forked from cerc-io/testnet-ops
nabarun
18df60a291
Part of [Service Provider setup](https://www.notion.so/Service-provider-setup-a09e2207e1f34f3a847f7ce9713b7ac5) - Added ansible playbooks for: - Adding a new user with passwordless sudo - Configuring DNS records - Setting up the system with required packages and gpg key - Deploying k8s - Setting up container registry - Setting up laconicd and laconic-console - Setting up and starting webapp-deployer-api and webapp-deployer-ui - TODOs: - Mount gpg keys in webapp-deployer-api container Co-authored-by: Adw8 <adwaitgharpure@gmail.com> Reviewed-on: cerc-io/testnet-ops#10
128 lines
4.8 KiB
YAML
128 lines
4.8 KiB
YAML
- name: Deploy webapp-deployer backend
|
|
hosts: "{{ target_host }}"
|
|
|
|
environment:
|
|
PATH: "{{ ansible_env.PATH }}:/home/{{ansible_user}}/bin"
|
|
KUBECONFIG: "{{ ansible_env.HOME }}/.kube/config-default.yaml"
|
|
|
|
vars_files:
|
|
- vars/webapp-vars.yml
|
|
- vars/container-vars.yml
|
|
- vars/k8s-vars.yml
|
|
- vars/dns-vars.yml
|
|
|
|
tasks:
|
|
- name: Ensure gpg-keys directory exists
|
|
file:
|
|
path: ~/gpg-keys
|
|
state: directory
|
|
mode: '0700'
|
|
|
|
- name: Create a GPG key
|
|
shell: gpg --batch --passphrase "{{ deployer_gpg_passphrase }}" --quick-generate-key webapp-deployer-api.{{ full_domain }} default default never
|
|
|
|
- name: Export the public key
|
|
shell: gpg --export webapp-deployer-api.{{ full_domain }} > ~/gpg-keys/webapp-deployer-api.{{ full_domain }}.pgp.pub
|
|
args:
|
|
creates: ~/gpg-keys/webapp-deployer-api.{{ full_domain }}.pgp.pub
|
|
|
|
- name: Export the GPG private key with passphrase
|
|
shell: gpg --pinentry-mode=loopback --passphrase "{{ deployer_gpg_passphrase }}" --export-secret-keys webapp-deployer-api.{{ full_domain }} > ~/gpg-keys/webapp-deployer-api.{{ full_domain }}.pgp.key
|
|
|
|
- name: Setup repositories for webapp-deployer-backend
|
|
command: laconic-so --stack webapp-deployer-backend setup-repositories
|
|
|
|
- name: Build containers for webapp-deployer-backend
|
|
command: laconic-so --stack webapp-deployer-backend build-containers
|
|
|
|
- name: Ensure the config directory exists
|
|
file:
|
|
path: "{{ ansible_env.HOME }}/config"
|
|
state: directory
|
|
|
|
- name: Create laconic config file
|
|
template:
|
|
src: "./templates/laconic.yml.j2"
|
|
dest: "config/laconic.yml"
|
|
|
|
- name: Copy the gpg private key file to config dir
|
|
copy:
|
|
src: "gpg-keys/webapp-deployer-api.{{ full_domain }}.pgp.key"
|
|
dest: "config"
|
|
remote_src: true
|
|
|
|
- name: Copy the gpg public key file to config dir
|
|
copy:
|
|
src: "gpg-keys/webapp-deployer-api.{{ full_domain }}.pgp.pub"
|
|
dest: "config"
|
|
remote_src: true
|
|
|
|
- name: Publish the webapp-deployer record using laconic-so
|
|
shell: |
|
|
docker run -i -t \
|
|
-v /home/{{ ansible_user }}/config:/home/root/config \
|
|
cerc/webapp-deployer-backend:local laconic-so publish-deployer-to-registry \
|
|
--laconic-config /home/root/config/laconic.yml \
|
|
--api-url https://webapp-deployer-api.pwa.{{ full_domain }} \
|
|
--public-key-file /home/root/config/webapp-deployer-api.{{ full_domain }}.pgp.pub \
|
|
--lrn lrn://{{ authority_name }}/deployers/webapp-deployer-api.{{ full_domain }} \
|
|
--min-required-payment 0
|
|
register: publish_output
|
|
|
|
- name: Display publish output
|
|
debug:
|
|
var: publish_output.stdout
|
|
|
|
- name: Generate spec file for webapp-deployer-backend
|
|
template:
|
|
src: "./templates/specs/webapp-deployer.spec.j2"
|
|
dest: "webapp-deployer.spec"
|
|
|
|
- name: Create the deployment directory from the spec file
|
|
command: >
|
|
laconic-so --stack webapp-deployer-backend deploy create
|
|
--deployment-dir webapp-deployer --spec-file webapp-deployer.spec
|
|
|
|
- name: Update config for webapp-deployer-backend
|
|
template:
|
|
src: "./templates/configs/webapp-deployer-config.env.j2"
|
|
dest: "webapp-deployer/config.env"
|
|
|
|
- name: Copy the kube config file to webapp-deployer directory
|
|
copy:
|
|
src: "{{ansible_env.HOME}}/.kube/config-default.yaml"
|
|
dest: "webapp-deployer/data/config/kube.yml"
|
|
remote_src: true
|
|
|
|
- name: Create laconic config file
|
|
template:
|
|
src: "./templates/laconic.yml.j2"
|
|
dest: "webapp-deployer/data/config/laconic.yml"
|
|
|
|
- name: login to the container registry
|
|
command: "docker login container-registry.pwa.{{ full_domain }} --username {{ container_registry_username }} --password {{ container_registry_password}}"
|
|
|
|
- name: Push images to container registry
|
|
command: laconic-so deployment --dir webapp-deployer push-images
|
|
|
|
- name: Start the webapp deployer
|
|
command: laconic-so deployment --dir webapp-deployer start
|
|
|
|
- name: Get the most recent pod for the deployment
|
|
shell: kubectl get pods --sort-by=.metadata.creationTimestamp -o jsonpath='{.items[-1].metadata.name}'
|
|
register: webapp_deployer_pod
|
|
|
|
- name: Set pod ID to a variable
|
|
set_fact:
|
|
pod_id: "{{ webapp_deployer_pod.stdout }}"
|
|
|
|
- name: Wait for the recent pod to be ready
|
|
command: kubectl wait --for=condition=Ready pod/{{ pod_id }} --timeout=300s
|
|
register: wait_result
|
|
|
|
- name: Copy gpg private key file to webapp deployer pod
|
|
shell: kubectl cp gpg-keys/webapp-deployer-api.{{ full_domain }}.pgp.key {{ pod_id }}:/app
|
|
|
|
- name: Copy gpg public key file to webapp deployer pod
|
|
shell: kubectl cp gpg-keys/webapp-deployer-api.{{ full_domain }}.pgp.pub {{ pod_id }}:/app
|