Add Resource Manager prod configuration and update gcube keys configurations
This commit is contained in:
parent
3cf33d7cc1
commit
ff1d280adf
|
|
@ -0,0 +1,5 @@
|
|||
{
|
||||
"yaml.schemas": {
|
||||
"https://raw.githubusercontent.com/ansible/ansible-lint/main/src/ansiblelint/schemas/ansible.json#/$defs/tasks": "file:///Users/antonio.calanducci/devops/ansible-playbook-gcore-enabling-services/roles/is-registry/tasks/main.yml"
|
||||
}
|
||||
}
|
||||
|
|
@ -3,4 +3,4 @@ complete_start_scope: '/gcube/devNext'
|
|||
gcore_host: 'node22.d.d4science.research-infrastructures.eu'
|
||||
is_collector_docker_stack_name: 'gcore-devnext'
|
||||
is_collector_docker_service_server_name: 'is-collector'
|
||||
|
||||
nfs_server_ip: 192.168.1.222
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@ complete_start_scope: '/d4science.research-infrastructures.eu/OpenAIRE'
|
|||
gcore_host: 'registry-openaire.d4science.org'
|
||||
collector_host: 'collector-openaire.d4science.org'
|
||||
collector_url: 'http://collector-openaire.d4science.org:8080'
|
||||
infrastructure: 'd4science.research-infrastructures.eu'
|
||||
is_registry_docker_stack_name: 'gcore-openaire'
|
||||
is_registry_docker_service_server_name: 'is-registry'
|
||||
infra: 'prod'
|
||||
|
|
|
|||
|
|
@ -3,4 +3,4 @@ complete_start_scope: '/gcube/devNext'
|
|||
gcore_host: 'resourcemanager-devnext.cloud-dev.d4science.org'
|
||||
resource_manager_docker_stack_name: 'gcore-devnext'
|
||||
resource_manager_docker_service_server_name: 'resource-manager'
|
||||
|
||||
nfs_server_ip: 192.168.1.222
|
||||
|
|
|
|||
|
|
@ -3,4 +3,4 @@ complete_start_scope: '/gcube'
|
|||
gcore_host: 'resource-manager-gcube.cloud-dev.d4science.org'
|
||||
resource_manager_docker_stack_name: 'gcore-gcube'
|
||||
resource_manager_docker_service_server_name: 'resource-manager'
|
||||
|
||||
nfs_server_ip: 192.168.1.222
|
||||
|
|
|
|||
|
|
@ -0,0 +1,8 @@
|
|||
start_scopes: 'OpenAIRE'
|
||||
complete_start_scope: '/d4science.research-infrastructures.eu/OpenAIRE'
|
||||
gcore_host: 'resource-manager-openaire.cloud.d4science.org'
|
||||
infrastructure: 'd4science.research-infrastructures.eu'
|
||||
resource_manager_docker_stack_name: 'gcore-openaire'
|
||||
resource_manager_docker_service_server_name: 'resource-manager'
|
||||
infra: 'prod'
|
||||
nfs_server_ip: 192.168.4.10
|
||||
|
|
@ -0,0 +1,6 @@
|
|||
[resource_manager_openaire]
|
||||
#10.1.28.135
|
||||
10.1.40.31
|
||||
|
||||
|
||||
|
||||
|
|
@ -4,9 +4,10 @@
|
|||
#hosts: resource_manager_devsec
|
||||
hosts: all
|
||||
tasks:
|
||||
- name:
|
||||
debug:
|
||||
var: complete_start_scope
|
||||
# - name:
|
||||
# debug:
|
||||
# # var: complete_start_scope
|
||||
# msg: "{{ gcube_prod_security_keys if infra == 'prod' else gcube_dev_security_keys }}"
|
||||
roles:
|
||||
- { role: resource-manager }
|
||||
|
||||
|
|
|
|||
|
|
@ -15,4 +15,4 @@ is_registry_docker_server_image: 'd4science/gcore-is-registry:latest'
|
|||
is_registry_docker_network: 'is-registry-network'
|
||||
#is_registry_service_port: 8080
|
||||
is_registry_haproxy_public_net: 'haproxy-public'
|
||||
infra: 'prod'
|
||||
infra: 'dev'
|
||||
|
|
@ -8,6 +8,11 @@
|
|||
owner: root
|
||||
group: root
|
||||
|
||||
- name: Set gcube security keys variables properly according to the environment
|
||||
set_fact:
|
||||
gcube_security_keys: "{{ gcube_prod_security_keys if infra == 'prod' else gcube_preprod_security_keys if infra == 'pre' else gcube_dev_security_keys }}"
|
||||
gcube_security_key_legacy: "{{ gcube_prod_security_key_legacy if infra == 'prod' else gcube_preprod_security_key_legacy if infra == 'pre' else gcube_dev_security_key_legacy }}"
|
||||
|
||||
- name: Install the docker compose file
|
||||
ansible.builtin.template:
|
||||
src: docker-compose.yml.j2
|
||||
|
|
@ -75,25 +80,25 @@
|
|||
|
||||
- name: Install the gcube keys
|
||||
get_url: url={{ item.url }} dest={{ is_registry_compose_dir }}/{{ item.name }} owner=root group=root mode=0600
|
||||
with_items: "{{ gcube_prod_security_keys if infra == 'prod' else gcube_dev_security_keys }}"
|
||||
with_items: "{{ gcube_security_keys }}"
|
||||
|
||||
- name: Create the the gcube keys
|
||||
community.docker.docker_secret:
|
||||
name: "{{ item.name }}"
|
||||
data_src: '{{ is_registry_compose_dir }}/{{ item.name }}'
|
||||
state: present
|
||||
with_items: "{{ gcube_prod_security_keys if infra == 'prod' else gcube_dev_security_keys }}"
|
||||
with_items: "{{ gcube_security_keys }}"
|
||||
|
||||
- name: Install the legacy gcube key
|
||||
get_url: url={{ item.url }} dest={{ is_registry_compose_dir }}/{{ item.name }} owner=root group=root mode=0600
|
||||
with_items: "{{ gcube_prod_security_key_legacy if infra == 'prod' else gcube_dev_security_key_legacy }}"
|
||||
with_items: "{{ gcube_security_key_legacy }}"
|
||||
|
||||
- name: Create the the legacy gcube keys
|
||||
community.docker.docker_secret:
|
||||
name: gcube-legacy-security-key
|
||||
data_src: '{{ is_registry_compose_dir }}/{{ item.name }}'
|
||||
state: present
|
||||
with_items: "{{ gcube_prod_security_key_legacy if infra == 'prod' else gcube_dev_security_key_legacy }}"
|
||||
with_items: "{{ gcube_security_key_legacy }}"
|
||||
|
||||
- name: Start the project stack on Docker Swarm
|
||||
community.docker.docker_stack:
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@ secrets:
|
|||
external: true
|
||||
gcube-legacy-security-key:
|
||||
external: true
|
||||
{% for item in vars['gcube_' ~ infra ~ '_security_keys'] %}
|
||||
{% for item in gcube_security_keys %}
|
||||
{{ item.name }}:
|
||||
external: true
|
||||
{% endfor %}
|
||||
|
|
@ -53,7 +53,7 @@ services:
|
|||
uid: "333"
|
||||
gid: "333"
|
||||
mode: 0440
|
||||
{% for item in vars['gcube_' ~ infra ~ '_security_keys'] %}
|
||||
{% for item in gcube_security_keys %}
|
||||
- source: {{ item.name }}
|
||||
target: /home/gcube/gCore/config/{{ item.name }}
|
||||
uid: "333"
|
||||
|
|
|
|||
|
|
@ -8,6 +8,11 @@
|
|||
owner: root
|
||||
group: root
|
||||
|
||||
- name: Set gcube security keys variables properly according to the environment
|
||||
set_fact:
|
||||
gcube_security_keys: "{{ gcube_prod_security_keys if infra == 'prod' else gcube_preprod_security_keys if infra == 'pre' else gcube_dev_security_keys }}"
|
||||
gcube_security_key_legacy: "{{ gcube_prod_security_key_legacy if infra == 'prod' else gcube_preprod_security_key_legacy if infra == 'pre' else gcube_dev_security_key_legacy }}"
|
||||
|
||||
- name: Install the docker compose file
|
||||
ansible.builtin.template:
|
||||
src: docker-compose.yml.j2
|
||||
|
|
@ -16,7 +21,6 @@
|
|||
group: root
|
||||
mode: 0400
|
||||
|
||||
|
||||
- name: Install the GHNConfig.xml
|
||||
ansible.builtin.template:
|
||||
src: GHNConfig.xml.j2
|
||||
|
|
@ -61,25 +65,25 @@
|
|||
|
||||
- name: Install the gcube keys
|
||||
get_url: url={{ item.url }} dest={{ resource_manager_compose_dir }}/{{ item.name }} owner=root group=root mode=0600
|
||||
with_items: "gcube_{{ infra }}_security_keys"
|
||||
with_items: "{{ gcube_security_keys }}"
|
||||
|
||||
- name: Create the the gcube keys
|
||||
community.docker.docker_secret:
|
||||
name: "{{ item.name }}"
|
||||
data_src: '{{ resource_manager_compose_dir }}/{{ item.name }}'
|
||||
state: present
|
||||
with_items: "gcube_{{ infra }}_security_keys"
|
||||
with_items: "{{ gcube_security_keys }}"
|
||||
|
||||
- name: Install the legacy gcube key
|
||||
get_url: url={{ item.url }} dest={{ resource_manager_compose_dir }}/{{ item.name }} owner=root group=root mode=0600
|
||||
with_items: "gcube_{{ infra }}_security_keys_legacy"
|
||||
with_items: "{{ gcube_security_key_legacy }}"
|
||||
|
||||
- name: Create the legacy gcube keys
|
||||
community.docker.docker_secret:
|
||||
name: gcube-legacy-security-key
|
||||
data_src: '{{ resource_manager_compose_dir }}/{{ item.name }}'
|
||||
state: present
|
||||
with_items: "gcube_{{ infra }}_security_keys_legacy"
|
||||
with_items: "{{ gcube_security_key_legacy }}"
|
||||
|
||||
- name: Start the project stack on Docker Swarm
|
||||
community.docker.docker_stack:
|
||||
|
|
|
|||
|
|
@ -12,9 +12,9 @@ secrets:
|
|||
external: true
|
||||
{{ service_prefix }}-server-config-{{ scope_name }}:
|
||||
external: true
|
||||
gcube-dev-legacy-security-key:
|
||||
gcube-legacy-security-key:
|
||||
external: true
|
||||
{% for item in gcube_dev_security_keys %}
|
||||
{% for item in gcube_security_keys %}
|
||||
{{ item.name }}:
|
||||
external: true
|
||||
{% endfor %}
|
||||
|
|
@ -25,7 +25,7 @@ volumes:
|
|||
driver_opts:
|
||||
type: nfs4
|
||||
# o: "nfsvers=4,addr=192.168.1.222,rw,nolock,soft"
|
||||
o: "nfsvers=4,addr=192.168.1.222,rw"
|
||||
o: "nfsvers=4,addr={{ nfs_server_ip }},rw"
|
||||
device: ":/nfs_{{ service_prefix | replace("-", "_") }}_{{ scope_name }}"
|
||||
|
||||
services:
|
||||
|
|
@ -54,12 +54,12 @@ services:
|
|||
uid: "333"
|
||||
gid: "333"
|
||||
mode: 0440
|
||||
- source: gcube-dev-legacy-security-key
|
||||
- source: gcube-legacy-security-key
|
||||
target: /home/gcube/gCore/config/symm.key
|
||||
uid: "333"
|
||||
gid: "333"
|
||||
mode: 0440
|
||||
{% for item in gcube_dev_security_keys %}
|
||||
{% for item in gcube_security_keys %}
|
||||
- source: {{ item.name }}
|
||||
target: /home/gcube/gCore/config/{{ item.name }}
|
||||
uid: "333"
|
||||
|
|
|
|||
Loading…
Reference in New Issue