Add nexus ansible role

This role deploys the internal nexus used as
offline source of docker images/npm packages for onap.

Change-Id: Iaf398eb03614749d2b3c100c241726144ccae1a0
Issue-ID: OOM-1551
Signed-off-by: Michal Zegan <m.zegan@samsung.com>
diff --git a/ansible/roles/nexus/defaults/main.yml b/ansible/roles/nexus/defaults/main.yml
new file mode 100644
index 0000000..57a79f9
--- /dev/null
+++ b/ansible/roles/nexus/defaults/main.yml
@@ -0,0 +1,2 @@
+#Defaults to install, can be set to configure.
+phase: install
diff --git a/ansible/roles/nexus/files/configure.groovy b/ansible/roles/nexus/files/configure.groovy
new file mode 100644
index 0000000..5691fe6
--- /dev/null
+++ b/ansible/roles/nexus/files/configure.groovy
@@ -0,0 +1,37 @@
+import org.sonatype.nexus.security.realm.RealmManager
+import org.sonatype.nexus.repository.attributes.AttributesFacet
+import org.sonatype.nexus.security.user.UserManager
+import org.sonatype.nexus.repository.manager.RepositoryManager
+import org.sonatype.nexus.security.user.UserNotFoundException
+
+/* Use the container to look up some services. */
+realmManager = container.lookup(RealmManager.class)
+userManager = container.lookup(UserManager.class, "default") //default user manager
+repositoryManager = container.lookup(RepositoryManager.class)
+
+/* Managers are used when scripting api cannot. Note that scripting api can only create mostly, and that creation methods return objects of created entities. */
+/* Perform cleanup by removing all repos and users. Realms do not need to be re-disabled, admin and anonymous user will not be removed. */
+userManager.listUserIds().each({ id ->
+    if (id != "anonymous" && id != "admin")
+        userManager.deleteUser(id)
+})
+
+repositoryManager.browse().each {
+    repositoryManager.delete(it.getName())
+}
+
+/* Add bearer token realms at the end of realm lists... */
+realmManager.enableRealm("NpmToken")
+realmManager.enableRealm("DockerToken")
+
+/* Create the docker user. */
+security.addUser("docker", "docker", "docker", "docker@example.com", true, "docker", ["nx-anonymous"])
+
+/* Create npm and docker repositories. Their default configuration should be compliant with our requirements, except the docker registry creation. */
+repository.createNpmHosted("npm-private")
+def r = repository.createDockerHosted("docker", 8082, 0)
+
+/* force basic authentication true by default, must set to false for docker repo. */
+conf=r.getConfiguration()
+conf.attributes("docker").set("forceBasicAuth", false)
+repositoryManager.update(conf)
diff --git a/ansible/roles/nexus/tasks/configure.yml b/ansible/roles/nexus/tasks/configure.yml
new file mode 100644
index 0000000..66712d8
--- /dev/null
+++ b/ansible/roles/nexus/tasks/configure.yml
@@ -0,0 +1,34 @@
+---
+- name: "check if the configuration script is uploaded"
+  uri:
+    url: "{{ nexus_url }}/service/rest/v1/script/configure"
+    method: GET
+    force_basic_auth: yes
+    user: admin
+    password: admin123
+    status_code: [200, 404]
+  register: script
+- block:
+    - name: "upload the configuration script"
+      uri:
+        url: "{{ nexus_url }}/service/rest/v1/script"
+        method: POST
+        force_basic_auth: yes
+        user: admin
+        password: admin123
+        body_format: json
+        body:
+          name: configure
+          type: groovy
+          content: "{{ lookup('file', 'files/configure.groovy') }}"
+        status_code: [204]
+    - name: "execute configuration script"
+      uri:
+        url: "{{ nexus_url }}/service/rest/v1/script/configure/run"
+        method: POST
+        force_basic_auth: yes
+        user: admin
+        password: admin123
+        body_format: raw
+        headers: { "Content-Type": "text/plain" }
+  when: script.status == 404
diff --git a/ansible/roles/nexus/tasks/insert-images.yml b/ansible/roles/nexus/tasks/insert-images.yml
new file mode 100644
index 0000000..2e2a45c
--- /dev/null
+++ b/ansible/roles/nexus/tasks/insert-images.yml
@@ -0,0 +1,19 @@
+---
+- name: Load docker images and push into registry
+  block:
+    - set_fact:
+        component: "{{ (item.path | basename | splitext)[0] }}"
+
+    - name: Docker login
+      docker_login:
+        registry: "{{ runtime_images[component].registry }}"
+        username: admin
+        password: admin123
+
+    - name: Load and push component {{ component }}
+      docker_image:
+        name: "{{ runtime_images[component].registry }}{{ runtime_images[component].path }}"
+        tag: "{{ runtime_images[component].tag }}"
+        push: yes
+        load_path: "{{ item.path }}"
+
diff --git a/ansible/roles/nexus/tasks/install.yml b/ansible/roles/nexus/tasks/install.yml
new file mode 100644
index 0000000..6dc82fe
--- /dev/null
+++ b/ansible/roles/nexus/tasks/install.yml
@@ -0,0 +1,29 @@
+---
+- name: Change ownership of nexus_data
+  file:
+    path: "{{ app_data_path }}/nexus_data"
+    owner: 200
+    group: 200
+    recurse: yes
+
+- name: Load nexus image
+  docker_image:
+    name: sonatype/nexus3
+    load_path: "{{ app_data_path }}/offline_data/docker_images_infra/sonatype_nexus3_latest.tar"
+    state: present
+
+- name: Create nexus network
+  docker_network:
+    name: nexus_network
+    state: present
+
+- name: Run nexus container
+  docker_container:
+    name: nexus
+    image: sonatype/nexus3
+    networks:
+      - name: nexus_network
+    volumes:
+      - "{{ app_data_path }}/nexus_data:/nexus-data:rw"
+    state: started
+    restart_policy: unless-stopped
diff --git a/ansible/roles/nexus/tasks/main.yml b/ansible/roles/nexus/tasks/main.yml
new file mode 100644
index 0000000..c5905b1
--- /dev/null
+++ b/ansible/roles/nexus/tasks/main.yml
@@ -0,0 +1,2 @@
+---
+- include_tasks: "{{ phase }}.yml"
diff --git a/ansible/roles/nexus/tasks/runtime-populate.yml b/ansible/roles/nexus/tasks/runtime-populate.yml
new file mode 100644
index 0000000..e22b650
--- /dev/null
+++ b/ansible/roles/nexus/tasks/runtime-populate.yml
@@ -0,0 +1,12 @@
+---
+- name: Find images to be inserted into nexus in runtime
+  find:
+    paths: "{{ aux_data_path }}"
+    patterns: '*.tar'
+  register: tar_images
+
+# WA: block of tasks cant be executed in iterations
+# need to iterate over those tasks in include
+- include: "insert-images.yml"
+  with_items: "{{ tar_images.files }}"
+
diff --git a/ansible/roles/nexus/vars/main.yml b/ansible/roles/nexus/vars/main.yml
new file mode 100644
index 0000000..6394416
--- /dev/null
+++ b/ansible/roles/nexus/vars/main.yml
@@ -0,0 +1 @@
+nexus_url: "https://nexus.{{ hostvars[groups.infrastructure[0]].ansible_nodename }}"