#
-# Copyright 2020 Huawei Technologies Co., Ltd.
+# Copyright 2021 Huawei Technologies Co., Ltd.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
---
-############ OCD ############
-
-- hosts: ocdconsolidated
- become: yes
- tags:
- - ocdhost
- - ocdconsolidated
-
- roles:
- - k8s
- - helm
- - docker
- - eg_prerequisite
- - eg_registry
- - eg_helm-repo
- - eg_certs
-
############ Center ############
-### Pre-Requisites ###
-
-- hosts: prerequisitecenter
- become: yes
- tags:
- - prerequisitecenter
- - center
-
- roles:
- - eg_trans_certs
- - eg_prerequisite
- - helm
- - eg_set-helm-repo
- - kubeconfig
-
### Other 3rd party related ###
- hosts: thirdpartycenter
roles:
- grafana
-### EdgeGallery related ###
-
-- hosts: egcenter
- become: yes
- tags:
- - egcenter
- - center
-
- roles:
- - eg_secret
- - service_center
- - eg_user-mgmt
- - eg_mecm-meo
- - eg_mecm-fe
- - eg_appstore
- - eg_developer
-
-
############ Edge ############
-### Infrastructure ###
-- hosts: edge-infra
- become: yes
- tags:
- - edge-infra
- - edge
-
- roles:
- - eg_trans_certs
- - docker
- - eg_prerequisite
- - k3s
-
-### Pre-Requisites ###
-
-- hosts: prerequisiteedge
- become: yes
- tags:
- - prerequisiteedge
- - edge
-
- roles:
- - helm
-
### Other 3rd party related ###
- hosts: thirdpartyedge
roles:
- rabbitmq
- - prometheus
- - kubeconfig
- - mepkubeconfig
- cadvisor
-### EdgeGallery related ###
-
-- hosts: egedge
- become: yes
- tags:
- - egedge
- - edge
-
- roles:
- - eg_secret
- - eg_set-helm-repo
- - eg_mep
- - eg_mecm-mepm
-
### Storage ###
- hosts: openebsinfluxdb
+++ /dev/null
-#
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
----
-
-- name: Import vars
- include_vars:
- file: ../../../config.yml
- name: vardata
-
-- name: Helm install appstore
- # yamllint disable rule:line-length
- command: helm install appstore-edgegallery edgegallery/appstore --set global.oauth2.authServerAddress=https://{{ ansible_host }}:{{ vardata.usermgmt_port.name}} --set images.appstoreFe.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/appstore-fe --set images.appstoreBe.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/appstore-be --set images.postgres.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/postgres --set images.initservicecenter.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/curl --set images.appstoreFe.tag={{vardata.eg_image_tag.name}} --set images.appstoreBe.tag={{vardata.eg_image_tag.name}} --set images.appstoreFe.pullPolicy=IfNotPresent --set images.appstoreBe.pullPolicy=IfNotPresent --set images.postgres.pullPolicy=IfNotPresent --set images.initservicecenter.pullPolicy=IfNotPresent --set global.ssl.enabled=true --set global.ssl.secretName=edgegallery-ssl-secret
+++ /dev/null
-#
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
----
-
-# tasks file for eg_appstore
-- include: "install.yml"
- static: false
- when: operation == 'install'
-
-- include: "uninstall.yml"
- static: false
- when: operation == 'uninstall'
+++ /dev/null
-#
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
----
-
-- name: Uninstall appstore
- command: helm uninstall appstore-edgegallery
- ignore_errors: yes
- no_log: True
+++ /dev/null
-#
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
----
-
-- name: Import config file
- include_vars:
- file: ../../../config.yml
- name: vardata
-
-- name: Remove old ssl key dir
- command: rm -rf /tmp/ssl-eg-keys-certs
- args:
- chdir: /tmp/
-
-- name: Make new ssl key dir
- command: mkdir -p /tmp/ssl-eg-keys-certs
- args:
- chdir: /tmp/
-
-- name: generate cert
- # yamllint disable rule:line-length
- command: docker run -e CERT_VALIDITY_IN_DAYS=365 -v /tmp/ssl-eg-keys-certs:/certs {{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/deploy-tool:latest
- # yamllint disable rule:line-length
+++ /dev/null
-#
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
----
-# tasks file for eg_certs
-- include: "install.yml"
- static: false
- when: operation == 'install'
-
-- include: "uninstall.yml"
- static: false
- when: operation == 'uninstall'
+++ /dev/null
-#
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
----
-
-- name: Remove generated certificates
- command: rm -rf /tmp/ssl-eg-keys-certs
- args:
- chdir: /tmp/
- ignore_errors: yes
- no_log: True
+++ /dev/null
-#
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
----
-
-- name: Import config file
- include_vars:
- file: ../../../config.yml
- name: vardata
-
-- name: Developer chart installing
- # yamllint disable rule:line-length
- command: helm install developer-edgegallery edgegallery/developer --set global.oauth2.authServerAddress=https://{{ ansible_host }}:{{ vardata.usermgmt_port.name}} --set images.developerFe.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/developer-fe --set images.developerBe.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/developer-be --set images.postgres.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/postgres --set images.initservicecenter.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/curl --set images.developerFe.tag={{vardata.eg_image_tag.name}} --set images.developerBe.tag={{vardata.eg_image_tag.name}} --set images.developerFe.pullPolicy=IfNotPresent --set images.developerBe.pullPolicy=IfNotPresent --set images.postgres.pullPolicy=IfNotPresent --set images.initservicecenter.pullPolicy=IfNotPresent --set global.ssl.enabled=true --set global.ssl.secretName=edgegallery-ssl-secret
+++ /dev/null
-#
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
----
-# tasks file for eg_developer
-- include: "install.yml"
- static: false
- when: operation == 'install'
-
-- include: "uninstall.yml"
- static: false
- when: operation == 'uninstall'
+++ /dev/null
-#
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
----
-
-- name: Uninstall developer
- command: helm uninstall developer-edgegallery
- ignore_errors: yes
- no_log: True
+++ /dev/null
-#
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
----
-
-- name: Doing deployment setup for edge gallery
- copy:
- src: deploy
- dest: /tmp/eg_helm-repo/
-
-- name: Import config file
- include_vars:
- file: ../../../config.yml
- name: vardata
-
-- name: Helm repo index edgegallery
- command: helm repo index edgegallery/
- args:
- chdir: /tmp/eg_helm-repo/deploy/helm/helm-charts/
-
-- name: Helm repo index stable
- command: helm repo index stable/
- args:
- chdir: /tmp/eg_helm-repo/deploy/helm/helm-charts/
-
-- name: Changing permisiion
- command: chmod -R 755 /tmp/eg_helm-repo
-
-- name: Creating helm repo
- # yamllint disable rule:line-length
- command: docker run --name helm-repo -v /tmp/eg_helm-repo/deploy/helm/helm-charts/:/usr/share/nginx/html:ro -d -p 8080:80 nginx:stable
- args:
- chdir: /tmp/eg_helm-repo/deploy/helm/helm-charts/
-
-- name: Helm repo add edgegallery
- # yamllint disable rule:line-length
- command: helm repo add edgegallery http://{{ vardata.private_repo_ip.name}}:8080/edgegallery
- args:
- chdir: /tmp/eg_helm-repo/deploy/helm/helm-charts/
-
-- name: Helm repo add stable
- command: helm repo add stable http://{{ vardata.private_repo_ip.name}}:8080/stable
- args:
- chdir: /tmp/eg_helm-repo/deploy/helm/helm-charts/
-
-- debug:
- msg: "Helm repo created"
+++ /dev/null
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
----
-
-# tasks file for eg_helm_repo_add
-- include: "install.yml"
- static: false
- when: operation == 'install'
-
-- include: "uninstall.yml"
- static: false
- when: operation == 'uninstall'
+++ /dev/null
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
----
-
-- name: Docker stop helm repo
- command: docker stop helm-repo
- ignore_errors: yes
- no_log: True
-
-- name: Docker rm helm repo
- command: docker rm helm-repo
- ignore_errors: yes
- no_log: True
-
-- name: Remove tmp folder
- command: rm -rf /tmp/eg_helm-repo
- ignore_errors: yes
- no_log: True
+++ /dev/null
-#
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
----
-
-- name: Import config file
- include_vars:
- file: ../../../config.yml
- name: vardata
-
-- name: Install mecm-fe
- # yamllint disable rule:line-length
- command: helm install mecm-fe-edgegallery edgegallery/mecm-fe --set global.oauth2.authServerAddress=https://{{ ansible_host }}:{{vardata.usermgmt_port.name}} --set images.mecmFe.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/mecm-fe --set images.initservicecenter.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/curl --set images.mecmFe.tag={{vardata.eg_image_tag.name}} --set images.mecmFe.pullPolicy=IfNotPresent --set images.initservicecenter.pullPolicy=IfNotPresent --set global.ssl.enabled=true --set global.ssl.secretName=edgegallery-ssl-secret
+++ /dev/null
-#
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
----
-# tasks file for eg_mecm-fe
-- include: "install.yml"
- static: false
- when: operation == 'install'
-
-- include: "uninstall.yml"
- static: false
- when: operation == 'uninstall'
+++ /dev/null
-#
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
----
-
-- name: Uninstall mecm fe
- command: helm uninstall mecm-fe-edgegallery
- ignore_errors: yes
- no_log: True
+++ /dev/null
-CREATE USER inventory WITH PASSWORD 'PASSWORD_VALUE' CREATEDB;
-CREATE DATABASE inventorydb
- WITH
- OWNER = inventory
- ENCODING = 'UTF8'
- LC_COLLATE = 'en_US.utf8'
- LC_CTYPE = 'en_US.utf8'
- TABLESPACE = pg_default
- CONNECTION LIMIT = -1;
-
-CREATE USER appo WITH PASSWORD 'PASSWORD_VALUE' CREATEDB;
-CREATE DATABASE appodb
- WITH
- OWNER = appo
- ENCODING = 'UTF8'
- LC_COLLATE = 'en_US.utf8'
- LC_CTYPE = 'en_US.utf8'
- TABLESPACE = pg_default
- CONNECTION LIMIT = -1;
-
-CREATE USER apm WITH PASSWORD 'PASSWORD_VALUE' CREATEDB;
-CREATE DATABASE apmdb
- WITH
- OWNER = apm
- ENCODING = 'UTF8'
- LC_COLLATE = 'en_US.utf8'
- LC_CTYPE = 'en_US.utf8'
- TABLESPACE = pg_default
- CONNECTION LIMIT = -1;
+++ /dev/null
-#
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
----
-
-- name: Doing deployment eg_mecm-meo setup for edge gallery eg_mecm-meo
- copy:
- src: deploy
- dest: /tmp/eg_mecm-meo/
-
-- name: Import config file
- include_vars:
- file: ../../../config.yml
- name: vardata
-
-- name: Replacing pwd sql
- replace:
- path: /tmp/eg_mecm-meo/deploy/conf/keys/postgres_init.sql
- regexp: 'PASSWORD_VALUE'
- replace: "{{ vardata.common_pwd.name }}"
-
-- name: Set a variable
- ansible.builtin.set_fact:
- comm_pwd: "{{ vardata.common_pwd.name }}"
-
-- name: Create mecm-ssl-secret with common pwd
- # yamllint disable rule:line-length
- command: kubectl create secret generic mecm-ssl-secret --from-file=keystore.p12=/tmp/ssl-eg-keys-certs/keystore.p12 --from-file=keystore.jks=/tmp/ssl-eg-keys-certs/keystore.jks --from-literal=keystorePassword={{ vardata.common_pwd.name}} --from-literal=keystoreType=PKCS12 --from-literal=keyAlias=edgegallery --from-literal=truststorePassword={{ vardata.common_pwd.name}}
- # yamllint disable rule:line-length
- when: comm_pwd != ""
-
-- name: Generates certificate mecm-ssl-secret
- # yamllint disable rule:line-length
- command: kubectl create secret generic mecm-ssl-secret --from-file=keystore.p12=/tmp/ssl-eg-keys-certs/keystore.p12 --from-file=keystore.jks=/tmp/ssl-eg-keys-certs/keystore.jks --from-literal=keystorePassword={{ vardata.mecm_meo_keystorePassword.name}} --from-literal=keystoreType=PKCS12 --from-literal=keyAlias=edgegallery --from-literal=truststorePassword={{ vardata.mecm_meo_truststorePassword.name}}
- # yamllint disable rule:line-length
- when: comm_pwd == ""
-
-- name: Create certificate edgegallery-mecm-secret with common pwd
- # yamllint disable rule:line-length
- command: kubectl create secret generic edgegallery-mecm-secret --from-file=postgres_init.sql=/tmp/eg_mecm-meo/deploy/conf/keys/postgres_init.sql --from-literal=postgresPassword={{ vardata.common_pwd.name}} --from-literal=postgresApmPassword={{ vardata.common_pwd.name}} --from-literal=postgresAppoPassword={{ vardata.common_pwd.name}} --from-literal=postgresInventoryPassword={{ vardata.common_pwd.name}} --from-literal=edgeRepoUserName=admin --from-literal=edgeRepoPassword={{ vardata.common_pwd.name}}
- # yamllint disable rule:line-length
- args:
- chdir: /tmp/eg_mecm-meo/deploy/
- when: comm_pwd != ""
-
-- name: Generates certificate edgegallery-mecm-secret
- # yamllint disable rule:line-length
- command: kubectl create secret generic edgegallery-mecm-secret --from-file=postgres_init.sql=/tmp/eg_mecm-meo/deploy/conf/keys/postgres_init.sql --from-literal=postgresPassword={{ vardata.mecm_meo_postgresPassword.name}} --from-literal=postgresApmPassword={{ vardata.mecm_meo_postgresApmPassword.name}} --from-literal=postgresAppoPassword={{ vardata.mecm_meo_postgresAppoPassword.name}} --from-literal=postgresInventoryPassword={{ vardata.mecm_meo_postgresInventoryPassword.name}} --from-literal=edgeRepoUserName=admin --from-literal=edgeRepoPassword={{ vardata.common_pwd.name}}
- # yamllint disable rule:line-length
- args:
- chdir: /tmp/eg_mecm-meo/deploy/
- when: comm_pwd == ""
-
-- name: Fs group value
- shell: 'getent group docker | cut -d: -f3'
- register: result
-
-- name: Helm install
- # yamllint disable rule:line-length
- command: helm install mecm-meo-edgegallery edgegallery/mecm-meo --set ssl.secretName=mecm-ssl-secret --set mecm.secretName=edgegallery-mecm-secret --set images.inventory.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/mecm-inventory --set images.appo.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/mecm-appo --set images.apm.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/mecm-apm --set images.postgres.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/postgres --set images.inventory.tag={{ vardata.eg_image_tag.name}} --set images.appo.tag={{ vardata.eg_image_tag.name}} --set images.apm.tag={{ vardata.eg_image_tag.name}} --set images.postgres.tag=12.3 --set images.inventory.pullPolicy=IfNotPresent --set images.appo.pullPolicy=IfNotPresent --set images.apm.pullPolicy=IfNotPresent --set images.postgres.pullPolicy=IfNotPresent --set mecm.docker.fsgroup="{{result.stdout}}"
+++ /dev/null
-#
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
----
-
-# tasks file for eg_mecm-meo
-- include: "install.yml"
- static: false
- when: operation == 'install'
-
-- include: "uninstall.yml"
- static: false
- when: operation == 'uninstall'
+++ /dev/null
-#
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
----
-
-- name: Uninstall mecm meo
- command: helm uninstall mecm-meo-edgegallery
- ignore_errors: yes
- no_log: True
-
-- name: Delete mecm-ssl-secret and edgegallery-mecm-secret
- command: kubectl delete secret mecm-ssl-secret edgegallery-mecm-secret
- ignore_errors: yes
- no_log: True
+++ /dev/null
-CREATE USER lcmcontroller WITH PASSWORD 'PASSWORD_VALUE' CREATEDB;
-CREATE DATABASE lcmcontrollerdb
- WITH
- OWNER = lcmcontroller
- ENCODING = 'UTF8'
- LC_COLLATE = 'en_US.utf8'
- LC_CTYPE = 'en_US.utf8'
- TABLESPACE = pg_default
- CONNECTION LIMIT = -1;
-
-CREATE USER k8splugin WITH PASSWORD 'PASSWORD_VALUE' CREATEDB;
-CREATE DATABASE k8splugindb
- WITH
- OWNER = k8splugin
- ENCODING = 'UTF8'
- LC_COLLATE = 'en_US.utf8'
- LC_CTYPE = 'en_US.utf8'
- TABLESPACE = pg_default
- CONNECTION LIMIT = -1;
-
+++ /dev/null
-#
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
----
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: ClusterRoleBinding
-metadata:
- name: fabric8-rbac
-subjects:
- - kind: ServiceAccount
- # Reference to upper's `metadata.name`
- name: default
- # Reference to upper's `metadata.namespace`
- namespace: default
-roleRef:
- kind: ClusterRole
- name: cluster-admin
- apiGroup: rbac.authorization.k8s.io
+++ /dev/null
-#
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
----
-
-- name: Doing deployment eg_mecm-mepm setup for edge gallery eg_mecm-mepm
- copy:
- src: deploy
- dest: /tmp/eg_mecm-mepm/
-
-- name: Import config file
- include_vars:
- file: ../../../config.yml
- name: vardata
-
-- name: Set a variable
- ansible.builtin.set_fact:
- comm_pwd: "{{ vardata.common_pwd.name }}"
-
-- name: Replacing password
- replace:
- path: /tmp/eg_mecm-mepm/deploy/conf/keys/postgres_init.sql
- regexp: 'PASSWORD_VALUE'
- replace: "{{ vardata.common_pwd.name }}"
-
-- name: Create mecm-mepm-ssl-secret secret
- # yamllint disable rule:line-length
- command: kubectl create secret generic mecm-mepm-jwt-public-secret --from-file=publicKey=/tmp/ssl-eg-keys-certs/encryptedtls.key
- # yamllint disable rule:line-length
- args:
- chdir: /tmp/ssl-eg-keys-certs/
-
-- name: Create mecm-mepm-ssl-secret secret
- # yamllint disable rule:line-length
- command: kubectl create secret generic mecm-mepm-ssl-secret --from-file=server_tls.key=/tmp/ssl-eg-keys-certs/tls.key --from-file=server_tls.crt=/tmp/ssl-eg-keys-certs/tls.crt --from-file=ca.crt=/tmp/ssl-eg-keys-certs/ca.crt
- # yamllint disable rule:line-length
- args:
- chdir: /tmp/ssl-eg-keys-certs/
-
-- name: Create edgegallery-mepm-secret secret with common pwd
- # yamllint disable rule:line-length
- command: kubectl create secret generic edgegallery-mepm-secret --from-file=postgres_init.sql=/tmp/eg_mecm-mepm/deploy/conf/keys/postgres_init.sql --from-literal=postgresPassword={{ vardata.common_pwd.name}} --from-literal=postgresLcmCntlrPassword={{ vardata.common_pwd.name}} --from-literal=postgresk8sPluginPassword={{ vardata.common_pwd.name}}
- # yamllint disable rule:line-length
- when: comm_pwd != ""
-
-- name: Create edgegallery-mepm-secret secret
- # yamllint disable rule:line-length
- command: kubectl create secret generic edgegallery-mepm-secret --from-file=postgres_init.sql=/tmp/eg_mecm-mepm/deploy/conf/keys/postgres_init.sql --from-literal=postgresPassword={{ vardata.mecm_mepm_postgresPassword.name}} --from-literal=postgresLcmCntlrPassword={{ vardata.mecm_mepm_postgresLcmCntlrPassword.name}} --from-literal=postgresk8sPluginPassword={{ vardata.mecm_mepm_postgresk8sPluginPassword.name}}
- # yamllint disable rule:line-length
- when: comm_pwd == ""
-
-- name: Create mepm service account
- command: kubectl apply -f /tmp/eg_mecm-mepm/deploy/conf/manifest/mepm/mepm-service-account.yaml
- args:
- chdir: /tmp/eg_mecm-mepm/deploy/
-
-- name: Install mecm-mepm
- # yamllint disable rule:line-length
- command: helm install mecm-mepm-edgegaller edgegallery/mecm-mepm --set jwt.publicKeySecretName=mecm-mepm-jwt-public-secret --set mepm.secretName=edgegallery-mepm-secret --set ssl.secretName=mecm-mepm-ssl-secret --set images.lcmcontroller.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/mecm-applcm --set images.k8splugin.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/mecm-applcm-k8splugin --set images.postgres.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/postgres --set images.lcmcontroller.tag={{ vardata.eg_image_tag.name}} --set images.k8splugin.tag={{ vardata.eg_image_tag.name}} --set images.postgres.tag=12.3 --set images.lcmcontroller.pullPolicy=IfNotPresent --set images.k8splugin.pullPolicy=IfNotPresent --set images.postgres.pullPolicy=IfNotPresent
- # yamllint disable rule:line-length
+++ /dev/null
-#
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
----
-
-# tasks file for eg_mecm-mepm
-- include: "install.yml"
- static: false
- when: operation == 'install'
-
-- include: "uninstall.yml"
- static: false
- when: operation == 'uninstall'
+++ /dev/null
-#
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
----
-
-- name: Mecm mepm jwt delete
- # yamllint disable rule:line-length
- command: kubectl delete secret mecm-mepm-jwt-public-secret mecm-mepm-ssl-secret edgegallery-mepm-secret
- # yamllint disable rule:line-length
- ignore_errors: yes
- no_log: True
-
-- name: Delete mep-service-account
- # yamllint disable rule:line-length
- command: kubectl delete -f /tmp/eg_mecm-mepm/deploy/conf/manifest/mepm/mepm-service-account.yaml
- ignore_errors: yes
- no_log: True
+++ /dev/null
-#
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-apiVersion: v1
-kind: ConfigMap
-metadata:
- namespace: metallb-system
- name: config
-data:
- config: |
- address-pools:
- - name: address-pool-1
- protocol: layer2
- addresses:
- - 192.168.100.120/32
+++ /dev/null
-#
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-apiVersion: policy/v1beta1
-kind: PodSecurityPolicy
-metadata:
- labels:
- app: metallb
- name: controller
- namespace: metallb-system
-spec:
- allowPrivilegeEscalation: false
- allowedCapabilities: []
- allowedHostPaths: []
- defaultAddCapabilities: []
- defaultAllowPrivilegeEscalation: false
- fsGroup:
- ranges:
- - max: 65535
- min: 1
- rule: MustRunAs
- hostIPC: false
- hostNetwork: false
- hostPID: false
- privileged: false
- readOnlyRootFilesystem: true
- requiredDropCapabilities:
- - ALL
- runAsUser:
- ranges:
- - max: 65535
- min: 1
- rule: MustRunAs
- seLinux:
- rule: RunAsAny
- supplementalGroups:
- ranges:
- - max: 65535
- min: 1
- rule: MustRunAs
- volumes:
- - configMap
- - secret
- - emptyDir
----
-apiVersion: policy/v1beta1
-kind: PodSecurityPolicy
-metadata:
- labels:
- app: metallb
- name: speaker
- namespace: metallb-system
-spec:
- allowPrivilegeEscalation: false
- allowedCapabilities:
- - NET_ADMIN
- - NET_RAW
- - SYS_ADMIN
- allowedHostPaths: []
- defaultAddCapabilities: []
- defaultAllowPrivilegeEscalation: false
- fsGroup:
- rule: RunAsAny
- hostIPC: false
- hostNetwork: true
- hostPID: false
- hostPorts:
- - max: 7472
- min: 7472
- privileged: true
- readOnlyRootFilesystem: true
- requiredDropCapabilities:
- - ALL
- runAsUser:
- rule: RunAsAny
- seLinux:
- rule: RunAsAny
- supplementalGroups:
- rule: RunAsAny
- volumes:
- - configMap
- - secret
- - emptyDir
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- labels:
- app: metallb
- name: controller
- namespace: metallb-system
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- labels:
- app: metallb
- name: speaker
- namespace: metallb-system
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
- labels:
- app: metallb
- name: metallb-system:controller
-rules:
- - apiGroups:
- - ''
- resources:
- - services
- verbs:
- - get
- - list
- - watch
- - update
- - apiGroups:
- - ''
- resources:
- - services/status
- verbs:
- - update
- - apiGroups:
- - ''
- resources:
- - events
- verbs:
- - create
- - patch
- - apiGroups:
- - policy
- resourceNames:
- - controller
- resources:
- - podsecuritypolicies
- verbs:
- - use
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
- labels:
- app: metallb
- name: metallb-system:speaker
-rules:
- - apiGroups:
- - ''
- resources:
- - services
- - endpoints
- - nodes
- verbs:
- - get
- - list
- - watch
- - apiGroups:
- - ''
- resources:
- - events
- verbs:
- - create
- - patch
- - apiGroups:
- - policy
- resourceNames:
- - speaker
- resources:
- - podsecuritypolicies
- verbs:
- - use
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
- labels:
- app: metallb
- name: config-watcher
- namespace: metallb-system
-rules:
- - apiGroups:
- - ''
- resources:
- - configmaps
- verbs:
- - get
- - list
- - watch
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
- labels:
- app: metallb
- name: pod-lister
- namespace: metallb-system
-rules:
- - apiGroups:
- - ''
- resources:
- - pods
- verbs:
- - list
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- labels:
- app: metallb
- name: metallb-system:controller
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: metallb-system:controller
-subjects:
- - kind: ServiceAccount
- name: controller
- namespace: metallb-system
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- labels:
- app: metallb
- name: metallb-system:speaker
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: metallb-system:speaker
-subjects:
- - kind: ServiceAccount
- name: speaker
- namespace: metallb-system
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
- labels:
- app: metallb
- name: config-watcher
- namespace: metallb-system
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: Role
- name: config-watcher
-subjects:
- - kind: ServiceAccount
- name: controller
- - kind: ServiceAccount
- name: speaker
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
- labels:
- app: metallb
- name: pod-lister
- namespace: metallb-system
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: Role
- name: pod-lister
-subjects:
- - kind: ServiceAccount
- name: speaker
----
-apiVersion: apps/v1
-kind: DaemonSet
-metadata:
- labels:
- app: metallb
- component: speaker
- name: speaker
- namespace: metallb-system
-spec:
- selector:
- matchLabels:
- app: metallb
- component: speaker
- template:
- metadata:
- annotations:
- prometheus.io/port: '7472'
- prometheus.io/scrape: 'true'
- labels:
- app: metallb
- component: speaker
- spec:
- containers:
- - args:
- - --port=7472
- - --config=config
- env:
- - name: METALLB_NODE_NAME
- valueFrom:
- fieldRef:
- fieldPath: spec.nodeName
- - name: METALLB_HOST
- valueFrom:
- fieldRef:
- fieldPath: status.hostIP
- - name: METALLB_ML_BIND_ADDR
- valueFrom:
- fieldRef:
- fieldPath: status.podIP
- - name: METALLB_ML_LABELS
- value: "app=metallb,component=speaker"
- - name: METALLB_ML_NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- - name: METALLB_ML_SECRET_KEY
- valueFrom:
- secretKeyRef:
- name: memberlist
- key: secretkey
- image: metallb/speaker:v0.9.3
- imagePullPolicy: IfNotPresent
- name: speaker
- ports:
- - containerPort: 7472
- name: monitoring
- resources:
- limits:
- cpu: 100m
- memory: 100Mi
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- add:
- - NET_ADMIN
- - NET_RAW
- - SYS_ADMIN
- drop:
- - ALL
- readOnlyRootFilesystem: true
- hostNetwork: true
- nodeSelector:
- beta.kubernetes.io/os: linux
- serviceAccountName: speaker
- terminationGracePeriodSeconds: 2
- tolerations:
- - effect: NoSchedule
- key: node-role.kubernetes.io/master
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- labels:
- app: metallb
- component: controller
- name: controller
- namespace: metallb-system
-spec:
- revisionHistoryLimit: 3
- selector:
- matchLabels:
- app: metallb
- component: controller
- template:
- metadata:
- annotations:
- prometheus.io/port: '7472'
- prometheus.io/scrape: 'true'
- labels:
- app: metallb
- component: controller
- spec:
- containers:
- - args:
- - --port=7472
- - --config=config
- image: metallb/controller:v0.9.3
- imagePullPolicy: IfNotPresent
- name: controller
- ports:
- - containerPort: 7472
- name: monitoring
- resources:
- limits:
- cpu: 100m
- memory: 100Mi
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - all
- readOnlyRootFilesystem: true
- nodeSelector:
- beta.kubernetes.io/os: linux
- securityContext:
- runAsNonRoot: true
- runAsUser: 65534
- serviceAccountName: controller
- terminationGracePeriodSeconds: 0
+++ /dev/null
-#
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-apiVersion: v1
-kind: Namespace
-metadata:
- name: metallb-system
- labels:
- app: metallb
+++ /dev/null
-#
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-kind: Pod
-apiVersion: v1
-metadata:
- name: edgegallery-secondary-ep-controller
- namespace: kube-system
-spec:
- serviceAccount: edgegallery-secondary-ep-controller
- containers:
- - name: edgegallery-secondary-ep-controller
- image: edgegallery/edgegallery-secondary-ep-controller:latest
- imagePullPolicy: IfNotPresent
- command: ["/bin/sh", "-c", "--"]
- args: ["edgegallery-secondary-ep-controller"]
+++ /dev/null
-#
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-kind: ServiceAccount
-apiVersion: v1
-metadata:
- name: edgegallery-secondary-ep-controller
- namespace: kube-system
----
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
- name: multi-ip-controller
-rules:
- - apiGroups: [""]
- resources: ["services", "pods"]
- verbs: ["get", "watch", "list"]
- - apiGroups: [""]
- resources: ["endpoints", "events"]
- verbs: ["*"]
- - apiGroups: ["k8s.cni.cncf.io"]
- resources: ["network-attachment-definitions"]
- verbs: ["*"]
----
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
- name: watch-update-secondary-endpoints
-subjects:
- - kind: ServiceAccount
- name: edgegallery-secondary-ep-controller
- namespace: kube-system
-roleRef:
- kind: ClusterRole
- name: multi-ip-controller
- apiGroup: rbac.authorization.k8s.io
+++ /dev/null
-#
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- name: network-attachment-definitions.k8s.cni.cncf.io
-spec:
- group: k8s.cni.cncf.io
- scope: Namespaced
- names:
- plural: network-attachment-definitions
- singular: network-attachment-definition
- kind: NetworkAttachmentDefinition
- shortNames:
- - net-attach-def
- versions:
- - name: v1
- served: true
- storage: true
- schema:
- openAPIV3Schema:
- # yamllint disable rule:line-length
- description: 'NetworkAttachmentDefinition is a CRD schema specified by the Network Plumbing
- Working Group to express the intent for attaching pods to one or more logical or physical
- networks. More information available at: https://github.com/k8snetworkplumbingwg/multi-net-spec'
- # yamllint disable rule:line-length
- type: object
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this represen
- tation of an object. Servers should convert recognized schemas to the
- latest internal value, and may reject unrecognized values. More info:
- https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: 'NetworkAttachmentDefinition spec defines the desired state of a network attachment'
- type: object
- properties:
- config:
- description: 'NetworkAttachmentDefinition config is a JSON-formatted CNI configuration'
- type: string
----
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
- name: multus
-rules:
- - apiGroups: ["k8s.cni.cncf.io"]
- resources:
- - '*'
- verbs:
- - '*'
- - apiGroups:
- - ""
- resources:
- - pods
- - pods/status
- verbs:
- - get
- - update
- - apiGroups:
- - ""
- - events.k8s.io
- resources:
- - events
- verbs:
- - create
- - patch
- - update
----
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
- name: multus
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: multus
-subjects:
- - kind: ServiceAccount
- name: multus
- namespace: kube-system
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- name: multus
- namespace: kube-system
----
-kind: ConfigMap
-apiVersion: v1
-metadata:
- name: multus-cni-config
- namespace: kube-system
- labels:
- tier: node
- app: multus
-data:
- # NOTE: If you'd prefer to manually apply a configuration file, you may create one here.
- # In the case you'd like to customize the Multus installation, you should change the arguments to the Multus pod
- # change the "args" line below from
- # - "--multus-conf-file=auto"
- # to:
- # "--multus-conf-file=/tmp/multus-conf/70-multus.conf"
- # Additionally -- you should ensure that the name "70-multus.conf" is the alphabetically first name in the
- # /etc/cni/net.d/ directory on each node, otherwise, it will not be used by the Kubelet.
- cni-conf.json: |
- {
- "name": "multus-cni-network",
- "type": "multus",
- "capabilities": {
- "portMappings": true
- },
- "delegates": [
- {
- "cniVersion": "0.3.1",
- "name": "default-cni-network",
- "plugins": [
- {
- "type": "flannel",
- "name": "flannel.1",
- "delegate": {
- "isDefaultGateway": true,
- "hairpinMode": true
- }
- },
- {
- "type": "portmap",
- "capabilities": {
- "portMappings": true
- }
- }
- ]
- }
- ],
- "kubeconfig": "/etc/cni/net.d/multus.d/multus.kubeconfig"
- }
----
-apiVersion: apps/v1
-kind: DaemonSet
-metadata:
- name: kube-multus-ds-amd64
- namespace: kube-system
- labels:
- tier: node
- app: multus
- name: multus
-spec:
- selector:
- matchLabels:
- name: multus
- updateStrategy:
- type: RollingUpdate
- template:
- metadata:
- labels:
- tier: node
- app: multus
- name: multus
- spec:
- hostNetwork: true
- nodeSelector:
- kubernetes.io/arch: amd64
- tolerations:
- - operator: Exists
- effect: NoSchedule
- serviceAccountName: multus
- containers:
- - name: kube-multus
- image: docker.io/nfvpe/multus:stable
- command: ["/entrypoint.sh"]
- args:
- - "--multus-conf-file=auto"
- - "--cni-version=0.3.1"
- resources:
- requests:
- cpu: "100m"
- memory: "50Mi"
- limits:
- cpu: "100m"
- memory: "50Mi"
- securityContext:
- privileged: true
- volumeMounts:
- - name: cni
- mountPath: /host/etc/cni/net.d
- - name: cnibin
- mountPath: /host/opt/cni/bin
- - name: multus-cfg
- mountPath: /tmp/multus-conf
- volumes:
- - name: cni
- hostPath:
- path: /etc/cni/net.d
- - name: cnibin
- hostPath:
- path: /opt/cni/bin
- - name: multus-cfg
- configMap:
- name: multus-cni-config
- items:
- - key: cni-conf.json
- path: 70-multus.conf
----
-apiVersion: apps/v1
-kind: DaemonSet
-metadata:
- name: kube-multus-ds-ppc64le
- namespace: kube-system
- labels:
- tier: node
- app: multus
- name: multus
-spec:
- selector:
- matchLabels:
- name: multus
- updateStrategy:
- type: RollingUpdate
- template:
- metadata:
- labels:
- tier: node
- app: multus
- name: multus
- spec:
- hostNetwork: true
- nodeSelector:
- kubernetes.io/arch: ppc64le
- tolerations:
- - operator: Exists
- effect: NoSchedule
- serviceAccountName: multus
- containers:
- - name: kube-multus
- # ppc64le support requires multus:latest for now. support 3.3 or later.
- image: docker.io/nfvpe/multus:stable-ppc64le
- command: ["/entrypoint.sh"]
- args:
- - "--multus-conf-file=auto"
- - "--cni-version=0.3.1"
- resources:
- requests:
- cpu: "100m"
- memory: "90Mi"
- limits:
- cpu: "100m"
- memory: "90Mi"
- securityContext:
- privileged: true
- volumeMounts:
- - name: cni
- mountPath: /host/etc/cni/net.d
- - name: cnibin
- mountPath: /host/opt/cni/bin
- - name: multus-cfg
- mountPath: /tmp/multus-conf
- volumes:
- - name: cni
- hostPath:
- path: /etc/cni/net.d
- - name: cnibin
- hostPath:
- path: /opt/cni/bin
- - name: multus-cfg
- configMap:
- name: multus-cni-config
- items:
- - key: cni-conf.json
- path: 70-multus.conf
----
-apiVersion: apps/v1
-kind: DaemonSet
-metadata:
- name: kube-multus-ds-arm64v8
- namespace: kube-system
- labels:
- tier: node
- app: multus
- name: multus
-spec:
- selector:
- matchLabels:
- name: multus
- updateStrategy:
- type: RollingUpdate
- template:
- metadata:
- labels:
- tier: node
- app: multus
- name: multus
- spec:
- hostNetwork: true
- nodeSelector:
- kubernetes.io/arch: arm64
- tolerations:
- - operator: Exists
- effect: NoSchedule
- serviceAccountName: multus
- containers:
- - name: kube-multus
- image: docker.io/nfvpe/multus:stable-arm64v8
- command: ["/entrypoint.sh"]
- args:
- - "--multus-conf-file=auto"
- - "--cni-version=0.3.1"
- resources:
- requests:
- cpu: "100m"
- memory: "90Mi"
- limits:
- cpu: "100m"
- memory: "90Mi"
- securityContext:
- privileged: true
- volumeMounts:
- - name: cni
- mountPath: /host/etc/cni/net.d
- - name: cnibin
- mountPath: /host/opt/cni/bin
- - name: multus-cfg
- mountPath: /tmp/multus-conf
- volumes:
- - name: cni
- hostPath:
- path: /etc/cni/net.d
- - name: cnibin
- hostPath:
- path: /opt/cni/bin
- - name: multus-cfg
- configMap:
- name: multus-cni-config
- items:
- - key: cni-conf.json
- path: 70-multus.conf
+++ /dev/null
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
----
-
-- name: Doing deployment setup for edge gallery
- copy:
- src: deploy
- dest: /tmp/eg_mep/
-
-- name: Import config file
- include_vars:
- file: ../../../config.yml
- name: vardata
-
-- name: Set a variable
- ansible.builtin.set_fact:
- comm_pwd: "{{ vardata.common_pwd.name }}"
-
-- name: Remove old dir
- command: rm -rf /tmp/.mep_tmp_cer
- args:
- chdir: /tmp/
-
-- name: Make dir
- command: mkdir -p /tmp/.mep_tmp_cer
- args:
- chdir: /tmp/
-
-- name: Openssl genrsa
- command: openssl genrsa -out ca.key 2048
- args:
- chdir: /tmp/.mep_tmp_cer/
-
-- name: Opnessl req
- # yamllint disable rule:line-length
- command: openssl req -new -key ca.key -subj /C=CN/ST=Peking/L=Beijing/O=edgegallery/CN=edgegallery -out ca.csr
- # yamllint disable rule:line-length
- args:
- chdir: /tmp/.mep_tmp_cer/
-
-- name: Sing key with ca key and ca crt
- # yamllint disable rule:line-length
- command: openssl x509 -req -days 365 -in ca.csr -extensions v3_ca -signkey ca.key -out ca.crt
- # yamllint disable rule:line-length
- args:
- chdir: /tmp/.mep_tmp_cer/
-
-- name: Openssl genrsa
- command: openssl genrsa -out mepserver_tls.key 2048
- args:
- chdir: /tmp/.mep_tmp_cer/
-
-- name: Openssl rsa mep tls with common pwd
- # yamllint disable rule:line-length
- command: openssl rsa -in /tmp/.mep_tmp_cer/mepserver_tls.key -aes256 -passout pass:{{ vardata.common_pwd.name}} -out /tmp/.mep_tmp_cer/mepserver_encryptedtls.key
- # yamllint disable rule:line-length
- when: comm_pwd != ""
-
-- name: Openssl rsa mep tls
- # yamllint disable rule:line-length
- command: openssl rsa -in /tmp/.mep_tmp_cer/mepserver_tls.key -aes256 -passout pass:{{ vardata.mep_cert_pwd.name}} -out /tmp/.mep_tmp_cer/mepserver_encryptedtls.key
- # yamllint disable rule:line-length
- when: comm_pwd == ""
-
-- name: Openssl req new key mepserver tls key
- # yamllint disable rule:line-length
- command: openssl req -new -key mepserver_tls.key -subj /C=CN/ST=Beijing/L=Beijing/O=edgegallery/CN=edgegallery -out mepserver_tls.csr
- # yamllint disable rule:line-length
- args:
- chdir: /tmp/.mep_tmp_cer/
-
-- name: Openssl mepserver tls csr
- # yamllint disable rule:line-length
- command: openssl x509 -req -in mepserver_tls.csr -extensions v3_req -CA ca.crt -CAkey ca.key -CAcreateserial -out mepserver_tls.crt
- # yamllint disable rule:line-length
- args:
- chdir: /tmp/.mep_tmp_cer/
-
-- name: Openssl genrsa out
- command: openssl genrsa -out jwt_privatekey 2048
- args:
- chdir: /tmp/.mep_tmp_cer/
-
-- name: Openssl rsa jwt privatekey
- command: openssl rsa -in jwt_privatekey -pubout -out jwt_publickey
- args:
- chdir: /tmp/.mep_tmp_cer/
-
-- name: Openssl rsa in jwt with common pwd
- # yamllint disable rule:line-length
- command: openssl rsa -in /tmp/.mep_tmp_cer/jwt_privatekey -aes256 -passout pass:{{ vardata.common_pwd.name}} -out /tmp/.mep_tmp_cer/jwt_encrypted_privatekey
- ignore_errors: yes
- no_log: True
- # yamllint disable rule:line-length
- when: comm_pwd != ""
-
-- name: Openssl rsa in jwt
- # yamllint disable rule:line-length
- command: openssl rsa -in /tmp/.mep_tmp_cer/jwt_privatekey -aes256 -passout pass:{{ vardata.mep_cert_pwd.name}} -out /tmp/.mep_tmp_cer/jwt_encrypted_privatekey
- # yamllint disable rule:line-length
- ignore_errors: yes
- no_log: True
- when: comm_pwd == ""
-
-- name: Create mep namespace
- command: kubectl create ns mep
- args:
- chdir: /tmp/
-
-- name: Create generic pg secret with common pwd
- # yamllint disable rule:line-length
- command: kubectl -n mep create secret generic pg-secret --from-literal=pg_admin_pwd={{ vardata.common_pwd.name}} --from-literal=kong_pg_pwd={{ vardata.mep_kong_pg_pwd.name}}
- --from-file=server.key=/tmp/.mep_tmp_cer/mepserver_tls.key --from-file=server.crt=/tmp/.mep_tmp_cer/mepserver_tls.crt
- ignore_errors: yes
- no_log: True
- # yamllint disable rule:line-length
- when: comm_pwd != ""
-
-- name: Create generic pg secret
- # yamllint disable rule:line-length
- command: kubectl -n mep create secret generic pg-secret --from-literal=pg_admin_pwd={{ vardata.mep_pg_admin_pwd.name}} --from-literal=kong_pg_pwd={{ vardata.mep_kong_pg_pwd.name}}
- --from-file=server.key=/tmp/.mep_tmp_cer/mepserver_tls.key --from-file=server.crt=/tmp/.mep_tmp_cer/mepserver_tls.crt
- ignore_errors: yes
- no_log: True
- # yamllint disable rule:line-length
- when: comm_pwd == ""
-
-- name: Create mep generic for mep ssl with common pwd
- # yamllint disable rule:line-length
- command: kubectl -n mep create secret generic mep-ssl --from-literal=cert_pwd={{ vardata.common_pwd.name}} --from-file=server.cer=/tmp/.mep_tmp_cer/mepserver_tls.crt
- --from-file=server_key.pem=/tmp/.mep_tmp_cer/mepserver_encryptedtls.key --from-file=trust.cer=/tmp/.mep_tmp_cer/ca.crt
- ignore_errors: yes
- no_log: True
- # yamllint disable rule:line-length
- when: comm_pwd != ""
-
-- name: Create mep generic for mep ssl
- # yamllint disable rule:line-length
- command: kubectl -n mep create secret generic mep-ssl --from-literal=cert_pwd={{ vardata.mep_cert_pwd.name}} --from-file=server.cer=/tmp/.mep_tmp_cer/mepserver_tls.crt
- --from-file=server_key.pem=/tmp/.mep_tmp_cer/mepserver_encryptedtls.key --from-file=trust.cer=/tmp/.mep_tmp_cer/ca.crt
- # yamllint disable rule:line-length
- when: comm_pwd == ""
-
-- name: Create mep seret generic
- # yamllint disable rule:line-length
- command: kubectl -n mep create secret generic mepauth-secret --from-file=server.crt=/tmp/.mep_tmp_cer/mepserver_tls.crt --from-file=server.key=/tmp/.mep_tmp_cer/mepserver_tls.key
- --from-file=ca.crt=/tmp/.mep_tmp_cer/ca.crt --from-file=jwt_publickey=/tmp/.mep_tmp_cer/jwt_publickey --from-file=jwt_encrypted_privatekey=/tmp/.mep_tmp_cer/jwt_encrypted_privatekey
- # yamllint disable rule:line-length
- args:
- chdir: /tmp/
-
-- name: Remove directory
- command: rm -rf /tmp/.mep_tmp_cer
- args:
- chdir: /tmp/
-
-- debug:
- msg: Deploy_dns_metallb execution start
-
-- name: Eg_Mep deployment execution of namesapce
- command: kubectl apply -f /tmp/eg_mep/deploy/conf/edge/metallb/namespace.yaml
- args:
- chdir: /tmp/eg_mep/deploy/
-
-- name: Eg_Mep deployment execution of metallb
- command: kubectl apply -f /tmp/eg_mep/deploy/conf/edge/metallb/metallb.yaml
- args:
- chdir: /tmp/eg_mep/deploy/
-
-- name: Eg_Mep deployment create secret
- # yamllint disable rule:line-length
- command: kubectl create secret generic -n metallb-system memberlist --from-literal=secretkey="$(openssl rand -base64 128)"
- # yamllint disable rule:line-length
- args:
- chdir: /tmp/eg_mep/deploy/
-
-- name: Eg_Mep deployment execution of config-mep
- command: kubectl apply -f /tmp/eg_mep/deploy/conf/edge/metallb/config-map.yaml
- args:
- chdir: /tmp/eg_mep/deploy/
-
-- debug:
- msg: Deploy_network_isolation_multus execution start
-
-- name: Running multus yaml files
- command: kubectl apply -f /tmp/eg_mep/deploy/conf/edge/network-isolation/multus.yaml
- args:
- chdir: /tmp/eg_mep/deploy/
-
-- name: Running eg-sp-rbac yaml files
- command: kubectl apply -f /tmp/eg_mep/deploy/conf/edge/network-isolation/eg-sp-rbac.yaml
- args:
- chdir: /tmp/eg_mep/deploy/
-
-- name: Replacing image
- replace:
- path: /tmp/eg_mep/deploy/conf/edge/network-isolation/eg-sp-controller.yaml
- regexp: 'edgegallery/edgegallery-secondary-ep-controller:latest'
- replace: "{{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/edgegallery-secondary-ep-controller:latest"
-
-- name: Running eg-sp-controller yaml files
- # yamllint disable rule:line-length
- command: kubectl apply -f /tmp/eg_mep/deploy/conf/edge/network-isolation/eg-sp-controller.yaml
- args:
- chdir: /tmp/eg_mep/deploy/
-
-- debug:
- msg: Setup_interfaces execution start
-
-- name: Link eg mep macvlan
- # yamllint disable rule:line-length
- command: ip link add eg-mp1 link {{ vardata.edge_management_interface.name}} type macvlan mode bridge
- args:
- chdir: /tmp/eg_mep/deploy/
- ignore_errors: yes
- no_log: True
-
-- name: Link eg mep macvlan
- command: ip addr add {{ vardata.eg-management-address.name}} dev eg-mp1
- args:
- chdir: /tmp/eg_mep/deploy/
- ignore_errors: yes
- no_log: True
-
-- name: Link eg me1 up
- command: ip link set dev eg-mp1 up
- args:
- chdir: /tmp/eg_mep/deploy/
- ignore_errors: yes
- no_log: True
-
-- name: Link eg eg mm5 with eth1
- # yamllint disable rule:line-length
- command: ip link add eg-mm5 link {{ vardata.edge_dataplane_interface.name}} type macvlan mode bridge
- args:
- chdir: /tmp/eg_mep/deploy/
- ignore_errors: yes
- no_log: True
-
-- name: Link eg eg mm5 ip addr
- command: ip addr add {{ vardata.eg-dataplane-address.name}} dev eg-mm5
- args:
- chdir: /tmp/eg_mep/deploy/
- ignore_errors: yes
- no_log: True
-
-- name: Link eg eg mm5 set dev
- command: ip link set dev eg-mm5 up
- args:
- chdir: /tmp/eg_mep/deploy/
- ignore_errors: yes
- no_log: True
-
-- debug:
- msg: Pull helm repo start
-
-- name: Edge gallery mep installation pull chart and image
- # yamllint disable rule:line-length
- command: helm install mep-edgegallery edgegallery/mep --set networkIsolation.phyInterface.mp1={{ vardata.edge_management_interface.name}} --set networkIsolation.phyInterface.mm5={{ vardata.edge_dataplane_interface.name}} --set images.mep.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/mep --set images.mepauth.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/mepauth --set images.dns.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/mep-dns-server --set images.kong.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/kong --set images.postgres.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/postgres --set images.mep.tag={{ vardata.eg_image_tag.name}} --set images.mepauth.tag={{ vardata.eg_image_tag.name}} --set images.dns.tag={{ vardata.eg_image_tag.name}} --set images.mep.pullPolicy=IfNotPresent --set images.mepauth.pullPolicy=IfNotPresent --set images.dns.pullPolicy=IfNotPresent --set images.kong.pullPolicy=IfNotPresent --set images.postgres.pullPolicy=IfNotPresent --set ssl.secretName=mep-ssl
- # yamllint disable rule:line-length
+++ /dev/null
-#
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
----
-
-# tasks file for eg_mep
-- include: "install.yml"
- static: false
- when: operation == 'install'
-
-- include: "uninstall.yml"
- static: false
- when: operation == 'uninstall'
+++ /dev/null
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
----
-
-- name: Uninstall ssl config mep helm chart
- command: helm uninstall mep-edgegallery
- ignore_errors: yes
- no_log: True
-
-- name: Delete ssl config pg secret
- command: kubectl delete secret pg-secret -n mep
- ignore_errors: yes
- no_log: True
-
-- name: Delete ssl config mep ssl
- command: kubectl delete secret mep-ssl -n mep
- ignore_errors: yes
- no_log: True
-
-- name: Delete ssl config mep mep auth
- command: kubectl delete secret mepauth-secret -n mep
- ignore_errors: yes
- no_log: True
-
-- name: Delete dns namesapce metallb
- command: kubectl delete secret memberlist -n metallb-system
- ignore_errors: yes
- no_log: True
-
-- name: Delete ssl config namesapce mep
- command: kubectl delete ns mep
- ignore_errors: yes
- no_log: True
-
-- name: Delete network isolation multus eg sp controller
- # yamllint disable rule:line-length
- command: kubectl delete -f /tmp/eg_mep/deploy/conf/edge/network-isolation/eg-sp-controller.yaml
- ignore_errors: yes
- no_log: True
-
-- name: Delete network isolation multus eg sp rbac
- # yamllint disable rule:line-length
- command: kubectl delete -f /tmp/eg_mep/deploy/conf/edge/network-isolation/eg-sp-rbac.yaml
- ignore_errors: yes
- no_log: True
-
-- name: Delete network isolation multus
- # yamllint disable rule:line-length
- command: kubectl delete -f /tmp/eg_mep/deploy/conf/edge/network-isolation/multus.yaml
- ignore_errors: yes
- no_log: True
-
-- name: Delete network isolation eg mp1
- command: ip link set dev eg-mp1 down
- ignore_errors: yes
- no_log: True
-
-- name: Delete nnetwork isolation eg mp1 link
- command: ip link delete eg-mp1
- ignore_errors: yes
- no_log: True
-
-- name: Delete network isolation eg mm5
- command: ip link set dev eg-mm5 down
- ignore_errors: yes
- no_log: True
-
-- name: Delete network isolation eg mm5 link
- command: ip link delete eg-mm5
- ignore_errors: yes
- no_log: True
-
-- name: Delete network isolation multus rm
- command: rm -rf /opt/cni/bin/multus
- ignore_errors: yes
- no_log: True
-
-- name: Uninstall dns metallb config mep
- # yamllint disable rule:line-length
- command: kubectl delete -f /tmp/eg_mep/deploy/conf/edge/metallb/config-map.yaml
- ignore_errors: yes
- no_log: True
-
-- name: Delete dns metallb
- # yamllint disable rule:line-length
- command: kubectl delete -f /tmp/eg_mep/deploy/conf/edge/metallb/metallb.yaml
- ignore_errors: yes
- no_log: True
-
-- name: Delete dns metallb namespace
- # yamllint disable rule:line-length
- command: kubectl delete -f /tmp/eg_mep/deploy/conf/edge/metallb/namespace.yaml
- ignore_errors: yes
- no_log: True
+++ /dev/null
-#!/bin/bash
-
-function _help_insecure_registry()
-{
- grep -i "insecure-registries" /etc/docker/daemon.json | grep "REGISTRIES_IP:REGISTRIES_PORT" >/dev/null 2>&1
- if [ $? != 0 ]; then
- mkdir -p /etc/docker
-cat <<EOF | tee /etc/docker/daemon.json
-{
- "insecure-registries" : ["REGISTRIES_IP:REGISTRIES_PORT"]
-}
-EOF
- service docker restart
- fi
-}
-
-##############################################################
-############################################
-function main(){
- _help_insecure_registry
-}
-#########################################
-#skip main in case of source
- main $@
-######################
+++ /dev/null
-#
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
----
-
-- name: Doing deployment setup for edge gallery
- copy:
- src: deploy
- dest: /tmp/eg_prerequisite/
- mode: 750
-
-- name: Import config file
- include_vars:
- file: ../../../config.yml
- name: vardata
-
-- name: Replacing private ip
- replace:
- path: /tmp/eg_prerequisite/deploy/eg_daemon.sh
- regexp: REGISTRIES_IP
- replace: "{{ vardata.private_repo_ip.name }}"
-
-- name: Replacing private port
- replace:
- path: /tmp/eg_prerequisite/deploy/eg_daemon.sh
- regexp: REGISTRIES_PORT
- replace: "{{ vardata.docker_registry_port.name }}"
-
-- name: Execute script for docker daemon
- shell:
- cmd: /tmp/eg_prerequisite/deploy/eg_daemon.sh
-
-- name: Delete Execute script for docker daemon
- command: rm -rf /tmp/eg_prerequisite
+++ /dev/null
-#
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
----
-
-# tasks file for eg_prerequisite
-- include: "install.yml"
- static: false
- when: operation == 'install'
+++ /dev/null
-#!/bin/bash
-TARBALL_PATH=/tmp/eg_registry/deploy/
-
-function _load_and_run_docker_registry()
-{
-
- docker ps | grep registry >/dev/null
- if [ $? != 0 ]; then
- cd "$TARBALL_PATH"/registry
- docker load --input registry-2.tar.gz
- docker run -d -p 5000:5000 --restart=always --name registry registry:2
- fi
-}
-
-function _load_swr_images_and_push_to_private_registry()
-{
- IP=REGISTRIES_IP
- PORT="REGISTRIES_PORT"
- cd "$TARBALL_PATH"/eg_swr_images
-
- for f in *.tar.gz;
- do
- cat $f | docker load
- IMAGE_NAME=`echo $f|rev|cut -c8-|rev|sed -e "s/\#/:/g" | sed -e "s/\@/\//g"`;
- docker image tag $IMAGE_NAME $IP:$PORT/$IMAGE_NAME
- docker push $IP:$PORT/$IMAGE_NAME
- done
-}
-
-##############################################################
-############################################
-function main(){
- _load_and_run_docker_registry
- _load_swr_images_and_push_to_private_registry
-}
-#########################################
-#skip main in case of source
- main $@
-######################
+++ /dev/null
-#
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
----
-
-- name: Doing deployment setup for edge gallery
- copy:
- src: deploy
- dest: /tmp/eg_registry/
- mode: 750
-
-- name: Import config file
- include_vars:
- file: ../../../config.yml
- name: vardata
-
-- name: Download 0.9 tar
-# yamllint disable rule:line-length
- command: wget http://release.edgegallery.org/release/arm64/all/EdgeGallery-v0.9-all-arm64.tar.gz
-# yamllint disable rule:line-length
- args:
- chdir: /tmp/eg_registry/deploy/
- when: ansible_architecture == 'aarch64'
-
-- name: Download 0.9 tar
-# yamllint disable rule:line-length
- command: wget http://release.edgegallery.org/release/x86/all/EdgeGallery-v0.9-all-x86.tar.gz
-# yamllint disable rule:line-length
- args:
- chdir: /tmp/eg_registry/deploy/
- when: ansible_architecture == 'x86_64'
-
-- name: Untar the downloaded tar
- command: tar -zxf EdgeGallery-v0.9-all-x86.tar.gz
- args:
- chdir: /tmp/eg_registry/deploy/
- when: ansible_architecture == 'x86_64'
-
-- name: Untar the downloaded tar
- command: tar -zxf EdgeGallery-v0.9-all-arm64.tar.gz
- args:
- chdir: /tmp/eg_registry/deploy/
- when: ansible_architecture == 'aarch64'
-
-- name: Replacing private ip
- replace:
- path: /tmp/eg_registry/deploy/load-images.sh
- regexp: 'REGISTRIES_IP'
- replace: "{{ vardata.private_repo_ip.name }}"
-
-- name: Replacing private port
- replace:
- path: /tmp/eg_registry/deploy/load-images.sh
- regexp: 'REGISTRIES_PORT'
- replace: "{{ vardata.docker_registry_port.name }}"
-
-- name: Execute the script
- shell:
- cmd: /tmp/eg_registry/deploy/load-images.sh
+++ /dev/null
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
----
-
-# tasks file for eg_load-iamges
-- include: "install.yml"
- static: false
- when: operation == 'install'
-
-- include: "uninstall.yml"
- static: false
- when: operation == 'uninstall'
+++ /dev/null
-#
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
----
-
-- name: Stop registry
- command: docker stop registry
- ignore_errors: yes
- no_log: True
-
-- name: Remove registry
- command: docker rm -v registry
- ignore_errors: yes
- no_log: True
-
-- name: Remove tmp file
- command: rm -rf /tmp/eg_registry
- ignore_errors: yes
- no_log: True
+++ /dev/null
-#
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
----
-
-- name: Import config file
- include_vars:
- file: ../../../config.yml
- name: vardata
-
-- name: Generate secret
- # yamllint disable rule:line-length
- command: kubectl create secret generic edgegallery-ssl-secret --from-file=keystore.p12=/tmp/ssl-eg-keys-certs/keystore.p12 --from-literal=keystorePassword={{ vardata.common_pwd.name}} --from-literal=keystoreType=PKCS12 --from-literal=keyAlias=edgegallery --from-file=trust.cer=/tmp/ssl-eg-keys-certs/ca.crt --from-file=server.cer=/tmp/ssl-eg-keys-certs/tls.crt --from-file=server_key.pem=/tmp/ssl-eg-keys-certs/encryptedtls.key --from-literal=cert_pwd={{ vardata.common_pwd.name}}
- args:
- chdir: /tmp/ssl-eg-keys-certs/
+++ /dev/null
-#
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
----
-
-# tasks file for eg_secret
-- include: "install.yml"
- static: false
- when: operation == 'install'
-
-- include: "uninstall.yml"
- static: false
- when: operation == 'uninstall'
+++ /dev/null
-#
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
----
-
-- name: Delete edgegallery ssl secret
- command: kubectl delete secret edgegallery-ssl-secret
- ignore_errors: yes
- no_log: True
+++ /dev/null
-#
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
----
-
-- name: Import config file
- include_vars:
- file: ../../../config.yml
- name: vardata
-
-- name: Helm repo add edgegallery
- # yamllint disable rule:line-length
- command: helm repo add edgegallery http://{{ vardata.private_repo_ip.name}}:8080/edgegallery
-
-- name: Helm repo add stable
- # yamllint disable rule:line-length
- command: helm repo add stable http://{{ vardata.private_repo_ip.name}}:8080/stable
+++ /dev/null
-#
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
----
-
-# tasks file for eg_set-helm-repo
-- include: "install.yml"
- static: false
- when: operation == 'install'
+++ /dev/null
-#
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
----
-
-- name: Certificate copy
- debug:
- msg: Copy certificate from ocd to center and edge
-
-- synchronize:
- src: /tmp/ssl-eg-keys-certs
- dest: /tmp/
+++ /dev/null
-#
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
----
-
-# tasks file for eg_trans_certs
-- include: "install.yml"
- static: false
- when: operation == 'install'
+++ /dev/null
-#
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
----
-
-- name: Import config file
- include_vars:
- file: ../../../config.yml
- name: vardata
-
-- name: Set a variable
- ansible.builtin.set_fact:
- comm_pwd: "{{ vardata.common_pwd.name }}"
-
-- name: Create certificates for usermanagment with common pwd
- # yamllint disable rule:line-length
- command: kubectl create secret generic user-mgmt-jwt-secret --from-file=publicKey=/tmp/ssl-eg-keys-certs/rsa_public_key.pem --from-file=encryptedPrivateKey=/tmp/ssl-eg-keys-certs/encrypted_rsa_private_key.pem --from-literal=encryptPassword={{ vardata.common_pwd.name}}
- # yamllint disable rule:line-length
- when: comm_pwd != ""
-
-- name: Generating certificates for usermanagment
- # yamllint disable rule:line-length
- command: kubectl create secret generic user-mgmt-jwt-secret --from-file=publicKey=/tmp/ssl-eg-keys-certs/rsa_public_key.pem --from-file=encryptedPrivateKey=/tmp/ssl-eg-keys-certs/encrypted_rsa_private_key.pem --from-literal=encryptPassword={{ vardata.user_mgmt_encryptPassword.name}}
- # yamllint disable rule:line-length
- when: comm_pwd == ""
-
-- name: Install user-mgmt
- # yamllint disable rule:line-length
- command: helm install user-mgmt-edgegallery edgegallery/usermgmt --set global.oauth2.clients.appstore.clientUrl=https://{{ ansible_host }}:{{vardata.appstore_port.name}},global.oauth2.clients.developer.clientUrl=https://{{ ansible_host }}:{{vardata.developer_port.name}},global.oauth2.clients.mecm.clientUrl=https://{{ ansible_host }}:{{vardata.mecm_port.name}}, --set jwt.secretName=user-mgmt-jwt-secret --set images.usermgmt.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/user-mgmt --set images.postgres.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/postgres --set images.redis.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/redis --set images.initservicecenter.repository={{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/curl --set images.usermgmt.tag={{ vardata.eg_image_tag.name}} --set images.usermgmt.pullPolicy=IfNotPresent --set images.postgres.pullPolicy=IfNotPresent --set images.redis.pullPolicy=IfNotPresent --set images.initservicecenter.pullPolicy=IfNotPresent --set global.ssl.enabled=true --set global.ssl.secretName=edgegallery-ssl-secret
+++ /dev/null
-#
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
----
-
-# tasks file for eg_user-mgmt
-- include: "install.yml"
- static: false
- when: operation == 'install'
-
-- include: "uninstall.yml"
- static: false
- when: operation == 'uninstall'
+++ /dev/null
-#
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
----
-
-- name: Uninstall user management
- command: helm uninstall user-mgmt-edgegallery
- ignore_errors: yes
- no_log: True
-
-- name: Delete user-mgmt-jwt-secret
- command: kubectl delete secret user-mgmt-jwt-secret
- ignore_errors: yes
- no_log: True
---
- name: check if grafana is already installed
shell:
- cmd: helm status mec-grafana
+ cmd: helm status grafana
register: result
ignore_errors: yes
no_log: True
# yamllint disable rule:line-length
when: result.stdout == ""
+- name: "INSTALL: Add Grafana Repo on x86"
+ shell:
+ cmd: helm repo add grafana https://grafana.github.io/helm-charts
+ when: result is failed and ansible_architecture == 'x86_64'
+ ignore_errors: yes
+
+- name: "INSTALL: Update helm repo"
+ shell:
+ cmd: helm repo update
+ when: result is failed and ansible_architecture == 'x86_64'
+ ignore_errors: yes
+
- name: "INSTALL: Install grafana on x86_64"
shell:
- cmd: helm install mec-grafana stable/grafana
+ cmd: helm install grafana grafana/grafana
when: result is failed and ansible_architecture == 'x86_64'
+ ignore_errors: yes
- name: "INSTALL: copy values.yaml to host"
copy:
- name: "INSTALL: Install grafana on aarch64"
shell:
- cmd: helm install mec-grafana stable/grafana -f /tmp/grafana/values.yaml
+ cmd: helm install grafana stable/grafana -f /tmp/grafana/values.yaml
when: result is failed and ansible_architecture == 'aarch64'
---
- name: check if grafana is installed before deleting
shell:
- cmd: helm status mec-grafana
+ cmd: helm status grafana
register: result
ignore_errors: yes
no_log: True
msg: Ignore Uninstall Log , Grafana not installed
when: result.stdout == ""
-- name: Uninstall grafana
+- name: Uninstall grafana on arm
shell:
- cmd: helm uninstall mec-grafana
- when: result is succeeded
+ cmd: helm uninstall grafana
+ when: result is succeeded and ansible_architecture == 'aarch64'
+
+- name: Uninstall grafana on x86
+ shell:
+ cmd: helm uninstall grafana
+ when: result is succeeded and ansible_architecture == 'x86_64'
Code Review / ealt-edge.git / commitdiff