Auto password (#3)

* refactor: Role is now ess (was app)

* feat: Playbook now gets password from deployed secret

---------

Co-authored-by: a.b.christie <alan.christie@matildapeak.com>

Author: alanbchristie

.yamllint

@@ -7,10 +7,10 @@ yaml-files:
 
 ignore: |
   .github/
-  roles/app/templates/pvc-log.yaml.j2
-  roles/app/templates/pvc-database.yaml.j2
-  roles/app/templates/ingress.yaml.j2
-  roles/app/templates/deployment.yaml.j2
+  roles/ess/templates/pvc-log.yaml.j2
+  roles/ess/templates/pvc-database.yaml.j2
+  roles/ess/templates/ingress.yaml.j2
+  roles/ess/templates/deployment.yaml.j2
 
 rules:
   indentation:

parameters-local.yaml

@@ -6,10 +6,5 @@ ess_service_account: account-server
 ess_ws_hostname: account-server-ess
 ess_cert_issuer:
 
-r_user: "{{ lookup('env', 'IM_DEV_ESS_STREAM_USER') | default('eventstream', True) }}"
-r_password: "{{ lookup('env', 'IM_DEV_ESS_STREAM_PASSWORD') }}"
-
-ess_ampq_url: amqp://{{ r_user }}:{{ r_password }}@rabbit.im-infra.svc.cluster.local:5672/as?heartbeat=90
-
 ess_pull_policy_always: yes
 ess_priority_class: im-application-high

parameters-template.yaml

@@ -10,7 +10,6 @@ ess_namespace: SetMe
 ess_image_tag: SetMe
 ess_service_account: SetMe
 ess_ws_hostname: SetMe
-ess_ampq_url: SetMe
 
 ess_shared_volume_volume_storageclass: SetMe
 ess_log_volume_volume_storageclass: SetMe

roles/app/tasks/undeploy.yaml

@@ -11,8 +11,6 @@
     - ess_service_account != 'SetMe'
     - ess_ws_hostname | length > 0
     - ess_ws_hostname != 'SetMe'
-    - ess_ampq_url | length > 0
-    - ess_ampq_url != 'SetMe'
 
 # Check the namespace and other basic materials
 
@@ -39,6 +37,27 @@
     that:
     - sa_result.resources | length == 1
 
+- name: Get RabbitMQ Secret
+  kubernetes.core.k8s_info:
+    kind: Secret
+    name: rabbitmq
+    namespace: "{{ ess_namespace }}"
+  register: s_result
+
+- name: Insist that we have secrets
+  ansible.builtin.assert:
+    that:
+    - s_result.resources | length == 1
+
+- name: Set ESS RabbitMQ credentials
+  ansible.builtin.set_fact:
+    rmq_user: "{{ s_result.resources[0].data.vhost_es_user | b64decode }}"
+    rmq_password: "{{ s_result.resources[0].data.vhost_es_user_password | b64decode }}"
+
+- name: Set ESS RabbitMQ url
+  ansible.builtin.set_fact:
+    ampq_url: amqp://{{ rmq_user }}:{{ rmq_password }}@rabbit.{{ ess_namespace }}.svc.cluster.local:{{ ess_rmq_port }}/as?heartbeat=90
+
 # Ok - looks like everything's set up. Let's deploy the ESS
 
 - name: Deploy PVCs ({{ ess_namespace }})

roles/app/defaults/main.yaml roles/ess/defaults/main.yamlroles/app/defaults/main.yaml renamed to roles/ess/defaults/main.yaml

@@ -1,15 +1,16 @@
 ---
 
-- include_tasks: prep.yaml
+- name: Prep
+  include_tasks: prep.yaml
 
 - name: Assert authentication
-  assert:
+  ansible.builtin.assert:
     that:
     - kubeconfig | string | length > 0
     msg: "Define KUBECONFIG"
 
 - name: Display kubeconfig
-  debug:
+  ansible.builtin.debug:
     var: kubeconfig
 
 # Go...
@@ -22,7 +23,7 @@
   block:
 
   - name: Deploy
-    include_tasks: deploy.yaml
+    ansible.builtin.include_tasks: deploy.yaml
 
 - name: Undeploy block
   when: ess_state == 'absent'
@@ -32,4 +33,4 @@
   block:
 
   - name: Undeploy
-    include_tasks: undeploy.yaml
+    ansible.builtin.include_tasks: undeploy.yaml

roles/app/tasks/deploy.yaml roles/ess/tasks/deploy.yamlroles/app/tasks/deploy.yaml renamed to roles/ess/tasks/deploy.yaml

@@ -4,18 +4,18 @@
 
 # Expose ansible version
 - name: Display Ansible version
-  debug:
+  ansible.builtin.debug:
     var: ansible_version.full
 
 # Expose all the installed Python modules...
 
 - name: Capture pip freeze
-  command: pip freeze
+  ansible.builtin.command: pip freeze
   register: freeze
   changed_when: false
 
 - name: Display pip freeze
-  debug:
+  ansible.builtin.debug:
     var: freeze.stdout_lines
 
 # Kubernetes credentials ------------------------------------------------------
@@ -25,5 +25,5 @@
 # expected environment variables so that we can assert they've been set.
 
 - name: Set initial authentication facts
-  set_fact:
+  ansible.builtin.set_fact:
     kubeconfig: "{{ lookup('env', 'KUBECONFIG') }}"

roles/app/tasks/main.yaml roles/ess/tasks/main.yamlroles/app/tasks/main.yaml renamed to roles/ess/tasks/main.yaml

@@ -0,0 +1,14 @@
+---
+
+- name: Remove Event Stream
+  kubernetes.core.k8s:
+    definition: "{{ lookup('template', item) }}"
+    wait: yes
+    state: absent
+  loop:
+  - ingress.yaml.j2
+  - service-ws.yaml.j2
+  - service-api.yaml.j2
+  - deployment.yaml.j2
+  - pvc-database.yaml.j2
+  - pvc-log.yaml.j2

roles/app/tasks/prep.yaml roles/ess/tasks/prep.yamlroles/app/tasks/prep.yaml renamed to roles/ess/tasks/prep.yaml

@@ -73,7 +73,7 @@ spec:
           name: logs
         env:
         - name: ESS_AMPQ_URL
-          value: '{{ ess_ampq_url }}'
+          value: '{{ ampq_url }}'
         - name: ESS_INGRESS_LOCATION
           value: '{{ ess_ws_hostname }}'
         - name: ESS_INGRESS_SECURE