From: Srinivasan Date: Fri, 11 Jun 2021 12:44:15 +0000 (+0530) Subject: ealt-all.yml changes X-Git-Url: https://gerrit.akraino.org/r/gitweb?a=commitdiff_plain;h=3557e89b7503e807fca0cb76707f5fafb1bfa598;p=ealt-edge.git ealt-all.yml changes Signed-off-by: Srinivasan Change-Id: I8fcb9f55703b819dd26c09a7df34230130a5385d --- diff --git a/ocd/infra/playbooks/ealt-all.yml b/ocd/infra/playbooks/ealt-all.yml index 988b947..9192078 100644 --- a/ocd/infra/playbooks/ealt-all.yml +++ b/ocd/infra/playbooks/ealt-all.yml @@ -1,5 +1,5 @@ # -# Copyright 2020 Huawei Technologies Co., Ltd. +# Copyright 2021 Huawei Technologies Co., Ltd. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -16,40 +16,8 @@ --- -############ OCD ############ - -- hosts: ocdconsolidated - become: yes - tags: - - ocdhost - - ocdconsolidated - - roles: - - k8s - - helm - - docker - - eg_prerequisite - - eg_registry - - eg_helm-repo - - eg_certs - ############ Center ############ -### Pre-Requisites ### - -- hosts: prerequisitecenter - become: yes - tags: - - prerequisitecenter - - center - - roles: - - eg_trans_certs - - eg_prerequisite - - helm - - eg_set-helm-repo - - kubeconfig - ### Other 3rd party related ### - hosts: thirdpartycenter @@ -61,50 +29,8 @@ roles: - grafana -### EdgeGallery related ### - -- hosts: egcenter - become: yes - tags: - - egcenter - - center - - roles: - - eg_secret - - service_center - - eg_user-mgmt - - eg_mecm-meo - - eg_mecm-fe - - eg_appstore - - eg_developer - - ############ Edge ############ -### Infrastructure ### -- hosts: edge-infra - become: yes - tags: - - edge-infra - - edge - - roles: - - eg_trans_certs - - docker - - eg_prerequisite - - k3s - -### Pre-Requisites ### - -- hosts: prerequisiteedge - become: yes - tags: - - prerequisiteedge - - edge - - roles: - - helm - ### Other 3rd party related ### - hosts: thirdpartyedge @@ -115,25 +41,8 @@ roles: - rabbitmq - - prometheus - - kubeconfig - - mepkubeconfig - cadvisor -### EdgeGallery related ### - -- hosts: egedge - become: yes - tags: - - egedge - - edge - - roles: - - eg_secret - - eg_set-helm-repo - - eg_mep - - eg_mecm-mepm - ### Storage ### - hosts: openebsinfluxdb diff --git a/ocd/infra/playbooks/roles/eg_appstore/tasks/install.yml b/ocd/infra/playbooks/roles/eg_appstore/tasks/install.yml deleted file mode 100644 index 2b9ad8e..0000000 --- a/ocd/infra/playbooks/roles/eg_appstore/tasks/install.yml +++ /dev/null @@ -1,26 +0,0 @@ -# -# Copyright 2020 Huawei Technologies Co., Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - ---- - -- name: Import vars - include_vars: - file: ../../../config.yml - name: vardata - -- name: Helm install appstore - # yamllint disable rule:line-length - command: helm install appstore-edgegallery edgegallery/appstore --set global.oauth2.authServerAddress=https://{{ ansible_host }}:{{ vardata.usermgmt_port.name}} --set images.appstoreFe.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/appstore-fe --set images.appstoreBe.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/appstore-be --set images.postgres.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/postgres --set images.initservicecenter.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/curl --set images.appstoreFe.tag={{vardata.eg_image_tag.name}} --set images.appstoreBe.tag={{vardata.eg_image_tag.name}} --set images.appstoreFe.pullPolicy=IfNotPresent --set images.appstoreBe.pullPolicy=IfNotPresent --set images.postgres.pullPolicy=IfNotPresent --set images.initservicecenter.pullPolicy=IfNotPresent --set global.ssl.enabled=true --set global.ssl.secretName=edgegallery-ssl-secret diff --git a/ocd/infra/playbooks/roles/eg_appstore/tasks/main.yml b/ocd/infra/playbooks/roles/eg_appstore/tasks/main.yml deleted file mode 100644 index e8bea5a..0000000 --- a/ocd/infra/playbooks/roles/eg_appstore/tasks/main.yml +++ /dev/null @@ -1,26 +0,0 @@ -# -# Copyright 2020 Huawei Technologies Co., Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - ---- - -# tasks file for eg_appstore -- include: "install.yml" - static: false - when: operation == 'install' - -- include: "uninstall.yml" - static: false - when: operation == 'uninstall' diff --git a/ocd/infra/playbooks/roles/eg_appstore/tasks/uninstall.yml b/ocd/infra/playbooks/roles/eg_appstore/tasks/uninstall.yml deleted file mode 100644 index f38b51d..0000000 --- a/ocd/infra/playbooks/roles/eg_appstore/tasks/uninstall.yml +++ /dev/null @@ -1,22 +0,0 @@ -# -# Copyright 2020 Huawei Technologies Co., Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - ---- - -- name: Uninstall appstore - command: helm uninstall appstore-edgegallery - ignore_errors: yes - no_log: True diff --git a/ocd/infra/playbooks/roles/eg_certs/tasks/install.yml b/ocd/infra/playbooks/roles/eg_certs/tasks/install.yml deleted file mode 100644 index 1aa05cf..0000000 --- a/ocd/infra/playbooks/roles/eg_certs/tasks/install.yml +++ /dev/null @@ -1,37 +0,0 @@ -# -# Copyright 2020 Huawei Technologies Co., Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - ---- - -- name: Import config file - include_vars: - file: ../../../config.yml - name: vardata - -- name: Remove old ssl key dir - command: rm -rf /tmp/ssl-eg-keys-certs - args: - chdir: /tmp/ - -- name: Make new ssl key dir - command: mkdir -p /tmp/ssl-eg-keys-certs - args: - chdir: /tmp/ - -- name: generate cert - # yamllint disable rule:line-length - command: docker run -e CERT_VALIDITY_IN_DAYS=365 -v /tmp/ssl-eg-keys-certs:/certs {{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/deploy-tool:latest - # yamllint disable rule:line-length diff --git a/ocd/infra/playbooks/roles/eg_certs/tasks/main.yml b/ocd/infra/playbooks/roles/eg_certs/tasks/main.yml deleted file mode 100644 index 0ddc8f4..0000000 --- a/ocd/infra/playbooks/roles/eg_certs/tasks/main.yml +++ /dev/null @@ -1,25 +0,0 @@ -# -# Copyright 2020 Huawei Technologies Co., Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - ---- -# tasks file for eg_certs -- include: "install.yml" - static: false - when: operation == 'install' - -- include: "uninstall.yml" - static: false - when: operation == 'uninstall' diff --git a/ocd/infra/playbooks/roles/eg_certs/tasks/uninstall.yml b/ocd/infra/playbooks/roles/eg_certs/tasks/uninstall.yml deleted file mode 100644 index ca56d0d..0000000 --- a/ocd/infra/playbooks/roles/eg_certs/tasks/uninstall.yml +++ /dev/null @@ -1,24 +0,0 @@ -# -# Copyright 2020 Huawei Technologies Co., Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - ---- - -- name: Remove generated certificates - command: rm -rf /tmp/ssl-eg-keys-certs - args: - chdir: /tmp/ - ignore_errors: yes - no_log: True diff --git a/ocd/infra/playbooks/roles/eg_developer/tasks/install.yml b/ocd/infra/playbooks/roles/eg_developer/tasks/install.yml deleted file mode 100644 index 107d452..0000000 --- a/ocd/infra/playbooks/roles/eg_developer/tasks/install.yml +++ /dev/null @@ -1,26 +0,0 @@ -# -# Copyright 2020 Huawei Technologies Co., Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - ---- - -- name: Import config file - include_vars: - file: ../../../config.yml - name: vardata - -- name: Developer chart installing - # yamllint disable rule:line-length - command: helm install developer-edgegallery edgegallery/developer --set global.oauth2.authServerAddress=https://{{ ansible_host }}:{{ vardata.usermgmt_port.name}} --set images.developerFe.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/developer-fe --set images.developerBe.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/developer-be --set images.postgres.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/postgres --set images.initservicecenter.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/curl --set images.developerFe.tag={{vardata.eg_image_tag.name}} --set images.developerBe.tag={{vardata.eg_image_tag.name}} --set images.developerFe.pullPolicy=IfNotPresent --set images.developerBe.pullPolicy=IfNotPresent --set images.postgres.pullPolicy=IfNotPresent --set images.initservicecenter.pullPolicy=IfNotPresent --set global.ssl.enabled=true --set global.ssl.secretName=edgegallery-ssl-secret diff --git a/ocd/infra/playbooks/roles/eg_developer/tasks/main.yml b/ocd/infra/playbooks/roles/eg_developer/tasks/main.yml deleted file mode 100644 index bab0558..0000000 --- a/ocd/infra/playbooks/roles/eg_developer/tasks/main.yml +++ /dev/null @@ -1,25 +0,0 @@ -# -# Copyright 2020 Huawei Technologies Co., Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - ---- -# tasks file for eg_developer -- include: "install.yml" - static: false - when: operation == 'install' - -- include: "uninstall.yml" - static: false - when: operation == 'uninstall' diff --git a/ocd/infra/playbooks/roles/eg_developer/tasks/uninstall.yml b/ocd/infra/playbooks/roles/eg_developer/tasks/uninstall.yml deleted file mode 100644 index 787052a..0000000 --- a/ocd/infra/playbooks/roles/eg_developer/tasks/uninstall.yml +++ /dev/null @@ -1,22 +0,0 @@ -# -# Copyright 2020 Huawei Technologies Co., Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - ---- - -- name: Uninstall developer - command: helm uninstall developer-edgegallery - ignore_errors: yes - no_log: True diff --git a/ocd/infra/playbooks/roles/eg_helm-repo/files/deploy/helm/helm-charts/edgegallery/appstore-0.9.tgz b/ocd/infra/playbooks/roles/eg_helm-repo/files/deploy/helm/helm-charts/edgegallery/appstore-0.9.tgz deleted file mode 100644 index 53de058..0000000 Binary files a/ocd/infra/playbooks/roles/eg_helm-repo/files/deploy/helm/helm-charts/edgegallery/appstore-0.9.tgz and /dev/null differ diff --git a/ocd/infra/playbooks/roles/eg_helm-repo/files/deploy/helm/helm-charts/edgegallery/developer-0.9.tgz b/ocd/infra/playbooks/roles/eg_helm-repo/files/deploy/helm/helm-charts/edgegallery/developer-0.9.tgz deleted file mode 100644 index 34e7c77..0000000 Binary files a/ocd/infra/playbooks/roles/eg_helm-repo/files/deploy/helm/helm-charts/edgegallery/developer-0.9.tgz and /dev/null differ diff --git a/ocd/infra/playbooks/roles/eg_helm-repo/files/deploy/helm/helm-charts/edgegallery/mecm-fe-0.9.tgz b/ocd/infra/playbooks/roles/eg_helm-repo/files/deploy/helm/helm-charts/edgegallery/mecm-fe-0.9.tgz deleted file mode 100644 index bc76b63..0000000 Binary files a/ocd/infra/playbooks/roles/eg_helm-repo/files/deploy/helm/helm-charts/edgegallery/mecm-fe-0.9.tgz and /dev/null differ diff --git a/ocd/infra/playbooks/roles/eg_helm-repo/files/deploy/helm/helm-charts/edgegallery/mecm-meo-0.9.tgz b/ocd/infra/playbooks/roles/eg_helm-repo/files/deploy/helm/helm-charts/edgegallery/mecm-meo-0.9.tgz deleted file mode 100644 index 9f65c7f..0000000 Binary files a/ocd/infra/playbooks/roles/eg_helm-repo/files/deploy/helm/helm-charts/edgegallery/mecm-meo-0.9.tgz and /dev/null differ diff --git a/ocd/infra/playbooks/roles/eg_helm-repo/files/deploy/helm/helm-charts/edgegallery/mecm-mepm-0.9.tgz b/ocd/infra/playbooks/roles/eg_helm-repo/files/deploy/helm/helm-charts/edgegallery/mecm-mepm-0.9.tgz deleted file mode 100644 index 4f5c572..0000000 Binary files a/ocd/infra/playbooks/roles/eg_helm-repo/files/deploy/helm/helm-charts/edgegallery/mecm-mepm-0.9.tgz and /dev/null differ diff --git a/ocd/infra/playbooks/roles/eg_helm-repo/files/deploy/helm/helm-charts/edgegallery/mep-0.9.tgz b/ocd/infra/playbooks/roles/eg_helm-repo/files/deploy/helm/helm-charts/edgegallery/mep-0.9.tgz deleted file mode 100644 index 490d9ef..0000000 Binary files a/ocd/infra/playbooks/roles/eg_helm-repo/files/deploy/helm/helm-charts/edgegallery/mep-0.9.tgz and /dev/null differ diff --git a/ocd/infra/playbooks/roles/eg_helm-repo/files/deploy/helm/helm-charts/edgegallery/servicecenter-0.9.tgz b/ocd/infra/playbooks/roles/eg_helm-repo/files/deploy/helm/helm-charts/edgegallery/servicecenter-0.9.tgz deleted file mode 100644 index 72aed5a..0000000 Binary files a/ocd/infra/playbooks/roles/eg_helm-repo/files/deploy/helm/helm-charts/edgegallery/servicecenter-0.9.tgz and /dev/null differ diff --git a/ocd/infra/playbooks/roles/eg_helm-repo/files/deploy/helm/helm-charts/edgegallery/usermgmt-0.9.tgz b/ocd/infra/playbooks/roles/eg_helm-repo/files/deploy/helm/helm-charts/edgegallery/usermgmt-0.9.tgz deleted file mode 100644 index d1cc9be..0000000 Binary files a/ocd/infra/playbooks/roles/eg_helm-repo/files/deploy/helm/helm-charts/edgegallery/usermgmt-0.9.tgz and /dev/null differ diff --git a/ocd/infra/playbooks/roles/eg_helm-repo/files/deploy/helm/helm-charts/stable/grafana-5.5.5.tgz b/ocd/infra/playbooks/roles/eg_helm-repo/files/deploy/helm/helm-charts/stable/grafana-5.5.5.tgz deleted file mode 100644 index 2c67c80..0000000 Binary files a/ocd/infra/playbooks/roles/eg_helm-repo/files/deploy/helm/helm-charts/stable/grafana-5.5.5.tgz and /dev/null differ diff --git a/ocd/infra/playbooks/roles/eg_helm-repo/files/deploy/helm/helm-charts/stable/nfs-client-provisioner-1.2.8.tgz b/ocd/infra/playbooks/roles/eg_helm-repo/files/deploy/helm/helm-charts/stable/nfs-client-provisioner-1.2.8.tgz deleted file mode 100644 index c63a4b8..0000000 Binary files a/ocd/infra/playbooks/roles/eg_helm-repo/files/deploy/helm/helm-charts/stable/nfs-client-provisioner-1.2.8.tgz and /dev/null differ diff --git a/ocd/infra/playbooks/roles/eg_helm-repo/files/deploy/helm/helm-charts/stable/nginx-ingress-1.41.2.tgz b/ocd/infra/playbooks/roles/eg_helm-repo/files/deploy/helm/helm-charts/stable/nginx-ingress-1.41.2.tgz deleted file mode 100644 index 00bd24a..0000000 Binary files a/ocd/infra/playbooks/roles/eg_helm-repo/files/deploy/helm/helm-charts/stable/nginx-ingress-1.41.2.tgz and /dev/null differ diff --git a/ocd/infra/playbooks/roles/eg_helm-repo/files/deploy/helm/helm-charts/stable/prometheus-9.3.1.tgz b/ocd/infra/playbooks/roles/eg_helm-repo/files/deploy/helm/helm-charts/stable/prometheus-9.3.1.tgz deleted file mode 100644 index 3b1090b..0000000 Binary files a/ocd/infra/playbooks/roles/eg_helm-repo/files/deploy/helm/helm-charts/stable/prometheus-9.3.1.tgz and /dev/null differ diff --git a/ocd/infra/playbooks/roles/eg_helm-repo/tasks/install.yml b/ocd/infra/playbooks/roles/eg_helm-repo/tasks/install.yml deleted file mode 100644 index 5624146..0000000 --- a/ocd/infra/playbooks/roles/eg_helm-repo/tasks/install.yml +++ /dev/null @@ -1,60 +0,0 @@ -# -# Copyright 2020 Huawei Technologies Co., Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - ---- - -- name: Doing deployment setup for edge gallery - copy: - src: deploy - dest: /tmp/eg_helm-repo/ - -- name: Import config file - include_vars: - file: ../../../config.yml - name: vardata - -- name: Helm repo index edgegallery - command: helm repo index edgegallery/ - args: - chdir: /tmp/eg_helm-repo/deploy/helm/helm-charts/ - -- name: Helm repo index stable - command: helm repo index stable/ - args: - chdir: /tmp/eg_helm-repo/deploy/helm/helm-charts/ - -- name: Changing permisiion - command: chmod -R 755 /tmp/eg_helm-repo - -- name: Creating helm repo - # yamllint disable rule:line-length - command: docker run --name helm-repo -v /tmp/eg_helm-repo/deploy/helm/helm-charts/:/usr/share/nginx/html:ro -d -p 8080:80 nginx:stable - args: - chdir: /tmp/eg_helm-repo/deploy/helm/helm-charts/ - -- name: Helm repo add edgegallery - # yamllint disable rule:line-length - command: helm repo add edgegallery http://{{ vardata.private_repo_ip.name}}:8080/edgegallery - args: - chdir: /tmp/eg_helm-repo/deploy/helm/helm-charts/ - -- name: Helm repo add stable - command: helm repo add stable http://{{ vardata.private_repo_ip.name}}:8080/stable - args: - chdir: /tmp/eg_helm-repo/deploy/helm/helm-charts/ - -- debug: - msg: "Helm repo created" diff --git a/ocd/infra/playbooks/roles/eg_helm-repo/tasks/main.yml b/ocd/infra/playbooks/roles/eg_helm-repo/tasks/main.yml deleted file mode 100644 index 858c198..0000000 --- a/ocd/infra/playbooks/roles/eg_helm-repo/tasks/main.yml +++ /dev/null @@ -1,25 +0,0 @@ -# Copyright 2020 Huawei Technologies Co., Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - ---- - -# tasks file for eg_helm_repo_add -- include: "install.yml" - static: false - when: operation == 'install' - -- include: "uninstall.yml" - static: false - when: operation == 'uninstall' diff --git a/ocd/infra/playbooks/roles/eg_helm-repo/tasks/uninstall.yml b/ocd/infra/playbooks/roles/eg_helm-repo/tasks/uninstall.yml deleted file mode 100644 index 65ea65e..0000000 --- a/ocd/infra/playbooks/roles/eg_helm-repo/tasks/uninstall.yml +++ /dev/null @@ -1,31 +0,0 @@ -# Copyright 2020 Huawei Technologies Co., Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - ---- - -- name: Docker stop helm repo - command: docker stop helm-repo - ignore_errors: yes - no_log: True - -- name: Docker rm helm repo - command: docker rm helm-repo - ignore_errors: yes - no_log: True - -- name: Remove tmp folder - command: rm -rf /tmp/eg_helm-repo - ignore_errors: yes - no_log: True diff --git a/ocd/infra/playbooks/roles/eg_mecm-fe/tasks/install.yml b/ocd/infra/playbooks/roles/eg_mecm-fe/tasks/install.yml deleted file mode 100644 index 0e728b9..0000000 --- a/ocd/infra/playbooks/roles/eg_mecm-fe/tasks/install.yml +++ /dev/null @@ -1,26 +0,0 @@ -# -# Copyright 2020 Huawei Technologies Co., Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - ---- - -- name: Import config file - include_vars: - file: ../../../config.yml - name: vardata - -- name: Install mecm-fe - # yamllint disable rule:line-length - command: helm install mecm-fe-edgegallery edgegallery/mecm-fe --set global.oauth2.authServerAddress=https://{{ ansible_host }}:{{vardata.usermgmt_port.name}} --set images.mecmFe.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/mecm-fe --set images.initservicecenter.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/curl --set images.mecmFe.tag={{vardata.eg_image_tag.name}} --set images.mecmFe.pullPolicy=IfNotPresent --set images.initservicecenter.pullPolicy=IfNotPresent --set global.ssl.enabled=true --set global.ssl.secretName=edgegallery-ssl-secret diff --git a/ocd/infra/playbooks/roles/eg_mecm-fe/tasks/main.yml b/ocd/infra/playbooks/roles/eg_mecm-fe/tasks/main.yml deleted file mode 100644 index b168173..0000000 --- a/ocd/infra/playbooks/roles/eg_mecm-fe/tasks/main.yml +++ /dev/null @@ -1,25 +0,0 @@ -# -# Copyright 2020 Huawei Technologies Co., Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - ---- -# tasks file for eg_mecm-fe -- include: "install.yml" - static: false - when: operation == 'install' - -- include: "uninstall.yml" - static: false - when: operation == 'uninstall' diff --git a/ocd/infra/playbooks/roles/eg_mecm-fe/tasks/uninstall.yml b/ocd/infra/playbooks/roles/eg_mecm-fe/tasks/uninstall.yml deleted file mode 100644 index 6c67b36..0000000 --- a/ocd/infra/playbooks/roles/eg_mecm-fe/tasks/uninstall.yml +++ /dev/null @@ -1,22 +0,0 @@ -# -# Copyright 2020 Huawei Technologies Co., Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - ---- - -- name: Uninstall mecm fe - command: helm uninstall mecm-fe-edgegallery - ignore_errors: yes - no_log: True diff --git a/ocd/infra/playbooks/roles/eg_mecm-meo/files/deploy/conf/keys/postgres_init.sql b/ocd/infra/playbooks/roles/eg_mecm-meo/files/deploy/conf/keys/postgres_init.sql deleted file mode 100644 index 76e94d6..0000000 --- a/ocd/infra/playbooks/roles/eg_mecm-meo/files/deploy/conf/keys/postgres_init.sql +++ /dev/null @@ -1,29 +0,0 @@ -CREATE USER inventory WITH PASSWORD 'PASSWORD_VALUE' CREATEDB; -CREATE DATABASE inventorydb - WITH - OWNER = inventory - ENCODING = 'UTF8' - LC_COLLATE = 'en_US.utf8' - LC_CTYPE = 'en_US.utf8' - TABLESPACE = pg_default - CONNECTION LIMIT = -1; - -CREATE USER appo WITH PASSWORD 'PASSWORD_VALUE' CREATEDB; -CREATE DATABASE appodb - WITH - OWNER = appo - ENCODING = 'UTF8' - LC_COLLATE = 'en_US.utf8' - LC_CTYPE = 'en_US.utf8' - TABLESPACE = pg_default - CONNECTION LIMIT = -1; - -CREATE USER apm WITH PASSWORD 'PASSWORD_VALUE' CREATEDB; -CREATE DATABASE apmdb - WITH - OWNER = apm - ENCODING = 'UTF8' - LC_COLLATE = 'en_US.utf8' - LC_CTYPE = 'en_US.utf8' - TABLESPACE = pg_default - CONNECTION LIMIT = -1; diff --git a/ocd/infra/playbooks/roles/eg_mecm-meo/tasks/install.yml b/ocd/infra/playbooks/roles/eg_mecm-meo/tasks/install.yml deleted file mode 100644 index ecbd950..0000000 --- a/ocd/infra/playbooks/roles/eg_mecm-meo/tasks/install.yml +++ /dev/null @@ -1,73 +0,0 @@ -# -# Copyright 2020 Huawei Technologies Co., Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - ---- - -- name: Doing deployment eg_mecm-meo setup for edge gallery eg_mecm-meo - copy: - src: deploy - dest: /tmp/eg_mecm-meo/ - -- name: Import config file - include_vars: - file: ../../../config.yml - name: vardata - -- name: Replacing pwd sql - replace: - path: /tmp/eg_mecm-meo/deploy/conf/keys/postgres_init.sql - regexp: 'PASSWORD_VALUE' - replace: "{{ vardata.common_pwd.name }}" - -- name: Set a variable - ansible.builtin.set_fact: - comm_pwd: "{{ vardata.common_pwd.name }}" - -- name: Create mecm-ssl-secret with common pwd - # yamllint disable rule:line-length - command: kubectl create secret generic mecm-ssl-secret --from-file=keystore.p12=/tmp/ssl-eg-keys-certs/keystore.p12 --from-file=keystore.jks=/tmp/ssl-eg-keys-certs/keystore.jks --from-literal=keystorePassword={{ vardata.common_pwd.name}} --from-literal=keystoreType=PKCS12 --from-literal=keyAlias=edgegallery --from-literal=truststorePassword={{ vardata.common_pwd.name}} - # yamllint disable rule:line-length - when: comm_pwd != "" - -- name: Generates certificate mecm-ssl-secret - # yamllint disable rule:line-length - command: kubectl create secret generic mecm-ssl-secret --from-file=keystore.p12=/tmp/ssl-eg-keys-certs/keystore.p12 --from-file=keystore.jks=/tmp/ssl-eg-keys-certs/keystore.jks --from-literal=keystorePassword={{ vardata.mecm_meo_keystorePassword.name}} --from-literal=keystoreType=PKCS12 --from-literal=keyAlias=edgegallery --from-literal=truststorePassword={{ vardata.mecm_meo_truststorePassword.name}} - # yamllint disable rule:line-length - when: comm_pwd == "" - -- name: Create certificate edgegallery-mecm-secret with common pwd - # yamllint disable rule:line-length - command: kubectl create secret generic edgegallery-mecm-secret --from-file=postgres_init.sql=/tmp/eg_mecm-meo/deploy/conf/keys/postgres_init.sql --from-literal=postgresPassword={{ vardata.common_pwd.name}} --from-literal=postgresApmPassword={{ vardata.common_pwd.name}} --from-literal=postgresAppoPassword={{ vardata.common_pwd.name}} --from-literal=postgresInventoryPassword={{ vardata.common_pwd.name}} --from-literal=edgeRepoUserName=admin --from-literal=edgeRepoPassword={{ vardata.common_pwd.name}} - # yamllint disable rule:line-length - args: - chdir: /tmp/eg_mecm-meo/deploy/ - when: comm_pwd != "" - -- name: Generates certificate edgegallery-mecm-secret - # yamllint disable rule:line-length - command: kubectl create secret generic edgegallery-mecm-secret --from-file=postgres_init.sql=/tmp/eg_mecm-meo/deploy/conf/keys/postgres_init.sql --from-literal=postgresPassword={{ vardata.mecm_meo_postgresPassword.name}} --from-literal=postgresApmPassword={{ vardata.mecm_meo_postgresApmPassword.name}} --from-literal=postgresAppoPassword={{ vardata.mecm_meo_postgresAppoPassword.name}} --from-literal=postgresInventoryPassword={{ vardata.mecm_meo_postgresInventoryPassword.name}} --from-literal=edgeRepoUserName=admin --from-literal=edgeRepoPassword={{ vardata.common_pwd.name}} - # yamllint disable rule:line-length - args: - chdir: /tmp/eg_mecm-meo/deploy/ - when: comm_pwd == "" - -- name: Fs group value - shell: 'getent group docker | cut -d: -f3' - register: result - -- name: Helm install - # yamllint disable rule:line-length - command: helm install mecm-meo-edgegallery edgegallery/mecm-meo --set ssl.secretName=mecm-ssl-secret --set mecm.secretName=edgegallery-mecm-secret --set images.inventory.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/mecm-inventory --set images.appo.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/mecm-appo --set images.apm.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/mecm-apm --set images.postgres.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/postgres --set images.inventory.tag={{ vardata.eg_image_tag.name}} --set images.appo.tag={{ vardata.eg_image_tag.name}} --set images.apm.tag={{ vardata.eg_image_tag.name}} --set images.postgres.tag=12.3 --set images.inventory.pullPolicy=IfNotPresent --set images.appo.pullPolicy=IfNotPresent --set images.apm.pullPolicy=IfNotPresent --set images.postgres.pullPolicy=IfNotPresent --set mecm.docker.fsgroup="{{result.stdout}}" diff --git a/ocd/infra/playbooks/roles/eg_mecm-meo/tasks/main.yml b/ocd/infra/playbooks/roles/eg_mecm-meo/tasks/main.yml deleted file mode 100644 index 06e1be4..0000000 --- a/ocd/infra/playbooks/roles/eg_mecm-meo/tasks/main.yml +++ /dev/null @@ -1,26 +0,0 @@ -# -# Copyright 2020 Huawei Technologies Co., Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - ---- - -# tasks file for eg_mecm-meo -- include: "install.yml" - static: false - when: operation == 'install' - -- include: "uninstall.yml" - static: false - when: operation == 'uninstall' diff --git a/ocd/infra/playbooks/roles/eg_mecm-meo/tasks/uninstall.yml b/ocd/infra/playbooks/roles/eg_mecm-meo/tasks/uninstall.yml deleted file mode 100644 index 3bd6754..0000000 --- a/ocd/infra/playbooks/roles/eg_mecm-meo/tasks/uninstall.yml +++ /dev/null @@ -1,27 +0,0 @@ -# -# Copyright 2020 Huawei Technologies Co., Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - ---- - -- name: Uninstall mecm meo - command: helm uninstall mecm-meo-edgegallery - ignore_errors: yes - no_log: True - -- name: Delete mecm-ssl-secret and edgegallery-mecm-secret - command: kubectl delete secret mecm-ssl-secret edgegallery-mecm-secret - ignore_errors: yes - no_log: True diff --git a/ocd/infra/playbooks/roles/eg_mecm-mepm/files/deploy/conf/keys/postgres_init.sql b/ocd/infra/playbooks/roles/eg_mecm-mepm/files/deploy/conf/keys/postgres_init.sql deleted file mode 100644 index 0fcc8fc..0000000 --- a/ocd/infra/playbooks/roles/eg_mecm-mepm/files/deploy/conf/keys/postgres_init.sql +++ /dev/null @@ -1,20 +0,0 @@ -CREATE USER lcmcontroller WITH PASSWORD 'PASSWORD_VALUE' CREATEDB; -CREATE DATABASE lcmcontrollerdb - WITH - OWNER = lcmcontroller - ENCODING = 'UTF8' - LC_COLLATE = 'en_US.utf8' - LC_CTYPE = 'en_US.utf8' - TABLESPACE = pg_default - CONNECTION LIMIT = -1; - -CREATE USER k8splugin WITH PASSWORD 'PASSWORD_VALUE' CREATEDB; -CREATE DATABASE k8splugindb - WITH - OWNER = k8splugin - ENCODING = 'UTF8' - LC_COLLATE = 'en_US.utf8' - LC_CTYPE = 'en_US.utf8' - TABLESPACE = pg_default - CONNECTION LIMIT = -1; - diff --git a/ocd/infra/playbooks/roles/eg_mecm-mepm/files/deploy/conf/manifest/mepm/mepm-service-account.yaml b/ocd/infra/playbooks/roles/eg_mecm-mepm/files/deploy/conf/manifest/mepm/mepm-service-account.yaml deleted file mode 100644 index 9bf8e91..0000000 --- a/ocd/infra/playbooks/roles/eg_mecm-mepm/files/deploy/conf/manifest/mepm/mepm-service-account.yaml +++ /dev/null @@ -1,30 +0,0 @@ -# -# Copyright 2020 Huawei Technologies Co., Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRoleBinding -metadata: - name: fabric8-rbac -subjects: - - kind: ServiceAccount - # Reference to upper's `metadata.name` - name: default - # Reference to upper's `metadata.namespace` - namespace: default -roleRef: - kind: ClusterRole - name: cluster-admin - apiGroup: rbac.authorization.k8s.io diff --git a/ocd/infra/playbooks/roles/eg_mecm-mepm/tasks/install.yml b/ocd/infra/playbooks/roles/eg_mecm-mepm/tasks/install.yml deleted file mode 100644 index 12a388c..0000000 --- a/ocd/infra/playbooks/roles/eg_mecm-mepm/tasks/install.yml +++ /dev/null @@ -1,73 +0,0 @@ -# -# Copyright 2020 Huawei Technologies Co., Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - ---- - -- name: Doing deployment eg_mecm-mepm setup for edge gallery eg_mecm-mepm - copy: - src: deploy - dest: /tmp/eg_mecm-mepm/ - -- name: Import config file - include_vars: - file: ../../../config.yml - name: vardata - -- name: Set a variable - ansible.builtin.set_fact: - comm_pwd: "{{ vardata.common_pwd.name }}" - -- name: Replacing password - replace: - path: /tmp/eg_mecm-mepm/deploy/conf/keys/postgres_init.sql - regexp: 'PASSWORD_VALUE' - replace: "{{ vardata.common_pwd.name }}" - -- name: Create mecm-mepm-ssl-secret secret - # yamllint disable rule:line-length - command: kubectl create secret generic mecm-mepm-jwt-public-secret --from-file=publicKey=/tmp/ssl-eg-keys-certs/encryptedtls.key - # yamllint disable rule:line-length - args: - chdir: /tmp/ssl-eg-keys-certs/ - -- name: Create mecm-mepm-ssl-secret secret - # yamllint disable rule:line-length - command: kubectl create secret generic mecm-mepm-ssl-secret --from-file=server_tls.key=/tmp/ssl-eg-keys-certs/tls.key --from-file=server_tls.crt=/tmp/ssl-eg-keys-certs/tls.crt --from-file=ca.crt=/tmp/ssl-eg-keys-certs/ca.crt - # yamllint disable rule:line-length - args: - chdir: /tmp/ssl-eg-keys-certs/ - -- name: Create edgegallery-mepm-secret secret with common pwd - # yamllint disable rule:line-length - command: kubectl create secret generic edgegallery-mepm-secret --from-file=postgres_init.sql=/tmp/eg_mecm-mepm/deploy/conf/keys/postgres_init.sql --from-literal=postgresPassword={{ vardata.common_pwd.name}} --from-literal=postgresLcmCntlrPassword={{ vardata.common_pwd.name}} --from-literal=postgresk8sPluginPassword={{ vardata.common_pwd.name}} - # yamllint disable rule:line-length - when: comm_pwd != "" - -- name: Create edgegallery-mepm-secret secret - # yamllint disable rule:line-length - command: kubectl create secret generic edgegallery-mepm-secret --from-file=postgres_init.sql=/tmp/eg_mecm-mepm/deploy/conf/keys/postgres_init.sql --from-literal=postgresPassword={{ vardata.mecm_mepm_postgresPassword.name}} --from-literal=postgresLcmCntlrPassword={{ vardata.mecm_mepm_postgresLcmCntlrPassword.name}} --from-literal=postgresk8sPluginPassword={{ vardata.mecm_mepm_postgresk8sPluginPassword.name}} - # yamllint disable rule:line-length - when: comm_pwd == "" - -- name: Create mepm service account - command: kubectl apply -f /tmp/eg_mecm-mepm/deploy/conf/manifest/mepm/mepm-service-account.yaml - args: - chdir: /tmp/eg_mecm-mepm/deploy/ - -- name: Install mecm-mepm - # yamllint disable rule:line-length - command: helm install mecm-mepm-edgegaller edgegallery/mecm-mepm --set jwt.publicKeySecretName=mecm-mepm-jwt-public-secret --set mepm.secretName=edgegallery-mepm-secret --set ssl.secretName=mecm-mepm-ssl-secret --set images.lcmcontroller.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/mecm-applcm --set images.k8splugin.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/mecm-applcm-k8splugin --set images.postgres.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/postgres --set images.lcmcontroller.tag={{ vardata.eg_image_tag.name}} --set images.k8splugin.tag={{ vardata.eg_image_tag.name}} --set images.postgres.tag=12.3 --set images.lcmcontroller.pullPolicy=IfNotPresent --set images.k8splugin.pullPolicy=IfNotPresent --set images.postgres.pullPolicy=IfNotPresent - # yamllint disable rule:line-length diff --git a/ocd/infra/playbooks/roles/eg_mecm-mepm/tasks/main.yml b/ocd/infra/playbooks/roles/eg_mecm-mepm/tasks/main.yml deleted file mode 100644 index 7faf1bd..0000000 --- a/ocd/infra/playbooks/roles/eg_mecm-mepm/tasks/main.yml +++ /dev/null @@ -1,26 +0,0 @@ -# -# Copyright 2020 Huawei Technologies Co., Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - ---- - -# tasks file for eg_mecm-mepm -- include: "install.yml" - static: false - when: operation == 'install' - -- include: "uninstall.yml" - static: false - when: operation == 'uninstall' diff --git a/ocd/infra/playbooks/roles/eg_mecm-mepm/tasks/uninstall.yml b/ocd/infra/playbooks/roles/eg_mecm-mepm/tasks/uninstall.yml deleted file mode 100644 index 4ee0c36..0000000 --- a/ocd/infra/playbooks/roles/eg_mecm-mepm/tasks/uninstall.yml +++ /dev/null @@ -1,30 +0,0 @@ -# -# Copyright 2020 Huawei Technologies Co., Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - ---- - -- name: Mecm mepm jwt delete - # yamllint disable rule:line-length - command: kubectl delete secret mecm-mepm-jwt-public-secret mecm-mepm-ssl-secret edgegallery-mepm-secret - # yamllint disable rule:line-length - ignore_errors: yes - no_log: True - -- name: Delete mep-service-account - # yamllint disable rule:line-length - command: kubectl delete -f /tmp/eg_mecm-mepm/deploy/conf/manifest/mepm/mepm-service-account.yaml - ignore_errors: yes - no_log: True diff --git a/ocd/infra/playbooks/roles/eg_mep/files/deploy/conf/edge/metallb/config-map.yaml b/ocd/infra/playbooks/roles/eg_mep/files/deploy/conf/edge/metallb/config-map.yaml deleted file mode 100644 index f913463..0000000 --- a/ocd/infra/playbooks/roles/eg_mep/files/deploy/conf/edge/metallb/config-map.yaml +++ /dev/null @@ -1,27 +0,0 @@ -# -# Copyright 2020 Huawei Technologies Co., Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: metallb-system - name: config -data: - config: | - address-pools: - - name: address-pool-1 - protocol: layer2 - addresses: - - 192.168.100.120/32 diff --git a/ocd/infra/playbooks/roles/eg_mep/files/deploy/conf/edge/metallb/metallb.yaml b/ocd/infra/playbooks/roles/eg_mep/files/deploy/conf/edge/metallb/metallb.yaml deleted file mode 100644 index 8594115..0000000 --- a/ocd/infra/playbooks/roles/eg_mep/files/deploy/conf/edge/metallb/metallb.yaml +++ /dev/null @@ -1,406 +0,0 @@ -# -# Copyright 2020 Huawei Technologies Co., Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - labels: - app: metallb - name: controller - namespace: metallb-system -spec: - allowPrivilegeEscalation: false - allowedCapabilities: [] - allowedHostPaths: [] - defaultAddCapabilities: [] - defaultAllowPrivilegeEscalation: false - fsGroup: - ranges: - - max: 65535 - min: 1 - rule: MustRunAs - hostIPC: false - hostNetwork: false - hostPID: false - privileged: false - readOnlyRootFilesystem: true - requiredDropCapabilities: - - ALL - runAsUser: - ranges: - - max: 65535 - min: 1 - rule: MustRunAs - seLinux: - rule: RunAsAny - supplementalGroups: - ranges: - - max: 65535 - min: 1 - rule: MustRunAs - volumes: - - configMap - - secret - - emptyDir ---- -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - labels: - app: metallb - name: speaker - namespace: metallb-system -spec: - allowPrivilegeEscalation: false - allowedCapabilities: - - NET_ADMIN - - NET_RAW - - SYS_ADMIN - allowedHostPaths: [] - defaultAddCapabilities: [] - defaultAllowPrivilegeEscalation: false - fsGroup: - rule: RunAsAny - hostIPC: false - hostNetwork: true - hostPID: false - hostPorts: - - max: 7472 - min: 7472 - privileged: true - readOnlyRootFilesystem: true - requiredDropCapabilities: - - ALL - runAsUser: - rule: RunAsAny - seLinux: - rule: RunAsAny - supplementalGroups: - rule: RunAsAny - volumes: - - configMap - - secret - - emptyDir ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app: metallb - name: controller - namespace: metallb-system ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app: metallb - name: speaker - namespace: metallb-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app: metallb - name: metallb-system:controller -rules: - - apiGroups: - - '' - resources: - - services - verbs: - - get - - list - - watch - - update - - apiGroups: - - '' - resources: - - services/status - verbs: - - update - - apiGroups: - - '' - resources: - - events - verbs: - - create - - patch - - apiGroups: - - policy - resourceNames: - - controller - resources: - - podsecuritypolicies - verbs: - - use ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app: metallb - name: metallb-system:speaker -rules: - - apiGroups: - - '' - resources: - - services - - endpoints - - nodes - verbs: - - get - - list - - watch - - apiGroups: - - '' - resources: - - events - verbs: - - create - - patch - - apiGroups: - - policy - resourceNames: - - speaker - resources: - - podsecuritypolicies - verbs: - - use ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app: metallb - name: config-watcher - namespace: metallb-system -rules: - - apiGroups: - - '' - resources: - - configmaps - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app: metallb - name: pod-lister - namespace: metallb-system -rules: - - apiGroups: - - '' - resources: - - pods - verbs: - - list ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app: metallb - name: metallb-system:controller -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: metallb-system:controller -subjects: - - kind: ServiceAccount - name: controller - namespace: metallb-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app: metallb - name: metallb-system:speaker -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: metallb-system:speaker -subjects: - - kind: ServiceAccount - name: speaker - namespace: metallb-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app: metallb - name: config-watcher - namespace: metallb-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: config-watcher -subjects: - - kind: ServiceAccount - name: controller - - kind: ServiceAccount - name: speaker ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app: metallb - name: pod-lister - namespace: metallb-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: pod-lister -subjects: - - kind: ServiceAccount - name: speaker ---- -apiVersion: apps/v1 -kind: DaemonSet -metadata: - labels: - app: metallb - component: speaker - name: speaker - namespace: metallb-system -spec: - selector: - matchLabels: - app: metallb - component: speaker - template: - metadata: - annotations: - prometheus.io/port: '7472' - prometheus.io/scrape: 'true' - labels: - app: metallb - component: speaker - spec: - containers: - - args: - - --port=7472 - - --config=config - env: - - name: METALLB_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: METALLB_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: METALLB_ML_BIND_ADDR - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: METALLB_ML_LABELS - value: "app=metallb,component=speaker" - - name: METALLB_ML_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: METALLB_ML_SECRET_KEY - valueFrom: - secretKeyRef: - name: memberlist - key: secretkey - image: metallb/speaker:v0.9.3 - imagePullPolicy: IfNotPresent - name: speaker - ports: - - containerPort: 7472 - name: monitoring - resources: - limits: - cpu: 100m - memory: 100Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - add: - - NET_ADMIN - - NET_RAW - - SYS_ADMIN - drop: - - ALL - readOnlyRootFilesystem: true - hostNetwork: true - nodeSelector: - beta.kubernetes.io/os: linux - serviceAccountName: speaker - terminationGracePeriodSeconds: 2 - tolerations: - - effect: NoSchedule - key: node-role.kubernetes.io/master ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: metallb - component: controller - name: controller - namespace: metallb-system -spec: - revisionHistoryLimit: 3 - selector: - matchLabels: - app: metallb - component: controller - template: - metadata: - annotations: - prometheus.io/port: '7472' - prometheus.io/scrape: 'true' - labels: - app: metallb - component: controller - spec: - containers: - - args: - - --port=7472 - - --config=config - image: metallb/controller:v0.9.3 - imagePullPolicy: IfNotPresent - name: controller - ports: - - containerPort: 7472 - name: monitoring - resources: - limits: - cpu: 100m - memory: 100Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - all - readOnlyRootFilesystem: true - nodeSelector: - beta.kubernetes.io/os: linux - securityContext: - runAsNonRoot: true - runAsUser: 65534 - serviceAccountName: controller - terminationGracePeriodSeconds: 0 diff --git a/ocd/infra/playbooks/roles/eg_mep/files/deploy/conf/edge/metallb/namespace.yaml b/ocd/infra/playbooks/roles/eg_mep/files/deploy/conf/edge/metallb/namespace.yaml deleted file mode 100644 index d090488..0000000 --- a/ocd/infra/playbooks/roles/eg_mep/files/deploy/conf/edge/metallb/namespace.yaml +++ /dev/null @@ -1,21 +0,0 @@ -# -# Copyright 2020 Huawei Technologies Co., Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -apiVersion: v1 -kind: Namespace -metadata: - name: metallb-system - labels: - app: metallb diff --git a/ocd/infra/playbooks/roles/eg_mep/files/deploy/conf/edge/network-isolation/eg-sp-controller.yaml b/ocd/infra/playbooks/roles/eg_mep/files/deploy/conf/edge/network-isolation/eg-sp-controller.yaml deleted file mode 100644 index 95fd455..0000000 --- a/ocd/infra/playbooks/roles/eg_mep/files/deploy/conf/edge/network-isolation/eg-sp-controller.yaml +++ /dev/null @@ -1,28 +0,0 @@ -# -# Copyright 2020 Huawei Technologies Co., Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -kind: Pod -apiVersion: v1 -metadata: - name: edgegallery-secondary-ep-controller - namespace: kube-system -spec: - serviceAccount: edgegallery-secondary-ep-controller - containers: - - name: edgegallery-secondary-ep-controller - image: edgegallery/edgegallery-secondary-ep-controller:latest - imagePullPolicy: IfNotPresent - command: ["/bin/sh", "-c", "--"] - args: ["edgegallery-secondary-ep-controller"] diff --git a/ocd/infra/playbooks/roles/eg_mep/files/deploy/conf/edge/network-isolation/eg-sp-rbac.yaml b/ocd/infra/playbooks/roles/eg_mep/files/deploy/conf/edge/network-isolation/eg-sp-rbac.yaml deleted file mode 100644 index aa0fa63..0000000 --- a/ocd/infra/playbooks/roles/eg_mep/files/deploy/conf/edge/network-isolation/eg-sp-rbac.yaml +++ /dev/null @@ -1,49 +0,0 @@ -# -# Copyright 2020 Huawei Technologies Co., Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -kind: ServiceAccount -apiVersion: v1 -metadata: - name: edgegallery-secondary-ep-controller - namespace: kube-system ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: multi-ip-controller -rules: - - apiGroups: [""] - resources: ["services", "pods"] - verbs: ["get", "watch", "list"] - - apiGroups: [""] - resources: ["endpoints", "events"] - verbs: ["*"] - - apiGroups: ["k8s.cni.cncf.io"] - resources: ["network-attachment-definitions"] - verbs: ["*"] ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: watch-update-secondary-endpoints -subjects: - - kind: ServiceAccount - name: edgegallery-secondary-ep-controller - namespace: kube-system -roleRef: - kind: ClusterRole - name: multi-ip-controller - apiGroup: rbac.authorization.k8s.io diff --git a/ocd/infra/playbooks/roles/eg_mep/files/deploy/conf/edge/network-isolation/multus.yaml b/ocd/infra/playbooks/roles/eg_mep/files/deploy/conf/edge/network-isolation/multus.yaml deleted file mode 100644 index 20a6016..0000000 --- a/ocd/infra/playbooks/roles/eg_mep/files/deploy/conf/edge/network-isolation/multus.yaml +++ /dev/null @@ -1,358 +0,0 @@ -# -# Copyright 2020 Huawei Technologies Co., Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: network-attachment-definitions.k8s.cni.cncf.io -spec: - group: k8s.cni.cncf.io - scope: Namespaced - names: - plural: network-attachment-definitions - singular: network-attachment-definition - kind: NetworkAttachmentDefinition - shortNames: - - net-attach-def - versions: - - name: v1 - served: true - storage: true - schema: - openAPIV3Schema: - # yamllint disable rule:line-length - description: 'NetworkAttachmentDefinition is a CRD schema specified by the Network Plumbing - Working Group to express the intent for attaching pods to one or more logical or physical - networks. More information available at: https://github.com/k8snetworkplumbingwg/multi-net-spec' - # yamllint disable rule:line-length - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this represen - tation of an object. Servers should convert recognized schemas to the - latest internal value, and may reject unrecognized values. More info: - https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'NetworkAttachmentDefinition spec defines the desired state of a network attachment' - type: object - properties: - config: - description: 'NetworkAttachmentDefinition config is a JSON-formatted CNI configuration' - type: string ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: multus -rules: - - apiGroups: ["k8s.cni.cncf.io"] - resources: - - '*' - verbs: - - '*' - - apiGroups: - - "" - resources: - - pods - - pods/status - verbs: - - get - - update - - apiGroups: - - "" - - events.k8s.io - resources: - - events - verbs: - - create - - patch - - update ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: multus -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: multus -subjects: - - kind: ServiceAccount - name: multus - namespace: kube-system ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: multus - namespace: kube-system ---- -kind: ConfigMap -apiVersion: v1 -metadata: - name: multus-cni-config - namespace: kube-system - labels: - tier: node - app: multus -data: - # NOTE: If you'd prefer to manually apply a configuration file, you may create one here. - # In the case you'd like to customize the Multus installation, you should change the arguments to the Multus pod - # change the "args" line below from - # - "--multus-conf-file=auto" - # to: - # "--multus-conf-file=/tmp/multus-conf/70-multus.conf" - # Additionally -- you should ensure that the name "70-multus.conf" is the alphabetically first name in the - # /etc/cni/net.d/ directory on each node, otherwise, it will not be used by the Kubelet. - cni-conf.json: | - { - "name": "multus-cni-network", - "type": "multus", - "capabilities": { - "portMappings": true - }, - "delegates": [ - { - "cniVersion": "0.3.1", - "name": "default-cni-network", - "plugins": [ - { - "type": "flannel", - "name": "flannel.1", - "delegate": { - "isDefaultGateway": true, - "hairpinMode": true - } - }, - { - "type": "portmap", - "capabilities": { - "portMappings": true - } - } - ] - } - ], - "kubeconfig": "/etc/cni/net.d/multus.d/multus.kubeconfig" - } ---- -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: kube-multus-ds-amd64 - namespace: kube-system - labels: - tier: node - app: multus - name: multus -spec: - selector: - matchLabels: - name: multus - updateStrategy: - type: RollingUpdate - template: - metadata: - labels: - tier: node - app: multus - name: multus - spec: - hostNetwork: true - nodeSelector: - kubernetes.io/arch: amd64 - tolerations: - - operator: Exists - effect: NoSchedule - serviceAccountName: multus - containers: - - name: kube-multus - image: docker.io/nfvpe/multus:stable - command: ["/entrypoint.sh"] - args: - - "--multus-conf-file=auto" - - "--cni-version=0.3.1" - resources: - requests: - cpu: "100m" - memory: "50Mi" - limits: - cpu: "100m" - memory: "50Mi" - securityContext: - privileged: true - volumeMounts: - - name: cni - mountPath: /host/etc/cni/net.d - - name: cnibin - mountPath: /host/opt/cni/bin - - name: multus-cfg - mountPath: /tmp/multus-conf - volumes: - - name: cni - hostPath: - path: /etc/cni/net.d - - name: cnibin - hostPath: - path: /opt/cni/bin - - name: multus-cfg - configMap: - name: multus-cni-config - items: - - key: cni-conf.json - path: 70-multus.conf ---- -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: kube-multus-ds-ppc64le - namespace: kube-system - labels: - tier: node - app: multus - name: multus -spec: - selector: - matchLabels: - name: multus - updateStrategy: - type: RollingUpdate - template: - metadata: - labels: - tier: node - app: multus - name: multus - spec: - hostNetwork: true - nodeSelector: - kubernetes.io/arch: ppc64le - tolerations: - - operator: Exists - effect: NoSchedule - serviceAccountName: multus - containers: - - name: kube-multus - # ppc64le support requires multus:latest for now. support 3.3 or later. - image: docker.io/nfvpe/multus:stable-ppc64le - command: ["/entrypoint.sh"] - args: - - "--multus-conf-file=auto" - - "--cni-version=0.3.1" - resources: - requests: - cpu: "100m" - memory: "90Mi" - limits: - cpu: "100m" - memory: "90Mi" - securityContext: - privileged: true - volumeMounts: - - name: cni - mountPath: /host/etc/cni/net.d - - name: cnibin - mountPath: /host/opt/cni/bin - - name: multus-cfg - mountPath: /tmp/multus-conf - volumes: - - name: cni - hostPath: - path: /etc/cni/net.d - - name: cnibin - hostPath: - path: /opt/cni/bin - - name: multus-cfg - configMap: - name: multus-cni-config - items: - - key: cni-conf.json - path: 70-multus.conf ---- -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: kube-multus-ds-arm64v8 - namespace: kube-system - labels: - tier: node - app: multus - name: multus -spec: - selector: - matchLabels: - name: multus - updateStrategy: - type: RollingUpdate - template: - metadata: - labels: - tier: node - app: multus - name: multus - spec: - hostNetwork: true - nodeSelector: - kubernetes.io/arch: arm64 - tolerations: - - operator: Exists - effect: NoSchedule - serviceAccountName: multus - containers: - - name: kube-multus - image: docker.io/nfvpe/multus:stable-arm64v8 - command: ["/entrypoint.sh"] - args: - - "--multus-conf-file=auto" - - "--cni-version=0.3.1" - resources: - requests: - cpu: "100m" - memory: "90Mi" - limits: - cpu: "100m" - memory: "90Mi" - securityContext: - privileged: true - volumeMounts: - - name: cni - mountPath: /host/etc/cni/net.d - - name: cnibin - mountPath: /host/opt/cni/bin - - name: multus-cfg - mountPath: /tmp/multus-conf - volumes: - - name: cni - hostPath: - path: /etc/cni/net.d - - name: cnibin - hostPath: - path: /opt/cni/bin - - name: multus-cfg - configMap: - name: multus-cni-config - items: - - key: cni-conf.json - path: 70-multus.conf diff --git a/ocd/infra/playbooks/roles/eg_mep/tasks/install.yml b/ocd/infra/playbooks/roles/eg_mep/tasks/install.yml deleted file mode 100644 index f33094d..0000000 --- a/ocd/infra/playbooks/roles/eg_mep/tasks/install.yml +++ /dev/null @@ -1,273 +0,0 @@ -# Copyright 2020 Huawei Technologies Co., Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - ---- - -- name: Doing deployment setup for edge gallery - copy: - src: deploy - dest: /tmp/eg_mep/ - -- name: Import config file - include_vars: - file: ../../../config.yml - name: vardata - -- name: Set a variable - ansible.builtin.set_fact: - comm_pwd: "{{ vardata.common_pwd.name }}" - -- name: Remove old dir - command: rm -rf /tmp/.mep_tmp_cer - args: - chdir: /tmp/ - -- name: Make dir - command: mkdir -p /tmp/.mep_tmp_cer - args: - chdir: /tmp/ - -- name: Openssl genrsa - command: openssl genrsa -out ca.key 2048 - args: - chdir: /tmp/.mep_tmp_cer/ - -- name: Opnessl req - # yamllint disable rule:line-length - command: openssl req -new -key ca.key -subj /C=CN/ST=Peking/L=Beijing/O=edgegallery/CN=edgegallery -out ca.csr - # yamllint disable rule:line-length - args: - chdir: /tmp/.mep_tmp_cer/ - -- name: Sing key with ca key and ca crt - # yamllint disable rule:line-length - command: openssl x509 -req -days 365 -in ca.csr -extensions v3_ca -signkey ca.key -out ca.crt - # yamllint disable rule:line-length - args: - chdir: /tmp/.mep_tmp_cer/ - -- name: Openssl genrsa - command: openssl genrsa -out mepserver_tls.key 2048 - args: - chdir: /tmp/.mep_tmp_cer/ - -- name: Openssl rsa mep tls with common pwd - # yamllint disable rule:line-length - command: openssl rsa -in /tmp/.mep_tmp_cer/mepserver_tls.key -aes256 -passout pass:{{ vardata.common_pwd.name}} -out /tmp/.mep_tmp_cer/mepserver_encryptedtls.key - # yamllint disable rule:line-length - when: comm_pwd != "" - -- name: Openssl rsa mep tls - # yamllint disable rule:line-length - command: openssl rsa -in /tmp/.mep_tmp_cer/mepserver_tls.key -aes256 -passout pass:{{ vardata.mep_cert_pwd.name}} -out /tmp/.mep_tmp_cer/mepserver_encryptedtls.key - # yamllint disable rule:line-length - when: comm_pwd == "" - -- name: Openssl req new key mepserver tls key - # yamllint disable rule:line-length - command: openssl req -new -key mepserver_tls.key -subj /C=CN/ST=Beijing/L=Beijing/O=edgegallery/CN=edgegallery -out mepserver_tls.csr - # yamllint disable rule:line-length - args: - chdir: /tmp/.mep_tmp_cer/ - -- name: Openssl mepserver tls csr - # yamllint disable rule:line-length - command: openssl x509 -req -in mepserver_tls.csr -extensions v3_req -CA ca.crt -CAkey ca.key -CAcreateserial -out mepserver_tls.crt - # yamllint disable rule:line-length - args: - chdir: /tmp/.mep_tmp_cer/ - -- name: Openssl genrsa out - command: openssl genrsa -out jwt_privatekey 2048 - args: - chdir: /tmp/.mep_tmp_cer/ - -- name: Openssl rsa jwt privatekey - command: openssl rsa -in jwt_privatekey -pubout -out jwt_publickey - args: - chdir: /tmp/.mep_tmp_cer/ - -- name: Openssl rsa in jwt with common pwd - # yamllint disable rule:line-length - command: openssl rsa -in /tmp/.mep_tmp_cer/jwt_privatekey -aes256 -passout pass:{{ vardata.common_pwd.name}} -out /tmp/.mep_tmp_cer/jwt_encrypted_privatekey - ignore_errors: yes - no_log: True - # yamllint disable rule:line-length - when: comm_pwd != "" - -- name: Openssl rsa in jwt - # yamllint disable rule:line-length - command: openssl rsa -in /tmp/.mep_tmp_cer/jwt_privatekey -aes256 -passout pass:{{ vardata.mep_cert_pwd.name}} -out /tmp/.mep_tmp_cer/jwt_encrypted_privatekey - # yamllint disable rule:line-length - ignore_errors: yes - no_log: True - when: comm_pwd == "" - -- name: Create mep namespace - command: kubectl create ns mep - args: - chdir: /tmp/ - -- name: Create generic pg secret with common pwd - # yamllint disable rule:line-length - command: kubectl -n mep create secret generic pg-secret --from-literal=pg_admin_pwd={{ vardata.common_pwd.name}} --from-literal=kong_pg_pwd={{ vardata.mep_kong_pg_pwd.name}} - --from-file=server.key=/tmp/.mep_tmp_cer/mepserver_tls.key --from-file=server.crt=/tmp/.mep_tmp_cer/mepserver_tls.crt - ignore_errors: yes - no_log: True - # yamllint disable rule:line-length - when: comm_pwd != "" - -- name: Create generic pg secret - # yamllint disable rule:line-length - command: kubectl -n mep create secret generic pg-secret --from-literal=pg_admin_pwd={{ vardata.mep_pg_admin_pwd.name}} --from-literal=kong_pg_pwd={{ vardata.mep_kong_pg_pwd.name}} - --from-file=server.key=/tmp/.mep_tmp_cer/mepserver_tls.key --from-file=server.crt=/tmp/.mep_tmp_cer/mepserver_tls.crt - ignore_errors: yes - no_log: True - # yamllint disable rule:line-length - when: comm_pwd == "" - -- name: Create mep generic for mep ssl with common pwd - # yamllint disable rule:line-length - command: kubectl -n mep create secret generic mep-ssl --from-literal=cert_pwd={{ vardata.common_pwd.name}} --from-file=server.cer=/tmp/.mep_tmp_cer/mepserver_tls.crt - --from-file=server_key.pem=/tmp/.mep_tmp_cer/mepserver_encryptedtls.key --from-file=trust.cer=/tmp/.mep_tmp_cer/ca.crt - ignore_errors: yes - no_log: True - # yamllint disable rule:line-length - when: comm_pwd != "" - -- name: Create mep generic for mep ssl - # yamllint disable rule:line-length - command: kubectl -n mep create secret generic mep-ssl --from-literal=cert_pwd={{ vardata.mep_cert_pwd.name}} --from-file=server.cer=/tmp/.mep_tmp_cer/mepserver_tls.crt - --from-file=server_key.pem=/tmp/.mep_tmp_cer/mepserver_encryptedtls.key --from-file=trust.cer=/tmp/.mep_tmp_cer/ca.crt - # yamllint disable rule:line-length - when: comm_pwd == "" - -- name: Create mep seret generic - # yamllint disable rule:line-length - command: kubectl -n mep create secret generic mepauth-secret --from-file=server.crt=/tmp/.mep_tmp_cer/mepserver_tls.crt --from-file=server.key=/tmp/.mep_tmp_cer/mepserver_tls.key - --from-file=ca.crt=/tmp/.mep_tmp_cer/ca.crt --from-file=jwt_publickey=/tmp/.mep_tmp_cer/jwt_publickey --from-file=jwt_encrypted_privatekey=/tmp/.mep_tmp_cer/jwt_encrypted_privatekey - # yamllint disable rule:line-length - args: - chdir: /tmp/ - -- name: Remove directory - command: rm -rf /tmp/.mep_tmp_cer - args: - chdir: /tmp/ - -- debug: - msg: Deploy_dns_metallb execution start - -- name: Eg_Mep deployment execution of namesapce - command: kubectl apply -f /tmp/eg_mep/deploy/conf/edge/metallb/namespace.yaml - args: - chdir: /tmp/eg_mep/deploy/ - -- name: Eg_Mep deployment execution of metallb - command: kubectl apply -f /tmp/eg_mep/deploy/conf/edge/metallb/metallb.yaml - args: - chdir: /tmp/eg_mep/deploy/ - -- name: Eg_Mep deployment create secret - # yamllint disable rule:line-length - command: kubectl create secret generic -n metallb-system memberlist --from-literal=secretkey="$(openssl rand -base64 128)" - # yamllint disable rule:line-length - args: - chdir: /tmp/eg_mep/deploy/ - -- name: Eg_Mep deployment execution of config-mep - command: kubectl apply -f /tmp/eg_mep/deploy/conf/edge/metallb/config-map.yaml - args: - chdir: /tmp/eg_mep/deploy/ - -- debug: - msg: Deploy_network_isolation_multus execution start - -- name: Running multus yaml files - command: kubectl apply -f /tmp/eg_mep/deploy/conf/edge/network-isolation/multus.yaml - args: - chdir: /tmp/eg_mep/deploy/ - -- name: Running eg-sp-rbac yaml files - command: kubectl apply -f /tmp/eg_mep/deploy/conf/edge/network-isolation/eg-sp-rbac.yaml - args: - chdir: /tmp/eg_mep/deploy/ - -- name: Replacing image - replace: - path: /tmp/eg_mep/deploy/conf/edge/network-isolation/eg-sp-controller.yaml - regexp: 'edgegallery/edgegallery-secondary-ep-controller:latest' - replace: "{{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/edgegallery-secondary-ep-controller:latest" - -- name: Running eg-sp-controller yaml files - # yamllint disable rule:line-length - command: kubectl apply -f /tmp/eg_mep/deploy/conf/edge/network-isolation/eg-sp-controller.yaml - args: - chdir: /tmp/eg_mep/deploy/ - -- debug: - msg: Setup_interfaces execution start - -- name: Link eg mep macvlan - # yamllint disable rule:line-length - command: ip link add eg-mp1 link {{ vardata.edge_management_interface.name}} type macvlan mode bridge - args: - chdir: /tmp/eg_mep/deploy/ - ignore_errors: yes - no_log: True - -- name: Link eg mep macvlan - command: ip addr add {{ vardata.eg-management-address.name}} dev eg-mp1 - args: - chdir: /tmp/eg_mep/deploy/ - ignore_errors: yes - no_log: True - -- name: Link eg me1 up - command: ip link set dev eg-mp1 up - args: - chdir: /tmp/eg_mep/deploy/ - ignore_errors: yes - no_log: True - -- name: Link eg eg mm5 with eth1 - # yamllint disable rule:line-length - command: ip link add eg-mm5 link {{ vardata.edge_dataplane_interface.name}} type macvlan mode bridge - args: - chdir: /tmp/eg_mep/deploy/ - ignore_errors: yes - no_log: True - -- name: Link eg eg mm5 ip addr - command: ip addr add {{ vardata.eg-dataplane-address.name}} dev eg-mm5 - args: - chdir: /tmp/eg_mep/deploy/ - ignore_errors: yes - no_log: True - -- name: Link eg eg mm5 set dev - command: ip link set dev eg-mm5 up - args: - chdir: /tmp/eg_mep/deploy/ - ignore_errors: yes - no_log: True - -- debug: - msg: Pull helm repo start - -- name: Edge gallery mep installation pull chart and image - # yamllint disable rule:line-length - command: helm install mep-edgegallery edgegallery/mep --set networkIsolation.phyInterface.mp1={{ vardata.edge_management_interface.name}} --set networkIsolation.phyInterface.mm5={{ vardata.edge_dataplane_interface.name}} --set images.mep.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/mep --set images.mepauth.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/mepauth --set images.dns.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/mep-dns-server --set images.kong.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/kong --set images.postgres.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/postgres --set images.mep.tag={{ vardata.eg_image_tag.name}} --set images.mepauth.tag={{ vardata.eg_image_tag.name}} --set images.dns.tag={{ vardata.eg_image_tag.name}} --set images.mep.pullPolicy=IfNotPresent --set images.mepauth.pullPolicy=IfNotPresent --set images.dns.pullPolicy=IfNotPresent --set images.kong.pullPolicy=IfNotPresent --set images.postgres.pullPolicy=IfNotPresent --set ssl.secretName=mep-ssl - # yamllint disable rule:line-length diff --git a/ocd/infra/playbooks/roles/eg_mep/tasks/main.yml b/ocd/infra/playbooks/roles/eg_mep/tasks/main.yml deleted file mode 100644 index 70416a7..0000000 --- a/ocd/infra/playbooks/roles/eg_mep/tasks/main.yml +++ /dev/null @@ -1,26 +0,0 @@ -# -# Copyright 2020 Huawei Technologies Co., Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - ---- - -# tasks file for eg_mep -- include: "install.yml" - static: false - when: operation == 'install' - -- include: "uninstall.yml" - static: false - when: operation == 'uninstall' diff --git a/ocd/infra/playbooks/roles/eg_mep/tasks/uninstall.yml b/ocd/infra/playbooks/roles/eg_mep/tasks/uninstall.yml deleted file mode 100644 index 3cf66ef..0000000 --- a/ocd/infra/playbooks/roles/eg_mep/tasks/uninstall.yml +++ /dev/null @@ -1,107 +0,0 @@ -# Copyright 2020 Huawei Technologies Co., Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - ---- - -- name: Uninstall ssl config mep helm chart - command: helm uninstall mep-edgegallery - ignore_errors: yes - no_log: True - -- name: Delete ssl config pg secret - command: kubectl delete secret pg-secret -n mep - ignore_errors: yes - no_log: True - -- name: Delete ssl config mep ssl - command: kubectl delete secret mep-ssl -n mep - ignore_errors: yes - no_log: True - -- name: Delete ssl config mep mep auth - command: kubectl delete secret mepauth-secret -n mep - ignore_errors: yes - no_log: True - -- name: Delete dns namesapce metallb - command: kubectl delete secret memberlist -n metallb-system - ignore_errors: yes - no_log: True - -- name: Delete ssl config namesapce mep - command: kubectl delete ns mep - ignore_errors: yes - no_log: True - -- name: Delete network isolation multus eg sp controller - # yamllint disable rule:line-length - command: kubectl delete -f /tmp/eg_mep/deploy/conf/edge/network-isolation/eg-sp-controller.yaml - ignore_errors: yes - no_log: True - -- name: Delete network isolation multus eg sp rbac - # yamllint disable rule:line-length - command: kubectl delete -f /tmp/eg_mep/deploy/conf/edge/network-isolation/eg-sp-rbac.yaml - ignore_errors: yes - no_log: True - -- name: Delete network isolation multus - # yamllint disable rule:line-length - command: kubectl delete -f /tmp/eg_mep/deploy/conf/edge/network-isolation/multus.yaml - ignore_errors: yes - no_log: True - -- name: Delete network isolation eg mp1 - command: ip link set dev eg-mp1 down - ignore_errors: yes - no_log: True - -- name: Delete nnetwork isolation eg mp1 link - command: ip link delete eg-mp1 - ignore_errors: yes - no_log: True - -- name: Delete network isolation eg mm5 - command: ip link set dev eg-mm5 down - ignore_errors: yes - no_log: True - -- name: Delete network isolation eg mm5 link - command: ip link delete eg-mm5 - ignore_errors: yes - no_log: True - -- name: Delete network isolation multus rm - command: rm -rf /opt/cni/bin/multus - ignore_errors: yes - no_log: True - -- name: Uninstall dns metallb config mep - # yamllint disable rule:line-length - command: kubectl delete -f /tmp/eg_mep/deploy/conf/edge/metallb/config-map.yaml - ignore_errors: yes - no_log: True - -- name: Delete dns metallb - # yamllint disable rule:line-length - command: kubectl delete -f /tmp/eg_mep/deploy/conf/edge/metallb/metallb.yaml - ignore_errors: yes - no_log: True - -- name: Delete dns metallb namespace - # yamllint disable rule:line-length - command: kubectl delete -f /tmp/eg_mep/deploy/conf/edge/metallb/namespace.yaml - ignore_errors: yes - no_log: True diff --git a/ocd/infra/playbooks/roles/eg_prerequisite/files/deploy/eg_daemon.sh b/ocd/infra/playbooks/roles/eg_prerequisite/files/deploy/eg_daemon.sh deleted file mode 100644 index 61842b2..0000000 --- a/ocd/infra/playbooks/roles/eg_prerequisite/files/deploy/eg_daemon.sh +++ /dev/null @@ -1,25 +0,0 @@ -#!/bin/bash - -function _help_insecure_registry() -{ - grep -i "insecure-registries" /etc/docker/daemon.json | grep "REGISTRIES_IP:REGISTRIES_PORT" >/dev/null 2>&1 - if [ $? != 0 ]; then - mkdir -p /etc/docker -cat </dev/null - if [ $? != 0 ]; then - cd "$TARBALL_PATH"/registry - docker load --input registry-2.tar.gz - docker run -d -p 5000:5000 --restart=always --name registry registry:2 - fi -} - -function _load_swr_images_and_push_to_private_registry() -{ - IP=REGISTRIES_IP - PORT="REGISTRIES_PORT" - cd "$TARBALL_PATH"/eg_swr_images - - for f in *.tar.gz; - do - cat $f | docker load - IMAGE_NAME=`echo $f|rev|cut -c8-|rev|sed -e "s/\#/:/g" | sed -e "s/\@/\//g"`; - docker image tag $IMAGE_NAME $IP:$PORT/$IMAGE_NAME - docker push $IP:$PORT/$IMAGE_NAME - done -} - -############################################################## -############################################ -function main(){ - _load_and_run_docker_registry - _load_swr_images_and_push_to_private_registry -} -######################################### -#skip main in case of source - main $@ -###################### diff --git a/ocd/infra/playbooks/roles/eg_registry/tasks/install.yml b/ocd/infra/playbooks/roles/eg_registry/tasks/install.yml deleted file mode 100644 index a57452a..0000000 --- a/ocd/infra/playbooks/roles/eg_registry/tasks/install.yml +++ /dev/null @@ -1,72 +0,0 @@ -# -# Copyright 2020 Huawei Technologies Co., Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - ---- - -- name: Doing deployment setup for edge gallery - copy: - src: deploy - dest: /tmp/eg_registry/ - mode: 750 - -- name: Import config file - include_vars: - file: ../../../config.yml - name: vardata - -- name: Download 0.9 tar -# yamllint disable rule:line-length - command: wget http://release.edgegallery.org/release/arm64/all/EdgeGallery-v0.9-all-arm64.tar.gz -# yamllint disable rule:line-length - args: - chdir: /tmp/eg_registry/deploy/ - when: ansible_architecture == 'aarch64' - -- name: Download 0.9 tar -# yamllint disable rule:line-length - command: wget http://release.edgegallery.org/release/x86/all/EdgeGallery-v0.9-all-x86.tar.gz -# yamllint disable rule:line-length - args: - chdir: /tmp/eg_registry/deploy/ - when: ansible_architecture == 'x86_64' - -- name: Untar the downloaded tar - command: tar -zxf EdgeGallery-v0.9-all-x86.tar.gz - args: - chdir: /tmp/eg_registry/deploy/ - when: ansible_architecture == 'x86_64' - -- name: Untar the downloaded tar - command: tar -zxf EdgeGallery-v0.9-all-arm64.tar.gz - args: - chdir: /tmp/eg_registry/deploy/ - when: ansible_architecture == 'aarch64' - -- name: Replacing private ip - replace: - path: /tmp/eg_registry/deploy/load-images.sh - regexp: 'REGISTRIES_IP' - replace: "{{ vardata.private_repo_ip.name }}" - -- name: Replacing private port - replace: - path: /tmp/eg_registry/deploy/load-images.sh - regexp: 'REGISTRIES_PORT' - replace: "{{ vardata.docker_registry_port.name }}" - -- name: Execute the script - shell: - cmd: /tmp/eg_registry/deploy/load-images.sh diff --git a/ocd/infra/playbooks/roles/eg_registry/tasks/main.yml b/ocd/infra/playbooks/roles/eg_registry/tasks/main.yml deleted file mode 100644 index 81aba29..0000000 --- a/ocd/infra/playbooks/roles/eg_registry/tasks/main.yml +++ /dev/null @@ -1,25 +0,0 @@ -# Copyright 2020 Huawei Technologies Co., Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - ---- - -# tasks file for eg_load-iamges -- include: "install.yml" - static: false - when: operation == 'install' - -- include: "uninstall.yml" - static: false - when: operation == 'uninstall' diff --git a/ocd/infra/playbooks/roles/eg_registry/tasks/uninstall.yml b/ocd/infra/playbooks/roles/eg_registry/tasks/uninstall.yml deleted file mode 100644 index 111b1e3..0000000 --- a/ocd/infra/playbooks/roles/eg_registry/tasks/uninstall.yml +++ /dev/null @@ -1,32 +0,0 @@ -# -# Copyright 2020 Huawei Technologies Co., Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - ---- - -- name: Stop registry - command: docker stop registry - ignore_errors: yes - no_log: True - -- name: Remove registry - command: docker rm -v registry - ignore_errors: yes - no_log: True - -- name: Remove tmp file - command: rm -rf /tmp/eg_registry - ignore_errors: yes - no_log: True diff --git a/ocd/infra/playbooks/roles/eg_secret/tasks/install.yml b/ocd/infra/playbooks/roles/eg_secret/tasks/install.yml deleted file mode 100644 index 60e6a1a..0000000 --- a/ocd/infra/playbooks/roles/eg_secret/tasks/install.yml +++ /dev/null @@ -1,28 +0,0 @@ -# -# Copyright 2020 Huawei Technologies Co., Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - ---- - -- name: Import config file - include_vars: - file: ../../../config.yml - name: vardata - -- name: Generate secret - # yamllint disable rule:line-length - command: kubectl create secret generic edgegallery-ssl-secret --from-file=keystore.p12=/tmp/ssl-eg-keys-certs/keystore.p12 --from-literal=keystorePassword={{ vardata.common_pwd.name}} --from-literal=keystoreType=PKCS12 --from-literal=keyAlias=edgegallery --from-file=trust.cer=/tmp/ssl-eg-keys-certs/ca.crt --from-file=server.cer=/tmp/ssl-eg-keys-certs/tls.crt --from-file=server_key.pem=/tmp/ssl-eg-keys-certs/encryptedtls.key --from-literal=cert_pwd={{ vardata.common_pwd.name}} - args: - chdir: /tmp/ssl-eg-keys-certs/ diff --git a/ocd/infra/playbooks/roles/eg_secret/tasks/main.yml b/ocd/infra/playbooks/roles/eg_secret/tasks/main.yml deleted file mode 100644 index bd61315..0000000 --- a/ocd/infra/playbooks/roles/eg_secret/tasks/main.yml +++ /dev/null @@ -1,26 +0,0 @@ -# -# Copyright 2020 Huawei Technologies Co., Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - ---- - -# tasks file for eg_secret -- include: "install.yml" - static: false - when: operation == 'install' - -- include: "uninstall.yml" - static: false - when: operation == 'uninstall' diff --git a/ocd/infra/playbooks/roles/eg_secret/tasks/uninstall.yml b/ocd/infra/playbooks/roles/eg_secret/tasks/uninstall.yml deleted file mode 100644 index ea33726..0000000 --- a/ocd/infra/playbooks/roles/eg_secret/tasks/uninstall.yml +++ /dev/null @@ -1,22 +0,0 @@ -# -# Copyright 2020 Huawei Technologies Co., Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - ---- - -- name: Delete edgegallery ssl secret - command: kubectl delete secret edgegallery-ssl-secret - ignore_errors: yes - no_log: True diff --git a/ocd/infra/playbooks/roles/eg_set-helm-repo/tasks/install.yml b/ocd/infra/playbooks/roles/eg_set-helm-repo/tasks/install.yml deleted file mode 100644 index 6e517b1..0000000 --- a/ocd/infra/playbooks/roles/eg_set-helm-repo/tasks/install.yml +++ /dev/null @@ -1,30 +0,0 @@ -# -# Copyright 2020 Huawei Technologies Co., Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - ---- - -- name: Import config file - include_vars: - file: ../../../config.yml - name: vardata - -- name: Helm repo add edgegallery - # yamllint disable rule:line-length - command: helm repo add edgegallery http://{{ vardata.private_repo_ip.name}}:8080/edgegallery - -- name: Helm repo add stable - # yamllint disable rule:line-length - command: helm repo add stable http://{{ vardata.private_repo_ip.name}}:8080/stable diff --git a/ocd/infra/playbooks/roles/eg_set-helm-repo/tasks/main.yml b/ocd/infra/playbooks/roles/eg_set-helm-repo/tasks/main.yml deleted file mode 100644 index 2c506fb..0000000 --- a/ocd/infra/playbooks/roles/eg_set-helm-repo/tasks/main.yml +++ /dev/null @@ -1,22 +0,0 @@ -# -# Copyright 2020 Huawei Technologies Co., Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - ---- - -# tasks file for eg_set-helm-repo -- include: "install.yml" - static: false - when: operation == 'install' diff --git a/ocd/infra/playbooks/roles/eg_trans_certs/tasks/install.yml b/ocd/infra/playbooks/roles/eg_trans_certs/tasks/install.yml deleted file mode 100644 index 2207631..0000000 --- a/ocd/infra/playbooks/roles/eg_trans_certs/tasks/install.yml +++ /dev/null @@ -1,25 +0,0 @@ -# -# Copyright 2020 Huawei Technologies Co., Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - ---- - -- name: Certificate copy - debug: - msg: Copy certificate from ocd to center and edge - -- synchronize: - src: /tmp/ssl-eg-keys-certs - dest: /tmp/ diff --git a/ocd/infra/playbooks/roles/eg_trans_certs/tasks/main.yml b/ocd/infra/playbooks/roles/eg_trans_certs/tasks/main.yml deleted file mode 100644 index f67a423..0000000 --- a/ocd/infra/playbooks/roles/eg_trans_certs/tasks/main.yml +++ /dev/null @@ -1,22 +0,0 @@ -# -# Copyright 2020 Huawei Technologies Co., Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - ---- - -# tasks file for eg_trans_certs -- include: "install.yml" - static: false - when: operation == 'install' diff --git a/ocd/infra/playbooks/roles/eg_user-mgmt/tasks/install.yml b/ocd/infra/playbooks/roles/eg_user-mgmt/tasks/install.yml deleted file mode 100644 index e215dab..0000000 --- a/ocd/infra/playbooks/roles/eg_user-mgmt/tasks/install.yml +++ /dev/null @@ -1,42 +0,0 @@ -# -# Copyright 2020 Huawei Technologies Co., Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - ---- - -- name: Import config file - include_vars: - file: ../../../config.yml - name: vardata - -- name: Set a variable - ansible.builtin.set_fact: - comm_pwd: "{{ vardata.common_pwd.name }}" - -- name: Create certificates for usermanagment with common pwd - # yamllint disable rule:line-length - command: kubectl create secret generic user-mgmt-jwt-secret --from-file=publicKey=/tmp/ssl-eg-keys-certs/rsa_public_key.pem --from-file=encryptedPrivateKey=/tmp/ssl-eg-keys-certs/encrypted_rsa_private_key.pem --from-literal=encryptPassword={{ vardata.common_pwd.name}} - # yamllint disable rule:line-length - when: comm_pwd != "" - -- name: Generating certificates for usermanagment - # yamllint disable rule:line-length - command: kubectl create secret generic user-mgmt-jwt-secret --from-file=publicKey=/tmp/ssl-eg-keys-certs/rsa_public_key.pem --from-file=encryptedPrivateKey=/tmp/ssl-eg-keys-certs/encrypted_rsa_private_key.pem --from-literal=encryptPassword={{ vardata.user_mgmt_encryptPassword.name}} - # yamllint disable rule:line-length - when: comm_pwd == "" - -- name: Install user-mgmt - # yamllint disable rule:line-length - command: helm install user-mgmt-edgegallery edgegallery/usermgmt --set global.oauth2.clients.appstore.clientUrl=https://{{ ansible_host }}:{{vardata.appstore_port.name}},global.oauth2.clients.developer.clientUrl=https://{{ ansible_host }}:{{vardata.developer_port.name}},global.oauth2.clients.mecm.clientUrl=https://{{ ansible_host }}:{{vardata.mecm_port.name}}, --set jwt.secretName=user-mgmt-jwt-secret --set images.usermgmt.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/user-mgmt --set images.postgres.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/postgres --set images.redis.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/redis --set images.initservicecenter.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/curl --set images.usermgmt.tag={{ vardata.eg_image_tag.name}} --set images.usermgmt.pullPolicy=IfNotPresent --set images.postgres.pullPolicy=IfNotPresent --set images.redis.pullPolicy=IfNotPresent --set images.initservicecenter.pullPolicy=IfNotPresent --set global.ssl.enabled=true --set global.ssl.secretName=edgegallery-ssl-secret diff --git a/ocd/infra/playbooks/roles/eg_user-mgmt/tasks/main.yml b/ocd/infra/playbooks/roles/eg_user-mgmt/tasks/main.yml deleted file mode 100644 index 6545b6a..0000000 --- a/ocd/infra/playbooks/roles/eg_user-mgmt/tasks/main.yml +++ /dev/null @@ -1,26 +0,0 @@ -# -# Copyright 2020 Huawei Technologies Co., Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - ---- - -# tasks file for eg_user-mgmt -- include: "install.yml" - static: false - when: operation == 'install' - -- include: "uninstall.yml" - static: false - when: operation == 'uninstall' diff --git a/ocd/infra/playbooks/roles/eg_user-mgmt/tasks/uninstall.yml b/ocd/infra/playbooks/roles/eg_user-mgmt/tasks/uninstall.yml deleted file mode 100644 index 60eb052..0000000 --- a/ocd/infra/playbooks/roles/eg_user-mgmt/tasks/uninstall.yml +++ /dev/null @@ -1,27 +0,0 @@ -# -# Copyright 2020 Huawei Technologies Co., Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - ---- - -- name: Uninstall user management - command: helm uninstall user-mgmt-edgegallery - ignore_errors: yes - no_log: True - -- name: Delete user-mgmt-jwt-secret - command: kubectl delete secret user-mgmt-jwt-secret - ignore_errors: yes - no_log: True diff --git a/ocd/infra/playbooks/roles/grafana/tasks/install.yml b/ocd/infra/playbooks/roles/grafana/tasks/install.yml index 46245cb..204b2bb 100644 --- a/ocd/infra/playbooks/roles/grafana/tasks/install.yml +++ b/ocd/infra/playbooks/roles/grafana/tasks/install.yml @@ -15,7 +15,7 @@ --- - name: check if grafana is already installed shell: - cmd: helm status mec-grafana + cmd: helm status grafana register: result ignore_errors: yes no_log: True @@ -30,10 +30,23 @@ # yamllint disable rule:line-length when: result.stdout == "" +- name: "INSTALL: Add Grafana Repo on x86" + shell: + cmd: helm repo add grafana https://grafana.github.io/helm-charts + when: result is failed and ansible_architecture == 'x86_64' + ignore_errors: yes + +- name: "INSTALL: Update helm repo" + shell: + cmd: helm repo update + when: result is failed and ansible_architecture == 'x86_64' + ignore_errors: yes + - name: "INSTALL: Install grafana on x86_64" shell: - cmd: helm install mec-grafana stable/grafana + cmd: helm install grafana grafana/grafana when: result is failed and ansible_architecture == 'x86_64' + ignore_errors: yes - name: "INSTALL: copy values.yaml to host" copy: @@ -43,5 +56,5 @@ - name: "INSTALL: Install grafana on aarch64" shell: - cmd: helm install mec-grafana stable/grafana -f /tmp/grafana/values.yaml + cmd: helm install grafana stable/grafana -f /tmp/grafana/values.yaml when: result is failed and ansible_architecture == 'aarch64' diff --git a/ocd/infra/playbooks/roles/grafana/tasks/uninstall.yml b/ocd/infra/playbooks/roles/grafana/tasks/uninstall.yml index 6f08c57..93a5be0 100644 --- a/ocd/infra/playbooks/roles/grafana/tasks/uninstall.yml +++ b/ocd/infra/playbooks/roles/grafana/tasks/uninstall.yml @@ -15,7 +15,7 @@ --- - name: check if grafana is installed before deleting shell: - cmd: helm status mec-grafana + cmd: helm status grafana register: result ignore_errors: yes no_log: True @@ -28,7 +28,12 @@ msg: Ignore Uninstall Log , Grafana not installed when: result.stdout == "" -- name: Uninstall grafana +- name: Uninstall grafana on arm shell: - cmd: helm uninstall mec-grafana - when: result is succeeded + cmd: helm uninstall grafana + when: result is succeeded and ansible_architecture == 'aarch64' + +- name: Uninstall grafana on x86 + shell: + cmd: helm uninstall grafana + when: result is succeeded and ansible_architecture == 'x86_64'