Add ansible playbook to automate service provider setup #10

Merged
nabarun merged 31 commits from deep-stack/testnet-ops:ag-sp-setup into main 2024-10-01 12:17:11 +00:00
9 changed files with 80 additions and 15 deletions
Showing only changes of commit 8d5da73b15 - Show all commits

View File

@ -1,4 +1,4 @@
- name: Deploy Webapp-Deployer Backend
- name: Deploy webapp-deployer backend
hosts: "{{ target_host }}"
environment:
@ -19,7 +19,7 @@
mode: '0700'
- name: Create a GPG key
shell: gpg --batch --passphrase "SECRET" --quick-generate-key webapp-deployer-api.{{ full_domain }} default default never
shell: gpg --batch --passphrase "{{ deployer_gpg_passphrase }}" --quick-generate-key webapp-deployer-api.{{ full_domain }} default default never
nabarun marked this conversation as resolved Outdated

.com shouldn't be assumed, instead set in the dns_domain var

.com shouldn't be assumed, instead set in the `dns_domain` var
- name: Export the public key
shell: gpg --export webapp-deployer-api.{{ full_domain }} > ~/gpg-keys/webapp-deployer-api.{{ full_domain }}.pgp.pub
@ -27,7 +27,7 @@
creates: ~/gpg-keys/webapp-deployer-api.{{ full_domain }}.pgp.pub
- name: Export the GPG private key with passphrase
shell: gpg --pinentry-mode=loopback --passphrase "SECRET" --export-secret-keys webapp-deployer-api.{{ full_domain }} > ~/gpg-keys/webapp-deployer-api.{{ full_domain }}.pgp.key
shell: gpg --pinentry-mode=loopback --passphrase "{{ deployer_gpg_passphrase }}" --export-secret-keys webapp-deployer-api.{{ full_domain }} > ~/gpg-keys/webapp-deployer-api.{{ full_domain }}.pgp.key
- name: Setup repositories for webapp-deployer-backend
command: laconic-so --stack webapp-deployer-backend setup-repositories

View File

@ -1,4 +1,4 @@
- name: Deploy Webapp-Deployer UI
- name: Deploy webapp-deployer ui
hosts: "{{ target_host }}"
environment:

View File

@ -1,4 +1,3 @@
- import_playbook: setup-user.yml
- import_playbook: setup-dns.yml
- import_playbook: setup-system.yml
- import_playbook: setup-k8s.yml

View File

@ -51,19 +51,76 @@
REGISTRY_AUTH_HTPASSWD_PATH="/config/htpasswd"
REGISTRY_HTTP_SECRET='{{ hashed_password }}'
- name: Set KUBECONFIG environment variable
set_fact:
kubeconfig_path: "{{ ansible_env.HOME }}/.kube/config-default.yaml"
- name: Add the container registry credentials as a secret available to the cluster
command: >
kubectl create secret generic laconic-registry
--from-file=.dockerconfigjson=container-registry/my_password.json
--type=kubernetes.io/dockerconfigjson
environment:
KUBECONFIG: "{{ ansible_env.HOME }}/.kube/config-default.yaml"
KUBECONFIG: "{{ kubeconfig_path }}"
# TODO: Investigate why container registry throws error if started immediately
- name: Wait for 90 seconds
pause:
seconds: 90
- block:
- name: Get Kubernetes nodes with wide output
command: kubectl get nodes -o wide
environment:
KUBECONFIG: "{{ kubeconfig_path }}"
register: nodes_output
- name: Print output of 'kubectl get nodes -o wide'
debug:
var: nodes_output.stdout
- name: Get all secrets from all namespaces
command: kubectl get secrets --all-namespaces
environment:
KUBECONFIG: "{{ kubeconfig_path }}"
register: secrets_output
- name: Print output of 'kubectl get secrets --all-namespaces'
debug:
var: secrets_output.stdout
- name: Get cluster issuers
command: kubectl get clusterissuer
environment:
KUBECONFIG: "{{ kubeconfig_path }}"
register: clusterissuer_output
- name: Print output of 'kubectl get clusterissuer'
debug:
var: clusterissuer_output.stdout
- name: Get certificates
command: kubectl get certificates
environment:
KUBECONFIG: "{{ kubeconfig_path }}"
register: certificates_output
- name: Print output of 'kubectl get certificates'
debug:
var: certificates_output.stdout
- name: Get DaemonSets in all namespaces
command: kubectl get ds --all-namespaces
environment:
KUBECONFIG: "{{ kubeconfig_path }}"
register: daemonsets_output
- name: Print output of 'kubectl get ds --all-namespaces'
debug:
var: daemonsets_output.stdout
ignore_errors: yes
- name: Deploy the container registry
command: >
laconic-so deployment --dir container-registry start

View File

@ -18,11 +18,17 @@
apt:
name: "{{ item }}"
state: present
become: true
become: yes
loop:
- python3
- python3-pip
- name: Add user to docker group
user:
name: "{{ ansible_user }}"
groups: docker
append: true
- name: Install Ansible on remote host
pip:
name: ansible

View File

@ -27,13 +27,15 @@
group: "{{ username }}"
mode: '0700'
- name: Copy SSH public key to authorized_keys
copy:
src: "{{ path_to_ssh_key }}"
dest: /home/{{ username }}/.ssh/authorized_keys
- name: Append SSH public key to authorized_keys
lineinfile:
path: /home/{{ username }}/.ssh/authorized_keys
line: "{{ lookup('file', path_to_ssh_key) }}"
create: yes
owner: "{{ username }}"
group: "{{ username }}"
mode: '0600'
state: present
- name: Add user to sudoers for passwordless sudo
lineinfile:

View File

@ -6,4 +6,4 @@ services:
bondId: "{{ BOND_ID }}"
chainId: lorotestnet-1
gas: 200000
fees: 500000alnt
fees: 200000alnt

View File

@ -1,6 +1,6 @@
target_host: "deployment_host"
gpg_key_id: ""
vault_passphrase: ""
gpg_key_id: "{{ sec_key_id }}"
vault_passphrase: "{{ gpg_passphrase }}"
org_id: ""
location_id: ""
base_domain: ""

View File

@ -1,5 +1,6 @@
authority_name: ""
ALICE_PK: "{{ ALICE_PK }}"
BOND_ID: "{{ BOND_ID }}"
authority_name: ""
cpu_reservation: ""
memory_reservation: ""
deployer_gpg_passphrase: ""