|
---
|
|
# Playbook to provision and manage Pulp Instances for Artifact Management
|
|
|
|
# Requires:
|
|
# (https://pulp-installer.readthedocs.io/en/latest/#system-requirements)
|
|
# 1. A bootstrapped VM cloned from "busterbasebox" in the Engineering VMWare cluster.
|
|
# See ./bootstrap-buster-base-box.yml for details.
|
|
# 2. Ansible Roles Installed via Galaxy using `$ ansible-galaxy install -r requirements-pulp.yml`
|
|
# 3. Ansible Collection Installed via Galaxy using `$ ansible-galaxy install -r requirements-pulp.yml`
|
|
|
|
# Run like this:
|
|
#
|
|
# ansible-playbook \
|
|
# pulp.yml \
|
|
# --limit <my-pulp-hostname> \
|
|
# --user ansible \
|
|
# --ask-pass \ # else ssh-copy-id your public ssh key to ansible@<my-pulp-hostname>
|
|
# --ask-vault-pass # else shove the vault passwd in a protected file and use --vault-password-file
|
|
|
|
# This playbook builds upon the Engineering Services playbook template
|
|
# Check imported playbook content before adding it here.
|
|
#- import_playbook: engineering-services-tmplt.yml
|
|
|
|
- name: "Install packages we want on every Pulp instance"
|
|
become: true
|
|
hosts: engineering_services_pulp
|
|
gather_facts: true
|
|
tasks:
|
|
- name: Install packages we want on every Pulp instance
|
|
package:
|
|
name:
|
|
- curl
|
|
|
|
- name: Configure admin group
|
|
become: true
|
|
hosts: engineering_services_pulp
|
|
gather_facts: true
|
|
tasks:
|
|
- name: Create admin group
|
|
group:
|
|
name: admin
|
|
|
|
- name: Configure admin user
|
|
become: true
|
|
hosts: engineering_services_pulp
|
|
gather_facts: true
|
|
vars:
|
|
# TODO: define these as inventory variable (standard for all machines?) so it can move out of playbook task blocks
|
|
tasks:
|
|
- debug: var=ansible_fqdn
|
|
- name: Configure admin user account
|
|
user:
|
|
name: admin
|
|
groups:
|
|
- admin
|
|
|
|
- name: Install Pulp
|
|
hosts: engineering_services_pulp
|
|
gather_facts: true
|
|
vars:
|
|
# Main Pulp Role Variables
|
|
# https://github.com/pulp/pulp_installer/tree/3.4.1/roles/pulp#role-variables
|
|
pulp_settings:
|
|
secret_key: "4+994i6bp2o%v0^&v%)yweptaup)vrrs1+154kvzvxxy4o4qr0"
|
|
#secret_key: !vault |
|
|
# $ANSIBLE_VAULT;1.1;AES256
|
|
# 38383631633236306565616334663761363134613835323839653962323930616639656333653865
|
|
# 3264363735643430626361383132653632316139396364370a613566396133393430663962666261
|
|
# 35356165663639613535383563366638663635326662343133353339343262646265316630616162
|
|
# 6337346131303833610a663232633339306231613738653233646466383638333934393765373034
|
|
# 63346437343834653964366666333061303634313864333031323735326134626432626535613436
|
|
# 62643731343836626436383438643862396166636263646330646332633637363765623866343733
|
|
# 616635326537346163646564653134386666
|
|
content_origin: "http://{{ ansible_fqdn }}:8080"
|
|
pulp_install_plugins:
|
|
pulp-ansible: {}
|
|
pulp-container: {}
|
|
pulp-deb: {}
|
|
pulp-file: {}
|
|
pulp-python: {}
|
|
pulp_default_admin_password: !vault |
|
|
$ANSIBLE_VAULT;1.1;AES256
|
|
35636365316538376363643965323035306461643239306433353665623438633535633763613662
|
|
6266346236393736616532636230393136303966383339310a306563323838326431386432626465
|
|
30316164383265303932643865323033623938656136306665356665336262613233653866386165
|
|
3164396261326563640a613464353364656130396333613531383864323434316533663932303766
|
|
3938
|
|
pulp_api_bind: "{{ ansible_fqdn }}"
|
|
pulp_api_workers: 4 # defaults to 1
|
|
|
|
# Pulp Content Role Variables
|
|
# https://github.com/pulp/pulp_installer/tree/3.4.1/roles/pulp_content#pulp_content
|
|
# pulp_content_bind: # Defaults to 127.0.0.1:24816
|
|
|
|
# Pulp Database Role Variables
|
|
# https://github.com/pulp/pulp_installer/tree/3.4.1/roles/pulp_database
|
|
# None
|
|
|
|
# Pulp Resource Manager Role Variables
|
|
# https://github.com/pulp/pulp_installer/tree/3.4.1/roles/pulp_resource_manager
|
|
# pulp_resouce_manager_state: # defaults to started
|
|
# pulp_resouce_manager_enabled: # defaults to true
|
|
|
|
# Pulp Webserver Role Variables
|
|
# https://github.com/pulp/pulp_installer/tree/3.4.1/roles/pulp_webserver
|
|
# pulp_webserver_server: # defauls to nginx
|
|
# pulp_content_port: # defaults to 24816
|
|
# pulp_content_host: # defaults to localhost
|
|
# pulp_api_port: # defaults to 24817
|
|
# pulp_api_host: # defaults to localhost
|
|
# pulp_configure_firewall: # defaults to auto, which is same as firewalld. Change to none to disable.
|
|
|
|
# Pulp Workers Role Variables
|
|
# https://github.com/pulp/pulp_installer/tree/3.4.1/roles/pulp_workers
|
|
# TODO: how is this different from pulp_api_workers in the main Pulp Role??
|
|
# pulp_workers: 4 # defaults to 2
|
|
|
|
pre_tasks:
|
|
# The version string below is the highest of all those in roles' metadata:
|
|
# "min_ansible_version". It needs to be kept manually up-to-date.
|
|
- name: Verify Ansible meets min required version
|
|
assert:
|
|
that: "ansible_version.full is version_compare('2.8', '>=')"
|
|
msg: >
|
|
"You must update Ansible to at least 2.8 to use this version of Pulp 3 Installer."
|
|
roles:
|
|
# pulp_installer 3.5.0 now uses pulp_all_services
|
|
- pulp_all_services
|
|
# pulp_installer 3.4.1 specified each role separately
|
|
# - pulp_database
|
|
# - pulp_workers
|
|
# - pulp_resource_manager
|
|
# - pulp_webserver
|
|
# - pulp_content
|
|
environment:
|
|
DJANGO_SETTINGS_MODULE: pulpcore.app.settings
|
.