Add ansible playbook to automate service provider setup #10
@ -1,4 +1,4 @@
|
||||
- name: Deploy Webapp-Deployer Backend
|
||||
- name: Deploy webapp-deployer backend
|
||||
hosts: "{{ target_host }}"
|
||||
|
||||
environment:
|
||||
@ -19,7 +19,7 @@
|
||||
mode: '0700'
|
||||
|
||||
- name: Create a GPG key
|
||||
shell: gpg --batch --passphrase "SECRET" --quick-generate-key webapp-deployer-api.{{ full_domain }} default default never
|
||||
shell: gpg --batch --passphrase "{{ deployer_gpg_passphrase }}" --quick-generate-key webapp-deployer-api.{{ full_domain }} default default never
|
||||
nabarun marked this conversation as resolved
Outdated
|
||||
|
||||
- name: Export the public key
|
||||
shell: gpg --export webapp-deployer-api.{{ full_domain }} > ~/gpg-keys/webapp-deployer-api.{{ full_domain }}.pgp.pub
|
||||
@ -27,7 +27,7 @@
|
||||
creates: ~/gpg-keys/webapp-deployer-api.{{ full_domain }}.pgp.pub
|
||||
|
||||
- name: Export the GPG private key with passphrase
|
||||
shell: gpg --pinentry-mode=loopback --passphrase "SECRET" --export-secret-keys webapp-deployer-api.{{ full_domain }} > ~/gpg-keys/webapp-deployer-api.{{ full_domain }}.pgp.key
|
||||
shell: gpg --pinentry-mode=loopback --passphrase "{{ deployer_gpg_passphrase }}" --export-secret-keys webapp-deployer-api.{{ full_domain }} > ~/gpg-keys/webapp-deployer-api.{{ full_domain }}.pgp.key
|
||||
|
||||
- name: Setup repositories for webapp-deployer-backend
|
||||
command: laconic-so --stack webapp-deployer-backend setup-repositories
|
||||
|
@ -1,4 +1,4 @@
|
||||
- name: Deploy Webapp-Deployer UI
|
||||
- name: Deploy webapp-deployer ui
|
||||
hosts: "{{ target_host }}"
|
||||
|
||||
environment:
|
||||
|
@ -1,4 +1,3 @@
|
||||
- import_playbook: setup-user.yml
|
||||
- import_playbook: setup-dns.yml
|
||||
- import_playbook: setup-system.yml
|
||||
- import_playbook: setup-k8s.yml
|
||||
|
@ -51,19 +51,76 @@
|
||||
REGISTRY_AUTH_HTPASSWD_PATH="/config/htpasswd"
|
||||
REGISTRY_HTTP_SECRET='{{ hashed_password }}'
|
||||
|
||||
- name: Set KUBECONFIG environment variable
|
||||
set_fact:
|
||||
kubeconfig_path: "{{ ansible_env.HOME }}/.kube/config-default.yaml"
|
||||
|
||||
- name: Add the container registry credentials as a secret available to the cluster
|
||||
command: >
|
||||
kubectl create secret generic laconic-registry
|
||||
--from-file=.dockerconfigjson=container-registry/my_password.json
|
||||
--type=kubernetes.io/dockerconfigjson
|
||||
environment:
|
||||
KUBECONFIG: "{{ ansible_env.HOME }}/.kube/config-default.yaml"
|
||||
KUBECONFIG: "{{ kubeconfig_path }}"
|
||||
|
||||
# TODO: Investigate why container registry throws error if started immediately
|
||||
- name: Wait for 90 seconds
|
||||
pause:
|
||||
seconds: 90
|
||||
|
||||
- block:
|
||||
- name: Get Kubernetes nodes with wide output
|
||||
command: kubectl get nodes -o wide
|
||||
environment:
|
||||
KUBECONFIG: "{{ kubeconfig_path }}"
|
||||
register: nodes_output
|
||||
|
||||
- name: Print output of 'kubectl get nodes -o wide'
|
||||
debug:
|
||||
var: nodes_output.stdout
|
||||
|
||||
- name: Get all secrets from all namespaces
|
||||
command: kubectl get secrets --all-namespaces
|
||||
environment:
|
||||
KUBECONFIG: "{{ kubeconfig_path }}"
|
||||
register: secrets_output
|
||||
|
||||
- name: Print output of 'kubectl get secrets --all-namespaces'
|
||||
debug:
|
||||
var: secrets_output.stdout
|
||||
|
||||
- name: Get cluster issuers
|
||||
command: kubectl get clusterissuer
|
||||
environment:
|
||||
KUBECONFIG: "{{ kubeconfig_path }}"
|
||||
register: clusterissuer_output
|
||||
|
||||
- name: Print output of 'kubectl get clusterissuer'
|
||||
debug:
|
||||
var: clusterissuer_output.stdout
|
||||
|
||||
- name: Get certificates
|
||||
command: kubectl get certificates
|
||||
environment:
|
||||
KUBECONFIG: "{{ kubeconfig_path }}"
|
||||
register: certificates_output
|
||||
|
||||
- name: Print output of 'kubectl get certificates'
|
||||
debug:
|
||||
var: certificates_output.stdout
|
||||
|
||||
- name: Get DaemonSets in all namespaces
|
||||
command: kubectl get ds --all-namespaces
|
||||
environment:
|
||||
KUBECONFIG: "{{ kubeconfig_path }}"
|
||||
register: daemonsets_output
|
||||
|
||||
- name: Print output of 'kubectl get ds --all-namespaces'
|
||||
debug:
|
||||
var: daemonsets_output.stdout
|
||||
|
||||
ignore_errors: yes
|
||||
|
||||
- name: Deploy the container registry
|
||||
command: >
|
||||
laconic-so deployment --dir container-registry start
|
||||
|
@ -18,11 +18,17 @@
|
||||
apt:
|
||||
name: "{{ item }}"
|
||||
state: present
|
||||
become: true
|
||||
become: yes
|
||||
loop:
|
||||
- python3
|
||||
- python3-pip
|
||||
|
||||
- name: Add user to docker group
|
||||
user:
|
||||
name: "{{ ansible_user }}"
|
||||
groups: docker
|
||||
append: true
|
||||
|
||||
- name: Install Ansible on remote host
|
||||
pip:
|
||||
name: ansible
|
||||
|
@ -27,13 +27,15 @@
|
||||
group: "{{ username }}"
|
||||
mode: '0700'
|
||||
|
||||
- name: Copy SSH public key to authorized_keys
|
||||
copy:
|
||||
src: "{{ path_to_ssh_key }}"
|
||||
dest: /home/{{ username }}/.ssh/authorized_keys
|
||||
- name: Append SSH public key to authorized_keys
|
||||
lineinfile:
|
||||
path: /home/{{ username }}/.ssh/authorized_keys
|
||||
line: "{{ lookup('file', path_to_ssh_key) }}"
|
||||
create: yes
|
||||
owner: "{{ username }}"
|
||||
group: "{{ username }}"
|
||||
mode: '0600'
|
||||
state: present
|
||||
|
||||
- name: Add user to sudoers for passwordless sudo
|
||||
lineinfile:
|
||||
|
@ -6,4 +6,4 @@ services:
|
||||
bondId: "{{ BOND_ID }}"
|
||||
chainId: lorotestnet-1
|
||||
gas: 200000
|
||||
fees: 500000alnt
|
||||
fees: 200000alnt
|
||||
|
@ -1,6 +1,6 @@
|
||||
target_host: "deployment_host"
|
||||
gpg_key_id: ""
|
||||
vault_passphrase: ""
|
||||
gpg_key_id: "{{ sec_key_id }}"
|
||||
vault_passphrase: "{{ gpg_passphrase }}"
|
||||
org_id: ""
|
||||
location_id: ""
|
||||
base_domain: ""
|
||||
|
@ -1,5 +1,6 @@
|
||||
authority_name: ""
|
||||
ALICE_PK: "{{ ALICE_PK }}"
|
||||
BOND_ID: "{{ BOND_ID }}"
|
||||
authority_name: ""
|
||||
cpu_reservation: ""
|
||||
memory_reservation: ""
|
||||
deployer_gpg_passphrase: ""
|
||||
|
Loading…
Reference in New Issue
Block a user
.com shouldn't be assumed, instead set in the
dns_domain
var