cerc-io/testnet-ops
18
0
Fork 1
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Add ansible playbook to automate service provider setup #10

Merged
nabarun merged 31 commits from deep-stack/testnet-ops:ag-sp-setup into main 2024-10-01 12:17:11 +00:00
Conversation 0 Commits 31 Files Changed 37 +80 -15
9 changed files with 80 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 8d5da73b15 - Show all commits

6
service-provider-setup/deploy-backend.yml
View File

@ -1,4 +1,4 @@
- name: Deploy Webapp-Deployer Backend - name: Deploy webapp-deployer backend
hosts: "{{ target_host }}" hosts: "{{ target_host }}"
environment: environment:
@ -19,7 +19,7 @@
mode: '0700' mode: '0700'
- name: Create a GPG key - name: Create a GPG key
shell: gpg --batch --passphrase "SECRET" --quick-generate-key webapp-deployer-api.{{ full_domain }} default default never shell: gpg --batch --passphrase "{{ deployer_gpg_passphrase }}" --quick-generate-key webapp-deployer-api.{{ full_domain }} default default never
nabarun marked this conversation as resolved Outdated
zramsay commented 2024-09-24 18:10:24 +00:00
Outdated
Review
Copy Link

.com shouldn't be assumed, instead set in the dns_domain var

.com shouldn't be assumed, instead set in the `dns_domain` var
- name: Export the public key - name: Export the public key
shell: gpg --export webapp-deployer-api.{{ full_domain }} > ~/gpg-keys/webapp-deployer-api.{{ full_domain }}.pgp.pub shell: gpg --export webapp-deployer-api.{{ full_domain }} > ~/gpg-keys/webapp-deployer-api.{{ full_domain }}.pgp.pub
@ -27,7 +27,7 @@
creates: ~/gpg-keys/webapp-deployer-api.{{ full_domain }}.pgp.pub creates: ~/gpg-keys/webapp-deployer-api.{{ full_domain }}.pgp.pub
- name: Export the GPG private key with passphrase - name: Export the GPG private key with passphrase
shell: gpg --pinentry-mode=loopback --passphrase "SECRET" --export-secret-keys webapp-deployer-api.{{ full_domain }} > ~/gpg-keys/webapp-deployer-api.{{ full_domain }}.pgp.key shell: gpg --pinentry-mode=loopback --passphrase "{{ deployer_gpg_passphrase }}" --export-secret-keys webapp-deployer-api.{{ full_domain }} > ~/gpg-keys/webapp-deployer-api.{{ full_domain }}.pgp.key
- name: Setup repositories for webapp-deployer-backend - name: Setup repositories for webapp-deployer-backend
command: laconic-so --stack webapp-deployer-backend setup-repositories command: laconic-so --stack webapp-deployer-backend setup-repositories

2
service-provider-setup/deploy-frontend.yml
View File

@ -1,4 +1,4 @@
- name: Deploy Webapp-Deployer UI - name: Deploy webapp-deployer ui
hosts: "{{ target_host }}" hosts: "{{ target_host }}"
environment: environment:

1
service-provider-setup/service-provider-setup.yml
View File

@ -1,4 +1,3 @@
- import_playbook: setup-user.yml
- import_playbook: setup-dns.yml - import_playbook: setup-dns.yml
- import_playbook: setup-system.yml - import_playbook: setup-system.yml
- import_playbook: setup-k8s.yml - import_playbook: setup-k8s.yml

59
service-provider-setup/setup-container-registry.yml
View File

@ -51,19 +51,76 @@
REGISTRY_AUTH_HTPASSWD_PATH="/config/htpasswd" REGISTRY_AUTH_HTPASSWD_PATH="/config/htpasswd"
REGISTRY_HTTP_SECRET='{{ hashed_password }}' REGISTRY_HTTP_SECRET='{{ hashed_password }}'
- name: Set KUBECONFIG environment variable
set_fact:
kubeconfig_path: "{{ ansible_env.HOME }}/.kube/config-default.yaml"
- name: Add the container registry credentials as a secret available to the cluster - name: Add the container registry credentials as a secret available to the cluster
command: > command: >
kubectl create secret generic laconic-registry kubectl create secret generic laconic-registry
--from-file=.dockerconfigjson=container-registry/my_password.json --from-file=.dockerconfigjson=container-registry/my_password.json
--type=kubernetes.io/dockerconfigjson --type=kubernetes.io/dockerconfigjson
environment: environment:
KUBECONFIG: "{{ ansible_env.HOME }}/.kube/config-default.yaml" KUBECONFIG: "{{ kubeconfig_path }}"
# TODO: Investigate why container registry throws error if started immediately # TODO: Investigate why container registry throws error if started immediately
- name: Wait for 90 seconds - name: Wait for 90 seconds
pause: pause:
seconds: 90 seconds: 90
- block:
- name: Get Kubernetes nodes with wide output
command: kubectl get nodes -o wide
environment:
KUBECONFIG: "{{ kubeconfig_path }}"
register: nodes_output
- name: Print output of 'kubectl get nodes -o wide'
debug:
var: nodes_output.stdout
- name: Get all secrets from all namespaces
command: kubectl get secrets --all-namespaces
environment:
KUBECONFIG: "{{ kubeconfig_path }}"
register: secrets_output
- name: Print output of 'kubectl get secrets --all-namespaces'
debug:
var: secrets_output.stdout
- name: Get cluster issuers
command: kubectl get clusterissuer
environment:
KUBECONFIG: "{{ kubeconfig_path }}"
register: clusterissuer_output
- name: Print output of 'kubectl get clusterissuer'
debug:
var: clusterissuer_output.stdout
- name: Get certificates
command: kubectl get certificates
environment:
KUBECONFIG: "{{ kubeconfig_path }}"
register: certificates_output
- name: Print output of 'kubectl get certificates'
debug:
var: certificates_output.stdout
- name: Get DaemonSets in all namespaces
command: kubectl get ds --all-namespaces
environment:
KUBECONFIG: "{{ kubeconfig_path }}"
register: daemonsets_output
- name: Print output of 'kubectl get ds --all-namespaces'
debug:
var: daemonsets_output.stdout
ignore_errors: yes
- name: Deploy the container registry - name: Deploy the container registry
command: > command: >
laconic-so deployment --dir container-registry start laconic-so deployment --dir container-registry start

8
service-provider-setup/setup-k8s.yml
View File

@ -18,11 +18,17 @@
apt: apt:
name: "{{ item }}" name: "{{ item }}"
state: present state: present
become: true become: yes
loop: loop:
- python3 - python3
- python3-pip - python3-pip
- name: Add user to docker group
user:
name: "{{ ansible_user }}"
groups: docker
append: true
- name: Install Ansible on remote host - name: Install Ansible on remote host
pip: pip:
name: ansible name: ansible

10
service-provider-setup/setup-user.yml
View File

@ -27,13 +27,15 @@
group: "{{ username }}" group: "{{ username }}"
mode: '0700' mode: '0700'
- name: Copy SSH public key to authorized_keys - name: Append SSH public key to authorized_keys
copy: lineinfile:
src: "{{ path_to_ssh_key }}" path: /home/{{ username }}/.ssh/authorized_keys
dest: /home/{{ username }}/.ssh/authorized_keys line: "{{ lookup('file', path_to_ssh_key) }}"
create: yes
owner: "{{ username }}" owner: "{{ username }}"
group: "{{ username }}" group: "{{ username }}"
mode: '0600' mode: '0600'
state: present
- name: Add user to sudoers for passwordless sudo - name: Add user to sudoers for passwordless sudo
lineinfile: lineinfile:

2
service-provider-setup/templates/laconic.yml.j2
View File

@ -6,4 +6,4 @@ services:
bondId: "{{ BOND_ID }}" bondId: "{{ BOND_ID }}"
chainId: lorotestnet-1 chainId: lorotestnet-1
gas: 200000 gas: 200000
fees: 500000alnt fees: 200000alnt

4
service-provider-setup/vars/k8s-vars.example.yml
View File

@ -1,6 +1,6 @@
target_host: "deployment_host" target_host: "deployment_host"
gpg_key_id: "" gpg_key_id: "{{ sec_key_id }}"
vault_passphrase: "" vault_passphrase: "{{ gpg_passphrase }}"
org_id: "" org_id: ""
location_id: "" location_id: ""
base_domain: "" base_domain: ""

3
service-provider-setup/vars/webapp-vars.example.yml
View File

@ -1,5 +1,6 @@
authority_name: ""
ALICE_PK: "{{ ALICE_PK }}" ALICE_PK: "{{ ALICE_PK }}"
BOND_ID: "{{ BOND_ID }}" BOND_ID: "{{ BOND_ID }}"
authority_name: ""
cpu_reservation: "" cpu_reservation: ""
memory_reservation: "" memory_reservation: ""
deployer_gpg_passphrase: ""