Add ansible playbook to automate service provider setup #10

Merged
nabarun merged 31 commits from deep-stack/testnet-ops:ag-sp-setup into main 2024-10-01 12:17:11 +00:00
5 changed files with 227 additions and 0 deletions
Showing only changes of commit 9a4a7ad53d - Show all commits

View File

@ -0,0 +1,124 @@
- name: Deploy Webapp-Deployer Backend
hosts: "{{ target_host }}"
environment:
PATH: "{{ ansible_env.PATH }}:/home/{{ansible_user}}/bin"
KUBECONFIG: "{{ ansible_env.HOME }}/.kube/config-default.yaml"
vars_files:
- webapp-vars.yml
- container-vars.yml
- k8s-vars.yml
- dns-vars.yml
tasks:
- name: Ensure gpg-keys directory exists
file:
path: ~/gpg-keys
state: directory
mode: '0700'
- name: Create a GPG key
shell: gpg --batch --passphrase "SECRET" --quick-generate-key webapp-deployer-api.{{ dns_domain }}.com default default never
- name: Export the public key
shell: gpg --export webapp-deployer-api.{{ dns_domain }}.com > ~/gpg-keys/webapp-deployer-api.{{ dns_domain }}.com.pgp.pub
args:
creates: ~/gpg-keys/webapp-deployer-api.{{ dns_domain }}.com.pgp.pub
- name: Export the private key with passphrase
expect:
command: gpg --export-secret-keys webapp-deployer-api.{{ dns_domain }}.com > ~/gpg-keys/webapp-deployer-api.{{ dns_domain }}.com.pgp.key
responses:
'Please enter the passphrase to export the OpenPGP secret key': 'SECRET\n'
register: gpg_output
no_log: true
- name: Setup repositories for webapp-deployer-backend
command: laconic-so --stack webapp-deployer-backend setup-repositories
- name: Build containers for webapp-deployer-backend
command: laconic-so --stack webapp-deployer-backend build-containers
- name: Create laconic config file
template:
src: "./templates/laconic.yml.j2"
dest: "config/laconic.yml"
- name: Copy the gpg private key file to config dir
copy:
src: "gpg-keys/webapp-deployer-api.{{ dns_domain }}.com.pgp.key"
dest: "config"
remote_src: true
- name: Copy the gpg public key file to config dir
copy:
src: "gpg-keys/webapp-deployer-api.{{ dns_domain }}.com.pgp.pub"
dest: "config"
remote_src: true
- name: Publish the webapp-deployer record using laconic-so
shell: |
docker run -i -t \
-v /home/{{ ansible_user }}/config:/home/root/config \
cerc/webapp-deployer-backend:local laconic-so publish-deployer-to-registry \
--laconic-config /home/root/config/laconic.yml \
--api-url https://webapp-deployer-api.{{ dns_domain }}.com \
--public-key-file /home/root/config/webapp-deployer-api.{{ dns_domain }}.com.pgp.pub \
--lrn lrn://{{ authority_name }}/deployers/webapp-deployer-api.{{ dns_domain }}.com \
--min-required-payment 100
register: publish_output
- name: Display publish output
debug:
var: publish_output.stdout
- name: Generate spec file for webapp-deployer-backend
template:
src: "./templates/specs/webapp-deployer.spec.j2"
dest: "webapp-deployer.spec"
- name: Create the deployment directory from the spec file
command: >
laconic-so --stack webapp-deployer-backend deploy create
--deployment-dir webapp-deployer --spec-file webapp-deployer.spec
- name: Update config for webapp-deployer-backend
template:
src: "./templates/configs/webapp-deployer-config.env.j2"
dest: "webapp-deployer/config.env"
- name: Copy the kube config file to webapp-deployer directory
copy:
src: "{{ansible_env.HOME}}/.kube/config-default.yaml"
dest: "webapp-deployer/data/config/kube.yml"
remote_src: true
- name: Create laconic config file
template:
src: "./templates/laconic.yml.j2"
dest: "webapp-deployer/data/config/laconic.yml"
- name: Push images to container registry
command: laconic-so deployment --dir webapp-deployer push-images
- name: Start the webapp deployer
command: laconic-so deployment --dir webapp-deployer start
- name: Get the most recent pod for the deployment
shell: kubectl get pods --sort-by=.metadata.creationTimestamp -o jsonpath='{.items[-1].metadata.name}'
register: webapp_deployer_pod
- name: Set pod ID to a variable
set_fact:
pod_id: "{{ webapp_deployer_pod.stdout }}"
- name: Wait for the recent pod to be ready
command: kubectl wait --for=condition=Ready pod/{{ pod_id }} --timeout=300s
register: wait_result
- name: Copy gpg private key file to webapp deployer pod
shell: kubectl cp gpg-keys/webapp-deployer-api.{{ dns_domain }}.com.pgp.key {{ pod_id }}:/app
- name: Copy gpg public key file to webapp deployer pod
shell: kubectl cp gpg-keys/webapp-deployer-api.{{ dns_domain }}.com.pgp.pub {{ pod_id }}:/app

View File

@ -61,3 +61,34 @@
- name: Deploy the container registry - name: Deploy the container registry
command: > command: >
laconic-so deployment --dir container-registry start laconic-so deployment --dir container-registry start
- name: Get cluster_id from container-registry-deployment
slurp:
src: container-registry/deployment.yml
register: deployment_file
- name: Decode and extract cluster-id
set_fact:
cluster_id: "{{ deployment_file.content | b64decode | regex_search('cluster-id: (.+)', '\\1') }}"
- name: Display the cluster ID
debug:
msg: "The cluster ID is: {{ cluster_id }}"
- name: Annotate ingress for proxy body size
command: >
kubectl annotate ingress {{ cluster_id }}-ingress nginx.ingress.kubernetes.io/proxy-body-size=0
environment:
KUBECONFIG: "{{ ansible_env.HOME }}/.kube/config-default.yaml"
- name: Annotate ingress for proxy read timeout
command: >
kubectl annotate ingress {{ cluster_id }}-ingress nginx.ingress.kubernetes.io/proxy-read-timeout=600
environment:
KUBECONFIG: "{{ ansible_env.HOME }}/.kube/config-default.yaml"
- name: Annotate ingress for proxy send timeout
command: >
kubectl annotate ingress {{ cluster_id }}-ingress nginx.ingress.kubernetes.io/proxy-send-timeout=600
environment:
KUBECONFIG: "{{ ansible_env.HOME }}/.kube/config-default.yaml"

View File

@ -0,0 +1,28 @@
DEPLOYMENT_DNS_SUFFIX="pwa.{{ dns_domain }}.com"
# Name of reserved authority
DEPLOYMENT_RECORD_NAMESPACE="{{ authority_name }}"
# url of the deployed docker image registry
IMAGE_REGISTRY="container-registry.pwa.{{ dns_domain }}.com"
# htpasswd credentials
IMAGE_REGISTRY_USER="{{ container_registry_username }}"
IMAGE_REGISTRY_CREDS="{{ container_registry_password }}"
# configs
CLEAN_DEPLOYMENTS=false
CLEAN_LOGS=false
CLEAN_CONTAINERS=false
SYSTEM_PRUNE=false
WEBAPP_IMAGE_PRUNE=true
CHECK_INTERVAL=5
FQDN_POLICY="allow"
# lrn of the webapp deployer
LRN="lrn://{{ authority_name }}/deployers/webapp-deployer-api.{{ dns_domain }}.com"
export OPENPGP_PRIVATE_KEY_FILE="webapp-deployer-api.{{ dns_domain }}.com.pgp.key"
export OPENPGP_PASSPHRASE="SECRET"
export DEPLOYER_STATE="srv-test/deployments/autodeploy.state"
export UNDEPLOYER_STATE="srv-test/deployments/autoundeploy.state"
export UPLOAD_DIRECTORY="srv-test/uploads"

View File

@ -0,0 +1,9 @@
services:
registry:
rpcEndpoint: 'http://{{ cluster_control_ip }}:26657'
gqlEndpoint: 'http://{{ cluster_control_ip }}:9473/api'
userKey: "{{ ALICE_PK }}"
bondId: "{{ BOND_ID }}"
chainId: lorotestnet-1
gas: 200000
fees: 500000alnt

View File

@ -0,0 +1,35 @@
stack: webapp-deployer-backend
deploy-to: k8s
kube-config: {{ansible_env.HOME}}/.kube/config-default.yaml
image-registry: container-registry.pwa.{{dns_domain}}.com/laconic-registry
network:
ports:
server:
- '9555'
http-proxy:
- host-name: webapp-deployer-api.pwa.{{ dns_domain }}.com
routes:
- path: '/'
proxy-to: server:9555
volumes:
srv:
configmaps:
config: ./data/config
annotations:
container.apparmor.security.beta.kubernetes.io/{name}: unconfined
labels:
container.kubeaudit.io/{name}.allow-disabled-apparmor: "podman"
security:
privileged: true
resources:
containers:
reservations:
cpus: 4
memory: 8G
limits:
cpus: 6
memory: 16G
volumes:
reservations:
storage: 200G