Roles to start uptane and tear it down, on demo server #1
Conversation
|
There are some formatting/git hygiene issues on this PR that need fixing before merge:
I'll start reviewing the code, but the title, description, and commit history are all going to need fixing before this is ready to merge. Here's a good article on how to write good commit messages: https://cbea.ms/git-commit/ |
There was a problem hiding this comment.
There's a bit of a start here, but needs a lot of revisions before it can be merged. In addition to the specific issues referenced in the review, there's no error handling. Remember, this will run as an automated process; you need to catch errors and deal with them appropriately.
|
The other major issue here is with the style/goals of writing ansible playbooks. One of the main reasons to use a tool like ansible is idempotence. In general, we should avoid the |
d80ep08th
force-pushed
the
gsoc-22-wip
branch
2 times, most recently
from
cc2f27b to
f4574cc
Compare
d80ep08th
changed the title
d80ep08th
changed the title
d80ep08th
changed the title
| - name: Pull Uptane ota-lith | ||
| community.docker.docker_image: | ||
| name: uptane/ota-lith | ||
| source: pull |
There was a problem hiding this comment.
Pulling the image from docker hub is fine, as long as there's also some automation set up so that we can be sure we're pulling the right tag. That would belong in ota-community-edition once ota-lith is brought in there.
There was a problem hiding this comment.
Actually, it's a bit weird to be pulling the image here. Shouldn't this be done later, by docker-compose?
There was a problem hiding this comment.
The documentation on ota-lith mentions pulling it before starting up docker compose. That is logical though , it should be done by docker-compose itself.
roles/soft-reset/tasks/main.yml
Outdated
| - name: Tear down existing services | ||
| community.docker.docker_compose: | ||
| project_src: /etc/uptane/ | ||
| remove_images: all |
There was a problem hiding this comment.
I figured everything needed to be taken down
There was a problem hiding this comment.
As long as you're pulling the images in the setup step, there's no particular reason to delete the old ones in a soft reset. It's the volumes that matter.
d80ep08th
force-pushed
the
gsoc-22-wip
branch
2 times, most recently
from
bc9db0c to
a7a45a1
Compare
- install-prereqs This role should be run just after the server has been wiped, but can be run at any subsequent time. It makes sure that the necessary packages for running ota-ce are installed on the demo server. - configure-demo-server This role should only be run after the server has been wiped and all the necessary packages are installed on the demo-server. It will throw error if you run this role after this role has been already run once. It configures the ota-ce to be capable of starting all its services on the demo-server and setup the landing page for the server. - start-server This role should be run after the demo server is configured and after a soft-wipe. It will start all the services in docker containers and create key material, making sure the services are online and available to use for the internet. - soft-wipe-demo-server This role should be run after the ota-ce services have been started. This role will tear down all services and delete all key material and user data.
- hard-reset.yml This playbook will reset the server completely and can be run anytime. It starts by wiping out everyting on the server, then bringing up the firewall and then installing all the necessary software to run ota-ce. Then it configures ota-ce and runs the services. - setup-server.yml This playbook will wipe reset the server completely and then configure ota-ce on it. It does exactly what hard-reset playbook does except it will not start the services on the server. It will make sure that ota-ce is configured to run on the server. - soft-reset.yml This playbook will reset the server and start it again without wiping out the whole server. It will bring down all the services and delete all key material, then it will start up those services again. - demo-uptane.yml This playbook can be run once the server is completely wiped out and the firewall is up. will install all the prerequisite software, configure the server to run ota-ce and then start the services on the server. If all services are down and only the uptane directory is deleted from the server, this playbook can be run to set uptane back up again.
- landing-page.conf Contains the nginx configuration to display landing page on uptanedemo.org - index.html Landing page's index file that will display the html content. - landing-page-framework.zip Contains the necessary js, css and fonts files to add to the user experience of the landing page. All these files are copied over to the landing-page's nginx container while playing the configure-demo-server role
- added changes in the roles for hard-reset.yml - changed name of the configure-security role to start-firewall - removed the role to create credentials - added deescription of demo-uptane playbook's roles
d80ep08th
force-pushed
the
gsoc-22-wip
branch
from
b3d15f1 to
b709ec6
Compare
Added Roles: