name: 200.1.1.2/24
# All Edge related password which needs to be specified if user doesn't
-# need common password for security purpose #
+# need common password for security purpose
+mep_pg_admin_pwd:
+ name:
+mep_kong_pg_pwd:
+ name:
+mep_cert_pwd:
+ name:
+generate_cert_pass:
+ name:
+mecm_mepm_postgresPassword:
+ name:
+mecm_mepm_postgresLcmCntlrPassword:
+ name:
+mecm_mepm_postgresk8sPluginPassword:
+ name:
########### Center config ###########
######### Mandatory #########
name:
mecm_meo_edgeRepoPassword:
name:
-center_node_ip:
- name:
######### Optional #########
usermgmt_port:
name: 30093
# All Center related password which needs to be specified if user
-# doesn't need common password for security purpose #
-# yamllint disable rule:new-line-at-end-of-file
\ No newline at end of file
+# doesn't need common password for security purpose
+mecm_meo_keystorePassword:
+ name:
+mecm_meo_truststorePassword:
+ name:
+mecm_meo_postgresPassword:
+ name:
+mecm_meo_postgresApmPassword:
+ name:
+mecm_meo_postgresAppoPassword:
+ name:
+mecm_meo_postgresInventoryPassword:
+ name:
- name: Helm install appstore
# yamllint disable rule:line-length
- command: helm install --wait appstore-edgegallery edgegallery/appstore --set global.oauth2.authServerAddress=https://{{vardata.appstore_centernodeip.name}}:30067 --set images.appstoreFe.tag={{vardata.eg_image_tag.name}} --set images.appstoreBe.tag={{vardata.eg_image_tag.name}} --set global.ssl.enabled=true --set global.ssl.secretName=edgegallery-ssl-secret
+ command: helm install --wait appstore-edgegallery edgegallery/appstore --set global.oauth2.authServerAddress=https://{{ ansible_host }}:30067 --set images.appstoreFe.tag={{vardata.eg_image_tag.name}} --set images.appstoreBe.tag={{vardata.eg_image_tag.name}} --set global.ssl.enabled=true --set global.ssl.secretName=edgegallery-ssl-secret
- name: generate cert
# yamllint disable rule:line-length
- command: docker run -e CERT_VALIDITY_IN_DAYS={{ vardata.cert_validity_in_days.name}} -v /tmp/ssl-eg-keys-certs:/certs swr.ap-southeast-1.myhuaweicloud.com/edgegallery/deploy-tool:latest
+ command: docker run -e CERT_VALIDITY_IN_DAYS=365 -v /tmp/ssl-eg-keys-certs:/certs swr.ap-southeast-1.myhuaweicloud.com/edgegallery/deploy-tool:latest
# yamllint disable rule:line-length
- name: Developer chart installing
# yamllint disable rule:line-length
- command: helm install --wait developer-edgegallery edgegallery/developer --set global.oauth2.authServerAddress=https://{{vardata.developer_centernodeip.name}}:{{ vardata.developer_centernode_port.name}} --set images.developerFe.tag={{vardata.eg_image_tag.name}} --set images.developerBe.tag={{vardata.eg_image_tag.name}} --set global.ssl.enabled=true --set global.ssl.secretName=edgegallery-ssl-secret
+ command: helm install --wait developer-edgegallery edgegallery/developer --set global.oauth2.authServerAddress=https://{{ ansible_host }}:{{ vardata.usermgmt_port.name}} --set images.developerFe.tag={{vardata.eg_image_tag.name}} --set images.developerBe.tag={{vardata.eg_image_tag.name}} --set global.ssl.enabled=true --set global.ssl.secretName=edgegallery-ssl-secret
- name: Install mecm-fe
# yamllint disable rule:line-length
- command: helm install --wait mecm-fe-edgegallery edgegallery/mecm-fe --set global.oauth2.authServerAddress=https://{{vardata.mecm_fe_centernodeip.name}}:{{vardata.mecm_fe_centernodeport.name}} --set images.mecmFe.tag={{vardata.eg_image_tag.name}} --set global.ssl.enabled=true --set global.ssl.secretName=edgegallery-ssl-secret
+ command: helm install --wait mecm-fe-edgegallery edgegallery/mecm-fe --set global.oauth2.authServerAddress=https://{{ ansible_host }}:{{vardata.usermgmt_port.name}} --set images.mecmFe.tag={{vardata.eg_image_tag.name}} --set global.ssl.enabled=true --set global.ssl.secretName=edgegallery-ssl-secret
- name: Generates certificate mecm-ssl-secret
# yamllint disable rule:line-length
- command: kubectl create secret generic mecm-ssl-secret --from-file=keystore.p12=/tmp/ssl-eg-keys-certs/keystore.p12 --from-file=keystore.jks=/tmp/ssl-eg-keys-certs/keystore.jks --from-literal=keystorePassword={{ vardata.secret_pwd.name}} --from-literal=keystoreType=PKCS12 --from-literal=keyAlias=edgegallery --from-literal=truststorePassword={{ vardata.secret_pwd.name}}
+ command: kubectl create secret generic mecm-ssl-secret --from-file=keystore.p12=/tmp/ssl-eg-keys-certs/keystore.p12 --from-file=keystore.jks=/tmp/ssl-eg-keys-certs/keystore.jks --from-literal=keystorePassword={{ vardata.common_pwd.name}} --from-literal=keystoreType=PKCS12 --from-literal=keyAlias=edgegallery --from-literal=truststorePassword={{ vardata.common_pwd.name}}
# yamllint disable rule:line-length
- name: Generates certificate edgegallery-mecm-secret
# yamllint disable rule:line-length
- command: kubectl create secret generic edgegallery-mecm-secret --from-file=postgres_init.sql=/tmp/eg_mecm-meo/deploy/conf/keys/postgres_init.sql --from-literal=postgresPassword={{ vardata.secret_pwd.name}} --from-literal=postgresApmPassword={{ vardata.secret_pwd.name}} --from-literal=postgresAppoPassword={{ vardata.secret_pwd.name}} --from-literal=postgresInventoryPassword={{ vardata.secret_pwd.name}} --from-literal=edgeRepoUserName={{ vardata.mecm_meo_edgeRepoUserName.name}} --from-literal=edgeRepoPassword={{ vardata.mecm_meo_edgeRepoPassword.name}}
+ command: kubectl create secret generic edgegallery-mecm-secret --from-file=postgres_init.sql=/tmp/eg_mecm-meo/deploy/conf/keys/postgres_init.sql --from-literal=postgresPassword={{ vardata.common_pwd.name}} --from-literal=postgresApmPassword={{ vardata.common_pwd.name}} --from-literal=postgresAppoPassword={{ vardata.common_pwd.name}} --from-literal=postgresInventoryPassword={{ vardata.common_pwd.name}} --from-literal=edgeRepoUserName={{ vardata.mecm_meo_edgeRepoUserName.name}} --from-literal=edgeRepoPassword={{ vardata.mecm_meo_edgeRepoPassword.name}}
# yamllint disable rule:line-length
args:
chdir: /tmp/eg_mecm-meo/deploy/
- name: Helm install
# yamllint disable rule:line-length
- command: helm install --wait mecm-meo-edgegallery edgegallery/mecm-meo --set ssl.secretName=mecm-ssl-secret --set mecm.secretName=edgegallery-mecm-secret --set images.inventory.tag={{ vardata.eg_image_tag.name}} --set images.appo.tag={{ vardata.eg_image_tag.name}} --set images.apm.tag={{ vardata.eg_image_tag.name}} --set images.postgres.tag={{ vardata.postgres_image_tag.name}} --set mecm.docker.fsgroup=result.stdout
+ command: helm install --wait mecm-meo-edgegallery edgegallery/mecm-meo --set ssl.secretName=mecm-ssl-secret --set mecm.secretName=edgegallery-mecm-secret --set images.inventory.tag={{ vardata.eg_image_tag.name}} --set images.appo.tag={{ vardata.eg_image_tag.name}} --set images.apm.tag={{ vardata.eg_image_tag.name}} --set images.postgres.tag=12.3 --set mecm.docker.fsgroup=result.stdout
# yamllint disable rule:line-length
- name: Install mecm-mepm
# yamllint disable rule:line-length
- command: helm install mecm-mepm-edgegallery edgegallery/mecm-mepm --set jwt.publicKeySecretName=mecm-mepm-jwt-public-secret --set mepm.secretName=edgegallery-mepm-secret --set ssl.secretName=mecm-mepm-ssl-secret --set images.lcmcontroller.tag={{ vardata.eg_image_tag.name}} --set images.k8splugin.tag={{ vardata.eg_image_tag.name}} --set images.postgres.tag={{ vardata.postgres_image_tag.name}}
+ command: helm install mecm-mepm-edgegallery edgegallery/mecm-mepm --set jwt.publicKeySecretName=mecm-mepm-jwt-public-secret --set mepm.secretName=edgegallery-mepm-secret --set ssl.secretName=mecm-mepm-ssl-secret --set images.lcmcontroller.tag={{ vardata.eg_image_tag.name}} --set images.k8splugin.tag={{ vardata.eg_image_tag.name}} --set images.postgres.tag=12.3
# yamllint disable rule:line-length
- name: Openssl rsa mep tls
# yamllint disable rule:line-length
- command: openssl rsa -in mepserver_tls.key -aes256 -passout pass:{{ vardata.secret_pwd.name}} -out mepserver_encryptedtls.key
+ command: openssl rsa -in mepserver_tls.key -aes256 -passout pass:{{ vardata.common_pwd.name}} -out mepserver_encryptedtls.key
# yamllint disable rule:line-length
args:
chdir: /tmp/.mep_tmp_cer/
- name: Openssl rsa in jwt
# yamllint disable rule:line-length
- command: openssl rsa -in jwt_privatekey -aes256 -passout pass:{{ vardata.secret_pwd.name}} -out jwt_encrypted_privatekey
+ command: openssl rsa -in jwt_privatekey -aes256 -passout pass:{{ vardata.common_pwd.name}} -out jwt_encrypted_privatekey
# yamllint disable rule:line-length
args:
chdir: /tmp/.mep_tmp_cer/
- name: Create generic pg secret
# yamllint disable rule:line-length
- command: kubectl -n mep create secret generic pg-secret --from-literal=pg_admin_pwd={{ vardata.secret_pwd.name}} --from-literal=kong_pg_pwd={{ vardata.secret_pwd.name}}
+ command: kubectl -n mep create secret generic pg-secret --from-literal=pg_admin_pwd={{ vardata.common_pwd.name}} --from-literal=kong_pg_pwd={{ vardata.common_pwd.name}}
--from-file=server.key=/tmp/.mep_tmp_cer/mepserver_tls.key --from-file=server.crt=/tmp/.mep_tmp_cer/mepserver_tls.crt
# yamllint disable rule:line-length
args:
- name: Create mep generic for mep ssl
# yamllint disable rule:line-length
- command: kubectl -n mep create secret generic mep-ssl --from-literal=cert_pwd={{ vardata.secret_pwd.name}} --from-file=server.cer=/tmp/.mep_tmp_cer/mepserver_tls.crt
+ command: kubectl -n mep create secret generic mep-ssl --from-literal=cert_pwd={{ vardata.common_pwd.name}} --from-file=server.cer=/tmp/.mep_tmp_cer/mepserver_tls.crt
--from-file=server_key.pem=/tmp/.mep_tmp_cer/mepserver_encryptedtls.key --from-file=trust.cer=/tmp/.mep_tmp_cer/ca.crt
# yamllint disable rule:line-length
args:
no_log: True
- name: Link eg mep macvlan
- command: ip addr add {{ vardata.eg-mp1-address.name}} dev eg-mp1
+ command: ip addr add {{ vardata.eg-management-address.name}} dev eg-mp1
args:
chdir: /tmp/eg_mep/deploy/
ignore_errors: yes
no_log: True
- name: Link eg eg mm5 ip addr
- command: ip addr add {{ vardata.eg-mm5-address.name}} dev eg-mm5
+ command: ip addr add {{ vardata.eg-dataplane-address.name}} dev eg-mm5
args:
chdir: /tmp/eg_mep/deploy/
ignore_errors: yes
- name: Generate secret
# yamllint disable rule:line-length
- command: kubectl create secret generic edgegallery-ssl-secret --from-file=keystore.p12=/tmp/ssl-eg-keys-certs/keystore.p12 --from-literal=keystorePassword={{ vardata.secret_pwd.name}} --from-literal=keystoreType=PKCS12 --from-literal=keyAlias=edgegallery --from-file=trust.cer=/tmp/ssl-eg-keys-certs/ca.crt --from-file=server.cer=/tmp/ssl-eg-keys-certs/tls.crt --from-file=server_key.pem=/tmp/ssl-eg-keys-certs/encryptedtls.key --from-literal=cert_pwd={{ vardata.secret_pwd.name}}
+ command: kubectl create secret generic edgegallery-ssl-secret --from-file=keystore.p12=/tmp/ssl-eg-keys-certs/keystore.p12 --from-literal=keystorePassword={{ vardata.common_pwd.name}} --from-literal=keystoreType=PKCS12 --from-literal=keyAlias=edgegallery --from-file=trust.cer=/tmp/ssl-eg-keys-certs/ca.crt --from-file=server.cer=/tmp/ssl-eg-keys-certs/tls.crt --from-file=server_key.pem=/tmp/ssl-eg-keys-certs/encryptedtls.key --from-literal=cert_pwd={{ vardata.common_pwd.name}}
# yamllint disable rule:line-length
- name: Generating certificates for usermanagment
# yamllint disable rule:line-length
- command: kubectl create secret generic user-mgmt-jwt-secret --from-file=publicKey=/tmp/ssl-eg-keys-certs/rsa_public_key.pem --from-file=encryptedPrivateKey=/tmp/ssl-eg-keys-certs/encrypted_rsa_private_key.pem --from-literal=encryptPassword={{ vardata.secret_pwd.name}}
+ command: kubectl create secret generic user-mgmt-jwt-secret --from-file=publicKey=/tmp/ssl-eg-keys-certs/rsa_public_key.pem --from-file=encryptedPrivateKey=/tmp/ssl-eg-keys-certs/encrypted_rsa_private_key.pem --from-literal=encryptPassword={{ vardata.common_pwd.name}}
# yamllint disable rule:line-length
- name: Install user-mgmt
# yamllint disable rule:line-length
- command: helm install --wait user-mgmt-edgegallery edgegallery/usermgmt --set global.oauth2.clients.appstore.clientUrl=https://{{ vardata.user_mgmt_oauth_appstore_client_ip.name}}:{{vardata.user_mgmt_oauth_appstore_client_port.name}},global.oauth2.clients.developer.clientUrl=https://{{ vardata.user_mgmt_oauth_developer_client_ip.name}}:{{vardata.user_mgmt_oauth_developer_client_port.name}},global.oauth2.clients.mecm.clientUrl=https://{{ vardata.user_mgmt_oauth_mecm_client_ip.name}}:{{vardata.user_mgmt_oauth_mecm_client_port.name}}, --set jwt.secretName=user-mgmt-jwt-secret --set images.usermgmt.tag={{ vardata.eg_image_tag.name}} --set global.ssl.enabled=true --set global.ssl.secretName=edgegallery-ssl-secret
+ command: helm install --wait user-mgmt-edgegallery edgegallery/usermgmt --set global.oauth2.clients.appstore.clientUrl=https://{{ vardata.user_mgmt_oauth_appstore_client_ip.name}}:{{vardata.appstore_port.name}},global.oauth2.clients.developer.clientUrl=https://{{ vardata.user_mgmt_oauth_developer_client_ip.name}}:{{vardata.developer_port.name}},global.oauth2.clients.mecm.clientUrl=https://{{ vardata.user_mgmt_oauth_mecm_client_ip.name}}:{{vardata.mecm_port.name}}, --set jwt.secretName=user-mgmt-jwt-secret --set images.usermgmt.tag={{ vardata.eg_image_tag.name}} --set global.ssl.enabled=true --set global.ssl.secretName=edgegallery-ssl-secret
# yamllint disable rule:line-length
Code Review / ealt-edge.git / commitdiff