diff --git a/CHANGELOG-0.3.md b/CHANGELOG-0.3.md index 29f33b21e1..17a4c2b570 100644 --- a/CHANGELOG-0.3.md +++ b/CHANGELOG-0.3.md @@ -5,8 +5,12 @@ ### Fixed - [#839](https://github.com/epiphany-platform/epiphany/issues/839) - Add ServerAliveInterval option to keep SSH connection for long running tasks +- [#1016](https://github.com/epiphany-platform/epiphany/issues/1016) - Disable verify, backup and recovery as they are not fully implemented +- [#1105](https://github.com/epiphany-platform/epiphany/issues/1105) - [v0.3] failing on task: Install container-selinux for RHEL +- [#1106](https://github.com/epiphany-platform/epiphany/issues/1106) - [v0.3] Epicli exiting with exit code 0 despite errors - [#1154](https://github.com/epiphany-platform/epiphany/issues/1154) - Node exporter is not installed on logging vms - [#1163](https://github.com/epiphany-platform/epiphany/issues/1163) - [v0.4, v0.3] Typo in the role name rabbitmq +- Added default machines for rabbitmq and load_balancer components ## [0.3.0] 2019-07-31 diff --git a/CHANGELOG.md b/CHANGELOG.md index 20f331cba9..b47e712c11 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,4 @@ -# Development release +# Changelog All notable changes to this project will be documented in linked files. @@ -7,24 +7,6 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0. Reference for actual cluster component versions can be found [here](docs/home/COMPONENTS.md) -## Current release - -### 0.3.x - -- [CHANGELOG-0.3.1](./CHANGELOG-0.3.md#030-2020-03-xx) -- [CHANGELOG-0.3.0](./CHANGELOG-0.3.md#030-2019-07-31) - -## Older releases - -### 0.2.x - -- [CHANGELOG-0.2.3](./CHANGELOG-0.2.md#023-2019-05-20) -- [CHANGELOG-0.2.2](./CHANGELOG-0.2.md#022-2019-03-29) -- [CHANGELOG-0.2.1](./CHANGELOG-0.2.md#021-2019-03-07) -- [CHANGELOG-0.2.0](./CHANGELOG-0.2.md#020-2019-02-19) - -### 0.1.x - -- [CHANGELOG-0.1.2](./CHANGELOG-0.1.md#012-2018-12-05) -- [CHANGELOG-0.1.1](./CHANGELOG-0.1.md#011-2018-11-21) -- [CHANGELOG-0.1.0](./CHANGELOG-0.1.md#010-2018-10-19) +- [CHANGELOG-0.3.x](./CHANGELOG-0.3.md) +- [CHANGELOG-0.2.x](./CHANGELOG-0.2.md) +- [CHANGELOG-0.1.x](./CHANGELOG-0.1.md) \ No newline at end of file diff --git a/core/src/epicli/.devcontainer/Dockerfile b/core/src/epicli/.devcontainer/Dockerfile new file mode 100644 index 0000000000..1823a833a5 --- /dev/null +++ b/core/src/epicli/.devcontainer/Dockerfile @@ -0,0 +1,35 @@ +FROM python:3.7 + +ENV DEBIAN_FRONTEND=noninteractive + +ARG USERNAME=vscode +ARG USER_UID=1000 +ARG USER_GID=$USER_UID + +RUN apt-get update \ + && apt-get -y install --no-install-recommends apt-utils dialog 2>&1 \ + + && apt-get -y install git procps lsb-release gcc make musl-dev libffi-dev tar unzip \ + + && apt-get -y install ruby-full \ + + && gem install serverspec rake rspec_junit_formatter \ + + && pip --disable-pip-version-check --no-cache-dir install pylint \ + + && pip --disable-pip-version-check --no-cache-dir install pipenv \ + + && groupadd --gid $USER_GID $USERNAME \ + && useradd -s /bin/bash --uid $USER_UID --gid $USER_GID -m $USERNAME \ + + && apt-get install -y sudo \ + && echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME \ + && chmod 0440 /etc/sudoers.d/$USERNAME \ + + && apt-get autoremove -y \ + && apt-get clean -y \ + && rm -rf /var/lib/apt/lists/* + +ENV DEBIAN_FRONTEND= + + diff --git a/core/src/epicli/.devcontainer/devcontainer.json b/core/src/epicli/.devcontainer/devcontainer.json new file mode 100644 index 0000000000..dca1a261ed --- /dev/null +++ b/core/src/epicli/.devcontainer/devcontainer.json @@ -0,0 +1,18 @@ +{ + "name": "epicli", + "dockerFile": "Dockerfile", + "extensions": [ + "ms-python.python", + "littlefoxteam.vscode-python-test-adapter", + "vscoss.vscode-ansible", + "wholroyd.jinja", + "redhat.vscode-yaml", + "mauve.terraform", + "davidanson.vscode-markdownlint" + ], + "settings": { + "python.pythonPath": "/usr/local/bin/python" + }, + "postCreateCommand": "sudo --preserve-env=https_proxy pipenv install --system --dev", + "runArgs": [ "-u", "vscode" ] +} diff --git a/core/src/epicli/.vscode/extensions.json b/core/src/epicli/.vscode/extensions.json new file mode 100644 index 0000000000..0a7a525d2f --- /dev/null +++ b/core/src/epicli/.vscode/extensions.json @@ -0,0 +1,12 @@ +{ + "recommendations": [ + "ms-vscode-remote.remote-containers", + "ms-python.python", + "littlefoxteam.vscode-python-test-adapter", + "vscoss.vscode-ansible", + "wholroyd.jinja", + "redhat.vscode-yaml", + "mauve.terraform", + "davidanson.vscode-markdownlint" + ] +} \ No newline at end of file diff --git a/core/src/epicli/.vscode/launch.json b/core/src/epicli/.vscode/launch.json new file mode 100644 index 0000000000..3522040017 --- /dev/null +++ b/core/src/epicli/.vscode/launch.json @@ -0,0 +1,21 @@ +{ + // Use IntelliSense to learn about possible attributes. + // Hover to view descriptions of existing attributes. + // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387 + "version": "0.2.0", + "configurations": [ + { + "name": "epicli", + "type": "python", + "request": "launch", + "program": "${workspaceFolder}/cli/epicli.py", + "cwd": "${workspaceFolder}", + "pythonPath": "${config:python.pythonPath}", + "env": { "PYTHONPATH": "${workspaceFolder}" }, + "console": "integratedTerminal", + "args": ["apply", "-f", "${workspaceFolder}/clusters/YOUR_DATA_YAML.yml"] + // "args": ["delete", "-b", "${workspaceFolder}/clusters/build/dir"] + // "args": ["init", "-p", "PROVIDER", "-n", "NAME"] + } + ] +} diff --git a/core/src/epicli/.vscode/settings.json b/core/src/epicli/.vscode/settings.json new file mode 100644 index 0000000000..195be80a55 --- /dev/null +++ b/core/src/epicli/.vscode/settings.json @@ -0,0 +1,6 @@ +{ + "python.linting.enabled": true, + "python.testing.unittestEnabled": false, + "python.testing.nosetestsEnabled": false, + "python.testing.pytestEnabled": true, +} \ No newline at end of file diff --git a/core/src/epicli/cli/engine/AnsibleCommand.py b/core/src/epicli/cli/engine/AnsibleCommand.py index a0373562b4..64cde9defc 100644 --- a/core/src/epicli/cli/engine/AnsibleCommand.py +++ b/core/src/epicli/cli/engine/AnsibleCommand.py @@ -47,6 +47,8 @@ def run_task_with_retries(self, inventory, module, args, hosts, retries, timeout self.logger.error(e) self.logger.info("Retry running task: " + str(i + 1) + "/" + str(retries)) time.sleep(timeout) + else: + raise Exception(f'Failed running task after {str(retries)} retries') def run_playbook(self, inventory, playbook_path): cmd = ['ansible-playbook'] @@ -78,4 +80,5 @@ def run_playbook_with_retries(self, inventory, playbook_path, retries, timeout=1 self.logger.error(e) self.logger.info("Retry running playbook: " + str(i + 1) + "/" + str(retries)) time.sleep(timeout) - return 1 + else: + raise Exception(f'Failed running playbook after {str(retries)} retries') diff --git a/core/src/epicli/cli/engine/EpiphanyEngine.py b/core/src/epicli/cli/engine/EpiphanyEngine.py index 160ac4210c..e88042274b 100644 --- a/core/src/epicli/cli/engine/EpiphanyEngine.py +++ b/core/src/epicli/cli/engine/EpiphanyEngine.py @@ -77,51 +77,43 @@ def collect_infrastructure_config(self): config_collector.run() def verify(self): - try: - self.process_input_docs() + self.process_input_docs() - self.process_configuration_docs() + self.process_configuration_docs() - self.process_infrastructure_docs() + self.process_infrastructure_docs() - save_manifest([*self.input_docs, *self.configuration_docs, *self.infrastructure_docs], self.cluster_model.specification.name) + save_manifest([*self.input_docs, *self.configuration_docs, *self.infrastructure_docs], self.cluster_model.specification.name) - return 0 - except Exception as e: - self.logger.error(e, exc_info=True) #TODO extensive debug output might not always be wanted. Make this configurable with input flag? - return 1 + return 0 def apply(self): - try: - self.process_input_docs() + self.process_input_docs() - self.process_infrastructure_docs() + self.process_infrastructure_docs() - if not self.skip_infrastructure: - # Generate terraform templates - with TerraformTemplateGenerator(self.cluster_model, self.infrastructure_docs) as template_generator: - template_generator.run() + if not self.skip_infrastructure: + # Generate terraform templates + with TerraformTemplateGenerator(self.cluster_model, self.infrastructure_docs) as template_generator: + template_generator.run() - # Run Terraform to create infrastructure - with TerraformRunner(self.cluster_model.specification.name) as tf_runner: - tf_runner.run() + # Run Terraform to create infrastructure + with TerraformRunner(self.cluster_model.specification.name) as tf_runner: + tf_runner.run() - self.process_configuration_docs() + self.process_configuration_docs() - self.collect_infrastructure_config() + self.collect_infrastructure_config() - # Run Ansible to provision infrastructure - docs = [*self.input_docs, *self.configuration_docs, *self.infrastructure_docs] - with AnsibleRunner(self.cluster_model, docs) as ansible_runner: - ansible_runner.run() + # Run Ansible to provision infrastructure + docs = [*self.input_docs, *self.configuration_docs, *self.infrastructure_docs] + with AnsibleRunner(self.cluster_model, docs) as ansible_runner: + ansible_runner.run() - # Save docs to manifest file - save_manifest(docs, self.cluster_model.specification.name) + # Save docs to manifest file + save_manifest(docs, self.cluster_model.specification.name) - return 0 - except Exception as e: - self.logger.error(e, exc_info=True) # TODO extensive debug output might not always be wanted. Make this configurable with input flag? - return 1 + return 0 def dry_run(self): diff --git a/core/src/epicli/cli/engine/PatchEngine.py b/core/src/epicli/cli/engine/PatchEngine.py index 37a4e789c6..ef598e6935 100644 --- a/core/src/epicli/cli/engine/PatchEngine.py +++ b/core/src/epicli/cli/engine/PatchEngine.py @@ -24,56 +24,45 @@ def run(self): pass def run_upgrade(self): - try: - build_directory = Config().output_dir - build_roles_directory = os.path.join(build_directory, 'ansible/roles') + build_directory = Config().output_dir + build_roles_directory = os.path.join(build_directory, 'ansible/roles') - upgrade_playbook_path = os.path.join(build_roles_directory, 'upgrade') - backup_playbook_path = os.path.join(build_roles_directory, 'backup') - recovery_playbook_path = os.path.join(build_roles_directory, 'recovery') + upgrade_playbook_path = os.path.join(build_roles_directory, 'upgrade') + backup_playbook_path = os.path.join(build_roles_directory, 'backup') + recovery_playbook_path = os.path.join(build_roles_directory, 'recovery') - upgrade_role_path = os.path.join(build_directory, 'ansible', 'upgrade.yml') + upgrade_role_path = os.path.join(build_directory, 'ansible', 'upgrade.yml') - epiphany_playbooks_path = os.path.dirname(__file__) + AnsibleRunner.ANSIBLE_PLAYBOOKS_PATH - epiphany_roles_path = os.path.join(epiphany_playbooks_path, 'roles') + epiphany_playbooks_path = os.path.dirname(__file__) + AnsibleRunner.ANSIBLE_PLAYBOOKS_PATH + epiphany_roles_path = os.path.join(epiphany_playbooks_path, 'roles') - upgrade_role_source_path = os.path.join(epiphany_roles_path, 'upgrade') - backup_role_source_path = os.path.join(epiphany_roles_path, 'backup') - restore_role_source_path = os.path.join(epiphany_roles_path, 'recovery') - playbook_source_path = os.path.join(epiphany_playbooks_path, 'upgrade.yml') + upgrade_role_source_path = os.path.join(epiphany_roles_path, 'upgrade') + backup_role_source_path = os.path.join(epiphany_roles_path, 'backup') + restore_role_source_path = os.path.join(epiphany_roles_path, 'recovery') + playbook_source_path = os.path.join(epiphany_playbooks_path, 'upgrade.yml') - copy_files_recursively(upgrade_role_source_path, upgrade_playbook_path) - copy_files_recursively(backup_role_source_path, backup_playbook_path) - copy_files_recursively(restore_role_source_path, recovery_playbook_path) - copy_file(playbook_source_path, upgrade_role_path) + copy_files_recursively(upgrade_role_source_path, upgrade_playbook_path) + copy_files_recursively(backup_role_source_path, backup_playbook_path) + copy_files_recursively(restore_role_source_path, recovery_playbook_path) + copy_file(playbook_source_path, upgrade_role_path) - inventory_path = get_inventory_path_for_build(build_directory) - self.ansible_command.run_playbook(inventory=inventory_path, playbook_path=upgrade_role_path) - return 0 - except Exception as e: - self.logger.error(e, exc_info=True) # TODO extensive debug output might not always be wanted. Make this configurable with input flag? - return 1 + inventory_path = get_inventory_path_for_build(build_directory) + self.ansible_command.run_playbook(inventory=inventory_path, playbook_path=upgrade_role_path) + + return 0 def run_backup(self): - try: - build_directory = Config().output_dir - backup_role_path = os.path.join(build_directory, 'ansible', 'backup.yml') - inventory_path = get_inventory_path_for_build(build_directory) - self.ansible_command.run_playbook(inventory=inventory_path, playbook_path=backup_role_path) + build_directory = Config().output_dir + backup_role_path = os.path.join(build_directory, 'ansible', 'backup.yml') + inventory_path = get_inventory_path_for_build(build_directory) + self.ansible_command.run_playbook(inventory=inventory_path, playbook_path=backup_role_path) - return 0 - except Exception as e: - self.logger.error(e, exc_info=True) # TODO extensive debug output might not always be wanted. Make this configurable with input flag? - return 1 + return 0 def run_recovery(self): - try: - build_directory = Config().output_dir - backup_role_path = os.path.join(build_directory, 'ansible', 'recovery.yml') - inventory_path = get_inventory_path_for_build(build_directory) - self.ansible_command.run_playbook(inventory=inventory_path, playbook_path=backup_role_path) - - return 0 - except Exception as e: - self.logger.error(e, exc_info=True) # TODO extensive debug output might not always be wanted. Make this configurable with input flag? - return 1 \ No newline at end of file + build_directory = Config().output_dir + backup_role_path = os.path.join(build_directory, 'ansible', 'recovery.yml') + inventory_path = get_inventory_path_for_build(build_directory) + self.ansible_command.run_playbook(inventory=inventory_path, playbook_path=backup_role_path) + + return 0 \ No newline at end of file diff --git a/core/src/epicli/cli/engine/UserConfigInitializer.py b/core/src/epicli/cli/engine/UserConfigInitializer.py index eedffc8b30..6cbf4a94a3 100644 --- a/core/src/epicli/cli/engine/UserConfigInitializer.py +++ b/core/src/epicli/cli/engine/UserConfigInitializer.py @@ -22,20 +22,16 @@ def __exit__(self, exc_type, exc_value, traceback): super().__exit__(exc_type, exc_value, traceback) def run(self): - try: - defaults = load_all_yaml_objs(types.DEFAULT, self.provider, 'configuration/minimal-cluster-config') - defaults[0].specification.name = self.name + defaults = load_all_yaml_objs(types.DEFAULT, self.provider, 'configuration/minimal-cluster-config') + defaults[0].specification.name = self.name - if self.is_full_config: - defaults = self.get_full_config(defaults) + if self.is_full_config: + defaults = self.get_full_config(defaults) - save_manifest(defaults, self.name, self.name+'.yml') + save_manifest(defaults, self.name, self.name+'.yml') - self.logger.info('Initialized user configuration and saved it to "' + os.path.join(get_build_path(self.name), self.name + '.yml') + '"') - return 0 - except Exception as e: - self.logger.error(e, exc_info=True) # TODO extensive debug output might not always be wanted. Make this configurable with input flag? - return 1 + self.logger.info('Initialized user configuration and saved it to "' + os.path.join(get_build_path(self.name), self.name + '.yml') + '"') + return 0 def get_full_config(self, config_docs): cluster_config_path = save_manifest(config_docs, self.name, self.name + '.yml') diff --git a/core/src/epicli/cli/epicli.py b/core/src/epicli/cli/epicli.py index 1ce5bfbe58..99fd96580a 100644 --- a/core/src/epicli/cli/epicli.py +++ b/core/src/epicli/cli/epicli.py @@ -48,12 +48,15 @@ def main(): # setup subparsers subparsers = parser.add_subparsers() - apply_parser(subparsers) - validate_parser(subparsers) init_parser(subparsers) + apply_parser(subparsers) upgrade_parser(subparsers) + + ''' + validate_parser(subparsers) backup_parser(subparsers) recovery_parser(subparsers) + ''' # check if there were any variables and display full help if len(sys.argv) < 2: @@ -73,8 +76,23 @@ def main(): config.log_count = args.log_count config.validate_certs = True if args.validate_certs == 'true' else False - return args.func(args) + try: + return args.func(args) + except Exception as e: + logger = Log('epicli') + logger.error(e, exc_info=True) + return 1 +def init_parser(subparsers): + sub_parser = subparsers.add_parser('init', description='Creates configuration file in working directory.') + sub_parser.add_argument('-p', '--provider', dest='provider', choices=['aws', 'azure', 'any'], default='any', type=str, + required=True, help='One of the supported providers: azure|aws|any') + sub_parser.add_argument('-n', '--name', dest='name', type=str, required=True, + help='Name of the cluster.') + + sub_parser.add_argument('--full', dest='full_config', action="store_true", + help='Use this flag if you want to create verbose configuration file.') + sub_parser.set_defaults(func=run_init) def apply_parser(subparsers): sub_parser = subparsers.add_parser('apply', description='Applies configuration from file.') @@ -85,7 +103,13 @@ def apply_parser(subparsers): sub_parser.set_defaults(func=run_apply) +def upgrade_parser(subparsers): + sub_parser = subparsers.add_parser('upgrade', description='[Experimental]: Upgrades existing Epiphany Platform to latest version.') + sub_parser.add_argument('-b', '--build', dest='build_directory', type=str, required=True, + help='Absolute path to directory with build artifacts.') + sub_parser.set_defaults(func=run_upgrade) +''' def validate_parser(subparsers): sub_parser = subparsers.add_parser('verify', description='Validates the configuration from file by executing a dry ' 'run without changing the physical ' @@ -94,26 +118,6 @@ def validate_parser(subparsers): help='File with infrastructure/configuration definitions to use.') sub_parser.set_defaults(func=run_validate) - -def init_parser(subparsers): - sub_parser = subparsers.add_parser('init', description='Creates configuration file in working directory.') - sub_parser.add_argument('-p', '--provider', dest='provider', choices=['aws', 'azure', 'any'], default='any', type=str, - required=True, help='One of the supported providers: azure|aws|any') - sub_parser.add_argument('-n', '--name', dest='name', type=str, required=True, - help='Name of the cluster.') - - sub_parser.add_argument('--full', dest='full_config', action="store_true", - help='Use this flag if you want to create verbose configuration file.') - sub_parser.set_defaults(func=run_init) - - -def upgrade_parser(subparsers): - sub_parser = subparsers.add_parser('upgrade', description='[Experimental]: Upgrades existing Epiphany Platform to latest version.') - sub_parser.add_argument('-b', '--build', dest='build_directory', type=str, required=True, - help='Absolute path to directory with build artifacts.') - sub_parser.set_defaults(func=run_upgrade) - - def backup_parser(subparsers): sub_parser = subparsers.add_parser('backup', description='[Experimental]: Backups existing Epiphany Platform components.') sub_parser.add_argument('-b', '--build', dest='build_directory', type=str, required=True, @@ -126,7 +130,7 @@ def recovery_parser(subparsers): sub_parser.add_argument('-b', '--build', dest='build_directory', type=str, required=True, help='Absolute path to directory with build artifacts.') sub_parser.set_defaults(func=run_recovery) - +''' def run_apply(args): adjust_paths(args) @@ -134,11 +138,6 @@ def run_apply(args): return engine.apply() -def run_validate(args): - adjust_paths(args) - with EpiphanyEngine(args) as engine: - return engine.verify() - def run_init(args): Config().output_dir = os.getcwd() @@ -153,6 +152,12 @@ def run_upgrade(args): with PatchEngine() as engine: return engine.run_upgrade() +''' +def run_validate(args): + adjust_paths(args) + with EpiphanyEngine(args) as engine: + return engine.verify() + def run_backup(args): if not query_yes_no('This is an experimental feature and could change at any time. Do you want to continue?'): @@ -161,14 +166,13 @@ def run_backup(args): with PatchEngine() as engine: return engine.run_backup() - def run_recovery(args): if not query_yes_no('This is an experimental feature and could change at any time. Do you want to continue?'): return 0 Config().output_dir = args.build_directory with PatchEngine() as engine: return engine.run_recovery() - +''' def adjust_paths(args): args.file = get_config_file_path(args.file) diff --git a/core/src/epicli/data/aws/defaults/infrastructure/virtual-machine.yml b/core/src/epicli/data/aws/defaults/infrastructure/virtual-machine.yml index 26210e0c84..3908a82ec6 100644 --- a/core/src/epicli/data/aws/defaults/infrastructure/virtual-machine.yml +++ b/core/src/epicli/data/aws/defaults/infrastructure/virtual-machine.yml @@ -451,6 +451,130 @@ specification: destination_port_range: "5601" source_address_prefix: "10.1.0.0/20" destination_address_prefix: "0.0.0.0/0" + - name: out + description: Allow out + priority: 101 + direction: Egress + access: Allow + protocol: "all" + source_port_range: "*" + destination_port_range: "0" + source_address_prefix: "0.0.0.0/0" + destination_address_prefix: "0.0.0.0/0" +--- +kind: infrastructure/virtual-machine +title: "Virtual Machine Infra" +provider: aws +name: rabbitmq-machine +specification: + tags: + - version: 0.4.2 + size: t3.micro + os_type: linux + security: + rules: + - name: ssh + description: Allow SSH + priority: 101 + direction: Inbound + access: Allow + protocol: Tcp + source_port_range: "*" + destination_port_range: "22" + source_address_prefix: "0.0.0.0/0" + destination_address_prefix: "0.0.0.0/0" + - name: node_exporter + description: Allow node_exporter traffic + priority: 302 + direction: Inbound + access: Allow + protocol: Tcp + source_port_range: "*" + destination_port_range: "9100" + source_address_prefix: "10.1.0.0/20" + destination_address_prefix: "0.0.0.0/0" + - name: rabbitmq + description: Allow rabbitmq traffic + priority: 303 + direction: Inbound + access: Allow + protocol: Tcp + source_port_range: "*" + destination_port_range: "5672" + source_address_prefix: "10.1.0.0/20" + destination_address_prefix: "0.0.0.0/0" + - name: rabbitmq_clustering_1 + description: Allow rabbitmq clustering traffic 1 + priority: 304 + direction: Inbound + access: Allow + protocol: Tcp + source_port_range: "*" + destination_port_range: "4369" + source_address_prefix: "10.1.8.0/24" + destination_address_prefix: "0.0.0.0/0" + - name: rabbitmq_clustering_1 + description: Allow rabbitmq clustering traffic 2 + priority: 305 + direction: Inbound + access: Allow + protocol: Tcp + source_port_range: "*" + destination_port_range: "25672" + source_address_prefix: "10.1.8.0/24" + destination_address_prefix: "0.0.0.0/0" + - name: out + description: Allow out + priority: 101 + direction: Egress + access: Allow + protocol: "all" + source_port_range: "*" + destination_port_range: "0" + source_address_prefix: "0.0.0.0/0" + destination_address_prefix: "0.0.0.0/0" +--- +kind: infrastructure/virtual-machine +title: "Virtual Machine Infra" +provider: aws +name: load-balancer-machine +specification: + tags: + - version: 0.4.2 + size: t3.micro + os_type: linux + security: + rules: + - name: ssh + description: Allow ssh traffic + priority: 101 + direction: Inbound + access: Allow + protocol: Tcp + source_port_range: "*" + destination_port_range: "22" + source_address_prefix: "0.0.0.0/0" + destination_address_prefix: "0.0.0.0/0" + - name: node_exporter + description: Allow node_exporter traffic + priority: 302 + direction: Inbound + access: Allow + protocol: Tcp + source_port_range: "*" + destination_port_range: "9100" + source_address_prefix: "10.1.0.0/20" + destination_address_prefix: "0.0.0.0/0" + - name: haproxy_exporter + description: Allow haproxy_exporter traffic + priority: 302 + direction: Inbound + access: Allow + protocol: Tcp + source_port_range: "*" + destination_port_range: "9101" + source_address_prefix: "10.1.0.0/20" + destination_address_prefix: "0.0.0.0/0" - name: out description: Allow out priority: 101 diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/docker/tasks/RedHat.yml b/core/src/epicli/data/common/ansible/playbooks/roles/docker/tasks/RedHat.yml index ae293162f1..ee5ee1c6a2 100644 --- a/core/src/epicli/data/common/ansible/playbooks/roles/docker/tasks/RedHat.yml +++ b/core/src/epicli/data/common/ansible/playbooks/roles/docker/tasks/RedHat.yml @@ -7,19 +7,18 @@ gpgkey: https://download.docker.com/linux/centos/gpg gpgcheck: yes -- name: Install container-selinux for RHEL 7.6 and later - yum: - name: http://mirror.centos.org/centos/7/extras/x86_64/Packages/container-selinux-2.99-1.el7_6.noarch.rpm - state: present - update_cache: yes - when: ansible_distribution_version is version('7.6', '>=') - -- name: Install container-selinux for 7.5 and older - yum: - name: http://mirror.centos.org/centos/7/extras/x86_64/Packages/container-selinux-2.74-1.el7.noarch.rpm - state: present - update_cache: yes - when: ansible_distribution_version is version('7.5', '<=') +- name: Install container-selinux + block: + - name: Install container-selinux-2.107-3.el7 + yum: + name: http://mirror.centos.org/centos/7/extras/x86_64/Packages/container-selinux-2.107-3.el7.noarch.rpm + state: present + update_cache: yes + rescue: + - name: Install container-selinux-2.107-1.el7_6 + yum: + name: http://vault.centos.org/7.6.1810/extras/x86_64/Packages/container-selinux-2.107-1.el7_6.noarch.rpm + state: present - name: Install Docker yum: diff --git a/core/src/epicli/data/common/defaults/epiphany-cluster.yml b/core/src/epicli/data/common/defaults/epiphany-cluster.yml index ffef1bab72..39f28fa191 100644 --- a/core/src/epicli/data/common/defaults/epiphany-cluster.yml +++ b/core/src/epicli/data/common/defaults/epiphany-cluster.yml @@ -67,14 +67,14 @@ specification: load_balancer: count: 1 - machine: default + machine: load-balancer-machine configuration: default subnets: - availability_zone: eu-west-2a address_pool: 10.1.7.0/24 rabbitmq: count: 0 - machine: default + machine: rabbitmq-machine configuration: default subnets: - availability_zone: eu-west-2a diff --git a/core/src/epicli/epicli.code-workspace b/core/src/epicli/epicli.code-workspace deleted file mode 100644 index 09ecdbb940..0000000000 --- a/core/src/epicli/epicli.code-workspace +++ /dev/null @@ -1,23 +0,0 @@ -{ - "folders": [ - { - "path": "." - } - ], - "launch": { - "version": "0.2.0", - "configurations": [ - { - "name": "Python: epicli.py", - "type": "python", - "request": "launch", - "program": "${workspaceFolder}/cli/epicli.py", - "cwd": "${workspaceFolder}", - "pythonPath": "${config:python.pythonPath}", - "env": { "PYTHONPATH": "${workspaceFolder}" }, - "console": "integratedTerminal", - "args": ["apply", "-f", "data_yaml_path"] - } - ] - } -} \ No newline at end of file