├── .gitignore ├── 34.74.127.151 └── etc │ └── nginx │ └── nginx.conf ├── CONTRIBUTING.md ├── LICENSE ├── README-ansible-configuration.md ├── README-ansible-inventory.md ├── README-configure-ansible.md ├── README-credentials.md ├── README-runtime-attributes.yml ├── README.md ├── infrastructure ├── README.md ├── backup-ansible-controller │ ├── README.md │ ├── ansible.cfg │ ├── backup.yml │ └── requirements.yml ├── bastion-host-proxy │ ├── acme-letsencrypt-issue.yml │ └── install.yml ├── clean-ansible │ └── clean.yml ├── configure-ssh-login │ ├── README.md │ └── configure-ssh-user.yml ├── download-offline-packages │ ├── README.md │ └── offline-download.yml ├── gce-management │ ├── .gitignore │ ├── CONTRIBUTING.md │ ├── LICENSE │ ├── README.md │ ├── apigee-edge-tf │ │ ├── 5-node │ │ │ ├── main.tf │ │ │ ├── output.tf │ │ │ ├── provider.tf │ │ │ └── variable.tf │ │ ├── aio │ │ │ ├── main.tf │ │ │ ├── output.tf │ │ │ ├── provider.tf │ │ │ └── variable.tf │ │ ├── dc-2 │ │ │ ├── main.tf │ │ │ ├── output.tf │ │ │ ├── provider.tf │ │ │ └── variable.tf │ │ ├── dc-3 │ │ │ ├── main.tf │ │ │ ├── output.tf │ │ │ ├── provider.tf │ │ │ └── variable.tf │ │ ├── dev │ │ │ ├── main.tf │ │ │ ├── output.tf │ │ │ ├── provider.tf │ │ │ └── variable.tf │ │ ├── example-pilot │ │ │ ├── main.tf │ │ │ ├── output.tf │ │ │ ├── provider.tf │ │ │ └── variable.tf │ │ ├── gce-create.yml │ │ ├── gce-destroy.yml │ │ ├── modules │ │ │ ├── apigeenet-firewalls-protocol-only │ │ │ │ ├── main.tf │ │ │ │ └── variables.tf │ │ │ ├── apigeenet-firewalls-protocol-with-ports │ │ │ │ ├── main.tf │ │ │ │ └── variables.tf │ │ │ ├── apigeenet-instance-group-manager │ │ │ │ ├── main.tf │ │ │ │ ├── output.tf │ │ │ │ └── variable.tf │ │ │ ├── external-instance │ │ │ │ ├── main.tf │ │ │ │ ├── output.tf │ │ │ │ └── variable.tf │ │ │ ├── infrastructure │ │ │ │ ├── main.tf │ │ │ │ ├── output.tf │ │ │ │ ├── provider.tf │ │ │ │ └── variable.tf │ │ │ └── internal-instance │ │ │ │ ├── main.tf │ │ │ │ └── variable.tf │ │ ├── prod │ │ │ ├── main.tf │ │ │ ├── output.tf │ │ │ ├── provider.tf │ │ │ └── variable.tf │ │ └── sandbox-pilot │ │ │ ├── main.tf │ │ │ ├── output.tf │ │ │ ├── provider.tf │ │ │ └── variable.tf │ ├── gce-ansible-config.yml │ ├── gce-create-instances.yml │ ├── gce-dependencies.yml │ ├── gce-dynamic │ │ ├── create-bastion-host.yml │ │ ├── create-instance-literal.yml │ │ ├── create-instance.yml │ │ ├── create-template.yml │ │ ├── create.yml │ │ ├── remove.yml │ │ ├── requirements.yml │ │ └── shared-properties.yml │ ├── gce-properties.yml │ ├── gce-remove.yml │ ├── performance-testing │ │ └── perf-test.sh │ ├── pip-requirements.txt │ └── templates │ │ └── gce.ini.j2 ├── mirror │ ├── README.md │ ├── collect-attributes.yml │ ├── configure-nginx-mirror.yml │ ├── create-archive.yml │ ├── download-archive.yml │ ├── install-archive.yml │ ├── nginx-mirror.yml │ ├── requirements.yml │ └── upload-mirror.yml ├── port-requirements │ ├── check.yml │ └── requirements.yml ├── response-file-generator │ ├── generate.yml │ └── requirements.yml ├── setup-ansible-offline │ ├── ansible.cfg │ ├── requirements.yml │ ├── setup-offline-attributes.yml │ └── setup-offline.yml ├── ssh-bastion-host │ ├── bastion_host_attribute.yml │ ├── configure-bastion-config.yml │ ├── configure-proxycommand.yml │ └── requirements.yml └── ssh-tunnels │ ├── requirements.yml │ └── tunnel.yml ├── installations ├── README.md ├── aio │ ├── README.md │ ├── install.yml │ └── requirements.yml ├── devportal │ ├── README.md │ ├── install.yml │ └── requirements.yml ├── edge-microgateway │ ├── README.md │ └── install.yml └── multi-node │ ├── README.md │ ├── install-optimized.yml │ ├── install.yml │ └── requirements.yml ├── post-installation ├── README.md ├── add │ └── add-components │ │ ├── README-add-rmp-to-custom-pod.md │ │ ├── add-rmp-to-custom-pod.yml │ │ ├── alpha │ │ ├── add-message-processsor.yml │ │ ├── add-postgres-standby.yml │ │ └── add-router.yml │ │ └── requirements.yml ├── apigee-user │ ├── README.md │ ├── requirements.yml │ └── update.yml ├── backup │ ├── .gitignore │ ├── CONTRIBUTING.md │ ├── LICENSE │ ├── README.md │ ├── backup.yml │ ├── requirements.yml │ └── restore.yml ├── cassandra-rebuild │ ├── rebuild.yml │ └── requirements.yml ├── debug-mode │ ├── README.md │ ├── debug.yml │ └── requirements.yml ├── download-logs │ ├── README.md │ ├── download.yml │ └── requirements.yml ├── expand-planet-regions │ ├── install.yml │ └── requirements.yml ├── manage-virtual-hosts │ ├── create-vh.yml │ └── requirements.yml ├── monetization │ ├── install.yml │ └── requirements.yml ├── remove │ ├── remove-components │ │ ├── remove-analytics.yml │ │ ├── remove-apigee.yml │ │ ├── remove-cassandra.yml │ │ ├── remove-component.yml │ │ ├── remove-message-processsor.yml │ │ ├── remove-router.yml │ │ ├── remove-zookeeper.yml │ │ └── requirements.yml │ ├── remove-environment │ │ ├── remove-all-environments.yml │ │ ├── remove-environment.yml │ │ └── requirements.yml │ ├── remove-pods │ │ └── remove-all-pods.yml │ ├── remove-servers │ │ ├── delete-servers-by-environment.yml │ │ ├── remove.yml │ │ └── requirements.yml │ └── remove-virtualhosts │ │ ├── remove.yml │ │ └── requirements.yml ├── restart-planet │ ├── README.md │ ├── requirements.yml │ ├── restart-apigee-components.yml │ └── restart-apigee-servers.yml ├── teams │ └── enable-teams-on-org.yml ├── unlock-edge-user-account │ └── apigee-openldap.yml ├── update-analytics-scope │ ├── requirements.yml │ └── update.yml ├── update-customer-properties │ ├── requirements.yml │ └── update.yml ├── upgrade │ ├── requirements.yml │ └── upgrade.yml ├── validations │ ├── README.md │ ├── analytics │ │ ├── README.md │ │ ├── requirements.yml │ │ └── validate.yml │ ├── cassandra │ │ ├── requirements.yml │ │ └── validate.yml │ ├── ldap │ │ ├── requirements.yml │ │ └── validate.yml │ ├── qpid │ │ └── validate.yml │ ├── rmp │ │ ├── requirements.yml │ │ └── validate.yml │ └── zookeeper │ │ └── validate.yml └── zookeeper │ └── collect.yml └── setup ├── README.md ├── ansible.cfg ├── archive ├── README-CONTROL-SERVER-SYSTEM-PACKAGES.md ├── README-CUSTOM-PROPERTIES.md ├── README-CYGWIN.md ├── README-EC2.md ├── README-FEATURES.md ├── README-INVENTORY-FILE.md ├── README-ORIGINAL.md ├── README-credentials.md ├── README.md ├── __init__.py ├── ansible-pip-requirements.txt ├── control-server.yml ├── install-system-packages.yml ├── library │ ├── __init__.py │ ├── cache.py │ └── opdk_server_self.py ├── private-bitbucket-repository-create-update.yml ├── private-bitbucket-repository-remove.yml ├── private-github-repository-create-update.yml ├── private-gitlab-repository-create-update.yml ├── private-repository-user-list.yml ├── repository-custom-properties.yml ├── repository-mapping-name-folder.yml ├── resources │ ├── ansible.cfg.j2 │ ├── credentials.yml │ ├── custom-properties.yml │ └── pip.conf.j2 ├── setup-apigee-license.yml ├── setup-base.yml ├── setup-ec2.yml ├── setup-workspace.yml ├── setup.yml └── update-git-remote-origin.yml ├── inventory └── controller ├── requirements.yml ├── setup.sh └── setup.yml /.gitignore: -------------------------------------------------------------------------------- 1 | # Byte-compiled / optimized / DLL files 2 | __pycache__/ 3 | *.py[cod] 4 | *$py.class 5 | 6 | # C extensions 7 | *.so 8 | 9 | # Distribution / packaging 10 | .Python 11 | env/ 12 | build/ 13 | develop-eggs/ 14 | dist/ 15 | downloads/ 16 | eggs/ 17 | .eggs/ 18 | lib/ 19 | lib64/ 20 | parts/ 21 | sdist/ 22 | var/ 23 | *.egg-info/ 24 | .installed.cfg 25 | *.egg 26 | 27 | # PyInstaller 28 | # Usually these files are written by a python script from a template 29 | # before PyInstaller builds the exe, so as to inject date/other infos into it. 30 | *.manifest 31 | *.spec 32 | 33 | # Installer logs 34 | pip-log.txt 35 | pip-delete-this-directory.txt 36 | 37 | # Unit test / coverage reports 38 | htmlcov/ 39 | .tox/ 40 | .coverage 41 | .coverage.* 42 | .cache 43 | nosetests.xml 44 | coverage.xml 45 | *,cover 46 | .hypothesis/ 47 | 48 | # Translations 49 | *.mo 50 | *.pot 51 | 52 | # Django stuff: 53 | *.log 54 | local_settings.py 55 | 56 | # Flask stuff: 57 | .webassets-cache 58 | 59 | # Scrapy stuff: 60 | .scrapy 61 | 62 | # Sphinx documentation 63 | docs/_build/ 64 | 65 | # PyBuilder 66 | target/ 67 | 68 | # IPython Notebook 69 | .ipynb_checkpoints 70 | 71 | # pyenv 72 | .python-version 73 | 74 | # celery beat schedule file 75 | celerybeat-schedule 76 | 77 | # dotenv 78 | .env 79 | 80 | # virtualenv 81 | venv/ 82 | ENV/ 83 | 84 | # Spyder project settings 85 | .spyderproject 86 | 87 | # Rope project settings 88 | .ropeproject 89 | 90 | .vagrant 91 | *.iml 92 | archives 93 | .DS_Store 94 | ssh_keys 95 | ansible.log 96 | *.zip 97 | license.txt 98 | *.log 99 | *.tar.gz 100 | *.rpm 101 | *.tar 102 | ansible_fact_cache_dir 103 | *jar 104 | .ansible_cache* 105 | configs_and_logs 106 | redhat-rhui.repo 107 | rhui-load-balancers.conf 108 | out 109 | .idea 110 | *iml 111 | *retry 112 | *.db 113 | *~ 114 | backups 115 | ansible 116 | apigee 117 | apigee-secure 118 | setup/roles 119 | infrastructure/setup-ansible-offline/apigee-opdk-accelerator/* 120 | .terraform 121 | terraform* 122 | .apigee/.idea 123 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # How to Contribute 2 | 3 | We'd love to accept your patches and contributions to this project. There are 4 | just a few small guidelines you need to follow. 5 | 6 | ## Contributor License Agreement 7 | 8 | Contributions to this project must be accompanied by a Contributor License 9 | Agreement. You (or your employer) retain the copyright to your contribution; 10 | this simply gives us permission to use and redistribute your contributions as 11 | part of the project. Head over to to see 12 | your current agreements on file or to sign a new one. 13 | 14 | You generally only need to submit a CLA once, so if you've already submitted one 15 | (even if it was for a different project), you probably don't need to do it 16 | again. 17 | 18 | ## Code reviews 19 | 20 | All submissions, including submissions by project members, require review. We 21 | use GitHub pull requests for this purpose. Consult 22 | [GitHub Help](https://help.github.com/articles/about-pull-requests/) for more 23 | information on using pull requests. -------------------------------------------------------------------------------- /README-ansible-configuration.md: -------------------------------------------------------------------------------- 1 | # Configure the Ansible OPDK Accelerator 2 | 3 | ## Overview 4 | 5 | The configuration of the Ansible OPDK Accelerator consists of updating Apigee Security Credentials, an 6 | [Ansible configuration file](README-configure-ansible.md) and an [Ansible inventory](README-ansible-inventory.md). Please note that this repository 7 | makes use of a modified layout from most Ansible projects. The layout has been modified to help address concerns with 8 | security and resource efficiency by making it easy to follow practices that enhance security without sacrificing 9 | resource efficiency. 10 | 11 | ## Steps to Configure Ansible OPDK Accelerator 12 | 13 | 1. Update the Ansible configuration as indicated in [Configure Ansible](README-configure-ansible.md). 14 | 1. Update the inventory template files as indicated in [Ansible Inventory](README-ansible-inventory.md). 15 | 16 | ## Ansible OPDK Accelerator Security Strategy 17 | 18 | The use of Ansible Vault is encouraged as a mechanism by which you may encrypt sensitive attributes. However it should 19 | be noted that the use of Ansible Vault is not sufficient without the context of additional conscientious practices that 20 | complete the security profile of the Ansible configuration. This repository enables conscientious security practices by 21 | moving sensitive folders and files into more secure hidden folders of the user home directory that are not a part of 22 | folders placed under source configuration management. This results in processes that make it easy to follow practices 23 | that enhance security. 24 | 25 | It should be noted that sensitive configuration files should also be properly stored and managed. The practices encouraged 26 | by the layout used in this repository make it easy for sensitive configuration files to be lost. Therefore a conscientious 27 | effort is required to ensure that sensitive configuration files are properly and securely stored. 28 | 29 | ## Ansible OPDK Accelerator Resource Strategy 30 | 31 | Ansible configurations can be provided by convention or with settings contained in Ansible configuration files. Ansible 32 | configurations provided by conventions are convenient for runtime configurations that are short lived or have a reduced 33 | scope. Ansible configuration files is appropriate when runtime configurations have a larger scope or have a greater 34 | impact due to the long term maintenance or support concerns that are addressed. This repository provides support for the 35 | large scope of installation, configuration and maintenance of Apigee Planets. Consequently, this framework configures 36 | Ansible configuration files so that logs, caches, inventory and roles can be located and shared across the different 37 | Apigee Planets that may be supported. 38 | 39 | ## Next Steps 40 | 41 | Please continue with the [next steps](README.md#usage-overview) in the process. 42 | -------------------------------------------------------------------------------- /README-credentials.md: -------------------------------------------------------------------------------- 1 | # Configure Ansible OPDK Accelerator Credentials 2 | 3 | The credentials for the OPDK Accelerator are configured in the folder `~/.apigee-secure`. This folder contains the 4 | credentials to be used for the Apigee Planet in the file `credentials.yml`. This folder also contains the Apigee license 5 | material in a file named license.txt. 6 | 7 | # Required Credentials 8 | 9 | Please note that you are required to provide two sets of credentials. The first credential gives you access to the Apigee 10 | Software download site for the purpose of downloading Apigee Software. The second credential is the license material you 11 | received from Apigee that represents your license to use the Apigee software. 12 | 13 | ## Update the Apigee User Name and Apigee User Password 14 | 15 | Please update the `~/.apigee-secure/credentials.yml` file with the credentials you received credentials for the purpose 16 | of downloading Apigee software. The attributes `apigee_user_name` and `apigee_user_pass` should be updated with your 17 | Apigee credentials. Please update the attributes in the following section near the top of the file 18 | `~/.apigee-secure/credentials.yml`: 19 | 20 | # Apigee Repo or Apigee Mirror credentials 21 | apigee_repo_user: "{{ apigee_provided_or_confirmed_username }}" 22 | apigee_repo_password: "{{ apigee_provided_password }}" 23 | 24 | ## License Material 25 | 26 | The OPDK Accelerator expects to find the license material in the file `~/.apigee-secure/license.txt`. It is sufficient 27 | to create or update the file `~/.apigee-secure/license.txt` with a copy of the license material received from Apigee. 28 | 29 | # Credentials File 30 | 31 | The `~/.apigee/credentials.yml` file is heavily annotated. Please refer to this file to update the credentials you wish 32 | use on the platform. Please note that `apigee_user_name` and `apigee_user_pass` are credentials provided by Apigee and 33 | should be used as provided. It is expected that the remaining credentials would be reviewed and updated accordingly. 34 | 35 | ## Edge Administrative User 36 | 37 | Please note that the initial credentials for the Edge Administrative user are set to defaults that should be considered 38 | unsecure. These defaults are suitable for test scenarios that are short lived and not exposed externally. Please update 39 | the attributes `opdk_user_email` and `opdk_user_pass` when you are performing an installation to an environment that 40 | should be secured. Please update the attributes in the following section that appear near the top of the file 41 | `~/.apigee-secure/credentials.yml`: 42 | 43 | # Edge Admin User 44 | opdk_user_email: opdk@apigee.com 45 | opdk_user_pass: Apigee123! 46 | -------------------------------------------------------------------------------- /README-runtime-attributes.yml: -------------------------------------------------------------------------------- 1 | # Configure Ansible OPDK Accelerator Runtime Attributes 2 | 3 | The OPDK Accelerator is heavily parameterized. This enables the playbook to isolate changes to the inventory definition 4 | and the runtime attributes file. The runtime attributes are found in the folder `~/.apigee/`. Please see the table below 5 | to learn where default settings are provided for your use. 6 | 7 | 8 | | Attribute Name | Attribute Description | 9 | | --- | ---| 10 | -------------------------------------------------------------------------------- /infrastructure/README.md: -------------------------------------------------------------------------------- 1 | #### This purpose of this folder is to contain scripts that work with the infrastructure. -------------------------------------------------------------------------------- /infrastructure/backup-ansible-controller/README.md: -------------------------------------------------------------------------------- 1 | # Apigee OPDK Ansible Controller Backup 2 | 3 | This folder also contains the playbook to backup the Ansible Control server using the 4 | [Apigee OPDK Setup Ansible Controller Backup](https://github.com/carlosfrias/apigee-opdk-setup-ansible-controller-backup) 5 | role. The [backup.yml](backup.yml) script backs up to either a default 6 | folder or a provided folder on your local file system. Please see 7 | [Apigee OPDK Setup Ansible Controller Backup](https://github.com/carlosfrias/apigee-opdk-setup-ansible-controller-backup) 8 | for details. 9 | 10 | # Usage Instructions 11 | 12 | A backup of a controller setup can be configured in the current directory: 13 | 14 | # Download the required roles to backup the Ansible controller 15 | ansible-galaxy install -r requirements.yml-f 16 | 17 | # Backup the Ansible controller 18 | ansible-playbook backup.yml 19 | 20 | ## Sample Usage to Backup to different local folder 21 | 22 | # Download the required roles to backup the Ansible controller 23 | ansible-galaxy install -r requirements.yml-f 24 | 25 | # Backup the Ansible controller 26 | ansible-playbook backup.yml -e target_download_folder= 27 | 28 | 29 | 30 | 31 | 32 | -------------------------------------------------------------------------------- /infrastructure/backup-ansible-controller/ansible.cfg: -------------------------------------------------------------------------------- 1 | [defaults] 2 | inventory = inventory 3 | roles_path = roles 4 | private_key_file = ~/.ssh/id_rsa 5 | merge_multiple_cli_tags=True 6 | display_args_to_stdout = True 7 | timeout = 60 8 | host_key_checking = False 9 | forks = 10 10 | retry_files_enabled = False 11 | ansible_shell_type=sh 12 | module_name = shell 13 | 14 | [ssh_connection] 15 | #ssh_args = -o ControlMaster=auto -o ControlPersist=7200s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -q 16 | ssh_args = -q 17 | control_path=%(directory)s/ansible-ssh-%%h-%%p-%%r 18 | -------------------------------------------------------------------------------- /infrastructure/backup-ansible-controller/backup.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Backup custom-properties, credentials and license files 3 | hosts: "{{ target_hosts }}" 4 | 5 | roles: 6 | - { role: apigee-opdk-setup-ansible-controller-backup } 7 | 8 | -------------------------------------------------------------------------------- /infrastructure/backup-ansible-controller/requirements.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - src: https://github.com/carlosfrias/apigee-opdk-setup-ansible-controller-backup.git 3 | 4 | - src: https://github.com/carlosfrias/apigee-fetch-files.git 5 | -------------------------------------------------------------------------------- /infrastructure/bastion-host-proxy/acme-letsencrypt-issue.yml: -------------------------------------------------------------------------------- 1 | - hosts: "host1" 2 | tasks: 3 | 4 | - name: "Create required directories in /etc/letsencrypt" 5 | file: 6 | path: "/etc/letsencrypt/{{ item }}" 7 | state: directory 8 | owner: root 9 | group: root 10 | mode: u=rwx,g=x,o=x 11 | with_items: 12 | - account 13 | - certs 14 | - csrs 15 | - keys 16 | 17 | - name: "Generate a Let's Encrypt account key" 18 | shell: "if [ ! -f {{ letsencrypt_account_key }} ]; then openssl genrsa 4096 | sudo tee {{ letsencrypt_account_key }}; fi" 19 | 20 | - name: "Generate Let's Encrypt private key" 21 | shell: "openssl genrsa 4096 | sudo tee /etc/letsencrypt/keys/{{ domain_name }}.key" 22 | 23 | - name: "Generate Let's Encrypt CSR" 24 | shell: "openssl req -new -sha256 -key /etc/letsencrypt/keys/{{ domain_name }}.key -subj \"/CN={{ domain_name }}\" -reqexts SAN -config <(cat /etc/ssl/openssl.cnf <(printf \"\n[SAN]\nsubjectAltName=DNS:{{ domain_name }},DNS:www.{{ domain_name }}\")) | sudo tee /etc/letsencrypt/csrs/{{ domain_name }}.csr" 25 | args: 26 | executable: /bin/bash 27 | 28 | - name: "Begin Let's Encrypt challenges" 29 | letsencrypt: 30 | acme_directory: "{{ acme_directory }}" 31 | acme_version: "{{ acme_version }}" 32 | account_key_src: "{{ letsencrypt_account_key }}" 33 | account_email: "{{ acme_email }}" 34 | terms_agreed: 1 35 | challenge: "{{ acme_challenge_type }}" 36 | csr: "{{ letsencrypt_csrs_dir }}/{{ domain_name }}.csr" 37 | dest: "{{ letsencrypt_certs_dir }}/{{ domain_name }}.crt" 38 | fullchain_dest: "{{ letsencrypt_certs_dir }}/fullchain_{{ domain_name }}.crt" 39 | remaining_days: 91 40 | register: acme_challenge_your_domain 41 | 42 | - name: "Create .well-known/acme-challenge directory" 43 | file: 44 | path: /var/www/html/.well-known/acme-challenge 45 | state: directory 46 | owner: root 47 | group: root 48 | mode: u=rwx,g=rx,o=rx 49 | 50 | - name: "Implement http-01 challenge files" 51 | copy: 52 | content: "{{ acme_challenge_your_domain['challenge_data'][item]['http-01']['resource_value'] }}" 53 | dest: "/var/www/html/{{ acme_challenge_your_domain['challenge_data'][item]['http-01']['resource'] }}" 54 | owner: root 55 | group: root 56 | mode: u=rw,g=r,o=r 57 | with_items: 58 | - "{{ domain_name }}" 59 | - "www.{{ domain_name }}" 60 | 61 | - name: "Complete Let's Encrypt challenges" 62 | letsencrypt: 63 | acme_directory: "{{ acme_directory }}" 64 | acme_version: "{{ acme_version }}" 65 | account_key_src: "{{ letsencrypt_account_key }}" 66 | account_email: "{{ acme_email }}" 67 | challenge: "{{ acme_challenge_type }}" 68 | csr: "{{ letsencrypt_csrs_dir }}/{{ domain_name }}.csr" 69 | dest: "{{ letsencrypt_certs_dir }}/{{ domain_name }}.crt" 70 | chain_dest: "{{ letsencrypt_certs_dir }}/chain_{{ domain_name }}.crt" 71 | fullchain_dest: "{{ letsencrypt_certs_dir }}/fullchain_{{ domain_name }}" 72 | data: "{{ acme_challenge_your_domain }}" -------------------------------------------------------------------------------- /infrastructure/bastion-host-proxy/install.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Configure Bastion Host Proxy 3 | hosts: bastion 4 | gather_vars: false 5 | 6 | vars: 7 | os_packages: 8 | - epel-release 9 | - nginx 10 | - certbot 11 | tasks: 12 | - name: Update OS 13 | package: 14 | name: "{{ os_packages }}" 15 | state: present 16 | 17 | # - name: Certbot configuration still needed -------------------------------------------------------------------------------- /infrastructure/clean-ansible/clean.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: localhost 3 | connection: local 4 | gather_facts: no 5 | vars: 6 | clean_dirs: 7 | - '~/.apigee/planet_resources' 8 | - '~/.ansible/roles' 9 | - '~/.ansible/tmp' 10 | - '~/.ansible/cache' 11 | vars_files: 12 | - ~/.apigee-secure/credentials.yml 13 | - ~/.apigee/custom-properties.yml 14 | tasks: 15 | - name: Clean all folders 16 | ignore_errors: yes 17 | file: 18 | path: '{{ item }}' 19 | state: absent 20 | with_items: "{{ clean_dirs }}" 21 | when: clean_scope is not defined 22 | 23 | - name: Clean roles folder only 24 | tags: ['roles'] 25 | ignore_errors: yes 26 | file: 27 | path: '{{ item }}' 28 | state: absent 29 | with_items: "{{ clean_dirs[1] }}" 30 | when: clean_scope is defined and clean_scope | trim == "roles" 31 | 32 | - name: Clean cache folder only 33 | tags: ['cache'] 34 | ignore_errors: yes 35 | file: 36 | path: '{{ item }}' 37 | state: absent 38 | with_items: "{{ clean_dirs[3] }}" 39 | when: clean_scope is defined and clean_scope | trim == "cache" 40 | 41 | - name: Recreate folders 42 | ignore_errors: yes 43 | tags: ['clean','roles'] 44 | file: 45 | path: '{{ item }}' 46 | state: directory 47 | with_items: "{{ clean_dirs }}" 48 | 49 | 50 | -------------------------------------------------------------------------------- /infrastructure/configure-ssh-login/README.md: -------------------------------------------------------------------------------- 1 | # Configure SSH Login 2 | 3 | This `configure-ssh-user.yml` playbook configures a user for access over SSH. This playbook can configure 4 | the `root` user so that SSH will permit the `root` user to login. 5 | 6 | # Usage Instructions 7 | 8 | ## Sample Usage 9 | 10 | Configure a user with SSH: 11 | 12 | # This will invoke the playbook. You will be prompted to type the SSH password for the remote login user provided. 13 | ansible-playbook configure-ssh-user.yml -u -k -e remote_user= -e target_hosts= 14 | 15 | ## Use a specific SSH pubkey 16 | 17 | Configure a user with SSH with a non-default ssh public key : 18 | 19 | # This will invoke the playbook. You will be prompted to type the SSH password for the remote login user provided. 20 | ansible-playbook configure-ssh-user.yml -u -k -e pubkey=~/.ssh/special-id_rsa.pub -e remote_user= -e target_hosts= 21 | 22 | ## Enable Root User SSH Login 23 | 24 | Configure the root user to enable root user login 25 | 26 | # This will invoke the playbook. You will be prompted to type the SSH password for the remote login user provided. 27 | ansible-playbook configure-ssh-user.yml -u -k -e pubkey=~/.ssh/special-id_rsa.pub -e remote_user=root -e target_hosts= 28 | -------------------------------------------------------------------------------- /infrastructure/configure-ssh-login/configure-ssh-user.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Configure SSH for a remote user 3 | hosts: '{{ target_hosts }}' 4 | gather_facts: no 5 | 6 | vars: 7 | pubkey: '~/.ssh/id_rsa.pub' 8 | pvtkey: '~/.ssh/id_rsa' 9 | sshd_config: '/etc/ssh/sshd_config' 10 | sudoers: '/etc/sudoers.d/apigee-requiretty' 11 | 12 | tasks: 13 | - block: 14 | - name: Get current user if remote_user not provided 15 | shell: whoami 16 | register: whoami 17 | 18 | - name: Set remote_user 19 | set_fact: 20 | remote_user: "{{ whoami.stdout }}" 21 | 22 | - name: Determine state of public key 23 | stat: 24 | path: "{{ pubkey }}" 25 | register: pubkey_state 26 | 27 | delegate_to: localhost 28 | 29 | - block: 30 | - name: Assert availability of openssh 31 | yum: 32 | name: openssh 33 | state: present 34 | 35 | - name: Generate SSH keys 36 | shell: ssh-keygen -b 2048 -t rsa -f {{ pvtkey }} -q -N "" 37 | args: 38 | creates: "{{ pvtkey }}" 39 | 40 | delegate_to: localhost 41 | when: not pubkey_state.stat.exists 42 | 43 | - name: Assert state of public key 44 | stat: 45 | path: "{{ pubkey }}" 46 | register: pubkey_state 47 | 48 | - name: Set public keys as authorized keys on server 49 | tags: ['authorized-keys'] 50 | authorized_key: 51 | user: '{{ ansible_user }}' 52 | state: present 53 | key: "{{ lookup('file', '{{ pubkey }}') }}" 54 | when: pubkey_state.stat.exists is defined 55 | 56 | - name: Copy keys to server 57 | tags: ['copy-keys'] 58 | copy: 59 | src: "{{ item }}" 60 | dest: "~/.ssh/{{ item | basename }}" 61 | with_items: 62 | - "{{ pvtkey }}" 63 | - "{{ pubkey }}" 64 | 65 | - name: Enable root login over SSH 66 | tags: ['ssh'] 67 | become: yes 68 | lineinfile: 69 | state: present 70 | dest: "{{ sshd_config }}" 71 | regexp: "{{ item.regexp }}" 72 | line: "{{ item.line}}" 73 | backrefs: yes 74 | create: yes 75 | with_items: 76 | - {regexp: '(^#)(PermitRootLogin yes)', line: '\2' } 77 | - {regexp: '(PermitRootLogin) no', line: '\1 yes' } 78 | notify: 79 | - Restart SSH service 80 | 81 | - name: Determine if sudoers config exists 82 | tags: ['sudo'] 83 | become: true 84 | stat: 85 | path: "{{ sudoers }}" 86 | register: sudoers_state 87 | 88 | - name: Enable Root with no Password Prompt 89 | tags: ['sudo'] 90 | become: true 91 | lineinfile: 92 | state: present 93 | dest: "{{ sudoers }}" 94 | regexp: "{{ item.regexp }}" 95 | line: "{{ item.line }}" 96 | backrefs: yes 97 | mode: 0740 98 | validate: '/usr/sbin/visudo -cf %s' 99 | with_items: 100 | - { regexp: '(^#)(Defaults.*requiretty)', line: "Defaults !requiretty" } 101 | - { regexp: '^root.*ALL=.*$', line: "root ALL=NOPASSWD: ALL" } 102 | when: sudoers_state.stat.exists 103 | 104 | handlers: 105 | - name: Restart SSH service 106 | become: true 107 | service: 108 | name: sshd 109 | state: restarted 110 | -------------------------------------------------------------------------------- /infrastructure/download-offline-packages/README.md: -------------------------------------------------------------------------------- 1 | # Apigee Offline Package Download Helper 2 | 3 | ## Overview 4 | 5 | An Apigee offline installation typically requires that you manually download packages offline. This 6 | is usually a long and tedious process. During the creation of the Apigee Mirror you have the option 7 | of loading extra system packages (`archive_extra_packages`) into the repository archive. This 8 | playbook uses `archive_extra_packages` to immediately download packages from a mirror node to the 9 | control server running this script and then upload and install those packages on the Planet nodes. 10 | The use of the same properties as the Apigee Mirror creation playbook provides for a common 11 | 12 | ## Usage 13 | 14 | This playbook will make use of the same attributes used by the Apigee Mirror creation playbook so that 15 | you can immediately get the benefit of downloading missing system packages by using this playbook 16 | and leave behind an updated list of archives that are required. 17 | 18 | 1. Please update the `archive_extra_packages` attribute in the `~/.apigee/custom-properties.yml` file 19 | with the list of system packages that you need. An example will look like this: 20 | 21 | 22 | # Extra Yum Packages that should be transferred manually for an offline installation 23 | archive_extra_packages: 24 | - yum-utils 25 | - yum-plugin-priorities 26 | - libdb4-4.8* 27 | - boost-filesystem 28 | 29 | 1. Update `local_apigee_path` if you need to store the RPMs in a location other than `~/.apigee` 30 | 31 | 1. `ansible-playbook.yml offline-download.yml -e target_hosts=` 32 | 33 | -------------------------------------------------------------------------------- /infrastructure/download-offline-packages/offline-download.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Download packages for manual installation 3 | hosts: "{{ target_hosts | default('localhost') }}" 4 | gather_facts: yes 5 | tags: ['download'] 6 | vars: 7 | local_apigee_path: "{{ temp_local_apigee_path | default('~/.apigee') }}/resources/rpms" 8 | property_folders: 9 | - "~/.apigee" 10 | roles: 11 | - { role: apigee-opdk-modules } 12 | tasks: 13 | - name: Ensure download folder exists 14 | file: 15 | path: "{{ opdk_resources_path }}" 16 | state: directory 17 | 18 | - name: Update with Yum utilities 19 | tags: ['yum'] 20 | become: true 21 | package: 22 | name: "yum-utils" 23 | state: present 24 | 25 | - name: Download os packages 26 | become: true 27 | shell: "{{ item }}" 28 | with_items: 29 | - "/usr/bin/yum reinstall --downloadonly --downloaddir={{ opdk_resources_path }} {{ archive_extra_packages | join(' ') }}" 30 | - "/usr/bin/yumdownloader --dest={{ opdk_resources_path }} {{ archive_extra_packages | join(' ') }}" 31 | - "/usr/bin/yumdownloader --dest={{ opdk_resources_path }} --resolve {{ archive_extra_packages | join(' ') }}" 32 | 33 | - name: Create list of actual RPM 34 | find: 35 | path: "{{ opdk_resources_path }}" 36 | pattern: "*.rpm" 37 | file_type: file 38 | register: package_names 39 | 40 | - name: Download RPMs 41 | fetch: 42 | src: "{{ item.path }}" 43 | dest: "{{ local_apigee_path }}/{{ item.path | basename }}" 44 | flat: yes 45 | with_items: "{{ package_names.files }}" 46 | 47 | - name: Upload downloaded packages to planet 48 | hosts: planet 49 | gather_facts: no 50 | tags: ['upload'] 51 | vars: 52 | local_apigee_path: "{{ temp_local_apigee_path | default('~/.apigee') }}/resources/rpms" 53 | property_folders: 54 | - "~/.apigee" 55 | roles: 56 | - { role: apigee-opdk-modules, tags: ['cache'] } 57 | tasks: 58 | - name: Ensure target folder exists 59 | become: true 60 | file: 61 | path: "{{ apigee_home | default('/opt/apigee') }}/data/apigee-mirror/repos/thirdparty/7" 62 | state: directory 63 | owner: apigee 64 | group: apigee 65 | 66 | - name: Create list of actual rpm file names 67 | find: 68 | path: "{{ local_apigee_path }}" 69 | pattern: '*.rpm' 70 | file_type: file 71 | recurse: yes 72 | register: package_names 73 | delegate_to: 127.0.0.1 74 | 75 | - name: Upload yum packages 76 | become: true 77 | copy: 78 | src: "{{ item.path }}" 79 | dest: "{{ apigee_home | default('/opt/apigee') }}/data/apigee-mirror/repos/thirdparty/7" 80 | owner: apigee 81 | group: apigee 82 | with_items: "{{ package_names.files }}" 83 | 84 | - name: Yum install 85 | become: true 86 | yum: 87 | name: "{{ apigee_home | default('/opt/apigee') }}/data/apigee-mirror/repos/thirdparty/7/{{ item.path | basename }}" 88 | state: present 89 | disable_gpg_check: yes 90 | with_items: "{{ package_names.files }}" 91 | 92 | -------------------------------------------------------------------------------- /infrastructure/gce-management/.gitignore: -------------------------------------------------------------------------------- 1 | generated 2 | files 3 | *.iml 4 | .terraform 5 | terraform 6 | *.tfstate* 7 | *.zip 8 | 9 | -------------------------------------------------------------------------------- /infrastructure/gce-management/CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # How to Contribute 2 | 3 | We'd love to accept your patches and contributions to this project. There are 4 | just a few small guidelines you need to follow. 5 | 6 | ## Contributor License Agreement 7 | 8 | Contributions to this project must be accompanied by a Contributor License 9 | Agreement. You (or your employer) retain the copyright to your contribution; 10 | this simply gives us permission to use and redistribute your contributions as 11 | part of the project. Head over to to see 12 | your current agreements on file or to sign a new one. 13 | 14 | You generally only need to submit a CLA once, so if you've already submitted one 15 | (even if it was for a different project), you probably don't need to do it 16 | again. 17 | 18 | ## Code reviews 19 | 20 | All submissions, including submissions by project members, require review. We 21 | use GitHub pull requests for this purpose. Consult 22 | [GitHub Help](https://help.github.com/articles/about-pull-requests/) for more 23 | information on using pull requests. -------------------------------------------------------------------------------- /infrastructure/gce-management/README.md: -------------------------------------------------------------------------------- 1 | 2 | 3 | # Not Google Product Clause 4 | 5 | This is not an officially supported Google product. 6 | 7 | 8 | # How to Contribute 9 | 10 | We'd love to accept your patches and contributions to this project. Please review our [guidelines](CONTRIBUTING.md). 11 | -------------------------------------------------------------------------------- /infrastructure/gce-management/apigee-edge-tf/5-node/output.tf: -------------------------------------------------------------------------------- 1 | output "apigeenet_self_link" { 2 | value = "${google_compute_network.apigeenet.self_link}" 3 | } 4 | 5 | //output "bastion_private_ip" { 6 | // value = "${module.apigee-bastion-vm.private_ip}" 7 | //} 8 | // 9 | //output "bastion_public_ip" { 10 | // value = "${module.apigee-bastion-vm.public_ip}" 11 | //} 12 | 13 | -------------------------------------------------------------------------------- /infrastructure/gce-management/apigee-edge-tf/5-node/provider.tf: -------------------------------------------------------------------------------- 1 | provider "google" { 2 | credentials = "${file(var.credentials_file)}" 3 | project = "${var.gcp_project_name}" 4 | region = "${var.region}" 5 | } 6 | -------------------------------------------------------------------------------- /infrastructure/gce-management/apigee-edge-tf/5-node/variable.tf: -------------------------------------------------------------------------------- 1 | variable "router_name" { 2 | default = "default" 3 | } 4 | 5 | variable "region" { 6 | default = "us-east1" 7 | } 8 | 9 | variable "zone" { 10 | default = "us-east1-b" 11 | } 12 | 13 | variable "image_name" { 14 | default = "centos-7" 15 | } 16 | 17 | variable "image_project" { 18 | default = "centos-cloud" 19 | } 20 | 21 | variable "machine_type" { 22 | default = "n1-standard-4" 23 | } 24 | 25 | variable "instance_scopes" { 26 | default = [ 27 | "compute-rw", 28 | "storage-ro" 29 | ] 30 | } 31 | 32 | variable "dc_region" { 33 | default = "1" 34 | } 35 | 36 | variable "dc_1_ms_count" { 37 | default = 1 38 | } 39 | 40 | variable "dc_2_ms_count" { 41 | default = 0 42 | } 43 | 44 | variable "dc_1_ds_count" { 45 | default = 3 46 | } 47 | 48 | variable "dc_2_ds_count" { 49 | default = 0 50 | } 51 | 52 | variable "dc_1_rmp_count" { 53 | default = 2 54 | } 55 | 56 | variable "dc_2_rmp_count" { 57 | default = 0 58 | } 59 | 60 | variable "dc_1_qpid_count" { 61 | default = 2 62 | } 63 | 64 | variable "dc_2_qpid_count" { 65 | default = 0 66 | } 67 | 68 | variable "dc_1_pg_only_count" { 69 | default = 1 70 | } 71 | 72 | variable "dc_1_pgmaster_count" { 73 | default = 0 74 | } 75 | 76 | variable "dc_1_pgstandby_count" { 77 | default = 0 78 | } 79 | 80 | variable "dc_2_pgstandby_count" { 81 | default = 0 82 | } 83 | 84 | variable "credentials_file" { 85 | default = "~/.apigee-secure/sandbox/sandbox-default-service-account.json" 86 | } 87 | 88 | variable "gcp_project_name" { 89 | default = "sandbox-173316" 90 | } 91 | 92 | variable "service_account_email" { 93 | default = "736255665193-compute@developer.gserviceaccount.com" 94 | } 95 | 96 | variable "nat_dc_2_count" { 97 | default = "0" 98 | } -------------------------------------------------------------------------------- /infrastructure/gce-management/apigee-edge-tf/aio/main.tf: -------------------------------------------------------------------------------- 1 | # Create the apigeenet network 2 | data "google_compute_network" "apigeenet" { 3 | name = "default" 4 | } 5 | 6 | # Create the apigeenet router 7 | resource "google_compute_router" "apigeenet-router" { 8 | name = "apigeenet-router" 9 | network = "${data.google_compute_network.apigeenet.self_link}" 10 | } 11 | 12 | # Create the gateway nat for the apigeenet-subnet-router 13 | resource "google_compute_router_nat" "apigeenet-subnet-nat" { 14 | name = "apigeenet-subnet-nat" 15 | router = "${google_compute_router.apigeenet-router.name}" 16 | region = "${var.region}" 17 | nat_ip_allocate_option = "AUTO_ONLY" 18 | source_subnetwork_ip_ranges_to_nat = "ALL_SUBNETWORKS_ALL_IP_RANGES" 19 | } 20 | 21 | module "configure_firewall_apigeenet_allow_mgmt_ui" { 22 | source = "../modules/apigeenet-firewalls-protocol-with-ports" 23 | firewall_name = "mgmt-ui" 24 | firewall_source_tags = ["mgmt-ui"] 25 | firewall_network = "${data.google_compute_network.apigeenet.self_link}" 26 | firewall_protocol = "tcp" 27 | firewall_ports = ["9000", "80", "8080", "9001"] 28 | firewall_source_ranges = ["10.0.0.0/8"] 29 | } 30 | 31 | module "configure_firewall_apigeenet_allow_icmp" { 32 | source = "../modules/apigeenet-firewalls-protocol-only" 33 | firewall_name = "apigeenet-allow-icmp" 34 | firewall_network = "${data.google_compute_network.apigeenet.self_link}" 35 | firewall_protocol = "icmp" 36 | firewall_source_ranges = ["10.0.0.0/8"] 37 | } 38 | 39 | module "configure_firewall_apigeenet_allow_ssh" { 40 | source = "../modules/apigeenet-firewalls-protocol-with-ports" 41 | firewall_name = "apigeenet-allow-ssh" 42 | firewall_source_tags = ["apigeenet-allow-ssh"] 43 | firewall_network = "${data.google_compute_network.apigeenet.self_link}" 44 | firewall_protocol = "tcp" 45 | firewall_ports = ["22"] 46 | firewall_source_ranges = ["10.0.0.0/8"] 47 | } 48 | 49 | module "configure_firewall_apigeenet_allow_ssh_public" { 50 | source = "../modules/apigeenet-firewalls-protocol-with-ports" 51 | firewall_name = "public-allow-ssh" 52 | firewall_source_tags = ["public-allow-ssh"] 53 | firewall_network = "${data.google_compute_network.apigeenet.self_link}" 54 | firewall_protocol = "tcp" 55 | firewall_ports = ["22"] 56 | firewall_source_ranges = ["0.0.0.0/0"] 57 | } 58 | 59 | resource "google_compute_instance" "bastion_instance" { 60 | name = "apigee-bastion" 61 | zone = "${var.zone}" 62 | machine_type = "${var.machine_type}" 63 | tags = ["apigeenet-allow-icmp", "public-allow-ssh"] 64 | 65 | boot_disk { 66 | initialize_params { 67 | image = "${var.image_name}" 68 | size = 60 69 | } 70 | } 71 | 72 | network_interface { 73 | network = "${data.google_compute_network.apigeenet.self_link}" 74 | 75 | access_config = {} 76 | } 77 | 78 | service_account { 79 | email = "${var.service_account_email}" 80 | scopes = "${var.instance_scopes}" 81 | } 82 | } 83 | 84 | resource "google_compute_instance" "aio_instance" { 85 | name = "planet-aio" 86 | zone = "${var.zone}" 87 | machine_type = "${var.machine_type}" 88 | tags = ["mgmt-ui", "http-server", "apigeenet-allow-icmp", "apigeenet-allow-ssh"] 89 | 90 | boot_disk { 91 | initialize_params { 92 | image = "${var.image_name}" 93 | size = 250 94 | } 95 | } 96 | 97 | network_interface { 98 | network = "${data.google_compute_network.apigeenet.self_link}" 99 | } 100 | } 101 | -------------------------------------------------------------------------------- /infrastructure/gce-management/apigee-edge-tf/aio/output.tf: -------------------------------------------------------------------------------- 1 | output "apigeenet_self_link" { 2 | value = "${data.google_compute_network.apigeenet.self_link}" 3 | } 4 | 5 | output "bastion_ip" { 6 | value = "${google_compute_instance.bastion_instance.network_interface.0.network_ip}" 7 | } 8 | -------------------------------------------------------------------------------- /infrastructure/gce-management/apigee-edge-tf/aio/provider.tf: -------------------------------------------------------------------------------- 1 | provider "google" { 2 | credentials = "${file(var.credentials_file)}" 3 | project = "${var.gcp_project_name}" 4 | region = "${var.region}" 5 | } 6 | -------------------------------------------------------------------------------- /infrastructure/gce-management/apigee-edge-tf/aio/variable.tf: -------------------------------------------------------------------------------- 1 | variable "router_name" { 2 | default = "default" 3 | } 4 | 5 | variable "region" { 6 | default = "" 7 | // default = "us-east1" 8 | } 9 | 10 | variable "zone" { 11 | default = "" 12 | // default = "us-east1-b" 13 | } 14 | 15 | variable "image_name" { 16 | default = "centos-7" 17 | } 18 | 19 | variable "image_project" { 20 | default = "centos-cloud" 21 | } 22 | 23 | variable "machine_type" { 24 | default = "n1-standard-4" 25 | } 26 | 27 | variable "instance_scopes" { 28 | default = ["compute-rw", "storage-ro"] 29 | } 30 | 31 | 32 | variable "credentials_file" { 33 | // default = "~/.apigee-secure/sandbox-1f5fb288d552.json" 34 | default = "" 35 | } 36 | 37 | variable "gcp_project_name" { 38 | // default = "sandbox-173316" 39 | default = "" 40 | } 41 | 42 | variable "service_account_email" { 43 | // default = "736255665193-compute@developer.gserviceaccount.com" 44 | default = "" 45 | } 46 | -------------------------------------------------------------------------------- /infrastructure/gce-management/apigee-edge-tf/dc-2/output.tf: -------------------------------------------------------------------------------- 1 | output "apigeenet_self_link" { 2 | value = "${google_compute_network.apigeenet.self_link}" 3 | } 4 | 5 | //output "bastion_private_ip" { 6 | // value = "${module.apigee-bastion-vm.private_ip}" 7 | //} 8 | // 9 | //output "bastion_public_ip" { 10 | // value = "${module.apigee-bastion-vm.public_ip}" 11 | //} 12 | 13 | -------------------------------------------------------------------------------- /infrastructure/gce-management/apigee-edge-tf/dc-2/provider.tf: -------------------------------------------------------------------------------- 1 | provider "google" { 2 | credentials = "${file(var.credentials_file)}" 3 | project = "${var.gcp_project_name}" 4 | region = "${var.region}" 5 | } 6 | -------------------------------------------------------------------------------- /infrastructure/gce-management/apigee-edge-tf/dc-2/variable.tf: -------------------------------------------------------------------------------- 1 | variable "router_name" { 2 | default = "default" 3 | } 4 | 5 | variable "region" { 6 | default = "us-east1" 7 | } 8 | 9 | variable "zone" { 10 | default = "us-east1-b" 11 | } 12 | 13 | variable "image_name" { 14 | default = "centos-7" 15 | } 16 | 17 | variable "image_project" { 18 | default = "centos-cloud" 19 | } 20 | 21 | variable "machine_type" { 22 | default = "n1-standard-4" 23 | } 24 | 25 | variable "instance_scopes" { 26 | default = [ 27 | "compute-rw", 28 | "storage-ro" 29 | ] 30 | } 31 | 32 | variable "dc_region" { 33 | default = "1" 34 | } 35 | 36 | variable "ms_name" { } 37 | variable "ms_count" { 38 | default = 1 39 | } 40 | 41 | variable "ds_name" {} 42 | 43 | variable "ds_count" { 44 | default = 3 45 | } 46 | 47 | variable "rmp_name" {} 48 | 49 | variable "rmp_count" { 50 | default = 2 51 | } 52 | 53 | variable "qpid_name" {} 54 | 55 | variable "qpid_count" { 56 | default = 2 57 | } 58 | 59 | variable "pg_only_name" {} 60 | 61 | variable "pg_only_count" { 62 | default = 1 63 | } 64 | 65 | variable "pgmaster_name" {} 66 | 67 | variable "pgmaster_count" { 68 | default = 0 69 | } 70 | 71 | variable "pgstandby_name" {} 72 | 73 | variable "pgstandby_count" { 74 | default = 0 75 | } 76 | 77 | variable "dev_portal_name" {} 78 | 79 | variable "dev_portal_count" { 80 | default = 0 81 | } 82 | 83 | variable "credentials_file" { 84 | // default = "~/.apigee-secure/sandbox/sandbox-default-service-account.json" 85 | // default = "~/.apigee-secure/fedex-pilot/fedex-pilot-apigee-service-account.json" 86 | } 87 | 88 | variable "gcp_project_name" { 89 | // default = "sandbox-173316" 90 | // default = "fedex-pilot" 91 | } 92 | 93 | variable "service_account_email" { 94 | // default = "736255665193-compute@developer.gserviceaccount.com" 95 | // default = "apigee@fedex-pilot.iam.gserviceaccount.com" 96 | } 97 | 98 | variable "nat_dc_2_count" { 99 | default = "0" 100 | } -------------------------------------------------------------------------------- /infrastructure/gce-management/apigee-edge-tf/dc-3/output.tf: -------------------------------------------------------------------------------- 1 | output "apigeenet_self_link" { 2 | value = "${google_compute_network.apigeenet.self_link}" 3 | } 4 | 5 | //output "bastion_private_ip" { 6 | // value = "${module.apigee-bastion-vm.private_ip}" 7 | //} 8 | // 9 | //output "bastion_public_ip" { 10 | // value = "${module.apigee-bastion-vm.public_ip}" 11 | //} 12 | 13 | -------------------------------------------------------------------------------- /infrastructure/gce-management/apigee-edge-tf/dc-3/provider.tf: -------------------------------------------------------------------------------- 1 | provider "google" { 2 | credentials = "${file(var.credentials_file)}" 3 | project = "${var.gcp_project_name}" 4 | region = "${var.region}" 5 | } 6 | -------------------------------------------------------------------------------- /infrastructure/gce-management/apigee-edge-tf/dc-3/variable.tf: -------------------------------------------------------------------------------- 1 | variable "router_name" { 2 | default = "default" 3 | } 4 | 5 | variable "region" { 6 | default = "us-east1" 7 | } 8 | 9 | variable "zone" { 10 | default = "us-east1-b" 11 | } 12 | 13 | variable "image_name" { 14 | default = "centos-7" 15 | } 16 | 17 | variable "image_project" { 18 | default = "centos-cloud" 19 | } 20 | 21 | variable "machine_type" { 22 | default = "n1-standard-4" 23 | } 24 | 25 | variable "instance_scopes" { 26 | default = [ 27 | "compute-rw", 28 | "storage-ro" 29 | ] 30 | } 31 | 32 | variable "dc_region" { 33 | default = "1" 34 | } 35 | 36 | variable "ms_name" { } 37 | variable "ms_count" { 38 | default = 1 39 | } 40 | 41 | variable "ds_name" {} 42 | 43 | variable "ds_count" { 44 | default = 3 45 | } 46 | 47 | variable "rmp_name" {} 48 | 49 | variable "rmp_count" { 50 | default = 2 51 | } 52 | 53 | variable "qpid_name" {} 54 | 55 | variable "qpid_count" { 56 | default = 2 57 | } 58 | 59 | variable "pg_only_name" {} 60 | 61 | variable "pg_only_count" { 62 | default = 1 63 | } 64 | 65 | variable "pgmaster_name" {} 66 | 67 | variable "pgmaster_count" { 68 | default = 0 69 | } 70 | 71 | variable "pgstandby_name" {} 72 | 73 | variable "pgstandby_count" { 74 | default = 0 75 | } 76 | 77 | variable "dev_portal_name" {} 78 | 79 | variable "dev_portal_count" { 80 | default = 0 81 | } 82 | 83 | variable "credentials_file" { 84 | // default = "~/.apigee-secure/sandbox/sandbox-default-service-account.json" 85 | // default = "~/.apigee-secure/fedex-pilot/fedex-pilot-apigee-service-account.json" 86 | } 87 | 88 | variable "gcp_project_name" { 89 | // default = "sandbox-173316" 90 | // default = "fedex-pilot" 91 | } 92 | 93 | variable "service_account_email" { 94 | // default = "736255665193-compute@developer.gserviceaccount.com" 95 | // default = "apigee@fedex-pilot.iam.gserviceaccount.com" 96 | } 97 | 98 | variable "nat_dc_2_count" { 99 | default = "0" 100 | } -------------------------------------------------------------------------------- /infrastructure/gce-management/apigee-edge-tf/dev/output.tf: -------------------------------------------------------------------------------- 1 | output "apigeenet_self_link" { 2 | value = "${google_compute_network.apigeenet.self_link}" 3 | } 4 | 5 | //output "bastion_private_ip" { 6 | // value = "${module.apigee-bastion-vm.private_ip}" 7 | //} 8 | // 9 | //output "bastion_public_ip" { 10 | // value = "${module.apigee-bastion-vm.public_ip}" 11 | //} 12 | 13 | -------------------------------------------------------------------------------- /infrastructure/gce-management/apigee-edge-tf/dev/provider.tf: -------------------------------------------------------------------------------- 1 | provider "google" { 2 | credentials = "${file(var.credentials_file)}" 3 | project = "${var.gcp_project_name}" 4 | region = "${var.region}" 5 | } 6 | -------------------------------------------------------------------------------- /infrastructure/gce-management/apigee-edge-tf/dev/variable.tf: -------------------------------------------------------------------------------- 1 | variable "router_name" { 2 | default = "default" 3 | } 4 | 5 | variable "region" { 6 | default = "us-east1" 7 | } 8 | 9 | variable "zone" { 10 | default = "us-east1-b" 11 | } 12 | 13 | variable "image_name" { 14 | default = "centos-7" 15 | } 16 | 17 | variable "image_project" { 18 | default = "centos-cloud" 19 | } 20 | 21 | variable "machine_type" { 22 | default = "n1-standard-4" 23 | } 24 | 25 | variable "instance_scopes" { 26 | default = [ 27 | "compute-rw", 28 | "storage-ro" 29 | ] 30 | } 31 | 32 | variable "dc_region" { 33 | default = "1" 34 | } 35 | 36 | variable "ms_name" { } 37 | variable "ms_count" { 38 | default = 1 39 | } 40 | 41 | variable "ds_name" {} 42 | 43 | variable "ds_count" { 44 | default = 0 45 | } 46 | 47 | variable "rmp_name" {} 48 | 49 | variable "rmp_count" { 50 | default = 0 51 | } 52 | 53 | variable "qpid_name" {} 54 | 55 | variable "qpid_count" { 56 | default = 0 57 | } 58 | 59 | variable "pg_only_name" {} 60 | 61 | variable "pg_only_count" { 62 | default = 0 63 | } 64 | 65 | variable "pgmaster_name" {} 66 | 67 | variable "pgmaster_count" { 68 | default = 0 69 | } 70 | 71 | variable "pgstandby_name" {} 72 | 73 | variable "pgstandby_count" { 74 | default = 0 75 | } 76 | 77 | variable "dev_portal_name" {} 78 | 79 | variable "dev_portal_count" { 80 | default = 0 81 | } 82 | 83 | variable "credentials_file" { } 84 | 85 | variable "gcp_project_name" { } 86 | 87 | variable "service_account_email" {} 88 | -------------------------------------------------------------------------------- /infrastructure/gce-management/apigee-edge-tf/example-pilot/output.tf: -------------------------------------------------------------------------------- 1 | output "apigeenet_self_link" { 2 | value = "${google_compute_network.apigeenet.self_link}" 3 | } 4 | 5 | //output "bastion_private_ip" { 6 | // value = "${module.apigee-bastion-vm.private_ip}" 7 | //} 8 | // 9 | //output "bastion_public_ip" { 10 | // value = "${module.apigee-bastion-vm.public_ip}" 11 | //} 12 | 13 | -------------------------------------------------------------------------------- /infrastructure/gce-management/apigee-edge-tf/example-pilot/provider.tf: -------------------------------------------------------------------------------- 1 | provider "google" { 2 | credentials = "${file(var.credentials_file)}" 3 | project = "${var.gcp_project_name}" 4 | region = "${var.dc_1_gcp_region}" 5 | } 6 | -------------------------------------------------------------------------------- /infrastructure/gce-management/apigee-edge-tf/modules/apigeenet-firewalls-protocol-only/main.tf: -------------------------------------------------------------------------------- 1 | # Add a firewall rule to allow HTTP, SSH, and RDP traffic on apigeenet 2 | resource "google_compute_firewall" "apigeenet-allow-firewall-protocol-only" { 3 | name = "${var.firewall_name}" 4 | network = "${var.firewall_network}" 5 | 6 | source_ranges = "${var.firewall_source_ranges}" 7 | 8 | allow { 9 | protocol = "${var.firewall_protocol}" 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /infrastructure/gce-management/apigee-edge-tf/modules/apigeenet-firewalls-protocol-only/variables.tf: -------------------------------------------------------------------------------- 1 | variable "firewall_name" {} 2 | variable "firewall_network" {} 3 | 4 | variable "firewall_source_ranges" { 5 | type = "list" 6 | } 7 | 8 | variable "firewall_protocol" {} 9 | 10 | -------------------------------------------------------------------------------- /infrastructure/gce-management/apigee-edge-tf/modules/apigeenet-firewalls-protocol-with-ports/main.tf: -------------------------------------------------------------------------------- 1 | resource "google_compute_firewall" "apigeenet-allow-firewall-ports" { 2 | name = "${var.firewall_name}" 3 | count = "${length(var.firewall_ports) > 0 ? 1 : 0}" 4 | network = "${var.firewall_network}" 5 | 6 | source_ranges = "${var.firewall_source_ranges}" 7 | source_tags = "${var.firewall_source_tags}" 8 | 9 | allow { 10 | protocol = "${var.firewall_protocol}" 11 | ports = "${var.firewall_ports}" 12 | } 13 | } 14 | -------------------------------------------------------------------------------- /infrastructure/gce-management/apigee-edge-tf/modules/apigeenet-firewalls-protocol-with-ports/variables.tf: -------------------------------------------------------------------------------- 1 | variable "firewall_name" {} 2 | variable "firewall_network" {} 3 | 4 | variable "firewall_source_ranges" { 5 | type = "list" 6 | } 7 | 8 | variable "firewall_protocol" {} 9 | 10 | variable "firewall_ports" { 11 | default = [] 12 | } 13 | 14 | variable "firewall_source_tags" { 15 | type = "list" 16 | } 17 | 18 | -------------------------------------------------------------------------------- /infrastructure/gce-management/apigee-edge-tf/modules/apigeenet-instance-group-manager/main.tf: -------------------------------------------------------------------------------- 1 | resource "google_compute_region_instance_group_manager" "apigeenet-ms-group-instance" { 2 | name = "${var.group_manager_name}" 3 | base_instance_name = "${google_compute_instance_template.apigeenet-base-instance-template.name}" 4 | region = "${var.instance_region}" 5 | instance_template = "${google_compute_instance_template.apigeenet-base-instance-template.self_link}" 6 | distribution_policy_zones = "${var.instance_distribution_policy_zones}" 7 | target_size = "${var.instance_count}" 8 | 9 | named_port { 10 | name = "${var.group_manager_port_name}" 11 | port = "${var.group_manager_port}" 12 | } 13 | } 14 | 15 | resource "google_compute_instance_template" "apigeenet-base-instance-template" { 16 | name = "${var.instance_name}" 17 | machine_type = "${var.machine_type}" 18 | can_ip_forward = false 19 | tags = "${var.instance_tags}" 20 | 21 | network_interface { 22 | network = "${var.instance_network}" 23 | 24 | } 25 | 26 | disk { 27 | auto_delete = true 28 | boot = true 29 | 30 | source_image = "${data.google_compute_image.apigeenet-base-system-image.self_link}" 31 | disk_size_gb = "${var.instance_size}" 32 | disk_type = "pd-ssd" 33 | } 34 | } 35 | 36 | data "google_compute_image" "apigeenet-base-system-image" { 37 | name = "centos-7-v20190423" 38 | project = "centos-cloud" 39 | } 40 | -------------------------------------------------------------------------------- /infrastructure/gce-management/apigee-edge-tf/modules/apigeenet-instance-group-manager/output.tf: -------------------------------------------------------------------------------- 1 | output "instance_group" { 2 | value = "${google_compute_region_instance_group_manager.apigeenet-ms-group-instance.name}" 3 | } 4 | -------------------------------------------------------------------------------- /infrastructure/gce-management/apigee-edge-tf/modules/apigeenet-instance-group-manager/variable.tf: -------------------------------------------------------------------------------- 1 | variable "instance_name" {} 2 | 3 | variable "group_manager_name" {} 4 | 5 | variable "instance_network" {} 6 | 7 | variable "instance_size" { 8 | default = 60 9 | } 10 | 11 | variable "instance_count" { 12 | default = 1 13 | } 14 | 15 | variable "instance_region" { 16 | default = "us-east1" 17 | } 18 | 19 | variable "instance_distribution_policy_zones" { 20 | default = ["us-east1-b"] 21 | } 22 | 23 | variable "group_manager_port" {} 24 | variable "group_manager_port_name" {} 25 | 26 | variable "instance_tags" { 27 | default = [] 28 | } 29 | 30 | variable "machine_type" { 31 | default = "n1-standard-1" 32 | } 33 | 34 | //variable "ip_address" {} 35 | 36 | -------------------------------------------------------------------------------- /infrastructure/gce-management/apigee-edge-tf/modules/external-instance/main.tf: -------------------------------------------------------------------------------- 1 | resource "google_compute_instance" "vm_instance" { 2 | name = "${var.instance_name}" 3 | zone = "${var.instance_zone}" 4 | machine_type = "${var.instance_type}" 5 | tags = "${var.instance_tags}" 6 | labels = { 7 | g-on-g-notify-ignore = true 8 | } 9 | 10 | 11 | boot_disk { 12 | initialize_params { 13 | image = "${var.instance_image}" 14 | size = "${var.instance_disk_size}" 15 | } 16 | } 17 | 18 | network_interface { 19 | network = "${var.instance_network}" 20 | access_config {} 21 | } 22 | 23 | service_account { 24 | email = "${var.service_account_email}" 25 | scopes = "${var.instance_scopes}" 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /infrastructure/gce-management/apigee-edge-tf/modules/external-instance/output.tf: -------------------------------------------------------------------------------- 1 | 2 | //output "private_ip" { 3 | // value = "${google_compute_instance.vm_instance.network_interface.0.network_ip}" 4 | //} 5 | 6 | //output "public_ip" { 7 | // value = "${google_compute_instance.vm_instance.network_interface.network_ip}" 8 | //} 9 | -------------------------------------------------------------------------------- /infrastructure/gce-management/apigee-edge-tf/modules/external-instance/variable.tf: -------------------------------------------------------------------------------- 1 | variable "instance_name" {} 2 | variable "instance_zone" {} 3 | 4 | variable "instance_image" { 5 | default = "centos-7" 6 | } 7 | 8 | variable "instance_type" { 9 | default = "n1-standard-1" 10 | } 11 | 12 | variable "instance_network" {} 13 | 14 | variable "instance_tags" { 15 | default = [] 16 | } 17 | 18 | variable "instance_external_ip" { 19 | default = "" 20 | } 21 | 22 | variable "instance_scopes" { 23 | default = [] 24 | } 25 | 26 | variable "service_account_email" { 27 | default = "" 28 | } 29 | 30 | variable "instance_disk_size" { 31 | default = 100 32 | } 33 | 34 | //variable "instance_labels" { 35 | // default = { 36 | // g-on-g-notify-ignore = "" 37 | // } 38 | //} 39 | -------------------------------------------------------------------------------- /infrastructure/gce-management/apigee-edge-tf/modules/infrastructure/output.tf: -------------------------------------------------------------------------------- 1 | output "apigeenet_self_link" { 2 | value = "${google_compute_network.apigeenet.self_link}" 3 | } 4 | -------------------------------------------------------------------------------- /infrastructure/gce-management/apigee-edge-tf/modules/infrastructure/provider.tf: -------------------------------------------------------------------------------- 1 | provider "google" { 2 | credentials = "${file(var.credentials_file)}" 3 | project = "${var.gcp_project_name}" 4 | region = "${var.region}" 5 | } 6 | -------------------------------------------------------------------------------- /infrastructure/gce-management/apigee-edge-tf/modules/infrastructure/variable.tf: -------------------------------------------------------------------------------- 1 | variable "region" {} 2 | 3 | variable "zone" {} 4 | 5 | variable "credentials_file" {} 6 | 7 | variable "gcp_project_name" {} -------------------------------------------------------------------------------- /infrastructure/gce-management/apigee-edge-tf/modules/internal-instance/main.tf: -------------------------------------------------------------------------------- 1 | resource "google_compute_instance" "vm_instance" { 2 | count = "${var.instance_count}" 3 | name = "${var.instance_name}-${count.index + 1}" 4 | zone = "${var.instance_zone}" 5 | machine_type = "${var.instance_type}" 6 | tags = "${var.instance_tags}" 7 | labels = { 8 | g-on-g-notify-ignore = true 9 | } 10 | 11 | boot_disk { 12 | initialize_params { 13 | image = "${var.instance_image}" 14 | size = "${var.instance_disk_size}" 15 | type = "${var.instance_disk_type}" 16 | } 17 | } 18 | 19 | network_interface { 20 | network = "${var.instance_network}" 21 | } 22 | allow_stopping_for_update = true 23 | } 24 | 25 | //data "google_compute_image" "apigeenet-ms-compute-image" { 26 | //// name = "centos-7-v20190423" 27 | // name = "centos-7-v20191210" 28 | // project = "centos-cloud" 29 | //} 30 | -------------------------------------------------------------------------------- /infrastructure/gce-management/apigee-edge-tf/modules/internal-instance/variable.tf: -------------------------------------------------------------------------------- 1 | variable "instance_name" {} 2 | variable "instance_zone" {} 3 | 4 | variable "instance_image" { 5 | default = "centos-7" 6 | } 7 | 8 | variable "instance_type" { 9 | default = "n1-standard-1" 10 | } 11 | 12 | variable "instance_network" {} 13 | 14 | variable "instance_tags" { 15 | default = [] 16 | } 17 | 18 | variable "instance_external_ip" { 19 | default = "" 20 | } 21 | 22 | variable "instance_disk_size" { 23 | default = 100 24 | } 25 | variable "instance_disk_type" { 26 | default = "pd-standard" 27 | } 28 | 29 | variable "instance_count" { 30 | default = 1 31 | } -------------------------------------------------------------------------------- /infrastructure/gce-management/apigee-edge-tf/prod/output.tf: -------------------------------------------------------------------------------- 1 | output "apigeenet_self_link" { 2 | value = "${google_compute_network.apigeenet.self_link}" 3 | } 4 | 5 | //output "instance_group" { 6 | // value = "${google_compute_region_instance_group_manager.apigeenet-ms-group-instance.instance_group}" 7 | //} 8 | // 9 | //output "bastion_private_ip" { 10 | // value = "${module.apigee-bastion-vm.private_network_ip}" 11 | //} 12 | // 13 | //output "bastion_public_ip" { 14 | // value = "${module.apigee-bastion-vm.public_network_ip}" 15 | //} 16 | -------------------------------------------------------------------------------- /infrastructure/gce-management/apigee-edge-tf/prod/provider.tf: -------------------------------------------------------------------------------- 1 | provider "google" { 2 | credentials = "${file(var.credentials_file)}" 3 | project = "${var.gcp_project_name}" 4 | region = "${var.region}" 5 | } 6 | -------------------------------------------------------------------------------- /infrastructure/gce-management/apigee-edge-tf/prod/variable.tf: -------------------------------------------------------------------------------- 1 | variable "apigee_ms_ui_port" { 2 | default = "9000" 3 | } 4 | 5 | variable "apigee_ms_api_port" { 6 | default = "8080" 7 | } 8 | 9 | variable "apigee_ms_api_port_name" { 10 | default = "ui_port_name" 11 | } 12 | 13 | variable "apigee_ms_ui_port_name" { 14 | default = "ui_port_name" 15 | } 16 | 17 | variable "router_name" { 18 | default = "default" 19 | } 20 | 21 | variable "region" { 22 | default = "" 23 | // default = "us-east1" 24 | } 25 | 26 | variable "zone" { 27 | default = "" 28 | // default = "us-east1-b" 29 | } 30 | 31 | variable "image_name" { 32 | default = "centos-7" 33 | } 34 | 35 | variable "image_project" { 36 | default = "centos-cloud" 37 | } 38 | 39 | variable "machine_type" { 40 | default = "n1-standard-4" 41 | } 42 | 43 | variable "instance_scopes" { 44 | default = ["compute-rw", "storage-ro"] 45 | } 46 | 47 | variable "dc_region" { 48 | default = "1" 49 | } 50 | 51 | variable "dc_1_ms_count" { 52 | default = 1 53 | } 54 | 55 | variable "dc_2_ms_count" { 56 | default = 0 57 | } 58 | 59 | variable "dc_1_ds_count" { 60 | default = 3 61 | } 62 | 63 | variable "dc_2_ds_count" { 64 | default = 0 65 | } 66 | 67 | variable "dc_1_rmp_count" { 68 | default = 2 69 | } 70 | 71 | variable "dc_2_rmp_count" { 72 | default = 0 73 | } 74 | 75 | variable "dc_1_qpid_count" { 76 | default = 2 77 | } 78 | 79 | variable "dc_2_qpid_count" { 80 | default = 0 81 | } 82 | 83 | variable "dc_1_pgstandby_count" { 84 | default = 0 85 | } 86 | 87 | variable "dc_2_pgstandby_count" { 88 | default = 0 89 | } 90 | 91 | variable "credentials_file" { 92 | // default = "~/.apigee-secure/sandbox-1f5fb288d552.json" 93 | default = "" 94 | } 95 | 96 | variable "gcp_project_name" { 97 | // default = "sandbox-173316" 98 | default = "" 99 | } 100 | 101 | variable "service_account_email" { 102 | // default = "736255665193-compute@developer.gserviceaccount.com" 103 | default = "" 104 | } 105 | -------------------------------------------------------------------------------- /infrastructure/gce-management/apigee-edge-tf/sandbox-pilot/output.tf: -------------------------------------------------------------------------------- 1 | output "apigeenet_self_link" { 2 | value = "${google_compute_network.apigeenet.self_link}" 3 | } 4 | 5 | //output "bastion_private_ip" { 6 | // value = "${module.apigee-bastion-vm.private_ip}" 7 | //} 8 | // 9 | //output "bastion_public_ip" { 10 | // value = "${module.apigee-bastion-vm.public_ip}" 11 | //} 12 | 13 | -------------------------------------------------------------------------------- /infrastructure/gce-management/apigee-edge-tf/sandbox-pilot/provider.tf: -------------------------------------------------------------------------------- 1 | provider "google" { 2 | credentials = "${file(var.credentials_file)}" 3 | project = "${var.gcp_project_name}" 4 | region = "${var.dc_1_gcp_region}" 5 | } 6 | -------------------------------------------------------------------------------- /infrastructure/gce-management/gce-ansible-config.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Create SSH Private Key File From SA Account File 3 | hosts: localhost 4 | gather_facts: no 5 | 6 | vars: 7 | service_account: "{{ lookup('file', credentials_file) }}" 8 | ssh_private_key: "{{ service_account['private_key'] }}" 9 | project_id: "{{ service_account['project_id'] }}" 10 | service_account_email: "{{ service_account['client_email'] }}" 11 | 12 | tasks: 13 | - name: Create project inventory folder 14 | tags: ['gce-ini'] 15 | file: 16 | path: "{{ item }}" 17 | state: directory 18 | with_items: 19 | - 'generated/inventory' 20 | - 'generated/ssh' 21 | 22 | - name: Generate default ssh key file name 23 | set_fact: 24 | default_ssh_private_key_file: "generated/ssh/{{ project_id }}-ssh.pem" 25 | when: ssh_private_key_file is not defined 26 | 27 | - name: Save private key to file 28 | tags: ['ssh'] 29 | copy: 30 | dest: "{{ ssh_private_key_file | default(default_ssh_private_key_file) }}" 31 | content: "{{ ssh_private_key }}" 32 | remote_src: no 33 | mode: 0400 34 | register: ssh_pem 35 | 36 | - name: Obtain ssh private key file name 37 | set_fact: 38 | ssh_private_key_file: "{{ ssh_pem.path }}" 39 | 40 | - name: Prepare the gce.ini file 41 | tags: ['gce-ini'] 42 | template: 43 | src: templates/gce.ini.j2 44 | dest: "generated/inventory/{{ project_id }}-gce.ini" 45 | 46 | 47 | -------------------------------------------------------------------------------- /infrastructure/gce-management/gce-dependencies.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Install GCE Dependencies 3 | hosts: localhost 4 | connection: local 5 | become: yes 6 | 7 | tasks: 8 | - name: Install or Remove GCE Dependencies based on state requested 9 | pip: 10 | name: "{{ item }}" 11 | state: "{{ state | default('present') }}" 12 | with_items: 13 | - apache-libcloud 14 | - pyopenssl 15 | - pycrypto 16 | - crypto 17 | - google-api-python-client 18 | - google-auth 19 | - google-auth-httplib2 20 | 21 | -------------------------------------------------------------------------------- /infrastructure/gce-management/gce-dynamic/create-bastion-host.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: create a bastion disk 3 | tags: ['instances', 'bastion', 'disks'] 4 | gcp_compute_disk: 5 | name: '{{ name_instance }}-bastion-disk' 6 | size_gb: "{{ bastion_disk_size | default(disk_size) }}" 7 | source_image: '{{ disk_source_image }}' 8 | zone: "{{ gcp_zone }}" 9 | project: "{{ gcp_project }}" 10 | auth_kind: "{{ gcp_auth_kind }}" 11 | service_account_file: "{{ gcp_service_account_file }}" 12 | scopes: 13 | - "{{ scope_compute }}" 14 | state: present 15 | register: bastion_disk 16 | 17 | - name: create a bastion host 18 | tags: ['instances', 'bastion'] 19 | gcp_compute_instance: 20 | name: "apigee-bastion" 21 | state: present 22 | machine_type: "{{ machine_type }}" 23 | disks: 24 | - auto_delete: true 25 | boot: true 26 | source: "{{ bastion_disk }}" 27 | network_interfaces: 28 | - network: "{{ network }}" 29 | access_configs: 30 | - name: 'External NAT' 31 | type: 'ONE_TO_ONE_NAT' 32 | zone: "{{ gcp_zone }}" 33 | project: "{{ gcp_project }}" 34 | auth_kind: "{{ gcp_auth_kind }}" 35 | service_account_file: "{{ gcp_service_account_file }}" 36 | tags: 37 | items: 38 | - "{{ name_instance_network_tag }}" 39 | metadata: 40 | 'startup-script': 'rm -f /etc/sudoers.d/remove-requiretty && echo \"Defaults !requiretty\" >> /etc/sudoers.d/remove-requiretty' 41 | scopes: 42 | - "{{ scope_compute }}" 43 | -------------------------------------------------------------------------------- /infrastructure/gce-management/gce-dynamic/create-instance-literal.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: create a network 3 | gcp_compute_network: 4 | name: apigeenetwork 5 | project: sandbox-173316 6 | auth_kind: serviceaccount 7 | service_account_file: ~/.apigee-secure/sandbox-1f5fb288d552.json 8 | scopes: 9 | - https://www.googleapis.com/auth/compute 10 | state: present 11 | auto_create_subnetworks: yes 12 | register: network 13 | 14 | - name: create firewall rule 15 | gcp_compute_firewall: 16 | name: "allow-ssh" 17 | project: "sandbox-173316" 18 | auth_kind: "serviceaccount" 19 | service_account_file: "~/.apigee-secure/sandbox-1f5fb288d552.json" 20 | state: "present" 21 | target_tags: 22 | - 'allow-ssh' 23 | network: "{{ network.selfLink }}" 24 | allowed: 25 | - ip_protocol: tcp 26 | ports: 22 27 | scopes: 28 | - https://www.googleapis.com/auth/compute 29 | 30 | - name: create a disk 31 | gcp_compute_disk: 32 | name: cf-disk 33 | size_gb: 50 34 | source_image: projects/{{ image_project }}/global/images/family/{{ image_family }} 35 | zone: us-central1-c 36 | project: sandbox-173316 37 | auth_kind: serviceaccount 38 | service_account_file: ~/.apigee-secure/sandbox-1f5fb288d552.json 39 | scopes: 40 | - https://www.googleapis.com/auth/compute 41 | state: present 42 | register: disk 43 | 44 | - name: create an instance 45 | tags: ['instances'] 46 | gcp_compute_instance: 47 | name: cf-1 48 | state: present 49 | machine_type: n1-standard-1 50 | disks: 51 | - auto_delete: true 52 | boot: true 53 | source: "{{ disk }}" 54 | network_interfaces: 55 | - network: "{{ network }}" 56 | access_configs: 57 | - name: external_nat 58 | type: 'ONE_TO_ONE_NAT' 59 | zone: us-central1-c 60 | project: sandbox-173316 61 | auth_kind: serviceaccount 62 | service_account_file: ~/.apigee-secure/sandbox-1f5fb288d552.json 63 | tags: 64 | items: 65 | - allow-ssh 66 | metadata: 67 | 'startup-script': 'rm -f /etc/sudoers.d/remove-requiretty && echo \"Defaults !requiretty\" >> /etc/sudoers.d/remove-requiretty' 68 | scopes: 69 | - https://www.googleapis.com/auth/compute 70 | register: instance 71 | -------------------------------------------------------------------------------- /infrastructure/gce-management/gce-dynamic/create-instance.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: create a disk 3 | tags: ['instances', 'disks'] 4 | gcp_compute_disk: 5 | name: '{{ name_disk }}-{{ sequence }}' 6 | size_gb: "{{ disk_size }}" 7 | source_image: '{{ disk_source_image }}' 8 | zone: "{{ gcp_zone }}" 9 | project: "{{ gcp_project }}" 10 | auth_kind: "{{ gcp_auth_kind }}" 11 | service_account_file: "{{ gcp_service_account_file }}" 12 | scopes: 13 | - "{{ scope_compute }}" 14 | state: present 15 | register: disk 16 | 17 | - name: create an instance 18 | tags: ['instances'] 19 | gcp_compute_instance: 20 | name: "{{ name_instance }}-{{ sequence }}" 21 | state: present 22 | machine_type: "{{ machine_type }}" 23 | disks: 24 | - auto_delete: true 25 | boot: true 26 | source: "{{ disk }}" 27 | network_interfaces: 28 | - network: "{{ network }}" 29 | access_configs: 30 | - name: 'External NAT' 31 | type: 'ONE_TO_ONE_NAT' 32 | zone: "{{ gcp_zone }}" 33 | project: "{{ gcp_project }}" 34 | auth_kind: "{{ gcp_auth_kind }}" 35 | service_account_file: "{{ gcp_service_account_file }}" 36 | tags: 37 | items: 38 | - "{{ name_instance_network_tag }}" 39 | metadata: 40 | 'startup-script': 'rm -f /etc/sudoers.d/remove-requiretty && echo \"Defaults !requiretty\" >> /etc/sudoers.d/remove-requiretty' 41 | scopes: 42 | - "{{ scope_compute }}" 43 | register: instance 44 | 45 | 46 | -------------------------------------------------------------------------------- /infrastructure/gce-management/gce-dynamic/create-template.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Create an instance 3 | hosts: localhost 4 | gather_facts: no 5 | connection: local 6 | vars_files: 7 | - shared-properties.yml 8 | 9 | tasks: 10 | - name: create a network 11 | gcp_compute_network: 12 | name: "{{ network_name_default }}" 13 | project: "{{ gcp_project }}" 14 | auth_kind: "{{ gcp_auth_kind }}" 15 | service_account_file: "{{ gcp_service_account_file }}" 16 | scopes: 17 | - "{{ scope_compute }}" 18 | state: present 19 | register: network 20 | 21 | - name: create firewall rule 22 | gcp_compute_firewall: 23 | name: "{{ name_firewall }}" 24 | project: "{{ gcp_project }}" 25 | auth_kind: "{{ gcp_auth_kind }}" 26 | service_account_file: "{{ gcp_service_account_file }}" 27 | state: present 28 | target_tags: ['{{ name_instance_network_tag }}'] 29 | network: "global/networks/{{ network.name }}" 30 | scopes: 31 | - "{{ scope_compute }}" 32 | allowed: 33 | - ip_protocol: tcp 34 | ports: 35 | - '22' 36 | 37 | - name: create an address 38 | tags: ['ext-addr'] 39 | gcp_compute_address: 40 | name: '{{ name_address }}' 41 | # name: '{{ name_address }}-{{ item }}' 42 | region: "{{ gcp_region }}" 43 | project: "{{ gcp_project }}" 44 | auth_kind: "{{ gcp_auth_kind }}" 45 | service_account_file: "{{ gcp_service_account_file }}" 46 | scopes: 47 | - "{{ scope_compute }}" 48 | state: present 49 | register: address 50 | # with_sequence: start={{ start | default(1) }} end={{ end | default(1) }} 51 | 52 | - name: create an instance template 53 | gcp_compute_instance_template: 54 | name: "{{ name_instance }}-template" 55 | project: "{{ gcp_project }}" 56 | auth_kind: "{{ gcp_auth_kind }}" 57 | service_account_file: "{{ gcp_service_account_file }}" 58 | state: present 59 | scopes: 60 | - "{{ scope_compute }}" 61 | properties: 62 | machine_type: n1-standard-1 63 | disks: 64 | - auto_delete: true 65 | boot: true 66 | initialize_params: 67 | source_image: '{{ disk_source_image }}' 68 | disk_size_gb: 50 69 | network_interfaces: 70 | - network: "{{ network }}" 71 | access_configs: 72 | - name: 'External NAT' 73 | type: 'ONE_TO_ONE_NAT' 74 | nat_ip: "{{ address }}" 75 | register: instance_template 76 | 77 | - name: create an instance 78 | gcp_compute_instance: 79 | name: "{{ name_instance }}-template-created-instance" 80 | state: present 81 | machine_type: n1-standard-1 82 | initialize_params: 83 | source_image: "{{ name_instance }}-template" 84 | zone: "{{ gcp_zone }}" 85 | project: "{{ gcp_project }}" 86 | auth_kind: "{{ gcp_auth_kind }}" 87 | service_account_file: "{{ gcp_service_account_file }}" 88 | tags: 89 | items: 90 | - "{{ name_instance_network_tag }}" 91 | metadata: 92 | test: 'empty' 93 | scopes: 94 | - "{{ scope_compute }}" 95 | register: instance 96 | 97 | 98 | 99 | 100 | -------------------------------------------------------------------------------- /infrastructure/gce-management/gce-dynamic/create.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Create an instance 3 | hosts: localhost 4 | gather_facts: no 5 | connection: local 6 | vars_files: 7 | - shared-properties.yml 8 | 9 | roles: 10 | - { role: apigee-opdk-port-check-settings } 11 | 12 | tasks: 13 | - name: create a network 14 | tags: ['network', 'firewall', 'instances','bastion'] 15 | gcp_compute_network: 16 | name: "{{ network_name }}" 17 | project: "{{ gcp_project }}" 18 | auth_kind: "{{ gcp_auth_kind }}" 19 | service_account_file: "{{ gcp_service_account_file }}" 20 | scopes: 21 | - "{{ scope_compute }}" 22 | state: present 23 | auto_create_subnetworks: yes 24 | register: network 25 | 26 | - name: create firewall rule 27 | tags: ['firewall'] 28 | gcp_compute_firewall: 29 | name: "{{ name_firewall }}-{{ item.port_type }}" 30 | project: "{{ gcp_project }}" 31 | auth_kind: "{{ gcp_auth_kind }}" 32 | service_account_file: "{{ gcp_service_account_file }}" 33 | state: present 34 | network: "{{ network.selfLink }}" 35 | scopes: 36 | - "{{ scope_compute }}" 37 | allowed: 38 | - ip_protocol: tcp 39 | ports: "{{ item.ports }}" 40 | loop: "{{ firewall_ports }}" 41 | 42 | - name: create bastion host 43 | tags: ['instances','bastion'] 44 | include_tasks: create-bastion-host.yml 45 | 46 | - name: create instances 47 | include_tasks: create-instance.yml 48 | with_sequence: start={{ start | default('1') }} end={{ end | default('1') }} 49 | loop_control: 50 | loop_var: sequence 51 | 52 | #- name: create load balancer 53 | #gce_backend_service: 54 | #credentials_file: "{{ gcp_service_account_file }}" 55 | #project_id: "{{ gcp_project }}" 56 | #service_account_email: "friasc@sandbox-173316.iam.gserviceaccount.com" 57 | #backend_service_name: "delete_lb" 58 | #backends: 59 | #- instance_group: "delete-instance-group-1" 60 | #healthchecks: 61 | #- delete-apigee-instance-1 62 | #port_name: myhttpport 63 | #port: 9001 64 | #state: present 65 | 66 | 67 | -------------------------------------------------------------------------------- /infrastructure/gce-management/gce-dynamic/remove.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Remove an instance 3 | hosts: localhost 4 | gather_facts: no 5 | connection: local 6 | vars_files: 7 | - shared-properties.yml 8 | 9 | tasks: 10 | - name: remove an instance 11 | gcp_compute_instance: 12 | name: "{{ name_instance }}" 13 | state: absent 14 | zone: "{{ gcp_zone }}" 15 | project: "{{ gcp_project }}" 16 | auth_kind: "{{ gcp_auth_kind }}" 17 | service_account_file: "{{ gcp_service_account_file }}" 18 | scopes: 19 | - "{{ scope_compute }}" 20 | register: instance 21 | 22 | - name: remove an address 23 | gcp_compute_address: 24 | name: "{{ name_address }}" 25 | region: "{{ gcp_region }}" 26 | project: "{{ gcp_project }}" 27 | auth_kind: "{{ gcp_auth_kind }}" 28 | service_account_file: "{{ gcp_service_account_file }}" 29 | state: absent 30 | scopes: 31 | - "{{ scope_compute }}" 32 | register: address 33 | 34 | - name: remove firewall rule 35 | gcp_compute_firewall: 36 | name: "{{ name_firewall }}" 37 | project: "{{ gcp_project }}" 38 | auth_kind: "{{ gcp_auth_kind }}" 39 | service_account_file: "{{ gcp_service_account_file }}" 40 | state: absent 41 | scopes: 42 | - "{{ scope_compute }}" 43 | 44 | 45 | 46 | 47 | -------------------------------------------------------------------------------- /infrastructure/gce-management/gce-dynamic/requirements.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - src: https://github.com/carlosfrias/apigee-opdk-port-check.git 3 | - src: https://github.com/carlosfrias/apigee-opdk-port-check-settings.git 4 | -------------------------------------------------------------------------------- /infrastructure/gce-management/gce-dynamic/shared-properties.yml: -------------------------------------------------------------------------------- 1 | --- 2 | gcp_project: sandbox-173316 3 | gcp_auth_kind: serviceaccount 4 | gcp_service_account_file: ~/.apigee-secure/sandbox-1f5fb288d552.json 5 | gcp_zone: "us-central1-c" 6 | gcp_region: "us-central1" 7 | network_name: "apigeenetwork" 8 | name_instance: "cf" 9 | name_instance_network_tag: "{{ name_instance }}-network-tag" 10 | name_firewall: "{{ name_instance }}-firewall" 11 | name_address: "{{ name_instance }}-address" 12 | name_disk: "{{ name_instance }}-disk" 13 | scope_compute: "https://www.googleapis.com/auth/compute" 14 | image_project: 'centos-cloud' 15 | #image_project: 'ubuntu-os-cloud' 16 | image_family: 'centos-7' 17 | #image_family: 'ubuntu-1604-lts' 18 | disk_source_image: "projects/{{ image_project }}/global/images/family/{{ image_family }}" 19 | disk_size: 50 20 | bastion_isk_size: 20 21 | machine_type: n1-standard-1 22 | gce_image: 'centos-7' 23 | service_account_email: "friasc@sandbox-173316.iam.gserviceaccount.com" 24 | 25 | firewall_ports: 26 | - { ports: "{{ ms_ports }}", port_type: 'ms' } 27 | - { ports: "{{ router_ports }}", port_type: 'router' } 28 | - { ports: "{{ mp_ports }}", port_type: 'mp' } 29 | - { ports: "{{ zk_ports }}", port_type: 'zk' } 30 | - { ports: "{{ cassandra_ports }}", port_type: 'cs' } 31 | - { ports: "{{ qpid_ports }}", port_type: 'qs' } 32 | - { ports: "{{ pg_ports }}", port_type: 'pg' } 33 | - { ports: "{{ ui_ports }}", port_type: 'ui' } 34 | - { ports: "{{ ldap_ports }}", port_type: 'ldap' } 35 | 36 | address_types: 37 | - 'ms' 38 | - 'router' 39 | -------------------------------------------------------------------------------- /infrastructure/gce-management/gce-properties.yml: -------------------------------------------------------------------------------- 1 | --- 2 | credentials_file: ~/.apigee-secure/edge-ops-lab-e7a48eec6f40.json 3 | disk_size: 50 4 | machine_type: 'n1-standard-2' 5 | external_projects: 'eip-images' 6 | image: 'centos-7' 7 | zone: 'us-east1-b' 8 | host_prefix: 'cf' 9 | #labels: 10 | # carlos: '' 11 | #firewall_tag: 'dev-test' 12 | default_firewall_tags: 13 | - 'default-zkrxups2f6ccnycpl3bokiut' 14 | #- "{{ firewall_tag }}" 15 | -------------------------------------------------------------------------------- /infrastructure/gce-management/gce-remove.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Remove Instance 3 | hosts: localhost 4 | connection: local 5 | strategy: free 6 | 7 | vars: 8 | service_account: "{{ lookup('file', credentials_file) }}" 9 | ssh_private_key: "{{ service_account['private_key'] }}" 10 | project_id: "{{ service_account['project_id'] }}" 11 | service_account_email: "{{ service_account['client_email'] }}" 12 | 13 | vars_files: 14 | - gce-properties.yml 15 | 16 | tasks: 17 | - name: Split instance names 18 | set_fact: 19 | gcp_hostname: "{{ instance_names.split(',') }}" 20 | 21 | - name: Remove instance 22 | gce: 23 | instance_names: "{{ item }}" 24 | zone: "{{ zone }}" 25 | project_id: "{{ project_id }}" 26 | service_account_email: "{{ service_account_email }}" 27 | credentials_file: '{{ credentials_file }}' 28 | state: deleted 29 | with_items: "{{ gcp_hostname }}" 30 | async: 0 31 | poll: 0 32 | # register: gcp_tasks 33 | 34 | # - name: Check remove status 35 | # async_status: 36 | # jid: "{{ gcp_task.ansible_job_id }}" 37 | # loop: "{{ gcp_tasks.results }}" 38 | # loop_control: 39 | # loop_var: "gcp_task" 40 | # register: gcp_task_results 41 | # until: gcp_task_results.finished 42 | # retries: 30 -------------------------------------------------------------------------------- /infrastructure/gce-management/performance-testing/perf-test.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | for i in {1..50}; 4 | do gcloud compute instances create perf-$i --image-family=ubuntu-1804-lts --image-project=gce-uefi-images --preemptible --machine-type=n1-standard-2 --zone=us-central1-a --metadata startup-script='#! /bin/bash 5 | ulimit -n 65535 6 | wget https://storage.googleapis.com/hey-release/hey_linux_amd64 7 | mv hey_linux_amd64 hey 8 | chmod +x hey 9 | export PROXY_ENDPOINT=amer-cs-hybrid-demo13-test.hybrid-apigee.net 10 | export API_KEY=5DiNM3MoV8FnpiJ7iJEQVKQMx4bxTQrm 11 | while ((1)); do ./hey -n 20000 -c 500 https://${PROXY_ENDPOINT}/httpbin/anything?apikey=${API_KEY}; sleep 1; done 12 | EOF' 13 | sleep 10; 14 | done 15 | 16 | -------------------------------------------------------------------------------- /infrastructure/gce-management/pip-requirements.txt: -------------------------------------------------------------------------------- 1 | altgraph 2 | ansible 3 | apache-libcloud 4 | asn1crypto 5 | awscli 6 | backports.ssl-match-hostname 7 | bcrypt 8 | bdist-mpkg 9 | certifi 10 | cffi 11 | chardet 12 | colorama 13 | crypto 14 | cryptography 15 | docker-py 16 | docker-pycreds 17 | docutils 18 | ecdsa 19 | enum34 20 | epdb 21 | futures 22 | get 23 | helper 24 | httplib2 25 | idna 26 | ipaddress 27 | Jinja2 28 | jmespath 29 | kazoo 30 | macholib 31 | MarkupSafe 32 | matplotlib 33 | modulegraph 34 | Naked 35 | ndg-httpsclient 36 | numpy 37 | paramiko 38 | pexpect 39 | post 40 | ptyprocess 41 | public 42 | passlib 43 | py2app 44 | pyasn1 45 | pycparser 46 | pycrypto 47 | PyNaCl 48 | pyOpenSSL 49 | pyparsing 50 | python-dateutil 51 | pytz 52 | PyYAML 53 | query-string 54 | requests 55 | rsa 56 | s3transfer 57 | scipy 58 | shellescape 59 | simplejson 60 | six 61 | urllib3 62 | virtualenv 63 | websocket-client 64 | xattr 65 | zope.interface -------------------------------------------------------------------------------- /infrastructure/gce-management/templates/gce.ini.j2: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # Copyright 2013 Google Inc. 3 | # 4 | # This file is part of Ansible 5 | # 6 | # Ansible is free software: you can redistribute it and/or modify 7 | # it under the terms of the GNU General Public License as published by 8 | # the Free Software Foundation, either version 3 of the License, or 9 | # (at your option) any later version. 10 | # 11 | # Ansible is distributed in the hope that it will be useful, 12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | # GNU General Public License for more details. 15 | # 16 | # You should have received a copy of the GNU General Public License 17 | # along with Ansible. If not, see . 18 | 19 | # The GCE inventory script has the following dependencies: 20 | # 1. A valid Google Cloud Platform account with Google Compute Engine 21 | # enabled. See https://cloud.google.com 22 | # 2. An OAuth2 Service Account flow should be enabled. This will generate 23 | # a private key file that the inventory script will use for API request 24 | # authorization. See https://developers.google.com/accounts/docs/OAuth2 25 | # 3. Convert the private key from PKCS12 to PEM format 26 | # $ openssl pkcs12 -in pkey.pkcs12 -passin pass:notasecret \ 27 | # > -nodes -nocerts | openssl rsa -out pkey.pem 28 | # 4. The libcloud (>=0.13.3) python libray. See http://libcloud.apache.org 29 | # 30 | # (See ansible/test/gce_tests.py comments for full install instructions) 31 | # 32 | # Author: Eric Johnson 33 | 34 | [gce] 35 | # GCE Service Account configuration information can be stored in the 36 | # libcloud 'secrets.py' file. Ideally, the 'secrets.py' file will already 37 | # exist in your PYTHONPATH and be picked up automatically with an import 38 | # statement in the inventory script. However, you can specify an absolute 39 | # path to the secrets.py file with 'libcloud_secrets' parameter. 40 | libcloud_secrets = 41 | 42 | # If you are not going to use a 'secrets.py' file, you can set the necessary 43 | # authorization parameters here. 44 | gce_service_account_email_address = '{{ service_account_email }}' 45 | gce_service_account_pem_file_path = '{{ ssh_private_key_file }}' 46 | gce_project_id = '{{ project_id }}' 47 | gce_zone = '{{ gce_zone | default("us-east1-b") }}' 48 | 49 | [inventory] 50 | # The 'inventory_ip_type' parameter specifies whether 'ansible_ssh_host' should 51 | # contain the instance internal or external address. Values may be either 52 | # 'internal' or 'external'. If 'external' is specified but no external instance 53 | # address exists, the internal address will be used. 54 | # The INVENTORY_IP_TYPE environment variable will override this value. 55 | inventory_ip_type = {{ inventory_id_type | default('internal') }} 56 | -------------------------------------------------------------------------------- /infrastructure/mirror/collect-attributes.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Collect Edge Installation Attributes 3 | hosts: edge 4 | tags: ['cache'] 5 | vars: 6 | property_folders: 7 | - "~/.apigee-secure" 8 | - "~/.apigee" 9 | roles: 10 | - { role: apigee-opdk-modules } 11 | - { role: apigee-opdk-settings-private-address, tags: ['private-address'] } 12 | - { role: apigee-opdk-settings-management-server } 13 | - { role: apigee-opdk-settings-ldap } 14 | - { role: apigee-opdk-settings-region } 15 | - { role: apigee-opdk-settings-cassandra } 16 | - { role: apigee-opdk-settings-postgres } 17 | -------------------------------------------------------------------------------- /infrastructure/mirror/configure-nginx-mirror.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Collect Edge Installation Attributes 3 | import_playbook: collect-attributes.yml 4 | tags: ['cache'] 5 | 6 | - name: Expose apigee mirror web server 7 | hosts: "{{ target_hosts }}" 8 | gather_facts: no 9 | tags: ['nginx'] 10 | vars: 11 | apigee_home: "/opt/apigee" 12 | apigee_service: "{{ apigee_home }}/apigee-service/bin/apigee-service" 13 | property_folders: 14 | - "~/.apigee-secure" 15 | - "~/.apigee" 16 | roles: 17 | - { role: apigee-opdk-modules } 18 | - { role: apigee-opdk-setup-component-install, component: 'apigee-mirror' } 19 | - { role: apigee-opdk-setup-mirror-nginx } 20 | -------------------------------------------------------------------------------- /infrastructure/mirror/create-archive.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Collect Edge Installation Attributes 3 | import_playbook: collect-attributes.yml 4 | tags: ['cache'] 5 | 6 | - name: Install Edge Mirror 7 | hosts: "{{ target_hosts }}" 8 | tags: ['install'] 9 | vars: 10 | ansible_workspace: "~/.ansible" 11 | apigee_workspace: "~/.apigee-workspace" 12 | property_folders: 13 | - "~/.apigee-secure" 14 | - "~/.apigee" 15 | roles: 16 | - { role: apigee-opdk-modules } 17 | - { role: apigee-opdk-setup-os-epel, tags: ['epel'] } 18 | - { role: apigee-opdk-shutdown-iptables, tags: ['minimum', 'iptables'] } 19 | - { role: apigee-opdk-yum-repository-proxy-config, tags: ['yum-proxy-config']} 20 | - { role: apigee-opdk-setup-os-minimum, tags: ['os-minimum'] } 21 | - { role: apigee-opdk-setup-os-limits, tags: ['limit'] } 22 | - { role: apigee-opdk-setup-os-sysctl, tags: ['sysctl'] } 23 | - { role: apigee-opdk-setup-selinux-disable, tags: ['minimum', 'selinux'] } 24 | - { role: apigee-server-restart, tags: ['minimum', 'restart-server'], start_check_delay: 30, when: (selinux_disabled is defined and selinux_disabled.changed) or (iptables_disabled is defined and not iptables_disabled) or (force_restart is defined and force_restart) } 25 | - { role: apigee-opdk-setup-os-common, tags: ['os-common'] } 26 | - { role: apigee-opdk-setup-openjdk, tags: ['minimum', 'openjdk'], jdk_version: '1.8' } 27 | - { role: apigee-opdk-setup-apigee-user, tags: ['apigee-user', 'bootstrap'] } 28 | - { role: apigee-opdk-setup-apigee-user-ownership, tags: ['apigee-user', 'bootstrap'] } 29 | - { role: apigee-opdk-setup-java-home, tags: ['java-home', 'bootstrap'] } 30 | - { role: apigee-opdk-setup-bootstrap-cache, tags: ['apigee-bootstrap', 'bootstrap'] } 31 | - { role: apigee-opdk-setup-bootstrap, tags: ['apigee-bootstrap', 'bootstrap'] } 32 | - { role: apigee-opdk-setup-apigee-user-ownership, tags: ['apigee-user', 'bootstrap'] } 33 | - { role: apigee-opdk-setup-component-install, component: 'apigee-mirror' } 34 | - { role: apigee-opdk-setup-bootstrap-create-archive, tags: ['create'] } 35 | 36 | 37 | -------------------------------------------------------------------------------- /infrastructure/mirror/download-archive.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Collect Edge Installation Attributes 3 | import_playbook: collect-attributes.yml 4 | tags: ['cache'] 5 | 6 | - name: Download apigee mirror archive 7 | tags: ['download'] 8 | hosts: "{{ target_hosts }}" 9 | gather_facts: no 10 | vars: 11 | local_apigee_path: ~/.apigee 12 | property_folders: 13 | - "~/.apigee-secure" 14 | - "{{ local_apigee_path }}" 15 | roles: 16 | - { role: apigee-opdk-modules } 17 | - { role: apigee-opdk-setup-bootstrap-download-archive } 18 | -------------------------------------------------------------------------------- /infrastructure/mirror/install-archive.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Collect Edge Installation Attributes 3 | import_playbook: collect-attributes.yml 4 | tags: ['cache'] 5 | 6 | - name: Complete OS Pre-requisites 7 | hosts: edge 8 | tags: ['os'] 9 | vars: 10 | property_folders: 11 | - "~/.apigee-secure" 12 | - "~/.apigee" 13 | roles: 14 | - { role: apigee-opdk-modules } 15 | # - { role: apigee-opdk-setup-os-epel, tags: ['epel'] } 16 | - { role: apigee-opdk-shutdown-iptables, tags: ['minimum', 'iptables'] } 17 | # - { role: apigee-opdk-yum-repository-proxy-config, tags: ['yum-proxy-config']} 18 | - { role: apigee-opdk-setup-os-minimum, tags: ['os-minimum'] } 19 | - { role: apigee-opdk-setup-os-limits, tags: ['limit'] } 20 | - { role: apigee-opdk-setup-os-sysctl, tags: ['sysctl'] } 21 | - { role: apigee-opdk-setup-selinux-disable, tags: ['minimum', 'selinux'] } 22 | - { role: apigee-server-restart, tags: ['restart-server'], start_check_delay: 30, when: (selinux_disabled is defined and selinux_disabled.changed) or (iptables_disabled is defined and not iptables_disabled) or (force_restart is defined and force_restart) } 23 | - { role: apigee-opdk-setup-os-common, tags: ['os-common'] } 24 | - { role: apigee-opdk-setup-openjdk-cache, tags: ['minimum', 'openjdk'], jdk_version: '1.8' } 25 | - { role: apigee-opdk-setup-openjdk, tags: ['openjdk'], jdk_version: '1.8' } 26 | 27 | - name: Install apigee mirror archive 28 | hosts: "{{ target_hosts }}" 29 | tags: ['install'] 30 | vars: 31 | property_folders: 32 | - "~/.apigee-secure" 33 | - "~/.apigee" 34 | apigeerepobasepath: '/opt/apigee/data/apigee-mirror' 35 | roles: 36 | - { role: apigee-opdk-modules } 37 | - { role: apigee-opdk-setup-apigee-user, tags: ['apigee-user', 'bootstrap'] } 38 | - { role: apigee-opdk-setup-apigee-user-ownership, tags: ['apigee-user', 'bootstrap'] } 39 | - { role: apigee-opdk-setup-java-home, tags: ['java-home', 'bootstrap'] } 40 | - { role: apigee-opdk-setup-bootstrap-cache, tags: ['apigee-bootstrap', 'bootstrap'] } 41 | - { role: apigee-opdk-setup-bootstrap, tags: ['apigee-bootstrap', 'bootstrap'] } 42 | - { role: apigee-opdk-setup-apigee-user-ownership, tags: ['apigee-user', 'bootstrap'] } 43 | - { role: apigee-opdk-setup-bootstrap, tags: ['install'], install_archive_mirror: true } 44 | 45 | -------------------------------------------------------------------------------- /infrastructure/mirror/nginx-mirror.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Expose apigee mirror web server 3 | tags: ['nginx'] 4 | hosts: "{{ target_hosts }}" 5 | vars: 6 | property_folders: 7 | - "~/.apigee-secure" 8 | - "~/.apigee" 9 | roles: 10 | - { role: apigee-opdk-modules } 11 | - { role: apigee-opdk-setup-mirror-nginx, tags: ['nginx'] } 12 | -------------------------------------------------------------------------------- /infrastructure/mirror/upload-mirror.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Collect Edge Installation Attributes 3 | import_playbook: collect-attributes.yml 4 | tags: ['cache'] 5 | 6 | - name: Upload apigee mirror archive 7 | hosts: "{{ target_hosts }}" 8 | tags: ['upload'] 9 | vars: 10 | apigee_home: "/opt/apigee" 11 | local_apigee_path: "~/.apigee" 12 | property_folders: 13 | - "~/.apigee-secure" 14 | - "~/.apigee" 15 | roles: 16 | - { role: apigee-opdk-modules } 17 | - { role: apigee-opdk-setup-apigee-user, tags: ['apigee-user', 'bootstrap'] } 18 | - { role: apigee-opdk-setup-bootstrap-upload-archive, tags: ['upload'] } 19 | - { role: apigee-opdk-setup-apigee-user-ownership, tags: ['apigee-user', 'bootstrap'] } 20 | -------------------------------------------------------------------------------- /infrastructure/port-requirements/requirements.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Ansible Roles for Component Installation and Setup 3 | - src: https://github.com/carlosfrias/apigee-opdk-settings-ldap.git 4 | 5 | - src: https://github.com/carlosfrias/apigee-opdk-settings-management-server.git 6 | 7 | - src: https://github.com/carlosfrias/apigee-opdk-settings-postgres.git 8 | 9 | - src: https://github.com/carlosfrias/apigee-opdk-settings-private-address.git 10 | 11 | - src: https://github.com/carlosfrias/apigee-opdk-settings-cassandra.git 12 | 13 | - src: https://github.com/carlosfrias/apigee-opdk-settings-region.git 14 | 15 | - src: https://github.com/carlosfrias/apigee-opdk-port-check.git 16 | 17 | - src: https://github.com/carlosfrias/apigee-opdk-port-check-settings.git 18 | -------------------------------------------------------------------------------- /infrastructure/response-file-generator/generate.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Collect Private Address for Planet 3 | hosts: planet 4 | roles: 5 | - { role: apigee-opdk-modules, tags: ['minimum', 'cache', 'ds', 'ms', 'rmp', 'r', 'mp', 'qpid', 'pg', 'pgmaster', 'pgstandby', 'org', 'validate', 'validate-cleanup'] } 6 | - { role: apigee-opdk-settings-private-address, tags: ['minimum', 'cache', 'ds', 'ms', 'rmp', 'r', 'mp', 'qpid', 'pg', 'pgmaster', 'pgstandby', 'org', 'validate', 'validate-cleanup'] } 7 | - { role: apigee-opdk-settings-management-server, tags: ['minimum', 'cache', 'ds', 'ms', 'rmp', 'r', 'mp', 'qpid', 'pg', 'pgmaster', 'pgstandby', 'org', 'validate', 'validate-cleanup'] } 8 | - { role: apigee-opdk-settings-ldap, tags: ['minimum', 'cache', 'ds', 'ms', 'rmp', 'r', 'mp', 'qpid', 'pg', 'pgmaster', 'pgstandby', 'org', 'validate', 'validate-cleanup'] } 9 | - { role: apigee-opdk-settings-region, tags: ['minimum', 'cache', 'ds', 'ms', 'rmp', 'r', 'mp', 'qpid', 'pg', 'pgmaster', 'pgstandby', 'org', 'validate', 'validate-cleanup'] } 10 | - { role: apigee-opdk-settings-cassandra, tags: ['minimum', 'cache', 'ds', 'ms', 'rmp', 'r', 'mp', 'qpid', 'pg', 'pgmaster', 'pgstandby', 'org', 'validate', 'validate-cleanup'] } 11 | - { role: apigee-opdk-settings-postgres, tags: ['minimum', 'cache', 'ds', 'ms', 'rmp', 'r', 'mp', 'qpid', 'pg', 'pgmaster', 'pgstandby', 'org', 'validate', 'validate-cleanup'] } 12 | 13 | - name: Generate Response files 14 | hosts: "{{ target_hosts }}" 15 | tags: ['edge', 'edge-common'] 16 | vars: 17 | property_folders: 18 | - "~/.apigee-secure" 19 | - "~/.apigee" 20 | roles: 21 | - { role: apigee-opdk-modules, tags: ['minimum', 'cache', 'ds', 'ms', 'rmp', 'r', 'mp', 'qpid', 'pg', 'pgmaster', 'pgstandby', 'org', 'validate', 'validate-cleanup'] } 22 | - { role: apigee-opdk-settings-management-server, tags: ['minimum', 'cache', 'ds', 'ms', 'rmp', 'r', 'mp', 'qpid', 'pg', 'pgmaster', 'pgstandby', 'org', 'validate', 'validate-cleanup'] } 23 | - { role: apigee-opdk-settings-ldap, tags: ['minimum', 'cache', 'ds', 'ms', 'rmp', 'r', 'mp', 'qpid', 'pg', 'pgmaster', 'pgstandby', 'org', 'validate', 'validate-cleanup'] } 24 | - { role: apigee-opdk-settings-region, tags: ['minimum', 'cache', 'ds', 'ms', 'rmp', 'r', 'mp', 'qpid', 'pg', 'pgmaster', 'pgstandby', 'org', 'validate', 'validate-cleanup'] } 25 | - { role: apigee-opdk-settings-cassandra, tags: ['minimum', 'cache', 'ds', 'ms', 'rmp', 'r', 'mp', 'qpid', 'pg', 'pgmaster', 'pgstandby', 'org', 'validate', 'validate-cleanup'] } 26 | - { role: apigee-opdk-settings-postgres, tags: ['minimum', 'cache', 'ds', 'ms', 'rmp', 'r', 'mp', 'qpid', 'pg', 'pgmaster', 'pgstandby', 'org', 'validate', 'validate-cleanup'] } 27 | - { role: apigee-opdk-setup-silent-installation-config, tags: ['minimum', 'config', 'ds-config'] } 28 | 29 | -------------------------------------------------------------------------------- /infrastructure/response-file-generator/requirements.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Ansible Roles for Component Installation and Setup 3 | - src: https://github.com/carlosfrias/apigee-opdk-setup-silent-installation-config.git 4 | 5 | - src: https://github.com/carlosfrias/apigee-opdk-modules.git 6 | 7 | - src: https://github.com/carlosfrias/apigee-opdk-settings-ldap.git 8 | 9 | - src: https://github.com/carlosfrias/apigee-opdk-settings-management-server.git 10 | 11 | - src: https://github.com/carlosfrias/apigee-opdk-settings-postgres.git 12 | 13 | - src: https://github.com/carlosfrias/apigee-opdk-settings-private-address.git 14 | 15 | - src: https://github.com/carlosfrias/apigee-opdk-settings-cassandra.git 16 | 17 | - src: https://github.com/carlosfrias/apigee-opdk-settings-region.git 18 | 19 | 20 | -------------------------------------------------------------------------------- /infrastructure/setup-ansible-offline/ansible.cfg: -------------------------------------------------------------------------------- 1 | [defaults] 2 | # inventory = inventory 3 | roles_path = roles 4 | private_key_file = ~/.ssh/id_rsa 5 | merge_multiple_cli_tags=True 6 | display_args_to_stdout = True 7 | timeout = 60 8 | host_key_checking = False 9 | forks = 10 10 | retry_files_enabled = False 11 | ansible_shell_type=sh 12 | module_name = shell 13 | 14 | [ssh_connection] 15 | #ssh_args = -o ControlMaster=auto -o ControlPersist=7200s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -q 16 | ssh_args = -q 17 | control_path=%(directory)s/ansible-ssh-%%h-%%p-%%r 18 | -------------------------------------------------------------------------------- /infrastructure/setup-ansible-offline/requirements.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - src: https://github.com/carlosfrias/apigee-opdk-modules.git 3 | -------------------------------------------------------------------------------- /infrastructure/setup-ansible-offline/setup-offline-attributes.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Use this endpoint to clone github.com using HTTPS 3 | repository_secure_endpoint_https: "https://github.com/carlosfrias" 4 | repo_name: "apigee-opdk-playbook-setup-ansible" 5 | archive_target_folder_name: apigee-opdk-accelerator 6 | archive_folder: "{{ playbook_dir }}/{{ archive_target_folder_name }}" 7 | playbook_requirements_path: 8 | - "../../infrastructure/port-requirements/requirements.yml" 9 | - "../../installations/multi-node/requirements.yml" 10 | - "../../installations/aio/requirements.yml" 11 | - "../../installations/devportal/requirements.yml" 12 | - "../../installations/mirror/requirements.yml" 13 | - "../../installations/response-file-generator/requirements.yml" 14 | - "../../post-installation/validations/analytics/requirements.yml" 15 | local_apigee_path: ~/.apigee 16 | local_apigee_secure_path: ~/.apigee-secure 17 | folder_list_to_archive: 18 | - "~/.ansible" 19 | - "{{ local_apigee_path }}" 20 | - "{{ local_apigee_secure_path}}" -------------------------------------------------------------------------------- /infrastructure/setup-ansible-offline/setup-offline.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Setup Apigee OPDK Accelerator Offline 3 | hosts: "{{ target_host | default('localhost') }}" 4 | gather_facts: no 5 | tags: ['create'] 6 | vars_files: 7 | - setup-offline-attributes.yml 8 | vars: 9 | property_folders: 10 | - "~/.apigee-secure" 11 | - "~/.apigee" 12 | roles: 13 | - { role: apigee-opdk-modules, tags: ['minimum', 'config', 'pg-config'] } 14 | tasks: 15 | - name: Create Archive folder 16 | file: 17 | path: "{{ archive_folder }}" 18 | state: directory 19 | 20 | - name: Download Ansible OPDK Accelerator 21 | git: 22 | repo: "{{ repository_secure_endpoint_https }}/{{ repo_name }}" 23 | dest: "{{ archive_folder }}/{{ repo_name }}" 24 | accept_hostkey: yes 25 | 26 | - name: Download Roles used by All Playbooks 27 | command: "ansible-galaxy install -r {{ item }} -f" 28 | with_items: "{{ playbook_requirements_path }}" 29 | 30 | - name: Uncomment apigee_archive_file_name attribute 31 | replace: 32 | path: "{{ local_apigee_path }}/custom-properties.yml" 33 | regexp: '#(apigee_archive_file_name: "apigee-{{ opdk_version }}.tar.gz)"' 34 | replace: '\1' 35 | backup: yes 36 | 37 | - name: Verify that rsync is installed 38 | become: true 39 | package: 40 | name: "rsync" 41 | state: present 42 | 43 | - name: Synchronize Folder List to Archive 44 | synchronize: 45 | src: "{{ item }}" 46 | dest: "{{ archive_folder }}" 47 | with_items: "{{ folder_list_to_archive }}" 48 | 49 | - name: Create an Ansible OPDK Accelerator Archive 50 | archive: 51 | dest: "{{ archive_folder }}.tar.gz" 52 | path: "{{ archive_folder }}" 53 | format: gz 54 | 55 | - name: Upload Ansible OPDK Accelerator Archive 56 | hosts: "{{ target_offline_hosts }}" 57 | tags: ['upload'] 58 | gather_facts: no 59 | vars_files: 60 | - setup-offline-attributes.yml 61 | vars: 62 | property_folders: 63 | - "~/.apigee-secure" 64 | - "~/.apigee" 65 | roles: 66 | - { role: apigee-opdk-modules, tags: ['minimum', 'config', 'pg-config'] } 67 | tasks: 68 | - name: Transfer Ansible OPDK Accelerator Archive to Target Host 69 | unarchive: 70 | dest: "/tmp" 71 | src: "{{ archive_folder }}.tar.gz" 72 | 73 | - name: Verify that rsync is installed 74 | become: true 75 | package: 76 | name: "rsync" 77 | state: present 78 | 79 | - name: Synchronize folder list to User Home on Target Host 80 | command: "rsync -avzh --remove-source-files --partial /tmp/{{ archive_target_folder_name }}/{{ item }} ~" 81 | with_items: 82 | - ".ansible" 83 | - ".apigee" 84 | - ".apigee-secure" 85 | - "{{ repo_name }}" 86 | 87 | -------------------------------------------------------------------------------- /infrastructure/ssh-bastion-host/bastion_host_attribute.yml: -------------------------------------------------------------------------------- 1 | --- 2 | bastion_target_host_range: 10.*.*.* 3 | bastion_protected_private_key: ~/.ssh/google_compute_engine 4 | bastion_host_name: apigee-bastion.us-east1-b.fedex-pilot 5 | #bastion_host_name: nginx-backend-central-jnw0.us-central1-c.fedex-pilot 6 | bastion_host_private_key: ~/.ssh/google_compute_engine 7 | bastion_host_ip: 35.237.195.103 8 | #bastion_host_ip: 35.202.241.245 9 | bastion_host_user: friasc 10 | -------------------------------------------------------------------------------- /infrastructure/ssh-bastion-host/configure-bastion-config.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Set Bastion Host in SSH Config 3 | hosts: localhost 4 | connection: local 5 | gather_facts: false 6 | vars_files: 7 | - bastion_host_attribute.yml 8 | 9 | roles: 10 | - { role: bastion-ssh-config-target-host, tags: ['bastion-config'] } 11 | 12 | -------------------------------------------------------------------------------- /infrastructure/ssh-bastion-host/configure-proxycommand.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Configure ProxyCommand to Use Bastion Host 3 | hosts: localhost 4 | connection: local 5 | gather_facts: false 6 | vars_files: 7 | - bastion_host_attribute.yml 8 | 9 | roles: 10 | - { role: bastion-host-proxycommand } 11 | 12 | -------------------------------------------------------------------------------- /infrastructure/ssh-bastion-host/requirements.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - src: https://github.com/carlosfrias/bastion-host-proxycommand 3 | 4 | - src: https://github.com/carlosfrias/bastion-ssh-config-target-host 5 | 6 | 7 | 8 | -------------------------------------------------------------------------------- /infrastructure/ssh-tunnels/requirements.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - src: https://github.com/carlosfrias/apigee-opdk-settings-private-address.git 3 | -------------------------------------------------------------------------------- /infrastructure/ssh-tunnels/tunnel.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: SSH Tunnels Cache Update 3 | hosts: ms[0] 4 | roles: 5 | - { role: apigee-opdk-settings-private-address } 6 | 7 | - name: Create SSH Tunnels 8 | hosts: ms[0] 9 | 10 | vars: 11 | bastion_host_name: "{{ bastion_hostname | default('apigee-bastion.us-east1-b.fedex-pilot') }}" 12 | target_hosts: 13 | - { target_ip_address: "{{ private_address }}", target_port: "9000", port: "9000" } 14 | - { target_ip_address: "{{ private_address }}", target_port: "8080", port: "8080" } 15 | # - { target_ip_address: "{{ private_address }}", target_port: "9001", port: "9001" } 16 | # - { target_ip_address: "{{ private_address }}", target_port: "8079", port: "8079" } 17 | # - { target_ip_address: "{{ hostvars[groups['ms'][1]]['private_address'] }}", target_port: "9010", port: "9000" } 18 | # - { target_ip_address: "{{ hostvars[groups['ms'][1]]['private_address'] }}", target_port: "8090", port: "8080" } 19 | # - { target_ip_address: "{{ hostvars[groups['pg'][0]]['private_address'] }}", target_port: "5432", port: "5432" } 20 | # - { target_ip_address: "{{ hostvars[groups['pgmaster'][0]]['private_address'] }}", target_port: "5432", port: "5432" } 21 | # - { target_ip_address: "{{ hostvars[groups['pgstandby'][1]]['private_address'] }}", target_port: "5433", port: "5433" } 22 | 23 | roles: 24 | - { role: apigee-opdk-settings-private-address } 25 | 26 | tasks: 27 | - name: Create SSH tunnels 28 | shell: "ssh -f {{ bastion_host_name }} -L {{ item.port }}:{{ item.target_ip_address }}:{{ item.target_port }} -N" 29 | with_items: "{{ target_hosts }}" 30 | async: 5 31 | poll: 0 32 | delegate_to: 127.0.0.1 33 | 34 | -------------------------------------------------------------------------------- /installations/aio/README.md: -------------------------------------------------------------------------------- 1 | # Install Apigee Edge AIO 2 | 3 | This playbook will complete the installation of an Apigee Edge AIO instance. This installation follows Apigee 4 | recommendations. 5 | 6 | ## Basic Usage 7 | 8 | The instructions for using this installer is found in the main installations folder [README](../README.md). Please follow 9 | those instructions and use this folder as your execution location for the installation playbook. 10 | -------------------------------------------------------------------------------- /installations/aio/install.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Install AIO 3 | hosts: edge 4 | gather_facts: no 5 | vars: 6 | ansible_workspace: "~/.ansible" 7 | apigee_workspace: "~/.apigee-workspace" 8 | property_folders: 9 | - "~/.apigee-secure" 10 | - "~/.apigee" 11 | 12 | roles: 13 | - { role: apigee-opdk-modules, tags: ['cache', 'license'] } 14 | - { role: apigee-opdk-setup-os-epel, tags: ['epel', 'os'] } 15 | - { role: apigee-opdk-shutdown-iptables, tags: ['minimum', 'iptables', 'os'] } 16 | - { role: apigee-opdk-yum-repository-proxy-config, tags: ['yum-proxy-config', 'os']} 17 | - { role: apigee-opdk-setup-os-minimum, tags: ['os-minimum', 'os'] } 18 | - { role: apigee-opdk-setup-os-limits, tags: ['limit', 'os'] } 19 | - { role: apigee-opdk-setup-os-sysctl, tags: ['sysctl', 'os'] } 20 | - { role: apigee-opdk-setup-selinux-disable, tags: ['minimum', 'selinux', 'os'] } 21 | - { role: apigee-server-restart, tags: ['os'], start_check_delay: 30, when: (selinux_disabled is defined and selinux_disabled.changed) or (iptables_disabled is defined and not iptables_disabled) or (force_restart is defined and force_restart) } 22 | - { role: apigee-opdk-setup-os-common, tags: ['os-common', 'os'] } 23 | - { role: apigee-opdk-setup-openjdk, tags: ['minimum', 'openjdk', 'os'], jdk_version: '1.8' } 24 | - { role: apigee-opdk-setup-apigee-user, tags: ['config', 'apigee-user', 'bootstrap'] } 25 | - { role: apigee-opdk-setup-apigee-user-ownership, tags: ['apigee-user', 'bootstrap'] } 26 | - { role: apigee-opdk-setup-java-home, tags: ['java-home', 'bootstrap'] } 27 | - { role: apigee-opdk-setup-bootstrap-cache, tags: ['apigee-bootstrap', 'bootstrap'] } 28 | - { role: apigee-opdk-setup-bootstrap, tags: ['apigee-bootstrap', 'bootstrap'] } 29 | - { role: apigee-opdk-setup-license, tags: ['license', 'bootstrap', 'common'] } 30 | - { role: apigee-opdk-setup-component-install, component: 'apigee-setup', tags: ['setup', 'common'] } 31 | - { role: apigee-opdk-setup-component-install, component: 'apigee-adminapi', tags: ['adminapi', 'common'] } 32 | - { role: apigee-opdk-setup-apigee-user-ownership, tags: ['apigee-user','common'] } 33 | - { role: apigee-opdk-settings-private-address, tags: ['config','cache'] } 34 | - { role: apigee-opdk-settings-management-server, tags: ['config', 'cache' ] } 35 | - { role: apigee-opdk-settings-ldap, tags: ['config', 'minimum', 'cache' ] } 36 | - { role: apigee-opdk-settings-region, tags: ['config', 'minimum', 'cache' ] } 37 | - { role: apigee-opdk-settings-cassandra, tags: ['config', 'minimum', 'cache' ] } 38 | - { role: apigee-opdk-settings-postgres, tags: ['config', 'minimum', 'cache' ] } 39 | - { role: apigee-opdk-setup-silent-installation-config, tags: ['config'] } 40 | - { role: apigee-opdk-setup-component, profile: 'aio', tags: ['aio'] } 41 | - { role: apigee-opdk-setup-status, tags: ['status'] } 42 | - { role: apigee-opdk-setup-org-config, tags: ['org','org-config'] } 43 | - { role: apigee-opdk-setup-org, tags: ['org', 'org-create'] } 44 | - { role: apigee-opdk-setup-validate, tags: ['validate'] } 45 | - { role: apigee-opdk-setup-validate-cleanup, tags: ['validate', 'validate-cleanup'] } 46 | -------------------------------------------------------------------------------- /installations/devportal/README.md: -------------------------------------------------------------------------------- 1 | # Install Apigee Developer Portal 2 | 3 | This playbook will complete the installation of an Apigee Edge Developer Portal. This installation follows Apigee 4 | recommendations. 5 | 6 | ## Basic Usage 7 | 8 | The instructions for using this installer is found in the main installations folder [README](../README.md). Please follow 9 | those instructions and use this folder as your execution location for the installation playbook. -------------------------------------------------------------------------------- /installations/edge-microgateway/README.md: -------------------------------------------------------------------------------- 1 | # Apigee Edge Installation 2 | 3 | This playbook will complete the installation of an Apigee Edge planet. This installation manages an 4 | installation of Edge Microgateway. The installation of multiple regions follows Apigee recommendations. 5 | 6 | ## Basic Usage 7 | 8 | The instructions for using this installer is found in the main installations folder [README](../README.md). Please follow 9 | those instructions and use this folder as your execution location for the installation playbook. -------------------------------------------------------------------------------- /installations/edge-microgateway/install.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Download, Install and Configure Apigee Edge Microgateway 3 | hosts: localhost 4 | 5 | vars: 6 | edgemicro_name: edgemicro 7 | edgemicro_version: 2.5.7 8 | nodejs_version: 8.15.1 9 | nodejs_package_name: "node-v{{ nodejs_version }}.pkg" 10 | nodejs_download_url: "https://nodejs.org/dist/v{{ nodejs_version }}/{{ nodejs_package_name }}" 11 | nodejs_download_destination: "{{ '~/Downloads' | expanduser }}" 12 | 13 | vars_prompt: 14 | - name: org 15 | prompt: "Apigee org name:" 16 | private: no 17 | 18 | - name: env 19 | prompt: "Apigee env name:" 20 | private: no 21 | 22 | - name: email 23 | prompt: "Apigee user email:" 24 | private: no 25 | 26 | - name: password 27 | prompt: "Apigee user password?" 28 | private: yes 29 | 30 | tasks: 31 | - name: Download NodeJS 32 | get_url: 33 | url: "{{ nodejs_download_url }}" 34 | dest: "{{ nodejs_download_destination }}" 35 | 36 | - name: Validate Node Installed 37 | ignore_errors: true 38 | shell: node -v 39 | register: node_status 40 | 41 | - debug: 42 | var: node_status 43 | 44 | - name: Install NodeJS 45 | become: True 46 | shell: "installer -pkg {{ nodejs_download_destination }}/{{ nodejs_package_name }} -target /" 47 | when: "node_status.stderr | regex_search('.*node:.*command not found')" 48 | 49 | - name: Install Apigee Microgateway 50 | become: True 51 | npm: 52 | name: "{{ edgemicro_name }}" 53 | version: "{{ edgemicro_version }}" 54 | global: yes 55 | state: latest 56 | 57 | - name: Initialize Apigee Microgateway 58 | shell: edgemicro init 59 | 60 | - name: Configure Apigee Microgateway 61 | shell: edgemicro configure -o {{ org }} -e {{ env }} -u {{ email }} -p {{ password }} 62 | register: edgemicro_config 63 | 64 | - name: Extract key_string & secret_string 65 | set_fact: 66 | edgemicro_key: "{{ edgemicro_config.stdout | regex_search('key:.*') }}" 67 | edgemicro_secret: "{{ edgemicro_config.stdout | regex_search('secret:.*') }}" 68 | 69 | - name: Parse key & secret 70 | set_fact: 71 | cacheable: true 72 | edgemicro_key: "{{ edgemicro_key.split(':')[1] | trim }}" 73 | edgemicro_secret: "{{ edgemicro_secret.split(':')[1] | trim }}" 74 | 75 | - name: Verify Edge Microgateway 76 | shell: edgemicro verify -o {{ org }} -e {{ env }} -k {{ edgemicro_key }} -s {{ edgemicro_secret }} 77 | -------------------------------------------------------------------------------- /installations/multi-node/README.md: -------------------------------------------------------------------------------- 1 | # Apigee Edge Installation 2 | 3 | This playbook will complete the installation of an Apigee Edge planet. This installation manages a multiple node 4 | installation of either a single region or multiple regions. The installation of multiple regions follows Apigee 5 | recommendations. 6 | 7 | ## Basic Usage 8 | 9 | The instructions for using this installer is found in the main installations folder [README](../README.md). Please follow 10 | those instructions and use this folder as your execution location for the installation playbook. -------------------------------------------------------------------------------- /post-installation/README.md: -------------------------------------------------------------------------------- 1 | # Post-Installations Folder 2 | 3 | This folder contains Ansible playbooks that will execute post-installation configurations or maintenance 4 | steps on Apigee components and planets. 5 | 6 | The available Apigee components are: 7 | 8 | | Component Name | Description | 9 | |--- | --- | 10 | | [apigee-user](apigee-user) | Ensures that the `apigee` user exists and that Apigee folders are owned by the `apigee` user. | 11 | | [debug-mode](debug-mode) | Updates Apigee system scripts to emit debugging information. This generates a great deal of output when executing Apigee system scripts. | 12 | | [unlock-edge-user-account](unlock-edge-user-account) | This will unlock a user that has been locked out of an Apigee Edge console. | 13 | | [update-scope](update-analytics-scope) | This script will update the analytics scopes. | 14 | | [validations](validations) | Multiple scripts are provided to validate the status of components used on the Apigee Edge platform. | 15 | | [download-logs](download-logs) | Provides you with the ability to download the logs from the entire Apigee planet or from select nodes. | 16 | 17 | -------------------------------------------------------------------------------- /post-installation/add/add-components/alpha/add-message-processsor.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Playbook to remove a cassandra 3 | hosts: "{{ target_hosts }}" 4 | gather_facts: no 5 | 6 | vars: 7 | component_name: "edge-message-processor" 8 | orgs_envs: 9 | - { org_name: "rbcapigee", env_name: "sb" } 10 | - { org_name: "rbcapigee", env_name: "prod" } 11 | - { org_name: "rbcapigee", env_name: "prodexternal" } 12 | - { org_name: "adventist", env_name: "prod" } 13 | - { org_name: "adventist", env_name: "dev" } 14 | - { org_name: "adventist", env_name: "test" } 15 | - { org_name: "opdk", env_name: "noi" } 16 | - { org_name: "VALIDATE", env_name: "test" } 17 | 18 | roles: 19 | - { role: apigee-opdk-server-self, server_types: ['mp'] } 20 | 21 | tasks: 22 | - name: Set attributes if available 23 | set_fact: 24 | uuid: "{{ edge_mp_self.uUID }}" 25 | pod: "{{ edge_mp_self.pod }}" 26 | 27 | - name: Assert variables exist 28 | assert: 29 | that: 30 | - region is defined and region | trim | length > 0 31 | - pod is defined and pod | trim | length > 0 32 | - uuid is defined and uuid | trim | length > 0 33 | - opdk_user_email is defined 34 | - opdk_user_pass is defined 35 | msg: "Please provide the missing attribute" 36 | 37 | - name: Register Message Processor with an organization and environments 38 | uri: 39 | url: "http://{{ local_mgmt_ip }}:8080/v1/o/{{ item.org_name }}/e/{{ item.env_name }}/servers" 40 | method: POST 41 | user: '{{ opdk_user_email }}' 42 | password: '{{ opdk_user_pass }}' 43 | body_format: 'form-urlencoded' 44 | body: 45 | uuid: '{{ uuid }}' 46 | action: 'add' 47 | with_items: "{{ orgs_envs }}" 48 | 49 | -------------------------------------------------------------------------------- /post-installation/add/add-components/alpha/add-router.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Playbook to remove a cassandra 3 | hosts: "{{ target_hosts }}" 4 | gather_facts: no 5 | 6 | vars: 7 | property_folders: 8 | - "~/.apigee-secure" 9 | - "~/.apigee" 10 | component_name: "edge-router" 11 | 12 | roles: 13 | - { role: apigee-opdk-modules, tags: ['minimum', 'config'] } 14 | - { role: apigee-opdk-server-self, server_types: ['router'] } 15 | 16 | tasks: 17 | - name: Set attributes if available 18 | set_fact: 19 | uuid: "{{ edge_router_self.uUID }}" 20 | pod: "{{ edge_router_self.pod }}" 21 | 22 | - name: Assert variables exist 23 | assert: 24 | that: 25 | - region is defined and region | trim | length > 0 26 | - pod is defined and pod | trim | length > 0 27 | - uuid is defined and uuid | trim | length > 0 28 | - opdk_user_email is defined 29 | - opdk_user_pass is defined 30 | msg: "Please provide the missing attribute" 31 | 32 | - name: Register Router 33 | uri: 34 | url: "http://{{ local_mgmt_ip }}:8080/v1/regions/{{ region_name }}/pods/{{ pod }}/servers" 35 | method: POST 36 | user: '{{ opdk_user_email }}' 37 | password: '{{ opdk_user_pass }}' 38 | body_format: 'form-urlencoded' 39 | body: 40 | uuid: '{{ uuid }}' 41 | type: 'router' 42 | action: 'add' 43 | 44 | -------------------------------------------------------------------------------- /post-installation/add/add-components/requirements.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - src: https://github.com/carlosfrias/apigee-opdk-backup.git 3 | 4 | - src: https://github.com/carlosfrias/apigee-opdk-start-components.git 5 | 6 | - src: https://github.com/carlosfrias/apigee-opdk-stop-components.git 7 | 8 | - src: https://github.com/carlosfrias/apigee-opdk-setup-component.git 9 | 10 | - src: https://github.com/carlosfrias/apigee-opdk-setup-bootstrap-rollback.git 11 | 12 | - src: https://github.com/carlosfrias/apigee-opdk-server-self.git 13 | 14 | - src: https://github.com/carlosfrias/apigee-opdk-modules.git 15 | 16 | -------------------------------------------------------------------------------- /post-installation/apigee-user/README.md: -------------------------------------------------------------------------------- 1 | # Simplified Apigee User Setup 2 | This script will setup the `apigee` user on the apigee instances and will ensure that Apigee folders 3 | are owned by the `apigee` user. 4 | 5 | ## Usage: 6 | This is an Ansible script and require Ansible. Please follow the usage instructions below: 7 | 8 | ansible-galaxy install -r requirements -f 9 | ansible-playbook update-apigee-user.yml -e target_hosts= 10 | -------------------------------------------------------------------------------- /post-installation/apigee-user/requirements.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Updated Readme's 3 | - src: https://github.com/carlosfrias/apigee-opdk-setup-apigee-user.git 4 | 5 | - src: https://github.com/carlosfrias/apigee-opdk-setup-apigee-user-ownership.git -------------------------------------------------------------------------------- /post-installation/apigee-user/update.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Update Apigee User 3 | hosts: "{{ target_hosts }}" 4 | gather_facts: no 5 | strategy: free 6 | roles: 7 | - { role: apigee-opdk-setup-apigee-user, tags: ['apigee-user'] } 8 | - { role: apigee-opdk-setup-apigee-user-ownership, tags: ['apigee-user'] } 9 | -------------------------------------------------------------------------------- /post-installation/backup/.gitignore: -------------------------------------------------------------------------------- 1 | # Byte-compiled / optimized / DLL files 2 | __pycache__/ 3 | *.py[cod] 4 | *$py.class 5 | 6 | # C extensions 7 | *.so 8 | 9 | # Distribution / packaging 10 | .Python 11 | env/ 12 | build/ 13 | develop-eggs/ 14 | dist/ 15 | downloads/ 16 | eggs/ 17 | .eggs/ 18 | lib/ 19 | lib64/ 20 | parts/ 21 | sdist/ 22 | var/ 23 | *.egg-info/ 24 | .installed.cfg 25 | *.egg 26 | 27 | # PyInstaller 28 | # Usually these files are written by a python script from a template 29 | # before PyInstaller builds the exe, so as to inject date/other infos into it. 30 | *.manifest 31 | *.spec 32 | 33 | # Installer logs 34 | pip-log.txt 35 | pip-delete-this-directory.txt 36 | 37 | # Unit test / coverage reports 38 | htmlcov/ 39 | .tox/ 40 | .coverage 41 | .coverage.* 42 | .cache 43 | nosetests.xml 44 | coverage.xml 45 | *,cover 46 | .hypothesis/ 47 | 48 | # Translations 49 | *.mo 50 | *.pot 51 | 52 | # Django stuff: 53 | *.log 54 | local_settings.py 55 | 56 | # Flask stuff: 57 | instance/ 58 | .webassets-cache 59 | 60 | # Scrapy stuff: 61 | .scrapy 62 | 63 | # Sphinx documentation 64 | docs/_build/ 65 | 66 | # PyBuilder 67 | target/ 68 | 69 | # IPython Notebook 70 | .ipynb_checkpoints 71 | 72 | # pyenv 73 | .python-version 74 | 75 | # celery beat schedule file 76 | celerybeat-schedule 77 | 78 | # dotenv 79 | .env 80 | 81 | # virtualenv 82 | venv/ 83 | ENV/ 84 | 85 | # Spyder project settings 86 | .spyderproject 87 | 88 | # Rope project settings 89 | .ropeproject 90 | 91 | .vagrant 92 | *.iml 93 | archives 94 | .DS_Store 95 | ssh_keys 96 | ansible.log 97 | *.zip 98 | license.txt 99 | *.log 100 | *.tar.gz 101 | *.rpm 102 | *.tar 103 | ansible_fact_cache_dir 104 | *jar 105 | .ansible_cache* 106 | configs_and_logs 107 | redhat-rhui.repo 108 | rhui-load-balancers.conf 109 | out 110 | .idea 111 | *iml 112 | *retry 113 | installations/aio/installation-logs-configs/* 114 | -------------------------------------------------------------------------------- /post-installation/backup/CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # How to Contribute 2 | 3 | We'd love to accept your patches and contributions to this project. There are 4 | just a few small guidelines you need to follow. 5 | 6 | ## Contributor License Agreement 7 | 8 | Contributions to this project must be accompanied by a Contributor License 9 | Agreement. You (or your employer) retain the copyright to your contribution; 10 | this simply gives us permission to use and redistribute your contributions as 11 | part of the project. Head over to to see 12 | your current agreements on file or to sign a new one. 13 | 14 | You generally only need to submit a CLA once, so if you've already submitted one 15 | (even if it was for a different project), you probably don't need to do it 16 | again. 17 | 18 | ## Code reviews 19 | 20 | All submissions, including submissions by project members, require review. We 21 | use GitHub pull requests for this purpose. Consult 22 | [GitHub Help](https://help.github.com/articles/about-pull-requests/) for more 23 | information on using pull requests. -------------------------------------------------------------------------------- /post-installation/backup/README.md: -------------------------------------------------------------------------------- 1 | Apigee Backup Playbook Sample 2 | ============================= 3 | 4 | This playbook demonstrates how to perform backups of Apigee OPDK nodes. 5 | 6 | # Backup a Planet 7 | 8 | You can use this playbook to backup a planet as follows: 9 | 10 | ansible-galaxy install -r requirements.yml -f 11 | ansible-playbook backup.yml 12 | 13 | 14 | 15 | # Not Google Product Clause 16 | 17 | This is not an officially supported Google product. 18 | 19 | 20 | # How to Contribute 21 | 22 | We'd love to accept your patches and contributions to this project. Please review our [guidelines](CONTRIBUTING.md). 23 | 24 | -------------------------------------------------------------------------------- /post-installation/backup/backup.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Update the planet cache 3 | hosts: edge 4 | tags: ['cache'] 5 | vars: 6 | property_folders: 7 | - "~/.apigee-secure" 8 | - "~/.apigee" 9 | roles: 10 | - { role: apigee-opdk-modules } 11 | - { role: apigee-opdk-settings-private-address } 12 | - { role: apigee-opdk-setup-openjdk, tags: ['openjdk'] } 13 | - { role: apigee-opdk-setup-java-home } 14 | - { role: apigee-opdk-setup-bootstrap } 15 | 16 | - name: Backup Zookeeper 17 | serial: 1 18 | hosts: ds 19 | tags: ['zookeeper'] 20 | vars: 21 | component_profile: 'apigee-zookeeper' 22 | roles: 23 | - { role: apigee-opdk-backup } 24 | 25 | - name: Backup Cassandra 26 | serial: 1 27 | hosts: ds 28 | tags: ['cassandra'] 29 | vars: 30 | component_profile: 'apigee-cassandra' 31 | roles: 32 | - { role: apigee-opdk-backup } 33 | 34 | - name: Backup Router 35 | serial: 1 36 | hosts: rmp,r 37 | tags: ['router'] 38 | vars: 39 | component_profile: 'edge-router' 40 | roles: 41 | - { role: apigee-opdk-backup } 42 | 43 | - name: Backup Message Processor 44 | serial: 1 45 | hosts: rmp,mp 46 | tags: ['mp'] 47 | vars: 48 | component_profile: 'edge-message-processor' 49 | roles: 50 | - { role: apigee-opdk-backup } 51 | 52 | - name: Backup Edge Postgres Server 53 | serial: 1 54 | hosts: pg 55 | tags: ['ps'] 56 | vars: 57 | component_profile: 'edge-postgres-server' 58 | roles: 59 | - { role: apigee-opdk-backup } 60 | 61 | - name: Backup Postgresql Database 62 | serial: 1 63 | hosts: pgmaster,pg[0] 64 | tags: ['pg'] 65 | vars: 66 | component_profile: 'apigee-postgresql' 67 | roles: 68 | - { role: apigee-opdk-backup } 69 | 70 | - name: Backup Qpid Server 71 | serial: 1 72 | hosts: qpid 73 | tags: ['qs'] 74 | vars: 75 | component_profile: 'edge-qpid-server' 76 | roles: 77 | - { role: apigee-opdk-backup } 78 | 79 | - name: Backup Qpid Queue 80 | serial: 1 81 | hosts: qpid 82 | tags: ['qpid'] 83 | vars: 84 | component_profile: 'apigee-qpidd' 85 | roles: 86 | - { role: apigee-opdk-backup } 87 | 88 | - name: Backup LDAP 89 | serial: 1 90 | hosts: ldap 91 | tags: ['ldap'] 92 | vars: 93 | component_profile: 'apigee-openldap' 94 | roles: 95 | - { role: apigee-opdk-backup } 96 | 97 | - name: Backup Management Server 98 | serial: 1 99 | hosts: ms 100 | tags: ['ms'] 101 | vars: 102 | component_profile: 'edge-management-server' 103 | roles: 104 | - { role: apigee-opdk-backup } 105 | 106 | - name: Backup UI 107 | serial: 1 108 | hosts: ui 109 | tags: ['ui'] 110 | vars: 111 | component_profile: 'edge-ui' 112 | roles: 113 | - { role: apigee-opdk-backup } 114 | -------------------------------------------------------------------------------- /post-installation/backup/requirements.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - src: https://github.com/carlosfrias/apigee-opdk-settings-private-address.git 3 | 4 | - src: https://github.com/carlosfrias/apigee-opdk-backup.git 5 | 6 | - src: https://github.com/carlosfrias/apigee-opdk-restore.git 7 | 8 | - src: https://github.com/carlosfrias/apigee-opdk-modules 9 | 10 | - src: https://github.com/carlosfrias/apigee-opdk-setup-openjdk.git 11 | 12 | - src: https://github.com/carlosfrias/apigee-opdk-setup-java-home.git 13 | 14 | - src: https://github.com/carlosfrias/apigee-opdk-setup-bootstrap.git 15 | 16 | - src: https://github.com/carlosfrias/apigee-opdk-setup-bootstrap-archive-installer.git 17 | -------------------------------------------------------------------------------- /post-installation/backup/restore.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Update the planet cache 3 | hosts: edge 4 | tags: ['cache'] 5 | vars: 6 | property_folders: 7 | - "~/.apigee-secure" 8 | - "~/.apigee" 9 | roles: 10 | - { role: apigee-opdk-modules } 11 | - { role: apigee-opdk-settings-private-address } 12 | - { role: apigee-opdk-setup-openjdk, tags: ['openjdk'] } 13 | - { role: apigee-opdk-setup-java-home } 14 | - { role: apigee-opdk-setup-bootstrap } 15 | 16 | - name: Backup Zookeeper 17 | serial: 1 18 | hosts: ds 19 | tags: ['zookeeper'] 20 | vars: 21 | component_profile: 'apigee-zookeeper' 22 | roles: 23 | - { role: apigee-opdk-restore } 24 | 25 | - name: Backup Cassandra 26 | serial: 1 27 | hosts: ds 28 | tags: ['cassandra'] 29 | vars: 30 | component_profile: 'apigee-cassandra' 31 | roles: 32 | - { role: apigee-opdk-restore } 33 | 34 | - name: Backup Router 35 | serial: 1 36 | hosts: rmp,r 37 | tags: ['router'] 38 | vars: 39 | component_profile: 'edge-router' 40 | roles: 41 | - { role: apigee-opdk-restore } 42 | 43 | - name: Backup Message Processor 44 | serial: 1 45 | hosts: rmp,mp 46 | tags: ['mp'] 47 | vars: 48 | component_profile: 'edge-message-processor' 49 | roles: 50 | - { role: apigee-opdk-restore } 51 | 52 | - name: Backup Edge Postgres Server 53 | serial: 1 54 | hosts: pg 55 | tags: ['ps'] 56 | vars: 57 | component_profile: 'edge-postgres-server' 58 | roles: 59 | - { role: apigee-opdk-restore } 60 | 61 | - name: Backup Postgresql Database 62 | serial: 1 63 | hosts: pgmaster,pg[0] 64 | tags: ['pg'] 65 | vars: 66 | component_profile: 'apigee-postgresql' 67 | roles: 68 | - { role: apigee-opdk-restore } 69 | 70 | - name: Backup Qpid Server 71 | serial: 1 72 | hosts: qpid 73 | tags: ['qs'] 74 | vars: 75 | component_profile: 'edge-qpid-server' 76 | roles: 77 | - { role: apigee-opdk-restore } 78 | 79 | - name: Backup Qpid Queue 80 | serial: 1 81 | hosts: qpid 82 | tags: ['qpid'] 83 | vars: 84 | component_profile: 'apigee-qpidd' 85 | roles: 86 | - { role: apigee-opdk-restore } 87 | 88 | - name: Backup LDAP 89 | serial: 1 90 | hosts: ldap 91 | tags: ['ldap'] 92 | vars: 93 | component_profile: 'apigee-openldap' 94 | roles: 95 | - { role: apigee-opdk-restore } 96 | 97 | - name: Backup Management Server 98 | serial: 1 99 | hosts: ms 100 | tags: ['ms'] 101 | vars: 102 | component_profile: 'edge-management-server' 103 | roles: 104 | - { role: apigee-opdk-restore } 105 | 106 | - name: Backup UI 107 | serial: 1 108 | hosts: ui 109 | tags: ['ui'] 110 | vars: 111 | component_profile: 'edge-ui' 112 | roles: 113 | - { role: apigee-opdk-restore } 114 | -------------------------------------------------------------------------------- /post-installation/cassandra-rebuild/rebuild.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Rebuild Cassandra Ring 3 | hosts: ds 4 | gather_facts: no 5 | serial: 1 6 | roles: 7 | - apigee-opdk-cassandra-repair 8 | - apigee-opdk-cassandra-rebuild 9 | -------------------------------------------------------------------------------- /post-installation/cassandra-rebuild/requirements.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - src: https://github.com/carlosfrias/apigee-opdk-cassandra-rebuild.git 3 | - src: https://github.com/carlosfrias/apigee-opdk-cassandra-repair.git 4 | 5 | -------------------------------------------------------------------------------- /post-installation/debug-mode/README.md: -------------------------------------------------------------------------------- 1 | # Enable Debug Mode for Apigee Edge Scripts 2 | 3 | The playbook `debug.yml` will set the debug flag on all of the Edge component scripts. 4 | 5 | ## Basic Usage 6 | 7 | To set debug mode you invoke the playbook like this: 8 | 9 | ansible-playbook debug.yml -e opdk_debug_mode='on' 10 | 11 | To unset debug mode you invoke the playbook like this: 12 | 13 | ansible-playbook debug.yml -e opdk_debug_mode='off' 14 | 15 | To set debug mode on the scripts for an Edge component then use the `-e component_name` variable like this: 16 | 17 | ansible-playbook debug.yml -e opdk_debug_mode='on' -e component_name='message-processor' 18 | 19 | ## Dependencies 20 | 21 | This playbook assumes that you followed the instructions for setting up [Ansible](https://github.com/carlosfrias/apigee-opdk-playbook-setup-ansible). 22 | Please refer to the documentation for [apigee-opdk-debug-mode](https://github.com/carlosfrias/apigee-opdk-debug-mode). 23 | 24 | We have created `ansible-galaxy` requirement file `requirements.yml` that will download the roles 25 | used by this playbook and install them for usage according to your configuration. You can download and install the 26 | required roles like this: 27 | 28 | ansible-galaxy install -r requirements.yml -f 29 | 30 | -------------------------------------------------------------------------------- /post-installation/debug-mode/debug.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Set or unset bash debug flag in apigee scripts 3 | hosts: "{{ target_hosts }}" 4 | gather_facts: no 5 | 6 | roles: 7 | - { role: apigee-opdk-debug-mode } 8 | -------------------------------------------------------------------------------- /post-installation/debug-mode/requirements.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - src: https://github.com/carlosfrias/apigee-opdk-setup-default-settings.git 3 | 4 | - src: https://github.com/carlosfrias/apigee-opdk-debug-mode.git 5 | -------------------------------------------------------------------------------- /post-installation/download-logs/README.md: -------------------------------------------------------------------------------- 1 | # Download Apigee Logs 2 | 3 | # Overview 4 | This playbook downloads the logs and configuration settings from an Apigee platform node. 5 | 6 | # Requirements 7 | 8 | This playbook assumes that an [inventory](../../README-ansible-inventory.md) will be configured using ansible.cfg or on the command line. 9 | 10 | # Usage 11 | 12 | ansible-galaxy install -r requirements.yml -f 13 | ansible-playbook download-logs.yml -e target_hosts=[ planet | edge | ms | ds | rmp | qpid | pg ] -------------------------------------------------------------------------------- /post-installation/download-logs/download.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Retrieve log files 3 | hosts: "{{ target_hosts | default('planet') }}" 4 | gather_facts: no 5 | vars: 6 | property_folders: 7 | - "~/.apigee-secure" 8 | - "~/.apigee" 9 | 10 | roles: 11 | - { role: apigee-opdk-modules } 12 | - { role: apigee-opdk-setup-bootstrap-cache } 13 | - { role: apigee-fetch-files, download_pattern: "{{ pattern }}", download_folder: "{{ target_logs_folder }}" } 14 | -------------------------------------------------------------------------------- /post-installation/download-logs/requirements.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Updated Readme's 3 | - src: https://github.com/carlosfrias/apigee-fetch-files.git 4 | 5 | - src: https://github.com/carlosfrias/apigee-opdk-modules.git 6 | 7 | - src: https://github.com/carlosfrias/apigee-opdk-setup-bootstrap-cache.git 8 | -------------------------------------------------------------------------------- /post-installation/expand-planet-regions/install.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Register Cassandra & Zookeeper in Region with No Management Server 3 | hosts: "{{ target_hosts }}" 4 | gather_facts: no 5 | serial: 1 6 | tags: ['ds','edge'] 7 | vars: 8 | property_folders: 9 | - "~/.apigee-secure" 10 | - "~/.apigee" 11 | roles: 12 | - { role: apigee-opdk-modules, tags: ['minimum', 'config', 'ds-config'] } 13 | - { role: apigee-opdk-settings-private-address, tags: ['minimum', 'cache', 'ds', 'ms', 'rmp', 'r', 'mp', 'qpid', 'pg', 'pgmaster', 'pgstandby', 'org', 'validate', 'validate-cleanup'] } 14 | - { role: apigee-opdk-settings-management-server, tags: ['minimum', 'cache', 'ds', 'ms', 'rmp', 'r', 'mp', 'qpid', 'pg', 'pgmaster', 'pgstandby', 'org', 'validate', 'validate-cleanup'] } 15 | - { role: apigee-opdk-settings-ldap, tags: ['minimum', 'cache', 'ds', 'ms', 'rmp', 'r', 'mp', 'qpid', 'pg', 'pgmaster', 'pgstandby', 'org', 'validate', 'validate-cleanup'] } 16 | - { role: apigee-opdk-settings-region, tags: ['minimum', 'cache', 'ds', 'ms', 'rmp', 'r', 'mp', 'qpid', 'pg', 'pgmaster', 'pgstandby', 'org', 'validate', 'validate-cleanup'] } 17 | - { role: apigee-opdk-settings-cassandra, tags: ['minimum', 'cache', 'ds', 'ms', 'rmp', 'r', 'mp', 'qpid', 'pg', 'pgmaster', 'pgstandby', 'org', 'validate', 'validate-cleanup'] } 18 | - { role: apigee-opdk-settings-postgres, tags: ['minimum', 'cache', 'ds', 'ms', 'rmp', 'r', 'mp', 'qpid', 'pg', 'pgmaster', 'pgstandby', 'org', 'validate', 'validate-cleanup'] } 19 | - { role: apigee-opdk-setup-silent-installation-config, tags: ['minimum', 'config', 'ds-config'] } 20 | - { role: apigee-opdk-setup-cassandra-registration } 21 | - { role: apigee-opdk-start-components, tags: ['ds-start', 'start'] } 22 | - { role: apigee-opdk-cassandra-rebuild } 23 | - { role: apigee-opdk-setup-status, tags: ['ds-status', 'status'] } 24 | 25 | -------------------------------------------------------------------------------- /post-installation/expand-planet-regions/requirements.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Ansible Roles for Setting Operating System Requirements 3 | - src: https://github.com/carlosfrias/apigee-opdk-setup-apigee-user.git 4 | 5 | - src: https://github.com/carlosfrias/apigee-opdk-setup-apigee-user-ownership.git 6 | 7 | - src: https://github.com/carlosfrias/apigee-opdk-setup-os-common.git 8 | 9 | - src: https://github.com/carlosfrias/apigee-opdk-setup-os-minimum.git 10 | 11 | - src: https://github.com/carlosfrias/apigee-opdk-setup-os-limits.git 12 | 13 | - src: https://github.com/carlosfrias/apigee-opdk-setup-os-epel.git 14 | 15 | - src: https://github.com/carlosfrias/apigee-opdk-setup-os-sysctl.git 16 | 17 | - src: https://github.com/carlosfrias/apigee-opdk-setup-os-postgres.git 18 | 19 | - src: https://github.com/carlosfrias/apigee-opdk-setup-openjdk.git 20 | 21 | - src: https://github.com/carlosfrias/apigee-opdk-setup-selinux-disable.git 22 | 23 | - src: https://github.com/carlosfrias/apigee-opdk-shutdown-iptables.git 24 | 25 | - src: https://github.com/carlosfrias/apigee-opdk-yum-repository-proxy-config.git 26 | 27 | - src: https://github.com/carlosfrias/apigee-opdk-yum-packages.git 28 | 29 | - src: https://github.com/carlosfrias/apigee-server-restart.git 30 | 31 | 32 | # Ansible Roles for Bootstrap Installation and Setup 33 | - src: https://github.com/carlosfrias/apigee-opdk-setup-bootstrap.git 34 | 35 | - src: https://github.com/carlosfrias/apigee-opdk-setup-bootstrap-archive-installer.git 36 | 37 | - src: https://github.com/carlosfrias/apigee-opdk-setup-component-install.git 38 | 39 | 40 | # Ansible Roles for Component Installation and Setup 41 | - src: https://github.com/carlosfrias/apigee-opdk-setup-silent-installation-config.git 42 | 43 | - src: https://github.com/carlosfrias/apigee-opdk-setup-component.git 44 | 45 | - src: https://github.com/carlosfrias/apigee-opdk-setup-component-installer.git 46 | 47 | - src: https://github.com/carlosfrias/apigee-opdk-setup-java-home.git 48 | 49 | - src: https://github.com/carlosfrias/apigee-opdk-setup-postgres-config.git 50 | 51 | - src: https://github.com/carlosfrias/apigee-opdk-setup-postgres-master.git 52 | 53 | - src: https://github.com/carlosfrias/apigee-opdk-setup-postgres-standby.git 54 | 55 | - src: https://github.com/carlosfrias/apigee-opdk-setup-status.git 56 | 57 | - src: https://github.com/carlosfrias/apigee-opdk-modules.git 58 | 59 | - src: https://github.com/carlosfrias/apigee-opdk-server-self.git 60 | 61 | - src: https://github.com/carlosfrias/apigee-opdk-start-components.git 62 | 63 | - src: https://github.com/carlosfrias/apigee-opdk-stop-components.git 64 | 65 | - src: https://github.com/carlosfrias/apigee-opdk-setup-license.git 66 | 67 | - src: https://github.com/carlosfrias/apigee-opdk-settings-ldap.git 68 | 69 | - src: https://github.com/carlosfrias/apigee-opdk-settings-management-server.git 70 | 71 | - src: https://github.com/carlosfrias/apigee-opdk-settings-postgres.git 72 | 73 | - src: https://github.com/carlosfrias/apigee-opdk-settings-private-address.git 74 | 75 | - src: https://github.com/carlosfrias/apigee-opdk-settings-cassandra.git 76 | 77 | - src: https://github.com/carlosfrias/apigee-opdk-settings-region.git 78 | 79 | - src: https://github.com/carlosfrias/apigee-opdk-setup-scopes-add.git 80 | 81 | #- src: https://github.com/carlosfrias/apigee-opdk-setup-env-vars.git 82 | 83 | - src: https://github.com/carlosfrias/apigee-opdk-server-registration-state.git 84 | 85 | - src: https://github.com/carlosfrias/apigee-opdk-setup-cassandra-registration.git 86 | 87 | 88 | # Ansible Roles for Creating and Configuring Orgs 89 | - src: https://github.com/carlosfrias/apigee-opdk-setup-org-config.git 90 | 91 | - src: https://github.com/carlosfrias/apigee-opdk-setup-org.git 92 | 93 | - src: https://github.com/carlosfrias/apigee-opdk-setup-validate.git 94 | 95 | - src: https://github.com/carlosfrias/apigee-opdk-setup-validate-cleanup.git 96 | 97 | - src: https://github.com/carlosfrias/apigee-opdk-cassandra-rebuild.git 98 | 99 | -------------------------------------------------------------------------------- /post-installation/manage-virtual-hosts/create-vh.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Collect server info into cache 3 | hosts: ms 4 | gather_facts: no 5 | roles: 6 | - { role: apigee-opdk-modules } 7 | - { role: apigee-opdk-settings-region } 8 | - { role: apigee-opdk-settings-private-address } 9 | - { role: apigee-opdk-settings-management-server } 10 | 11 | - name: Configure Organizations, Environments and Virtual Hosts 12 | hosts: ms[0] 13 | gather_facts: no 14 | vars: 15 | # Default for first_name in creating new user 16 | first_name: Carlos 17 | 18 | # Default for last_name in creating new user 19 | last_name: Frias 20 | 21 | # Version of OPDK to work with 22 | opdk_version: 4.18.05 23 | 24 | # Virtual Host Port 25 | virtual_host_port: 9002 26 | 27 | # Virtual Host Name to use inside of Edge 28 | virtual_host_name: virtual-host-2 29 | 30 | # Load balancer fqdn or IP if available, if not available the RMP addresses will be used 31 | # load_balancer: 32 | 33 | # Analytics group to use with this virtual host 34 | ax_group: axgroup001 35 | 36 | # Folder containing credentials 37 | property_folders: 38 | - "~/.apigee-secure" 39 | 40 | # Orgs and environments to define and associate with this virtual host 41 | tenants: 42 | - { org: opdk, env: test, new_user: 'n' } 43 | # - { org: opdk, env: prod, new_user: 'n' } 44 | 45 | roles: 46 | - { role: apigee-opdk-modules } 47 | - { role: apigee-opdk-setup-org-config} 48 | - { role: apigee-opdk-setup-org} 49 | -------------------------------------------------------------------------------- /post-installation/manage-virtual-hosts/requirements.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - src: https://github.com/carlosfrias/apigee-opdk-modules.git 3 | 4 | - src: https://github.com/carlosfrias/apigee-opdk-settings-region.git 5 | 6 | - src: https://github.com/carlosfrias/apigee-opdk-settings-management-server.git 7 | 8 | - src: https://github.com/carlosfrias/apigee-opdk-settings-private-address.git 9 | 10 | - src: https://github.com/carlosfrias/apigee-opdk-setup-org.git 11 | 12 | - src: https://github.com/carlosfrias/apigee-opdk-setup-org-config.git 13 | 14 | - src: https://github.com/carlosfrias/apigee-opdk-setup-scopes-add.git 15 | 16 | -------------------------------------------------------------------------------- /post-installation/remove/remove-components/remove-analytics.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Playbook to remove analytics 3 | hosts: "{{ target_hosts }}" 4 | strategy: free 5 | gather_facts: no 6 | 7 | vars: 8 | remove_apigee: true 9 | clear_logs: true 10 | property_folders: 11 | - '~/.apigee' 12 | - '~/.apigee-secure' 13 | 14 | roles: 15 | - { role: apigee-opdk-modules } 16 | - { role: apigee-opdk-settings-private-address, tags: ['minimum', 'cache', 'ds', 'ms', 'rmp', 'r', 'mp', 'qpid', 'pg', 'pgmaster', 'pgstandby', 'org', 'validate', 'validate-cleanup'] } 17 | - { role: apigee-opdk-settings-management-server, tags: ['minimum', 'cache', 'ds', 'ms', 'rmp', 'r', 'mp', 'qpid', 'pg', 'pgmaster', 'pgstandby', 'org', 'validate', 'validate-cleanup'] } 18 | - { role: apigee-opdk-settings-ldap, tags: ['minimum', 'cache', 'ds', 'ms', 'rmp', 'r', 'mp', 'qpid', 'pg', 'pgmaster', 'pgstandby', 'org', 'validate', 'validate-cleanup'] } 19 | - { role: apigee-opdk-settings-region, tags: ['minimum', 'cache', 'ds', 'ms', 'rmp', 'r', 'mp', 'qpid', 'pg', 'pgmaster', 'pgstandby', 'org', 'validate', 'validate-cleanup'] } 20 | - { role: apigee-opdk-settings-cassandra, tags: ['minimum', 'cache', 'ds', 'ms', 'rmp', 'r', 'mp', 'qpid', 'pg', 'pgmaster', 'pgstandby', 'org', 'validate', 'validate-cleanup'] } 21 | - { role: apigee-opdk-settings-postgres, tags: ['minimum', 'cache', 'ds', 'ms', 'rmp', 'r', 'mp', 'qpid', 'pg', 'pgmaster', 'pgstandby', 'org', 'validate', 'validate-cleanup'] } 22 | - { role: apigee-opdk-server-self, server_types: ['qs'], tags: ['self'] } 23 | - { role: apigee-opdk-server-self, server_types: ['ps'], tags: ['self'] } 24 | - { role: apigee-opdk-setup-postgres-remove } 25 | - { role: apigee-opdk-setup-qpid-remove } 26 | - { role: apigee-opdk-setup-scopes-remove } 27 | - { role: apigee-opdk-setup-axgroup-remove } 28 | - { role: apigee-opdk-setup-bootstrap-rollback, tags: ['rollback'] } 29 | - { role: apigee-server-restart, tags: ['restart'] } 30 | 31 | -------------------------------------------------------------------------------- /post-installation/remove/remove-components/remove-apigee.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Playbook to remove apigee 3 | hosts: "{{ target_hosts }}" 4 | strategy: free 5 | gather_facts: no 6 | 7 | vars: 8 | remove_apigee: true 9 | clear_logs: true 10 | property_folders: 11 | - '~/.apigee' 12 | - '~/.apigee-secure' 13 | 14 | roles: 15 | - { role: apigee-opdk-modules } 16 | - { role: apigee-opdk-setup-bootstrap-rollback, tags: ['rollback-only'] } 17 | - { role: apigee-server-restart, tags: ['restart'] } 18 | 19 | -------------------------------------------------------------------------------- /post-installation/remove/remove-components/remove-cassandra.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Playbook to remove a cassandra 3 | hosts: "{{ target_hosts }}" 4 | gather_facts: no 5 | 6 | vars: 7 | nodetool: /opt/apigee/apigee-cassandra/bin/nodetool 8 | property_folders: 9 | - '~/.apigee' 10 | - '~/.apigee-secure' 11 | component_name: "apigee-cassandra" 12 | 13 | roles: 14 | - apigee-opdk-cassandra-repair 15 | - apigee-opdk-cassandra-rebuild 16 | 17 | tasks: 18 | - name: Backup component 19 | tags: ['backup'] 20 | import_role: 21 | name: apigee-opdk-backup 22 | 23 | - name: Assert variables exist 24 | assert: 25 | that: 26 | - private_address is defined and private_address | trim | length > 0 27 | - nodetool is defined and nodetool | trim | length > 0 28 | msg: "Please provide the missing attribute" 29 | 30 | - name: Assert nodetool_delegate has been indicated 31 | assert: 32 | that: 33 | - nodetool_delegate is defined and nodetool_delegate | ipaddr 34 | msg: "Please provide the IP address of the nodetool_delegate attribute" 35 | 36 | - name: Cassandra target private address 37 | set_fact: 38 | target_cassandra_private_address: "{{ private_address }}" 39 | 40 | - name: Obtain Nodetool status 41 | shell: "{{ nodetool }} status | grep {{ target_cassandra_private_address }}" 42 | register: nodetool_status 43 | delegate_to: "{{ nodetool_delegate }}" 44 | 45 | - name: Obtain node UUID 46 | set_fact: 47 | cacheable: yes 48 | cassandra_uuid: "{{ nodetool_status.stdout.split(' ')[-3] }}" 49 | when: nodetool_status is defined 50 | 51 | - name: Decommission cassandra node 52 | command: "{{ apigee_service }} apigee-cassandra decommission" 53 | 54 | - block: 55 | - name: Remove node that is not a part of the ring 56 | command: "{{ nodetool }} removenode {{ cassandra_uuid }}" 57 | delegate_to: "{{ nodetool_delegate }}" 58 | 59 | rescue: 60 | - name: Remove node that is not a part of the ring, using removenode force 61 | ignore_errors: true 62 | command: "{{ nodetool }} removenode force {{ cassandra_uuid }} " 63 | delegate_to: "{{ nodetool_delegate }}" 64 | 65 | - name: Remove Cassandra 66 | include_tasks: remove-component.yml 67 | -------------------------------------------------------------------------------- /post-installation/remove/remove-components/remove-component.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Assert component_name exists 3 | assert: 4 | that: 5 | - component_name is defined 6 | msg: "Please provide the component_name" 7 | 8 | - name: Stop component 9 | import_role: 10 | name: apigee-opdk-stop-components 11 | 12 | - name: Uninstall component 13 | tags: ['uninstall'] 14 | ignore_errors: yes 15 | shell: "/opt/apigee/apigee-service/bin/apigee-service {{ component_name }} uninstall" 16 | args: 17 | removes: "{{ apigee_home }}/{{ component_name }}" 18 | when: apigee_service is defined and apigee_service | trim | length > 0 19 | 20 | - name: Remove component files 21 | tags: ['remove'] 22 | become: yes 23 | file: 24 | path: '{{ apigee_home }}/data/{{ component_name }}' 25 | state: absent 26 | follow: yes 27 | -------------------------------------------------------------------------------- /post-installation/remove/remove-components/remove-message-processsor.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Playbook to remove a message processor 3 | hosts: "{{ target_hosts }}" 4 | gather_facts: no 5 | 6 | vars: 7 | property_folders: 8 | - '~/.apigee' 9 | - '~/.apigee-secure' 10 | component_name: "edge-message-processor" 11 | orgs_envs: 12 | - { org_name: "opdk", env_name: "test" } 13 | 14 | roles: 15 | - { role: apigee-opdk-modules } 16 | - { role: apigee-opdk-server-self, server_types: ['mp'] } 17 | 18 | tasks: 19 | - name: Set attributes if available 20 | set_fact: 21 | uuid: "{{ edge_mp_self.uUID }}" 22 | pod_name: "{{ edge_mp_self.pod }}" 23 | 24 | - name: Assert variables exist 25 | assert: 26 | that: 27 | - region is defined and region | trim | length > 0 28 | - pod_name is defined and pod_name | trim | length > 0 29 | - uuid is defined and uuid | trim | length > 0 30 | - opdk_user_email is defined 31 | - opdk_user_pass is defined 32 | msg: "Please provide the missing attribute" 33 | 34 | - name: Deregister Message Processor from the organization's environments 35 | uri: 36 | url: "http://{{ local_mgmt_ip }}:8080/v1/o/{{ item.org_name }}/e/{{ item.env_name }}/servers" 37 | method: POST 38 | user: '{{ opdk_user_email }}' 39 | password: '{{ opdk_user_pass }}' 40 | body_format: 'form-urlencoded' 41 | body: 42 | uuid: '{{ uuid }}' 43 | action: 'remove' 44 | pod: "{{ pod_name }}" 45 | region: "{{ region }}" 46 | with_items: "{{ orgs_envs }}" 47 | 48 | - name: Deregister server's type 49 | uri: 50 | url: "http://{{ local_mgmt_ip }}:8080/v1/servers" 51 | method: POST 52 | user: '{{ opdk_user_email }}' 53 | password: '{{ opdk_user_pass }}' 54 | force: yes 55 | status_code: ['200', '404'] 56 | body_format: 'form-urlencoded' 57 | body: 58 | uuid: '{{ uuid }}' 59 | region: '{{ region }}' 60 | pod: '{{ pod_name }}' 61 | type: 'message-processor' 62 | action: 'remove' 63 | 64 | - name: Delete the server 65 | shell: "curl -v -u {{ opdk_user_email }}:{{ opdk_user_pass }} -X DELETE http://{{ local_mgmt_ip }}:8080/v1/servers/{{ uuid }}" 66 | 67 | # This isn't working and the curl is necessary. 68 | # - name: Delete the server 69 | # uri: 70 | # url: "http://{{ local_mgmt_ip }}:8080/v1/servers/{{ uuid }}" 71 | # method: DELETE 72 | # user: '{{ opdk_user_email }}' 73 | # password: '{{ opdk_user_pass }}' 74 | # body_format: 'form-urlencoded' 75 | # force: yes 76 | # force_basic_auth: yes 77 | 78 | - name: Remove message processor 79 | include_tasks: remove-component.yml 80 | -------------------------------------------------------------------------------- /post-installation/remove/remove-components/remove-router.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Playbook to remove a router 3 | hosts: "{{ target_hosts }}" 4 | gather_facts: no 5 | 6 | vars: 7 | property_folders: 8 | - '~/.apigee' 9 | - '~/.apigee-secure' 10 | component_name: "edge-router" 11 | 12 | roles: 13 | - { role: apigee-opdk-modules } 14 | - { role: apigee-opdk-server-self, server_types: ['router'] } 15 | 16 | tasks: 17 | - name: Set attributes if available 18 | set_fact: 19 | uuid: "{{ edge_router_self.uUID }}" 20 | pod_name: "{{ edge_router_self.pod }}" 21 | 22 | - name: Assert variables exist 23 | assert: 24 | that: 25 | - region is defined and region | trim | length > 0 26 | - pod_name is defined and pod_name | trim | length > 0 27 | - uuid is defined and uuid | trim | length > 0 28 | - opdk_user_email is defined 29 | - opdk_user_pass is defined 30 | msg: "Please provide the missing attribute" 31 | 32 | - name: Deregister server's type 33 | uri: 34 | url: "http://{{ local_mgmt_ip }}:8080/v1/servers" 35 | method: POST 36 | user: '{{ opdk_user_email }}' 37 | password: '{{ opdk_user_pass }}' 38 | status_code: ['200','404'] 39 | body_format: 'form-urlencoded' 40 | body: 41 | uuid: '{{ uuid }}' 42 | region: '{{ region }}' 43 | pod_name: '{{ pod_name }}' 44 | type: 'router' 45 | action: 'remove' 46 | 47 | - name: Delete the server 48 | uri: 49 | url: http://{{ local_mgmt_ip }}:8080/v1/servers/{{ uuid }} 50 | method: DELETE 51 | status_code: ['200','404'] 52 | user: '{{ opdk_user_email }}' 53 | password: '{{ opdk_user_pass }}' 54 | 55 | - name: Remove Router 56 | include_tasks: remove-component.yml 57 | -------------------------------------------------------------------------------- /post-installation/remove/remove-components/remove-zookeeper.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Playbook to remove zookeeper 3 | hosts: "{{ target_hosts }}" 4 | gather_facts: no 5 | 6 | vars: 7 | property_folders: 8 | - '~/.apigee' 9 | - '~/.apigee-secure' 10 | component_name: "apigee-zookeeper" 11 | 12 | tasks: 13 | - name: Backup component 14 | tags: ['backup'] 15 | import_role: 16 | name: apigee-opdk-backup 17 | 18 | - name: Remove Zookeeper 19 | include_tasks: remove-component.yml 20 | -------------------------------------------------------------------------------- /post-installation/remove/remove-components/requirements.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - src: https://github.com/carlosfrias/apigee-opdk-backup.git 3 | 4 | - src: https://github.com/carlosfrias/apigee-opdk-start-components.git 5 | 6 | - src: https://github.com/carlosfrias/apigee-opdk-stop-components.git 7 | 8 | - src: https://github.com/carlosfrias/apigee-opdk-setup-bootstrap-rollback.git 9 | 10 | - src: https://github.com/carlosfrias/apigee-opdk-setup-postgres-remove.git 11 | 12 | - src: https://github.com/carlosfrias/apigee-opdk-setup-qpid-remove.git 13 | 14 | - src: https://github.com/carlosfrias/apigee-opdk-setup-scopes-remove.git 15 | 16 | - src: https://github.com/carlosfrias/apigee-opdk-setup-axgroup-remove.git 17 | 18 | - src: https://github.com/carlosfrias/apigee-opdk-server-self.git 19 | 20 | - src: https://github.com/carlosfrias/apigee-opdk-modules.git 21 | 22 | - src: https://github.com/carlosfrias/apigee-opdk-settings-private-address.git 23 | 24 | - src: https://github.com/carlosfrias/apigee-opdk-settings-management-server.git 25 | 26 | - src: https://github.com/carlosfrias/apigee-opdk-settings-ldap.git 27 | 28 | - src: https://github.com/carlosfrias/apigee-opdk-settings-region.git 29 | 30 | - src: https://github.com/carlosfrias/apigee-opdk-settings-cassandra.git 31 | 32 | - src: https://github.com/carlosfrias/apigee-opdk-settings-postgres.git 33 | 34 | -------------------------------------------------------------------------------- /post-installation/remove/remove-environment/remove-all-environments.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Update local cache 3 | hosts: edge 4 | gather_facts: no 5 | tags: ['cache'] 6 | vars: 7 | property_folders: 8 | - "~/.apigee" 9 | roles: 10 | - { role: apigee-opdk-modules } 11 | - { role: apigee-opdk-setup-openjdk-cache, jdk_version: '1.8' } 12 | - { role: apigee-opdk-settings-private-address } 13 | - { role: apigee-opdk-settings-management-server } 14 | - { role: apigee-opdk-settings-ldap } 15 | - { role: apigee-opdk-settings-region } 16 | - { role: apigee-opdk-settings-cassandra } 17 | - { role: apigee-opdk-settings-postgres } 18 | - { role: apigee-opdk-setup-bootstrap-cache } 19 | 20 | - name: Remove virtual hosts 21 | hosts: ms[0] 22 | gather_facts: no 23 | vars: 24 | property_folders: 25 | - "~/.apigee-secure" 26 | roles: 27 | - { role: apigee-opdk-modules } 28 | 29 | tasks: 30 | 31 | - name: Assert the organization name 32 | assert: 33 | that: 34 | - org_name is defined and org_name | trim | length > 0 35 | msg: Please provide the organization name from which to remove all environments. 36 | 37 | - name: Obtain list of environments from org 38 | uri: 39 | url: "http://{{ local_mgmt_ip }}:{{ ms_port }}/v1/o/{{ org_name }}/e" 40 | user: "{{ opdk_user_email }}" 41 | password: "{{ opdk_user_pass }}" 42 | register: list 43 | 44 | - name: Delete all environments from org 45 | uri: 46 | url: "http://{{ local_mgmt_ip }}:{{ ms_port }}/v1/o/{{ org_name }}/e/{{ item }}" 47 | user: "{{ opdk_user_email }}" 48 | password: "{{ opdk_user_pass }}" 49 | method: DELETE 50 | with_items: "{{ list.json }}" 51 | -------------------------------------------------------------------------------- /post-installation/remove/remove-environment/remove-environment.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Update local cache 3 | hosts: edge 4 | gather_facts: no 5 | tags: ['cache'] 6 | vars: 7 | property_folders: 8 | - "~/.apigee" 9 | 10 | roles: 11 | - { role: apigee-opdk-modules } 12 | - { role: apigee-opdk-setup-openjdk-cache, jdk_version: '1.8' } 13 | - { role: apigee-opdk-settings-private-address } 14 | - { role: apigee-opdk-settings-management-server } 15 | - { role: apigee-opdk-settings-ldap } 16 | - { role: apigee-opdk-settings-region } 17 | - { role: apigee-opdk-settings-cassandra } 18 | - { role: apigee-opdk-settings-postgres } 19 | 20 | - name: Remove virtual hosts 21 | hosts: ms[0] 22 | gather_facts: no 23 | vars: 24 | property_folders: 25 | - "~/.apigee-secure" 26 | 27 | roles: 28 | - { role: apigee-opdk-modules } 29 | 30 | tasks: 31 | - name: Assert the environment name 32 | assert: 33 | that: 34 | - org_name is defined and org_name | trim | length > 0 35 | - env_name is defined and env_name | trim | length > 0 36 | msg: Please provide the environment name to remove from an organization. 37 | 38 | - name: Delete environment 39 | uri: 40 | url: "http://{{ local_mgmt_ip }}:{{ ms_port }}/v1/o/{{ org_name }}/e/{{ env_name }}" 41 | user: "{{ opdk_user_email }}" 42 | password: "{{ opdk_user_pass }}" 43 | method: DELETE 44 | -------------------------------------------------------------------------------- /post-installation/remove/remove-environment/requirements.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - src: https://github.com/carlosfrias/apigee-opdk-modules.git 3 | 4 | - src: https://github.com/carlosfrias/apigee-opdk-settings-region.git 5 | 6 | - src: https://github.com/carlosfrias/apigee-opdk-settings-management-server.git 7 | 8 | - src: https://github.com/carlosfrias/apigee-opdk-settings-private-address.git 9 | 10 | 11 | -------------------------------------------------------------------------------- /post-installation/remove/remove-pods/remove-all-pods.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Remove servers 3 | hosts: ms[0] 4 | gather_facts: no 5 | vars: 6 | org: VALIDATE 7 | property_folders: 8 | - "~/.apigee-secure" 9 | roles: 10 | - { role: apigee-opdk-modules } 11 | - { role: apigee-opdk-settings-region } 12 | - { role: apigee-opdk-settings-private-address } 13 | - { role: apigee-opdk-settings-management-server } 14 | 15 | tasks: 16 | - name: Obtain list of environments for organizations 17 | uri: 18 | url: "http://{{ local_mgmt_ip }}:{{ ms_port }}/v1/o/{{ org }}/pods" 19 | user: "{{ opdk_user_email }}" 20 | password: "{{ opdk_user_pass }}" 21 | register: pod_list 22 | 23 | - name: Delete pods 24 | uri: 25 | url: "http://{{ local_mgmt_ip }}:{{ ms_port }}/v1/o/{{ org }}/pods" 26 | user: "{{ opdk_user_email }}" 27 | password: "{{ opdk_user_pass }}" 28 | method: DELETE 29 | body_format: form-urlencoded 30 | body: 31 | action: "remove" 32 | region: "{{ region }}" 33 | pod: "{{ item.name }}" 34 | with_items: "{{ pod_list.json }}" 35 | -------------------------------------------------------------------------------- /post-installation/remove/remove-servers/delete-servers-by-environment.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Obtain list of servers for the environment 3 | uri: 4 | url: "http://{{ local_mgmt_ip }}:{{ ms_port }}/v1/o/{{ org }}/e/{{ each_env }}/servers" 5 | user: "{{ opdk_user_email }}" 6 | password: "{{ opdk_user_pass }}" 7 | register: server_uuids 8 | 9 | - name: Delete servers from environment 10 | uri: 11 | url: "http://{{ local_mgmt_ip }}:{{ ms_port }}/v1/organizations/{{ org }}/environments/{{ each_env }}/servers" 12 | user: "{{ opdk_user_email }}" 13 | password: "{{ opdk_user_pass }}" 14 | method: POST 15 | body_format: form-urlencoded 16 | body: 17 | action: "remove" 18 | uuid: "{{ item }}" 19 | region: "{{ region }}" 20 | pod: "{{ pod }}" 21 | with_items: "{{ server_uuids.json }}" 22 | -------------------------------------------------------------------------------- /post-installation/remove/remove-servers/remove.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Remove servers 3 | hosts: ms[0] 4 | gather_facts: no 5 | vars: 6 | org: VALIDATE 7 | env: dev 8 | pod: gateway 9 | property_folders: 10 | - "~/.apigee-secure" 11 | roles: 12 | - { role: apigee-opdk-modules } 13 | - { role: apigee-opdk-settings-region } 14 | - { role: apigee-opdk-settings-private-address } 15 | - { role: apigee-opdk-settings-management-server } 16 | 17 | tasks: 18 | - name: Obtain list of environments for organizations 19 | uri: 20 | url: "http://{{ local_mgmt_ip }}:{{ ms_port }}/v1/o/{{ org }}/e" 21 | user: "{{ opdk_user_email }}" 22 | password: "{{ opdk_user_pass }}" 23 | register: env_list 24 | 25 | - name: Obtain list of servers by environment 26 | include_tasks: delete-servers-by-environment.yml 27 | with_items: "{{ env_list.json }}" 28 | loop_control: 29 | loop_var: each_env 30 | 31 | -------------------------------------------------------------------------------- /post-installation/remove/remove-servers/requirements.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - src: https://github.com/carlosfrias/apigee-opdk-modules.git 3 | 4 | - src: https://github.com/carlosfrias/apigee-opdk-settings-region.git 5 | 6 | - src: https://github.com/carlosfrias/apigee-opdk-settings-management-server.git 7 | 8 | - src: https://github.com/carlosfrias/apigee-opdk-settings-private-address.git 9 | 10 | 11 | -------------------------------------------------------------------------------- /post-installation/remove/remove-virtualhosts/remove.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Remove virtual hosts 3 | hosts: ms[0] 4 | gather_facts: no 5 | vars: 6 | org: opdk 7 | env: test 8 | property_folders: 9 | - "~/.apigee-secure" 10 | roles: 11 | - { role: apigee-opdk-modules } 12 | - { role: apigee-opdk-settings-region } 13 | - { role: apigee-opdk-settings-private-address } 14 | - { role: apigee-opdk-settings-management-server } 15 | 16 | tasks: 17 | - name: Obtain list of virtual hosts 18 | uri: 19 | url: "http://{{ local_mgmt_ip }}:{{ ms_port }}/v1/o/{{ org }}/e/{{ env }}/virtualhosts" 20 | user: "{{ opdk_user_email }}" 21 | password: "{{ opdk_user_pass }}" 22 | register: list 23 | 24 | - name: Delete virtual hosts 25 | uri: 26 | url: "http://{{ local_mgmt_ip }}:{{ ms_port }}/v1/o/{{ org }}/e/{{ env }}/virtualhosts/{{ item }}" 27 | user: "{{ opdk_user_email }}" 28 | password: "{{ opdk_user_pass }}" 29 | method: DELETE 30 | with_items: "{{ list.json }}" 31 | -------------------------------------------------------------------------------- /post-installation/remove/remove-virtualhosts/requirements.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - src: https://github.com/carlosfrias/apigee-opdk-modules.git 3 | 4 | - src: https://github.com/carlosfrias/apigee-opdk-settings-region.git 5 | 6 | - src: https://github.com/carlosfrias/apigee-opdk-settings-management-server.git 7 | 8 | - src: https://github.com/carlosfrias/apigee-opdk-settings-private-address.git 9 | 10 | 11 | -------------------------------------------------------------------------------- /post-installation/restart-planet/README.md: -------------------------------------------------------------------------------- 1 | # Restart an Apigee Planet 2 | 3 | It is sometimes necessary to restart an Apigee Planet. This could mean that you only need to restart components so that 4 | configuration updates can take effect or perhaps the node itself should be restarted. Two playbooks are provided so that 5 | you can make use of what is necessary. 6 | 7 | ## Usage 8 | To make use of this playbook it is necessary to ensure you have installed the Ansible roles that are required. Please 9 | install the Ansible roles using Ansible Galaxy as follows: 10 | 11 | cd ~/apigee-opdk-accelerator/post-installation/restart-planet 12 | ansible-galaxy install -r requirements.yml -f 13 | 14 | ## Usage: Restarting Apigee Components 15 | To restart Apigee Components, please ensure that you have installed the Ansible roles as indicated above and then 16 | follow these steps: 17 | 18 | cd ~/apigee-opdk-accelerator/post-installation/restart-planet 19 | ansible-playbook restart-apigee-components.yml 20 | 21 | ## Usage: Restarting Apigee Servers 22 | To restart server nodes that are running Apigee Components we recommend that you first stop Apigee Components and then 23 | restart the servers. This can be accomplished as indicated below. Please ensure that you have installed the Ansible 24 | roles as indicated above and then follow these steps: 25 | 26 | cd ~/apigee-opdk-accelerator/post-installation/restart-planet 27 | ansible-playbook restart-apigee-servers.yml 28 | 29 | -------------------------------------------------------------------------------- /post-installation/restart-planet/requirements.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - src: https://github.com/carlosfrias/apigee-opdk-modules.git 4 | 5 | - src: https://github.com/carlosfrias/apigee-opdk-start-components.git 6 | 7 | - src: https://github.com/carlosfrias/apigee-opdk-stop-components.git 8 | 9 | - src: https://github.com/carlosfrias/apigee-server-restart.git 10 | -------------------------------------------------------------------------------- /post-installation/restart-planet/restart-apigee-components.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Restart of Apigee Planet Components 3 | hosts: ds,ms,rmp,qpid,pg 4 | serial: 1 5 | strategy: free 6 | tags: ['restart', 'start'] 7 | vars: 8 | property_folders: 9 | - "~/.apigee-secure" 10 | - "~/.apigee" 11 | roles: 12 | - { role: apigee-opdk-modules } 13 | - { role: apigee-opdk-stop-components } 14 | - { role: apigee-opdk-start-components } 15 | 16 | -------------------------------------------------------------------------------- /post-installation/restart-planet/restart-apigee-servers.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Restart of Apigee Planet Components 3 | hosts: ds,ms,rmp,qpid,pg 4 | serial: 1 5 | strategy: free 6 | tags: ['restart', 'start'] 7 | vars: 8 | property_folders: 9 | - "~/.apigee-secure" 10 | - "~/.apigee" 11 | roles: 12 | - { role: apigee-opdk-modules } 13 | - { role: apigee-opdk-stop-components } 14 | - { role: apigee-server-restart } 15 | - { role: apigee-opdk-start-components } 16 | 17 | -------------------------------------------------------------------------------- /post-installation/teams/enable-teams-on-org.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Enable Teams on an org 3 | hosts: ms 4 | gather_facts: no 5 | vars: 6 | property_folders: 7 | - "~/.apigee-secure" 8 | - "~/.apigee" 9 | roles: 10 | - { role: apigee-opdk-modules } 11 | - { role: apigee-opdk-settings-private-address, tags: ['minimum', 'cache', 'ds', 'ms', 'rmp', 'r', 'mp', 'qpid', 'pg', 'pgmaster', 'pgstandby', 'org', 'validate', 'validate-cleanup'] } 12 | - { role: apigee-opdk-settings-management-server, tags: ['minimum', 'cache', 'ds', 'ms', 'rmp', 'r', 'mp', 'qpid', 'pg', 'pgmaster', 'pgstandby', 'org', 'validate', 'validate-cleanup'] } 13 | 14 | tasks: 15 | - name: Enable teams on org 16 | uri: 17 | url: "http://{{ local_mgmt_ip }}:{{ ms_port }}/v1/o/{{ org_name }}" 18 | method: "POST" 19 | user: "{{ opdk_user_email }}" 20 | password: "{{ opdk_user_pass }}" 21 | force_basic_auth: "yes" 22 | body_format: "json" 23 | body: 24 | name: "{{ org_name }}" 25 | properties: 26 | property: 27 | - name: features.isTeamsEnabled 28 | value: true 29 | 30 | -------------------------------------------------------------------------------- /post-installation/unlock-edge-user-account/apigee-openldap.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Unlock user 3 | hosts: ms 4 | gather_facts: no 5 | tags: ['unlock-user'] 6 | vars: 7 | attribute_folders: 8 | - "~/.apigee-secure" 9 | roles: 10 | - apigee-opdk-modules 11 | tasks: 12 | - name: Unlock user 13 | uri: 14 | url: "http://{{ inventory_hostname }}:8080//v1/users/{{ userEmail }}/status?action=unlock" 15 | method: POST 16 | user: "{{ opdk_user_email }}" 17 | password: "{{ opdk_user_pass }}" 18 | -------------------------------------------------------------------------------- /post-installation/update-analytics-scope/requirements.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - src: https://github.com/carlosfrias/apigee-opdk-setup-scopes-add.git 3 | - src: https://github.com/carlosfrias/apigee-opdk-modules.git 4 | -------------------------------------------------------------------------------- /post-installation/update-analytics-scope/update.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Update scopes settings 3 | hosts: ms[0] 4 | gather_facts: no 5 | vars: 6 | property_folders: 7 | - "~/.apigee-secure" 8 | - "~/.apigee" 9 | ax_group: "axgroup001" 10 | org_name: opdk 11 | env_name: test 12 | roles: 13 | - apigee-opdk-setup-scopes-add 14 | -------------------------------------------------------------------------------- /post-installation/update-customer-properties/requirements.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - src: https://github.com/carlosfrias/apigee-opdk-cwc-update.git 3 | -------------------------------------------------------------------------------- /post-installation/update-customer-properties/update.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Update Customer Application Properties using Code with Config 3 | hosts: "{{ target_hosts }}" 4 | vars: 5 | cwc_properties: 6 | - { key: 'conf_http_HTTPClient.use.proxy', value: 'true', file_name: 'message-processor' } 7 | - { key: 'conf_http_HTTPClient.use.tunneling', value: 'false', file_name: 'message-processor' } 8 | - { key: 'conf/http.properties+HTTPClient.proxy.type', value: 'HTTP', file_name: 'message-processor' } 9 | - { key: 'conf/http.properties+HTTPClient.proxy.host', value: '{{ yum_proxy }}', file_name: 'message-processor' } 10 | - { key: 'conf/http.properties+HTTPClient.proxy.port', value: '{{ yum_proxy_port }}', file_name: 'message-processor' } 11 | - { key: 'conf/http.properties+HTTPClient.proxy.user', value: '{{ yum_proxy_username }}', file_name: 'message-processor' } 12 | - { key: 'conf/http.properties+HTTPClient.proxy.password', value: '{{ yum_proxy_password }}', file_name: 'message-processor' } 13 | property_folders: 14 | - "~/.apigee-secure" 15 | - "~/.apigee" 16 | roles: 17 | - { role: apigee-opdk-modules } 18 | - { role: apigee-opdk-cwc-update } 19 | -------------------------------------------------------------------------------- /post-installation/upgrade/requirements.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - src: https://github.com/carlosfrias/apigee-opdk-setup-component-installer 3 | 4 | - src: https://github.com/carlosfrias/apigee-opdk-setup-component 5 | 6 | - src: https://github.com/carlosfrias/apigee-opdk-setup-default-settings 7 | 8 | - src: https://github.com/carlosfrias/apigee-fetch-files 9 | 10 | - src: https://github.com/carlosfrias/apigee-opdk-setup-status 11 | 12 | - src: https://github.com/carlosfrias/apigee-opdk-start-components 13 | 14 | - src: https://github.com/carlosfrias/apigee-opdk-stop-components 15 | 16 | - src: https://github.com/carlosfrias/apigee-opdk-backup.git 17 | 18 | - src: https://github.com/carlosfrias/apigee-opdk-restore 19 | 20 | - src: https://github.com/carlosfrias/apigee-opdk-server-self 21 | 22 | - src: https://github.com/carlosfrias/apigee-opdk-update-component 23 | 24 | - src: https://github.com/carlosfrias/apigee-opdk-update-component-inplace 25 | 26 | - src: https://github.com/carlosfrias/apigee-opdk-setup-bootstrap 27 | 28 | - src: https://github.com/carlosfrias/apigee-opdk-iptables-flush 29 | 30 | - src: https://github.com/carlosfrias/apigee-opdk-iptables-port-block 31 | 32 | - src: https://github.com/carlosfrias/apigee-opdk-cache-update.git 33 | 34 | - src: https://github.com/carlosfrias/apigee-opdk-setup-java-home.git 35 | 36 | - src: https://github.com/carlosfrias/apigee-opdk-modules 37 | 38 | - src: https://github.com/carlosfrias/apigee-server-restart 39 | 40 | - src: https://github.com/carlosfrias/apigee-opdk-setup-postgres-standby 41 | 42 | - src: https://github.com/carlosfrias/apigee-opdk-cwc-update 43 | 44 | - src: https://github.com/carlosfrias/apigee-opdk-setup-postgres-db-upgrade 45 | 46 | - src: https://github.com/carlosfrias/apigee-opdk-setup-silent-installation-config 47 | 48 | - src: https://github.com/carlosfrias/apigee-opdk-setup-bootstrap-rollback 49 | 50 | - src: https://github.com/carlosfrias/apigee-opdk-setup-postgres-master 51 | 52 | - src: https://github.com/carlosfrias/apigee-opdk-setup-postgres-standby 53 | 54 | - src: https://github.com/carlosfrias/apigee-opdk-setup-apigee-user 55 | 56 | - src: https://github.com/carlosfrias/apigee-opdk-setup-license 57 | 58 | - src: https://github.com/carlosfrias/apigee-opdk-setup-apigee-user-ownership.git 59 | 60 | - src: https://github.com/carlosfrias/apigee-opdk-setup-postgres-config.git 61 | 62 | - src: https://github.com/carlosfrias/apigee-opdk-update-component-inplace.git 63 | 64 | - src: https://github.com/carlosfrias/apigee-opdk-setup-target-links.git 65 | 66 | - src: https://github.com/carlosfrias/apigee-opdk-update-component-qpidd.git 67 | 68 | - src: https://github.com/carlosfrias/apigee-opdk-settings-ldap.git 69 | 70 | - src: https://github.com/carlosfrias/apigee-opdk-settings-management-server.git 71 | 72 | - src: https://github.com/carlosfrias/apigee-opdk-settings-postgres.git 73 | 74 | - src: https://github.com/carlosfrias/apigee-opdk-settings-private-address.git 75 | 76 | - src: https://github.com/carlosfrias/apigee-opdk-settings-cassandra.git 77 | 78 | - src: https://github.com/carlosfrias/apigee-opdk-settings-region.git 79 | 80 | - src: https://github.com/carlosfrias/apigee-opdk-setup-bootstrap-archive-installer.git 81 | 82 | - src: https://github.com/carlosfrias/apigee-opdk-setup-validate.git 83 | 84 | - src: https://github.com/carlosfrias/apigee-opdk-setup-validate-cleanup.git 85 | 86 | - src: https://github.com/carlosfrias/apigee-opdk-setup-openjdk.git 87 | 88 | - src: https://github.com/carlosfrias/apigee-opdk-settings-qpid.git 89 | 90 | 91 | 92 | -------------------------------------------------------------------------------- /post-installation/validations/README.md: -------------------------------------------------------------------------------- 1 | # Validations Folder 2 | 3 | This folder contains Ansible playbooks that will execute validations to determine the status of 4 | used on the Apigee Edge platform. 5 | 6 | The available Apigee validations are: 7 | 8 | | Component Name | Description | 9 | |--- | --- | 10 | | [analytics](analytics) | Validate analytics configuration. | 11 | | [cassandra](cassandra) | Vallidate cassandra ring. | 12 | | [ldap](ldap) | Validate ldap configuration. | 13 | | [zookeeper](zookeeper) | Validate zookeeper configuration. | 14 | 15 | -------------------------------------------------------------------------------- /post-installation/validations/analytics/README.md: -------------------------------------------------------------------------------- 1 | # Analtics Validation 2 | This playbook will provide output of Analytics Validation evaluations. 3 | 4 | ## Usage: 5 | This is an Ansible script and require Ansible. Please follow the usage instructions below: 6 | 7 | ansible-galaxy install -r requirements -f 8 | ansible-playbook validate -e target_hosts= 9 | -------------------------------------------------------------------------------- /post-installation/validations/analytics/requirements.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - src: https://github.com/carlosfrias/apigee-opdk-setup-scopes-state.git 3 | 4 | - src: https://github.com/carlosfrias/apigee-opdk-server-self.git 5 | 6 | - src: https://github.com/carlosfrias/apigee-opdk-server-registration-state.git 7 | 8 | - src: https://github.com/carlosfrias/apigee-opdk-modules.git 9 | -------------------------------------------------------------------------------- /post-installation/validations/analytics/validate.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Apigee Postgres Master Check 3 | hosts: pgmaster 4 | gather_facts: no 5 | tags: ['check-master','replication'] 6 | vars: 7 | apigee_secure_folder: "~/.apigee-secure" 8 | vars_files: 9 | - "{{ apigee_secure_folder }}/credentials.yml" 10 | tasks: 11 | - name: Display Postgres Master Status Check 12 | shell: "{{ apigee_service }} apigee-postgresql postgres-check-master" 13 | 14 | - name: Apigee Postgres Standby Check 15 | hosts: pgstandby 16 | gather_facts: no 17 | tags: ['check-standby','replication'] 18 | vars: 19 | apigee_secure_folder: "~/.apigee-secure" 20 | vars_files: 21 | - "{{ apigee_secure_folder }}/credentials.yml" 22 | tasks: 23 | - name: Display Postgres Standby Status Check 24 | shell: "{{ apigee_service }} apigee-postgresql postgres-check-standby" 25 | 26 | - name: Apigee Postgres Self report 27 | hosts: pg 28 | gather_facts: no 29 | tags: ['self'] 30 | serial: 1 31 | vars: 32 | property_folders: 33 | - "~/.apigee-secure" 34 | - "~/.apigee" 35 | roles: 36 | - { role: apigee-opdk-modules } 37 | - { role: apigee-opdk-server-self, server_types: ['ps'], tags: ['self'] } 38 | 39 | - name: Apigee Postgres Registration Status 40 | hosts: pg 41 | gather_facts: no 42 | tags: ['registration'] 43 | 44 | vars: 45 | property_folders: 46 | - "~/.apigee-secure" 47 | - "~/.apigee" 48 | roles: 49 | - { role: apigee-opdk-modules } 50 | - { role: apigee-opdk-server-self, server_types: ['ps'], tags: ['self'] } 51 | - { role: apigee-opdk-server-registration-state, username: "{{ opdk_user_email }}", password: "{{ opdk_user_pass }}", server_self: "{{ edge_ps_self }}", mgmt_server_ip: "{{ local_mgmt_ip }}" } 52 | 53 | - name: Apigee Analytics group scope state 54 | hosts: ms[0] 55 | gather_facts: no 56 | tags: ['scope'] 57 | 58 | vars: 59 | property_folders: 60 | - "~/.apigee-secure" 61 | - "~/.apigee" 62 | roles: 63 | - { role: apigee-opdk-modules } 64 | - { role: apigee-opdk-setup-scopes-state, ax_group: "{{ scopes_axgroup | default('axgroup001') }}" } 65 | 66 | - name: Analytics status 67 | hosts: ms[0] 68 | gather_facts: no 69 | tags: ['axstatus'] 70 | 71 | vars: 72 | property_folders: 73 | - "~/.apigee-secure" 74 | - "~/.apigee" 75 | roles: 76 | - { role: apigee-opdk-modules } 77 | tasks: 78 | - name: List org and env provisioning axstatus 79 | uri: 80 | url: "http://127.0.0.1:8080/v1/organizations/{{ org_name }}/environments/{{ env_name }}/provisioning/axstatus" 81 | user: "{{ opdk_user_email }}" 82 | password: "{{ opdk_user_pass }}" 83 | 84 | - name: Analytics groups 85 | hosts: ms[0] 86 | gather_facts: no 87 | tags: ['axgroups'] 88 | 89 | vars: 90 | property_folders: 91 | - "~/.apigee-secure" 92 | - "~/.apigee" 93 | roles: 94 | - { role: apigee-opdk-modules } 95 | tasks: 96 | - name: List analytics groups 97 | uri: 98 | url: "http://127.0.0.1:8080/v1/analytics/groups/ax" 99 | user: "{{ opdk_user_email }}" 100 | password: "{{ opdk_user_pass }}" 101 | 102 | - name: Describe analytics fact table 103 | hosts: pgmaster 104 | gather_facts: no 105 | tags: ['axtables'] 106 | 107 | vars: 108 | property_folders: 109 | - "~/.apigee-secure" 110 | - "~/.apigee" 111 | roles: 112 | - { role: apigee-opdk-modules } 113 | tasks: 114 | - name: Describe postgres analytics table 115 | shell: /usr/bin/psql -h {{ apigee_home }}/var/run/apigee-postgresql -U {{ pg_user }} -d apigee -w -c '\d analytics."{{ org_name }}.{{ env_name }}.fact"' 116 | -------------------------------------------------------------------------------- /post-installation/validations/cassandra/requirements.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - src: https://github.com/carlosfrias/apigee-opdk-modules.git 3 | -------------------------------------------------------------------------------- /post-installation/validations/ldap/requirements.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - src: https://github.com/carlosfrias/apigee-opdk-modules.git 3 | 4 | - src: https://github.com/carlosfrias/apigee-opdk-port-check-settings.git 5 | -------------------------------------------------------------------------------- /post-installation/validations/ldap/validate.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: View LDAP system user 3 | hosts: ms 4 | gather_facts: no 5 | tags: ['ldap'] 6 | vars: 7 | property_folders: 8 | - "~/.apigee-secure" 9 | - "~/.apigee" 10 | roles: 11 | - apigee-opdk-modules 12 | - apigee-opdk-port-check-settings 13 | 14 | tasks: 15 | - name: Show LDAP system user 16 | shell: "ldapsearch -D 'cn=manager,dc=apigee,dc=com' -b 'dc=apigee,dc=com' -LLL -h {{ ansible_ssh_host }} -p {{ ldap_ports[0] }} -w {{ opdk_ldap_pass }}" 17 | 18 | - name: List Users 19 | hosts: ms 20 | gather_facts: no 21 | tags: ['users'] 22 | vars: 23 | property_folders: 24 | - "~/.apigee-secure" 25 | - "~/.apigee" 26 | roles: 27 | - apigee-opdk-modules 28 | - apigee-opdk-port-check-settings 29 | 30 | tasks: 31 | - name: List users 32 | uri: 33 | url: "http://127.0.0.1:{{ ms_ports[0] }}/v1/users" 34 | user: "{{ opdk_user_email }}" 35 | password: "{{ opdk_user_pass }}" 36 | 37 | #- name: LDAP TLS check 38 | # hosts: ms 39 | # gather_facts: no 40 | # tags: ['tls'] 41 | # vars: 42 | # property_folders: 43 | # - "~/.apigee-secure" 44 | # - "~/.apigee" 45 | # roles: 46 | # - apigee-opdk-modules 47 | # - apigee-opdk-port-check-settings 48 | # tasks: 49 | # - name: LDAP TLS check 50 | # shell: "ldapsearch -x -d 1 -p {{ ldap_ports[0] }} -h {{ ansible_ssh_host }} -w {{ opdk_ldap_pass }}" 51 | 52 | -------------------------------------------------------------------------------- /post-installation/validations/qpid/validate.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Qpid stats 3 | hosts: qpid 4 | gather_facts: no 5 | tags: ['stats'] 6 | serial: 1 7 | vars: 8 | # Qpid stat tool 9 | qpid_stat: '{{ apigee_home }}/apigee-qpidd/bin/qpid-stat' 10 | 11 | tasks: 12 | - name: Gather qpid stats 13 | shell: "{{ qpid_stat }} -g" 14 | register: results 15 | 16 | - name: Qpid queue depth 17 | hosts: qpid 18 | gather_facts: no 19 | tags: ['depth'] 20 | serial: 1 21 | vars: 22 | # Qpid queue depth 23 | check_queue_depth: '{{ apigee_home }}/apigee-qpidd/bin/check_queue_depth.py' 24 | 25 | tasks: 26 | - name: Gather qpid queue depth 27 | shell: "{{ check_queue_depth }}" 28 | register: results 29 | -------------------------------------------------------------------------------- /post-installation/validations/rmp/requirements.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - src: https://github.com/carlosfrias/apigee-opdk-setup-validate.git 4 | 5 | - src: https://github.com/carlosfrias/apigee-opdk-setup-validate-cleanup.git 6 | 7 | - src: https://github.com/carlosfrias/apigee-opdk-modules.git 8 | 9 | - src: https://github.com/carlosfrias/apigee-opdk-start-components.git 10 | 11 | - src: https://github.com/carlosfrias/apigee-opdk-stop-components.git 12 | 13 | - src: https://github.com/carlosfrias/apigee-opdk-settings-private-address.git 14 | 15 | - src: https://github.com/carlosfrias/apigee-opdk-settings-region.git 16 | 17 | - src: https://github.com/carlosfrias/apigee-opdk-settings-management-server.git 18 | -------------------------------------------------------------------------------- /post-installation/validations/rmp/validate.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Update Cache for validate config file generation 3 | hosts: planet 4 | tags: ['setup', 'cleanup'] 5 | vars: 6 | property_folders: 7 | - "~/.apigee-secure" 8 | - "~/.apigee" 9 | roles: 10 | - { role: apigee-opdk-modules } 11 | - { role: apigee-opdk-settings-private-address } 12 | - { role: apigee-opdk-settings-management-server } 13 | - { role: apigee-opdk-settings-region } 14 | 15 | - name: Validate Routers & Message Processors 16 | hosts: rmp,r 17 | tags: ['setup'] 18 | serial: 1 19 | vars: 20 | property_folders: 21 | - "~/.apigee-secure" 22 | - "~/.apigee" 23 | roles: 24 | - { role: apigee-opdk-modules } 25 | - { role: apigee-opdk-settings-private-address } 26 | - { role: apigee-opdk-settings-management-server } 27 | - { role: apigee-opdk-settings-region } 28 | - { role: apigee-opdk-setup-validate } 29 | 30 | - name: Cleanup Validate Routers & Message Processors 31 | hosts: rmp,r 32 | tags: ['cleanup'] 33 | serial: 1 34 | vars: 35 | property_folders: 36 | - "~/.apigee-secure" 37 | - "~/.apigee" 38 | roles: 39 | - { role: apigee-opdk-modules } 40 | - { role: apigee-opdk-settings-private-address } 41 | - { role: apigee-opdk-settings-management-server } 42 | - { role: apigee-opdk-settings-region } 43 | - { role: apigee-opdk-setup-validate-cleanup} 44 | -------------------------------------------------------------------------------- /post-installation/validations/zookeeper/validate.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Apigee Zookeeper Leader 3 | hosts: ds 4 | gather_facts: no 5 | tags: ['leader'] 6 | serial: 1 7 | tasks: 8 | - name: Display Zookeeper Leadership 9 | shell: "echo srvr | nc localhost 2181 | grep Mode:" 10 | register: result 11 | 12 | - name: Apigee Zookeeper Status 13 | hosts: ds 14 | gather_facts: no 15 | tags: ['status'] 16 | serial: 1 17 | tasks: 18 | - name: Display Zookeeper Leadership 19 | shell: "echo srvr | nc localhost 2181" 20 | register: result 21 | 22 | 23 | -------------------------------------------------------------------------------- /post-installation/zookeeper/collect.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: This playbook collects diagnostic information for Zookeeper 3 | hosts: ds 4 | gather_facts: no 5 | 6 | tasks: 7 | - name: Collect Zookeeper zk-tree.sh 8 | command: "zk-tree.sh" 9 | args: 10 | chdir: "{{ apigee_home }}/apigee-zookeeper/contrib" 11 | register: zk_tree 12 | 13 | - name: Download Zookeeper Tree 14 | copy: 15 | content: "{{ zk_tree }}" 16 | dest: "{{ target_logs_folder }}" 17 | -------------------------------------------------------------------------------- /setup/README.md: -------------------------------------------------------------------------------- 1 | # Setup Apigee OPDK Ansible Configuration Accelerator 2 | 3 | ## Introduction 4 | An Ansible controller is used to run Ansible playbooks. This repository contains playbooks that 5 | configure an Ansible controller. The role [Apigee OPDK Setup Ansible Controller](https://github.com/carlosfrias/apigee-opdk-setup-ansible-controller) 6 | is used to configure an Ansible Controller and should be consulted for additional details. This 7 | setup provides you with a common configuration convention that simplifies managing either one planet 8 | or several planets of any size. 9 | 10 | ## Assumptions 11 | * Ansible version 2.7.7. 12 | * Ansible is installed on the server set aside as an Ansible Controller. 13 | * The `setup.yml` playbook uses the [Apigee OPDK Setup Ansible Controller](https://github.com/carlosfrias/apigee-opdk-setup-ansible-controller) 14 | role to configure an Ansible controller to use the framework. The `setup.yml` assumes that the you 15 | are configuring the localhost. 16 | * Same setup for either a single planet or multiple planets. 17 | * The user home will be used to create the folders `~/.ansible`, `~/.apigee`, `~/.apigee-secure`, 18 | and `~/.apigee-workspace`. 19 | * The folder `~/.apigee-workspace` will be used to contain playbooks. Use 20 | `git clone https://github.com/carlosfrias/apigee-opdk-playbook-installation-single-region.git`to get 21 | started. 22 | * `ssh` access is working to target servers that will be a part of the Apigee planet. 23 | 24 | ### Configure SSH Access for your Nodes 25 | A helper playbook is provided for the common task of configuring SSH access to enable the use of 26 | SSH keys for greater security. Please see 27 | [Configure SSH Login ](../infrastructure/configure-ssh-login) 28 | for details. 29 | 30 | ### Backup an Ansible Control Server 31 | A helper playbook is provided for the common task of backing up the configurations managed by the 32 | Ansible control to another file system location. Please see 33 | [Ansible Control Server Backup](../infrastructure/backup-ansible-controller) for details. 34 | 35 | # Usage Instructions 36 | ## Terminal Window 37 | These scripts can be run from a terminal window. Please open your terminal and navigate to the folder 38 | containing the Ansible OPDK Accelerator. This can be accomplished as follows: 39 | 40 | cd ~/apigee-opdk-accelerator 41 | 42 | ## Refresh Local Repository 43 | It may be necessary to update the local repository if it has been some time since the last update. 44 | This can be accomplished as follows: 45 | 46 | cd ~/apigee-opdk-accelerator 47 | git pull origin master 48 | 49 | ## Change Directory to the setup folder 50 | Open the terminal and change directory to the setup folder: 51 | 52 | cd ~/apigee-opdk-accelerator/setup 53 | 54 | ## Download Dependencies 55 | Use `ansible-galaxy` to download dependencies in the following way: 56 | 57 | # Download the required roles to setup the Ansible controller 58 | ansible-galaxy install -r requirements.yml -f 59 | 60 | ## Setup an Ansible Control Server on localhost 61 | 62 | `setup.yml` will configure the localhost as an Ansible control server. This tasks assume that the user has sudo privilege 63 | with no password prompt. Please invoke `setup.yml` in the following way: 64 | 65 | # Setup the Ansible controller 66 | ansible-playbook setup.yml 67 | 68 | If this task fails due to sudo privilege, please re-invoke the script and pass the sudo flag in the following way: 69 | 70 | ansible-playbook setup.yml -K 71 | 72 | 73 | ## Next Steps 74 | 75 | Please continue with the [next steps](../README.md#usage-overview) in the process. 76 | -------------------------------------------------------------------------------- /setup/ansible.cfg: -------------------------------------------------------------------------------- 1 | [defaults] 2 | # inventory = inventory 3 | roles_path = roles 4 | private_key_file = ~/.ssh/id_rsa 5 | merge_multiple_cli_tags=True 6 | display_args_to_stdout = True 7 | timeout = 60 8 | host_key_checking = False 9 | forks = 10 10 | retry_files_enabled = False 11 | ansible_shell_type=sh 12 | module_name = shell 13 | 14 | [ssh_connection] 15 | #ssh_args = -o ControlMaster=auto -o ControlPersist=7200s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -q 16 | ssh_args = -q 17 | control_path=%(directory)s/ansible-ssh-%%h-%%p-%%r 18 | -------------------------------------------------------------------------------- /setup/archive/README-CONTROL-SERVER-SYSTEM-PACKAGES.md: -------------------------------------------------------------------------------- 1 | # Control Server System Packages 2 | Required system packages can be installed with 3 | 4 | ansible-playbook install-system-packages.yml -K 5 | -------------------------------------------------------------------------------- /setup/archive/README-CUSTOM-PROPERTIES.md: -------------------------------------------------------------------------------- 1 | # Custom Properties 2 | This installation framework has been parameterized. This means that 3 | properties or variables can be passed to modify the output. These 4 | additional properties are set to sensible defaults within the framework 5 | but are available for customization. These properties can be set in the 6 | `custom-properties.yml`. 7 | -------------------------------------------------------------------------------- /setup/archive/README-CYGWIN.md: -------------------------------------------------------------------------------- 1 | # Setting Up Ansible with Cygwin 2 | 3 | Running Ansible commands from within Windows is unsupported at the time 4 | of this writing. However, windows users can setup Ansible with Cygwin. 5 | 6 | # Installation Steps 7 | Here are steps to getting Ansible (and it's related commands, like 8 | ansible-playbook) running on Windows: 9 | Download and install [Cygwin](http://cygwin.com/install.html), with at 10 | least the following packages selected (you can select the packages 11 | during the install process): 12 | 13 | * curl 14 | * python (2.7.x) 15 | * python-jinja 16 | * python-crypto 17 | * python-openssl 18 | * python-setuptools 19 | * git 20 | * vim 21 | * openssh 22 | * openssl 23 | * openssl-devel 24 | * wget 25 | * gcc-core 26 | * gcc-g++ 27 | * python2-devel 28 | * python2-cython 29 | * make 30 | * libffi-devel 31 | 32 | # Working Behind a Proxy 33 | If you are working behind a proxy (as is the case in many corporate 34 | networks), edit the .bash_profile used by Cygwin either using vim (open 35 | Cygwin and enter vim .bash_profile), or with whatever editor you'd like, 36 | and add in lines like the following: 37 | 38 | export http_proxy=http://username:password@proxy-address-here:80/ 39 | export https_proxy=https://username:password@proxy-address-here:80/ 40 | 41 | # Download and Install PyYAML and Jinja2 Separately 42 | Download and install separately PyYAML and Jinja2 separately, as they're 43 | not available via Cygwin's installer: 44 | 45 | ## Open Cygwin 46 | 47 | #### Download PyYAML 48 | 49 | curl -O https://pypi.python.org/packages/source/P/PyYAML/PyYAML-3.10.tar.gz 50 | 51 | #### Download Jinja2 52 | 53 | curl -O https://pypi.python.org/packages/source/J/Jinja2/Jinja2-2.6.tar.gz 54 | 55 | #### Untar both downloads 56 | 57 | tar -xvf PyYAML-3.10.tar.gz && tar -xvf Jinja2-2.6.tar.gz 58 | 59 | ### Change directory into each of the expanded folders and run `python setup.py install` to install each package. 60 | 61 | ### Generate an SSH key for use later: `ssh-keygen` then hit enter to skip adding a password until you get back to the command prompt. 62 | 63 | ### Clone ansible from its repository on GitHub: 64 | 65 | git clone https://github.com/ansible/ansible /opt/ansible 66 | 67 | ### Add the following lines into your Cygwin .bash_profile after the proxy settings you added previously: 68 | 69 | # Ansible Settings 70 | ANSIBLE=/opt/ansible 71 | export PATH=$PATH:$ANSIBLE/bin 72 | export PYTHONPATH=$ANSBILE/lib 73 | export ANSIBLE_LIBRARY=$ANSIBLE/library 74 | 75 | ### Restart Cygwin and verify that `ansible --version` displays the ansible version. 76 | 77 | # Configuring Pip on Cygwin 78 | Pip does not work by default on Cygwin. Please follow these steps to enable pip: 79 | 80 | python -m ensure pip 81 | 82 | 83 | # Reference 84 | [Running Ansible within Windows](https://www.jeffgeerling.com/blog/running-ansible-within-windows) -------------------------------------------------------------------------------- /setup/archive/README-EC2.md: -------------------------------------------------------------------------------- 1 | # Overview: EC2 Managed Setup 2 | The minimum setup must be completed prior to configuring the EC2 managed 3 | setup. The EC2 managed setup will update perform the following 4 | activities: 5 | * Update ~/.bashrc to export AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY 6 | values you provide. 7 | * Update ~/.bashrc to export EC2_INI_PATH. 8 | * Create a template .boto file and place it your home directory 9 | * Create a template ec2.ini and place it in your ~/.ansible folders 10 | * Provide a copy of the ec2.py script that must be included with any AWS 11 | managed inventory file. 12 | 13 | # Usage: Setup for EC2 Managed Images 14 | Please follow the usage instructions: 15 | 16 | ansible-playbook setup-ec2.yml \ 17 | -e secure_aws_region={{ secure_aws_region }} \ 18 | -e aws_access_key_id={{ aws_access_key_id }} \ 19 | -e aws_secret_access_key={{ aws_secret_access_key }} 20 | 21 | ## Variables Used 22 | 23 | Variable Name | Description | 24 | --- | --- | 25 | secure_aws_region | Please provide your ec2_region. | 26 | aws_access_key_id | Please provide your AWS Access Key ID. | 27 | aws_secret_access_key | Please provide your AWS Secret Access Key. | 28 | 29 | -------------------------------------------------------------------------------- /setup/archive/README.md: -------------------------------------------------------------------------------- 1 | # Apigee OPDK Ansible Configuration Accelerator 2 | The purpose of this project is to quickly configure an Ansible controller. This is used to configure 3 | a controller to manage a single planet or multiple planets. This is the entry point to understand 4 | how to make your license material available as well as how to customize installation, configuration 5 | or maintenance options. 6 | 7 | ## Usage Instructions 8 | 9 | ### Setup or Backup an Ansible Controller 10 | Playbook and usage instructions and information is available at 11 | [setup-ansible-controller](../README.md) 12 | 13 | 14 | ### Configure SSH User Logins 15 | Playbook and usage instructions and information is available at 16 | [configure-ssh-login](../../infrastructure/configure-ssh-login/README.md). `root` user configuration option is provided. 17 | 18 | 19 | # How to Contribute 20 | 21 | We'd love to accept your patches and contributions to this project. Please review our [guidelines](../CONTRIBUTING.md). 22 | 23 | 24 | 25 | # Not Google Product Clause 26 | 27 | This is not an officially supported Google product. 28 | 29 | -------------------------------------------------------------------------------- /setup/archive/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/apigee/ansible-opdk-accelerator/20c53c951cb598d198309f340b30863a6d1af235/setup/archive/__init__.py -------------------------------------------------------------------------------- /setup/archive/ansible-pip-requirements.txt: -------------------------------------------------------------------------------- 1 | ansible>=2.6.18 2 | boto 3 | markupsafe 4 | paramiko 5 | apache-libcloud 6 | 7 | -------------------------------------------------------------------------------- /setup/archive/control-server.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: '{{ hosts }}' 3 | become: yes 4 | vars_files: 5 | - custom-properties.yml 6 | tasks: 7 | - name: Install system packages 8 | yum : 9 | name: "{{ item }}" 10 | state: present 11 | with_items: 12 | - gcc 13 | 14 | - name: Create pip config folder 15 | file: 16 | path: "{{ pip_conf_dir }}" 17 | state: directory 18 | 19 | - name: Configure pip 20 | template: 21 | src: resources/pip.conf.j2 22 | dest: "{{ pip_conf_dir }}/pip.conf" 23 | when: pip_conf_dir is defined and pip_index_url is defined 24 | 25 | - name: Install pip packages 26 | pip: 27 | name: '{{ item }}' 28 | state: latest 29 | register: result 30 | with_items: 31 | - pip 32 | - ansible 33 | -------------------------------------------------------------------------------- /setup/archive/install-system-packages.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: localhost 3 | connection: local 4 | become: yes 5 | vars: 6 | os_packages: 7 | - git 8 | - tree 9 | pip_packages: 10 | - boto 11 | tasks: 12 | - name: Yum packages 13 | yum: 14 | name: '{{ item }}' 15 | state: present 16 | with_items: '{{ os_packages }}' 17 | when: ansible_pkg_mgr | lower == 'yum' 18 | 19 | - name: Debian packages 20 | apt: 21 | name: '{{ item }}' 22 | state: present 23 | with_items: '{{ os_packages }}' 24 | when: ansible_pkg_mgr | lower == 'apt' 25 | 26 | - name: Pip packages 27 | pip: 28 | name: '{{ item }}' 29 | state: present 30 | with_items: '{{ pip_packages }}' 31 | -------------------------------------------------------------------------------- /setup/archive/library/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/apigee/ansible-opdk-accelerator/20c53c951cb598d198309f340b30863a6d1af235/setup/archive/library/__init__.py -------------------------------------------------------------------------------- /setup/archive/library/cache.py: -------------------------------------------------------------------------------- 1 | # Copyright 2018 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | from ansible.module_utils.basic import * 16 | 17 | def main(): 18 | module = AnsibleModule( 19 | argument_spec=dict( 20 | key=dict(required=True, type='str'), 21 | value=dict(required=False, type='str') 22 | ) 23 | ) 24 | kv = {module.params['key']: module.params['value']} 25 | module.exit_json( 26 | changed=True, 27 | ansible_facts=kv 28 | ) 29 | 30 | if __name__ == '__main__': 31 | main() 32 | -------------------------------------------------------------------------------- /setup/archive/library/opdk_server_self.py: -------------------------------------------------------------------------------- 1 | # Copyright 2018 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | import requests 16 | from requests.exceptions import RequestException 17 | from requests.auth import HTTPBasicAuth 18 | from ansible.module_utils.basic import * 19 | 20 | BASE_SERVER_URL = 'http://localhost' 21 | SERVER_SELF_URI = '/v1/servers/self' 22 | SERVER_PORTS = {'ms': '8080', 23 | 'router': '8081', 24 | 'r': '8081', 25 | 'mp': '8082', 26 | 'rmp': '8082', 27 | 'qs': '8083', 28 | 'ps': '8084'} 29 | 30 | 31 | def get_server_self(server_type, username, password): 32 | auth = HTTPBasicAuth(username, password) 33 | url = BASE_SERVER_URL + ':' + SERVER_PORTS[server_type] + SERVER_SELF_URI 34 | resp = requests.get(url, auth=auth) 35 | return resp 36 | 37 | 38 | def map_server_self(server_self): 39 | reported = server_self.json() 40 | for p in reported['tags']['property']: 41 | name = p['name'] 42 | value = p['value'] 43 | reported[name] = value 44 | del reported['tags'] 45 | return reported 46 | 47 | 48 | def main(): 49 | module = AnsibleModule( 50 | argument_spec=dict( 51 | username=dict(required=True, type='str', no_log=True), 52 | password=dict(required=True, type='str', no_log=True), 53 | server_type=dict(required=True, type='str', choices=['ms', 'router', 'r', 'mp', 'qs', 'ps', 'rmp']) 54 | ) 55 | ) 56 | 57 | username = module.params['username'] 58 | password = module.params['password'] 59 | server_type = module.params['server_type'] 60 | try: 61 | resp = get_server_self(server_type, username, password) 62 | status_code = resp.status_code 63 | except RequestException as ex: 64 | status_code = 500 65 | msg = str(ex) + " Did you run on the correct server?" 66 | print(msg) 67 | 68 | if status_code >= 200 and status_code < 300: 69 | server_self = map_server_self(resp) 70 | facts = {} 71 | facts['edge_' + server_type + '_self'] = server_self 72 | module.exit_json( 73 | changed=True, 74 | ansible_facts=facts 75 | ) 76 | elif status_code > 400: 77 | err_msg = "Error status code returned: [" 78 | if 'msg' in globals(): 79 | err_msg += msg 80 | module.fail_json( 81 | changed=False, 82 | msg=err_msg, 83 | status_code=status_code, 84 | ) 85 | 86 | 87 | if __name__ == '__main__': 88 | main() 89 | -------------------------------------------------------------------------------- /setup/archive/private-bitbucket-repository-create-update.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Create and update repositories in BitBucket 3 | hosts: localhost 4 | connection: local 5 | vars_files: 6 | - repository-mapping-name-folder.yml 7 | - repository-custom-properties.yml 8 | - private-repository-user-list.yml 9 | tasks: 10 | - name: Create Bitbucket repositories if necessary 11 | uri: 12 | url: "{{ repository_secure_endpoint_https }}" 13 | method: POST 14 | user: "{{ username }}" 15 | password: "{{ password }}" 16 | force_basic_auth: yes 17 | status_code: 201,409 18 | body_format: json 19 | body: 20 | name: "{{ item.repo_name }}" 21 | scmId: git 22 | forkable: True 23 | with_items: 24 | - "{{ config_repos }}" 25 | - "{{ playbook_repos }}" 26 | - "{{ role_repos }}" 27 | 28 | - name: Add permissions to Bitbucket repositories 29 | uri: 30 | url: "{{ repository_secure_endpoint_https }}/permissions/users?name={{ item }}&permission=PROJECT_ADMIN" 31 | method: PUT 32 | user: "{{ username }}" 33 | password: "{{ password }}" 34 | force_basic_auth: yes 35 | status_code: 204,409 36 | with_items: "{{ repo_users }}" 37 | 38 | - name: Add second git host as remote repo 39 | ignore_errors: true 40 | shell: "git remote add target {{ repository_secure_endpoint_ssh }}/{{ item.repo_name }}.git" 41 | args: 42 | chdir: "{{ item.workspace }}/{{ item.repo_name }}" 43 | with_items: "{{ repo_names }}" 44 | 45 | - name: Pull from second git host if the repo is already there 46 | ignore_errors: yes 47 | shell: "git pull target master" 48 | args: 49 | chdir: "{{ item.workspace }}/{{ item.repo_name }}" 50 | with_items: "{{ repo_names }}" 51 | 52 | - name: Commit updated repos to second git host 53 | shell: "git checkout master && git push -u target master" 54 | args: 55 | chdir: "{{ item.workspace }}/{{ item.repo_name }}" 56 | with_items: "{{ repo_names }}" 57 | -------------------------------------------------------------------------------- /setup/archive/private-bitbucket-repository-remove.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Create repositories in BitBucket 3 | hosts: localhost 4 | connection: local 5 | vars_files: 6 | - repository-custom-properties.yml 7 | tasks: 8 | - name: Remove repo 9 | uri: 10 | url: "{{ repository_api_endpoint }}/repos/delete_test_repo" 11 | method: DELETE 12 | user: "{{ username }}" 13 | password: "{{ password }}" 14 | status_code: 202,204 15 | force_basic_auth: yes 16 | -------------------------------------------------------------------------------- /setup/archive/private-github-repository-create-update.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Create and update repositories in Gitlab 3 | hosts: localhost 4 | connection: local 5 | vars: 6 | github_endpoint_https: "https://github.com/carlosfrias" 7 | 8 | vars_files: 9 | - repository-mapping-name-folder.yml 10 | - repository-custom-properties.yml 11 | - private-repository-user-list.yml 12 | tasks: 13 | - name: Create Github.com repositories if necessary 14 | tags: ['create'] 15 | register: repos 16 | uri: 17 | url: "{{ repository_secure_endpoint_https }}/users/repos" 18 | method: POST 19 | headers: 20 | PRIVATE-TOKEN: "{{ token }}" 21 | status_code: 201,400 22 | body_format: json 23 | body: 24 | name: "{{ item.repo_name }}" 25 | with_items: 26 | - "{{ config_repos }}" 27 | - "{{ playbook_repos }}" 28 | - "{{ role_repos }}" 29 | 30 | - name: Github.com checkout of configuration repositories 31 | tags: ['checkout'] 32 | become: false 33 | git: 34 | repo: '{{ github_endpoint_https }}/{{ item.repo_name }}.git' 35 | dest: "{{ item.workspace }}/{{ item.repo_name }}" 36 | accept_hostkey: yes 37 | with_items: 38 | - "{{ config_repos }}" 39 | - "{{ playbook_repos }}" 40 | - "{{ role_repos }}" 41 | 42 | - name: Add second git host as remote repo 43 | tags: ['add-remote'] 44 | ignore_errors: true 45 | shell: "git remote add gitlab {{ repository_secure_endpoint_ssh }}/{{ item.repo_name }}.git" 46 | args: 47 | chdir: "{{ item.workspace }}/{{ item.repo_name }}" 48 | with_items: 49 | - "{{ config_repos }}" 50 | - "{{ playbook_repos }}" 51 | - "{{ role_repos }}" 52 | 53 | - name: Pull from second git host if the repo is already there 54 | tags: ['remote-refresh'] 55 | ignore_errors: yes 56 | shell: "git pull gitlab master" 57 | args: 58 | chdir: "{{ item.workspace }}/{{ item.repo_name }}" 59 | with_items: 60 | - "{{ config_repos }}" 61 | - "{{ playbook_repos }}" 62 | - "{{ role_repos }}" 63 | 64 | 65 | - name: Commit updated repos to second git host 66 | tags: ['commit'] 67 | shell: "git checkout master && git push -u gitlab master" 68 | args: 69 | chdir: "{{ item.workspace }}/{{ item.repo_name }}" 70 | with_items: 71 | - "{{ config_repos }}" 72 | - "{{ playbook_repos }}" 73 | - "{{ role_repos }}" 74 | 75 | -------------------------------------------------------------------------------- /setup/archive/private-gitlab-repository-create-update.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Create and update repositories in Gitlab 3 | hosts: localhost 4 | connection: local 5 | vars: 6 | github_endpoint_https: "https://github.com/carlosfrias" 7 | 8 | vars_files: 9 | - repository-mapping-name-folder.yml 10 | - repository-custom-properties.yml 11 | - private-repository-user-list.yml 12 | tasks: 13 | - name: Create Gitlab repositories if necessary 14 | tags: ['create'] 15 | register: repos 16 | uri: 17 | url: "{{ repository_secure_endpoint_https }}/projects?name={{ item.repo_name }}" 18 | method: POST 19 | headers: 20 | PRIVATE-TOKEN: "{{ token }}" 21 | status_code: 201,400 22 | body_format: json 23 | body: 24 | namespace_id: 369 25 | with_items: 26 | - "{{ config_repos }}" 27 | - "{{ playbook_repos }}" 28 | - "{{ role_repos }}" 29 | 30 | - name: Git checkout of configuration repositories 31 | tags: ['checkout'] 32 | become: false 33 | git: 34 | repo: '{{ github_endpoint_https }}/{{ item.repo_name }}.git' 35 | dest: "{{ item.workspace }}/{{ item.repo_name }}" 36 | accept_hostkey: yes 37 | with_items: 38 | - "{{ config_repos }}" 39 | - "{{ playbook_repos }}" 40 | - "{{ role_repos }}" 41 | 42 | - name: Add second git host as remote repo 43 | tags: ['add-remote'] 44 | ignore_errors: true 45 | shell: "git remote add gitlab {{ repository_secure_endpoint_ssh }}/{{ item.repo_name }}.git" 46 | args: 47 | chdir: "{{ item.workspace }}/{{ item.repo_name }}" 48 | with_items: 49 | - "{{ config_repos }}" 50 | - "{{ playbook_repos }}" 51 | - "{{ role_repos }}" 52 | 53 | - name: Pull from second git host if the repo is already there 54 | tags: ['remote-refresh'] 55 | ignore_errors: yes 56 | shell: "git pull gitlab master" 57 | args: 58 | chdir: "{{ item.workspace }}/{{ item.repo_name }}" 59 | with_items: 60 | - "{{ config_repos }}" 61 | - "{{ playbook_repos }}" 62 | - "{{ role_repos }}" 63 | 64 | 65 | - name: Commit updated repos to second git host 66 | tags: ['commit'] 67 | shell: "git checkout master && git push -u gitlab master" 68 | args: 69 | chdir: "{{ item.workspace }}/{{ item.repo_name }}" 70 | with_items: 71 | - "{{ config_repos }}" 72 | - "{{ playbook_repos }}" 73 | - "{{ role_repos }}" 74 | 75 | -------------------------------------------------------------------------------- /setup/archive/private-repository-user-list.yml: -------------------------------------------------------------------------------- 1 | --- 2 | repo_users: 3 | - friasca 4 | -------------------------------------------------------------------------------- /setup/archive/repository-custom-properties.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ansible_config: "~/.ansible" 3 | apigee_config: "~/.apigee" 4 | apigee_security: "~/.apigee-secure" 5 | apigee_workspace: "~/.apigee-workspace" 6 | 7 | playbook_workspace: "{{ apigee_workspace }}/playbooks" 8 | role_workspace: "{{ apigee_workspace }}/apigee-opdk-role-workspace" 9 | 10 | repository_secure_endpoint_https: "https://github.com/carlosfrias" 11 | repository_secure_endpoint_ssh: "git@github.com:carlosfrias" 12 | 13 | configuration_folders: 14 | - '{{ ansible_config }}/configurations' 15 | - '{{ ansible_config }}/inventory' 16 | - '{{ ansible_config }}/logs/' 17 | - '{{ ansible_config }}/library/' 18 | - '{{ ansible_config }}/cache/' 19 | - '{{ apigee_config }}/planet_resources' 20 | - '{{ apigee_security }}' 21 | - '{{ playbook_workspace }}' 22 | - '{{ role_workspace }}' 23 | -------------------------------------------------------------------------------- /setup/archive/resources/ansible.cfg.j2: -------------------------------------------------------------------------------- 1 | [defaults] 2 | hostfile = {{ workspace_dir }}/inventory/ 3 | fact_caching_connection = {{ workspace_dir }}/tmp/ 4 | log_path = {{ workspace_dir }}/tmp/ansible-default.log 5 | 6 | remote_user = {{ username }} 7 | private_key_file = ~/.ssh/id_rsa 8 | 9 | roles_path = {{ workspace_dir }}/roles 10 | local_tmp = {{ workspace_dir }}/tmp 11 | library = {{ workspace_dir }}/library/ 12 | 13 | host_key_checking = False 14 | forks = 10 15 | retry_files_enabled = False 16 | 17 | ansible_shell_type=sh 18 | gathering = smart 19 | fact_caching = jsonfile 20 | module_name = shell 21 | 22 | merge_multiple_cli_tags=True 23 | gather_subset = !ohai,!facter 24 | display_args_to_stdout = True 25 | 26 | timeout = 60 27 | 28 | [ssh_connection] 29 | pipelining = True 30 | # Sample ssh_args with extended arguments 31 | # ssh_args = -o ControlMaster=auto -o ControlPersist=7200s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -q 32 | 33 | # Plain vanilla ssh configuration 34 | ssh_args = -o ControlMaster=auto -o ControlPersist=7200s -q 35 | control_path=%(directory)s/ansible-ssh-%%h-%%p-%%r 36 | 37 | -------------------------------------------------------------------------------- /setup/archive/resources/credentials.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Apigee Repo credentials 3 | # apigee_repo_user: 4 | # apigee_repo_password: 5 | 6 | # Local Apigee Mirror Credentials 7 | apigee_repo_user: admin 8 | apigee_repo_password: admin 9 | 10 | # Edge Admin User 11 | opdk_user_email: opdk@apigee.com 12 | opdk_user_pass: Apigee123! 13 | 14 | # Edge System User 15 | opdk_user_name: apigee 16 | opdk_group_name: apigee 17 | 18 | # Edge Openldap Password 19 | opdk_ldap_pass: '{{ opdk_user_pass }}' 20 | 21 | # Grafana Credentials 22 | grafana_username: admin 23 | grafana_password: '{{ opdk_user_pass }}' 24 | 25 | # Cassandra Credentials 26 | opdk_cass_username: cassandra 27 | opdk_cass_password: '{{ opdk_user_pass }}' 28 | 29 | # Email Credentials 30 | opdk_smtp_user: '{{ opdk_user_email }}' 31 | opdk_smtp_password: '{{ opdk_user_pass }}' 32 | 33 | # Apigee Analytics Postgres credentials 34 | pg_user: '{{ opdk_user_name }}' 35 | pg_pass: '{{ opdk_user_pass }}' 36 | 37 | # Drupal Postgres Admin 38 | dp_drupal_pg_user: drupal_admin 39 | dp_drupal_pg_pass: '{{ opdk_user_pass }}' 40 | 41 | # Dev Portal Postgres Admin 42 | dp_pg_user: devportal_pg_admin 43 | dp_pg_pass: "{{ opdk_user_pass }}" 44 | 45 | # Dev Portal Drupal Admin 46 | dp_admin_firstname: "{{ first_name }}" 47 | dp_admin_lastname: "{{ last_name }}" 48 | dp_admin_username: "{{ opdk_user_name }}" 49 | dp_admin_pwd: "{{ opdk_user_pass }}" 50 | dp_admin_email: "{{ opdk_user_email }}" 51 | 52 | # Dev Portal Developer Admin 53 | dp_devadmin_user: "{{ opdk_user_email }}" 54 | dp_devadmin_pwd: "{{ opdk_user_pass }}" 55 | 56 | # AWS credentials 57 | # aws_access_key: 58 | # aws_secret_key: 59 | 60 | # Edge UI SAML Integration 61 | sso_admin_name: ssoadmin 62 | sso_admin_secret: '{{ opdk_user_pass }}' 63 | edgeui_sso_client_name: edgeui 64 | edgeui_sso_client_secret: '{{ opdk_user_pass }}' 65 | sso_saml_service_provider_password: "samlSP123" -------------------------------------------------------------------------------- /setup/archive/resources/pip.conf.j2: -------------------------------------------------------------------------------- 1 | [global] 2 | index-url = {{ pip_index_url }} 3 | -------------------------------------------------------------------------------- /setup/archive/setup-apigee-license.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: localhost 3 | connection: local 4 | vars_files: 5 | - repository-custom-properties.yml 6 | vars_prompt: 7 | - name: license_path 8 | prompt: "Enter path to license file" 9 | private: no 10 | 11 | tasks: 12 | - name: Copy license file in .apigee folder 13 | copy: 14 | src: '{{ license_path }}' 15 | dest: '{{ apigee_config}}/license.txt' 16 | register: status 17 | 18 | - name: Copy license file status report 19 | debug: 20 | var: status 21 | -------------------------------------------------------------------------------- /setup/archive/setup-ec2.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: localhost 3 | connection: local 4 | gather_facts: no 5 | vars_files: 6 | - ~/.apigee/credentials.yml 7 | tasks: 8 | - name: Validate that aws_secret_key is provided 9 | fail: 10 | msg: Please indicate the aws_secret_key 11 | when: aws_secret_key is not defined 12 | 13 | - name: Validate that aws_access_key is provided 14 | fail: 15 | msg: Please indicate the aws_access_key 16 | when: aws_access_key is not defined 17 | 18 | - name: Validate that aws_region is provided 19 | fail: 20 | msg: Please indicate the aws_region 21 | when: aws_region is not defined 22 | 23 | - name: Install system packages 24 | become: yes 25 | ignore_errors: yes 26 | yum: 27 | name: '{{ item }}' 28 | state: present 29 | with_items: 30 | - elasticache-auto-discovery 31 | when: ansible_os_family | lower == 'redhat' 32 | 33 | - name: Update .bashrc with aws_access_key 34 | become: no 35 | lineinfile: 36 | backup: yes 37 | dest: ~/.bashrc 38 | state: present 39 | line: 'export AWS_SECRET_ACCESS_KEY={{ aws_secret_key }}' 40 | when: aws_access_key is defined 41 | 42 | - name: Update .bashrc with aws_secret_key 43 | become: no 44 | lineinfile: 45 | backup: yes 46 | dest: ~/.bashrc 47 | state: present 48 | line: 'export AWS_ACCESS_KEY_ID={{ aws_access_key }}' 49 | when: aws_secret_key is defined 50 | 51 | - name: Update .bashrc with aws_region 52 | become: no 53 | lineinfile: 54 | backup: yes 55 | dest: ~/.bashrc 56 | state: present 57 | line: 'export AWS_REGION={{ aws_region }}' 58 | when: aws_secret_key is defined 59 | 60 | -------------------------------------------------------------------------------- /setup/archive/setup.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # - include: setup-ansible-config.yml 3 | 4 | #- include: control-server.yml 5 | 6 | - import_playbook: setup-base.yml 7 | 8 | #- include: setup-ec2.yml 9 | -------------------------------------------------------------------------------- /setup/archive/update-git-remote-origin.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Update git remote repos with provided url 3 | hosts: localhost 4 | connection: local 5 | gather_facts: no 6 | 7 | vars_files: 8 | - repository-mapping-name-folder.yml 9 | - repository-custom-properties.yml 10 | 11 | tasks: 12 | 13 | - name: Remove existing origin repo for playbooks 14 | tags: ['remove'] 15 | shell: "git remote remove origin" 16 | args: 17 | chdir: "{{ item.workspace }}/{{ item.repo_name }}" 18 | with_items: 19 | - "{{ playbook_repos }}" 20 | - "{{ role_repos }}" 21 | 22 | - name: Add updated origin repo 23 | tags: ['add'] 24 | shell: "git remote add origin {{ repository_secure_endpoint_ssh }}/{{ item.repo_name }}.git" 25 | args: 26 | chdir: "{{ item.workspace }}/{{ item.repo_name }}" 27 | with_items: 28 | - "{{ playbook_repos }}" 29 | - "{{ role_repos }}" 30 | 31 | - name: Associate to upstream master branch 32 | tags: ['associate'] 33 | shell: "git branch --set-upstream-to=origin/master master" 34 | args: 35 | chdir: "{{ item.workspace }}/{{ item.repo_name }}" 36 | with_items: 37 | - "{{ playbook_repos }}" 38 | - "{{ role_repos }}" 39 | 40 | - name: Pull from updated origin repo 41 | tags: ['pull'] 42 | shell: "git pull" 43 | args: 44 | chdir: "{{ item.workspace }}/{{ item.repo_name }}" 45 | with_items: 46 | - "{{ playbook_repos }}" 47 | - "{{ role_repos }}" 48 | -------------------------------------------------------------------------------- /setup/inventory/controller: -------------------------------------------------------------------------------- 1 | controller ansible_host=localhost 2 | 3 | -------------------------------------------------------------------------------- /setup/requirements.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - src: https://github.com/carlosfrias/apigee-opdk-setup-ansible-controller.git 3 | - src: https://github.com/carlosfrias/apigee-opdk-modules.git 4 | -------------------------------------------------------------------------------- /setup/setup.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | sudo yum install -y python-pip 4 | sudo pip install pip --upgrade 5 | sudo pip install ansible google-auth 6 | ansible-galaxy import carlosfrias https://github.com/carlosfrias/apigee-opdk-setup-ansible-controller.git 7 | ansible-galaxy import carlosfrias https://github.com/carlosfrias/apigee-opdk-modules.git 8 | 9 | -------------------------------------------------------------------------------- /setup/setup.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Setup the Ansible controller 3 | hosts: localhost 4 | connection: local 5 | vars: 6 | property_folders: 7 | - "~/.apigee-secure" 8 | - "~/.apigee" 9 | # This is the location in which Ansible files can be installed. 10 | ansible_workspace: "~/.ansible" 11 | 12 | # This is the location where credentials, license material, GCP service account files, AWS key and secret, etc are stored" 13 | apigee_secure_folder: "~/.apigee-secure" 14 | 15 | # This is the location of custom property files. 16 | apigee_custom_properties_folder: "~/.apigee" 17 | 18 | roles: 19 | - { role: apigee-opdk-setup-ansible-controller } 20 | 21 | --------------------------------------------------------------------------------