diff --git a/.ansible-lint b/.ansible-lint index 0c9cf06f..b922c78a 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -1,17 +1,53 @@ -var_naming_pattern: "^[a-zA-Z0-9_]*$" +--- +# .ansible-lint -parseable: true +profile: moderate +verbosity: 1 +strict: true +# Enforce variable names to follow pattern below, in addition to Ansible own +# requirements, like avoiding python identifiers. To disable add `var-naming` +# to skip_list. +var_naming_pattern: ^[a-zA-Z0-9_]*$ + +use_default_rules: true + +# Ansible-lint is able to recognize and load skip rules stored inside +# `.ansible-lint-ignore` (or `.config/ansible-lint-ignore.txt`) files. +# To skip a rule just enter filename and tag, like "playbook.yml package-latest" +# on a new line. +skip_list: + - role-name # DAC roles names contain dashes, can be ignored + - yaml[line-length] # it's easier to understand/debug the underlying command when it's not broken up + - name[template] # task name uses Jina template, this can be ignored + - var-naming + +# Ansible-lint does not automatically load rules that have the 'opt-in' tag. +# You must enable opt-in rules by listing each rule 'id' below. +enable_list: + - args + - empty-string-compare + - no-log-password + - no-same-owner + - yaml + +# exclude_paths included in this file are parsed relative to this file's location +# and not relative to the CWD of execution. CLI arguments passed to the --exclude +# option are parsed relative to the CWD of execution. exclude_paths: - .git/ - .gitignore - .cache/ - roles/istio + - roles/vdm/tasks/deploy.yaml # TODO schema[tasks] error for a docker 'Deploy BLT - Deploy SAS Viya' task + - .github/workflows # non ansible files -skip_list: - - unnamed-task - - role-name - - var-naming +# Offline mode disables installation of requirements.yml and schema refreshing +offline: false + +# Define required Ansible's variables to satisfy syntax check +extra_vars: + deployment_type: vsphere warn_list: - experimental diff --git a/viya4-deployment-darksite/README.md b/viya4-deployment-darksite/README.md index d7359007..b0570623 100644 --- a/viya4-deployment-darksite/README.md +++ b/viya4-deployment-darksite/README.md @@ -1,12 +1,12 @@ # Deploy to AWS EKS in Dark Site or Air-Gapped Site scenario -### Acknowledgments +### Contributors -The following individuals have contributed documentation, helper scripts and yaml templates that provided the basis for this document. +Thanks go to the following individuals who have contributed documentation, helper scripts and yaml templates that provided the basis for this document. - Josh Coburn - Matthias Ender -This file describes procedures, helper scripts, and example files. First decide on your deployment scenario: +This file describes procedures, helper scripts, and example files to assist with performing a dark site deployment using the `viya4-deploymemt` GitHub project. First decide on your deployment scenario: 1. The deployment virtual machine has Internet access but the EKS cluster cannot reach the Internet (dark site) - Follow procedures 1, 2, 4, and 6. 2. The deployment virtual machine and cluster has no Internet access (air-gapped site) - Follow procedures 1, 2, 5, and 6. Note: you'll still need to somehow push all the images and Helm charts to ECR from a machine with Internet access, and the deployment machine will use the private ECR endpoint in the VPC to pull these during install, so the deployment virtual machine won't need Internet access. @@ -25,15 +25,15 @@ This file describes procedures, helper scripts, and example files. First decide 2. **Push 3rd party images to ECR:** - refer to the `baseline-to-ecr` folder in this repo for helper scripts - - note: OpenLDAP is only required if you are planning to use OpenLDAP for your deployment. Script to automate this is located [here](https://github.com/sassoftware/viya4-deployment/blob/main/viya4-deployment-darksite/baseline-to-ecr/openldap.sh). + - note: OpenLDAP is only required if you are planning to use OpenLDAP for your deployment. Script to automate this is located [here](https://github.com/sassoftware/viya4-deployment/blob/feat/iac-1117/viya4-deployment-darksite/baseline-to-ecr/openldap.sh) [here](https://github.com/sassoftware/viya4-deployment/blob/main/viya4-deployment-darksite/baseline-to-ecr/openldap.sh). 3. **(Optional) If OpenLDAP is needed, modfy local viya4-deployment clone** - - Refer to the [darksite-openldap-mod](https://github.com/sassoftware/viya4-deployment/blob/main/viya4-aws-darksite/darksite-openldap-mod) folder for procedures. You can build the container using the script or do it manually. + - Refer to the [darksite-openldap-mod](https://github.com/sassoftware/viya4-deployment/blob/feat/iac-1117/viya4-aws-darksite/darksite-openldap-mod) [darksite-openldap-mod](https://github.com/sassoftware/viya4-deployment/blob/main/viya4-aws-darksite/darksite-openldap-mod) folder for procedures. You can build the container using the script or do it manually. 4. **Deployment machine has Internet access - use viya4-deployment for baseline,install** 1. Use built in variables for baseline configurations in your `ansible-vars.yaml` file: - - Example `ansible-vars.yaml` provided [here](https://github.com/sassoftware/viya4-deployment/blob/main/viya4-aws-darksite/deployment-machine-assets/software/ansible-vars-iac.yaml) + - Example `ansible-vars.yaml` provided [here](https://github.com/sassoftware/viya4-deployment/blob/feat/iac-1117/viya4-deployment-darksite/deployment-machine-assets/software/ansible-vars-iac.yaml) [here](https://github.com/sassoftware/viya4-deployment/blob/main/viya4-deployment-darksite/deployment-machine-assets/software/ansible-vars-iac.yaml) - The goal here is to change the image references to point to ECR versus an Internet facing repo and add cluster subnet ID annotations for the nginx load balancers: - Replace `{{ AWS_ACCT_ID }}` with your AWS account ID - Replace `{{ AWS_REGION }}` with your AWS region @@ -45,7 +45,7 @@ This file describes procedures, helper scripts, and example files. First decide 5. **Deployment machine has no Internet access - install baseline using Helm charts pulled from ECR** - Two Options: - 1. If using OCI type repo (like ECR), we can use `viya4-deployment` but we'll need to make some changes to the baseline items in `ansible-vars.yaml`. An example provided [here](https://github.com/sassoftware/viya4-deployment/blob/main/viya4-aws-darksite/deployment-machine-assets/software/ansible-vars-iac.yaml) includes the needed variables for OCI Helm support. Pay close attention to `XXX_CHART_URL` and `XXX_CHART_NAME` variables. + 1. If using OCI type repo (like ECR), we can use `viya4-deployment` but we'll need to make some changes to the baseline items in `ansible-vars.yaml`. An example provided [here](https://github.com/sassoftware/viya4-deployment/blob/feat/iac-1117/viya4-deployment-darksite/deployment-machine-assets/software/ansible-vars-iac.yaml) [here](https://github.com/sassoftware/viya4-deployment/blob/main/viya4-deployment-darksite/deployment-machine-assets/software/ansible-vars-iac.yaml) includes the needed variables for OCI Helm support. Pay close attention to `XXX_CHART_URL` and `XXX_CHART_NAME` variables. 2. Use Helm directly to "manually" install baseline items. - Refer to baseline-helm-install-ecr README.md for instructions.