Add-on BOSH Release for ansible-boshrelease
Add-on release with ansible playbooks to manage Cloud Foundry resources: users, security groups, quotas, feature flags, environment variables, organizations and spaces
The core functionality is provided by https://github.com/SpringerPE/ansible-cloudfoundry-role, this is just an add-on to run the that ansible role in a Bosh errand.
This is and add-on release, it will work only if it is deployed together with the ansible-boshrelease on the nodes, in particular with ansible-deploy job. Have a look at ansible-boshrelease for the requirements and to see how it works.
Considering v2 manifest style, this could be an example:
name: cfsetup # replace with `bosh status --uuid` director_uuid: 1c799a52-154b-4fb3-b181-d81ec5f3c97b releases: - name: ansible version: latest - name: ansible-cfsetup version: latest stemcells: - alias: trusty name: bosh-vsphere-esxi-ubuntu-trusty-go_agent version: latest instance_groups: - name: ansible-cfsetup lifecycle: errand instances: 1 vm_type: medium stemcell: trusty vm_extensions: [] azs: - Online networks: - name: online jobs: - name: ansible-deploy release: ansible - name: ansible-cfsetup release: ansible-cfsetup properties: ansible_cfsetup: credentials: - name: test api: "https://api.test.cf.springer-sbm.com" admin: "admin" password: "password" feature_flags: - name: user_org_creation value: true running_environment_variables: - name: HOLA value: hola - name: ADIOS value: bye security_groups: - name: sec1 state: present context: running context_state: present rules: - name: "allow-proxy" protocol: tcp destination: "10.20.0.1/0" ports: "8080" quotas: - name: quota1 state: present total_services: 100 total_routes: 1000 memory_limit: 1000 users: - name: pepe@hola.com state: present password: hola given_name: Pepe family_name: Family - name: claudio@hola.com state: present password: hola given_name: Claudio family_name: Family orgs: - name: org1 quota: quota1 state: present users: - name: pepe@hola.com managers: - name: claudio@hola.com spaces: - name: test - name: second - name: org2 state: present quota: quota1 spaces: - name: live state: present managers: - name: claudio@hola.com security_groups: - name: sec1 update: canaries: 1 max_in_flight: 1 serial: false canary_watch_time: 1000-60000 update_watch_time: 1000-60000 You can add more Cloud Foundry environments in credentials to apply the same settings to all of them (see also the parallel parameter to control the serialization/parallelism.
and that's all!, run bosh-deploy. Once the release has been deployed, you can run it as a errand:
# bosh errands https://10.10.0.10:25555 +-----------------+ | Name | +-----------------+ | ansible-cfsetup | +-----------------+ And then run the errand:
# bosh run errand ansible-cfsetup https://10.10.0.10:25555 Acting as user 'admin' on deployment 'cfsetup' on 'pe-dogo-01' Director task 2964 Started preparing deployment > Preparing deployment. Done (00:00:00) Started preparing package compilation > Finding packages to compile. Done (00:00:00) Started creating missing vms > ansible-cfsetup/26fb59a0-2866-49f6-8644-fcd0e1d85b75 (0). Done (00:02:14) Started updating instance ansible-cfsetup > ansible-cfsetup/26fb59a0-2866-49f6-8644-fcd0e1d85b75 (0) (canary). Done (00:00:24) Started running errand > ansible-cfsetup/0. Done (00:00:07) Started fetching logs for ansible-cfsetup/26fb59a0-2866-49f6-8644-fcd0e1d85b75 (0) > Finding and packing log files. Done (00:00:01) Started deleting errand instances ansible-cfsetup > ansible-cfsetup/26fb59a0-2866-49f6-8644-fcd0e1d85b75 (0). Done (00:00:18) Task 2964 done Started 2016-12-06 23:27:58 UTC Finished 2016-12-06 23:31:02 UTC Duration 00:03:04 [stdout] * 6637: /var/vcap/packages/ansible/bin/ansible-playbook -i /var/vcap/jobs/ansible-cfsetup/ansible/inventory /var/vcap/jobs/ansible-cfsetup/ansible/deploy.yml PLAY [Cloud Foundry settings playbook] ***************************************** TASK [cf : Check PIP dependencies for ansible modules] ************************* ok: [api.test.cf.springer-sbm.com -> localhost] => (item={'key': u'cfconfigurator', 'value': u'0.2.1'}) TASK [cf : Config - Set global feature flags] ********************************** ok: [api.test.cf.springer-sbm.com -> localhost] => (item={u'name': u'user_org_creation', u'value': True}) TASK [cf : Config - Set global running environment variables group] ************ ok: [api.test.cf.springer-sbm.com -> localhost] => (item={u'name': u'HOLA', u'value': u'hola'}) ok: [api.test.cf.springer-sbm.com -> localhost] => (item={u'name': u'ADIOS', u'value': u'bye'}) TASK [cf : Config - Set global staging environment variables group] ************ TASK [cf : Config - Set global shared domains] ********************************* TASK [cf : Secgroups - Setting global security groups] ************************* included: /var/vcap/data/packages/ansible-cfsetup/130e121141cce7268e2651986b21eae4d6af91c9.1-bfdc6e9241b17fb425b68848d61379589ebb49e6/roles/cf/tasks/secgroup.yml for api.test.cf.springer-sbm.com TASK [cf : Secgroup - Procesing security group sec1] *************************** ok: [api.test.cf.springer-sbm.com -> localhost] TASK [cf : Secgroup - Facts] *************************************************** ok: [api.test.cf.springer-sbm.com -> localhost] TASK [cf : Secgroup - Managing security group sec1: present] ******************* changed: [api.test.cf.springer-sbm.com -> localhost] TASK [cf : Secgroup - Setting up security group rules] ************************* changed: [api.test.cf.springer-sbm.com -> localhost] => (item=(0, {u'destination': u'10.20.0.1/0', u'protocol': u'tcp', u'name': u'allow-proxy', u'ports': u'8080'})) TASK [cf : Secgroup - Managing sec1 in space] ********************************** TASK [cf : Secgroups - Managing default security groups] *********************** changed: [api.test.cf.springer-sbm.com -> localhost] => (item={u'rules': [{u'destination': u'10.20.0.1/0', u'protocol': u'tcp', u'name': u'allow-proxy', u'ports': u'8080'}], u'state': u'present', u'name': u'sec1' , u'context': u'running', u'context_state': u'present'}) TASK [cf : Quotas - Processing quota definitions] ****************************** changed: [api.test.cf.springer-sbm.com -> localhost] => (item={u'memory_limit': 1000, u'state': u'present', u'total_routes': 1000, u'name': u'quota1', u'total_services': 100}) TASK [cf : Users - Managing users] ********************************************* changed: [api.test.cf.springer-sbm.com -> localhost] => (item={u'family_name': u'Family', u'state': u'present', u'password': u'hola', u'name': u'pepe@hola.com', u'given_name': u'Pepe'}) changed: [api.test.cf.springer-sbm.com -> localhost] => (item={u'family_name': u'Family', u'state': u'present', u'password': u'hola', u'name': u'claudio@hola.com', u'given_name': u'Claudio'}) TASK [cf : Orgs - Setting up organizations] ************************************ included: /var/vcap/data/packages/ansible-cfsetup/130e121141cce7268e2651986b21eae4d6af91c9.1-bfdc6e9241b17fb425b68848d61379589ebb49e6/roles/cf/tasks/org.yml for api.test.cf.springer-sbm.com included: /var/vcap/data/packages/ansible-cfsetup/130e121141cce7268e2651986b21eae4d6af91c9.1-bfdc6e9241b17fb425b68848d61379589ebb49e6/roles/cf/tasks/org.yml for api.test.cf.springer-sbm.com TASK [cf : Org - Procesing organization org1] ********************************** ok: [api.test.cf.springer-sbm.com -> localhost] TASK [cf : Org - Facts] ******************************************************** ok: [api.test.cf.springer-sbm.com -> localhost] TASK [cf : Org - Defining organization org1] *********************************** changed: [api.test.cf.springer-sbm.com -> localhost] TASK [cf : Org - Managing spaces for org1] ************************************* included: /var/vcap/data/packages/ansible-cfsetup/130e121141cce7268e2651986b21eae4d6af91c9.1-bfdc6e9241b17fb425b68848d61379589ebb49e6/roles/cf/tasks/space.yml for api.test.cf.springer-sbm.com included: /var/vcap/data/packages/ansible-cfsetup/130e121141cce7268e2651986b21eae4d6af91c9.1-bfdc6e9241b17fb425b68848d61379589ebb49e6/roles/cf/tasks/space.yml for api.test.cf.springer-sbm.com TASK [cf : Space - Procesing space test in org1 organization] ****************** ok: [api.test.cf.springer-sbm.com -> localhost] TASK [cf : Space - Facts] ****************************************************** ok: [api.test.cf.springer-sbm.com -> localhost] TASK [cf : Space - Managing space org1:test present] *************************** changed: [api.test.cf.springer-sbm.com -> localhost] TASK [cf : Space - Managing security groups for org1:test] ********************* TASK [cf : Space - Assigning developers to org1:test] ************************** TASK [cf : Space - Assigning managers to space org1:test] ********************** TASK [cf : Space - Assigning auditors to space org1:test] ********************** TASK [cf : Space - Procesing space second in org1 organization] **************** ok: [api.test.cf.springer-sbm.com -> localhost] TASK [cf : Space - Facts] ****************************************************** ok: [api.test.cf.springer-sbm.com -> localhost] TASK [cf : Space - Managing space org1:second present] ************************* changed: [api.test.cf.springer-sbm.com -> localhost] TASK [cf : Space - Managing security groups for org1:second] ******************* TASK [cf : Space - Assigning developers to org1:second] ************************ TASK [cf : Space - Assigning managers to space org1:second] ******************** TASK [cf : Space - Assigning auditors to space org1:second] ******************** TASK [cf : Org - Deleting spaces for org1] ************************************* TASK [cf : Org - Deleting organization org1] *********************************** TASK [cf : Org - Create private domains to organization org1] ****************** TASK [cf : Org - Assigning users to organization org1] ************************* changed: [api.test.cf.springer-sbm.com -> localhost] => (item={u'name': u'pepe@hola.com'}) changed: [api.test.cf.springer-sbm.com -> localhost] => (item={u'name': u'claudio@hola.com'}) TASK [cf : Org - Assigning managers to organization org1] ********************** changed: [api.test.cf.springer-sbm.com -> localhost] => (item={u'name': u'claudio@hola.com'}) TASK [cf : Org - Assigning auditors to organization org1] ********************** TASK [cf : Org - Assigning billing_managers to organization org1] ************** TASK [cf : Org - Assigning default organization org1 for requested users] ****** TASK [cf : Org - Procesing organization org2] ********************************** ok: [api.test.cf.springer-sbm.com -> localhost] TASK [cf : Org - Facts] ******************************************************** ok: [api.test.cf.springer-sbm.com -> localhost] TASK [cf : Org - Defining organization org2] *********************************** changed: [api.test.cf.springer-sbm.com -> localhost] TASK [cf : Org - Managing spaces for org2] ************************************* included: /var/vcap/data/packages/ansible-cfsetup/130e121141cce7268e2651986b21eae4d6af91c9.1-bfdc6e9241b17fb425b68848d61379589ebb49e6/roles/cf/tasks/space.yml for api.test.cf.springer-sbm.com TASK [cf : Space - Procesing space live in org2 organization] ****************** ok: [api.test.cf.springer-sbm.com -> localhost] TASK [cf : Space - Facts] ****************************************************** ok: [api.test.cf.springer-sbm.com -> localhost] TASK [cf : Space - Managing space org2:live present] *************************** changed: [api.test.cf.springer-sbm.com -> localhost] TASK [cf : Space - Managing security groups for org2:live] ********************* included: /var/vcap/data/packages/ansible-cfsetup/130e121141cce7268e2651986b21eae4d6af91c9.1-bfdc6e9241b17fb425b68848d61379589ebb49e6/roles/cf/tasks/secgroup.yml for api.test.cf.springer-sbm.com TASK [cf : Secgroup - Procesing security group sec1] *************************** ok: [api.test.cf.springer-sbm.com -> localhost] TASK [cf : Secgroup - Facts] *************************************************** ok: [api.test.cf.springer-sbm.com -> localhost] TASK [cf : Secgroup - Managing security group sec1: present] ******************* TASK [cf : Secgroup - Setting up security group rules] ************************* TASK [cf : Secgroup - Managing sec1 in space live] ***************************** changed: [api.test.cf.springer-sbm.com -> localhost] TASK [cf : Space - Assigning developers to org2:live] ************************** TASK [cf : Space - Assigning managers to space org2:live] ********************** changed: [api.test.cf.springer-sbm.com -> localhost] => (item={u'name': u'claudio@hola.com'}) TASK [cf : Space - Assigning auditors to space org2:live] ********************** TASK [cf : Org - Deleting spaces for org2] ************************************* TASK [cf : Org - Deleting organization org2] *********************************** TASK [cf : Org - Create private domains to organization org2] ****************** TASK [cf : Org - Assigning users to organization org2] ************************* TASK [cf : Org - Assigning managers to organization org2] ********************** TASK [cf : Org - Assigning auditors to organization org2] ********************** TASK [cf : Org - Assigning billing_managers to organization org2] ************** TASK [cf : Org - Assigning default organization org2 for requested users] ****** PLAY RECAP ********************************************************************* api.test.cf.springer-sbm.com : ok=38 changed=14 unreachable=0 failed=0 Playbook run took 0 days, 0 hours, 0 minutes, 16 seconds [stderr] None Errand 'ansible-cfsetup' completed successfully (exit code 0) Of course, you can include the errand in the Cloud Foundry manifest, in the same way as the smoke tests.
The source code is a submodule of this repo, get it by running:
git submodule init git submodule update All the functionality is provided by: https://github.com/SpringerPE/ansible-cloudfoundry-role The role is re-usable outside this release by re-defining a inventory with the variables and a group_vars folder. Have a look at the examples on its repository.
All actions/playbooks (thanks to ansible) are idempotent.
To create a final release run: ./bosh_final_release
SpringerNature Platform Engineering, José Riguera López (jose.riguera@springer.com)
Copyright 2017 Springer Nature
Apache 2.0 License