From 0825614e75114de20a3c7799087ad09739fd9b05 Mon Sep 17 00:00:00 2001 From: Arvind Patel Date: Thu, 23 Jul 2020 01:11:22 +0530 Subject: [PATCH] Added deployment conf for applcm Change-Id: Iad2e6f9081e13708c8fdbdfe371c8f24daf5df43 --- .../files/deploy/applcm-broker-deployment.yaml | 2 +- .../roles/applcm/files/deploy/applcmScript.sh | 23 ++++ .../playbooks/roles/applcm/tasks/install-ssl.yml | 120 +++++++++++++++++++++ ocd/infra/playbooks/roles/applcm/tasks/install.yml | 37 ------- ocd/infra/playbooks/roles/applcm/tasks/main.yml | 6 +- 5 files changed, 149 insertions(+), 39 deletions(-) create mode 100755 ocd/infra/playbooks/roles/applcm/files/deploy/applcmScript.sh create mode 100644 ocd/infra/playbooks/roles/applcm/tasks/install-ssl.yml diff --git a/ocd/infra/playbooks/roles/applcm/files/deploy/applcm-broker-deployment.yaml b/ocd/infra/playbooks/roles/applcm/files/deploy/applcm-broker-deployment.yaml index 21a2b6a..7d7bb00 100644 --- a/ocd/infra/playbooks/roles/applcm/files/deploy/applcm-broker-deployment.yaml +++ b/ocd/infra/playbooks/roles/applcm/files/deploy/applcm-broker-deployment.yaml @@ -65,7 +65,7 @@ spec: - name: PACKAGE_PATH value: /go/release/application/packages/ - name: APLCM_SSL_MODE - - value: false + value: false - name: CERTIFICATE_PATH value: /go/release/certificates/server.cer - name: KEY_PATH diff --git a/ocd/infra/playbooks/roles/applcm/files/deploy/applcmScript.sh b/ocd/infra/playbooks/roles/applcm/files/deploy/applcmScript.sh new file mode 100755 index 0000000..feab49b --- /dev/null +++ b/ocd/infra/playbooks/roles/applcm/files/deploy/applcmScript.sh @@ -0,0 +1,23 @@ +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#Server is running on https port +sed -i 's/value: false/value: true/g' applcm-broker-deployment.yaml +sed -i 's/#volumeMounts/ volumeMounts/g' applcm-broker-deployment.yaml +sed -i 's/#- mountPath/ - mountPath/g' applcm-broker-deployment.yaml +sed -i 's/#name/ name/g' applcm-broker-deployment.yaml +sed -i 's/#volumes/ volumes/g' applcm-broker-deployment.yaml +sed -i 's/#- name/ - name/g' applcm-broker-deployment.yaml +sed -i 's/#secret/ secret/g' applcm-broker-deployment.yaml +sed -i 's/#secretName/ secretName/g' applcm-broker-deployment.yaml diff --git a/ocd/infra/playbooks/roles/applcm/tasks/install-ssl.yml b/ocd/infra/playbooks/roles/applcm/tasks/install-ssl.yml new file mode 100644 index 0000000..e18ac62 --- /dev/null +++ b/ocd/infra/playbooks/roles/applcm/tasks/install-ssl.yml @@ -0,0 +1,120 @@ +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +- name: copy deploy folder to mecm host for installing APPLCM + copy: + src: deploy + dest: /tmp/applcm/ + +- name: modifying configuration to support https + shell: + cmd: cp applcm-broker-deployment.yaml applcm-broker-deployment-ssl.yaml + chdir: /tmp/applcm/deploy/ + +- name: modify configuraiton to support https + shell: + cmd: chmod +x applcmScript.sh && ./applcmScript.sh + chdir: /tmp/applcm/deploy/ + +- name: Generate Certificates + shell: +# yamllint disable rule:line-length + cmd: openssl genrsa -out ca.key 2048 + chdir: /tmp/applcm/deploy/ + +- name: Generate Certificate - Step 2 + shell: + cmd: openssl req -new -key ca.key -subj /C=CN/ST=Peking/L=Beijing/O=ealtedge/CN=www.ealtedge.org -out ca.csr + chdir: /tmp/applcm/deploy/ + +- name: Generate Root Certificate + shell: + cmd: openssl x509 -req -days 365 -in ca.csr -extensions v3_req -signkey ca.key -out trust.cer + chdir: /tmp/applcm/deploy/ + +- name: Generate Server Key + shell: + cmd: openssl genrsa -out server_key.pem 2048 + chdir: /tmp/applcm/deploy/ + + +- name: Generate Server CSR + shell: + cmd: openssl req -new -key server_key.pem -subj /C=CN/ST=Beijing/L=Beijing/O=ealtedge/CN=www.ealtedge.org -out tls.csr + chdir: /tmp/applcm/deploy/ + +- name: Generate Server Certificate + shell: + cmd: openssl x509 -req -in tls.csr -extensions v3_req -CA trust.cer -CAkey ca.key -CAcreateserial -out server.cer + chdir: /tmp/applcm/deploy/ + +- name: Create applcm-secret + shell: +# yamllint disable rule:line-length + cmd: kubectl create secret --namespace default generic applcm-secret --from-file=/tmp/applcm/deploy/server.cer --from-file=/tmp/applcm/deploy/server_key.pem --from-file=/tmp/applcm/deploy/trust.cer + +- name: Install applcm postgres-configmap + shell: + cmd: kubectl apply -f /tmp/applcm/deploy/postgres-config.yaml + +- name: Install applcm - pvc + shell: + cmd: kubectl apply -f /tmp/applcm/deploy/postgres-storage.yaml + +- name: Install applcm - db + shell: + cmd: kubectl apply -f /tmp/applcm/deploy/postgres-k8s.yaml + +- name: Install applcm - postgres-service + shell: + cmd: kubectl apply -f /tmp/applcm/deploy/postgres-service.yaml + +- name: Install applcm - db-init-config + shell: +# yamllint disable rule:line-length + cmd: sleep 10; + ignore_errors: yes + failed_when: false + no_log: True + +- name: Install applcm - helmplugin + shell: + cmd: sleep 10 + +- name: Install applcm - helmplugin + shell: + cmd: kubectl apply -f /tmp/applcm/deploy/helm-plugin-deployment.yaml + + +- name: Install applcm - helmplugin + shell: + cmd: sleep 10 + +- name: Install applcm - helmplugin + shell: + cmd: kubectl apply -f /tmp/applcm/deploy/helm-plugin-service.yaml + + +- name: Install applcm - helmplugin + shell: + cmd: sleep 10 + +- name: Install applcm - broker + shell: + cmd: kubectl apply -f /tmp/applcm/deploy/applcm-broker-deployment-ssl.yaml + +- name: Install applcm - broker + shell: + cmd: kubectl apply -f /tmp/applcm/deploy/applcm-broker-service.yaml diff --git a/ocd/infra/playbooks/roles/applcm/tasks/install.yml b/ocd/infra/playbooks/roles/applcm/tasks/install.yml index f907387..12c7aa4 100644 --- a/ocd/infra/playbooks/roles/applcm/tasks/install.yml +++ b/ocd/infra/playbooks/roles/applcm/tasks/install.yml @@ -18,43 +18,6 @@ src: deploy dest: /tmp/applcm/ -- name: Generate Certificates - shell: -# yamllint disable rule:line-length - cmd: openssl genrsa -out ca.key 2048 - chdir: /tmp/applcm/deploy/ - -- name: Generate Certificate - Step 2 - shell: - cmd: openssl req -new -key ca.key -subj /C=CN/ST=Peking/L=Beijing/O=ealtedge/CN=www.ealtedge.org -out ca.csr - chdir: /tmp/applcm/deploy/ - -- name: Generate Root Certificate - shell: - cmd: openssl x509 -req -days 365 -in ca.csr -extensions v3_req -signkey ca.key -out trust.cer - chdir: /tmp/applcm/deploy/ - -- name: Generate Server Key - shell: - cmd: openssl genrsa -out server_key.pem 2048 - chdir: /tmp/applcm/deploy/ - - -- name: Generate Server CSR - shell: - cmd: openssl req -new -key server_key.pem -subj /C=CN/ST=Beijing/L=Beijing/O=ealtedge/CN=www.ealtedge.org -out tls.csr - chdir: /tmp/applcm/deploy/ - -- name: Generate Server Certificate - shell: - cmd: openssl x509 -req -in tls.csr -extensions v3_req -CA trust.cer -CAkey ca.key -CAcreateserial -out server.cer - chdir: /tmp/applcm/deploy/ - -- name: Create applcm-secret - shell: -# yamllint disable rule:line-length - cmd: kubectl create secret --namespace default generic applcm-secret --from-file=/tmp/applcm/deploy/server.cer --from-file=/tmp/applcm/deploy/server_key.pem --from-file=/tmp/applcm/deploy/trust.cer - - name: Install applcm postgres-configmap shell: cmd: kubectl apply -f /tmp/applcm/deploy/postgres-config.yaml diff --git a/ocd/infra/playbooks/roles/applcm/tasks/main.yml b/ocd/infra/playbooks/roles/applcm/tasks/main.yml index 8051228..4a1fe7e 100644 --- a/ocd/infra/playbooks/roles/applcm/tasks/main.yml +++ b/ocd/infra/playbooks/roles/applcm/tasks/main.yml @@ -14,7 +14,11 @@ --- - include: "install.yml" - when: operation == 'install' + when: operation == 'install' and mode == 'dev' + + +- include: "install-ssl.yml" + when: operation == 'install' and mode == 'prod' #- include: "uninstall.yml" #when: operation == 'uninstall' -- 2.16.6