INSTALL: install containerd.io" + command: yum -y install docker-ce-19.03.8 docker-ce-cli-19.03.8 containerd.io + when: ansible_facts['distribution'] == "CentOS" and result is failed + ignore_errors: yes + no_log: true + +- name: "Start Docker:" + command: systemctl start docker + when: ansible_facts['distribution'] == "CentOS" and result is failed + ignore_errors: yes + #no_log: true + +- name: "Start Docker: enable" + command: systemctl enable docker + when: ansible_facts['distribution'] == "CentOS" and result is failed + ignore_errors: yes diff --git a/blueprints/iotgateway/playbooks/roles/docker/tasks/main.yml b/blueprints/iotgateway/playbooks/roles/docker/tasks/main.yml new file mode 100644 index 0000000..b8f4286 --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/docker/tasks/main.yml @@ -0,0 +1,23 @@ +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +# tasks file for docker +- include: "install.yml" + static: false + when: operation == 'install' + +- include: "uninstall.yml" + static: false + when: operation == 'uninstall' diff --git a/blueprints/iotgateway/playbooks/roles/docker/tasks/uninstall.yml b/blueprints/iotgateway/playbooks/roles/docker/tasks/uninstall.yml new file mode 100644 index 0000000..f756489 --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/docker/tasks/uninstall.yml @@ -0,0 +1,67 @@ +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +- name: Check whether docker is installed before deleting + command: which docker + register: result + ignore_errors: yes + no_log: True + +- debug: + msg: Uninstalling docker... + when: result.stdout != "" + +- debug: +# yamllint disable rule:line-length + msg: Ignore Uninstall Log , Docker not installed +# yamllint disable rule:line-length + when: result.stdout == "" + +- name: "UNINSTALL: Uninstall docker engine" + command: apt-get purge -y docker-engine + ignore_errors: yes + when: result is succeeded and ansible_architecture == 'aarch64' + +- name: "UNINSTALL: Uninstall docker" + command: apt-get purge -y docker + ignore_errors: yes + when: result is succeeded and ansible_architecture == 'aarch64' + #when: result is succeeded and ansible_architecture == 'x86_64' + +- name: "UNINSTALL: Uninstall docker.io" + command: apt-get purge -y docker.io + ignore_errors: yes + when: result is succeeded and ansible_architecture == 'aarch64' + +- name: "UNINSTALL: Uninstall docker-ce" + command: apt-get purge -y docker-ce + ignore_errors: yes + when: result is succeeded and ansible_architecture == 'aarch64' + #when: result is succeeded and ansible_architecture == 'aarch64' + +- name: "UNINSTALL: Uninstall docker" + command: apt-get purge -y docker-ce-cli + ignore_errors: yes + when: result is succeeded and ansible_architecture == 'aarch64' + #when: result is succeeded + +- debug: + msg: "CentOS commands start" + +- name: "UNINSTALL:Uninstalled docker " + shell: + cmd: yes | yum remove docker-ce docker-ce-cli containerd.io + ignore_errors: yes + no_log: true diff --git a/blueprints/iotgateway/playbooks/roles/eg_appstore/tasks/install.yml b/blueprints/iotgateway/playbooks/roles/eg_appstore/tasks/install.yml new file mode 100644 index 0000000..2b9ad8e --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/eg_appstore/tasks/install.yml @@ -0,0 +1,26 @@ +# +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +--- + +- name: Import vars + include_vars: + file: ../../../config.yml + name: vardata + +- name: Helm install appstore + # yamllint disable rule:line-length + command: helm install appstore-edgegallery edgegallery/appstore --set global.oauth2.authServerAddress=https://{{ ansible_host }}:{{ vardata.usermgmt_port.name}} --set images.appstoreFe.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/appstore-fe --set images.appstoreBe.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/appstore-be --set images.postgres.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/postgres --set images.initservicecenter.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/curl --set images.appstoreFe.tag={{vardata.eg_image_tag.name}} --set images.appstoreBe.tag={{vardata.eg_image_tag.name}} --set images.appstoreFe.pullPolicy=IfNotPresent --set images.appstoreBe.pullPolicy=IfNotPresent --set images.postgres.pullPolicy=IfNotPresent --set images.initservicecenter.pullPolicy=IfNotPresent --set global.ssl.enabled=true --set global.ssl.secretName=edgegallery-ssl-secret diff --git a/blueprints/iotgateway/playbooks/roles/eg_appstore/tasks/main.yml b/blueprints/iotgateway/playbooks/roles/eg_appstore/tasks/main.yml new file mode 100644 index 0000000..e8bea5a --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/eg_appstore/tasks/main.yml @@ -0,0 +1,26 @@ +# +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +--- + +# tasks file for eg_appstore +- include: "install.yml" + static: false + when: operation == 'install' + +- include: "uninstall.yml" + static: false + when: operation == 'uninstall' diff --git a/blueprints/iotgateway/playbooks/roles/eg_appstore/tasks/uninstall.yml b/blueprints/iotgateway/playbooks/roles/eg_appstore/tasks/uninstall.yml new file mode 100644 index 0000000..f38b51d --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/eg_appstore/tasks/uninstall.yml @@ -0,0 +1,22 @@ +# +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +--- + +- name: Uninstall appstore + command: helm uninstall appstore-edgegallery + ignore_errors: yes + no_log: True diff --git a/blueprints/iotgateway/playbooks/roles/eg_certs/tasks/install.yml b/blueprints/iotgateway/playbooks/roles/eg_certs/tasks/install.yml new file mode 100644 index 0000000..4aa99bf --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/eg_certs/tasks/install.yml @@ -0,0 +1,37 @@ +# +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +--- + +- name: Import config file + include_vars: + file: ../../../config.yml + name: vardata + +- name: Remove old ssl key dir + command: rm -rf /tmp/ssl-eg-keys-certs + args: + chdir: /tmp/ + +- name: Make new ssl key dir + command: mkdir -p /tmp/ssl-eg-keys-certs + args: + chdir: /tmp/ + +- name: generate cert + # yamllint disable rule:line-length + command: docker run -e CERT_VALIDITY_IN_DAYS=365 -v /tmp/ssl-eg-keys-certs:/certs swr.ap-southeast-1.myhuaweicloud.com/edgegallery/deploy-tool:latest + # yamllint disable rule:line-length diff --git a/blueprints/iotgateway/playbooks/roles/eg_certs/tasks/main.yml b/blueprints/iotgateway/playbooks/roles/eg_certs/tasks/main.yml new file mode 100644 index 0000000..0ddc8f4 --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/eg_certs/tasks/main.yml @@ -0,0 +1,25 @@ +# +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +--- +# tasks file for eg_certs +- include: "install.yml" + static: false + when: operation == 'install' + +- include: "uninstall.yml" + static: false + when: operation == 'uninstall' diff --git a/blueprints/iotgateway/playbooks/roles/eg_certs/tasks/uninstall.yml b/blueprints/iotgateway/playbooks/roles/eg_certs/tasks/uninstall.yml new file mode 100644 index 0000000..ca56d0d --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/eg_certs/tasks/uninstall.yml @@ -0,0 +1,24 @@ +# +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +--- + +- name: Remove generated certificates + command: rm -rf /tmp/ssl-eg-keys-certs + args: + chdir: /tmp/ + ignore_errors: yes + no_log: True diff --git a/blueprints/iotgateway/playbooks/roles/eg_developer/tasks/install.yml b/blueprints/iotgateway/playbooks/roles/eg_developer/tasks/install.yml new file mode 100644 index 0000000..107d452 --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/eg_developer/tasks/install.yml @@ -0,0 +1,26 @@ +# +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +--- + +- name: Import config file + include_vars: + file: ../../../config.yml + name: vardata + +- name: Developer chart installing + # yamllint disable rule:line-length + command: helm install developer-edgegallery edgegallery/developer --set global.oauth2.authServerAddress=https://{{ ansible_host }}:{{ vardata.usermgmt_port.name}} --set images.developerFe.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/developer-fe --set images.developerBe.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/developer-be --set images.postgres.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/postgres --set images.initservicecenter.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/curl --set images.developerFe.tag={{vardata.eg_image_tag.name}} --set images.developerBe.tag={{vardata.eg_image_tag.name}} --set images.developerFe.pullPolicy=IfNotPresent --set images.developerBe.pullPolicy=IfNotPresent --set images.postgres.pullPolicy=IfNotPresent --set images.initservicecenter.pullPolicy=IfNotPresent --set global.ssl.enabled=true --set global.ssl.secretName=edgegallery-ssl-secret diff --git a/blueprints/iotgateway/playbooks/roles/eg_developer/tasks/main.yml b/blueprints/iotgateway/playbooks/roles/eg_developer/tasks/main.yml new file mode 100644 index 0000000..bab0558 --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/eg_developer/tasks/main.yml @@ -0,0 +1,25 @@ +# +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +--- +# tasks file for eg_developer +- include: "install.yml" + static: false + when: operation == 'install' + +- include: "uninstall.yml" + static: false + when: operation == 'uninstall' diff --git a/blueprints/iotgateway/playbooks/roles/eg_developer/tasks/uninstall.yml b/blueprints/iotgateway/playbooks/roles/eg_developer/tasks/uninstall.yml new file mode 100644 index 0000000..787052a --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/eg_developer/tasks/uninstall.yml @@ -0,0 +1,22 @@ +# +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +--- + +- name: Uninstall developer + command: helm uninstall developer-edgegallery + ignore_errors: yes + no_log: True diff --git a/blueprints/iotgateway/playbooks/roles/eg_helm-repo/files/deploy/helm/helm-charts/edgegallery/appstore-0.9.tgz b/blueprints/iotgateway/playbooks/roles/eg_helm-repo/files/deploy/helm/helm-charts/edgegallery/appstore-0.9.tgz new file mode 100644 index 0000000..53de058 Binary files /dev/null and b/blueprints/iotgateway/playbooks/roles/eg_helm-repo/files/deploy/helm/helm-charts/edgegallery/appstore-0.9.tgz differ diff --git a/blueprints/iotgateway/playbooks/roles/eg_helm-repo/files/deploy/helm/helm-charts/edgegallery/developer-0.9.tgz b/blueprints/iotgateway/playbooks/roles/eg_helm-repo/files/deploy/helm/helm-charts/edgegallery/developer-0.9.tgz new file mode 100644 index 0000000..34e7c77 Binary files /dev/null and b/blueprints/iotgateway/playbooks/roles/eg_helm-repo/files/deploy/helm/helm-charts/edgegallery/developer-0.9.tgz differ diff --git a/blueprints/iotgateway/playbooks/roles/eg_helm-repo/files/deploy/helm/helm-charts/edgegallery/mecm-fe-0.9.tgz b/blueprints/iotgateway/playbooks/roles/eg_helm-repo/files/deploy/helm/helm-charts/edgegallery/mecm-fe-0.9.tgz new file mode 100644 index 0000000..bc76b63 Binary files /dev/null and b/blueprints/iotgateway/playbooks/roles/eg_helm-repo/files/deploy/helm/helm-charts/edgegallery/mecm-fe-0.9.tgz differ diff --git a/blueprints/iotgateway/playbooks/roles/eg_helm-repo/files/deploy/helm/helm-charts/edgegallery/mecm-meo-0.9.tgz b/blueprints/iotgateway/playbooks/roles/eg_helm-repo/files/deploy/helm/helm-charts/edgegallery/mecm-meo-0.9.tgz new file mode 100644 index 0000000..9f65c7f Binary files /dev/null and b/blueprints/iotgateway/playbooks/roles/eg_helm-repo/files/deploy/helm/helm-charts/edgegallery/mecm-meo-0.9.tgz differ diff --git a/blueprints/iotgateway/playbooks/roles/eg_helm-repo/files/deploy/helm/helm-charts/edgegallery/mecm-mepm-0.9.tgz b/blueprints/iotgateway/playbooks/roles/eg_helm-repo/files/deploy/helm/helm-charts/edgegallery/mecm-mepm-0.9.tgz new file mode 100644 index 0000000..4f5c572 Binary files /dev/null and b/blueprints/iotgateway/playbooks/roles/eg_helm-repo/files/deploy/helm/helm-charts/edgegallery/mecm-mepm-0.9.tgz differ diff --git a/blueprints/iotgateway/playbooks/roles/eg_helm-repo/files/deploy/helm/helm-charts/edgegallery/mep-0.9.tgz b/blueprints/iotgateway/playbooks/roles/eg_helm-repo/files/deploy/helm/helm-charts/edgegallery/mep-0.9.tgz new file mode 100644 index 0000000..490d9ef Binary files /dev/null and b/blueprints/iotgateway/playbooks/roles/eg_helm-repo/files/deploy/helm/helm-charts/edgegallery/mep-0.9.tgz differ diff --git a/blueprints/iotgateway/playbooks/roles/eg_helm-repo/files/deploy/helm/helm-charts/edgegallery/servicecenter-0.9.tgz b/blueprints/iotgateway/playbooks/roles/eg_helm-repo/files/deploy/helm/helm-charts/edgegallery/servicecenter-0.9.tgz new file mode 100644 index 0000000..72aed5a Binary files /dev/null and b/blueprints/iotgateway/playbooks/roles/eg_helm-repo/files/deploy/helm/helm-charts/edgegallery/servicecenter-0.9.tgz differ diff --git a/blueprints/iotgateway/playbooks/roles/eg_helm-repo/files/deploy/helm/helm-charts/edgegallery/usermgmt-0.9.tgz b/blueprints/iotgateway/playbooks/roles/eg_helm-repo/files/deploy/helm/helm-charts/edgegallery/usermgmt-0.9.tgz new file mode 100644 index 0000000..d1cc9be Binary files /dev/null and b/blueprints/iotgateway/playbooks/roles/eg_helm-repo/files/deploy/helm/helm-charts/edgegallery/usermgmt-0.9.tgz differ diff --git a/blueprints/iotgateway/playbooks/roles/eg_helm-repo/files/deploy/helm/helm-charts/stable/grafana-5.5.5.tgz b/blueprints/iotgateway/playbooks/roles/eg_helm-repo/files/deploy/helm/helm-charts/stable/grafana-5.5.5.tgz new file mode 100644 index 0000000..2c67c80 Binary files /dev/null and b/blueprints/iotgateway/playbooks/roles/eg_helm-repo/files/deploy/helm/helm-charts/stable/grafana-5.5.5.tgz differ diff --git a/blueprints/iotgateway/playbooks/roles/eg_helm-repo/files/deploy/helm/helm-charts/stable/nfs-client-provisioner-1.2.8.tgz b/blueprints/iotgateway/playbooks/roles/eg_helm-repo/files/deploy/helm/helm-charts/stable/nfs-client-provisioner-1.2.8.tgz new file mode 100644 index 0000000..c63a4b8 Binary files /dev/null and b/blueprints/iotgateway/playbooks/roles/eg_helm-repo/files/deploy/helm/helm-charts/stable/nfs-client-provisioner-1.2.8.tgz differ diff --git a/blueprints/iotgateway/playbooks/roles/eg_helm-repo/files/deploy/helm/helm-charts/stable/nginx-ingress-1.41.2.tgz b/blueprints/iotgateway/playbooks/roles/eg_helm-repo/files/deploy/helm/helm-charts/stable/nginx-ingress-1.41.2.tgz new file mode 100644 index 0000000..00bd24a Binary files /dev/null and b/blueprints/iotgateway/playbooks/roles/eg_helm-repo/files/deploy/helm/helm-charts/stable/nginx-ingress-1.41.2.tgz differ diff --git a/blueprints/iotgateway/playbooks/roles/eg_helm-repo/files/deploy/helm/helm-charts/stable/prometheus-9.3.1.tgz b/blueprints/iotgateway/playbooks/roles/eg_helm-repo/files/deploy/helm/helm-charts/stable/prometheus-9.3.1.tgz new file mode 100644 index 0000000..3b1090b Binary files /dev/null and b/blueprints/iotgateway/playbooks/roles/eg_helm-repo/files/deploy/helm/helm-charts/stable/prometheus-9.3.1.tgz differ diff --git a/blueprints/iotgateway/playbooks/roles/eg_helm-repo/tasks/install.yml b/blueprints/iotgateway/playbooks/roles/eg_helm-repo/tasks/install.yml new file mode 100644 index 0000000..5624146 --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/eg_helm-repo/tasks/install.yml @@ -0,0 +1,60 @@ +# +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +--- + +- name: Doing deployment setup for edge gallery + copy: + src: deploy + dest: /tmp/eg_helm-repo/ + +- name: Import config file + include_vars: + file: ../../../config.yml + name: vardata + +- name: Helm repo index edgegallery + command: helm repo index edgegallery/ + args: + chdir: /tmp/eg_helm-repo/deploy/helm/helm-charts/ + +- name: Helm repo index stable + command: helm repo index stable/ + args: + chdir: /tmp/eg_helm-repo/deploy/helm/helm-charts/ + +- name: Changing permisiion + command: chmod -R 755 /tmp/eg_helm-repo + +- name: Creating helm repo + # yamllint disable rule:line-length + command: docker run --name helm-repo -v /tmp/eg_helm-repo/deploy/helm/helm-charts/:/usr/share/nginx/html:ro -d -p 8080:80 nginx:stable + args: + chdir: /tmp/eg_helm-repo/deploy/helm/helm-charts/ + +- name: Helm repo add edgegallery + # yamllint disable rule:line-length + command: helm repo add edgegallery http://{{ vardata.private_repo_ip.name}}:8080/edgegallery + args: + chdir: /tmp/eg_helm-repo/deploy/helm/helm-charts/ + +- name: Helm repo add stable + command: helm repo add stable http://{{ vardata.private_repo_ip.name}}:8080/stable + args: + chdir: /tmp/eg_helm-repo/deploy/helm/helm-charts/ + +- debug: + msg: "Helm repo created" diff --git a/blueprints/iotgateway/playbooks/roles/eg_helm-repo/tasks/main.yml b/blueprints/iotgateway/playbooks/roles/eg_helm-repo/tasks/main.yml new file mode 100644 index 0000000..858c198 --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/eg_helm-repo/tasks/main.yml @@ -0,0 +1,25 @@ +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +--- + +# tasks file for eg_helm_repo_add +- include: "install.yml" + static: false + when: operation == 'install' + +- include: "uninstall.yml" + static: false + when: operation == 'uninstall' diff --git a/blueprints/iotgateway/playbooks/roles/eg_helm-repo/tasks/uninstall.yml b/blueprints/iotgateway/playbooks/roles/eg_helm-repo/tasks/uninstall.yml new file mode 100644 index 0000000..65ea65e --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/eg_helm-repo/tasks/uninstall.yml @@ -0,0 +1,31 @@ +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +--- + +- name: Docker stop helm repo + command: docker stop helm-repo + ignore_errors: yes + no_log: True + +- name: Docker rm helm repo + command: docker rm helm-repo + ignore_errors: yes + no_log: True + +- name: Remove tmp folder + command: rm -rf /tmp/eg_helm-repo + ignore_errors: yes + no_log: True diff --git a/blueprints/iotgateway/playbooks/roles/eg_mecm-fe/tasks/install.yml b/blueprints/iotgateway/playbooks/roles/eg_mecm-fe/tasks/install.yml new file mode 100644 index 0000000..0e728b9 --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/eg_mecm-fe/tasks/install.yml @@ -0,0 +1,26 @@ +# +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +--- + +- name: Import config file + include_vars: + file: ../../../config.yml + name: vardata + +- name: Install mecm-fe + # yamllint disable rule:line-length + command: helm install mecm-fe-edgegallery edgegallery/mecm-fe --set global.oauth2.authServerAddress=https://{{ ansible_host }}:{{vardata.usermgmt_port.name}} --set images.mecmFe.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/mecm-fe --set images.initservicecenter.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/curl --set images.mecmFe.tag={{vardata.eg_image_tag.name}} --set images.mecmFe.pullPolicy=IfNotPresent --set images.initservicecenter.pullPolicy=IfNotPresent --set global.ssl.enabled=true --set global.ssl.secretName=edgegallery-ssl-secret diff --git a/blueprints/iotgateway/playbooks/roles/eg_mecm-fe/tasks/main.yml b/blueprints/iotgateway/playbooks/roles/eg_mecm-fe/tasks/main.yml new file mode 100644 index 0000000..b168173 --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/eg_mecm-fe/tasks/main.yml @@ -0,0 +1,25 @@ +# +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +--- +# tasks file for eg_mecm-fe +- include: "install.yml" + static: false + when: operation == 'install' + +- include: "uninstall.yml" + static: false + when: operation == 'uninstall' diff --git a/blueprints/iotgateway/playbooks/roles/eg_mecm-fe/tasks/uninstall.yml b/blueprints/iotgateway/playbooks/roles/eg_mecm-fe/tasks/uninstall.yml new file mode 100644 index 0000000..6c67b36 --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/eg_mecm-fe/tasks/uninstall.yml @@ -0,0 +1,22 @@ +# +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +--- + +- name: Uninstall mecm fe + command: helm uninstall mecm-fe-edgegallery + ignore_errors: yes + no_log: True diff --git a/blueprints/iotgateway/playbooks/roles/eg_mecm-meo/files/deploy/conf/keys/postgres_init.sql b/blueprints/iotgateway/playbooks/roles/eg_mecm-meo/files/deploy/conf/keys/postgres_init.sql new file mode 100644 index 0000000..76e94d6 --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/eg_mecm-meo/files/deploy/conf/keys/postgres_init.sql @@ -0,0 +1,29 @@ +CREATE USER inventory WITH PASSWORD 'PASSWORD_VALUE' CREATEDB; +CREATE DATABASE inventorydb + WITH + OWNER = inventory + ENCODING = 'UTF8' + LC_COLLATE = 'en_US.utf8' + LC_CTYPE = 'en_US.utf8' + TABLESPACE = pg_default + CONNECTION LIMIT = -1; + +CREATE USER appo WITH PASSWORD 'PASSWORD_VALUE' CREATEDB; +CREATE DATABASE appodb + WITH + OWNER = appo + ENCODING = 'UTF8' + LC_COLLATE = 'en_US.utf8' + LC_CTYPE = 'en_US.utf8' + TABLESPACE = pg_default + CONNECTION LIMIT = -1; + +CREATE USER apm WITH PASSWORD 'PASSWORD_VALUE' CREATEDB; +CREATE DATABASE apmdb + WITH + OWNER = apm + ENCODING = 'UTF8' + LC_COLLATE = 'en_US.utf8' + LC_CTYPE = 'en_US.utf8' + TABLESPACE = pg_default + CONNECTION LIMIT = -1; diff --git a/blueprints/iotgateway/playbooks/roles/eg_mecm-meo/tasks/install.yml b/blueprints/iotgateway/playbooks/roles/eg_mecm-meo/tasks/install.yml new file mode 100644 index 0000000..e6c2fc7 --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/eg_mecm-meo/tasks/install.yml @@ -0,0 +1,73 @@ +# +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +--- + +- name: Doing deployment eg_mecm-meo setup for edge gallery eg_mecm-meo + copy: + src: deploy + dest: /tmp/eg_mecm-meo/ + +- name: Import config file + include_vars: + file: ../../../config.yml + name: vardata + +- name: Replacing pwd sql + replace: + path: /tmp/eg_mecm-meo/deploy/conf/keys/postgres_init.sql + regexp: 'PASSWORD_VALUE' + replace: "{{ vardata.common_pwd.name }}" + +- name: Set a variable + ansible.builtin.set_fact: + comm_pwd: "{{ vardata.common_pwd.name }}" + +- name: Create mecm-ssl-secret with common pwd + # yamllint disable rule:line-length + command: kubectl create secret generic mecm-ssl-secret --from-file=keystore.p12=/tmp/ssl-eg-keys-certs/keystore.p12 --from-file=keystore.jks=/tmp/ssl-eg-keys-certs/keystore.jks --from-literal=keystorePassword={{ vardata.common_pwd.name}} --from-literal=keystoreType=PKCS12 --from-literal=keyAlias=edgegallery --from-literal=truststorePassword={{ vardata.common_pwd.name}} + # yamllint disable rule:line-length + when: comm_pwd != "" + +- name: Generates certificate mecm-ssl-secret + # yamllint disable rule:line-length + command: kubectl create secret generic mecm-ssl-secret --from-file=keystore.p12=/tmp/ssl-eg-keys-certs/keystore.p12 --from-file=keystore.jks=/tmp/ssl-eg-keys-certs/keystore.jks --from-literal=keystorePassword={{ vardata.mecm_meo_keystorePassword.name}} --from-literal=keystoreType=PKCS12 --from-literal=keyAlias=edgegallery --from-literal=truststorePassword={{ vardata.mecm_meo_truststorePassword.name}} + # yamllint disable rule:line-length + when: comm_pwd == "" + +- name: Create certificate edgegallery-mecm-secret with common pwd + # yamllint disable rule:line-length + command: kubectl create secret generic edgegallery-mecm-secret --from-file=postgres_init.sql=/tmp/eg_mecm-meo/deploy/conf/keys/postgres_init.sql --from-literal=postgresPassword={{ vardata.common_pwd.name}} --from-literal=postgresApmPassword={{ vardata.common_pwd.name}} --from-literal=postgresAppoPassword={{ vardata.common_pwd.name}} --from-literal=postgresInventoryPassword={{ vardata.common_pwd.name}} --from-literal=edgeRepoUserName={{ vardata.mecm_meo_edgeRepoUserName.name}} --from-literal=edgeRepoPassword={{ vardata.mecm_meo_edgeRepoPassword.name}} + # yamllint disable rule:line-length + args: + chdir: /tmp/eg_mecm-meo/deploy/ + when: comm_pwd != "" + +- name: Generates certificate edgegallery-mecm-secret + # yamllint disable rule:line-length + command: kubectl create secret generic edgegallery-mecm-secret --from-file=postgres_init.sql=/tmp/eg_mecm-meo/deploy/conf/keys/postgres_init.sql --from-literal=postgresPassword={{ vardata.mecm_meo_postgresPassword.name}} --from-literal=postgresApmPassword={{ vardata.mecm_meo_postgresApmPassword.name}} --from-literal=postgresAppoPassword={{ vardata.mecm_meo_postgresAppoPassword.name}} --from-literal=postgresInventoryPassword={{ vardata.mecm_meo_postgresInventoryPassword.name}} --from-literal=edgeRepoUserName={{ vardata.mecm_meo_edgeRepoUserName.name}} --from-literal=edgeRepoPassword={{ vardata.mecm_meo_edgeRepoPassword.name}} + # yamllint disable rule:line-length + args: + chdir: /tmp/eg_mecm-meo/deploy/ + when: comm_pwd == "" + +- name: Fs group value + shell: 'getent group docker | cut -d: -f3' + register: result + +- name: Helm install + # yamllint disable rule:line-length + command: helm install mecm-meo-edgegallery edgegallery/mecm-meo --set ssl.secretName=mecm-ssl-secret --set mecm.secretName=edgegallery-mecm-secret --set images.inventory.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/mecm-inventory --set images.appo.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/mecm-appo --set images.apm.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/mecm-apm --set images.postgres.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/postgres --set images.inventory.tag={{ vardata.eg_image_tag.name}} --set images.appo.tag={{ vardata.eg_image_tag.name}} --set images.apm.tag={{ vardata.eg_image_tag.name}} --set images.postgres.tag=12.3 --set images.inventory.pullPolicy=IfNotPresent --set images.appo.pullPolicy=IfNotPresent --set images.apm.pullPolicy=IfNotPresent --set images.postgres.pullPolicy=IfNotPresent --set mecm.docker.fsgroup="{{result.stdout}}" diff --git a/blueprints/iotgateway/playbooks/roles/eg_mecm-meo/tasks/main.yml b/blueprints/iotgateway/playbooks/roles/eg_mecm-meo/tasks/main.yml new file mode 100644 index 0000000..06e1be4 --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/eg_mecm-meo/tasks/main.yml @@ -0,0 +1,26 @@ +# +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +--- + +# tasks file for eg_mecm-meo +- include: "install.yml" + static: false + when: operation == 'install' + +- include: "uninstall.yml" + static: false + when: operation == 'uninstall' diff --git a/blueprints/iotgateway/playbooks/roles/eg_mecm-meo/tasks/uninstall.yml b/blueprints/iotgateway/playbooks/roles/eg_mecm-meo/tasks/uninstall.yml new file mode 100644 index 0000000..3bd6754 --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/eg_mecm-meo/tasks/uninstall.yml @@ -0,0 +1,27 @@ +# +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +--- + +- name: Uninstall mecm meo + command: helm uninstall mecm-meo-edgegallery + ignore_errors: yes + no_log: True + +- name: Delete mecm-ssl-secret and edgegallery-mecm-secret + command: kubectl delete secret mecm-ssl-secret edgegallery-mecm-secret + ignore_errors: yes + no_log: True diff --git a/blueprints/iotgateway/playbooks/roles/eg_mecm-mepm/files/deploy/conf/keys/postgres_init.sql b/blueprints/iotgateway/playbooks/roles/eg_mecm-mepm/files/deploy/conf/keys/postgres_init.sql new file mode 100644 index 0000000..0fcc8fc --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/eg_mecm-mepm/files/deploy/conf/keys/postgres_init.sql @@ -0,0 +1,20 @@ +CREATE USER lcmcontroller WITH PASSWORD 'PASSWORD_VALUE' CREATEDB; +CREATE DATABASE lcmcontrollerdb + WITH + OWNER = lcmcontroller + ENCODING = 'UTF8' + LC_COLLATE = 'en_US.utf8' + LC_CTYPE = 'en_US.utf8' + TABLESPACE = pg_default + CONNECTION LIMIT = -1; + +CREATE USER k8splugin WITH PASSWORD 'PASSWORD_VALUE' CREATEDB; +CREATE DATABASE k8splugindb + WITH + OWNER = k8splugin + ENCODING = 'UTF8' + LC_COLLATE = 'en_US.utf8' + LC_CTYPE = 'en_US.utf8' + TABLESPACE = pg_default + CONNECTION LIMIT = -1; + diff --git a/blueprints/iotgateway/playbooks/roles/eg_mecm-mepm/files/deploy/conf/manifest/mepm/mepm-service-account.yaml b/blueprints/iotgateway/playbooks/roles/eg_mecm-mepm/files/deploy/conf/manifest/mepm/mepm-service-account.yaml new file mode 100644 index 0000000..9bf8e91 --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/eg_mecm-mepm/files/deploy/conf/manifest/mepm/mepm-service-account.yaml @@ -0,0 +1,30 @@ +# +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: fabric8-rbac +subjects: + - kind: ServiceAccount + # Reference to upper's `metadata.name` + name: default + # Reference to upper's `metadata.namespace` + namespace: default +roleRef: + kind: ClusterRole + name: cluster-admin + apiGroup: rbac.authorization.k8s.io diff --git a/blueprints/iotgateway/playbooks/roles/eg_mecm-mepm/tasks/install.yml b/blueprints/iotgateway/playbooks/roles/eg_mecm-mepm/tasks/install.yml new file mode 100644 index 0000000..12a388c --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/eg_mecm-mepm/tasks/install.yml @@ -0,0 +1,73 @@ +# +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +--- + +- name: Doing deployment eg_mecm-mepm setup for edge gallery eg_mecm-mepm + copy: + src: deploy + dest: /tmp/eg_mecm-mepm/ + +- name: Import config file + include_vars: + file: ../../../config.yml + name: vardata + +- name: Set a variable + ansible.builtin.set_fact: + comm_pwd: "{{ vardata.common_pwd.name }}" + +- name: Replacing password + replace: + path: /tmp/eg_mecm-mepm/deploy/conf/keys/postgres_init.sql + regexp: 'PASSWORD_VALUE' + replace: "{{ vardata.common_pwd.name }}" + +- name: Create mecm-mepm-ssl-secret secret + # yamllint disable rule:line-length + command: kubectl create secret generic mecm-mepm-jwt-public-secret --from-file=publicKey=/tmp/ssl-eg-keys-certs/encryptedtls.key + # yamllint disable rule:line-length + args: + chdir: /tmp/ssl-eg-keys-certs/ + +- name: Create mecm-mepm-ssl-secret secret + # yamllint disable rule:line-length + command: kubectl create secret generic mecm-mepm-ssl-secret --from-file=server_tls.key=/tmp/ssl-eg-keys-certs/tls.key --from-file=server_tls.crt=/tmp/ssl-eg-keys-certs/tls.crt --from-file=ca.crt=/tmp/ssl-eg-keys-certs/ca.crt + # yamllint disable rule:line-length + args: + chdir: /tmp/ssl-eg-keys-certs/ + +- name: Create edgegallery-mepm-secret secret with common pwd + # yamllint disable rule:line-length + command: kubectl create secret generic edgegallery-mepm-secret --from-file=postgres_init.sql=/tmp/eg_mecm-mepm/deploy/conf/keys/postgres_init.sql --from-literal=postgresPassword={{ vardata.common_pwd.name}} --from-literal=postgresLcmCntlrPassword={{ vardata.common_pwd.name}} --from-literal=postgresk8sPluginPassword={{ vardata.common_pwd.name}} + # yamllint disable rule:line-length + when: comm_pwd != "" + +- name: Create edgegallery-mepm-secret secret + # yamllint disable rule:line-length + command: kubectl create secret generic edgegallery-mepm-secret --from-file=postgres_init.sql=/tmp/eg_mecm-mepm/deploy/conf/keys/postgres_init.sql --from-literal=postgresPassword={{ vardata.mecm_mepm_postgresPassword.name}} --from-literal=postgresLcmCntlrPassword={{ vardata.mecm_mepm_postgresLcmCntlrPassword.name}} --from-literal=postgresk8sPluginPassword={{ vardata.mecm_mepm_postgresk8sPluginPassword.name}} + # yamllint disable rule:line-length + when: comm_pwd == "" + +- name: Create mepm service account + command: kubectl apply -f /tmp/eg_mecm-mepm/deploy/conf/manifest/mepm/mepm-service-account.yaml + args: + chdir: /tmp/eg_mecm-mepm/deploy/ + +- name: Install mecm-mepm + # yamllint disable rule:line-length + command: helm install mecm-mepm-edgegaller edgegallery/mecm-mepm --set jwt.publicKeySecretName=mecm-mepm-jwt-public-secret --set mepm.secretName=edgegallery-mepm-secret --set ssl.secretName=mecm-mepm-ssl-secret --set images.lcmcontroller.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/mecm-applcm --set images.k8splugin.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/mecm-applcm-k8splugin --set images.postgres.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/postgres --set images.lcmcontroller.tag={{ vardata.eg_image_tag.name}} --set images.k8splugin.tag={{ vardata.eg_image_tag.name}} --set images.postgres.tag=12.3 --set images.lcmcontroller.pullPolicy=IfNotPresent --set images.k8splugin.pullPolicy=IfNotPresent --set images.postgres.pullPolicy=IfNotPresent + # yamllint disable rule:line-length diff --git a/blueprints/iotgateway/playbooks/roles/eg_mecm-mepm/tasks/main.yml b/blueprints/iotgateway/playbooks/roles/eg_mecm-mepm/tasks/main.yml new file mode 100644 index 0000000..7faf1bd --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/eg_mecm-mepm/tasks/main.yml @@ -0,0 +1,26 @@ +# +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +--- + +# tasks file for eg_mecm-mepm +- include: "install.yml" + static: false + when: operation == 'install' + +- include: "uninstall.yml" + static: false + when: operation == 'uninstall' diff --git a/blueprints/iotgateway/playbooks/roles/eg_mecm-mepm/tasks/uninstall.yml b/blueprints/iotgateway/playbooks/roles/eg_mecm-mepm/tasks/uninstall.yml new file mode 100644 index 0000000..699ef18 --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/eg_mecm-mepm/tasks/uninstall.yml @@ -0,0 +1,35 @@ +# +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +--- + +- name: Delete mecm-mepm secret + command: helm uninstall mecm-mepm-edgegallery + ignore_errors: yes + no_log: True + +- name: Mecm mepm jwt delete + # yamllint disable rule:line-length + command: kubectl delete secret mecm-mepm-jwt-public-secret mecm-mepm-ssl-secret edgegallery-mepm-secret + # yamllint disable rule:line-length + ignore_errors: yes + no_log: True + +- name: Delete mep-service-account + # yamllint disable rule:line-length + command: kubectl delete -f /tmp/eg_mecm-mepm/deploy/conf/manifest/mepm/mepm-service-account.yaml + ignore_errors: yes + no_log: True diff --git a/blueprints/iotgateway/playbooks/roles/eg_mep/files/deploy/conf/edge/metallb/config-map.yaml b/blueprints/iotgateway/playbooks/roles/eg_mep/files/deploy/conf/edge/metallb/config-map.yaml new file mode 100644 index 0000000..f913463 --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/eg_mep/files/deploy/conf/edge/metallb/config-map.yaml @@ -0,0 +1,27 @@ +# +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: metallb-system + name: config +data: + config: | + address-pools: + - name: address-pool-1 + protocol: layer2 + addresses: + - 192.168.100.120/32 diff --git a/blueprints/iotgateway/playbooks/roles/eg_mep/files/deploy/conf/edge/metallb/metallb.yaml b/blueprints/iotgateway/playbooks/roles/eg_mep/files/deploy/conf/edge/metallb/metallb.yaml new file mode 100644 index 0000000..8594115 --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/eg_mep/files/deploy/conf/edge/metallb/metallb.yaml @@ -0,0 +1,406 @@ +# +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + labels: + app: metallb + name: controller + namespace: metallb-system +spec: + allowPrivilegeEscalation: false + allowedCapabilities: [] + allowedHostPaths: [] + defaultAddCapabilities: [] + defaultAllowPrivilegeEscalation: false + fsGroup: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + hostIPC: false + hostNetwork: false + hostPID: false + privileged: false + readOnlyRootFilesystem: true + requiredDropCapabilities: + - ALL + runAsUser: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + seLinux: + rule: RunAsAny + supplementalGroups: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + volumes: + - configMap + - secret + - emptyDir +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + labels: + app: metallb + name: speaker + namespace: metallb-system +spec: + allowPrivilegeEscalation: false + allowedCapabilities: + - NET_ADMIN + - NET_RAW + - SYS_ADMIN + allowedHostPaths: [] + defaultAddCapabilities: [] + defaultAllowPrivilegeEscalation: false + fsGroup: + rule: RunAsAny + hostIPC: false + hostNetwork: true + hostPID: false + hostPorts: + - max: 7472 + min: 7472 + privileged: true + readOnlyRootFilesystem: true + requiredDropCapabilities: + - ALL + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + volumes: + - configMap + - secret + - emptyDir +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: metallb + name: controller + namespace: metallb-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: metallb + name: speaker + namespace: metallb-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: metallb + name: metallb-system:controller +rules: + - apiGroups: + - '' + resources: + - services + verbs: + - get + - list + - watch + - update + - apiGroups: + - '' + resources: + - services/status + verbs: + - update + - apiGroups: + - '' + resources: + - events + verbs: + - create + - patch + - apiGroups: + - policy + resourceNames: + - controller + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: metallb + name: metallb-system:speaker +rules: + - apiGroups: + - '' + resources: + - services + - endpoints + - nodes + verbs: + - get + - list + - watch + - apiGroups: + - '' + resources: + - events + verbs: + - create + - patch + - apiGroups: + - policy + resourceNames: + - speaker + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: metallb + name: config-watcher + namespace: metallb-system +rules: + - apiGroups: + - '' + resources: + - configmaps + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: metallb + name: pod-lister + namespace: metallb-system +rules: + - apiGroups: + - '' + resources: + - pods + verbs: + - list +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: metallb + name: metallb-system:controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: metallb-system:controller +subjects: + - kind: ServiceAccount + name: controller + namespace: metallb-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: metallb + name: metallb-system:speaker +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: metallb-system:speaker +subjects: + - kind: ServiceAccount + name: speaker + namespace: metallb-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: metallb + name: config-watcher + namespace: metallb-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: config-watcher +subjects: + - kind: ServiceAccount + name: controller + - kind: ServiceAccount + name: speaker +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: metallb + name: pod-lister + namespace: metallb-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: pod-lister +subjects: + - kind: ServiceAccount + name: speaker +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + app: metallb + component: speaker + name: speaker + namespace: metallb-system +spec: + selector: + matchLabels: + app: metallb + component: speaker + template: + metadata: + annotations: + prometheus.io/port: '7472' + prometheus.io/scrape: 'true' + labels: + app: metallb + component: speaker + spec: + containers: + - args: + - --port=7472 + - --config=config + env: + - name: METALLB_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: METALLB_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: METALLB_ML_BIND_ADDR + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: METALLB_ML_LABELS + value: "app=metallb,component=speaker" + - name: METALLB_ML_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: METALLB_ML_SECRET_KEY + valueFrom: + secretKeyRef: + name: memberlist + key: secretkey + image: metallb/speaker:v0.9.3 + imagePullPolicy: IfNotPresent + name: speaker + ports: + - containerPort: 7472 + name: monitoring + resources: + limits: + cpu: 100m + memory: 100Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: + - NET_ADMIN + - NET_RAW + - SYS_ADMIN + drop: + - ALL + readOnlyRootFilesystem: true + hostNetwork: true + nodeSelector: + beta.kubernetes.io/os: linux + serviceAccountName: speaker + terminationGracePeriodSeconds: 2 + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: metallb + component: controller + name: controller + namespace: metallb-system +spec: + revisionHistoryLimit: 3 + selector: + matchLabels: + app: metallb + component: controller + template: + metadata: + annotations: + prometheus.io/port: '7472' + prometheus.io/scrape: 'true' + labels: + app: metallb + component: controller + spec: + containers: + - args: + - --port=7472 + - --config=config + image: metallb/controller:v0.9.3 + imagePullPolicy: IfNotPresent + name: controller + ports: + - containerPort: 7472 + name: monitoring + resources: + limits: + cpu: 100m + memory: 100Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - all + readOnlyRootFilesystem: true + nodeSelector: + beta.kubernetes.io/os: linux + securityContext: + runAsNonRoot: true + runAsUser: 65534 + serviceAccountName: controller + terminationGracePeriodSeconds: 0 diff --git a/blueprints/iotgateway/playbooks/roles/eg_mep/files/deploy/conf/edge/metallb/namespace.yaml b/blueprints/iotgateway/playbooks/roles/eg_mep/files/deploy/conf/edge/metallb/namespace.yaml new file mode 100644 index 0000000..d090488 --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/eg_mep/files/deploy/conf/edge/metallb/namespace.yaml @@ -0,0 +1,21 @@ +# +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +apiVersion: v1 +kind: Namespace +metadata: + name: metallb-system + labels: + app: metallb diff --git a/blueprints/iotgateway/playbooks/roles/eg_mep/files/deploy/conf/edge/network-isolation/eg-sp-controller.yaml b/blueprints/iotgateway/playbooks/roles/eg_mep/files/deploy/conf/edge/network-isolation/eg-sp-controller.yaml new file mode 100644 index 0000000..95fd455 --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/eg_mep/files/deploy/conf/edge/network-isolation/eg-sp-controller.yaml @@ -0,0 +1,28 @@ +# +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +kind: Pod +apiVersion: v1 +metadata: + name: edgegallery-secondary-ep-controller + namespace: kube-system +spec: + serviceAccount: edgegallery-secondary-ep-controller + containers: + - name: edgegallery-secondary-ep-controller + image: edgegallery/edgegallery-secondary-ep-controller:latest + imagePullPolicy: IfNotPresent + command: ["/bin/sh", "-c", "--"] + args: ["edgegallery-secondary-ep-controller"] diff --git a/blueprints/iotgateway/playbooks/roles/eg_mep/files/deploy/conf/edge/network-isolation/eg-sp-rbac.yaml b/blueprints/iotgateway/playbooks/roles/eg_mep/files/deploy/conf/edge/network-isolation/eg-sp-rbac.yaml new file mode 100644 index 0000000..aa0fa63 --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/eg_mep/files/deploy/conf/edge/network-isolation/eg-sp-rbac.yaml @@ -0,0 +1,49 @@ +# +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +kind: ServiceAccount +apiVersion: v1 +metadata: + name: edgegallery-secondary-ep-controller + namespace: kube-system +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: multi-ip-controller +rules: + - apiGroups: [""] + resources: ["services", "pods"] + verbs: ["get", "watch", "list"] + - apiGroups: [""] + resources: ["endpoints", "events"] + verbs: ["*"] + - apiGroups: ["k8s.cni.cncf.io"] + resources: ["network-attachment-definitions"] + verbs: ["*"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: watch-update-secondary-endpoints +subjects: + - kind: ServiceAccount + name: edgegallery-secondary-ep-controller + namespace: kube-system +roleRef: + kind: ClusterRole + name: multi-ip-controller + apiGroup: rbac.authorization.k8s.io diff --git a/blueprints/iotgateway/playbooks/roles/eg_mep/files/deploy/conf/edge/network-isolation/multus.yaml b/blueprints/iotgateway/playbooks/roles/eg_mep/files/deploy/conf/edge/network-isolation/multus.yaml new file mode 100644 index 0000000..20a6016 --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/eg_mep/files/deploy/conf/edge/network-isolation/multus.yaml @@ -0,0 +1,358 @@ +# +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: network-attachment-definitions.k8s.cni.cncf.io +spec: + group: k8s.cni.cncf.io + scope: Namespaced + names: + plural: network-attachment-definitions + singular: network-attachment-definition + kind: NetworkAttachmentDefinition + shortNames: + - net-attach-def + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + # yamllint disable rule:line-length + description: 'NetworkAttachmentDefinition is a CRD schema specified by the Network Plumbing + Working Group to express the intent for attaching pods to one or more logical or physical + networks. More information available at: https://github.com/k8snetworkplumbingwg/multi-net-spec' + # yamllint disable rule:line-length + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this represen + tation of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: 'NetworkAttachmentDefinition spec defines the desired state of a network attachment' + type: object + properties: + config: + description: 'NetworkAttachmentDefinition config is a JSON-formatted CNI configuration' + type: string +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: multus +rules: + - apiGroups: ["k8s.cni.cncf.io"] + resources: + - '*' + verbs: + - '*' + - apiGroups: + - "" + resources: + - pods + - pods/status + verbs: + - get + - update + - apiGroups: + - "" + - events.k8s.io + resources: + - events + verbs: + - create + - patch + - update +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: multus +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: multus +subjects: + - kind: ServiceAccount + name: multus + namespace: kube-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: multus + namespace: kube-system +--- +kind: ConfigMap +apiVersion: v1 +metadata: + name: multus-cni-config + namespace: kube-system + labels: + tier: node + app: multus +data: + # NOTE: If you'd prefer to manually apply a configuration file, you may create one here. + # In the case you'd like to customize the Multus installation, you should change the arguments to the Multus pod + # change the "args" line below from + # - "--multus-conf-file=auto" + # to: + # "--multus-conf-file=/tmp/multus-conf/70-multus.conf" + # Additionally -- you should ensure that the name "70-multus.conf" is the alphabetically first name in the + # /etc/cni/net.d/ directory on each node, otherwise, it will not be used by the Kubelet. + cni-conf.json: | + { + "name": "multus-cni-network", + "type": "multus", + "capabilities": { + "portMappings": true + }, + "delegates": [ + { + "cniVersion": "0.3.1", + "name": "default-cni-network", + "plugins": [ + { + "type": "flannel", + "name": "flannel.1", + "delegate": { + "isDefaultGateway": true, + "hairpinMode": true + } + }, + { + "type": "portmap", + "capabilities": { + "portMappings": true + } + } + ] + } + ], + "kubeconfig": "/etc/cni/net.d/multus.d/multus.kubeconfig" + } +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: kube-multus-ds-amd64 + namespace: kube-system + labels: + tier: node + app: multus + name: multus +spec: + selector: + matchLabels: + name: multus + updateStrategy: + type: RollingUpdate + template: + metadata: + labels: + tier: node + app: multus + name: multus + spec: + hostNetwork: true + nodeSelector: + kubernetes.io/arch: amd64 + tolerations: + - operator: Exists + effect: NoSchedule + serviceAccountName: multus + containers: + - name: kube-multus + image: docker.io/nfvpe/multus:stable + command: ["/entrypoint.sh"] + args: + - "--multus-conf-file=auto" + - "--cni-version=0.3.1" + resources: + requests: + cpu: "100m" + memory: "50Mi" + limits: + cpu: "100m" + memory: "50Mi" + securityContext: + privileged: true + volumeMounts: + - name: cni + mountPath: /host/etc/cni/net.d + - name: cnibin + mountPath: /host/opt/cni/bin + - name: multus-cfg + mountPath: /tmp/multus-conf + volumes: + - name: cni + hostPath: + path: /etc/cni/net.d + - name: cnibin + hostPath: + path: /opt/cni/bin + - name: multus-cfg + configMap: + name: multus-cni-config + items: + - key: cni-conf.json + path: 70-multus.conf +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: kube-multus-ds-ppc64le + namespace: kube-system + labels: + tier: node + app: multus + name: multus +spec: + selector: + matchLabels: + name: multus + updateStrategy: + type: RollingUpdate + template: + metadata: + labels: + tier: node + app: multus + name: multus + spec: + hostNetwork: true + nodeSelector: + kubernetes.io/arch: ppc64le + tolerations: + - operator: Exists + effect: NoSchedule + serviceAccountName: multus + containers: + - name: kube-multus + # ppc64le support requires multus:latest for now. support 3.3 or later. + image: docker.io/nfvpe/multus:stable-ppc64le + command: ["/entrypoint.sh"] + args: + - "--multus-conf-file=auto" + - "--cni-version=0.3.1" + resources: + requests: + cpu: "100m" + memory: "90Mi" + limits: + cpu: "100m" + memory: "90Mi" + securityContext: + privileged: true + volumeMounts: + - name: cni + mountPath: /host/etc/cni/net.d + - name: cnibin + mountPath: /host/opt/cni/bin + - name: multus-cfg + mountPath: /tmp/multus-conf + volumes: + - name: cni + hostPath: + path: /etc/cni/net.d + - name: cnibin + hostPath: + path: /opt/cni/bin + - name: multus-cfg + configMap: + name: multus-cni-config + items: + - key: cni-conf.json + path: 70-multus.conf +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: kube-multus-ds-arm64v8 + namespace: kube-system + labels: + tier: node + app: multus + name: multus +spec: + selector: + matchLabels: + name: multus + updateStrategy: + type: RollingUpdate + template: + metadata: + labels: + tier: node + app: multus + name: multus + spec: + hostNetwork: true + nodeSelector: + kubernetes.io/arch: arm64 + tolerations: + - operator: Exists + effect: NoSchedule + serviceAccountName: multus + containers: + - name: kube-multus + image: docker.io/nfvpe/multus:stable-arm64v8 + command: ["/entrypoint.sh"] + args: + - "--multus-conf-file=auto" + - "--cni-version=0.3.1" + resources: + requests: + cpu: "100m" + memory: "90Mi" + limits: + cpu: "100m" + memory: "90Mi" + securityContext: + privileged: true + volumeMounts: + - name: cni + mountPath: /host/etc/cni/net.d + - name: cnibin + mountPath: /host/opt/cni/bin + - name: multus-cfg + mountPath: /tmp/multus-conf + volumes: + - name: cni + hostPath: + path: /etc/cni/net.d + - name: cnibin + hostPath: + path: /opt/cni/bin + - name: multus-cfg + configMap: + name: multus-cni-config + items: + - key: cni-conf.json + path: 70-multus.conf diff --git a/blueprints/iotgateway/playbooks/roles/eg_mep/tasks/install.yml b/blueprints/iotgateway/playbooks/roles/eg_mep/tasks/install.yml new file mode 100644 index 0000000..f33094d --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/eg_mep/tasks/install.yml @@ -0,0 +1,273 @@ +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +--- + +- name: Doing deployment setup for edge gallery + copy: + src: deploy + dest: /tmp/eg_mep/ + +- name: Import config file + include_vars: + file: ../../../config.yml + name: vardata + +- name: Set a variable + ansible.builtin.set_fact: + comm_pwd: "{{ vardata.common_pwd.name }}" + +- name: Remove old dir + command: rm -rf /tmp/.mep_tmp_cer + args: + chdir: /tmp/ + +- name: Make dir + command: mkdir -p /tmp/.mep_tmp_cer + args: + chdir: /tmp/ + +- name: Openssl genrsa + command: openssl genrsa -out ca.key 2048 + args: + chdir: /tmp/.mep_tmp_cer/ + +- name: Opnessl req + # yamllint disable rule:line-length + command: openssl req -new -key ca.key -subj /C=CN/ST=Peking/L=Beijing/O=edgegallery/CN=edgegallery -out ca.csr + # yamllint disable rule:line-length + args: + chdir: /tmp/.mep_tmp_cer/ + +- name: Sing key with ca key and ca crt + # yamllint disable rule:line-length + command: openssl x509 -req -days 365 -in ca.csr -extensions v3_ca -signkey ca.key -out ca.crt + # yamllint disable rule:line-length + args: + chdir: /tmp/.mep_tmp_cer/ + +- name: Openssl genrsa + command: openssl genrsa -out mepserver_tls.key 2048 + args: + chdir: /tmp/.mep_tmp_cer/ + +- name: Openssl rsa mep tls with common pwd + # yamllint disable rule:line-length + command: openssl rsa -in /tmp/.mep_tmp_cer/mepserver_tls.key -aes256 -passout pass:{{ vardata.common_pwd.name}} -out /tmp/.mep_tmp_cer/mepserver_encryptedtls.key + # yamllint disable rule:line-length + when: comm_pwd != "" + +- name: Openssl rsa mep tls + # yamllint disable rule:line-length + command: openssl rsa -in /tmp/.mep_tmp_cer/mepserver_tls.key -aes256 -passout pass:{{ vardata.mep_cert_pwd.name}} -out /tmp/.mep_tmp_cer/mepserver_encryptedtls.key + # yamllint disable rule:line-length + when: comm_pwd == "" + +- name: Openssl req new key mepserver tls key + # yamllint disable rule:line-length + command: openssl req -new -key mepserver_tls.key -subj /C=CN/ST=Beijing/L=Beijing/O=edgegallery/CN=edgegallery -out mepserver_tls.csr + # yamllint disable rule:line-length + args: + chdir: /tmp/.mep_tmp_cer/ + +- name: Openssl mepserver tls csr + # yamllint disable rule:line-length + command: openssl x509 -req -in mepserver_tls.csr -extensions v3_req -CA ca.crt -CAkey ca.key -CAcreateserial -out mepserver_tls.crt + # yamllint disable rule:line-length + args: + chdir: /tmp/.mep_tmp_cer/ + +- name: Openssl genrsa out + command: openssl genrsa -out jwt_privatekey 2048 + args: + chdir: /tmp/.mep_tmp_cer/ + +- name: Openssl rsa jwt privatekey + command: openssl rsa -in jwt_privatekey -pubout -out jwt_publickey + args: + chdir: /tmp/.mep_tmp_cer/ + +- name: Openssl rsa in jwt with common pwd + # yamllint disable rule:line-length + command: openssl rsa -in /tmp/.mep_tmp_cer/jwt_privatekey -aes256 -passout pass:{{ vardata.common_pwd.name}} -out /tmp/.mep_tmp_cer/jwt_encrypted_privatekey + ignore_errors: yes + no_log: True + # yamllint disable rule:line-length + when: comm_pwd != "" + +- name: Openssl rsa in jwt + # yamllint disable rule:line-length + command: openssl rsa -in /tmp/.mep_tmp_cer/jwt_privatekey -aes256 -passout pass:{{ vardata.mep_cert_pwd.name}} -out /tmp/.mep_tmp_cer/jwt_encrypted_privatekey + # yamllint disable rule:line-length + ignore_errors: yes + no_log: True + when: comm_pwd == "" + +- name: Create mep namespace + command: kubectl create ns mep + args: + chdir: /tmp/ + +- name: Create generic pg secret with common pwd + # yamllint disable rule:line-length + command: kubectl -n mep create secret generic pg-secret --from-literal=pg_admin_pwd={{ vardata.common_pwd.name}} --from-literal=kong_pg_pwd={{ vardata.mep_kong_pg_pwd.name}} + --from-file=server.key=/tmp/.mep_tmp_cer/mepserver_tls.key --from-file=server.crt=/tmp/.mep_tmp_cer/mepserver_tls.crt + ignore_errors: yes + no_log: True + # yamllint disable rule:line-length + when: comm_pwd != "" + +- name: Create generic pg secret + # yamllint disable rule:line-length + command: kubectl -n mep create secret generic pg-secret --from-literal=pg_admin_pwd={{ vardata.mep_pg_admin_pwd.name}} --from-literal=kong_pg_pwd={{ vardata.mep_kong_pg_pwd.name}} + --from-file=server.key=/tmp/.mep_tmp_cer/mepserver_tls.key --from-file=server.crt=/tmp/.mep_tmp_cer/mepserver_tls.crt + ignore_errors: yes + no_log: True + # yamllint disable rule:line-length + when: comm_pwd == "" + +- name: Create mep generic for mep ssl with common pwd + # yamllint disable rule:line-length + command: kubectl -n mep create secret generic mep-ssl --from-literal=cert_pwd={{ vardata.common_pwd.name}} --from-file=server.cer=/tmp/.mep_tmp_cer/mepserver_tls.crt + --from-file=server_key.pem=/tmp/.mep_tmp_cer/mepserver_encryptedtls.key --from-file=trust.cer=/tmp/.mep_tmp_cer/ca.crt + ignore_errors: yes + no_log: True + # yamllint disable rule:line-length + when: comm_pwd != "" + +- name: Create mep generic for mep ssl + # yamllint disable rule:line-length + command: kubectl -n mep create secret generic mep-ssl --from-literal=cert_pwd={{ vardata.mep_cert_pwd.name}} --from-file=server.cer=/tmp/.mep_tmp_cer/mepserver_tls.crt + --from-file=server_key.pem=/tmp/.mep_tmp_cer/mepserver_encryptedtls.key --from-file=trust.cer=/tmp/.mep_tmp_cer/ca.crt + # yamllint disable rule:line-length + when: comm_pwd == "" + +- name: Create mep seret generic + # yamllint disable rule:line-length + command: kubectl -n mep create secret generic mepauth-secret --from-file=server.crt=/tmp/.mep_tmp_cer/mepserver_tls.crt --from-file=server.key=/tmp/.mep_tmp_cer/mepserver_tls.key + --from-file=ca.crt=/tmp/.mep_tmp_cer/ca.crt --from-file=jwt_publickey=/tmp/.mep_tmp_cer/jwt_publickey --from-file=jwt_encrypted_privatekey=/tmp/.mep_tmp_cer/jwt_encrypted_privatekey + # yamllint disable rule:line-length + args: + chdir: /tmp/ + +- name: Remove directory + command: rm -rf /tmp/.mep_tmp_cer + args: + chdir: /tmp/ + +- debug: + msg: Deploy_dns_metallb execution start + +- name: Eg_Mep deployment execution of namesapce + command: kubectl apply -f /tmp/eg_mep/deploy/conf/edge/metallb/namespace.yaml + args: + chdir: /tmp/eg_mep/deploy/ + +- name: Eg_Mep deployment execution of metallb + command: kubectl apply -f /tmp/eg_mep/deploy/conf/edge/metallb/metallb.yaml + args: + chdir: /tmp/eg_mep/deploy/ + +- name: Eg_Mep deployment create secret + # yamllint disable rule:line-length + command: kubectl create secret generic -n metallb-system memberlist --from-literal=secretkey="$(openssl rand -base64 128)" + # yamllint disable rule:line-length + args: + chdir: /tmp/eg_mep/deploy/ + +- name: Eg_Mep deployment execution of config-mep + command: kubectl apply -f /tmp/eg_mep/deploy/conf/edge/metallb/config-map.yaml + args: + chdir: /tmp/eg_mep/deploy/ + +- debug: + msg: Deploy_network_isolation_multus execution start + +- name: Running multus yaml files + command: kubectl apply -f /tmp/eg_mep/deploy/conf/edge/network-isolation/multus.yaml + args: + chdir: /tmp/eg_mep/deploy/ + +- name: Running eg-sp-rbac yaml files + command: kubectl apply -f /tmp/eg_mep/deploy/conf/edge/network-isolation/eg-sp-rbac.yaml + args: + chdir: /tmp/eg_mep/deploy/ + +- name: Replacing image + replace: + path: /tmp/eg_mep/deploy/conf/edge/network-isolation/eg-sp-controller.yaml + regexp: 'edgegallery/edgegallery-secondary-ep-controller:latest' + replace: "{{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/edgegallery-secondary-ep-controller:latest" + +- name: Running eg-sp-controller yaml files + # yamllint disable rule:line-length + command: kubectl apply -f /tmp/eg_mep/deploy/conf/edge/network-isolation/eg-sp-controller.yaml + args: + chdir: /tmp/eg_mep/deploy/ + +- debug: + msg: Setup_interfaces execution start + +- name: Link eg mep macvlan + # yamllint disable rule:line-length + command: ip link add eg-mp1 link {{ vardata.edge_management_interface.name}} type macvlan mode bridge + args: + chdir: /tmp/eg_mep/deploy/ + ignore_errors: yes + no_log: True + +- name: Link eg mep macvlan + command: ip addr add {{ vardata.eg-management-address.name}} dev eg-mp1 + args: + chdir: /tmp/eg_mep/deploy/ + ignore_errors: yes + no_log: True + +- name: Link eg me1 up + command: ip link set dev eg-mp1 up + args: + chdir: /tmp/eg_mep/deploy/ + ignore_errors: yes + no_log: True + +- name: Link eg eg mm5 with eth1 + # yamllint disable rule:line-length + command: ip link add eg-mm5 link {{ vardata.edge_dataplane_interface.name}} type macvlan mode bridge + args: + chdir: /tmp/eg_mep/deploy/ + ignore_errors: yes + no_log: True + +- name: Link eg eg mm5 ip addr + command: ip addr add {{ vardata.eg-dataplane-address.name}} dev eg-mm5 + args: + chdir: /tmp/eg_mep/deploy/ + ignore_errors: yes + no_log: True + +- name: Link eg eg mm5 set dev + command: ip link set dev eg-mm5 up + args: + chdir: /tmp/eg_mep/deploy/ + ignore_errors: yes + no_log: True + +- debug: + msg: Pull helm repo start + +- name: Edge gallery mep installation pull chart and image + # yamllint disable rule:line-length + command: helm install mep-edgegallery edgegallery/mep --set networkIsolation.phyInterface.mp1={{ vardata.edge_management_interface.name}} --set networkIsolation.phyInterface.mm5={{ vardata.edge_dataplane_interface.name}} --set images.mep.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/mep --set images.mepauth.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/mepauth --set images.dns.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/mep-dns-server --set images.kong.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/kong --set images.postgres.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/postgres --set images.mep.tag={{ vardata.eg_image_tag.name}} --set images.mepauth.tag={{ vardata.eg_image_tag.name}} --set images.dns.tag={{ vardata.eg_image_tag.name}} --set images.mep.pullPolicy=IfNotPresent --set images.mepauth.pullPolicy=IfNotPresent --set images.dns.pullPolicy=IfNotPresent --set images.kong.pullPolicy=IfNotPresent --set images.postgres.pullPolicy=IfNotPresent --set ssl.secretName=mep-ssl + # yamllint disable rule:line-length diff --git a/blueprints/iotgateway/playbooks/roles/eg_mep/tasks/main.yml b/blueprints/iotgateway/playbooks/roles/eg_mep/tasks/main.yml new file mode 100644 index 0000000..70416a7 --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/eg_mep/tasks/main.yml @@ -0,0 +1,26 @@ +# +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +--- + +# tasks file for eg_mep +- include: "install.yml" + static: false + when: operation == 'install' + +- include: "uninstall.yml" + static: false + when: operation == 'uninstall' diff --git a/blueprints/iotgateway/playbooks/roles/eg_mep/tasks/uninstall.yml b/blueprints/iotgateway/playbooks/roles/eg_mep/tasks/uninstall.yml new file mode 100644 index 0000000..fba5576 --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/eg_mep/tasks/uninstall.yml @@ -0,0 +1,107 @@ +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +--- + +- name: Uninstall ssl config mep helm chart + command: helm uninstall mep-edgegallery + ignore_errors: yes + no_log: True + +- name: Delete ssl config pg secret + command: kubectl delete secret pg-secret -n mep + ignore_errors: yes + no_log: True + +- name: Delete ssl config mep ssl + command: kubectl delete secret mep-ssl -n mep + ignore_errors: yes + no_log: True + +- name: Delete ssl config mep mep auth + command: kubectl delete secret mepauth-secret -n mep + ignore_errors: yes + no_log: True + +- name: Delete ssl config namesapce mep + command: kubectl delete ns mep + ignore_errors: yes + no_log: True + +- name: Delete network isolation multus eg sp controller + # yamllint disable rule:line-length + command: kubectl delete -f /tmp/eg_mep/deploy/conf/edge/network-isolation/eg-sp-controller.yaml + ignore_errors: yes + no_log: True + +- name: Delete network isolation multus eg sp rbac + # yamllint disable rule:line-length + command: kubectl delete -f /tmp/eg_mep/deploy/conf/edge/network-isolation/eg-sp-rbac.yaml + ignore_errors: yes + no_log: True + +- name: Delete network isolation multus + # yamllint disable rule:line-length + command: kubectl delete -f /tmp/eg_mep/deploy/conf/edge/network-isolation/multus.yaml + ignore_errors: yes + no_log: True + +- name: Delete network isolation eg mp1 + command: ip link set dev eg-mp1 down + ignore_errors: yes + no_log: True + +- name: Delete nnetwork isolation eg mp1 link + command: ip link delete eg-mp1 + ignore_errors: yes + no_log: True + +- name: Delete network isolation eg mm5 + command: ip link set dev eg-mm5 down + ignore_errors: yes + no_log: True + +- name: Delete network isolation eg mm5 link + command: ip link delete eg-mm5 + ignore_errors: yes + no_log: True + +- name: Delete network isolation multus rm + command: rm -rf /opt/cni/bin/multus + ignore_errors: yes + no_log: True + +- name: Uninstall dns metallb config mep + # yamllint disable rule:line-length + command: kubectl delete -f /tmp/eg_mep/deploy/conf/edge/metallb/config-map.yaml + ignore_errors: yes + no_log: True + +- name: Delete dns metallb + # yamllint disable rule:line-length + command: kubectl delete -f /tmp/eg_mep/deploy/conf/edge/metallb/metallb.yaml + ignore_errors: yes + no_log: True + +- name: Delete dns metallb namespace + # yamllint disable rule:line-length + command: kubectl delete -f /tmp/eg_mep/deploy/conf/edge/metallb/namespace.yaml + ignore_errors: yes + no_log: True + +- name: Delete dns namesapce metallb + command: kubectl delete secret memberlist -n metallb-system + ignore_errors: yes + no_log: True diff --git a/blueprints/iotgateway/playbooks/roles/eg_prerequisite/files/deploy/eg_daemon.sh b/blueprints/iotgateway/playbooks/roles/eg_prerequisite/files/deploy/eg_daemon.sh new file mode 100644 index 0000000..61842b2 --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/eg_prerequisite/files/deploy/eg_daemon.sh @@ -0,0 +1,25 @@ +#!/bin/bash + +function _help_insecure_registry() +{ + grep -i "insecure-registries" /etc/docker/daemon.json | grep "REGISTRIES_IP:REGISTRIES_PORT" >/dev/null 2>&1 + if [ $? != 0 ]; then + mkdir -p /etc/docker +cat </dev/null + if [ $? != 0 ]; then + cd "$TARBALL_PATH"/registry + docker load --input registry-2.tar.gz + docker run -d -p 5000:5000 --restart=always --name registry registry:2 + fi +} + +function _load_swr_images_and_push_to_private_registry() +{ + IP=REGISTRIES_IP + PORT="REGISTRIES_PORT" + cd "$TARBALL_PATH"/eg_swr_images + + for f in *.tar.gz; + do + cat $f | docker load + IMAGE_NAME=`echo $f|rev|cut -c8-|rev|sed -e "s/\#/:/g" | sed -e "s/\@/\//g"`; + docker image tag $IMAGE_NAME $IP:$PORT/$IMAGE_NAME + docker push $IP:$PORT/$IMAGE_NAME + done +} + +############################################################## +############################################ +function main(){ + _load_and_run_docker_registry + _load_swr_images_and_push_to_private_registry +} +######################################### +#skip main in case of source + main $@ +###################### diff --git a/blueprints/iotgateway/playbooks/roles/eg_registry/tasks/install.yml b/blueprints/iotgateway/playbooks/roles/eg_registry/tasks/install.yml new file mode 100644 index 0000000..443365d --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/eg_registry/tasks/install.yml @@ -0,0 +1,106 @@ +# +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +--- + +- name: Doing deployment setup for edge gallery + copy: + src: deploy + dest: /tmp/eg_registry/ + mode: 750 + +- name: Import config file + include_vars: + file: ../../../config.yml + name: vardata + +- name: Make dir for arm images + command: mkdir -p /tmp/eg_registry/armtarball + args: + chdir: /tmp/ + +- name: Set a variable + ansible.builtin.set_fact: + processor: "{{ vardata.master_edge_processor.name}}" + +- name: Downloading based on master_edge_processor value x86_64 tarball + command: wget http://release.edgegallery.org/x86/all/0.9.tar.gz + args: + chdir: /tmp/eg_registry/deploy/ + when: processor == "x86_64" + +- name: Download 0.9 tar arms based on master_edge_processor value + command: wget http://release.edgegallery.org/arm64/all/0.9.tar.gz + args: + chdir: /tmp/eg_registry/armtarball/ + when: ansible_architecture == 'aarch64' and processor == "x86_64" + +- name: Download 0.9 tar arms + command: wget http://release.edgegallery.org/arm64/all/0.9.tar.gz + args: + chdir: /tmp/eg_registry/deploy/ + when: ansible_architecture == 'aarch64' and processor != "x86_64" + +- name: Download 0.9 tar x86 + command: wget http://release.edgegallery.org/x86/all/0.9.tar.gz + args: + chdir: /tmp/eg_registry/deploy/ + when: ansible_architecture == 'x86_64' + +- name: Untar the donwloaded tar + command: tar -zxf 0.9.tar.gz + args: + chdir: /tmp/eg_registry/deploy/ + +- name: Untar the donwloaded tar + command: tar -zxf 0.9.tar.gz + args: + chdir: /tmp/eg_registry/armtarball/ + when: processor == "x86_64" + +- name: Registry replaced for cross playform + command: rm -rf /tmp/eg_registry/deploy/registry + when: processor == "x86_64" + +- name: Docker image replaced for cross playform + command: rm -rf /tmp/eg_registry/deploy/eg_swr_images/nginx#stable.tar.gz + when: processor == "x86_64" + +- name: Copy registry from x86 tarball + command: cp -r /tmp/eg_registry/armtarball/registry /tmp/eg_registry/deploy/ + when: processor == "x86_64" + +- name: Copy docker image from x86 tarball + # yamllint disable rule:line-length + command: cp -r /tmp/eg_registry/armtarball/eg_swr_images/nginx#stable.tar.gz /tmp/eg_registry/deploy/eg_swr_images/ + # yamllint disable rule:line-length + when: processor == "x86_64" + +- name: Replacing private ip + replace: + path: /tmp/eg_registry/deploy/load-images.sh + regexp: 'REGISTRIES_IP' + replace: "{{ vardata.private_repo_ip.name }}" + +- name: Replacing private port + replace: + path: /tmp/eg_registry/deploy/load-images.sh + regexp: 'REGISTRIES_PORT' + replace: "{{ vardata.docker_registry_port.name }}" + +- name: Execute the script + shell: + cmd: /tmp/eg_registry/deploy/load-images.sh diff --git a/blueprints/iotgateway/playbooks/roles/eg_registry/tasks/main.yml b/blueprints/iotgateway/playbooks/roles/eg_registry/tasks/main.yml new file mode 100644 index 0000000..81aba29 --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/eg_registry/tasks/main.yml @@ -0,0 +1,25 @@ +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +--- + +# tasks file for eg_load-iamges +- include: "install.yml" + static: false + when: operation == 'install' + +- include: "uninstall.yml" + static: false + when: operation == 'uninstall' diff --git a/blueprints/iotgateway/playbooks/roles/eg_registry/tasks/uninstall.yml b/blueprints/iotgateway/playbooks/roles/eg_registry/tasks/uninstall.yml new file mode 100644 index 0000000..111b1e3 --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/eg_registry/tasks/uninstall.yml @@ -0,0 +1,32 @@ +# +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +--- + +- name: Stop registry + command: docker stop registry + ignore_errors: yes + no_log: True + +- name: Remove registry + command: docker rm -v registry + ignore_errors: yes + no_log: True + +- name: Remove tmp file + command: rm -rf /tmp/eg_registry + ignore_errors: yes + no_log: True diff --git a/blueprints/iotgateway/playbooks/roles/eg_secret/tasks/install.yml b/blueprints/iotgateway/playbooks/roles/eg_secret/tasks/install.yml new file mode 100644 index 0000000..60e6a1a --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/eg_secret/tasks/install.yml @@ -0,0 +1,28 @@ +# +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +--- + +- name: Import config file + include_vars: + file: ../../../config.yml + name: vardata + +- name: Generate secret + # yamllint disable rule:line-length + command: kubectl create secret generic edgegallery-ssl-secret --from-file=keystore.p12=/tmp/ssl-eg-keys-certs/keystore.p12 --from-literal=keystorePassword={{ vardata.common_pwd.name}} --from-literal=keystoreType=PKCS12 --from-literal=keyAlias=edgegallery --from-file=trust.cer=/tmp/ssl-eg-keys-certs/ca.crt --from-file=server.cer=/tmp/ssl-eg-keys-certs/tls.crt --from-file=server_key.pem=/tmp/ssl-eg-keys-certs/encryptedtls.key --from-literal=cert_pwd={{ vardata.common_pwd.name}} + args: + chdir: /tmp/ssl-eg-keys-certs/ diff --git a/blueprints/iotgateway/playbooks/roles/eg_secret/tasks/main.yml b/blueprints/iotgateway/playbooks/roles/eg_secret/tasks/main.yml new file mode 100644 index 0000000..bd61315 --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/eg_secret/tasks/main.yml @@ -0,0 +1,26 @@ +# +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +--- + +# tasks file for eg_secret +- include: "install.yml" + static: false + when: operation == 'install' + +- include: "uninstall.yml" + static: false + when: operation == 'uninstall' diff --git a/blueprints/iotgateway/playbooks/roles/eg_secret/tasks/uninstall.yml b/blueprints/iotgateway/playbooks/roles/eg_secret/tasks/uninstall.yml new file mode 100644 index 0000000..ea33726 --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/eg_secret/tasks/uninstall.yml @@ -0,0 +1,22 @@ +# +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +--- + +- name: Delete edgegallery ssl secret + command: kubectl delete secret edgegallery-ssl-secret + ignore_errors: yes + no_log: True diff --git a/blueprints/iotgateway/playbooks/roles/eg_set-helm-repo/tasks/install.yml b/blueprints/iotgateway/playbooks/roles/eg_set-helm-repo/tasks/install.yml new file mode 100644 index 0000000..6e517b1 --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/eg_set-helm-repo/tasks/install.yml @@ -0,0 +1,30 @@ +# +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +--- + +- name: Import config file + include_vars: + file: ../../../config.yml + name: vardata + +- name: Helm repo add edgegallery + # yamllint disable rule:line-length + command: helm repo add edgegallery http://{{ vardata.private_repo_ip.name}}:8080/edgegallery + +- name: Helm repo add stable + # yamllint disable rule:line-length + command: helm repo add stable http://{{ vardata.private_repo_ip.name}}:8080/stable diff --git a/blueprints/iotgateway/playbooks/roles/eg_set-helm-repo/tasks/main.yml b/blueprints/iotgateway/playbooks/roles/eg_set-helm-repo/tasks/main.yml new file mode 100644 index 0000000..2c506fb --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/eg_set-helm-repo/tasks/main.yml @@ -0,0 +1,22 @@ +# +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +--- + +# tasks file for eg_set-helm-repo +- include: "install.yml" + static: false + when: operation == 'install' diff --git a/blueprints/iotgateway/playbooks/roles/eg_user-mgmt/tasks/install.yml b/blueprints/iotgateway/playbooks/roles/eg_user-mgmt/tasks/install.yml new file mode 100644 index 0000000..e215dab --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/eg_user-mgmt/tasks/install.yml @@ -0,0 +1,42 @@ +# +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +--- + +- name: Import config file + include_vars: + file: ../../../config.yml + name: vardata + +- name: Set a variable + ansible.builtin.set_fact: + comm_pwd: "{{ vardata.common_pwd.name }}" + +- name: Create certificates for usermanagment with common pwd + # yamllint disable rule:line-length + command: kubectl create secret generic user-mgmt-jwt-secret --from-file=publicKey=/tmp/ssl-eg-keys-certs/rsa_public_key.pem --from-file=encryptedPrivateKey=/tmp/ssl-eg-keys-certs/encrypted_rsa_private_key.pem --from-literal=encryptPassword={{ vardata.common_pwd.name}} + # yamllint disable rule:line-length + when: comm_pwd != "" + +- name: Generating certificates for usermanagment + # yamllint disable rule:line-length + command: kubectl create secret generic user-mgmt-jwt-secret --from-file=publicKey=/tmp/ssl-eg-keys-certs/rsa_public_key.pem --from-file=encryptedPrivateKey=/tmp/ssl-eg-keys-certs/encrypted_rsa_private_key.pem --from-literal=encryptPassword={{ vardata.user_mgmt_encryptPassword.name}} + # yamllint disable rule:line-length + when: comm_pwd == "" + +- name: Install user-mgmt + # yamllint disable rule:line-length + command: helm install user-mgmt-edgegallery edgegallery/usermgmt --set global.oauth2.clients.appstore.clientUrl=https://{{ ansible_host }}:{{vardata.appstore_port.name}},global.oauth2.clients.developer.clientUrl=https://{{ ansible_host }}:{{vardata.developer_port.name}},global.oauth2.clients.mecm.clientUrl=https://{{ ansible_host }}:{{vardata.mecm_port.name}}, --set jwt.secretName=user-mgmt-jwt-secret --set images.usermgmt.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/user-mgmt --set images.postgres.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/postgres --set images.redis.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/redis --set images.initservicecenter.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/curl --set images.usermgmt.tag={{ vardata.eg_image_tag.name}} --set images.usermgmt.pullPolicy=IfNotPresent --set images.postgres.pullPolicy=IfNotPresent --set images.redis.pullPolicy=IfNotPresent --set images.initservicecenter.pullPolicy=IfNotPresent --set global.ssl.enabled=true --set global.ssl.secretName=edgegallery-ssl-secret diff --git a/blueprints/iotgateway/playbooks/roles/eg_user-mgmt/tasks/main.yml b/blueprints/iotgateway/playbooks/roles/eg_user-mgmt/tasks/main.yml new file mode 100644 index 0000000..6545b6a --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/eg_user-mgmt/tasks/main.yml @@ -0,0 +1,26 @@ +# +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +--- + +# tasks file for eg_user-mgmt +- include: "install.yml" + static: false + when: operation == 'install' + +- include: "uninstall.yml" + static: false + when: operation == 'uninstall' diff --git a/blueprints/iotgateway/playbooks/roles/eg_user-mgmt/tasks/uninstall.yml b/blueprints/iotgateway/playbooks/roles/eg_user-mgmt/tasks/uninstall.yml new file mode 100644 index 0000000..60eb052 --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/eg_user-mgmt/tasks/uninstall.yml @@ -0,0 +1,27 @@ +# +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +--- + +- name: Uninstall user management + command: helm uninstall user-mgmt-edgegallery + ignore_errors: yes + no_log: True + +- name: Delete user-mgmt-jwt-secret + command: kubectl delete secret user-mgmt-jwt-secret + ignore_errors: yes + no_log: True diff --git a/blueprints/iotgateway/playbooks/roles/grafana/files/values.yaml b/blueprints/iotgateway/playbooks/roles/grafana/files/values.yaml new file mode 100644 index 0000000..dfa6f8c --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/grafana/files/values.yaml @@ -0,0 +1,2757 @@ +--- +env: + # GF_USERS_DEFAULT_THEME: 'light' + GF_SECURITY_ALLOW_EMBEDDING: 'true' + GF_AUTH_ANONYMOUS_ENABLED: 'true' + GF_AUTH_ANONYMOUS_ORG_ROLE: 'Editor' + +service: + type: NodePort + nodePort: 30000 + +image: + repository: grafana/grafana-arm64v8-linux + tag: 6.5.2-ubuntu + +datasources: + datasources.yaml: + apiVersion: 1 + datasources: + - name: MEP + type: prometheus + access: proxy + url: http://mep-prometheus-server.default.svc.cluster.local:80 + +downloadDashboardsImage: + repository: lucashalbert/curl + tag: arm64v8-7.66.0-r0 + +dashboardProviders: + dashboardproviders.yaml: + apiVersion: 1 + providers: + - name: 'default' + orgId: 1 + folder: '' + type: file + disableDeletion: false + editable: true + options: + path: /var/lib/grafana/dashboards/default + +dashboards: + default: + cluster-metrics: + # yamllint disable rule:line-length + json: | + { + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "description": "Summary metrics about containers running on Kubernetes nodes.\r\n\r\nDashboard was taken from here. This version does not reqiure you to\r\nsetup the Kubernetes-app plugin. (https://github.com/grafana/kubernetes-app)\r\n\r\nUse this Helm chart to launch Grafana into a Kubernetes cluster. It will include this dashboard and many more dashboards to give you visibility into the Kubernetes Cluster. (https://github.com/sekka1/cloud-public/tree/master/kubernetes/pods/grafana-helm)", + "editable": true, + "gnetId": 6417, + "graphTooltip": 1, + "id": 2, + "iteration": 1574675114940, + "links": [ + { + "asDropdown": true, + "icon": "external link", + "includeVars": true, + "keepTime": false, + "tags": [ + "kubernetes-app" + ], + "title": "Dashboards", + "type": "dashboards" + } + ], + "panels": [ + { + "collapsed": false, + "datasource": null, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 2, + "panels": [], + "title": "Cluster Health", + "type": "row" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "MEP", + "format": "percentunit", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": true, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 4, + "w": 6, + "x": 0, + "y": 1 + }, + "id": 4, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "options": {}, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(kube_pod_info{node=~\"$node\"}) / sum(kube_node_status_allocatable_pods{node=~\".*\"})", + "format": "time_series", + "intervalFactor": 1, + "refId": "A" + } + ], + "thresholds": "80,90", + "title": "Cluster Pod Usage", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "MEP", + "format": "percentunit", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": true, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 4, + "w": 6, + "x": 6, + "y": 1 + }, + "id": 5, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "options": {}, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(kube_pod_container_resource_requests_cpu_cores{node=~\"$node\"}) / sum(kube_node_status_allocatable_cpu_cores{node=~\"$node\"})", + "format": "time_series", + "intervalFactor": 1, + "refId": "A" + } + ], + "thresholds": "80,90", + "title": "Cluster CPU Usage", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "MEP", + "format": "percentunit", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": true, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 4, + "w": 6, + "x": 12, + "y": 1 + }, + "id": 6, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "options": {}, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(kube_pod_container_resource_requests_memory_bytes{node=~\"$node\"}) / sum(kube_node_status_allocatable_memory_bytes{node=~\"$node\"})", + "format": "time_series", + "intervalFactor": 1, + "refId": "A" + } + ], + "thresholds": "80,90", + "title": "Cluster Memory Usage", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "MEP", + "format": "percentunit", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": true, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 4, + "w": 6, + "x": 18, + "y": 1 + }, + "id": 7, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "options": {}, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "(sum (node_filesystem_size_bytes{kubernetes_node=~\"$node\"}) - sum (node_filesystem_free_bytes{kubernetes_node=~\"$node\"})) / sum (node_filesystem_size_bytes{kubernetes_node=~\"$node\"})", + "format": "time_series", + "intervalFactor": 1, + "refId": "A" + } + ], + "thresholds": "80,90", + "title": "Cluster Disk Usage", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "MEP", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 5, + "w": 6, + "x": 0, + "y": 5 + }, + "id": 9, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "options": { + "dataLinks": [] + }, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(kube_node_status_allocatable_pods{node=~\"$node\"})", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "allocatable", + "refId": "A" + }, + { + "expr": "sum(kube_node_status_capacity_pods{node=~\"$node\"})", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "capacity", + "refId": "B" + }, + { + "expr": "sum(kube_pod_info{node=~\"$node\"})", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "requested", + "refId": "C" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Cluster Pod Capacity", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": "pods", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "MEP", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 5, + "w": 6, + "x": 6, + "y": 5 + }, + "id": 10, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "options": { + "dataLinks": [] + }, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(kube_node_status_capacity_cpu_cores{node=~\"$node\"})", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "allocatable", + "refId": "A" + }, + { + "expr": "sum(kube_node_status_allocatable_cpu_cores{node=~\"$node\"})", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "capacity", + "refId": "B" + }, + { + "expr": "sum(kube_pod_container_resource_requests_cpu_cores{node=~\"$node\"})", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "requested", + "refId": "C" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Cluster CPU Capacity", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": null, + "format": "none", + "label": "cores", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "MEP", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 5, + "w": 6, + "x": 12, + "y": 5 + }, + "id": 11, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "options": { + "dataLinks": [] + }, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(kube_node_status_allocatable_memory_bytes{node=~\"$node\"})", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "allocatable", + "refId": "A" + }, + { + "expr": "sum(kube_node_status_capacity_memory_bytes{node=~\"$node\"})", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "capacity", + "refId": "B" + }, + { + "expr": "sum(kube_pod_container_resource_requests_memory_bytes{node=~\"$node\"})", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "requested", + "refId": "C" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Cluster Mem Capacity", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "decbytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "MEP", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 5, + "w": 6, + "x": 18, + "y": 5 + }, + "id": 12, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "options": { + "dataLinks": [] + }, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(node_filesystem_size_bytes{kubernetes_node=~\"$node\"}) - sum(node_filesystem_free_bytes{kubernetes_node=~\"$node\"})", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "usage", + "refId": "A" + }, + { + "expr": "sum(node_filesystem_size_bytes{kubernetes_node=~\"$node\"})", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "limit", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Cluster Disk Capacity", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "decbytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "collapsed": false, + "datasource": null, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 10 + }, + "id": 14, + "panels": [], + "title": "Deployments", + "type": "row" + }, + { + "columns": [ + { + "text": "Current", + "value": "current" + } + ], + "datasource": "MEP", + "fontSize": "100%", + "gridPos": { + "h": 5, + "w": 6, + "x": 0, + "y": 11 + }, + "id": 16, + "links": [], + "options": {}, + "pageSize": null, + "scroll": true, + "showHeader": true, + "sort": { + "col": 1, + "desc": true + }, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "date" + }, + { + "alias": "", + "colorMode": "row", + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "decimals": 0, + "pattern": "Metric", + "thresholds": [ + "0", + "0", + ".9" + ], + "type": "string", + "unit": "none" + }, + { + "alias": "", + "colorMode": "row", + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 0, + "link": false, + "pattern": "Value", + "thresholds": [ + "0", + "1" + ], + "type": "number", + "unit": "none" + } + ], + "targets": [ + { + "expr": "kube_deployment_status_replicas{namespace=~\"$namespace\"}", + "format": "time_series", + "instant": true, + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{ deployment }}", + "refId": "A" + } + ], + "title": "Deployment Replicas - Up To Date", + "transform": "timeseries_to_rows", + "type": "table" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "MEP", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 5, + "w": 6, + "x": 6, + "y": 11 + }, + "id": 18, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "options": {}, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(kube_deployment_status_replicas{namespace=~\"$namespace\"})", + "format": "time_series", + "intervalFactor": 1, + "refId": "A" + } + ], + "thresholds": "", + "title": "Deployment Replicas", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "avg" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "MEP", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 5, + "w": 6, + "x": 12, + "y": 11 + }, + "id": 19, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "options": {}, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(kube_deployment_status_replicas_updated{namespace=~\"$namespace\"})", + "format": "time_series", + "intervalFactor": 1, + "refId": "A" + } + ], + "thresholds": "", + "title": "Deployment Replicas - Updated", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "avg" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "MEP", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 5, + "w": 6, + "x": 18, + "y": 11 + }, + "id": 20, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "options": {}, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(kube_deployment_status_replicas_unavailable{namespace=~\"$namespace\"})", + "format": "time_series", + "intervalFactor": 1, + "refId": "A" + } + ], + "thresholds": "", + "title": "Deployment Replicas - Unavailable", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "avg" + }, + { + "collapsed": false, + "datasource": null, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 16 + }, + "id": 22, + "panels": [], + "title": "Node", + "type": "row" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "MEP", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 3, + "w": 8, + "x": 0, + "y": 17 + }, + "id": 24, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "options": {}, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(kube_node_info{node=~\"$node\"})", + "format": "time_series", + "intervalFactor": 1, + "refId": "A" + } + ], + "thresholds": "", + "title": "Number Of Nodes", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "avg" + }, + { + "cacheTimeout": null, + "colorBackground": true, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "MEP", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 3, + "w": 8, + "x": 8, + "y": 17 + }, + "id": 25, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "options": {}, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(kube_node_status_condition{condition=\"OutOfDisk\", node=~\"$node\", status=\"true\"})", + "format": "time_series", + "intervalFactor": 1, + "refId": "A" + } + ], + "thresholds": "1", + "title": "Nodes Out of Disk", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": true, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "MEP", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 3, + "w": 8, + "x": 16, + "y": 17 + }, + "id": 26, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "options": {}, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(kube_node_spec_unschedulable{node=~\"$node\"})", + "format": "time_series", + "intervalFactor": 1, + "refId": "A" + } + ], + "thresholds": "1", + "title": "Nodes Unavailable", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + }, + { + "collapsed": false, + "datasource": null, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 20 + }, + "id": 28, + "panels": [], + "title": "Pods", + "type": "row" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "MEP", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 3, + "w": 12, + "x": 0, + "y": 21 + }, + "id": 30, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "options": {}, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(78, 203, 42, 0.28)", + "full": false, + "lineColor": "#629e51", + "show": true + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(kube_pod_status_phase{namespace=~\"$namespace\", phase=\"Running\"})", + "format": "time_series", + "interval": "", + "intervalFactor": 1, + "refId": "A" + } + ], + "thresholds": "", + "title": "Pods Running", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "MEP", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 3, + "w": 12, + "x": 12, + "y": 21 + }, + "id": 31, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "options": {}, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(78, 203, 42, 0.28)", + "full": false, + "lineColor": "#629e51", + "show": true + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(kube_pod_status_phase{namespace=~\"$namespace\", phase=\"Pending\"})", + "format": "time_series", + "interval": "", + "intervalFactor": 1, + "refId": "A" + } + ], + "thresholds": "", + "title": "Pods Pending", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "MEP", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 3, + "w": 8, + "x": 0, + "y": 24 + }, + "id": 32, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "options": {}, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(78, 203, 42, 0.28)", + "full": false, + "lineColor": "#629e51", + "show": true + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(kube_pod_status_phase{namespace=~\"$namespace\", phase=\"Failed\"})", + "format": "time_series", + "interval": "", + "intervalFactor": 1, + "refId": "A" + } + ], + "thresholds": "", + "title": "Pods Failed", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "MEP", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 3, + "w": 8, + "x": 8, + "y": 24 + }, + "id": 33, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "options": {}, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(78, 203, 42, 0.28)", + "full": false, + "lineColor": "#629e51", + "show": true + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(kube_pod_status_phase{namespace=~\"$namespace\", phase=\"Succeeded\"})", + "format": "time_series", + "interval": "", + "intervalFactor": 1, + "refId": "A" + } + ], + "thresholds": "", + "title": "Pods Succeeded", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "MEP", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 3, + "w": 8, + "x": 16, + "y": 24 + }, + "id": 34, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "options": {}, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(78, 203, 42, 0.28)", + "full": false, + "lineColor": "#629e51", + "show": true + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(kube_pod_status_phase{namespace=~\"$namespace\", phase=\"Unknown\"})", + "format": "time_series", + "interval": "", + "intervalFactor": 1, + "refId": "A" + } + ], + "thresholds": "", + "title": "Pods Unknown", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + }, + { + "collapsed": false, + "datasource": null, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 27 + }, + "id": 36, + "panels": [], + "title": "Containers", + "type": "row" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "MEP", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 3, + "w": 6, + "x": 0, + "y": 28 + }, + "id": 38, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "options": {}, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": true + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(kube_pod_container_status_running{namespace=~\"$namespace\"})", + "format": "time_series", + "intervalFactor": 1, + "refId": "A" + } + ], + "thresholds": "", + "title": "Containers Running", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "MEP", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 3, + "w": 6, + "x": 6, + "y": 28 + }, + "id": 39, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "options": {}, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": true + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(kube_pod_container_status_waiting{namespace=~\"$namespace\"})", + "format": "time_series", + "intervalFactor": 1, + "refId": "A" + } + ], + "thresholds": "", + "title": "Containers Waiting", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "MEP", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 3, + "w": 6, + "x": 12, + "y": 28 + }, + "id": 40, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "options": {}, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": true + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(kube_pod_container_status_terminated{namespace=~\"$namespace\"})", + "format": "time_series", + "intervalFactor": 1, + "refId": "A" + } + ], + "thresholds": "", + "title": "Containers Terminated", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "MEP", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 3, + "w": 6, + "x": 18, + "y": 28 + }, + "id": 41, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "options": {}, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": true + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(delta(kube_pod_container_status_restarts_total{namespace=\"kube-system\"}[30m]))", + "format": "time_series", + "intervalFactor": 1, + "refId": "A" + } + ], + "thresholds": "", + "title": "Containers Restarts (Last 30 Minutes)", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "MEP", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 3, + "w": 12, + "x": 0, + "y": 31 + }, + "id": 43, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "options": {}, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": true + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(kube_pod_container_resource_requests_cpu_cores{kubernetes_namespace=~\"$namespace\", node=~\"$node\"})", + "format": "time_series", + "intervalFactor": 1, + "refId": "A" + } + ], + "thresholds": "", + "title": "CPU Cores Requested by Containers", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "MEP", + "format": "decbytes", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 3, + "w": 12, + "x": 12, + "y": 31 + }, + "id": 42, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "options": {}, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": true + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(kube_pod_container_resource_requests_memory_bytes{namespace=~\"kube-system\", node=~\"$node\"})", + "format": "time_series", + "intervalFactor": 1, + "refId": "A" + } + ], + "thresholds": "", + "title": "Memory Requested By Containers", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + } + ], + "refresh": false, + "schemaVersion": 20, + "style": "dark", + "tags": [ + "kubernetes", + "kubernetes-app" + ], + "templating": { + "list": [ + { + "current": { + "text": "No data sources found", + "value": "" + }, + "hide": 2, + "includeAll": false, + "label": "", + "multi": false, + "name": "datasource", + "options": [], + "query": "prometheus", + "refresh": 1, + "regex": "/$ds/", + "skipUrlSync": false, + "type": "datasource" + }, + { + "allValue": ".*", + "current": { + "tags": [], + "text": "All", + "value": "$__all" + }, + "datasource": "MEP", + "definition": "label_values(kube_pod_info, kubernetes_node)", + "hide": 0, + "includeAll": true, + "label": null, + "multi": false, + "name": "node", + "options": [], + "query": "label_values(kube_pod_info, kubernetes_node)", + "refresh": 2, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": ".*", + "current": { + "text": "All", + "value": "$__all" + }, + "datasource": "MEP", + "definition": "label_values(kube_pod_info, kubernetes_namespace)", + "hide": 0, + "includeAll": true, + "label": null, + "multi": false, + "name": "namespace", + "options": [], + "query": "label_values(kube_pod_info, kubernetes_namespace)", + "refresh": 2, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-30m", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "browser", + "title": "MEP Cluster Metrics", + "uid": "4XuMd2Iiz", + "version": 10 + } + pod-metrics: + json: | + { + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "description": "A dashboard to view pod metrics by namespace and pod names.\r\n\r\nUse this Helm chart to launch Grafana into a Kubernetes cluster. It will include this dashboard and many more dashboards to give you visibility into the Kubernetes Cluster. (https://github.com/sekka1/cloud-public/tree/master/kubernetes/pods/grafana-helm)", + "editable": true, + "gnetId": 6336, + "graphTooltip": 0, + "id": 4, + "iteration": 1574675785610, + "links": [], + "panels": [ + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "MEP", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 23, + "x": 0, + "y": 0 + }, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "options": { + "dataLinks": [] + }, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "avg(irate(container_cpu_usage_seconds_total{pod!=\"\", pod=~\"[[pod_name]].*\", namespace=~\"[[namespace]].*\"}[5m]) * 100) by (pod)", + "format": "time_series", + "hide": false, + "intervalFactor": 1, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "CPU", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "MEP", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 10, + "w": 23, + "x": 0, + "y": 9 + }, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "options": { + "dataLinks": [] + }, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum (container_memory_working_set_bytes{pod!=\"\", pod=~\"[[pod_name]].*\", namespace=~\"[[namespace]].*\"}) by (pod)", + "format": "time_series", + "intervalFactor": 1, + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Memory", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "refresh": false, + "schemaVersion": 20, + "style": "dark", + "tags": [], + "templating": { + "list": [ + { + "allValue": ".*", + "current": { + "tags": [], + "text": "All", + "value": "$__all" + }, + "datasource": "MEP", + "definition": "label_values(kube_pod_info, kubernetes_namespace)", + "hide": 0, + "includeAll": true, + "label": null, + "multi": false, + "name": "namespace", + "options": [], + "query": "label_values(kube_pod_info, kubernetes_namespace)", + "refresh": 2, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": ".*", + "current": { + "text": "All", + "value": "$__all" + }, + "datasource": "MEP", + "definition": "label_values(kube_pod_info{namespace=\"$namespace\"}, pod)", + "hide": 0, + "includeAll": true, + "label": null, + "multi": false, + "name": "pod_name", + "options": [], + "query": "label_values(kube_pod_info{namespace=\"$namespace\"}, pod)", + "refresh": 2, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "", + "title": "MEP Pods Metrics", + "uid": "-7mPcYniz", + "version": 10 + } diff --git a/blueprints/iotgateway/playbooks/roles/grafana/tasks/install.yml b/blueprints/iotgateway/playbooks/roles/grafana/tasks/install.yml new file mode 100644 index 0000000..46245cb --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/grafana/tasks/install.yml @@ -0,0 +1,47 @@ +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +- name: check if grafana is already installed + shell: + cmd: helm status mec-grafana + register: result + ignore_errors: yes + no_log: True + +- debug: + msg: grafana is already present + when: result.stdout != "" + +- debug: +# yamllint disable rule:line-length + msg: Ignore Uninstall Log , Grafana not installed continue with Installation +# yamllint disable rule:line-length + when: result.stdout == "" + +- name: "INSTALL: Install grafana on x86_64" + shell: + cmd: helm install mec-grafana stable/grafana + when: result is failed and ansible_architecture == 'x86_64' + +- name: "INSTALL: copy values.yaml to host" + copy: + src: values.yaml + dest: /tmp/grafana/ + when: result is failed and ansible_architecture == 'aarch64' + +- name: "INSTALL: Install grafana on aarch64" + shell: + cmd: helm install mec-grafana stable/grafana -f /tmp/grafana/values.yaml + when: result is failed and ansible_architecture == 'aarch64' diff --git a/blueprints/iotgateway/playbooks/roles/grafana/tasks/main.yml b/blueprints/iotgateway/playbooks/roles/grafana/tasks/main.yml new file mode 100644 index 0000000..db34791 --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/grafana/tasks/main.yml @@ -0,0 +1,21 @@ +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +- include: "install.yml" + static: false + when: operation == 'install' + + #- include: "uninstall.yml" + #when: operation == 'uninstall' diff --git a/blueprints/iotgateway/playbooks/roles/grafana/tasks/uninstall.yml b/blueprints/iotgateway/playbooks/roles/grafana/tasks/uninstall.yml new file mode 100644 index 0000000..6f08c57 --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/grafana/tasks/uninstall.yml @@ -0,0 +1,34 @@ +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +- name: check if grafana is installed before deleting + shell: + cmd: helm status mec-grafana + register: result + ignore_errors: yes + no_log: True + +- debug: + msg: Uninstalling docker... + when: result.stdout != "" + +- debug: + msg: Ignore Uninstall Log , Grafana not installed + when: result.stdout == "" + +- name: Uninstall grafana + shell: + cmd: helm uninstall mec-grafana + when: result is succeeded diff --git a/blueprints/iotgateway/playbooks/roles/helm/tasks/install.yml b/blueprints/iotgateway/playbooks/roles/helm/tasks/install.yml new file mode 100644 index 0000000..f855091 --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/helm/tasks/install.yml @@ -0,0 +1,68 @@ +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- + +- name: check whether helm is already installed + command: which helm + register: result + ignore_errors: yes + no_log: True + +- debug: + msg: helm is already present + when: result.stdout != "" + +- debug: +# yamllint disable rule:line-length + msg: Ignore Uninstall Log , Helm not installed continue with Installation +# yamllint disable rule:line-length + when: result.stdout == "" + +- name: "INSTALL: Helm download command on x86_64" + command: wget https://get.helm.sh/helm-v3.0.2-linux-amd64.tar.gz + when: result is failed and ansible_architecture == 'x86_64' + +- name: "INSTALL: Untar helm on x86_64" + command: tar -zxvf helm-v3.0.2-linux-amd64.tar.gz + when: result is failed and ansible_architecture == 'x86_64' + +- name: "INSTALL: Helm move to bin folder on x86_64" + command: mv linux-amd64/helm /usr/local/bin/ + when: result is failed and ansible_architecture == 'x86_64' + +- name: "INSTALL: Helm download command on aarch64" + command: wget https://get.helm.sh/helm-v3.0.2-linux-arm64.tar.gz + when: result is failed and ansible_architecture == 'aarch64' + +- name: "INSTALL: Untar helm on aarch64" + command: tar -zxvf helm-v3.0.2-linux-arm64.tar.gz + when: result is failed and ansible_architecture == 'aarch64' + +- name: "INSTALL: Helm move to bin folder on aarch64" + command: mv linux-arm64/helm /usr/local/bin/ + when: result is failed and ansible_architecture == 'aarch64' + +- name: "INSTALL: Add helm repo" +# yamllint disable rule:line-length + command: helm repo add stable https://kubernetes-charts.storage.googleapis.com/ +# yamllint disable rule:line-length + when: result is failed + +- name: "INSTALL: Updated helm repo" + command: helm repo update + when: result is failed + +- name: "INSTALLED List helm repo" + command: helm repo list + when: result is failed diff --git a/blueprints/iotgateway/playbooks/roles/helm/tasks/main.yml b/blueprints/iotgateway/playbooks/roles/helm/tasks/main.yml new file mode 100644 index 0000000..9619418 --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/helm/tasks/main.yml @@ -0,0 +1,23 @@ +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- + +# tasks file for helm +- include: "install.yml" + static: false + when: operation == 'install' + +- include: "uninstall.yml" + static: false + when: operation == 'uninstall' diff --git a/blueprints/iotgateway/playbooks/roles/helm/tasks/uninstall.yml b/blueprints/iotgateway/playbooks/roles/helm/tasks/uninstall.yml new file mode 100644 index 0000000..78db3d1 --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/helm/tasks/uninstall.yml @@ -0,0 +1,54 @@ +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +- name: check whether helm is installed before deleting + command: which helm + register: result + ignore_errors: yes + no_log: True + +- debug: + msg: Uninstalling helm... + when: result.stdout != "" + +- debug: + msg: Ignore Uninstall Log ,Helm not installed + when: result.stdout == "" + +- name: "UNINSTALL: Helm Uninstall on x86_64" + command: rm -rf linux-amd64/helm + when: result is succeeded and ansible_architecture == 'x86_64' + +- name: "UNINSTALL: Remove download helm file on x86_64" + command: rm ~/helm-v3.0.2-linux-amd64.tar.gz + when: result is succeeded and ansible_architecture == 'x86_64' + +- name: "UNINSTALL: Helm Uninstall on aarch64" + command: rm -rf linux-arm64/helm + ignore_errors: yes + no_log: True + when: result is succeeded and ansible_architecture == 'aarch64' + +- name: "UNINSTALL: Remove download helm file on aarch64" + command: rm helm-v3.0.2-linux-arm64.tar.gz + ignore_errors: yes + no_log: True + when: result is succeeded and ansible_architecture == 'aarch64' + +- name: "UNINSTALL: Remove helm from bin" + command: rm /usr/local/bin/helm + ignore_errors: yes + no_log: True + when: result is succeeded diff --git a/blueprints/iotgateway/playbooks/roles/k3s/tasks/install.yml b/blueprints/iotgateway/playbooks/roles/k3s/tasks/install.yml new file mode 100644 index 0000000..87de5dd --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/k3s/tasks/install.yml @@ -0,0 +1,74 @@ +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +- name: check whether k3s is already installed + shell: + cmd: which k3s + register: result + ignore_errors: yes + no_log: True + +- debug: + msg: k3s is already present + when: result.stdout != "" + +- debug: +# yamllint disable rule:line-length + msg: Ignore Uninstall Log , k3s not installed continue with Installation +# yamllint disable rule:line-length + when: result.stdout == "" + +- debug: + msg: K3 Installation started on {{ ansible_facts['distribution'] }} MEP Node + +- name: "INSTALL: Disabling firewall for successfull k3s installation on CentOs" + shell: + cmd: systemctl stop firewalld + when: ansible_facts['distribution'] == "CentOS" and result is failed + +- name: "INSTALL: install container-selinux" + shell: + cmd: yum install -y container-selinux selinux-policy-base + when: ansible_facts['distribution'] == "CentOS" and result is failed + ignore_errors: true + +- name: "INSTALL: get interface name" + shell: + cmd: ip a |grep {{ ansible_host }} |awk '{print $NF}' + register: ifName + when: result is failed + +# yamllint disable rule:line-length +- name: "INSTALL: install k3s" + shell: + cmd: curl -sfL https://get.k3s.io | INSTALL_K3S_EXEC="--node-ip={{ ansible_host }} --node-external-ip={{ ansible_host }} --bind-address={{ ansible_host }} --flannel-iface=eth0 --docker --no-deploy=servicelb --no-deploy=traefik --write-kubeconfig-mode 644 --kube-apiserver-arg="service-node-port-range=30000-36000"" sh - + when: result is failed + +# yamllint disable rule:line-length + +#- name: "INSTALL: install k3s" +# shell: +# cmd: curl -sfL https://get.k3s.io | sh - +# when: result is failed + +- name: "INSTALL: create .kube dir" + shell: + cmd: mkdir -p $HOME/.kube/ + when: result is failed + +- name: "INSTALL: copy kubeconfig" + shell: + cmd: cp /etc/rancher/k3s/k3s.yaml $HOME/.kube/config + when: result is failed diff --git a/blueprints/iotgateway/playbooks/roles/k3s/tasks/main.yml b/blueprints/iotgateway/playbooks/roles/k3s/tasks/main.yml new file mode 100644 index 0000000..22746d8 --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/k3s/tasks/main.yml @@ -0,0 +1,22 @@ +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +- include: "install.yml" + static: false + when: operation == 'install' + +- include: "uninstall.yml" + static: false + when: operation == 'uninstall' diff --git a/blueprints/iotgateway/playbooks/roles/k3s/tasks/uninstall.yml b/blueprints/iotgateway/playbooks/roles/k3s/tasks/uninstall.yml new file mode 100644 index 0000000..d58b1bb --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/k3s/tasks/uninstall.yml @@ -0,0 +1,39 @@ +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +- name: check whether k3s is already installed + shell: + cmd: which k3s + register: result + ignore_errors: yes + no_log: True + +- debug: + msg: Uninstalling k3s... + when: result.stdout != "" + +- debug: + msg: "UNINSTALL: Ignore Uninstall Log , K3s not installed" + when: result.stdout == "" + +- name: "UNINSTALL: kill k3s" + shell: + cmd: k3s-killall.sh + when: result is succeeded + +- name: "UNINSTALL: uninstall k3s" + shell: + cmd: k3s-uninstall.sh + when: result is succeeded diff --git a/blueprints/iotgateway/playbooks/roles/k8s/tasks/install.yml b/blueprints/iotgateway/playbooks/roles/k8s/tasks/install.yml new file mode 100644 index 0000000..8388770 --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/k8s/tasks/install.yml @@ -0,0 +1,38 @@ +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +# tasks file for k8s +- name: Check whether k8s is already installed + command: which k8s + register: result + ignore_errors: yes + no_log: True + +- debug: + msg: k8s is already present + when: result.stdout != "" + +- debug: +# yamllint disable rule:line-length + msg: Ignore Uninstall Log , k8s not installed continue with Installation +# yamllint disable rule:line-length + when: result.stdout == "" + +- name: Install k8s + shell: +# yamllint disable rule:line-length + cmd: ansible-playbook -i inventory/mycluster/hosts.yaml --become --become-user=root cluster.yml +# yamllint disable rule:line-length + chdir: /root/eliotkubesprey/kubespray/ diff --git a/blueprints/iotgateway/playbooks/roles/k8s/tasks/main.yml b/blueprints/iotgateway/playbooks/roles/k8s/tasks/main.yml new file mode 100644 index 0000000..a0ff36d --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/k8s/tasks/main.yml @@ -0,0 +1,23 @@ +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +# tasks file for k8s +- include: "install.yml" + static: false + when: operation == 'install' + +- include: "uninstall.yml" + static: false + when: operation == 'uninstall' diff --git a/blueprints/iotgateway/playbooks/roles/k8s/tasks/uninstall.yml b/blueprints/iotgateway/playbooks/roles/k8s/tasks/uninstall.yml new file mode 100644 index 0000000..3ff9e4a --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/k8s/tasks/uninstall.yml @@ -0,0 +1,31 @@ +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +# Uninstall file for k8s +- name: Check whether k8s is already installed + command: kubectl version + register: result + ignore_errors: yes + no_log: True + +- debug: + msg: k8s is already present + when: result.stdout != "" + +- name: Remove k8s + shell: + cmd: yes | ansible-playbook -i inventory/mycluster/hosts.yaml reset.yml + chdir: /root/eliotkubesprey/kubespray/ + when: result.stdout != "" diff --git a/blueprints/iotgateway/playbooks/roles/kubeconfig/tasks/install.yml b/blueprints/iotgateway/playbooks/roles/kubeconfig/tasks/install.yml new file mode 100644 index 0000000..53ad150 --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/kubeconfig/tasks/install.yml @@ -0,0 +1,25 @@ +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +# tasks file for transferring kubeconfig files +- name: debug msg + debug: + msg: transfering config file to OCD Host + +- name: Fetch the file from the controller and edge nodes to ocd-host + fetch: + src: /root/.kube/config + dest: /root/.kube/config-{{ ansible_host }} + flat: yes diff --git a/blueprints/iotgateway/playbooks/roles/kubeconfig/tasks/main.yml b/blueprints/iotgateway/playbooks/roles/kubeconfig/tasks/main.yml new file mode 100644 index 0000000..a3fc9af --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/kubeconfig/tasks/main.yml @@ -0,0 +1,21 @@ +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +# tasks file for kubeconfig transfer +- include: "install.yml" + when: operation == 'install' + +#- include: "uninstall.yml" + #when: operation == 'uninstall' diff --git a/blueprints/iotgateway/playbooks/roles/mepkubeconfig/tasks/install.yml b/blueprints/iotgateway/playbooks/roles/mepkubeconfig/tasks/install.yml new file mode 100644 index 0000000..587f32b --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/mepkubeconfig/tasks/install.yml @@ -0,0 +1,25 @@ +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +# tasks file for k3s kube-config file transfer +- name: debug msg + debug: + msg: transfering mep config file to OCD Host + +- name: Fetch the file from the mep edge nodes to ocd-host + fetch: + src: /root/.kube/config + dest: /root/.kube/kubeconfig/{{ ansible_host }} + flat: yes diff --git a/blueprints/iotgateway/playbooks/roles/mepkubeconfig/tasks/main.yml b/blueprints/iotgateway/playbooks/roles/mepkubeconfig/tasks/main.yml new file mode 100644 index 0000000..1f281b4 --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/mepkubeconfig/tasks/main.yml @@ -0,0 +1,18 @@ +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +# tasks file for kubeconfig transfer +- include: "install.yml" + when: operation == 'install' diff --git a/blueprints/iotgateway/playbooks/roles/prometheus/files/values.yaml b/blueprints/iotgateway/playbooks/roles/prometheus/files/values.yaml new file mode 100644 index 0000000..b26d74b --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/prometheus/files/values.yaml @@ -0,0 +1,26 @@ +--- +alertmanager: + image: + tag: v0.18.0 + +kubeStateMetrics: + image: + repository: carlosedp/kube-state-metrics + tag: v1.7.2 + +pushgateway: + image: + tag: v1.0.1 + +server: + image: + tag: v2.15.2 + +nodeExporter: + image: + tag: v0.18.1 + +configmapReload: + image: + repository: jimmidyson/configmap-reload + tag: latest-arm64 diff --git a/blueprints/iotgateway/playbooks/roles/prometheus/tasks/install.yml b/blueprints/iotgateway/playbooks/roles/prometheus/tasks/install.yml new file mode 100644 index 0000000..f8472b4 --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/prometheus/tasks/install.yml @@ -0,0 +1,48 @@ +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +- name: check if prometheus is already installed + shell: + cmd: helm status mep-prometheus + register: result + ignore_errors: yes + no_log: True + +- debug: + msg: prometheus is already present + when: result.stdout != "" + +- debug: +# yamllint disable rule:line-length + msg: Ignore Uninstall Log , prometheus not installed continue with Installation +# yamllint disable rule:line-length + when: result.stdout == "" + +- name: "INSTALL: Install prometheus on x86_64" + shell: + cmd: helm install mep-prometheus stable/prometheus --version v9.3.1 + when: result is failed and ansible_architecture == 'x86_64' + +- name: "INSTALL: copy values.yaml to host" + copy: + src: values.yaml + dest: /tmp/prometheus/ + when: result is failed and ansible_architecture == 'aarch64' + +- name: "INSTALL: Install prometheus on aarch64" + shell: + cmd: 'helm install mep-prometheus + stable/prometheus -f /tmp/prometheus/values.yaml --version v9.3.1' + when: result is failed and ansible_architecture == 'aarch64' diff --git a/blueprints/iotgateway/playbooks/roles/prometheus/tasks/main.yml b/blueprints/iotgateway/playbooks/roles/prometheus/tasks/main.yml new file mode 100644 index 0000000..7daf37b --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/prometheus/tasks/main.yml @@ -0,0 +1,22 @@ +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +- include: "install.yml" + static: false + when: operation == 'install' + + #- include: "uninstall.yml" + #static: false + #when: operation == 'uninstall' diff --git a/blueprints/iotgateway/playbooks/roles/prometheus/tasks/uninstall.yml b/blueprints/iotgateway/playbooks/roles/prometheus/tasks/uninstall.yml new file mode 100644 index 0000000..c6436c5 --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/prometheus/tasks/uninstall.yml @@ -0,0 +1,34 @@ +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +- name: check if prometheus is installed before deleting + shell: + cmd: helm status mep-prometheus + register: result + ignore_errors: yes + no_log: True + +- debug: + msg: Uninstalling prometheus... + when: result.stdout != "" + +- debug: + msg: Ignore Uninstall Log , Prometheus not installed + when: result.stdout == "" + +- name: Uninstall prometheus + shell: + cmd: helm uninstall mep-prometheus + when: result is succeeded diff --git a/blueprints/iotgateway/playbooks/roles/rabbitmq/files/common/configmap.yaml b/blueprints/iotgateway/playbooks/roles/rabbitmq/files/common/configmap.yaml new file mode 100644 index 0000000..f62ae33 --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/rabbitmq/files/common/configmap.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: rabbitmq-config + namespace: default +data: + enabled_plugins: | + [rabbitmq_management,rabbitmq_peer_discovery_k8s]. + rabbitmq.conf: | + cluster_formation.peer_discovery_backend = rabbit_peer_discovery_k8s + cluster_formation.k8s.host = kubernetes.default.svc.cluster.local + cluster_formation.k8s.address_type = hostname + cluster_formation.node_cleanup.interval = 30 + cluster_formation.node_cleanup.only_log_warning = true + cluster_partition_handling = autoheal + queue_master_locator=min-masters + loopback_users.guest = false + default_user=admin + default_pass=admin diff --git a/blueprints/iotgateway/playbooks/roles/rabbitmq/files/common/namespace_yaml b/blueprints/iotgateway/playbooks/roles/rabbitmq/files/common/namespace_yaml new file mode 100644 index 0000000..05afb83 --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/rabbitmq/files/common/namespace_yaml @@ -0,0 +1,5 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: default diff --git a/blueprints/iotgateway/playbooks/roles/rabbitmq/files/common/rbac.yaml b/blueprints/iotgateway/playbooks/roles/rabbitmq/files/common/rbac.yaml new file mode 100644 index 0000000..074dc46 --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/rabbitmq/files/common/rbac.yaml @@ -0,0 +1,29 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: rabbitmq + namespace: default +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: rabbitmq-peer-discovery-rbac + namespace: default +rules: + - apiGroups: [""] + resources: ["endpoints"] + verbs: ["get"] +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: rabbitmq-peer-discovery-rbac + namespace: default +subjects: + - kind: ServiceAccount + name: rabbitmq +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: rabbitmq-peer-discovery-rbac diff --git a/blueprints/iotgateway/playbooks/roles/rabbitmq/files/common/services.yaml b/blueprints/iotgateway/playbooks/roles/rabbitmq/files/common/services.yaml new file mode 100644 index 0000000..d2c0d62 --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/rabbitmq/files/common/services.yaml @@ -0,0 +1,24 @@ +--- +kind: Service +apiVersion: v1 +metadata: + namespace: default + name: rabbitmq + labels: + app: rabbitmq + type: LoadBalancer +spec: + type: NodePort + ports: + - name: http + protocol: TCP + port: 15672 + targetPort: 15672 + nodePort: 31672 + - name: amqp + protocol: TCP + port: 5672 + targetPort: 5672 + nodePort: 30672 + selector: + app: rabbitmq diff --git a/blueprints/iotgateway/playbooks/roles/rabbitmq/files/statefulset_arm.yaml b/blueprints/iotgateway/playbooks/roles/rabbitmq/files/statefulset_arm.yaml new file mode 100644 index 0000000..d031e91 --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/rabbitmq/files/statefulset_arm.yaml @@ -0,0 +1,78 @@ +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: rabbitmq + namespace: default +spec: + serviceName: rabbitmq + replicas: 3 + selector: + matchLabels: + app: rabbitmq + template: + metadata: + labels: + app: rabbitmq + spec: + serviceAccountName: rabbitmq + terminationGracePeriodSeconds: 10 + nodeSelector: + kubernetes.io/os: linux + containers: + - name: rabbitmq-k8s + image: arm64v8/rabbitmq:3.7-management-alpine + volumeMounts: + - name: config-volume + mountPath: /etc/rabbitmq + ports: + - name: http + protocol: TCP + containerPort: 15672 + - name: amqp + protocol: TCP + containerPort: 5672 + livenessProbe: + exec: + command: ["rabbitmq-diagnostics", "status"] + initialDelaySeconds: 60 + periodSeconds: 60 + timeoutSeconds: 15 + readinessProbe: + exec: + command: ["rabbitmq-diagnostics", "status"] + initialDelaySeconds: 20 + periodSeconds: 60 + timeoutSeconds: 10 + imagePullPolicy: Always + env: + - name: MY_POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: RABBITMQ_USE_LONGNAME + value: "true" + - name: K8S_SERVICE_NAME + value: rabbitmq + - name: RABBITMQ_NODENAME + # yamllint disable rule:line-length + value: rabbit@$(MY_POD_NAME).$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.cluster.local + # yamllint enable rule:line-length + - name: K8S_HOSTNAME_SUFFIX + value: .$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.cluster.local + - name: RABBITMQ_ERLANG_COOKIE + value: "dW5pcXVlLWVybGFuZy1jb29raWU=" + volumes: + - name: config-volume + configMap: + name: rabbitmq-config + items: + - key: rabbitmq.conf + path: rabbitmq.conf + - key: enabled_plugins + path: enabled_plugins diff --git a/blueprints/iotgateway/playbooks/roles/rabbitmq/files/statefulset_x86.yaml b/blueprints/iotgateway/playbooks/roles/rabbitmq/files/statefulset_x86.yaml new file mode 100644 index 0000000..0ec9ff9 --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/rabbitmq/files/statefulset_x86.yaml @@ -0,0 +1,78 @@ +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: rabbitmq + namespace: default +spec: + serviceName: rabbitmq + replicas: 3 + selector: + matchLabels: + app: rabbitmq + template: + metadata: + labels: + app: rabbitmq + spec: + serviceAccountName: rabbitmq + terminationGracePeriodSeconds: 10 + nodeSelector: + kubernetes.io/os: linux + containers: + - name: rabbitmq-k8s + image: rabbitmq:3.7-management-alpine + volumeMounts: + - name: config-volume + mountPath: /etc/rabbitmq + ports: + - name: http + protocol: TCP + containerPort: 15672 + - name: amqp + protocol: TCP + containerPort: 5672 + livenessProbe: + exec: + command: ["rabbitmq-diagnostics", "status"] + initialDelaySeconds: 60 + periodSeconds: 60 + timeoutSeconds: 15 + readinessProbe: + exec: + command: ["rabbitmq-diagnostics", "status"] + initialDelaySeconds: 20 + periodSeconds: 60 + timeoutSeconds: 10 + imagePullPolicy: Always + env: + - name: MY_POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: RABBITMQ_USE_LONGNAME + value: "true" + - name: K8S_SERVICE_NAME + value: rabbitmq + - name: RABBITMQ_NODENAME + # yamllint disable rule:line-length + value: rabbit@$(MY_POD_NAME).$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.cluster.local + # yamllint enable rule:line-length + - name: K8S_HOSTNAME_SUFFIX + value: .$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.cluster.local + - name: RABBITMQ_ERLANG_COOKIE + value: "dW5pcXVlLWVybGFuZy1jb29raWU=" + volumes: + - name: config-volume + configMap: + name: rabbitmq-config + items: + - key: rabbitmq.conf + path: rabbitmq.conf + - key: enabled_plugins + path: enabled_plugins diff --git a/blueprints/iotgateway/playbooks/roles/rabbitmq/tasks/install.yml b/blueprints/iotgateway/playbooks/roles/rabbitmq/tasks/install.yml new file mode 100644 index 0000000..d3113d3 --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/rabbitmq/tasks/install.yml @@ -0,0 +1,64 @@ +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +- name: check if rabbitmq is already installed + shell: + cmd: kubectl get pods rabbitmq-0 + register: result + ignore_errors: yes + no_log: True + +- debug: + msg: rabbitmq is already present + when: result.stdout != "" + +- debug: +# yamllint disable rule:line-length + msg: Ignore Uninstall Log , rabbitmq not installed continue with Installation +# yamllint disable rule:line-length + when: result.stdout == "" + +- name: "INSTALL: copy common folder to host for rabbitmq installation" + copy: + src: common + dest: /tmp/rabbitmq/ + when: result is failed + +- name: "INSTALL: Install common for rabbitmq installation" + shell: + cmd: kubectl apply -f /tmp/rabbitmq/common + when: result is failed + +- name: "INSTALL: copy statefulset_x86.yaml to host for rabbitmq installation" + copy: + src: statefulset_x86.yaml + dest: /tmp/rabbitmq/ + when: result is failed and ansible_architecture == 'x86_64' + +- name: "INSTALL: Install rabbitmq on x86_64" + shell: + cmd: kubectl apply -f /tmp/rabbitmq/statefulset_x86.yaml + when: result is failed and ansible_architecture == 'x86_64' + +- name: "INSTALL: copy statefulset_arm.yaml to host for rabbitmq installation" + copy: + src: statefulset_arm.yaml + dest: /tmp/rabbitmq/ + when: result is failed and ansible_architecture == 'aarch64' + +- name: "INSTALL: Install rabbitmq on aarch64" + shell: + cmd: kubectl apply -f /tmp/rabbitmq/statefulset_arm.yaml + when: result is failed and ansible_architecture == 'aarch64' diff --git a/blueprints/iotgateway/playbooks/roles/rabbitmq/tasks/main.yml b/blueprints/iotgateway/playbooks/roles/rabbitmq/tasks/main.yml new file mode 100644 index 0000000..7daf37b --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/rabbitmq/tasks/main.yml @@ -0,0 +1,22 @@ +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +- include: "install.yml" + static: false + when: operation == 'install' + + #- include: "uninstall.yml" + #static: false + #when: operation == 'uninstall' diff --git a/blueprints/iotgateway/playbooks/roles/rabbitmq/tasks/uninstall.yml b/blueprints/iotgateway/playbooks/roles/rabbitmq/tasks/uninstall.yml new file mode 100644 index 0000000..14c1276 --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/rabbitmq/tasks/uninstall.yml @@ -0,0 +1,44 @@ +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +- name: check if rabbitmq is installed before deleting + shell: + cmd: kubectl get pods rabbitmq-0 + register: result + ignore_errors: yes + no_log: True + +- debug: + msg: Uninstalling rabbitmq... + when: result.stdout != "" + +- debug: + msg: Ignore Uninstall Log , Rabbitmq not installed + when: result.stdout == "" + +- name: Uninstalling rabbitmq + shell: + cmd: kubectl delete -f /tmp/rabbitmq/common + when: result is succeeded + +- name: Uninstall rabbitmq on x86_64 + shell: + cmd: kubectl delete -f /tmp/rabbitmq/statefulset_x86.yaml + when: result is succeeded and ansible_architecture == 'x86_64' + +- name: Uninstall rabbitmq on aarch64 + shell: + cmd: kubectl delete -f /tmp/rabbitmq/statefulset_arm.yaml + when: result is succeeded and ansible_architecture == 'aarch64' diff --git a/blueprints/iotgateway/playbooks/roles/service_center/tasks/install.yml b/blueprints/iotgateway/playbooks/roles/service_center/tasks/install.yml new file mode 100644 index 0000000..f32c163 --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/service_center/tasks/install.yml @@ -0,0 +1,27 @@ +# +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +--- + +- name: Import config file + include_vars: + file: ../../../config.yml + name: vardata + +- name: Install service center + # yamllint disable rule:line-length + command: helm install service-center-edgegallery edgegallery/servicecenter --set images.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/service-center --set images.pullPolicy=IfNotPresent --set global.ssl.enabled=true --set global.ssl.secretName=edgegallery-ssl-secret + # yamllint disable rule:line-length diff --git a/blueprints/iotgateway/playbooks/roles/service_center/tasks/main.yml b/blueprints/iotgateway/playbooks/roles/service_center/tasks/main.yml new file mode 100644 index 0000000..a79c680 --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/service_center/tasks/main.yml @@ -0,0 +1,26 @@ +# +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +--- + +# tasks file for service-center +- include: "install.yml" + static: false + when: operation == 'install' + +- include: "uninstall.yml" + static: false + when: operation == 'uninstall' diff --git a/blueprints/iotgateway/playbooks/roles/service_center/tasks/uninstall.yml b/blueprints/iotgateway/playbooks/roles/service_center/tasks/uninstall.yml new file mode 100644 index 0000000..0df700f --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/service_center/tasks/uninstall.yml @@ -0,0 +1,22 @@ +# +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +--- + +- name: Uninstall service center + command: helm uninstall service-center-edgegallery + ignore_errors: yes + no_log: True diff --git a/blueprints/iotgateway/playbooks/roles/vault/tasks/install.yml b/blueprints/iotgateway/playbooks/roles/vault/tasks/install.yml new file mode 100644 index 0000000..38e1fa2 --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/vault/tasks/install.yml @@ -0,0 +1,31 @@ +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: "INSTALL: Add Vault repo" +# yamllint disable rule:line-length + command: helm repo add hashicorp https://helm.releases.hashicorp.com +# yamllint disable rule:line-length + +- name: "INSTALL: Vault " + command: helm install vault hashicorp/vault + + +- name: "Installing ...Vault " + command: sleep 10 + +- name: "Initialize Vault POD and Unseal Key" + shell: +# yamllint disable rule:line-length + cmd: kubectl exec -ti vault-0 -- vault operator unseal $(kubectl exec vault-0 -- vault operator init -key-shares=1 -key-threshold=1 -format="" | grep -i "unseal key 1" | awk '{print $4}') +# yamllint enable rule:line-length diff --git a/blueprints/iotgateway/playbooks/roles/vault/tasks/main.yml b/blueprints/iotgateway/playbooks/roles/vault/tasks/main.yml new file mode 100644 index 0000000..aedb1c1 --- /dev/null +++ b/blueprints/iotgateway/playbooks/roles/vault/tasks/main.yml @@ -0,0 +1,22 @@ +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +# tasks file for Vault +- include: "install.yml" + static: false + when: operation == 'install' + +#- include: "uninstall.yml" + #when: operation == 'uninstall'