├── .gitignore
├── 34.74.127.151
└── etc
│ └── nginx
│ └── nginx.conf
├── CONTRIBUTING.md
├── LICENSE
├── README-ansible-configuration.md
├── README-ansible-inventory.md
├── README-configure-ansible.md
├── README-credentials.md
├── README-runtime-attributes.yml
├── README.md
├── infrastructure
├── README.md
├── backup-ansible-controller
│ ├── README.md
│ ├── ansible.cfg
│ ├── backup.yml
│ └── requirements.yml
├── bastion-host-proxy
│ ├── acme-letsencrypt-issue.yml
│ └── install.yml
├── clean-ansible
│ └── clean.yml
├── configure-ssh-login
│ ├── README.md
│ └── configure-ssh-user.yml
├── download-offline-packages
│ ├── README.md
│ └── offline-download.yml
├── gce-management
│ ├── .gitignore
│ ├── CONTRIBUTING.md
│ ├── LICENSE
│ ├── README.md
│ ├── apigee-edge-tf
│ │ ├── 5-node
│ │ │ ├── main.tf
│ │ │ ├── output.tf
│ │ │ ├── provider.tf
│ │ │ └── variable.tf
│ │ ├── aio
│ │ │ ├── main.tf
│ │ │ ├── output.tf
│ │ │ ├── provider.tf
│ │ │ └── variable.tf
│ │ ├── dc-2
│ │ │ ├── main.tf
│ │ │ ├── output.tf
│ │ │ ├── provider.tf
│ │ │ └── variable.tf
│ │ ├── dc-3
│ │ │ ├── main.tf
│ │ │ ├── output.tf
│ │ │ ├── provider.tf
│ │ │ └── variable.tf
│ │ ├── dev
│ │ │ ├── main.tf
│ │ │ ├── output.tf
│ │ │ ├── provider.tf
│ │ │ └── variable.tf
│ │ ├── example-pilot
│ │ │ ├── main.tf
│ │ │ ├── output.tf
│ │ │ ├── provider.tf
│ │ │ └── variable.tf
│ │ ├── gce-create.yml
│ │ ├── gce-destroy.yml
│ │ ├── modules
│ │ │ ├── apigeenet-firewalls-protocol-only
│ │ │ │ ├── main.tf
│ │ │ │ └── variables.tf
│ │ │ ├── apigeenet-firewalls-protocol-with-ports
│ │ │ │ ├── main.tf
│ │ │ │ └── variables.tf
│ │ │ ├── apigeenet-instance-group-manager
│ │ │ │ ├── main.tf
│ │ │ │ ├── output.tf
│ │ │ │ └── variable.tf
│ │ │ ├── external-instance
│ │ │ │ ├── main.tf
│ │ │ │ ├── output.tf
│ │ │ │ └── variable.tf
│ │ │ ├── infrastructure
│ │ │ │ ├── main.tf
│ │ │ │ ├── output.tf
│ │ │ │ ├── provider.tf
│ │ │ │ └── variable.tf
│ │ │ └── internal-instance
│ │ │ │ ├── main.tf
│ │ │ │ └── variable.tf
│ │ ├── prod
│ │ │ ├── main.tf
│ │ │ ├── output.tf
│ │ │ ├── provider.tf
│ │ │ └── variable.tf
│ │ └── sandbox-pilot
│ │ │ ├── main.tf
│ │ │ ├── output.tf
│ │ │ ├── provider.tf
│ │ │ └── variable.tf
│ ├── gce-ansible-config.yml
│ ├── gce-create-instances.yml
│ ├── gce-dependencies.yml
│ ├── gce-dynamic
│ │ ├── create-bastion-host.yml
│ │ ├── create-instance-literal.yml
│ │ ├── create-instance.yml
│ │ ├── create-template.yml
│ │ ├── create.yml
│ │ ├── remove.yml
│ │ ├── requirements.yml
│ │ └── shared-properties.yml
│ ├── gce-properties.yml
│ ├── gce-remove.yml
│ ├── performance-testing
│ │ └── perf-test.sh
│ ├── pip-requirements.txt
│ └── templates
│ │ └── gce.ini.j2
├── mirror
│ ├── README.md
│ ├── collect-attributes.yml
│ ├── configure-nginx-mirror.yml
│ ├── create-archive.yml
│ ├── download-archive.yml
│ ├── install-archive.yml
│ ├── nginx-mirror.yml
│ ├── requirements.yml
│ └── upload-mirror.yml
├── port-requirements
│ ├── check.yml
│ └── requirements.yml
├── response-file-generator
│ ├── generate.yml
│ └── requirements.yml
├── setup-ansible-offline
│ ├── ansible.cfg
│ ├── requirements.yml
│ ├── setup-offline-attributes.yml
│ └── setup-offline.yml
├── ssh-bastion-host
│ ├── bastion_host_attribute.yml
│ ├── configure-bastion-config.yml
│ ├── configure-proxycommand.yml
│ └── requirements.yml
└── ssh-tunnels
│ ├── requirements.yml
│ └── tunnel.yml
├── installations
├── README.md
├── aio
│ ├── README.md
│ ├── install.yml
│ └── requirements.yml
├── devportal
│ ├── README.md
│ ├── install.yml
│ └── requirements.yml
├── edge-microgateway
│ ├── README.md
│ └── install.yml
└── multi-node
│ ├── README.md
│ ├── install-optimized.yml
│ ├── install.yml
│ └── requirements.yml
├── post-installation
├── README.md
├── add
│ └── add-components
│ │ ├── README-add-rmp-to-custom-pod.md
│ │ ├── add-rmp-to-custom-pod.yml
│ │ ├── alpha
│ │ ├── add-message-processsor.yml
│ │ ├── add-postgres-standby.yml
│ │ └── add-router.yml
│ │ └── requirements.yml
├── apigee-user
│ ├── README.md
│ ├── requirements.yml
│ └── update.yml
├── backup
│ ├── .gitignore
│ ├── CONTRIBUTING.md
│ ├── LICENSE
│ ├── README.md
│ ├── backup.yml
│ ├── requirements.yml
│ └── restore.yml
├── cassandra-rebuild
│ ├── rebuild.yml
│ └── requirements.yml
├── debug-mode
│ ├── README.md
│ ├── debug.yml
│ └── requirements.yml
├── download-logs
│ ├── README.md
│ ├── download.yml
│ └── requirements.yml
├── expand-planet-regions
│ ├── install.yml
│ └── requirements.yml
├── manage-virtual-hosts
│ ├── create-vh.yml
│ └── requirements.yml
├── monetization
│ ├── install.yml
│ └── requirements.yml
├── remove
│ ├── remove-components
│ │ ├── remove-analytics.yml
│ │ ├── remove-apigee.yml
│ │ ├── remove-cassandra.yml
│ │ ├── remove-component.yml
│ │ ├── remove-message-processsor.yml
│ │ ├── remove-router.yml
│ │ ├── remove-zookeeper.yml
│ │ └── requirements.yml
│ ├── remove-environment
│ │ ├── remove-all-environments.yml
│ │ ├── remove-environment.yml
│ │ └── requirements.yml
│ ├── remove-pods
│ │ └── remove-all-pods.yml
│ ├── remove-servers
│ │ ├── delete-servers-by-environment.yml
│ │ ├── remove.yml
│ │ └── requirements.yml
│ └── remove-virtualhosts
│ │ ├── remove.yml
│ │ └── requirements.yml
├── restart-planet
│ ├── README.md
│ ├── requirements.yml
│ ├── restart-apigee-components.yml
│ └── restart-apigee-servers.yml
├── teams
│ └── enable-teams-on-org.yml
├── unlock-edge-user-account
│ └── apigee-openldap.yml
├── update-analytics-scope
│ ├── requirements.yml
│ └── update.yml
├── update-customer-properties
│ ├── requirements.yml
│ └── update.yml
├── upgrade
│ ├── requirements.yml
│ └── upgrade.yml
├── validations
│ ├── README.md
│ ├── analytics
│ │ ├── README.md
│ │ ├── requirements.yml
│ │ └── validate.yml
│ ├── cassandra
│ │ ├── requirements.yml
│ │ └── validate.yml
│ ├── ldap
│ │ ├── requirements.yml
│ │ └── validate.yml
│ ├── qpid
│ │ └── validate.yml
│ ├── rmp
│ │ ├── requirements.yml
│ │ └── validate.yml
│ └── zookeeper
│ │ └── validate.yml
└── zookeeper
│ └── collect.yml
└── setup
├── README.md
├── ansible.cfg
├── archive
├── README-CONTROL-SERVER-SYSTEM-PACKAGES.md
├── README-CUSTOM-PROPERTIES.md
├── README-CYGWIN.md
├── README-EC2.md
├── README-FEATURES.md
├── README-INVENTORY-FILE.md
├── README-ORIGINAL.md
├── README-credentials.md
├── README.md
├── __init__.py
├── ansible-pip-requirements.txt
├── control-server.yml
├── install-system-packages.yml
├── library
│ ├── __init__.py
│ ├── cache.py
│ └── opdk_server_self.py
├── private-bitbucket-repository-create-update.yml
├── private-bitbucket-repository-remove.yml
├── private-github-repository-create-update.yml
├── private-gitlab-repository-create-update.yml
├── private-repository-user-list.yml
├── repository-custom-properties.yml
├── repository-mapping-name-folder.yml
├── resources
│ ├── ansible.cfg.j2
│ ├── credentials.yml
│ ├── custom-properties.yml
│ └── pip.conf.j2
├── setup-apigee-license.yml
├── setup-base.yml
├── setup-ec2.yml
├── setup-workspace.yml
├── setup.yml
└── update-git-remote-origin.yml
├── inventory
└── controller
├── requirements.yml
├── setup.sh
└── setup.yml
/.gitignore:
--------------------------------------------------------------------------------
1 | # Byte-compiled / optimized / DLL files
2 | __pycache__/
3 | *.py[cod]
4 | *$py.class
5 |
6 | # C extensions
7 | *.so
8 |
9 | # Distribution / packaging
10 | .Python
11 | env/
12 | build/
13 | develop-eggs/
14 | dist/
15 | downloads/
16 | eggs/
17 | .eggs/
18 | lib/
19 | lib64/
20 | parts/
21 | sdist/
22 | var/
23 | *.egg-info/
24 | .installed.cfg
25 | *.egg
26 |
27 | # PyInstaller
28 | # Usually these files are written by a python script from a template
29 | # before PyInstaller builds the exe, so as to inject date/other infos into it.
30 | *.manifest
31 | *.spec
32 |
33 | # Installer logs
34 | pip-log.txt
35 | pip-delete-this-directory.txt
36 |
37 | # Unit test / coverage reports
38 | htmlcov/
39 | .tox/
40 | .coverage
41 | .coverage.*
42 | .cache
43 | nosetests.xml
44 | coverage.xml
45 | *,cover
46 | .hypothesis/
47 |
48 | # Translations
49 | *.mo
50 | *.pot
51 |
52 | # Django stuff:
53 | *.log
54 | local_settings.py
55 |
56 | # Flask stuff:
57 | .webassets-cache
58 |
59 | # Scrapy stuff:
60 | .scrapy
61 |
62 | # Sphinx documentation
63 | docs/_build/
64 |
65 | # PyBuilder
66 | target/
67 |
68 | # IPython Notebook
69 | .ipynb_checkpoints
70 |
71 | # pyenv
72 | .python-version
73 |
74 | # celery beat schedule file
75 | celerybeat-schedule
76 |
77 | # dotenv
78 | .env
79 |
80 | # virtualenv
81 | venv/
82 | ENV/
83 |
84 | # Spyder project settings
85 | .spyderproject
86 |
87 | # Rope project settings
88 | .ropeproject
89 |
90 | .vagrant
91 | *.iml
92 | archives
93 | .DS_Store
94 | ssh_keys
95 | ansible.log
96 | *.zip
97 | license.txt
98 | *.log
99 | *.tar.gz
100 | *.rpm
101 | *.tar
102 | ansible_fact_cache_dir
103 | *jar
104 | .ansible_cache*
105 | configs_and_logs
106 | redhat-rhui.repo
107 | rhui-load-balancers.conf
108 | out
109 | .idea
110 | *iml
111 | *retry
112 | *.db
113 | *~
114 | backups
115 | ansible
116 | apigee
117 | apigee-secure
118 | setup/roles
119 | infrastructure/setup-ansible-offline/apigee-opdk-accelerator/*
120 | .terraform
121 | terraform*
122 | .apigee/.idea
123 |
--------------------------------------------------------------------------------
/CONTRIBUTING.md:
--------------------------------------------------------------------------------
1 | # How to Contribute
2 |
3 | We'd love to accept your patches and contributions to this project. There are
4 | just a few small guidelines you need to follow.
5 |
6 | ## Contributor License Agreement
7 |
8 | Contributions to this project must be accompanied by a Contributor License
9 | Agreement. You (or your employer) retain the copyright to your contribution;
10 | this simply gives us permission to use and redistribute your contributions as
11 | part of the project. Head over to to see
12 | your current agreements on file or to sign a new one.
13 |
14 | You generally only need to submit a CLA once, so if you've already submitted one
15 | (even if it was for a different project), you probably don't need to do it
16 | again.
17 |
18 | ## Code reviews
19 |
20 | All submissions, including submissions by project members, require review. We
21 | use GitHub pull requests for this purpose. Consult
22 | [GitHub Help](https://help.github.com/articles/about-pull-requests/) for more
23 | information on using pull requests.
--------------------------------------------------------------------------------
/README-ansible-configuration.md:
--------------------------------------------------------------------------------
1 | # Configure the Ansible OPDK Accelerator
2 |
3 | ## Overview
4 |
5 | The configuration of the Ansible OPDK Accelerator consists of updating Apigee Security Credentials, an
6 | [Ansible configuration file](README-configure-ansible.md) and an [Ansible inventory](README-ansible-inventory.md). Please note that this repository
7 | makes use of a modified layout from most Ansible projects. The layout has been modified to help address concerns with
8 | security and resource efficiency by making it easy to follow practices that enhance security without sacrificing
9 | resource efficiency.
10 |
11 | ## Steps to Configure Ansible OPDK Accelerator
12 |
13 | 1. Update the Ansible configuration as indicated in [Configure Ansible](README-configure-ansible.md).
14 | 1. Update the inventory template files as indicated in [Ansible Inventory](README-ansible-inventory.md).
15 |
16 | ## Ansible OPDK Accelerator Security Strategy
17 |
18 | The use of Ansible Vault is encouraged as a mechanism by which you may encrypt sensitive attributes. However it should
19 | be noted that the use of Ansible Vault is not sufficient without the context of additional conscientious practices that
20 | complete the security profile of the Ansible configuration. This repository enables conscientious security practices by
21 | moving sensitive folders and files into more secure hidden folders of the user home directory that are not a part of
22 | folders placed under source configuration management. This results in processes that make it easy to follow practices
23 | that enhance security.
24 |
25 | It should be noted that sensitive configuration files should also be properly stored and managed. The practices encouraged
26 | by the layout used in this repository make it easy for sensitive configuration files to be lost. Therefore a conscientious
27 | effort is required to ensure that sensitive configuration files are properly and securely stored.
28 |
29 | ## Ansible OPDK Accelerator Resource Strategy
30 |
31 | Ansible configurations can be provided by convention or with settings contained in Ansible configuration files. Ansible
32 | configurations provided by conventions are convenient for runtime configurations that are short lived or have a reduced
33 | scope. Ansible configuration files is appropriate when runtime configurations have a larger scope or have a greater
34 | impact due to the long term maintenance or support concerns that are addressed. This repository provides support for the
35 | large scope of installation, configuration and maintenance of Apigee Planets. Consequently, this framework configures
36 | Ansible configuration files so that logs, caches, inventory and roles can be located and shared across the different
37 | Apigee Planets that may be supported.
38 |
39 | ## Next Steps
40 |
41 | Please continue with the [next steps](README.md#usage-overview) in the process.
42 |
--------------------------------------------------------------------------------
/README-credentials.md:
--------------------------------------------------------------------------------
1 | # Configure Ansible OPDK Accelerator Credentials
2 |
3 | The credentials for the OPDK Accelerator are configured in the folder `~/.apigee-secure`. This folder contains the
4 | credentials to be used for the Apigee Planet in the file `credentials.yml`. This folder also contains the Apigee license
5 | material in a file named license.txt.
6 |
7 | # Required Credentials
8 |
9 | Please note that you are required to provide two sets of credentials. The first credential gives you access to the Apigee
10 | Software download site for the purpose of downloading Apigee Software. The second credential is the license material you
11 | received from Apigee that represents your license to use the Apigee software.
12 |
13 | ## Update the Apigee User Name and Apigee User Password
14 |
15 | Please update the `~/.apigee-secure/credentials.yml` file with the credentials you received credentials for the purpose
16 | of downloading Apigee software. The attributes `apigee_user_name` and `apigee_user_pass` should be updated with your
17 | Apigee credentials. Please update the attributes in the following section near the top of the file
18 | `~/.apigee-secure/credentials.yml`:
19 |
20 | # Apigee Repo or Apigee Mirror credentials
21 | apigee_repo_user: "{{ apigee_provided_or_confirmed_username }}"
22 | apigee_repo_password: "{{ apigee_provided_password }}"
23 |
24 | ## License Material
25 |
26 | The OPDK Accelerator expects to find the license material in the file `~/.apigee-secure/license.txt`. It is sufficient
27 | to create or update the file `~/.apigee-secure/license.txt` with a copy of the license material received from Apigee.
28 |
29 | # Credentials File
30 |
31 | The `~/.apigee/credentials.yml` file is heavily annotated. Please refer to this file to update the credentials you wish
32 | use on the platform. Please note that `apigee_user_name` and `apigee_user_pass` are credentials provided by Apigee and
33 | should be used as provided. It is expected that the remaining credentials would be reviewed and updated accordingly.
34 |
35 | ## Edge Administrative User
36 |
37 | Please note that the initial credentials for the Edge Administrative user are set to defaults that should be considered
38 | unsecure. These defaults are suitable for test scenarios that are short lived and not exposed externally. Please update
39 | the attributes `opdk_user_email` and `opdk_user_pass` when you are performing an installation to an environment that
40 | should be secured. Please update the attributes in the following section that appear near the top of the file
41 | `~/.apigee-secure/credentials.yml`:
42 |
43 | # Edge Admin User
44 | opdk_user_email: opdk@apigee.com
45 | opdk_user_pass: Apigee123!
46 |
--------------------------------------------------------------------------------
/README-runtime-attributes.yml:
--------------------------------------------------------------------------------
1 | # Configure Ansible OPDK Accelerator Runtime Attributes
2 |
3 | The OPDK Accelerator is heavily parameterized. This enables the playbook to isolate changes to the inventory definition
4 | and the runtime attributes file. The runtime attributes are found in the folder `~/.apigee/`. Please see the table below
5 | to learn where default settings are provided for your use.
6 |
7 |
8 | | Attribute Name | Attribute Description |
9 | | --- | ---|
10 |
--------------------------------------------------------------------------------
/infrastructure/README.md:
--------------------------------------------------------------------------------
1 | #### This purpose of this folder is to contain scripts that work with the infrastructure.
--------------------------------------------------------------------------------
/infrastructure/backup-ansible-controller/README.md:
--------------------------------------------------------------------------------
1 | # Apigee OPDK Ansible Controller Backup
2 |
3 | This folder also contains the playbook to backup the Ansible Control server using the
4 | [Apigee OPDK Setup Ansible Controller Backup](https://github.com/carlosfrias/apigee-opdk-setup-ansible-controller-backup)
5 | role. The [backup.yml](backup.yml) script backs up to either a default
6 | folder or a provided folder on your local file system. Please see
7 | [Apigee OPDK Setup Ansible Controller Backup](https://github.com/carlosfrias/apigee-opdk-setup-ansible-controller-backup)
8 | for details.
9 |
10 | # Usage Instructions
11 |
12 | A backup of a controller setup can be configured in the current directory:
13 |
14 | # Download the required roles to backup the Ansible controller
15 | ansible-galaxy install -r requirements.yml-f
16 |
17 | # Backup the Ansible controller
18 | ansible-playbook backup.yml
19 |
20 | ## Sample Usage to Backup to different local folder
21 |
22 | # Download the required roles to backup the Ansible controller
23 | ansible-galaxy install -r requirements.yml-f
24 |
25 | # Backup the Ansible controller
26 | ansible-playbook backup.yml -e target_download_folder=
27 |
28 |
29 |
30 |
31 |
32 |
--------------------------------------------------------------------------------
/infrastructure/backup-ansible-controller/ansible.cfg:
--------------------------------------------------------------------------------
1 | [defaults]
2 | inventory = inventory
3 | roles_path = roles
4 | private_key_file = ~/.ssh/id_rsa
5 | merge_multiple_cli_tags=True
6 | display_args_to_stdout = True
7 | timeout = 60
8 | host_key_checking = False
9 | forks = 10
10 | retry_files_enabled = False
11 | ansible_shell_type=sh
12 | module_name = shell
13 |
14 | [ssh_connection]
15 | #ssh_args = -o ControlMaster=auto -o ControlPersist=7200s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -q
16 | ssh_args = -q
17 | control_path=%(directory)s/ansible-ssh-%%h-%%p-%%r
18 |
--------------------------------------------------------------------------------
/infrastructure/backup-ansible-controller/backup.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Backup custom-properties, credentials and license files
3 | hosts: "{{ target_hosts }}"
4 |
5 | roles:
6 | - { role: apigee-opdk-setup-ansible-controller-backup }
7 |
8 |
--------------------------------------------------------------------------------
/infrastructure/backup-ansible-controller/requirements.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - src: https://github.com/carlosfrias/apigee-opdk-setup-ansible-controller-backup.git
3 |
4 | - src: https://github.com/carlosfrias/apigee-fetch-files.git
5 |
--------------------------------------------------------------------------------
/infrastructure/bastion-host-proxy/acme-letsencrypt-issue.yml:
--------------------------------------------------------------------------------
1 | - hosts: "host1"
2 | tasks:
3 |
4 | - name: "Create required directories in /etc/letsencrypt"
5 | file:
6 | path: "/etc/letsencrypt/{{ item }}"
7 | state: directory
8 | owner: root
9 | group: root
10 | mode: u=rwx,g=x,o=x
11 | with_items:
12 | - account
13 | - certs
14 | - csrs
15 | - keys
16 |
17 | - name: "Generate a Let's Encrypt account key"
18 | shell: "if [ ! -f {{ letsencrypt_account_key }} ]; then openssl genrsa 4096 | sudo tee {{ letsencrypt_account_key }}; fi"
19 |
20 | - name: "Generate Let's Encrypt private key"
21 | shell: "openssl genrsa 4096 | sudo tee /etc/letsencrypt/keys/{{ domain_name }}.key"
22 |
23 | - name: "Generate Let's Encrypt CSR"
24 | shell: "openssl req -new -sha256 -key /etc/letsencrypt/keys/{{ domain_name }}.key -subj \"/CN={{ domain_name }}\" -reqexts SAN -config <(cat /etc/ssl/openssl.cnf <(printf \"\n[SAN]\nsubjectAltName=DNS:{{ domain_name }},DNS:www.{{ domain_name }}\")) | sudo tee /etc/letsencrypt/csrs/{{ domain_name }}.csr"
25 | args:
26 | executable: /bin/bash
27 |
28 | - name: "Begin Let's Encrypt challenges"
29 | letsencrypt:
30 | acme_directory: "{{ acme_directory }}"
31 | acme_version: "{{ acme_version }}"
32 | account_key_src: "{{ letsencrypt_account_key }}"
33 | account_email: "{{ acme_email }}"
34 | terms_agreed: 1
35 | challenge: "{{ acme_challenge_type }}"
36 | csr: "{{ letsencrypt_csrs_dir }}/{{ domain_name }}.csr"
37 | dest: "{{ letsencrypt_certs_dir }}/{{ domain_name }}.crt"
38 | fullchain_dest: "{{ letsencrypt_certs_dir }}/fullchain_{{ domain_name }}.crt"
39 | remaining_days: 91
40 | register: acme_challenge_your_domain
41 |
42 | - name: "Create .well-known/acme-challenge directory"
43 | file:
44 | path: /var/www/html/.well-known/acme-challenge
45 | state: directory
46 | owner: root
47 | group: root
48 | mode: u=rwx,g=rx,o=rx
49 |
50 | - name: "Implement http-01 challenge files"
51 | copy:
52 | content: "{{ acme_challenge_your_domain['challenge_data'][item]['http-01']['resource_value'] }}"
53 | dest: "/var/www/html/{{ acme_challenge_your_domain['challenge_data'][item]['http-01']['resource'] }}"
54 | owner: root
55 | group: root
56 | mode: u=rw,g=r,o=r
57 | with_items:
58 | - "{{ domain_name }}"
59 | - "www.{{ domain_name }}"
60 |
61 | - name: "Complete Let's Encrypt challenges"
62 | letsencrypt:
63 | acme_directory: "{{ acme_directory }}"
64 | acme_version: "{{ acme_version }}"
65 | account_key_src: "{{ letsencrypt_account_key }}"
66 | account_email: "{{ acme_email }}"
67 | challenge: "{{ acme_challenge_type }}"
68 | csr: "{{ letsencrypt_csrs_dir }}/{{ domain_name }}.csr"
69 | dest: "{{ letsencrypt_certs_dir }}/{{ domain_name }}.crt"
70 | chain_dest: "{{ letsencrypt_certs_dir }}/chain_{{ domain_name }}.crt"
71 | fullchain_dest: "{{ letsencrypt_certs_dir }}/fullchain_{{ domain_name }}"
72 | data: "{{ acme_challenge_your_domain }}"
--------------------------------------------------------------------------------
/infrastructure/bastion-host-proxy/install.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Configure Bastion Host Proxy
3 | hosts: bastion
4 | gather_vars: false
5 |
6 | vars:
7 | os_packages:
8 | - epel-release
9 | - nginx
10 | - certbot
11 | tasks:
12 | - name: Update OS
13 | package:
14 | name: "{{ os_packages }}"
15 | state: present
16 |
17 | # - name: Certbot configuration still needed
--------------------------------------------------------------------------------
/infrastructure/clean-ansible/clean.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - hosts: localhost
3 | connection: local
4 | gather_facts: no
5 | vars:
6 | clean_dirs:
7 | - '~/.apigee/planet_resources'
8 | - '~/.ansible/roles'
9 | - '~/.ansible/tmp'
10 | - '~/.ansible/cache'
11 | vars_files:
12 | - ~/.apigee-secure/credentials.yml
13 | - ~/.apigee/custom-properties.yml
14 | tasks:
15 | - name: Clean all folders
16 | ignore_errors: yes
17 | file:
18 | path: '{{ item }}'
19 | state: absent
20 | with_items: "{{ clean_dirs }}"
21 | when: clean_scope is not defined
22 |
23 | - name: Clean roles folder only
24 | tags: ['roles']
25 | ignore_errors: yes
26 | file:
27 | path: '{{ item }}'
28 | state: absent
29 | with_items: "{{ clean_dirs[1] }}"
30 | when: clean_scope is defined and clean_scope | trim == "roles"
31 |
32 | - name: Clean cache folder only
33 | tags: ['cache']
34 | ignore_errors: yes
35 | file:
36 | path: '{{ item }}'
37 | state: absent
38 | with_items: "{{ clean_dirs[3] }}"
39 | when: clean_scope is defined and clean_scope | trim == "cache"
40 |
41 | - name: Recreate folders
42 | ignore_errors: yes
43 | tags: ['clean','roles']
44 | file:
45 | path: '{{ item }}'
46 | state: directory
47 | with_items: "{{ clean_dirs }}"
48 |
49 |
50 |
--------------------------------------------------------------------------------
/infrastructure/configure-ssh-login/README.md:
--------------------------------------------------------------------------------
1 | # Configure SSH Login
2 |
3 | This `configure-ssh-user.yml` playbook configures a user for access over SSH. This playbook can configure
4 | the `root` user so that SSH will permit the `root` user to login.
5 |
6 | # Usage Instructions
7 |
8 | ## Sample Usage
9 |
10 | Configure a user with SSH:
11 |
12 | # This will invoke the playbook. You will be prompted to type the SSH password for the remote login user provided.
13 | ansible-playbook configure-ssh-user.yml -u -k -e remote_user= -e target_hosts=
14 |
15 | ## Use a specific SSH pubkey
16 |
17 | Configure a user with SSH with a non-default ssh public key :
18 |
19 | # This will invoke the playbook. You will be prompted to type the SSH password for the remote login user provided.
20 | ansible-playbook configure-ssh-user.yml -u -k -e pubkey=~/.ssh/special-id_rsa.pub -e remote_user= -e target_hosts=
21 |
22 | ## Enable Root User SSH Login
23 |
24 | Configure the root user to enable root user login
25 |
26 | # This will invoke the playbook. You will be prompted to type the SSH password for the remote login user provided.
27 | ansible-playbook configure-ssh-user.yml -u -k -e pubkey=~/.ssh/special-id_rsa.pub -e remote_user=root -e target_hosts=
28 |
--------------------------------------------------------------------------------
/infrastructure/configure-ssh-login/configure-ssh-user.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Configure SSH for a remote user
3 | hosts: '{{ target_hosts }}'
4 | gather_facts: no
5 |
6 | vars:
7 | pubkey: '~/.ssh/id_rsa.pub'
8 | pvtkey: '~/.ssh/id_rsa'
9 | sshd_config: '/etc/ssh/sshd_config'
10 | sudoers: '/etc/sudoers.d/apigee-requiretty'
11 |
12 | tasks:
13 | - block:
14 | - name: Get current user if remote_user not provided
15 | shell: whoami
16 | register: whoami
17 |
18 | - name: Set remote_user
19 | set_fact:
20 | remote_user: "{{ whoami.stdout }}"
21 |
22 | - name: Determine state of public key
23 | stat:
24 | path: "{{ pubkey }}"
25 | register: pubkey_state
26 |
27 | delegate_to: localhost
28 |
29 | - block:
30 | - name: Assert availability of openssh
31 | yum:
32 | name: openssh
33 | state: present
34 |
35 | - name: Generate SSH keys
36 | shell: ssh-keygen -b 2048 -t rsa -f {{ pvtkey }} -q -N ""
37 | args:
38 | creates: "{{ pvtkey }}"
39 |
40 | delegate_to: localhost
41 | when: not pubkey_state.stat.exists
42 |
43 | - name: Assert state of public key
44 | stat:
45 | path: "{{ pubkey }}"
46 | register: pubkey_state
47 |
48 | - name: Set public keys as authorized keys on server
49 | tags: ['authorized-keys']
50 | authorized_key:
51 | user: '{{ ansible_user }}'
52 | state: present
53 | key: "{{ lookup('file', '{{ pubkey }}') }}"
54 | when: pubkey_state.stat.exists is defined
55 |
56 | - name: Copy keys to server
57 | tags: ['copy-keys']
58 | copy:
59 | src: "{{ item }}"
60 | dest: "~/.ssh/{{ item | basename }}"
61 | with_items:
62 | - "{{ pvtkey }}"
63 | - "{{ pubkey }}"
64 |
65 | - name: Enable root login over SSH
66 | tags: ['ssh']
67 | become: yes
68 | lineinfile:
69 | state: present
70 | dest: "{{ sshd_config }}"
71 | regexp: "{{ item.regexp }}"
72 | line: "{{ item.line}}"
73 | backrefs: yes
74 | create: yes
75 | with_items:
76 | - {regexp: '(^#)(PermitRootLogin yes)', line: '\2' }
77 | - {regexp: '(PermitRootLogin) no', line: '\1 yes' }
78 | notify:
79 | - Restart SSH service
80 |
81 | - name: Determine if sudoers config exists
82 | tags: ['sudo']
83 | become: true
84 | stat:
85 | path: "{{ sudoers }}"
86 | register: sudoers_state
87 |
88 | - name: Enable Root with no Password Prompt
89 | tags: ['sudo']
90 | become: true
91 | lineinfile:
92 | state: present
93 | dest: "{{ sudoers }}"
94 | regexp: "{{ item.regexp }}"
95 | line: "{{ item.line }}"
96 | backrefs: yes
97 | mode: 0740
98 | validate: '/usr/sbin/visudo -cf %s'
99 | with_items:
100 | - { regexp: '(^#)(Defaults.*requiretty)', line: "Defaults !requiretty" }
101 | - { regexp: '^root.*ALL=.*$', line: "root ALL=NOPASSWD: ALL" }
102 | when: sudoers_state.stat.exists
103 |
104 | handlers:
105 | - name: Restart SSH service
106 | become: true
107 | service:
108 | name: sshd
109 | state: restarted
110 |
--------------------------------------------------------------------------------
/infrastructure/download-offline-packages/README.md:
--------------------------------------------------------------------------------
1 | # Apigee Offline Package Download Helper
2 |
3 | ## Overview
4 |
5 | An Apigee offline installation typically requires that you manually download packages offline. This
6 | is usually a long and tedious process. During the creation of the Apigee Mirror you have the option
7 | of loading extra system packages (`archive_extra_packages`) into the repository archive. This
8 | playbook uses `archive_extra_packages` to immediately download packages from a mirror node to the
9 | control server running this script and then upload and install those packages on the Planet nodes.
10 | The use of the same properties as the Apigee Mirror creation playbook provides for a common
11 |
12 | ## Usage
13 |
14 | This playbook will make use of the same attributes used by the Apigee Mirror creation playbook so that
15 | you can immediately get the benefit of downloading missing system packages by using this playbook
16 | and leave behind an updated list of archives that are required.
17 |
18 | 1. Please update the `archive_extra_packages` attribute in the `~/.apigee/custom-properties.yml` file
19 | with the list of system packages that you need. An example will look like this:
20 |
21 |
22 | # Extra Yum Packages that should be transferred manually for an offline installation
23 | archive_extra_packages:
24 | - yum-utils
25 | - yum-plugin-priorities
26 | - libdb4-4.8*
27 | - boost-filesystem
28 |
29 | 1. Update `local_apigee_path` if you need to store the RPMs in a location other than `~/.apigee`
30 |
31 | 1. `ansible-playbook.yml offline-download.yml -e target_hosts=`
32 |
33 |
--------------------------------------------------------------------------------
/infrastructure/download-offline-packages/offline-download.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Download packages for manual installation
3 | hosts: "{{ target_hosts | default('localhost') }}"
4 | gather_facts: yes
5 | tags: ['download']
6 | vars:
7 | local_apigee_path: "{{ temp_local_apigee_path | default('~/.apigee') }}/resources/rpms"
8 | property_folders:
9 | - "~/.apigee"
10 | roles:
11 | - { role: apigee-opdk-modules }
12 | tasks:
13 | - name: Ensure download folder exists
14 | file:
15 | path: "{{ opdk_resources_path }}"
16 | state: directory
17 |
18 | - name: Update with Yum utilities
19 | tags: ['yum']
20 | become: true
21 | package:
22 | name: "yum-utils"
23 | state: present
24 |
25 | - name: Download os packages
26 | become: true
27 | shell: "{{ item }}"
28 | with_items:
29 | - "/usr/bin/yum reinstall --downloadonly --downloaddir={{ opdk_resources_path }} {{ archive_extra_packages | join(' ') }}"
30 | - "/usr/bin/yumdownloader --dest={{ opdk_resources_path }} {{ archive_extra_packages | join(' ') }}"
31 | - "/usr/bin/yumdownloader --dest={{ opdk_resources_path }} --resolve {{ archive_extra_packages | join(' ') }}"
32 |
33 | - name: Create list of actual RPM
34 | find:
35 | path: "{{ opdk_resources_path }}"
36 | pattern: "*.rpm"
37 | file_type: file
38 | register: package_names
39 |
40 | - name: Download RPMs
41 | fetch:
42 | src: "{{ item.path }}"
43 | dest: "{{ local_apigee_path }}/{{ item.path | basename }}"
44 | flat: yes
45 | with_items: "{{ package_names.files }}"
46 |
47 | - name: Upload downloaded packages to planet
48 | hosts: planet
49 | gather_facts: no
50 | tags: ['upload']
51 | vars:
52 | local_apigee_path: "{{ temp_local_apigee_path | default('~/.apigee') }}/resources/rpms"
53 | property_folders:
54 | - "~/.apigee"
55 | roles:
56 | - { role: apigee-opdk-modules, tags: ['cache'] }
57 | tasks:
58 | - name: Ensure target folder exists
59 | become: true
60 | file:
61 | path: "{{ apigee_home | default('/opt/apigee') }}/data/apigee-mirror/repos/thirdparty/7"
62 | state: directory
63 | owner: apigee
64 | group: apigee
65 |
66 | - name: Create list of actual rpm file names
67 | find:
68 | path: "{{ local_apigee_path }}"
69 | pattern: '*.rpm'
70 | file_type: file
71 | recurse: yes
72 | register: package_names
73 | delegate_to: 127.0.0.1
74 |
75 | - name: Upload yum packages
76 | become: true
77 | copy:
78 | src: "{{ item.path }}"
79 | dest: "{{ apigee_home | default('/opt/apigee') }}/data/apigee-mirror/repos/thirdparty/7"
80 | owner: apigee
81 | group: apigee
82 | with_items: "{{ package_names.files }}"
83 |
84 | - name: Yum install
85 | become: true
86 | yum:
87 | name: "{{ apigee_home | default('/opt/apigee') }}/data/apigee-mirror/repos/thirdparty/7/{{ item.path | basename }}"
88 | state: present
89 | disable_gpg_check: yes
90 | with_items: "{{ package_names.files }}"
91 |
92 |
--------------------------------------------------------------------------------
/infrastructure/gce-management/.gitignore:
--------------------------------------------------------------------------------
1 | generated
2 | files
3 | *.iml
4 | .terraform
5 | terraform
6 | *.tfstate*
7 | *.zip
8 |
9 |
--------------------------------------------------------------------------------
/infrastructure/gce-management/CONTRIBUTING.md:
--------------------------------------------------------------------------------
1 | # How to Contribute
2 |
3 | We'd love to accept your patches and contributions to this project. There are
4 | just a few small guidelines you need to follow.
5 |
6 | ## Contributor License Agreement
7 |
8 | Contributions to this project must be accompanied by a Contributor License
9 | Agreement. You (or your employer) retain the copyright to your contribution;
10 | this simply gives us permission to use and redistribute your contributions as
11 | part of the project. Head over to to see
12 | your current agreements on file or to sign a new one.
13 |
14 | You generally only need to submit a CLA once, so if you've already submitted one
15 | (even if it was for a different project), you probably don't need to do it
16 | again.
17 |
18 | ## Code reviews
19 |
20 | All submissions, including submissions by project members, require review. We
21 | use GitHub pull requests for this purpose. Consult
22 | [GitHub Help](https://help.github.com/articles/about-pull-requests/) for more
23 | information on using pull requests.
--------------------------------------------------------------------------------
/infrastructure/gce-management/README.md:
--------------------------------------------------------------------------------
1 |
2 |
3 | # Not Google Product Clause
4 |
5 | This is not an officially supported Google product.
6 |
7 |
8 | # How to Contribute
9 |
10 | We'd love to accept your patches and contributions to this project. Please review our [guidelines](CONTRIBUTING.md).
11 |
--------------------------------------------------------------------------------
/infrastructure/gce-management/apigee-edge-tf/5-node/output.tf:
--------------------------------------------------------------------------------
1 | output "apigeenet_self_link" {
2 | value = "${google_compute_network.apigeenet.self_link}"
3 | }
4 |
5 | //output "bastion_private_ip" {
6 | // value = "${module.apigee-bastion-vm.private_ip}"
7 | //}
8 | //
9 | //output "bastion_public_ip" {
10 | // value = "${module.apigee-bastion-vm.public_ip}"
11 | //}
12 |
13 |
--------------------------------------------------------------------------------
/infrastructure/gce-management/apigee-edge-tf/5-node/provider.tf:
--------------------------------------------------------------------------------
1 | provider "google" {
2 | credentials = "${file(var.credentials_file)}"
3 | project = "${var.gcp_project_name}"
4 | region = "${var.region}"
5 | }
6 |
--------------------------------------------------------------------------------
/infrastructure/gce-management/apigee-edge-tf/5-node/variable.tf:
--------------------------------------------------------------------------------
1 | variable "router_name" {
2 | default = "default"
3 | }
4 |
5 | variable "region" {
6 | default = "us-east1"
7 | }
8 |
9 | variable "zone" {
10 | default = "us-east1-b"
11 | }
12 |
13 | variable "image_name" {
14 | default = "centos-7"
15 | }
16 |
17 | variable "image_project" {
18 | default = "centos-cloud"
19 | }
20 |
21 | variable "machine_type" {
22 | default = "n1-standard-4"
23 | }
24 |
25 | variable "instance_scopes" {
26 | default = [
27 | "compute-rw",
28 | "storage-ro"
29 | ]
30 | }
31 |
32 | variable "dc_region" {
33 | default = "1"
34 | }
35 |
36 | variable "dc_1_ms_count" {
37 | default = 1
38 | }
39 |
40 | variable "dc_2_ms_count" {
41 | default = 0
42 | }
43 |
44 | variable "dc_1_ds_count" {
45 | default = 3
46 | }
47 |
48 | variable "dc_2_ds_count" {
49 | default = 0
50 | }
51 |
52 | variable "dc_1_rmp_count" {
53 | default = 2
54 | }
55 |
56 | variable "dc_2_rmp_count" {
57 | default = 0
58 | }
59 |
60 | variable "dc_1_qpid_count" {
61 | default = 2
62 | }
63 |
64 | variable "dc_2_qpid_count" {
65 | default = 0
66 | }
67 |
68 | variable "dc_1_pg_only_count" {
69 | default = 1
70 | }
71 |
72 | variable "dc_1_pgmaster_count" {
73 | default = 0
74 | }
75 |
76 | variable "dc_1_pgstandby_count" {
77 | default = 0
78 | }
79 |
80 | variable "dc_2_pgstandby_count" {
81 | default = 0
82 | }
83 |
84 | variable "credentials_file" {
85 | default = "~/.apigee-secure/sandbox/sandbox-default-service-account.json"
86 | }
87 |
88 | variable "gcp_project_name" {
89 | default = "sandbox-173316"
90 | }
91 |
92 | variable "service_account_email" {
93 | default = "736255665193-compute@developer.gserviceaccount.com"
94 | }
95 |
96 | variable "nat_dc_2_count" {
97 | default = "0"
98 | }
--------------------------------------------------------------------------------
/infrastructure/gce-management/apigee-edge-tf/aio/main.tf:
--------------------------------------------------------------------------------
1 | # Create the apigeenet network
2 | data "google_compute_network" "apigeenet" {
3 | name = "default"
4 | }
5 |
6 | # Create the apigeenet router
7 | resource "google_compute_router" "apigeenet-router" {
8 | name = "apigeenet-router"
9 | network = "${data.google_compute_network.apigeenet.self_link}"
10 | }
11 |
12 | # Create the gateway nat for the apigeenet-subnet-router
13 | resource "google_compute_router_nat" "apigeenet-subnet-nat" {
14 | name = "apigeenet-subnet-nat"
15 | router = "${google_compute_router.apigeenet-router.name}"
16 | region = "${var.region}"
17 | nat_ip_allocate_option = "AUTO_ONLY"
18 | source_subnetwork_ip_ranges_to_nat = "ALL_SUBNETWORKS_ALL_IP_RANGES"
19 | }
20 |
21 | module "configure_firewall_apigeenet_allow_mgmt_ui" {
22 | source = "../modules/apigeenet-firewalls-protocol-with-ports"
23 | firewall_name = "mgmt-ui"
24 | firewall_source_tags = ["mgmt-ui"]
25 | firewall_network = "${data.google_compute_network.apigeenet.self_link}"
26 | firewall_protocol = "tcp"
27 | firewall_ports = ["9000", "80", "8080", "9001"]
28 | firewall_source_ranges = ["10.0.0.0/8"]
29 | }
30 |
31 | module "configure_firewall_apigeenet_allow_icmp" {
32 | source = "../modules/apigeenet-firewalls-protocol-only"
33 | firewall_name = "apigeenet-allow-icmp"
34 | firewall_network = "${data.google_compute_network.apigeenet.self_link}"
35 | firewall_protocol = "icmp"
36 | firewall_source_ranges = ["10.0.0.0/8"]
37 | }
38 |
39 | module "configure_firewall_apigeenet_allow_ssh" {
40 | source = "../modules/apigeenet-firewalls-protocol-with-ports"
41 | firewall_name = "apigeenet-allow-ssh"
42 | firewall_source_tags = ["apigeenet-allow-ssh"]
43 | firewall_network = "${data.google_compute_network.apigeenet.self_link}"
44 | firewall_protocol = "tcp"
45 | firewall_ports = ["22"]
46 | firewall_source_ranges = ["10.0.0.0/8"]
47 | }
48 |
49 | module "configure_firewall_apigeenet_allow_ssh_public" {
50 | source = "../modules/apigeenet-firewalls-protocol-with-ports"
51 | firewall_name = "public-allow-ssh"
52 | firewall_source_tags = ["public-allow-ssh"]
53 | firewall_network = "${data.google_compute_network.apigeenet.self_link}"
54 | firewall_protocol = "tcp"
55 | firewall_ports = ["22"]
56 | firewall_source_ranges = ["0.0.0.0/0"]
57 | }
58 |
59 | resource "google_compute_instance" "bastion_instance" {
60 | name = "apigee-bastion"
61 | zone = "${var.zone}"
62 | machine_type = "${var.machine_type}"
63 | tags = ["apigeenet-allow-icmp", "public-allow-ssh"]
64 |
65 | boot_disk {
66 | initialize_params {
67 | image = "${var.image_name}"
68 | size = 60
69 | }
70 | }
71 |
72 | network_interface {
73 | network = "${data.google_compute_network.apigeenet.self_link}"
74 |
75 | access_config = {}
76 | }
77 |
78 | service_account {
79 | email = "${var.service_account_email}"
80 | scopes = "${var.instance_scopes}"
81 | }
82 | }
83 |
84 | resource "google_compute_instance" "aio_instance" {
85 | name = "planet-aio"
86 | zone = "${var.zone}"
87 | machine_type = "${var.machine_type}"
88 | tags = ["mgmt-ui", "http-server", "apigeenet-allow-icmp", "apigeenet-allow-ssh"]
89 |
90 | boot_disk {
91 | initialize_params {
92 | image = "${var.image_name}"
93 | size = 250
94 | }
95 | }
96 |
97 | network_interface {
98 | network = "${data.google_compute_network.apigeenet.self_link}"
99 | }
100 | }
101 |
--------------------------------------------------------------------------------
/infrastructure/gce-management/apigee-edge-tf/aio/output.tf:
--------------------------------------------------------------------------------
1 | output "apigeenet_self_link" {
2 | value = "${data.google_compute_network.apigeenet.self_link}"
3 | }
4 |
5 | output "bastion_ip" {
6 | value = "${google_compute_instance.bastion_instance.network_interface.0.network_ip}"
7 | }
8 |
--------------------------------------------------------------------------------
/infrastructure/gce-management/apigee-edge-tf/aio/provider.tf:
--------------------------------------------------------------------------------
1 | provider "google" {
2 | credentials = "${file(var.credentials_file)}"
3 | project = "${var.gcp_project_name}"
4 | region = "${var.region}"
5 | }
6 |
--------------------------------------------------------------------------------
/infrastructure/gce-management/apigee-edge-tf/aio/variable.tf:
--------------------------------------------------------------------------------
1 | variable "router_name" {
2 | default = "default"
3 | }
4 |
5 | variable "region" {
6 | default = ""
7 | // default = "us-east1"
8 | }
9 |
10 | variable "zone" {
11 | default = ""
12 | // default = "us-east1-b"
13 | }
14 |
15 | variable "image_name" {
16 | default = "centos-7"
17 | }
18 |
19 | variable "image_project" {
20 | default = "centos-cloud"
21 | }
22 |
23 | variable "machine_type" {
24 | default = "n1-standard-4"
25 | }
26 |
27 | variable "instance_scopes" {
28 | default = ["compute-rw", "storage-ro"]
29 | }
30 |
31 |
32 | variable "credentials_file" {
33 | // default = "~/.apigee-secure/sandbox-1f5fb288d552.json"
34 | default = ""
35 | }
36 |
37 | variable "gcp_project_name" {
38 | // default = "sandbox-173316"
39 | default = ""
40 | }
41 |
42 | variable "service_account_email" {
43 | // default = "736255665193-compute@developer.gserviceaccount.com"
44 | default = ""
45 | }
46 |
--------------------------------------------------------------------------------
/infrastructure/gce-management/apigee-edge-tf/dc-2/output.tf:
--------------------------------------------------------------------------------
1 | output "apigeenet_self_link" {
2 | value = "${google_compute_network.apigeenet.self_link}"
3 | }
4 |
5 | //output "bastion_private_ip" {
6 | // value = "${module.apigee-bastion-vm.private_ip}"
7 | //}
8 | //
9 | //output "bastion_public_ip" {
10 | // value = "${module.apigee-bastion-vm.public_ip}"
11 | //}
12 |
13 |
--------------------------------------------------------------------------------
/infrastructure/gce-management/apigee-edge-tf/dc-2/provider.tf:
--------------------------------------------------------------------------------
1 | provider "google" {
2 | credentials = "${file(var.credentials_file)}"
3 | project = "${var.gcp_project_name}"
4 | region = "${var.region}"
5 | }
6 |
--------------------------------------------------------------------------------
/infrastructure/gce-management/apigee-edge-tf/dc-2/variable.tf:
--------------------------------------------------------------------------------
1 | variable "router_name" {
2 | default = "default"
3 | }
4 |
5 | variable "region" {
6 | default = "us-east1"
7 | }
8 |
9 | variable "zone" {
10 | default = "us-east1-b"
11 | }
12 |
13 | variable "image_name" {
14 | default = "centos-7"
15 | }
16 |
17 | variable "image_project" {
18 | default = "centos-cloud"
19 | }
20 |
21 | variable "machine_type" {
22 | default = "n1-standard-4"
23 | }
24 |
25 | variable "instance_scopes" {
26 | default = [
27 | "compute-rw",
28 | "storage-ro"
29 | ]
30 | }
31 |
32 | variable "dc_region" {
33 | default = "1"
34 | }
35 |
36 | variable "ms_name" { }
37 | variable "ms_count" {
38 | default = 1
39 | }
40 |
41 | variable "ds_name" {}
42 |
43 | variable "ds_count" {
44 | default = 3
45 | }
46 |
47 | variable "rmp_name" {}
48 |
49 | variable "rmp_count" {
50 | default = 2
51 | }
52 |
53 | variable "qpid_name" {}
54 |
55 | variable "qpid_count" {
56 | default = 2
57 | }
58 |
59 | variable "pg_only_name" {}
60 |
61 | variable "pg_only_count" {
62 | default = 1
63 | }
64 |
65 | variable "pgmaster_name" {}
66 |
67 | variable "pgmaster_count" {
68 | default = 0
69 | }
70 |
71 | variable "pgstandby_name" {}
72 |
73 | variable "pgstandby_count" {
74 | default = 0
75 | }
76 |
77 | variable "dev_portal_name" {}
78 |
79 | variable "dev_portal_count" {
80 | default = 0
81 | }
82 |
83 | variable "credentials_file" {
84 | // default = "~/.apigee-secure/sandbox/sandbox-default-service-account.json"
85 | // default = "~/.apigee-secure/fedex-pilot/fedex-pilot-apigee-service-account.json"
86 | }
87 |
88 | variable "gcp_project_name" {
89 | // default = "sandbox-173316"
90 | // default = "fedex-pilot"
91 | }
92 |
93 | variable "service_account_email" {
94 | // default = "736255665193-compute@developer.gserviceaccount.com"
95 | // default = "apigee@fedex-pilot.iam.gserviceaccount.com"
96 | }
97 |
98 | variable "nat_dc_2_count" {
99 | default = "0"
100 | }
--------------------------------------------------------------------------------
/infrastructure/gce-management/apigee-edge-tf/dc-3/output.tf:
--------------------------------------------------------------------------------
1 | output "apigeenet_self_link" {
2 | value = "${google_compute_network.apigeenet.self_link}"
3 | }
4 |
5 | //output "bastion_private_ip" {
6 | // value = "${module.apigee-bastion-vm.private_ip}"
7 | //}
8 | //
9 | //output "bastion_public_ip" {
10 | // value = "${module.apigee-bastion-vm.public_ip}"
11 | //}
12 |
13 |
--------------------------------------------------------------------------------
/infrastructure/gce-management/apigee-edge-tf/dc-3/provider.tf:
--------------------------------------------------------------------------------
1 | provider "google" {
2 | credentials = "${file(var.credentials_file)}"
3 | project = "${var.gcp_project_name}"
4 | region = "${var.region}"
5 | }
6 |
--------------------------------------------------------------------------------
/infrastructure/gce-management/apigee-edge-tf/dc-3/variable.tf:
--------------------------------------------------------------------------------
1 | variable "router_name" {
2 | default = "default"
3 | }
4 |
5 | variable "region" {
6 | default = "us-east1"
7 | }
8 |
9 | variable "zone" {
10 | default = "us-east1-b"
11 | }
12 |
13 | variable "image_name" {
14 | default = "centos-7"
15 | }
16 |
17 | variable "image_project" {
18 | default = "centos-cloud"
19 | }
20 |
21 | variable "machine_type" {
22 | default = "n1-standard-4"
23 | }
24 |
25 | variable "instance_scopes" {
26 | default = [
27 | "compute-rw",
28 | "storage-ro"
29 | ]
30 | }
31 |
32 | variable "dc_region" {
33 | default = "1"
34 | }
35 |
36 | variable "ms_name" { }
37 | variable "ms_count" {
38 | default = 1
39 | }
40 |
41 | variable "ds_name" {}
42 |
43 | variable "ds_count" {
44 | default = 3
45 | }
46 |
47 | variable "rmp_name" {}
48 |
49 | variable "rmp_count" {
50 | default = 2
51 | }
52 |
53 | variable "qpid_name" {}
54 |
55 | variable "qpid_count" {
56 | default = 2
57 | }
58 |
59 | variable "pg_only_name" {}
60 |
61 | variable "pg_only_count" {
62 | default = 1
63 | }
64 |
65 | variable "pgmaster_name" {}
66 |
67 | variable "pgmaster_count" {
68 | default = 0
69 | }
70 |
71 | variable "pgstandby_name" {}
72 |
73 | variable "pgstandby_count" {
74 | default = 0
75 | }
76 |
77 | variable "dev_portal_name" {}
78 |
79 | variable "dev_portal_count" {
80 | default = 0
81 | }
82 |
83 | variable "credentials_file" {
84 | // default = "~/.apigee-secure/sandbox/sandbox-default-service-account.json"
85 | // default = "~/.apigee-secure/fedex-pilot/fedex-pilot-apigee-service-account.json"
86 | }
87 |
88 | variable "gcp_project_name" {
89 | // default = "sandbox-173316"
90 | // default = "fedex-pilot"
91 | }
92 |
93 | variable "service_account_email" {
94 | // default = "736255665193-compute@developer.gserviceaccount.com"
95 | // default = "apigee@fedex-pilot.iam.gserviceaccount.com"
96 | }
97 |
98 | variable "nat_dc_2_count" {
99 | default = "0"
100 | }
--------------------------------------------------------------------------------
/infrastructure/gce-management/apigee-edge-tf/dev/output.tf:
--------------------------------------------------------------------------------
1 | output "apigeenet_self_link" {
2 | value = "${google_compute_network.apigeenet.self_link}"
3 | }
4 |
5 | //output "bastion_private_ip" {
6 | // value = "${module.apigee-bastion-vm.private_ip}"
7 | //}
8 | //
9 | //output "bastion_public_ip" {
10 | // value = "${module.apigee-bastion-vm.public_ip}"
11 | //}
12 |
13 |
--------------------------------------------------------------------------------
/infrastructure/gce-management/apigee-edge-tf/dev/provider.tf:
--------------------------------------------------------------------------------
1 | provider "google" {
2 | credentials = "${file(var.credentials_file)}"
3 | project = "${var.gcp_project_name}"
4 | region = "${var.region}"
5 | }
6 |
--------------------------------------------------------------------------------
/infrastructure/gce-management/apigee-edge-tf/dev/variable.tf:
--------------------------------------------------------------------------------
1 | variable "router_name" {
2 | default = "default"
3 | }
4 |
5 | variable "region" {
6 | default = "us-east1"
7 | }
8 |
9 | variable "zone" {
10 | default = "us-east1-b"
11 | }
12 |
13 | variable "image_name" {
14 | default = "centos-7"
15 | }
16 |
17 | variable "image_project" {
18 | default = "centos-cloud"
19 | }
20 |
21 | variable "machine_type" {
22 | default = "n1-standard-4"
23 | }
24 |
25 | variable "instance_scopes" {
26 | default = [
27 | "compute-rw",
28 | "storage-ro"
29 | ]
30 | }
31 |
32 | variable "dc_region" {
33 | default = "1"
34 | }
35 |
36 | variable "ms_name" { }
37 | variable "ms_count" {
38 | default = 1
39 | }
40 |
41 | variable "ds_name" {}
42 |
43 | variable "ds_count" {
44 | default = 0
45 | }
46 |
47 | variable "rmp_name" {}
48 |
49 | variable "rmp_count" {
50 | default = 0
51 | }
52 |
53 | variable "qpid_name" {}
54 |
55 | variable "qpid_count" {
56 | default = 0
57 | }
58 |
59 | variable "pg_only_name" {}
60 |
61 | variable "pg_only_count" {
62 | default = 0
63 | }
64 |
65 | variable "pgmaster_name" {}
66 |
67 | variable "pgmaster_count" {
68 | default = 0
69 | }
70 |
71 | variable "pgstandby_name" {}
72 |
73 | variable "pgstandby_count" {
74 | default = 0
75 | }
76 |
77 | variable "dev_portal_name" {}
78 |
79 | variable "dev_portal_count" {
80 | default = 0
81 | }
82 |
83 | variable "credentials_file" { }
84 |
85 | variable "gcp_project_name" { }
86 |
87 | variable "service_account_email" {}
88 |
--------------------------------------------------------------------------------
/infrastructure/gce-management/apigee-edge-tf/example-pilot/output.tf:
--------------------------------------------------------------------------------
1 | output "apigeenet_self_link" {
2 | value = "${google_compute_network.apigeenet.self_link}"
3 | }
4 |
5 | //output "bastion_private_ip" {
6 | // value = "${module.apigee-bastion-vm.private_ip}"
7 | //}
8 | //
9 | //output "bastion_public_ip" {
10 | // value = "${module.apigee-bastion-vm.public_ip}"
11 | //}
12 |
13 |
--------------------------------------------------------------------------------
/infrastructure/gce-management/apigee-edge-tf/example-pilot/provider.tf:
--------------------------------------------------------------------------------
1 | provider "google" {
2 | credentials = "${file(var.credentials_file)}"
3 | project = "${var.gcp_project_name}"
4 | region = "${var.dc_1_gcp_region}"
5 | }
6 |
--------------------------------------------------------------------------------
/infrastructure/gce-management/apigee-edge-tf/modules/apigeenet-firewalls-protocol-only/main.tf:
--------------------------------------------------------------------------------
1 | # Add a firewall rule to allow HTTP, SSH, and RDP traffic on apigeenet
2 | resource "google_compute_firewall" "apigeenet-allow-firewall-protocol-only" {
3 | name = "${var.firewall_name}"
4 | network = "${var.firewall_network}"
5 |
6 | source_ranges = "${var.firewall_source_ranges}"
7 |
8 | allow {
9 | protocol = "${var.firewall_protocol}"
10 | }
11 | }
12 |
--------------------------------------------------------------------------------
/infrastructure/gce-management/apigee-edge-tf/modules/apigeenet-firewalls-protocol-only/variables.tf:
--------------------------------------------------------------------------------
1 | variable "firewall_name" {}
2 | variable "firewall_network" {}
3 |
4 | variable "firewall_source_ranges" {
5 | type = "list"
6 | }
7 |
8 | variable "firewall_protocol" {}
9 |
10 |
--------------------------------------------------------------------------------
/infrastructure/gce-management/apigee-edge-tf/modules/apigeenet-firewalls-protocol-with-ports/main.tf:
--------------------------------------------------------------------------------
1 | resource "google_compute_firewall" "apigeenet-allow-firewall-ports" {
2 | name = "${var.firewall_name}"
3 | count = "${length(var.firewall_ports) > 0 ? 1 : 0}"
4 | network = "${var.firewall_network}"
5 |
6 | source_ranges = "${var.firewall_source_ranges}"
7 | source_tags = "${var.firewall_source_tags}"
8 |
9 | allow {
10 | protocol = "${var.firewall_protocol}"
11 | ports = "${var.firewall_ports}"
12 | }
13 | }
14 |
--------------------------------------------------------------------------------
/infrastructure/gce-management/apigee-edge-tf/modules/apigeenet-firewalls-protocol-with-ports/variables.tf:
--------------------------------------------------------------------------------
1 | variable "firewall_name" {}
2 | variable "firewall_network" {}
3 |
4 | variable "firewall_source_ranges" {
5 | type = "list"
6 | }
7 |
8 | variable "firewall_protocol" {}
9 |
10 | variable "firewall_ports" {
11 | default = []
12 | }
13 |
14 | variable "firewall_source_tags" {
15 | type = "list"
16 | }
17 |
18 |
--------------------------------------------------------------------------------
/infrastructure/gce-management/apigee-edge-tf/modules/apigeenet-instance-group-manager/main.tf:
--------------------------------------------------------------------------------
1 | resource "google_compute_region_instance_group_manager" "apigeenet-ms-group-instance" {
2 | name = "${var.group_manager_name}"
3 | base_instance_name = "${google_compute_instance_template.apigeenet-base-instance-template.name}"
4 | region = "${var.instance_region}"
5 | instance_template = "${google_compute_instance_template.apigeenet-base-instance-template.self_link}"
6 | distribution_policy_zones = "${var.instance_distribution_policy_zones}"
7 | target_size = "${var.instance_count}"
8 |
9 | named_port {
10 | name = "${var.group_manager_port_name}"
11 | port = "${var.group_manager_port}"
12 | }
13 | }
14 |
15 | resource "google_compute_instance_template" "apigeenet-base-instance-template" {
16 | name = "${var.instance_name}"
17 | machine_type = "${var.machine_type}"
18 | can_ip_forward = false
19 | tags = "${var.instance_tags}"
20 |
21 | network_interface {
22 | network = "${var.instance_network}"
23 |
24 | }
25 |
26 | disk {
27 | auto_delete = true
28 | boot = true
29 |
30 | source_image = "${data.google_compute_image.apigeenet-base-system-image.self_link}"
31 | disk_size_gb = "${var.instance_size}"
32 | disk_type = "pd-ssd"
33 | }
34 | }
35 |
36 | data "google_compute_image" "apigeenet-base-system-image" {
37 | name = "centos-7-v20190423"
38 | project = "centos-cloud"
39 | }
40 |
--------------------------------------------------------------------------------
/infrastructure/gce-management/apigee-edge-tf/modules/apigeenet-instance-group-manager/output.tf:
--------------------------------------------------------------------------------
1 | output "instance_group" {
2 | value = "${google_compute_region_instance_group_manager.apigeenet-ms-group-instance.name}"
3 | }
4 |
--------------------------------------------------------------------------------
/infrastructure/gce-management/apigee-edge-tf/modules/apigeenet-instance-group-manager/variable.tf:
--------------------------------------------------------------------------------
1 | variable "instance_name" {}
2 |
3 | variable "group_manager_name" {}
4 |
5 | variable "instance_network" {}
6 |
7 | variable "instance_size" {
8 | default = 60
9 | }
10 |
11 | variable "instance_count" {
12 | default = 1
13 | }
14 |
15 | variable "instance_region" {
16 | default = "us-east1"
17 | }
18 |
19 | variable "instance_distribution_policy_zones" {
20 | default = ["us-east1-b"]
21 | }
22 |
23 | variable "group_manager_port" {}
24 | variable "group_manager_port_name" {}
25 |
26 | variable "instance_tags" {
27 | default = []
28 | }
29 |
30 | variable "machine_type" {
31 | default = "n1-standard-1"
32 | }
33 |
34 | //variable "ip_address" {}
35 |
36 |
--------------------------------------------------------------------------------
/infrastructure/gce-management/apigee-edge-tf/modules/external-instance/main.tf:
--------------------------------------------------------------------------------
1 | resource "google_compute_instance" "vm_instance" {
2 | name = "${var.instance_name}"
3 | zone = "${var.instance_zone}"
4 | machine_type = "${var.instance_type}"
5 | tags = "${var.instance_tags}"
6 | labels = {
7 | g-on-g-notify-ignore = true
8 | }
9 |
10 |
11 | boot_disk {
12 | initialize_params {
13 | image = "${var.instance_image}"
14 | size = "${var.instance_disk_size}"
15 | }
16 | }
17 |
18 | network_interface {
19 | network = "${var.instance_network}"
20 | access_config {}
21 | }
22 |
23 | service_account {
24 | email = "${var.service_account_email}"
25 | scopes = "${var.instance_scopes}"
26 | }
27 | }
28 |
--------------------------------------------------------------------------------
/infrastructure/gce-management/apigee-edge-tf/modules/external-instance/output.tf:
--------------------------------------------------------------------------------
1 |
2 | //output "private_ip" {
3 | // value = "${google_compute_instance.vm_instance.network_interface.0.network_ip}"
4 | //}
5 |
6 | //output "public_ip" {
7 | // value = "${google_compute_instance.vm_instance.network_interface.network_ip}"
8 | //}
9 |
--------------------------------------------------------------------------------
/infrastructure/gce-management/apigee-edge-tf/modules/external-instance/variable.tf:
--------------------------------------------------------------------------------
1 | variable "instance_name" {}
2 | variable "instance_zone" {}
3 |
4 | variable "instance_image" {
5 | default = "centos-7"
6 | }
7 |
8 | variable "instance_type" {
9 | default = "n1-standard-1"
10 | }
11 |
12 | variable "instance_network" {}
13 |
14 | variable "instance_tags" {
15 | default = []
16 | }
17 |
18 | variable "instance_external_ip" {
19 | default = ""
20 | }
21 |
22 | variable "instance_scopes" {
23 | default = []
24 | }
25 |
26 | variable "service_account_email" {
27 | default = ""
28 | }
29 |
30 | variable "instance_disk_size" {
31 | default = 100
32 | }
33 |
34 | //variable "instance_labels" {
35 | // default = {
36 | // g-on-g-notify-ignore = ""
37 | // }
38 | //}
39 |
--------------------------------------------------------------------------------
/infrastructure/gce-management/apigee-edge-tf/modules/infrastructure/output.tf:
--------------------------------------------------------------------------------
1 | output "apigeenet_self_link" {
2 | value = "${google_compute_network.apigeenet.self_link}"
3 | }
4 |
--------------------------------------------------------------------------------
/infrastructure/gce-management/apigee-edge-tf/modules/infrastructure/provider.tf:
--------------------------------------------------------------------------------
1 | provider "google" {
2 | credentials = "${file(var.credentials_file)}"
3 | project = "${var.gcp_project_name}"
4 | region = "${var.region}"
5 | }
6 |
--------------------------------------------------------------------------------
/infrastructure/gce-management/apigee-edge-tf/modules/infrastructure/variable.tf:
--------------------------------------------------------------------------------
1 | variable "region" {}
2 |
3 | variable "zone" {}
4 |
5 | variable "credentials_file" {}
6 |
7 | variable "gcp_project_name" {}
--------------------------------------------------------------------------------
/infrastructure/gce-management/apigee-edge-tf/modules/internal-instance/main.tf:
--------------------------------------------------------------------------------
1 | resource "google_compute_instance" "vm_instance" {
2 | count = "${var.instance_count}"
3 | name = "${var.instance_name}-${count.index + 1}"
4 | zone = "${var.instance_zone}"
5 | machine_type = "${var.instance_type}"
6 | tags = "${var.instance_tags}"
7 | labels = {
8 | g-on-g-notify-ignore = true
9 | }
10 |
11 | boot_disk {
12 | initialize_params {
13 | image = "${var.instance_image}"
14 | size = "${var.instance_disk_size}"
15 | type = "${var.instance_disk_type}"
16 | }
17 | }
18 |
19 | network_interface {
20 | network = "${var.instance_network}"
21 | }
22 | allow_stopping_for_update = true
23 | }
24 |
25 | //data "google_compute_image" "apigeenet-ms-compute-image" {
26 | //// name = "centos-7-v20190423"
27 | // name = "centos-7-v20191210"
28 | // project = "centos-cloud"
29 | //}
30 |
--------------------------------------------------------------------------------
/infrastructure/gce-management/apigee-edge-tf/modules/internal-instance/variable.tf:
--------------------------------------------------------------------------------
1 | variable "instance_name" {}
2 | variable "instance_zone" {}
3 |
4 | variable "instance_image" {
5 | default = "centos-7"
6 | }
7 |
8 | variable "instance_type" {
9 | default = "n1-standard-1"
10 | }
11 |
12 | variable "instance_network" {}
13 |
14 | variable "instance_tags" {
15 | default = []
16 | }
17 |
18 | variable "instance_external_ip" {
19 | default = ""
20 | }
21 |
22 | variable "instance_disk_size" {
23 | default = 100
24 | }
25 | variable "instance_disk_type" {
26 | default = "pd-standard"
27 | }
28 |
29 | variable "instance_count" {
30 | default = 1
31 | }
--------------------------------------------------------------------------------
/infrastructure/gce-management/apigee-edge-tf/prod/output.tf:
--------------------------------------------------------------------------------
1 | output "apigeenet_self_link" {
2 | value = "${google_compute_network.apigeenet.self_link}"
3 | }
4 |
5 | //output "instance_group" {
6 | // value = "${google_compute_region_instance_group_manager.apigeenet-ms-group-instance.instance_group}"
7 | //}
8 | //
9 | //output "bastion_private_ip" {
10 | // value = "${module.apigee-bastion-vm.private_network_ip}"
11 | //}
12 | //
13 | //output "bastion_public_ip" {
14 | // value = "${module.apigee-bastion-vm.public_network_ip}"
15 | //}
16 |
--------------------------------------------------------------------------------
/infrastructure/gce-management/apigee-edge-tf/prod/provider.tf:
--------------------------------------------------------------------------------
1 | provider "google" {
2 | credentials = "${file(var.credentials_file)}"
3 | project = "${var.gcp_project_name}"
4 | region = "${var.region}"
5 | }
6 |
--------------------------------------------------------------------------------
/infrastructure/gce-management/apigee-edge-tf/prod/variable.tf:
--------------------------------------------------------------------------------
1 | variable "apigee_ms_ui_port" {
2 | default = "9000"
3 | }
4 |
5 | variable "apigee_ms_api_port" {
6 | default = "8080"
7 | }
8 |
9 | variable "apigee_ms_api_port_name" {
10 | default = "ui_port_name"
11 | }
12 |
13 | variable "apigee_ms_ui_port_name" {
14 | default = "ui_port_name"
15 | }
16 |
17 | variable "router_name" {
18 | default = "default"
19 | }
20 |
21 | variable "region" {
22 | default = ""
23 | // default = "us-east1"
24 | }
25 |
26 | variable "zone" {
27 | default = ""
28 | // default = "us-east1-b"
29 | }
30 |
31 | variable "image_name" {
32 | default = "centos-7"
33 | }
34 |
35 | variable "image_project" {
36 | default = "centos-cloud"
37 | }
38 |
39 | variable "machine_type" {
40 | default = "n1-standard-4"
41 | }
42 |
43 | variable "instance_scopes" {
44 | default = ["compute-rw", "storage-ro"]
45 | }
46 |
47 | variable "dc_region" {
48 | default = "1"
49 | }
50 |
51 | variable "dc_1_ms_count" {
52 | default = 1
53 | }
54 |
55 | variable "dc_2_ms_count" {
56 | default = 0
57 | }
58 |
59 | variable "dc_1_ds_count" {
60 | default = 3
61 | }
62 |
63 | variable "dc_2_ds_count" {
64 | default = 0
65 | }
66 |
67 | variable "dc_1_rmp_count" {
68 | default = 2
69 | }
70 |
71 | variable "dc_2_rmp_count" {
72 | default = 0
73 | }
74 |
75 | variable "dc_1_qpid_count" {
76 | default = 2
77 | }
78 |
79 | variable "dc_2_qpid_count" {
80 | default = 0
81 | }
82 |
83 | variable "dc_1_pgstandby_count" {
84 | default = 0
85 | }
86 |
87 | variable "dc_2_pgstandby_count" {
88 | default = 0
89 | }
90 |
91 | variable "credentials_file" {
92 | // default = "~/.apigee-secure/sandbox-1f5fb288d552.json"
93 | default = ""
94 | }
95 |
96 | variable "gcp_project_name" {
97 | // default = "sandbox-173316"
98 | default = ""
99 | }
100 |
101 | variable "service_account_email" {
102 | // default = "736255665193-compute@developer.gserviceaccount.com"
103 | default = ""
104 | }
105 |
--------------------------------------------------------------------------------
/infrastructure/gce-management/apigee-edge-tf/sandbox-pilot/output.tf:
--------------------------------------------------------------------------------
1 | output "apigeenet_self_link" {
2 | value = "${google_compute_network.apigeenet.self_link}"
3 | }
4 |
5 | //output "bastion_private_ip" {
6 | // value = "${module.apigee-bastion-vm.private_ip}"
7 | //}
8 | //
9 | //output "bastion_public_ip" {
10 | // value = "${module.apigee-bastion-vm.public_ip}"
11 | //}
12 |
13 |
--------------------------------------------------------------------------------
/infrastructure/gce-management/apigee-edge-tf/sandbox-pilot/provider.tf:
--------------------------------------------------------------------------------
1 | provider "google" {
2 | credentials = "${file(var.credentials_file)}"
3 | project = "${var.gcp_project_name}"
4 | region = "${var.dc_1_gcp_region}"
5 | }
6 |
--------------------------------------------------------------------------------
/infrastructure/gce-management/gce-ansible-config.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Create SSH Private Key File From SA Account File
3 | hosts: localhost
4 | gather_facts: no
5 |
6 | vars:
7 | service_account: "{{ lookup('file', credentials_file) }}"
8 | ssh_private_key: "{{ service_account['private_key'] }}"
9 | project_id: "{{ service_account['project_id'] }}"
10 | service_account_email: "{{ service_account['client_email'] }}"
11 |
12 | tasks:
13 | - name: Create project inventory folder
14 | tags: ['gce-ini']
15 | file:
16 | path: "{{ item }}"
17 | state: directory
18 | with_items:
19 | - 'generated/inventory'
20 | - 'generated/ssh'
21 |
22 | - name: Generate default ssh key file name
23 | set_fact:
24 | default_ssh_private_key_file: "generated/ssh/{{ project_id }}-ssh.pem"
25 | when: ssh_private_key_file is not defined
26 |
27 | - name: Save private key to file
28 | tags: ['ssh']
29 | copy:
30 | dest: "{{ ssh_private_key_file | default(default_ssh_private_key_file) }}"
31 | content: "{{ ssh_private_key }}"
32 | remote_src: no
33 | mode: 0400
34 | register: ssh_pem
35 |
36 | - name: Obtain ssh private key file name
37 | set_fact:
38 | ssh_private_key_file: "{{ ssh_pem.path }}"
39 |
40 | - name: Prepare the gce.ini file
41 | tags: ['gce-ini']
42 | template:
43 | src: templates/gce.ini.j2
44 | dest: "generated/inventory/{{ project_id }}-gce.ini"
45 |
46 |
47 |
--------------------------------------------------------------------------------
/infrastructure/gce-management/gce-dependencies.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Install GCE Dependencies
3 | hosts: localhost
4 | connection: local
5 | become: yes
6 |
7 | tasks:
8 | - name: Install or Remove GCE Dependencies based on state requested
9 | pip:
10 | name: "{{ item }}"
11 | state: "{{ state | default('present') }}"
12 | with_items:
13 | - apache-libcloud
14 | - pyopenssl
15 | - pycrypto
16 | - crypto
17 | - google-api-python-client
18 | - google-auth
19 | - google-auth-httplib2
20 |
21 |
--------------------------------------------------------------------------------
/infrastructure/gce-management/gce-dynamic/create-bastion-host.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: create a bastion disk
3 | tags: ['instances', 'bastion', 'disks']
4 | gcp_compute_disk:
5 | name: '{{ name_instance }}-bastion-disk'
6 | size_gb: "{{ bastion_disk_size | default(disk_size) }}"
7 | source_image: '{{ disk_source_image }}'
8 | zone: "{{ gcp_zone }}"
9 | project: "{{ gcp_project }}"
10 | auth_kind: "{{ gcp_auth_kind }}"
11 | service_account_file: "{{ gcp_service_account_file }}"
12 | scopes:
13 | - "{{ scope_compute }}"
14 | state: present
15 | register: bastion_disk
16 |
17 | - name: create a bastion host
18 | tags: ['instances', 'bastion']
19 | gcp_compute_instance:
20 | name: "apigee-bastion"
21 | state: present
22 | machine_type: "{{ machine_type }}"
23 | disks:
24 | - auto_delete: true
25 | boot: true
26 | source: "{{ bastion_disk }}"
27 | network_interfaces:
28 | - network: "{{ network }}"
29 | access_configs:
30 | - name: 'External NAT'
31 | type: 'ONE_TO_ONE_NAT'
32 | zone: "{{ gcp_zone }}"
33 | project: "{{ gcp_project }}"
34 | auth_kind: "{{ gcp_auth_kind }}"
35 | service_account_file: "{{ gcp_service_account_file }}"
36 | tags:
37 | items:
38 | - "{{ name_instance_network_tag }}"
39 | metadata:
40 | 'startup-script': 'rm -f /etc/sudoers.d/remove-requiretty && echo \"Defaults !requiretty\" >> /etc/sudoers.d/remove-requiretty'
41 | scopes:
42 | - "{{ scope_compute }}"
43 |
--------------------------------------------------------------------------------
/infrastructure/gce-management/gce-dynamic/create-instance-literal.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: create a network
3 | gcp_compute_network:
4 | name: apigeenetwork
5 | project: sandbox-173316
6 | auth_kind: serviceaccount
7 | service_account_file: ~/.apigee-secure/sandbox-1f5fb288d552.json
8 | scopes:
9 | - https://www.googleapis.com/auth/compute
10 | state: present
11 | auto_create_subnetworks: yes
12 | register: network
13 |
14 | - name: create firewall rule
15 | gcp_compute_firewall:
16 | name: "allow-ssh"
17 | project: "sandbox-173316"
18 | auth_kind: "serviceaccount"
19 | service_account_file: "~/.apigee-secure/sandbox-1f5fb288d552.json"
20 | state: "present"
21 | target_tags:
22 | - 'allow-ssh'
23 | network: "{{ network.selfLink }}"
24 | allowed:
25 | - ip_protocol: tcp
26 | ports: 22
27 | scopes:
28 | - https://www.googleapis.com/auth/compute
29 |
30 | - name: create a disk
31 | gcp_compute_disk:
32 | name: cf-disk
33 | size_gb: 50
34 | source_image: projects/{{ image_project }}/global/images/family/{{ image_family }}
35 | zone: us-central1-c
36 | project: sandbox-173316
37 | auth_kind: serviceaccount
38 | service_account_file: ~/.apigee-secure/sandbox-1f5fb288d552.json
39 | scopes:
40 | - https://www.googleapis.com/auth/compute
41 | state: present
42 | register: disk
43 |
44 | - name: create an instance
45 | tags: ['instances']
46 | gcp_compute_instance:
47 | name: cf-1
48 | state: present
49 | machine_type: n1-standard-1
50 | disks:
51 | - auto_delete: true
52 | boot: true
53 | source: "{{ disk }}"
54 | network_interfaces:
55 | - network: "{{ network }}"
56 | access_configs:
57 | - name: external_nat
58 | type: 'ONE_TO_ONE_NAT'
59 | zone: us-central1-c
60 | project: sandbox-173316
61 | auth_kind: serviceaccount
62 | service_account_file: ~/.apigee-secure/sandbox-1f5fb288d552.json
63 | tags:
64 | items:
65 | - allow-ssh
66 | metadata:
67 | 'startup-script': 'rm -f /etc/sudoers.d/remove-requiretty && echo \"Defaults !requiretty\" >> /etc/sudoers.d/remove-requiretty'
68 | scopes:
69 | - https://www.googleapis.com/auth/compute
70 | register: instance
71 |
--------------------------------------------------------------------------------
/infrastructure/gce-management/gce-dynamic/create-instance.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: create a disk
3 | tags: ['instances', 'disks']
4 | gcp_compute_disk:
5 | name: '{{ name_disk }}-{{ sequence }}'
6 | size_gb: "{{ disk_size }}"
7 | source_image: '{{ disk_source_image }}'
8 | zone: "{{ gcp_zone }}"
9 | project: "{{ gcp_project }}"
10 | auth_kind: "{{ gcp_auth_kind }}"
11 | service_account_file: "{{ gcp_service_account_file }}"
12 | scopes:
13 | - "{{ scope_compute }}"
14 | state: present
15 | register: disk
16 |
17 | - name: create an instance
18 | tags: ['instances']
19 | gcp_compute_instance:
20 | name: "{{ name_instance }}-{{ sequence }}"
21 | state: present
22 | machine_type: "{{ machine_type }}"
23 | disks:
24 | - auto_delete: true
25 | boot: true
26 | source: "{{ disk }}"
27 | network_interfaces:
28 | - network: "{{ network }}"
29 | access_configs:
30 | - name: 'External NAT'
31 | type: 'ONE_TO_ONE_NAT'
32 | zone: "{{ gcp_zone }}"
33 | project: "{{ gcp_project }}"
34 | auth_kind: "{{ gcp_auth_kind }}"
35 | service_account_file: "{{ gcp_service_account_file }}"
36 | tags:
37 | items:
38 | - "{{ name_instance_network_tag }}"
39 | metadata:
40 | 'startup-script': 'rm -f /etc/sudoers.d/remove-requiretty && echo \"Defaults !requiretty\" >> /etc/sudoers.d/remove-requiretty'
41 | scopes:
42 | - "{{ scope_compute }}"
43 | register: instance
44 |
45 |
46 |
--------------------------------------------------------------------------------
/infrastructure/gce-management/gce-dynamic/create-template.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Create an instance
3 | hosts: localhost
4 | gather_facts: no
5 | connection: local
6 | vars_files:
7 | - shared-properties.yml
8 |
9 | tasks:
10 | - name: create a network
11 | gcp_compute_network:
12 | name: "{{ network_name_default }}"
13 | project: "{{ gcp_project }}"
14 | auth_kind: "{{ gcp_auth_kind }}"
15 | service_account_file: "{{ gcp_service_account_file }}"
16 | scopes:
17 | - "{{ scope_compute }}"
18 | state: present
19 | register: network
20 |
21 | - name: create firewall rule
22 | gcp_compute_firewall:
23 | name: "{{ name_firewall }}"
24 | project: "{{ gcp_project }}"
25 | auth_kind: "{{ gcp_auth_kind }}"
26 | service_account_file: "{{ gcp_service_account_file }}"
27 | state: present
28 | target_tags: ['{{ name_instance_network_tag }}']
29 | network: "global/networks/{{ network.name }}"
30 | scopes:
31 | - "{{ scope_compute }}"
32 | allowed:
33 | - ip_protocol: tcp
34 | ports:
35 | - '22'
36 |
37 | - name: create an address
38 | tags: ['ext-addr']
39 | gcp_compute_address:
40 | name: '{{ name_address }}'
41 | # name: '{{ name_address }}-{{ item }}'
42 | region: "{{ gcp_region }}"
43 | project: "{{ gcp_project }}"
44 | auth_kind: "{{ gcp_auth_kind }}"
45 | service_account_file: "{{ gcp_service_account_file }}"
46 | scopes:
47 | - "{{ scope_compute }}"
48 | state: present
49 | register: address
50 | # with_sequence: start={{ start | default(1) }} end={{ end | default(1) }}
51 |
52 | - name: create an instance template
53 | gcp_compute_instance_template:
54 | name: "{{ name_instance }}-template"
55 | project: "{{ gcp_project }}"
56 | auth_kind: "{{ gcp_auth_kind }}"
57 | service_account_file: "{{ gcp_service_account_file }}"
58 | state: present
59 | scopes:
60 | - "{{ scope_compute }}"
61 | properties:
62 | machine_type: n1-standard-1
63 | disks:
64 | - auto_delete: true
65 | boot: true
66 | initialize_params:
67 | source_image: '{{ disk_source_image }}'
68 | disk_size_gb: 50
69 | network_interfaces:
70 | - network: "{{ network }}"
71 | access_configs:
72 | - name: 'External NAT'
73 | type: 'ONE_TO_ONE_NAT'
74 | nat_ip: "{{ address }}"
75 | register: instance_template
76 |
77 | - name: create an instance
78 | gcp_compute_instance:
79 | name: "{{ name_instance }}-template-created-instance"
80 | state: present
81 | machine_type: n1-standard-1
82 | initialize_params:
83 | source_image: "{{ name_instance }}-template"
84 | zone: "{{ gcp_zone }}"
85 | project: "{{ gcp_project }}"
86 | auth_kind: "{{ gcp_auth_kind }}"
87 | service_account_file: "{{ gcp_service_account_file }}"
88 | tags:
89 | items:
90 | - "{{ name_instance_network_tag }}"
91 | metadata:
92 | test: 'empty'
93 | scopes:
94 | - "{{ scope_compute }}"
95 | register: instance
96 |
97 |
98 |
99 |
100 |
--------------------------------------------------------------------------------
/infrastructure/gce-management/gce-dynamic/create.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Create an instance
3 | hosts: localhost
4 | gather_facts: no
5 | connection: local
6 | vars_files:
7 | - shared-properties.yml
8 |
9 | roles:
10 | - { role: apigee-opdk-port-check-settings }
11 |
12 | tasks:
13 | - name: create a network
14 | tags: ['network', 'firewall', 'instances','bastion']
15 | gcp_compute_network:
16 | name: "{{ network_name }}"
17 | project: "{{ gcp_project }}"
18 | auth_kind: "{{ gcp_auth_kind }}"
19 | service_account_file: "{{ gcp_service_account_file }}"
20 | scopes:
21 | - "{{ scope_compute }}"
22 | state: present
23 | auto_create_subnetworks: yes
24 | register: network
25 |
26 | - name: create firewall rule
27 | tags: ['firewall']
28 | gcp_compute_firewall:
29 | name: "{{ name_firewall }}-{{ item.port_type }}"
30 | project: "{{ gcp_project }}"
31 | auth_kind: "{{ gcp_auth_kind }}"
32 | service_account_file: "{{ gcp_service_account_file }}"
33 | state: present
34 | network: "{{ network.selfLink }}"
35 | scopes:
36 | - "{{ scope_compute }}"
37 | allowed:
38 | - ip_protocol: tcp
39 | ports: "{{ item.ports }}"
40 | loop: "{{ firewall_ports }}"
41 |
42 | - name: create bastion host
43 | tags: ['instances','bastion']
44 | include_tasks: create-bastion-host.yml
45 |
46 | - name: create instances
47 | include_tasks: create-instance.yml
48 | with_sequence: start={{ start | default('1') }} end={{ end | default('1') }}
49 | loop_control:
50 | loop_var: sequence
51 |
52 | #- name: create load balancer
53 | #gce_backend_service:
54 | #credentials_file: "{{ gcp_service_account_file }}"
55 | #project_id: "{{ gcp_project }}"
56 | #service_account_email: "friasc@sandbox-173316.iam.gserviceaccount.com"
57 | #backend_service_name: "delete_lb"
58 | #backends:
59 | #- instance_group: "delete-instance-group-1"
60 | #healthchecks:
61 | #- delete-apigee-instance-1
62 | #port_name: myhttpport
63 | #port: 9001
64 | #state: present
65 |
66 |
67 |
--------------------------------------------------------------------------------
/infrastructure/gce-management/gce-dynamic/remove.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Remove an instance
3 | hosts: localhost
4 | gather_facts: no
5 | connection: local
6 | vars_files:
7 | - shared-properties.yml
8 |
9 | tasks:
10 | - name: remove an instance
11 | gcp_compute_instance:
12 | name: "{{ name_instance }}"
13 | state: absent
14 | zone: "{{ gcp_zone }}"
15 | project: "{{ gcp_project }}"
16 | auth_kind: "{{ gcp_auth_kind }}"
17 | service_account_file: "{{ gcp_service_account_file }}"
18 | scopes:
19 | - "{{ scope_compute }}"
20 | register: instance
21 |
22 | - name: remove an address
23 | gcp_compute_address:
24 | name: "{{ name_address }}"
25 | region: "{{ gcp_region }}"
26 | project: "{{ gcp_project }}"
27 | auth_kind: "{{ gcp_auth_kind }}"
28 | service_account_file: "{{ gcp_service_account_file }}"
29 | state: absent
30 | scopes:
31 | - "{{ scope_compute }}"
32 | register: address
33 |
34 | - name: remove firewall rule
35 | gcp_compute_firewall:
36 | name: "{{ name_firewall }}"
37 | project: "{{ gcp_project }}"
38 | auth_kind: "{{ gcp_auth_kind }}"
39 | service_account_file: "{{ gcp_service_account_file }}"
40 | state: absent
41 | scopes:
42 | - "{{ scope_compute }}"
43 |
44 |
45 |
46 |
47 |
--------------------------------------------------------------------------------
/infrastructure/gce-management/gce-dynamic/requirements.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - src: https://github.com/carlosfrias/apigee-opdk-port-check.git
3 | - src: https://github.com/carlosfrias/apigee-opdk-port-check-settings.git
4 |
--------------------------------------------------------------------------------
/infrastructure/gce-management/gce-dynamic/shared-properties.yml:
--------------------------------------------------------------------------------
1 | ---
2 | gcp_project: sandbox-173316
3 | gcp_auth_kind: serviceaccount
4 | gcp_service_account_file: ~/.apigee-secure/sandbox-1f5fb288d552.json
5 | gcp_zone: "us-central1-c"
6 | gcp_region: "us-central1"
7 | network_name: "apigeenetwork"
8 | name_instance: "cf"
9 | name_instance_network_tag: "{{ name_instance }}-network-tag"
10 | name_firewall: "{{ name_instance }}-firewall"
11 | name_address: "{{ name_instance }}-address"
12 | name_disk: "{{ name_instance }}-disk"
13 | scope_compute: "https://www.googleapis.com/auth/compute"
14 | image_project: 'centos-cloud'
15 | #image_project: 'ubuntu-os-cloud'
16 | image_family: 'centos-7'
17 | #image_family: 'ubuntu-1604-lts'
18 | disk_source_image: "projects/{{ image_project }}/global/images/family/{{ image_family }}"
19 | disk_size: 50
20 | bastion_isk_size: 20
21 | machine_type: n1-standard-1
22 | gce_image: 'centos-7'
23 | service_account_email: "friasc@sandbox-173316.iam.gserviceaccount.com"
24 |
25 | firewall_ports:
26 | - { ports: "{{ ms_ports }}", port_type: 'ms' }
27 | - { ports: "{{ router_ports }}", port_type: 'router' }
28 | - { ports: "{{ mp_ports }}", port_type: 'mp' }
29 | - { ports: "{{ zk_ports }}", port_type: 'zk' }
30 | - { ports: "{{ cassandra_ports }}", port_type: 'cs' }
31 | - { ports: "{{ qpid_ports }}", port_type: 'qs' }
32 | - { ports: "{{ pg_ports }}", port_type: 'pg' }
33 | - { ports: "{{ ui_ports }}", port_type: 'ui' }
34 | - { ports: "{{ ldap_ports }}", port_type: 'ldap' }
35 |
36 | address_types:
37 | - 'ms'
38 | - 'router'
39 |
--------------------------------------------------------------------------------
/infrastructure/gce-management/gce-properties.yml:
--------------------------------------------------------------------------------
1 | ---
2 | credentials_file: ~/.apigee-secure/edge-ops-lab-e7a48eec6f40.json
3 | disk_size: 50
4 | machine_type: 'n1-standard-2'
5 | external_projects: 'eip-images'
6 | image: 'centos-7'
7 | zone: 'us-east1-b'
8 | host_prefix: 'cf'
9 | #labels:
10 | # carlos: ''
11 | #firewall_tag: 'dev-test'
12 | default_firewall_tags:
13 | - 'default-zkrxups2f6ccnycpl3bokiut'
14 | #- "{{ firewall_tag }}"
15 |
--------------------------------------------------------------------------------
/infrastructure/gce-management/gce-remove.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Remove Instance
3 | hosts: localhost
4 | connection: local
5 | strategy: free
6 |
7 | vars:
8 | service_account: "{{ lookup('file', credentials_file) }}"
9 | ssh_private_key: "{{ service_account['private_key'] }}"
10 | project_id: "{{ service_account['project_id'] }}"
11 | service_account_email: "{{ service_account['client_email'] }}"
12 |
13 | vars_files:
14 | - gce-properties.yml
15 |
16 | tasks:
17 | - name: Split instance names
18 | set_fact:
19 | gcp_hostname: "{{ instance_names.split(',') }}"
20 |
21 | - name: Remove instance
22 | gce:
23 | instance_names: "{{ item }}"
24 | zone: "{{ zone }}"
25 | project_id: "{{ project_id }}"
26 | service_account_email: "{{ service_account_email }}"
27 | credentials_file: '{{ credentials_file }}'
28 | state: deleted
29 | with_items: "{{ gcp_hostname }}"
30 | async: 0
31 | poll: 0
32 | # register: gcp_tasks
33 |
34 | # - name: Check remove status
35 | # async_status:
36 | # jid: "{{ gcp_task.ansible_job_id }}"
37 | # loop: "{{ gcp_tasks.results }}"
38 | # loop_control:
39 | # loop_var: "gcp_task"
40 | # register: gcp_task_results
41 | # until: gcp_task_results.finished
42 | # retries: 30
--------------------------------------------------------------------------------
/infrastructure/gce-management/performance-testing/perf-test.sh:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bash
2 |
3 | for i in {1..50};
4 | do gcloud compute instances create perf-$i --image-family=ubuntu-1804-lts --image-project=gce-uefi-images --preemptible --machine-type=n1-standard-2 --zone=us-central1-a --metadata startup-script='#! /bin/bash
5 | ulimit -n 65535
6 | wget https://storage.googleapis.com/hey-release/hey_linux_amd64
7 | mv hey_linux_amd64 hey
8 | chmod +x hey
9 | export PROXY_ENDPOINT=amer-cs-hybrid-demo13-test.hybrid-apigee.net
10 | export API_KEY=5DiNM3MoV8FnpiJ7iJEQVKQMx4bxTQrm
11 | while ((1)); do ./hey -n 20000 -c 500 https://${PROXY_ENDPOINT}/httpbin/anything?apikey=${API_KEY}; sleep 1; done
12 | EOF'
13 | sleep 10;
14 | done
15 |
16 |
--------------------------------------------------------------------------------
/infrastructure/gce-management/pip-requirements.txt:
--------------------------------------------------------------------------------
1 | altgraph
2 | ansible
3 | apache-libcloud
4 | asn1crypto
5 | awscli
6 | backports.ssl-match-hostname
7 | bcrypt
8 | bdist-mpkg
9 | certifi
10 | cffi
11 | chardet
12 | colorama
13 | crypto
14 | cryptography
15 | docker-py
16 | docker-pycreds
17 | docutils
18 | ecdsa
19 | enum34
20 | epdb
21 | futures
22 | get
23 | helper
24 | httplib2
25 | idna
26 | ipaddress
27 | Jinja2
28 | jmespath
29 | kazoo
30 | macholib
31 | MarkupSafe
32 | matplotlib
33 | modulegraph
34 | Naked
35 | ndg-httpsclient
36 | numpy
37 | paramiko
38 | pexpect
39 | post
40 | ptyprocess
41 | public
42 | passlib
43 | py2app
44 | pyasn1
45 | pycparser
46 | pycrypto
47 | PyNaCl
48 | pyOpenSSL
49 | pyparsing
50 | python-dateutil
51 | pytz
52 | PyYAML
53 | query-string
54 | requests
55 | rsa
56 | s3transfer
57 | scipy
58 | shellescape
59 | simplejson
60 | six
61 | urllib3
62 | virtualenv
63 | websocket-client
64 | xattr
65 | zope.interface
--------------------------------------------------------------------------------
/infrastructure/gce-management/templates/gce.ini.j2:
--------------------------------------------------------------------------------
1 | #!/usr/bin/python
2 | # Copyright 2013 Google Inc.
3 | #
4 | # This file is part of Ansible
5 | #
6 | # Ansible is free software: you can redistribute it and/or modify
7 | # it under the terms of the GNU General Public License as published by
8 | # the Free Software Foundation, either version 3 of the License, or
9 | # (at your option) any later version.
10 | #
11 | # Ansible is distributed in the hope that it will be useful,
12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 | # GNU General Public License for more details.
15 | #
16 | # You should have received a copy of the GNU General Public License
17 | # along with Ansible. If not, see .
18 |
19 | # The GCE inventory script has the following dependencies:
20 | # 1. A valid Google Cloud Platform account with Google Compute Engine
21 | # enabled. See https://cloud.google.com
22 | # 2. An OAuth2 Service Account flow should be enabled. This will generate
23 | # a private key file that the inventory script will use for API request
24 | # authorization. See https://developers.google.com/accounts/docs/OAuth2
25 | # 3. Convert the private key from PKCS12 to PEM format
26 | # $ openssl pkcs12 -in pkey.pkcs12 -passin pass:notasecret \
27 | # > -nodes -nocerts | openssl rsa -out pkey.pem
28 | # 4. The libcloud (>=0.13.3) python libray. See http://libcloud.apache.org
29 | #
30 | # (See ansible/test/gce_tests.py comments for full install instructions)
31 | #
32 | # Author: Eric Johnson
33 |
34 | [gce]
35 | # GCE Service Account configuration information can be stored in the
36 | # libcloud 'secrets.py' file. Ideally, the 'secrets.py' file will already
37 | # exist in your PYTHONPATH and be picked up automatically with an import
38 | # statement in the inventory script. However, you can specify an absolute
39 | # path to the secrets.py file with 'libcloud_secrets' parameter.
40 | libcloud_secrets =
41 |
42 | # If you are not going to use a 'secrets.py' file, you can set the necessary
43 | # authorization parameters here.
44 | gce_service_account_email_address = '{{ service_account_email }}'
45 | gce_service_account_pem_file_path = '{{ ssh_private_key_file }}'
46 | gce_project_id = '{{ project_id }}'
47 | gce_zone = '{{ gce_zone | default("us-east1-b") }}'
48 |
49 | [inventory]
50 | # The 'inventory_ip_type' parameter specifies whether 'ansible_ssh_host' should
51 | # contain the instance internal or external address. Values may be either
52 | # 'internal' or 'external'. If 'external' is specified but no external instance
53 | # address exists, the internal address will be used.
54 | # The INVENTORY_IP_TYPE environment variable will override this value.
55 | inventory_ip_type = {{ inventory_id_type | default('internal') }}
56 |
--------------------------------------------------------------------------------
/infrastructure/mirror/collect-attributes.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Collect Edge Installation Attributes
3 | hosts: edge
4 | tags: ['cache']
5 | vars:
6 | property_folders:
7 | - "~/.apigee-secure"
8 | - "~/.apigee"
9 | roles:
10 | - { role: apigee-opdk-modules }
11 | - { role: apigee-opdk-settings-private-address, tags: ['private-address'] }
12 | - { role: apigee-opdk-settings-management-server }
13 | - { role: apigee-opdk-settings-ldap }
14 | - { role: apigee-opdk-settings-region }
15 | - { role: apigee-opdk-settings-cassandra }
16 | - { role: apigee-opdk-settings-postgres }
17 |
--------------------------------------------------------------------------------
/infrastructure/mirror/configure-nginx-mirror.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Collect Edge Installation Attributes
3 | import_playbook: collect-attributes.yml
4 | tags: ['cache']
5 |
6 | - name: Expose apigee mirror web server
7 | hosts: "{{ target_hosts }}"
8 | gather_facts: no
9 | tags: ['nginx']
10 | vars:
11 | apigee_home: "/opt/apigee"
12 | apigee_service: "{{ apigee_home }}/apigee-service/bin/apigee-service"
13 | property_folders:
14 | - "~/.apigee-secure"
15 | - "~/.apigee"
16 | roles:
17 | - { role: apigee-opdk-modules }
18 | - { role: apigee-opdk-setup-component-install, component: 'apigee-mirror' }
19 | - { role: apigee-opdk-setup-mirror-nginx }
20 |
--------------------------------------------------------------------------------
/infrastructure/mirror/create-archive.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Collect Edge Installation Attributes
3 | import_playbook: collect-attributes.yml
4 | tags: ['cache']
5 |
6 | - name: Install Edge Mirror
7 | hosts: "{{ target_hosts }}"
8 | tags: ['install']
9 | vars:
10 | ansible_workspace: "~/.ansible"
11 | apigee_workspace: "~/.apigee-workspace"
12 | property_folders:
13 | - "~/.apigee-secure"
14 | - "~/.apigee"
15 | roles:
16 | - { role: apigee-opdk-modules }
17 | - { role: apigee-opdk-setup-os-epel, tags: ['epel'] }
18 | - { role: apigee-opdk-shutdown-iptables, tags: ['minimum', 'iptables'] }
19 | - { role: apigee-opdk-yum-repository-proxy-config, tags: ['yum-proxy-config']}
20 | - { role: apigee-opdk-setup-os-minimum, tags: ['os-minimum'] }
21 | - { role: apigee-opdk-setup-os-limits, tags: ['limit'] }
22 | - { role: apigee-opdk-setup-os-sysctl, tags: ['sysctl'] }
23 | - { role: apigee-opdk-setup-selinux-disable, tags: ['minimum', 'selinux'] }
24 | - { role: apigee-server-restart, tags: ['minimum', 'restart-server'], start_check_delay: 30, when: (selinux_disabled is defined and selinux_disabled.changed) or (iptables_disabled is defined and not iptables_disabled) or (force_restart is defined and force_restart) }
25 | - { role: apigee-opdk-setup-os-common, tags: ['os-common'] }
26 | - { role: apigee-opdk-setup-openjdk, tags: ['minimum', 'openjdk'], jdk_version: '1.8' }
27 | - { role: apigee-opdk-setup-apigee-user, tags: ['apigee-user', 'bootstrap'] }
28 | - { role: apigee-opdk-setup-apigee-user-ownership, tags: ['apigee-user', 'bootstrap'] }
29 | - { role: apigee-opdk-setup-java-home, tags: ['java-home', 'bootstrap'] }
30 | - { role: apigee-opdk-setup-bootstrap-cache, tags: ['apigee-bootstrap', 'bootstrap'] }
31 | - { role: apigee-opdk-setup-bootstrap, tags: ['apigee-bootstrap', 'bootstrap'] }
32 | - { role: apigee-opdk-setup-apigee-user-ownership, tags: ['apigee-user', 'bootstrap'] }
33 | - { role: apigee-opdk-setup-component-install, component: 'apigee-mirror' }
34 | - { role: apigee-opdk-setup-bootstrap-create-archive, tags: ['create'] }
35 |
36 |
37 |
--------------------------------------------------------------------------------
/infrastructure/mirror/download-archive.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Collect Edge Installation Attributes
3 | import_playbook: collect-attributes.yml
4 | tags: ['cache']
5 |
6 | - name: Download apigee mirror archive
7 | tags: ['download']
8 | hosts: "{{ target_hosts }}"
9 | gather_facts: no
10 | vars:
11 | local_apigee_path: ~/.apigee
12 | property_folders:
13 | - "~/.apigee-secure"
14 | - "{{ local_apigee_path }}"
15 | roles:
16 | - { role: apigee-opdk-modules }
17 | - { role: apigee-opdk-setup-bootstrap-download-archive }
18 |
--------------------------------------------------------------------------------
/infrastructure/mirror/install-archive.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Collect Edge Installation Attributes
3 | import_playbook: collect-attributes.yml
4 | tags: ['cache']
5 |
6 | - name: Complete OS Pre-requisites
7 | hosts: edge
8 | tags: ['os']
9 | vars:
10 | property_folders:
11 | - "~/.apigee-secure"
12 | - "~/.apigee"
13 | roles:
14 | - { role: apigee-opdk-modules }
15 | # - { role: apigee-opdk-setup-os-epel, tags: ['epel'] }
16 | - { role: apigee-opdk-shutdown-iptables, tags: ['minimum', 'iptables'] }
17 | # - { role: apigee-opdk-yum-repository-proxy-config, tags: ['yum-proxy-config']}
18 | - { role: apigee-opdk-setup-os-minimum, tags: ['os-minimum'] }
19 | - { role: apigee-opdk-setup-os-limits, tags: ['limit'] }
20 | - { role: apigee-opdk-setup-os-sysctl, tags: ['sysctl'] }
21 | - { role: apigee-opdk-setup-selinux-disable, tags: ['minimum', 'selinux'] }
22 | - { role: apigee-server-restart, tags: ['restart-server'], start_check_delay: 30, when: (selinux_disabled is defined and selinux_disabled.changed) or (iptables_disabled is defined and not iptables_disabled) or (force_restart is defined and force_restart) }
23 | - { role: apigee-opdk-setup-os-common, tags: ['os-common'] }
24 | - { role: apigee-opdk-setup-openjdk-cache, tags: ['minimum', 'openjdk'], jdk_version: '1.8' }
25 | - { role: apigee-opdk-setup-openjdk, tags: ['openjdk'], jdk_version: '1.8' }
26 |
27 | - name: Install apigee mirror archive
28 | hosts: "{{ target_hosts }}"
29 | tags: ['install']
30 | vars:
31 | property_folders:
32 | - "~/.apigee-secure"
33 | - "~/.apigee"
34 | apigeerepobasepath: '/opt/apigee/data/apigee-mirror'
35 | roles:
36 | - { role: apigee-opdk-modules }
37 | - { role: apigee-opdk-setup-apigee-user, tags: ['apigee-user', 'bootstrap'] }
38 | - { role: apigee-opdk-setup-apigee-user-ownership, tags: ['apigee-user', 'bootstrap'] }
39 | - { role: apigee-opdk-setup-java-home, tags: ['java-home', 'bootstrap'] }
40 | - { role: apigee-opdk-setup-bootstrap-cache, tags: ['apigee-bootstrap', 'bootstrap'] }
41 | - { role: apigee-opdk-setup-bootstrap, tags: ['apigee-bootstrap', 'bootstrap'] }
42 | - { role: apigee-opdk-setup-apigee-user-ownership, tags: ['apigee-user', 'bootstrap'] }
43 | - { role: apigee-opdk-setup-bootstrap, tags: ['install'], install_archive_mirror: true }
44 |
45 |
--------------------------------------------------------------------------------
/infrastructure/mirror/nginx-mirror.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Expose apigee mirror web server
3 | tags: ['nginx']
4 | hosts: "{{ target_hosts }}"
5 | vars:
6 | property_folders:
7 | - "~/.apigee-secure"
8 | - "~/.apigee"
9 | roles:
10 | - { role: apigee-opdk-modules }
11 | - { role: apigee-opdk-setup-mirror-nginx, tags: ['nginx'] }
12 |
--------------------------------------------------------------------------------
/infrastructure/mirror/upload-mirror.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Collect Edge Installation Attributes
3 | import_playbook: collect-attributes.yml
4 | tags: ['cache']
5 |
6 | - name: Upload apigee mirror archive
7 | hosts: "{{ target_hosts }}"
8 | tags: ['upload']
9 | vars:
10 | apigee_home: "/opt/apigee"
11 | local_apigee_path: "~/.apigee"
12 | property_folders:
13 | - "~/.apigee-secure"
14 | - "~/.apigee"
15 | roles:
16 | - { role: apigee-opdk-modules }
17 | - { role: apigee-opdk-setup-apigee-user, tags: ['apigee-user', 'bootstrap'] }
18 | - { role: apigee-opdk-setup-bootstrap-upload-archive, tags: ['upload'] }
19 | - { role: apigee-opdk-setup-apigee-user-ownership, tags: ['apigee-user', 'bootstrap'] }
20 |
--------------------------------------------------------------------------------
/infrastructure/port-requirements/requirements.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # Ansible Roles for Component Installation and Setup
3 | - src: https://github.com/carlosfrias/apigee-opdk-settings-ldap.git
4 |
5 | - src: https://github.com/carlosfrias/apigee-opdk-settings-management-server.git
6 |
7 | - src: https://github.com/carlosfrias/apigee-opdk-settings-postgres.git
8 |
9 | - src: https://github.com/carlosfrias/apigee-opdk-settings-private-address.git
10 |
11 | - src: https://github.com/carlosfrias/apigee-opdk-settings-cassandra.git
12 |
13 | - src: https://github.com/carlosfrias/apigee-opdk-settings-region.git
14 |
15 | - src: https://github.com/carlosfrias/apigee-opdk-port-check.git
16 |
17 | - src: https://github.com/carlosfrias/apigee-opdk-port-check-settings.git
18 |
--------------------------------------------------------------------------------
/infrastructure/response-file-generator/generate.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Collect Private Address for Planet
3 | hosts: planet
4 | roles:
5 | - { role: apigee-opdk-modules, tags: ['minimum', 'cache', 'ds', 'ms', 'rmp', 'r', 'mp', 'qpid', 'pg', 'pgmaster', 'pgstandby', 'org', 'validate', 'validate-cleanup'] }
6 | - { role: apigee-opdk-settings-private-address, tags: ['minimum', 'cache', 'ds', 'ms', 'rmp', 'r', 'mp', 'qpid', 'pg', 'pgmaster', 'pgstandby', 'org', 'validate', 'validate-cleanup'] }
7 | - { role: apigee-opdk-settings-management-server, tags: ['minimum', 'cache', 'ds', 'ms', 'rmp', 'r', 'mp', 'qpid', 'pg', 'pgmaster', 'pgstandby', 'org', 'validate', 'validate-cleanup'] }
8 | - { role: apigee-opdk-settings-ldap, tags: ['minimum', 'cache', 'ds', 'ms', 'rmp', 'r', 'mp', 'qpid', 'pg', 'pgmaster', 'pgstandby', 'org', 'validate', 'validate-cleanup'] }
9 | - { role: apigee-opdk-settings-region, tags: ['minimum', 'cache', 'ds', 'ms', 'rmp', 'r', 'mp', 'qpid', 'pg', 'pgmaster', 'pgstandby', 'org', 'validate', 'validate-cleanup'] }
10 | - { role: apigee-opdk-settings-cassandra, tags: ['minimum', 'cache', 'ds', 'ms', 'rmp', 'r', 'mp', 'qpid', 'pg', 'pgmaster', 'pgstandby', 'org', 'validate', 'validate-cleanup'] }
11 | - { role: apigee-opdk-settings-postgres, tags: ['minimum', 'cache', 'ds', 'ms', 'rmp', 'r', 'mp', 'qpid', 'pg', 'pgmaster', 'pgstandby', 'org', 'validate', 'validate-cleanup'] }
12 |
13 | - name: Generate Response files
14 | hosts: "{{ target_hosts }}"
15 | tags: ['edge', 'edge-common']
16 | vars:
17 | property_folders:
18 | - "~/.apigee-secure"
19 | - "~/.apigee"
20 | roles:
21 | - { role: apigee-opdk-modules, tags: ['minimum', 'cache', 'ds', 'ms', 'rmp', 'r', 'mp', 'qpid', 'pg', 'pgmaster', 'pgstandby', 'org', 'validate', 'validate-cleanup'] }
22 | - { role: apigee-opdk-settings-management-server, tags: ['minimum', 'cache', 'ds', 'ms', 'rmp', 'r', 'mp', 'qpid', 'pg', 'pgmaster', 'pgstandby', 'org', 'validate', 'validate-cleanup'] }
23 | - { role: apigee-opdk-settings-ldap, tags: ['minimum', 'cache', 'ds', 'ms', 'rmp', 'r', 'mp', 'qpid', 'pg', 'pgmaster', 'pgstandby', 'org', 'validate', 'validate-cleanup'] }
24 | - { role: apigee-opdk-settings-region, tags: ['minimum', 'cache', 'ds', 'ms', 'rmp', 'r', 'mp', 'qpid', 'pg', 'pgmaster', 'pgstandby', 'org', 'validate', 'validate-cleanup'] }
25 | - { role: apigee-opdk-settings-cassandra, tags: ['minimum', 'cache', 'ds', 'ms', 'rmp', 'r', 'mp', 'qpid', 'pg', 'pgmaster', 'pgstandby', 'org', 'validate', 'validate-cleanup'] }
26 | - { role: apigee-opdk-settings-postgres, tags: ['minimum', 'cache', 'ds', 'ms', 'rmp', 'r', 'mp', 'qpid', 'pg', 'pgmaster', 'pgstandby', 'org', 'validate', 'validate-cleanup'] }
27 | - { role: apigee-opdk-setup-silent-installation-config, tags: ['minimum', 'config', 'ds-config'] }
28 |
29 |
--------------------------------------------------------------------------------
/infrastructure/response-file-generator/requirements.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # Ansible Roles for Component Installation and Setup
3 | - src: https://github.com/carlosfrias/apigee-opdk-setup-silent-installation-config.git
4 |
5 | - src: https://github.com/carlosfrias/apigee-opdk-modules.git
6 |
7 | - src: https://github.com/carlosfrias/apigee-opdk-settings-ldap.git
8 |
9 | - src: https://github.com/carlosfrias/apigee-opdk-settings-management-server.git
10 |
11 | - src: https://github.com/carlosfrias/apigee-opdk-settings-postgres.git
12 |
13 | - src: https://github.com/carlosfrias/apigee-opdk-settings-private-address.git
14 |
15 | - src: https://github.com/carlosfrias/apigee-opdk-settings-cassandra.git
16 |
17 | - src: https://github.com/carlosfrias/apigee-opdk-settings-region.git
18 |
19 |
20 |
--------------------------------------------------------------------------------
/infrastructure/setup-ansible-offline/ansible.cfg:
--------------------------------------------------------------------------------
1 | [defaults]
2 | # inventory = inventory
3 | roles_path = roles
4 | private_key_file = ~/.ssh/id_rsa
5 | merge_multiple_cli_tags=True
6 | display_args_to_stdout = True
7 | timeout = 60
8 | host_key_checking = False
9 | forks = 10
10 | retry_files_enabled = False
11 | ansible_shell_type=sh
12 | module_name = shell
13 |
14 | [ssh_connection]
15 | #ssh_args = -o ControlMaster=auto -o ControlPersist=7200s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -q
16 | ssh_args = -q
17 | control_path=%(directory)s/ansible-ssh-%%h-%%p-%%r
18 |
--------------------------------------------------------------------------------
/infrastructure/setup-ansible-offline/requirements.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - src: https://github.com/carlosfrias/apigee-opdk-modules.git
3 |
--------------------------------------------------------------------------------
/infrastructure/setup-ansible-offline/setup-offline-attributes.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # Use this endpoint to clone github.com using HTTPS
3 | repository_secure_endpoint_https: "https://github.com/carlosfrias"
4 | repo_name: "apigee-opdk-playbook-setup-ansible"
5 | archive_target_folder_name: apigee-opdk-accelerator
6 | archive_folder: "{{ playbook_dir }}/{{ archive_target_folder_name }}"
7 | playbook_requirements_path:
8 | - "../../infrastructure/port-requirements/requirements.yml"
9 | - "../../installations/multi-node/requirements.yml"
10 | - "../../installations/aio/requirements.yml"
11 | - "../../installations/devportal/requirements.yml"
12 | - "../../installations/mirror/requirements.yml"
13 | - "../../installations/response-file-generator/requirements.yml"
14 | - "../../post-installation/validations/analytics/requirements.yml"
15 | local_apigee_path: ~/.apigee
16 | local_apigee_secure_path: ~/.apigee-secure
17 | folder_list_to_archive:
18 | - "~/.ansible"
19 | - "{{ local_apigee_path }}"
20 | - "{{ local_apigee_secure_path}}"
--------------------------------------------------------------------------------
/infrastructure/setup-ansible-offline/setup-offline.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Setup Apigee OPDK Accelerator Offline
3 | hosts: "{{ target_host | default('localhost') }}"
4 | gather_facts: no
5 | tags: ['create']
6 | vars_files:
7 | - setup-offline-attributes.yml
8 | vars:
9 | property_folders:
10 | - "~/.apigee-secure"
11 | - "~/.apigee"
12 | roles:
13 | - { role: apigee-opdk-modules, tags: ['minimum', 'config', 'pg-config'] }
14 | tasks:
15 | - name: Create Archive folder
16 | file:
17 | path: "{{ archive_folder }}"
18 | state: directory
19 |
20 | - name: Download Ansible OPDK Accelerator
21 | git:
22 | repo: "{{ repository_secure_endpoint_https }}/{{ repo_name }}"
23 | dest: "{{ archive_folder }}/{{ repo_name }}"
24 | accept_hostkey: yes
25 |
26 | - name: Download Roles used by All Playbooks
27 | command: "ansible-galaxy install -r {{ item }} -f"
28 | with_items: "{{ playbook_requirements_path }}"
29 |
30 | - name: Uncomment apigee_archive_file_name attribute
31 | replace:
32 | path: "{{ local_apigee_path }}/custom-properties.yml"
33 | regexp: '#(apigee_archive_file_name: "apigee-{{ opdk_version }}.tar.gz)"'
34 | replace: '\1'
35 | backup: yes
36 |
37 | - name: Verify that rsync is installed
38 | become: true
39 | package:
40 | name: "rsync"
41 | state: present
42 |
43 | - name: Synchronize Folder List to Archive
44 | synchronize:
45 | src: "{{ item }}"
46 | dest: "{{ archive_folder }}"
47 | with_items: "{{ folder_list_to_archive }}"
48 |
49 | - name: Create an Ansible OPDK Accelerator Archive
50 | archive:
51 | dest: "{{ archive_folder }}.tar.gz"
52 | path: "{{ archive_folder }}"
53 | format: gz
54 |
55 | - name: Upload Ansible OPDK Accelerator Archive
56 | hosts: "{{ target_offline_hosts }}"
57 | tags: ['upload']
58 | gather_facts: no
59 | vars_files:
60 | - setup-offline-attributes.yml
61 | vars:
62 | property_folders:
63 | - "~/.apigee-secure"
64 | - "~/.apigee"
65 | roles:
66 | - { role: apigee-opdk-modules, tags: ['minimum', 'config', 'pg-config'] }
67 | tasks:
68 | - name: Transfer Ansible OPDK Accelerator Archive to Target Host
69 | unarchive:
70 | dest: "/tmp"
71 | src: "{{ archive_folder }}.tar.gz"
72 |
73 | - name: Verify that rsync is installed
74 | become: true
75 | package:
76 | name: "rsync"
77 | state: present
78 |
79 | - name: Synchronize folder list to User Home on Target Host
80 | command: "rsync -avzh --remove-source-files --partial /tmp/{{ archive_target_folder_name }}/{{ item }} ~"
81 | with_items:
82 | - ".ansible"
83 | - ".apigee"
84 | - ".apigee-secure"
85 | - "{{ repo_name }}"
86 |
87 |
--------------------------------------------------------------------------------
/infrastructure/ssh-bastion-host/bastion_host_attribute.yml:
--------------------------------------------------------------------------------
1 | ---
2 | bastion_target_host_range: 10.*.*.*
3 | bastion_protected_private_key: ~/.ssh/google_compute_engine
4 | bastion_host_name: apigee-bastion.us-east1-b.fedex-pilot
5 | #bastion_host_name: nginx-backend-central-jnw0.us-central1-c.fedex-pilot
6 | bastion_host_private_key: ~/.ssh/google_compute_engine
7 | bastion_host_ip: 35.237.195.103
8 | #bastion_host_ip: 35.202.241.245
9 | bastion_host_user: friasc
10 |
--------------------------------------------------------------------------------
/infrastructure/ssh-bastion-host/configure-bastion-config.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Set Bastion Host in SSH Config
3 | hosts: localhost
4 | connection: local
5 | gather_facts: false
6 | vars_files:
7 | - bastion_host_attribute.yml
8 |
9 | roles:
10 | - { role: bastion-ssh-config-target-host, tags: ['bastion-config'] }
11 |
12 |
--------------------------------------------------------------------------------
/infrastructure/ssh-bastion-host/configure-proxycommand.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Configure ProxyCommand to Use Bastion Host
3 | hosts: localhost
4 | connection: local
5 | gather_facts: false
6 | vars_files:
7 | - bastion_host_attribute.yml
8 |
9 | roles:
10 | - { role: bastion-host-proxycommand }
11 |
12 |
--------------------------------------------------------------------------------
/infrastructure/ssh-bastion-host/requirements.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - src: https://github.com/carlosfrias/bastion-host-proxycommand
3 |
4 | - src: https://github.com/carlosfrias/bastion-ssh-config-target-host
5 |
6 |
7 |
8 |
--------------------------------------------------------------------------------
/infrastructure/ssh-tunnels/requirements.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - src: https://github.com/carlosfrias/apigee-opdk-settings-private-address.git
3 |
--------------------------------------------------------------------------------
/infrastructure/ssh-tunnels/tunnel.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: SSH Tunnels Cache Update
3 | hosts: ms[0]
4 | roles:
5 | - { role: apigee-opdk-settings-private-address }
6 |
7 | - name: Create SSH Tunnels
8 | hosts: ms[0]
9 |
10 | vars:
11 | bastion_host_name: "{{ bastion_hostname | default('apigee-bastion.us-east1-b.fedex-pilot') }}"
12 | target_hosts:
13 | - { target_ip_address: "{{ private_address }}", target_port: "9000", port: "9000" }
14 | - { target_ip_address: "{{ private_address }}", target_port: "8080", port: "8080" }
15 | # - { target_ip_address: "{{ private_address }}", target_port: "9001", port: "9001" }
16 | # - { target_ip_address: "{{ private_address }}", target_port: "8079", port: "8079" }
17 | # - { target_ip_address: "{{ hostvars[groups['ms'][1]]['private_address'] }}", target_port: "9010", port: "9000" }
18 | # - { target_ip_address: "{{ hostvars[groups['ms'][1]]['private_address'] }}", target_port: "8090", port: "8080" }
19 | # - { target_ip_address: "{{ hostvars[groups['pg'][0]]['private_address'] }}", target_port: "5432", port: "5432" }
20 | # - { target_ip_address: "{{ hostvars[groups['pgmaster'][0]]['private_address'] }}", target_port: "5432", port: "5432" }
21 | # - { target_ip_address: "{{ hostvars[groups['pgstandby'][1]]['private_address'] }}", target_port: "5433", port: "5433" }
22 |
23 | roles:
24 | - { role: apigee-opdk-settings-private-address }
25 |
26 | tasks:
27 | - name: Create SSH tunnels
28 | shell: "ssh -f {{ bastion_host_name }} -L {{ item.port }}:{{ item.target_ip_address }}:{{ item.target_port }} -N"
29 | with_items: "{{ target_hosts }}"
30 | async: 5
31 | poll: 0
32 | delegate_to: 127.0.0.1
33 |
34 |
--------------------------------------------------------------------------------
/installations/aio/README.md:
--------------------------------------------------------------------------------
1 | # Install Apigee Edge AIO
2 |
3 | This playbook will complete the installation of an Apigee Edge AIO instance. This installation follows Apigee
4 | recommendations.
5 |
6 | ## Basic Usage
7 |
8 | The instructions for using this installer is found in the main installations folder [README](../README.md). Please follow
9 | those instructions and use this folder as your execution location for the installation playbook.
10 |
--------------------------------------------------------------------------------
/installations/aio/install.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Install AIO
3 | hosts: edge
4 | gather_facts: no
5 | vars:
6 | ansible_workspace: "~/.ansible"
7 | apigee_workspace: "~/.apigee-workspace"
8 | property_folders:
9 | - "~/.apigee-secure"
10 | - "~/.apigee"
11 |
12 | roles:
13 | - { role: apigee-opdk-modules, tags: ['cache', 'license'] }
14 | - { role: apigee-opdk-setup-os-epel, tags: ['epel', 'os'] }
15 | - { role: apigee-opdk-shutdown-iptables, tags: ['minimum', 'iptables', 'os'] }
16 | - { role: apigee-opdk-yum-repository-proxy-config, tags: ['yum-proxy-config', 'os']}
17 | - { role: apigee-opdk-setup-os-minimum, tags: ['os-minimum', 'os'] }
18 | - { role: apigee-opdk-setup-os-limits, tags: ['limit', 'os'] }
19 | - { role: apigee-opdk-setup-os-sysctl, tags: ['sysctl', 'os'] }
20 | - { role: apigee-opdk-setup-selinux-disable, tags: ['minimum', 'selinux', 'os'] }
21 | - { role: apigee-server-restart, tags: ['os'], start_check_delay: 30, when: (selinux_disabled is defined and selinux_disabled.changed) or (iptables_disabled is defined and not iptables_disabled) or (force_restart is defined and force_restart) }
22 | - { role: apigee-opdk-setup-os-common, tags: ['os-common', 'os'] }
23 | - { role: apigee-opdk-setup-openjdk, tags: ['minimum', 'openjdk', 'os'], jdk_version: '1.8' }
24 | - { role: apigee-opdk-setup-apigee-user, tags: ['config', 'apigee-user', 'bootstrap'] }
25 | - { role: apigee-opdk-setup-apigee-user-ownership, tags: ['apigee-user', 'bootstrap'] }
26 | - { role: apigee-opdk-setup-java-home, tags: ['java-home', 'bootstrap'] }
27 | - { role: apigee-opdk-setup-bootstrap-cache, tags: ['apigee-bootstrap', 'bootstrap'] }
28 | - { role: apigee-opdk-setup-bootstrap, tags: ['apigee-bootstrap', 'bootstrap'] }
29 | - { role: apigee-opdk-setup-license, tags: ['license', 'bootstrap', 'common'] }
30 | - { role: apigee-opdk-setup-component-install, component: 'apigee-setup', tags: ['setup', 'common'] }
31 | - { role: apigee-opdk-setup-component-install, component: 'apigee-adminapi', tags: ['adminapi', 'common'] }
32 | - { role: apigee-opdk-setup-apigee-user-ownership, tags: ['apigee-user','common'] }
33 | - { role: apigee-opdk-settings-private-address, tags: ['config','cache'] }
34 | - { role: apigee-opdk-settings-management-server, tags: ['config', 'cache' ] }
35 | - { role: apigee-opdk-settings-ldap, tags: ['config', 'minimum', 'cache' ] }
36 | - { role: apigee-opdk-settings-region, tags: ['config', 'minimum', 'cache' ] }
37 | - { role: apigee-opdk-settings-cassandra, tags: ['config', 'minimum', 'cache' ] }
38 | - { role: apigee-opdk-settings-postgres, tags: ['config', 'minimum', 'cache' ] }
39 | - { role: apigee-opdk-setup-silent-installation-config, tags: ['config'] }
40 | - { role: apigee-opdk-setup-component, profile: 'aio', tags: ['aio'] }
41 | - { role: apigee-opdk-setup-status, tags: ['status'] }
42 | - { role: apigee-opdk-setup-org-config, tags: ['org','org-config'] }
43 | - { role: apigee-opdk-setup-org, tags: ['org', 'org-create'] }
44 | - { role: apigee-opdk-setup-validate, tags: ['validate'] }
45 | - { role: apigee-opdk-setup-validate-cleanup, tags: ['validate', 'validate-cleanup'] }
46 |
--------------------------------------------------------------------------------
/installations/devportal/README.md:
--------------------------------------------------------------------------------
1 | # Install Apigee Developer Portal
2 |
3 | This playbook will complete the installation of an Apigee Edge Developer Portal. This installation follows Apigee
4 | recommendations.
5 |
6 | ## Basic Usage
7 |
8 | The instructions for using this installer is found in the main installations folder [README](../README.md). Please follow
9 | those instructions and use this folder as your execution location for the installation playbook.
--------------------------------------------------------------------------------
/installations/edge-microgateway/README.md:
--------------------------------------------------------------------------------
1 | # Apigee Edge Installation
2 |
3 | This playbook will complete the installation of an Apigee Edge planet. This installation manages an
4 | installation of Edge Microgateway. The installation of multiple regions follows Apigee recommendations.
5 |
6 | ## Basic Usage
7 |
8 | The instructions for using this installer is found in the main installations folder [README](../README.md). Please follow
9 | those instructions and use this folder as your execution location for the installation playbook.
--------------------------------------------------------------------------------
/installations/edge-microgateway/install.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Download, Install and Configure Apigee Edge Microgateway
3 | hosts: localhost
4 |
5 | vars:
6 | edgemicro_name: edgemicro
7 | edgemicro_version: 2.5.7
8 | nodejs_version: 8.15.1
9 | nodejs_package_name: "node-v{{ nodejs_version }}.pkg"
10 | nodejs_download_url: "https://nodejs.org/dist/v{{ nodejs_version }}/{{ nodejs_package_name }}"
11 | nodejs_download_destination: "{{ '~/Downloads' | expanduser }}"
12 |
13 | vars_prompt:
14 | - name: org
15 | prompt: "Apigee org name:"
16 | private: no
17 |
18 | - name: env
19 | prompt: "Apigee env name:"
20 | private: no
21 |
22 | - name: email
23 | prompt: "Apigee user email:"
24 | private: no
25 |
26 | - name: password
27 | prompt: "Apigee user password?"
28 | private: yes
29 |
30 | tasks:
31 | - name: Download NodeJS
32 | get_url:
33 | url: "{{ nodejs_download_url }}"
34 | dest: "{{ nodejs_download_destination }}"
35 |
36 | - name: Validate Node Installed
37 | ignore_errors: true
38 | shell: node -v
39 | register: node_status
40 |
41 | - debug:
42 | var: node_status
43 |
44 | - name: Install NodeJS
45 | become: True
46 | shell: "installer -pkg {{ nodejs_download_destination }}/{{ nodejs_package_name }} -target /"
47 | when: "node_status.stderr | regex_search('.*node:.*command not found')"
48 |
49 | - name: Install Apigee Microgateway
50 | become: True
51 | npm:
52 | name: "{{ edgemicro_name }}"
53 | version: "{{ edgemicro_version }}"
54 | global: yes
55 | state: latest
56 |
57 | - name: Initialize Apigee Microgateway
58 | shell: edgemicro init
59 |
60 | - name: Configure Apigee Microgateway
61 | shell: edgemicro configure -o {{ org }} -e {{ env }} -u {{ email }} -p {{ password }}
62 | register: edgemicro_config
63 |
64 | - name: Extract key_string & secret_string
65 | set_fact:
66 | edgemicro_key: "{{ edgemicro_config.stdout | regex_search('key:.*') }}"
67 | edgemicro_secret: "{{ edgemicro_config.stdout | regex_search('secret:.*') }}"
68 |
69 | - name: Parse key & secret
70 | set_fact:
71 | cacheable: true
72 | edgemicro_key: "{{ edgemicro_key.split(':')[1] | trim }}"
73 | edgemicro_secret: "{{ edgemicro_secret.split(':')[1] | trim }}"
74 |
75 | - name: Verify Edge Microgateway
76 | shell: edgemicro verify -o {{ org }} -e {{ env }} -k {{ edgemicro_key }} -s {{ edgemicro_secret }}
77 |
--------------------------------------------------------------------------------
/installations/multi-node/README.md:
--------------------------------------------------------------------------------
1 | # Apigee Edge Installation
2 |
3 | This playbook will complete the installation of an Apigee Edge planet. This installation manages a multiple node
4 | installation of either a single region or multiple regions. The installation of multiple regions follows Apigee
5 | recommendations.
6 |
7 | ## Basic Usage
8 |
9 | The instructions for using this installer is found in the main installations folder [README](../README.md). Please follow
10 | those instructions and use this folder as your execution location for the installation playbook.
--------------------------------------------------------------------------------
/post-installation/README.md:
--------------------------------------------------------------------------------
1 | # Post-Installations Folder
2 |
3 | This folder contains Ansible playbooks that will execute post-installation configurations or maintenance
4 | steps on Apigee components and planets.
5 |
6 | The available Apigee components are:
7 |
8 | | Component Name | Description |
9 | |--- | --- |
10 | | [apigee-user](apigee-user) | Ensures that the `apigee` user exists and that Apigee folders are owned by the `apigee` user. |
11 | | [debug-mode](debug-mode) | Updates Apigee system scripts to emit debugging information. This generates a great deal of output when executing Apigee system scripts. |
12 | | [unlock-edge-user-account](unlock-edge-user-account) | This will unlock a user that has been locked out of an Apigee Edge console. |
13 | | [update-scope](update-analytics-scope) | This script will update the analytics scopes. |
14 | | [validations](validations) | Multiple scripts are provided to validate the status of components used on the Apigee Edge platform. |
15 | | [download-logs](download-logs) | Provides you with the ability to download the logs from the entire Apigee planet or from select nodes. |
16 |
17 |
--------------------------------------------------------------------------------
/post-installation/add/add-components/alpha/add-message-processsor.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Playbook to remove a cassandra
3 | hosts: "{{ target_hosts }}"
4 | gather_facts: no
5 |
6 | vars:
7 | component_name: "edge-message-processor"
8 | orgs_envs:
9 | - { org_name: "rbcapigee", env_name: "sb" }
10 | - { org_name: "rbcapigee", env_name: "prod" }
11 | - { org_name: "rbcapigee", env_name: "prodexternal" }
12 | - { org_name: "adventist", env_name: "prod" }
13 | - { org_name: "adventist", env_name: "dev" }
14 | - { org_name: "adventist", env_name: "test" }
15 | - { org_name: "opdk", env_name: "noi" }
16 | - { org_name: "VALIDATE", env_name: "test" }
17 |
18 | roles:
19 | - { role: apigee-opdk-server-self, server_types: ['mp'] }
20 |
21 | tasks:
22 | - name: Set attributes if available
23 | set_fact:
24 | uuid: "{{ edge_mp_self.uUID }}"
25 | pod: "{{ edge_mp_self.pod }}"
26 |
27 | - name: Assert variables exist
28 | assert:
29 | that:
30 | - region is defined and region | trim | length > 0
31 | - pod is defined and pod | trim | length > 0
32 | - uuid is defined and uuid | trim | length > 0
33 | - opdk_user_email is defined
34 | - opdk_user_pass is defined
35 | msg: "Please provide the missing attribute"
36 |
37 | - name: Register Message Processor with an organization and environments
38 | uri:
39 | url: "http://{{ local_mgmt_ip }}:8080/v1/o/{{ item.org_name }}/e/{{ item.env_name }}/servers"
40 | method: POST
41 | user: '{{ opdk_user_email }}'
42 | password: '{{ opdk_user_pass }}'
43 | body_format: 'form-urlencoded'
44 | body:
45 | uuid: '{{ uuid }}'
46 | action: 'add'
47 | with_items: "{{ orgs_envs }}"
48 |
49 |
--------------------------------------------------------------------------------
/post-installation/add/add-components/alpha/add-router.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Playbook to remove a cassandra
3 | hosts: "{{ target_hosts }}"
4 | gather_facts: no
5 |
6 | vars:
7 | property_folders:
8 | - "~/.apigee-secure"
9 | - "~/.apigee"
10 | component_name: "edge-router"
11 |
12 | roles:
13 | - { role: apigee-opdk-modules, tags: ['minimum', 'config'] }
14 | - { role: apigee-opdk-server-self, server_types: ['router'] }
15 |
16 | tasks:
17 | - name: Set attributes if available
18 | set_fact:
19 | uuid: "{{ edge_router_self.uUID }}"
20 | pod: "{{ edge_router_self.pod }}"
21 |
22 | - name: Assert variables exist
23 | assert:
24 | that:
25 | - region is defined and region | trim | length > 0
26 | - pod is defined and pod | trim | length > 0
27 | - uuid is defined and uuid | trim | length > 0
28 | - opdk_user_email is defined
29 | - opdk_user_pass is defined
30 | msg: "Please provide the missing attribute"
31 |
32 | - name: Register Router
33 | uri:
34 | url: "http://{{ local_mgmt_ip }}:8080/v1/regions/{{ region_name }}/pods/{{ pod }}/servers"
35 | method: POST
36 | user: '{{ opdk_user_email }}'
37 | password: '{{ opdk_user_pass }}'
38 | body_format: 'form-urlencoded'
39 | body:
40 | uuid: '{{ uuid }}'
41 | type: 'router'
42 | action: 'add'
43 |
44 |
--------------------------------------------------------------------------------
/post-installation/add/add-components/requirements.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - src: https://github.com/carlosfrias/apigee-opdk-backup.git
3 |
4 | - src: https://github.com/carlosfrias/apigee-opdk-start-components.git
5 |
6 | - src: https://github.com/carlosfrias/apigee-opdk-stop-components.git
7 |
8 | - src: https://github.com/carlosfrias/apigee-opdk-setup-component.git
9 |
10 | - src: https://github.com/carlosfrias/apigee-opdk-setup-bootstrap-rollback.git
11 |
12 | - src: https://github.com/carlosfrias/apigee-opdk-server-self.git
13 |
14 | - src: https://github.com/carlosfrias/apigee-opdk-modules.git
15 |
16 |
--------------------------------------------------------------------------------
/post-installation/apigee-user/README.md:
--------------------------------------------------------------------------------
1 | # Simplified Apigee User Setup
2 | This script will setup the `apigee` user on the apigee instances and will ensure that Apigee folders
3 | are owned by the `apigee` user.
4 |
5 | ## Usage:
6 | This is an Ansible script and require Ansible. Please follow the usage instructions below:
7 |
8 | ansible-galaxy install -r requirements -f
9 | ansible-playbook update-apigee-user.yml -e target_hosts=
10 |
--------------------------------------------------------------------------------
/post-installation/apigee-user/requirements.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # Updated Readme's
3 | - src: https://github.com/carlosfrias/apigee-opdk-setup-apigee-user.git
4 |
5 | - src: https://github.com/carlosfrias/apigee-opdk-setup-apigee-user-ownership.git
--------------------------------------------------------------------------------
/post-installation/apigee-user/update.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Update Apigee User
3 | hosts: "{{ target_hosts }}"
4 | gather_facts: no
5 | strategy: free
6 | roles:
7 | - { role: apigee-opdk-setup-apigee-user, tags: ['apigee-user'] }
8 | - { role: apigee-opdk-setup-apigee-user-ownership, tags: ['apigee-user'] }
9 |
--------------------------------------------------------------------------------
/post-installation/backup/.gitignore:
--------------------------------------------------------------------------------
1 | # Byte-compiled / optimized / DLL files
2 | __pycache__/
3 | *.py[cod]
4 | *$py.class
5 |
6 | # C extensions
7 | *.so
8 |
9 | # Distribution / packaging
10 | .Python
11 | env/
12 | build/
13 | develop-eggs/
14 | dist/
15 | downloads/
16 | eggs/
17 | .eggs/
18 | lib/
19 | lib64/
20 | parts/
21 | sdist/
22 | var/
23 | *.egg-info/
24 | .installed.cfg
25 | *.egg
26 |
27 | # PyInstaller
28 | # Usually these files are written by a python script from a template
29 | # before PyInstaller builds the exe, so as to inject date/other infos into it.
30 | *.manifest
31 | *.spec
32 |
33 | # Installer logs
34 | pip-log.txt
35 | pip-delete-this-directory.txt
36 |
37 | # Unit test / coverage reports
38 | htmlcov/
39 | .tox/
40 | .coverage
41 | .coverage.*
42 | .cache
43 | nosetests.xml
44 | coverage.xml
45 | *,cover
46 | .hypothesis/
47 |
48 | # Translations
49 | *.mo
50 | *.pot
51 |
52 | # Django stuff:
53 | *.log
54 | local_settings.py
55 |
56 | # Flask stuff:
57 | instance/
58 | .webassets-cache
59 |
60 | # Scrapy stuff:
61 | .scrapy
62 |
63 | # Sphinx documentation
64 | docs/_build/
65 |
66 | # PyBuilder
67 | target/
68 |
69 | # IPython Notebook
70 | .ipynb_checkpoints
71 |
72 | # pyenv
73 | .python-version
74 |
75 | # celery beat schedule file
76 | celerybeat-schedule
77 |
78 | # dotenv
79 | .env
80 |
81 | # virtualenv
82 | venv/
83 | ENV/
84 |
85 | # Spyder project settings
86 | .spyderproject
87 |
88 | # Rope project settings
89 | .ropeproject
90 |
91 | .vagrant
92 | *.iml
93 | archives
94 | .DS_Store
95 | ssh_keys
96 | ansible.log
97 | *.zip
98 | license.txt
99 | *.log
100 | *.tar.gz
101 | *.rpm
102 | *.tar
103 | ansible_fact_cache_dir
104 | *jar
105 | .ansible_cache*
106 | configs_and_logs
107 | redhat-rhui.repo
108 | rhui-load-balancers.conf
109 | out
110 | .idea
111 | *iml
112 | *retry
113 | installations/aio/installation-logs-configs/*
114 |
--------------------------------------------------------------------------------
/post-installation/backup/CONTRIBUTING.md:
--------------------------------------------------------------------------------
1 | # How to Contribute
2 |
3 | We'd love to accept your patches and contributions to this project. There are
4 | just a few small guidelines you need to follow.
5 |
6 | ## Contributor License Agreement
7 |
8 | Contributions to this project must be accompanied by a Contributor License
9 | Agreement. You (or your employer) retain the copyright to your contribution;
10 | this simply gives us permission to use and redistribute your contributions as
11 | part of the project. Head over to to see
12 | your current agreements on file or to sign a new one.
13 |
14 | You generally only need to submit a CLA once, so if you've already submitted one
15 | (even if it was for a different project), you probably don't need to do it
16 | again.
17 |
18 | ## Code reviews
19 |
20 | All submissions, including submissions by project members, require review. We
21 | use GitHub pull requests for this purpose. Consult
22 | [GitHub Help](https://help.github.com/articles/about-pull-requests/) for more
23 | information on using pull requests.
--------------------------------------------------------------------------------
/post-installation/backup/README.md:
--------------------------------------------------------------------------------
1 | Apigee Backup Playbook Sample
2 | =============================
3 |
4 | This playbook demonstrates how to perform backups of Apigee OPDK nodes.
5 |
6 | # Backup a Planet
7 |
8 | You can use this playbook to backup a planet as follows:
9 |
10 | ansible-galaxy install -r requirements.yml -f
11 | ansible-playbook backup.yml
12 |
13 |
14 |
15 | # Not Google Product Clause
16 |
17 | This is not an officially supported Google product.
18 |
19 |
20 | # How to Contribute
21 |
22 | We'd love to accept your patches and contributions to this project. Please review our [guidelines](CONTRIBUTING.md).
23 |
24 |
--------------------------------------------------------------------------------
/post-installation/backup/backup.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Update the planet cache
3 | hosts: edge
4 | tags: ['cache']
5 | vars:
6 | property_folders:
7 | - "~/.apigee-secure"
8 | - "~/.apigee"
9 | roles:
10 | - { role: apigee-opdk-modules }
11 | - { role: apigee-opdk-settings-private-address }
12 | - { role: apigee-opdk-setup-openjdk, tags: ['openjdk'] }
13 | - { role: apigee-opdk-setup-java-home }
14 | - { role: apigee-opdk-setup-bootstrap }
15 |
16 | - name: Backup Zookeeper
17 | serial: 1
18 | hosts: ds
19 | tags: ['zookeeper']
20 | vars:
21 | component_profile: 'apigee-zookeeper'
22 | roles:
23 | - { role: apigee-opdk-backup }
24 |
25 | - name: Backup Cassandra
26 | serial: 1
27 | hosts: ds
28 | tags: ['cassandra']
29 | vars:
30 | component_profile: 'apigee-cassandra'
31 | roles:
32 | - { role: apigee-opdk-backup }
33 |
34 | - name: Backup Router
35 | serial: 1
36 | hosts: rmp,r
37 | tags: ['router']
38 | vars:
39 | component_profile: 'edge-router'
40 | roles:
41 | - { role: apigee-opdk-backup }
42 |
43 | - name: Backup Message Processor
44 | serial: 1
45 | hosts: rmp,mp
46 | tags: ['mp']
47 | vars:
48 | component_profile: 'edge-message-processor'
49 | roles:
50 | - { role: apigee-opdk-backup }
51 |
52 | - name: Backup Edge Postgres Server
53 | serial: 1
54 | hosts: pg
55 | tags: ['ps']
56 | vars:
57 | component_profile: 'edge-postgres-server'
58 | roles:
59 | - { role: apigee-opdk-backup }
60 |
61 | - name: Backup Postgresql Database
62 | serial: 1
63 | hosts: pgmaster,pg[0]
64 | tags: ['pg']
65 | vars:
66 | component_profile: 'apigee-postgresql'
67 | roles:
68 | - { role: apigee-opdk-backup }
69 |
70 | - name: Backup Qpid Server
71 | serial: 1
72 | hosts: qpid
73 | tags: ['qs']
74 | vars:
75 | component_profile: 'edge-qpid-server'
76 | roles:
77 | - { role: apigee-opdk-backup }
78 |
79 | - name: Backup Qpid Queue
80 | serial: 1
81 | hosts: qpid
82 | tags: ['qpid']
83 | vars:
84 | component_profile: 'apigee-qpidd'
85 | roles:
86 | - { role: apigee-opdk-backup }
87 |
88 | - name: Backup LDAP
89 | serial: 1
90 | hosts: ldap
91 | tags: ['ldap']
92 | vars:
93 | component_profile: 'apigee-openldap'
94 | roles:
95 | - { role: apigee-opdk-backup }
96 |
97 | - name: Backup Management Server
98 | serial: 1
99 | hosts: ms
100 | tags: ['ms']
101 | vars:
102 | component_profile: 'edge-management-server'
103 | roles:
104 | - { role: apigee-opdk-backup }
105 |
106 | - name: Backup UI
107 | serial: 1
108 | hosts: ui
109 | tags: ['ui']
110 | vars:
111 | component_profile: 'edge-ui'
112 | roles:
113 | - { role: apigee-opdk-backup }
114 |
--------------------------------------------------------------------------------
/post-installation/backup/requirements.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - src: https://github.com/carlosfrias/apigee-opdk-settings-private-address.git
3 |
4 | - src: https://github.com/carlosfrias/apigee-opdk-backup.git
5 |
6 | - src: https://github.com/carlosfrias/apigee-opdk-restore.git
7 |
8 | - src: https://github.com/carlosfrias/apigee-opdk-modules
9 |
10 | - src: https://github.com/carlosfrias/apigee-opdk-setup-openjdk.git
11 |
12 | - src: https://github.com/carlosfrias/apigee-opdk-setup-java-home.git
13 |
14 | - src: https://github.com/carlosfrias/apigee-opdk-setup-bootstrap.git
15 |
16 | - src: https://github.com/carlosfrias/apigee-opdk-setup-bootstrap-archive-installer.git
17 |
--------------------------------------------------------------------------------
/post-installation/backup/restore.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Update the planet cache
3 | hosts: edge
4 | tags: ['cache']
5 | vars:
6 | property_folders:
7 | - "~/.apigee-secure"
8 | - "~/.apigee"
9 | roles:
10 | - { role: apigee-opdk-modules }
11 | - { role: apigee-opdk-settings-private-address }
12 | - { role: apigee-opdk-setup-openjdk, tags: ['openjdk'] }
13 | - { role: apigee-opdk-setup-java-home }
14 | - { role: apigee-opdk-setup-bootstrap }
15 |
16 | - name: Backup Zookeeper
17 | serial: 1
18 | hosts: ds
19 | tags: ['zookeeper']
20 | vars:
21 | component_profile: 'apigee-zookeeper'
22 | roles:
23 | - { role: apigee-opdk-restore }
24 |
25 | - name: Backup Cassandra
26 | serial: 1
27 | hosts: ds
28 | tags: ['cassandra']
29 | vars:
30 | component_profile: 'apigee-cassandra'
31 | roles:
32 | - { role: apigee-opdk-restore }
33 |
34 | - name: Backup Router
35 | serial: 1
36 | hosts: rmp,r
37 | tags: ['router']
38 | vars:
39 | component_profile: 'edge-router'
40 | roles:
41 | - { role: apigee-opdk-restore }
42 |
43 | - name: Backup Message Processor
44 | serial: 1
45 | hosts: rmp,mp
46 | tags: ['mp']
47 | vars:
48 | component_profile: 'edge-message-processor'
49 | roles:
50 | - { role: apigee-opdk-restore }
51 |
52 | - name: Backup Edge Postgres Server
53 | serial: 1
54 | hosts: pg
55 | tags: ['ps']
56 | vars:
57 | component_profile: 'edge-postgres-server'
58 | roles:
59 | - { role: apigee-opdk-restore }
60 |
61 | - name: Backup Postgresql Database
62 | serial: 1
63 | hosts: pgmaster,pg[0]
64 | tags: ['pg']
65 | vars:
66 | component_profile: 'apigee-postgresql'
67 | roles:
68 | - { role: apigee-opdk-restore }
69 |
70 | - name: Backup Qpid Server
71 | serial: 1
72 | hosts: qpid
73 | tags: ['qs']
74 | vars:
75 | component_profile: 'edge-qpid-server'
76 | roles:
77 | - { role: apigee-opdk-restore }
78 |
79 | - name: Backup Qpid Queue
80 | serial: 1
81 | hosts: qpid
82 | tags: ['qpid']
83 | vars:
84 | component_profile: 'apigee-qpidd'
85 | roles:
86 | - { role: apigee-opdk-restore }
87 |
88 | - name: Backup LDAP
89 | serial: 1
90 | hosts: ldap
91 | tags: ['ldap']
92 | vars:
93 | component_profile: 'apigee-openldap'
94 | roles:
95 | - { role: apigee-opdk-restore }
96 |
97 | - name: Backup Management Server
98 | serial: 1
99 | hosts: ms
100 | tags: ['ms']
101 | vars:
102 | component_profile: 'edge-management-server'
103 | roles:
104 | - { role: apigee-opdk-restore }
105 |
106 | - name: Backup UI
107 | serial: 1
108 | hosts: ui
109 | tags: ['ui']
110 | vars:
111 | component_profile: 'edge-ui'
112 | roles:
113 | - { role: apigee-opdk-restore }
114 |
--------------------------------------------------------------------------------
/post-installation/cassandra-rebuild/rebuild.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Rebuild Cassandra Ring
3 | hosts: ds
4 | gather_facts: no
5 | serial: 1
6 | roles:
7 | - apigee-opdk-cassandra-repair
8 | - apigee-opdk-cassandra-rebuild
9 |
--------------------------------------------------------------------------------
/post-installation/cassandra-rebuild/requirements.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - src: https://github.com/carlosfrias/apigee-opdk-cassandra-rebuild.git
3 | - src: https://github.com/carlosfrias/apigee-opdk-cassandra-repair.git
4 |
5 |
--------------------------------------------------------------------------------
/post-installation/debug-mode/README.md:
--------------------------------------------------------------------------------
1 | # Enable Debug Mode for Apigee Edge Scripts
2 |
3 | The playbook `debug.yml` will set the debug flag on all of the Edge component scripts.
4 |
5 | ## Basic Usage
6 |
7 | To set debug mode you invoke the playbook like this:
8 |
9 | ansible-playbook debug.yml -e opdk_debug_mode='on'
10 |
11 | To unset debug mode you invoke the playbook like this:
12 |
13 | ansible-playbook debug.yml -e opdk_debug_mode='off'
14 |
15 | To set debug mode on the scripts for an Edge component then use the `-e component_name` variable like this:
16 |
17 | ansible-playbook debug.yml -e opdk_debug_mode='on' -e component_name='message-processor'
18 |
19 | ## Dependencies
20 |
21 | This playbook assumes that you followed the instructions for setting up [Ansible](https://github.com/carlosfrias/apigee-opdk-playbook-setup-ansible).
22 | Please refer to the documentation for [apigee-opdk-debug-mode](https://github.com/carlosfrias/apigee-opdk-debug-mode).
23 |
24 | We have created `ansible-galaxy` requirement file `requirements.yml` that will download the roles
25 | used by this playbook and install them for usage according to your configuration. You can download and install the
26 | required roles like this:
27 |
28 | ansible-galaxy install -r requirements.yml -f
29 |
30 |
--------------------------------------------------------------------------------
/post-installation/debug-mode/debug.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Set or unset bash debug flag in apigee scripts
3 | hosts: "{{ target_hosts }}"
4 | gather_facts: no
5 |
6 | roles:
7 | - { role: apigee-opdk-debug-mode }
8 |
--------------------------------------------------------------------------------
/post-installation/debug-mode/requirements.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - src: https://github.com/carlosfrias/apigee-opdk-setup-default-settings.git
3 |
4 | - src: https://github.com/carlosfrias/apigee-opdk-debug-mode.git
5 |
--------------------------------------------------------------------------------
/post-installation/download-logs/README.md:
--------------------------------------------------------------------------------
1 | # Download Apigee Logs
2 |
3 | # Overview
4 | This playbook downloads the logs and configuration settings from an Apigee platform node.
5 |
6 | # Requirements
7 |
8 | This playbook assumes that an [inventory](../../README-ansible-inventory.md) will be configured using ansible.cfg or on the command line.
9 |
10 | # Usage
11 |
12 | ansible-galaxy install -r requirements.yml -f
13 | ansible-playbook download-logs.yml -e target_hosts=[ planet | edge | ms | ds | rmp | qpid | pg ]
--------------------------------------------------------------------------------
/post-installation/download-logs/download.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Retrieve log files
3 | hosts: "{{ target_hosts | default('planet') }}"
4 | gather_facts: no
5 | vars:
6 | property_folders:
7 | - "~/.apigee-secure"
8 | - "~/.apigee"
9 |
10 | roles:
11 | - { role: apigee-opdk-modules }
12 | - { role: apigee-opdk-setup-bootstrap-cache }
13 | - { role: apigee-fetch-files, download_pattern: "{{ pattern }}", download_folder: "{{ target_logs_folder }}" }
14 |
--------------------------------------------------------------------------------
/post-installation/download-logs/requirements.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # Updated Readme's
3 | - src: https://github.com/carlosfrias/apigee-fetch-files.git
4 |
5 | - src: https://github.com/carlosfrias/apigee-opdk-modules.git
6 |
7 | - src: https://github.com/carlosfrias/apigee-opdk-setup-bootstrap-cache.git
8 |
--------------------------------------------------------------------------------
/post-installation/expand-planet-regions/install.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Register Cassandra & Zookeeper in Region with No Management Server
3 | hosts: "{{ target_hosts }}"
4 | gather_facts: no
5 | serial: 1
6 | tags: ['ds','edge']
7 | vars:
8 | property_folders:
9 | - "~/.apigee-secure"
10 | - "~/.apigee"
11 | roles:
12 | - { role: apigee-opdk-modules, tags: ['minimum', 'config', 'ds-config'] }
13 | - { role: apigee-opdk-settings-private-address, tags: ['minimum', 'cache', 'ds', 'ms', 'rmp', 'r', 'mp', 'qpid', 'pg', 'pgmaster', 'pgstandby', 'org', 'validate', 'validate-cleanup'] }
14 | - { role: apigee-opdk-settings-management-server, tags: ['minimum', 'cache', 'ds', 'ms', 'rmp', 'r', 'mp', 'qpid', 'pg', 'pgmaster', 'pgstandby', 'org', 'validate', 'validate-cleanup'] }
15 | - { role: apigee-opdk-settings-ldap, tags: ['minimum', 'cache', 'ds', 'ms', 'rmp', 'r', 'mp', 'qpid', 'pg', 'pgmaster', 'pgstandby', 'org', 'validate', 'validate-cleanup'] }
16 | - { role: apigee-opdk-settings-region, tags: ['minimum', 'cache', 'ds', 'ms', 'rmp', 'r', 'mp', 'qpid', 'pg', 'pgmaster', 'pgstandby', 'org', 'validate', 'validate-cleanup'] }
17 | - { role: apigee-opdk-settings-cassandra, tags: ['minimum', 'cache', 'ds', 'ms', 'rmp', 'r', 'mp', 'qpid', 'pg', 'pgmaster', 'pgstandby', 'org', 'validate', 'validate-cleanup'] }
18 | - { role: apigee-opdk-settings-postgres, tags: ['minimum', 'cache', 'ds', 'ms', 'rmp', 'r', 'mp', 'qpid', 'pg', 'pgmaster', 'pgstandby', 'org', 'validate', 'validate-cleanup'] }
19 | - { role: apigee-opdk-setup-silent-installation-config, tags: ['minimum', 'config', 'ds-config'] }
20 | - { role: apigee-opdk-setup-cassandra-registration }
21 | - { role: apigee-opdk-start-components, tags: ['ds-start', 'start'] }
22 | - { role: apigee-opdk-cassandra-rebuild }
23 | - { role: apigee-opdk-setup-status, tags: ['ds-status', 'status'] }
24 |
25 |
--------------------------------------------------------------------------------
/post-installation/expand-planet-regions/requirements.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # Ansible Roles for Setting Operating System Requirements
3 | - src: https://github.com/carlosfrias/apigee-opdk-setup-apigee-user.git
4 |
5 | - src: https://github.com/carlosfrias/apigee-opdk-setup-apigee-user-ownership.git
6 |
7 | - src: https://github.com/carlosfrias/apigee-opdk-setup-os-common.git
8 |
9 | - src: https://github.com/carlosfrias/apigee-opdk-setup-os-minimum.git
10 |
11 | - src: https://github.com/carlosfrias/apigee-opdk-setup-os-limits.git
12 |
13 | - src: https://github.com/carlosfrias/apigee-opdk-setup-os-epel.git
14 |
15 | - src: https://github.com/carlosfrias/apigee-opdk-setup-os-sysctl.git
16 |
17 | - src: https://github.com/carlosfrias/apigee-opdk-setup-os-postgres.git
18 |
19 | - src: https://github.com/carlosfrias/apigee-opdk-setup-openjdk.git
20 |
21 | - src: https://github.com/carlosfrias/apigee-opdk-setup-selinux-disable.git
22 |
23 | - src: https://github.com/carlosfrias/apigee-opdk-shutdown-iptables.git
24 |
25 | - src: https://github.com/carlosfrias/apigee-opdk-yum-repository-proxy-config.git
26 |
27 | - src: https://github.com/carlosfrias/apigee-opdk-yum-packages.git
28 |
29 | - src: https://github.com/carlosfrias/apigee-server-restart.git
30 |
31 |
32 | # Ansible Roles for Bootstrap Installation and Setup
33 | - src: https://github.com/carlosfrias/apigee-opdk-setup-bootstrap.git
34 |
35 | - src: https://github.com/carlosfrias/apigee-opdk-setup-bootstrap-archive-installer.git
36 |
37 | - src: https://github.com/carlosfrias/apigee-opdk-setup-component-install.git
38 |
39 |
40 | # Ansible Roles for Component Installation and Setup
41 | - src: https://github.com/carlosfrias/apigee-opdk-setup-silent-installation-config.git
42 |
43 | - src: https://github.com/carlosfrias/apigee-opdk-setup-component.git
44 |
45 | - src: https://github.com/carlosfrias/apigee-opdk-setup-component-installer.git
46 |
47 | - src: https://github.com/carlosfrias/apigee-opdk-setup-java-home.git
48 |
49 | - src: https://github.com/carlosfrias/apigee-opdk-setup-postgres-config.git
50 |
51 | - src: https://github.com/carlosfrias/apigee-opdk-setup-postgres-master.git
52 |
53 | - src: https://github.com/carlosfrias/apigee-opdk-setup-postgres-standby.git
54 |
55 | - src: https://github.com/carlosfrias/apigee-opdk-setup-status.git
56 |
57 | - src: https://github.com/carlosfrias/apigee-opdk-modules.git
58 |
59 | - src: https://github.com/carlosfrias/apigee-opdk-server-self.git
60 |
61 | - src: https://github.com/carlosfrias/apigee-opdk-start-components.git
62 |
63 | - src: https://github.com/carlosfrias/apigee-opdk-stop-components.git
64 |
65 | - src: https://github.com/carlosfrias/apigee-opdk-setup-license.git
66 |
67 | - src: https://github.com/carlosfrias/apigee-opdk-settings-ldap.git
68 |
69 | - src: https://github.com/carlosfrias/apigee-opdk-settings-management-server.git
70 |
71 | - src: https://github.com/carlosfrias/apigee-opdk-settings-postgres.git
72 |
73 | - src: https://github.com/carlosfrias/apigee-opdk-settings-private-address.git
74 |
75 | - src: https://github.com/carlosfrias/apigee-opdk-settings-cassandra.git
76 |
77 | - src: https://github.com/carlosfrias/apigee-opdk-settings-region.git
78 |
79 | - src: https://github.com/carlosfrias/apigee-opdk-setup-scopes-add.git
80 |
81 | #- src: https://github.com/carlosfrias/apigee-opdk-setup-env-vars.git
82 |
83 | - src: https://github.com/carlosfrias/apigee-opdk-server-registration-state.git
84 |
85 | - src: https://github.com/carlosfrias/apigee-opdk-setup-cassandra-registration.git
86 |
87 |
88 | # Ansible Roles for Creating and Configuring Orgs
89 | - src: https://github.com/carlosfrias/apigee-opdk-setup-org-config.git
90 |
91 | - src: https://github.com/carlosfrias/apigee-opdk-setup-org.git
92 |
93 | - src: https://github.com/carlosfrias/apigee-opdk-setup-validate.git
94 |
95 | - src: https://github.com/carlosfrias/apigee-opdk-setup-validate-cleanup.git
96 |
97 | - src: https://github.com/carlosfrias/apigee-opdk-cassandra-rebuild.git
98 |
99 |
--------------------------------------------------------------------------------
/post-installation/manage-virtual-hosts/create-vh.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Collect server info into cache
3 | hosts: ms
4 | gather_facts: no
5 | roles:
6 | - { role: apigee-opdk-modules }
7 | - { role: apigee-opdk-settings-region }
8 | - { role: apigee-opdk-settings-private-address }
9 | - { role: apigee-opdk-settings-management-server }
10 |
11 | - name: Configure Organizations, Environments and Virtual Hosts
12 | hosts: ms[0]
13 | gather_facts: no
14 | vars:
15 | # Default for first_name in creating new user
16 | first_name: Carlos
17 |
18 | # Default for last_name in creating new user
19 | last_name: Frias
20 |
21 | # Version of OPDK to work with
22 | opdk_version: 4.18.05
23 |
24 | # Virtual Host Port
25 | virtual_host_port: 9002
26 |
27 | # Virtual Host Name to use inside of Edge
28 | virtual_host_name: virtual-host-2
29 |
30 | # Load balancer fqdn or IP if available, if not available the RMP addresses will be used
31 | # load_balancer:
32 |
33 | # Analytics group to use with this virtual host
34 | ax_group: axgroup001
35 |
36 | # Folder containing credentials
37 | property_folders:
38 | - "~/.apigee-secure"
39 |
40 | # Orgs and environments to define and associate with this virtual host
41 | tenants:
42 | - { org: opdk, env: test, new_user: 'n' }
43 | # - { org: opdk, env: prod, new_user: 'n' }
44 |
45 | roles:
46 | - { role: apigee-opdk-modules }
47 | - { role: apigee-opdk-setup-org-config}
48 | - { role: apigee-opdk-setup-org}
49 |
--------------------------------------------------------------------------------
/post-installation/manage-virtual-hosts/requirements.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - src: https://github.com/carlosfrias/apigee-opdk-modules.git
3 |
4 | - src: https://github.com/carlosfrias/apigee-opdk-settings-region.git
5 |
6 | - src: https://github.com/carlosfrias/apigee-opdk-settings-management-server.git
7 |
8 | - src: https://github.com/carlosfrias/apigee-opdk-settings-private-address.git
9 |
10 | - src: https://github.com/carlosfrias/apigee-opdk-setup-org.git
11 |
12 | - src: https://github.com/carlosfrias/apigee-opdk-setup-org-config.git
13 |
14 | - src: https://github.com/carlosfrias/apigee-opdk-setup-scopes-add.git
15 |
16 |
--------------------------------------------------------------------------------
/post-installation/remove/remove-components/remove-analytics.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Playbook to remove analytics
3 | hosts: "{{ target_hosts }}"
4 | strategy: free
5 | gather_facts: no
6 |
7 | vars:
8 | remove_apigee: true
9 | clear_logs: true
10 | property_folders:
11 | - '~/.apigee'
12 | - '~/.apigee-secure'
13 |
14 | roles:
15 | - { role: apigee-opdk-modules }
16 | - { role: apigee-opdk-settings-private-address, tags: ['minimum', 'cache', 'ds', 'ms', 'rmp', 'r', 'mp', 'qpid', 'pg', 'pgmaster', 'pgstandby', 'org', 'validate', 'validate-cleanup'] }
17 | - { role: apigee-opdk-settings-management-server, tags: ['minimum', 'cache', 'ds', 'ms', 'rmp', 'r', 'mp', 'qpid', 'pg', 'pgmaster', 'pgstandby', 'org', 'validate', 'validate-cleanup'] }
18 | - { role: apigee-opdk-settings-ldap, tags: ['minimum', 'cache', 'ds', 'ms', 'rmp', 'r', 'mp', 'qpid', 'pg', 'pgmaster', 'pgstandby', 'org', 'validate', 'validate-cleanup'] }
19 | - { role: apigee-opdk-settings-region, tags: ['minimum', 'cache', 'ds', 'ms', 'rmp', 'r', 'mp', 'qpid', 'pg', 'pgmaster', 'pgstandby', 'org', 'validate', 'validate-cleanup'] }
20 | - { role: apigee-opdk-settings-cassandra, tags: ['minimum', 'cache', 'ds', 'ms', 'rmp', 'r', 'mp', 'qpid', 'pg', 'pgmaster', 'pgstandby', 'org', 'validate', 'validate-cleanup'] }
21 | - { role: apigee-opdk-settings-postgres, tags: ['minimum', 'cache', 'ds', 'ms', 'rmp', 'r', 'mp', 'qpid', 'pg', 'pgmaster', 'pgstandby', 'org', 'validate', 'validate-cleanup'] }
22 | - { role: apigee-opdk-server-self, server_types: ['qs'], tags: ['self'] }
23 | - { role: apigee-opdk-server-self, server_types: ['ps'], tags: ['self'] }
24 | - { role: apigee-opdk-setup-postgres-remove }
25 | - { role: apigee-opdk-setup-qpid-remove }
26 | - { role: apigee-opdk-setup-scopes-remove }
27 | - { role: apigee-opdk-setup-axgroup-remove }
28 | - { role: apigee-opdk-setup-bootstrap-rollback, tags: ['rollback'] }
29 | - { role: apigee-server-restart, tags: ['restart'] }
30 |
31 |
--------------------------------------------------------------------------------
/post-installation/remove/remove-components/remove-apigee.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Playbook to remove apigee
3 | hosts: "{{ target_hosts }}"
4 | strategy: free
5 | gather_facts: no
6 |
7 | vars:
8 | remove_apigee: true
9 | clear_logs: true
10 | property_folders:
11 | - '~/.apigee'
12 | - '~/.apigee-secure'
13 |
14 | roles:
15 | - { role: apigee-opdk-modules }
16 | - { role: apigee-opdk-setup-bootstrap-rollback, tags: ['rollback-only'] }
17 | - { role: apigee-server-restart, tags: ['restart'] }
18 |
19 |
--------------------------------------------------------------------------------
/post-installation/remove/remove-components/remove-cassandra.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Playbook to remove a cassandra
3 | hosts: "{{ target_hosts }}"
4 | gather_facts: no
5 |
6 | vars:
7 | nodetool: /opt/apigee/apigee-cassandra/bin/nodetool
8 | property_folders:
9 | - '~/.apigee'
10 | - '~/.apigee-secure'
11 | component_name: "apigee-cassandra"
12 |
13 | roles:
14 | - apigee-opdk-cassandra-repair
15 | - apigee-opdk-cassandra-rebuild
16 |
17 | tasks:
18 | - name: Backup component
19 | tags: ['backup']
20 | import_role:
21 | name: apigee-opdk-backup
22 |
23 | - name: Assert variables exist
24 | assert:
25 | that:
26 | - private_address is defined and private_address | trim | length > 0
27 | - nodetool is defined and nodetool | trim | length > 0
28 | msg: "Please provide the missing attribute"
29 |
30 | - name: Assert nodetool_delegate has been indicated
31 | assert:
32 | that:
33 | - nodetool_delegate is defined and nodetool_delegate | ipaddr
34 | msg: "Please provide the IP address of the nodetool_delegate attribute"
35 |
36 | - name: Cassandra target private address
37 | set_fact:
38 | target_cassandra_private_address: "{{ private_address }}"
39 |
40 | - name: Obtain Nodetool status
41 | shell: "{{ nodetool }} status | grep {{ target_cassandra_private_address }}"
42 | register: nodetool_status
43 | delegate_to: "{{ nodetool_delegate }}"
44 |
45 | - name: Obtain node UUID
46 | set_fact:
47 | cacheable: yes
48 | cassandra_uuid: "{{ nodetool_status.stdout.split(' ')[-3] }}"
49 | when: nodetool_status is defined
50 |
51 | - name: Decommission cassandra node
52 | command: "{{ apigee_service }} apigee-cassandra decommission"
53 |
54 | - block:
55 | - name: Remove node that is not a part of the ring
56 | command: "{{ nodetool }} removenode {{ cassandra_uuid }}"
57 | delegate_to: "{{ nodetool_delegate }}"
58 |
59 | rescue:
60 | - name: Remove node that is not a part of the ring, using removenode force
61 | ignore_errors: true
62 | command: "{{ nodetool }} removenode force {{ cassandra_uuid }} "
63 | delegate_to: "{{ nodetool_delegate }}"
64 |
65 | - name: Remove Cassandra
66 | include_tasks: remove-component.yml
67 |
--------------------------------------------------------------------------------
/post-installation/remove/remove-components/remove-component.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Assert component_name exists
3 | assert:
4 | that:
5 | - component_name is defined
6 | msg: "Please provide the component_name"
7 |
8 | - name: Stop component
9 | import_role:
10 | name: apigee-opdk-stop-components
11 |
12 | - name: Uninstall component
13 | tags: ['uninstall']
14 | ignore_errors: yes
15 | shell: "/opt/apigee/apigee-service/bin/apigee-service {{ component_name }} uninstall"
16 | args:
17 | removes: "{{ apigee_home }}/{{ component_name }}"
18 | when: apigee_service is defined and apigee_service | trim | length > 0
19 |
20 | - name: Remove component files
21 | tags: ['remove']
22 | become: yes
23 | file:
24 | path: '{{ apigee_home }}/data/{{ component_name }}'
25 | state: absent
26 | follow: yes
27 |
--------------------------------------------------------------------------------
/post-installation/remove/remove-components/remove-message-processsor.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Playbook to remove a message processor
3 | hosts: "{{ target_hosts }}"
4 | gather_facts: no
5 |
6 | vars:
7 | property_folders:
8 | - '~/.apigee'
9 | - '~/.apigee-secure'
10 | component_name: "edge-message-processor"
11 | orgs_envs:
12 | - { org_name: "opdk", env_name: "test" }
13 |
14 | roles:
15 | - { role: apigee-opdk-modules }
16 | - { role: apigee-opdk-server-self, server_types: ['mp'] }
17 |
18 | tasks:
19 | - name: Set attributes if available
20 | set_fact:
21 | uuid: "{{ edge_mp_self.uUID }}"
22 | pod_name: "{{ edge_mp_self.pod }}"
23 |
24 | - name: Assert variables exist
25 | assert:
26 | that:
27 | - region is defined and region | trim | length > 0
28 | - pod_name is defined and pod_name | trim | length > 0
29 | - uuid is defined and uuid | trim | length > 0
30 | - opdk_user_email is defined
31 | - opdk_user_pass is defined
32 | msg: "Please provide the missing attribute"
33 |
34 | - name: Deregister Message Processor from the organization's environments
35 | uri:
36 | url: "http://{{ local_mgmt_ip }}:8080/v1/o/{{ item.org_name }}/e/{{ item.env_name }}/servers"
37 | method: POST
38 | user: '{{ opdk_user_email }}'
39 | password: '{{ opdk_user_pass }}'
40 | body_format: 'form-urlencoded'
41 | body:
42 | uuid: '{{ uuid }}'
43 | action: 'remove'
44 | pod: "{{ pod_name }}"
45 | region: "{{ region }}"
46 | with_items: "{{ orgs_envs }}"
47 |
48 | - name: Deregister server's type
49 | uri:
50 | url: "http://{{ local_mgmt_ip }}:8080/v1/servers"
51 | method: POST
52 | user: '{{ opdk_user_email }}'
53 | password: '{{ opdk_user_pass }}'
54 | force: yes
55 | status_code: ['200', '404']
56 | body_format: 'form-urlencoded'
57 | body:
58 | uuid: '{{ uuid }}'
59 | region: '{{ region }}'
60 | pod: '{{ pod_name }}'
61 | type: 'message-processor'
62 | action: 'remove'
63 |
64 | - name: Delete the server
65 | shell: "curl -v -u {{ opdk_user_email }}:{{ opdk_user_pass }} -X DELETE http://{{ local_mgmt_ip }}:8080/v1/servers/{{ uuid }}"
66 |
67 | # This isn't working and the curl is necessary.
68 | # - name: Delete the server
69 | # uri:
70 | # url: "http://{{ local_mgmt_ip }}:8080/v1/servers/{{ uuid }}"
71 | # method: DELETE
72 | # user: '{{ opdk_user_email }}'
73 | # password: '{{ opdk_user_pass }}'
74 | # body_format: 'form-urlencoded'
75 | # force: yes
76 | # force_basic_auth: yes
77 |
78 | - name: Remove message processor
79 | include_tasks: remove-component.yml
80 |
--------------------------------------------------------------------------------
/post-installation/remove/remove-components/remove-router.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Playbook to remove a router
3 | hosts: "{{ target_hosts }}"
4 | gather_facts: no
5 |
6 | vars:
7 | property_folders:
8 | - '~/.apigee'
9 | - '~/.apigee-secure'
10 | component_name: "edge-router"
11 |
12 | roles:
13 | - { role: apigee-opdk-modules }
14 | - { role: apigee-opdk-server-self, server_types: ['router'] }
15 |
16 | tasks:
17 | - name: Set attributes if available
18 | set_fact:
19 | uuid: "{{ edge_router_self.uUID }}"
20 | pod_name: "{{ edge_router_self.pod }}"
21 |
22 | - name: Assert variables exist
23 | assert:
24 | that:
25 | - region is defined and region | trim | length > 0
26 | - pod_name is defined and pod_name | trim | length > 0
27 | - uuid is defined and uuid | trim | length > 0
28 | - opdk_user_email is defined
29 | - opdk_user_pass is defined
30 | msg: "Please provide the missing attribute"
31 |
32 | - name: Deregister server's type
33 | uri:
34 | url: "http://{{ local_mgmt_ip }}:8080/v1/servers"
35 | method: POST
36 | user: '{{ opdk_user_email }}'
37 | password: '{{ opdk_user_pass }}'
38 | status_code: ['200','404']
39 | body_format: 'form-urlencoded'
40 | body:
41 | uuid: '{{ uuid }}'
42 | region: '{{ region }}'
43 | pod_name: '{{ pod_name }}'
44 | type: 'router'
45 | action: 'remove'
46 |
47 | - name: Delete the server
48 | uri:
49 | url: http://{{ local_mgmt_ip }}:8080/v1/servers/{{ uuid }}
50 | method: DELETE
51 | status_code: ['200','404']
52 | user: '{{ opdk_user_email }}'
53 | password: '{{ opdk_user_pass }}'
54 |
55 | - name: Remove Router
56 | include_tasks: remove-component.yml
57 |
--------------------------------------------------------------------------------
/post-installation/remove/remove-components/remove-zookeeper.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Playbook to remove zookeeper
3 | hosts: "{{ target_hosts }}"
4 | gather_facts: no
5 |
6 | vars:
7 | property_folders:
8 | - '~/.apigee'
9 | - '~/.apigee-secure'
10 | component_name: "apigee-zookeeper"
11 |
12 | tasks:
13 | - name: Backup component
14 | tags: ['backup']
15 | import_role:
16 | name: apigee-opdk-backup
17 |
18 | - name: Remove Zookeeper
19 | include_tasks: remove-component.yml
20 |
--------------------------------------------------------------------------------
/post-installation/remove/remove-components/requirements.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - src: https://github.com/carlosfrias/apigee-opdk-backup.git
3 |
4 | - src: https://github.com/carlosfrias/apigee-opdk-start-components.git
5 |
6 | - src: https://github.com/carlosfrias/apigee-opdk-stop-components.git
7 |
8 | - src: https://github.com/carlosfrias/apigee-opdk-setup-bootstrap-rollback.git
9 |
10 | - src: https://github.com/carlosfrias/apigee-opdk-setup-postgres-remove.git
11 |
12 | - src: https://github.com/carlosfrias/apigee-opdk-setup-qpid-remove.git
13 |
14 | - src: https://github.com/carlosfrias/apigee-opdk-setup-scopes-remove.git
15 |
16 | - src: https://github.com/carlosfrias/apigee-opdk-setup-axgroup-remove.git
17 |
18 | - src: https://github.com/carlosfrias/apigee-opdk-server-self.git
19 |
20 | - src: https://github.com/carlosfrias/apigee-opdk-modules.git
21 |
22 | - src: https://github.com/carlosfrias/apigee-opdk-settings-private-address.git
23 |
24 | - src: https://github.com/carlosfrias/apigee-opdk-settings-management-server.git
25 |
26 | - src: https://github.com/carlosfrias/apigee-opdk-settings-ldap.git
27 |
28 | - src: https://github.com/carlosfrias/apigee-opdk-settings-region.git
29 |
30 | - src: https://github.com/carlosfrias/apigee-opdk-settings-cassandra.git
31 |
32 | - src: https://github.com/carlosfrias/apigee-opdk-settings-postgres.git
33 |
34 |
--------------------------------------------------------------------------------
/post-installation/remove/remove-environment/remove-all-environments.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Update local cache
3 | hosts: edge
4 | gather_facts: no
5 | tags: ['cache']
6 | vars:
7 | property_folders:
8 | - "~/.apigee"
9 | roles:
10 | - { role: apigee-opdk-modules }
11 | - { role: apigee-opdk-setup-openjdk-cache, jdk_version: '1.8' }
12 | - { role: apigee-opdk-settings-private-address }
13 | - { role: apigee-opdk-settings-management-server }
14 | - { role: apigee-opdk-settings-ldap }
15 | - { role: apigee-opdk-settings-region }
16 | - { role: apigee-opdk-settings-cassandra }
17 | - { role: apigee-opdk-settings-postgres }
18 | - { role: apigee-opdk-setup-bootstrap-cache }
19 |
20 | - name: Remove virtual hosts
21 | hosts: ms[0]
22 | gather_facts: no
23 | vars:
24 | property_folders:
25 | - "~/.apigee-secure"
26 | roles:
27 | - { role: apigee-opdk-modules }
28 |
29 | tasks:
30 |
31 | - name: Assert the organization name
32 | assert:
33 | that:
34 | - org_name is defined and org_name | trim | length > 0
35 | msg: Please provide the organization name from which to remove all environments.
36 |
37 | - name: Obtain list of environments from org
38 | uri:
39 | url: "http://{{ local_mgmt_ip }}:{{ ms_port }}/v1/o/{{ org_name }}/e"
40 | user: "{{ opdk_user_email }}"
41 | password: "{{ opdk_user_pass }}"
42 | register: list
43 |
44 | - name: Delete all environments from org
45 | uri:
46 | url: "http://{{ local_mgmt_ip }}:{{ ms_port }}/v1/o/{{ org_name }}/e/{{ item }}"
47 | user: "{{ opdk_user_email }}"
48 | password: "{{ opdk_user_pass }}"
49 | method: DELETE
50 | with_items: "{{ list.json }}"
51 |
--------------------------------------------------------------------------------
/post-installation/remove/remove-environment/remove-environment.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Update local cache
3 | hosts: edge
4 | gather_facts: no
5 | tags: ['cache']
6 | vars:
7 | property_folders:
8 | - "~/.apigee"
9 |
10 | roles:
11 | - { role: apigee-opdk-modules }
12 | - { role: apigee-opdk-setup-openjdk-cache, jdk_version: '1.8' }
13 | - { role: apigee-opdk-settings-private-address }
14 | - { role: apigee-opdk-settings-management-server }
15 | - { role: apigee-opdk-settings-ldap }
16 | - { role: apigee-opdk-settings-region }
17 | - { role: apigee-opdk-settings-cassandra }
18 | - { role: apigee-opdk-settings-postgres }
19 |
20 | - name: Remove virtual hosts
21 | hosts: ms[0]
22 | gather_facts: no
23 | vars:
24 | property_folders:
25 | - "~/.apigee-secure"
26 |
27 | roles:
28 | - { role: apigee-opdk-modules }
29 |
30 | tasks:
31 | - name: Assert the environment name
32 | assert:
33 | that:
34 | - org_name is defined and org_name | trim | length > 0
35 | - env_name is defined and env_name | trim | length > 0
36 | msg: Please provide the environment name to remove from an organization.
37 |
38 | - name: Delete environment
39 | uri:
40 | url: "http://{{ local_mgmt_ip }}:{{ ms_port }}/v1/o/{{ org_name }}/e/{{ env_name }}"
41 | user: "{{ opdk_user_email }}"
42 | password: "{{ opdk_user_pass }}"
43 | method: DELETE
44 |
--------------------------------------------------------------------------------
/post-installation/remove/remove-environment/requirements.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - src: https://github.com/carlosfrias/apigee-opdk-modules.git
3 |
4 | - src: https://github.com/carlosfrias/apigee-opdk-settings-region.git
5 |
6 | - src: https://github.com/carlosfrias/apigee-opdk-settings-management-server.git
7 |
8 | - src: https://github.com/carlosfrias/apigee-opdk-settings-private-address.git
9 |
10 |
11 |
--------------------------------------------------------------------------------
/post-installation/remove/remove-pods/remove-all-pods.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Remove servers
3 | hosts: ms[0]
4 | gather_facts: no
5 | vars:
6 | org: VALIDATE
7 | property_folders:
8 | - "~/.apigee-secure"
9 | roles:
10 | - { role: apigee-opdk-modules }
11 | - { role: apigee-opdk-settings-region }
12 | - { role: apigee-opdk-settings-private-address }
13 | - { role: apigee-opdk-settings-management-server }
14 |
15 | tasks:
16 | - name: Obtain list of environments for organizations
17 | uri:
18 | url: "http://{{ local_mgmt_ip }}:{{ ms_port }}/v1/o/{{ org }}/pods"
19 | user: "{{ opdk_user_email }}"
20 | password: "{{ opdk_user_pass }}"
21 | register: pod_list
22 |
23 | - name: Delete pods
24 | uri:
25 | url: "http://{{ local_mgmt_ip }}:{{ ms_port }}/v1/o/{{ org }}/pods"
26 | user: "{{ opdk_user_email }}"
27 | password: "{{ opdk_user_pass }}"
28 | method: DELETE
29 | body_format: form-urlencoded
30 | body:
31 | action: "remove"
32 | region: "{{ region }}"
33 | pod: "{{ item.name }}"
34 | with_items: "{{ pod_list.json }}"
35 |
--------------------------------------------------------------------------------
/post-installation/remove/remove-servers/delete-servers-by-environment.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Obtain list of servers for the environment
3 | uri:
4 | url: "http://{{ local_mgmt_ip }}:{{ ms_port }}/v1/o/{{ org }}/e/{{ each_env }}/servers"
5 | user: "{{ opdk_user_email }}"
6 | password: "{{ opdk_user_pass }}"
7 | register: server_uuids
8 |
9 | - name: Delete servers from environment
10 | uri:
11 | url: "http://{{ local_mgmt_ip }}:{{ ms_port }}/v1/organizations/{{ org }}/environments/{{ each_env }}/servers"
12 | user: "{{ opdk_user_email }}"
13 | password: "{{ opdk_user_pass }}"
14 | method: POST
15 | body_format: form-urlencoded
16 | body:
17 | action: "remove"
18 | uuid: "{{ item }}"
19 | region: "{{ region }}"
20 | pod: "{{ pod }}"
21 | with_items: "{{ server_uuids.json }}"
22 |
--------------------------------------------------------------------------------
/post-installation/remove/remove-servers/remove.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Remove servers
3 | hosts: ms[0]
4 | gather_facts: no
5 | vars:
6 | org: VALIDATE
7 | env: dev
8 | pod: gateway
9 | property_folders:
10 | - "~/.apigee-secure"
11 | roles:
12 | - { role: apigee-opdk-modules }
13 | - { role: apigee-opdk-settings-region }
14 | - { role: apigee-opdk-settings-private-address }
15 | - { role: apigee-opdk-settings-management-server }
16 |
17 | tasks:
18 | - name: Obtain list of environments for organizations
19 | uri:
20 | url: "http://{{ local_mgmt_ip }}:{{ ms_port }}/v1/o/{{ org }}/e"
21 | user: "{{ opdk_user_email }}"
22 | password: "{{ opdk_user_pass }}"
23 | register: env_list
24 |
25 | - name: Obtain list of servers by environment
26 | include_tasks: delete-servers-by-environment.yml
27 | with_items: "{{ env_list.json }}"
28 | loop_control:
29 | loop_var: each_env
30 |
31 |
--------------------------------------------------------------------------------
/post-installation/remove/remove-servers/requirements.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - src: https://github.com/carlosfrias/apigee-opdk-modules.git
3 |
4 | - src: https://github.com/carlosfrias/apigee-opdk-settings-region.git
5 |
6 | - src: https://github.com/carlosfrias/apigee-opdk-settings-management-server.git
7 |
8 | - src: https://github.com/carlosfrias/apigee-opdk-settings-private-address.git
9 |
10 |
11 |
--------------------------------------------------------------------------------
/post-installation/remove/remove-virtualhosts/remove.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Remove virtual hosts
3 | hosts: ms[0]
4 | gather_facts: no
5 | vars:
6 | org: opdk
7 | env: test
8 | property_folders:
9 | - "~/.apigee-secure"
10 | roles:
11 | - { role: apigee-opdk-modules }
12 | - { role: apigee-opdk-settings-region }
13 | - { role: apigee-opdk-settings-private-address }
14 | - { role: apigee-opdk-settings-management-server }
15 |
16 | tasks:
17 | - name: Obtain list of virtual hosts
18 | uri:
19 | url: "http://{{ local_mgmt_ip }}:{{ ms_port }}/v1/o/{{ org }}/e/{{ env }}/virtualhosts"
20 | user: "{{ opdk_user_email }}"
21 | password: "{{ opdk_user_pass }}"
22 | register: list
23 |
24 | - name: Delete virtual hosts
25 | uri:
26 | url: "http://{{ local_mgmt_ip }}:{{ ms_port }}/v1/o/{{ org }}/e/{{ env }}/virtualhosts/{{ item }}"
27 | user: "{{ opdk_user_email }}"
28 | password: "{{ opdk_user_pass }}"
29 | method: DELETE
30 | with_items: "{{ list.json }}"
31 |
--------------------------------------------------------------------------------
/post-installation/remove/remove-virtualhosts/requirements.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - src: https://github.com/carlosfrias/apigee-opdk-modules.git
3 |
4 | - src: https://github.com/carlosfrias/apigee-opdk-settings-region.git
5 |
6 | - src: https://github.com/carlosfrias/apigee-opdk-settings-management-server.git
7 |
8 | - src: https://github.com/carlosfrias/apigee-opdk-settings-private-address.git
9 |
10 |
11 |
--------------------------------------------------------------------------------
/post-installation/restart-planet/README.md:
--------------------------------------------------------------------------------
1 | # Restart an Apigee Planet
2 |
3 | It is sometimes necessary to restart an Apigee Planet. This could mean that you only need to restart components so that
4 | configuration updates can take effect or perhaps the node itself should be restarted. Two playbooks are provided so that
5 | you can make use of what is necessary.
6 |
7 | ## Usage
8 | To make use of this playbook it is necessary to ensure you have installed the Ansible roles that are required. Please
9 | install the Ansible roles using Ansible Galaxy as follows:
10 |
11 | cd ~/apigee-opdk-accelerator/post-installation/restart-planet
12 | ansible-galaxy install -r requirements.yml -f
13 |
14 | ## Usage: Restarting Apigee Components
15 | To restart Apigee Components, please ensure that you have installed the Ansible roles as indicated above and then
16 | follow these steps:
17 |
18 | cd ~/apigee-opdk-accelerator/post-installation/restart-planet
19 | ansible-playbook restart-apigee-components.yml
20 |
21 | ## Usage: Restarting Apigee Servers
22 | To restart server nodes that are running Apigee Components we recommend that you first stop Apigee Components and then
23 | restart the servers. This can be accomplished as indicated below. Please ensure that you have installed the Ansible
24 | roles as indicated above and then follow these steps:
25 |
26 | cd ~/apigee-opdk-accelerator/post-installation/restart-planet
27 | ansible-playbook restart-apigee-servers.yml
28 |
29 |
--------------------------------------------------------------------------------
/post-installation/restart-planet/requirements.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | - src: https://github.com/carlosfrias/apigee-opdk-modules.git
4 |
5 | - src: https://github.com/carlosfrias/apigee-opdk-start-components.git
6 |
7 | - src: https://github.com/carlosfrias/apigee-opdk-stop-components.git
8 |
9 | - src: https://github.com/carlosfrias/apigee-server-restart.git
10 |
--------------------------------------------------------------------------------
/post-installation/restart-planet/restart-apigee-components.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Restart of Apigee Planet Components
3 | hosts: ds,ms,rmp,qpid,pg
4 | serial: 1
5 | strategy: free
6 | tags: ['restart', 'start']
7 | vars:
8 | property_folders:
9 | - "~/.apigee-secure"
10 | - "~/.apigee"
11 | roles:
12 | - { role: apigee-opdk-modules }
13 | - { role: apigee-opdk-stop-components }
14 | - { role: apigee-opdk-start-components }
15 |
16 |
--------------------------------------------------------------------------------
/post-installation/restart-planet/restart-apigee-servers.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Restart of Apigee Planet Components
3 | hosts: ds,ms,rmp,qpid,pg
4 | serial: 1
5 | strategy: free
6 | tags: ['restart', 'start']
7 | vars:
8 | property_folders:
9 | - "~/.apigee-secure"
10 | - "~/.apigee"
11 | roles:
12 | - { role: apigee-opdk-modules }
13 | - { role: apigee-opdk-stop-components }
14 | - { role: apigee-server-restart }
15 | - { role: apigee-opdk-start-components }
16 |
17 |
--------------------------------------------------------------------------------
/post-installation/teams/enable-teams-on-org.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Enable Teams on an org
3 | hosts: ms
4 | gather_facts: no
5 | vars:
6 | property_folders:
7 | - "~/.apigee-secure"
8 | - "~/.apigee"
9 | roles:
10 | - { role: apigee-opdk-modules }
11 | - { role: apigee-opdk-settings-private-address, tags: ['minimum', 'cache', 'ds', 'ms', 'rmp', 'r', 'mp', 'qpid', 'pg', 'pgmaster', 'pgstandby', 'org', 'validate', 'validate-cleanup'] }
12 | - { role: apigee-opdk-settings-management-server, tags: ['minimum', 'cache', 'ds', 'ms', 'rmp', 'r', 'mp', 'qpid', 'pg', 'pgmaster', 'pgstandby', 'org', 'validate', 'validate-cleanup'] }
13 |
14 | tasks:
15 | - name: Enable teams on org
16 | uri:
17 | url: "http://{{ local_mgmt_ip }}:{{ ms_port }}/v1/o/{{ org_name }}"
18 | method: "POST"
19 | user: "{{ opdk_user_email }}"
20 | password: "{{ opdk_user_pass }}"
21 | force_basic_auth: "yes"
22 | body_format: "json"
23 | body:
24 | name: "{{ org_name }}"
25 | properties:
26 | property:
27 | - name: features.isTeamsEnabled
28 | value: true
29 |
30 |
--------------------------------------------------------------------------------
/post-installation/unlock-edge-user-account/apigee-openldap.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Unlock user
3 | hosts: ms
4 | gather_facts: no
5 | tags: ['unlock-user']
6 | vars:
7 | attribute_folders:
8 | - "~/.apigee-secure"
9 | roles:
10 | - apigee-opdk-modules
11 | tasks:
12 | - name: Unlock user
13 | uri:
14 | url: "http://{{ inventory_hostname }}:8080//v1/users/{{ userEmail }}/status?action=unlock"
15 | method: POST
16 | user: "{{ opdk_user_email }}"
17 | password: "{{ opdk_user_pass }}"
18 |
--------------------------------------------------------------------------------
/post-installation/update-analytics-scope/requirements.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - src: https://github.com/carlosfrias/apigee-opdk-setup-scopes-add.git
3 | - src: https://github.com/carlosfrias/apigee-opdk-modules.git
4 |
--------------------------------------------------------------------------------
/post-installation/update-analytics-scope/update.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Update scopes settings
3 | hosts: ms[0]
4 | gather_facts: no
5 | vars:
6 | property_folders:
7 | - "~/.apigee-secure"
8 | - "~/.apigee"
9 | ax_group: "axgroup001"
10 | org_name: opdk
11 | env_name: test
12 | roles:
13 | - apigee-opdk-setup-scopes-add
14 |
--------------------------------------------------------------------------------
/post-installation/update-customer-properties/requirements.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - src: https://github.com/carlosfrias/apigee-opdk-cwc-update.git
3 |
--------------------------------------------------------------------------------
/post-installation/update-customer-properties/update.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Update Customer Application Properties using Code with Config
3 | hosts: "{{ target_hosts }}"
4 | vars:
5 | cwc_properties:
6 | - { key: 'conf_http_HTTPClient.use.proxy', value: 'true', file_name: 'message-processor' }
7 | - { key: 'conf_http_HTTPClient.use.tunneling', value: 'false', file_name: 'message-processor' }
8 | - { key: 'conf/http.properties+HTTPClient.proxy.type', value: 'HTTP', file_name: 'message-processor' }
9 | - { key: 'conf/http.properties+HTTPClient.proxy.host', value: '{{ yum_proxy }}', file_name: 'message-processor' }
10 | - { key: 'conf/http.properties+HTTPClient.proxy.port', value: '{{ yum_proxy_port }}', file_name: 'message-processor' }
11 | - { key: 'conf/http.properties+HTTPClient.proxy.user', value: '{{ yum_proxy_username }}', file_name: 'message-processor' }
12 | - { key: 'conf/http.properties+HTTPClient.proxy.password', value: '{{ yum_proxy_password }}', file_name: 'message-processor' }
13 | property_folders:
14 | - "~/.apigee-secure"
15 | - "~/.apigee"
16 | roles:
17 | - { role: apigee-opdk-modules }
18 | - { role: apigee-opdk-cwc-update }
19 |
--------------------------------------------------------------------------------
/post-installation/upgrade/requirements.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - src: https://github.com/carlosfrias/apigee-opdk-setup-component-installer
3 |
4 | - src: https://github.com/carlosfrias/apigee-opdk-setup-component
5 |
6 | - src: https://github.com/carlosfrias/apigee-opdk-setup-default-settings
7 |
8 | - src: https://github.com/carlosfrias/apigee-fetch-files
9 |
10 | - src: https://github.com/carlosfrias/apigee-opdk-setup-status
11 |
12 | - src: https://github.com/carlosfrias/apigee-opdk-start-components
13 |
14 | - src: https://github.com/carlosfrias/apigee-opdk-stop-components
15 |
16 | - src: https://github.com/carlosfrias/apigee-opdk-backup.git
17 |
18 | - src: https://github.com/carlosfrias/apigee-opdk-restore
19 |
20 | - src: https://github.com/carlosfrias/apigee-opdk-server-self
21 |
22 | - src: https://github.com/carlosfrias/apigee-opdk-update-component
23 |
24 | - src: https://github.com/carlosfrias/apigee-opdk-update-component-inplace
25 |
26 | - src: https://github.com/carlosfrias/apigee-opdk-setup-bootstrap
27 |
28 | - src: https://github.com/carlosfrias/apigee-opdk-iptables-flush
29 |
30 | - src: https://github.com/carlosfrias/apigee-opdk-iptables-port-block
31 |
32 | - src: https://github.com/carlosfrias/apigee-opdk-cache-update.git
33 |
34 | - src: https://github.com/carlosfrias/apigee-opdk-setup-java-home.git
35 |
36 | - src: https://github.com/carlosfrias/apigee-opdk-modules
37 |
38 | - src: https://github.com/carlosfrias/apigee-server-restart
39 |
40 | - src: https://github.com/carlosfrias/apigee-opdk-setup-postgres-standby
41 |
42 | - src: https://github.com/carlosfrias/apigee-opdk-cwc-update
43 |
44 | - src: https://github.com/carlosfrias/apigee-opdk-setup-postgres-db-upgrade
45 |
46 | - src: https://github.com/carlosfrias/apigee-opdk-setup-silent-installation-config
47 |
48 | - src: https://github.com/carlosfrias/apigee-opdk-setup-bootstrap-rollback
49 |
50 | - src: https://github.com/carlosfrias/apigee-opdk-setup-postgres-master
51 |
52 | - src: https://github.com/carlosfrias/apigee-opdk-setup-postgres-standby
53 |
54 | - src: https://github.com/carlosfrias/apigee-opdk-setup-apigee-user
55 |
56 | - src: https://github.com/carlosfrias/apigee-opdk-setup-license
57 |
58 | - src: https://github.com/carlosfrias/apigee-opdk-setup-apigee-user-ownership.git
59 |
60 | - src: https://github.com/carlosfrias/apigee-opdk-setup-postgres-config.git
61 |
62 | - src: https://github.com/carlosfrias/apigee-opdk-update-component-inplace.git
63 |
64 | - src: https://github.com/carlosfrias/apigee-opdk-setup-target-links.git
65 |
66 | - src: https://github.com/carlosfrias/apigee-opdk-update-component-qpidd.git
67 |
68 | - src: https://github.com/carlosfrias/apigee-opdk-settings-ldap.git
69 |
70 | - src: https://github.com/carlosfrias/apigee-opdk-settings-management-server.git
71 |
72 | - src: https://github.com/carlosfrias/apigee-opdk-settings-postgres.git
73 |
74 | - src: https://github.com/carlosfrias/apigee-opdk-settings-private-address.git
75 |
76 | - src: https://github.com/carlosfrias/apigee-opdk-settings-cassandra.git
77 |
78 | - src: https://github.com/carlosfrias/apigee-opdk-settings-region.git
79 |
80 | - src: https://github.com/carlosfrias/apigee-opdk-setup-bootstrap-archive-installer.git
81 |
82 | - src: https://github.com/carlosfrias/apigee-opdk-setup-validate.git
83 |
84 | - src: https://github.com/carlosfrias/apigee-opdk-setup-validate-cleanup.git
85 |
86 | - src: https://github.com/carlosfrias/apigee-opdk-setup-openjdk.git
87 |
88 | - src: https://github.com/carlosfrias/apigee-opdk-settings-qpid.git
89 |
90 |
91 |
92 |
--------------------------------------------------------------------------------
/post-installation/validations/README.md:
--------------------------------------------------------------------------------
1 | # Validations Folder
2 |
3 | This folder contains Ansible playbooks that will execute validations to determine the status of
4 | used on the Apigee Edge platform.
5 |
6 | The available Apigee validations are:
7 |
8 | | Component Name | Description |
9 | |--- | --- |
10 | | [analytics](analytics) | Validate analytics configuration. |
11 | | [cassandra](cassandra) | Vallidate cassandra ring. |
12 | | [ldap](ldap) | Validate ldap configuration. |
13 | | [zookeeper](zookeeper) | Validate zookeeper configuration. |
14 |
15 |
--------------------------------------------------------------------------------
/post-installation/validations/analytics/README.md:
--------------------------------------------------------------------------------
1 | # Analtics Validation
2 | This playbook will provide output of Analytics Validation evaluations.
3 |
4 | ## Usage:
5 | This is an Ansible script and require Ansible. Please follow the usage instructions below:
6 |
7 | ansible-galaxy install -r requirements -f
8 | ansible-playbook validate -e target_hosts=
9 |
--------------------------------------------------------------------------------
/post-installation/validations/analytics/requirements.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - src: https://github.com/carlosfrias/apigee-opdk-setup-scopes-state.git
3 |
4 | - src: https://github.com/carlosfrias/apigee-opdk-server-self.git
5 |
6 | - src: https://github.com/carlosfrias/apigee-opdk-server-registration-state.git
7 |
8 | - src: https://github.com/carlosfrias/apigee-opdk-modules.git
9 |
--------------------------------------------------------------------------------
/post-installation/validations/analytics/validate.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Apigee Postgres Master Check
3 | hosts: pgmaster
4 | gather_facts: no
5 | tags: ['check-master','replication']
6 | vars:
7 | apigee_secure_folder: "~/.apigee-secure"
8 | vars_files:
9 | - "{{ apigee_secure_folder }}/credentials.yml"
10 | tasks:
11 | - name: Display Postgres Master Status Check
12 | shell: "{{ apigee_service }} apigee-postgresql postgres-check-master"
13 |
14 | - name: Apigee Postgres Standby Check
15 | hosts: pgstandby
16 | gather_facts: no
17 | tags: ['check-standby','replication']
18 | vars:
19 | apigee_secure_folder: "~/.apigee-secure"
20 | vars_files:
21 | - "{{ apigee_secure_folder }}/credentials.yml"
22 | tasks:
23 | - name: Display Postgres Standby Status Check
24 | shell: "{{ apigee_service }} apigee-postgresql postgres-check-standby"
25 |
26 | - name: Apigee Postgres Self report
27 | hosts: pg
28 | gather_facts: no
29 | tags: ['self']
30 | serial: 1
31 | vars:
32 | property_folders:
33 | - "~/.apigee-secure"
34 | - "~/.apigee"
35 | roles:
36 | - { role: apigee-opdk-modules }
37 | - { role: apigee-opdk-server-self, server_types: ['ps'], tags: ['self'] }
38 |
39 | - name: Apigee Postgres Registration Status
40 | hosts: pg
41 | gather_facts: no
42 | tags: ['registration']
43 |
44 | vars:
45 | property_folders:
46 | - "~/.apigee-secure"
47 | - "~/.apigee"
48 | roles:
49 | - { role: apigee-opdk-modules }
50 | - { role: apigee-opdk-server-self, server_types: ['ps'], tags: ['self'] }
51 | - { role: apigee-opdk-server-registration-state, username: "{{ opdk_user_email }}", password: "{{ opdk_user_pass }}", server_self: "{{ edge_ps_self }}", mgmt_server_ip: "{{ local_mgmt_ip }}" }
52 |
53 | - name: Apigee Analytics group scope state
54 | hosts: ms[0]
55 | gather_facts: no
56 | tags: ['scope']
57 |
58 | vars:
59 | property_folders:
60 | - "~/.apigee-secure"
61 | - "~/.apigee"
62 | roles:
63 | - { role: apigee-opdk-modules }
64 | - { role: apigee-opdk-setup-scopes-state, ax_group: "{{ scopes_axgroup | default('axgroup001') }}" }
65 |
66 | - name: Analytics status
67 | hosts: ms[0]
68 | gather_facts: no
69 | tags: ['axstatus']
70 |
71 | vars:
72 | property_folders:
73 | - "~/.apigee-secure"
74 | - "~/.apigee"
75 | roles:
76 | - { role: apigee-opdk-modules }
77 | tasks:
78 | - name: List org and env provisioning axstatus
79 | uri:
80 | url: "http://127.0.0.1:8080/v1/organizations/{{ org_name }}/environments/{{ env_name }}/provisioning/axstatus"
81 | user: "{{ opdk_user_email }}"
82 | password: "{{ opdk_user_pass }}"
83 |
84 | - name: Analytics groups
85 | hosts: ms[0]
86 | gather_facts: no
87 | tags: ['axgroups']
88 |
89 | vars:
90 | property_folders:
91 | - "~/.apigee-secure"
92 | - "~/.apigee"
93 | roles:
94 | - { role: apigee-opdk-modules }
95 | tasks:
96 | - name: List analytics groups
97 | uri:
98 | url: "http://127.0.0.1:8080/v1/analytics/groups/ax"
99 | user: "{{ opdk_user_email }}"
100 | password: "{{ opdk_user_pass }}"
101 |
102 | - name: Describe analytics fact table
103 | hosts: pgmaster
104 | gather_facts: no
105 | tags: ['axtables']
106 |
107 | vars:
108 | property_folders:
109 | - "~/.apigee-secure"
110 | - "~/.apigee"
111 | roles:
112 | - { role: apigee-opdk-modules }
113 | tasks:
114 | - name: Describe postgres analytics table
115 | shell: /usr/bin/psql -h {{ apigee_home }}/var/run/apigee-postgresql -U {{ pg_user }} -d apigee -w -c '\d analytics."{{ org_name }}.{{ env_name }}.fact"'
116 |
--------------------------------------------------------------------------------
/post-installation/validations/cassandra/requirements.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - src: https://github.com/carlosfrias/apigee-opdk-modules.git
3 |
--------------------------------------------------------------------------------
/post-installation/validations/ldap/requirements.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - src: https://github.com/carlosfrias/apigee-opdk-modules.git
3 |
4 | - src: https://github.com/carlosfrias/apigee-opdk-port-check-settings.git
5 |
--------------------------------------------------------------------------------
/post-installation/validations/ldap/validate.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: View LDAP system user
3 | hosts: ms
4 | gather_facts: no
5 | tags: ['ldap']
6 | vars:
7 | property_folders:
8 | - "~/.apigee-secure"
9 | - "~/.apigee"
10 | roles:
11 | - apigee-opdk-modules
12 | - apigee-opdk-port-check-settings
13 |
14 | tasks:
15 | - name: Show LDAP system user
16 | shell: "ldapsearch -D 'cn=manager,dc=apigee,dc=com' -b 'dc=apigee,dc=com' -LLL -h {{ ansible_ssh_host }} -p {{ ldap_ports[0] }} -w {{ opdk_ldap_pass }}"
17 |
18 | - name: List Users
19 | hosts: ms
20 | gather_facts: no
21 | tags: ['users']
22 | vars:
23 | property_folders:
24 | - "~/.apigee-secure"
25 | - "~/.apigee"
26 | roles:
27 | - apigee-opdk-modules
28 | - apigee-opdk-port-check-settings
29 |
30 | tasks:
31 | - name: List users
32 | uri:
33 | url: "http://127.0.0.1:{{ ms_ports[0] }}/v1/users"
34 | user: "{{ opdk_user_email }}"
35 | password: "{{ opdk_user_pass }}"
36 |
37 | #- name: LDAP TLS check
38 | # hosts: ms
39 | # gather_facts: no
40 | # tags: ['tls']
41 | # vars:
42 | # property_folders:
43 | # - "~/.apigee-secure"
44 | # - "~/.apigee"
45 | # roles:
46 | # - apigee-opdk-modules
47 | # - apigee-opdk-port-check-settings
48 | # tasks:
49 | # - name: LDAP TLS check
50 | # shell: "ldapsearch -x -d 1 -p {{ ldap_ports[0] }} -h {{ ansible_ssh_host }} -w {{ opdk_ldap_pass }}"
51 |
52 |
--------------------------------------------------------------------------------
/post-installation/validations/qpid/validate.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Qpid stats
3 | hosts: qpid
4 | gather_facts: no
5 | tags: ['stats']
6 | serial: 1
7 | vars:
8 | # Qpid stat tool
9 | qpid_stat: '{{ apigee_home }}/apigee-qpidd/bin/qpid-stat'
10 |
11 | tasks:
12 | - name: Gather qpid stats
13 | shell: "{{ qpid_stat }} -g"
14 | register: results
15 |
16 | - name: Qpid queue depth
17 | hosts: qpid
18 | gather_facts: no
19 | tags: ['depth']
20 | serial: 1
21 | vars:
22 | # Qpid queue depth
23 | check_queue_depth: '{{ apigee_home }}/apigee-qpidd/bin/check_queue_depth.py'
24 |
25 | tasks:
26 | - name: Gather qpid queue depth
27 | shell: "{{ check_queue_depth }}"
28 | register: results
29 |
--------------------------------------------------------------------------------
/post-installation/validations/rmp/requirements.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | - src: https://github.com/carlosfrias/apigee-opdk-setup-validate.git
4 |
5 | - src: https://github.com/carlosfrias/apigee-opdk-setup-validate-cleanup.git
6 |
7 | - src: https://github.com/carlosfrias/apigee-opdk-modules.git
8 |
9 | - src: https://github.com/carlosfrias/apigee-opdk-start-components.git
10 |
11 | - src: https://github.com/carlosfrias/apigee-opdk-stop-components.git
12 |
13 | - src: https://github.com/carlosfrias/apigee-opdk-settings-private-address.git
14 |
15 | - src: https://github.com/carlosfrias/apigee-opdk-settings-region.git
16 |
17 | - src: https://github.com/carlosfrias/apigee-opdk-settings-management-server.git
18 |
--------------------------------------------------------------------------------
/post-installation/validations/rmp/validate.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Update Cache for validate config file generation
3 | hosts: planet
4 | tags: ['setup', 'cleanup']
5 | vars:
6 | property_folders:
7 | - "~/.apigee-secure"
8 | - "~/.apigee"
9 | roles:
10 | - { role: apigee-opdk-modules }
11 | - { role: apigee-opdk-settings-private-address }
12 | - { role: apigee-opdk-settings-management-server }
13 | - { role: apigee-opdk-settings-region }
14 |
15 | - name: Validate Routers & Message Processors
16 | hosts: rmp,r
17 | tags: ['setup']
18 | serial: 1
19 | vars:
20 | property_folders:
21 | - "~/.apigee-secure"
22 | - "~/.apigee"
23 | roles:
24 | - { role: apigee-opdk-modules }
25 | - { role: apigee-opdk-settings-private-address }
26 | - { role: apigee-opdk-settings-management-server }
27 | - { role: apigee-opdk-settings-region }
28 | - { role: apigee-opdk-setup-validate }
29 |
30 | - name: Cleanup Validate Routers & Message Processors
31 | hosts: rmp,r
32 | tags: ['cleanup']
33 | serial: 1
34 | vars:
35 | property_folders:
36 | - "~/.apigee-secure"
37 | - "~/.apigee"
38 | roles:
39 | - { role: apigee-opdk-modules }
40 | - { role: apigee-opdk-settings-private-address }
41 | - { role: apigee-opdk-settings-management-server }
42 | - { role: apigee-opdk-settings-region }
43 | - { role: apigee-opdk-setup-validate-cleanup}
44 |
--------------------------------------------------------------------------------
/post-installation/validations/zookeeper/validate.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Apigee Zookeeper Leader
3 | hosts: ds
4 | gather_facts: no
5 | tags: ['leader']
6 | serial: 1
7 | tasks:
8 | - name: Display Zookeeper Leadership
9 | shell: "echo srvr | nc localhost 2181 | grep Mode:"
10 | register: result
11 |
12 | - name: Apigee Zookeeper Status
13 | hosts: ds
14 | gather_facts: no
15 | tags: ['status']
16 | serial: 1
17 | tasks:
18 | - name: Display Zookeeper Leadership
19 | shell: "echo srvr | nc localhost 2181"
20 | register: result
21 |
22 |
23 |
--------------------------------------------------------------------------------
/post-installation/zookeeper/collect.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: This playbook collects diagnostic information for Zookeeper
3 | hosts: ds
4 | gather_facts: no
5 |
6 | tasks:
7 | - name: Collect Zookeeper zk-tree.sh
8 | command: "zk-tree.sh"
9 | args:
10 | chdir: "{{ apigee_home }}/apigee-zookeeper/contrib"
11 | register: zk_tree
12 |
13 | - name: Download Zookeeper Tree
14 | copy:
15 | content: "{{ zk_tree }}"
16 | dest: "{{ target_logs_folder }}"
17 |
--------------------------------------------------------------------------------
/setup/README.md:
--------------------------------------------------------------------------------
1 | # Setup Apigee OPDK Ansible Configuration Accelerator
2 |
3 | ## Introduction
4 | An Ansible controller is used to run Ansible playbooks. This repository contains playbooks that
5 | configure an Ansible controller. The role [Apigee OPDK Setup Ansible Controller](https://github.com/carlosfrias/apigee-opdk-setup-ansible-controller)
6 | is used to configure an Ansible Controller and should be consulted for additional details. This
7 | setup provides you with a common configuration convention that simplifies managing either one planet
8 | or several planets of any size.
9 |
10 | ## Assumptions
11 | * Ansible version 2.7.7.
12 | * Ansible is installed on the server set aside as an Ansible Controller.
13 | * The `setup.yml` playbook uses the [Apigee OPDK Setup Ansible Controller](https://github.com/carlosfrias/apigee-opdk-setup-ansible-controller)
14 | role to configure an Ansible controller to use the framework. The `setup.yml` assumes that the you
15 | are configuring the localhost.
16 | * Same setup for either a single planet or multiple planets.
17 | * The user home will be used to create the folders `~/.ansible`, `~/.apigee`, `~/.apigee-secure`,
18 | and `~/.apigee-workspace`.
19 | * The folder `~/.apigee-workspace` will be used to contain playbooks. Use
20 | `git clone https://github.com/carlosfrias/apigee-opdk-playbook-installation-single-region.git`to get
21 | started.
22 | * `ssh` access is working to target servers that will be a part of the Apigee planet.
23 |
24 | ### Configure SSH Access for your Nodes
25 | A helper playbook is provided for the common task of configuring SSH access to enable the use of
26 | SSH keys for greater security. Please see
27 | [Configure SSH Login ](../infrastructure/configure-ssh-login)
28 | for details.
29 |
30 | ### Backup an Ansible Control Server
31 | A helper playbook is provided for the common task of backing up the configurations managed by the
32 | Ansible control to another file system location. Please see
33 | [Ansible Control Server Backup](../infrastructure/backup-ansible-controller) for details.
34 |
35 | # Usage Instructions
36 | ## Terminal Window
37 | These scripts can be run from a terminal window. Please open your terminal and navigate to the folder
38 | containing the Ansible OPDK Accelerator. This can be accomplished as follows:
39 |
40 | cd ~/apigee-opdk-accelerator
41 |
42 | ## Refresh Local Repository
43 | It may be necessary to update the local repository if it has been some time since the last update.
44 | This can be accomplished as follows:
45 |
46 | cd ~/apigee-opdk-accelerator
47 | git pull origin master
48 |
49 | ## Change Directory to the setup folder
50 | Open the terminal and change directory to the setup folder:
51 |
52 | cd ~/apigee-opdk-accelerator/setup
53 |
54 | ## Download Dependencies
55 | Use `ansible-galaxy` to download dependencies in the following way:
56 |
57 | # Download the required roles to setup the Ansible controller
58 | ansible-galaxy install -r requirements.yml -f
59 |
60 | ## Setup an Ansible Control Server on localhost
61 |
62 | `setup.yml` will configure the localhost as an Ansible control server. This tasks assume that the user has sudo privilege
63 | with no password prompt. Please invoke `setup.yml` in the following way:
64 |
65 | # Setup the Ansible controller
66 | ansible-playbook setup.yml
67 |
68 | If this task fails due to sudo privilege, please re-invoke the script and pass the sudo flag in the following way:
69 |
70 | ansible-playbook setup.yml -K
71 |
72 |
73 | ## Next Steps
74 |
75 | Please continue with the [next steps](../README.md#usage-overview) in the process.
76 |
--------------------------------------------------------------------------------
/setup/ansible.cfg:
--------------------------------------------------------------------------------
1 | [defaults]
2 | # inventory = inventory
3 | roles_path = roles
4 | private_key_file = ~/.ssh/id_rsa
5 | merge_multiple_cli_tags=True
6 | display_args_to_stdout = True
7 | timeout = 60
8 | host_key_checking = False
9 | forks = 10
10 | retry_files_enabled = False
11 | ansible_shell_type=sh
12 | module_name = shell
13 |
14 | [ssh_connection]
15 | #ssh_args = -o ControlMaster=auto -o ControlPersist=7200s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -q
16 | ssh_args = -q
17 | control_path=%(directory)s/ansible-ssh-%%h-%%p-%%r
18 |
--------------------------------------------------------------------------------
/setup/archive/README-CONTROL-SERVER-SYSTEM-PACKAGES.md:
--------------------------------------------------------------------------------
1 | # Control Server System Packages
2 | Required system packages can be installed with
3 |
4 | ansible-playbook install-system-packages.yml -K
5 |
--------------------------------------------------------------------------------
/setup/archive/README-CUSTOM-PROPERTIES.md:
--------------------------------------------------------------------------------
1 | # Custom Properties
2 | This installation framework has been parameterized. This means that
3 | properties or variables can be passed to modify the output. These
4 | additional properties are set to sensible defaults within the framework
5 | but are available for customization. These properties can be set in the
6 | `custom-properties.yml`.
7 |
--------------------------------------------------------------------------------
/setup/archive/README-CYGWIN.md:
--------------------------------------------------------------------------------
1 | # Setting Up Ansible with Cygwin
2 |
3 | Running Ansible commands from within Windows is unsupported at the time
4 | of this writing. However, windows users can setup Ansible with Cygwin.
5 |
6 | # Installation Steps
7 | Here are steps to getting Ansible (and it's related commands, like
8 | ansible-playbook) running on Windows:
9 | Download and install [Cygwin](http://cygwin.com/install.html), with at
10 | least the following packages selected (you can select the packages
11 | during the install process):
12 |
13 | * curl
14 | * python (2.7.x)
15 | * python-jinja
16 | * python-crypto
17 | * python-openssl
18 | * python-setuptools
19 | * git
20 | * vim
21 | * openssh
22 | * openssl
23 | * openssl-devel
24 | * wget
25 | * gcc-core
26 | * gcc-g++
27 | * python2-devel
28 | * python2-cython
29 | * make
30 | * libffi-devel
31 |
32 | # Working Behind a Proxy
33 | If you are working behind a proxy (as is the case in many corporate
34 | networks), edit the .bash_profile used by Cygwin either using vim (open
35 | Cygwin and enter vim .bash_profile), or with whatever editor you'd like,
36 | and add in lines like the following:
37 |
38 | export http_proxy=http://username:password@proxy-address-here:80/
39 | export https_proxy=https://username:password@proxy-address-here:80/
40 |
41 | # Download and Install PyYAML and Jinja2 Separately
42 | Download and install separately PyYAML and Jinja2 separately, as they're
43 | not available via Cygwin's installer:
44 |
45 | ## Open Cygwin
46 |
47 | #### Download PyYAML
48 |
49 | curl -O https://pypi.python.org/packages/source/P/PyYAML/PyYAML-3.10.tar.gz
50 |
51 | #### Download Jinja2
52 |
53 | curl -O https://pypi.python.org/packages/source/J/Jinja2/Jinja2-2.6.tar.gz
54 |
55 | #### Untar both downloads
56 |
57 | tar -xvf PyYAML-3.10.tar.gz && tar -xvf Jinja2-2.6.tar.gz
58 |
59 | ### Change directory into each of the expanded folders and run `python setup.py install` to install each package.
60 |
61 | ### Generate an SSH key for use later: `ssh-keygen` then hit enter to skip adding a password until you get back to the command prompt.
62 |
63 | ### Clone ansible from its repository on GitHub:
64 |
65 | git clone https://github.com/ansible/ansible /opt/ansible
66 |
67 | ### Add the following lines into your Cygwin .bash_profile after the proxy settings you added previously:
68 |
69 | # Ansible Settings
70 | ANSIBLE=/opt/ansible
71 | export PATH=$PATH:$ANSIBLE/bin
72 | export PYTHONPATH=$ANSBILE/lib
73 | export ANSIBLE_LIBRARY=$ANSIBLE/library
74 |
75 | ### Restart Cygwin and verify that `ansible --version` displays the ansible version.
76 |
77 | # Configuring Pip on Cygwin
78 | Pip does not work by default on Cygwin. Please follow these steps to enable pip:
79 |
80 | python -m ensure pip
81 |
82 |
83 | # Reference
84 | [Running Ansible within Windows](https://www.jeffgeerling.com/blog/running-ansible-within-windows)
--------------------------------------------------------------------------------
/setup/archive/README-EC2.md:
--------------------------------------------------------------------------------
1 | # Overview: EC2 Managed Setup
2 | The minimum setup must be completed prior to configuring the EC2 managed
3 | setup. The EC2 managed setup will update perform the following
4 | activities:
5 | * Update ~/.bashrc to export AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY
6 | values you provide.
7 | * Update ~/.bashrc to export EC2_INI_PATH.
8 | * Create a template .boto file and place it your home directory
9 | * Create a template ec2.ini and place it in your ~/.ansible folders
10 | * Provide a copy of the ec2.py script that must be included with any AWS
11 | managed inventory file.
12 |
13 | # Usage: Setup for EC2 Managed Images
14 | Please follow the usage instructions:
15 |
16 | ansible-playbook setup-ec2.yml \
17 | -e secure_aws_region={{ secure_aws_region }} \
18 | -e aws_access_key_id={{ aws_access_key_id }} \
19 | -e aws_secret_access_key={{ aws_secret_access_key }}
20 |
21 | ## Variables Used
22 |
23 | Variable Name | Description |
24 | --- | --- |
25 | secure_aws_region | Please provide your ec2_region. |
26 | aws_access_key_id | Please provide your AWS Access Key ID. |
27 | aws_secret_access_key | Please provide your AWS Secret Access Key. |
28 |
29 |
--------------------------------------------------------------------------------
/setup/archive/README.md:
--------------------------------------------------------------------------------
1 | # Apigee OPDK Ansible Configuration Accelerator
2 | The purpose of this project is to quickly configure an Ansible controller. This is used to configure
3 | a controller to manage a single planet or multiple planets. This is the entry point to understand
4 | how to make your license material available as well as how to customize installation, configuration
5 | or maintenance options.
6 |
7 | ## Usage Instructions
8 |
9 | ### Setup or Backup an Ansible Controller
10 | Playbook and usage instructions and information is available at
11 | [setup-ansible-controller](../README.md)
12 |
13 |
14 | ### Configure SSH User Logins
15 | Playbook and usage instructions and information is available at
16 | [configure-ssh-login](../../infrastructure/configure-ssh-login/README.md). `root` user configuration option is provided.
17 |
18 |
19 | # How to Contribute
20 |
21 | We'd love to accept your patches and contributions to this project. Please review our [guidelines](../CONTRIBUTING.md).
22 |
23 |
24 |
25 | # Not Google Product Clause
26 |
27 | This is not an officially supported Google product.
28 |
29 |
--------------------------------------------------------------------------------
/setup/archive/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/apigee/ansible-opdk-accelerator/20c53c951cb598d198309f340b30863a6d1af235/setup/archive/__init__.py
--------------------------------------------------------------------------------
/setup/archive/ansible-pip-requirements.txt:
--------------------------------------------------------------------------------
1 | ansible>=2.6.18
2 | boto
3 | markupsafe
4 | paramiko
5 | apache-libcloud
6 |
7 |
--------------------------------------------------------------------------------
/setup/archive/control-server.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - hosts: '{{ hosts }}'
3 | become: yes
4 | vars_files:
5 | - custom-properties.yml
6 | tasks:
7 | - name: Install system packages
8 | yum :
9 | name: "{{ item }}"
10 | state: present
11 | with_items:
12 | - gcc
13 |
14 | - name: Create pip config folder
15 | file:
16 | path: "{{ pip_conf_dir }}"
17 | state: directory
18 |
19 | - name: Configure pip
20 | template:
21 | src: resources/pip.conf.j2
22 | dest: "{{ pip_conf_dir }}/pip.conf"
23 | when: pip_conf_dir is defined and pip_index_url is defined
24 |
25 | - name: Install pip packages
26 | pip:
27 | name: '{{ item }}'
28 | state: latest
29 | register: result
30 | with_items:
31 | - pip
32 | - ansible
33 |
--------------------------------------------------------------------------------
/setup/archive/install-system-packages.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - hosts: localhost
3 | connection: local
4 | become: yes
5 | vars:
6 | os_packages:
7 | - git
8 | - tree
9 | pip_packages:
10 | - boto
11 | tasks:
12 | - name: Yum packages
13 | yum:
14 | name: '{{ item }}'
15 | state: present
16 | with_items: '{{ os_packages }}'
17 | when: ansible_pkg_mgr | lower == 'yum'
18 |
19 | - name: Debian packages
20 | apt:
21 | name: '{{ item }}'
22 | state: present
23 | with_items: '{{ os_packages }}'
24 | when: ansible_pkg_mgr | lower == 'apt'
25 |
26 | - name: Pip packages
27 | pip:
28 | name: '{{ item }}'
29 | state: present
30 | with_items: '{{ pip_packages }}'
31 |
--------------------------------------------------------------------------------
/setup/archive/library/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/apigee/ansible-opdk-accelerator/20c53c951cb598d198309f340b30863a6d1af235/setup/archive/library/__init__.py
--------------------------------------------------------------------------------
/setup/archive/library/cache.py:
--------------------------------------------------------------------------------
1 | # Copyright 2018 Google LLC
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # https://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | from ansible.module_utils.basic import *
16 |
17 | def main():
18 | module = AnsibleModule(
19 | argument_spec=dict(
20 | key=dict(required=True, type='str'),
21 | value=dict(required=False, type='str')
22 | )
23 | )
24 | kv = {module.params['key']: module.params['value']}
25 | module.exit_json(
26 | changed=True,
27 | ansible_facts=kv
28 | )
29 |
30 | if __name__ == '__main__':
31 | main()
32 |
--------------------------------------------------------------------------------
/setup/archive/library/opdk_server_self.py:
--------------------------------------------------------------------------------
1 | # Copyright 2018 Google LLC
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # https://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | import requests
16 | from requests.exceptions import RequestException
17 | from requests.auth import HTTPBasicAuth
18 | from ansible.module_utils.basic import *
19 |
20 | BASE_SERVER_URL = 'http://localhost'
21 | SERVER_SELF_URI = '/v1/servers/self'
22 | SERVER_PORTS = {'ms': '8080',
23 | 'router': '8081',
24 | 'r': '8081',
25 | 'mp': '8082',
26 | 'rmp': '8082',
27 | 'qs': '8083',
28 | 'ps': '8084'}
29 |
30 |
31 | def get_server_self(server_type, username, password):
32 | auth = HTTPBasicAuth(username, password)
33 | url = BASE_SERVER_URL + ':' + SERVER_PORTS[server_type] + SERVER_SELF_URI
34 | resp = requests.get(url, auth=auth)
35 | return resp
36 |
37 |
38 | def map_server_self(server_self):
39 | reported = server_self.json()
40 | for p in reported['tags']['property']:
41 | name = p['name']
42 | value = p['value']
43 | reported[name] = value
44 | del reported['tags']
45 | return reported
46 |
47 |
48 | def main():
49 | module = AnsibleModule(
50 | argument_spec=dict(
51 | username=dict(required=True, type='str', no_log=True),
52 | password=dict(required=True, type='str', no_log=True),
53 | server_type=dict(required=True, type='str', choices=['ms', 'router', 'r', 'mp', 'qs', 'ps', 'rmp'])
54 | )
55 | )
56 |
57 | username = module.params['username']
58 | password = module.params['password']
59 | server_type = module.params['server_type']
60 | try:
61 | resp = get_server_self(server_type, username, password)
62 | status_code = resp.status_code
63 | except RequestException as ex:
64 | status_code = 500
65 | msg = str(ex) + " Did you run on the correct server?"
66 | print(msg)
67 |
68 | if status_code >= 200 and status_code < 300:
69 | server_self = map_server_self(resp)
70 | facts = {}
71 | facts['edge_' + server_type + '_self'] = server_self
72 | module.exit_json(
73 | changed=True,
74 | ansible_facts=facts
75 | )
76 | elif status_code > 400:
77 | err_msg = "Error status code returned: ["
78 | if 'msg' in globals():
79 | err_msg += msg
80 | module.fail_json(
81 | changed=False,
82 | msg=err_msg,
83 | status_code=status_code,
84 | )
85 |
86 |
87 | if __name__ == '__main__':
88 | main()
89 |
--------------------------------------------------------------------------------
/setup/archive/private-bitbucket-repository-create-update.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Create and update repositories in BitBucket
3 | hosts: localhost
4 | connection: local
5 | vars_files:
6 | - repository-mapping-name-folder.yml
7 | - repository-custom-properties.yml
8 | - private-repository-user-list.yml
9 | tasks:
10 | - name: Create Bitbucket repositories if necessary
11 | uri:
12 | url: "{{ repository_secure_endpoint_https }}"
13 | method: POST
14 | user: "{{ username }}"
15 | password: "{{ password }}"
16 | force_basic_auth: yes
17 | status_code: 201,409
18 | body_format: json
19 | body:
20 | name: "{{ item.repo_name }}"
21 | scmId: git
22 | forkable: True
23 | with_items:
24 | - "{{ config_repos }}"
25 | - "{{ playbook_repos }}"
26 | - "{{ role_repos }}"
27 |
28 | - name: Add permissions to Bitbucket repositories
29 | uri:
30 | url: "{{ repository_secure_endpoint_https }}/permissions/users?name={{ item }}&permission=PROJECT_ADMIN"
31 | method: PUT
32 | user: "{{ username }}"
33 | password: "{{ password }}"
34 | force_basic_auth: yes
35 | status_code: 204,409
36 | with_items: "{{ repo_users }}"
37 |
38 | - name: Add second git host as remote repo
39 | ignore_errors: true
40 | shell: "git remote add target {{ repository_secure_endpoint_ssh }}/{{ item.repo_name }}.git"
41 | args:
42 | chdir: "{{ item.workspace }}/{{ item.repo_name }}"
43 | with_items: "{{ repo_names }}"
44 |
45 | - name: Pull from second git host if the repo is already there
46 | ignore_errors: yes
47 | shell: "git pull target master"
48 | args:
49 | chdir: "{{ item.workspace }}/{{ item.repo_name }}"
50 | with_items: "{{ repo_names }}"
51 |
52 | - name: Commit updated repos to second git host
53 | shell: "git checkout master && git push -u target master"
54 | args:
55 | chdir: "{{ item.workspace }}/{{ item.repo_name }}"
56 | with_items: "{{ repo_names }}"
57 |
--------------------------------------------------------------------------------
/setup/archive/private-bitbucket-repository-remove.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Create repositories in BitBucket
3 | hosts: localhost
4 | connection: local
5 | vars_files:
6 | - repository-custom-properties.yml
7 | tasks:
8 | - name: Remove repo
9 | uri:
10 | url: "{{ repository_api_endpoint }}/repos/delete_test_repo"
11 | method: DELETE
12 | user: "{{ username }}"
13 | password: "{{ password }}"
14 | status_code: 202,204
15 | force_basic_auth: yes
16 |
--------------------------------------------------------------------------------
/setup/archive/private-github-repository-create-update.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Create and update repositories in Gitlab
3 | hosts: localhost
4 | connection: local
5 | vars:
6 | github_endpoint_https: "https://github.com/carlosfrias"
7 |
8 | vars_files:
9 | - repository-mapping-name-folder.yml
10 | - repository-custom-properties.yml
11 | - private-repository-user-list.yml
12 | tasks:
13 | - name: Create Github.com repositories if necessary
14 | tags: ['create']
15 | register: repos
16 | uri:
17 | url: "{{ repository_secure_endpoint_https }}/users/repos"
18 | method: POST
19 | headers:
20 | PRIVATE-TOKEN: "{{ token }}"
21 | status_code: 201,400
22 | body_format: json
23 | body:
24 | name: "{{ item.repo_name }}"
25 | with_items:
26 | - "{{ config_repos }}"
27 | - "{{ playbook_repos }}"
28 | - "{{ role_repos }}"
29 |
30 | - name: Github.com checkout of configuration repositories
31 | tags: ['checkout']
32 | become: false
33 | git:
34 | repo: '{{ github_endpoint_https }}/{{ item.repo_name }}.git'
35 | dest: "{{ item.workspace }}/{{ item.repo_name }}"
36 | accept_hostkey: yes
37 | with_items:
38 | - "{{ config_repos }}"
39 | - "{{ playbook_repos }}"
40 | - "{{ role_repos }}"
41 |
42 | - name: Add second git host as remote repo
43 | tags: ['add-remote']
44 | ignore_errors: true
45 | shell: "git remote add gitlab {{ repository_secure_endpoint_ssh }}/{{ item.repo_name }}.git"
46 | args:
47 | chdir: "{{ item.workspace }}/{{ item.repo_name }}"
48 | with_items:
49 | - "{{ config_repos }}"
50 | - "{{ playbook_repos }}"
51 | - "{{ role_repos }}"
52 |
53 | - name: Pull from second git host if the repo is already there
54 | tags: ['remote-refresh']
55 | ignore_errors: yes
56 | shell: "git pull gitlab master"
57 | args:
58 | chdir: "{{ item.workspace }}/{{ item.repo_name }}"
59 | with_items:
60 | - "{{ config_repos }}"
61 | - "{{ playbook_repos }}"
62 | - "{{ role_repos }}"
63 |
64 |
65 | - name: Commit updated repos to second git host
66 | tags: ['commit']
67 | shell: "git checkout master && git push -u gitlab master"
68 | args:
69 | chdir: "{{ item.workspace }}/{{ item.repo_name }}"
70 | with_items:
71 | - "{{ config_repos }}"
72 | - "{{ playbook_repos }}"
73 | - "{{ role_repos }}"
74 |
75 |
--------------------------------------------------------------------------------
/setup/archive/private-gitlab-repository-create-update.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Create and update repositories in Gitlab
3 | hosts: localhost
4 | connection: local
5 | vars:
6 | github_endpoint_https: "https://github.com/carlosfrias"
7 |
8 | vars_files:
9 | - repository-mapping-name-folder.yml
10 | - repository-custom-properties.yml
11 | - private-repository-user-list.yml
12 | tasks:
13 | - name: Create Gitlab repositories if necessary
14 | tags: ['create']
15 | register: repos
16 | uri:
17 | url: "{{ repository_secure_endpoint_https }}/projects?name={{ item.repo_name }}"
18 | method: POST
19 | headers:
20 | PRIVATE-TOKEN: "{{ token }}"
21 | status_code: 201,400
22 | body_format: json
23 | body:
24 | namespace_id: 369
25 | with_items:
26 | - "{{ config_repos }}"
27 | - "{{ playbook_repos }}"
28 | - "{{ role_repos }}"
29 |
30 | - name: Git checkout of configuration repositories
31 | tags: ['checkout']
32 | become: false
33 | git:
34 | repo: '{{ github_endpoint_https }}/{{ item.repo_name }}.git'
35 | dest: "{{ item.workspace }}/{{ item.repo_name }}"
36 | accept_hostkey: yes
37 | with_items:
38 | - "{{ config_repos }}"
39 | - "{{ playbook_repos }}"
40 | - "{{ role_repos }}"
41 |
42 | - name: Add second git host as remote repo
43 | tags: ['add-remote']
44 | ignore_errors: true
45 | shell: "git remote add gitlab {{ repository_secure_endpoint_ssh }}/{{ item.repo_name }}.git"
46 | args:
47 | chdir: "{{ item.workspace }}/{{ item.repo_name }}"
48 | with_items:
49 | - "{{ config_repos }}"
50 | - "{{ playbook_repos }}"
51 | - "{{ role_repos }}"
52 |
53 | - name: Pull from second git host if the repo is already there
54 | tags: ['remote-refresh']
55 | ignore_errors: yes
56 | shell: "git pull gitlab master"
57 | args:
58 | chdir: "{{ item.workspace }}/{{ item.repo_name }}"
59 | with_items:
60 | - "{{ config_repos }}"
61 | - "{{ playbook_repos }}"
62 | - "{{ role_repos }}"
63 |
64 |
65 | - name: Commit updated repos to second git host
66 | tags: ['commit']
67 | shell: "git checkout master && git push -u gitlab master"
68 | args:
69 | chdir: "{{ item.workspace }}/{{ item.repo_name }}"
70 | with_items:
71 | - "{{ config_repos }}"
72 | - "{{ playbook_repos }}"
73 | - "{{ role_repos }}"
74 |
75 |
--------------------------------------------------------------------------------
/setup/archive/private-repository-user-list.yml:
--------------------------------------------------------------------------------
1 | ---
2 | repo_users:
3 | - friasca
4 |
--------------------------------------------------------------------------------
/setup/archive/repository-custom-properties.yml:
--------------------------------------------------------------------------------
1 | ---
2 | ansible_config: "~/.ansible"
3 | apigee_config: "~/.apigee"
4 | apigee_security: "~/.apigee-secure"
5 | apigee_workspace: "~/.apigee-workspace"
6 |
7 | playbook_workspace: "{{ apigee_workspace }}/playbooks"
8 | role_workspace: "{{ apigee_workspace }}/apigee-opdk-role-workspace"
9 |
10 | repository_secure_endpoint_https: "https://github.com/carlosfrias"
11 | repository_secure_endpoint_ssh: "git@github.com:carlosfrias"
12 |
13 | configuration_folders:
14 | - '{{ ansible_config }}/configurations'
15 | - '{{ ansible_config }}/inventory'
16 | - '{{ ansible_config }}/logs/'
17 | - '{{ ansible_config }}/library/'
18 | - '{{ ansible_config }}/cache/'
19 | - '{{ apigee_config }}/planet_resources'
20 | - '{{ apigee_security }}'
21 | - '{{ playbook_workspace }}'
22 | - '{{ role_workspace }}'
23 |
--------------------------------------------------------------------------------
/setup/archive/resources/ansible.cfg.j2:
--------------------------------------------------------------------------------
1 | [defaults]
2 | hostfile = {{ workspace_dir }}/inventory/
3 | fact_caching_connection = {{ workspace_dir }}/tmp/
4 | log_path = {{ workspace_dir }}/tmp/ansible-default.log
5 |
6 | remote_user = {{ username }}
7 | private_key_file = ~/.ssh/id_rsa
8 |
9 | roles_path = {{ workspace_dir }}/roles
10 | local_tmp = {{ workspace_dir }}/tmp
11 | library = {{ workspace_dir }}/library/
12 |
13 | host_key_checking = False
14 | forks = 10
15 | retry_files_enabled = False
16 |
17 | ansible_shell_type=sh
18 | gathering = smart
19 | fact_caching = jsonfile
20 | module_name = shell
21 |
22 | merge_multiple_cli_tags=True
23 | gather_subset = !ohai,!facter
24 | display_args_to_stdout = True
25 |
26 | timeout = 60
27 |
28 | [ssh_connection]
29 | pipelining = True
30 | # Sample ssh_args with extended arguments
31 | # ssh_args = -o ControlMaster=auto -o ControlPersist=7200s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -q
32 |
33 | # Plain vanilla ssh configuration
34 | ssh_args = -o ControlMaster=auto -o ControlPersist=7200s -q
35 | control_path=%(directory)s/ansible-ssh-%%h-%%p-%%r
36 |
37 |
--------------------------------------------------------------------------------
/setup/archive/resources/credentials.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # Apigee Repo credentials
3 | # apigee_repo_user:
4 | # apigee_repo_password:
5 |
6 | # Local Apigee Mirror Credentials
7 | apigee_repo_user: admin
8 | apigee_repo_password: admin
9 |
10 | # Edge Admin User
11 | opdk_user_email: opdk@apigee.com
12 | opdk_user_pass: Apigee123!
13 |
14 | # Edge System User
15 | opdk_user_name: apigee
16 | opdk_group_name: apigee
17 |
18 | # Edge Openldap Password
19 | opdk_ldap_pass: '{{ opdk_user_pass }}'
20 |
21 | # Grafana Credentials
22 | grafana_username: admin
23 | grafana_password: '{{ opdk_user_pass }}'
24 |
25 | # Cassandra Credentials
26 | opdk_cass_username: cassandra
27 | opdk_cass_password: '{{ opdk_user_pass }}'
28 |
29 | # Email Credentials
30 | opdk_smtp_user: '{{ opdk_user_email }}'
31 | opdk_smtp_password: '{{ opdk_user_pass }}'
32 |
33 | # Apigee Analytics Postgres credentials
34 | pg_user: '{{ opdk_user_name }}'
35 | pg_pass: '{{ opdk_user_pass }}'
36 |
37 | # Drupal Postgres Admin
38 | dp_drupal_pg_user: drupal_admin
39 | dp_drupal_pg_pass: '{{ opdk_user_pass }}'
40 |
41 | # Dev Portal Postgres Admin
42 | dp_pg_user: devportal_pg_admin
43 | dp_pg_pass: "{{ opdk_user_pass }}"
44 |
45 | # Dev Portal Drupal Admin
46 | dp_admin_firstname: "{{ first_name }}"
47 | dp_admin_lastname: "{{ last_name }}"
48 | dp_admin_username: "{{ opdk_user_name }}"
49 | dp_admin_pwd: "{{ opdk_user_pass }}"
50 | dp_admin_email: "{{ opdk_user_email }}"
51 |
52 | # Dev Portal Developer Admin
53 | dp_devadmin_user: "{{ opdk_user_email }}"
54 | dp_devadmin_pwd: "{{ opdk_user_pass }}"
55 |
56 | # AWS credentials
57 | # aws_access_key:
58 | # aws_secret_key:
59 |
60 | # Edge UI SAML Integration
61 | sso_admin_name: ssoadmin
62 | sso_admin_secret: '{{ opdk_user_pass }}'
63 | edgeui_sso_client_name: edgeui
64 | edgeui_sso_client_secret: '{{ opdk_user_pass }}'
65 | sso_saml_service_provider_password: "samlSP123"
--------------------------------------------------------------------------------
/setup/archive/resources/pip.conf.j2:
--------------------------------------------------------------------------------
1 | [global]
2 | index-url = {{ pip_index_url }}
3 |
--------------------------------------------------------------------------------
/setup/archive/setup-apigee-license.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - hosts: localhost
3 | connection: local
4 | vars_files:
5 | - repository-custom-properties.yml
6 | vars_prompt:
7 | - name: license_path
8 | prompt: "Enter path to license file"
9 | private: no
10 |
11 | tasks:
12 | - name: Copy license file in .apigee folder
13 | copy:
14 | src: '{{ license_path }}'
15 | dest: '{{ apigee_config}}/license.txt'
16 | register: status
17 |
18 | - name: Copy license file status report
19 | debug:
20 | var: status
21 |
--------------------------------------------------------------------------------
/setup/archive/setup-ec2.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - hosts: localhost
3 | connection: local
4 | gather_facts: no
5 | vars_files:
6 | - ~/.apigee/credentials.yml
7 | tasks:
8 | - name: Validate that aws_secret_key is provided
9 | fail:
10 | msg: Please indicate the aws_secret_key
11 | when: aws_secret_key is not defined
12 |
13 | - name: Validate that aws_access_key is provided
14 | fail:
15 | msg: Please indicate the aws_access_key
16 | when: aws_access_key is not defined
17 |
18 | - name: Validate that aws_region is provided
19 | fail:
20 | msg: Please indicate the aws_region
21 | when: aws_region is not defined
22 |
23 | - name: Install system packages
24 | become: yes
25 | ignore_errors: yes
26 | yum:
27 | name: '{{ item }}'
28 | state: present
29 | with_items:
30 | - elasticache-auto-discovery
31 | when: ansible_os_family | lower == 'redhat'
32 |
33 | - name: Update .bashrc with aws_access_key
34 | become: no
35 | lineinfile:
36 | backup: yes
37 | dest: ~/.bashrc
38 | state: present
39 | line: 'export AWS_SECRET_ACCESS_KEY={{ aws_secret_key }}'
40 | when: aws_access_key is defined
41 |
42 | - name: Update .bashrc with aws_secret_key
43 | become: no
44 | lineinfile:
45 | backup: yes
46 | dest: ~/.bashrc
47 | state: present
48 | line: 'export AWS_ACCESS_KEY_ID={{ aws_access_key }}'
49 | when: aws_secret_key is defined
50 |
51 | - name: Update .bashrc with aws_region
52 | become: no
53 | lineinfile:
54 | backup: yes
55 | dest: ~/.bashrc
56 | state: present
57 | line: 'export AWS_REGION={{ aws_region }}'
58 | when: aws_secret_key is defined
59 |
60 |
--------------------------------------------------------------------------------
/setup/archive/setup.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # - include: setup-ansible-config.yml
3 |
4 | #- include: control-server.yml
5 |
6 | - import_playbook: setup-base.yml
7 |
8 | #- include: setup-ec2.yml
9 |
--------------------------------------------------------------------------------
/setup/archive/update-git-remote-origin.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Update git remote repos with provided url
3 | hosts: localhost
4 | connection: local
5 | gather_facts: no
6 |
7 | vars_files:
8 | - repository-mapping-name-folder.yml
9 | - repository-custom-properties.yml
10 |
11 | tasks:
12 |
13 | - name: Remove existing origin repo for playbooks
14 | tags: ['remove']
15 | shell: "git remote remove origin"
16 | args:
17 | chdir: "{{ item.workspace }}/{{ item.repo_name }}"
18 | with_items:
19 | - "{{ playbook_repos }}"
20 | - "{{ role_repos }}"
21 |
22 | - name: Add updated origin repo
23 | tags: ['add']
24 | shell: "git remote add origin {{ repository_secure_endpoint_ssh }}/{{ item.repo_name }}.git"
25 | args:
26 | chdir: "{{ item.workspace }}/{{ item.repo_name }}"
27 | with_items:
28 | - "{{ playbook_repos }}"
29 | - "{{ role_repos }}"
30 |
31 | - name: Associate to upstream master branch
32 | tags: ['associate']
33 | shell: "git branch --set-upstream-to=origin/master master"
34 | args:
35 | chdir: "{{ item.workspace }}/{{ item.repo_name }}"
36 | with_items:
37 | - "{{ playbook_repos }}"
38 | - "{{ role_repos }}"
39 |
40 | - name: Pull from updated origin repo
41 | tags: ['pull']
42 | shell: "git pull"
43 | args:
44 | chdir: "{{ item.workspace }}/{{ item.repo_name }}"
45 | with_items:
46 | - "{{ playbook_repos }}"
47 | - "{{ role_repos }}"
48 |
--------------------------------------------------------------------------------
/setup/inventory/controller:
--------------------------------------------------------------------------------
1 | controller ansible_host=localhost
2 |
3 |
--------------------------------------------------------------------------------
/setup/requirements.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - src: https://github.com/carlosfrias/apigee-opdk-setup-ansible-controller.git
3 | - src: https://github.com/carlosfrias/apigee-opdk-modules.git
4 |
--------------------------------------------------------------------------------
/setup/setup.sh:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bash
2 |
3 | sudo yum install -y python-pip
4 | sudo pip install pip --upgrade
5 | sudo pip install ansible google-auth
6 | ansible-galaxy import carlosfrias https://github.com/carlosfrias/apigee-opdk-setup-ansible-controller.git
7 | ansible-galaxy import carlosfrias https://github.com/carlosfrias/apigee-opdk-modules.git
8 |
9 |
--------------------------------------------------------------------------------
/setup/setup.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Setup the Ansible controller
3 | hosts: localhost
4 | connection: local
5 | vars:
6 | property_folders:
7 | - "~/.apigee-secure"
8 | - "~/.apigee"
9 | # This is the location in which Ansible files can be installed.
10 | ansible_workspace: "~/.ansible"
11 |
12 | # This is the location where credentials, license material, GCP service account files, AWS key and secret, etc are stored"
13 | apigee_secure_folder: "~/.apigee-secure"
14 |
15 | # This is the location of custom property files.
16 | apigee_custom_properties_folder: "~/.apigee"
17 |
18 | roles:
19 | - { role: apigee-opdk-setup-ansible-controller }
20 |
21 |
--------------------------------------------------------------------------------