├── .gitignore ├── CONTRIBUTING.md ├── LICENSE ├── NOTICE ├── README.md ├── actions └── README.md ├── api_samples └── add_docker_endpoint.py ├── blueprints ├── README.md ├── ansible-control-machine │ ├── README.md │ └── blueprint.yaml ├── aws-bitnami-artifactory │ └── blueprint.yaml ├── aws-bitnami-tomcat │ └── blueprint.yaml ├── aws-openfaas-node │ └── blueprint.yaml ├── aws-ubuntu-docker-host │ └── blueprint.yaml ├── docker-host-cloudinit │ ├── README.md │ └── blueprint.yaml ├── harbor-host │ ├── README.md │ └── blueprint.yaml └── vmw-veba │ ├── README.md │ └── blueprint.yaml └── pipelines ├── README.md ├── aws-bitnami-artifactory.yml ├── aws-bitnami-tomcat.yml ├── aws-openfaas-node.yml ├── aws-ubuntu-docker-host.yml ├── pulse-package.yml └── vmw-veba-deploy.yml /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vmware-archive/cloud-automation-content/b149ae3c3f1a555f9635414962a740993848ca98/.gitignore -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | 2 | 3 | # Contributing to cloud-automation-content 4 | 5 | The cloud-automation-content project team welcomes contributions from the community. Before you start working with cloud-automation-content, please 6 | read our [Developer Certificate of Origin](https://cla.vmware.com/dco). All contributions to this repository must be 7 | signed as described on that page. Your signature certifies that you wrote the patch or have the right to pass it on 8 | as an open-source patch. 9 | 10 | ## Contribution Flow 11 | 12 | This is a rough outline of what a contributor's workflow looks like: 13 | 14 | - Create a topic branch from where you want to base your work 15 | - Make commits of logical units 16 | - Make sure your commit messages are in the proper format (see below) 17 | - Push your changes to a topic branch in your fork of the repository 18 | - Submit a pull request 19 | 20 | Example: 21 | 22 | ``` shell 23 | git remote add upstream https://github.com/vmware/cloud-automation-content.git 24 | git checkout -b my-new-feature master 25 | git commit -a 26 | git push origin my-new-feature 27 | ``` 28 | 29 | ### Staying In Sync With Upstream 30 | 31 | When your branch gets out of sync with the vmware/master branch, use the following to update: 32 | 33 | ``` shell 34 | git checkout my-new-feature 35 | git fetch -a 36 | git pull --rebase upstream master 37 | git push --force-with-lease origin my-new-feature 38 | ``` 39 | 40 | ### Updating pull requests 41 | 42 | If your PR fails to pass CI or needs changes based on code review, you'll most likely want to squash these changes into 43 | existing commits. 44 | 45 | If your pull request contains a single commit or your changes are related to the most recent commit, you can simply 46 | amend the commit. 47 | 48 | ``` shell 49 | git add . 50 | git commit --amend 51 | git push --force-with-lease origin my-new-feature 52 | ``` 53 | 54 | If you need to squash changes into an earlier commit, you can use: 55 | 56 | ``` shell 57 | git add . 58 | git commit --fixup 59 | git rebase -i --autosquash master 60 | git push --force-with-lease origin my-new-feature 61 | ``` 62 | 63 | Be sure to add a comment to the PR indicating your new changes are ready to review, as GitHub does not generate a 64 | notification when you git push. 65 | 66 | ### Code Style 67 | 68 | ### Formatting Commit Messages 69 | 70 | We follow the conventions on [How to Write a Git Commit Message](http://chris.beams.io/posts/git-commit/). 71 | 72 | Be sure to include any related GitHub issue references in the commit message. See 73 | [GFM syntax](https://guides.github.com/features/mastering-markdown/#GitHub-flavored-markdown) for referencing issues 74 | and commits. 75 | 76 | ## Reporting Bugs and Creating Issues 77 | 78 | When opening a new issue, try to roughly follow the commit message format conventions above. 79 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | VMware Cloud Automation Blueprint Library 2 | Copyright (c) 2019 VMware, Inc. All rights reserved 3 | 4 | The BSD-2 license (the "License") set forth below applies to all parts of the VMware Cloud Automation Blueprint Library project. You may not use this file except in compliance with the License. 5 | 6 | BSD-2 License 7 | 8 | Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 9 | 10 | Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 11 | 12 | Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 13 | 14 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 15 | 16 | 17 | -------------------------------------------------------------------------------- /NOTICE: -------------------------------------------------------------------------------- 1 | VMware Cloud Automation Blueprint Library 2 | Copyright (c) 2019 VMware, Inc. All Rights Reserved. 3 | 4 | This product is licensed to you under the BSD-2 license (the "License"). You may not use this product except in compliance with the BSD-2 License. 5 | 6 | This product may include a number of subcomponents with separate copyright notices and license terms. Your use of these subcomponents is subject to the terms and conditions of the subcomponent's license, as noted in the LICENSE file. 7 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | #VMware has ended active development of this project, this repository will no longer be updated. 2 | 3 | # Cloud Automation Sample Content 4 | 5 | This repository has been put together to allow for easy sharing of content between Cloud Automation Services environments, and vRealize Automation environments leveraging the native Github integration for content import. 6 | 7 | 8 | ## Contributing 9 | 10 | The cloud-automation-content project team welcomes contributions from the community. Before you start working with cloud-automation-content, please 11 | read our [Developer Certificate of Origin](https://cla.vmware.com/dco). All contributions to this repository must be 12 | signed as described on that page. Your signature certifies that you wrote the patch or have the right to pass it on 13 | as an open-source patch. For more detailed information, refer to [CONTRIBUTING.md](CONTRIBUTING.md). 14 | 15 | In order to work with the integration, blueprints will need to be named `blueprint.yaml`. Please place any blueprints within their own folder (you can review existing samples for the structure) and include a readme to explain any nuances of the content you are providing. 16 | In order to provide content that is highly portable, please parameterise and leverage inputs wherever possibly calling out any exceptions to this. 17 | 18 | For any questions about contributing, please contact Anderson Duboc or James Wirth. 19 | -------------------------------------------------------------------------------- /actions/README.md: -------------------------------------------------------------------------------- 1 | For ABX actions, please include a readme file with details regarding the subscription topic that should be used, whether it should be blocking or not, and any other information such as suggested property triggers and blueprint inputs that need to be leveraged. -------------------------------------------------------------------------------- /api_samples/add_docker_endpoint.py: -------------------------------------------------------------------------------- 1 | """ 2 | This function will interpolate the api_token taken as an input and then authenticate 3 | to the CAS API. Note that linters will fail on the interpolation syntax used. 4 | :return: Returns an instance of the session class. 5 | :rtype: Session 6 | """ 7 | 8 | from caspyr import Session 9 | return Session.login(${input.api_token}) 10 | -------------------------------------------------------------------------------- /blueprints/README.md: -------------------------------------------------------------------------------- 1 | ### Requirements 2 | In order for git integration to be successful, please include the following two fields at the top of each of your blueprints. 3 | ``` 4 | name: My awesome blueprint 5 | version: 1.0 6 | ``` 7 | 8 | ### Style Guide 9 | Please include a README.md with each blueprint to provide details of what the blueprint is for and any specifics about using it. If you are leveraging any Ansible playbooks, please include them in separate files. -------------------------------------------------------------------------------- /blueprints/ansible-control-machine/README.md: -------------------------------------------------------------------------------- 1 | ### Author(s) 2 | - Grant Orchard 3 | 4 | ### Summary 5 | This blueprint creates an Ansible Control Machine that can be used with Cloud Assembly. 6 | It uses the cloud-init "write_file" directive to create a playbook that is used to configure the host to be compliant with the requirements of Cloud Assembly. 7 | 8 | ### Usage: 9 | You will note that there is no user creation block in cloud-init. I've moved to placing user creation under image profiles, however if you need to add this to your cloud-init block, the syntax is as follows: 10 | ``` 11 | users: 12 | - name: "${inputs.username}" 13 | ssh-authorized-keys: 14 | - "${inputs.ssh_public_key}" 15 | sudo: ['ALL=(ALL) NOPASSWD:ALL'] 16 | groups: sudo 17 | shell: /bin/bash 18 | ``` -------------------------------------------------------------------------------- /blueprints/ansible-control-machine/blueprint.yaml: -------------------------------------------------------------------------------- 1 | name: Ansible Control Machine 2 | version: 1.0 3 | formatVersion: 1 4 | inputs: 5 | slack_webhook: 6 | type: string 7 | description: A webhook for Slack notifications. This will be used to send the public key details of the generated keypair that ansible will use to connect to remote hosts. 8 | ansible_username: 9 | type: string 10 | description: The username for the ansible user account 11 | default: ansible 12 | ansible_user_password: 13 | type: string 14 | description: The password for the ansible user. The connection from Cloud Assembly currently uses password based auth, so this is a mandatory requirement. 15 | ansible_vault_password: 16 | type: string 17 | description: The password that will be written to the Vault file. 18 | ansible_ssh_key: 19 | type: string 20 | description: The public half of SSH key used for authentication to this box. Not to be confused with the SSH key that will be used by the ansible user account to SSH into managed instances. 21 | resources: 22 | ansible_control_machine: 23 | type: Cloud.Machine 24 | properties: 25 | image: ubuntu 16.04 26 | flavor: small 27 | constraints: 28 | - tag: 'platform:aws' 29 | cloudConfig: | 30 | #cloud-config 31 | repo_update: true 32 | apt: 33 | sources: 34 | ansible-ubuntu-ansible.list: 35 | source: "ppa:ansible/ansible" 36 | keyserver: 'keyserver.ubuntu.com' 37 | keyid: 7BB9C367 38 | packages: 39 | - ansible 40 | write_files: 41 | - path: /etc/ansible/playbooks/ansible.yml 42 | content: | 43 | --- 44 | - name: Install and Configure Ansible Control Machine for use with VMware Cloud Assembly 45 | hosts: localhost 46 | gather_facts: true 47 | vars: 48 | ansible_username: "${input.ansible_username}" 49 | ansible_user_password: "${input.ansible_user_password}" 50 | ansible_vault_password: "${input.ansible_vault_password}" 51 | slack_notification_content: "{{ lookup('file', '/home/ansible/.ssh/id_rsa.pub') }}" 52 | slack_notification_webhook: "${input.slack_webhook}" 53 | ansible_ssh_key: "${input.ansible_ssh_key}" 54 | tasks: 55 | - name: Create Ansible User 56 | become: true 57 | user: 58 | name: "{{ ansible_username }}" 59 | groups: sudo 60 | shell: /bin/bash 61 | generate_ssh_key: yes 62 | password: "{{ ansible_user_password | password_hash('sha512') }}" 63 | 64 | - name: Set Authorised Key for Ansible User 65 | authorized_key: 66 | user: "{{ ansible_username }}" 67 | key: "{{ ansible_ssh_key }}" 68 | 69 | - name: Set Ansible Directory Permissions 70 | file: 71 | owner: "{{ ansible_username }}" 72 | path: /etc/ansible 73 | recurse: yes 74 | state: directory 75 | 76 | - name: Create Cleartext Vault Pass File 77 | lineinfile: 78 | create: yes 79 | owner: "{{ ansible_username }}" 80 | path: /etc/ansible/vault_pass.txt 81 | line: "{{ ansible_vault_password }}" 82 | 83 | - name: Update Config with Pass File Location 84 | lineinfile: 85 | owner: "{{ ansible_username }}" 86 | path: /etc/ansible/ansible.cfg 87 | regexp: "vault_password_file" 88 | line: "vault_password_file = /etc/ansible/vault_pass.txt" 89 | 90 | - name: Update Config with Private Key Location 91 | lineinfile: 92 | owner: "{{ ansible_username }}" 93 | path: /etc/ansible/ansible.cfg 94 | regexp: "private_key_file" 95 | line: "private_key_file = /home/{{ ansible_username }}/.ssh/id_rsa" 96 | 97 | - name: Update Config with Host Key Check Setting 98 | lineinfile: 99 | owner: "{{ ansible_username }}" 100 | path: /etc/ansible/ansible.cfg 101 | regexp: "host_key_checking" 102 | line: "host_key_checking = False" 103 | 104 | - name: Enable Password Based Auth 105 | become: true 106 | lineinfile: 107 | path: /etc/ssh/sshd_config 108 | state: present 109 | regexp: "PasswordAuthentication no" 110 | line: "PasswordAuthentication yes" 111 | 112 | - name: Restart SSHD 113 | become: True 114 | systemd: 115 | name: sshd 116 | state: restarted 117 | 118 | - name: Send Ansible Public Key to Slack 119 | uri: 120 | method: POST 121 | url: "{{ slack_notification_webhook }}" 122 | body: {"text": "Your ansible public key is ```{{ slack_notification_content | regex_replace('ansible-generated on.*') }}```"} 123 | body_format: json 124 | 125 | runcmd: 126 | - ansible-playbook --connection=local --inventory 127.0.0.1, /etc/ansible/playbooks/ansible.yml 127 | networks: 128 | - name: '${resource.Cloud_Network_1.name}' 129 | network: '${resource.Cloud_Network_1.id}' 130 | Cloud_Network_1: 131 | type: Cloud.Network 132 | properties: 133 | name: net1 134 | networkType: existing 135 | -------------------------------------------------------------------------------- /blueprints/aws-bitnami-artifactory/blueprint.yaml: -------------------------------------------------------------------------------- 1 | name: bitnami-artifactory 2 | version: 0.1 3 | formatVersion: 1 4 | inputs: 5 | SelectCloud: 6 | type: string 7 | enum: 8 | - 'env:aws' 9 | hostname1: 10 | type: string 11 | default: bitnami-artifactory 12 | user: 13 | type: string 14 | title: SSH user 15 | description: Username for this deployment. 16 | default: vmware 17 | sshkey: 18 | type: string 19 | encrypted: true 20 | title: SSH public key. 21 | description: Public key for SSH connectivity (cat ~/.ssh/id_rsa.pub) 22 | resources: 23 | Cloud_Machine_1: 24 | type: Cloud.Machine 25 | properties: 26 | image: bitnami-artifactory-6.13.1 27 | flavor: small 28 | cloudConfig: 29 | hostname: '${input.hostname1}' 30 | users: 31 | - name: '${input.user}' 32 | ssh-authorized-keys: 33 | - '${input.sshkey}' 34 | sudo: 35 | - 'ALL=(ALL) NOPASSWD:ALL' 36 | groups: sudo 37 | shell: /bin/bash -------------------------------------------------------------------------------- /blueprints/aws-bitnami-tomcat/blueprint.yaml: -------------------------------------------------------------------------------- 1 | name: bitnami-tomcat 2 | version: 0.1 3 | formatVersion: 1 4 | inputs: 5 | SelectCloud: 6 | type: string 7 | enum: 8 | - 'env:aws' 9 | hostname1: 10 | type: string 11 | default: bitnami-tomcat 12 | user: 13 | type: string 14 | title: SSH user 15 | description: Username for this deployment. 16 | default: vmware 17 | sshkey: 18 | type: string 19 | encrypted: true 20 | title: SSH public key. 21 | description: The public key for SSH connectivity (cat ~/.ssh/id_rsa.pub) 22 | resources: 23 | Cloud_Machine_1: 24 | type: Cloud.Machine 25 | properties: 26 | image: bitnami-tomcat-8.5.46 27 | flavor: small 28 | cloudConfig: 29 | hostname: '${input.hostname1}' 30 | users: 31 | - name: '${input.user}' 32 | ssh-authorized-keys: 33 | - '${input.sshkey}' 34 | sudo: 35 | - 'ALL=(ALL) NOPASSWD:ALL' 36 | groups: sudo 37 | shell: /bin/bash -------------------------------------------------------------------------------- /blueprints/aws-openfaas-node/blueprint.yaml: -------------------------------------------------------------------------------- 1 | name: bitnami-openfaas-node 2 | version: 0.1 3 | formatVersion: 1 4 | inputs: 5 | SelectCloud: 6 | type: string 7 | enum: 8 | - 'env:aws' 9 | hostname1: 10 | type: string 11 | default: bitnami-openfaas 12 | user: 13 | type: string 14 | title: SSH user 15 | description: Username for this deployment. 16 | default: vmware 17 | sshkey: 18 | type: string 19 | encrypted: true 20 | title: SSH public key. 21 | description: The public key for SSH connectivity (cat ~/.ssh/id_rsa.pub) 22 | resources: 23 | Cloud_Machine_1: 24 | type: Cloud.Machine 25 | properties: 26 | image: ubuntu-server-18.04 27 | flavor: small 28 | cloudConfig: 29 | hostname: '${input.hostname1}' 30 | users: 31 | - name: '${input.user}' 32 | ssh-authorized-keys: 33 | - '${input.sshkey}' 34 | sudo: 35 | - 'ALL=(ALL) NOPASSWD:ALL' 36 | groups: sudo 37 | shell: /bin/bash 38 | package_update: true 39 | 40 | packages: 41 | - runc 42 | 43 | runcmd: 44 | - curl -sLSf https://github.com/containerd/containerd/releases/download/v1.3.2/containerd-1.3.2.linux-amd64.tar.gz > /tmp/containerd.tar.gz && tar -xvf /tmp/containerd.tar.gz -C /usr/local/bin/ --strip-components=1 45 | - curl -SLfs https://raw.githubusercontent.com/containerd/containerd/v1.3.2/containerd.service | tee /etc/systemd/system/containerd.service 46 | - systemctl daemon-reload && systemctl start containerd 47 | - /sbin/sysctl -w net.ipv4.conf.all.forwarding=1 48 | - mkdir -p /opt/cni/bin 49 | - curl -sSL https://github.com/containernetworking/plugins/releases/download/v0.8.5/cni-plugins-linux-amd64-v0.8.5.tgz | tar -xz -C /opt/cni/bin 50 | - mkdir -p /go/src/github.com/openfaas/ 51 | - cd /go/src/github.com/openfaas/ && git clone https://github.com/openfaas/faasd 52 | - curl -fSLs "https://github.com/openfaas/faasd/releases/download/0.7.4/faasd" --output "/usr/local/bin/faasd" && chmod a+x "/usr/local/bin/faasd" 53 | - cd /go/src/github.com/openfaas/faasd/ && /usr/local/bin/faasd install 54 | - systemctl status -l containerd --no-pager 55 | - journalctl -u faasd-provider --no-pager 56 | - systemctl status -l faasd-provider --no-pager 57 | - systemctl status -l faasd --no-pager 58 | - curl -sSLf https://cli.openfaas.com | sh 59 | - sleep 5 && journalctl -u faasd --no-pager 60 | - cat /var/lib/faasd/secrets/basic-auth-password | /usr/local/bin/faas-cli login --password-stdin -------------------------------------------------------------------------------- /blueprints/aws-ubuntu-docker-host/blueprint.yaml: -------------------------------------------------------------------------------- 1 | name: ubuntu-docker-host-aws 2 | version: 0.1 3 | formatVersion: 1 4 | inputs: 5 | SelectCloud: 6 | type: string 7 | enum: 8 | - 'env:aws' 9 | hostname1: 10 | type: string 11 | default: ubuntu-docker-host-aws 12 | user: 13 | type: string 14 | title: SSH user 15 | description: Username for this deployment. 16 | default: vmware 17 | sshkey: 18 | type: string 19 | encrypted: true 20 | title: SSH public key. 21 | description: The public key for SSH connectivity (cat ~/.ssh/id_rsa.pub) 22 | resources: 23 | Cloud_Machine_1: 24 | type: Cloud.Machine 25 | properties: 26 | image: ubuntu-server-18.04 27 | flavor: small 28 | cloudConfig: 29 | hostname: '${input.hostname1}' 30 | users: 31 | - name: '${input.user}' 32 | ssh-authorized-keys: 33 | - '${input.sshkey}' 34 | sudo: 35 | - 'ALL=(ALL) NOPASSWD:ALL' 36 | groups: sudo 37 | shell: /bin/bash 38 | repo_update: true 39 | repo_upgrade: all 40 | package_update: true 41 | package_upgrade: all 42 | 43 | packages: 44 | - wget 45 | - sshpass 46 | - curl 47 | 48 | runcmd: 49 | - sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config 50 | - sed -i 's/PermitRootLogin prohibit-password/PermitRootLogin yes/g' /etc/ssh/sshd_config 51 | - service sshd restart 52 | - apt-get update -y 53 | - apt-get install apt-transport-https ca-certificates curl software-properties-common 54 | - /usr/bin/curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - 55 | - apt-key fingerprint 0EBFCD88 -y 56 | - add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" 57 | - apt-get update -y 58 | - apt-get install docker-ce -y 59 | - /bin/sed -i 's@ExecStart=/usr/bin/dockerd -H fd://@ExecStart=/usr/bin/dockerd -H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock@' /lib/systemd/system/docker.service 60 | - /bin/systemctl daemon-reload 61 | - /bin/systemctl restart docker 62 | -------------------------------------------------------------------------------- /blueprints/docker-host-cloudinit/README.md: -------------------------------------------------------------------------------- 1 | ### Author(s) 2 | - Grant Orchard 3 | 4 | ### Summary 5 | This blueprint creates a Docker host that can be used for many functions, including a valid endpoint for Codestream to use as part of its CI Workspace. 6 | 7 | ### Usage: 8 | You will note that there is no user creation block in cloud-init. I've moved to placing user creation under image profiles, however if you need to add this to your cloud-init block, the syntax is as follows: 9 | ``` 10 | users: 11 | - name: "${inputs.username}" 12 | ssh-authorized-keys: 13 | - "${inputs.ssh_public_key}" 14 | sudo: ['ALL=(ALL) NOPASSWD:ALL'] 15 | groups: sudo 16 | shell: /bin/bash 17 | ``` -------------------------------------------------------------------------------- /blueprints/docker-host-cloudinit/blueprint.yaml: -------------------------------------------------------------------------------- 1 | name: Docker Host 2 | version: 1.0 3 | formatVersion: 1 4 | inputs: 5 | platform: 6 | type: string 7 | description: Applies a constraint to this blueprint to inform the placement decision 8 | enum: 9 | - aws 10 | - azure 11 | - gcp 12 | - vsphere 13 | resources: 14 | Cloud_Network: 15 | type: Cloud.Network 16 | properties: 17 | networkType: existing 18 | docker_host: 19 | type: Cloud.Machine 20 | properties: 21 | image: ubuntu 16.04 22 | flavor: small 23 | constraints: 24 | - tag: 'platform:${input.platform}' 25 | cloudConfig: | 26 | #cloud-config 27 | apt: 28 | sources: 29 | docker.list: 30 | source: deb https://download.docker.com/linux/ubuntu $RELEASE stable 31 | keyserver: https://download.docker.com/linux/ubuntu/gpg 32 | repo_update: true 33 | repo_upgrade: all 34 | packages: 35 | - docker-ce 36 | write_files: 37 | - path: /etc/systemd/system/docker.service.d/override.conf 38 | permissions: '0644' 39 | content: | 40 | [Service] 41 | ExecStart= 42 | ExecStart=/usr/bin/dockerd -H fd:// -H tcp://0.0.0.0:2375 43 | runcmd: 44 | - systemctl daemon-reload 45 | - systemctl restart docker 46 | networks: 47 | - network: '${resource.Cloud_Network.id}' 48 | -------------------------------------------------------------------------------- /blueprints/harbor-host/README.md: -------------------------------------------------------------------------------- 1 | ### Author(s) 2 | - Anderson Duboc 3 | 4 | ### Summary 5 | This blueprint creates an Harbor Host that can be used with Code Stream as a docker registry. 6 | It uses cloud-init to install docker and docker-compose. It alsos download the harbor binaries to install a self-signed Harbor instance with Clair to scan docker images for vulnerabilities. 7 | 8 | ### Usage: 9 | You need a Route 53 hosted zone to use the way it is, but you can always remove the Route 53 block from the code. -------------------------------------------------------------------------------- /blueprints/harbor-host/blueprint.yaml: -------------------------------------------------------------------------------- 1 | name: Harbor-Host 2 | version: v1 3 | inputs: 4 | name: 5 | type: string 6 | title: Record name for your Harbor instance. #ex: harbor + hostedzone name 7 | username: 8 | type: string 9 | title: Username 10 | ssh_public_key: 11 | type: string 12 | title: Paste your ssh public -keyout 13 | resources: 14 | Cloud_Service_AWS_Route53_Record_1: 15 | type: Cloud.Service.AWS.Route53.Record 16 | properties: 17 | name: '${input.name}' 18 | type: A 19 | region: us-east-1 20 | account: aws-us-east-1 #your cloud account integration name 21 | zone_id: #your route 53 hosted zone id 22 | ttl: 300 23 | records: 24 | - '${Cloud_Machine_1.address}' 25 | Cloud_Machine_1: 26 | type: Cloud.Machine 27 | properties: 28 | image: Ubuntu 29 | flavor: Medium 30 | constraints: 31 | - tag: 'platform:aws' 32 | cloudConfig: | 33 | #-cloud-config 34 | repo_update: true 35 | repo_upgrade: all 36 | 37 | packages: 38 | - nginx 39 | users: 40 | - name: "${input.username}" 41 | ssh-authorized-keys: 42 | - "${input.ssh_public_key}" 43 | sudo: ['ALL=(ALL) NOPASSWD:ALL'] 44 | groups: sudo 45 | shell: /bin/bash 46 | 47 | runcmd: 48 | - apt-get update -y 49 | - apt-get install apt-transport-https ca-certificates curl software-properties-common 50 | - /usr/bin/curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - 51 | - apt-key fingerprint 0EBFCD88 -y 52 | - add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" 53 | - apt-get update -y 54 | - apt-get install docker-ce -y 55 | - /bin/sed -i 's@ExecStart=/usr/bin/dockerd -H fd://@ExecStart=/usr/bin/dockerd -H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock@' /lib/systemd/system/docker.service 56 | - /bin/systemctl daemon-reload 57 | - /bin/systemctl restart docker 58 | - /bin/systemctl start nginx 59 | - /bin/systemctl enable nginx 60 | - sudo usermod -aG docker ubuntu 61 | - sudo curl -L "https://github.com/docker/compose/releases/download/1.24.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose 62 | - sudo chmod +x /usr/local/bin/docker-compose 63 | - wget https://storage.googleapis.com/harbor-releases/release-1.8.0/harbor-offline-installer-v1.8.2-rc2.tgz 64 | - tar -xvzf harbor-offline-installer-v1.8.2-rc2.tgz 65 | - mkdir -p /opt/harbor/ssl 66 | - openssl req -subj '/CN=${input.name + ".your.domain.local"}/O=LAB/C=US' -new -newkey rsa:4096 -sha256 -days 365 -nodes -x509 -keyout /opt/harbor/ssl/harbor.key -out /opt/harbor/ssl/harbor.crt 67 | - /bin/sed -i 's/^hostname.*/hostname':' ${input.name + ".vmwlatam.com"}/' /harbor/harbor.yml 68 | - /bin/sed -i 's/harbor_admin_password.*/harbor_admin_password':' VMware1!/' /harbor/harbor.yml 69 | - /bin/sed -i 's/ port':' 80/ port':' 8080/' /harbor/harbor.yml 70 | - /bin/sed -i 's/# https':'/https':'/' /harbor/harbor.yml 71 | - /bin/sed -i 's/# port':' 443/ port':' 443/' /harbor/harbor.yml 72 | - /bin/sed -i 's/# certificate':' \/your\/certificate\/path/ certificate':' \/opt\/harbor\/ssl\/harbor.crt/' /harbor/harbor.yml 73 | - /bin/sed -i 's/# private_key':' \/your\/private\/key\/path/ private_key':' \/opt\/harbor\/ssl\/harbor.key/' /harbor/harbor.yml 74 | - sudo ./harbor/install.sh --with-clair 75 | networks: 76 | - network: '${resource.Cloud_Network_1.id}' 77 | Cloud_Network_1: 78 | type: Cloud.Network 79 | properties: 80 | name: default 81 | networkType: existing 82 | constraints: 83 | - tag: 'platform:aws' 84 | 85 | -------------------------------------------------------------------------------- /blueprints/vmw-veba/README.md: -------------------------------------------------------------------------------- 1 | ### Author(s) 2 | - James Wirth 3 | 4 | ### Summary 5 | This blueprint deploys a vSphere Event Broker Appliance (VEBA) from an .ova that 6 | is available via http. In this case it's hosted on an Minio based object server. 7 | As part of the deployment the VEBA is connected to an existing vCenter. 8 | 9 | ### Usage: 10 | This Blueprint can be launched manually but it's often preferable to launch via 11 | Code Stream such that the inputs can be added in the Code Stream pipeline rather 12 | than having to type them in each time. 13 | 14 | Note: You may need to make some tweaks to the networking settings depending on 15 | your network profile configuration. -------------------------------------------------------------------------------- /blueprints/vmw-veba/blueprint.yaml: -------------------------------------------------------------------------------- 1 | formatVersion: 1 2 | inputs: 3 | vebaRootPassword: 4 | description: Root password for the appliance 5 | type: string 6 | default: 7 | vebaHostname: 8 | descrition: Hostname for the appliance 9 | type: string 10 | default: veba01 11 | vcenterServer: 12 | description: The vCenter to Connect VEBA to 13 | type: string 14 | default: vc01.domain.local 15 | vcenterUsername: 16 | description: vCenter Username 17 | type: string 18 | default: administrator@vsphere.local 19 | vcenterPassword: 20 | description: vCenter Password 21 | type: string 22 | default: 23 | vcenterDisableTLSVerification: 24 | description: Disable vCenter TLS 25 | type: string 26 | default: 'True' #Note: This is a boolean but due to a bug needs to be a string in the blueprint and MUST have a capital T in True. 27 | openFaasPassword: 28 | description: password for admin user for OpenFaaS UI 29 | type: string 30 | default: 31 | deploymentImage: 32 | description: http location of ova image 33 | type: string 34 | default: 'http://minio.domain.local/images/vCenter_Event_Broker_Appliance_v0.4.0.ova' 35 | resources: 36 | veba: 37 | type: Cloud.vSphere.Machine 38 | properties: 39 | imageRef: '${input.deploymentImage}' 40 | cpuCount: 4 41 | totalMemoryMB: 12288 42 | ovfProperties: 43 | - key: guestinfo.hostname 44 | value: '${input.vebaHostname}' 45 | - key: guestinfo.ipaddress 46 | value: '${self.networks[0].address}' 47 | - key: guestinfo.netmask 48 | value: 23 (255.255.254.0) 49 | - key: guestinfo.gateway 50 | value: '${Cloud_vSphere_Network_1.gatewayAddress}' 51 | - key: guestinfo.dns 52 | value: '${substring(resource.Cloud_vSphere_Network_1.dnsServerAddresses, 1, length(resource.Cloud_vSphere_Network_1.dnsServerAddresses)-1)}' 53 | - key: guestinfo.domain" 54 | value: '${Cloud_vSphere_Network_1.domain}' 55 | - key: searchpath 56 | value: '${substring(resource.Cloud_vSphere_Network_1.dnsSearchDomains, 1, length(resource.Cloud_vSphere_Network_1.dnsSearchDomains)-1)}' 57 | - key: guestinfo.root_password 58 | value: '${input.vebaRootPassword}' 59 | - key: guestinfo.vcenter_server 60 | value: '${input.vcenterServer}' 61 | - key: guestinfo.vcenter_username 62 | value: '${input.vcenterUsername}' 63 | - key: guestinfo.vcenter_password 64 | value: '${input.vcenterPassword}' 65 | - key: guestinfo.vcenter_disable_tls_verification 66 | value: '${input.vcenterDisableTLSVerification}' 67 | - key: guestinfo.openfaas_password 68 | value: '${input.openFaasPassword}' 69 | # cloudConfig: 70 | # runcmd: 71 | # - systemctl start sshd 72 | networks: 73 | - name: '${resource.Cloud_vSphere_Network_1.name}' 74 | network: '${resource.Cloud_vSphere_Network_1.id}' 75 | assignment: static 76 | Cloud_vSphere_Network_1: 77 | type: Cloud.Network 78 | properties: 79 | name: vRA_Network 80 | networkType: existing 81 | constraints: 82 | - tag: static-ip 83 | -------------------------------------------------------------------------------- /pipelines/README.md: -------------------------------------------------------------------------------- 1 | For blueprints, please provide details about required endpoints used and environmental particulars that will need to be updated to work in other environments. 2 | If you are using the CI workspace, please link to the image you use on Dockerhub. -------------------------------------------------------------------------------- /pipelines/aws-bitnami-artifactory.yml: -------------------------------------------------------------------------------- 1 | --- 2 | project: pset-devops 3 | kind: PIPELINE 4 | name: bitnami-artifactory 5 | enabled: true 6 | description: Pipeline to deploy bitnami-artifactory to aws 7 | concurrency: 10 8 | ciWorkspace: 9 | endpoint: '' 10 | image: '' 11 | registry: '' 12 | path: '' 13 | cache: 14 | - '' 15 | stageOrder: 16 | - Stage0 17 | stages: 18 | Stage0: 19 | taskOrder: 20 | - Task0 21 | tasks: 22 | Task0: 23 | type: Blueprint 24 | endpoints: 25 | gitServer: cloud-automation-content 26 | input: 27 | blueprint: '' 28 | filepath: blueprints/bitnami-artifactory/blueprint.yaml 29 | action: CreateDeployment 30 | deploymentName: '' 31 | version: '' 32 | parameters: { 33 | user: vmware, 34 | sshkey: '${var.ssh-cloud-pub-key}', 35 | hostname1: bitnami-artifactory, 36 | SelectCloud: 'env:aws' 37 | } 38 | notifications: 39 | email: 40 | - event: SUCCESS 41 | subject: bitnami-artifactory deployment 42 | endpoint: Codestream-Default-Email 43 | body: Deployment notification for bitnami-artifactory 44 | to: 45 | - someone@somewhere.com 46 | -------------------------------------------------------------------------------- /pipelines/aws-bitnami-tomcat.yml: -------------------------------------------------------------------------------- 1 | --- 2 | project: pset-devops 3 | kind: PIPELINE 4 | name: bitnami-tomcat 5 | enabled: true 6 | description: Pipeline to deploy bitnami tomcat to aws 7 | concurrency: 10 8 | ciWorkspace: 9 | endpoint: '' 10 | image: '' 11 | registry: '' 12 | path: '' 13 | cache: 14 | - '' 15 | stageOrder: 16 | - Stage0 17 | stages: 18 | Stage0: 19 | taskOrder: 20 | - Task0 21 | tasks: 22 | Task0: 23 | type: Blueprint 24 | endpoints: 25 | gitServer: cloud-automation-content 26 | input: 27 | blueprint: '' 28 | filepath: blueprints/bitnami-tomcat/blueprint.yaml 29 | action: CreateDeployment 30 | deploymentName: '' 31 | version: '' 32 | parameters: { 33 | user: vmware, 34 | sshkey: '${var.ssh-cloud-pub-key}', 35 | hostname1: bitnami-tomcat, 36 | SelectCloud: 'env:aws' 37 | } 38 | notifications: 39 | email: 40 | - subject: bitnami-tomcat deployment 41 | endpoint: Codestream-Default-Email 42 | event: SUCCESS 43 | body: Deployment notification for bitnami-tomcat 44 | to: 45 | - someone@somewhere.com 46 | -------------------------------------------------------------------------------- /pipelines/aws-openfaas-node.yml: -------------------------------------------------------------------------------- 1 | --- 2 | project: pset-devops 3 | kind: PIPELINE 4 | name: openfaas-node 5 | enabled: true 6 | description: Pipeline to deploy openfaas-node to aws 7 | concurrency: 10 8 | ciWorkspace: 9 | endpoint: 10 | image: 11 | registry: 12 | path: '' 13 | cache: 14 | - '' 15 | stageOrder: 16 | - Stage0 17 | stages: 18 | Stage0: 19 | taskOrder: 20 | - Task0 21 | tasks: 22 | Task0: 23 | type: Blueprint 24 | endpoints: 25 | gitServer: cloud-automation-content 26 | input: 27 | blueprint: '' 28 | filepath: blueprints/aws-openfaas-node/blueprint.yaml 29 | action: CreateDeployment 30 | deploymentName: '' 31 | version: '' 32 | parameters: { 33 | user: vmware, 34 | sshkey: '${var.ssh-cloud-pub-key}', 35 | hostname1: openfaas-node, 36 | SelectCloud: 'env:aws' 37 | } 38 | notifications: 39 | email: 40 | - event: SUCCESS 41 | subject: openfaas-node deployment 42 | endpoint: Codestream-Default-Email 43 | body: Deployment notification for openfaas-node 44 | to: 45 | - someone@somewhere.com 46 | -------------------------------------------------------------------------------- /pipelines/aws-ubuntu-docker-host.yml: -------------------------------------------------------------------------------- 1 | --- 2 | project: pset-devops 3 | kind: PIPELINE 4 | name: ubuntu-docker-host 5 | enabled: true 6 | description: Pipeline to deploy ubuntu-docker-host to aws 7 | concurrency: 10 8 | ciWorkspace: 9 | endpoint: docker-host-aws 10 | image: jameswwirth/vra-ci-task 11 | registry: docker-hub-vra-ci-task 12 | path: '' 13 | cache: 14 | - '' 15 | stageOrder: 16 | - Stage0 17 | stages: 18 | Stage0: 19 | taskOrder: 20 | - Task0 21 | tasks: 22 | Task0: 23 | type: Blueprint 24 | endpoints: 25 | gitServer: cloud-automation-content 26 | input: 27 | blueprint: '' 28 | filepath: blueprints/ubuntu-docker-host-aws/blueprint.yaml 29 | action: CreateDeployment 30 | deploymentName: '' 31 | version: '' 32 | parameters: { 33 | user: vmware, 34 | sshkey: '${var.ssh-cloud-pub-key}', 35 | hostname1: ubuntu-docker-host, 36 | SelectCloud: 'env:aws' 37 | } 38 | notifications: 39 | email: 40 | - event: SUCCESS 41 | subject: ubuntu-docker-host deployment 42 | endpoint: Codestream-Default-Email 43 | body: Deployment notification for ubuntu-docker-host 44 | to: 45 | - someone@somewhere.com 46 | -------------------------------------------------------------------------------- /pipelines/pulse-package.yml: -------------------------------------------------------------------------------- 1 | --- 2 | project: pset-devops 3 | kind: PIPELINE 4 | name: pulse-package 5 | icon: organization,left, is-warm-grey 6 | enabled: true 7 | description: Build and upload pulse packages 8 | concurrency: 10 9 | options: [ 10 | DOCKER_TRIGGER] 11 | workspace: 12 | endpoint: docker-host-aws 13 | image: jameswwirth/vra-ci-task 14 | registry: docker-hub-vra-ci-task 15 | path: /working 16 | limits: 17 | cpu: 1.0 18 | memory: 512 19 | stageOrder: 20 | - Stage0 21 | stages: 22 | Stage0: 23 | taskOrder: 24 | - build-package,get-pulse-token 25 | - upload-package 26 | - create-pulse-campaign 27 | tasks: 28 | build-package: 29 | type: CI 30 | input: 31 | steps: 32 | - '#!/bin/bash' 33 | - '# Install Dependencies (not necessary if build container has them)' 34 | - '# apt-get update' 35 | - python --version 36 | - '# apt-get install -y git python python-pip' 37 | - pip install pyyaml 38 | - '' 39 | - '#Configure Git Deployment Keys' 40 | - mkdir ~/.ssh/ 41 | - cat <> ~/.ssh/id_rsa.pub 42 | - ${var.github-deploy-public-key} 43 | - EOT 44 | - 'cat <> ~/.ssh/id_rsa ' 45 | - ${var.github-deploy-private-key} 46 | - EOT 47 | - cat <> ~/.ssh/config 48 | - Host * 49 | - ' StrictHostKeyChecking no' 50 | - EOT 51 | - chmod 600 ~/.ssh/id_rsa 52 | - chmod 600 ~/.ssh/id_rsa.pub 53 | - '# eval "$(ssh-agent -s)"' 54 | - '# ssh-add -k ~/.ssh/id_rsa' 55 | - '' 56 | - '# Download the Pulse pacakge CLI' 57 | - 'mkdir pulse-package ' 58 | - cd pulse-package 59 | - wget https://iotc005.vmware.com/api/iotc-cli/package-cli.zip 60 | - unzip package-cli.zip 61 | - chmod 755 linux_amd64/package-cli 62 | - '' 63 | - '# Download the peoplecounter repository' 64 | - git clone git@github.com:jameswwirth/people-counter-ingestion-service.git 65 | - cd people-counter-ingestion-service/build 66 | - pwd 67 | - ls 68 | - '' 69 | - '# Add the build number to the version' 70 | - chmod 755 ./people-counter-ingestion-service-spec.yml 71 | - chmod 755 ./version.py 72 | - python ./version.py people-counter-ingestion-service-spec.yml ${executionIndex} 73 | - '' 74 | - '# Build the package' 75 | - ../../linux_amd64/package-cli package create people-counter-ingestion-service-spec.yml 76 | - ls 77 | - '' 78 | - '# Export the package file name (it''s not really essential to do this in this step)' 79 | - '' 80 | - name=$(find -name "*.iotcp") 81 | - export PACKAGE_FILENAME=$name 82 | - echo $PACKAGE_FILENAME 83 | - '' 84 | - export PACKAGE_FILENAME="people_counter_ingestion_service-1.0.0-"${executionIndex}".iotcp" 85 | - echo $PACKAGE_FILENAME 86 | - '' 87 | export: 88 | - PACKAGE_FILENAME 89 | artifacts: [ 90 | ] 91 | process: [ 92 | ] 93 | get-pulse-token: 94 | type: REST 95 | input: 96 | action: get 97 | url: ${var.pulse-instance}/api/tokens 98 | headers: 99 | Accept: application/json;api-version=2.0 100 | Content-Type: application/json 101 | x-org-domain-name: vmwareinternal 102 | Authorization: Basic ${var.james-pulse-cred} 103 | payload: '' 104 | create-pulse-campaign: 105 | type: REST 106 | input: 107 | action: post 108 | url: https://${var.pulse-instance}/api/campaigns/ 109 | headers: 110 | Accept: application/json;api-version=2.0 111 | Content-Type: application/json 112 | Authorization: Bearer ${Stage0.get-pulse-token.output.responseBody.accessToken} 113 | payload: |- 114 | { 115 | "name": "jw-code-stream-build-${executionIndex}" 116 | } 117 | upload-package: 118 | type: CI 119 | input: 120 | steps: 121 | - '#!/bin/bash' 122 | - pwd 123 | - ls 124 | - cd pulse-package/people-counter-ingestion-service/build 125 | - pwd 126 | - ls 127 | - echo ${Stage0.build-package.output.exports.PACKAGE_FILENAME} 128 | - curl -X POST \ 129 | - ' https://${var.pulse-instance}/api/programs \' 130 | - ' -H "Accept: application/json;api-version=2.0" \' 131 | - ' -H ''Accept-Encoding: gzip, deflate'' \' 132 | - ' -H "Authorization:Bearer "${Stage0.get-pulse-token.output.responseBody.accessToken} \' 133 | - ' -H ''Cache-Control: no-cache'' \' 134 | - ' -H ''Connection: keep-alive'' \' 135 | - ' -H ''Content-Type: multipart/form-data'' \' 136 | - ' -H "Host: "${var.pulse-instance} \' 137 | - ' -H ''cache-control: no-cache'' \' 138 | - ' -F file=@${Stage0.build-package.output.exports.PACKAGE_FILENAME}' 139 | export: [ 140 | ] 141 | artifacts: [ 142 | ] 143 | process: [ 144 | ] 145 | -------------------------------------------------------------------------------- /pipelines/vmw-veba-deploy.yml: -------------------------------------------------------------------------------- 1 | --- 2 | project: pset-devops 3 | kind: PIPELINE 4 | name: vmw-veba-deploy 5 | icon: organization,left, is-ultramarine 6 | enabled: true 7 | description: Pipeline to deploy VEBA using the VEBA blueprint 8 | concurrency: 10 9 | workspace: 10 | endpoint: '' 11 | image: '' 12 | registry: '' 13 | path: '' 14 | autoCloneForTrigger: false 15 | limits: 16 | cpu: 1.0 17 | memory: 512 18 | stageOrder: 19 | - Stage0 20 | stages: 21 | Stage0: 22 | taskOrder: 23 | - Task0 24 | tasks: 25 | Task0: 26 | type: Blueprint 27 | endpoints: 28 | gitServer: cloud-automation-content 29 | input: 30 | action: CreateDeployment 31 | blueprint: '' 32 | deploymentName: '' 33 | parameters: 34 | vcenterPassword: VMware1! 35 | vebaHostname: veba01 36 | vebaRootPassword: VMware1! 37 | vcenterUsername: administrator@vsphere.local 38 | vcenterServer: vc01.domain.local 39 | openFaasPassword: VMware1! 40 | vcenterDisableTLSVerification: 'True' 41 | deploymentImage: http://minio.domain.local/images/vCenter_Event_Broker_Appliance_v0.4.0.ova 42 | version: '' 43 | filepath: /blueprints/vmw-veba/blueprint.yaml 44 | --------------------------------------------------------------------------------