Skip to content
Snippets Groups Projects
Commit ab8eb09e authored by Bozidar Proevski's avatar Bozidar Proevski Committed by root
Browse files

Added new role for building the Docker images from scratch.

Added new role for building the CA for user and host certificates.
parent cbdbff71
No related branches found
No related tags found
No related merge requests found
Showing
with 343 additions and 56 deletions
...@@ -7,30 +7,21 @@ Installation ...@@ -7,30 +7,21 @@ Installation
------------ ------------
Edit soctools-inventory and add the desired docker containers to be deployed. The playbook has been tested on CentOS 7. Edit soctools-inventory and add the desired docker containers to be deployed. The playbook has been tested on CentOS 7.
Edit settings in group_vars/all/main.yml.
Run the ansible playbook: To build the Docker images needed, run the ansible playbook:
`ansible-playbook -i soctools-inventory buildimages.yml`
To build the CA needed for host and user certificates, run the ansible playbook:
`ansible-playbook -i soctools-inventory buildca.yml`
User certificates are exported in roles/ca/files/CA/private.
To start and stop the cluster, run the ansible playbook soctools.yml:
`ansible-playbook -i soctools-inventory soctools.yml -t start` to start the cluster. `ansible-playbook -i soctools-inventory soctools.yml -t start` to start the cluster.
`ansible-playbook -i soctools-inventory soctools.yml -t stop` to stop the cluster. `ansible-playbook -i soctools-inventory soctools.yml -t stop` to stop the cluster.
The NiFi interface should now be available on port 443 on the server. The NiFi interface should now be available on port 443 on the server.
This will install the following docker images:
* zookeeper:latest
* nginx:latest
* apache/nifi:latest
Building images
---------------
Images that are not offical Docker images can be built from scratch by running:
`ansible-playbook -i inventories/build/hosts.yml build_images.yml`
Edit the files under inventories/deploy/group_vars to specify that built images should be used. Currently only NiFi is built from scratch.
License License
------- -------
......
---
- name: Create containers
hosts: localhost
tasks:
- docker_container:
name: "{{ item }}"
image: "{{ base_image }}"
command: ["sleep", "1d"]
loop:
- nifi-image
- name: Configure NiFi container
hosts: nifi-image
vars:
- docker:
roles:
- name: nifi
- name: Create images
hosts: localhost
tasks:
- name: create a docker image from the container
command: "/usr/bin/docker commit
-c '{{ item.expose }}'
-c '{{ item.cmd }}'
{{ item.image }}
{{ item.name }}"
loop:
- { expose: 'EXPOSE 8080 8443 10000 8000', cmd: 'CMD [\"/opt/nifi/nifi-current/scripts/start.sh\", \"run\"]', image: 'nifi-image', name: 'nifi-soctools' }
- name: Save images to file
command: "/usr/bin/docker save -o {{ docker_image_path }}/{{ item }}.tar {{ item }}"
loop:
- nifi-soctools
\ No newline at end of file
---
- name: Build certification authority
hosts: dsldev
roles:
- ca
---
- name: Build docker images
hosts: dsldev
roles:
- build
--- ---
soctools_netname: "dslxnifinet" soctools_netname: "dslnifinet"
repo: gn43-dsl
version: 7
suffix: al
temp_root: "/tmp/centosbuild"
openjdk_img: "{{repo}}/openjdk:{{version}}{{suffix}}"
zookeeper_name: "dsoclab-zookeeper" zookeeper_name: "dsoclab-zookeeper"
zookeeper_img: "gn43-dsl/zookeeper:latest" zookeeper_img: "{{repo}}/zookeeper:{{version}}{{suffix}}"
nifi_img: "gn43-dsl/nifi:1.9.2-2s" nifi_img: "{{repo}}/nifi:{{version}}{{suffix}}"
nginx_name: "dsoclab-nginx" nginx_name: "dsoclab-nginx"
nginx_img: "gn43-dsl/nginx:latest" nginx_img: "{{repo}}/nginx:{{version}}{{suffix}}"
dslproxy: "dsldev.gn4-3-wp8-soc.sunet.se" dslproxy: "dsldev.gn4-3-wp8-soc.sunet.se"
kspass: "Testiranje"
tspass: "Testiranje" kspass: "Testing003"
tspass: "Testing003"
javamem: "384m"
ca_cn: "dsldev test ca"
nifiadmin:
- [ "Bozidar Proevski", "Pass001" ]
- [ "Arne Oslebo", "Pass002" ]
---
- name: Check for CentOS image
docker_image_info:
name: "{{repo}}/centos:{{version}}{{suffix}}"
register: centosimg
- name: Assert CentOS image
assert:
that: centosimg.images | length == 0
fail_msg: "CentOS image already exists"
- name: Create etc tree in build directory
file:
path: '{{ temp_root}}/{{ item.path }}'
state: directory
mode: '{{ item.mode }}'
with_filetree: templates/etcroot/
when: item.state == 'directory'
- name: Populate etc tree in build directory
template:
src: '{{ item.src }}'
dest: '{{ temp_root}}/{{ item.path }}'
force: yes
with_filetree: templates/etcroot
when: item.state == 'file'
- name: Create dev tree in build directory
command: mknod -m {{ item.mode }} {{ item.dev }} {{ item.type }} {{ item.major }} {{ item.minor }}
args:
creates: "{{ item.dev }}"
with_items:
- { mode: 600, dev: "{{temp_root}}/dev/console", type: c, major: 5, minor: 1 }
- { mode: 600, dev: "{{temp_root}}/dev/initctl", type: p, major: '', minor: '' }
- { mode: 666, dev: "{{temp_root}}/dev/full", type: c, major: 1, minor: 7 }
- { mode: 666, dev: "{{temp_root}}/dev/null", type: c, major: 1, minor: 3 }
- { mode: 666, dev: "{{temp_root}}/dev/ptmx", type: c, major: 5, minor: 2 }
- { mode: 666, dev: "{{temp_root}}/dev/random", type: c, major: 1, minor: 8 }
- { mode: 666, dev: "{{temp_root}}/dev/tty", type: c, major: 5, minor: 0 }
- { mode: 666, dev: "{{temp_root}}/dev/tty0", type: c, major: 4, minor: 0 }
- { mode: 666, dev: "{{temp_root}}/dev/urandom", type: c, major: 1, minor: 9 }
- { mode: 666, dev: "{{temp_root}}/dev/zero", type: c, major: 1, minor: 5 }
- name: Install centos-release in build directory
yum:
installroot: "{{ temp_root}}"
name: centos-release
state: present
- name: Install Core CentOS in build directory
yum:
installroot: "{{ temp_root}}"
name:
- "@Core"
- yum-plugin-ovl.noarch
- epel-release
state: present
- name: Clean yum cache
command: 'yum --installroot="{{ temp_root}}" -y clean all'
- name: Remove unneeded directories
file:
path: "{{temp_root}}/{{item}}"
state: absent
with_items:
- usr/lib/locale
- usr/share/locale
- usr/lib64/gconv
- usr/bin/localedef
- usr/sbin/build-locale-archive
- usr/share/cracklib
- usr/share/i18n
- var/cache/yum
- sbin/sln
- etc/ld.so.cache
- var/cache/ldconfig
- usr/share/backgrounds
- name: Create needed directories
file:
path: "{{temp_root}}/{{item}}"
state: directory
with_items:
- var/cache/yum
- var/cache/ldconfig
- name: Import image in docker
shell: tar --numeric-owner -c -C {{temp_root }} . | docker import - {{repo}}/centos:{{version}}{{suffix}}
- name: Remove temp directory
file:
path: "{{temp_root}}"
state: absent
---
- include: centos.yml
- include: nginx.yml
- include: openjdk.yml
- include: zookeeper.yml
- include: nifi.yml
---
- name: Configure the nginx Dockerfile
template:
src: nginx/Dockerfile.j2
dest: "{{role_path}}/files/nginxDockerfile"
- name: Build nginx image
command: docker build -t {{repo}}/nginx:{{version}}{{suffix}} -f {{role_path}}/files/nginxDockerfile {{role_path}}/files
---
- name: Configure the nifi Dockerfile
template:
src: nifi/Dockerfile.j2
dest: "{{role_path}}/files/nifiDockerfile"
- name: Build nifi image
command: docker build -t {{repo}}/nifi:{{version}}{{suffix}} -f {{role_path}}/files/nifiDockerfile {{role_path}}/files
---
- name: Configure the openjdk Dockerfile
template:
src: openjdk/Dockerfile.j2
dest: "{{role_path}}/files/openjdkDockerfile"
- name: Build openjdk image
command: docker build -t {{repo}}/openjdk:{{version}}{{suffix}} -f {{role_path}}/files/openjdkDockerfile {{role_path}}/files
---
- name: Configure the zookeeper Dockerfile
template:
src: zookeeper/Dockerfile.j2
dest: "{{role_path}}/files/zookeeperDockerfile"
- name: Build zookeeper image
command: docker build -t {{repo}}/zookeeper:{{version}}{{suffix}} -f {{role_path}}/files/zookeeperDockerfile {{role_path}}/files
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.5 (GNU/Linux)
mQINBFOn/0sBEADLDyZ+DQHkcTHDQSE0a0B2iYAEXwpPvs67cJ4tmhe/iMOyVMh9
Yw/vBIF8scm6T/vPN5fopsKiW9UsAhGKg0epC6y5ed+NAUHTEa6pSOdo7CyFDwtn
4HF61Esyb4gzPT6QiSr0zvdTtgYBRZjAEPFVu3Dio0oZ5UQZ7fzdZfeixMQ8VMTQ
4y4x5vik9B+cqmGiq9AW71ixlDYVWasgR093fXiD9NLT4DTtK+KLGYNjJ8eMRqfZ
Ws7g7C+9aEGHfsGZ/SxLOumx/GfiTloal0dnq8TC7XQ/JuNdB9qjoXzRF+faDUsj
WuvNSQEqUXW1dzJjBvroEvgTdfCJfRpIgOrc256qvDMp1SxchMFltPlo5mbSMKu1
x1p4UkAzx543meMlRXOgx2/hnBm6H6L0FsSyDS6P224yF+30eeODD4Ju4BCyQ0jO
IpUxmUnApo/m0eRelI6TRl7jK6aGqSYUNhFBuFxSPKgKYBpFhVzRM63Jsvib82rY
438q3sIOUdxZY6pvMOWRkdUVoz7WBExTdx5NtGX4kdW5QtcQHM+2kht6sBnJsvcB
JYcYIwAUeA5vdRfwLKuZn6SgAUKdgeOtuf+cPR3/E68LZr784SlokiHLtQkfk98j
NXm6fJjXwJvwiM2IiFyg8aUwEEDX5U+QOCA0wYrgUQ/h8iathvBJKSc9jQARAQAB
tEJDZW50T1MtNyBLZXkgKENlbnRPUyA3IE9mZmljaWFsIFNpZ25pbmcgS2V5KSA8
c2VjdXJpdHlAY2VudG9zLm9yZz6JAjUEEwECAB8FAlOn/0sCGwMGCwkIBwMCBBUC
CAMDFgIBAh4BAheAAAoJECTGqKf0qA61TN0P/2730Th8cM+d1pEON7n0F1YiyxqG
QzwpC2Fhr2UIsXpi/lWTXIG6AlRvrajjFhw9HktYjlF4oMG032SnI0XPdmrN29lL
F+ee1ANdyvtkw4mMu2yQweVxU7Ku4oATPBvWRv+6pCQPTOMe5xPG0ZPjPGNiJ0xw
4Ns+f5Q6Gqm927oHXpylUQEmuHKsCp3dK/kZaxJOXsmq6syY1gbrLj2Anq0iWWP4
Tq8WMktUrTcc+zQ2pFR7ovEihK0Rvhmk6/N4+4JwAGijfhejxwNX8T6PCuYs5Jiv
hQvsI9FdIIlTP4XhFZ4N9ndnEwA4AH7tNBsmB3HEbLqUSmu2Rr8hGiT2Plc4Y9AO
aliW1kOMsZFYrX39krfRk2n2NXvieQJ/lw318gSGR67uckkz2ZekbCEpj/0mnHWD
3R6V7m95R6UYqjcw++Q5CtZ2tzmxomZTf42IGIKBbSVmIS75WY+cBULUx3PcZYHD
ZqAbB0Dl4MbdEH61kOI8EbN/TLl1i077r+9LXR1mOnlC3GLD03+XfY8eEBQf7137
YSMiW5r/5xwQk7xEcKlbZdmUJp3ZDTQBXT06vavvp3jlkqqH9QOE8ViZZ6aKQLqv
pL+4bs52jzuGwTMT7gOR5MzD+vT0fVS7Xm8MjOxvZgbHsAgzyFGlI1ggUQmU7lu3
uPNL0eRx4S1G4Jn5
=OGYX
-----END PGP PUBLIC KEY BLOCK-----
NETWORKING=yes
HOSTNAME=localhost.localdomain
[main]
cachedir=/var/cache/yum/$basearch/$releasever
keepcache=0
debuglevel=2
logfile=/var/log/yum.log
exactarch=1
obsoletes=1
gpgcheck=1
plugins=1
installonly_limit=5
bugtracker_url=http://bugs.centos.org/set_project.php?project_id=23&ref=http://bugs.centos.org/bug_report_page.php?category=yum
distroverpkg=centos-release
tsflags=nodocs
group_package_types=mandatory
# This is the default, if you make this bigger yum won't see if the metadata
# is newer on the remote and so you'll "gain" the bandwidth of not having to
# download the new metadata and "pay" for it by yum not having correct
# information.
# It is esp. important, to have correct metadata, for distributions like
# Fedora which don't keep old packages around. If you don't like this checking
# interupting your command line usage, it's much better to have something
# manually check the metadata once an hour (yum-updatesd will do this).
# metadata_expire=90m
# PUT YOUR REPOS HERE OR IN separate files named file.repo
# in /etc/yum.repos.d
# CentOS-Base.repo
#
# The mirror system uses the connecting IP address of the client and the
# update status of each mirror to pick mirrors that are updated to and
# geographically close to the client. You should use this for CentOS updates
# unless you are manually picking other mirrors.
#
# If the mirrorlist= does not work for you, as a fall back you can try the
# remarked out baseurl= line instead.
#
#
[base]
name=CentOS-$releasever - Base
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
#released updates
[updates]
name=CentOS-$releasever - Updates
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/extras/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
# CentOS-CR.repo
#
# The Continuous Release ( CR ) repository contains rpms that are due in the next
# release for a specific CentOS Version ( eg. next release in CentOS-7 ); these rpms
# are far less tested, with no integration checking or update path testing having
# taken place. They are still built from the upstream sources, but might not map
# to an exact upstream distro release.
#
# These packages are made available soon after they are built, for people willing
# to test their environments, provide feedback on content for the next release, and
# for people looking for early-access to next release content.
#
# The CR repo is shipped in a disabled state by default; its important that users
# understand the implications of turning this on.
#
# NOTE: We do not use a mirrorlist for the CR repos, to ensure content is available
# to everyone as soon as possible, and not need to wait for the external
# mirror network to seed first. However, many local mirrors will carry CR repos
# and if desired you can use one of these local mirrors by editing the baseurl
# line in the repo config below.
#
[cr]
name=CentOS-$releasever - cr
baseurl=http://mirror.centos.org/centos/$releasever/cr/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
enabled=0
# CentOS-Debug.repo
#
# The mirror system uses the connecting IP address of the client and the
# update status of each mirror to pick mirrors that are updated to and
# geographically close to the client. You should use this for CentOS updates
# unless you are manually picking other mirrors.
#
# All debug packages from all the various CentOS-7 releases
# are merged into a single repo, split by BaseArch
#
# Note: packages in the debuginfo repo are currently not signed
#
[base-debuginfo]
name=CentOS-7 - Debuginfo
baseurl=http://debuginfo.centos.org/7/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-Debug-7
enabled=0
#
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment