introduce certmgm & apple
This commit is contained in:
gittestuser
parent
4c578bcf81
commit
5b3a4ea4ac
13 changed files with 101 additions and 28 deletions
|
|
@ -0,0 +1,5 @@
|
||||||
|
package org.domaindrivenarchitecture.provs.configuration.domain
|
||||||
|
|
||||||
|
typealias Ipv6 = String
|
||||||
|
typealias Ipv4 = String
|
||||||
|
typealias Fqdn = String
|
||||||
|
|
@ -1,6 +0,0 @@
|
||||||
package org.domaindrivenarchitecture.provs.server.domain.k3s
|
|
||||||
|
|
||||||
typealias Ipv6 = String
|
|
||||||
typealias Ipv4 = String
|
|
||||||
typealias Fqdn = String
|
|
||||||
typealias Reprovision = Boolean
|
|
||||||
|
|
@ -0,0 +1,5 @@
|
||||||
|
package org.domaindrivenarchitecture.provs.server.domain
|
||||||
|
|
||||||
|
enum class CertmanagerEndpoint {
|
||||||
|
STAGING, PROD
|
||||||
|
}
|
||||||
|
|
@ -0,0 +1,10 @@
|
||||||
|
package org.domaindrivenarchitecture.provs.server.domain.k3s
|
||||||
|
|
||||||
|
import kotlinx.serialization.Serializable
|
||||||
|
import org.domaindrivenarchitecture.provs.server.domain.CertmanagerEndpoint
|
||||||
|
|
||||||
|
@Serializable
|
||||||
|
data class Certmanager(
|
||||||
|
val email: Email,
|
||||||
|
val letsencryptEndpoint: CertmanagerEndpoint
|
||||||
|
)
|
||||||
|
|
@ -1,14 +1,21 @@
|
||||||
package org.domaindrivenarchitecture.provs.server.domain.k3s
|
package org.domaindrivenarchitecture.provs.server.domain.k3s
|
||||||
|
|
||||||
import kotlinx.serialization.Serializable
|
import kotlinx.serialization.Serializable
|
||||||
import org.domaindrivenarchitecture.provs.server.infrastructure.CertManagerEndPoint
|
import org.domaindrivenarchitecture.provs.configuration.domain.Fqdn
|
||||||
|
|
||||||
@Serializable
|
@Serializable
|
||||||
data class K3sConfig(
|
data class K3sConfig(
|
||||||
val fqdn: Fqdn,
|
val fqdn: Fqdn,
|
||||||
val node: Node,
|
val node: Node,
|
||||||
val loopback: Loopback = Loopback(ipv4 = "192.168.5.1", ipv6 = "fc00::5:1"),
|
val loopback: Loopback = Loopback(ipv4 = "192.168.5.1", ipv6 = "fc00::5:1"),
|
||||||
val reprovision: Reprovision = false,
|
val certmanager: Certmanager? = null,
|
||||||
val letsencryptEndpoint: CertManagerEndPoint = CertManagerEndPoint.STAGING
|
val apple: Apple? = null,
|
||||||
|
val reprovision: Reprovision = false
|
||||||
) {
|
) {
|
||||||
|
|
||||||
|
// valid only if: apple != null >> certmanager != null
|
||||||
|
|
||||||
|
fun isDualStack(): Boolean {
|
||||||
|
return node.ipv6 != null && loopback.ipv6 != null
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -1,8 +1,10 @@
|
||||||
package org.domaindrivenarchitecture.provs.server.domain.k3s
|
package org.domaindrivenarchitecture.provs.server.domain.k3s
|
||||||
|
|
||||||
import kotlinx.serialization.Serializable
|
import kotlinx.serialization.Serializable
|
||||||
|
import org.domaindrivenarchitecture.provs.configuration.domain.Ipv4
|
||||||
|
import org.domaindrivenarchitecture.provs.configuration.domain.Ipv6
|
||||||
|
|
||||||
@Serializable
|
@Serializable
|
||||||
data class Loopback(
|
data class Loopback(
|
||||||
val ipv4: Ipv4,
|
val ipv4: Ipv4,
|
||||||
val ipv6: Ipv6?)
|
val ipv6: Ipv6? = null)
|
||||||
|
|
@ -1,8 +1,10 @@
|
||||||
package org.domaindrivenarchitecture.provs.server.domain.k3s
|
package org.domaindrivenarchitecture.provs.server.domain.k3s
|
||||||
|
|
||||||
import kotlinx.serialization.Serializable
|
import kotlinx.serialization.Serializable
|
||||||
|
import org.domaindrivenarchitecture.provs.configuration.domain.Ipv4
|
||||||
|
import org.domaindrivenarchitecture.provs.configuration.domain.Ipv6
|
||||||
|
|
||||||
@Serializable
|
@Serializable
|
||||||
data class Node(
|
data class Node(
|
||||||
val ipv4: Ipv4,
|
val ipv4: Ipv4,
|
||||||
val ipv6: Ipv6?)
|
val ipv6: Ipv6? = null)
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,5 @@
|
||||||
|
package org.domaindrivenarchitecture.provs.server.domain.k3s
|
||||||
|
|
||||||
|
typealias Reprovision = Boolean
|
||||||
|
typealias Apple = Boolean
|
||||||
|
typealias Email = String
|
||||||
|
|
@ -4,6 +4,7 @@ import org.domaindrivenarchitecture.provs.framework.core.Prov
|
||||||
import org.domaindrivenarchitecture.provs.framework.core.ProvResult
|
import org.domaindrivenarchitecture.provs.framework.core.ProvResult
|
||||||
import org.domaindrivenarchitecture.provs.framework.ubuntu.filesystem.base.createFileFromResourceTemplate
|
import org.domaindrivenarchitecture.provs.framework.ubuntu.filesystem.base.createFileFromResourceTemplate
|
||||||
import org.domaindrivenarchitecture.provs.framework.ubuntu.filesystem.base.fileExists
|
import org.domaindrivenarchitecture.provs.framework.ubuntu.filesystem.base.fileExists
|
||||||
|
import org.domaindrivenarchitecture.provs.server.domain.k3s.K3sConfig
|
||||||
|
|
||||||
val loopbackFile = "/etc/netplan/99-loopback.yaml"
|
val loopbackFile = "/etc/netplan/99-loopback.yaml"
|
||||||
val resourcePath = "org/domaindrivenarchitecture/provs/infrastructure/network/"
|
val resourcePath = "org/domaindrivenarchitecture/provs/infrastructure/network/"
|
||||||
|
|
@ -12,20 +13,26 @@ fun Prov.testNetworkExists(): Boolean {
|
||||||
return fileExists(loopbackFile)
|
return fileExists(loopbackFile)
|
||||||
}
|
}
|
||||||
|
|
||||||
fun Prov.provisionNetwork(loopbackIpv4: String, loopbackIpv6: String?) = task {
|
fun Prov.provisionNetwork(k3sConfig: K3sConfig) = task {
|
||||||
val isDualStack = loopbackIpv6?.isNotEmpty() ?: false
|
|
||||||
if(!testNetworkExists()) {
|
if(!testNetworkExists()) {
|
||||||
if(isDualStack) {
|
if(k3sConfig.isDualStack()) {
|
||||||
createFileFromResourceTemplate(
|
createFileFromResourceTemplate(
|
||||||
loopbackFile,
|
loopbackFile,
|
||||||
"99-loopback.yaml.template",
|
"99-loopback.dual.template.yaml",
|
||||||
resourcePath,
|
resourcePath,
|
||||||
mapOf("loopback_ipv4" to loopbackIpv4, "loopback_ipv6" to loopbackIpv6!!),
|
mapOf("loopback_ipv4" to k3sConfig.loopback.ipv4, "loopback_ipv6" to k3sConfig.loopback.ipv6!!),
|
||||||
"644",
|
"644",
|
||||||
sudo = true
|
sudo = true
|
||||||
)
|
)
|
||||||
} else {
|
} else {
|
||||||
|
createFileFromResourceTemplate(
|
||||||
|
loopbackFile,
|
||||||
|
"99-loopback.ipv4.template.yaml",
|
||||||
|
resourcePath,
|
||||||
|
mapOf("loopback_ipv4" to k3sConfig.loopback.ipv4),
|
||||||
|
"644",
|
||||||
|
sudo = true
|
||||||
|
)
|
||||||
}
|
}
|
||||||
cmd("netplan apply", sudo = true)
|
cmd("netplan apply", sudo = true)
|
||||||
} else {
|
} else {
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,8 @@
|
||||||
package org.domaindrivenarchitecture.provs.framework.extensions.workplace
|
package org.domaindrivenarchitecture.provs.framework.extensions.workplace
|
||||||
|
|
||||||
|
import org.domaindrivenarchitecture.provs.configuration.domain.ConfigFileName
|
||||||
|
import org.domaindrivenarchitecture.provs.configuration.domain.TargetCliCommand
|
||||||
|
import org.domaindrivenarchitecture.provs.desktop.application.DesktopCliCommand
|
||||||
import org.domaindrivenarchitecture.provs.test.defaultTestContainer
|
import org.domaindrivenarchitecture.provs.test.defaultTestContainer
|
||||||
import org.domaindrivenarchitecture.provs.test.tags.ContainerTest
|
import org.domaindrivenarchitecture.provs.test.tags.ContainerTest
|
||||||
import org.domaindrivenarchitecture.provs.desktop.domain.WorkplaceType
|
import org.domaindrivenarchitecture.provs.desktop.domain.WorkplaceType
|
||||||
|
|
@ -10,6 +13,12 @@ import org.junit.jupiter.api.Test
|
||||||
|
|
||||||
internal class ProvisionWorkplaceKtTest {
|
internal class ProvisionWorkplaceKtTest {
|
||||||
|
|
||||||
|
val cmd = DesktopCliCommand(
|
||||||
|
ConfigFileName("bla"),
|
||||||
|
listOf(),
|
||||||
|
TargetCliCommand(null, null, null, false, null, false)
|
||||||
|
)
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@ContainerTest
|
@ContainerTest
|
||||||
fun provisionWorkplace() {
|
fun provisionWorkplace() {
|
||||||
|
|
|
||||||
|
|
@ -3,6 +3,11 @@ package org.domaindrivenarchitecture.provs.server.infrastructure
|
||||||
import org.domaindrivenarchitecture.provs.framework.ubuntu.filesystem.base.createDirs
|
import org.domaindrivenarchitecture.provs.framework.ubuntu.filesystem.base.createDirs
|
||||||
import org.domaindrivenarchitecture.provs.framework.ubuntu.filesystem.base.fileContainsText
|
import org.domaindrivenarchitecture.provs.framework.ubuntu.filesystem.base.fileContainsText
|
||||||
import org.domaindrivenarchitecture.provs.framework.ubuntu.install.base.aptInstall
|
import org.domaindrivenarchitecture.provs.framework.ubuntu.install.base.aptInstall
|
||||||
|
import org.domaindrivenarchitecture.provs.server.domain.CertmanagerEndpoint
|
||||||
|
import org.domaindrivenarchitecture.provs.server.domain.k3s.Certmanager
|
||||||
|
import org.domaindrivenarchitecture.provs.server.domain.k3s.K3sConfig
|
||||||
|
import org.domaindrivenarchitecture.provs.server.domain.k3s.Loopback
|
||||||
|
import org.domaindrivenarchitecture.provs.server.domain.k3s.Node
|
||||||
import org.domaindrivenarchitecture.provs.test.defaultTestContainer
|
import org.domaindrivenarchitecture.provs.test.defaultTestContainer
|
||||||
import org.domaindrivenarchitecture.provs.test.tags.ContainerTest
|
import org.domaindrivenarchitecture.provs.test.tags.ContainerTest
|
||||||
import org.junit.jupiter.api.Assertions.assertTrue
|
import org.junit.jupiter.api.Assertions.assertTrue
|
||||||
|
|
@ -23,7 +28,19 @@ internal class NetworkKtTest {
|
||||||
|
|
||||||
// when
|
// when
|
||||||
@Suppress("UNUSED_VARIABLE") // see comments below: about netplan not working in unprivileged container++++
|
@Suppress("UNUSED_VARIABLE") // see comments below: about netplan not working in unprivileged container++++
|
||||||
val res = p.provisionNetwork( "192.168.5.1", loopbackIpv6 = "fc00::5:1")
|
val res = p.provisionNetwork(
|
||||||
|
K3sConfig(
|
||||||
|
fqdn = "statistics.test.meissa-gmbh.de",
|
||||||
|
node = Node("162.55.164.138", "2a01:4f8:c010:672f::1"),
|
||||||
|
loopback = Loopback("192.168.5.1", "fc00::5:1"),
|
||||||
|
certmanager = Certmanager(
|
||||||
|
email = "admin@meissa-gmbh.de",
|
||||||
|
letsencryptEndpoint = CertmanagerEndpoint.PROD
|
||||||
|
),
|
||||||
|
apple = true,
|
||||||
|
reprovision = true
|
||||||
|
)
|
||||||
|
)
|
||||||
|
|
||||||
// then
|
// then
|
||||||
// assertTrue(res.success) -- netplan is not working in an unprivileged container - see also https://askubuntu.com/questions/813588/systemctl-failed-to-connect-to-bus-docker-ubuntu16-04-container
|
// assertTrue(res.success) -- netplan is not working in an unprivileged container - see also https://askubuntu.com/questions/813588/systemctl-failed-to-connect-to-bus-docker-ubuntu16-04-container
|
||||||
|
|
|
||||||
|
|
@ -3,7 +3,7 @@ package org.domaindrivenarchitecture.provs.server.infrastructure.k3s
|
||||||
import com.charleskorn.kaml.UnknownPropertyException
|
import com.charleskorn.kaml.UnknownPropertyException
|
||||||
import org.domaindrivenarchitecture.provs.configuration.domain.ConfigFileName
|
import org.domaindrivenarchitecture.provs.configuration.domain.ConfigFileName
|
||||||
import org.domaindrivenarchitecture.provs.server.domain.k3s.*
|
import org.domaindrivenarchitecture.provs.server.domain.k3s.*
|
||||||
import org.domaindrivenarchitecture.provs.server.infrastructure.CertManagerEndPoint
|
import org.domaindrivenarchitecture.provs.server.domain.CertmanagerEndpoint
|
||||||
import org.junit.jupiter.api.Assertions.assertEquals
|
import org.junit.jupiter.api.Assertions.assertEquals
|
||||||
import org.junit.jupiter.api.Test
|
import org.junit.jupiter.api.Test
|
||||||
import org.junit.jupiter.api.assertThrows
|
import org.junit.jupiter.api.assertThrows
|
||||||
|
|
@ -17,12 +17,19 @@ internal class ConfigRepositoryTest {
|
||||||
val config = getK3sConfig(ConfigFileName("src/test/resources/k3sServerConfig.yaml"))
|
val config = getK3sConfig(ConfigFileName("src/test/resources/k3sServerConfig.yaml"))
|
||||||
|
|
||||||
// then
|
// then
|
||||||
assertEquals(K3sConfig(
|
assertEquals(
|
||||||
"statistics.test.meissa-gmbh.de",
|
K3sConfig(
|
||||||
Node("159.69.176.151", "2a01:4f8:c010:672f::1"),
|
fqdn = "statistics.test.meissa-gmbh.de",
|
||||||
Loopback("192.168.5.1", "fc00::5:1"),
|
node = Node("162.55.164.138", "2a01:4f8:c010:672f::1"),
|
||||||
true,
|
loopback = Loopback("192.168.5.1", "fc00::5:1"),
|
||||||
CertManagerEndPoint.PROD), config)
|
certmanager = Certmanager(
|
||||||
|
email = "admin@meissa-gmbh.de",
|
||||||
|
letsencryptEndpoint = CertmanagerEndpoint.PROD
|
||||||
|
),
|
||||||
|
apple = true,
|
||||||
|
reprovision = true
|
||||||
|
), config
|
||||||
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,9 @@
|
||||||
fqdn: statistics.test.meissa-gmbh.de
|
fqdn: statistics.test.meissa-gmbh.de
|
||||||
node:
|
node:
|
||||||
ipv4: 159.69.176.151
|
ipv4: 162.55.164.138
|
||||||
ipv6: 2a01:4f8:c010:672f::1
|
ipv6: 2a01:4f8:c010:672f::1
|
||||||
reprovision: true
|
certmanager:
|
||||||
|
email: admin@meissa-gmbh.de
|
||||||
letsencryptEndpoint: PROD
|
letsencryptEndpoint: PROD
|
||||||
|
apple: true
|
||||||
|
reprovision: true
|
||||||
Loading…
Reference in a new issue
