8dba799c18
This phase builded on top of generic executor container.
It uses kustomize generator to generate secrets
and SOPS function to encrypt secrets.
Usage:
1. `curl -fsSL -o key.asc https://raw.githubusercontent.com/mozilla/sops/master/pgp/sops_functional_tests_key.asc`
Copy existing key from sops project
2. `export SOPS_IMPORT_PGP="$(cat key.asc)" && export SOPS_PGP_FP="FBC7B9E2A4F9289AC0C1D4843D16CEE4A27381B4"`
3. `airshipctl phase run secret-generate`
It will generate and encrypt secret in
manifests/site/test-site/target/generator/results/generated/
4. `KUSTOMIZE_PLUGIN_HOME=$(pwd)/manifests SOPS_IMPORT_PGP=$(cat key.asc) kustomize build --enable_alpha_plugins
manifests/site/test-site/target/catalogues/ > output.txt`
It will decrypt encrypted secret
Co-authored-by: Alexey Odinokov <aodinokov@mirantis.com>
Change-Id: I1682d71b7805eb36c407e712dcb747de799bc8bb
Relates-To: #379
72 lines
2.6 KiB
YAML
72 lines
2.6 KiB
YAML
# Licensed under the Apache License, Version 4.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
- name: get BareMetalHost objects
|
|
shell: |
|
|
set -e
|
|
kustomize build --enable_alpha_plugins \
|
|
{{ airship_config_manifest_directory }}/{{ airship_config_site_path }}/{{ path }} 2>/dev/null |
|
|
kustomize cfg grep "kind=BareMetalHost"
|
|
register: bmh_command
|
|
failed_when: "bmh_command.stdout == ''"
|
|
environment:
|
|
KUSTOMIZE_PLUGIN_HOME: "/tmp"
|
|
KUSTOMIZE_ENABLE_ALPHA_COMMANDS: "true"
|
|
SOPS_IMPORT_PGP: "{{ airship_config_pgp }}"
|
|
|
|
- set_fact:
|
|
bmh: "{{ bmh_command.stdout | from_yaml_all | list }}"
|
|
|
|
- name: get network configuration for BareMetalHost objects
|
|
shell: |
|
|
set -e
|
|
kustomize build --enable_alpha_plugins \
|
|
{{ airship_config_manifest_directory }}/{{ airship_config_site_path }}/{{ path }} 2>/dev/null |
|
|
kustomize cfg grep "metadata.name={{ item.spec.networkData.name }}"
|
|
register: netdata_command
|
|
failed_when: "netdata_command.stdout == ''"
|
|
environment:
|
|
KUSTOMIZE_PLUGIN_HOME: "/tmp"
|
|
KUSTOMIZE_ENABLE_ALPHA_COMMANDS: "true"
|
|
SOPS_IMPORT_PGP: "{{ airship_config_pgp }}"
|
|
with_items: "{{ bmh }}"
|
|
|
|
- name: get links from network data per BareMetalHost object
|
|
set_fact:
|
|
links: |
|
|
{{
|
|
netdata_command.results |
|
|
map(attribute='stdout')| map('from_yaml') |
|
|
map(attribute='stringData.networkData') | map('from_yaml') |
|
|
map(attribute='links') | list
|
|
}}
|
|
|
|
- name: define list of VM mac addresses and VM boot mode
|
|
set_fact:
|
|
vm_cfg: "{{ dict(['boot_mode', 'nat_mac', 'provision_mac'] | zip([item.spec.bootMode, nat_mac_list[0], item.spec.bootMACAddress])) }}"
|
|
vars:
|
|
nat_mac_list: |
|
|
{{
|
|
links[idx] |
|
|
rejectattr('ethernet_mac_address', 'undefined') |
|
|
selectattr('ethernet_mac_address', '!=', item.spec.bootMACAddress) |
|
|
map(attribute='ethernet_mac_address') | list
|
|
}}
|
|
failed_when: nat_mac_list | length == 0
|
|
loop: "{{ bmh }}"
|
|
loop_control:
|
|
index_var: idx
|
|
register: vm_cfg_fact
|
|
|
|
- set_fact:
|
|
"{{ name }}_vm_cfg": "{{ vm_cfg_fact.results | map(attribute='ansible_facts.vm_cfg') | list }}"
|