diff --git a/service-provider-setup/deploy-backend.yml b/service-provider-setup/deploy-backend.yml index 7fbd8a1..566e6fa 100644 --- a/service-provider-setup/deploy-backend.yml +++ b/service-provider-setup/deploy-backend.yml @@ -1,4 +1,4 @@ -- name: Deploy Webapp-Deployer Backend +- name: Deploy webapp-deployer backend hosts: "{{ target_host }}" environment: @@ -19,7 +19,7 @@ mode: '0700' - name: Create a GPG key - shell: gpg --batch --passphrase "SECRET" --quick-generate-key webapp-deployer-api.{{ full_domain }} default default never + shell: gpg --batch --passphrase "{{ deployer_gpg_passphrase }}" --quick-generate-key webapp-deployer-api.{{ full_domain }} default default never - name: Export the public key shell: gpg --export webapp-deployer-api.{{ full_domain }} > ~/gpg-keys/webapp-deployer-api.{{ full_domain }}.pgp.pub @@ -27,7 +27,7 @@ creates: ~/gpg-keys/webapp-deployer-api.{{ full_domain }}.pgp.pub - name: Export the GPG private key with passphrase - shell: gpg --pinentry-mode=loopback --passphrase "SECRET" --export-secret-keys webapp-deployer-api.{{ full_domain }} > ~/gpg-keys/webapp-deployer-api.{{ full_domain }}.pgp.key + shell: gpg --pinentry-mode=loopback --passphrase "{{ deployer_gpg_passphrase }}" --export-secret-keys webapp-deployer-api.{{ full_domain }} > ~/gpg-keys/webapp-deployer-api.{{ full_domain }}.pgp.key - name: Setup repositories for webapp-deployer-backend command: laconic-so --stack webapp-deployer-backend setup-repositories diff --git a/service-provider-setup/deploy-frontend.yml b/service-provider-setup/deploy-frontend.yml index 59a8318..c481ee8 100644 --- a/service-provider-setup/deploy-frontend.yml +++ b/service-provider-setup/deploy-frontend.yml @@ -1,4 +1,4 @@ -- name: Deploy Webapp-Deployer UI +- name: Deploy webapp-deployer ui hosts: "{{ target_host }}" environment: diff --git a/service-provider-setup/service-provider-setup.yml b/service-provider-setup/service-provider-setup.yml index 5af93ab..27abf2a 100644 --- a/service-provider-setup/service-provider-setup.yml +++ b/service-provider-setup/service-provider-setup.yml @@ -1,4 +1,3 @@ -- import_playbook: setup-user.yml - import_playbook: setup-dns.yml - import_playbook: setup-system.yml - import_playbook: setup-k8s.yml diff --git a/service-provider-setup/setup-container-registry.yml b/service-provider-setup/setup-container-registry.yml index 7b227e3..8ae1694 100644 --- a/service-provider-setup/setup-container-registry.yml +++ b/service-provider-setup/setup-container-registry.yml @@ -51,19 +51,76 @@ REGISTRY_AUTH_HTPASSWD_PATH="/config/htpasswd" REGISTRY_HTTP_SECRET='{{ hashed_password }}' + - name: Set KUBECONFIG environment variable + set_fact: + kubeconfig_path: "{{ ansible_env.HOME }}/.kube/config-default.yaml" + - name: Add the container registry credentials as a secret available to the cluster command: > kubectl create secret generic laconic-registry --from-file=.dockerconfigjson=container-registry/my_password.json --type=kubernetes.io/dockerconfigjson environment: - KUBECONFIG: "{{ ansible_env.HOME }}/.kube/config-default.yaml" + KUBECONFIG: "{{ kubeconfig_path }}" # TODO: Investigate why container registry throws error if started immediately - name: Wait for 90 seconds pause: seconds: 90 + - block: + - name: Get Kubernetes nodes with wide output + command: kubectl get nodes -o wide + environment: + KUBECONFIG: "{{ kubeconfig_path }}" + register: nodes_output + + - name: Print output of 'kubectl get nodes -o wide' + debug: + var: nodes_output.stdout + + - name: Get all secrets from all namespaces + command: kubectl get secrets --all-namespaces + environment: + KUBECONFIG: "{{ kubeconfig_path }}" + register: secrets_output + + - name: Print output of 'kubectl get secrets --all-namespaces' + debug: + var: secrets_output.stdout + + - name: Get cluster issuers + command: kubectl get clusterissuer + environment: + KUBECONFIG: "{{ kubeconfig_path }}" + register: clusterissuer_output + + - name: Print output of 'kubectl get clusterissuer' + debug: + var: clusterissuer_output.stdout + + - name: Get certificates + command: kubectl get certificates + environment: + KUBECONFIG: "{{ kubeconfig_path }}" + register: certificates_output + + - name: Print output of 'kubectl get certificates' + debug: + var: certificates_output.stdout + + - name: Get DaemonSets in all namespaces + command: kubectl get ds --all-namespaces + environment: + KUBECONFIG: "{{ kubeconfig_path }}" + register: daemonsets_output + + - name: Print output of 'kubectl get ds --all-namespaces' + debug: + var: daemonsets_output.stdout + + ignore_errors: yes + - name: Deploy the container registry command: > laconic-so deployment --dir container-registry start diff --git a/service-provider-setup/setup-k8s.yml b/service-provider-setup/setup-k8s.yml index e8d2d3e..e28e8c6 100644 --- a/service-provider-setup/setup-k8s.yml +++ b/service-provider-setup/setup-k8s.yml @@ -18,11 +18,17 @@ apt: name: "{{ item }}" state: present - become: true + become: yes loop: - python3 - python3-pip + - name: Add user to docker group + user: + name: "{{ ansible_user }}" + groups: docker + append: true + - name: Install Ansible on remote host pip: name: ansible diff --git a/service-provider-setup/setup-user.yml b/service-provider-setup/setup-user.yml index da1b216..35fca4c 100644 --- a/service-provider-setup/setup-user.yml +++ b/service-provider-setup/setup-user.yml @@ -27,13 +27,15 @@ group: "{{ username }}" mode: '0700' - - name: Copy SSH public key to authorized_keys - copy: - src: "{{ path_to_ssh_key }}" - dest: /home/{{ username }}/.ssh/authorized_keys + - name: Append SSH public key to authorized_keys + lineinfile: + path: /home/{{ username }}/.ssh/authorized_keys + line: "{{ lookup('file', path_to_ssh_key) }}" + create: yes owner: "{{ username }}" group: "{{ username }}" mode: '0600' + state: present - name: Add user to sudoers for passwordless sudo lineinfile: diff --git a/service-provider-setup/templates/laconic.yml.j2 b/service-provider-setup/templates/laconic.yml.j2 index cb07978..dd09501 100644 --- a/service-provider-setup/templates/laconic.yml.j2 +++ b/service-provider-setup/templates/laconic.yml.j2 @@ -6,4 +6,4 @@ services: bondId: "{{ BOND_ID }}" chainId: lorotestnet-1 gas: 200000 - fees: 500000alnt + fees: 200000alnt diff --git a/service-provider-setup/vars/k8s-vars.example.yml b/service-provider-setup/vars/k8s-vars.example.yml index 1b9e51d..544cfdb 100644 --- a/service-provider-setup/vars/k8s-vars.example.yml +++ b/service-provider-setup/vars/k8s-vars.example.yml @@ -1,6 +1,6 @@ target_host: "deployment_host" -gpg_key_id: "" -vault_passphrase: "" +gpg_key_id: "{{ sec_key_id }}" +vault_passphrase: "{{ gpg_passphrase }}" org_id: "" location_id: "" base_domain: "" diff --git a/service-provider-setup/vars/webapp-vars.example.yml b/service-provider-setup/vars/webapp-vars.example.yml index 1a2d46c..04aa3fb 100644 --- a/service-provider-setup/vars/webapp-vars.example.yml +++ b/service-provider-setup/vars/webapp-vars.example.yml @@ -1,5 +1,6 @@ -authority_name: "" ALICE_PK: "{{ ALICE_PK }}" BOND_ID: "{{ BOND_ID }}" +authority_name: "" cpu_reservation: "" memory_reservation: "" +deployer_gpg_passphrase: ""