From 206ffcc970a13024b6ee6ccd00e5ece16bdb5f05 Mon Sep 17 00:00:00 2001 From: Adw8 Date: Mon, 23 Sep 2024 13:49:40 +0530 Subject: [PATCH] Add playbook to setup webapp deployer backend --- service-provider-setup/deploy-backend.yml | 124 ++++++++++++++++++ .../setup-container-registry.yml | 31 +++++ .../configs/webapp-deployer-config.env.j2 | 28 ++++ .../templates/laconic.yml.j2 | 9 ++ .../templates/specs/webapp-deployer.spec.j2 | 35 +++++ 5 files changed, 227 insertions(+) create mode 100644 service-provider-setup/deploy-backend.yml create mode 100644 service-provider-setup/templates/configs/webapp-deployer-config.env.j2 create mode 100644 service-provider-setup/templates/laconic.yml.j2 create mode 100644 service-provider-setup/templates/specs/webapp-deployer.spec.j2 diff --git a/service-provider-setup/deploy-backend.yml b/service-provider-setup/deploy-backend.yml new file mode 100644 index 0000000..24cd536 --- /dev/null +++ b/service-provider-setup/deploy-backend.yml @@ -0,0 +1,124 @@ +- name: Deploy Webapp-Deployer Backend + hosts: "{{ target_host }}" + + environment: + PATH: "{{ ansible_env.PATH }}:/home/{{ansible_user}}/bin" + KUBECONFIG: "{{ ansible_env.HOME }}/.kube/config-default.yaml" + + vars_files: + - webapp-vars.yml + - container-vars.yml + - k8s-vars.yml + - dns-vars.yml + + tasks: + - name: Ensure gpg-keys directory exists + file: + path: ~/gpg-keys + state: directory + mode: '0700' + + - name: Create a GPG key + shell: gpg --batch --passphrase "SECRET" --quick-generate-key webapp-deployer-api.{{ dns_domain }}.com default default never + + - name: Export the public key + shell: gpg --export webapp-deployer-api.{{ dns_domain }}.com > ~/gpg-keys/webapp-deployer-api.{{ dns_domain }}.com.pgp.pub + args: + creates: ~/gpg-keys/webapp-deployer-api.{{ dns_domain }}.com.pgp.pub + + - name: Export the private key with passphrase + expect: + command: gpg --export-secret-keys webapp-deployer-api.{{ dns_domain }}.com > ~/gpg-keys/webapp-deployer-api.{{ dns_domain }}.com.pgp.key + responses: + 'Please enter the passphrase to export the OpenPGP secret key': 'SECRET\n' + register: gpg_output + no_log: true + + - name: Setup repositories for webapp-deployer-backend + command: laconic-so --stack webapp-deployer-backend setup-repositories + + - name: Build containers for webapp-deployer-backend + command: laconic-so --stack webapp-deployer-backend build-containers + + - name: Create laconic config file + template: + src: "./templates/laconic.yml.j2" + dest: "config/laconic.yml" + + - name: Copy the gpg private key file to config dir + copy: + src: "gpg-keys/webapp-deployer-api.{{ dns_domain }}.com.pgp.key" + dest: "config" + remote_src: true + + - name: Copy the gpg public key file to config dir + copy: + src: "gpg-keys/webapp-deployer-api.{{ dns_domain }}.com.pgp.pub" + dest: "config" + remote_src: true + + - name: Publish the webapp-deployer record using laconic-so + shell: | + docker run -i -t \ + -v /home/{{ ansible_user }}/config:/home/root/config \ + cerc/webapp-deployer-backend:local laconic-so publish-deployer-to-registry \ + --laconic-config /home/root/config/laconic.yml \ + --api-url https://webapp-deployer-api.{{ dns_domain }}.com \ + --public-key-file /home/root/config/webapp-deployer-api.{{ dns_domain }}.com.pgp.pub \ + --lrn lrn://{{ authority_name }}/deployers/webapp-deployer-api.{{ dns_domain }}.com \ + --min-required-payment 100 + register: publish_output + + - name: Display publish output + debug: + var: publish_output.stdout + + - name: Generate spec file for webapp-deployer-backend + template: + src: "./templates/specs/webapp-deployer.spec.j2" + dest: "webapp-deployer.spec" + + - name: Create the deployment directory from the spec file + command: > + laconic-so --stack webapp-deployer-backend deploy create + --deployment-dir webapp-deployer --spec-file webapp-deployer.spec + + - name: Update config for webapp-deployer-backend + template: + src: "./templates/configs/webapp-deployer-config.env.j2" + dest: "webapp-deployer/config.env" + + - name: Copy the kube config file to webapp-deployer directory + copy: + src: "{{ansible_env.HOME}}/.kube/config-default.yaml" + dest: "webapp-deployer/data/config/kube.yml" + remote_src: true + + - name: Create laconic config file + template: + src: "./templates/laconic.yml.j2" + dest: "webapp-deployer/data/config/laconic.yml" + + - name: Push images to container registry + command: laconic-so deployment --dir webapp-deployer push-images + + - name: Start the webapp deployer + command: laconic-so deployment --dir webapp-deployer start + + - name: Get the most recent pod for the deployment + shell: kubectl get pods --sort-by=.metadata.creationTimestamp -o jsonpath='{.items[-1].metadata.name}' + register: webapp_deployer_pod + + - name: Set pod ID to a variable + set_fact: + pod_id: "{{ webapp_deployer_pod.stdout }}" + + - name: Wait for the recent pod to be ready + command: kubectl wait --for=condition=Ready pod/{{ pod_id }} --timeout=300s + register: wait_result + + - name: Copy gpg private key file to webapp deployer pod + shell: kubectl cp gpg-keys/webapp-deployer-api.{{ dns_domain }}.com.pgp.key {{ pod_id }}:/app + + - name: Copy gpg public key file to webapp deployer pod + shell: kubectl cp gpg-keys/webapp-deployer-api.{{ dns_domain }}.com.pgp.pub {{ pod_id }}:/app diff --git a/service-provider-setup/setup-container-registry.yml b/service-provider-setup/setup-container-registry.yml index ba94611..6f78e7a 100644 --- a/service-provider-setup/setup-container-registry.yml +++ b/service-provider-setup/setup-container-registry.yml @@ -61,3 +61,34 @@ - name: Deploy the container registry command: > laconic-so deployment --dir container-registry start + + - name: Get cluster_id from container-registry-deployment + slurp: + src: container-registry/deployment.yml + register: deployment_file + + - name: Decode and extract cluster-id + set_fact: + cluster_id: "{{ deployment_file.content | b64decode | regex_search('cluster-id: (.+)', '\\1') }}" + + - name: Display the cluster ID + debug: + msg: "The cluster ID is: {{ cluster_id }}" + + - name: Annotate ingress for proxy body size + command: > + kubectl annotate ingress {{ cluster_id }}-ingress nginx.ingress.kubernetes.io/proxy-body-size=0 + environment: + KUBECONFIG: "{{ ansible_env.HOME }}/.kube/config-default.yaml" + + - name: Annotate ingress for proxy read timeout + command: > + kubectl annotate ingress {{ cluster_id }}-ingress nginx.ingress.kubernetes.io/proxy-read-timeout=600 + environment: + KUBECONFIG: "{{ ansible_env.HOME }}/.kube/config-default.yaml" + + - name: Annotate ingress for proxy send timeout + command: > + kubectl annotate ingress {{ cluster_id }}-ingress nginx.ingress.kubernetes.io/proxy-send-timeout=600 + environment: + KUBECONFIG: "{{ ansible_env.HOME }}/.kube/config-default.yaml" diff --git a/service-provider-setup/templates/configs/webapp-deployer-config.env.j2 b/service-provider-setup/templates/configs/webapp-deployer-config.env.j2 new file mode 100644 index 0000000..8b2c130 --- /dev/null +++ b/service-provider-setup/templates/configs/webapp-deployer-config.env.j2 @@ -0,0 +1,28 @@ +DEPLOYMENT_DNS_SUFFIX="pwa.{{ dns_domain }}.com" + +# Name of reserved authority +DEPLOYMENT_RECORD_NAMESPACE="{{ authority_name }}" + +# url of the deployed docker image registry +IMAGE_REGISTRY="container-registry.pwa.{{ dns_domain }}.com" + +# htpasswd credentials +IMAGE_REGISTRY_USER="{{ container_registry_username }}" +IMAGE_REGISTRY_CREDS="{{ container_registry_password }}" + +# configs +CLEAN_DEPLOYMENTS=false +CLEAN_LOGS=false +CLEAN_CONTAINERS=false +SYSTEM_PRUNE=false +WEBAPP_IMAGE_PRUNE=true +CHECK_INTERVAL=5 +FQDN_POLICY="allow" + +# lrn of the webapp deployer +LRN="lrn://{{ authority_name }}/deployers/webapp-deployer-api.{{ dns_domain }}.com" +export OPENPGP_PRIVATE_KEY_FILE="webapp-deployer-api.{{ dns_domain }}.com.pgp.key" +export OPENPGP_PASSPHRASE="SECRET" +export DEPLOYER_STATE="srv-test/deployments/autodeploy.state" +export UNDEPLOYER_STATE="srv-test/deployments/autoundeploy.state" +export UPLOAD_DIRECTORY="srv-test/uploads" diff --git a/service-provider-setup/templates/laconic.yml.j2 b/service-provider-setup/templates/laconic.yml.j2 new file mode 100644 index 0000000..0f4b79b --- /dev/null +++ b/service-provider-setup/templates/laconic.yml.j2 @@ -0,0 +1,9 @@ +services: + registry: + rpcEndpoint: 'http://{{ cluster_control_ip }}:26657' + gqlEndpoint: 'http://{{ cluster_control_ip }}:9473/api' + userKey: "{{ ALICE_PK }}" + bondId: "{{ BOND_ID }}" + chainId: lorotestnet-1 + gas: 200000 + fees: 500000alnt diff --git a/service-provider-setup/templates/specs/webapp-deployer.spec.j2 b/service-provider-setup/templates/specs/webapp-deployer.spec.j2 new file mode 100644 index 0000000..6a76349 --- /dev/null +++ b/service-provider-setup/templates/specs/webapp-deployer.spec.j2 @@ -0,0 +1,35 @@ +stack: webapp-deployer-backend +deploy-to: k8s +kube-config: {{ansible_env.HOME}}/.kube/config-default.yaml +image-registry: container-registry.pwa.{{dns_domain}}.com/laconic-registry +network: + ports: + server: + - '9555' + http-proxy: + - host-name: webapp-deployer-api.pwa.{{ dns_domain }}.com + routes: + - path: '/' + proxy-to: server:9555 +volumes: + srv: +configmaps: + config: ./data/config +annotations: + container.apparmor.security.beta.kubernetes.io/{name}: unconfined +labels: + container.kubeaudit.io/{name}.allow-disabled-apparmor: "podman" +security: + privileged: true + +resources: + containers: + reservations: + cpus: 4 + memory: 8G + limits: + cpus: 6 + memory: 16G + volumes: + reservations: + storage: 200G