From c2365a8161c7c61c5078980a361b42c3030aa5cf Mon Sep 17 00:00:00 2001 From: Jay Patel <78554593+jarpat@users.noreply.github.com> Date: Fri, 8 Mar 2024 13:58:03 -0500 Subject: [PATCH 01/11] feat: (IAC-1375) Edit Ingress Definitions for Alertmanager To Adapt Changes From Viya Monitoring (#531) --- .../templates/host-based/user-values-prom-operator.yaml | 6 ++++++ .../templates/path-based/user-values-prom-operator.yaml | 9 ++++++++- 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/roles/monitoring/templates/host-based/user-values-prom-operator.yaml b/roles/monitoring/templates/host-based/user-values-prom-operator.yaml index fa8e9d44..30297faf 100644 --- a/roles/monitoring/templates/host-based/user-values-prom-operator.yaml +++ b/roles/monitoring/templates/host-based/user-values-prom-operator.yaml @@ -17,6 +17,12 @@ prometheus: - {{ V4M_PROMETHEUS_FQDN }} prometheusSpec: externalUrl: "https://{{ V4M_PROMETHEUS_FQDN }}" + alertingEndpoints: + - name: v4m-alertmanager + port: http-web + scheme: https + tlsConfig: + insecureSkipVerify: true storageSpec: volumeClaimTemplate: spec: diff --git a/roles/monitoring/templates/path-based/user-values-prom-operator.yaml b/roles/monitoring/templates/path-based/user-values-prom-operator.yaml index 3f583b65..1b40f137 100644 --- a/roles/monitoring/templates/path-based/user-values-prom-operator.yaml +++ b/roles/monitoring/templates/path-based/user-values-prom-operator.yaml @@ -24,7 +24,7 @@ grafana: # Note that Prometheus and Alertmanager do not have any # authentication configured by default, exposing an -# unauthenticated applicaton without other restrictions +# unauthenticated application without other restrictions # in place is insecure. prometheus: @@ -49,6 +49,13 @@ prometheus: prometheusSpec: routePrefix: /prometheus externalUrl: "https://{{ V4M_BASE_DOMAIN }}/prometheus" + alertingEndpoints: + - name: v4m-alertmanager + port: http-web + pathPrefix: "/alertmanager" + scheme: https + tlsConfig: + insecureSkipVerify: true alertmanager: # Disable default configuration of NodePort From c21a417aafd1bc59f4d60b1b4983123e69d406a7 Mon Sep 17 00:00:00 2001 From: Ritika Patil <94649368+riragh@users.noreply.github.com> Date: Fri, 8 Mar 2024 14:13:12 -0600 Subject: [PATCH 02/11] feat: (IAC-1236) Dependency version update (#530) --- Dockerfile | 8 ++++---- docs/user/Dependencies.md | 27 ++++++++++++++------------- requirements.txt | 10 +++++----- requirements.yaml | 6 +++--- 4 files changed, 26 insertions(+), 25 deletions(-) diff --git a/Dockerfile b/Dockerfile index a90f9225..e0836ca6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -9,7 +9,7 @@ RUN apt-get update && apt-get upgrade -y \ && update-alternatives --install /usr/bin/pip pip /usr/bin/pip3 1 FROM baseline as tool_builder -ARG kubectl_version=1.27.9 +ARG kubectl_version=1.27.11 WORKDIR /build @@ -17,9 +17,9 @@ RUN curl -sLO https://storage.googleapis.com/kubernetes-release/release/v$kubect # Installation FROM baseline -ARG helm_version=3.14.0 -ARG aws_cli_version=2.13.33 -ARG gcp_cli_version=460.0.0-0 +ARG helm_version=3.14.2 +ARG aws_cli_version=2.15.22 +ARG gcp_cli_version=464.0.0 # Add extra packages RUN apt-get update && apt-get install --no-install-recommends -y gzip wget git jq ssh sshpass skopeo rsync \ diff --git a/docs/user/Dependencies.md b/docs/user/Dependencies.md index 34915786..cfbf85a1 100644 --- a/docs/user/Dependencies.md +++ b/docs/user/Dependencies.md @@ -6,28 +6,29 @@ The following list details our dependencies and versions (~ indicates multiple p | SOURCE | NAME | VERSION | |----------------|------------------|-------------| -| ~ | python | >=3.10 | +| ~ | python | >=3.10 | | ~ | pip | 3.x | | ~ | unzip | any | | ~ | tar | any | -| ~ | docker | >=20.10.10 | +| ~ | docker | >=25.0.3 | | ~ | git | any | | ~ | rsync | any | | ~ | kubectl | 1.26 - 1.28 | -| ~ | Helm | 3.14.0 | -| pip3 | ansible | 9.1.0 | -| pip3 | openshift | 0.13.1 | -| pip3 | kubernetes | 26.1.0 | -| pip3 | dnspython | 2.3.0 | -| pip3 | docker | 5.0.3 | -| ansible-galaxy | community.docker | 2.7.8 | -| ansible-galaxy | ansible.utils | 2.3.0 | -| ansible-galaxy | kubernetes.core | 2.3.2 | +| ~ | Helm | 3.14.2 | +| pip3 | ansible | 9.2.0 | +| pip3 | openshift | 0.13.2 | +| pip3 | kubernetes | 27.2.0 | +| pip3 | dnspython | 2.6.1 | +| pip3 | docker | 7.0.0 | +| pip3 | urllib3 | 1.26.18 | +| ansible-galaxy | community.docker | 3.8.0 | +| ansible-galaxy | ansible.utils | 3.1.0 | +| ansible-galaxy | kubernetes.core | 3.0.1 | If you are using a provider based kubeconfig file created by viya4-iac-gcp:4.5.0 or newer, install these dependencies: | SOURCE | NAME | VERSION | |----------------|-------------------------|-------------| -| ~ | gcloud | 460.0.0 | +| ~ | gcloud | 464.0.0 | | ~ | gcloud-gke-auth-plugin | >= 0.5.2 | Required project dependencies are generally pinned to known working or stable versions to ensure users have a smooth initial experience. In some cases it may be required to change the default version of a dependency. In such cases users are welcome to experiment with alternate versions, however compatibility may not be guaranteed. @@ -48,7 +49,7 @@ As described in the [Docker Installation](./DockerUsage.md) section add addition ```bash # Override kubectl version docker build \ - --build-arg kubectl_version=1.27.9 \ + --build-arg kubectl_version=1.27.11 \ -t viya4-deployment . ``` diff --git a/requirements.txt b/requirements.txt index 6b618343..5b239b05 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,6 +1,6 @@ -ansible==9.1.0 # 8.6.0 # 2.10.7 -openshift==0.13.1 # 0.12.0 -kubernetes==26.1.0 # 12.0.1 -dnspython==2.3.0 # 2.1.0 -docker==5.0.3 +ansible==9.2.0 # 9.1.0 # 8.6.0 # 2.10.7 +openshift==0.13.2 # 0.13.1 # 0.12.0 +kubernetes==27.2.0 # 26.1.0 # 12.0.1 +dnspython==2.6.1 # 2.3.0 # 2.1.0 +docker==7.0.0 # 5.0.3 urllib3==1.26.18 diff --git a/requirements.yaml b/requirements.yaml index 66defdbe..c6a707bc 100644 --- a/requirements.yaml +++ b/requirements.yaml @@ -1,8 +1,8 @@ --- collections: - name: ansible.utils - version: 2.3.0 + version: 3.1.0 # 2.3.0 - name: community.docker - version: 2.7.8 + version: 3.8.0 # 2.7.8 - name: kubernetes.core - version: 2.3.2 + version: 3.0.0 # 2.3.2 From 608bf3c01483e17ed8391775e6e0d6aab57c4ce8 Mon Sep 17 00:00:00 2001 From: Jay Patel <78554593+jarpat@users.noreply.github.com> Date: Mon, 11 Mar 2024 14:43:28 -0400 Subject: [PATCH 03/11] docs: (IAC-1294) Add Note about sitedefault When Not Using Embedded LDAP (#532) Closes #485 --- docs/CONFIG-VARS.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/CONFIG-VARS.md b/docs/CONFIG-VARS.md index d3bd4637..4cf9d909 100644 --- a/docs/CONFIG-VARS.md +++ b/docs/CONFIG-VARS.md @@ -351,7 +351,7 @@ Additional documentation for the SAS Workload Orchestrator Service can be found | Name | Description | Type | Default | Required | Notes | Tasks | | :--- | ---: | ---: | ---: | ---: | ---: | ---: | | V4_CFG_CLUSTER_NODE_POOL_MODE | The mode of cluster node pool to use | string | "standard" | false | [standard, minimal] | viya | -| V4_CFG_EMBEDDED_LDAP_ENABLE | Deploy OpenLDAP in the namespace for authentication | bool | false | false | [Openldap Config](../roles/vdm/templates/generators/openldap-bootstrap-config.yaml) | viya | +| V4_CFG_EMBEDDED_LDAP_ENABLE | Deploy OpenLDAP in the namespace for authentication | bool | false | false | [Openldap Config](../roles/vdm/templates/generators/openldap-bootstrap-config.yaml). If you do not set this value to true, you must set `V4_CFG_SITEDEFAULT` to point to a sitedefault file which contains values applicable for your authentication configuration. | viya | | V4_CFG_CONSUL_ENABLE_LOADBALANCER | Set up LoadBalancer to access the Consul user interface | bool | false | false | Consul UI port is 8500. | viya | | V4_CFG_ELASTICSEARCH_ENABLE | Enable search with Open Distro for ElasticSearch | bool | true | false | When deploying LTS earlier than 2020.1 or Stable earlier than 2020.1.2, set to false. | viya | | V4_CFG_VIYA_START_SCHEDULE | Configure your SAS Viya platform deployment to start on specific schedules | string | | false | This variable accepts [CronJob schedule expressions](https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/#cron-schedule-syntax) to create your Viya start job schedule. See note below. | viya | From 401391f0bbbe2462e52405b03a401960b86271fd Mon Sep 17 00:00:00 2001 From: dhoucgitter Date: Tue, 24 Oct 2023 19:59:43 +0000 Subject: [PATCH 04/11] feat: (IAC-1211) Add optional helm authentication for dark site OCI Container Registries --- docs/CONFIG-VARS.md | 10 ++++++++-- roles/baseline/defaults/main.yml | 1 + roles/baseline/tasks/main.yaml | 16 ++++++++++++++++ roles/vdm/defaults/main.yaml | 2 ++ roles/vdm/tasks/main.yaml | 18 ++++++++++++++++++ 5 files changed, 45 insertions(+), 2 deletions(-) diff --git a/docs/CONFIG-VARS.md b/docs/CONFIG-VARS.md index 4cf9d909..7aede6d7 100644 --- a/docs/CONFIG-VARS.md +++ b/docs/CONFIG-VARS.md @@ -15,6 +15,7 @@ Supported configuration variables are listed in the table below. All variables - [SAS Software Order](#sas-software-order) - [SAS API Access](#sas-api-access) - [Container Registry Access](#container-registry-access) + - [OCI Container Registry Access](#oci-container-registry-access) - [Ingress](#ingress) - [Load Balancer](#load-balancer) - [Monitoring and Logging](#monitoring-and-logging) @@ -148,6 +149,11 @@ When V4_CFG_MANAGE_STORAGE is set to `true`, the `sas` and `pg-storage` storage | V4_CFG_CR_PASSWORD | Container registry password | string | | false | By default, credentials are included in the downloaded deployment assets. | viya | | V4_CFG_CR_URL | Container registry server | string | https://cr.sas.com | false | | viya | +## OCI Container Registry Access +| Name | Description | Type | Default | Required | Notes | Tasks | +| :--- | ---: | ---: | ---: | ---: | ---: | ---: | +| V4_CFG_OCI_REGISTRY_URI | OCI Container registry URI | string | | false | Container registry housing OCI images used for dark site deployments | baseline, viya | + ## Ingress | Name | Description | Type | Default | Required | Notes | Tasks | @@ -342,9 +348,9 @@ V4_CFG_POSTGRES_SERVERS: | :--- |------------:| ---: | ---: | ---: | ---: | ---: | | V4_WORKLOAD_ORCHESTRATOR_ENABLED | Enables the [SAS Workload Orchestrator](https://documentation.sas.com/?cdcId=itopscdc&cdcVersion=default&docsetId=dplyml0phy0dkr&docsetTarget=n08u2yg8tdkb4jn18u8zsi6yfv3d.htm#p1vo217m7ffso5n11vxwsyycw4tg) service and configures the required ClusterRole and ClusterRoleBinding used by the daemon. Setting this to false will disable SAS Workload Orchestrator service entirely | bool | true | false | This flag is only applicable for cadences 2023.08 and newer, this flag will perform no action on older cadences. | viya | -The SAS Workload Orchestrator Service is used to manage workload started on demand through the launcher service. As of cadence 2023.08 this feature is now deployed by default. The SAS Workload Orchestrator daemons require information about resources on the nodes that can be used to run jobs. In order to obtain accurate resource information, it requires a ClusterRole and a ClusterRoleBinding to the SAS Workload Orchestrator service account which will be automatically configured by this project if you set `V4_WORKLOAD_ORCHESTRATOR_ENABLED` to true. +The SAS Workload Orchestrator Service is used to manage workload started on demand through the launcher service. As of cadence 2023.08 this feature is now deployed by default. The SAS Workload Orchestrator daemons require information about resources on the nodes that can be used to run jobs. In order to obtain accurate resource information, it requires a ClusterRole and a ClusterRoleBinding to the SAS Workload Orchestrator service account which will be automatically configured by this project if you set `V4_WORKLOAD_ORCHESTRATOR_ENABLED` to true. -Additional documentation for the SAS Workload Orchestrator Service can be found here in the [SAS Viya Platform Operations documentation](https://documentation.sas.com/?cdcId=itopscdc&cdcVersion=default&docsetId=dplyml0phy0dkr&docsetTarget=n08u2yg8tdkb4jn18u8zsi6yfv3d.htm#p1vo217m7ffso5n11vxwsyycw4tg). +Additional documentation for the SAS Workload Orchestrator Service can be found here in the [SAS Viya Platform Operations documentation](https://documentation.sas.com/?cdcId=itopscdc&cdcVersion=default&docsetId=dplyml0phy0dkr&docsetTarget=n08u2yg8tdkb4jn18u8zsi6yfv3d.htm#p1vo217m7ffso5n11vxwsyycw4tg). ## Miscellaneous diff --git a/roles/baseline/defaults/main.yml b/roles/baseline/defaults/main.yml index edb8112c..0a609a87 100644 --- a/roles/baseline/defaults/main.yml +++ b/roles/baseline/defaults/main.yml @@ -8,6 +8,7 @@ V4_CFG_INGRESS_TYPE: ingress V4_CFG_INGRESS_MODE: public V4_CFG_MANAGE_STORAGE: true V4_CFG_AWS_LB_SUBNETS: "" +V4_CFG_OCI_REGISTRY_URI: null ## Cert-manager CERT_MANAGER_NAME: cert-manager diff --git a/roles/baseline/tasks/main.yaml b/roles/baseline/tasks/main.yaml index 9ec61392..1067cf53 100644 --- a/roles/baseline/tasks/main.yaml +++ b/roles/baseline/tasks/main.yaml @@ -3,6 +3,22 @@ --- +- name: Authenticate helm to V4_CFG_OCI_REGISTRY_URI + when: + - V4_CFG_OCI_REGISTRY_URI is defined + - V4_CFG_OCI_REGISTRY_URI is not none + - V4_CFG_CR_USER is defined + - V4_CFG_CR_USER is not none + - V4_CFG_CR_PASSWORD is defined + - V4_CFG_CR_PASSWORD is not none + command: + cmd: | + helm registry login {{ V4_CFG_OCI_REGISTRY_URI }} -u {{ V4_CFG_CR_USER }} --password-stdin + args: + stdin: "{{ V4_CFG_CR_PASSWORD }}" + tags: + - baseline + - name: Include nfs-subdir-external-provisioner include_tasks: file: nfs-subdir-external-provisioner.yaml diff --git a/roles/vdm/defaults/main.yaml b/roles/vdm/defaults/main.yaml index 94e3319a..cf8dba8e 100644 --- a/roles/vdm/defaults/main.yaml +++ b/roles/vdm/defaults/main.yaml @@ -19,6 +19,8 @@ V4_CFG_CR_PASSWORD: null V4_CFG_CR_URL: https://cr.sas.com V4_CFG_CR_HOST: '{{ V4_CFG_CR_URL | regex_replace("^https?:\/\/(.*)\/?", "\1") }}' +V4_CFG_OCI_REGISTRY_URI: null + V4_CFG_SAS_API_KEY: null V4_CFG_SAS_API_SECRET: null diff --git a/roles/vdm/tasks/main.yaml b/roles/vdm/tasks/main.yaml index 4054ae9c..64f5ac60 100644 --- a/roles/vdm/tasks/main.yaml +++ b/roles/vdm/tasks/main.yaml @@ -63,6 +63,24 @@ - uninstall - update +- name: Authenticate helm to V4_CFG_OCI_REGISTRY_URI + when: + - V4_CFG_OCI_REGISTRY_URI is defined + - V4_CFG_OCI_REGISTRY_URI is not none + - V4_CFG_CR_USER is defined + - V4_CFG_CR_USER is not none + - V4_CFG_CR_PASSWORD is defined + - V4_CFG_CR_PASSWORD is not none + command: + cmd: | + helm registry login {{ V4_CFG_OCI_REGISTRY_URI }} -u {{ V4_CFG_CR_USER }} --password-stdin + args: + stdin: "{{ V4_CFG_CR_PASSWORD }}" + tags: + - install + - uninstall + - update + - name: CR access when: - V4_CFG_CR_USER is not none From 22735ee82807727454fbab6c648a6a934b92238d Mon Sep 17 00:00:00 2001 From: dhoucgitter Date: Mon, 30 Oct 2023 16:50:52 +0000 Subject: [PATCH 05/11] Update note for V4_CFG_OCI_REGISTRY_URI --- docs/CONFIG-VARS.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/CONFIG-VARS.md b/docs/CONFIG-VARS.md index 7aede6d7..78f5cc46 100644 --- a/docs/CONFIG-VARS.md +++ b/docs/CONFIG-VARS.md @@ -152,7 +152,7 @@ When V4_CFG_MANAGE_STORAGE is set to `true`, the `sas` and `pg-storage` storage ## OCI Container Registry Access | Name | Description | Type | Default | Required | Notes | Tasks | | :--- | ---: | ---: | ---: | ---: | ---: | ---: | -| V4_CFG_OCI_REGISTRY_URI | OCI Container registry URI | string | | false | Container registry housing OCI images used for dark site deployments | baseline, viya | +| V4_CFG_OCI_REGISTRY_URI | OCI Container registry URI | string | | false | Set this value to helm authenticate to the indicated OCI registry using the `V4_CF_CR_USER` and `V4_CFG_CR_PASSWORD` values. Useful when the OCI container registry is used as a source for helm chart installs with dark site deployments. | baseline, viya | ## Ingress From 521be2ec823c3507323d9b329e167fadc2b5227a Mon Sep 17 00:00:00 2001 From: dhoucgitter Date: Mon, 30 Oct 2023 16:59:33 +0000 Subject: [PATCH 06/11] update note, fix typo --- docs/CONFIG-VARS.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/CONFIG-VARS.md b/docs/CONFIG-VARS.md index 78f5cc46..2c37fd27 100644 --- a/docs/CONFIG-VARS.md +++ b/docs/CONFIG-VARS.md @@ -152,7 +152,7 @@ When V4_CFG_MANAGE_STORAGE is set to `true`, the `sas` and `pg-storage` storage ## OCI Container Registry Access | Name | Description | Type | Default | Required | Notes | Tasks | | :--- | ---: | ---: | ---: | ---: | ---: | ---: | -| V4_CFG_OCI_REGISTRY_URI | OCI Container registry URI | string | | false | Set this value to helm authenticate to the indicated OCI registry using the `V4_CF_CR_USER` and `V4_CFG_CR_PASSWORD` values. Useful when the OCI container registry is used as a source for helm chart installs with dark site deployments. | baseline, viya | +| V4_CFG_OCI_REGISTRY_URI | OCI Container registry URI | string | | false | Set this value to activate helm authentication to the indicated OCI registry URI using the `V4_CFG_CR_USER` and `V4_CFG_CR_PASSWORD` values. Useful when the OCI container registry is used as a source for helm chart installs with dark site deployments. | baseline, viya | ## Ingress From 9adedb92f5ee6b2b02547c702ee76739a3d04bdb Mon Sep 17 00:00:00 2001 From: dhoucgitter Date: Wed, 13 Mar 2024 00:53:47 +0000 Subject: [PATCH 07/11] fix typo --- docs/CONFIG-VARS.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/CONFIG-VARS.md b/docs/CONFIG-VARS.md index 2c37fd27..31e46bde 100644 --- a/docs/CONFIG-VARS.md +++ b/docs/CONFIG-VARS.md @@ -159,7 +159,7 @@ When V4_CFG_MANAGE_STORAGE is set to `true`, the `sas` and `pg-storage` storage | Name | Description | Type | Default | Required | Notes | Tasks | | :--- | ---: | ---: | ---: | ---: | ---: | ---: | | V4_CFG_INGRESS_TYPE | The ingress controller to deploy | string | "ingress" | true | Possible values: "ingress" | baseline, viya | -| V4_CFG_INGRESS_FQDN | FQDN to the ingress for SAS Vya installation | string | | true | | viya | +| V4_CFG_INGRESS_FQDN | FQDN to the ingress for SAS Viya installation | string | | true | | viya | | V4_CFG_INGRESS_MODE | Whether to create a public or private Loadbalancer endpoint | string | "public" | false | Possible values: "public", "private". Setting this option to "private" adds options to the ingress controller that create a LoadBalancer with private IP address(es) only. | baseline | ## Load Balancer From c38b46ee336c27833f3649b7b85afce766fa74c4 Mon Sep 17 00:00:00 2001 From: dhoucgitter Date: Mon, 29 Apr 2024 18:18:27 +0000 Subject: [PATCH 08/11] Remove Experimental TOC entry and config variable from CONFIG-VARS.md --- docs/CONFIG-VARS.md | 5 ----- 1 file changed, 5 deletions(-) diff --git a/docs/CONFIG-VARS.md b/docs/CONFIG-VARS.md index 31e46bde..171d074b 100644 --- a/docs/CONFIG-VARS.md +++ b/docs/CONFIG-VARS.md @@ -15,7 +15,6 @@ Supported configuration variables are listed in the table below. All variables - [SAS Software Order](#sas-software-order) - [SAS API Access](#sas-api-access) - [Container Registry Access](#container-registry-access) - - [OCI Container Registry Access](#oci-container-registry-access) - [Ingress](#ingress) - [Load Balancer](#load-balancer) - [Monitoring and Logging](#monitoring-and-logging) @@ -149,10 +148,6 @@ When V4_CFG_MANAGE_STORAGE is set to `true`, the `sas` and `pg-storage` storage | V4_CFG_CR_PASSWORD | Container registry password | string | | false | By default, credentials are included in the downloaded deployment assets. | viya | | V4_CFG_CR_URL | Container registry server | string | https://cr.sas.com | false | | viya | -## OCI Container Registry Access -| Name | Description | Type | Default | Required | Notes | Tasks | -| :--- | ---: | ---: | ---: | ---: | ---: | ---: | -| V4_CFG_OCI_REGISTRY_URI | OCI Container registry URI | string | | false | Set this value to activate helm authentication to the indicated OCI registry URI using the `V4_CFG_CR_USER` and `V4_CFG_CR_PASSWORD` values. Useful when the OCI container registry is used as a source for helm chart installs with dark site deployments. | baseline, viya | ## Ingress From b4ad189b1e922badb0c31cf1c8fe5920a4f463a6 Mon Sep 17 00:00:00 2001 From: dhoucgitter Date: Mon, 29 Apr 2024 18:24:57 +0000 Subject: [PATCH 09/11] Add baseline and vdm default value for DARK_SITE_ENABLED flag --- roles/baseline/defaults/main.yml | 2 +- roles/vdm/defaults/main.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/baseline/defaults/main.yml b/roles/baseline/defaults/main.yml index 0a609a87..9a59c38e 100644 --- a/roles/baseline/defaults/main.yml +++ b/roles/baseline/defaults/main.yml @@ -8,7 +8,7 @@ V4_CFG_INGRESS_TYPE: ingress V4_CFG_INGRESS_MODE: public V4_CFG_MANAGE_STORAGE: true V4_CFG_AWS_LB_SUBNETS: "" -V4_CFG_OCI_REGISTRY_URI: null +V4_CFG_DARK_SITE_ENABLED : false ## Cert-manager CERT_MANAGER_NAME: cert-manager diff --git a/roles/vdm/defaults/main.yaml b/roles/vdm/defaults/main.yaml index cf8dba8e..f66c87e7 100644 --- a/roles/vdm/defaults/main.yaml +++ b/roles/vdm/defaults/main.yaml @@ -19,7 +19,7 @@ V4_CFG_CR_PASSWORD: null V4_CFG_CR_URL: https://cr.sas.com V4_CFG_CR_HOST: '{{ V4_CFG_CR_URL | regex_replace("^https?:\/\/(.*)\/?", "\1") }}' -V4_CFG_OCI_REGISTRY_URI: null +V4_CFG_DARK_SITE_ENABLED: false V4_CFG_SAS_API_KEY: null V4_CFG_SAS_API_SECRET: null From 65b7b53756abcc4cfb038917e452bec55ca05223 Mon Sep 17 00:00:00 2001 From: dhoucgitter Date: Mon, 29 Apr 2024 18:28:31 +0000 Subject: [PATCH 10/11] Adjust Ansible tasks to use V4_CFG_CR_URL, drop use of abandoned V4_CFG_OCI_REGISTRY_URI --- roles/baseline/tasks/main.yaml | 8 ++++---- roles/vdm/tasks/main.yaml | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/roles/baseline/tasks/main.yaml b/roles/baseline/tasks/main.yaml index 1067cf53..bd9c4e1a 100644 --- a/roles/baseline/tasks/main.yaml +++ b/roles/baseline/tasks/main.yaml @@ -3,17 +3,17 @@ --- -- name: Authenticate helm to V4_CFG_OCI_REGISTRY_URI +- name: Helm authenticate to private repository when: - - V4_CFG_OCI_REGISTRY_URI is defined - - V4_CFG_OCI_REGISTRY_URI is not none + - V4_CFG_DARK_SITE_ENABLED is defined + - V4_CFG_DARK_SITE_ENABLED - V4_CFG_CR_USER is defined - V4_CFG_CR_USER is not none - V4_CFG_CR_PASSWORD is defined - V4_CFG_CR_PASSWORD is not none command: cmd: | - helm registry login {{ V4_CFG_OCI_REGISTRY_URI }} -u {{ V4_CFG_CR_USER }} --password-stdin + helm registry login {{ V4_CFG_CR_URL }} -u {{ V4_CFG_CR_USER }} --password-stdin args: stdin: "{{ V4_CFG_CR_PASSWORD }}" tags: diff --git a/roles/vdm/tasks/main.yaml b/roles/vdm/tasks/main.yaml index 64f5ac60..2f0795a8 100644 --- a/roles/vdm/tasks/main.yaml +++ b/roles/vdm/tasks/main.yaml @@ -63,17 +63,17 @@ - uninstall - update -- name: Authenticate helm to V4_CFG_OCI_REGISTRY_URI +- name: Helm authenticate to private repository when: - - V4_CFG_OCI_REGISTRY_URI is defined - - V4_CFG_OCI_REGISTRY_URI is not none + - V4_CFG_DARK_SITE_ENABLED is defined + - V4_CFG_DARK_SITE_ENABLED - V4_CFG_CR_USER is defined - V4_CFG_CR_USER is not none - V4_CFG_CR_PASSWORD is defined - V4_CFG_CR_PASSWORD is not none command: cmd: | - helm registry login {{ V4_CFG_OCI_REGISTRY_URI }} -u {{ V4_CFG_CR_USER }} --password-stdin + helm registry login {{ V4_CFG_CR_URL }} -u {{ V4_CFG_CR_USER }} --password-stdin args: stdin: "{{ V4_CFG_CR_PASSWORD }}" tags: From e9e672feef9c53484752073d3579f2dd210952a9 Mon Sep 17 00:00:00 2001 From: dhoucgitter Date: Mon, 29 Apr 2024 19:02:06 +0000 Subject: [PATCH 11/11] remove unwanted space --- roles/baseline/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/baseline/defaults/main.yml b/roles/baseline/defaults/main.yml index 9a59c38e..b0593b6d 100644 --- a/roles/baseline/defaults/main.yml +++ b/roles/baseline/defaults/main.yml @@ -8,7 +8,7 @@ V4_CFG_INGRESS_TYPE: ingress V4_CFG_INGRESS_MODE: public V4_CFG_MANAGE_STORAGE: true V4_CFG_AWS_LB_SUBNETS: "" -V4_CFG_DARK_SITE_ENABLED : false +V4_CFG_DARK_SITE_ENABLED: false ## Cert-manager CERT_MANAGER_NAME: cert-manager