service-provider-setup/setup-k8s.yml

@@ -6,6 +6,7 @@
 
   vars_files:
     - k8s-vars.yml
+    - dns-vars.yml
 
   tasks:
     - name: Install Python and pip
@@ -56,3 +57,59 @@
           "Enter passphrase:": "{{ vault_passphrase }}"
       args:
         chdir: "service-provider-template"
+
+    - name: Ensure the target directory exists
+      file:
+        path: "{{ ansible_env.HOME }}/service-provider-template"
+        state: directory
+        mode: '0755'
+
+    - name: Change directory name in group_vars
+      command: mv lcn_cad {{ org_id }}_{{ location_id }}
+      args:
+        chdir: "{{ ansible_env.HOME }}/service-provider-template/group_vars"
+
+    - name: Change control directory name in host_vars
+      command: mv lcn-cad-cluster-control {{ org_id }}-{{ location_id }}-cluster-control
+      args:
+        chdir: "{{ ansible_env.HOME }}/service-provider-template/host_vars"
+
+    - name: Change daemon directory name in host_vars
+      command: mv lcn-daemon {{ org_id }}-daemon
+      args:
+        chdir: "{{ ansible_env.HOME }}/service-provider-template/host_vars"
+
+    - name: Copy control-firewalld.yml.j2 to the remote VM
+      template:
+        src: ./templates/control-firewalld.yml.j2
+        dest: "{{ ansible_env.HOME }}/service-provider-template/host_vars/{{ org_id }}-{{ location_id }}-cluster-control/firewalld.yml"
+
+    - name: Copy daemon-firewalld.yml.j2 to the remote VM
+      template:
+        src: ./templates/daemon-firewalld.yml.j2
+        dest: "{{ ansible_env.HOME }}/service-provider-template/host_vars/{{ org_id }}-daemon/firewalld.yml"
+
+    - name: Copy nginx.yml.j2 to the remote VM
+      template:
+        src: ./templates/nginx.yml.j2
+        dest: "{{ ansible_env.HOME }}/service-provider-template/host_vars/{{ org_id }}-daemon/nginx.yml"
+
+    - name: Copy hosts.j2 to the remote VM
+      template:
+        src: ./templates/hosts.j2
+        dest: "{{ ansible_env.HOME }}/service-provider-template/hosts"
+
+    - name: Copy k8s.yml.j2 to the remote VM
+      template:
+        src: ./templates/k8s.yml.j2
+        dest: "{{ ansible_env.HOME }}/service-provider-template/group_vars/{{ org_id }}_{{ location_id }}/k8s.yml"
+
+    - name: Copy wildcard-pwa-example.yml.j2 to the remote VM
+      template:
+        src: ./templates/wildcard-pwa-example.yml.j2
+        dest: "{{ ansible_env.HOME }}/service-provider-template/files/manifests/wildcard-pwa-{{dns_domain}}.yml"
+
+    - name: Delete old wildcard-pwa file
+      file:
+        path: "{{ ansible_env.HOME }}/service-provider-template/files/manifests/wildcard-pwa-laconic.yaml"
+        state: absent

service-provider-setup/templates/control-firewalld.yml.j2

@@ -13,4 +13,4 @@ firewalld_add:
     sources:
       - 10.42.0.0/16
       - 10.43.0.0/16
-      - "{{ cluster_control_ip }}"
+      - {{ cluster_control_ip }}

service-provider-setup/templates/daemon-firewalld.yml.j2

@@ -13,4 +13,4 @@ firewalld_add:
 
   - name: trusted
     sources:
-      - "{{ cluster_control_ip }}"
+      - {{ cluster_control_ip }}

service-provider-setup/templates/hosts.j2

@@ -1,12 +1,12 @@
 [all]
 {{ org_id }}-daemon ansible_host={{ cluster_control_ip }}
-{{ org_id }}-{{ country_id }}-cluster-control ansible_host={{ cluster_control_ip }}
+{{ org_id }}-{{ location_id }}-cluster-control ansible_host={{ cluster_control_ip }}
 
 [so]
 {{ org_id }}-daemon
 
-[{{ org_id }}-{{ country_id }}]
+[{{ org_id }}-{{ location_id }}]
-{{ org_id }}-{{ country_id }}-cluster-control k8s_node_type=bootstrap k8s_pod_limit=1024 k8s_external_ip={{ cluster_control_ip }}
+{{ org_id }}-{{ location_id }}-cluster-control k8s_node_type=bootstrap k8s_pod_limit=1024 k8s_external_ip={{ cluster_control_ip }}
 
 [k8s:children]
-{{ org_id }}-{{ country_id }}
+{{ org_id }}-{{ location_id }}

service-provider-setup/templates/k8s.yml.j2

@@ -1,8 +1,8 @@
 ---
 # default context is used for stack orchestrator deployments, for testing a custom context name can be usefull
-#k8s_cluster_name: "{{ org_id }}-{{ country_id }}-cluster"
+#k8s_cluster_name: {{ org_id }}-{{ location_id }}-cluster
 k8s_cluster_name: default
-k8s_cluster_url: "{{ org_id }}-{{ country_id }}-cluster-control.{{ dns_domain }}.com"
+k8s_cluster_url: {{ org_id }}-{{ location_id }}-cluster-control.{{ dns_domain }}.com
 k8s_taint_servers: false
 
 k8s_acme_email: "{{ support_email }}"
@@ -50,6 +50,6 @@ k8s_manifests:
         secret_key: access-token
 
   # initiate wildcard cert
-  - name: "pwa.{{ dns_domain }}.com"
+  - name: pwa.{{ dns_domain }}.com
     type: file
-    source: "wildcard-pwa-{{ dns_domain }}.yaml"
+    source: wildcard-pwa-{{ dns_domain }}.yaml

service-provider-setup/templates/nginx.yml.j2

@@ -6,16 +6,16 @@ nginx_proxy_send_timeout: 1200
 nginx_proxy_connection_timeout: 75
 
 nginx_sites:
-  - name: "{{ org_id }}-console"
+  - name: {{ org_id }}-console
-    url: "{{ org_id }}-console.{{ dns_domain }}.com"
+    url: {{ org_id }}-console.{{ dns_domain }}.com
     upstream: http://localhost:8080
     template: basic-proxy
     ssl: true
 
-  - name: "{{ org_id }}-daemon"
+  - name: {{ org_id }}-daemon
-    url: "{{ org_id }}-daemon.{{ dns_domain }}.com"
+    url: {{ org_id }}-daemon.{{ dns_domain }}.com
     upstream: http://localhost:9473
     configs:
-      - rewrite "^/deployer(/.*)? https://webapp-deployer.pwa.{{domain}}.com" permanent
+      - rewrite ^/deployer(/.*)? https://webapp-deployer.pwa.{{dns_domain}}.com permanent
     template: websocket-proxy
-    ssl: true
+    ssl: true

service-provider-setup/templates/wildcard-pwa-example.yml.j2

@@ -1,15 +1,15 @@
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
-  name: "pwa.{{ dns_domain }}.com"
+  name: pwa.{{ dns_domain }}.com
   namespace: default
 spec:
-  secretName: "pwa.{{ dns_domain }}.com"
+  secretName: pwa.{{ dns_domain }}.com
   issuerRef:
     name: letsencrypt-prod-wild
     kind: ClusterIssuer
     group: cert-manager.io
-  commonName: "*.pwa.{{ dns_domain }}.com"
+  commonName: *.pwa.{{ dns_domain }}.com
   dnsNames:
-    - "pwa.{{ dns_domain }}.com"
+    - pwa.{{ dns_domain }}.com
-    - "*.pwa.{{ dns_domain }}.com"
+    - *.pwa.{{ dns_domain }}.com