Add ansible playbook to automate service provider setup #10
@ -101,9 +101,9 @@ To get started, follow the [installation](../README.md#installation) guide to se
|
||||
|
||||
```bash
|
||||
cd vars
|
||||
cp dns-vars.example.yml dns1-vars.yml
|
||||
cp k8s-vars.example.yml k8s1-vars.yml
|
||||
cp container-vars.example.yml container1-vars.yml
|
||||
cp dns-vars.example.yml dns-vars.yml
|
||||
cp k8s-vars.example.yml k8s-vars.yml
|
||||
cp container-vars.example.yml container-vars.yml
|
||||
cp webapp-vars.example.yml webapp-vars.yml
|
||||
```
|
||||
|
||||
@ -111,7 +111,7 @@ To get started, follow the [installation](../README.md#installation) guide to se
|
||||
|
||||
```bash
|
||||
# vars/dns-vars.yml
|
||||
domain: "" # eg: laconic.com
|
||||
full_domain: "" # eg: laconic.com
|
||||
subdomain_prefix: "" # eg: lcn-cad
|
||||
cluster_control_ip: "" # eg: 23.111.78.179
|
||||
do_api_token: "" # eg: dop_v1...
|
||||
@ -122,7 +122,7 @@ To get started, follow the [installation](../README.md#installation) guide to se
|
||||
vault_passphrase: "" # passphrase for GPG key
|
||||
org_id: "" # eg: lcn
|
||||
location_id: "" # eg: cad
|
||||
dns_domain: "" # eg: laconic.com
|
||||
base_domain: "" # eg: laconic
|
||||
|
||||
# vars/container-vars.yml
|
||||
container_registry_username: "" # username to login to the container registry
|
||||
|
@ -19,15 +19,15 @@
|
||||
mode: '0700'
|
||||
|
||||
- name: Create a GPG key
|
||||
shell: gpg --batch --passphrase "SECRET" --quick-generate-key webapp-deployer-api.{{ dns_domain }}.com default default never
|
||||
shell: gpg --batch --passphrase "SECRET" --quick-generate-key webapp-deployer-api.{{ full_domain }} default default never
|
||||
|
||||
- name: Export the public key
|
||||
shell: gpg --export webapp-deployer-api.{{ dns_domain }}.com > ~/gpg-keys/webapp-deployer-api.{{ dns_domain }}.com.pgp.pub
|
||||
shell: gpg --export webapp-deployer-api.{{ full_domain }} > ~/gpg-keys/webapp-deployer-api.{{ full_domain }}.pgp.pub
|
||||
args:
|
||||
creates: ~/gpg-keys/webapp-deployer-api.{{ dns_domain }}.com.pgp.pub
|
||||
creates: ~/gpg-keys/webapp-deployer-api.{{ full_domain }}.pgp.pub
|
||||
|
||||
- name: Export the GPG private key with passphrase
|
||||
shell: gpg --pinentry-mode=loopback --passphrase "SECRET" --export-secret-keys webapp-deployer-api.{{ dns_domain }}.com > ~/gpg-keys/webapp-deployer-api.{{ dns_domain }}.com.pgp.key
|
||||
shell: gpg --pinentry-mode=loopback --passphrase "SECRET" --export-secret-keys webapp-deployer-api.{{ full_domain }} > ~/gpg-keys/webapp-deployer-api.{{ full_domain }}.pgp.key
|
||||
|
||||
- name: Setup repositories for webapp-deployer-backend
|
||||
command: laconic-so --stack webapp-deployer-backend setup-repositories
|
||||
@ -47,13 +47,13 @@
|
||||
|
||||
- name: Copy the gpg private key file to config dir
|
||||
copy:
|
||||
src: "gpg-keys/webapp-deployer-api.{{ dns_domain }}.com.pgp.key"
|
||||
src: "gpg-keys/webapp-deployer-api.{{ full_domain }}.pgp.key"
|
||||
dest: "config"
|
||||
remote_src: true
|
||||
|
||||
- name: Copy the gpg public key file to config dir
|
||||
copy:
|
||||
src: "gpg-keys/webapp-deployer-api.{{ dns_domain }}.com.pgp.pub"
|
||||
src: "gpg-keys/webapp-deployer-api.{{ full_domain }}.pgp.pub"
|
||||
dest: "config"
|
||||
remote_src: true
|
||||
|
||||
@ -63,9 +63,9 @@
|
||||
-v /home/{{ ansible_user }}/config:/home/root/config \
|
||||
cerc/webapp-deployer-backend:local laconic-so publish-deployer-to-registry \
|
||||
--laconic-config /home/root/config/laconic.yml \
|
||||
--api-url https://webapp-deployer-api.{{ dns_domain }}.com \
|
||||
--public-key-file /home/root/config/webapp-deployer-api.{{ dns_domain }}.com.pgp.pub \
|
||||
--lrn lrn://{{ authority_name }}/deployers/webapp-deployer-api.{{ dns_domain }}.com \
|
||||
--api-url https://webapp-deployer-api.{{ full_domain }} \
|
||||
--public-key-file /home/root/config/webapp-deployer-api.{{ full_domain }}.pgp.pub \
|
||||
--lrn lrn://{{ authority_name }}/deployers/webapp-deployer-api.{{ full_domain }} \
|
||||
--min-required-payment 100
|
||||
register: publish_output
|
||||
|
||||
@ -118,7 +118,7 @@
|
||||
register: wait_result
|
||||
|
||||
- name: Copy gpg private key file to webapp deployer pod
|
||||
shell: kubectl cp gpg-keys/webapp-deployer-api.{{ dns_domain }}.com.pgp.key {{ pod_id }}:/app
|
||||
shell: kubectl cp gpg-keys/webapp-deployer-api.{{ full_domain }}.pgp.key {{ pod_id }}:/app
|
||||
|
||||
- name: Copy gpg public key file to webapp deployer pod
|
||||
shell: kubectl cp gpg-keys/webapp-deployer-api.{{ dns_domain }}.com.pgp.pub {{ pod_id }}:/app
|
||||
shell: kubectl cp gpg-keys/webapp-deployer-api.{{ full_domain }}.pgp.pub {{ pod_id }}:/app
|
||||
|
@ -6,7 +6,7 @@
|
||||
|
||||
vars_files:
|
||||
- vars/webapp-vars.yml
|
||||
- vars/k8s-vars.yml
|
||||
- vars/dns-vars.yml
|
||||
|
||||
tasks:
|
||||
- name: Clone webapp-deployment-status-ui repository
|
||||
@ -21,8 +21,8 @@
|
||||
- name: Create a deployment for webapp-ui
|
||||
command: |
|
||||
laconic-so deploy-webapp create --kube-config {{ ansible_env.HOME }}/.kube/config-default.yaml
|
||||
--image-registry container-registry.pwa.{{ dns_domain }}.com --deployment-dir webapp-ui
|
||||
--image cerc/webapp-deployment-status-ui:local --url https://webapp-deployer-ui.pwa.{{ dns_domain }}.com
|
||||
--image-registry container-registry.pwa.{{ full_domain }} --deployment-dir webapp-ui
|
||||
--image cerc/webapp-deployment-status-ui:local --url https://webapp-deployer-ui.pwa.{{ full_domain }}
|
||||
--env-file ~/cerc/webapp-deployment-status-ui/.env
|
||||
|
||||
- name: Push image to container registry
|
||||
|
@ -9,14 +9,14 @@
|
||||
community.digitalocean.digital_ocean_domain:
|
||||
state: present
|
||||
oauth_token: "{{ do_api_token }}"
|
||||
name: "{{ domain }}"
|
||||
name: "{{ full_domain }}"
|
||||
ip: "{{ cluster_control_ip }}"
|
||||
|
||||
- name: Create record for cluster control machine
|
||||
community.digitalocean.digital_ocean_domain_record:
|
||||
state: present
|
||||
oauth_token: "{{ do_api_token }}"
|
||||
domain: "{{ domain }}"
|
||||
domain: "{{ full_domain }}"
|
||||
type: A
|
||||
name: "{{ subdomain_prefix }}-cluster-control"
|
||||
data: "{{ cluster_control_ip }}"
|
||||
@ -25,8 +25,8 @@
|
||||
community.digitalocean.digital_ocean_domain_record:
|
||||
state: present
|
||||
oauth_token: "{{ do_api_token }}"
|
||||
data: "{{ domain }}"
|
||||
domain: "{{ domain }}"
|
||||
data: "{{ full_domain }}"
|
||||
domain: "{{ full_domain }}"
|
||||
type: CNAME
|
||||
name: www
|
||||
ttl: 43200
|
||||
@ -35,8 +35,8 @@
|
||||
community.digitalocean.digital_ocean_domain_record:
|
||||
state: present
|
||||
oauth_token: "{{ do_api_token }}"
|
||||
data: "{{ subdomain_cluster_control }}.{{ domain }}"
|
||||
domain: "{{ domain }}"
|
||||
data: "{{ subdomain_cluster_control }}.{{ full_domain }}"
|
||||
domain: "{{ full_domain }}"
|
||||
type: CNAME
|
||||
name: "{{ subdomain_prefix }}"
|
||||
ttl: 43200
|
||||
@ -45,8 +45,8 @@
|
||||
community.digitalocean.digital_ocean_domain_record:
|
||||
state: present
|
||||
oauth_token: "{{ do_api_token }}"
|
||||
data: "{{ subdomain_cluster_control }}.{{ domain }}"
|
||||
domain: "{{ domain }}"
|
||||
data: "{{ subdomain_cluster_control }}.{{ full_domain }}"
|
||||
domain: "{{ full_domain }}"
|
||||
type: CNAME
|
||||
name: "*.{{ subdomain_prefix }}"
|
||||
ttl: 43200
|
||||
@ -55,8 +55,8 @@
|
||||
community.digitalocean.digital_ocean_domain_record:
|
||||
state: present
|
||||
oauth_token: "{{ do_api_token }}"
|
||||
data: "{{ subdomain_cluster_control }}.{{ domain }}"
|
||||
domain: "{{ domain }}"
|
||||
data: "{{ subdomain_cluster_control }}.{{ full_domain }}"
|
||||
domain: "{{ full_domain }}"
|
||||
type: CNAME
|
||||
name: "pwa"
|
||||
ttl: 43200
|
||||
@ -65,8 +65,8 @@
|
||||
community.digitalocean.digital_ocean_domain_record:
|
||||
state: present
|
||||
oauth_token: "{{ do_api_token }}"
|
||||
data: "{{ subdomain_cluster_control }}.{{ domain }}"
|
||||
domain: "{{ domain }}"
|
||||
data: "{{ subdomain_cluster_control }}.{{ full_domain }}"
|
||||
domain: "{{ full_domain }}"
|
||||
type: CNAME
|
||||
name: "*.pwa"
|
||||
ttl: 43200
|
||||
|
@ -119,7 +119,7 @@
|
||||
- name: Copy wildcard-pwa-example.yml to the remote VM
|
||||
template:
|
||||
src: ./templates/wildcard-pwa-example.yml.j2
|
||||
dest: "{{ ansible_env.HOME }}/service-provider-template/files/manifests/wildcard-pwa-{{dns_domain}}.yaml"
|
||||
dest: "{{ ansible_env.HOME }}/service-provider-template/files/manifests/wildcard-pwa-{{ base_domain }}.yaml"
|
||||
|
||||
- name: Delete old wildcard-pwa file
|
||||
file:
|
||||
|
@ -1,10 +1,10 @@
|
||||
DEPLOYMENT_DNS_SUFFIX="pwa.{{ dns_domain }}.com"
|
||||
DEPLOYMENT_DNS_SUFFIX="pwa.{{ full_domain }}"
|
||||
|
||||
# Name of reserved authority
|
||||
DEPLOYMENT_RECORD_NAMESPACE="{{ authority_name }}"
|
||||
|
||||
# url of the deployed docker image registry
|
||||
IMAGE_REGISTRY="container-registry.pwa.{{ dns_domain }}.com"
|
||||
IMAGE_REGISTRY="container-registry.pwa.{{ full_domain }}"
|
||||
|
||||
# htpasswd credentials
|
||||
IMAGE_REGISTRY_USER="{{ container_registry_username }}"
|
||||
@ -20,8 +20,8 @@ CHECK_INTERVAL=5
|
||||
FQDN_POLICY="allow"
|
||||
|
||||
# lrn of the webapp deployer
|
||||
LRN="lrn://{{ authority_name }}/deployers/webapp-deployer-api.{{ dns_domain }}.com"
|
||||
export OPENPGP_PRIVATE_KEY_FILE="webapp-deployer-api.{{ dns_domain }}.com.pgp.key"
|
||||
LRN="lrn://{{ authority_name }}/deployers/webapp-deployer-api.{{ full_domain }}"
|
||||
export OPENPGP_PRIVATE_KEY_FILE="webapp-deployer-api.{{ full_domain }}.pgp.key"
|
||||
export OPENPGP_PASSPHRASE="SECRET"
|
||||
export DEPLOYER_STATE="srv-test/deployments/autodeploy.state"
|
||||
export UNDEPLOYER_STATE="srv-test/deployments/autoundeploy.state"
|
||||
|
@ -1,3 +1,3 @@
|
||||
CERC_WEBAPP_DEBUG=0.1.0
|
||||
LACONIC_HOSTED_CONFIG_app_api_url=https://webapp-deployer-api.pwa.{{ dns_domain }}.com
|
||||
LACONIC_HOSTED_CONFIG_app_api_url=https://webapp-deployer-api.pwa.{{ full_domain }}
|
||||
LACONIC_HOSTED_CONFIG_app_console_link=https://laconicd.laconic.com/console?query=%0A%20%20fragment%20ValueParts%20on%20Value%20%7B%0A%20%20%20%20...%20on%20BooleanValue%20%7B%0A%20%20%20%20%20%20bool%3A%20value%0A%20%20%20%20%7D%0A%20%20%20%20...%20on%20IntValue%20%7B%0A%20%20%20%20%20%20int%3A%20value%0A%20%20%20%20%7D%0A%20%20%20%20...%20on%20FloatValue%20%7B%0A%20%20%20%20%20%20float%3A%20value%0A%20%20%20%20%7D%0A%20%20%20%20...%20on%20StringValue%20%7B%0A%20%20%20%20%20%20string%3A%20value%0A%20%20%20%20%7D%0A%20%20%20%20...%20on%20BytesValue%20%7B%0A%20%20%20%20%20%20bytes%3A%20value%0A%20%20%20%20%7D%0A%20%20%20%20...%20on%20LinkValue%20%7B%0A%20%20%20%20%20%20link%3A%20value%0A%20%20%20%20%7D%0A%20%20%7D%0A%0A%20%20fragment%20AttrParts%20on%20Attribute%20%7B%0A%20%20%20%20key%0A%20%20%20%20value%20%7B%0A%20%20%20%20%20%20...ValueParts%0A%20%20%20%20%20%20...%20on%20ArrayValue%20%7B%0A%20%20%20%20%20%20%20%20value%20%7B%0A%20%20%20%20%20%20%20%20%20%20...ValueParts%0A%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20%7D%0A%20%20%20%20%7D%0A%20%20%7D%0A%0A%20%20%7B%0A%20%20%20%20getRecordsByIds(ids%3A%20%5B%22#RQID#%22%5D)%20%7B%0A%20%20%20%20%20%20id%0A%20%20%20%20%20%20names%0A%20%20%20%20%20%20bondId%0A%20%20%20%20%20%20createTime%0A%20%20%20%20%20%20expiryTime%0A%20%20%20%20%20%20owners%0A%20%20%20%20%20%20attributes%20%7B%0A%20%20%20%20%20%20%20%20...AttrParts%0A%20%20%20%20%20%20%20%20value%20%7B%0A%20%20%20%20%20%20%20%20%20%20...%20on%20MapValue%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20map%3A%20value%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20...AttrParts%0A%20%20%20%20%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20%7D%0A%20%20%20%20%7D%0A%20%20%7D%0A
|
||||
|
@ -2,7 +2,7 @@
|
||||
# default context is used for stack orchestrator deployments, for testing a custom context name can be usefull
|
||||
#k8s_cluster_name: {{ org_id }}-{{ location_id }}-cluster
|
||||
k8s_cluster_name: default
|
||||
k8s_cluster_url: {{ org_id }}-{{ location_id }}-cluster-control.{{ dns_domain }}.com
|
||||
k8s_cluster_url: {{ org_id }}-{{ location_id }}-cluster-control.{{ full_domain }}
|
||||
k8s_taint_servers: false
|
||||
|
||||
k8s_acme_email: "{{ support_email }}"
|
||||
@ -50,6 +50,6 @@ k8s_manifests:
|
||||
secret_key: access-token
|
||||
|
||||
# initiate wildcard cert
|
||||
- name: pwa.{{ dns_domain }}.com
|
||||
- name: pwa.{{ full_domain }}
|
||||
type: file
|
||||
source: wildcard-pwa-{{ dns_domain }}.yaml
|
||||
source: wildcard-pwa-{{ base_domain }}.yaml
|
||||
|
@ -1,7 +1,7 @@
|
||||
services:
|
||||
registry:
|
||||
rpcEndpoint: 'http://{{ subdomain_cluster_control }}.{{ dns_domain }}.com:26657'
|
||||
gqlEndpoint: 'http://{{ subdomain_cluster_control}}.{{ dns_domain }}.com:9473/api'
|
||||
rpcEndpoint: 'http://{{ subdomain_cluster_control }}.{{ full_domain }}:26657'
|
||||
gqlEndpoint: 'http://{{ subdomain_cluster_control}}.{{ full_domain }}:9473/api'
|
||||
userKey: "{{ ALICE_PK }}"
|
||||
bondId: "{{ BOND_ID }}"
|
||||
chainId: lorotestnet-1
|
||||
|
@ -7,15 +7,15 @@ nginx_proxy_connection_timeout: 75
|
||||
|
||||
nginx_sites:
|
||||
- name: {{ org_id }}-console
|
||||
url: {{ org_id }}-console.{{ dns_domain }}.com
|
||||
url: {{ org_id }}-console.{{ full_domain }}
|
||||
upstream: http://localhost:8080
|
||||
template: basic-proxy
|
||||
ssl: true
|
||||
|
||||
- name: {{ org_id }}-daemon
|
||||
url: {{ org_id }}-daemon.{{ dns_domain }}.com
|
||||
url: {{ org_id }}-daemon.{{ full_domain }}
|
||||
upstream: http://localhost:9473
|
||||
configs:
|
||||
- rewrite ^/deployer(/.*)? https://webapp-deployer.pwa.{{dns_domain}}.com permanent
|
||||
- rewrite ^/deployer(/.*)? https://webapp-deployer.pwa.{{full_domain}} permanent
|
||||
template: websocket-proxy
|
||||
ssl: true
|
||||
|
@ -6,7 +6,7 @@ network:
|
||||
registry:
|
||||
- '5000'
|
||||
http-proxy:
|
||||
- host-name: container-registry.pwa.{{dns_domain}}.com
|
||||
- host-name: container-registry.pwa.{{full_domain}}
|
||||
routes:
|
||||
- path: '/'
|
||||
proxy-to: registry:5000
|
||||
|
@ -1,13 +1,13 @@
|
||||
stack: webapp-deployer-backend
|
||||
deploy-to: k8s
|
||||
kube-config: {{ansible_env.HOME}}/.kube/config-default.yaml
|
||||
image-registry: container-registry.pwa.{{dns_domain}}.com/laconic-registry
|
||||
image-registry: container-registry.pwa.{{full_domain}}/laconic-registry
|
||||
network:
|
||||
ports:
|
||||
server:
|
||||
- '9555'
|
||||
http-proxy:
|
||||
- host-name: webapp-deployer-api.pwa.{{ dns_domain }}.com
|
||||
- host-name: webapp-deployer-api.pwa.{{ full_domain }}
|
||||
routes:
|
||||
- path: '/'
|
||||
proxy-to: server:9555
|
||||
|
@ -1,15 +1,15 @@
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: pwa.{{ dns_domain }}.com
|
||||
name: pwa.{{ full_domain }}
|
||||
namespace: default
|
||||
spec:
|
||||
secretName: pwa.{{ dns_domain }}.com
|
||||
secretName: pwa.{{ full_domain }}
|
||||
issuerRef:
|
||||
name: letsencrypt-prod-wild
|
||||
kind: ClusterIssuer
|
||||
group: cert-manager.io
|
||||
commonName: *.pwa.{{ dns_domain }}.com
|
||||
commonName: *.pwa.{{ full_domain }}
|
||||
dnsNames:
|
||||
- pwa.{{ dns_domain }}.com
|
||||
- *.pwa.{{ dns_domain }}.com
|
||||
- pwa.{{ full_domain }}
|
||||
- *.pwa.{{ full_domain }}
|
||||
|
@ -1,4 +1,4 @@
|
||||
domain: ""
|
||||
full_domain: ""
|
||||
subdomain_prefix: ""
|
||||
subdomain_cluster_control: "{{ subdomain_prefix }}-cluster-control"
|
||||
cluster_control_ip: ""
|
||||
|
@ -3,4 +3,5 @@ gpg_key_id: ""
|
||||
vault_passphrase: ""
|
||||
org_id: ""
|
||||
location_id: ""
|
||||
dns_domain: ""
|
||||
base_domain: ""
|
||||
ansible_ssh_extra_args: '-o StrictHostKeyChecking=no'
|
||||
|
Loading…
Reference in New Issue
Block a user