Add ansible playbook to automate service provider setup #10

Merged
nabarun merged 31 commits from deep-stack/testnet-ops:ag-sp-setup into main 2024-10-01 12:17:11 +00:00
15 changed files with 56 additions and 55 deletions
Showing only changes of commit edef198f6c - Show all commits

View File

@ -101,9 +101,9 @@ To get started, follow the [installation](../README.md#installation) guide to se
```bash
cd vars
cp dns-vars.example.yml dns1-vars.yml
cp k8s-vars.example.yml k8s1-vars.yml
cp container-vars.example.yml container1-vars.yml
cp dns-vars.example.yml dns-vars.yml
cp k8s-vars.example.yml k8s-vars.yml
cp container-vars.example.yml container-vars.yml
cp webapp-vars.example.yml webapp-vars.yml
```
@ -111,7 +111,7 @@ To get started, follow the [installation](../README.md#installation) guide to se
```bash
# vars/dns-vars.yml
domain: "" # eg: laconic.com
full_domain: "" # eg: laconic.com
subdomain_prefix: "" # eg: lcn-cad
cluster_control_ip: "" # eg: 23.111.78.179
do_api_token: "" # eg: dop_v1...
@ -122,7 +122,7 @@ To get started, follow the [installation](../README.md#installation) guide to se
vault_passphrase: "" # passphrase for GPG key
org_id: "" # eg: lcn
location_id: "" # eg: cad
dns_domain: "" # eg: laconic.com
base_domain: "" # eg: laconic
# vars/container-vars.yml
container_registry_username: "" # username to login to the container registry

View File

@ -19,15 +19,15 @@
mode: '0700'
- name: Create a GPG key
shell: gpg --batch --passphrase "SECRET" --quick-generate-key webapp-deployer-api.{{ dns_domain }}.com default default never
shell: gpg --batch --passphrase "SECRET" --quick-generate-key webapp-deployer-api.{{ full_domain }} default default never
nabarun marked this conversation as resolved Outdated

.com shouldn't be assumed, instead set in the dns_domain var

.com shouldn't be assumed, instead set in the `dns_domain` var
- name: Export the public key
shell: gpg --export webapp-deployer-api.{{ dns_domain }}.com > ~/gpg-keys/webapp-deployer-api.{{ dns_domain }}.com.pgp.pub
shell: gpg --export webapp-deployer-api.{{ full_domain }} > ~/gpg-keys/webapp-deployer-api.{{ full_domain }}.pgp.pub
args:
creates: ~/gpg-keys/webapp-deployer-api.{{ dns_domain }}.com.pgp.pub
creates: ~/gpg-keys/webapp-deployer-api.{{ full_domain }}.pgp.pub
- name: Export the GPG private key with passphrase
shell: gpg --pinentry-mode=loopback --passphrase "SECRET" --export-secret-keys webapp-deployer-api.{{ dns_domain }}.com > ~/gpg-keys/webapp-deployer-api.{{ dns_domain }}.com.pgp.key
shell: gpg --pinentry-mode=loopback --passphrase "SECRET" --export-secret-keys webapp-deployer-api.{{ full_domain }} > ~/gpg-keys/webapp-deployer-api.{{ full_domain }}.pgp.key
- name: Setup repositories for webapp-deployer-backend
command: laconic-so --stack webapp-deployer-backend setup-repositories
@ -47,13 +47,13 @@
- name: Copy the gpg private key file to config dir
copy:
src: "gpg-keys/webapp-deployer-api.{{ dns_domain }}.com.pgp.key"
src: "gpg-keys/webapp-deployer-api.{{ full_domain }}.pgp.key"
dest: "config"
remote_src: true
- name: Copy the gpg public key file to config dir
copy:
src: "gpg-keys/webapp-deployer-api.{{ dns_domain }}.com.pgp.pub"
src: "gpg-keys/webapp-deployer-api.{{ full_domain }}.pgp.pub"
dest: "config"
remote_src: true
@ -63,9 +63,9 @@
-v /home/{{ ansible_user }}/config:/home/root/config \
cerc/webapp-deployer-backend:local laconic-so publish-deployer-to-registry \
--laconic-config /home/root/config/laconic.yml \
--api-url https://webapp-deployer-api.{{ dns_domain }}.com \
--public-key-file /home/root/config/webapp-deployer-api.{{ dns_domain }}.com.pgp.pub \
--lrn lrn://{{ authority_name }}/deployers/webapp-deployer-api.{{ dns_domain }}.com \
--api-url https://webapp-deployer-api.{{ full_domain }} \
--public-key-file /home/root/config/webapp-deployer-api.{{ full_domain }}.pgp.pub \
--lrn lrn://{{ authority_name }}/deployers/webapp-deployer-api.{{ full_domain }} \
--min-required-payment 100
register: publish_output
@ -118,7 +118,7 @@
register: wait_result
- name: Copy gpg private key file to webapp deployer pod
shell: kubectl cp gpg-keys/webapp-deployer-api.{{ dns_domain }}.com.pgp.key {{ pod_id }}:/app
shell: kubectl cp gpg-keys/webapp-deployer-api.{{ full_domain }}.pgp.key {{ pod_id }}:/app
- name: Copy gpg public key file to webapp deployer pod
shell: kubectl cp gpg-keys/webapp-deployer-api.{{ dns_domain }}.com.pgp.pub {{ pod_id }}:/app
shell: kubectl cp gpg-keys/webapp-deployer-api.{{ full_domain }}.pgp.pub {{ pod_id }}:/app

View File

@ -6,7 +6,7 @@
vars_files:
- vars/webapp-vars.yml
- vars/k8s-vars.yml
- vars/dns-vars.yml
tasks:
- name: Clone webapp-deployment-status-ui repository
@ -21,8 +21,8 @@
- name: Create a deployment for webapp-ui
command: |
laconic-so deploy-webapp create --kube-config {{ ansible_env.HOME }}/.kube/config-default.yaml
--image-registry container-registry.pwa.{{ dns_domain }}.com --deployment-dir webapp-ui
--image cerc/webapp-deployment-status-ui:local --url https://webapp-deployer-ui.pwa.{{ dns_domain }}.com
--image-registry container-registry.pwa.{{ full_domain }} --deployment-dir webapp-ui
--image cerc/webapp-deployment-status-ui:local --url https://webapp-deployer-ui.pwa.{{ full_domain }}
--env-file ~/cerc/webapp-deployment-status-ui/.env
- name: Push image to container registry

View File

@ -9,14 +9,14 @@
community.digitalocean.digital_ocean_domain:
state: present
oauth_token: "{{ do_api_token }}"
name: "{{ domain }}"
name: "{{ full_domain }}"
ip: "{{ cluster_control_ip }}"
- name: Create record for cluster control machine
community.digitalocean.digital_ocean_domain_record:
state: present
oauth_token: "{{ do_api_token }}"
domain: "{{ domain }}"
domain: "{{ full_domain }}"
type: A
name: "{{ subdomain_prefix }}-cluster-control"
data: "{{ cluster_control_ip }}"
@ -25,8 +25,8 @@
community.digitalocean.digital_ocean_domain_record:
state: present
oauth_token: "{{ do_api_token }}"
data: "{{ domain }}"
domain: "{{ domain }}"
data: "{{ full_domain }}"
domain: "{{ full_domain }}"
type: CNAME
name: www
ttl: 43200
@ -35,8 +35,8 @@
community.digitalocean.digital_ocean_domain_record:
state: present
oauth_token: "{{ do_api_token }}"
data: "{{ subdomain_cluster_control }}.{{ domain }}"
domain: "{{ domain }}"
data: "{{ subdomain_cluster_control }}.{{ full_domain }}"
domain: "{{ full_domain }}"
type: CNAME
name: "{{ subdomain_prefix }}"
ttl: 43200
@ -45,8 +45,8 @@
community.digitalocean.digital_ocean_domain_record:
state: present
oauth_token: "{{ do_api_token }}"
data: "{{ subdomain_cluster_control }}.{{ domain }}"
domain: "{{ domain }}"
data: "{{ subdomain_cluster_control }}.{{ full_domain }}"
domain: "{{ full_domain }}"
type: CNAME
name: "*.{{ subdomain_prefix }}"
ttl: 43200
@ -55,8 +55,8 @@
community.digitalocean.digital_ocean_domain_record:
state: present
oauth_token: "{{ do_api_token }}"
data: "{{ subdomain_cluster_control }}.{{ domain }}"
domain: "{{ domain }}"
data: "{{ subdomain_cluster_control }}.{{ full_domain }}"
domain: "{{ full_domain }}"
type: CNAME
name: "pwa"
ttl: 43200
@ -65,8 +65,8 @@
community.digitalocean.digital_ocean_domain_record:
state: present
oauth_token: "{{ do_api_token }}"
data: "{{ subdomain_cluster_control }}.{{ domain }}"
domain: "{{ domain }}"
data: "{{ subdomain_cluster_control }}.{{ full_domain }}"
domain: "{{ full_domain }}"
type: CNAME
name: "*.pwa"
ttl: 43200

View File

@ -119,7 +119,7 @@
- name: Copy wildcard-pwa-example.yml to the remote VM
template:
src: ./templates/wildcard-pwa-example.yml.j2
dest: "{{ ansible_env.HOME }}/service-provider-template/files/manifests/wildcard-pwa-{{dns_domain}}.yaml"
dest: "{{ ansible_env.HOME }}/service-provider-template/files/manifests/wildcard-pwa-{{ base_domain }}.yaml"
- name: Delete old wildcard-pwa file
file:

View File

@ -1,10 +1,10 @@
DEPLOYMENT_DNS_SUFFIX="pwa.{{ dns_domain }}.com"
DEPLOYMENT_DNS_SUFFIX="pwa.{{ full_domain }}"
# Name of reserved authority
DEPLOYMENT_RECORD_NAMESPACE="{{ authority_name }}"
# url of the deployed docker image registry
IMAGE_REGISTRY="container-registry.pwa.{{ dns_domain }}.com"
IMAGE_REGISTRY="container-registry.pwa.{{ full_domain }}"
# htpasswd credentials
IMAGE_REGISTRY_USER="{{ container_registry_username }}"
@ -20,8 +20,8 @@ CHECK_INTERVAL=5
FQDN_POLICY="allow"
# lrn of the webapp deployer
LRN="lrn://{{ authority_name }}/deployers/webapp-deployer-api.{{ dns_domain }}.com"
export OPENPGP_PRIVATE_KEY_FILE="webapp-deployer-api.{{ dns_domain }}.com.pgp.key"
LRN="lrn://{{ authority_name }}/deployers/webapp-deployer-api.{{ full_domain }}"
export OPENPGP_PRIVATE_KEY_FILE="webapp-deployer-api.{{ full_domain }}.pgp.key"
export OPENPGP_PASSPHRASE="SECRET"
export DEPLOYER_STATE="srv-test/deployments/autodeploy.state"
export UNDEPLOYER_STATE="srv-test/deployments/autoundeploy.state"

View File

@ -1,3 +1,3 @@
CERC_WEBAPP_DEBUG=0.1.0
LACONIC_HOSTED_CONFIG_app_api_url=https://webapp-deployer-api.pwa.{{ dns_domain }}.com
LACONIC_HOSTED_CONFIG_app_api_url=https://webapp-deployer-api.pwa.{{ full_domain }}
LACONIC_HOSTED_CONFIG_app_console_link=https://laconicd.laconic.com/console?query=%0A%20%20fragment%20ValueParts%20on%20Value%20%7B%0A%20%20%20%20...%20on%20BooleanValue%20%7B%0A%20%20%20%20%20%20bool%3A%20value%0A%20%20%20%20%7D%0A%20%20%20%20...%20on%20IntValue%20%7B%0A%20%20%20%20%20%20int%3A%20value%0A%20%20%20%20%7D%0A%20%20%20%20...%20on%20FloatValue%20%7B%0A%20%20%20%20%20%20float%3A%20value%0A%20%20%20%20%7D%0A%20%20%20%20...%20on%20StringValue%20%7B%0A%20%20%20%20%20%20string%3A%20value%0A%20%20%20%20%7D%0A%20%20%20%20...%20on%20BytesValue%20%7B%0A%20%20%20%20%20%20bytes%3A%20value%0A%20%20%20%20%7D%0A%20%20%20%20...%20on%20LinkValue%20%7B%0A%20%20%20%20%20%20link%3A%20value%0A%20%20%20%20%7D%0A%20%20%7D%0A%0A%20%20fragment%20AttrParts%20on%20Attribute%20%7B%0A%20%20%20%20key%0A%20%20%20%20value%20%7B%0A%20%20%20%20%20%20...ValueParts%0A%20%20%20%20%20%20...%20on%20ArrayValue%20%7B%0A%20%20%20%20%20%20%20%20value%20%7B%0A%20%20%20%20%20%20%20%20%20%20...ValueParts%0A%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20%7D%0A%20%20%20%20%7D%0A%20%20%7D%0A%0A%20%20%7B%0A%20%20%20%20getRecordsByIds(ids%3A%20%5B%22#RQID#%22%5D)%20%7B%0A%20%20%20%20%20%20id%0A%20%20%20%20%20%20names%0A%20%20%20%20%20%20bondId%0A%20%20%20%20%20%20createTime%0A%20%20%20%20%20%20expiryTime%0A%20%20%20%20%20%20owners%0A%20%20%20%20%20%20attributes%20%7B%0A%20%20%20%20%20%20%20%20...AttrParts%0A%20%20%20%20%20%20%20%20value%20%7B%0A%20%20%20%20%20%20%20%20%20%20...%20on%20MapValue%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20map%3A%20value%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20...AttrParts%0A%20%20%20%20%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20%7D%0A%20%20%20%20%7D%0A%20%20%7D%0A
nabarun marked this conversation as resolved Outdated

should use the node that the user has just setup

should use the node that the user has just setup

View File

@ -2,7 +2,7 @@
# default context is used for stack orchestrator deployments, for testing a custom context name can be usefull
#k8s_cluster_name: {{ org_id }}-{{ location_id }}-cluster
k8s_cluster_name: default
k8s_cluster_url: {{ org_id }}-{{ location_id }}-cluster-control.{{ dns_domain }}.com
k8s_cluster_url: {{ org_id }}-{{ location_id }}-cluster-control.{{ full_domain }}
k8s_taint_servers: false
k8s_acme_email: "{{ support_email }}"
@ -50,6 +50,6 @@ k8s_manifests:
secret_key: access-token
# initiate wildcard cert
- name: pwa.{{ dns_domain }}.com
- name: pwa.{{ full_domain }}
type: file
source: wildcard-pwa-{{ dns_domain }}.yaml
source: wildcard-pwa-{{ base_domain }}.yaml

View File

@ -1,7 +1,7 @@
services:
registry:
rpcEndpoint: 'http://{{ subdomain_cluster_control }}.{{ dns_domain }}.com:26657'
gqlEndpoint: 'http://{{ subdomain_cluster_control}}.{{ dns_domain }}.com:9473/api'
rpcEndpoint: 'http://{{ subdomain_cluster_control }}.{{ full_domain }}:26657'
gqlEndpoint: 'http://{{ subdomain_cluster_control}}.{{ full_domain }}:9473/api'
userKey: "{{ ALICE_PK }}"
bondId: "{{ BOND_ID }}"
chainId: lorotestnet-1

View File

@ -7,15 +7,15 @@ nginx_proxy_connection_timeout: 75
nginx_sites:
- name: {{ org_id }}-console
url: {{ org_id }}-console.{{ dns_domain }}.com
url: {{ org_id }}-console.{{ full_domain }}
upstream: http://localhost:8080
template: basic-proxy
ssl: true
- name: {{ org_id }}-daemon
url: {{ org_id }}-daemon.{{ dns_domain }}.com
url: {{ org_id }}-daemon.{{ full_domain }}
upstream: http://localhost:9473
configs:
- rewrite ^/deployer(/.*)? https://webapp-deployer.pwa.{{dns_domain}}.com permanent
- rewrite ^/deployer(/.*)? https://webapp-deployer.pwa.{{full_domain}} permanent
template: websocket-proxy
ssl: true

View File

@ -6,7 +6,7 @@ network:
registry:
- '5000'
http-proxy:
- host-name: container-registry.pwa.{{dns_domain}}.com
- host-name: container-registry.pwa.{{full_domain}}
routes:
- path: '/'
proxy-to: registry:5000

View File

@ -1,13 +1,13 @@
stack: webapp-deployer-backend
deploy-to: k8s
kube-config: {{ansible_env.HOME}}/.kube/config-default.yaml
image-registry: container-registry.pwa.{{dns_domain}}.com/laconic-registry
image-registry: container-registry.pwa.{{full_domain}}/laconic-registry
network:
ports:
server:
- '9555'
http-proxy:
- host-name: webapp-deployer-api.pwa.{{ dns_domain }}.com
- host-name: webapp-deployer-api.pwa.{{ full_domain }}
routes:
- path: '/'
proxy-to: server:9555

View File

@ -1,15 +1,15 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: pwa.{{ dns_domain }}.com
name: pwa.{{ full_domain }}
namespace: default
spec:
secretName: pwa.{{ dns_domain }}.com
secretName: pwa.{{ full_domain }}
issuerRef:
name: letsencrypt-prod-wild
kind: ClusterIssuer
group: cert-manager.io
commonName: *.pwa.{{ dns_domain }}.com
commonName: *.pwa.{{ full_domain }}
dnsNames:
- pwa.{{ dns_domain }}.com
- *.pwa.{{ dns_domain }}.com
- pwa.{{ full_domain }}
- *.pwa.{{ full_domain }}

View File

@ -1,4 +1,4 @@
domain: ""
full_domain: ""
subdomain_prefix: ""
subdomain_cluster_control: "{{ subdomain_prefix }}-cluster-control"
cluster_control_ip: ""

View File

@ -3,4 +3,5 @@ gpg_key_id: ""
vault_passphrase: ""
org_id: ""
location_id: ""
dns_domain: ""
base_domain: ""
ansible_ssh_extra_args: '-o StrictHostKeyChecking=no'