From e7791161ed06ffed6e71420e0bd339c97050cffd Mon Sep 17 00:00:00 2001 From: Adw8 Date: Wed, 18 Sep 2024 13:18:48 +0530 Subject: [PATCH 01/31] Add playbook to setup dns entries --- service-provider-setup/README.md | 1 + service-provider-setup/dns-vars.example.yml | 5 ++ service-provider-setup/dns-vars.yml | 5 ++ service-provider-setup/setup-dns.yml | 72 +++++++++++++++++++++ 4 files changed, 83 insertions(+) create mode 100644 service-provider-setup/README.md create mode 100644 service-provider-setup/dns-vars.example.yml create mode 100644 service-provider-setup/dns-vars.yml create mode 100644 service-provider-setup/setup-dns.yml diff --git a/service-provider-setup/README.md b/service-provider-setup/README.md new file mode 100644 index 0000000..509529c --- /dev/null +++ b/service-provider-setup/README.md @@ -0,0 +1 @@ +# service-provider-setup diff --git a/service-provider-setup/dns-vars.example.yml b/service-provider-setup/dns-vars.example.yml new file mode 100644 index 0000000..602656a --- /dev/null +++ b/service-provider-setup/dns-vars.example.yml @@ -0,0 +1,5 @@ +domain: "" +subdomain: "" +subdomain_cluster_control: "{{ subdomain }}-cluster-control" +cluster_control_ip: "" +do_api_token: "" diff --git a/service-provider-setup/dns-vars.yml b/service-provider-setup/dns-vars.yml new file mode 100644 index 0000000..85c403e --- /dev/null +++ b/service-provider-setup/dns-vars.yml @@ -0,0 +1,5 @@ +domain: "test.wireitin.com" +subdomain: "dss-ind" +subdomain_cluster_control: "{{ subdomain }}-cluster-control" +cluster_control_ip: "64.227.134.44" +do_api_token: "" diff --git a/service-provider-setup/setup-dns.yml b/service-provider-setup/setup-dns.yml new file mode 100644 index 0000000..a8c5248 --- /dev/null +++ b/service-provider-setup/setup-dns.yml @@ -0,0 +1,72 @@ +- name: Configure DNS records + hosts: localhost + gather_facts: no + vars_files: + - dns-vars.yml + + tasks: + - name: Create a domain + community.digitalocean.digital_ocean_domain: + state: present + oauth_token: "{{ do_api_token }}" + name: "{{ domain }}" + ip: "{{ cluster_control_ip }}" + + - name: Create record for cluster control machine + community.digitalocean.digital_ocean_domain_record: + state: present + oauth_token: "{{ do_api_token }}" + domain: "{{ domain }}" + type: A + name: "{{ subdomain }}-cluster-control" + data: "{{ cluster_control_ip }}" + + - name: Create CNAME record for www + community.digitalocean.digital_ocean_domain_record: + state: present + oauth_token: "{{ do_api_token }}" + data: "{{ domain }}" + domain: "{{ domain }}" + type: CNAME + name: www + ttl: 43200 + + - name: Create CNAME record for subdomain + community.digitalocean.digital_ocean_domain_record: + state: present + oauth_token: "{{ do_api_token }}" + data: "{{ subdomain_cluster_control }}.{{ domain }}" + domain: "{{ domain }}" + type: CNAME + name: "{{ subdomain }}" + ttl: 43200 + + - name: Create wildcard CNAME record for subdomain + community.digitalocean.digital_ocean_domain_record: + state: present + oauth_token: "{{ do_api_token }}" + data: "{{ subdomain_cluster_control }}.{{ domain }}" + domain: "{{ domain }}" + type: CNAME + name: "*.{{ subdomain }}" + ttl: 43200 + + - name: Create CNAME record for pwa + community.digitalocean.digital_ocean_domain_record: + state: present + oauth_token: "{{ do_api_token }}" + data: "{{ subdomain_cluster_control }}.{{ domain }}" + domain: "{{ domain }}" + type: CNAME + name: "pwa" + ttl: 43200 + + - name: Create wildcard CNAME record for pwa + community.digitalocean.digital_ocean_domain_record: + state: present + oauth_token: "{{ do_api_token }}" + data: "{{ subdomain_cluster_control }}.{{ domain }}" + domain: "{{ domain }}" + type: CNAME + name: "*.pwa" + ttl: 43200 -- 2.45.2 From 1ca0c3798d801cc97b25267ca74a9720d8fe59c0 Mon Sep 17 00:00:00 2001 From: Adw8 Date: Wed, 18 Sep 2024 14:49:40 +0530 Subject: [PATCH 02/31] Add README for setting up DNS in DigitalOcean --- service-provider-setup/README.md | 42 +++++++++++++++++++++ service-provider-setup/dns-vars.example.yml | 4 +- service-provider-setup/dns-vars.yml | 4 +- 3 files changed, 46 insertions(+), 4 deletions(-) diff --git a/service-provider-setup/README.md b/service-provider-setup/README.md index 509529c..4cec153 100644 --- a/service-provider-setup/README.md +++ b/service-provider-setup/README.md @@ -1 +1,43 @@ # service-provider-setup + +## Configure DNS + +### Prerequisites + +- Buy a domain and configure nameservers to DigitalOcean + +- Generate a DigitalOcean access token + +### Create DNS entries in DigitalOcean + +- Copy the [`dns-vars.example.yml`](./dns-vars.example.yml) vars file + + ```bash + cp dns-vars.example.yml dns-vars.yml + ``` + +- Enter the `dns-vars.yml` file + + ```bash + # primary domain for which DNS records will be managed + # eg: laconic.com + domain: "" + + # specific prefix for subdomains + # eg: lcn-cad + subdomain_prefix: "" + + # The IP address to be used for the A record of the cluster control machine + # eg: 23.111.78.179 + cluster_control_ip: "" + + # DigitalOcean access token + # eg: dop_v1... + do_api_token: "" + ``` + +- Run the [`setup-dns.yml`](./setup-dns.yml) ansible playbook to create the necessary DNS entries in DigitalOcean + + ```bash + ansible-playbook setup-dns.yml + ``` diff --git a/service-provider-setup/dns-vars.example.yml b/service-provider-setup/dns-vars.example.yml index 602656a..a0b441b 100644 --- a/service-provider-setup/dns-vars.example.yml +++ b/service-provider-setup/dns-vars.example.yml @@ -1,5 +1,5 @@ domain: "" -subdomain: "" -subdomain_cluster_control: "{{ subdomain }}-cluster-control" +subdomain_prefix: "" +subdomain_cluster_control: "{{ subdomain_prefix }}-cluster-control" cluster_control_ip: "" do_api_token: "" diff --git a/service-provider-setup/dns-vars.yml b/service-provider-setup/dns-vars.yml index 85c403e..5e0b0c0 100644 --- a/service-provider-setup/dns-vars.yml +++ b/service-provider-setup/dns-vars.yml @@ -1,5 +1,5 @@ domain: "test.wireitin.com" -subdomain: "dss-ind" -subdomain_cluster_control: "{{ subdomain }}-cluster-control" +subdomain_prefix: "dss-ind" +subdomain_cluster_control: "{{ subdomain_prefix }}-cluster-control" cluster_control_ip: "64.227.134.44" do_api_token: "" -- 2.45.2 From ca2184b0cdcbe99dccfdc3e48de0c4130411f9bc Mon Sep 17 00:00:00 2001 From: Adw8 Date: Wed, 18 Sep 2024 15:38:38 +0530 Subject: [PATCH 03/31] Add playbook to setup so user --- README.md | 1 + service-provider-setup/README.md | 4 ++ service-provider-setup/setup-dns.yml | 2 +- service-provider-setup/setup-user.yml | 100 ++++++++++++++++++++++++++ 4 files changed, 106 insertions(+), 1 deletion(-) create mode 100644 service-provider-setup/setup-user.yml diff --git a/README.md b/README.md index 3c7b3d7..f00deb5 100644 --- a/README.md +++ b/README.md @@ -43,3 +43,4 @@ - [nitro-node-setup](./nitro-nodes-setup/README.md) - [nitro-bridge-setup](./nitro-bridge-setup/README.md) - [nitro-contracts-setup](./nitro-contracts-setup/README.md) +- [service-provider-setup](./service-provider-setup/README.md) diff --git a/service-provider-setup/README.md b/service-provider-setup/README.md index 4cec153..da7ec96 100644 --- a/service-provider-setup/README.md +++ b/service-provider-setup/README.md @@ -1,5 +1,9 @@ # service-provider-setup +## Setup Ansible + +To get started, follow the [installation](../README.md#installation) guide to setup ansible on your machine + ## Configure DNS ### Prerequisites diff --git a/service-provider-setup/setup-dns.yml b/service-provider-setup/setup-dns.yml index a8c5248..3317745 100644 --- a/service-provider-setup/setup-dns.yml +++ b/service-provider-setup/setup-dns.yml @@ -1,6 +1,6 @@ - name: Configure DNS records hosts: localhost - gather_facts: no + vars_files: - dns-vars.yml diff --git a/service-provider-setup/setup-user.yml b/service-provider-setup/setup-user.yml new file mode 100644 index 0000000..415966e --- /dev/null +++ b/service-provider-setup/setup-user.yml @@ -0,0 +1,100 @@ +- name: Configure system + hosts: deployment_host + become: yes + + tasks: + - name: Set unique hostname + hostname: + name: "{{ inventory_hostname }}" + when: ansible_hostname != inventory_hostname + + - name: Install additional packages + apt: + name: + - doas + - zsh + - tmux + - git + - jq + - acl + - curl + - wget + - netcat-traditional + - fping + - rsync + - htop + - iotop + - iftop + - tar + - less + - firewalld + - sshguard + - wireguard + - iproute2 + - iperf3 + - zfsutils-linux + - net-tools + - ca-certificates + - gnupg + - sshpass + state: latest + update_cache: true + + - name: Verify status of firewalld and enable sshguard + systemd: + name: "{{ item }}" + enabled: yes + state: started + loop: + - firewalld + - sshguard + + - name: Disable and remove snapd + block: + - name: Disable snapd services + systemd: + name: "{{ item }}" + enabled: no + state: stopped + loop: + - snapd.service + - snapd.socket + - snapd.seeded + - snapd.snap-repair.timer + + - name: Purge snapd + apt: + name: snapd + state: absent + + - name: Remove snap directories + file: + path: "{{ item }}" + state: absent + loop: + - "{{ ansible_env.HOME }}/snap" + - /snap + - /var/snap + - /var/lib/snapd + become: yes + + - name: Create a user named 'so' + user: + name: so + password: "{{ 'so-service-provider' | password_hash('sha512') }}" + shell: /bin/bash + state: present + + - name: Add 'so' user to sudoers group + user: + name: so + groups: sudo + append: yes + + - name: Ensure .ssh directory exists for 'so' user + file: + path: /home/so/.ssh + state: directory + owner: so + group: so + mode: '0700' -- 2.45.2 From 1586057a49fd3ccda32937d99d6b40071f2bccc3 Mon Sep 17 00:00:00 2001 From: Adw8 Date: Wed, 18 Sep 2024 17:40:57 +0530 Subject: [PATCH 04/31] Add tasks to install laconic-so, python, pip and ansible on remote host --- service-provider-setup/setup-k8s.yml | 31 +++++++++++++++++++++++++++ service-provider-setup/setup-user.yml | 4 ++-- stack-orchestrator-setup/README.md | 2 ++ 3 files changed, 35 insertions(+), 2 deletions(-) create mode 100644 service-provider-setup/setup-k8s.yml diff --git a/service-provider-setup/setup-k8s.yml b/service-provider-setup/setup-k8s.yml new file mode 100644 index 0000000..6139b36 --- /dev/null +++ b/service-provider-setup/setup-k8s.yml @@ -0,0 +1,31 @@ +- name: Install Stack Orchestrator if it isn't present + import_playbook: ../stack-orchestrator-setup/setup-laconic-so.yml + +- name: Setup k8s + hosts: "{{ target_host }}" + + vars: + target_host: "localhost" + + tasks: + - name: Install Python and pip + apt: + name: "{{ item }}" + state: present + become: true + loop: + - python3 + - python3-pip + + - name: Install Ansible on remote host + pip: + name: ansible + extra_args: --user + when: target_host != "localhost" + + - name: Ensure ~/.local/bin is in PATH in .bashrc + lineinfile: + path: ~/.bashrc + line: 'export PATH="$HOME/.local/bin:$PATH"' + state: present + create: yes diff --git a/service-provider-setup/setup-user.yml b/service-provider-setup/setup-user.yml index 415966e..f0f2e11 100644 --- a/service-provider-setup/setup-user.yml +++ b/service-provider-setup/setup-user.yml @@ -1,5 +1,5 @@ - name: Configure system - hosts: deployment_host + hosts: "{{ target_host }}" become: yes tasks: @@ -82,7 +82,7 @@ user: name: so password: "{{ 'so-service-provider' | password_hash('sha512') }}" - shell: /bin/bash + shell: /bin/zsh state: present - name: Add 'so' user to sudoers group diff --git a/stack-orchestrator-setup/README.md b/stack-orchestrator-setup/README.md index 7903e48..c101486 100644 --- a/stack-orchestrator-setup/README.md +++ b/stack-orchestrator-setup/README.md @@ -81,9 +81,11 @@ To run the playbook on a remote host: ```bash # For bash users echo 'export PATH="$HOME/bin:$PATH"' >> ~/.bashrc + source ~/.bashrc # For zsh users echo 'export PATH="$HOME/bin:$PATH"' >> ~/.zshrc + source ~/.zshrc ``` - Once the PATH is set, verify the installation by running the following commands: -- 2.45.2 From 7151afa3f9d8207c4a3e44e1d6ec29eba92a244e Mon Sep 17 00:00:00 2001 From: Adw8 Date: Wed, 18 Sep 2024 19:05:37 +0530 Subject: [PATCH 05/31] Add tasks to setup gpg agent --- service-provider-setup/.gitignore | 2 ++ service-provider-setup/dns-vars.yml | 5 ---- service-provider-setup/k8s-vars.example.yml | 3 ++ service-provider-setup/setup-k8s.yml | 31 +++++++++++++++++++-- 4 files changed, 34 insertions(+), 7 deletions(-) create mode 100644 service-provider-setup/.gitignore delete mode 100644 service-provider-setup/dns-vars.yml create mode 100644 service-provider-setup/k8s-vars.example.yml diff --git a/service-provider-setup/.gitignore b/service-provider-setup/.gitignore new file mode 100644 index 0000000..f727d47 --- /dev/null +++ b/service-provider-setup/.gitignore @@ -0,0 +1,2 @@ +dns-vars.yml +k8s-vars.yml diff --git a/service-provider-setup/dns-vars.yml b/service-provider-setup/dns-vars.yml deleted file mode 100644 index 5e0b0c0..0000000 --- a/service-provider-setup/dns-vars.yml +++ /dev/null @@ -1,5 +0,0 @@ -domain: "test.wireitin.com" -subdomain_prefix: "dss-ind" -subdomain_cluster_control: "{{ subdomain_prefix }}-cluster-control" -cluster_control_ip: "64.227.134.44" -do_api_token: "" diff --git a/service-provider-setup/k8s-vars.example.yml b/service-provider-setup/k8s-vars.example.yml new file mode 100644 index 0000000..3ceb227 --- /dev/null +++ b/service-provider-setup/k8s-vars.example.yml @@ -0,0 +1,3 @@ +target_host: "" +gpg_key_id: "" +vault_passphrase: "" diff --git a/service-provider-setup/setup-k8s.yml b/service-provider-setup/setup-k8s.yml index 6139b36..2936aab 100644 --- a/service-provider-setup/setup-k8s.yml +++ b/service-provider-setup/setup-k8s.yml @@ -4,8 +4,8 @@ - name: Setup k8s hosts: "{{ target_host }}" - vars: - target_host: "localhost" + vars_files: + - k8s-vars.yml tasks: - name: Install Python and pip @@ -29,3 +29,30 @@ line: 'export PATH="$HOME/.local/bin:$PATH"' state: present create: yes + + - name: Clone the service provider template repo + git: + repo: "https://git.vdb.to/cerc-io/service-provider-template.git" + dest: "{{ ansible_env.HOME }}/service-provider-template" + + - name: Update .vault/vault-keys file + lineinfile: + path: "service-provider-template/.vault/vault-keys" + regexp: '^.*$' + line: "{{ gpg_key_id }}" + create: yes + + - name: Start GPG agent + command: gpg-agent --daemon + ignore_errors: yes + + - name: Set VAULT_KEY environment variable + shell: export VAULT_KEY='{{ vault_passphrase }}' + + - name: Run vault-rekey.sh + expect: + command: bash .vault/vault-rekey.sh + responses: + "Enter passphrase:": "{{ vault_passphrase }}" + args: + chdir: "service-provider-template" -- 2.45.2 From 7d826a1322039e077047505b2cb417c633c2c2bb Mon Sep 17 00:00:00 2001 From: Adw8 Date: Thu, 19 Sep 2024 11:07:13 +0530 Subject: [PATCH 06/31] Add template files for modifying service-provider-template repo --- service-provider-setup/k8s-vars.example.yml | 3 + .../templates/control-firewalld.yml.j2 | 16 ++++++ .../templates/daemon-firewalld.yml.j2 | 16 ++++++ service-provider-setup/templates/hosts.j2 | 12 ++++ service-provider-setup/templates/k8s.yml.j2 | 55 +++++++++++++++++++ service-provider-setup/templates/nginx.yml.j2 | 21 +++++++ .../templates/wildcard-pwa-example.yml.j2 | 15 +++++ 7 files changed, 138 insertions(+) create mode 100644 service-provider-setup/templates/control-firewalld.yml.j2 create mode 100644 service-provider-setup/templates/daemon-firewalld.yml.j2 create mode 100644 service-provider-setup/templates/hosts.j2 create mode 100644 service-provider-setup/templates/k8s.yml.j2 create mode 100644 service-provider-setup/templates/nginx.yml.j2 create mode 100644 service-provider-setup/templates/wildcard-pwa-example.yml.j2 diff --git a/service-provider-setup/k8s-vars.example.yml b/service-provider-setup/k8s-vars.example.yml index 3ceb227..53b09d7 100644 --- a/service-provider-setup/k8s-vars.example.yml +++ b/service-provider-setup/k8s-vars.example.yml @@ -1,3 +1,6 @@ target_host: "" gpg_key_id: "" vault_passphrase: "" +org_id: "" +location_id: "" +dns_domain: "" diff --git a/service-provider-setup/templates/control-firewalld.yml.j2 b/service-provider-setup/templates/control-firewalld.yml.j2 new file mode 100644 index 0000000..cb32ffa --- /dev/null +++ b/service-provider-setup/templates/control-firewalld.yml.j2 @@ -0,0 +1,16 @@ +--- +firewalld_add: + - name: public + interfaces: + - enp9s0 + services: + - http + - https + ports: + - 6443/tcp + + - name: trusted + sources: + - 10.42.0.0/16 + - 10.43.0.0/16 + - "{{ cluster_control_ip }}" diff --git a/service-provider-setup/templates/daemon-firewalld.yml.j2 b/service-provider-setup/templates/daemon-firewalld.yml.j2 new file mode 100644 index 0000000..64a94c8 --- /dev/null +++ b/service-provider-setup/templates/daemon-firewalld.yml.j2 @@ -0,0 +1,16 @@ +--- +firewalld_add: + - name: public + interfaces: + - ens3 + services: + - http + - https + ports: + - 26657/tcp + - 26656/tcp + - 1317/tcp + + - name: trusted + sources: + - "{{ cluster_control_ip }}" diff --git a/service-provider-setup/templates/hosts.j2 b/service-provider-setup/templates/hosts.j2 new file mode 100644 index 0000000..7985902 --- /dev/null +++ b/service-provider-setup/templates/hosts.j2 @@ -0,0 +1,12 @@ +[all] +{{ org_id }}-daemon ansible_host={{ cluster_control_ip }} +{{ org_id }}-{{ country_id }}-cluster-control ansible_host={{ cluster_control_ip }} + +[so] +{{ org_id }}-daemon + +[{{ org_id }}-{{ country_id }}] +{{ org_id }}-{{ country_id }}-cluster-control k8s_node_type=bootstrap k8s_pod_limit=1024 k8s_external_ip={{ cluster_control_ip }} + +[k8s:children] +{{ org_id }}-{{ country_id }} diff --git a/service-provider-setup/templates/k8s.yml.j2 b/service-provider-setup/templates/k8s.yml.j2 new file mode 100644 index 0000000..6cd2c08 --- /dev/null +++ b/service-provider-setup/templates/k8s.yml.j2 @@ -0,0 +1,55 @@ +--- +# default context is used for stack orchestrator deployments, for testing a custom context name can be usefull +#k8s_cluster_name: "{{ org_id }}-{{ country_id }}-cluster" +k8s_cluster_name: default +k8s_cluster_url: "{{ org_id }}-{{ country_id }}-cluster-control.{{ dns_domain }}.com" +k8s_taint_servers: false + +k8s_acme_email: "{{ support_email }}" + +# k3s bundles traefik as the default ingress controller, we will disable it and use nginx instead +k8s_disable: + - traefik + +# secrets can be stored in a file or as a template, the template secrets gets dynamically base64 encoded while file based secrets must be encoded by hand +k8s_secrets: + - name: digitalocean-dns + type: file + source: secret-digitalocean-dns.yaml + +k8s_manifests: + # ingress controller, replaces traefik which is explicitly disabled + - name: ingress-nginx + type: url + source: https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.10.1/deploy/static/provider/cloud/deploy.yaml + + # cert-manager, required for letsencrypt + - name: cert-manager + type: url + source: https://github.com/cert-manager/cert-manager/releases/download/v1.15.1/cert-manager.yaml + + # issuer for basic http certs + - name: letsencrypt-prod + type: template + source: shared/clusterissuer-acme.yaml + server: https://acme-v02.api.letsencrypt.org/directory + solvers: + - type: http + ingress: nginx + + # issuer for wildcard dns certs + - name: letsencrypt-prod-wild + type: template + source: shared/clusterissuer-acme.yaml + server: https://acme-v02.api.letsencrypt.org/directory + solvers: + - type: dns + provider: digitalocean + tokenref: tokenSecretRef + secret_name: digitalocean-dns + secret_key: access-token + + # initiate wildcard cert + - name: "pwa.{{ dns_domain }}.com" + type: file + source: "wildcard-pwa-{{ dns_domain }}.yaml" diff --git a/service-provider-setup/templates/nginx.yml.j2 b/service-provider-setup/templates/nginx.yml.j2 new file mode 100644 index 0000000..c031511 --- /dev/null +++ b/service-provider-setup/templates/nginx.yml.j2 @@ -0,0 +1,21 @@ +--- +nginx_packages_intall: false +nginx_server_name_hash: 64 +nginx_proxy_read_timeout: 1200 +nginx_proxy_send_timeout: 1200 +nginx_proxy_connection_timeout: 75 + +nginx_sites: + - name: "{{ org_id }}-console" + url: "{{ org_id }}-console.{{ dns_domain }}.com" + upstream: http://localhost:8080 + template: basic-proxy + ssl: true + + - name: "{{ org_id }}-daemon" + url: "{{ org_id }}-daemon.{{ dns_domain }}.com" + upstream: http://localhost:9473 + configs: + - rewrite "^/deployer(/.*)? https://webapp-deployer.pwa.{{domain}}.com" permanent + template: websocket-proxy + ssl: true \ No newline at end of file diff --git a/service-provider-setup/templates/wildcard-pwa-example.yml.j2 b/service-provider-setup/templates/wildcard-pwa-example.yml.j2 new file mode 100644 index 0000000..d131562 --- /dev/null +++ b/service-provider-setup/templates/wildcard-pwa-example.yml.j2 @@ -0,0 +1,15 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: "pwa.{{ dns_domain }}.com" + namespace: default +spec: + secretName: "pwa.{{ dns_domain }}.com" + issuerRef: + name: letsencrypt-prod-wild + kind: ClusterIssuer + group: cert-manager.io + commonName: "*.pwa.{{ dns_domain }}.com" + dnsNames: + - "pwa.{{ dns_domain }}.com" + - "*.pwa.{{ dns_domain }}.com" -- 2.45.2 From a3526a235394e722c7bef24350ab841cfd72fab5 Mon Sep 17 00:00:00 2001 From: Adw8 Date: Thu, 19 Sep 2024 12:29:13 +0530 Subject: [PATCH 07/31] Add tasks to modify service-provider-template repo --- service-provider-setup/setup-k8s.yml | 57 +++++++++++++++++++ .../templates/control-firewalld.yml.j2 | 2 +- .../templates/daemon-firewalld.yml.j2 | 2 +- service-provider-setup/templates/hosts.j2 | 8 +-- service-provider-setup/templates/k8s.yml.j2 | 8 +-- service-provider-setup/templates/nginx.yml.j2 | 12 ++-- .../templates/wildcard-pwa-example.yml.j2 | 10 ++-- 7 files changed, 78 insertions(+), 21 deletions(-) diff --git a/service-provider-setup/setup-k8s.yml b/service-provider-setup/setup-k8s.yml index 2936aab..5149389 100644 --- a/service-provider-setup/setup-k8s.yml +++ b/service-provider-setup/setup-k8s.yml @@ -6,6 +6,7 @@ vars_files: - k8s-vars.yml + - dns-vars.yml tasks: - name: Install Python and pip @@ -56,3 +57,59 @@ "Enter passphrase:": "{{ vault_passphrase }}" args: chdir: "service-provider-template" + + - name: Ensure the target directory exists + file: + path: "{{ ansible_env.HOME }}/service-provider-template" + state: directory + mode: '0755' + + - name: Change directory name in group_vars + command: mv lcn_cad {{ org_id }}_{{ location_id }} + args: + chdir: "{{ ansible_env.HOME }}/service-provider-template/group_vars" + + - name: Change control directory name in host_vars + command: mv lcn-cad-cluster-control {{ org_id }}-{{ location_id }}-cluster-control + args: + chdir: "{{ ansible_env.HOME }}/service-provider-template/host_vars" + + - name: Change daemon directory name in host_vars + command: mv lcn-daemon {{ org_id }}-daemon + args: + chdir: "{{ ansible_env.HOME }}/service-provider-template/host_vars" + + - name: Copy control-firewalld.yml.j2 to the remote VM + template: + src: ./templates/control-firewalld.yml.j2 + dest: "{{ ansible_env.HOME }}/service-provider-template/host_vars/{{ org_id }}-{{ location_id }}-cluster-control/firewalld.yml" + + - name: Copy daemon-firewalld.yml.j2 to the remote VM + template: + src: ./templates/daemon-firewalld.yml.j2 + dest: "{{ ansible_env.HOME }}/service-provider-template/host_vars/{{ org_id }}-daemon/firewalld.yml" + + - name: Copy nginx.yml.j2 to the remote VM + template: + src: ./templates/nginx.yml.j2 + dest: "{{ ansible_env.HOME }}/service-provider-template/host_vars/{{ org_id }}-daemon/nginx.yml" + + - name: Copy hosts.j2 to the remote VM + template: + src: ./templates/hosts.j2 + dest: "{{ ansible_env.HOME }}/service-provider-template/hosts" + + - name: Copy k8s.yml.j2 to the remote VM + template: + src: ./templates/k8s.yml.j2 + dest: "{{ ansible_env.HOME }}/service-provider-template/group_vars/{{ org_id }}_{{ location_id }}/k8s.yml" + + - name: Copy wildcard-pwa-example.yml.j2 to the remote VM + template: + src: ./templates/wildcard-pwa-example.yml.j2 + dest: "{{ ansible_env.HOME }}/service-provider-template/files/manifests/wildcard-pwa-{{dns_domain}}.yml" + + - name: Delete old wildcard-pwa file + file: + path: "{{ ansible_env.HOME }}/service-provider-template/files/manifests/wildcard-pwa-laconic.yaml" + state: absent diff --git a/service-provider-setup/templates/control-firewalld.yml.j2 b/service-provider-setup/templates/control-firewalld.yml.j2 index cb32ffa..f530ab9 100644 --- a/service-provider-setup/templates/control-firewalld.yml.j2 +++ b/service-provider-setup/templates/control-firewalld.yml.j2 @@ -13,4 +13,4 @@ firewalld_add: sources: - 10.42.0.0/16 - 10.43.0.0/16 - - "{{ cluster_control_ip }}" + - {{ cluster_control_ip }} diff --git a/service-provider-setup/templates/daemon-firewalld.yml.j2 b/service-provider-setup/templates/daemon-firewalld.yml.j2 index 64a94c8..f221932 100644 --- a/service-provider-setup/templates/daemon-firewalld.yml.j2 +++ b/service-provider-setup/templates/daemon-firewalld.yml.j2 @@ -13,4 +13,4 @@ firewalld_add: - name: trusted sources: - - "{{ cluster_control_ip }}" + - {{ cluster_control_ip }} diff --git a/service-provider-setup/templates/hosts.j2 b/service-provider-setup/templates/hosts.j2 index 7985902..eede504 100644 --- a/service-provider-setup/templates/hosts.j2 +++ b/service-provider-setup/templates/hosts.j2 @@ -1,12 +1,12 @@ [all] {{ org_id }}-daemon ansible_host={{ cluster_control_ip }} -{{ org_id }}-{{ country_id }}-cluster-control ansible_host={{ cluster_control_ip }} +{{ org_id }}-{{ location_id }}-cluster-control ansible_host={{ cluster_control_ip }} [so] {{ org_id }}-daemon -[{{ org_id }}-{{ country_id }}] -{{ org_id }}-{{ country_id }}-cluster-control k8s_node_type=bootstrap k8s_pod_limit=1024 k8s_external_ip={{ cluster_control_ip }} +[{{ org_id }}-{{ location_id }}] +{{ org_id }}-{{ location_id }}-cluster-control k8s_node_type=bootstrap k8s_pod_limit=1024 k8s_external_ip={{ cluster_control_ip }} [k8s:children] -{{ org_id }}-{{ country_id }} +{{ org_id }}-{{ location_id }} diff --git a/service-provider-setup/templates/k8s.yml.j2 b/service-provider-setup/templates/k8s.yml.j2 index 6cd2c08..8d586a9 100644 --- a/service-provider-setup/templates/k8s.yml.j2 +++ b/service-provider-setup/templates/k8s.yml.j2 @@ -1,8 +1,8 @@ --- # default context is used for stack orchestrator deployments, for testing a custom context name can be usefull -#k8s_cluster_name: "{{ org_id }}-{{ country_id }}-cluster" +#k8s_cluster_name: {{ org_id }}-{{ location_id }}-cluster k8s_cluster_name: default -k8s_cluster_url: "{{ org_id }}-{{ country_id }}-cluster-control.{{ dns_domain }}.com" +k8s_cluster_url: {{ org_id }}-{{ location_id }}-cluster-control.{{ dns_domain }}.com k8s_taint_servers: false k8s_acme_email: "{{ support_email }}" @@ -50,6 +50,6 @@ k8s_manifests: secret_key: access-token # initiate wildcard cert - - name: "pwa.{{ dns_domain }}.com" + - name: pwa.{{ dns_domain }}.com type: file - source: "wildcard-pwa-{{ dns_domain }}.yaml" + source: wildcard-pwa-{{ dns_domain }}.yaml diff --git a/service-provider-setup/templates/nginx.yml.j2 b/service-provider-setup/templates/nginx.yml.j2 index c031511..a432670 100644 --- a/service-provider-setup/templates/nginx.yml.j2 +++ b/service-provider-setup/templates/nginx.yml.j2 @@ -6,16 +6,16 @@ nginx_proxy_send_timeout: 1200 nginx_proxy_connection_timeout: 75 nginx_sites: - - name: "{{ org_id }}-console" - url: "{{ org_id }}-console.{{ dns_domain }}.com" + - name: {{ org_id }}-console + url: {{ org_id }}-console.{{ dns_domain }}.com upstream: http://localhost:8080 template: basic-proxy ssl: true - - name: "{{ org_id }}-daemon" - url: "{{ org_id }}-daemon.{{ dns_domain }}.com" + - name: {{ org_id }}-daemon + url: {{ org_id }}-daemon.{{ dns_domain }}.com upstream: http://localhost:9473 configs: - - rewrite "^/deployer(/.*)? https://webapp-deployer.pwa.{{domain}}.com" permanent + - rewrite ^/deployer(/.*)? https://webapp-deployer.pwa.{{dns_domain}}.com permanent template: websocket-proxy - ssl: true \ No newline at end of file + ssl: true diff --git a/service-provider-setup/templates/wildcard-pwa-example.yml.j2 b/service-provider-setup/templates/wildcard-pwa-example.yml.j2 index d131562..a9920bc 100644 --- a/service-provider-setup/templates/wildcard-pwa-example.yml.j2 +++ b/service-provider-setup/templates/wildcard-pwa-example.yml.j2 @@ -1,15 +1,15 @@ apiVersion: cert-manager.io/v1 kind: Certificate metadata: - name: "pwa.{{ dns_domain }}.com" + name: pwa.{{ dns_domain }}.com namespace: default spec: - secretName: "pwa.{{ dns_domain }}.com" + secretName: pwa.{{ dns_domain }}.com issuerRef: name: letsencrypt-prod-wild kind: ClusterIssuer group: cert-manager.io - commonName: "*.pwa.{{ dns_domain }}.com" + commonName: *.pwa.{{ dns_domain }}.com dnsNames: - - "pwa.{{ dns_domain }}.com" - - "*.pwa.{{ dns_domain }}.com" + - pwa.{{ dns_domain }}.com + - *.pwa.{{ dns_domain }}.com -- 2.45.2 From 0aea420af208084ba2d30566fc37e73d8fc3286c Mon Sep 17 00:00:00 2001 From: Adw8 Date: Thu, 19 Sep 2024 18:51:20 +0530 Subject: [PATCH 08/31] Add tasks to deploy k8s to hosts --- service-provider-setup/setup-k8s.yml | 58 ++++++++++++++++++- service-provider-setup/templates/hosts.j2 | 4 +- .../templates/secret-digitalocean-dns.yml.j2 | 12 ++++ service-provider-setup/templates/vault.yml.j2 | 2 + 4 files changed, 73 insertions(+), 3 deletions(-) create mode 100644 service-provider-setup/templates/secret-digitalocean-dns.yml.j2 create mode 100644 service-provider-setup/templates/vault.yml.j2 diff --git a/service-provider-setup/setup-k8s.yml b/service-provider-setup/setup-k8s.yml index 5149389..2a1e262 100644 --- a/service-provider-setup/setup-k8s.yml +++ b/service-provider-setup/setup-k8s.yml @@ -4,6 +4,10 @@ - name: Setup k8s hosts: "{{ target_host }}" + environment: + PATH: "{{ ansible_env.PATH }}:/home/{{ansible_user}}/.local/bin" + VAULT_KEY: "{{ vault_passphrase }}" + vars_files: - k8s-vars.yml - dns-vars.yml @@ -107,9 +111,61 @@ - name: Copy wildcard-pwa-example.yml.j2 to the remote VM template: src: ./templates/wildcard-pwa-example.yml.j2 - dest: "{{ ansible_env.HOME }}/service-provider-template/files/manifests/wildcard-pwa-{{dns_domain}}.yml" + dest: "{{ ansible_env.HOME }}/service-provider-template/files/manifests/wildcard-pwa-{{dns_domain}}.yaml" - name: Delete old wildcard-pwa file file: path: "{{ ansible_env.HOME }}/service-provider-template/files/manifests/wildcard-pwa-laconic.yaml" state: absent + + - name: Install required ansible roles + shell: ansible-galaxy install -f -p roles -r roles/requirements.yml + args: + chdir: "{{ ansible_env.HOME }}/service-provider-template" + + - name: Install Kubernetes helper tools + shell: ./roles/k8s/files/scripts/get-kube-tools.sh + args: + chdir: "{{ ansible_env.HOME }}/service-provider-template" + become: yes + + - name: Update group_vars/all/vault.yml with support email using template + template: + src: ./templates/vault.yml.j2 + dest: "{{ ansible_env.HOME }}/service-provider-template/group_vars/all/vault.yml" + + - name: Base64 encode DigitalOcean token + set_fact: + b64_encoded_token: "{{ do_api_token | b64encode }}" + + - name: Update secret-digitalocean-dns.yaml with encoded token + template: + src: ./templates/secret-digitalocean-dns.yml.j2 + dest: "{{ ansible_env.HOME }}/service-provider-template/files/manifests/secret-digitalocean-dns.yaml" + vars: + b64_encoded_token: "{{ b64_encoded_token }}" + + - name: Remove k8s-vault.yml file + file: + path: "{{ ansible_env.HOME }}/service-provider-template/group_vars/{{ org_id }}_{{ location_id }}/k8s-vault.yml" + state: absent + + - name: Generate token for the cluster + command: ./roles/k8s/files/scripts/token-vault.sh ./group_vars/{{ org_id }}_{{ location_id }}/k8s-vault.yml + args: + chdir: "{{ ansible_env.HOME }}/service-provider-template" + + - name: Configure firewalld and nginx + command: ansible-playbook -i hosts site.yml --tags=firewalld,nginx + args: + chdir: "{{ ansible_env.HOME }}/service-provider-template" + + - name: Install Stack Orchestrator + command: ansible-playbook -i hosts site.yml --tags=so --limit=so + args: + chdir: "{{ ansible_env.HOME }}/service-provider-template" + + - name: Deploy Kubernetes + command: ansible-playbook -i hosts site.yml --tags=k8s --limit={{ org_id }}_{{ location_id }} + args: + chdir: "{{ ansible_env.HOME }}/service-provider-template" diff --git a/service-provider-setup/templates/hosts.j2 b/service-provider-setup/templates/hosts.j2 index eede504..c7260e1 100644 --- a/service-provider-setup/templates/hosts.j2 +++ b/service-provider-setup/templates/hosts.j2 @@ -5,8 +5,8 @@ [so] {{ org_id }}-daemon -[{{ org_id }}-{{ location_id }}] +[{{ org_id }}_{{ location_id }}] {{ org_id }}-{{ location_id }}-cluster-control k8s_node_type=bootstrap k8s_pod_limit=1024 k8s_external_ip={{ cluster_control_ip }} [k8s:children] -{{ org_id }}-{{ location_id }} +{{ org_id }}_{{ location_id }} diff --git a/service-provider-setup/templates/secret-digitalocean-dns.yml.j2 b/service-provider-setup/templates/secret-digitalocean-dns.yml.j2 new file mode 100644 index 0000000..e9a911c --- /dev/null +++ b/service-provider-setup/templates/secret-digitalocean-dns.yml.j2 @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cert-manager +--- +apiVersion: v1 +data: + access-token: {{ b64_encoded_token }} +kind: Secret +metadata: + name: digitalocean-dns + namespace: cert-manager diff --git a/service-provider-setup/templates/vault.yml.j2 b/service-provider-setup/templates/vault.yml.j2 new file mode 100644 index 0000000..818529e --- /dev/null +++ b/service-provider-setup/templates/vault.yml.j2 @@ -0,0 +1,2 @@ +--- +support_email: {{ support_email }} -- 2.45.2 From 98662df94a2d494e39b912ec48e017eef125bdad Mon Sep 17 00:00:00 2001 From: Adw8 Date: Fri, 20 Sep 2024 10:04:16 +0530 Subject: [PATCH 09/31] Add README steps to create user dev --- service-provider-setup/README.md | 41 +++++++++++++++++++++++++++ service-provider-setup/setup-user.yml | 16 +++++------ 2 files changed, 49 insertions(+), 8 deletions(-) diff --git a/service-provider-setup/README.md b/service-provider-setup/README.md index da7ec96..1e6b769 100644 --- a/service-provider-setup/README.md +++ b/service-provider-setup/README.md @@ -45,3 +45,44 @@ To get started, follow the [installation](../README.md#installation) guide to se ```bash ansible-playbook setup-dns.yml ``` + +## Setup User `dev` + +- Create a new `hosts.ini` file: + + ```bash + cp ../hosts.example.ini hosts.ini + ``` + +- Edit the [`hosts.ini`](./hosts.ini) file to run the playbook on a remote machine: + + ```ini + [deployment_host] + ansible_host= ansible_user= ansible_ssh_common_args='-o ForwardAgent=yes' + ``` + + - Replace `` with the desired `hostname` of the remote machine + - Replace `` with the IP address or hostname of the target machine + - Replace `` with `root` + +- Verify that you are able to connect to the host using the following command: + + ```bash + ansible all -m ping -i hosts.ini -k + + # Expected output: + + # | SUCCESS => { + # "ansible_facts": { + # "discovered_interpreter_python": "/usr/bin/python3.10" + # }, + # "changed": false, + # "ping": "pong" + # } + ``` + +- Execute the `setup-user.yml` Ansible playbook to create a user `dev` with sudo permissions: + + ```bash + ansible-playbook setup-user.yml -i hosts.ini --extra-vars='{ "target_host": "deployment_host" }' + ``` diff --git a/service-provider-setup/setup-user.yml b/service-provider-setup/setup-user.yml index f0f2e11..cfb17db 100644 --- a/service-provider-setup/setup-user.yml +++ b/service-provider-setup/setup-user.yml @@ -78,23 +78,23 @@ - /var/lib/snapd become: yes - - name: Create a user named 'so' + - name: Create a user `dev` user: - name: so + name: dev password: "{{ 'so-service-provider' | password_hash('sha512') }}" shell: /bin/zsh state: present - - name: Add 'so' user to sudoers group + - name: Add dev' user to sudoers group user: - name: so + name: dev groups: sudo append: yes - - name: Ensure .ssh directory exists for 'so' user + - name: Ensure .ssh directory exists for 'dev' user file: - path: /home/so/.ssh + path: /home/dev/.ssh state: directory - owner: so - group: so + owner: dev + group: dev mode: '0700' -- 2.45.2 From fc1cc5b001fc28817c79e831e2e1dddf7af7d75a Mon Sep 17 00:00:00 2001 From: Adw8 Date: Fri, 20 Sep 2024 12:15:14 +0530 Subject: [PATCH 10/31] Add playbook to setup container-registry --- service-provider-setup/.gitignore | 1 + .../container-vars.example.yml | 3 + .../setup-container-registry.yml | 63 +++++++++++++++++++ service-provider-setup/setup-k8s.yml | 12 ++-- .../templates/container-registry.spec.j2 | 16 +++++ .../templates/my_password.json.j2 | 9 +++ 6 files changed, 98 insertions(+), 6 deletions(-) create mode 100644 service-provider-setup/container-vars.example.yml create mode 100644 service-provider-setup/setup-container-registry.yml create mode 100644 service-provider-setup/templates/container-registry.spec.j2 create mode 100644 service-provider-setup/templates/my_password.json.j2 diff --git a/service-provider-setup/.gitignore b/service-provider-setup/.gitignore index f727d47..0d0eae9 100644 --- a/service-provider-setup/.gitignore +++ b/service-provider-setup/.gitignore @@ -1,2 +1,3 @@ dns-vars.yml k8s-vars.yml +container-vars.yml diff --git a/service-provider-setup/container-vars.example.yml b/service-provider-setup/container-vars.example.yml new file mode 100644 index 0000000..643335e --- /dev/null +++ b/service-provider-setup/container-vars.example.yml @@ -0,0 +1,3 @@ +container_registry_username: "" +container_registry_password: "" +container_registry_domain: "" diff --git a/service-provider-setup/setup-container-registry.yml b/service-provider-setup/setup-container-registry.yml new file mode 100644 index 0000000..ca81cfd --- /dev/null +++ b/service-provider-setup/setup-container-registry.yml @@ -0,0 +1,63 @@ +- name: Setup container registry + hosts: "{{ target_host }}" + + environment: + PATH: "{{ ansible_env.PATH }}:/home/{{ansible_user}}/bin" + + vars_files: + - k8s-vars.yml + - container-vars.yml + + tasks: + - name: Generate the spec file for the container-registry stack + template: + src: "./templates/container-registry.spec.j2" + dest: "{{ansible_env.HOME}}/container-registry.spec" + + - name: Create a deployment for the container-registry stack + command: laconic-so --stack container-registry deploy create --deployment-dir container-registry --spec-file container-registry.spec + + - name: Base64 encode the container registry credentials + set_fact: + b64_encoded_cred: "{{ (container_registry_username + ':' + container_registry_password) | b64encode }}" + + - name: Encrypt the container registry credentials to create an htpasswd file + command: > + htpasswd -bB -c container-registry/configmaps/config/htpasswd + {{ container_registry_username }} {{ container_registry_password }} + register: htpasswd_file + + - name: Read the htpasswd file + slurp: + src: "container-registry/configmaps/config/htpasswd" + register: htpasswd_file_content + + - name: Extract the hashed password (after the colon) + set_fact: + hashed_password: "{{ (htpasswd_file_content.content | b64decode).split(':')[1] | trim }}" + + - name: Create container-registry/my_password.json file + template: + src: "./templates/my_password.json.j2" + dest: "container-registry/my_password.json" + + - name: Configure the file container-registry/config.env + copy: + dest: "container-registry/config.env" + content: | + REGISTRY_AUTH=htpasswd + REGISTRY_AUTH_HTPASSWD_REALM="{{org_id}} Service Provider Image Registry" + REGISTRY_AUTH_HTPASSWD_PATH="/config/htpasswd" + REGISTRY_HTTP_SECRET='{{ hashed_password }}' + + - name: Add the container registry credentials as a secret available to the cluster + command: > + kubectl create secret generic laconic-registry + --from-file=.dockerconfigjson=container-registry/my_password.json + --type=kubernetes.io/dockerconfigjson + environment: + KUBECONFIG: "{{ ansible_env.HOME }}/.kube/config-default.yaml" + + - name: Deploy the container registry + command: > + laconic-so deployment --dir container-registry start diff --git a/service-provider-setup/setup-k8s.yml b/service-provider-setup/setup-k8s.yml index 2a1e262..1fe9a1c 100644 --- a/service-provider-setup/setup-k8s.yml +++ b/service-provider-setup/setup-k8s.yml @@ -83,32 +83,32 @@ args: chdir: "{{ ansible_env.HOME }}/service-provider-template/host_vars" - - name: Copy control-firewalld.yml.j2 to the remote VM + - name: Copy control-firewalld.yml to the remote VM template: src: ./templates/control-firewalld.yml.j2 dest: "{{ ansible_env.HOME }}/service-provider-template/host_vars/{{ org_id }}-{{ location_id }}-cluster-control/firewalld.yml" - - name: Copy daemon-firewalld.yml.j2 to the remote VM + - name: Copy daemon-firewalld.yml to the remote VM template: src: ./templates/daemon-firewalld.yml.j2 dest: "{{ ansible_env.HOME }}/service-provider-template/host_vars/{{ org_id }}-daemon/firewalld.yml" - - name: Copy nginx.yml.j2 to the remote VM + - name: Copy nginx.yml to the remote VM template: src: ./templates/nginx.yml.j2 dest: "{{ ansible_env.HOME }}/service-provider-template/host_vars/{{ org_id }}-daemon/nginx.yml" - - name: Copy hosts.j2 to the remote VM + - name: Copy hosts file to the remote VM template: src: ./templates/hosts.j2 dest: "{{ ansible_env.HOME }}/service-provider-template/hosts" - - name: Copy k8s.yml.j2 to the remote VM + - name: Copy k8s.yml to the remote VM template: src: ./templates/k8s.yml.j2 dest: "{{ ansible_env.HOME }}/service-provider-template/group_vars/{{ org_id }}_{{ location_id }}/k8s.yml" - - name: Copy wildcard-pwa-example.yml.j2 to the remote VM + - name: Copy wildcard-pwa-example.yml to the remote VM template: src: ./templates/wildcard-pwa-example.yml.j2 dest: "{{ ansible_env.HOME }}/service-provider-template/files/manifests/wildcard-pwa-{{dns_domain}}.yaml" diff --git a/service-provider-setup/templates/container-registry.spec.j2 b/service-provider-setup/templates/container-registry.spec.j2 new file mode 100644 index 0000000..4f55bae --- /dev/null +++ b/service-provider-setup/templates/container-registry.spec.j2 @@ -0,0 +1,16 @@ +stack: container-registry +deploy-to: k8s +kube-config: /home/{{ ansible_user }}/.kube/config-default.yaml +network: + ports: + registry: + - '5000' + http-proxy: + - host-name: container-registry.pwa.{{dns_domain}}.com + routes: + - path: '/' + proxy-to: registry:5000 +volumes: + registry-data: +configmaps: + config: ./configmaps/config diff --git a/service-provider-setup/templates/my_password.json.j2 b/service-provider-setup/templates/my_password.json.j2 new file mode 100644 index 0000000..f48d47d --- /dev/null +++ b/service-provider-setup/templates/my_password.json.j2 @@ -0,0 +1,9 @@ +{ + "auths": { + "{{container_registry_domain}}": { + "username": "{{ container_registry_username }}", + "password": "{{ hashed_password }}", + "auth": "{{ b64_encoded_cred }}" + } + } +} -- 2.45.2 From 3668c894fa7e8d90ea5ce8f9593f5ddfdab16a34 Mon Sep 17 00:00:00 2001 From: Adw8 Date: Fri, 20 Sep 2024 14:11:12 +0530 Subject: [PATCH 11/31] Add playbooks to setup fixturenet-laconicd and laconic-console --- .../run-laconic-console.yml | 66 +++++++++++++++++++ service-provider-setup/run-laconicd.yml | 33 ++++++++++ .../setup-container-registry.yml | 2 +- .../templates/configs/console-config.env.j2 | 2 + .../{ => specs}/container-registry.spec.j2 | 0 .../specs/fixturenet-laconicd-spec.yml.j2 | 15 +++++ .../specs/laconic-console-spec.yml.j2 | 9 +++ 7 files changed, 126 insertions(+), 1 deletion(-) create mode 100644 service-provider-setup/run-laconic-console.yml create mode 100644 service-provider-setup/run-laconicd.yml create mode 100644 service-provider-setup/templates/configs/console-config.env.j2 rename service-provider-setup/templates/{ => specs}/container-registry.spec.j2 (100%) create mode 100644 service-provider-setup/templates/specs/fixturenet-laconicd-spec.yml.j2 create mode 100644 service-provider-setup/templates/specs/laconic-console-spec.yml.j2 diff --git a/service-provider-setup/run-laconic-console.yml b/service-provider-setup/run-laconic-console.yml new file mode 100644 index 0000000..037606b --- /dev/null +++ b/service-provider-setup/run-laconic-console.yml @@ -0,0 +1,66 @@ +- name: Setup and run laconic console + hosts: "{{target_host}}" + + environment: + PATH: "{{ ansible_env.PATH }}:/home/{{ansible_user}}/bin" + + tasks: + - name: Clone the stack repo + command: laconic-so fetch-stack git.vdb.to/cerc-io/testnet-laconicd-stack --pull + ignore_errors: yes + + - name: Clone required repositories for laconic-console + command: laconic-so --stack ~/cerc/testnet-laconicd-stack/stack-orchestrator/stacks/laconic-console setup-repositories --pull + + - name: Build container images + command: laconic-so --stack ~/cerc/testnet-laconicd-stack/stack-orchestrator/stacks/laconic-console build-containers --force-rebuild + + - name: Generate spec file for laconic console deployment + template: + src: "./templates/specs/laconic-console-spec.yml.j2" + dest: "laconic-console-spec.yml" + + - name: Check if the deployment directory exists + stat: + path: laconic-console-deployment + register: deployment_dir + + - name: Create a deployment from the spec file + command: laconic-so --stack ~/cerc/testnet-laconicd-stack/stack-orchestrator/stacks/laconic-console deploy create --spec-file laconic-console-spec.yml --deployment-dir laconic-console-deployment + when: not deployment_dir.stat.exists + + - name: Place deployment in the same namespace as fixturenet-laconicd + copy: + src: "fixturenet-laconicd-deployment/deployment.yml" + dest: "laconic-console-deployment/deployment.yml" + remote_src: yes + + - name: Fetch user key from laconicd + command: laconic-so deployment --dir fixturenet-laconicd-deployment exec laconicd "echo y | laconicd keys export alice --unarmored-hex --unsafe" + register: alice_pk + + - name: Set Private key for console deployment + set_fact: + ALICE_PK: "{{ alice_pk.stdout }}" + + - name: Start the laconic console deployment + command: laconic-so deployment --dir laconic-console-deployment start + + - name: Create a bond using cli + shell: laconic-so deployment --dir laconic-console-deployment exec cli "laconic registry bond create --type alnt --quantity 1000000000000 --user-key {{ALICE_PK}}" | jq -r '.bondId' + register: bond_id + + - name: Set Bond ID for console deployment + set_fact: + BOND_ID: "{{ bond_id.stdout }}" + + - name: Stop the console deployment + command: laconic-so deployment --dir laconic-console-deployment stop + + - name: Modify the console config with alice_pk and bond_id + template: + src: "./templates/configs/console-config.env.j2" + dest: "laconic-console-deployment/config.env" + + - name: Start the laconic console deployment with updated config + command: laconic-so deployment --dir laconic-console-deployment start diff --git a/service-provider-setup/run-laconicd.yml b/service-provider-setup/run-laconicd.yml new file mode 100644 index 0000000..33efa74 --- /dev/null +++ b/service-provider-setup/run-laconicd.yml @@ -0,0 +1,33 @@ +- name: Setup and run fixturnet-laconicd-stack + hosts: "{{ target_host }}" + + environment: + PATH: "{{ ansible_env.PATH }}:/home/{{ansible_user}}/bin" + + tasks: + - name: Clone the stack repo + command: laconic-so fetch-stack git.vdb.to/cerc-io/fixturenet-laconicd-stack --pull + ignore_errors: yes + + - name: Clone the fixturenet-laconicd repo + command: laconic-so --stack ~/cerc/fixturenet-laconicd-stack/stack-orchestrator/stacks/fixturenet-laconicd setup-repositories + + - name: Build container images + command: laconic-so --stack ~/cerc/fixturenet-laconicd-stack/stack-orchestrator/stacks/fixturenet-laconicd build-containers --force-rebuild + + - name: Generate over spec file for laconicd deployment + template: + src: "./templates/specs/fixturenet-laconicd-spec.yml.j2" + dest: "fixturenet-laconicd-spec.yml" + + - name: Check if the deployment directory exists + stat: + path: "fixturenet-laconicd-deployment" + register: deployment_dir + + - name: Create the deployment from the spec file + command: laconic-so --stack ~/cerc/fixturenet-laconicd-stack/stack-orchestrator/stacks/fixturenet-laconicd deploy create --spec-file fixturenet-laconicd-spec.yml --deployment-dir fixturenet-laconicd-deployment + when: not deployment_dir.stat.exists + + - name: Start the deployment + command: laconic-so deployment --dir fixturenet-laconicd-deployment start diff --git a/service-provider-setup/setup-container-registry.yml b/service-provider-setup/setup-container-registry.yml index ca81cfd..ba94611 100644 --- a/service-provider-setup/setup-container-registry.yml +++ b/service-provider-setup/setup-container-registry.yml @@ -11,7 +11,7 @@ tasks: - name: Generate the spec file for the container-registry stack template: - src: "./templates/container-registry.spec.j2" + src: "./templates/specs/container-registry.spec.j2" dest: "{{ansible_env.HOME}}/container-registry.spec" - name: Create a deployment for the container-registry stack diff --git a/service-provider-setup/templates/configs/console-config.env.j2 b/service-provider-setup/templates/configs/console-config.env.j2 new file mode 100644 index 0000000..7ecc724 --- /dev/null +++ b/service-provider-setup/templates/configs/console-config.env.j2 @@ -0,0 +1,2 @@ +CERC_LACONICD_USER_KEY={{ALICE_PK}} +CERC_LACONICD_BOND_ID={{BOND_ID}} diff --git a/service-provider-setup/templates/container-registry.spec.j2 b/service-provider-setup/templates/specs/container-registry.spec.j2 similarity index 100% rename from service-provider-setup/templates/container-registry.spec.j2 rename to service-provider-setup/templates/specs/container-registry.spec.j2 diff --git a/service-provider-setup/templates/specs/fixturenet-laconicd-spec.yml.j2 b/service-provider-setup/templates/specs/fixturenet-laconicd-spec.yml.j2 new file mode 100644 index 0000000..b6ef644 --- /dev/null +++ b/service-provider-setup/templates/specs/fixturenet-laconicd-spec.yml.j2 @@ -0,0 +1,15 @@ +stack: + /home/{{ansible_user}}/cerc/fixturenet-laconicd-stack/stack-orchestrator/stacks/fixturenet-laconicd +deploy-to: compose +network: + ports: + laconicd: + - '6060:6060' + - '26657:26657' + - '26656:26656' + - '9473:9473' + - '9090:9090' + - '1317:1317' +volumes: + laconicd-data: ./data/laconicd-data + genesis-config: ./data/genesis-config diff --git a/service-provider-setup/templates/specs/laconic-console-spec.yml.j2 b/service-provider-setup/templates/specs/laconic-console-spec.yml.j2 new file mode 100644 index 0000000..a379476 --- /dev/null +++ b/service-provider-setup/templates/specs/laconic-console-spec.yml.j2 @@ -0,0 +1,9 @@ +stack: + /home/{{ansible_user}}/cerc/testnet-laconicd-stack/stack-orchestrator/stacks/laconic-console +deploy-to: compose +network: + ports: + console: + - '8080:80' +volumes: + laconic-registry-data: ./data/laconic-registry-data -- 2.45.2 From 29492e94421ccf27535dc6a55f0ae30a42191c58 Mon Sep 17 00:00:00 2001 From: Adw8 Date: Fri, 20 Sep 2024 14:33:39 +0530 Subject: [PATCH 12/31] Add steps to reserve authority --- service-provider-setup/.gitignore | 1 + service-provider-setup/run-laconic-console.yml | 9 +++++++++ service-provider-setup/webapp-vars.example.yml | 1 + 3 files changed, 11 insertions(+) create mode 100644 service-provider-setup/webapp-vars.example.yml diff --git a/service-provider-setup/.gitignore b/service-provider-setup/.gitignore index 0d0eae9..ccc813f 100644 --- a/service-provider-setup/.gitignore +++ b/service-provider-setup/.gitignore @@ -1,3 +1,4 @@ dns-vars.yml k8s-vars.yml container-vars.yml +webapp-vars.yml diff --git a/service-provider-setup/run-laconic-console.yml b/service-provider-setup/run-laconic-console.yml index 037606b..9aee5c7 100644 --- a/service-provider-setup/run-laconic-console.yml +++ b/service-provider-setup/run-laconic-console.yml @@ -4,6 +4,9 @@ environment: PATH: "{{ ansible_env.PATH }}:/home/{{ansible_user}}/bin" + vars_files: + - webapp-vars.yml + tasks: - name: Clone the stack repo command: laconic-so fetch-stack git.vdb.to/cerc-io/testnet-laconicd-stack --pull @@ -64,3 +67,9 @@ - name: Start the laconic console deployment with updated config command: laconic-so deployment --dir laconic-console-deployment start + + - name: Reserve an authority + command: laconic-so deployment --dir laconic-console-deployment exec cli "laconic registry authority reserve {{authority_name}}" + + - name: Set authority using bond id + command: laconic-so deployment --dir laconic-console-deployment exec cli "laconic registry authority bond set {{authority_name}} {{BOND_ID}}" diff --git a/service-provider-setup/webapp-vars.example.yml b/service-provider-setup/webapp-vars.example.yml new file mode 100644 index 0000000..2d81901 --- /dev/null +++ b/service-provider-setup/webapp-vars.example.yml @@ -0,0 +1 @@ +authority_name: "" -- 2.45.2 From 9a4a7ad53da5286584a5a06b1539a49c08c2dcc7 Mon Sep 17 00:00:00 2001 From: Adw8 Date: Mon, 23 Sep 2024 13:49:40 +0530 Subject: [PATCH 13/31] Add playbook to setup webapp deployer backend --- service-provider-setup/deploy-backend.yml | 124 ++++++++++++++++++ .../setup-container-registry.yml | 31 +++++ .../configs/webapp-deployer-config.env.j2 | 28 ++++ .../templates/laconic.yml.j2 | 9 ++ .../templates/specs/webapp-deployer.spec.j2 | 35 +++++ 5 files changed, 227 insertions(+) create mode 100644 service-provider-setup/deploy-backend.yml create mode 100644 service-provider-setup/templates/configs/webapp-deployer-config.env.j2 create mode 100644 service-provider-setup/templates/laconic.yml.j2 create mode 100644 service-provider-setup/templates/specs/webapp-deployer.spec.j2 diff --git a/service-provider-setup/deploy-backend.yml b/service-provider-setup/deploy-backend.yml new file mode 100644 index 0000000..24cd536 --- /dev/null +++ b/service-provider-setup/deploy-backend.yml @@ -0,0 +1,124 @@ +- name: Deploy Webapp-Deployer Backend + hosts: "{{ target_host }}" + + environment: + PATH: "{{ ansible_env.PATH }}:/home/{{ansible_user}}/bin" + KUBECONFIG: "{{ ansible_env.HOME }}/.kube/config-default.yaml" + + vars_files: + - webapp-vars.yml + - container-vars.yml + - k8s-vars.yml + - dns-vars.yml + + tasks: + - name: Ensure gpg-keys directory exists + file: + path: ~/gpg-keys + state: directory + mode: '0700' + + - name: Create a GPG key + shell: gpg --batch --passphrase "SECRET" --quick-generate-key webapp-deployer-api.{{ dns_domain }}.com default default never + + - name: Export the public key + shell: gpg --export webapp-deployer-api.{{ dns_domain }}.com > ~/gpg-keys/webapp-deployer-api.{{ dns_domain }}.com.pgp.pub + args: + creates: ~/gpg-keys/webapp-deployer-api.{{ dns_domain }}.com.pgp.pub + + - name: Export the private key with passphrase + expect: + command: gpg --export-secret-keys webapp-deployer-api.{{ dns_domain }}.com > ~/gpg-keys/webapp-deployer-api.{{ dns_domain }}.com.pgp.key + responses: + 'Please enter the passphrase to export the OpenPGP secret key': 'SECRET\n' + register: gpg_output + no_log: true + + - name: Setup repositories for webapp-deployer-backend + command: laconic-so --stack webapp-deployer-backend setup-repositories + + - name: Build containers for webapp-deployer-backend + command: laconic-so --stack webapp-deployer-backend build-containers + + - name: Create laconic config file + template: + src: "./templates/laconic.yml.j2" + dest: "config/laconic.yml" + + - name: Copy the gpg private key file to config dir + copy: + src: "gpg-keys/webapp-deployer-api.{{ dns_domain }}.com.pgp.key" + dest: "config" + remote_src: true + + - name: Copy the gpg public key file to config dir + copy: + src: "gpg-keys/webapp-deployer-api.{{ dns_domain }}.com.pgp.pub" + dest: "config" + remote_src: true + + - name: Publish the webapp-deployer record using laconic-so + shell: | + docker run -i -t \ + -v /home/{{ ansible_user }}/config:/home/root/config \ + cerc/webapp-deployer-backend:local laconic-so publish-deployer-to-registry \ + --laconic-config /home/root/config/laconic.yml \ + --api-url https://webapp-deployer-api.{{ dns_domain }}.com \ + --public-key-file /home/root/config/webapp-deployer-api.{{ dns_domain }}.com.pgp.pub \ + --lrn lrn://{{ authority_name }}/deployers/webapp-deployer-api.{{ dns_domain }}.com \ + --min-required-payment 100 + register: publish_output + + - name: Display publish output + debug: + var: publish_output.stdout + + - name: Generate spec file for webapp-deployer-backend + template: + src: "./templates/specs/webapp-deployer.spec.j2" + dest: "webapp-deployer.spec" + + - name: Create the deployment directory from the spec file + command: > + laconic-so --stack webapp-deployer-backend deploy create + --deployment-dir webapp-deployer --spec-file webapp-deployer.spec + + - name: Update config for webapp-deployer-backend + template: + src: "./templates/configs/webapp-deployer-config.env.j2" + dest: "webapp-deployer/config.env" + + - name: Copy the kube config file to webapp-deployer directory + copy: + src: "{{ansible_env.HOME}}/.kube/config-default.yaml" + dest: "webapp-deployer/data/config/kube.yml" + remote_src: true + + - name: Create laconic config file + template: + src: "./templates/laconic.yml.j2" + dest: "webapp-deployer/data/config/laconic.yml" + + - name: Push images to container registry + command: laconic-so deployment --dir webapp-deployer push-images + + - name: Start the webapp deployer + command: laconic-so deployment --dir webapp-deployer start + + - name: Get the most recent pod for the deployment + shell: kubectl get pods --sort-by=.metadata.creationTimestamp -o jsonpath='{.items[-1].metadata.name}' + register: webapp_deployer_pod + + - name: Set pod ID to a variable + set_fact: + pod_id: "{{ webapp_deployer_pod.stdout }}" + + - name: Wait for the recent pod to be ready + command: kubectl wait --for=condition=Ready pod/{{ pod_id }} --timeout=300s + register: wait_result + + - name: Copy gpg private key file to webapp deployer pod + shell: kubectl cp gpg-keys/webapp-deployer-api.{{ dns_domain }}.com.pgp.key {{ pod_id }}:/app + + - name: Copy gpg public key file to webapp deployer pod + shell: kubectl cp gpg-keys/webapp-deployer-api.{{ dns_domain }}.com.pgp.pub {{ pod_id }}:/app diff --git a/service-provider-setup/setup-container-registry.yml b/service-provider-setup/setup-container-registry.yml index ba94611..6f78e7a 100644 --- a/service-provider-setup/setup-container-registry.yml +++ b/service-provider-setup/setup-container-registry.yml @@ -61,3 +61,34 @@ - name: Deploy the container registry command: > laconic-so deployment --dir container-registry start + + - name: Get cluster_id from container-registry-deployment + slurp: + src: container-registry/deployment.yml + register: deployment_file + + - name: Decode and extract cluster-id + set_fact: + cluster_id: "{{ deployment_file.content | b64decode | regex_search('cluster-id: (.+)', '\\1') }}" + + - name: Display the cluster ID + debug: + msg: "The cluster ID is: {{ cluster_id }}" + + - name: Annotate ingress for proxy body size + command: > + kubectl annotate ingress {{ cluster_id }}-ingress nginx.ingress.kubernetes.io/proxy-body-size=0 + environment: + KUBECONFIG: "{{ ansible_env.HOME }}/.kube/config-default.yaml" + + - name: Annotate ingress for proxy read timeout + command: > + kubectl annotate ingress {{ cluster_id }}-ingress nginx.ingress.kubernetes.io/proxy-read-timeout=600 + environment: + KUBECONFIG: "{{ ansible_env.HOME }}/.kube/config-default.yaml" + + - name: Annotate ingress for proxy send timeout + command: > + kubectl annotate ingress {{ cluster_id }}-ingress nginx.ingress.kubernetes.io/proxy-send-timeout=600 + environment: + KUBECONFIG: "{{ ansible_env.HOME }}/.kube/config-default.yaml" diff --git a/service-provider-setup/templates/configs/webapp-deployer-config.env.j2 b/service-provider-setup/templates/configs/webapp-deployer-config.env.j2 new file mode 100644 index 0000000..8b2c130 --- /dev/null +++ b/service-provider-setup/templates/configs/webapp-deployer-config.env.j2 @@ -0,0 +1,28 @@ +DEPLOYMENT_DNS_SUFFIX="pwa.{{ dns_domain }}.com" + +# Name of reserved authority +DEPLOYMENT_RECORD_NAMESPACE="{{ authority_name }}" + +# url of the deployed docker image registry +IMAGE_REGISTRY="container-registry.pwa.{{ dns_domain }}.com" + +# htpasswd credentials +IMAGE_REGISTRY_USER="{{ container_registry_username }}" +IMAGE_REGISTRY_CREDS="{{ container_registry_password }}" + +# configs +CLEAN_DEPLOYMENTS=false +CLEAN_LOGS=false +CLEAN_CONTAINERS=false +SYSTEM_PRUNE=false +WEBAPP_IMAGE_PRUNE=true +CHECK_INTERVAL=5 +FQDN_POLICY="allow" + +# lrn of the webapp deployer +LRN="lrn://{{ authority_name }}/deployers/webapp-deployer-api.{{ dns_domain }}.com" +export OPENPGP_PRIVATE_KEY_FILE="webapp-deployer-api.{{ dns_domain }}.com.pgp.key" +export OPENPGP_PASSPHRASE="SECRET" +export DEPLOYER_STATE="srv-test/deployments/autodeploy.state" +export UNDEPLOYER_STATE="srv-test/deployments/autoundeploy.state" +export UPLOAD_DIRECTORY="srv-test/uploads" diff --git a/service-provider-setup/templates/laconic.yml.j2 b/service-provider-setup/templates/laconic.yml.j2 new file mode 100644 index 0000000..0f4b79b --- /dev/null +++ b/service-provider-setup/templates/laconic.yml.j2 @@ -0,0 +1,9 @@ +services: + registry: + rpcEndpoint: 'http://{{ cluster_control_ip }}:26657' + gqlEndpoint: 'http://{{ cluster_control_ip }}:9473/api' + userKey: "{{ ALICE_PK }}" + bondId: "{{ BOND_ID }}" + chainId: lorotestnet-1 + gas: 200000 + fees: 500000alnt diff --git a/service-provider-setup/templates/specs/webapp-deployer.spec.j2 b/service-provider-setup/templates/specs/webapp-deployer.spec.j2 new file mode 100644 index 0000000..6a76349 --- /dev/null +++ b/service-provider-setup/templates/specs/webapp-deployer.spec.j2 @@ -0,0 +1,35 @@ +stack: webapp-deployer-backend +deploy-to: k8s +kube-config: {{ansible_env.HOME}}/.kube/config-default.yaml +image-registry: container-registry.pwa.{{dns_domain}}.com/laconic-registry +network: + ports: + server: + - '9555' + http-proxy: + - host-name: webapp-deployer-api.pwa.{{ dns_domain }}.com + routes: + - path: '/' + proxy-to: server:9555 +volumes: + srv: +configmaps: + config: ./data/config +annotations: + container.apparmor.security.beta.kubernetes.io/{name}: unconfined +labels: + container.kubeaudit.io/{name}.allow-disabled-apparmor: "podman" +security: + privileged: true + +resources: + containers: + reservations: + cpus: 4 + memory: 8G + limits: + cpus: 6 + memory: 16G + volumes: + reservations: + storage: 200G -- 2.45.2 From 8bb7f53283fff46f6d0bfafcbba6c431da390fed Mon Sep 17 00:00:00 2001 From: Adw8 Date: Mon, 23 Sep 2024 14:38:49 +0530 Subject: [PATCH 14/31] Add directory for vars files --- service-provider-setup/.gitignore | 8 ++++---- service-provider-setup/README.md | 5 +++-- service-provider-setup/deploy-backend.yml | 8 ++++---- service-provider-setup/setup-container-registry.yml | 4 ++-- service-provider-setup/setup-dns.yml | 2 +- service-provider-setup/setup-k8s.yml | 4 ++-- service-provider-setup/templates/laconic.yml.j2 | 4 ++-- .../{ => vars}/container-vars.example.yml | 0 service-provider-setup/{ => vars}/dns-vars.example.yml | 0 service-provider-setup/{ => vars}/k8s-vars.example.yml | 0 service-provider-setup/vars/webapp-vars.example.yml | 3 +++ service-provider-setup/webapp-vars.example.yml | 1 - 12 files changed, 21 insertions(+), 18 deletions(-) rename service-provider-setup/{ => vars}/container-vars.example.yml (100%) rename service-provider-setup/{ => vars}/dns-vars.example.yml (100%) rename service-provider-setup/{ => vars}/k8s-vars.example.yml (100%) create mode 100644 service-provider-setup/vars/webapp-vars.example.yml delete mode 100644 service-provider-setup/webapp-vars.example.yml diff --git a/service-provider-setup/.gitignore b/service-provider-setup/.gitignore index ccc813f..a27004d 100644 --- a/service-provider-setup/.gitignore +++ b/service-provider-setup/.gitignore @@ -1,4 +1,4 @@ -dns-vars.yml -k8s-vars.yml -container-vars.yml -webapp-vars.yml +vars/dns-vars.yml +vars/k8s-vars.yml +vars/container-vars.yml +vars/webapp-vars.yml diff --git a/service-provider-setup/README.md b/service-provider-setup/README.md index 1e6b769..e75703d 100644 --- a/service-provider-setup/README.md +++ b/service-provider-setup/README.md @@ -14,13 +14,14 @@ To get started, follow the [installation](../README.md#installation) guide to se ### Create DNS entries in DigitalOcean -- Copy the [`dns-vars.example.yml`](./dns-vars.example.yml) vars file +- Copy the [`dns-vars.example.yml`](./vars/dns-vars.example.yml) file ```bash + cd vars/ cp dns-vars.example.yml dns-vars.yml ``` -- Enter the `dns-vars.yml` file +- Set the following values in the `dns-vars.yml` file ```bash # primary domain for which DNS records will be managed diff --git a/service-provider-setup/deploy-backend.yml b/service-provider-setup/deploy-backend.yml index 24cd536..be8dfd0 100644 --- a/service-provider-setup/deploy-backend.yml +++ b/service-provider-setup/deploy-backend.yml @@ -6,10 +6,10 @@ KUBECONFIG: "{{ ansible_env.HOME }}/.kube/config-default.yaml" vars_files: - - webapp-vars.yml - - container-vars.yml - - k8s-vars.yml - - dns-vars.yml + - vars/webapp-vars.yml + - vars/container-vars.yml + - vars/k8s-vars.yml + - vars/dns-vars.yml tasks: - name: Ensure gpg-keys directory exists diff --git a/service-provider-setup/setup-container-registry.yml b/service-provider-setup/setup-container-registry.yml index 6f78e7a..2d44e27 100644 --- a/service-provider-setup/setup-container-registry.yml +++ b/service-provider-setup/setup-container-registry.yml @@ -5,8 +5,8 @@ PATH: "{{ ansible_env.PATH }}:/home/{{ansible_user}}/bin" vars_files: - - k8s-vars.yml - - container-vars.yml + - vars/k8s-vars.yml + - vars/container-vars.yml tasks: - name: Generate the spec file for the container-registry stack diff --git a/service-provider-setup/setup-dns.yml b/service-provider-setup/setup-dns.yml index 3317745..8324a3c 100644 --- a/service-provider-setup/setup-dns.yml +++ b/service-provider-setup/setup-dns.yml @@ -2,7 +2,7 @@ hosts: localhost vars_files: - - dns-vars.yml + - vars/dns-vars.yml tasks: - name: Create a domain diff --git a/service-provider-setup/setup-k8s.yml b/service-provider-setup/setup-k8s.yml index 1fe9a1c..d472e9b 100644 --- a/service-provider-setup/setup-k8s.yml +++ b/service-provider-setup/setup-k8s.yml @@ -9,8 +9,8 @@ VAULT_KEY: "{{ vault_passphrase }}" vars_files: - - k8s-vars.yml - - dns-vars.yml + - vars/k8s-vars.yml + - vars/dns-vars.yml tasks: - name: Install Python and pip diff --git a/service-provider-setup/templates/laconic.yml.j2 b/service-provider-setup/templates/laconic.yml.j2 index 0f4b79b..6c65e77 100644 --- a/service-provider-setup/templates/laconic.yml.j2 +++ b/service-provider-setup/templates/laconic.yml.j2 @@ -1,7 +1,7 @@ services: registry: - rpcEndpoint: 'http://{{ cluster_control_ip }}:26657' - gqlEndpoint: 'http://{{ cluster_control_ip }}:9473/api' + rpcEndpoint: 'http://{{ subdomain_cluster_control }}.{{ dns_domain }}.com:26657' + gqlEndpoint: 'http://{{ subdomain_cluster_control}}.{{ dns_domain }}.com:9473/api' userKey: "{{ ALICE_PK }}" bondId: "{{ BOND_ID }}" chainId: lorotestnet-1 diff --git a/service-provider-setup/container-vars.example.yml b/service-provider-setup/vars/container-vars.example.yml similarity index 100% rename from service-provider-setup/container-vars.example.yml rename to service-provider-setup/vars/container-vars.example.yml diff --git a/service-provider-setup/dns-vars.example.yml b/service-provider-setup/vars/dns-vars.example.yml similarity index 100% rename from service-provider-setup/dns-vars.example.yml rename to service-provider-setup/vars/dns-vars.example.yml diff --git a/service-provider-setup/k8s-vars.example.yml b/service-provider-setup/vars/k8s-vars.example.yml similarity index 100% rename from service-provider-setup/k8s-vars.example.yml rename to service-provider-setup/vars/k8s-vars.example.yml diff --git a/service-provider-setup/vars/webapp-vars.example.yml b/service-provider-setup/vars/webapp-vars.example.yml new file mode 100644 index 0000000..ede7205 --- /dev/null +++ b/service-provider-setup/vars/webapp-vars.example.yml @@ -0,0 +1,3 @@ +authority_name: "" +ALICE_PK: "" +BOND_ID: "" diff --git a/service-provider-setup/webapp-vars.example.yml b/service-provider-setup/webapp-vars.example.yml deleted file mode 100644 index 2d81901..0000000 --- a/service-provider-setup/webapp-vars.example.yml +++ /dev/null @@ -1 +0,0 @@ -authority_name: "" -- 2.45.2 From 8e4ff9d81f4cb18beba8c0d95bb4f5c2cd5dda78 Mon Sep 17 00:00:00 2001 From: Adw8 Date: Mon, 23 Sep 2024 16:51:57 +0530 Subject: [PATCH 15/31] Add playbook to setup and start webapp-ui --- service-provider-setup/deploy-backend.yml | 9 +---- service-provider-setup/deploy-frontend.yml | 37 +++++++++++++++++++ .../run-laconic-console.yml | 2 +- .../templates/configs/webapp-ui-config.env.j2 | 3 ++ 4 files changed, 43 insertions(+), 8 deletions(-) create mode 100644 service-provider-setup/deploy-frontend.yml create mode 100644 service-provider-setup/templates/configs/webapp-ui-config.env.j2 diff --git a/service-provider-setup/deploy-backend.yml b/service-provider-setup/deploy-backend.yml index be8dfd0..04c7c2e 100644 --- a/service-provider-setup/deploy-backend.yml +++ b/service-provider-setup/deploy-backend.yml @@ -26,13 +26,8 @@ args: creates: ~/gpg-keys/webapp-deployer-api.{{ dns_domain }}.com.pgp.pub - - name: Export the private key with passphrase - expect: - command: gpg --export-secret-keys webapp-deployer-api.{{ dns_domain }}.com > ~/gpg-keys/webapp-deployer-api.{{ dns_domain }}.com.pgp.key - responses: - 'Please enter the passphrase to export the OpenPGP secret key': 'SECRET\n' - register: gpg_output - no_log: true + - name: Export the GPG private key with passphrase + shell: gpg --pinentry-mode=loopback --passphrase "SECRET" --export-secret-keys webapp-deployer-api.{{ dns_domain }}.com > ~/gpg-keys/webapp-deployer-api.{{ dns_domain }}.com.pgp.key - name: Setup repositories for webapp-deployer-backend command: laconic-so --stack webapp-deployer-backend setup-repositories diff --git a/service-provider-setup/deploy-frontend.yml b/service-provider-setup/deploy-frontend.yml new file mode 100644 index 0000000..0946e99 --- /dev/null +++ b/service-provider-setup/deploy-frontend.yml @@ -0,0 +1,37 @@ +- name: Deploy Webapp-Deployer UI + hosts: "{{ target_host }}" + + environment: + PATH: "{{ ansible_env.PATH }}:/home/{{ansible_user}}/bin" + + vars_files: + - vars/webapp-vars.yml + - vars/k8s-vars.yml + + tasks: + - name: Clone webapp-deployment-status-ui repository + git: + repo: "https://git.vdb.to/cerc-io/webapp-deployment-status-ui.git" + dest: "{{ ansible_env.HOME }}/cerc/webapp-deployment-status-ui" + update: yes + + - name: Build webapp-deployer-status-ui + command: laconic-so build-webapp --source-repo {{ ansible_env.HOME }}/cerc/webapp-deployment-status-ui + + - name: Create a deployment for webapp-ui + command: | + laconic-so deploy-webapp create --kube-config {{ ansible_env.HOME }}/.kube/config-default.yaml + --image-registry container-registry.pwa.{{ dns_domain }}.com --deployment-dir webapp-ui + --image cerc/webapp-deployment-status-ui:local --url https://webapp-deployer-ui.pwa.{{ dns_domain }}.com + --env-file ~/cerc/webapp-deployment-status-ui/.env + + - name: Push image to container registry + command: laconic-so deployment --dir webapp-ui push-images + + - name: Update config file for webapp ui + template: + src: "./templates/configs/webapp-ui-config.env.j2" + dest: "webapp-ui/config.env" + + - name: Start the deployer ui + command: laconic-so deployment --dir webapp-ui start diff --git a/service-provider-setup/run-laconic-console.yml b/service-provider-setup/run-laconic-console.yml index 9aee5c7..ef9d0e7 100644 --- a/service-provider-setup/run-laconic-console.yml +++ b/service-provider-setup/run-laconic-console.yml @@ -5,7 +5,7 @@ PATH: "{{ ansible_env.PATH }}:/home/{{ansible_user}}/bin" vars_files: - - webapp-vars.yml + - vars/webapp-vars.yml tasks: - name: Clone the stack repo diff --git a/service-provider-setup/templates/configs/webapp-ui-config.env.j2 b/service-provider-setup/templates/configs/webapp-ui-config.env.j2 new file mode 100644 index 0000000..38697fb --- /dev/null +++ b/service-provider-setup/templates/configs/webapp-ui-config.env.j2 @@ -0,0 +1,3 @@ +CERC_WEBAPP_DEBUG=0.1.0 +LACONIC_HOSTED_CONFIG_app_api_url=https://webapp-deployer-api.pwa.{{ dns_domain }}.com +LACONIC_HOSTED_CONFIG_app_console_link=https://laconicd.laconic.com/console?query=%0A%20%20fragment%20ValueParts%20on%20Value%20%7B%0A%20%20%20%20...%20on%20BooleanValue%20%7B%0A%20%20%20%20%20%20bool%3A%20value%0A%20%20%20%20%7D%0A%20%20%20%20...%20on%20IntValue%20%7B%0A%20%20%20%20%20%20int%3A%20value%0A%20%20%20%20%7D%0A%20%20%20%20...%20on%20FloatValue%20%7B%0A%20%20%20%20%20%20float%3A%20value%0A%20%20%20%20%7D%0A%20%20%20%20...%20on%20StringValue%20%7B%0A%20%20%20%20%20%20string%3A%20value%0A%20%20%20%20%7D%0A%20%20%20%20...%20on%20BytesValue%20%7B%0A%20%20%20%20%20%20bytes%3A%20value%0A%20%20%20%20%7D%0A%20%20%20%20...%20on%20LinkValue%20%7B%0A%20%20%20%20%20%20link%3A%20value%0A%20%20%20%20%7D%0A%20%20%7D%0A%0A%20%20fragment%20AttrParts%20on%20Attribute%20%7B%0A%20%20%20%20key%0A%20%20%20%20value%20%7B%0A%20%20%20%20%20%20...ValueParts%0A%20%20%20%20%20%20...%20on%20ArrayValue%20%7B%0A%20%20%20%20%20%20%20%20value%20%7B%0A%20%20%20%20%20%20%20%20%20%20...ValueParts%0A%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20%7D%0A%20%20%20%20%7D%0A%20%20%7D%0A%0A%20%20%7B%0A%20%20%20%20getRecordsByIds(ids%3A%20%5B%22#RQID#%22%5D)%20%7B%0A%20%20%20%20%20%20id%0A%20%20%20%20%20%20names%0A%20%20%20%20%20%20bondId%0A%20%20%20%20%20%20createTime%0A%20%20%20%20%20%20expiryTime%0A%20%20%20%20%20%20owners%0A%20%20%20%20%20%20attributes%20%7B%0A%20%20%20%20%20%20%20%20...AttrParts%0A%20%20%20%20%20%20%20%20value%20%7B%0A%20%20%20%20%20%20%20%20%20%20...%20on%20MapValue%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20map%3A%20value%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20...AttrParts%0A%20%20%20%20%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20%7D%0A%20%20%20%20%7D%0A%20%20%7D%0A -- 2.45.2 From 7e0747347d15ba189a6ff4ae52fd52599280c596 Mon Sep 17 00:00:00 2001 From: Adw8 Date: Mon, 23 Sep 2024 18:59:16 +0530 Subject: [PATCH 16/31] Update README --- service-provider-setup/README.md | 152 ++++++++++++++---- service-provider-setup/setup-dns.yml | 6 +- service-provider-setup/setup-k8s.yml | 13 +- service-provider-setup/setup-user.yml | 5 +- .../vars/container-vars.example.yml | 2 +- 5 files changed, 142 insertions(+), 36 deletions(-) diff --git a/service-provider-setup/README.md b/service-provider-setup/README.md index e75703d..605c17b 100644 --- a/service-provider-setup/README.md +++ b/service-provider-setup/README.md @@ -4,6 +4,49 @@ To get started, follow the [installation](../README.md#installation) guide to setup ansible on your machine +## Setup User `dev` + +- Create a new `hosts.ini` file: + + ```bash + cp ../hosts.example.ini hosts.ini + ``` + +- Edit the [`hosts.ini`](./hosts.ini) file to run the playbook on a remote machine: + + ```ini + [deployment_host] + ansible_host= ansible_user= ansible_ssh_common_args='-o ForwardAgent=yes' + ``` + + - Replace `` with the desired `hostname` of the remote machine + - Replace `` with the IP address or hostname of the target machine + - Replace `` with `root` + +- Verify that you are able to connect to the host using the following command: + + ```bash + ansible all -m ping -i hosts.ini + + # Expected output: + + # | SUCCESS => { + # "ansible_facts": { + # "discovered_interpreter_python": "/usr/bin/python3.10" + # }, + # "changed": false, + # "ping": "pong" + # } + ``` + +- Execute the `setup-user.yml` Ansible playbook to create a user `dev` with sudo permissions: + + ```bash + ansible-playbook setup-user.yml -i hosts.ini --extra-vars='{ "target_host": "deployment_host" }' + ``` + +For the following playbooks, Update `ansible_user` in the [`hosts.ini`](./hosts.ini) file to the user that you created + ## Configure DNS ### Prerequisites @@ -17,7 +60,7 @@ To get started, follow the [installation](../README.md#installation) guide to se - Copy the [`dns-vars.example.yml`](./vars/dns-vars.example.yml) file ```bash - cd vars/ + cd vars cp dns-vars.example.yml dns-vars.yml ``` @@ -47,43 +90,94 @@ To get started, follow the [installation](../README.md#installation) guide to se ansible-playbook setup-dns.yml ``` -## Setup User `dev` +## Setup k8s clusters -- Create a new `hosts.ini` file: +- Create a PGP key on your target host - ```bash - cp ../hosts.example.ini hosts.ini - ``` - -- Edit the [`hosts.ini`](./hosts.ini) file to run the playbook on a remote machine: - - ```ini - [deployment_host] - ansible_host= ansible_user= ansible_ssh_common_args='-o ForwardAgent=yes' + ``` + gpg --full-generate-key ``` - - Replace `` with the desired `hostname` of the remote machine - - Replace `` with the IP address or hostname of the target machine - - Replace `` with `root` +- List the secret keys -- Verify that you are able to connect to the host using the following command: + ``` + gpg --list-secret-keys --keyid-format=long + ``` + +- This will output something like this + + ``` + [keyboxd] + --------- + sec rsa4096/0AFB10B643944C22 2024-05-03 [SC] [expires: 2025-05-03] + 17B3248D6784EC6CB43365A60AFB10B643944C22 + uid [ultimate] user + ``` + + Note the `0AFB10B643944C22` sequence of characters. + +- Copy the [`k8s-vars.example.yml`](./vars/k8s-vars.example.yml) file ```bash - ansible all -m ping -i hosts.ini -k - - # Expected output: - - # | SUCCESS => { - # "ansible_facts": { - # "discovered_interpreter_python": "/usr/bin/python3.10" - # }, - # "changed": false, - # "ping": "pong" - # } + cd vars + cp k8s-vars.example.yml k8s-vars.yml ``` -- Execute the `setup-user.yml` Ansible playbook to create a user `dev` with sudo permissions: +- Update `gpg_key_id` in [`k8s-vars.yml`](./vars/k8s-vars.yml) with the the following: ```bash - ansible-playbook setup-user.yml -i hosts.ini --extra-vars='{ "target_host": "deployment_host" }' + target_host: "deployment_host" + + # The sequence you obtained in the previous step + # eg: 0AFB10B643944C22 + gpg_key_id: "" + + # The passphrase used while creating the GPG key + vault_passphrase: "" + + # Three letter identifier for your organization + # eg: lcn + org_id: "" + + # Three letter identifier for your location + # eg: cad + location_id: "" + + # your domain + dns_domain: "" ``` + +- Run the `setup-k8s.yml` ansible playbook: + + ```bash + ansible-playbook setup-k8s.yml -i hosts.ini --extra-vars='{ target_host: "deployment_host" }' --user $USER + ``` + +## Setup Container Registry + +- Copy the [`container-vars.example.yml`](./vars/container-vars.example.yml) file + + ```bash + cd vars + cp container-vars.example.yml container-vars.yml + ``` + +- Update the following in the [`container-vars.yml`](./vars/container-vars.yml) file: + + ```bash + # username for the container registry + container_registry_username: "" + + # password for the container registry + container_registry_password: "" + ``` + +- Run the `setup-container-registry.yml` ansible playbook + + ```bash + ansible-playbook setup-container-registry.yml -i hosts.ini --extra-vars='{ target_host: "deployment_host" }' --user $USER + ``` + +## Setup laconicd and laconic console + +- \ No newline at end of file diff --git a/service-provider-setup/setup-dns.yml b/service-provider-setup/setup-dns.yml index 8324a3c..cf5d33a 100644 --- a/service-provider-setup/setup-dns.yml +++ b/service-provider-setup/setup-dns.yml @@ -18,7 +18,7 @@ oauth_token: "{{ do_api_token }}" domain: "{{ domain }}" type: A - name: "{{ subdomain }}-cluster-control" + name: "{{ subdomain_prefix }}-cluster-control" data: "{{ cluster_control_ip }}" - name: Create CNAME record for www @@ -38,7 +38,7 @@ data: "{{ subdomain_cluster_control }}.{{ domain }}" domain: "{{ domain }}" type: CNAME - name: "{{ subdomain }}" + name: "{{ subdomain_prefix }}" ttl: 43200 - name: Create wildcard CNAME record for subdomain @@ -48,7 +48,7 @@ data: "{{ subdomain_cluster_control }}.{{ domain }}" domain: "{{ domain }}" type: CNAME - name: "*.{{ subdomain }}" + name: "*.{{ subdomain_prefix }}" ttl: 43200 - name: Create CNAME record for pwa diff --git a/service-provider-setup/setup-k8s.yml b/service-provider-setup/setup-k8s.yml index d472e9b..66bbee9 100644 --- a/service-provider-setup/setup-k8s.yml +++ b/service-provider-setup/setup-k8s.yml @@ -35,6 +35,13 @@ state: present create: yes + - name: Ensure ~/.local/bin is in PATH in .zshrc + lineinfile: + path: ~/.zshrc + line: 'export PATH="$HOME/.local/bin:$PATH"' + state: present + create: yes + - name: Clone the service provider template repo git: repo: "https://git.vdb.to/cerc-io/service-provider-template.git" @@ -59,6 +66,8 @@ command: bash .vault/vault-rekey.sh responses: "Enter passphrase:": "{{ vault_passphrase }}" + environment: + VAULT_KEY='{{ vault_passphrase }}' args: chdir: "service-provider-template" @@ -161,11 +170,11 @@ chdir: "{{ ansible_env.HOME }}/service-provider-template" - name: Install Stack Orchestrator - command: ansible-playbook -i hosts site.yml --tags=so --limit=so + command: ansible-playbook -i hosts site.yml --tags=so --limit=so --user so args: chdir: "{{ ansible_env.HOME }}/service-provider-template" - name: Deploy Kubernetes - command: ansible-playbook -i hosts site.yml --tags=k8s --limit={{ org_id }}_{{ location_id }} + command: ansible-playbook -i hosts site.yml --tags=k8s --limit={{ org_id }}_{{ location_id }} --user so args: chdir: "{{ ansible_env.HOME }}/service-provider-template" diff --git a/service-provider-setup/setup-user.yml b/service-provider-setup/setup-user.yml index cfb17db..ebd3aa4 100644 --- a/service-provider-setup/setup-user.yml +++ b/service-provider-setup/setup-user.yml @@ -78,6 +78,7 @@ - /var/lib/snapd become: yes + # TODO: Make username and password configurable - name: Create a user `dev` user: name: dev @@ -85,7 +86,7 @@ shell: /bin/zsh state: present - - name: Add dev' user to sudoers group + - name: Add dev user to sudoers group user: name: dev groups: sudo @@ -98,3 +99,5 @@ owner: dev group: dev mode: '0700' + + # TODO: Add tasks to setup passwordless sudo for the user \ No newline at end of file diff --git a/service-provider-setup/vars/container-vars.example.yml b/service-provider-setup/vars/container-vars.example.yml index 643335e..3b34f94 100644 --- a/service-provider-setup/vars/container-vars.example.yml +++ b/service-provider-setup/vars/container-vars.example.yml @@ -1,3 +1,3 @@ container_registry_username: "" container_registry_password: "" -container_registry_domain: "" +container_registry_domain: "container-registry.pwa.{{ dns_domain }}.com" -- 2.45.2 From 16c9dac3fe5fa4c1e0c1d18ae0e77b800eb8ea0b Mon Sep 17 00:00:00 2001 From: Adw8 Date: Tue, 24 Sep 2024 14:56:23 +0530 Subject: [PATCH 17/31] Add playbook for setting up service provider --- service-provider-setup/.gitignore | 5 +- service-provider-setup/README.md | 120 +++++------------- service-provider-setup/deploy-backend.yml | 5 + .../service-provider-setup.yml | 7 + service-provider-setup/setup-k8s.yml | 11 +- .../vars/webapp-vars.example.yml | 4 +- 6 files changed, 47 insertions(+), 105 deletions(-) create mode 100644 service-provider-setup/service-provider-setup.yml diff --git a/service-provider-setup/.gitignore b/service-provider-setup/.gitignore index a27004d..26614fb 100644 --- a/service-provider-setup/.gitignore +++ b/service-provider-setup/.gitignore @@ -1,4 +1 @@ -vars/dns-vars.yml -vars/k8s-vars.yml -vars/container-vars.yml -vars/webapp-vars.yml +vars/*.yml diff --git a/service-provider-setup/README.md b/service-provider-setup/README.md index 605c17b..a3b8145 100644 --- a/service-provider-setup/README.md +++ b/service-provider-setup/README.md @@ -45,9 +45,7 @@ To get started, follow the [installation](../README.md#installation) guide to se ansible-playbook setup-user.yml -i hosts.ini --extra-vars='{ "target_host": "deployment_host" }' ``` -For the following playbooks, Update `ansible_user` in the [`hosts.ini`](./hosts.ini) file to the user that you created - -## Configure DNS +## Become a Service Provider ### Prerequisites @@ -55,43 +53,6 @@ For the following playbooks, Update `ansible_user` in the [`hosts.ini`](./hosts. - Generate a DigitalOcean access token -### Create DNS entries in DigitalOcean - -- Copy the [`dns-vars.example.yml`](./vars/dns-vars.example.yml) file - - ```bash - cd vars - cp dns-vars.example.yml dns-vars.yml - ``` - -- Set the following values in the `dns-vars.yml` file - - ```bash - # primary domain for which DNS records will be managed - # eg: laconic.com - domain: "" - - # specific prefix for subdomains - # eg: lcn-cad - subdomain_prefix: "" - - # The IP address to be used for the A record of the cluster control machine - # eg: 23.111.78.179 - cluster_control_ip: "" - - # DigitalOcean access token - # eg: dop_v1... - do_api_token: "" - ``` - -- Run the [`setup-dns.yml`](./setup-dns.yml) ansible playbook to create the necessary DNS entries in DigitalOcean - - ```bash - ansible-playbook setup-dns.yml - ``` - -## Setup k8s clusters - - Create a PGP key on your target host ``` @@ -114,70 +75,47 @@ For the following playbooks, Update `ansible_user` in the [`hosts.ini`](./hosts. uid [ultimate] user ``` - Note the `0AFB10B643944C22` sequence of characters. + Note the `0AFB10B643944C22` sequence of characters. This will be required later. -- Copy the [`k8s-vars.example.yml`](./vars/k8s-vars.example.yml) file +- Copy the vars files: ```bash cd vars - cp k8s-vars.example.yml k8s-vars.yml + cp dns-vars.example.yml dns1-vars.yml + cp k8s-vars.example.yml k8s1-vars.yml + cp container-vars.example.yml container1-vars.yml + cp webapp-vars.example.yml webapp-vars.yml ``` -- Update `gpg_key_id` in [`k8s-vars.yml`](./vars/k8s-vars.yml) with the the following: +- Update the following values in the respective variable files: ```bash + # vars/dns-vars.yml + domain: "" # eg: laconic.com + subdomain_prefix: "" # eg: lcn-cad + cluster_control_ip: "" # eg: 23.111.78.179 + do_api_token: "" # eg: dop_v1... + + # vars/k8s-vars.yml target_host: "deployment_host" + gpg_key_id: "" # The sequence obtained in the previous step, eg: 0AFB10B643944C22 + vault_passphrase: "" # passphrase for GPG key + org_id: "" # eg: lcn + location_id: "" # eg: cad + dns_domain: "" # eg: laconic.com - # The sequence you obtained in the previous step - # eg: 0AFB10B643944C22 - gpg_key_id: "" + # vars/container-vars.yml + container_registry_username: "" # username to login to the container registry + container_registry_password: "" # password to login to the container registry - # The passphrase used while creating the GPG key - vault_passphrase: "" - - # Three letter identifier for your organization - # eg: lcn - org_id: "" - - # Three letter identifier for your location - # eg: cad - location_id: "" - - # your domain - dns_domain: "" + # vars/webapp-vars.yml + authority_name: "" # eg: my-org-name ``` -- Run the `setup-k8s.yml` ansible playbook: +- Update `ansible_user` in the [`hosts.ini`](./hosts.ini) file to the user on target host + +- Run the `service-provider-setup.yml` ansible-playbook to DNS records, deploy k8s, setup container registry, deploy the webapp-deployer API and webapp-deployer UI ```bash - ansible-playbook setup-k8s.yml -i hosts.ini --extra-vars='{ target_host: "deployment_host" }' --user $USER + ansible-playbook service-provider-setup.yml -i hosts.ini --extra-vars='{ target_host: "deployment_host" }' --user $USER ``` - -## Setup Container Registry - -- Copy the [`container-vars.example.yml`](./vars/container-vars.example.yml) file - - ```bash - cd vars - cp container-vars.example.yml container-vars.yml - ``` - -- Update the following in the [`container-vars.yml`](./vars/container-vars.yml) file: - - ```bash - # username for the container registry - container_registry_username: "" - - # password for the container registry - container_registry_password: "" - ``` - -- Run the `setup-container-registry.yml` ansible playbook - - ```bash - ansible-playbook setup-container-registry.yml -i hosts.ini --extra-vars='{ target_host: "deployment_host" }' --user $USER - ``` - -## Setup laconicd and laconic console - -- \ No newline at end of file diff --git a/service-provider-setup/deploy-backend.yml b/service-provider-setup/deploy-backend.yml index 04c7c2e..d9bf91c 100644 --- a/service-provider-setup/deploy-backend.yml +++ b/service-provider-setup/deploy-backend.yml @@ -35,6 +35,11 @@ - name: Build containers for webapp-deployer-backend command: laconic-so --stack webapp-deployer-backend build-containers + - name: Ensure the config directory exists + file: + path: "{{ ansible_env.HOME }}/config" + state: directory + - name: Create laconic config file template: src: "./templates/laconic.yml.j2" diff --git a/service-provider-setup/service-provider-setup.yml b/service-provider-setup/service-provider-setup.yml new file mode 100644 index 0000000..a50564d --- /dev/null +++ b/service-provider-setup/service-provider-setup.yml @@ -0,0 +1,7 @@ +- import_playbook: setup-dns.yml +- import_playbook: setup-k8s.yml +- import_playbook: setup-container-registry.yml +- import_playbook: run-laconicd.yml +- import_playbook: run-laconic-console.yml +- import_playbook: deploy-backend.yml +- import_playbook: deploy-frontend.yml diff --git a/service-provider-setup/setup-k8s.yml b/service-provider-setup/setup-k8s.yml index 66bbee9..bfec933 100644 --- a/service-provider-setup/setup-k8s.yml +++ b/service-provider-setup/setup-k8s.yml @@ -58,16 +58,11 @@ command: gpg-agent --daemon ignore_errors: yes - - name: Set VAULT_KEY environment variable - shell: export VAULT_KEY='{{ vault_passphrase }}' + - name: Sign a dummy string using gpg-key + shell: echo "This is a dummy string." | gpg --batch --yes --passphrase "{{ vault_passphrase }}" --pinentry-mode loopback --sign - - name: Run vault-rekey.sh - expect: - command: bash .vault/vault-rekey.sh - responses: - "Enter passphrase:": "{{ vault_passphrase }}" - environment: - VAULT_KEY='{{ vault_passphrase }}' + shell: bash .vault/vault-rekey.sh args: chdir: "service-provider-template" diff --git a/service-provider-setup/vars/webapp-vars.example.yml b/service-provider-setup/vars/webapp-vars.example.yml index ede7205..5c632f1 100644 --- a/service-provider-setup/vars/webapp-vars.example.yml +++ b/service-provider-setup/vars/webapp-vars.example.yml @@ -1,3 +1,3 @@ authority_name: "" -ALICE_PK: "" -BOND_ID: "" +ALICE_PK: "{{ ALICE_PK }}" +BOND_ID: "{{ BOND_ID }}" -- 2.45.2 From 8aa42cf506713831d57b71d0815991798cbba997 Mon Sep 17 00:00:00 2001 From: Adw8 Date: Thu, 26 Sep 2024 10:16:47 +0530 Subject: [PATCH 18/31] Add task to setup passwordless sudo for user --- service-provider-setup/README.md | 22 +++++++++++++- service-provider-setup/setup-k8s.yml | 15 +++++----- service-provider-setup/setup-user.yml | 41 +++++++++++++++++++-------- 3 files changed, 58 insertions(+), 20 deletions(-) diff --git a/service-provider-setup/README.md b/service-provider-setup/README.md index a3b8145..77fd87a 100644 --- a/service-provider-setup/README.md +++ b/service-provider-setup/README.md @@ -39,7 +39,27 @@ To get started, follow the [installation](../README.md#installation) guide to se # } ``` -- Execute the `setup-user.yml` Ansible playbook to create a user `dev` with sudo permissions: +- Setup `user-vars.yml` using the example file + + ```bash + cd vars + cp user-vars.example.yml user-vars.yml + ``` + +- Edit the following vars: + + ```bash + # name of the user you want to setup on the target host + username: "" + + # password of the user you want to setup on the target host + password: "" + + # path to the ssh key on your machine + path_to_ssh_key: " + ``` + +- Execute the `setup-user.yml` Ansible playbook to create a user with passwordless sudo permissions: ```bash ansible-playbook setup-user.yml -i hosts.ini --extra-vars='{ "target_host": "deployment_host" }' diff --git a/service-provider-setup/setup-k8s.yml b/service-provider-setup/setup-k8s.yml index bfec933..ca799f8 100644 --- a/service-provider-setup/setup-k8s.yml +++ b/service-provider-setup/setup-k8s.yml @@ -59,12 +59,16 @@ ignore_errors: yes - name: Sign a dummy string using gpg-key - shell: echo "This is a dummy string." | gpg --batch --yes --passphrase "{{ vault_passphrase }}" --pinentry-mode loopback --sign - + shell: echo "This is a dummy string." | gpg --batch --yes --local-user "{{ gpg_key_id }}" --passphrase "{{ vault_passphrase }}" --pinentry-mode loopback --sign - - name: Run vault-rekey.sh shell: bash .vault/vault-rekey.sh args: chdir: "service-provider-template" + register: rekey_result + until: rekey_result.stderr == "" + retries: 5 + delay: 5 - name: Ensure the target directory exists file: @@ -163,13 +167,10 @@ command: ansible-playbook -i hosts site.yml --tags=firewalld,nginx args: chdir: "{{ ansible_env.HOME }}/service-provider-template" - - - name: Install Stack Orchestrator - command: ansible-playbook -i hosts site.yml --tags=so --limit=so --user so - args: - chdir: "{{ ansible_env.HOME }}/service-provider-template" + environment: + ANSIBLE_HOST_KEY_CHECKING: "False" - name: Deploy Kubernetes - command: ansible-playbook -i hosts site.yml --tags=k8s --limit={{ org_id }}_{{ location_id }} --user so + command: ansible-playbook -i hosts site.yml --tags=k8s --limit={{ org_id }}_{{ location_id }} --user {{ ansible_user }} args: chdir: "{{ ansible_env.HOME }}/service-provider-template" diff --git a/service-provider-setup/setup-user.yml b/service-provider-setup/setup-user.yml index ebd3aa4..7597c0c 100644 --- a/service-provider-setup/setup-user.yml +++ b/service-provider-setup/setup-user.yml @@ -2,12 +2,16 @@ hosts: "{{ target_host }}" become: yes + vars_files: + - vars/user-vars.yml + tasks: - name: Set unique hostname hostname: name: "{{ inventory_hostname }}" when: ansible_hostname != inventory_hostname + # TODO: Move installation to k8s playbook - name: Install additional packages apt: name: @@ -78,26 +82,39 @@ - /var/lib/snapd become: yes - # TODO: Make username and password configurable - - name: Create a user `dev` + - name: Create a user user: - name: dev - password: "{{ 'so-service-provider' | password_hash('sha512') }}" - shell: /bin/zsh + name: "{{ username }}" + password: "{{ '{{ password }}' | password_hash('sha512') }}" + shell: /bin/bash state: present - - name: Add dev user to sudoers group + - name: Add user to sudoers group user: - name: dev + name: "{{ username }}" groups: sudo append: yes - - name: Ensure .ssh directory exists for 'dev' user + - name: Ensure .ssh directory exists for user file: - path: /home/dev/.ssh + path: /home/"{{ username }}"/.ssh state: directory - owner: dev - group: dev + owner: "{{ username }}" + group: "{{ username }}" mode: '0700' - # TODO: Add tasks to setup passwordless sudo for the user \ No newline at end of file + - name: Copy SSH public key to authorized_keys + copy: + src: "{{ path_to_ssh_key }}" + dest: /home/{{ username }}/.ssh/authorized_keys + owner: "{{ username }}" + group: "{{ username }}" + mode: '0600' + + - name: Add user to sudoers for passwordless sudo + lineinfile: + path: /etc/sudoers + state: present + regexp: '^{{ username }} ALL=\(ALL\) NOPASSWD:ALL' + line: '{{ username }} ALL=(ALL) NOPASSWD:ALL' + validate: 'visudo -cf %s' -- 2.45.2 From edef198f6ccff4a25e590366dd4d9f9cb6261405 Mon Sep 17 00:00:00 2001 From: Adw8 Date: Thu, 26 Sep 2024 11:34:19 +0530 Subject: [PATCH 19/31] Couple domain name and domain extension in var --- service-provider-setup/README.md | 10 ++++---- service-provider-setup/deploy-backend.yml | 22 ++++++++--------- service-provider-setup/deploy-frontend.yml | 6 ++--- service-provider-setup/setup-dns.yml | 24 +++++++++---------- service-provider-setup/setup-k8s.yml | 2 +- .../configs/webapp-deployer-config.env.j2 | 8 +++---- .../templates/configs/webapp-ui-config.env.j2 | 2 +- service-provider-setup/templates/k8s.yml.j2 | 6 ++--- .../templates/laconic.yml.j2 | 4 ++-- service-provider-setup/templates/nginx.yml.j2 | 6 ++--- .../specs/container-registry.spec.j2 | 2 +- .../templates/specs/webapp-deployer.spec.j2 | 4 ++-- .../templates/wildcard-pwa-example.yml.j2 | 10 ++++---- .../vars/dns-vars.example.yml | 2 +- .../vars/k8s-vars.example.yml | 3 ++- 15 files changed, 56 insertions(+), 55 deletions(-) diff --git a/service-provider-setup/README.md b/service-provider-setup/README.md index 77fd87a..5ad4c98 100644 --- a/service-provider-setup/README.md +++ b/service-provider-setup/README.md @@ -101,9 +101,9 @@ To get started, follow the [installation](../README.md#installation) guide to se ```bash cd vars - cp dns-vars.example.yml dns1-vars.yml - cp k8s-vars.example.yml k8s1-vars.yml - cp container-vars.example.yml container1-vars.yml + cp dns-vars.example.yml dns-vars.yml + cp k8s-vars.example.yml k8s-vars.yml + cp container-vars.example.yml container-vars.yml cp webapp-vars.example.yml webapp-vars.yml ``` @@ -111,7 +111,7 @@ To get started, follow the [installation](../README.md#installation) guide to se ```bash # vars/dns-vars.yml - domain: "" # eg: laconic.com + full_domain: "" # eg: laconic.com subdomain_prefix: "" # eg: lcn-cad cluster_control_ip: "" # eg: 23.111.78.179 do_api_token: "" # eg: dop_v1... @@ -122,7 +122,7 @@ To get started, follow the [installation](../README.md#installation) guide to se vault_passphrase: "" # passphrase for GPG key org_id: "" # eg: lcn location_id: "" # eg: cad - dns_domain: "" # eg: laconic.com + base_domain: "" # eg: laconic # vars/container-vars.yml container_registry_username: "" # username to login to the container registry diff --git a/service-provider-setup/deploy-backend.yml b/service-provider-setup/deploy-backend.yml index d9bf91c..8fc79f1 100644 --- a/service-provider-setup/deploy-backend.yml +++ b/service-provider-setup/deploy-backend.yml @@ -19,15 +19,15 @@ mode: '0700' - name: Create a GPG key - shell: gpg --batch --passphrase "SECRET" --quick-generate-key webapp-deployer-api.{{ dns_domain }}.com default default never + shell: gpg --batch --passphrase "SECRET" --quick-generate-key webapp-deployer-api.{{ full_domain }} default default never - name: Export the public key - shell: gpg --export webapp-deployer-api.{{ dns_domain }}.com > ~/gpg-keys/webapp-deployer-api.{{ dns_domain }}.com.pgp.pub + shell: gpg --export webapp-deployer-api.{{ full_domain }} > ~/gpg-keys/webapp-deployer-api.{{ full_domain }}.pgp.pub args: - creates: ~/gpg-keys/webapp-deployer-api.{{ dns_domain }}.com.pgp.pub + creates: ~/gpg-keys/webapp-deployer-api.{{ full_domain }}.pgp.pub - name: Export the GPG private key with passphrase - shell: gpg --pinentry-mode=loopback --passphrase "SECRET" --export-secret-keys webapp-deployer-api.{{ dns_domain }}.com > ~/gpg-keys/webapp-deployer-api.{{ dns_domain }}.com.pgp.key + shell: gpg --pinentry-mode=loopback --passphrase "SECRET" --export-secret-keys webapp-deployer-api.{{ full_domain }} > ~/gpg-keys/webapp-deployer-api.{{ full_domain }}.pgp.key - name: Setup repositories for webapp-deployer-backend command: laconic-so --stack webapp-deployer-backend setup-repositories @@ -47,13 +47,13 @@ - name: Copy the gpg private key file to config dir copy: - src: "gpg-keys/webapp-deployer-api.{{ dns_domain }}.com.pgp.key" + src: "gpg-keys/webapp-deployer-api.{{ full_domain }}.pgp.key" dest: "config" remote_src: true - name: Copy the gpg public key file to config dir copy: - src: "gpg-keys/webapp-deployer-api.{{ dns_domain }}.com.pgp.pub" + src: "gpg-keys/webapp-deployer-api.{{ full_domain }}.pgp.pub" dest: "config" remote_src: true @@ -63,9 +63,9 @@ -v /home/{{ ansible_user }}/config:/home/root/config \ cerc/webapp-deployer-backend:local laconic-so publish-deployer-to-registry \ --laconic-config /home/root/config/laconic.yml \ - --api-url https://webapp-deployer-api.{{ dns_domain }}.com \ - --public-key-file /home/root/config/webapp-deployer-api.{{ dns_domain }}.com.pgp.pub \ - --lrn lrn://{{ authority_name }}/deployers/webapp-deployer-api.{{ dns_domain }}.com \ + --api-url https://webapp-deployer-api.{{ full_domain }} \ + --public-key-file /home/root/config/webapp-deployer-api.{{ full_domain }}.pgp.pub \ + --lrn lrn://{{ authority_name }}/deployers/webapp-deployer-api.{{ full_domain }} \ --min-required-payment 100 register: publish_output @@ -118,7 +118,7 @@ register: wait_result - name: Copy gpg private key file to webapp deployer pod - shell: kubectl cp gpg-keys/webapp-deployer-api.{{ dns_domain }}.com.pgp.key {{ pod_id }}:/app + shell: kubectl cp gpg-keys/webapp-deployer-api.{{ full_domain }}.pgp.key {{ pod_id }}:/app - name: Copy gpg public key file to webapp deployer pod - shell: kubectl cp gpg-keys/webapp-deployer-api.{{ dns_domain }}.com.pgp.pub {{ pod_id }}:/app + shell: kubectl cp gpg-keys/webapp-deployer-api.{{ full_domain }}.pgp.pub {{ pod_id }}:/app diff --git a/service-provider-setup/deploy-frontend.yml b/service-provider-setup/deploy-frontend.yml index 0946e99..855d61d 100644 --- a/service-provider-setup/deploy-frontend.yml +++ b/service-provider-setup/deploy-frontend.yml @@ -6,7 +6,7 @@ vars_files: - vars/webapp-vars.yml - - vars/k8s-vars.yml + - vars/dns-vars.yml tasks: - name: Clone webapp-deployment-status-ui repository @@ -21,8 +21,8 @@ - name: Create a deployment for webapp-ui command: | laconic-so deploy-webapp create --kube-config {{ ansible_env.HOME }}/.kube/config-default.yaml - --image-registry container-registry.pwa.{{ dns_domain }}.com --deployment-dir webapp-ui - --image cerc/webapp-deployment-status-ui:local --url https://webapp-deployer-ui.pwa.{{ dns_domain }}.com + --image-registry container-registry.pwa.{{ full_domain }} --deployment-dir webapp-ui + --image cerc/webapp-deployment-status-ui:local --url https://webapp-deployer-ui.pwa.{{ full_domain }} --env-file ~/cerc/webapp-deployment-status-ui/.env - name: Push image to container registry diff --git a/service-provider-setup/setup-dns.yml b/service-provider-setup/setup-dns.yml index cf5d33a..c5280a0 100644 --- a/service-provider-setup/setup-dns.yml +++ b/service-provider-setup/setup-dns.yml @@ -9,14 +9,14 @@ community.digitalocean.digital_ocean_domain: state: present oauth_token: "{{ do_api_token }}" - name: "{{ domain }}" + name: "{{ full_domain }}" ip: "{{ cluster_control_ip }}" - name: Create record for cluster control machine community.digitalocean.digital_ocean_domain_record: state: present oauth_token: "{{ do_api_token }}" - domain: "{{ domain }}" + domain: "{{ full_domain }}" type: A name: "{{ subdomain_prefix }}-cluster-control" data: "{{ cluster_control_ip }}" @@ -25,8 +25,8 @@ community.digitalocean.digital_ocean_domain_record: state: present oauth_token: "{{ do_api_token }}" - data: "{{ domain }}" - domain: "{{ domain }}" + data: "{{ full_domain }}" + domain: "{{ full_domain }}" type: CNAME name: www ttl: 43200 @@ -35,8 +35,8 @@ community.digitalocean.digital_ocean_domain_record: state: present oauth_token: "{{ do_api_token }}" - data: "{{ subdomain_cluster_control }}.{{ domain }}" - domain: "{{ domain }}" + data: "{{ subdomain_cluster_control }}.{{ full_domain }}" + domain: "{{ full_domain }}" type: CNAME name: "{{ subdomain_prefix }}" ttl: 43200 @@ -45,8 +45,8 @@ community.digitalocean.digital_ocean_domain_record: state: present oauth_token: "{{ do_api_token }}" - data: "{{ subdomain_cluster_control }}.{{ domain }}" - domain: "{{ domain }}" + data: "{{ subdomain_cluster_control }}.{{ full_domain }}" + domain: "{{ full_domain }}" type: CNAME name: "*.{{ subdomain_prefix }}" ttl: 43200 @@ -55,8 +55,8 @@ community.digitalocean.digital_ocean_domain_record: state: present oauth_token: "{{ do_api_token }}" - data: "{{ subdomain_cluster_control }}.{{ domain }}" - domain: "{{ domain }}" + data: "{{ subdomain_cluster_control }}.{{ full_domain }}" + domain: "{{ full_domain }}" type: CNAME name: "pwa" ttl: 43200 @@ -65,8 +65,8 @@ community.digitalocean.digital_ocean_domain_record: state: present oauth_token: "{{ do_api_token }}" - data: "{{ subdomain_cluster_control }}.{{ domain }}" - domain: "{{ domain }}" + data: "{{ subdomain_cluster_control }}.{{ full_domain }}" + domain: "{{ full_domain }}" type: CNAME name: "*.pwa" ttl: 43200 diff --git a/service-provider-setup/setup-k8s.yml b/service-provider-setup/setup-k8s.yml index ca799f8..37cc574 100644 --- a/service-provider-setup/setup-k8s.yml +++ b/service-provider-setup/setup-k8s.yml @@ -119,7 +119,7 @@ - name: Copy wildcard-pwa-example.yml to the remote VM template: src: ./templates/wildcard-pwa-example.yml.j2 - dest: "{{ ansible_env.HOME }}/service-provider-template/files/manifests/wildcard-pwa-{{dns_domain}}.yaml" + dest: "{{ ansible_env.HOME }}/service-provider-template/files/manifests/wildcard-pwa-{{ base_domain }}.yaml" - name: Delete old wildcard-pwa file file: diff --git a/service-provider-setup/templates/configs/webapp-deployer-config.env.j2 b/service-provider-setup/templates/configs/webapp-deployer-config.env.j2 index 8b2c130..33b4ab0 100644 --- a/service-provider-setup/templates/configs/webapp-deployer-config.env.j2 +++ b/service-provider-setup/templates/configs/webapp-deployer-config.env.j2 @@ -1,10 +1,10 @@ -DEPLOYMENT_DNS_SUFFIX="pwa.{{ dns_domain }}.com" +DEPLOYMENT_DNS_SUFFIX="pwa.{{ full_domain }}" # Name of reserved authority DEPLOYMENT_RECORD_NAMESPACE="{{ authority_name }}" # url of the deployed docker image registry -IMAGE_REGISTRY="container-registry.pwa.{{ dns_domain }}.com" +IMAGE_REGISTRY="container-registry.pwa.{{ full_domain }}" # htpasswd credentials IMAGE_REGISTRY_USER="{{ container_registry_username }}" @@ -20,8 +20,8 @@ CHECK_INTERVAL=5 FQDN_POLICY="allow" # lrn of the webapp deployer -LRN="lrn://{{ authority_name }}/deployers/webapp-deployer-api.{{ dns_domain }}.com" -export OPENPGP_PRIVATE_KEY_FILE="webapp-deployer-api.{{ dns_domain }}.com.pgp.key" +LRN="lrn://{{ authority_name }}/deployers/webapp-deployer-api.{{ full_domain }}" +export OPENPGP_PRIVATE_KEY_FILE="webapp-deployer-api.{{ full_domain }}.pgp.key" export OPENPGP_PASSPHRASE="SECRET" export DEPLOYER_STATE="srv-test/deployments/autodeploy.state" export UNDEPLOYER_STATE="srv-test/deployments/autoundeploy.state" diff --git a/service-provider-setup/templates/configs/webapp-ui-config.env.j2 b/service-provider-setup/templates/configs/webapp-ui-config.env.j2 index 38697fb..c1fa0c7 100644 --- a/service-provider-setup/templates/configs/webapp-ui-config.env.j2 +++ b/service-provider-setup/templates/configs/webapp-ui-config.env.j2 @@ -1,3 +1,3 @@ CERC_WEBAPP_DEBUG=0.1.0 -LACONIC_HOSTED_CONFIG_app_api_url=https://webapp-deployer-api.pwa.{{ dns_domain }}.com +LACONIC_HOSTED_CONFIG_app_api_url=https://webapp-deployer-api.pwa.{{ full_domain }} LACONIC_HOSTED_CONFIG_app_console_link=https://laconicd.laconic.com/console?query=%0A%20%20fragment%20ValueParts%20on%20Value%20%7B%0A%20%20%20%20...%20on%20BooleanValue%20%7B%0A%20%20%20%20%20%20bool%3A%20value%0A%20%20%20%20%7D%0A%20%20%20%20...%20on%20IntValue%20%7B%0A%20%20%20%20%20%20int%3A%20value%0A%20%20%20%20%7D%0A%20%20%20%20...%20on%20FloatValue%20%7B%0A%20%20%20%20%20%20float%3A%20value%0A%20%20%20%20%7D%0A%20%20%20%20...%20on%20StringValue%20%7B%0A%20%20%20%20%20%20string%3A%20value%0A%20%20%20%20%7D%0A%20%20%20%20...%20on%20BytesValue%20%7B%0A%20%20%20%20%20%20bytes%3A%20value%0A%20%20%20%20%7D%0A%20%20%20%20...%20on%20LinkValue%20%7B%0A%20%20%20%20%20%20link%3A%20value%0A%20%20%20%20%7D%0A%20%20%7D%0A%0A%20%20fragment%20AttrParts%20on%20Attribute%20%7B%0A%20%20%20%20key%0A%20%20%20%20value%20%7B%0A%20%20%20%20%20%20...ValueParts%0A%20%20%20%20%20%20...%20on%20ArrayValue%20%7B%0A%20%20%20%20%20%20%20%20value%20%7B%0A%20%20%20%20%20%20%20%20%20%20...ValueParts%0A%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20%7D%0A%20%20%20%20%7D%0A%20%20%7D%0A%0A%20%20%7B%0A%20%20%20%20getRecordsByIds(ids%3A%20%5B%22#RQID#%22%5D)%20%7B%0A%20%20%20%20%20%20id%0A%20%20%20%20%20%20names%0A%20%20%20%20%20%20bondId%0A%20%20%20%20%20%20createTime%0A%20%20%20%20%20%20expiryTime%0A%20%20%20%20%20%20owners%0A%20%20%20%20%20%20attributes%20%7B%0A%20%20%20%20%20%20%20%20...AttrParts%0A%20%20%20%20%20%20%20%20value%20%7B%0A%20%20%20%20%20%20%20%20%20%20...%20on%20MapValue%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20map%3A%20value%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20...AttrParts%0A%20%20%20%20%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20%7D%0A%20%20%20%20%7D%0A%20%20%7D%0A diff --git a/service-provider-setup/templates/k8s.yml.j2 b/service-provider-setup/templates/k8s.yml.j2 index 8d586a9..e6c35f7 100644 --- a/service-provider-setup/templates/k8s.yml.j2 +++ b/service-provider-setup/templates/k8s.yml.j2 @@ -2,7 +2,7 @@ # default context is used for stack orchestrator deployments, for testing a custom context name can be usefull #k8s_cluster_name: {{ org_id }}-{{ location_id }}-cluster k8s_cluster_name: default -k8s_cluster_url: {{ org_id }}-{{ location_id }}-cluster-control.{{ dns_domain }}.com +k8s_cluster_url: {{ org_id }}-{{ location_id }}-cluster-control.{{ full_domain }} k8s_taint_servers: false k8s_acme_email: "{{ support_email }}" @@ -50,6 +50,6 @@ k8s_manifests: secret_key: access-token # initiate wildcard cert - - name: pwa.{{ dns_domain }}.com + - name: pwa.{{ full_domain }} type: file - source: wildcard-pwa-{{ dns_domain }}.yaml + source: wildcard-pwa-{{ base_domain }}.yaml diff --git a/service-provider-setup/templates/laconic.yml.j2 b/service-provider-setup/templates/laconic.yml.j2 index 6c65e77..cb07978 100644 --- a/service-provider-setup/templates/laconic.yml.j2 +++ b/service-provider-setup/templates/laconic.yml.j2 @@ -1,7 +1,7 @@ services: registry: - rpcEndpoint: 'http://{{ subdomain_cluster_control }}.{{ dns_domain }}.com:26657' - gqlEndpoint: 'http://{{ subdomain_cluster_control}}.{{ dns_domain }}.com:9473/api' + rpcEndpoint: 'http://{{ subdomain_cluster_control }}.{{ full_domain }}:26657' + gqlEndpoint: 'http://{{ subdomain_cluster_control}}.{{ full_domain }}:9473/api' userKey: "{{ ALICE_PK }}" bondId: "{{ BOND_ID }}" chainId: lorotestnet-1 diff --git a/service-provider-setup/templates/nginx.yml.j2 b/service-provider-setup/templates/nginx.yml.j2 index a432670..694d5a7 100644 --- a/service-provider-setup/templates/nginx.yml.j2 +++ b/service-provider-setup/templates/nginx.yml.j2 @@ -7,15 +7,15 @@ nginx_proxy_connection_timeout: 75 nginx_sites: - name: {{ org_id }}-console - url: {{ org_id }}-console.{{ dns_domain }}.com + url: {{ org_id }}-console.{{ full_domain }} upstream: http://localhost:8080 template: basic-proxy ssl: true - name: {{ org_id }}-daemon - url: {{ org_id }}-daemon.{{ dns_domain }}.com + url: {{ org_id }}-daemon.{{ full_domain }} upstream: http://localhost:9473 configs: - - rewrite ^/deployer(/.*)? https://webapp-deployer.pwa.{{dns_domain}}.com permanent + - rewrite ^/deployer(/.*)? https://webapp-deployer.pwa.{{full_domain}} permanent template: websocket-proxy ssl: true diff --git a/service-provider-setup/templates/specs/container-registry.spec.j2 b/service-provider-setup/templates/specs/container-registry.spec.j2 index 4f55bae..ee3d1e1 100644 --- a/service-provider-setup/templates/specs/container-registry.spec.j2 +++ b/service-provider-setup/templates/specs/container-registry.spec.j2 @@ -6,7 +6,7 @@ network: registry: - '5000' http-proxy: - - host-name: container-registry.pwa.{{dns_domain}}.com + - host-name: container-registry.pwa.{{full_domain}} routes: - path: '/' proxy-to: registry:5000 diff --git a/service-provider-setup/templates/specs/webapp-deployer.spec.j2 b/service-provider-setup/templates/specs/webapp-deployer.spec.j2 index 6a76349..d0191c7 100644 --- a/service-provider-setup/templates/specs/webapp-deployer.spec.j2 +++ b/service-provider-setup/templates/specs/webapp-deployer.spec.j2 @@ -1,13 +1,13 @@ stack: webapp-deployer-backend deploy-to: k8s kube-config: {{ansible_env.HOME}}/.kube/config-default.yaml -image-registry: container-registry.pwa.{{dns_domain}}.com/laconic-registry +image-registry: container-registry.pwa.{{full_domain}}/laconic-registry network: ports: server: - '9555' http-proxy: - - host-name: webapp-deployer-api.pwa.{{ dns_domain }}.com + - host-name: webapp-deployer-api.pwa.{{ full_domain }} routes: - path: '/' proxy-to: server:9555 diff --git a/service-provider-setup/templates/wildcard-pwa-example.yml.j2 b/service-provider-setup/templates/wildcard-pwa-example.yml.j2 index a9920bc..2326cd1 100644 --- a/service-provider-setup/templates/wildcard-pwa-example.yml.j2 +++ b/service-provider-setup/templates/wildcard-pwa-example.yml.j2 @@ -1,15 +1,15 @@ apiVersion: cert-manager.io/v1 kind: Certificate metadata: - name: pwa.{{ dns_domain }}.com + name: pwa.{{ full_domain }} namespace: default spec: - secretName: pwa.{{ dns_domain }}.com + secretName: pwa.{{ full_domain }} issuerRef: name: letsencrypt-prod-wild kind: ClusterIssuer group: cert-manager.io - commonName: *.pwa.{{ dns_domain }}.com + commonName: *.pwa.{{ full_domain }} dnsNames: - - pwa.{{ dns_domain }}.com - - *.pwa.{{ dns_domain }}.com + - pwa.{{ full_domain }} + - *.pwa.{{ full_domain }} diff --git a/service-provider-setup/vars/dns-vars.example.yml b/service-provider-setup/vars/dns-vars.example.yml index a0b441b..a09aa41 100644 --- a/service-provider-setup/vars/dns-vars.example.yml +++ b/service-provider-setup/vars/dns-vars.example.yml @@ -1,4 +1,4 @@ -domain: "" +full_domain: "" subdomain_prefix: "" subdomain_cluster_control: "{{ subdomain_prefix }}-cluster-control" cluster_control_ip: "" diff --git a/service-provider-setup/vars/k8s-vars.example.yml b/service-provider-setup/vars/k8s-vars.example.yml index 53b09d7..87e5a48 100644 --- a/service-provider-setup/vars/k8s-vars.example.yml +++ b/service-provider-setup/vars/k8s-vars.example.yml @@ -3,4 +3,5 @@ gpg_key_id: "" vault_passphrase: "" org_id: "" location_id: "" -dns_domain: "" +base_domain: "" +ansible_ssh_extra_args: '-o StrictHostKeyChecking=no' -- 2.45.2 From ee1ad839c447c427239ae673447a2a22c14f07d3 Mon Sep 17 00:00:00 2001 From: Adw8 Date: Thu, 26 Sep 2024 15:11:06 +0530 Subject: [PATCH 20/31] Add rpc and gql endpoints to laconic console config --- service-provider-setup/README.md | 9 +++++--- service-provider-setup/deploy-backend.yml | 3 +++ service-provider-setup/deploy-frontend.yml | 1 + .../run-laconic-console.yml | 2 ++ service-provider-setup/run-laconicd.yml | 4 ++-- .../setup-container-registry.yml | 22 ++++++++++++++----- service-provider-setup/setup-k8s.yml | 2 +- .../templates/configs/console-config.env.j2 | 3 +++ .../templates/configs/webapp-ui-config.env.j2 | 2 +- .../templates/specs/webapp-deployer.spec.j2 | 4 ++-- .../vars/container-vars.example.yml | 2 +- .../vars/k8s-vars.example.yml | 1 + .../vars/webapp-vars.example.yml | 2 ++ 13 files changed, 41 insertions(+), 16 deletions(-) diff --git a/service-provider-setup/README.md b/service-provider-setup/README.md index 5ad4c98..bd6be04 100644 --- a/service-provider-setup/README.md +++ b/service-provider-setup/README.md @@ -4,7 +4,7 @@ To get started, follow the [installation](../README.md#installation) guide to setup ansible on your machine -## Setup User `dev` +## Setup a new User - Create a new `hosts.ini` file: @@ -95,7 +95,7 @@ To get started, follow the [installation](../README.md#installation) guide to se uid [ultimate] user ``` - Note the `0AFB10B643944C22` sequence of characters. This will be required later. + Note the `0AFB10B643944C22` sequence of characters after `sec`. This will be required later. - Copy the vars files: @@ -123,13 +123,16 @@ To get started, follow the [installation](../README.md#installation) guide to se org_id: "" # eg: lcn location_id: "" # eg: cad base_domain: "" # eg: laconic + support_email: "" # eg: support@laconic.com # vars/container-vars.yml container_registry_username: "" # username to login to the container registry container_registry_password: "" # password to login to the container registry # vars/webapp-vars.yml - authority_name: "" # eg: my-org-name + authority_name: "" # eg: my-org-name + cpu_reservation: "" # Minimum number of cpu cores to be used, eg: 2 + memory_reservation: "" # Minimum amount of memory in GB to be used, eg: 4G ``` - Update `ansible_user` in the [`hosts.ini`](./hosts.ini) file to the user on target host diff --git a/service-provider-setup/deploy-backend.yml b/service-provider-setup/deploy-backend.yml index 8fc79f1..679328a 100644 --- a/service-provider-setup/deploy-backend.yml +++ b/service-provider-setup/deploy-backend.yml @@ -99,6 +99,9 @@ src: "./templates/laconic.yml.j2" dest: "webapp-deployer/data/config/laconic.yml" + - name: login to the container registry + command: "docker login container-registry.pwa.{{ full_domain }} --username {{ container_registry_username }} --password {{ container_registry_password}}" + - name: Push images to container registry command: laconic-so deployment --dir webapp-deployer push-images diff --git a/service-provider-setup/deploy-frontend.yml b/service-provider-setup/deploy-frontend.yml index 855d61d..59a8318 100644 --- a/service-provider-setup/deploy-frontend.yml +++ b/service-provider-setup/deploy-frontend.yml @@ -7,6 +7,7 @@ vars_files: - vars/webapp-vars.yml - vars/dns-vars.yml + - vars/k8s-vars.yml tasks: - name: Clone webapp-deployment-status-ui repository diff --git a/service-provider-setup/run-laconic-console.yml b/service-provider-setup/run-laconic-console.yml index ef9d0e7..43655e7 100644 --- a/service-provider-setup/run-laconic-console.yml +++ b/service-provider-setup/run-laconic-console.yml @@ -6,6 +6,8 @@ vars_files: - vars/webapp-vars.yml + - vars/dns-vars.yml + - vars/k8s-vars.yml tasks: - name: Clone the stack repo diff --git a/service-provider-setup/run-laconicd.yml b/service-provider-setup/run-laconicd.yml index 33efa74..a148ca9 100644 --- a/service-provider-setup/run-laconicd.yml +++ b/service-provider-setup/run-laconicd.yml @@ -5,11 +5,11 @@ PATH: "{{ ansible_env.PATH }}:/home/{{ansible_user}}/bin" tasks: - - name: Clone the stack repo + - name: Clone the fixturenet-laconicd-stack repo command: laconic-so fetch-stack git.vdb.to/cerc-io/fixturenet-laconicd-stack --pull ignore_errors: yes - - name: Clone the fixturenet-laconicd repo + - name: Setup repos for fixturenet-laconicd command: laconic-so --stack ~/cerc/fixturenet-laconicd-stack/stack-orchestrator/stacks/fixturenet-laconicd setup-repositories - name: Build container images diff --git a/service-provider-setup/setup-container-registry.yml b/service-provider-setup/setup-container-registry.yml index 2d44e27..7b227e3 100644 --- a/service-provider-setup/setup-container-registry.yml +++ b/service-provider-setup/setup-container-registry.yml @@ -7,9 +7,10 @@ vars_files: - vars/k8s-vars.yml - vars/container-vars.yml + - vars/dns-vars.yml tasks: - - name: Generate the spec file for the container-registry stack + - name: Generate spec file for the container-registry stack template: src: "./templates/specs/container-registry.spec.j2" dest: "{{ansible_env.HOME}}/container-registry.spec" @@ -58,6 +59,11 @@ environment: KUBECONFIG: "{{ ansible_env.HOME }}/.kube/config-default.yaml" + # TODO: Investigate why container registry throws error if started immediately + - name: Wait for 90 seconds + pause: + seconds: 90 + - name: Deploy the container registry command: > laconic-so deployment --dir container-registry start @@ -69,26 +75,30 @@ - name: Decode and extract cluster-id set_fact: - cluster_id: "{{ deployment_file.content | b64decode | regex_search('cluster-id: (.+)', '\\1') }}" + extracted_cluster_id: "{{ deployment_file.content | b64decode | regex_search('cluster-id: (.+)', '\\1') }}" + + - name: Set modified cluster-id + set_fact: + formatted_cluster_id: "{{ extracted_cluster_id | replace('[', '') | replace(']', '') | replace(\"'\", '') }}" - name: Display the cluster ID debug: - msg: "The cluster ID is: {{ cluster_id }}" + msg: "The cluster ID is: {{ formatted_cluster_id }}" - name: Annotate ingress for proxy body size command: > - kubectl annotate ingress {{ cluster_id }}-ingress nginx.ingress.kubernetes.io/proxy-body-size=0 + kubectl annotate ingress {{ formatted_cluster_id }}-ingress nginx.ingress.kubernetes.io/proxy-body-size=0 environment: KUBECONFIG: "{{ ansible_env.HOME }}/.kube/config-default.yaml" - name: Annotate ingress for proxy read timeout command: > - kubectl annotate ingress {{ cluster_id }}-ingress nginx.ingress.kubernetes.io/proxy-read-timeout=600 + kubectl annotate ingress {{ formatted_cluster_id }}-ingress nginx.ingress.kubernetes.io/proxy-read-timeout=600 environment: KUBECONFIG: "{{ ansible_env.HOME }}/.kube/config-default.yaml" - name: Annotate ingress for proxy send timeout command: > - kubectl annotate ingress {{ cluster_id }}-ingress nginx.ingress.kubernetes.io/proxy-send-timeout=600 + kubectl annotate ingress {{ formatted_cluster_id }}-ingress nginx.ingress.kubernetes.io/proxy-send-timeout=600 environment: KUBECONFIG: "{{ ansible_env.HOME }}/.kube/config-default.yaml" diff --git a/service-provider-setup/setup-k8s.yml b/service-provider-setup/setup-k8s.yml index 37cc574..ba15ed6 100644 --- a/service-provider-setup/setup-k8s.yml +++ b/service-provider-setup/setup-k8s.yml @@ -116,7 +116,7 @@ src: ./templates/k8s.yml.j2 dest: "{{ ansible_env.HOME }}/service-provider-template/group_vars/{{ org_id }}_{{ location_id }}/k8s.yml" - - name: Copy wildcard-pwa-example.yml to the remote VM + - name: Copy wildcard-pwa-{{ base_domain }}.yaml to the remote VM template: src: ./templates/wildcard-pwa-example.yml.j2 dest: "{{ ansible_env.HOME }}/service-provider-template/files/manifests/wildcard-pwa-{{ base_domain }}.yaml" diff --git a/service-provider-setup/templates/configs/console-config.env.j2 b/service-provider-setup/templates/configs/console-config.env.j2 index 7ecc724..6c0e8a9 100644 --- a/service-provider-setup/templates/configs/console-config.env.j2 +++ b/service-provider-setup/templates/configs/console-config.env.j2 @@ -1,2 +1,5 @@ CERC_LACONICD_USER_KEY={{ALICE_PK}} CERC_LACONICD_BOND_ID={{BOND_ID}} +CERC_LACONICD_RPC_ENDPOINT=http://{{ org_id }}-{{ location_id }}-cluster-control.{{ full_domain }}:26657 +CERC_LACONICD_GQL_ENDPOINT=http://{{ org_id }}-{{ location_id }}-cluster-control.{{ full_domain }}:9473/api +LACONIC_HOSTED_ENDPOINT=http://{{ org_id }}-{{ location_id }}-cluster-control.{{ full_domain }}:9473 diff --git a/service-provider-setup/templates/configs/webapp-ui-config.env.j2 b/service-provider-setup/templates/configs/webapp-ui-config.env.j2 index c1fa0c7..c31574e 100644 --- a/service-provider-setup/templates/configs/webapp-ui-config.env.j2 +++ b/service-provider-setup/templates/configs/webapp-ui-config.env.j2 @@ -1,3 +1,3 @@ CERC_WEBAPP_DEBUG=0.1.0 LACONIC_HOSTED_CONFIG_app_api_url=https://webapp-deployer-api.pwa.{{ full_domain }} -LACONIC_HOSTED_CONFIG_app_console_link=https://laconicd.laconic.com/console?query=%0A%20%20fragment%20ValueParts%20on%20Value%20%7B%0A%20%20%20%20...%20on%20BooleanValue%20%7B%0A%20%20%20%20%20%20bool%3A%20value%0A%20%20%20%20%7D%0A%20%20%20%20...%20on%20IntValue%20%7B%0A%20%20%20%20%20%20int%3A%20value%0A%20%20%20%20%7D%0A%20%20%20%20...%20on%20FloatValue%20%7B%0A%20%20%20%20%20%20float%3A%20value%0A%20%20%20%20%7D%0A%20%20%20%20...%20on%20StringValue%20%7B%0A%20%20%20%20%20%20string%3A%20value%0A%20%20%20%20%7D%0A%20%20%20%20...%20on%20BytesValue%20%7B%0A%20%20%20%20%20%20bytes%3A%20value%0A%20%20%20%20%7D%0A%20%20%20%20...%20on%20LinkValue%20%7B%0A%20%20%20%20%20%20link%3A%20value%0A%20%20%20%20%7D%0A%20%20%7D%0A%0A%20%20fragment%20AttrParts%20on%20Attribute%20%7B%0A%20%20%20%20key%0A%20%20%20%20value%20%7B%0A%20%20%20%20%20%20...ValueParts%0A%20%20%20%20%20%20...%20on%20ArrayValue%20%7B%0A%20%20%20%20%20%20%20%20value%20%7B%0A%20%20%20%20%20%20%20%20%20%20...ValueParts%0A%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20%7D%0A%20%20%20%20%7D%0A%20%20%7D%0A%0A%20%20%7B%0A%20%20%20%20getRecordsByIds(ids%3A%20%5B%22#RQID#%22%5D)%20%7B%0A%20%20%20%20%20%20id%0A%20%20%20%20%20%20names%0A%20%20%20%20%20%20bondId%0A%20%20%20%20%20%20createTime%0A%20%20%20%20%20%20expiryTime%0A%20%20%20%20%20%20owners%0A%20%20%20%20%20%20attributes%20%7B%0A%20%20%20%20%20%20%20%20...AttrParts%0A%20%20%20%20%20%20%20%20value%20%7B%0A%20%20%20%20%20%20%20%20%20%20...%20on%20MapValue%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20map%3A%20value%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20...AttrParts%0A%20%20%20%20%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20%7D%0A%20%20%20%20%7D%0A%20%20%7D%0A +LACONIC_HOSTED_CONFIG_app_console_link=http://{{ org_id }}-{{ location_id }}-cluster-control.{{ full_domain }}:9473/console?query=%0A%20%20fragment%20ValueParts%20on%20Value%20%7B%0A%20%20%20%20...%20on%20BooleanValue%20%7B%0A%20%20%20%20%20%20bool%3A%20value%0A%20%20%20%20%7D%0A%20%20%20%20...%20on%20IntValue%20%7B%0A%20%20%20%20%20%20int%3A%20value%0A%20%20%20%20%7D%0A%20%20%20%20...%20on%20FloatValue%20%7B%0A%20%20%20%20%20%20float%3A%20value%0A%20%20%20%20%7D%0A%20%20%20%20...%20on%20StringValue%20%7B%0A%20%20%20%20%20%20string%3A%20value%0A%20%20%20%20%7D%0A%20%20%20%20...%20on%20BytesValue%20%7B%0A%20%20%20%20%20%20bytes%3A%20value%0A%20%20%20%20%7D%0A%20%20%20%20...%20on%20LinkValue%20%7B%0A%20%20%20%20%20%20link%3A%20value%0A%20%20%20%20%7D%0A%20%20%7D%0A%0A%20%20fragment%20AttrParts%20on%20Attribute%20%7B%0A%20%20%20%20key%0A%20%20%20%20value%20%7B%0A%20%20%20%20%20%20...ValueParts%0A%20%20%20%20%20%20...%20on%20ArrayValue%20%7B%0A%20%20%20%20%20%20%20%20value%20%7B%0A%20%20%20%20%20%20%20%20%20%20...ValueParts%0A%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20%7D%0A%20%20%20%20%7D%0A%20%20%7D%0A%0A%20%20%7B%0A%20%20%20%20getRecordsByIds(ids%3A%20%5B%22#RQID#%22%5D)%20%7B%0A%20%20%20%20%20%20id%0A%20%20%20%20%20%20names%0A%20%20%20%20%20%20bondId%0A%20%20%20%20%20%20createTime%0A%20%20%20%20%20%20expiryTime%0A%20%20%20%20%20%20owners%0A%20%20%20%20%20%20attributes%20%7B%0A%20%20%20%20%20%20%20%20...AttrParts%0A%20%20%20%20%20%20%20%20value%20%7B%0A%20%20%20%20%20%20%20%20%20%20...%20on%20MapValue%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20map%3A%20value%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20...AttrParts%0A%20%20%20%20%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20%7D%0A%20%20%20%20%7D%0A%20%20%7D%0A diff --git a/service-provider-setup/templates/specs/webapp-deployer.spec.j2 b/service-provider-setup/templates/specs/webapp-deployer.spec.j2 index d0191c7..b1a037b 100644 --- a/service-provider-setup/templates/specs/webapp-deployer.spec.j2 +++ b/service-provider-setup/templates/specs/webapp-deployer.spec.j2 @@ -25,8 +25,8 @@ security: resources: containers: reservations: - cpus: 4 - memory: 8G + cpus: "{{ cpu_reservation }}" + memory: "{{ memory_reservation }}" limits: cpus: 6 memory: 16G diff --git a/service-provider-setup/vars/container-vars.example.yml b/service-provider-setup/vars/container-vars.example.yml index 3b34f94..a3a3a04 100644 --- a/service-provider-setup/vars/container-vars.example.yml +++ b/service-provider-setup/vars/container-vars.example.yml @@ -1,3 +1,3 @@ container_registry_username: "" container_registry_password: "" -container_registry_domain: "container-registry.pwa.{{ dns_domain }}.com" +container_registry_domain: "container-registry.pwa.{{ full_domain }}" diff --git a/service-provider-setup/vars/k8s-vars.example.yml b/service-provider-setup/vars/k8s-vars.example.yml index 87e5a48..cceaeae 100644 --- a/service-provider-setup/vars/k8s-vars.example.yml +++ b/service-provider-setup/vars/k8s-vars.example.yml @@ -4,4 +4,5 @@ vault_passphrase: "" org_id: "" location_id: "" base_domain: "" +support_email: "" ansible_ssh_extra_args: '-o StrictHostKeyChecking=no' diff --git a/service-provider-setup/vars/webapp-vars.example.yml b/service-provider-setup/vars/webapp-vars.example.yml index 5c632f1..1a2d46c 100644 --- a/service-provider-setup/vars/webapp-vars.example.yml +++ b/service-provider-setup/vars/webapp-vars.example.yml @@ -1,3 +1,5 @@ authority_name: "" ALICE_PK: "{{ ALICE_PK }}" BOND_ID: "{{ BOND_ID }}" +cpu_reservation: "" +memory_reservation: "" -- 2.45.2 From 3c22e3e5696abada45936116b353b06cb6d0ba6d Mon Sep 17 00:00:00 2001 From: Adw8 Date: Fri, 27 Sep 2024 13:03:36 +0530 Subject: [PATCH 21/31] Add playbook to setup gpg key --- service-provider-setup/README.md | 9 +- service-provider-setup/deploy-backend.yml | 6 +- service-provider-setup/deploy-frontend.yml | 4 + .../run-laconic-console.yml | 4 + service-provider-setup/run-laconicd.yml | 6 + .../service-provider-setup.yml | 2 + .../setup-container-registry.yml | 4 + service-provider-setup/setup-k8s.yml | 7 +- service-provider-setup/setup-system.yml | 138 ++++++++++++++++++ service-provider-setup/setup-user.yml | 78 +--------- 10 files changed, 177 insertions(+), 81 deletions(-) create mode 100644 service-provider-setup/setup-system.yml diff --git a/service-provider-setup/README.md b/service-provider-setup/README.md index bd6be04..c3050a5 100644 --- a/service-provider-setup/README.md +++ b/service-provider-setup/README.md @@ -62,6 +62,7 @@ To get started, follow the [installation](../README.md#installation) guide to se - Execute the `setup-user.yml` Ansible playbook to create a user with passwordless sudo permissions: ```bash + cd ../ ansible-playbook setup-user.yml -i hosts.ini --extra-vars='{ "target_host": "deployment_host" }' ``` @@ -102,6 +103,7 @@ To get started, follow the [installation](../README.md#installation) guide to se ```bash cd vars cp dns-vars.example.yml dns-vars.yml + cp gpg-vars.example.yml gpg-vars.yml cp k8s-vars.example.yml k8s-vars.yml cp container-vars.example.yml container-vars.yml cp webapp-vars.example.yml webapp-vars.yml @@ -116,10 +118,13 @@ To get started, follow the [installation](../README.md#installation) guide to se cluster_control_ip: "" # eg: 23.111.78.179 do_api_token: "" # eg: dop_v1... + # vars/gpg-vars.yml + gpg_user_name: "" # Full name of the user for the GPG key + gpg_user_email: "" # Email address associated with the GPG key + gpg_passphrase: "" # Passphrase for securing the GPG key + # vars/k8s-vars.yml target_host: "deployment_host" - gpg_key_id: "" # The sequence obtained in the previous step, eg: 0AFB10B643944C22 - vault_passphrase: "" # passphrase for GPG key org_id: "" # eg: lcn location_id: "" # eg: cad base_domain: "" # eg: laconic diff --git a/service-provider-setup/deploy-backend.yml b/service-provider-setup/deploy-backend.yml index 679328a..dae513d 100644 --- a/service-provider-setup/deploy-backend.yml +++ b/service-provider-setup/deploy-backend.yml @@ -10,6 +10,10 @@ - vars/container-vars.yml - vars/k8s-vars.yml - vars/dns-vars.yml + - vars/user-vars.yml + + become: yes + become_user: "{{username}}" tasks: - name: Ensure gpg-keys directory exists @@ -63,7 +67,7 @@ -v /home/{{ ansible_user }}/config:/home/root/config \ cerc/webapp-deployer-backend:local laconic-so publish-deployer-to-registry \ --laconic-config /home/root/config/laconic.yml \ - --api-url https://webapp-deployer-api.{{ full_domain }} \ + --api-url https://webapp-deployer-api.pwa.{{ full_domain }} \ --public-key-file /home/root/config/webapp-deployer-api.{{ full_domain }}.pgp.pub \ --lrn lrn://{{ authority_name }}/deployers/webapp-deployer-api.{{ full_domain }} \ --min-required-payment 100 diff --git a/service-provider-setup/deploy-frontend.yml b/service-provider-setup/deploy-frontend.yml index 59a8318..e45fbf4 100644 --- a/service-provider-setup/deploy-frontend.yml +++ b/service-provider-setup/deploy-frontend.yml @@ -8,6 +8,10 @@ - vars/webapp-vars.yml - vars/dns-vars.yml - vars/k8s-vars.yml + - vars/user-vars.yml + + become: yes + become_user: "{{username}}" tasks: - name: Clone webapp-deployment-status-ui repository diff --git a/service-provider-setup/run-laconic-console.yml b/service-provider-setup/run-laconic-console.yml index 43655e7..d28e617 100644 --- a/service-provider-setup/run-laconic-console.yml +++ b/service-provider-setup/run-laconic-console.yml @@ -8,6 +8,10 @@ - vars/webapp-vars.yml - vars/dns-vars.yml - vars/k8s-vars.yml + - vars/user-vars.yml + + become: yes + become_user: "{{username}}" tasks: - name: Clone the stack repo diff --git a/service-provider-setup/run-laconicd.yml b/service-provider-setup/run-laconicd.yml index a148ca9..71ddf42 100644 --- a/service-provider-setup/run-laconicd.yml +++ b/service-provider-setup/run-laconicd.yml @@ -4,6 +4,12 @@ environment: PATH: "{{ ansible_env.PATH }}:/home/{{ansible_user}}/bin" + vars_files: + - vars/user-vars.yml + + become: yes + become_user: "{{username}}" + tasks: - name: Clone the fixturenet-laconicd-stack repo command: laconic-so fetch-stack git.vdb.to/cerc-io/fixturenet-laconicd-stack --pull diff --git a/service-provider-setup/service-provider-setup.yml b/service-provider-setup/service-provider-setup.yml index a50564d..5af93ab 100644 --- a/service-provider-setup/service-provider-setup.yml +++ b/service-provider-setup/service-provider-setup.yml @@ -1,4 +1,6 @@ +- import_playbook: setup-user.yml - import_playbook: setup-dns.yml +- import_playbook: setup-system.yml - import_playbook: setup-k8s.yml - import_playbook: setup-container-registry.yml - import_playbook: run-laconicd.yml diff --git a/service-provider-setup/setup-container-registry.yml b/service-provider-setup/setup-container-registry.yml index 7b227e3..3786e91 100644 --- a/service-provider-setup/setup-container-registry.yml +++ b/service-provider-setup/setup-container-registry.yml @@ -8,7 +8,11 @@ - vars/k8s-vars.yml - vars/container-vars.yml - vars/dns-vars.yml + - vars/user-vars.yml + become: yes + become_user: "{{username}}" + tasks: - name: Generate spec file for the container-registry stack template: diff --git a/service-provider-setup/setup-k8s.yml b/service-provider-setup/setup-k8s.yml index ba15ed6..56a60ce 100644 --- a/service-provider-setup/setup-k8s.yml +++ b/service-provider-setup/setup-k8s.yml @@ -9,8 +9,13 @@ VAULT_KEY: "{{ vault_passphrase }}" vars_files: - - vars/k8s-vars.yml - vars/dns-vars.yml + - vars/gpg-vars.yml + - vars/k8s-vars.yml + - vars/user-vars.yml + + become: yes + become_user: "{{username}}" tasks: - name: Install Python and pip diff --git a/service-provider-setup/setup-system.yml b/service-provider-setup/setup-system.yml new file mode 100644 index 0000000..b45a8e7 --- /dev/null +++ b/service-provider-setup/setup-system.yml @@ -0,0 +1,138 @@ +- name: Setup system for the service provider setup + hosts: "{{ target_host }}" + + environment: + GNUPGHOME: /home/{{ ansible_user }}/.gnupg + + vars_files: + - vars/k8s-vars.yml + - vars/dns-vars.yml + - vars/gpg-vars.yml + - vars/user-vars.yml + + become: yes + become_user: "{{username}}" + + tasks: + - name: Install required packages + apt: + name: + - doas + - zsh + - tmux + - git + - jq + - acl + - curl + - wget + - netcat-traditional + - fping + - rsync + - htop + - iotop + - iftop + - tar + - less + - firewalld + - sshguard + - wireguard + - iproute2 + - iperf3 + - zfsutils-linux + - net-tools + - ca-certificates + - gnupg + - sshpass + - apache2-utils + state: latest + update_cache: true + become: yes + + - name: Set unique hostname + hostname: + name: "{{ inventory_hostname }}" + when: ansible_hostname != inventory_hostname + + - name: Verify status of firewalld and enable sshguard + systemd: + name: "{{ item }}" + enabled: yes + state: started + loop: + - firewalld + - sshguard + ignore_errors: yes + + - name: Disable and remove snapd + block: + - name: Disable snapd services + systemd: + name: "{{ item }}" + enabled: no + state: stopped + loop: + - snapd.service + - snapd.socket + - snapd.seeded + - snapd.snap-repair.timer + ignore_errors: yes + + - name: Purge snapd + apt: + name: snapd + state: absent + + - name: Remove snap directories + file: + path: "{{ item }}" + state: absent + loop: + - "{{ ansible_env.HOME }}/snap" + - /snap + - /var/snap + - /var/lib/snapd + become: yes + ignore_errors: yes + + - name: Ensure GPG directory exists + file: + path: "{{ ansible_env.HOME }}/.gnupg" + state: directory + mode: '0700' + + - name: Create GPG key parameters file + copy: + dest: /tmp/gpg_key_params.txt + content: | + Key-Type: RSA + Key-Length: 4096 + Subkey-Type: RSA + Name-Real: {{ gpg_user_name }} + Name-Email: {{ gpg_user_email }} + Expire-Date: 0 + Passphrase: {{ gpg_passphrase }} + %no-protection + %commit + mode: '0600' + + - name: Generate GPG key using the parameter file + command: gpg --batch --gen-key /tmp/gpg_key_params.txt + become_user: "{{ ansible_user }}" + register: gpg_keygen_output + ignore_errors: yes + + - name: Show GPG key generation output + debug: + var: gpg_keygen_output.stdout + + - name: Fetch the Key ID of the most recently created GPG key + shell: gpg --list-secret-keys --keyid-format=long | grep 'sec' | tail -n 1 | awk -F'/' '{print $2}' | awk '{print $1}' + register: gpg_key_output + + - name: Set the GPG key ID to a variable + set_fact: + sec_key_id: "{{ gpg_key_output.stdout }}" + + - name: Show GPG Key ID + debug: + msg: "GPG Key ID: {{ sec_key_id }}" diff --git a/service-provider-setup/setup-user.yml b/service-provider-setup/setup-user.yml index 7597c0c..52533ea 100644 --- a/service-provider-setup/setup-user.yml +++ b/service-provider-setup/setup-user.yml @@ -6,82 +6,6 @@ - vars/user-vars.yml tasks: - - name: Set unique hostname - hostname: - name: "{{ inventory_hostname }}" - when: ansible_hostname != inventory_hostname - - # TODO: Move installation to k8s playbook - - name: Install additional packages - apt: - name: - - doas - - zsh - - tmux - - git - - jq - - acl - - curl - - wget - - netcat-traditional - - fping - - rsync - - htop - - iotop - - iftop - - tar - - less - - firewalld - - sshguard - - wireguard - - iproute2 - - iperf3 - - zfsutils-linux - - net-tools - - ca-certificates - - gnupg - - sshpass - state: latest - update_cache: true - - - name: Verify status of firewalld and enable sshguard - systemd: - name: "{{ item }}" - enabled: yes - state: started - loop: - - firewalld - - sshguard - - - name: Disable and remove snapd - block: - - name: Disable snapd services - systemd: - name: "{{ item }}" - enabled: no - state: stopped - loop: - - snapd.service - - snapd.socket - - snapd.seeded - - snapd.snap-repair.timer - - - name: Purge snapd - apt: - name: snapd - state: absent - - - name: Remove snap directories - file: - path: "{{ item }}" - state: absent - loop: - - "{{ ansible_env.HOME }}/snap" - - /snap - - /var/snap - - /var/lib/snapd - become: yes - - name: Create a user user: name: "{{ username }}" @@ -97,7 +21,7 @@ - name: Ensure .ssh directory exists for user file: - path: /home/"{{ username }}"/.ssh + path: /home/{{ username }}/.ssh state: directory owner: "{{ username }}" group: "{{ username }}" -- 2.45.2 From 145dbae579ca669dcdc5f8bf861ddb6389c05b45 Mon Sep 17 00:00:00 2001 From: Adw8 Date: Fri, 27 Sep 2024 16:26:43 +0530 Subject: [PATCH 22/31] Add separate entry in hosts file for setting up user --- service-provider-setup/README.md | 128 ++++++------------ service-provider-setup/deploy-backend.yml | 4 - service-provider-setup/deploy-frontend.yml | 4 - .../run-laconic-console.yml | 4 - service-provider-setup/run-laconicd.yml | 6 - .../setup-container-registry.yml | 4 - service-provider-setup/setup-k8s.yml | 4 - service-provider-setup/setup-system.yml | 4 - service-provider-setup/setup-user.yml | 2 +- 9 files changed, 42 insertions(+), 118 deletions(-) diff --git a/service-provider-setup/README.md b/service-provider-setup/README.md index c3050a5..0cde7d8 100644 --- a/service-provider-setup/README.md +++ b/service-provider-setup/README.md @@ -4,68 +4,6 @@ To get started, follow the [installation](../README.md#installation) guide to setup ansible on your machine -## Setup a new User - -- Create a new `hosts.ini` file: - - ```bash - cp ../hosts.example.ini hosts.ini - ``` - -- Edit the [`hosts.ini`](./hosts.ini) file to run the playbook on a remote machine: - - ```ini - [deployment_host] - ansible_host= ansible_user= ansible_ssh_common_args='-o ForwardAgent=yes' - ``` - - - Replace `` with the desired `hostname` of the remote machine - - Replace `` with the IP address or hostname of the target machine - - Replace `` with `root` - -- Verify that you are able to connect to the host using the following command: - - ```bash - ansible all -m ping -i hosts.ini - - # Expected output: - - # | SUCCESS => { - # "ansible_facts": { - # "discovered_interpreter_python": "/usr/bin/python3.10" - # }, - # "changed": false, - # "ping": "pong" - # } - ``` - -- Setup `user-vars.yml` using the example file - - ```bash - cd vars - cp user-vars.example.yml user-vars.yml - ``` - -- Edit the following vars: - - ```bash - # name of the user you want to setup on the target host - username: "" - - # password of the user you want to setup on the target host - password: "" - - # path to the ssh key on your machine - path_to_ssh_key: " - ``` - -- Execute the `setup-user.yml` Ansible playbook to create a user with passwordless sudo permissions: - - ```bash - cd ../ - ansible-playbook setup-user.yml -i hosts.ini --extra-vars='{ "target_host": "deployment_host" }' - ``` - ## Become a Service Provider ### Prerequisites @@ -74,34 +12,11 @@ To get started, follow the [installation](../README.md#installation) guide to se - Generate a DigitalOcean access token -- Create a PGP key on your target host - - ``` - gpg --full-generate-key - ``` - -- List the secret keys - - ``` - gpg --list-secret-keys --keyid-format=long - ``` - -- This will output something like this - - ``` - [keyboxd] - --------- - sec rsa4096/0AFB10B643944C22 2024-05-03 [SC] [expires: 2025-05-03] - 17B3248D6784EC6CB43365A60AFB10B643944C22 - uid [ultimate] user - ``` - - Note the `0AFB10B643944C22` sequence of characters after `sec`. This will be required later. - - Copy the vars files: ```bash cd vars + cp user-vars.example.yml user-vars.yml cp dns-vars.example.yml dns-vars.yml cp gpg-vars.example.yml gpg-vars.yml cp k8s-vars.example.yml k8s-vars.yml @@ -112,6 +27,11 @@ To get started, follow the [installation](../README.md#installation) guide to se - Update the following values in the respective variable files: ```bash + # vars/user-vars.yml + username: "" # name of the user you want to setup on the target host + password: "" # password of the user you want to setup on the target host + path_to_ssh_key: "" # path to the ssh key on your machine + # vars/dns-vars.yml full_domain: "" # eg: laconic.com subdomain_prefix: "" # eg: lcn-cad @@ -140,7 +60,41 @@ To get started, follow the [installation](../README.md#installation) guide to se memory_reservation: "" # Minimum amount of memory in GB to be used, eg: 4G ``` -- Update `ansible_user` in the [`hosts.ini`](./hosts.ini) file to the user on target host +- Create a new `hosts.ini` file: + + ```bash + cp ../hosts.example.ini hosts.ini + ``` + +- Edit the [`hosts.ini`](./hosts.ini) file to run the playbook on a remote machine: + + ```ini + [root_host] + ansible_host= ansible_user=root ansible_ssh_common_args='-o ForwardAgent=yes' + + [deployment_host] + ansible_host= ansible_user= ansible_ssh_common_args='-o ForwardAgent=yes' + ``` + + - Replace `` with the desired `hostname` of the remote machine + - Replace `` with the IP address or hostname of the target machine + - Under `deployment_host`, Replace `` with the name of the user you want to create + +- Verify that you are able to connect to the host using the following command: + + ```bash + ansible all -m ping -i hosts.ini + + # Expected output: + + # | SUCCESS => { + # "ansible_facts": { + # "discovered_interpreter_python": "/usr/bin/python3.10" + # }, + # "changed": false, + # "ping": "pong" + # } + ``` - Run the `service-provider-setup.yml` ansible-playbook to DNS records, deploy k8s, setup container registry, deploy the webapp-deployer API and webapp-deployer UI diff --git a/service-provider-setup/deploy-backend.yml b/service-provider-setup/deploy-backend.yml index dae513d..8919cc9 100644 --- a/service-provider-setup/deploy-backend.yml +++ b/service-provider-setup/deploy-backend.yml @@ -10,10 +10,6 @@ - vars/container-vars.yml - vars/k8s-vars.yml - vars/dns-vars.yml - - vars/user-vars.yml - - become: yes - become_user: "{{username}}" tasks: - name: Ensure gpg-keys directory exists diff --git a/service-provider-setup/deploy-frontend.yml b/service-provider-setup/deploy-frontend.yml index e45fbf4..59a8318 100644 --- a/service-provider-setup/deploy-frontend.yml +++ b/service-provider-setup/deploy-frontend.yml @@ -8,10 +8,6 @@ - vars/webapp-vars.yml - vars/dns-vars.yml - vars/k8s-vars.yml - - vars/user-vars.yml - - become: yes - become_user: "{{username}}" tasks: - name: Clone webapp-deployment-status-ui repository diff --git a/service-provider-setup/run-laconic-console.yml b/service-provider-setup/run-laconic-console.yml index d28e617..43655e7 100644 --- a/service-provider-setup/run-laconic-console.yml +++ b/service-provider-setup/run-laconic-console.yml @@ -8,10 +8,6 @@ - vars/webapp-vars.yml - vars/dns-vars.yml - vars/k8s-vars.yml - - vars/user-vars.yml - - become: yes - become_user: "{{username}}" tasks: - name: Clone the stack repo diff --git a/service-provider-setup/run-laconicd.yml b/service-provider-setup/run-laconicd.yml index 71ddf42..a148ca9 100644 --- a/service-provider-setup/run-laconicd.yml +++ b/service-provider-setup/run-laconicd.yml @@ -4,12 +4,6 @@ environment: PATH: "{{ ansible_env.PATH }}:/home/{{ansible_user}}/bin" - vars_files: - - vars/user-vars.yml - - become: yes - become_user: "{{username}}" - tasks: - name: Clone the fixturenet-laconicd-stack repo command: laconic-so fetch-stack git.vdb.to/cerc-io/fixturenet-laconicd-stack --pull diff --git a/service-provider-setup/setup-container-registry.yml b/service-provider-setup/setup-container-registry.yml index 3786e91..7b227e3 100644 --- a/service-provider-setup/setup-container-registry.yml +++ b/service-provider-setup/setup-container-registry.yml @@ -8,11 +8,7 @@ - vars/k8s-vars.yml - vars/container-vars.yml - vars/dns-vars.yml - - vars/user-vars.yml - become: yes - become_user: "{{username}}" - tasks: - name: Generate spec file for the container-registry stack template: diff --git a/service-provider-setup/setup-k8s.yml b/service-provider-setup/setup-k8s.yml index 56a60ce..e8d2d3e 100644 --- a/service-provider-setup/setup-k8s.yml +++ b/service-provider-setup/setup-k8s.yml @@ -12,10 +12,6 @@ - vars/dns-vars.yml - vars/gpg-vars.yml - vars/k8s-vars.yml - - vars/user-vars.yml - - become: yes - become_user: "{{username}}" tasks: - name: Install Python and pip diff --git a/service-provider-setup/setup-system.yml b/service-provider-setup/setup-system.yml index b45a8e7..b729e45 100644 --- a/service-provider-setup/setup-system.yml +++ b/service-provider-setup/setup-system.yml @@ -8,10 +8,6 @@ - vars/k8s-vars.yml - vars/dns-vars.yml - vars/gpg-vars.yml - - vars/user-vars.yml - - become: yes - become_user: "{{username}}" tasks: - name: Install required packages diff --git a/service-provider-setup/setup-user.yml b/service-provider-setup/setup-user.yml index 52533ea..da1b216 100644 --- a/service-provider-setup/setup-user.yml +++ b/service-provider-setup/setup-user.yml @@ -1,5 +1,5 @@ - name: Configure system - hosts: "{{ target_host }}" + hosts: root_host become: yes vars_files: -- 2.45.2 From 2435cc54b84adf40b16a1075858731eda1ee4f2c Mon Sep 17 00:00:00 2001 From: Adw8 Date: Mon, 30 Sep 2024 09:59:52 +0530 Subject: [PATCH 23/31] Set min-required-payment to 0 when publishing webapp deployer record --- service-provider-setup/deploy-backend.yml | 2 +- service-provider-setup/vars/k8s-vars.example.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/service-provider-setup/deploy-backend.yml b/service-provider-setup/deploy-backend.yml index 8919cc9..7fbd8a1 100644 --- a/service-provider-setup/deploy-backend.yml +++ b/service-provider-setup/deploy-backend.yml @@ -66,7 +66,7 @@ --api-url https://webapp-deployer-api.pwa.{{ full_domain }} \ --public-key-file /home/root/config/webapp-deployer-api.{{ full_domain }}.pgp.pub \ --lrn lrn://{{ authority_name }}/deployers/webapp-deployer-api.{{ full_domain }} \ - --min-required-payment 100 + --min-required-payment 0 register: publish_output - name: Display publish output diff --git a/service-provider-setup/vars/k8s-vars.example.yml b/service-provider-setup/vars/k8s-vars.example.yml index cceaeae..1b9e51d 100644 --- a/service-provider-setup/vars/k8s-vars.example.yml +++ b/service-provider-setup/vars/k8s-vars.example.yml @@ -1,4 +1,4 @@ -target_host: "" +target_host: "deployment_host" gpg_key_id: "" vault_passphrase: "" org_id: "" -- 2.45.2 From 6a9299e2a1d736434eb183718472bf691f14e834 Mon Sep 17 00:00:00 2001 From: Adw8 Date: Mon, 30 Sep 2024 10:03:26 +0530 Subject: [PATCH 24/31] Add utf8 encoding to ansible playbook command --- service-provider-setup/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/service-provider-setup/README.md b/service-provider-setup/README.md index 0cde7d8..fafd844 100644 --- a/service-provider-setup/README.md +++ b/service-provider-setup/README.md @@ -99,5 +99,5 @@ To get started, follow the [installation](../README.md#installation) guide to se - Run the `service-provider-setup.yml` ansible-playbook to DNS records, deploy k8s, setup container registry, deploy the webapp-deployer API and webapp-deployer UI ```bash - ansible-playbook service-provider-setup.yml -i hosts.ini --extra-vars='{ target_host: "deployment_host" }' --user $USER + LANG=en_US.utf8 ansible-playbook service-provider-setup.yml -i hosts.ini --extra-vars='{ target_host: "deployment_host" }' --user $USER ``` -- 2.45.2 From 336ba7dd4f8230ac76c6229cc58b44bcf69e7384 Mon Sep 17 00:00:00 2001 From: Adw8 Date: Mon, 30 Sep 2024 11:10:35 +0530 Subject: [PATCH 25/31] Update README --- service-provider-setup/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/service-provider-setup/README.md b/service-provider-setup/README.md index fafd844..9e93f89 100644 --- a/service-provider-setup/README.md +++ b/service-provider-setup/README.md @@ -96,7 +96,7 @@ To get started, follow the [installation](../README.md#installation) guide to se # } ``` -- Run the `service-provider-setup.yml` ansible-playbook to DNS records, deploy k8s, setup container registry, deploy the webapp-deployer API and webapp-deployer UI +- Run the `service-provider-setup.yml` ansible-playbook to setup a new user, create DNS records, deploy k8s, setup laconicd and laconic console, setup container registry, deploy the webapp-deployer API and webapp-deployer UI ```bash LANG=en_US.utf8 ansible-playbook service-provider-setup.yml -i hosts.ini --extra-vars='{ target_host: "deployment_host" }' --user $USER -- 2.45.2 From 8d5da73b1528b090d078ee5a8c4a13c589fb4b93 Mon Sep 17 00:00:00 2001 From: Adw8 Date: Tue, 1 Oct 2024 16:02:32 +0530 Subject: [PATCH 26/31] Add kubectl logs to playbook --- service-provider-setup/deploy-backend.yml | 6 +- service-provider-setup/deploy-frontend.yml | 2 +- .../service-provider-setup.yml | 1 - .../setup-container-registry.yml | 59 ++++++++++++++++++- service-provider-setup/setup-k8s.yml | 8 ++- service-provider-setup/setup-user.yml | 10 ++-- .../templates/laconic.yml.j2 | 2 +- .../vars/k8s-vars.example.yml | 4 +- .../vars/webapp-vars.example.yml | 3 +- 9 files changed, 80 insertions(+), 15 deletions(-) diff --git a/service-provider-setup/deploy-backend.yml b/service-provider-setup/deploy-backend.yml index 7fbd8a1..566e6fa 100644 --- a/service-provider-setup/deploy-backend.yml +++ b/service-provider-setup/deploy-backend.yml @@ -1,4 +1,4 @@ -- name: Deploy Webapp-Deployer Backend +- name: Deploy webapp-deployer backend hosts: "{{ target_host }}" environment: @@ -19,7 +19,7 @@ mode: '0700' - name: Create a GPG key - shell: gpg --batch --passphrase "SECRET" --quick-generate-key webapp-deployer-api.{{ full_domain }} default default never + shell: gpg --batch --passphrase "{{ deployer_gpg_passphrase }}" --quick-generate-key webapp-deployer-api.{{ full_domain }} default default never - name: Export the public key shell: gpg --export webapp-deployer-api.{{ full_domain }} > ~/gpg-keys/webapp-deployer-api.{{ full_domain }}.pgp.pub @@ -27,7 +27,7 @@ creates: ~/gpg-keys/webapp-deployer-api.{{ full_domain }}.pgp.pub - name: Export the GPG private key with passphrase - shell: gpg --pinentry-mode=loopback --passphrase "SECRET" --export-secret-keys webapp-deployer-api.{{ full_domain }} > ~/gpg-keys/webapp-deployer-api.{{ full_domain }}.pgp.key + shell: gpg --pinentry-mode=loopback --passphrase "{{ deployer_gpg_passphrase }}" --export-secret-keys webapp-deployer-api.{{ full_domain }} > ~/gpg-keys/webapp-deployer-api.{{ full_domain }}.pgp.key - name: Setup repositories for webapp-deployer-backend command: laconic-so --stack webapp-deployer-backend setup-repositories diff --git a/service-provider-setup/deploy-frontend.yml b/service-provider-setup/deploy-frontend.yml index 59a8318..c481ee8 100644 --- a/service-provider-setup/deploy-frontend.yml +++ b/service-provider-setup/deploy-frontend.yml @@ -1,4 +1,4 @@ -- name: Deploy Webapp-Deployer UI +- name: Deploy webapp-deployer ui hosts: "{{ target_host }}" environment: diff --git a/service-provider-setup/service-provider-setup.yml b/service-provider-setup/service-provider-setup.yml index 5af93ab..27abf2a 100644 --- a/service-provider-setup/service-provider-setup.yml +++ b/service-provider-setup/service-provider-setup.yml @@ -1,4 +1,3 @@ -- import_playbook: setup-user.yml - import_playbook: setup-dns.yml - import_playbook: setup-system.yml - import_playbook: setup-k8s.yml diff --git a/service-provider-setup/setup-container-registry.yml b/service-provider-setup/setup-container-registry.yml index 7b227e3..8ae1694 100644 --- a/service-provider-setup/setup-container-registry.yml +++ b/service-provider-setup/setup-container-registry.yml @@ -51,19 +51,76 @@ REGISTRY_AUTH_HTPASSWD_PATH="/config/htpasswd" REGISTRY_HTTP_SECRET='{{ hashed_password }}' + - name: Set KUBECONFIG environment variable + set_fact: + kubeconfig_path: "{{ ansible_env.HOME }}/.kube/config-default.yaml" + - name: Add the container registry credentials as a secret available to the cluster command: > kubectl create secret generic laconic-registry --from-file=.dockerconfigjson=container-registry/my_password.json --type=kubernetes.io/dockerconfigjson environment: - KUBECONFIG: "{{ ansible_env.HOME }}/.kube/config-default.yaml" + KUBECONFIG: "{{ kubeconfig_path }}" # TODO: Investigate why container registry throws error if started immediately - name: Wait for 90 seconds pause: seconds: 90 + - block: + - name: Get Kubernetes nodes with wide output + command: kubectl get nodes -o wide + environment: + KUBECONFIG: "{{ kubeconfig_path }}" + register: nodes_output + + - name: Print output of 'kubectl get nodes -o wide' + debug: + var: nodes_output.stdout + + - name: Get all secrets from all namespaces + command: kubectl get secrets --all-namespaces + environment: + KUBECONFIG: "{{ kubeconfig_path }}" + register: secrets_output + + - name: Print output of 'kubectl get secrets --all-namespaces' + debug: + var: secrets_output.stdout + + - name: Get cluster issuers + command: kubectl get clusterissuer + environment: + KUBECONFIG: "{{ kubeconfig_path }}" + register: clusterissuer_output + + - name: Print output of 'kubectl get clusterissuer' + debug: + var: clusterissuer_output.stdout + + - name: Get certificates + command: kubectl get certificates + environment: + KUBECONFIG: "{{ kubeconfig_path }}" + register: certificates_output + + - name: Print output of 'kubectl get certificates' + debug: + var: certificates_output.stdout + + - name: Get DaemonSets in all namespaces + command: kubectl get ds --all-namespaces + environment: + KUBECONFIG: "{{ kubeconfig_path }}" + register: daemonsets_output + + - name: Print output of 'kubectl get ds --all-namespaces' + debug: + var: daemonsets_output.stdout + + ignore_errors: yes + - name: Deploy the container registry command: > laconic-so deployment --dir container-registry start diff --git a/service-provider-setup/setup-k8s.yml b/service-provider-setup/setup-k8s.yml index e8d2d3e..e28e8c6 100644 --- a/service-provider-setup/setup-k8s.yml +++ b/service-provider-setup/setup-k8s.yml @@ -18,11 +18,17 @@ apt: name: "{{ item }}" state: present - become: true + become: yes loop: - python3 - python3-pip + - name: Add user to docker group + user: + name: "{{ ansible_user }}" + groups: docker + append: true + - name: Install Ansible on remote host pip: name: ansible diff --git a/service-provider-setup/setup-user.yml b/service-provider-setup/setup-user.yml index da1b216..35fca4c 100644 --- a/service-provider-setup/setup-user.yml +++ b/service-provider-setup/setup-user.yml @@ -27,13 +27,15 @@ group: "{{ username }}" mode: '0700' - - name: Copy SSH public key to authorized_keys - copy: - src: "{{ path_to_ssh_key }}" - dest: /home/{{ username }}/.ssh/authorized_keys + - name: Append SSH public key to authorized_keys + lineinfile: + path: /home/{{ username }}/.ssh/authorized_keys + line: "{{ lookup('file', path_to_ssh_key) }}" + create: yes owner: "{{ username }}" group: "{{ username }}" mode: '0600' + state: present - name: Add user to sudoers for passwordless sudo lineinfile: diff --git a/service-provider-setup/templates/laconic.yml.j2 b/service-provider-setup/templates/laconic.yml.j2 index cb07978..dd09501 100644 --- a/service-provider-setup/templates/laconic.yml.j2 +++ b/service-provider-setup/templates/laconic.yml.j2 @@ -6,4 +6,4 @@ services: bondId: "{{ BOND_ID }}" chainId: lorotestnet-1 gas: 200000 - fees: 500000alnt + fees: 200000alnt diff --git a/service-provider-setup/vars/k8s-vars.example.yml b/service-provider-setup/vars/k8s-vars.example.yml index 1b9e51d..544cfdb 100644 --- a/service-provider-setup/vars/k8s-vars.example.yml +++ b/service-provider-setup/vars/k8s-vars.example.yml @@ -1,6 +1,6 @@ target_host: "deployment_host" -gpg_key_id: "" -vault_passphrase: "" +gpg_key_id: "{{ sec_key_id }}" +vault_passphrase: "{{ gpg_passphrase }}" org_id: "" location_id: "" base_domain: "" diff --git a/service-provider-setup/vars/webapp-vars.example.yml b/service-provider-setup/vars/webapp-vars.example.yml index 1a2d46c..04aa3fb 100644 --- a/service-provider-setup/vars/webapp-vars.example.yml +++ b/service-provider-setup/vars/webapp-vars.example.yml @@ -1,5 +1,6 @@ -authority_name: "" ALICE_PK: "{{ ALICE_PK }}" BOND_ID: "{{ BOND_ID }}" +authority_name: "" cpu_reservation: "" memory_reservation: "" +deployer_gpg_passphrase: "" -- 2.45.2 From 18ec7d1121dfe09ac615e9d74adf477ce61dd959 Mon Sep 17 00:00:00 2001 From: Adw8 Date: Tue, 1 Oct 2024 16:15:37 +0530 Subject: [PATCH 27/31] Refactor variable --- service-provider-setup/README.md | 98 +++++++++++++++---- service-provider-setup/setup-dns.yml | 4 +- .../templates/control-firewalld.yml.j2 | 2 +- .../templates/daemon-firewalld.yml.j2 | 2 +- service-provider-setup/templates/hosts.j2 | 6 +- .../vars/dns-vars.example.yml | 2 +- 6 files changed, 87 insertions(+), 27 deletions(-) diff --git a/service-provider-setup/README.md b/service-provider-setup/README.md index 9e93f89..cf69a32 100644 --- a/service-provider-setup/README.md +++ b/service-provider-setup/README.md @@ -4,39 +4,99 @@ To get started, follow the [installation](../README.md#installation) guide to setup ansible on your machine +## Setup a new User + +- Create a new `hosts.ini` file: + + ```bash + cp ../hosts.example.ini hosts.ini + ``` + +- Edit the [`hosts.ini`](./hosts.ini) file to run the playbook on a remote machine: + + ```ini + [root_host] + ansible_host= ansible_user= ansible_ssh_common_args='-o ForwardAgent=yes' + ``` + + - Replace `` with the desired `hostname` of the remote machine + - Replace `` with the IP address or hostname of the target machine + - Replace `` with `root` + +- Verify that you are able to connect to the host using the following command: + + ```bash + ansible all -m ping -i hosts.ini + + # Expected output: + + # | SUCCESS => { + # "ansible_facts": { + # "discovered_interpreter_python": "/usr/bin/python3.10" + # }, + # "changed": false, + # "ping": "pong" + # } + ``` + +- Setup `user-vars.yml` using the example file + + ```bash + cp vars/user-vars.example.yml vars/user-vars.yml + ``` + +- Edit the following vars: + + ```bash + # name of the user you want to setup on the target host + username: "" + + # password of the user you want to setup on the target host + password: "" + + # path to the ssh key on your machine, eg: "/home/dev/.ssh/id_rsa.pub" + path_to_ssh_key: " + ``` + +- Execute the `setup-user.yml` Ansible playbook to create a user with passwordless sudo permissions: + + ```bash + cd ../ + LANG=en_US.utf8 ansible-playbook setup-user.yml -i hosts.ini --extra-vars='{ "target_host": "deployment_host" }' + ``` + ## Become a Service Provider ### Prerequisites -- Buy a domain and configure nameservers to DigitalOcean +- Set up a DigitalOcean Droplet with passwordless SSH access -- Generate a DigitalOcean access token +- Buy a domain and configure [nameservers pointing to DigitalOcean](https://docs.digitalocean.com/products/networking/dns/getting-started/dns-registrars/) + +- Generate a DigitalOcean access token, used for API authentication and managing cloud resources + +### Setup - Copy the vars files: ```bash cd vars - cp user-vars.example.yml user-vars.yml cp dns-vars.example.yml dns-vars.yml cp gpg-vars.example.yml gpg-vars.yml cp k8s-vars.example.yml k8s-vars.yml cp container-vars.example.yml container-vars.yml cp webapp-vars.example.yml webapp-vars.yml + cd - ``` - Update the following values in the respective variable files: ```bash - # vars/user-vars.yml - username: "" # name of the user you want to setup on the target host - password: "" # password of the user you want to setup on the target host - path_to_ssh_key: "" # path to the ssh key on your machine - # vars/dns-vars.yml full_domain: "" # eg: laconic.com subdomain_prefix: "" # eg: lcn-cad - cluster_control_ip: "" # eg: 23.111.78.179 - do_api_token: "" # eg: dop_v1... + service_provider_ip: "" # eg: 23.111.78.179 + do_api_token: "" # Digital Ocean access token that you generated, eg: dop_v1... # vars/gpg-vars.yml gpg_user_name: "" # Full name of the user for the GPG key @@ -58,15 +118,10 @@ To get started, follow the [installation](../README.md#installation) guide to se authority_name: "" # eg: my-org-name cpu_reservation: "" # Minimum number of cpu cores to be used, eg: 2 memory_reservation: "" # Minimum amount of memory in GB to be used, eg: 4G + deployer_gpg_passphrase: "" # passphrase for creating GPG key used by webapp-deployer, eg: SECRET ``` -- Create a new `hosts.ini` file: - - ```bash - cp ../hosts.example.ini hosts.ini - ``` - -- Edit the [`hosts.ini`](./hosts.ini) file to run the playbook on a remote machine: +- Update the [`hosts.ini`](./hosts.ini) file to run the playbook on a remote machine: ```ini [root_host] @@ -78,7 +133,7 @@ To get started, follow the [installation](../README.md#installation) guide to se - Replace `` with the desired `hostname` of the remote machine - Replace `` with the IP address or hostname of the target machine - - Under `deployment_host`, Replace `` with the name of the user you want to create + - Under `deployment_host`, Replace `` with the name of the user you have created - Verify that you are able to connect to the host using the following command: @@ -96,7 +151,12 @@ To get started, follow the [installation](../README.md#installation) guide to se # } ``` -- Run the `service-provider-setup.yml` ansible-playbook to setup a new user, create DNS records, deploy k8s, setup laconicd and laconic console, setup container registry, deploy the webapp-deployer API and webapp-deployer UI +- Run the `service-provider-setup.yml` ansible-playbook to: + - Create DNS records + - Deploy k8s, + - Setup laconicd and laconic console + - Setup container registry + - Deploy the webapp-deployer API and webapp-deployer UI ```bash LANG=en_US.utf8 ansible-playbook service-provider-setup.yml -i hosts.ini --extra-vars='{ target_host: "deployment_host" }' --user $USER diff --git a/service-provider-setup/setup-dns.yml b/service-provider-setup/setup-dns.yml index c5280a0..18d6c18 100644 --- a/service-provider-setup/setup-dns.yml +++ b/service-provider-setup/setup-dns.yml @@ -10,7 +10,7 @@ state: present oauth_token: "{{ do_api_token }}" name: "{{ full_domain }}" - ip: "{{ cluster_control_ip }}" + ip: "{{ service_provider_ip }}" - name: Create record for cluster control machine community.digitalocean.digital_ocean_domain_record: @@ -19,7 +19,7 @@ domain: "{{ full_domain }}" type: A name: "{{ subdomain_prefix }}-cluster-control" - data: "{{ cluster_control_ip }}" + data: "{{ service_provider_ip }}" - name: Create CNAME record for www community.digitalocean.digital_ocean_domain_record: diff --git a/service-provider-setup/templates/control-firewalld.yml.j2 b/service-provider-setup/templates/control-firewalld.yml.j2 index f530ab9..32e82a4 100644 --- a/service-provider-setup/templates/control-firewalld.yml.j2 +++ b/service-provider-setup/templates/control-firewalld.yml.j2 @@ -13,4 +13,4 @@ firewalld_add: sources: - 10.42.0.0/16 - 10.43.0.0/16 - - {{ cluster_control_ip }} + - {{ service_provider_ip }} diff --git a/service-provider-setup/templates/daemon-firewalld.yml.j2 b/service-provider-setup/templates/daemon-firewalld.yml.j2 index f221932..2ef6142 100644 --- a/service-provider-setup/templates/daemon-firewalld.yml.j2 +++ b/service-provider-setup/templates/daemon-firewalld.yml.j2 @@ -13,4 +13,4 @@ firewalld_add: - name: trusted sources: - - {{ cluster_control_ip }} + - {{ service_provider_ip }} diff --git a/service-provider-setup/templates/hosts.j2 b/service-provider-setup/templates/hosts.j2 index c7260e1..48335d4 100644 --- a/service-provider-setup/templates/hosts.j2 +++ b/service-provider-setup/templates/hosts.j2 @@ -1,12 +1,12 @@ [all] -{{ org_id }}-daemon ansible_host={{ cluster_control_ip }} -{{ org_id }}-{{ location_id }}-cluster-control ansible_host={{ cluster_control_ip }} +{{ org_id }}-daemon ansible_host={{ service_provider_ip }} +{{ org_id }}-{{ location_id }}-cluster-control ansible_host={{ service_provider_ip }} [so] {{ org_id }}-daemon [{{ org_id }}_{{ location_id }}] -{{ org_id }}-{{ location_id }}-cluster-control k8s_node_type=bootstrap k8s_pod_limit=1024 k8s_external_ip={{ cluster_control_ip }} +{{ org_id }}-{{ location_id }}-cluster-control k8s_node_type=bootstrap k8s_pod_limit=1024 k8s_external_ip={{ service_provider_ip }} [k8s:children] {{ org_id }}_{{ location_id }} diff --git a/service-provider-setup/vars/dns-vars.example.yml b/service-provider-setup/vars/dns-vars.example.yml index a09aa41..3d2e67f 100644 --- a/service-provider-setup/vars/dns-vars.example.yml +++ b/service-provider-setup/vars/dns-vars.example.yml @@ -1,5 +1,5 @@ full_domain: "" subdomain_prefix: "" subdomain_cluster_control: "{{ subdomain_prefix }}-cluster-control" -cluster_control_ip: "" +service_provider_ip: "" do_api_token: "" -- 2.45.2 From 5b781ec336a484afeaa53b3f1c55c649579ebdfe Mon Sep 17 00:00:00 2001 From: Adw8 Date: Tue, 1 Oct 2024 16:51:00 +0530 Subject: [PATCH 28/31] Create file on successful sp setup to handle reruns --- service-provider-setup/deploy-frontend.yml | 5 +++++ service-provider-setup/service-provider-setup.yml | 12 ++++++++++++ 2 files changed, 17 insertions(+) diff --git a/service-provider-setup/deploy-frontend.yml b/service-provider-setup/deploy-frontend.yml index c481ee8..721a743 100644 --- a/service-provider-setup/deploy-frontend.yml +++ b/service-provider-setup/deploy-frontend.yml @@ -36,3 +36,8 @@ - name: Start the deployer ui command: laconic-so deployment --dir webapp-ui start + + - name: Create .out file + file: + path: "{{ ansible_env.HOME }}/.out" + state: touch diff --git a/service-provider-setup/service-provider-setup.yml b/service-provider-setup/service-provider-setup.yml index 27abf2a..68cd29e 100644 --- a/service-provider-setup/service-provider-setup.yml +++ b/service-provider-setup/service-provider-setup.yml @@ -1,3 +1,15 @@ +- hosts: "{{ target_host }}" + tasks: + - name: Check if .out file exists + stat: + path: "{{ ansible_env.HOME }}/.out" + register: out_file + + - name: Exit playbook if .out file exists + fail: + msg: ".out file exists, exiting playbook." + when: out_file.stat.exists + - import_playbook: setup-dns.yml - import_playbook: setup-system.yml - import_playbook: setup-k8s.yml -- 2.45.2 From 5665db44bfcdee7e5fb15b5daad5464d719d348d Mon Sep 17 00:00:00 2001 From: Adw8 Date: Tue, 1 Oct 2024 17:22:49 +0530 Subject: [PATCH 29/31] Update .gitignore for vars files --- service-provider-setup/.gitignore | 1 + service-provider-setup/vars/gpg-vars.example.yml | 3 +++ service-provider-setup/vars/user-vars.example.yml | 3 +++ 3 files changed, 7 insertions(+) create mode 100644 service-provider-setup/vars/gpg-vars.example.yml create mode 100644 service-provider-setup/vars/user-vars.example.yml diff --git a/service-provider-setup/.gitignore b/service-provider-setup/.gitignore index 26614fb..72fb2ea 100644 --- a/service-provider-setup/.gitignore +++ b/service-provider-setup/.gitignore @@ -1 +1,2 @@ vars/*.yml +!vars/*.example.yml diff --git a/service-provider-setup/vars/gpg-vars.example.yml b/service-provider-setup/vars/gpg-vars.example.yml new file mode 100644 index 0000000..2f7ff71 --- /dev/null +++ b/service-provider-setup/vars/gpg-vars.example.yml @@ -0,0 +1,3 @@ +gpg_user_name: "" +gpg_user_email: "" +gpg_passphrase: "" diff --git a/service-provider-setup/vars/user-vars.example.yml b/service-provider-setup/vars/user-vars.example.yml new file mode 100644 index 0000000..de6dcfe --- /dev/null +++ b/service-provider-setup/vars/user-vars.example.yml @@ -0,0 +1,3 @@ +username: "" +password: "" +path_to_ssh_key: "" -- 2.45.2 From 78993a2510e3ccee6cbd1b9c585d4cfabc3b674f Mon Sep 17 00:00:00 2001 From: Adw8 Date: Tue, 1 Oct 2024 17:35:04 +0530 Subject: [PATCH 30/31] Move prerequisites section in README --- service-provider-setup/README.md | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/service-provider-setup/README.md b/service-provider-setup/README.md index cf69a32..930a416 100644 --- a/service-provider-setup/README.md +++ b/service-provider-setup/README.md @@ -4,6 +4,14 @@ To get started, follow the [installation](../README.md#installation) guide to setup ansible on your machine +## Prerequisites + +- Set up a DigitalOcean Droplet with passwordless SSH access + +- Buy a domain and configure [nameservers pointing to DigitalOcean](https://docs.digitalocean.com/products/networking/dns/getting-started/dns-registrars/) + +- Generate a DigitalOcean access token, used for API authentication and managing cloud resources + ## Setup a new User - Create a new `hosts.ini` file: @@ -45,7 +53,7 @@ To get started, follow the [installation](../README.md#installation) guide to se cp vars/user-vars.example.yml vars/user-vars.yml ``` -- Edit the following vars: +- Edit the `user-vars.yml` file: ```bash # name of the user you want to setup on the target host @@ -67,14 +75,6 @@ To get started, follow the [installation](../README.md#installation) guide to se ## Become a Service Provider -### Prerequisites - -- Set up a DigitalOcean Droplet with passwordless SSH access - -- Buy a domain and configure [nameservers pointing to DigitalOcean](https://docs.digitalocean.com/products/networking/dns/getting-started/dns-registrars/) - -- Generate a DigitalOcean access token, used for API authentication and managing cloud resources - ### Setup - Copy the vars files: @@ -121,7 +121,7 @@ To get started, follow the [installation](../README.md#installation) guide to se deployer_gpg_passphrase: "" # passphrase for creating GPG key used by webapp-deployer, eg: SECRET ``` -- Update the [`hosts.ini`](./hosts.ini) file to run the playbook on a remote machine: +- Update the [`hosts.ini`](./hosts.ini) file: ```ini [root_host] @@ -153,7 +153,7 @@ To get started, follow the [installation](../README.md#installation) guide to se - Run the `service-provider-setup.yml` ansible-playbook to: - Create DNS records - - Deploy k8s, + - Deploy k8s - Setup laconicd and laconic console - Setup container registry - Deploy the webapp-deployer API and webapp-deployer UI -- 2.45.2 From a023e4edf3ea468a6418633b010fcfbe460c0047 Mon Sep 17 00:00:00 2001 From: Adw8 Date: Tue, 1 Oct 2024 17:39:28 +0530 Subject: [PATCH 31/31] Use variable for gpg passphrase in webapp deployer config template --- service-provider-setup/README.md | 2 +- .../templates/configs/webapp-deployer-config.env.j2 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/service-provider-setup/README.md b/service-provider-setup/README.md index 930a416..cfb9745 100644 --- a/service-provider-setup/README.md +++ b/service-provider-setup/README.md @@ -63,7 +63,7 @@ To get started, follow the [installation](../README.md#installation) guide to se password: "" # path to the ssh key on your machine, eg: "/home/dev/.ssh/id_rsa.pub" - path_to_ssh_key: " + path_to_ssh_key: "" ``` - Execute the `setup-user.yml` Ansible playbook to create a user with passwordless sudo permissions: diff --git a/service-provider-setup/templates/configs/webapp-deployer-config.env.j2 b/service-provider-setup/templates/configs/webapp-deployer-config.env.j2 index 33b4ab0..d769a9a 100644 --- a/service-provider-setup/templates/configs/webapp-deployer-config.env.j2 +++ b/service-provider-setup/templates/configs/webapp-deployer-config.env.j2 @@ -22,7 +22,7 @@ FQDN_POLICY="allow" # lrn of the webapp deployer LRN="lrn://{{ authority_name }}/deployers/webapp-deployer-api.{{ full_domain }}" export OPENPGP_PRIVATE_KEY_FILE="webapp-deployer-api.{{ full_domain }}.pgp.key" -export OPENPGP_PASSPHRASE="SECRET" +export OPENPGP_PASSPHRASE="{{ deployer_gpg_passphrase }}" export DEPLOYER_STATE="srv-test/deployments/autodeploy.state" export UNDEPLOYER_STATE="srv-test/deployments/autoundeploy.state" export UPLOAD_DIRECTORY="srv-test/uploads" -- 2.45.2