From 2bd586736b3afaee5c2674020d6f1d6b316cbbbd Mon Sep 17 00:00:00 2001 From: abhijit_onap Date: Wed, 27 May 2020 23:12:38 +0530 Subject: [PATCH] Added Playbook for Vault Signed-off-by: abhijit_onap Change-Id: Ieab916d492a63f2caee6067b9e48835bd4a18d08 --- ocd/infra/playbooks/ealt-all.yml | 9 +++++++ ocd/infra/playbooks/ealt-inventory.ini | 9 +++++++ ocd/infra/playbooks/roles/vault/tasks/install.yml | 31 +++++++++++++++++++++++ ocd/infra/playbooks/roles/vault/tasks/main.yml | 22 ++++++++++++++++ 4 files changed, 71 insertions(+) create mode 100644 ocd/infra/playbooks/roles/vault/tasks/install.yml create mode 100644 ocd/infra/playbooks/roles/vault/tasks/main.yml diff --git a/ocd/infra/playbooks/ealt-all.yml b/ocd/infra/playbooks/ealt-all.yml index abe698e..3b6344c 100644 --- a/ocd/infra/playbooks/ealt-all.yml +++ b/ocd/infra/playbooks/ealt-all.yml @@ -89,6 +89,15 @@ roles: - mepserver +- hosts: mep-centos + become: yes + tags: + - infra + - mep + + roles: + - vault + - hosts: certsmanager become: yes tags: diff --git a/ocd/infra/playbooks/ealt-inventory.ini b/ocd/infra/playbooks/ealt-inventory.ini index f59d1b7..b859258 100644 --- a/ocd/infra/playbooks/ealt-inventory.ini +++ b/ocd/infra/playbooks/ealt-inventory.ini @@ -25,11 +25,20 @@ ocdhost ansible_host="" ansible_user="" ansible_password="" mecm mep +[mep-centos] +edge2 ansible_host="" ansible_user="" ansible_password="" + [infra-k3s:children] mep [mepautomate:children] mep +[platform-applcm:children] +mecm + +[platform-vault:children] +mep-centos + [certsmanager:children] mep diff --git a/ocd/infra/playbooks/roles/vault/tasks/install.yml b/ocd/infra/playbooks/roles/vault/tasks/install.yml new file mode 100644 index 0000000..38e1fa2 --- /dev/null +++ b/ocd/infra/playbooks/roles/vault/tasks/install.yml @@ -0,0 +1,31 @@ +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: "INSTALL: Add Vault repo" +# yamllint disable rule:line-length + command: helm repo add hashicorp https://helm.releases.hashicorp.com +# yamllint disable rule:line-length + +- name: "INSTALL: Vault " + command: helm install vault hashicorp/vault + + +- name: "Installing ...Vault " + command: sleep 10 + +- name: "Initialize Vault POD and Unseal Key" + shell: +# yamllint disable rule:line-length + cmd: kubectl exec -ti vault-0 -- vault operator unseal $(kubectl exec vault-0 -- vault operator init -key-shares=1 -key-threshold=1 -format="" | grep -i "unseal key 1" | awk '{print $4}') +# yamllint enable rule:line-length diff --git a/ocd/infra/playbooks/roles/vault/tasks/main.yml b/ocd/infra/playbooks/roles/vault/tasks/main.yml new file mode 100644 index 0000000..aedb1c1 --- /dev/null +++ b/ocd/infra/playbooks/roles/vault/tasks/main.yml @@ -0,0 +1,22 @@ +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +# tasks file for Vault +- include: "install.yml" + static: false + when: operation == 'install' + +#- include: "uninstall.yml" + #when: operation == 'uninstall' -- 2.16.6