From b85272cee82545de1a5cf28edcd8b162c6ea1cdd Mon Sep 17 00:00:00 2001 From: saurabhkumarkardam <124864640+saurabhkumarkardam@users.noreply.github.com> Date: Mon, 6 Nov 2023 11:59:23 +0530 Subject: [PATCH] feat(substrate): replace ansible roles readme with inline code comments (#2413) This PR enhances the readability and understanding of our roles by adding comment messages throughout the code. Changes: - Added clear and concise comment messages in ansible roles. - Maintained proper code indentation for increased code reliability. - Removed the roles' Readme.md if it existed. fixes #2326 Signed-off-by: saurabhkumarkardam --- .../substrate/configuration/cleanup.yaml | 17 +-- .../configuration/deploy-network.yaml | 38 +++--- .../substrate/configuration/roles/README.md | 7 -- .../roles/create/bootnode/tasks/main.yaml | 4 +- .../bootnodefile/tasks/get_bootnode_data.yaml | 4 +- .../roles/create/bootnodefile/tasks/main.yaml | 2 +- .../create/certificates/ambassador/Readme.md | 115 ------------------ .../certificates/ambassador/tasks/main.yaml | 7 +- .../genesis/tasks/create_genesis_job.yaml | 7 +- .../create/genesis/tasks/get_node_list.yaml | 3 +- .../roles/create/genesis/tasks/main.yaml | 10 +- .../create/genesis/tasks/member_keys.yaml | 2 +- .../create/genesis/tasks/nested_keys.yaml | 4 +- .../roles/create/helm_component/Readme.md | 42 ------- .../create/helm_component/tasks/main.yaml | 11 +- .../create/ipfs_bootnode/tasks/main.yaml | 4 +- .../tasks/get_bootnode_data.yaml | 3 +- .../create/ipfsbootnodefile/tasks/main.yaml | 2 +- .../roles/create/k8_component/Readme.md | 39 ------ .../roles/create/k8_component/tasks/main.yaml | 6 +- .../roles/create/k8s_secrets/Readme.md | 67 ---------- .../roles/create/k8s_secrets/tasks/main.yaml | 13 +- .../configuration/roles/create/keys/Readme.md | 56 --------- .../roles/create/keys/tasks/main.yaml | 1 + .../roles/create/keys/tasks/nested_main.yaml | 7 +- .../roles/create/member_node/tasks/main.yaml | 6 +- .../create/namespace_serviceaccount/Readme.md | 72 ----------- .../namespace_serviceaccount/tasks/main.yaml | 11 +- .../roles/create/storageclass/Readme.md | 51 -------- .../roles/create/storageclass/tasks/main.yaml | 6 +- .../create/validator_node/tasks/main.yaml | 4 +- .../roles/delete/flux_releases/Readme.md | 49 -------- .../delete/flux_releases/tasks/main.yaml | 7 +- .../roles/delete/gitops_files/Readme.md | 28 ----- .../roles/delete/gitops_files/tasks/main.yaml | 15 +-- .../roles/delete/k8s_secrets/tasks/main.yaml | 2 +- .../roles/delete/vault_secrets/Readme.md | 58 --------- .../delete/vault_secrets/tasks/main.yaml | 13 +- .../roles/setup/get_crypto/Readme.md | 41 ------- .../roles/setup/get_crypto/tasks/main.yaml | 1 + .../roles/setup/vault_kubernetes/Readme.md | 94 -------------- .../setup/vault_kubernetes/tasks/main.yaml | 29 ++--- 42 files changed, 130 insertions(+), 828 deletions(-) delete mode 100644 platforms/substrate/configuration/roles/README.md delete mode 100644 platforms/substrate/configuration/roles/create/certificates/ambassador/Readme.md delete mode 100644 platforms/substrate/configuration/roles/create/helm_component/Readme.md delete mode 100644 platforms/substrate/configuration/roles/create/k8_component/Readme.md delete mode 100644 platforms/substrate/configuration/roles/create/k8s_secrets/Readme.md delete mode 100644 platforms/substrate/configuration/roles/create/keys/Readme.md delete mode 100644 platforms/substrate/configuration/roles/create/namespace_serviceaccount/Readme.md delete mode 100644 platforms/substrate/configuration/roles/create/storageclass/Readme.md delete mode 100644 platforms/substrate/configuration/roles/delete/flux_releases/Readme.md delete mode 100644 platforms/substrate/configuration/roles/delete/gitops_files/Readme.md delete mode 100644 platforms/substrate/configuration/roles/delete/vault_secrets/Readme.md delete mode 100644 platforms/substrate/configuration/roles/setup/get_crypto/Readme.md delete mode 100644 platforms/substrate/configuration/roles/setup/vault_kubernetes/Readme.md diff --git a/platforms/substrate/configuration/cleanup.yaml b/platforms/substrate/configuration/cleanup.yaml index f4446d3dd24..6a043fe2213 100644 --- a/platforms/substrate/configuration/cleanup.yaml +++ b/platforms/substrate/configuration/cleanup.yaml @@ -10,8 +10,9 @@ ########################################################################################### # THIS PLAYBOOK DELETES EVERYTHING, EVEN NAMESPACES and FLUX ########################################################################################### + --- - # This will apply to ansible_provisioners. /etc/ansible/hosts should be configured with this group +# This will apply to ansible_provisioners. /etc/ansible/hosts should be configured with this group - hosts: ansible_provisioners gather_facts: no no_log: "{{ no_ansible_log | default(false) }}" @@ -26,13 +27,15 @@ kubernetes: "{{ item.k8s }}" loop: "{{ network['organizations'] }}" - # delete build directory + # Delete build directory - name: Remove build directory file: path: "./build" state: absent - vars: #These variables can be overriden from the command line - privilege_escalate: false #Default to NOT escalate to root privledges - install_os: "linux" #Default to linux OS - install_arch: "amd64" #Default to amd64 architecture - bin_install_dir: "~/bin" #Default to /bin install directory for binaries + + # These variables can be overriden from the command line + vars: + privilege_escalate: false # Default to NOT escalate to root privledges + install_os: "linux" # Default to linux OS + install_arch: "amd64" # Default to amd64 architecture + bin_install_dir: "~/bin" # Default to /bin install directory for binaries diff --git a/platforms/substrate/configuration/deploy-network.yaml b/platforms/substrate/configuration/deploy-network.yaml index 990ee0858d4..f96a2c9ca1a 100644 --- a/platforms/substrate/configuration/deploy-network.yaml +++ b/platforms/substrate/configuration/deploy-network.yaml @@ -4,25 +4,30 @@ # SPDX-License-Identifier: Apache-2.0 ############################################################################################## +############################################################################################## # This playbook deploys a DLT network on existing Kubernetes clusters # The Kubernetes clusters should already be created and the infomation to connect to the # clusters be updated in the network.yaml file that is used as an input to this playbook -########################################################################################### +############################################################################################## + +############################################################################################## # To Run this playbook from this directory, use the following command (network.yaml also in this directory) # ansible-playbook deploy-network.yaml -e "@./network.yaml" -############################################################################################ +############################################################################################## + + # Please ensure that the ../../shared/configuration playbooks have been run using the same network.yaml - hosts: ansible_provisioners gather_facts: no no_log: "{{ no_ansible_log | default(false) }}" tasks: - # delete build directory + # Delete build directory - name: Remove build directory file: path: "./build" state: absent - # create namespace, service account and clusterrolebinding + # Create namespace, service account and clusterrolebinding - name: "Create namespace and service account" include_role: name: create/namespace_serviceaccount @@ -85,7 +90,7 @@ loop: "{{ network['organizations']}}" when: network.env.proxy == "ambassador" - # This role generates the key materials and stores them in vault + # Generate the key materials and stores them in vault - name: "Generate key materials for Nodes" include_role: name: create/keys @@ -102,7 +107,7 @@ kubernetes: "{{ item.k8s }}" loop: "{{ network['organizations'] }}" - # This role generates the genesis.json for all orgs of the network + # Generate the genesis.json for all orgs of the network - name: "Generate genesis for the network" include_role: name: create/genesis @@ -111,7 +116,7 @@ sudo_org_query: "organizations[?type=='superuser']" org: "{{ network | json_query(sudo_org_query) | first }}" - # This role deploys Substrate bootnodes + # Deploy Substrate bootnodes - name: "Deploy Bootnodes" include_role: name: create/bootnode @@ -123,12 +128,12 @@ peers: "{{ item.services.peers }}" loop: "{{ network['organizations'] }}" - # This role generates the bootnode list file + # Generate the bootnode list file - name: "Generate bootnode file list for the network" include_role: name: create/bootnodefile - # This role deploys Substrate validator nodes + # Deploy Substrate validator nodes - name: "Deploy Substrate validators" include_role: name: create/validator_node @@ -158,13 +163,13 @@ loop: "{{ network['organizations'] }}" when: network.config.node_image == "inteli-poc/dscp-node" - # This role generates the ipfsbootnode list file + # Generate the ipfsbootnode list file - name: "Generate ipfsbootnode file list for the network" include_role: name: create/ipfsbootnodefile when: network.config.node_image == "inteli-poc/dscp-node" - # This role deploys Substrate member nodes + # Deploy Substrate member nodes - name: "Deploy Substrate members" include_role: name: create/member_node @@ -177,8 +182,9 @@ peers: "{{ item.services.peers }}" loop: "{{ network['organizations'] }}" - vars: #These variables can be overriden from the command line - install_os: "linux" #Default to linux OS - install_arch: "amd64" #Default to amd64 architecture - bin_install_dir: "~/bin" #Default to /bin install directory for binaries - add_new_org: false + # These variables can be overriden from the command line + vars: + install_os: "linux" # Default to linux OS + install_arch: "amd64" # Default to amd64 architecture + bin_install_dir: "~/bin" # Default to /bin install directory for binaries + add_new_org: false # 'add_new_org' flag, defaults to false when not defined. diff --git a/platforms/substrate/configuration/roles/README.md b/platforms/substrate/configuration/roles/README.md deleted file mode 100644 index 0c0d665c8e6..00000000000 --- a/platforms/substrate/configuration/roles/README.md +++ /dev/null @@ -1,7 +0,0 @@ -[//]: # (##############################################################################################) -[//]: # (Copyright Accenture. All Rights Reserved.) -[//]: # (SPDX-License-Identifier: Apache-2.0) -[//]: # (##############################################################################################) - -# Substrate Ansible Roles -This folder contains the Ansible roles used for deploying Substrate network using Bevel. \ No newline at end of file diff --git a/platforms/substrate/configuration/roles/create/bootnode/tasks/main.yaml b/platforms/substrate/configuration/roles/create/bootnode/tasks/main.yaml index 0413533afb3..bfc27af4d63 100644 --- a/platforms/substrate/configuration/roles/create/bootnode/tasks/main.yaml +++ b/platforms/substrate/configuration/roles/create/bootnode/tasks/main.yaml @@ -4,7 +4,7 @@ # SPDX-License-Identifier: Apache-2.0 ############################################################################################## -# This task creates the Bootnode value file for node helm chart +# Create the Bootnode value file for node helm chart - name: Create value file for bootnode include_role: name: create/helm_component @@ -27,7 +27,7 @@ loop_var: peer when: peer.type == "bootnode" -# Git Push : Pushes the above generated files to git directory +# Git Push : Push the above generated files to git directory - name: Git Push include_role: name: "{{ playbook_dir }}/../../shared/configuration/roles/git_push" diff --git a/platforms/substrate/configuration/roles/create/bootnodefile/tasks/get_bootnode_data.yaml b/platforms/substrate/configuration/roles/create/bootnodefile/tasks/get_bootnode_data.yaml index 61f09f70656..b1f22cd8816 100644 --- a/platforms/substrate/configuration/roles/create/bootnodefile/tasks/get_bootnode_data.yaml +++ b/platforms/substrate/configuration/roles/create/bootnodefile/tasks/get_bootnode_data.yaml @@ -4,7 +4,7 @@ # SPDX-License-Identifier: Apache-2.0 ############################################################################################## -# This task fetches the bootnode's peer id from vault +# Fetch the bootnode's peer id from vault - name: Fetch bootnode peer id from vault shell: | vault kv get -field=node_id {{ vault.secret_path | default('secretsv2') }}/{{ component_ns }}/{{ peer.name }}/substrate @@ -13,6 +13,7 @@ VAULT_TOKEN: "{{ vault.root_token }}" register: node_id +# Collect Bootnode data if there is no ingress controller - name: Collect Bootnode data set_fact: node_list={{ node_list|default([]) + [ {'bootnode_id':node_id.stdout, 'external_url':internal_url, 'p2p_port':peer.p2p.port} ] }} @@ -21,6 +22,7 @@ when: - network.env.proxy == 'none' +# Collect Bootnode data if Ambassador is there as ingress controller - name: Collect Bootnode data set_fact: node_list={{ node_list|default([]) + [ {'bootnode_id':node_id.stdout, 'external_url':external_url, 'p2p_port':peer.p2p.ambassador} ] }} diff --git a/platforms/substrate/configuration/roles/create/bootnodefile/tasks/main.yaml b/platforms/substrate/configuration/roles/create/bootnodefile/tasks/main.yaml index 45db3abd9fd..c75a1605100 100644 --- a/platforms/substrate/configuration/roles/create/bootnodefile/tasks/main.yaml +++ b/platforms/substrate/configuration/roles/create/bootnodefile/tasks/main.yaml @@ -19,7 +19,7 @@ loop_control: loop_var: org -# This task creates a file, if it doesn't exist, to store bootnode information +# Create a file, if it doesn't exist, to store bootnode information - name: Create bootnode file template: src: "bootnode.tpl" diff --git a/platforms/substrate/configuration/roles/create/certificates/ambassador/Readme.md b/platforms/substrate/configuration/roles/create/certificates/ambassador/Readme.md deleted file mode 100644 index b0b00d58c87..00000000000 --- a/platforms/substrate/configuration/roles/create/certificates/ambassador/Readme.md +++ /dev/null @@ -1,115 +0,0 @@ -[//]: # (##############################################################################################) -[//]: # (Copyright Accenture. All Rights Reserved.) -[//]: # (SPDX-License-Identifier: Apache-2.0) -[//]: # (##############################################################################################) - -## ROLE: create/certificates/ambassador -This role generates certificates for ambassador and places them in vault. Certificates are created using openssl.This also creates the Kubernetes secrets - -### Tasks -(Variables with * are fetched from the playbook which is calling this role) - -#### 1.check if dir exists or not -This tasks checks if the ambassador tls dir -exists or not - -##### Input Variables - - path: The path to the directory is specified here. - recurse: Yes/No to recursively check inside the path specified. - -#### 2. Ensure ambassador tls dir exists -This tasks checks if the ambassador tls dir already created or not. -##### Input Variables - - path: The path to the directory is specified here. - recurse: Yes/No to recursively check inside the path specified. - -#### 3. Check if ambassador tls already created -This tasks checks if ambassador tls certificates are already created or not. -##### Input Variables - - *VAULT_ADDR: Contains Vault URL, Fetched using 'vault.' from network.yaml - *VAULT_TOKEN: Contains Vault Token, Fetched using 'vault.' from network.yaml - ignore_errors: Ignore if any error occurs -##### Output Variables - - ambassador_tls_certs: This variable stores the output of ambassador tls certificates check query. - -#### 4. Get ambassador tls certs -This task fetches the generated ambassador tls certificates by calling role *setup/get_crypto - -##### Input Variables - *cert_path: The path where to check/create is specified here. - *vault_output: Yaml with ambassador_tls_certs output. - type: ambassador - -**when**: It runs when *ambassador_tls_certs*.failed == False, i.e. ambassador tls certs are present. - -#### 5. check if ambassadortls dir is there -This tasks checks if openssl conf file exists or not -##### Input Variables - - path: The path to the opensll conf file is specified here. - recurse: Yes/No to recursively check inside the path specified. - -#### 6. Generate openssl conf file -This task generates compoenent openssl configuration file. - -##### Input Variables - *domain_name: The name of the uri formed by attaching component_name with external_url_suffix. - -**shell**: It goes to the ./build directory and generates component's openssl configuration file. -**when**: It runs when *ambassador_tls_certs.failed* == True, i.e. ambassador certs are not present and are generated. - -#### 7. Generate ambassador tls certs -This task generates the ambassador tls certificates. - -##### Input Variables - domain_name: Contains component name and external_url_suffix, fetched using 'item.' from network.yaml - -**shell**: It generates ambassador.crt and ambassador.key. -**when**: It runs when *ambassador_tls_certs.failed* == True, i.e. ambassador certs are not present and are generated. - -#### 8. Putting tls certs to vault -This task writes the ambassador tls certificates to Vault -##### Input Variables - *VAULT_ADDR: Contains Vault URL, Fetched using 'vault.' from network.yaml - *VAULT_TOKEN: Contains Vault Token, Fetched using 'vault.' from network.yaml - *component_name: The name of resource - -**shell**: It writes the generated certificates to the vault. -**when**: It runs when *ambassador_tls_certs.failed* == True, i.e. ambassador certs are not present and are generated. - -#### 9. Check Ambassador cred exists -This tasks check if the Check Ambassador credentials exists or not. -##### Input Variables - - kind: This defines the kind of Kubernetes resource - namespace: The namespace of the component - *name: Name of the component - *kubeconfig: The config file of the cluster - *context: This refer to the required kubernetes cluster context -##### Output Variables - - get_ambassador_secret: This variable stores the output of Ambassador credentials check query. - -#### 10. Create the Ambassador credentials -This task creates the Ambassador TLS credentials. -##### Input Variables - *component_name: The name of resource - *kubernetes.config_file: The config file of kubernetes cluster. - -**shell**: The specified command creates ambassador credentials. -**when**: It runs when *get_secret.resources* are not found. - -#### 11. Copy generated ambassador tls certs to given build location -#### Input Variables - - path: The path to the ambassador tls certs is specified here. - recurse: Yes/No to recursively check inside the path specified. - - - -#### Note: -Var folder has enviornment variable for ambassador role. diff --git a/platforms/substrate/configuration/roles/create/certificates/ambassador/tasks/main.yaml b/platforms/substrate/configuration/roles/create/certificates/ambassador/tasks/main.yaml index e2016209d6f..589b582e7e7 100644 --- a/platforms/substrate/configuration/roles/create/certificates/ambassador/tasks/main.yaml +++ b/platforms/substrate/configuration/roles/create/certificates/ambassador/tasks/main.yaml @@ -4,9 +4,12 @@ # SPDX-License-Identifier: Apache-2.0 ############################################################################################## +############################################################################################## # This role generates certificates for ambassador # and places them in vault. Certificates are created using openssl # This also creates the Kubernetes secrets +############################################################################################## + --- # check if ambassadortls dir is there - name: "check if dir exists or not" @@ -34,7 +37,6 @@ - notest # Gets the existing ambassador tls certs - - name: Get ambassador and tls certs from Vault shell: | vault kv get -format=yaml {{ vault.secret_path | default('secretsv2') }}/{{ component_ns }}/tlscerts @@ -44,6 +46,7 @@ register: ambassador_tls_certs_yaml when: not ambassador_tls_certs.failed +# Get ambassador tls certs - name: Get ambassador tls certs include_role: name: "setup/get_crypto" @@ -114,7 +117,7 @@ context: "{{ kubernetes.context }}" register: get_ambassador_secret -# This task creates the Ambassador TLS credentials for ambassador +# Create the Ambassador TLS credentials for ambassador - name: Create the Ambassador credentials shell: | KUBECONFIG={{ kubernetes.config_file }} kubectl create secret tls {{ component_name }}-ambassador-certs --cert={{ ambassadortls }}/ambassador.crt --key={{ ambassadortls }}/ambassador.key -n {{ component_ns }} diff --git a/platforms/substrate/configuration/roles/create/genesis/tasks/create_genesis_job.yaml b/platforms/substrate/configuration/roles/create/genesis/tasks/create_genesis_job.yaml index b9bdb28a77b..b1caa708f6d 100644 --- a/platforms/substrate/configuration/roles/create/genesis/tasks/create_genesis_job.yaml +++ b/platforms/substrate/configuration/roles/create/genesis/tasks/create_genesis_job.yaml @@ -4,7 +4,7 @@ # SPDX-License-Identifier: Apache-2.0 ############################################################################################## -# generate genesis helmrelease file +# Generate genesis helmrelease file - name: "Create genesis file" include_role: name: create/helm_component @@ -13,8 +13,7 @@ name: "{{ org.name | lower }}" component_name: "{{ org.name }}-genesis-job" -# --------------------------------------------------------------------- -# push the created deployment files to repository +# Push the created deployment files to repository - name: "Push the created deployment files to repository" include_role: name: "{{ playbook_dir }}/../../shared/configuration/roles/git_push" @@ -33,7 +32,7 @@ namespace: "{{ component_ns }}" tags: notest -# This task copies the genesis to the local directory +# Copy the genesis to the local directory - name: Copy genesis from Vault to local directory environment: VAULT_ADDR: "{{ vault.url }}" diff --git a/platforms/substrate/configuration/roles/create/genesis/tasks/get_node_list.yaml b/platforms/substrate/configuration/roles/create/genesis/tasks/get_node_list.yaml index 825ba564822..1a14a3a474a 100644 --- a/platforms/substrate/configuration/roles/create/genesis/tasks/get_node_list.yaml +++ b/platforms/substrate/configuration/roles/create/genesis/tasks/get_node_list.yaml @@ -4,7 +4,7 @@ # SPDX-License-Identifier: Apache-2.0 ############################################################################################## -# This task fetches the node id +# Fetch the node id - name: Get node id environment: VAULT_ADDR: "{{ vault.url }}" @@ -13,6 +13,7 @@ vault kv get -field=node_id {{ vault.secret_path | default('secretsv2') }}/{{ component_ns }}/{{ peer.name }}/substrate register: node_id +# Convert node_id to base58 - name: Convert node_id to base58 shell: | printf "{{ node_id.stdout }}" | base58 -d | xxd -p | tr -d '[:space:]' | tr '[:lower:]' '[:upper:]' diff --git a/platforms/substrate/configuration/roles/create/genesis/tasks/main.yaml b/platforms/substrate/configuration/roles/create/genesis/tasks/main.yaml index 12e941d243c..1a5678bc983 100644 --- a/platforms/substrate/configuration/roles/create/genesis/tasks/main.yaml +++ b/platforms/substrate/configuration/roles/create/genesis/tasks/main.yaml @@ -4,20 +4,22 @@ # SPDX-License-Identifier: Apache-2.0 ############################################################################################## -# This tasks creates an empty list named +# Create an empty list named aura_key_list - name: Set aura_key_list to [] set_fact: aura_key_list: [] +# Create an empty list named grandpa_key_list - name: Set grandpa_key_list to [] set_fact: grandpa_key_list: [] +# Create an empty list named member_list - name: Set member_list to [] set_fact: member_list: [] -# This task checks if the genesis already exists +# Check if the genesis already exists - name: Check if genesis file exists shell: | vault kv get -field=genesis {{ org.vault.secret_path | default('secretsv2') }}/{{ org.name | lower }}-subs/genesis @@ -27,6 +29,7 @@ register: vault_genesis_result ignore_errors: yes +# Get keys for each peer - name: Get keys for each peer include_tasks: nested_main.yaml vars: @@ -36,6 +39,7 @@ loop: "{{ network['organizations'] }}" when: vault_genesis_result.failed +# Generate genesis helm release - name: Generate genesis helm release include_tasks: create_genesis_job.yaml vars: @@ -50,7 +54,7 @@ kubernetes: "{{ org.k8s }}" when: vault_genesis_result.failed -# This tasks copies the genesis to each orgs vault +# Copy the genesis to each orgs vault - name: Put genesis into org vault environment: VAULT_ADDR: "{{ item.vault.url }}" diff --git a/platforms/substrate/configuration/roles/create/genesis/tasks/member_keys.yaml b/platforms/substrate/configuration/roles/create/genesis/tasks/member_keys.yaml index 97b45fda42a..cc632eabad6 100644 --- a/platforms/substrate/configuration/roles/create/genesis/tasks/member_keys.yaml +++ b/platforms/substrate/configuration/roles/create/genesis/tasks/member_keys.yaml @@ -4,7 +4,7 @@ # SPDX-License-Identifier: Apache-2.0 ############################################################################################## -# This task fetches the account key +# Fetch the account key - name: Get account key environment: VAULT_ADDR: "{{ vault.url }}" diff --git a/platforms/substrate/configuration/roles/create/genesis/tasks/nested_keys.yaml b/platforms/substrate/configuration/roles/create/genesis/tasks/nested_keys.yaml index 6233a12625a..59a73d975c8 100644 --- a/platforms/substrate/configuration/roles/create/genesis/tasks/nested_keys.yaml +++ b/platforms/substrate/configuration/roles/create/genesis/tasks/nested_keys.yaml @@ -4,7 +4,7 @@ # SPDX-License-Identifier: Apache-2.0 ############################################################################################## -# This task fetches the grandpa key and registers it into grandpa_key +# Fetch the grandpa key and registers it into grandpa_key - name: Get grandpa key environment: VAULT_ADDR: "{{ vault.url }}" @@ -18,7 +18,7 @@ set_fact: grandpa_key_list={{ grandpa_key_list|default([]) + [ grandpa_key.stdout ] }} -# This task fetches the aura key and registers it into aura_key +# Fetch the aura key and registers it into aura_key - name: Get aura key environment: VAULT_ADDR: "{{ vault.url }}" diff --git a/platforms/substrate/configuration/roles/create/helm_component/Readme.md b/platforms/substrate/configuration/roles/create/helm_component/Readme.md deleted file mode 100644 index 2d6bbddd1e6..00000000000 --- a/platforms/substrate/configuration/roles/create/helm_component/Readme.md +++ /dev/null @@ -1,42 +0,0 @@ -[//]: # (##############################################################################################) -[//]: # (Copyright Accenture. All Rights Reserved.) -[//]: # (SPDX-License-Identifier: Apache-2.0) -[//]: # (##############################################################################################) - -## helm_component -helm_component roles helps in generating value file for various helm releases. Helm component uses the templates folder to generate helm value files. To generate a new helm file, it uses template files stored in template folder. The task uses a variable *type* which is used to filter through the templates in template folder. -The mapping for *type* variable and its corresponding value file is provided in `vars/main.yaml`. -To add a new template, add the tpl file to template folder and add its key-value entry in `vars/main.yaml`. -This role consists of the following tasks - -### Tasks -(Variables with * are fetched from the playbook which is calling this role) -#### 1. "Ensures {{ values_dir }}/{{ name }} dir exists" -This task ensures that the value directory is present on the ansible container which is refered by `values_dir` variable which is defined at `platforms/substrate/configuration/deploy-network.yaml` -##### Input Variables - - *name: Type of the Helm Release file - *values_dir: The path where the generated files are stored - *path: The path/directory where to check is specified here. - recurse: Yes/No to recursively check inside the path specified. - state: Type of file i.e. directory. - - -#### 2. create value file for {{ *component_name* }} -This task creates the value file for the role which calls it. -##### Input Variables - *component_name: The name of the component for whom the value file is created. - *name: Type of the Helm Release file - *values_dir: The path where the generated files are stored - *type:The corresponding template file is chosen based on this type variable. -The mapping is stored at `/platforms/substrate/playbooks/roles/create/helm_component/vars/main.yaml`. If the type is not found in the mapping then it takes in the default `helm_component.tpl` template. - - -#### 3. Helm lint -This task tests the value file for syntax errors/ missing values.This is done by calling the helm_lint role and passing the value file parameter. When a new helm_component is added, changes should be made in `helm_lint` role as well -##### Input Variables - helmtemplate_type: The corresponding template file is chosen based on this type variable. - chart_path: The path for the charts directory. - value_file: The final path of the value file to be created along with name. - -**include_role**: It includes the name of intermediatory role ( `{{ playbook_dir }}/../../shared/configuration/roles/helm_lint` which is running a test for helm value files. diff --git a/platforms/substrate/configuration/roles/create/helm_component/tasks/main.yaml b/platforms/substrate/configuration/roles/create/helm_component/tasks/main.yaml index 075a90c350a..210c58b6d04 100644 --- a/platforms/substrate/configuration/roles/create/helm_component/tasks/main.yaml +++ b/platforms/substrate/configuration/roles/create/helm_component/tasks/main.yaml @@ -8,27 +8,26 @@ # This role generates the value file for the helm releases ############################################################################################# - ############################################################################################ -# This task ensures that the directory exists, and creates it, if it does not exist -- name: "Ensures {{ values_dir }}/{{ name }} dir exists" +# Ensure that the directory exists, and creates it, if it does not exist +- name: "Ensure {{ values_dir }}/{{ name }} dir exists" include_role: name: "{{ playbook_dir }}/../../shared/configuration/roles/check/directory" vars: path: "{{ values_dir }}/{{ name }}" ############################################################################################ -# This task creates the value file for the helm release +# Create the value file for the helm release # This is done by consuming a template file which is passes as a variable by the role # including this helm_component role -- name: "create value file for {{ component_name }}" +- name: "Create value file for {{ component_name }}" template: src: "{{ helm_templates[type] | default('helm_component.tpl') }}" dest: "{{ values_dir }}/{{ name }}/{{ component_name }}.yaml" changed_when: false ############################################################################################ -# This task tests the value file for syntax errors/ missing values +# Test the value file for syntax errors/ missing values # This is done by calling the helm_lint role and passing the value file parameter # When a new helm_component is added, changes should be made in helm_lint role as well - name: Helm lint diff --git a/platforms/substrate/configuration/roles/create/ipfs_bootnode/tasks/main.yaml b/platforms/substrate/configuration/roles/create/ipfs_bootnode/tasks/main.yaml index a416bbbaead..fafece45141 100644 --- a/platforms/substrate/configuration/roles/create/ipfs_bootnode/tasks/main.yaml +++ b/platforms/substrate/configuration/roles/create/ipfs_bootnode/tasks/main.yaml @@ -4,7 +4,7 @@ # SPDX-License-Identifier: Apache-2.0 ############################################################################################## -# generate ipfs node helmrelease file +# Generate ipfs node helmrelease file - name: "Create ipfs node release file" include_role: name: create/helm_component @@ -24,7 +24,7 @@ loop_var: peer when: peer.type == "ipfs-bootnode" - # Git Push : Pushes the above generated files to git directory +# Git Push : Push the above generated files to git directory - name: Git Push include_role: name: "{{ playbook_dir }}/../../shared/configuration/roles/git_push" diff --git a/platforms/substrate/configuration/roles/create/ipfsbootnodefile/tasks/get_bootnode_data.yaml b/platforms/substrate/configuration/roles/create/ipfsbootnodefile/tasks/get_bootnode_data.yaml index 0233d168f7c..8431b391ad7 100644 --- a/platforms/substrate/configuration/roles/create/ipfsbootnodefile/tasks/get_bootnode_data.yaml +++ b/platforms/substrate/configuration/roles/create/ipfsbootnodefile/tasks/get_bootnode_data.yaml @@ -16,7 +16,7 @@ namespace: "{{ component_ns }}" tags: notest -# This task fetches the bootnode's peer id from vault +# Fetch the bootnode's peer id from vault - name: Fetch bootnode peer id from vault shell: | vault kv get -field=peer_id {{ vault.secret_path | default('secretsv2') }}/{{ component_ns }}/{{ peer.name }}/ipfs @@ -30,6 +30,7 @@ node_list={{ node_list|default([]) + [ {'bootnode_id':node_id.stdout, 'external_url':internal_url, 'p2p_port':peer.ipfs.swarmPort} ] }} vars: internal_url: "{{ peer.name }}-ipfs-swarm.{{ component_ns }}.svc.cluster.local" + ### TODO Following lines are commented as IPFS does not work with Ambassador proxy # when: # - network.env.proxy == 'none' diff --git a/platforms/substrate/configuration/roles/create/ipfsbootnodefile/tasks/main.yaml b/platforms/substrate/configuration/roles/create/ipfsbootnodefile/tasks/main.yaml index 0c5258050e0..b77b617b452 100644 --- a/platforms/substrate/configuration/roles/create/ipfsbootnodefile/tasks/main.yaml +++ b/platforms/substrate/configuration/roles/create/ipfsbootnodefile/tasks/main.yaml @@ -20,7 +20,7 @@ loop_control: loop_var: org -# This task creates a file, if it doesn't exist, to store bootnode information +# Create a file, if it doesn't exist, to store bootnode information - name: Create bootnode file template: src: "ipfsbootnode.tpl" diff --git a/platforms/substrate/configuration/roles/create/k8_component/Readme.md b/platforms/substrate/configuration/roles/create/k8_component/Readme.md deleted file mode 100644 index 6914a47d750..00000000000 --- a/platforms/substrate/configuration/roles/create/k8_component/Readme.md +++ /dev/null @@ -1,39 +0,0 @@ -[//]: # (##############################################################################################) -[//]: # (Copyright Accenture. All Rights Reserved.) -[//]: # (SPDX-License-Identifier: Apache-2.0) -[//]: # (##############################################################################################) - -## ROLE: k8_component -This role creates deployment files for nodes, namespace, storageclass, service accounts and clusterrolebinding. Deployment file for a node is created in a directory with name=nodeName, nodeName is stored in component_name , component_type specifies the type of deployment to be created. - -### Tasks -(Variables with * are fetched from the playbook which is calling this role) -#### 1. Ensures {{ release_dir }}/{{ component_name }} dir exists -This task create and/or check if the target directory exists. -##### Input Variables - - *component_name: The resource name and target directory name too. - path: The path to the directory is specified here. - recurse: Yes/No to recursively check inside the path specified. - state: Type i.e. directory - -#### 2. create {{ component_type }} file for {{ component_name }} -This task creates value file from a template. -##### Input Variables - - *component_type: It specifies the type of deployment to be created. - *component_name: The resource name and target directory name too. - values_file: Absolute path of value file for a component_type. - -#### 3. Helm lint -This task tests the value file for syntax errors/ missing values by calling role shared/configuration/roles/helm_lint role. -##### Input Variables - - *helmtemplate_type: Deployment file name. - *chart_path: Path where charts are present. - value_file: Exact path to value file. - -**when**: It runs when *helm_lint*==true, i.e. the check for syntax needs to be done for generated value file . - -#### Note: - Var folder has enviornment variable for k8_component role. Templates folder has tpl files for eks_storageclass, namespace, vault_auth, storageclass, reviewer, and reviewer_rbac. Any change to be reflected in the final value file then these tpl files inside template folder needs to be updated accordingly. diff --git a/platforms/substrate/configuration/roles/create/k8_component/tasks/main.yaml b/platforms/substrate/configuration/roles/create/k8_component/tasks/main.yaml index 731e5535b0e..4cba0cfd460 100644 --- a/platforms/substrate/configuration/roles/create/k8_component/tasks/main.yaml +++ b/platforms/substrate/configuration/roles/create/k8_component/tasks/main.yaml @@ -13,14 +13,14 @@ ################################################################################################ --- -# Task to create and/or check if the target directory exists +# Create and/or check if the target directory exists - name: "Ensures {{ release_dir }}/{{ component_name }} dir exists" file: path: "{{ release_dir }}/{{ component_name }}" state: directory -# Task to create deployment file from a template -- name: "create {{ component_type }} file for {{ component_name }}" +# Create deployment file from a template +- name: "Create {{ component_type }} file for {{ component_name }}" template: src: "{{ dlt_templates[component_type] }}" dest: "{{ values_file }}" diff --git a/platforms/substrate/configuration/roles/create/k8s_secrets/Readme.md b/platforms/substrate/configuration/roles/create/k8s_secrets/Readme.md deleted file mode 100644 index 3e2138e2ace..00000000000 --- a/platforms/substrate/configuration/roles/create/k8s_secrets/Readme.md +++ /dev/null @@ -1,67 +0,0 @@ -[//]: # (##############################################################################################) -[//]: # (Copyright Accenture. All Rights Reserved.) -[//]: # (SPDX-License-Identifier: Apache-2.0) -[//]: # (##############################################################################################) - -## ROLE: k8s_secrets -This role creates secrets to store the following resources: root token, reviewer token, and docker credentials -#### 1. Check if root token exists in the namespace -This task checks if the root token exists -##### Input Variables - - *kind: This defines the kind of Kubernetes resource - *namespace: Namespace of the component - *name: The name of secret - *kubeconfig: The config file of the cluster - *context: This refer to the required kubernetes cluster context -##### Output Variables - - root_token_secret: This variable stores the output of root token check query. - -#### 2. Put root token of every organization -This task creates the root tooken secret -##### Input Variables - *namespace: Namespace of the component - *vault: Contains the root token, Fetched using 'vault.' from network.yaml -**when**: Condition is specified here, runs only when *root_token_secret.resources* is not found. - -#### 3. Check if reviewer token exists in the namespace -This task checks if the reviewer token exists -##### Input Variables - - *kind: This defines the kind of Kubernetes resource - *namespace: Namespace of the component - *name: The name of secret - *kubeconfig: The config file of the cluster - *context: This refer to the required kubernetes cluster context -##### Output Variables - - reviewer_token_secret: This variable stores the output of reviewer token check query. - -#### 4. Put reviewer token of every organization -This task creates the reviewer tooken secrets -##### Input Variables - *KUBECONFIG: Contains config file of cluster, Fetched using 'kubernetes.' from network.yaml - *namespace: Namespace of the component -**shell** : This command creates the reviewer token secret. -**when**: Condition is specified here, runs only when *reviewer_token_secret.resources* is not found. - -#### 5. Check docker cred exists -This task checks if the docker credentials exists -##### Input Variables - - *kind: This defines the kind of Kubernetes resource - *namespace: Namespace of the component - *name: The name of credentials - *kubeconfig: The config file of the cluster - *context: This refer to the required kubernetes cluster context -##### Output Variables - - get_regcred: This variable stores the output of docker credentials check query. - -#### 6. Create the docker pull credentials -This task creates the docker pull credentials -##### Input Variables - *KUBECONFIG: Contains config file of cluster, Fetched using 'kubernetes.' from network.yaml - *namespace: Namespace of the component -**when**: Condition is specified here, runs only when *get_regcred.resources* is not found. diff --git a/platforms/substrate/configuration/roles/create/k8s_secrets/tasks/main.yaml b/platforms/substrate/configuration/roles/create/k8s_secrets/tasks/main.yaml index 7e17cdab168..b7482c70eb1 100644 --- a/platforms/substrate/configuration/roles/create/k8s_secrets/tasks/main.yaml +++ b/platforms/substrate/configuration/roles/create/k8s_secrets/tasks/main.yaml @@ -8,8 +8,7 @@ # This role creates the secrets and docker credentials ############################################################################################# -############################################################################################ -# Check if root token secret exist of every organization in their namespace +# Check if root token secret exists for every organization in their namespace - name: Check if root token exists in the namespace k8s_info: kind: Secret @@ -20,8 +19,7 @@ register: root_token_secret when: check == "token_secret" -# ############################################################################################ -# # This task put root token of every organization in their namespace +# Put root token of every organization in their namespace if it doesn't exist - name: Put root token of every organization k8s: definition: @@ -38,7 +36,6 @@ context: "{{ kubernetes.context }}" when: check == "token_secret" and root_token_secret.resources|length == 0 -##################################################################################################################### # Check if Docker credentials exist already - name: "Checking if the docker credentials already exists" include_role: @@ -48,20 +45,22 @@ register: get_regcred when: check == "docker_credentials" +# Set facts for Docker credentials if they don't already exist - set_fact: auth: "{{network.docker.username}}:{{network.docker.password}}" when: check == "docker_credentials" and get_regcred.resources|length == 0 +# Encode the Docker authentication information (username and password) in base64 - set_fact: auth_64: "{{auth | b64encode}}" when: check == "docker_credentials" and get_regcred.resources|length == 0 +# Create a JSON string with Docker authentication data for the image registry - set_fact: dockerconfigjson: "{\"auths\":{\"{{network.docker.url}}\":{\"username\":\"{{network.docker.username}}\",\"password\":\"{{network.docker.password}}\",\"email\":\"test@abc.mail\",\"auth\":\"{{auth_64}}\"}}}" when: check == "docker_credentials" and get_regcred.resources|length == 0 -##################################################################################################################### -# This task creates the docker pull credentials for image registry +# Create docker pull credentials for the image registry - name: Create the docker pull credentials k8s: definition: diff --git a/platforms/substrate/configuration/roles/create/keys/Readme.md b/platforms/substrate/configuration/roles/create/keys/Readme.md deleted file mode 100644 index 025f2a53307..00000000000 --- a/platforms/substrate/configuration/roles/create/keys/Readme.md +++ /dev/null @@ -1,56 +0,0 @@ -[//]: # (##############################################################################################) -[//]: # (Copyright Accenture. All Rights Reserved.) -[//]: # (SPDX-License-Identifier: Apache-2.0) -[//]: # (##############################################################################################) - -## ROLE: create/crypto -This role generates the crypto material for substrate nodes -### main.yaml -### Tasks - -#### 1. Create crypto material for each peer with IBFT consensus -**include_tasks**: It includes the name of intermediary task nested_main.yaml, which is required for creating crypto materials -**loop**: loops over all the peers in the organisation -**loop_control**: Specified the condition for controlling the loop. - - loop_var: loop variable used for iterating over the loop. - ------------------------ - -### nested_main.yaml - -### Tasks -#### 1. Check if nodekey already present in the vault -This tasks checks if nodekey is already present in the vault - -**shell**: This module runs the vault kv get command in a shell - -##### Input Variables - - VAULT_ADDR: vault address - VAULT_TOKEN: vault token - -##### Output Variables - - vault_nodekey_result: This variable stores whether the nodekey is present in vault or not. - -#### 2. Create build directory if it does not exist -This task creates the build directory if it does not exist - -**file**: This module creates the build directory if it does not exist - - -#### 3. Generate enode url for each node and create a geth account and keystore -This task generates crypto material for ibft consensus - -**shell**: This module starts a shell which runs commands to generate crypto - - -**when**: It runs when *vault_nodekey_result.failed* == True, i.e. when nodekey is not found in vault - -#### 4. Copy the crypto material to Vault -This task copies the above generated crypto material to the vault - -**shell**: This module is used to put the generated crypto material in the vault - -**when**: It runs when *vault_nodekey_result.failed* == True, i.e. when nodekey is not found in vault. diff --git a/platforms/substrate/configuration/roles/create/keys/tasks/main.yaml b/platforms/substrate/configuration/roles/create/keys/tasks/main.yaml index 5a729b33f27..ce69ac88931 100644 --- a/platforms/substrate/configuration/roles/create/keys/tasks/main.yaml +++ b/platforms/substrate/configuration/roles/create/keys/tasks/main.yaml @@ -4,6 +4,7 @@ # SPDX-License-Identifier: Apache-2.0 ############################################################################################## +# Create keys for each node - name: Create keys for each node include_tasks: nested_main.yaml loop: "{{ peers }}" diff --git a/platforms/substrate/configuration/roles/create/keys/tasks/nested_main.yaml b/platforms/substrate/configuration/roles/create/keys/tasks/nested_main.yaml index 1cd8a8a0d81..88bb7b105e4 100644 --- a/platforms/substrate/configuration/roles/create/keys/tasks/nested_main.yaml +++ b/platforms/substrate/configuration/roles/create/keys/tasks/nested_main.yaml @@ -4,7 +4,7 @@ # SPDX-License-Identifier: Apache-2.0 ############################################################################################## -# This task checks if the keys already exist +# Check if the keys already exist - name: Check if keys exist shell: | vault kv get -field=node_id {{ vault.secret_path | default('secretsv2') }}/{{ component_ns }}/{{ peer.name }}/substrate @@ -14,7 +14,7 @@ register: vault_keys_result ignore_errors: yes -# generate substrate keys helmrelease file +# Generate substrate keys helmrelease file - name: "Create substrate key management file" include_role: name: create/helm_component @@ -25,8 +25,7 @@ component_name: "{{ peer.name }}-keys-job" when: vault_keys_result.failed -# --------------------------------------------------------------------- -# push the created deployment files to repository +# Push the created deployment files to repository - name: "Push the created deployment files to repository" include_role: name: "{{ playbook_dir }}/../../shared/configuration/roles/git_push" diff --git a/platforms/substrate/configuration/roles/create/member_node/tasks/main.yaml b/platforms/substrate/configuration/roles/create/member_node/tasks/main.yaml index 2913e42e1f9..3bb5df1abaa 100644 --- a/platforms/substrate/configuration/roles/create/member_node/tasks/main.yaml +++ b/platforms/substrate/configuration/roles/create/member_node/tasks/main.yaml @@ -4,7 +4,7 @@ # SPDX-License-Identifier: Apache-2.0 ############################################################################################## -# generate member node helmrelease file +# Generate member node helmrelease file - name: Create value file for member nodes include_role: name: create/helm_component @@ -28,7 +28,7 @@ loop_var: peer when: peer.type == "member" -# generate ipfs node helmrelease file +# Generate ipfs node helmrelease file - name: "Create ipfs node release file" include_role: name: create/helm_component @@ -49,7 +49,7 @@ loop_var: peer when: peer.type == "member" and peer.ipfs is defined -# Git Push : Pushes the above generated files to git directory +# Git Push : Push the above generated files to git directory - name: Git Push include_role: name: "{{ playbook_dir }}/../../shared/configuration/roles/git_push" diff --git a/platforms/substrate/configuration/roles/create/namespace_serviceaccount/Readme.md b/platforms/substrate/configuration/roles/create/namespace_serviceaccount/Readme.md deleted file mode 100644 index 1e64e0d2ccf..00000000000 --- a/platforms/substrate/configuration/roles/create/namespace_serviceaccount/Readme.md +++ /dev/null @@ -1,72 +0,0 @@ -[//]: # (##############################################################################################) -[//]: # (Copyright Accenture. All Rights Reserved.) -[//]: # (SPDX-License-Identifier: Apache-2.0) -[//]: # (##############################################################################################) - -## ROLE: create/namespace_serviceaccount -This role creates the value files for namespaces, vault-auth, vault-reviewer and clusterrolebinding for each node. - -### Tasks -(Variables with * are fetched from the playbook which is calling this role) -#### 1. Check if namespace exists -This task check if the namespace is already created or not. -##### Input Variables - - kind: The path to the directory is specified here. - *component_ns: The organisation's namespace - *kubeconfig: The kubernetes config file - *context: The kubernetes current context - -##### Output Variables - - get_namespace: This variable stores the output of check if namespace exists. - -#### 2. Create namespace for {{ organisation }} -This task creates value file for namespace by calling create/k8_component role. -##### Input Variables - - component_type: It specifies the type of deployment to be created. In this case it is "namespace". - *component_name: The organisation's namespace. - *release_dir: absolute path for release git directory - helm_lint: Either true or false, for linting. - -**include_role**: It includes the name of intermediatory role which is required for creating the namespace. - -**when**: It runs when *get_namespace.resources|length* == 0, i.e. the namespace does not exist. - -#### 3. Create vault auth service account for {{ organisation }} -This task creates vault auth service account file for organisation by calling create/k8_component role. -##### Input Variables - - organisation: Organisation name - component_type: It specifies the type of deployment to be created. In this case it is "vault-reviewr". - *component_name: The organisation's namespace. - *release_dir: absolute path for release git directory. - helm_lint: Either true or false, for linting. - -#### 4. Create vault reviewer for {{ organisation }} -This task creates vault reviewer file for organisation by calling create/k8_component role. -##### Input Variables - - organisation: Organisation name - component_type: It specifies the type of deployment to be created. In this case it is "vault-reviewr". - *component_name: The organisation's namespace. - *release_dir: absolute path for release git directory. - helm_lint: Either true or false, for linting. - -#### 5. Create clusterrolebinding for {{ organisation }} -This task creates value file for clusterrolebinding by calling create/k8_component role. -##### Input Variables - - organisation: Organisation name - component_type: It specifies the type of deployment to be created. In this case it is "reviewer_rbac". - *component_name: The organisation's namespace. - *release_dir: absolute path for release git directory. - helm_lint: Either true or false, for linting. - -#### 6. Push the created deployment files to repository -This task pushes all the value files created to the git repo by calling git_push role in shared directory. -##### Input Variables - GIT_DIR: "The path of directory which needs to be pushed" - gitops: *item.gitops* from network.yaml - msg: "Message for git commit" diff --git a/platforms/substrate/configuration/roles/create/namespace_serviceaccount/tasks/main.yaml b/platforms/substrate/configuration/roles/create/namespace_serviceaccount/tasks/main.yaml index 8d410d91fd9..8d51e4958ec 100644 --- a/platforms/substrate/configuration/roles/create/namespace_serviceaccount/tasks/main.yaml +++ b/platforms/substrate/configuration/roles/create/namespace_serviceaccount/tasks/main.yaml @@ -4,7 +4,10 @@ # SPDX-License-Identifier: Apache-2.0 ############################################################################################## -# This role creates the deployment files for namespaces, vault-auth, vault-reviewer and clusterrolebinding for each node +############################################################################################## +# Create the deployment files for namespaces, vault-auth, vault-reviewer and clusterrolebinding for each node +############################################################################################## + # Check Namespace exists already - name: "Checking if the namespace {{ component_ns }} already exists" include_role: @@ -14,11 +17,12 @@ component_name: "{{ component_ns }}" type: "no_retry" +# Set a variable to store the result of the Namespace existence check - name: "Set Variable" set_fact: get_namespace: "{{ result }}" -# Create namespace +# Create namespace if not present already - name: Create namespace for {{ organisation }} include_role: name: create/k8_component @@ -29,7 +33,7 @@ release_dir: "{{ playbook_dir }}/../../../{{ gitops.release_dir }}" when: get_namespace.resources|length == 0 -# create vault auth service account for organisation +# Create vault auth service account for organisation - name: Create vault auth service account for {{ organisation }} include_role: name: create/k8_component @@ -59,6 +63,7 @@ helm_lint: "false" release_dir: "{{ playbook_dir }}/../../../{{ gitops.release_dir }}" +# Push the created deployment files to repository - name: "Push the created deployment files to repository" include_role: name: "{{ playbook_dir }}/../../shared/configuration/roles/git_push" diff --git a/platforms/substrate/configuration/roles/create/storageclass/Readme.md b/platforms/substrate/configuration/roles/create/storageclass/Readme.md deleted file mode 100644 index bc9588a622f..00000000000 --- a/platforms/substrate/configuration/roles/create/storageclass/Readme.md +++ /dev/null @@ -1,51 +0,0 @@ -[//]: # (##############################################################################################) -[//]: # (Copyright Accenture. All Rights Reserved.) -[//]: # (SPDX-License-Identifier: Apache-2.0) -[//]: # (##############################################################################################) - -## ROLE: create/storageclass -This role creates the storageclass value file for nodes - -### Tasks -(Variables with * are fetched from the playbook which is calling this role) -#### 1. Check if storageclass exists -This task check if the storageclass exists. -##### Input Variables - - kind: StorageClass - *name: storageclass name - *kubeconfig: The kubernetes config file - *context: The kubernetes current context - -##### Output Variables - - storageclass_state: This variable stores the output of check if storageclass exists. - -#### 2. Create storageclass -This task creates value file for storageclass by calling create/k8_component role. -##### Input Variables - - *component_name: The storageclass name. - *component_type: It specifies the type of deployment to be created. In this case it is "-storageclass" - helm_lint: This is a flag to run helm_list module. "false" in this case because storageclass is not a helm chart. - *release_dir: absolute path for release git directory - -**when**: It runs when *storageclass_state.resources|length* == 0, i.e. storageclass doen not exists . - -#### 3. Push the created deployment files to repository -This task pushes the generated value file to gitops repository by calling shared/configuration/roles/git_push role. -##### Input Variables - GIT_DIR: "The path of directory which needs to be pushed" - gitops: *item.gitops* from network.yaml - msg: "Message for git commit" - -#### 4. Wait for Storageclass creation for {{ component_name }} -This task checks storageclass is created or not by calling role check/k8_component role. -##### Input Variables - - component_type: The storageclass name. - *component_name: The storageclass resource name. - *kubeconfig: The kubernetes config file. - *context: The kubernetes current context. - -**when**: It runs when *storageclass_state.resources|length* == 0, i.e. storageclass did not exists before. diff --git a/platforms/substrate/configuration/roles/create/storageclass/tasks/main.yaml b/platforms/substrate/configuration/roles/create/storageclass/tasks/main.yaml index 5e3f7357c73..5cf397c91bb 100644 --- a/platforms/substrate/configuration/roles/create/storageclass/tasks/main.yaml +++ b/platforms/substrate/configuration/roles/create/storageclass/tasks/main.yaml @@ -7,6 +7,7 @@ ############################################################################################# # This role creates value files for storage class ############################################################################################# + # Check storageclass exists already - name: "Checking if the storage class {{ storageclass_name }} already exists" include_role: @@ -16,11 +17,12 @@ component_name: "{{ storageclass_name }}" type: "no_retry" -#set variable storageclass_state +# set variable storageclass_state - name: "Set Variable" set_fact: storageclass_state: "{{ result }}" +# Create storageclass if not prsent already - name: Create storageclass include_role: name: create/k8_component @@ -43,7 +45,7 @@ msg: "[ci skip] Pushing deployment file for storageclass" when: storageclass_state.resources|length == 0 -#Wait for the creation of storage class +# Wait for the creation of storage class - name: "Waiting for the creation of {{ storageclass_name }} storage class for {{ component_name }}" include_role: name: "{{ playbook_dir }}/../../shared/configuration/roles/check/k8_component" diff --git a/platforms/substrate/configuration/roles/create/validator_node/tasks/main.yaml b/platforms/substrate/configuration/roles/create/validator_node/tasks/main.yaml index 5bb59879bbc..74075c31133 100644 --- a/platforms/substrate/configuration/roles/create/validator_node/tasks/main.yaml +++ b/platforms/substrate/configuration/roles/create/validator_node/tasks/main.yaml @@ -4,7 +4,7 @@ # SPDX-License-Identifier: Apache-2.0 ############################################################################################## -#This task creates the value files for each validator node of organization +# Create the value files for each validator node of organization - name: Create value file for validator for each node include_role: name: create/helm_component @@ -28,7 +28,7 @@ loop_var: peer when: peer.type == "validator" - # Git Push : Pushes the above generated files to git directory +# Git Push : Push the above generated files to git directory - name: Git Push include_role: name: "{{ playbook_dir }}/../../shared/configuration/roles/git_push" diff --git a/platforms/substrate/configuration/roles/delete/flux_releases/Readme.md b/platforms/substrate/configuration/roles/delete/flux_releases/Readme.md deleted file mode 100644 index 27442f194e3..00000000000 --- a/platforms/substrate/configuration/roles/delete/flux_releases/Readme.md +++ /dev/null @@ -1,49 +0,0 @@ -[//]: # (##############################################################################################) -[//]: # (Copyright Accenture. All Rights Reserved.) -[//]: # (SPDX-License-Identifier: Apache-2.0) -[//]: # (##############################################################################################) - -## delete/flux_releases -This role deletes the helm releases and uninstalls Flux - -### Tasks -(Variables with * are fetched from the playbook which is calling this role) -#### 1. Uninstall Flux -This task removes FLUX -##### Input Variables - *KUBECONFIG: The config file of cluster -**shell**: This commands deletes Flux. -**ignore_errors**: This flag ignores any errors and proceeds furthur. - -#### 2. Delete the helmrelease for each peer -This task deletes the helmrelease for each peer -##### Input Variables - kind: Helmrelease, The kind of component - *namespace: Namespace of the component - *name: "Name of component, Format: {{ org_name }}{{ peer.name }}tessera" - state: absent ( This deletes any found result) - *kubeconfig: The config file of cluster - *context: The context of the cluster -**ignore_errors**: This flag ignores the any errors and proceeds further. - -#### 3. Remove node helm releases -This task deletes the helmrelease for each peer -**ignore_errors**: This flag ignores the any errors and proceeds furthur. - -#### 4. Remove Node Helm releases -This task deletes node helm releases for Tessera Transaction Manager -##### Input Variables - *namespace: Namespace of the component - *KUBECONFIG: The config file of cluster -**shell**: This commands deletes HelmReleases. -**ignore_errors**: This flag ignores the any errors and proceeds furthur. - -#### 5. Deletes namespaces -This task removes namespaces -##### Input Variables - kind: Namespace - *name: Name of Component - state: absent ( This deletes any found result) - *kubeconfig: The config file of cluster - *context: The context of the cluster -**ignore_errors**: This flag ignores the any errors and proceeds furthur. \ No newline at end of file diff --git a/platforms/substrate/configuration/roles/delete/flux_releases/tasks/main.yaml b/platforms/substrate/configuration/roles/delete/flux_releases/tasks/main.yaml index 326123be709..d2502059b0f 100644 --- a/platforms/substrate/configuration/roles/delete/flux_releases/tasks/main.yaml +++ b/platforms/substrate/configuration/roles/delete/flux_releases/tasks/main.yaml @@ -8,9 +8,8 @@ # This role deletes the helm releases and uninstalls Flux ############################################################################################# -############################################################################################# # Uninstalling Flux is needed so that everything is clean -# remove this if not needed +# Remove this if not needed - name: Uninstall flux shell: flux uninstall -s --namespace=flux-{{ network.env.type }} --kubeconfig={{ kubernetes.config_file }} ignore_errors: yes @@ -33,8 +32,8 @@ done ignore_errors: yes -# This task deletes the namespaces -- name: Deletes namespaces +# Delete the namespaces +- name: Delete namespaces k8s: kind: Namespace name: "{{ org_namespace }}" diff --git a/platforms/substrate/configuration/roles/delete/gitops_files/Readme.md b/platforms/substrate/configuration/roles/delete/gitops_files/Readme.md deleted file mode 100644 index 6908c003e89..00000000000 --- a/platforms/substrate/configuration/roles/delete/gitops_files/Readme.md +++ /dev/null @@ -1,28 +0,0 @@ -[//]: # (##############################################################################################) -[//]: # (Copyright Accenture. All Rights Reserved.) -[//]: # (SPDX-License-Identifier: Apache-2.0) -[//]: # (##############################################################################################) - -## delete/gitops_files -This role deletes all the gitops release files -### main.yaml -### Tasks -(Variables with * are fetched from the playbook which is calling this role) -#### 1. Delete release files -This task deletes all the files from the release directory -##### Input Variables - *release_dir: The release directory path - state: absent ( This deletes any found result) - -#### 2. Delete release files -This task deletes all the files from the release directory -##### Input Variables - *release_dir_ns: The release directory path with -quo suffix - state: absent ( This deletes any found result) - -#### 2. Git Push -This task pushes the current state to git repo after deleting value files from *release_dir* calling git_push role from shared. -##### Input Variables - GIT_DIR: "The path of directory which needs to be pushed" - gitops: *item.gitops* from network.yaml - msg: "Message for git commit" diff --git a/platforms/substrate/configuration/roles/delete/gitops_files/tasks/main.yaml b/platforms/substrate/configuration/roles/delete/gitops_files/tasks/main.yaml index d56b082dc67..72238939327 100644 --- a/platforms/substrate/configuration/roles/delete/gitops_files/tasks/main.yaml +++ b/platforms/substrate/configuration/roles/delete/gitops_files/tasks/main.yaml @@ -8,25 +8,26 @@ # This role deletes all the gitops release files ############################################################################################# -############################################################################################ -# This task deletes all the files from the release directory -- name: Delete release files +# Delete files in the organization-specific directory within the release directory +- name: Delete organization-specific files file: path: "{{ release_dir }}/" state: absent -- name: Delete release files +# Delete files in the organization namespace-specific directory within the release directory +- name: Delete organization namespace-specific files file: path: "{{ release_dir_ns }}/" state: absent -- name: Delete release files +# Delete files in the Flux-specific directory within the release directory +- name: Delete Flux-specific files file: path: "{{ flux_manifest_dir }}/" state: absent -#Git Push : Pushes the above generated files to git directory -- name: Git Push +# Git Push : Push changes to the Git repository after deleting the files +- name: Push changes to Git repository after file deletion include_role: name: "{{ playbook_dir }}/../../shared/configuration/roles/git_push" vars: diff --git a/platforms/substrate/configuration/roles/delete/k8s_secrets/tasks/main.yaml b/platforms/substrate/configuration/roles/delete/k8s_secrets/tasks/main.yaml index 4a8843cfe14..4a6c5de7169 100644 --- a/platforms/substrate/configuration/roles/delete/k8s_secrets/tasks/main.yaml +++ b/platforms/substrate/configuration/roles/delete/k8s_secrets/tasks/main.yaml @@ -4,7 +4,7 @@ # SPDX-License-Identifier: Apache-2.0 ############################################################################################## -# This task deletes the vault root token +# Delete the vault root token - name: Delete vault roottoken k8s: kind: Secret diff --git a/platforms/substrate/configuration/roles/delete/vault_secrets/Readme.md b/platforms/substrate/configuration/roles/delete/vault_secrets/Readme.md deleted file mode 100644 index 42b7df1a92c..00000000000 --- a/platforms/substrate/configuration/roles/delete/vault_secrets/Readme.md +++ /dev/null @@ -1,58 +0,0 @@ -[//]: # (##############################################################################################) -[//]: # (Copyright Accenture. All Rights Reserved.) -[//]: # (SPDX-License-Identifier: Apache-2.0) -[//]: # (##############################################################################################) - -## delete/vault_secrets -This role deletes the Vault configurations -### main.yaml -### Tasks -(Variables with * are fetched from the playbook which is calling this role) -#### 1. Delete docker creds -This task deletes docker credentials. -##### Input Variables - kind: Secret - *namespace: Namespace of the component - name: "regcred" - state: absent ( This deletes any found result) - *kubeconfig: The config file of cluster - *context: The context of the cluster -**ignore_errors**: This flag ignores the any errors and proceeds furthur. - -#### 2. Delete ambassador creds -This task deletes ambassador credentials. -##### Input Variables - kind: Secret - namespace: Namespace of the component here it is default - name: "Name of the ambassador credential" - state: absent ( This deletes any found result) - *kubeconfig: The config file of cluster - *context: The context of the cluster -**loop**: iterates over all the peers. -**ignore_errors**: This flag ignores the any errors and proceeds furthur. - -#### 3. Delete vault-auth path -This task deletes vault auth. -##### Input Variables - *VAULT_ADDR: Contains Vault URL, Fetched using 'vault.' from network.yaml - *VAULT_TOKEN: Contains Vault Token, Fetched using 'vault.' from network.yaml - *org_name: The name of organisation -**shell** : This command deletes the vault auth. -**ignore_errors**: This flag ignores the any errors and proceeds furthur. - -#### 4. Delete Crypto material -This task deletes crypto material -##### Input Variables - *VAULT_ADDR: Contains Vault URL, Fetched using 'vault.' from network.yaml - *VAULT_TOKEN: Contains Vault Token, Fetched using 'vault.' from network.yaml -**shell** : This command deletes the secrets -**loop**: iterates over all peers -**ignore_errors**: This flag ignores any errors and proceeds further. - -#### 5. Delete Access policies -##### Input Variables - *VAULT_ADDR: Contains Vault URL, Fetched using 'vault.' from network.yaml - *VAULT_TOKEN: Contains Vault Token, Fetched using 'vault.' from network.yaml -**shell** : This module deletes the access policies -**loop**: iterates over all peers -**ignore_errors**: This flag ignores any errors and proceeds further. diff --git a/platforms/substrate/configuration/roles/delete/vault_secrets/tasks/main.yaml b/platforms/substrate/configuration/roles/delete/vault_secrets/tasks/main.yaml index ec7843febff..64933d0bb3b 100644 --- a/platforms/substrate/configuration/roles/delete/vault_secrets/tasks/main.yaml +++ b/platforms/substrate/configuration/roles/delete/vault_secrets/tasks/main.yaml @@ -9,7 +9,7 @@ ############################################################################################# ############################################################################################# -# This task deletes the Docker credentials +# Delete the Docker credentials - name: Delete docker creds k8s: kind: Secret @@ -20,6 +20,7 @@ context: "{{ kubernetes.context }}" ignore_errors: yes +# Delete Ambassador credentials - name: Delete Ambassador creds k8s: kind: Secret @@ -33,7 +34,7 @@ loop_var: peer ignore_errors: yes -# This task deletes vault auth +# Delete vault-auth path - name: Delete vault-auth path shell: | vault kv delete sys/auth/substrate{{ org_name }} @@ -41,7 +42,7 @@ VAULT_ADDR: "{{ item.vault.url }}" VAULT_TOKEN: "{{ item.vault.root_token }}" -# This task deletes crypto material +# Delete Peer Crypto material - name: Delete Peer Crypto material shell: | vault kv delete {{ item.vault.secret_path | default('secretsv2') }}/{{ org_namespace }}/{{ peer.name }}/substrate @@ -54,7 +55,7 @@ loop_var: peer ignore_errors: yes -# This task deletes org level secrets +# Delete Organization's Crypto material - name: Delete Org Crypto material shell: | vault kv delete {{ item.vault.secret_path | default('secretsv2') }}/{{ org_namespace }}/genesis @@ -64,7 +65,7 @@ VAULT_TOKEN: "{{ item.vault.root_token }}" ignore_errors: yes - # This task deletes application crypto material + # Delete application crypto material - name: Delete Application Crypto material shell: | vault kv delete {{ item.vault.secret_path | default('secretsv2') }}/{{ org_namespace }}/application @@ -76,7 +77,7 @@ loop_var: peer ignore_errors: yes -# This task deletes vault policies +# Delete vault access policies - name: Delete Access policies shell: | vault policy delete vault-crypto-organization-{{ item.name }}-ro diff --git a/platforms/substrate/configuration/roles/setup/get_crypto/Readme.md b/platforms/substrate/configuration/roles/setup/get_crypto/Readme.md deleted file mode 100644 index 16c0512da5c..00000000000 --- a/platforms/substrate/configuration/roles/setup/get_crypto/Readme.md +++ /dev/null @@ -1,41 +0,0 @@ -[//]: # (##############################################################################################) -[//]: # (Copyright Accenture. All Rights Reserved.) -[//]: # (SPDX-License-Identifier: Apache-2.0) -[//]: # (##############################################################################################) - -## ROLE: setup/get_crypto -This role saves the crypto from Vault into ansible_provisioner. - -### Tasks -(Variables with * are fetched from the playbook which is calling this role.) -#### 1. Ensure directory exists -This task checks whether admincerts directory present or not. If not present, creates one. -##### Input Variables - - *path: The path where to check is specified here - recurse: Yes/No to recursively check inside the path specified. - state: Type i.e. directory. - -#### 2. Save cert -This task takes the tlscacerts from vault and put in ansible controller. -##### Input Variables - * cert_path: path where the certificate getting stored -**when**: *type* == 'ambassador' - -#### 3. Save key -This task takes the tlskey from vault and put in ansible container. -##### Input Variables - * cert_path: path where the certificate getting stored -**when**: *type* == 'ambassador' - -#### 4. Save root keychain -This task takes the rootcakey from vault and put in ansible container. -##### Input Variables - * cert_path: path where the certificate getting stored -**when**: *type* == 'rootca' - -#### 5. Extracting root certificate from .jks -This task takes extracts root certificates from root,jks file from specified path -##### Input Variables - * cert_path: path where the certificate getting stored -**when**: *type* == 'rootca' diff --git a/platforms/substrate/configuration/roles/setup/get_crypto/tasks/main.yaml b/platforms/substrate/configuration/roles/setup/get_crypto/tasks/main.yaml index 841381fe834..38bf1e4bf58 100644 --- a/platforms/substrate/configuration/roles/setup/get_crypto/tasks/main.yaml +++ b/platforms/substrate/configuration/roles/setup/get_crypto/tasks/main.yaml @@ -19,6 +19,7 @@ - name: Save cert local_action: copy content="{{ vault_output['data'].data.tlscacerts | b64decode }}" dest="{{ cert_path }}/{{ type }}.crt" when: type == 'ambassador' + # Save the key file - name: Save key local_action: copy content="{{ vault_output['data'].data.tlskey | b64decode }}" dest="{{ cert_path }}/{{ type }}.key" diff --git a/platforms/substrate/configuration/roles/setup/vault_kubernetes/Readme.md b/platforms/substrate/configuration/roles/setup/vault_kubernetes/Readme.md deleted file mode 100644 index 142be5a0608..00000000000 --- a/platforms/substrate/configuration/roles/setup/vault_kubernetes/Readme.md +++ /dev/null @@ -1,94 +0,0 @@ -[//]: # (##############################################################################################) -[//]: # (Copyright Accenture. All Rights Reserved.) -[//]: # (SPDX-License-Identifier: Apache-2.0) -[//]: # (##############################################################################################) - -## ROLE: vault_kubernetes -This role setups communication between the vault and kubernetes cluster and install neccessary configurations. - -### Tasks -(Variables with * are fetched from the playbook which is calling this role) -#### 1. Check if namespace is created -This tasks check if the namespace is already created or not. -##### Input Variables - kind: This defines the kind of Kubernetes resource - *name: Name of the component - *kubeconfig: The config file of the cluster - *context: This refer to the required kubernetes cluster context -##### Output Variables - - get_namespace: This variable stores the output of namespace query. - **until**: This condition checks until *get_namespace.resources* variable exists - **retries**: No of retries - **delay**: Specifies the delay between every retry - -#### 2. Check if Kubernetes-auth already created for Organization -This task checks if the vault path already exists. -##### Input Variables - *VAULT_ADDR: Contains Vault URL, Fetched using 'vault.' from network.yaml - *VAULT_TOKEN: Contains Vault Token, Fetched using 'vault.' from network.yaml -**environment** : It includes the list of environment variables. -**shell** : This command lists the auth methods enabled. The output lists the enabled auth methods and options for those methods. -**vault* : This variable contains details of vault from network.yaml. It comes from previous calling playbook(deploy-network,yaml) - -##### Output Variables - auth_list: Stores the list of enables auth methods - -#### 3. Check if policy exists -This task checks if the vault-ro policy already exists -##### Input Variables - *VAULT_ADDR: Contains Vault URL, Fetched using 'vault.' from network.yaml - *VAULT_TOKEN: Contains Vault Token, Fetched using 'vault.' from network.yaml - *component_name: The name of resource -**shell** : This command reads the vault and checks if the policy exists. -**ignore_errors**: This flag ignores the any errors and proceeds furthur. - -##### Output Variables - vault_policy_result: Stores the result of policy check shell command. - -#### 4. Ensures build dir exists -This task creates the build temp directory. -##### Input Variables - path: The path where to check is specified here. - recurse: Yes/No to recursively check inside the path specified. - -#### 5. Create vault_kubernetes secrets tokens -This task creates secrets for the root token and the reviewer token -##### Input Variables - *namespace: "Namespace of org , Format: {{ item.name |lower }}-net" - *vault: "Vault Details" - *kubernetes: "{{ item.k8s }}" -**include_role**: It includes the name of intermediatory role which is required for creating the secrets, here `k8s_secret`. - -### 6. Get the kubernetes server url -This role get url address of Kubernetes server and store it into variable. -##### Input Variables - *KUBECONFIG: Contains config file of cluster, Fetched using 'kubernetes.' from network.yaml -**shell** : This command get url address of Kubernetes server. - -#### Output Variables: - kubernetes_server_url: Stored url address of Kubernetes server. - -#### 7. Create value file for chaincode commit -This is the nested Task for chaincode commit. -##### Input Variables - *name: "Name of the organisation" - *type: "vault_k8s_mgmt" - *component_name: Name of the component, "{{ item.name | lower}}}}-vaultkubernetes-job" - *component_type: Type of the component, "{{ item.type | lower}} }}" - *component_ns: "Namespace of organisation , Format: {{ item.name | lower}}-net" - *git_url: "Git SSH url" - *git_branch: "Git Branch Name" - *charts_dir: "Path of Charts Directory" - *vault: "Vault Details" - *k8s: "Kubernetes Details" - *kubernetes_url: "url address of Kubernetes server" - *values_dir: "Destination directory" -**include_role**: It includes the name of intermediatory role which is required for creating the helm value file, here `helm_component`. - -#### 8. Git Push -This task pushes the above generated value files to git repo. -##### Input Variables - GIT_DIR: "The path of directory which needs to be pushed" - gitops: *item.gitops* from network.yaml - msg: "Message for git commit" diff --git a/platforms/substrate/configuration/roles/setup/vault_kubernetes/tasks/main.yaml b/platforms/substrate/configuration/roles/setup/vault_kubernetes/tasks/main.yaml index de985efe3ba..b02d0d55848 100644 --- a/platforms/substrate/configuration/roles/setup/vault_kubernetes/tasks/main.yaml +++ b/platforms/substrate/configuration/roles/setup/vault_kubernetes/tasks/main.yaml @@ -18,8 +18,7 @@ component_name: "{{ component_ns }}" type: "retry" -############################################################################################### -# This task creates the docker pull credentials for image registry +# Create the docker pull credentials for image registry - name: "Create docker credentials secret" include_role: name: create/k8s_secrets @@ -28,8 +27,8 @@ check: "docker_credentials" when: network.docker.password is defined -# This task checks if the vault policy already exists -- name: "Checking if the vault policies already exists" +# Check if the vault policy already exists +- name: "Check if the vault policies already exists" include_role: name: "{{ playbook_dir }}/../../shared/configuration/roles/check/setup" vars: @@ -37,11 +36,11 @@ component_name: "{{ item.name | lower }}" ignore_errors: yes +# Set a variable to capture the result of the vault policy check - set_fact: this_policy_result: "{{ vault_policy_result }}" -############################################################################################# -# This task creates secrets for the root token +# Create secrets for the root token - name: "Create vault token secret" include_role: name: create/k8s_secrets @@ -57,8 +56,7 @@ vars: path: "./build" -##################################################################################################################### -# This task creates the access policy for various Substrate entity +# Create the access policy for various Substrate entity - name: Create policy for Access Control vars: name: "{{ item.name | lower }}" @@ -67,17 +65,15 @@ dest: "./build/vault-crypto-{{ component_type }}-{{ name }}-ro.hcl" when: this_policy_result.failed changed_when: false - -############################################################################################# -# This tasks gets the kubernetes server url + +# Get the kubernetes server url - name: Get the kubernetes server url shell: | KUBECONFIG={{ kubernetes.config_file }} kubectl config view --minify | grep server | cut -f 2- -d ":" | tr -d " " register: kubernetes_server_url when: this_policy_result.failed -##################################################################################################################### -# This tasks generate vault_kubernetes helmrelease file +# Generate vault_kubernetes helmrelease file - name: "Create value file for vault_kubernetes" include_role: name: create/helm_component @@ -95,7 +91,7 @@ values_dir: "{{playbook_dir}}/../../../{{item.gitops.release_dir}}/{{ item.name | lower }}" when: this_policy_result.failed -#Git Push : Pushes the above generated files to git directory +# Git Push : Push the above generated files to git directory - name: Git Push include_role: name: "{{ playbook_dir }}/../../shared/configuration/roles/git_push" @@ -104,7 +100,7 @@ gitops: "{{ item.gitops }}" msg: "[ci skip] Pushing vault_kubernetes files" when: this_policy_result.failed - + # Check if vault_kubernetes is completed - name: Check if vault_kubernetes job is completed include_role: @@ -115,8 +111,7 @@ kubernetes: "{{ item.k8s }}" when: this_policy_result.failed -############################################################################################# -# This task deletes the root token +# Delete the root token - name: "Delete vault token secret" include_role: name: delete/k8s_secrets