Sahara云大数据>> ansible-cfsetup-boshrelease>> 返回
项目作者: SpringerPE

项目描述 :
Add-on for ansible-boshrelease to manage Cloud Foundry Organizations, Spaces, Users, Quotas, Security Groups, Environment variables and feature flags
高级语言: Shell
项目地址: git://github.com/SpringerPE/ansible-cfsetup-boshrelease.git
创建时间: 2016-12-07T09:34:37Z
项目社区:https://github.com/SpringerPE/ansible-cfsetup-boshrelease
开源协议:Apache License 2.0
下载


Add-on BOSH Release for ansible-boshrelease

Add-on release with ansible playbooks to manage Cloud Foundry resources:
users, security groups, quotas, feature flags, environment variables, organizations and spaces

The core functionality is provided by https://github.com/SpringerPE/ansible-cloudfoundry-role,
this is just an add-on to run the that ansible role in a Bosh errand.

Usage

This is and add-on release, it will work only if it is deployed together with the
ansible-boshrelease on the nodes, in particular with ansible-deploy job.
Have a look at ansible-boshrelease
for the requirements and to see how it works.

Considering v2 manifest style, this could be an example:

  1. name: cfsetup
  2. # replace with `bosh status --uuid`
  3. director_uuid: 1c799a52-154b-4fb3-b181-d81ec5f3c97b
  5. releases:
  6. - name: ansible
  7.   version: latest
  8. - name: ansible-cfsetup
  9.   version: latest
  11. stemcells:
  12. - alias: trusty
  13.   name: bosh-vsphere-esxi-ubuntu-trusty-go_agent
  14.   version: latest
  16. instance_groups:
  17. - name: ansible-cfsetup
  18.   lifecycle: errand
  19.   instances: 1
  20.   vm_type: medium
  21.   stemcell: trusty
  22.   vm_extensions: []
  23.   azs:
  24.   - Online
  25.   networks:
  26.   - name: online
  27.   jobs:
  28.   - name: ansible-deploy
  29.     release: ansible
  30.   - name: ansible-cfsetup
  31.     release: ansible-cfsetup
  32.   properties:
  33.     ansible_cfsetup:
  34.       credentials:
  35.       - name: test
  36.         api: "https://api.test.cf.springer-sbm.com"
  37.         admin: "admin"
  38.         password: "password"
  39.       feature_flags:
  40.       - name: user_org_creation
  41.         value: true
  42.       running_environment_variables:
  43.       - name: HOLA
  44.         value: hola
  45.       - name: ADIOS
  46.         value: bye
  47.       security_groups:
  48.       - name: sec1
  49.         state: present
  50.         context: running
  51.         context_state: present
  52.         rules:
  53.         - name: "allow-proxy"
  54.           protocol: tcp
  55.           destination: "10.20.0.1/0"
  56.           ports: "8080"
  57.       quotas:
  58.       - name: quota1
  59.         state: present
  60.         total_services: 100
  61.         total_routes: 1000
  62.         memory_limit: 1000
  63.       users:
  64.       - name: pepe@hola.com
  65.         state: present
  66.         password: hola
  67.         given_name: Pepe
  68.         family_name: Family
  69.       - name: claudio@hola.com
  70.         state: present
  71.         password: hola
  72.         given_name: Claudio
  73.         family_name: Family
  74.       orgs:
  75.       - name: org1
  76.         quota: quota1
  77.         state: present
  78.         users:
  79.         - name: pepe@hola.com
  80.         managers:
  81.         - name: claudio@hola.com
  82.         spaces:
  83.         - name: test
  84.         - name: second
  85.       - name: org2
  86.         state: present
  87.         quota: quota1
  88.         spaces:
  89.         - name: live
  90.           state: present
  91.           managers:
  92.           - name: claudio@hola.com
  93.           security_groups:
  94.           - name: sec1
  96. update:
  97.   canaries: 1
  98.   max_in_flight: 1
  99.   serial: false
  100.   canary_watch_time: 1000-60000
  101.   update_watch_time: 1000-60000

You can add more Cloud Foundry environments in credentials to apply the same
settings to all of them (see also the parallel parameter to control the serialization/parallelism.

and that’s all!, run bosh-deploy. Once the release has been deployed, you can run it as a errand:

  1. # bosh errands
  2. https://10.10.0.10:25555
  4. +-----------------+
  5. | Name            |
  6. +-----------------+
  7. | ansible-cfsetup |
  8. +-----------------+

And then run the errand:

  1. # bosh run errand ansible-cfsetup
  2. https://10.10.0.10:25555
  3. Acting as user 'admin' on deployment 'cfsetup' on 'pe-dogo-01'
  5. Director task 2964
  6.   Started preparing deployment > Preparing deployment. Done (00:00:00)
  8.   Started preparing package compilation > Finding packages to compile. Done (00:00:00)
  10.   Started creating missing vms > ansible-cfsetup/26fb59a0-2866-49f6-8644-fcd0e1d85b75 (0). Done (00:02:14)
  12.   Started updating instance ansible-cfsetup > ansible-cfsetup/26fb59a0-2866-49f6-8644-fcd0e1d85b75 (0) (canary). Done (00:00:24)
  14.   Started running errand > ansible-cfsetup/0. Done (00:00:07)
  16.   Started fetching logs for ansible-cfsetup/26fb59a0-2866-49f6-8644-fcd0e1d85b75 (0) > Finding and packing log files. Done (00:00:01)
  18.   Started deleting errand instances ansible-cfsetup > ansible-cfsetup/26fb59a0-2866-49f6-8644-fcd0e1d85b75 (0). Done (00:00:18)
  20. Task 2964 done
  22. Started         2016-12-06 23:27:58 UTC
  23. Finished        2016-12-06 23:31:02 UTC
  24. Duration        00:03:04
  26. [stdout]
  27. * 6637: /var/vcap/packages/ansible/bin/ansible-playbook  -i /var/vcap/jobs/ansible-cfsetup/ansible/inventory /var/vcap/jobs/ansible-cfsetup/ansible/deploy.yml
  29. PLAY [Cloud Foundry settings playbook] *****************************************
  31. TASK [cf : Check PIP dependencies for ansible modules] *************************
  32. ok: [api.test.cf.springer-sbm.com -> localhost] => (item={'key': u'cfconfigurator', 'value': u'0.2.1'})
  34. TASK [cf : Config - Set global feature flags] **********************************
  35. ok: [api.test.cf.springer-sbm.com -> localhost] => (item={u'name': u'user_org_creation', u'value': True})
  37. TASK [cf : Config - Set global running environment variables group] ************
  38. ok: [api.test.cf.springer-sbm.com -> localhost] => (item={u'name': u'HOLA', u'value': u'hola'})
  39. ok: [api.test.cf.springer-sbm.com -> localhost] => (item={u'name': u'ADIOS', u'value': u'bye'})
  41. TASK [cf : Config - Set global staging environment variables group] ************
  43. TASK [cf : Config - Set global shared domains] *********************************
  45. TASK [cf : Secgroups - Setting global security groups] *************************
  46. included: /var/vcap/data/packages/ansible-cfsetup/130e121141cce7268e2651986b21eae4d6af91c9.1-bfdc6e9241b17fb425b68848d61379589ebb49e6/roles/cf/tasks/secgroup.yml for api.test.cf.springer-sbm.com
  48. TASK [cf : Secgroup - Procesing security group sec1] ***************************
  49. ok: [api.test.cf.springer-sbm.com -> localhost]
  51. TASK [cf : Secgroup - Facts] ***************************************************
  52. ok: [api.test.cf.springer-sbm.com -> localhost]
  54. TASK [cf : Secgroup - Managing security group sec1: present] *******************
  55. changed: [api.test.cf.springer-sbm.com -> localhost]
  57. TASK [cf : Secgroup - Setting up security group rules] *************************
  58. changed: [api.test.cf.springer-sbm.com -> localhost] => (item=(0, {u'destination': u'10.20.0.1/0', u'protocol': u'tcp', u'name': u'allow-proxy', u'ports': u'8080'}))
  60. TASK [cf : Secgroup - Managing sec1 in space] **********************************
  62. TASK [cf : Secgroups - Managing default security groups] ***********************
  63. changed: [api.test.cf.springer-sbm.com -> localhost] => (item={u'rules': [{u'destination': u'10.20.0.1/0', u'protocol': u'tcp', u'name': u'allow-proxy', u'ports': u'8080'}], u'state': u'present', u'name': u'sec1'
  64. , u'context': u'running', u'context_state': u'present'})
  66. TASK [cf : Quotas - Processing quota definitions] ******************************
  67. changed: [api.test.cf.springer-sbm.com -> localhost] => (item={u'memory_limit': 1000, u'state': u'present', u'total_routes': 1000, u'name': u'quota1', u'total_services': 100})
  69. TASK [cf : Users - Managing users] *********************************************
  70. changed: [api.test.cf.springer-sbm.com -> localhost] => (item={u'family_name': u'Family', u'state': u'present', u'password': u'hola', u'name': u'pepe@hola.com', u'given_name': u'Pepe'})
  71. changed: [api.test.cf.springer-sbm.com -> localhost] => (item={u'family_name': u'Family', u'state': u'present', u'password': u'hola', u'name': u'claudio@hola.com', u'given_name': u'Claudio'})
  73. TASK [cf : Orgs - Setting up organizations] ************************************
  74. included: /var/vcap/data/packages/ansible-cfsetup/130e121141cce7268e2651986b21eae4d6af91c9.1-bfdc6e9241b17fb425b68848d61379589ebb49e6/roles/cf/tasks/org.yml for api.test.cf.springer-sbm.com
  75. included: /var/vcap/data/packages/ansible-cfsetup/130e121141cce7268e2651986b21eae4d6af91c9.1-bfdc6e9241b17fb425b68848d61379589ebb49e6/roles/cf/tasks/org.yml for api.test.cf.springer-sbm.com
  77. TASK [cf : Org - Procesing organization org1] **********************************
  78. ok: [api.test.cf.springer-sbm.com -> localhost]
  80. TASK [cf : Org - Facts] ********************************************************
  81. ok: [api.test.cf.springer-sbm.com -> localhost]
  83. TASK [cf : Org - Defining organization org1] ***********************************
  84. changed: [api.test.cf.springer-sbm.com -> localhost]
  86. TASK [cf : Org - Managing spaces for org1] *************************************
  87. included: /var/vcap/data/packages/ansible-cfsetup/130e121141cce7268e2651986b21eae4d6af91c9.1-bfdc6e9241b17fb425b68848d61379589ebb49e6/roles/cf/tasks/space.yml for api.test.cf.springer-sbm.com
  88. included: /var/vcap/data/packages/ansible-cfsetup/130e121141cce7268e2651986b21eae4d6af91c9.1-bfdc6e9241b17fb425b68848d61379589ebb49e6/roles/cf/tasks/space.yml for api.test.cf.springer-sbm.com
  90. TASK [cf : Space - Procesing space test in org1 organization] ******************
  91. ok: [api.test.cf.springer-sbm.com -> localhost]
  93. TASK [cf : Space - Facts] ******************************************************
  94. ok: [api.test.cf.springer-sbm.com -> localhost]
  96. TASK [cf : Space - Managing space org1:test present] ***************************
  97. changed: [api.test.cf.springer-sbm.com -> localhost]
  99. TASK [cf : Space - Managing security groups for org1:test] *********************
  101. TASK [cf : Space - Assigning developers to org1:test] **************************
  103. TASK [cf : Space - Assigning managers to space org1:test] **********************
  105. TASK [cf : Space - Assigning auditors to space org1:test] **********************
  107. TASK [cf : Space - Procesing space second in org1 organization] ****************
  108. ok: [api.test.cf.springer-sbm.com -> localhost]
  110. TASK [cf : Space - Facts] ******************************************************
  111. ok: [api.test.cf.springer-sbm.com -> localhost]
  113. TASK [cf : Space - Managing space org1:second present] *************************
  114. changed: [api.test.cf.springer-sbm.com -> localhost]
  116. TASK [cf : Space - Managing security groups for org1:second] *******************
  118. TASK [cf : Space - Assigning developers to org1:second] ************************
  120. TASK [cf : Space - Assigning managers to space org1:second] ********************
  122. TASK [cf : Space - Assigning auditors to space org1:second] ********************
  124. TASK [cf : Org - Deleting spaces for org1] *************************************
  126. TASK [cf : Org - Deleting organization org1] ***********************************
  128. TASK [cf : Org - Create private domains to organization org1] ******************
  130. TASK [cf : Org - Assigning users to organization org1] *************************
  131. changed: [api.test.cf.springer-sbm.com -> localhost] => (item={u'name': u'pepe@hola.com'})
  132. changed: [api.test.cf.springer-sbm.com -> localhost] => (item={u'name': u'claudio@hola.com'})
  134. TASK [cf : Org - Assigning managers to organization org1] **********************
  135. changed: [api.test.cf.springer-sbm.com -> localhost] => (item={u'name': u'claudio@hola.com'})
  137. TASK [cf : Org - Assigning auditors to organization org1] **********************
  139. TASK [cf : Org - Assigning billing_managers to organization org1] **************
  141. TASK [cf : Org - Assigning default organization org1 for requested users] ******
  143. TASK [cf : Org - Procesing organization org2] **********************************
  144. ok: [api.test.cf.springer-sbm.com -> localhost]
  146. TASK [cf : Org - Facts] ********************************************************
  147. ok: [api.test.cf.springer-sbm.com -> localhost]
  149. TASK [cf : Org - Defining organization org2] ***********************************
  150. changed: [api.test.cf.springer-sbm.com -> localhost]
  152. TASK [cf : Org - Managing spaces for org2] *************************************
  153. included: /var/vcap/data/packages/ansible-cfsetup/130e121141cce7268e2651986b21eae4d6af91c9.1-bfdc6e9241b17fb425b68848d61379589ebb49e6/roles/cf/tasks/space.yml for api.test.cf.springer-sbm.com
  155. TASK [cf : Space - Procesing space live in org2 organization] ******************
  156. ok: [api.test.cf.springer-sbm.com -> localhost]
  158. TASK [cf : Space - Facts] ******************************************************
  159. ok: [api.test.cf.springer-sbm.com -> localhost]
  161. TASK [cf : Space - Managing space org2:live present] ***************************
  162. changed: [api.test.cf.springer-sbm.com -> localhost]
  164. TASK [cf : Space - Managing security groups for org2:live] *********************
  165. included: /var/vcap/data/packages/ansible-cfsetup/130e121141cce7268e2651986b21eae4d6af91c9.1-bfdc6e9241b17fb425b68848d61379589ebb49e6/roles/cf/tasks/secgroup.yml for api.test.cf.springer-sbm.com
  167. TASK [cf : Secgroup - Procesing security group sec1] ***************************
  168. ok: [api.test.cf.springer-sbm.com -> localhost]
  170. TASK [cf : Secgroup - Facts] ***************************************************
  171. ok: [api.test.cf.springer-sbm.com -> localhost]
  173. TASK [cf : Secgroup - Managing security group sec1: present] *******************
  175. TASK [cf : Secgroup - Setting up security group rules] *************************
  177. TASK [cf : Secgroup - Managing sec1 in space live] *****************************
  178. changed: [api.test.cf.springer-sbm.com -> localhost]
  180. TASK [cf : Space - Assigning developers to org2:live] **************************
  182. TASK [cf : Space - Assigning managers to space org2:live] **********************
  183. changed: [api.test.cf.springer-sbm.com -> localhost] => (item={u'name': u'claudio@hola.com'})
  185. TASK [cf : Space - Assigning auditors to space org2:live] **********************
  187. TASK [cf : Org - Deleting spaces for org2] *************************************
  189. TASK [cf : Org - Deleting organization org2] ***********************************
  191. TASK [cf : Org - Create private domains to organization org2] ******************
  193. TASK [cf : Org - Assigning users to organization org2] *************************
  195. TASK [cf : Org - Assigning managers to organization org2] **********************
  197. TASK [cf : Org - Assigning auditors to organization org2] **********************
  199. TASK [cf : Org - Assigning billing_managers to organization org2] **************
  201. TASK [cf : Org - Assigning default organization org2 for requested users] ******
  203. PLAY RECAP *********************************************************************
  204. api.test.cf.springer-sbm.com : ok=38   changed=14   unreachable=0    failed=0
  206. Playbook run took 0 days, 0 hours, 0 minutes, 16 seconds
  208. [stderr]
  209. None
  211. Errand 'ansible-cfsetup' completed successfully (exit code 0)

Of course, you can include the errand in the Cloud Foundry manifest, in the same
way as the smoke tests.

Updating the role

The source code is a submodule of this repo, get it by running:

  1. git submodule init
  2. git submodule update

All the functionality is provided by: https://github.com/SpringerPE/ansible-cloudfoundry-role
The role is re-usable outside this release by re-defining a inventory with the variables
and a group_vars folder. Have a look at the examples on its repository.

All actions/playbooks (thanks to ansible) are idempotent.

To create a final release run: ./bosh_final_release

Author

SpringerNature Platform Engineering,
José Riguera López (jose.riguera@springer.com)

Copyright 2017 Springer Nature

License

Apache 2.0 License