From d07a3318440d0dd2e9a9b52e2171b9a26c4f0c09 Mon Sep 17 00:00:00 2001 From: erzetpe Date: Tue, 17 Sep 2019 16:38:34 +0200 Subject: [PATCH 1/7] Add offline-mode flag to epicli --- core/src/epicli/cli/epicli.py | 3 +++ core/src/epicli/cli/helpers/Config.py | 19 +++++++++++++++---- 2 files changed, 18 insertions(+), 4 deletions(-) diff --git a/core/src/epicli/cli/epicli.py b/core/src/epicli/cli/epicli.py index 2b6158c457..2ee34afd73 100644 --- a/core/src/epicli/cli/epicli.py +++ b/core/src/epicli/cli/epicli.py @@ -78,6 +78,7 @@ def main(): config.log_type = args.log_type config.log_count = args.log_count config.validate_certs = True if args.validate_certs == 'true' else False + config.offline_mode = args.offline_mode config.debug = args.debug config.auto_approve = args.auto_approve @@ -114,6 +115,8 @@ def apply_parser(subparsers): help='File with infrastructure/configuration definitions to use.') sub_parser.add_argument('--no-infra', dest='no_infra', action="store_true", help='Skip infrastructure provisioning.') + sub_parser.add_argument('--offline-mode', dest='offline_mode', action="store_true", + help='Should Epiphany run with offline packages.') def run_apply(args): adjust_paths_from_file(args) diff --git a/core/src/epicli/cli/helpers/Config.py b/core/src/epicli/cli/helpers/Config.py index 5bd6583e35..ae305e97f4 100644 --- a/core/src/epicli/cli/helpers/Config.py +++ b/core/src/epicli/cli/helpers/Config.py @@ -1,5 +1,6 @@ import os + class Config: class __ConfigBase: def __init__(self): @@ -18,6 +19,7 @@ def __init__(self): self._validate_certs = True self._debug = False self._auto_approve = False + self._offline_mode = False @property def docker_cli(self): @@ -93,8 +95,8 @@ def debug(self): @debug.setter def debug(self, debug): if not debug is None: - self._debug = debug - + self._debug = debug + @property def auto_approve(self): return self._auto_approve @@ -102,8 +104,17 @@ def auto_approve(self): @auto_approve.setter def auto_approve(self, auto_approve): if not auto_approve is None: - self._auto_approve = auto_approve - + self._auto_approve = auto_approve + + @property + def offline_mode(self): + return self._offline_mode + + @offline_mode.setter + def offline_mode(self, offline_mode): + if not offline_mode is None: + self._offline_mode = offline_mode + instance = None def __new__(cls): From faf33f7cd973d905def6b53171a5604d5d67dd71 Mon Sep 17 00:00:00 2001 From: erzetpe Date: Tue, 17 Sep 2019 17:49:42 +0200 Subject: [PATCH 2/7] Add offline mode to AnsibleVarsGenerator --- .../epicli/cli/engine/ansible/AnsibleVarsGenerator.py | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/core/src/epicli/cli/engine/ansible/AnsibleVarsGenerator.py b/core/src/epicli/cli/engine/ansible/AnsibleVarsGenerator.py index b4447d7b70..b9539fc769 100644 --- a/core/src/epicli/cli/engine/ansible/AnsibleVarsGenerator.py +++ b/core/src/epicli/cli/engine/ansible/AnsibleVarsGenerator.py @@ -53,6 +53,7 @@ def populate_group_vars(self, ansible_dir): main_vars = self.add_validate_certs(main_vars) main_vars = self.add_dependencies_info(main_vars) main_vars = self.add_shared_config(main_vars) + main_vars = self.add_offline_mode(main_vars) vars_dir = os.path.join(ansible_dir, 'group_vars') if not os.path.exists(vars_dir): @@ -79,6 +80,14 @@ def add_validate_certs(self, document): return document + def add_offline_mode(self, document): + if document is None: + raise Exception('Config is empty for: ' + 'group_vars/all.yml') + + document['offline_mode'] = Config().offline_mode + + return document + def add_dependencies_info(self, document): if document is None: raise Exception('Config is empty for: ' + 'group_vars/all.yml') From fe4be9a0951c9d67b03e685a063a3410e8c75f1a Mon Sep 17 00:00:00 2001 From: erzetpe Date: Fri, 20 Sep 2019 13:02:13 +0200 Subject: [PATCH 3/7] Add stub of repositories role --- .../common/ansible/playbooks/repositories.yml | 8 ++++ .../Debian/scripts/create-repository-deb.sh | 36 ++++++++++++++++++ .../Debian/scripts/setup-repo-client-deb.sh | 14 +++++++ .../files/RedHat/rh-package-list.txt | 23 ++++++++++++ .../RedHat/scripts/create-repository-rh.sh | 33 +++++++++++++++++ .../RedHat/scripts/disable-system-repos.sh | 9 +++++ .../RedHat/scripts/enable-system-repos.sh | 9 +++++ ...generate-enabled-system-repository-list.sh | 4 ++ .../RedHat/scripts/setup-repo-client-rh.sh | 20 ++++++++++ .../roles/repositories/tasks/main.yml | 37 +++++++++++++++++++ 10 files changed, 193 insertions(+) create mode 100644 core/src/epicli/data/common/ansible/playbooks/repositories.yml create mode 100755 core/src/epicli/data/common/ansible/playbooks/roles/repositories/files/Debian/scripts/create-repository-deb.sh create mode 100755 core/src/epicli/data/common/ansible/playbooks/roles/repositories/files/Debian/scripts/setup-repo-client-deb.sh create mode 100644 core/src/epicli/data/common/ansible/playbooks/roles/repositories/files/RedHat/rh-package-list.txt create mode 100755 core/src/epicli/data/common/ansible/playbooks/roles/repositories/files/RedHat/scripts/create-repository-rh.sh create mode 100755 core/src/epicli/data/common/ansible/playbooks/roles/repositories/files/RedHat/scripts/disable-system-repos.sh create mode 100755 core/src/epicli/data/common/ansible/playbooks/roles/repositories/files/RedHat/scripts/enable-system-repos.sh create mode 100755 core/src/epicli/data/common/ansible/playbooks/roles/repositories/files/RedHat/scripts/generate-enabled-system-repository-list.sh create mode 100755 core/src/epicli/data/common/ansible/playbooks/roles/repositories/files/RedHat/scripts/setup-repo-client-rh.sh create mode 100644 core/src/epicli/data/common/ansible/playbooks/roles/repositories/tasks/main.yml diff --git a/core/src/epicli/data/common/ansible/playbooks/repositories.yml b/core/src/epicli/data/common/ansible/playbooks/repositories.yml new file mode 100644 index 0000000000..125590fd89 --- /dev/null +++ b/core/src/epicli/data/common/ansible/playbooks/repositories.yml @@ -0,0 +1,8 @@ +--- +# Ansible playbook for disabling/enabling repositories before/after Epiphany installation + +- hosts: all + become: true + become_method: sudo + roles: + - repositories diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/repositories/files/Debian/scripts/create-repository-deb.sh b/core/src/epicli/data/common/ansible/playbooks/roles/repositories/files/Debian/scripts/create-repository-deb.sh new file mode 100755 index 0000000000..d1c345b432 --- /dev/null +++ b/core/src/epicli/data/common/ansible/playbooks/roles/repositories/files/Debian/scripts/create-repository-deb.sh @@ -0,0 +1,36 @@ +#!/bin/bash + +PACKAGE_LIST=$(cat /root/deb-package-list.txt) +DOWNLOAD_DIRECTORY=/root/packages +LOG_FILE=/root/script-execution.log + +WWW_SERVER_PATH=/var/www/html; + +REPOSITORY_PATH=$WWW_SERVER_PATH/repos; +FILES_PATH=$WWW_SERVER_PATH/files; +IMAGES_PATH=$WWW_SERVER_PATH/images; + +apt install -y apache2 reprepro; +systemctl start apache2 +apt clean; + + +mkdir -p $REPOSITORY_PATH; +mkdir -p $REPOSITORY_PATH/conf; + +cat << EOF > $REPOSITORY_PATH/conf/distributions +Origin: epiphany.offline.repo +Label: epiphany.offline.repo +Codename: bionic +Architectures: i386 amd64 +Components: main restricted universe multiverse +Description: Epiphany Offline Repository +EOF + +for package in $PACKAGE_LIST ; do + echo "$package:" | tee $LOG_FILE; + apt-get install -y --download-only $package | tee $LOG_FILE ; +done + +reprepro --basedir $REPOSITORY_PATH includedeb bionic /var/cache/apt/archives/*.deb; + diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/repositories/files/Debian/scripts/setup-repo-client-deb.sh b/core/src/epicli/data/common/ansible/playbooks/roles/repositories/files/Debian/scripts/setup-repo-client-deb.sh new file mode 100755 index 0000000000..44d0a15a38 --- /dev/null +++ b/core/src/epicli/data/common/ansible/playbooks/roles/repositories/files/Debian/scripts/setup-repo-client-deb.sh @@ -0,0 +1,14 @@ +#!/bin/bash + +SERVER_IP=$1; +DATE=`date +%Y.%m.%d-%H.%M.%S`; + +curl -I -L $SERVER_IP/repos | grep "HTTP/1.1 200 OK"; + +cp /etc/apt/sources.list /etc/apt/sources.list.bak_$DATE; +echo "deb [trusted=yes] http://$SERVER_IP/repos/ bionic main" > /etc/apt/sources.list; + +apt-cache policy; + +apt update; + diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/repositories/files/RedHat/rh-package-list.txt b/core/src/epicli/data/common/ansible/playbooks/roles/repositories/files/RedHat/rh-package-list.txt new file mode 100644 index 0000000000..473fd942f2 --- /dev/null +++ b/core/src/epicli/data/common/ansible/playbooks/roles/repositories/files/RedHat/rh-package-list.txt @@ -0,0 +1,23 @@ +libselinux-python +libsemanage-python +firewalld +bash-completion +ca-certificates +net-tools +tar +nmap-ncat +curl +tmux +fping +iftop +htop +vim-enhanced +sysstat +python-setuptools +openssl +yum-plugin-versionlock +logrotate +ebtables +ethtool +telnet +httpd diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/repositories/files/RedHat/scripts/create-repository-rh.sh b/core/src/epicli/data/common/ansible/playbooks/roles/repositories/files/RedHat/scripts/create-repository-rh.sh new file mode 100755 index 0000000000..a284d6910e --- /dev/null +++ b/core/src/epicli/data/common/ansible/playbooks/roles/repositories/files/RedHat/scripts/create-repository-rh.sh @@ -0,0 +1,33 @@ +#!/bin/bash + +PACKAGE_LIST=$(cat $1) +LOG_FILE=/root/script-execution.log + +WWW_SERVER_PATH=/var/www/html; + +REPOSITORY_PATH=$WWW_SERVER_PATH/repos; +FILES_PATH=$WWW_SERVER_PATH/files; +IMAGES_PATH=$WWW_SERVER_PATH/images; + +mkdir -p $WWW_SERVER_PATH; +mkdir -p $REPOSITORY_PATH; +mkdir -p $FILES_PATH; +mkdir -p $IMAGES_PATH; + +yum install -y httpd createrepo yum-utils; + +for package in $PACKAGE_LIST ; do + echo "========== $package =========" | tee $LOG_FILE; + repoquery -a --qf '%{ui_nevra}' $package; + repoquery -a --qf '%{ui_nevra}' $package | xargs yumdownloader --destdir $REPOSITORY_PATH | tee $LOG_FILE; + echo "========== $package - dependencies =========" | tee $LOG_FILE; + repoquery -R --resolve -a --qf '%{ui_nevra}' $package; + repoquery -R --resolve -a --qf '%{ui_nevra}' $package | xargs yumdownloader --destdir $REPOSITORY_PATH | tee $LOG_FILE; +done + +setenforce 0; +systemctl start httpd; + +createrepo $REPOSITORY_PATH; + + diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/repositories/files/RedHat/scripts/disable-system-repos.sh b/core/src/epicli/data/common/ansible/playbooks/roles/repositories/files/RedHat/scripts/disable-system-repos.sh new file mode 100755 index 0000000000..a5391f3909 --- /dev/null +++ b/core/src/epicli/data/common/ansible/playbooks/roles/repositories/files/RedHat/scripts/disable-system-repos.sh @@ -0,0 +1,9 @@ +#!/bin/bash +REPOS_LIST_FILE=/tmp/enabled-system-repos.txt + +cat $REPOS_LIST_FILE | while read line +do + echo $line; + yum-config-manager --disable $line; +done + diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/repositories/files/RedHat/scripts/enable-system-repos.sh b/core/src/epicli/data/common/ansible/playbooks/roles/repositories/files/RedHat/scripts/enable-system-repos.sh new file mode 100755 index 0000000000..d030de8278 --- /dev/null +++ b/core/src/epicli/data/common/ansible/playbooks/roles/repositories/files/RedHat/scripts/enable-system-repos.sh @@ -0,0 +1,9 @@ +#!/bin/bash +REPOS_LIST_FILE=/tmp/enabled-system-repos.txt + +cat $REPOS_LIST_FILE | while read line +do + echo $line; + yum-config-manager --enable $line; +done + diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/repositories/files/RedHat/scripts/generate-enabled-system-repository-list.sh b/core/src/epicli/data/common/ansible/playbooks/roles/repositories/files/RedHat/scripts/generate-enabled-system-repository-list.sh new file mode 100755 index 0000000000..1dd9a093ab --- /dev/null +++ b/core/src/epicli/data/common/ansible/playbooks/roles/repositories/files/RedHat/scripts/generate-enabled-system-repository-list.sh @@ -0,0 +1,4 @@ +ENABLED_REPOS_FILE=/tmp/enabled-system-repos.txt +if [ test ! -f "$ENABLED_REPOS_FILE" ]; then + yum repolist -v enabled | grep -i Repo-id | awk -F ":" '{print $2}' | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//' | awk -F "/" '{print $1}' > $ENABLED_REPOS_FILE; +fi diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/repositories/files/RedHat/scripts/setup-repo-client-rh.sh b/core/src/epicli/data/common/ansible/playbooks/roles/repositories/files/RedHat/scripts/setup-repo-client-rh.sh new file mode 100755 index 0000000000..6ad71c0a02 --- /dev/null +++ b/core/src/epicli/data/common/ansible/playbooks/roles/repositories/files/RedHat/scripts/setup-repo-client-rh.sh @@ -0,0 +1,20 @@ +#!/bin/bash + +SERVER_IP=$1; + +curl -I -L $SERVER_IP/repos | grep "HTTP/1.1 200 OK"; + +sed -i -e "s/enabled=1/enabled=0/g" /etc/yum.repos.d/*.repo; + +cat << EOF > /etc/yum.repos.d/epirepo.repo +[epirepo] +name=epirepo +baseurl=http://$SERVER_IP/repos/ +enabled=1 +gpgcheck=0 +EOF + +yum-config-manager --enable epirepo*; +yum makecache; +yum repolist; + diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/repositories/tasks/main.yml b/core/src/epicli/data/common/ansible/playbooks/roles/repositories/tasks/main.yml new file mode 100644 index 0000000000..1c01e75bf2 --- /dev/null +++ b/core/src/epicli/data/common/ansible/playbooks/roles/repositories/tasks/main.yml @@ -0,0 +1,37 @@ +--- + +- name: Copy data files + copy: + src: "{{ ansible_os_family }}/" + dest: "/tmp/{{ ansible_os_family }}" + +- name: Copy repository configuration scripts + copy: + src: "{{ ansible_os_family }}/scripts/" + dest: "/tmp/{{ ansible_os_family }}" + mode: a+x + +- name: Download packages and create repository + shell: /tmp/{{ ansible_os_family }}/create-repository-rh.sh /tmp/{{ ansible_os_family }}/rh-package-list.txt + when: + - groups['repository'][0] == inventory_hostname + +- name: Create active repositories list + shell: /tmp/{{ ansible_os_family }}/generate-enabled-system-repository-list.sh + when: + - not groups['repository'][0] == inventory_hostname + +- name: Disable active system repositories + shell: /tmp/{{ ansible_os_family }}/disable-system-repos.sh + when: + - not groups['repository'][0] == inventory_hostname + +- name: Setup client repos + shell: /tmp/{{ ansible_os_family }}/setup-repo-client-rh.sh {{ groups['repository'][0] }} + when: + - not groups['repository'][0] == inventory_hostname + +#- name: Enable active system repositories +# shell: /tmp/{{ ansible_os_family }}/enable-system-repos.sh +# when: +# - not groups['repository'][0] == inventory_hostname \ No newline at end of file From 4932cb42b8228219c1deca2bdbd6427efa893995 Mon Sep 17 00:00:00 2001 From: erzetpe Date: Fri, 20 Sep 2019 16:17:03 +0200 Subject: [PATCH 4/7] Add setup and teardown to Epiphany role --- .../{repositories.yml => repository-setup.yml} | 6 +++++- .../ansible/playbooks/repository-teardown.yml | 12 ++++++++++++ .../files/Debian/scripts/create-repository-deb.sh | 0 .../files/Debian/scripts/setup-repo-client-deb.sh | 0 .../files/RedHat/rh-package-list.txt | 1 - .../files/RedHat/scripts/create-repository-rh.sh | 0 .../RedHat/scripts/disable-epirepo-client-rh.sh | 6 ++++++ .../files/RedHat/scripts/disable-repository-rh.sh | 4 ++++ .../files/RedHat/scripts/disable-system-repos.sh | 0 .../files/RedHat/scripts/enable-system-repos.sh | 0 .../generate-enabled-system-repository-list.sh | 0 .../RedHat/scripts/setup-epirepo-client-rh.sh} | 0 .../playbooks/roles/repository/tasks/main.yml | 15 +++++++++++++++ .../tasks/setup-RedHat.yml} | 11 +++-------- .../roles/repository/tasks/teardown-RedHat.yml | 11 +++++++++++ 15 files changed, 56 insertions(+), 10 deletions(-) rename core/src/epicli/data/common/ansible/playbooks/{repositories.yml => repository-setup.yml} (59%) create mode 100644 core/src/epicli/data/common/ansible/playbooks/repository-teardown.yml rename core/src/epicli/data/common/ansible/playbooks/roles/{repositories => repository}/files/Debian/scripts/create-repository-deb.sh (100%) rename core/src/epicli/data/common/ansible/playbooks/roles/{repositories => repository}/files/Debian/scripts/setup-repo-client-deb.sh (100%) rename core/src/epicli/data/common/ansible/playbooks/roles/{repositories => repository}/files/RedHat/rh-package-list.txt (97%) rename core/src/epicli/data/common/ansible/playbooks/roles/{repositories => repository}/files/RedHat/scripts/create-repository-rh.sh (100%) create mode 100755 core/src/epicli/data/common/ansible/playbooks/roles/repository/files/RedHat/scripts/disable-epirepo-client-rh.sh create mode 100755 core/src/epicli/data/common/ansible/playbooks/roles/repository/files/RedHat/scripts/disable-repository-rh.sh rename core/src/epicli/data/common/ansible/playbooks/roles/{repositories => repository}/files/RedHat/scripts/disable-system-repos.sh (100%) rename core/src/epicli/data/common/ansible/playbooks/roles/{repositories => repository}/files/RedHat/scripts/enable-system-repos.sh (100%) rename core/src/epicli/data/common/ansible/playbooks/roles/{repositories => repository}/files/RedHat/scripts/generate-enabled-system-repository-list.sh (100%) rename core/src/epicli/data/common/ansible/playbooks/roles/{repositories/files/RedHat/scripts/setup-repo-client-rh.sh => repository/files/RedHat/scripts/setup-epirepo-client-rh.sh} (100%) create mode 100644 core/src/epicli/data/common/ansible/playbooks/roles/repository/tasks/main.yml rename core/src/epicli/data/common/ansible/playbooks/roles/{repositories/tasks/main.yml => repository/tasks/setup-RedHat.yml} (71%) create mode 100644 core/src/epicli/data/common/ansible/playbooks/roles/repository/tasks/teardown-RedHat.yml diff --git a/core/src/epicli/data/common/ansible/playbooks/repositories.yml b/core/src/epicli/data/common/ansible/playbooks/repository-setup.yml similarity index 59% rename from core/src/epicli/data/common/ansible/playbooks/repositories.yml rename to core/src/epicli/data/common/ansible/playbooks/repository-setup.yml index 125590fd89..d85d46067d 100644 --- a/core/src/epicli/data/common/ansible/playbooks/repositories.yml +++ b/core/src/epicli/data/common/ansible/playbooks/repository-setup.yml @@ -2,7 +2,11 @@ # Ansible playbook for disabling/enabling repositories before/after Epiphany installation - hosts: all + pre_tasks: + - name: Set mode to setup + set_fact: + repository_mode: setup become: true become_method: sudo roles: - - repositories + - repository diff --git a/core/src/epicli/data/common/ansible/playbooks/repository-teardown.yml b/core/src/epicli/data/common/ansible/playbooks/repository-teardown.yml new file mode 100644 index 0000000000..0bcdbfb41b --- /dev/null +++ b/core/src/epicli/data/common/ansible/playbooks/repository-teardown.yml @@ -0,0 +1,12 @@ +--- +# Ansible playbook for disabling/enabling repositories before/after Epiphany installation + +- hosts: all + pre_tasks: + - name: Set mode to teardown + set_fact: + repository_mode: teardown + become: true + become_method: sudo + roles: + - repository diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/repositories/files/Debian/scripts/create-repository-deb.sh b/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/Debian/scripts/create-repository-deb.sh similarity index 100% rename from core/src/epicli/data/common/ansible/playbooks/roles/repositories/files/Debian/scripts/create-repository-deb.sh rename to core/src/epicli/data/common/ansible/playbooks/roles/repository/files/Debian/scripts/create-repository-deb.sh diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/repositories/files/Debian/scripts/setup-repo-client-deb.sh b/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/Debian/scripts/setup-repo-client-deb.sh similarity index 100% rename from core/src/epicli/data/common/ansible/playbooks/roles/repositories/files/Debian/scripts/setup-repo-client-deb.sh rename to core/src/epicli/data/common/ansible/playbooks/roles/repository/files/Debian/scripts/setup-repo-client-deb.sh diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/repositories/files/RedHat/rh-package-list.txt b/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/RedHat/rh-package-list.txt similarity index 97% rename from core/src/epicli/data/common/ansible/playbooks/roles/repositories/files/RedHat/rh-package-list.txt rename to core/src/epicli/data/common/ansible/playbooks/roles/repository/files/RedHat/rh-package-list.txt index 473fd942f2..29cefad323 100644 --- a/core/src/epicli/data/common/ansible/playbooks/roles/repositories/files/RedHat/rh-package-list.txt +++ b/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/RedHat/rh-package-list.txt @@ -20,4 +20,3 @@ logrotate ebtables ethtool telnet -httpd diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/repositories/files/RedHat/scripts/create-repository-rh.sh b/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/RedHat/scripts/create-repository-rh.sh similarity index 100% rename from core/src/epicli/data/common/ansible/playbooks/roles/repositories/files/RedHat/scripts/create-repository-rh.sh rename to core/src/epicli/data/common/ansible/playbooks/roles/repository/files/RedHat/scripts/create-repository-rh.sh diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/RedHat/scripts/disable-epirepo-client-rh.sh b/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/RedHat/scripts/disable-epirepo-client-rh.sh new file mode 100755 index 0000000000..bf82cab2ef --- /dev/null +++ b/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/RedHat/scripts/disable-epirepo-client-rh.sh @@ -0,0 +1,6 @@ +#!/bin/bash + +yum-config-manager --disable epirepo*; +yum makecache; +yum repolist; + diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/RedHat/scripts/disable-repository-rh.sh b/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/RedHat/scripts/disable-repository-rh.sh new file mode 100755 index 0000000000..d3924891a7 --- /dev/null +++ b/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/RedHat/scripts/disable-repository-rh.sh @@ -0,0 +1,4 @@ +#!/bin/bash + +systemctl stop httpd; +systemctl disable httpd; \ No newline at end of file diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/repositories/files/RedHat/scripts/disable-system-repos.sh b/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/RedHat/scripts/disable-system-repos.sh similarity index 100% rename from core/src/epicli/data/common/ansible/playbooks/roles/repositories/files/RedHat/scripts/disable-system-repos.sh rename to core/src/epicli/data/common/ansible/playbooks/roles/repository/files/RedHat/scripts/disable-system-repos.sh diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/repositories/files/RedHat/scripts/enable-system-repos.sh b/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/RedHat/scripts/enable-system-repos.sh similarity index 100% rename from core/src/epicli/data/common/ansible/playbooks/roles/repositories/files/RedHat/scripts/enable-system-repos.sh rename to core/src/epicli/data/common/ansible/playbooks/roles/repository/files/RedHat/scripts/enable-system-repos.sh diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/repositories/files/RedHat/scripts/generate-enabled-system-repository-list.sh b/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/RedHat/scripts/generate-enabled-system-repository-list.sh similarity index 100% rename from core/src/epicli/data/common/ansible/playbooks/roles/repositories/files/RedHat/scripts/generate-enabled-system-repository-list.sh rename to core/src/epicli/data/common/ansible/playbooks/roles/repository/files/RedHat/scripts/generate-enabled-system-repository-list.sh diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/repositories/files/RedHat/scripts/setup-repo-client-rh.sh b/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/RedHat/scripts/setup-epirepo-client-rh.sh similarity index 100% rename from core/src/epicli/data/common/ansible/playbooks/roles/repositories/files/RedHat/scripts/setup-repo-client-rh.sh rename to core/src/epicli/data/common/ansible/playbooks/roles/repository/files/RedHat/scripts/setup-epirepo-client-rh.sh diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/repository/tasks/main.yml b/core/src/epicli/data/common/ansible/playbooks/roles/repository/tasks/main.yml new file mode 100644 index 0000000000..e95af74c7d --- /dev/null +++ b/core/src/epicli/data/common/ansible/playbooks/roles/repository/tasks/main.yml @@ -0,0 +1,15 @@ +--- + +- name: Copy data files + copy: + src: "{{ ansible_os_family }}/" + dest: "/tmp/{{ ansible_os_family }}" + +- name: Copy repository configuration scripts + copy: + src: "{{ ansible_os_family }}/scripts/" + dest: "/tmp/{{ ansible_os_family }}" + mode: a+x + +- name: Configure repository and clients RedHat + include_tasks: "{{ repository_mode }}-{{ ansible_os_family }}.yml" diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/repositories/tasks/main.yml b/core/src/epicli/data/common/ansible/playbooks/roles/repository/tasks/setup-RedHat.yml similarity index 71% rename from core/src/epicli/data/common/ansible/playbooks/roles/repositories/tasks/main.yml rename to core/src/epicli/data/common/ansible/playbooks/roles/repository/tasks/setup-RedHat.yml index 1c01e75bf2..8c634caf05 100644 --- a/core/src/epicli/data/common/ansible/playbooks/roles/repositories/tasks/main.yml +++ b/core/src/epicli/data/common/ansible/playbooks/roles/repository/tasks/setup-RedHat.yml @@ -26,12 +26,7 @@ when: - not groups['repository'][0] == inventory_hostname -- name: Setup client repos - shell: /tmp/{{ ansible_os_family }}/setup-repo-client-rh.sh {{ groups['repository'][0] }} +- name: Setup epirepo on clients + shell: /tmp/{{ ansible_os_family }}/setup-epirepo-client-rh.sh {{ groups['repository'][0] }} when: - - not groups['repository'][0] == inventory_hostname - -#- name: Enable active system repositories -# shell: /tmp/{{ ansible_os_family }}/enable-system-repos.sh -# when: -# - not groups['repository'][0] == inventory_hostname \ No newline at end of file + - not groups['repository'][0] == inventory_hostname \ No newline at end of file diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/repository/tasks/teardown-RedHat.yml b/core/src/epicli/data/common/ansible/playbooks/roles/repository/tasks/teardown-RedHat.yml new file mode 100644 index 0000000000..5390e5e342 --- /dev/null +++ b/core/src/epicli/data/common/ansible/playbooks/roles/repository/tasks/teardown-RedHat.yml @@ -0,0 +1,11 @@ +--- + +- name: Enable system repositories + shell: /tmp/{{ ansible_os_family }}/enable-system-repos.sh + when: + - not groups['repository'][0] == inventory_hostname + +- name: Disable epirepo on clients + shell: /tmp/{{ ansible_os_family }}/disable-epirepo-client-rh.sh + when: + - not groups['repository'][0] == inventory_hostname From 43b5c1d82e5c2a4ff22dcfba9cebe46862297752 Mon Sep 17 00:00:00 2001 From: erzetpe Date: Fri, 20 Sep 2019 16:39:40 +0200 Subject: [PATCH 5/7] Add integration to repository role with epicli --- .../cli/engine/ansible/AnsibleRunner.py | 20 ++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/core/src/epicli/cli/engine/ansible/AnsibleRunner.py b/core/src/epicli/cli/engine/ansible/AnsibleRunner.py index 22b7d03eec..7c19447df2 100644 --- a/core/src/epicli/cli/engine/ansible/AnsibleRunner.py +++ b/core/src/epicli/cli/engine/ansible/AnsibleRunner.py @@ -47,11 +47,20 @@ def run(self): self.ansible_vars_generator.run() + repository_setup_play_result = self.ansible_command.run_playbook_with_retries(inventory=inventory_path, + playbook_path=os.path.join( + get_ansible_path( + self.cluster_model.specification.name), + "repository-setup.yml"), retries=5) + + if repository_setup_play_result != 0: + return + common_play_result = self.ansible_command.run_playbook_with_retries(inventory=inventory_path, playbook_path=os.path.join( get_ansible_path( self.cluster_model.specification.name), - "common.yml"), retries=5) + "common.yml"), retries=1) if common_play_result != 0: return @@ -65,3 +74,12 @@ def run(self): to_role_name(role) + ".yml"), retries=1) if play_result != 0: break + + repository_teardown_play_result = self.ansible_command.run_playbook_with_retries(inventory=inventory_path, + playbook_path=os.path.join( + get_ansible_path( + self.cluster_model.specification.name), + "repository-teardown.yml"), retries=1) + + if repository_teardown_play_result != 0: + return From e541c58724a82aa33c98555f77281ee57e1b73ae Mon Sep 17 00:00:00 2001 From: erzetpe Date: Fri, 20 Sep 2019 17:51:30 +0200 Subject: [PATCH 6/7] Change repository configuration to take files from kubernetes master server --- .../infrastructure/virtual-machine.yml | 8 ++++---- .../roles/repository/tasks/setup-RedHat.yml | 18 +++++++++--------- .../roles/repository/tasks/teardown-RedHat.yml | 8 ++++---- 3 files changed, 17 insertions(+), 17 deletions(-) diff --git a/core/src/epicli/data/aws/defaults/infrastructure/virtual-machine.yml b/core/src/epicli/data/aws/defaults/infrastructure/virtual-machine.yml index 8593015543..4a97cf3506 100644 --- a/core/src/epicli/data/aws/defaults/infrastructure/virtual-machine.yml +++ b/core/src/epicli/data/aws/defaults/infrastructure/virtual-machine.yml @@ -147,7 +147,7 @@ specification: source_port_range: "*" destination_port_range: "0" source_address_prefix: "0.0.0.0/0" - destination_address_prefix: "0.0.0.0/0" + destination_address_prefix: "0.0.0.0/0" --- kind: infrastructure/virtual-machine version: 0.3.0 @@ -223,14 +223,14 @@ specification: destination_port_range: "22" source_address_prefix: "0.0.0.0/0" destination_address_prefix: "0.0.0.0/0" - - name: node_exporter - description: Allow node_exporter traffic + - name: repository + description: Allow repository traffic priority: 302 direction: Inbound access: Allow protocol: Tcp source_port_range: "*" - destination_port_range: "9100" + destination_port_range: "80" source_address_prefix: "10.1.0.0/20" destination_address_prefix: "0.0.0.0/0" - name: subnet-traffic diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/repository/tasks/setup-RedHat.yml b/core/src/epicli/data/common/ansible/playbooks/roles/repository/tasks/setup-RedHat.yml index 8c634caf05..af1d408460 100644 --- a/core/src/epicli/data/common/ansible/playbooks/roles/repository/tasks/setup-RedHat.yml +++ b/core/src/epicli/data/common/ansible/playbooks/roles/repository/tasks/setup-RedHat.yml @@ -13,20 +13,20 @@ - name: Download packages and create repository shell: /tmp/{{ ansible_os_family }}/create-repository-rh.sh /tmp/{{ ansible_os_family }}/rh-package-list.txt - when: - - groups['repository'][0] == inventory_hostname + when: + - groups['kubernetes_master'][0] == inventory_hostname - name: Create active repositories list shell: /tmp/{{ ansible_os_family }}/generate-enabled-system-repository-list.sh - when: - - not groups['repository'][0] == inventory_hostname + when: + - not groups['kubernetes_master'][0] == inventory_hostname - name: Disable active system repositories shell: /tmp/{{ ansible_os_family }}/disable-system-repos.sh - when: - - not groups['repository'][0] == inventory_hostname + when: + - not groups['kubernetes_master'][0] == inventory_hostname - name: Setup epirepo on clients - shell: /tmp/{{ ansible_os_family }}/setup-epirepo-client-rh.sh {{ groups['repository'][0] }} - when: - - not groups['repository'][0] == inventory_hostname \ No newline at end of file + shell: /tmp/{{ ansible_os_family }}/setup-epirepo-client-rh.sh {{ groups['kubernetes_master'][0] }} + when: + - not groups['kubernetes_master'][0] == inventory_hostname diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/repository/tasks/teardown-RedHat.yml b/core/src/epicli/data/common/ansible/playbooks/roles/repository/tasks/teardown-RedHat.yml index 5390e5e342..8694c0e4bd 100644 --- a/core/src/epicli/data/common/ansible/playbooks/roles/repository/tasks/teardown-RedHat.yml +++ b/core/src/epicli/data/common/ansible/playbooks/roles/repository/tasks/teardown-RedHat.yml @@ -2,10 +2,10 @@ - name: Enable system repositories shell: /tmp/{{ ansible_os_family }}/enable-system-repos.sh - when: - - not groups['repository'][0] == inventory_hostname + when: + - not groups['kubernetes_master'][0] == inventory_hostname - name: Disable epirepo on clients shell: /tmp/{{ ansible_os_family }}/disable-epirepo-client-rh.sh - when: - - not groups['repository'][0] == inventory_hostname + when: + - not groups['kubernetes_master'][0] == inventory_hostname From 9fdd6969a754e63920d4859e689228c99017ee26 Mon Sep 17 00:00:00 2001 From: erzetpe Date: Mon, 23 Sep 2019 09:58:24 +0200 Subject: [PATCH 7/7] Fixed remove of node_exporter endpoint accessibility on kubernetes master for default configuration --- .../aws/defaults/infrastructure/virtual-machine.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/core/src/epicli/data/aws/defaults/infrastructure/virtual-machine.yml b/core/src/epicli/data/aws/defaults/infrastructure/virtual-machine.yml index 4a97cf3506..5588ae4d68 100644 --- a/core/src/epicli/data/aws/defaults/infrastructure/virtual-machine.yml +++ b/core/src/epicli/data/aws/defaults/infrastructure/virtual-machine.yml @@ -233,6 +233,16 @@ specification: destination_port_range: "80" source_address_prefix: "10.1.0.0/20" destination_address_prefix: "0.0.0.0/0" + - name: node_exporter + description: Allow node_exporter traffic + priority: 302 + direction: Inbound + access: Allow + protocol: Tcp + source_port_range: "*" + destination_port_range: "9100" + source_address_prefix: "10.1.0.0/20" + destination_address_prefix: "0.0.0.0/0" - name: subnet-traffic description: Allow subnet traffic priority: 102