Add ansible playbook to automate service provider setup #10
124
service-provider-setup/deploy-backend.yml
Normal file
124
service-provider-setup/deploy-backend.yml
Normal file
@ -0,0 +1,124 @@
|
|||||||
|
- name: Deploy Webapp-Deployer Backend
|
||||||
|
hosts: "{{ target_host }}"
|
||||||
|
|
||||||
|
environment:
|
||||||
|
PATH: "{{ ansible_env.PATH }}:/home/{{ansible_user}}/bin"
|
||||||
|
KUBECONFIG: "{{ ansible_env.HOME }}/.kube/config-default.yaml"
|
||||||
|
|
||||||
|
vars_files:
|
||||||
|
- webapp-vars.yml
|
||||||
|
- container-vars.yml
|
||||||
|
- k8s-vars.yml
|
||||||
|
- dns-vars.yml
|
||||||
|
|
||||||
|
tasks:
|
||||||
|
- name: Ensure gpg-keys directory exists
|
||||||
|
file:
|
||||||
|
path: ~/gpg-keys
|
||||||
|
state: directory
|
||||||
|
mode: '0700'
|
||||||
|
|
||||||
|
- name: Create a GPG key
|
||||||
|
shell: gpg --batch --passphrase "SECRET" --quick-generate-key webapp-deployer-api.{{ dns_domain }}.com default default never
|
||||||
|
|
||||||
|
- name: Export the public key
|
||||||
|
shell: gpg --export webapp-deployer-api.{{ dns_domain }}.com > ~/gpg-keys/webapp-deployer-api.{{ dns_domain }}.com.pgp.pub
|
||||||
|
args:
|
||||||
|
creates: ~/gpg-keys/webapp-deployer-api.{{ dns_domain }}.com.pgp.pub
|
||||||
|
|
||||||
|
- name: Export the private key with passphrase
|
||||||
|
expect:
|
||||||
|
command: gpg --export-secret-keys webapp-deployer-api.{{ dns_domain }}.com > ~/gpg-keys/webapp-deployer-api.{{ dns_domain }}.com.pgp.key
|
||||||
|
responses:
|
||||||
|
'Please enter the passphrase to export the OpenPGP secret key': 'SECRET\n'
|
||||||
|
register: gpg_output
|
||||||
|
no_log: true
|
||||||
|
|
||||||
|
- name: Setup repositories for webapp-deployer-backend
|
||||||
|
command: laconic-so --stack webapp-deployer-backend setup-repositories
|
||||||
|
|
||||||
|
- name: Build containers for webapp-deployer-backend
|
||||||
|
command: laconic-so --stack webapp-deployer-backend build-containers
|
||||||
|
|
||||||
|
- name: Create laconic config file
|
||||||
|
template:
|
||||||
|
src: "./templates/laconic.yml.j2"
|
||||||
|
dest: "config/laconic.yml"
|
||||||
|
|
||||||
|
- name: Copy the gpg private key file to config dir
|
||||||
|
copy:
|
||||||
|
src: "gpg-keys/webapp-deployer-api.{{ dns_domain }}.com.pgp.key"
|
||||||
|
dest: "config"
|
||||||
|
remote_src: true
|
||||||
|
|
||||||
|
- name: Copy the gpg public key file to config dir
|
||||||
|
copy:
|
||||||
|
src: "gpg-keys/webapp-deployer-api.{{ dns_domain }}.com.pgp.pub"
|
||||||
|
dest: "config"
|
||||||
|
remote_src: true
|
||||||
|
|
||||||
|
- name: Publish the webapp-deployer record using laconic-so
|
||||||
|
shell: |
|
||||||
|
docker run -i -t \
|
||||||
|
-v /home/{{ ansible_user }}/config:/home/root/config \
|
||||||
|
cerc/webapp-deployer-backend:local laconic-so publish-deployer-to-registry \
|
||||||
|
--laconic-config /home/root/config/laconic.yml \
|
||||||
|
--api-url https://webapp-deployer-api.{{ dns_domain }}.com \
|
||||||
|
--public-key-file /home/root/config/webapp-deployer-api.{{ dns_domain }}.com.pgp.pub \
|
||||||
|
--lrn lrn://{{ authority_name }}/deployers/webapp-deployer-api.{{ dns_domain }}.com \
|
||||||
|
--min-required-payment 100
|
||||||
|
register: publish_output
|
||||||
|
|
||||||
|
- name: Display publish output
|
||||||
|
debug:
|
||||||
|
var: publish_output.stdout
|
||||||
|
|
||||||
|
- name: Generate spec file for webapp-deployer-backend
|
||||||
|
template:
|
||||||
|
src: "./templates/specs/webapp-deployer.spec.j2"
|
||||||
|
dest: "webapp-deployer.spec"
|
||||||
|
|
||||||
|
- name: Create the deployment directory from the spec file
|
||||||
|
command: >
|
||||||
|
laconic-so --stack webapp-deployer-backend deploy create
|
||||||
|
--deployment-dir webapp-deployer --spec-file webapp-deployer.spec
|
||||||
|
|
||||||
|
- name: Update config for webapp-deployer-backend
|
||||||
|
template:
|
||||||
|
src: "./templates/configs/webapp-deployer-config.env.j2"
|
||||||
|
dest: "webapp-deployer/config.env"
|
||||||
|
|
||||||
|
- name: Copy the kube config file to webapp-deployer directory
|
||||||
|
copy:
|
||||||
|
src: "{{ansible_env.HOME}}/.kube/config-default.yaml"
|
||||||
|
dest: "webapp-deployer/data/config/kube.yml"
|
||||||
|
remote_src: true
|
||||||
|
|
||||||
|
- name: Create laconic config file
|
||||||
|
template:
|
||||||
|
src: "./templates/laconic.yml.j2"
|
||||||
|
dest: "webapp-deployer/data/config/laconic.yml"
|
||||||
|
|
||||||
|
- name: Push images to container registry
|
||||||
|
command: laconic-so deployment --dir webapp-deployer push-images
|
||||||
|
|
||||||
|
- name: Start the webapp deployer
|
||||||
|
command: laconic-so deployment --dir webapp-deployer start
|
||||||
|
|
||||||
|
- name: Get the most recent pod for the deployment
|
||||||
|
shell: kubectl get pods --sort-by=.metadata.creationTimestamp -o jsonpath='{.items[-1].metadata.name}'
|
||||||
|
register: webapp_deployer_pod
|
||||||
|
|
||||||
|
- name: Set pod ID to a variable
|
||||||
|
set_fact:
|
||||||
|
pod_id: "{{ webapp_deployer_pod.stdout }}"
|
||||||
|
|
||||||
|
- name: Wait for the recent pod to be ready
|
||||||
|
command: kubectl wait --for=condition=Ready pod/{{ pod_id }} --timeout=300s
|
||||||
|
register: wait_result
|
||||||
|
|
||||||
|
- name: Copy gpg private key file to webapp deployer pod
|
||||||
|
shell: kubectl cp gpg-keys/webapp-deployer-api.{{ dns_domain }}.com.pgp.key {{ pod_id }}:/app
|
||||||
|
|
||||||
|
- name: Copy gpg public key file to webapp deployer pod
|
||||||
|
shell: kubectl cp gpg-keys/webapp-deployer-api.{{ dns_domain }}.com.pgp.pub {{ pod_id }}:/app
|
@ -61,3 +61,34 @@
|
|||||||
- name: Deploy the container registry
|
- name: Deploy the container registry
|
||||||
command: >
|
command: >
|
||||||
laconic-so deployment --dir container-registry start
|
laconic-so deployment --dir container-registry start
|
||||||
|
|
||||||
|
- name: Get cluster_id from container-registry-deployment
|
||||||
|
slurp:
|
||||||
|
src: container-registry/deployment.yml
|
||||||
|
register: deployment_file
|
||||||
|
|
||||||
|
- name: Decode and extract cluster-id
|
||||||
|
set_fact:
|
||||||
|
cluster_id: "{{ deployment_file.content | b64decode | regex_search('cluster-id: (.+)', '\\1') }}"
|
||||||
|
|
||||||
|
- name: Display the cluster ID
|
||||||
|
debug:
|
||||||
|
msg: "The cluster ID is: {{ cluster_id }}"
|
||||||
|
|
||||||
|
- name: Annotate ingress for proxy body size
|
||||||
|
command: >
|
||||||
|
kubectl annotate ingress {{ cluster_id }}-ingress nginx.ingress.kubernetes.io/proxy-body-size=0
|
||||||
|
environment:
|
||||||
|
KUBECONFIG: "{{ ansible_env.HOME }}/.kube/config-default.yaml"
|
||||||
|
|
||||||
|
- name: Annotate ingress for proxy read timeout
|
||||||
|
command: >
|
||||||
|
kubectl annotate ingress {{ cluster_id }}-ingress nginx.ingress.kubernetes.io/proxy-read-timeout=600
|
||||||
|
environment:
|
||||||
|
KUBECONFIG: "{{ ansible_env.HOME }}/.kube/config-default.yaml"
|
||||||
|
|
||||||
|
- name: Annotate ingress for proxy send timeout
|
||||||
|
command: >
|
||||||
|
kubectl annotate ingress {{ cluster_id }}-ingress nginx.ingress.kubernetes.io/proxy-send-timeout=600
|
||||||
|
environment:
|
||||||
|
KUBECONFIG: "{{ ansible_env.HOME }}/.kube/config-default.yaml"
|
||||||
|
@ -0,0 +1,28 @@
|
|||||||
|
DEPLOYMENT_DNS_SUFFIX="pwa.{{ dns_domain }}.com"
|
||||||
|
|
||||||
|
# Name of reserved authority
|
||||||
|
DEPLOYMENT_RECORD_NAMESPACE="{{ authority_name }}"
|
||||||
|
|
||||||
|
# url of the deployed docker image registry
|
||||||
|
IMAGE_REGISTRY="container-registry.pwa.{{ dns_domain }}.com"
|
||||||
|
|
||||||
|
# htpasswd credentials
|
||||||
|
IMAGE_REGISTRY_USER="{{ container_registry_username }}"
|
||||||
|
IMAGE_REGISTRY_CREDS="{{ container_registry_password }}"
|
||||||
|
|
||||||
|
# configs
|
||||||
|
CLEAN_DEPLOYMENTS=false
|
||||||
|
CLEAN_LOGS=false
|
||||||
|
CLEAN_CONTAINERS=false
|
||||||
|
SYSTEM_PRUNE=false
|
||||||
|
WEBAPP_IMAGE_PRUNE=true
|
||||||
|
CHECK_INTERVAL=5
|
||||||
|
FQDN_POLICY="allow"
|
||||||
|
|
||||||
|
# lrn of the webapp deployer
|
||||||
|
LRN="lrn://{{ authority_name }}/deployers/webapp-deployer-api.{{ dns_domain }}.com"
|
||||||
|
export OPENPGP_PRIVATE_KEY_FILE="webapp-deployer-api.{{ dns_domain }}.com.pgp.key"
|
||||||
|
export OPENPGP_PASSPHRASE="SECRET"
|
||||||
|
export DEPLOYER_STATE="srv-test/deployments/autodeploy.state"
|
||||||
|
export UNDEPLOYER_STATE="srv-test/deployments/autoundeploy.state"
|
||||||
|
export UPLOAD_DIRECTORY="srv-test/uploads"
|
9
service-provider-setup/templates/laconic.yml.j2
Normal file
9
service-provider-setup/templates/laconic.yml.j2
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
services:
|
||||||
|
registry:
|
||||||
|
rpcEndpoint: 'http://{{ cluster_control_ip }}:26657'
|
||||||
|
gqlEndpoint: 'http://{{ cluster_control_ip }}:9473/api'
|
||||||
|
userKey: "{{ ALICE_PK }}"
|
||||||
|
bondId: "{{ BOND_ID }}"
|
||||||
|
chainId: lorotestnet-1
|
||||||
|
gas: 200000
|
||||||
|
fees: 500000alnt
|
@ -0,0 +1,35 @@
|
|||||||
|
stack: webapp-deployer-backend
|
||||||
|
deploy-to: k8s
|
||||||
|
kube-config: {{ansible_env.HOME}}/.kube/config-default.yaml
|
||||||
|
image-registry: container-registry.pwa.{{dns_domain}}.com/laconic-registry
|
||||||
|
network:
|
||||||
|
ports:
|
||||||
|
server:
|
||||||
|
- '9555'
|
||||||
|
http-proxy:
|
||||||
|
- host-name: webapp-deployer-api.pwa.{{ dns_domain }}.com
|
||||||
|
routes:
|
||||||
|
- path: '/'
|
||||||
|
proxy-to: server:9555
|
||||||
|
volumes:
|
||||||
|
srv:
|
||||||
|
configmaps:
|
||||||
|
config: ./data/config
|
||||||
|
annotations:
|
||||||
|
container.apparmor.security.beta.kubernetes.io/{name}: unconfined
|
||||||
|
labels:
|
||||||
|
container.kubeaudit.io/{name}.allow-disabled-apparmor: "podman"
|
||||||
|
security:
|
||||||
|
privileged: true
|
||||||
|
|
||||||
|
resources:
|
||||||
|
containers:
|
||||||
|
reservations:
|
||||||
|
cpus: 4
|
||||||
|
memory: 8G
|
||||||
|
limits:
|
||||||
|
cpus: 6
|
||||||
|
memory: 16G
|
||||||
|
volumes:
|
||||||
|
reservations:
|
||||||
|
storage: 200G
|
Loading…
Reference in New Issue
Block a user