sa_8001/dsk-iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Ansible Script 추가

Browse Source
This commit is contained in:
ByeonJungHun
2023-12-19 13:36:16 +09:00
parent 0273450ff6
commit 05cb8d9269
2610 changed files with 281893 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
ansible/01_old/roles/cmoa_install_bak/tasks/00-default-settings-master.yml Normal file
View File

@@ -0,0 +1,30 @@
---
- name: 1. Create a cmoa namespace
kubernetes.core.k8s:
name: "{{ cmoa_namespace }}"
api_version: v1
kind: Namespace
state: present
- name: 2. Create secret
kubernetes.core.k8s:
state: present
namespace: "{{ item }}"
src: "{{ role_path }}/files/00-default/secret_nexus.yaml"
apply: yes
with_items:
- "{{ cmoa_namespace }}"
- default
- name: 3. kubeconfig check
shell: "echo $KUBECONFIG"
register: kubeconfig
- name: 4. Patch default sa
shell: "{{ role_path }}/files/00-default/sa_patch.sh {{ kubeconfig.stdout }}"
- name: 5. Master IP Setting
command: "{{ role_path }}/files/ip_change {{ before_ip }} {{ ansible_default_ipv4.address }} {{ role_path }}/files"
- name: 6. CloudMOA Version Change
command: "{{ role_path }}/files/rel_change {{ before_version }} {{ cmoa_version }} {{ role_path }}/files"

27
ansible/01_old/roles/cmoa_install_bak/tasks/00-default-settings-node.yml Normal file
View File

@@ -0,0 +1,27 @@
---
- name: 1. Node add Label (worker1)
kubernetes.core.k8s:
apply: yes
definition:
apiversion: v1
kind: Node
metadata:
name: "{{ item }}"
labels:
cmoa: worker1
with_items:
- "{{ ansible_hostname }}"
when: ansible_default_ipv4.address in groups.worker1
- name: 2. Node add Label (worker2)
kubernetes.core.k8s:
definition:
apiversion: v1
kind: Node
metadata:
name: "{{ item }}"
labels:
cmoa: worker2
with_items:
- "{{ ansible_hostname }}"
when: ansible_default_ipv4.address in groups.worker2

45
ansible/01_old/roles/cmoa_install_bak/tasks/01-storage-install.yml Normal file
View File

@@ -0,0 +1,45 @@
---
- name: 1. yaml file install (sc, pv)
kubernetes.core.k8s:
state: present
namespace: "{{ cmoa_namespace }}"
src: "{{ role_path }}/files/01-storage/{{ item }}"
apply: yes
with_items:
- 00-storageclass.yaml
- 01-persistentvolume.yaml
- name: 2. helmchart install (minio)
kubernetes.core.helm:
name: "{{item}}"
release_namespace: "{{ cmoa_namespace }}"
chart_ref: "{{ role_path }}/files/01-storage/{{item}}"
create_namespace: yes
release_state: present
values_files:
- "{{ role_path }}/files/01-storage/{{item}}/values.yaml"
with_items:
- minio
- name: 3. Change a Minio Api Service (NodePort=minio_nodePort)
kubernetes.core.k8s:
state: present
definition:
apiVersion: v1
kind: Service
metadata:
name: "{{ minio_service_name }}"
namespace: "{{ cmoa_namespace }}"
spec:
type: NodePort
ports:
- protocol: TCP
port: "{{ minio_service_port }}"
nodePort: "{{ minio_nodePort }}"
apply: yes
- name: 4. Check Kubernetes Pods (minio)
command: "{{ role_path }}/files/k8s_status {{ cmoa_namespace }}"
- name: 5. minio setting (minio)
command: "{{ role_path }}/files/01-storage/cmoa_minio {{ ansible_default_ipv4.address }}:{{ minio_nodePort }} {{ minio_user }} {{ bucket_name }} {{ days }} {{ rule_id }}"

51
ansible/01_old/roles/cmoa_install_bak/tasks/02-base-install.yml Normal file
View File

@@ -0,0 +1,51 @@
---
- name: 1. kafka broker config apply (base)
kubernetes.core.k8s:
state: present
namespace: "{{ cmoa_namespace }}"
src: "{{ role_path }}/files/02-base/{{ item }}"
apply: yes
with_items:
- 00-kafka-broker-config.yaml
- name: 2. coredns config apply (base)
kubernetes.core.k8s:
state: present
namespace: default
src: "{{ role_path }}/files/02-base/{{ item }}"
apply: yes
with_items:
- 01-coredns.yaml
- name: 3. helmchart install (base)
kubernetes.core.helm:
name: "{{item}}"
release_name: "{{item}}"
release_namespace: "{{ cmoa_namespace }}"
chart_ref: "{{ role_path }}/files/02-base/{{item}}"
create_namespace: yes
release_state: present
values_files:
- "{{ role_path }}/files/02-base/{{item}}/values.yaml"
with_items:
- base
- name: 4. Check Kubernetes Pods (base)
command: "{{ role_path }}/files/k8s_status {{ cmoa_namespace }} alertmanage"
- name: 5. Change a Elasticsearch Service (NodePort=elasticsearch_nodePort)
kubernetes.core.k8s:
state: present
definition:
apiVersion: v1
kind: Service
metadata:
name: "{{ elasticsearch_service_name }}"
namespace: "{{ cmoa_namespace }}"
spec:
type: NodePort
ports:
- protocol: TCP
port: "{{ elasticsearch_service_port }}"
nodePort: "{{ elasticsearch_nodePort }}"
apply: yes

64
ansible/01_old/roles/cmoa_install_bak/tasks/03-ddl-dml.yml Normal file
View File

@@ -0,0 +1,64 @@
- name: 1. Check Postgres DB Data
command: "{{ role_path }}/files/postgres_check_data {{ cmoa_namespace }}"
register: pg_check_result
- name: 2. Insert Elasticsearch template
command: "sh {{ role_path }}/files/03-ddl-dml/elasticsearch/es-ddl-put.sh {{ cmoa_namespace }}"
# when: pg_check_result.stdout != '1'
# register: es
#- debug:
# msg: "{{es.stdout_lines}}"
- name: 2.1. Elasticsearch dependency deploy restart
command: "kubectl -n {{ cmoa_namespace }} rollout restart deploy alertmanager base-cortex-configs base-cortex-distributor base-cortex-ruler"
register: restart
- debug:
msg: "{{restart.stdout_lines}}"
- name: 2.2. Check Kubernetes Pods (Elasticsearch dependency)
command: "{{ role_path }}/files/k8s_status {{ cmoa_namespace }} alertmanage"
- name: 3. Get a list of all pods from the namespace
command: kubectl -n "{{ cmoa_namespace }}" get pods --no-headers -o custom-columns=":metadata.name"
register: pod_list
when: pg_check_result.stdout != '1'
- name: 4. Copy psql file in postgres (DDL)
kubernetes.core.k8s_cp:
namespace: "{{ cmoa_namespace }}"
pod: "{{ item }}"
remote_path: /tmp/postgres_insert_ddl.psql
local_path: "{{ role_path }}/files/03-ddl-dml/postgres/postgres_insert_ddl.psql"
when: item is match('postgres') and pg_check_result.stdout != '1'
with_items: "{{ pod_list.stdout_lines }}"
ignore_errors: true
- name: 5. Execute a command in postgres (DDL)
kubernetes.core.k8s_exec:
namespace: "{{ cmoa_namespace }}"
pod: "{{ item }}"
command: bash -c "PGPASSWORD='eorbahrhkswp' && /usr/bin/psql -h 'localhost' -U 'admin' -d 'postgresdb' -f /tmp/postgres_insert_ddl.psql"
with_items: "{{ pod_list.stdout_lines }}"
when: item is match('postgres')
ignore_errors: true
- name: 6. Copy psql file in postgres (DML)
kubernetes.core.k8s_cp:
namespace: "{{ cmoa_namespace }}"
pod: "{{ item }}"
remote_path: /tmp/postgres_insert_dml.psql
local_path: "{{ role_path }}/files/03-ddl-dml/postgres/postgres_insert_dml.psql"
with_items: "{{ pod_list.stdout_lines }}"
when: item is match('postgres')
ignore_errors: true
- name: 7. Execute a command in postgres (DML)
kubernetes.core.k8s_exec:
namespace: "{{ cmoa_namespace }}"
pod: "{{ item }}"
command: bash -c "PGPASSWORD='eorbahrhkswp' && /usr/bin/psql -h 'localhost' -U 'admin' -d 'postgresdb' -f /tmp/postgres_insert_dml.psql"
with_items: "{{ pod_list.stdout_lines }}"
when: item is match('postgres')
ignore_errors: true

34
ansible/01_old/roles/cmoa_install_bak/tasks/04-keycloak-install.yml Normal file
View File

@@ -0,0 +1,34 @@
---
- name: 1. helmchart install (keycloak)
kubernetes.core.helm:
name: "{{item}}"
release_name: "{{item}}"
release_namespace: "{{ cmoa_namespace }}"
chart_ref: "{{ role_path }}/files/04-keycloak"
create_namespace: yes
release_state: present
values_files:
- "{{ role_path }}/files/04-keycloak/values.yaml"
with_items:
- keycloak
- name: 4. Check Kubernetes Pods (base)
command: "{{ role_path }}/files/k8s_status {{ cmoa_namespace }}"
- name: 5. Change a Elasticsearch Service (NodePort=elasticsearch_nodePort)
kubernetes.core.k8s:
state: present
definition:
apiVersion: v1
kind: Service
metadata:
name: "{{ elasticsearch_service_name }}"
namespace: "{{ cmoa_namespace }}"
spec:
type: NodePort
ports:
- protocol: TCP
port: "{{ elasticsearch_service_port }}"
nodePort: "{{ elasticsearch_nodePort }}"
apply: yes

16
ansible/01_old/roles/cmoa_install_bak/tasks/05-imxc-install.yml Normal file
View File

@@ -0,0 +1,16 @@
---
- name: 1. helmchart install (imxc)
kubernetes.core.helm:
name: "{{item}}"
release_name: "{{item}}"
release_namespace: "{{ cmoa_namespace }}"
chart_ref: "{{ role_path }}/files/05-imxc"
create_namespace: yes
release_state: present
values_files:
- "{{ role_path }}/files/05-imxc/values.yaml"
with_items:
- imxc
- name: 2. Check Kubernetes Pods (imxc / keycloak)
command: "{{ role_path }}/files/k8s_status {{ cmoa_namespace }}"

112
ansible/01_old/roles/cmoa_install_bak/tasks/06-imxc-ui-install.yml Normal file
View File

@@ -0,0 +1,112 @@
---
- name: 1. helmchart install (imxc-ui-all)
kubernetes.core.helm:
name: "{{item}}"
release_name: "{{item}}"
release_namespace: "{{ cmoa_namespace }}"
chart_ref: "{{ role_path }}/files/06-imxc-ui/{{ item }}"
create_namespace: yes
release_state: present
values_files:
- "{{ role_path }}/files/06-imxc-ui/{{ item }}/values.yaml"
with_items:
- imxc-ui-jaeger
- imxc-ui-jspd
when: imxc_ui == 'all'
- name: 1. helmchart install (imxc-ui-jaeger)
kubernetes.core.helm:
name: "{{item}}"
release_name: "{{item}}"
release_namespace: "{{ cmoa_namespace }}"
chart_ref: "{{ role_path }}/files/06-imxc-ui/{{ item }}"
create_namespace: yes
release_state: present
values_files:
- "{{ role_path }}/files/06-imxc-ui/{{ item }}/values.yaml"
with_items:
- imxc-ui-jaeger
when: imxc_ui == 'jaeger'
- name: 2. Change a imxc-ui Service (imxc-ui-jaeger)
kubernetes.core.k8s:
state: present
definition:
apiVersion: v1
kind: Service
metadata:
name: "{{ jaeger_servicename }}"
namespace: "{{ cmoa_namespace }}"
spec:
type: NodePort
ports:
- protocol: TCP
port: "{{ jaeger_service_port }}"
nodePort: "{{ jaeger_nodePort }}"
apply: yes
when: imxc_ui == 'jaeger'
- name: 2. Get a list of all pods from the namespace
command: kubectl -n "{{ cmoa_namespace }}" get pods --no-headers -o custom-columns=":metadata.name" # Output is a column
register: pod_list
when: imxc_ui != 'all'
- name: 3. Copy psql file in psql (imxc-jaeger)
kubernetes.core.k8s_cp:
namespace: "{{ cmoa_namespace }}"
pod: "{{ item }}"
remote_path: /tmp/jaeger_menumeta.psql
local_path: "{{ role_path }}/files/03-ddl-dml/postgres/jaeger_menumeta.psql"
with_items: "{{ pod_list.stdout_lines }}"
when:
- item is match('postgres')
- imxc_ui == 'jaeger'
ignore_errors: true
- name: 4. Execute a command in psql (imxc-jaeger)
kubernetes.core.k8s_exec:
namespace: "{{ cmoa_namespace }}"
pod: "{{ item }}"
command: bash -c "PGPASSWORD='eorbahrhkswp' && /usr/bin/psql -h 'localhost' -U 'admin' -d 'postgresdb' -f /tmp/jaeger_menumeta.psql"
with_items: "{{ pod_list.stdout_lines }}"
when:
- item is match('postgres')
- imxc_ui == 'jaeger'
ignore_errors: true
- name: 1. helmchart install (imxc-ui-jspd)
kubernetes.core.helm:
name: "{{item}}"
release_name: "{{item}}"
release_namespace: "{{ cmoa_namespace }}"
chart_ref: "{{ role_path }}/files/06-imxc-ui/{{ item }}"
create_namespace: yes
release_state: present
values_files:
- "{{ role_path }}/files/06-imxc-ui/{{ item }}/values.yaml"
with_items:
- imxc-ui-jspd
when: imxc_ui == 'jspd'
ignore_errors: true
- name: 3. Copy psql file in postgres (imxc-ui-jspd)
kubernetes.core.k8s_cp:
namespace: "{{ cmoa_namespace }}"
pod: "{{ item }}"
remote_path: /tmp/jspd_menumeta.psql
local_path: "{{ role_path }}/files/03-ddl-dml/postgres/jspd_menumeta.psql"
with_items: "{{ pod_list.stdout_lines }}"
when: item is match('postgres') and imxc_ui == 'jspd'
ignore_errors: true
- name: 4. Execute a command in postgres (imxc-ui-jspd)
kubernetes.core.k8s_exec:
namespace: "{{ cmoa_namespace }}"
pod: "{{ item }}"
command: bash -c "PGPASSWORD='eorbahrhkswp' && /usr/bin/psql -h 'localhost' -U 'admin' -d 'postgresdb' -f /tmp/jspd_menumeta.psql"
with_items: "{{ pod_list.stdout_lines }}"
when: item is match('postgres') and imxc_ui == 'jspd'
ignore_errors: true
- name: 2. Check Kubernetes Pods (imxc ui)
command: "{{ role_path }}/files/k8s_status {{ cmoa_namespace }}"

76
ansible/01_old/roles/cmoa_install_bak/tasks/07-keycloak-setting.yml Normal file
View File

@@ -0,0 +1,76 @@
---
- name: 0. Generate keycloak auth token
ansible.builtin.uri:
url: "{{ keycloak_url }}{{ keycloak_context }}/realms/master/protocol/openid-connect/token"
method: POST
body: "client_id={{ keycloak_auth_client }}&username={{ keycloak_admin_user }}&password={{ keycloak_admin_password }}&grant_type=password"
validate_certs: no
#no_log: "{{ keycloak_no_log | default('True') }}"
register: keycloak_auth_response
until: keycloak_auth_response.status == 200
retries: 5
delay: 2
- name: 1. Determine if realm exists
ansible.builtin.uri:
url: "{{ keycloak_url }}{{ keycloak_context }}/admin/realms/{{ keycloak_realm }}"
method: GET
status_code:
- 200
- 404
headers:
Accept: "application/json"
Authorization: "Bearer {{ keycloak_auth_response.json.access_token }}"
register: keycloak_realm_exists
- name: 2. Validate Keycloak clients
ansible.builtin.assert:
that:
- item.name is defined and item.name | length > 0
- (item.client_id is defined and item.client_id | length > 0) or (item.id is defined and item.id | length > 0)
fail_msg: "For each keycloak client, attributes `name` and either `id` or `client_id` is required"
quiet: True
loop: "{{ keycloak_clients | flatten }}"
loop_control:
label: "{{ item.name | default('unnamed client') }}"
- name: 3. update a Keycloak client
community.general.keycloak_client:
auth_client_id: "{{ keycloak_auth_client }}"
auth_keycloak_url: "{{ keycloak_url }}{{ keycloak_context }}"
auth_realm: "{{ keycloak_auth_realm }}"
auth_username: "{{ keycloak_admin_user }}"
auth_password: "{{ keycloak_admin_password }}"
realm: "{{ item.realm }}"
default_roles: "{{ item.roles | default(omit) }}"
client_id: "{{ item.client_id | default(omit) }}"
id: "{{ item.id | default(omit) }}"
name: "{{ item.name | default(omit) }}"
description: "{{ item.description | default(omit) }}"
root_url: "{{ item.root_url | default('') }}"
admin_url: "{{ item.admin_url | default('') }}"
base_url: "{{ item.base_url | default('') }}"
enabled: "{{ item.enabled | default(True) }}"
redirect_uris: "{{ item.redirect_uris | default(omit) }}"
web_origins: "{{ item.web_origins | default('+') }}"
bearer_only: "{{ item.bearer_only | default(omit) }}"
standard_flow_enabled: "{{ item.standard_flow_enabled | default(omit) }}"
implicit_flow_enabled: "{{ item.implicit_flow_enabled | default(omit) }}"
direct_access_grants_enabled: "{{ item.direct_access_grants_enabled | default(omit) }}"
service_accounts_enabled: "{{ item.service_accounts_enabled | default(omit) }}"
public_client: "{{ item.public_client | default(False) }}"
protocol: "{{ item.protocol | default(omit) }}"
state: present
#no_log: "{{ keycloak_no_log | default('True') }}"
register: create_client_result
loop: "{{ keycloak_clients | flatten }}"
when: (item.name is defined and item.client_id is defined) or (item.name is defined and item.id is defined)
- name: 4. Dependency deploy restart
command: "kubectl -n {{ cmoa_namespace }} rollout restart deploy imxc-api noti-server auth-server zuul-deployment"
register: restart
- debug:
msg: "{{restart.stdout_lines}}"

92
ansible/01_old/roles/cmoa_install_bak/tasks/08-finish.yml Normal file
View File

@@ -0,0 +1,92 @@
---
- name: 0. Check Kubernetes Pods (ALL)
command: "{{ role_path }}/files/k8s_status {{ cmoa_namespace }}"
- name: 1. IP Setting reset
command: "{{ role_path }}/files/ip_change {{ansible_default_ipv4.address}} {{before_ip}} {{ role_path }}/files"
- name: 2. CloudMOA Version reset
command: "{{ role_path }}/files/rel_change {{ cmoa_version }} {{ before_version }} {{ role_path }}/files"
- debug:
msg:
- =======================================================================================
- "## Keycloak WEB"
- keycloak URL = http://{{ ansible_default_ipv4.address }}:31082
- ---------------------------------------------------------------------------------------
- "## Keycloak Login Theme Setting"
- "## WEB > Realm Settings > Themes > Login Theme"
- " > CloudMOA_V2"
- ---------------------------------------------------------------------------------------
- "## CloudMOA WEB "
- CloudMOA Jaeger = http://{{ ansible_default_ipv4.address }}:31080
- CloudMOA JSPD = http://{{ ansible_default_ipv4.address }}:31084
- =======================================================================================
#- name: Node add Label (worker1)
# shell: kubectl get node "{{ item }}" --show-labels
# register: worker1
# with_items:
# - "{{ ansible_hostname }}"
# #when: ansible_hostname in groups.worker1
#
#- name: Node add Label (worker2)
# shell: kubectl get node "{{ item }}" --show-labels
# register: worker2
# with_items:
# - "{{ ansible_hostname }}"
# #when: ansible_hostname in groups.worker2
#
#
#- name: debug
# debug:
# msg: "{{item}}"
# with_items:
# - "{{ worker1.stdout }}"
# - "{{ worker2.stdout }}"
#- name: Iterate over pod names and delete the filtered ones
# #debug:
# # msg: "{{ item }}"
# kubernetes.core.k8s_cp:
# namespace: imxc
# pod: "{{ item }}"
# remote_path: /tmp/postgres_insert_ddl.psql
# local_path: "{{ role_path }}/files/03-ddl-dml/postgres/postgres_insert_ddl.psql"
# with_items: "{{ pod_list.stdout_lines }}"
# when: item is match('postgres')
#- name: Execute a command
# kubernetes.core.k8s_exec:
# namespace: imxc
# pod: "{{ item }}"
# command: bash -c "PGPASSWORD='eorbahrhkswp' && /usr/bin/psql -h 'localhost' -U 'admin' -d 'postgresdb' -f /tmp/postgres_insert_ddl.psql"
# with_items: "{{ pod_list.stdout_lines }}"
# when: item is match('postgres')
#
#- name: Iterate over pod names and delete the filtered ones
# #debug:
# # msg: "{{ item }}"
# kubernetes.core.k8s_cp:
# namespace: imxc
# pod: "{{ item }}"
# remote_path: /tmp/postgres_insert_dml.psql
# local_path: "{{ role_path }}/files/03-ddl-dml/postgres/postgres_insert_dml.psql"
# with_items: "{{ pod_list.stdout_lines }}"
# when: item is match('postgres')
#
#- name: Execute a command
# kubernetes.core.k8s_exec:
# namespace: imxc
# pod: "{{ item }}"
# command: bash -c "PGPASSWORD='eorbahrhkswp' && /usr/bin/psql -h 'localhost' -U 'admin' -d 'postgresdb' -f /tmp/postgres_insert_dml.psql"
# with_items: "{{ pod_list.stdout_lines }}"
# when: item is match('postgres')
# register: test
#
#- name: test
# debug:
# msg: "{{ test.stdout }}"
##- set_fact:
## postgres_pod: "{{ postgres_pod2.stdout_lines is match('postgres') | default(postgres_pod2) }}"
#

60
ansible/01_old/roles/cmoa_install_bak/tasks/helm-install.yml Normal file
View File

@@ -0,0 +1,60 @@
---
- name: Create Helm temporary directory
file:
path: /tmp/helm
state: directory
mode: "0755"
- name: Fetch Helm package
get_url:
url: 'https://get.helm.sh/helm-{{ helm_version }}-linux-amd64.tar.gz'
dest: /tmp/helm.tar.gz
checksum: '{{ helm_checksum }}'
- name: Extract Helm package
unarchive:
remote_src: true
src: /tmp/helm.tar.gz
dest: /tmp/helm
- name: Ensure "docker" group exists
group:
name: docker
state: present
become: true
- name: Install helm to /usr/local/bin
copy:
remote_src: true
src: /tmp/helm/linux-amd64/helm
dest: /usr/local/bin/helm
owner: root
group: docker
mode: "0755"
become: true
- name: Cleanup Helm temporary directory
file:
path: /tmp/helm
state: absent
- name: Cleanup Helm temporary download
file:
path: /tmp/helm.tar.gz
state: absent
- name: Ensure bash_completion.d directory exists
file:
path: /etc/bash_completion.d
state: directory
mode: "0755"
become: true
- name: Setup Helm tab-completion
shell: |
set -o pipefail
/usr/local/bin/helm completion bash | tee /etc/bash_completion.d/helm
args:
executable: /bin/bash
changed_when: false
become: true

43
ansible/01_old/roles/cmoa_install_bak/tasks/main.yml Normal file
View File

@@ -0,0 +1,43 @@
---
- include: helm-install.yml
tags: helm-install
- include: 00-default-settings-master.yml
tags: default_setting
when: kubernetes_role == 'master'
- include: 00-default-settings-node.yml
tags: default_setting_node
when: kubernetes_role == 'node'
- include: 01-storage-install.yml
tags: storage-install
when: kubernetes_role == 'master'
- include: 02-base-install.yml
tags: base-install
when: kubernetes_role == 'master'
- include: 03-ddl-dml.yml
tags: ddl-dml
when: kubernetes_role == 'master'
- include: 04-keycloak-install.yml
tags: keycloak-install
when: kubernetes_role == 'master'
- include: 05-imxc-install.yml
tags: imxc-install
when: kubernetes_role == 'master'
- include: 06-imxc-ui-install.yml
tags: imxc-ui-install
when: kubernetes_role == 'master'
- include: 07-keycloak-setting.yml
tags: keycloak-setting
when: kubernetes_role == 'master'
- include: 08-finish.yml
tags: finish
when: kubernetes_role == 'master'