From 22098dde1cf68b423e79bf492f90514b3b5d6497 Mon Sep 17 00:00:00 2001 From: Gilles Dubreuil Date: Fri, 20 Sep 2024 12:32:41 +0200 Subject: [PATCH] Consistent templates files, include certs directory (#34) * Keep manifests in same directory * Consistent name across manifests and template files * mv certs folder * Update README --- .gitignore | 1 + README.md | 21 ++----------------- play.yml | 1 - roles/tpa_single_node/tasks/podman.yml | 1 - .../tpa_single_node/tasks/podman/v11y_api.yml | 6 +++--- ...m-cognito.j2 => Configmap-cognito.yaml.j2} | 0 ...keycloak.j2 => Configmap-keycloak.yaml.j2} | 0 ...deployment-s3.j2 => Deployment-s3.yaml.j2} | 0 .../{v11y-api-secret.j2 => Secret.yaml.j2} | 0 roles/tpa_single_node/vars/main.yml | 7 +++---- 10 files changed, 9 insertions(+), 28 deletions(-) rename roles/tpa_single_node/templates/manifests/v11y/api/{v11y-api-cm-cognito.j2 => Configmap-cognito.yaml.j2} (100%) rename roles/tpa_single_node/templates/manifests/v11y/api/{v11y-api-cm-keycloak.j2 => Configmap-keycloak.yaml.j2} (100%) rename roles/tpa_single_node/templates/manifests/v11y/api/{v11y-api-deployment-s3.j2 => Deployment-s3.yaml.j2} (100%) rename roles/tpa_single_node/templates/manifests/v11y/api/{v11y-api-secret.j2 => Secret.yaml.j2} (100%) diff --git a/.gitignore b/.gitignore index 8671421..146ac11 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ +certs/ venv/ vm-testing/inventory vm-testing/vars.yml diff --git a/README.md b/README.md index 61ffa53..9f6258b 100644 --- a/README.md +++ b/README.md @@ -86,38 +86,21 @@ Alternatively vagrant will prompt you to provide the registration username and p 4. Path for TLS certificates files: -Replace default value in play.yml and replace them accordingly -`tpa_single_node_certificates_path: /tmp/certs` - -Default values for certificate file names are defined in `roles/tpa_single_node/vars/main.yml`, they can be changed if needed : +Copy your certificate files in `./certs` directory using following names: - guac-collectsub-tls-certificate.pem" - guac-collectsub-tls-certificate.key" - guac-graphql-tls-certificate.pem" - guac-graphql-tls-certificate.key" -5. Create a simple Ansible playbook `play.yml`: - -``` -- hosts: trustification - vars: - base_hostname: TODO # e.g. example.com - tpa_single_node_oidc_issuers: TODO # your OIDC provider (e.g. SSO/keycloak) URL - tpa_single_node_issuer_url: TODO # your OIDC provider (e.g. SSO/keycloak) URL - tasks: - - name: Include TPA single node role - ansible.builtin.include_role: - name: tpa_single_node -``` - 6. Create Environment Variables with S3 and OIDC credentails + ``` export TPA_S3_ACCESS_KEY= export TPA_S3_SECRET_KEY= export TPA_OIDC_WALKER_SECRET= ``` - 7. Execute the following command (NOTE: you will have to provide credentials to authenticate to registry.redhat.io: https://access.redhat.com/RegistryAuthentication): ```shell diff --git a/play.yml b/play.yml index ae1bda6..3f659dd 100644 --- a/play.yml +++ b/play.yml @@ -3,7 +3,6 @@ vars: tpa_single_node_trustification_image: registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9:2943d20c8ac831f4ae4f209c8ca6807619404062 tpa_single_node_guac_image: registry.redhat.io/rhtpa/rhtpa-guac-rhel9:f0688194637cc759052e02c350c38dbabc19484e - tpa_single_node_certificates_dir: /tmp/certs vars_files: - vars/main.yml tasks: diff --git a/roles/tpa_single_node/tasks/podman.yml b/roles/tpa_single_node/tasks/podman.yml index 6f1e0b7..a491b7e 100644 --- a/roles/tpa_single_node/tasks/podman.yml +++ b/roles/tpa_single_node/tasks/podman.yml @@ -20,7 +20,6 @@ mode: "0700" loop: - "{{ tpa_single_node_kube_manifest_dir }}" - - "{{ tpa_single_node_kube_configmap_dir }}" - name: Create RHTPA network containers.podman.podman_network: diff --git a/roles/tpa_single_node/tasks/podman/v11y_api.yml b/roles/tpa_single_node/tasks/podman/v11y_api.yml index 0763c36..aac04bf 100644 --- a/roles/tpa_single_node/tasks/podman/v11y_api.yml +++ b/roles/tpa_single_node/tasks/podman/v11y_api.yml @@ -26,7 +26,7 @@ - name: Generate v11y API secret manifest ansible.builtin.template: - src: "{{ role_path }}/templates/manifests/v11y/api/v11y-api-secret.j2" + src: "{{ role_path }}/templates/manifests/v11y/api/Secret.yaml.j2" dest: "{{ tpa_single_node_v11y_api_secret }}" mode: "0600" @@ -37,7 +37,7 @@ - name: Generate OIDC auth ConfigMap manifest ansible.builtin.template: - src: "{{ role_path }}/templates/manifests/v11y/api/v11y-api-cm-{{ oidc }}.j2" + src: "{{ role_path }}/templates/manifests/v11y/api/Configmap-{{ oidc }}.yaml.j2" dest: "{{ tpa_single_node_v11y_api_config }}" mode: "0600" register: configmap_result @@ -55,6 +55,6 @@ state: started systemd_file: v11y-api network: "{{ tpa_single_node_podman_network }}" - kube_file_content: "{{ lookup('ansible.builtin.template', 'manifests/v11y/api/v11y-api-deployment-s3.j2') | from_yaml }}" + kube_file_content: "{{ lookup('ansible.builtin.template', 'manifests/v11y/api/Deployment-s3.yaml.j2') | from_yaml }}" configmap: "{{ tpa_single_node_v11y_api_config }}" configmap_changed: "{{ configmap_result.changed }}" diff --git a/roles/tpa_single_node/templates/manifests/v11y/api/v11y-api-cm-cognito.j2 b/roles/tpa_single_node/templates/manifests/v11y/api/Configmap-cognito.yaml.j2 similarity index 100% rename from roles/tpa_single_node/templates/manifests/v11y/api/v11y-api-cm-cognito.j2 rename to roles/tpa_single_node/templates/manifests/v11y/api/Configmap-cognito.yaml.j2 diff --git a/roles/tpa_single_node/templates/manifests/v11y/api/v11y-api-cm-keycloak.j2 b/roles/tpa_single_node/templates/manifests/v11y/api/Configmap-keycloak.yaml.j2 similarity index 100% rename from roles/tpa_single_node/templates/manifests/v11y/api/v11y-api-cm-keycloak.j2 rename to roles/tpa_single_node/templates/manifests/v11y/api/Configmap-keycloak.yaml.j2 diff --git a/roles/tpa_single_node/templates/manifests/v11y/api/v11y-api-deployment-s3.j2 b/roles/tpa_single_node/templates/manifests/v11y/api/Deployment-s3.yaml.j2 similarity index 100% rename from roles/tpa_single_node/templates/manifests/v11y/api/v11y-api-deployment-s3.j2 rename to roles/tpa_single_node/templates/manifests/v11y/api/Deployment-s3.yaml.j2 diff --git a/roles/tpa_single_node/templates/manifests/v11y/api/v11y-api-secret.j2 b/roles/tpa_single_node/templates/manifests/v11y/api/Secret.yaml.j2 similarity index 100% rename from roles/tpa_single_node/templates/manifests/v11y/api/v11y-api-secret.j2 rename to roles/tpa_single_node/templates/manifests/v11y/api/Secret.yaml.j2 diff --git a/roles/tpa_single_node/vars/main.yml b/roles/tpa_single_node/vars/main.yml index cdaa70f..39cf291 100644 --- a/roles/tpa_single_node/vars/main.yml +++ b/roles/tpa_single_node/vars/main.yml @@ -1,8 +1,8 @@ --- # vars file for tpa_scaffolding tpa_single_node_base_hostname: trustification +tpa_single_node_certificates_dir: certs/ tpa_single_node_config_dir: /etc/rhtpa -tpa_single_node_kube_configmap_dir: "{{ tpa_single_node_config_dir }}/configs" tpa_single_node_kube_manifest_dir: "{{ tpa_single_node_config_dir }}/manifests" tpa_single_node_namespace: trustification tpa_single_node_podman_network: tcnet @@ -28,7 +28,6 @@ tpa_single_node_s3_minio_endpoint: # tpa_single_node_oidc_frontend: # @@ -42,5 +41,5 @@ tpa_single_node_guac_graphql_tls_cert_pem_path: "{{ tpa_single_node_certificates tpa_single_node_guac_graphql_tls_cert_key_path: "{{ tpa_single_node_certificates_dir }}/guac-graphql-tls-certificate.key" # Secret, certs and Configmap locations -tpa_single_node_v11y_api_config: "{{ tpa_single_node_kube_configmap_dir }}/v11y-api-configmap.yaml" -tpa_single_node_v11y_api_secret: "{{ tpa_single_node_kube_configmap_dir }}/v11y-api-secret.yaml" +tpa_single_node_v11y_api_config: "{{ tpa_single_node_kube_manifest_dir }}/v11y-api-configmap.yaml" +tpa_single_node_v11y_api_secret: "{{ tpa_single_node_kube_manifest_dir }}/v11y-api-secret.yaml"