Add nexus ansible role
This role deploys the internal nexus used as
offline source of docker images/npm packages for onap.
Change-Id: Iaf398eb03614749d2b3c100c241726144ccae1a0
Issue-ID: OOM-1551
Signed-off-by: Michal Zegan <m.zegan@samsung.com>
diff --git a/ansible/roles/nexus/defaults/main.yml b/ansible/roles/nexus/defaults/main.yml
new file mode 100644
index 0000000..57a79f9
--- /dev/null
+++ b/ansible/roles/nexus/defaults/main.yml
@@ -0,0 +1,2 @@
+#Defaults to install, can be set to configure.
+phase: install
diff --git a/ansible/roles/nexus/files/configure.groovy b/ansible/roles/nexus/files/configure.groovy
new file mode 100644
index 0000000..5691fe6
--- /dev/null
+++ b/ansible/roles/nexus/files/configure.groovy
@@ -0,0 +1,37 @@
+import org.sonatype.nexus.security.realm.RealmManager
+import org.sonatype.nexus.repository.attributes.AttributesFacet
+import org.sonatype.nexus.security.user.UserManager
+import org.sonatype.nexus.repository.manager.RepositoryManager
+import org.sonatype.nexus.security.user.UserNotFoundException
+
+/* Use the container to look up some services. */
+realmManager = container.lookup(RealmManager.class)
+userManager = container.lookup(UserManager.class, "default") //default user manager
+repositoryManager = container.lookup(RepositoryManager.class)
+
+/* Managers are used when scripting api cannot. Note that scripting api can only create mostly, and that creation methods return objects of created entities. */
+/* Perform cleanup by removing all repos and users. Realms do not need to be re-disabled, admin and anonymous user will not be removed. */
+userManager.listUserIds().each({ id ->
+ if (id != "anonymous" && id != "admin")
+ userManager.deleteUser(id)
+})
+
+repositoryManager.browse().each {
+ repositoryManager.delete(it.getName())
+}
+
+/* Add bearer token realms at the end of realm lists... */
+realmManager.enableRealm("NpmToken")
+realmManager.enableRealm("DockerToken")
+
+/* Create the docker user. */
+security.addUser("docker", "docker", "docker", "docker@example.com", true, "docker", ["nx-anonymous"])
+
+/* Create npm and docker repositories. Their default configuration should be compliant with our requirements, except the docker registry creation. */
+repository.createNpmHosted("npm-private")
+def r = repository.createDockerHosted("docker", 8082, 0)
+
+/* force basic authentication true by default, must set to false for docker repo. */
+conf=r.getConfiguration()
+conf.attributes("docker").set("forceBasicAuth", false)
+repositoryManager.update(conf)
diff --git a/ansible/roles/nexus/tasks/configure.yml b/ansible/roles/nexus/tasks/configure.yml
new file mode 100644
index 0000000..66712d8
--- /dev/null
+++ b/ansible/roles/nexus/tasks/configure.yml
@@ -0,0 +1,34 @@
+---
+- name: "check if the configuration script is uploaded"
+ uri:
+ url: "{{ nexus_url }}/service/rest/v1/script/configure"
+ method: GET
+ force_basic_auth: yes
+ user: admin
+ password: admin123
+ status_code: [200, 404]
+ register: script
+- block:
+ - name: "upload the configuration script"
+ uri:
+ url: "{{ nexus_url }}/service/rest/v1/script"
+ method: POST
+ force_basic_auth: yes
+ user: admin
+ password: admin123
+ body_format: json
+ body:
+ name: configure
+ type: groovy
+ content: "{{ lookup('file', 'files/configure.groovy') }}"
+ status_code: [204]
+ - name: "execute configuration script"
+ uri:
+ url: "{{ nexus_url }}/service/rest/v1/script/configure/run"
+ method: POST
+ force_basic_auth: yes
+ user: admin
+ password: admin123
+ body_format: raw
+ headers: { "Content-Type": "text/plain" }
+ when: script.status == 404
diff --git a/ansible/roles/nexus/tasks/insert-images.yml b/ansible/roles/nexus/tasks/insert-images.yml
new file mode 100644
index 0000000..2e2a45c
--- /dev/null
+++ b/ansible/roles/nexus/tasks/insert-images.yml
@@ -0,0 +1,19 @@
+---
+- name: Load docker images and push into registry
+ block:
+ - set_fact:
+ component: "{{ (item.path | basename | splitext)[0] }}"
+
+ - name: Docker login
+ docker_login:
+ registry: "{{ runtime_images[component].registry }}"
+ username: admin
+ password: admin123
+
+ - name: Load and push component {{ component }}
+ docker_image:
+ name: "{{ runtime_images[component].registry }}{{ runtime_images[component].path }}"
+ tag: "{{ runtime_images[component].tag }}"
+ push: yes
+ load_path: "{{ item.path }}"
+
diff --git a/ansible/roles/nexus/tasks/install.yml b/ansible/roles/nexus/tasks/install.yml
new file mode 100644
index 0000000..6dc82fe
--- /dev/null
+++ b/ansible/roles/nexus/tasks/install.yml
@@ -0,0 +1,29 @@
+---
+- name: Change ownership of nexus_data
+ file:
+ path: "{{ app_data_path }}/nexus_data"
+ owner: 200
+ group: 200
+ recurse: yes
+
+- name: Load nexus image
+ docker_image:
+ name: sonatype/nexus3
+ load_path: "{{ app_data_path }}/offline_data/docker_images_infra/sonatype_nexus3_latest.tar"
+ state: present
+
+- name: Create nexus network
+ docker_network:
+ name: nexus_network
+ state: present
+
+- name: Run nexus container
+ docker_container:
+ name: nexus
+ image: sonatype/nexus3
+ networks:
+ - name: nexus_network
+ volumes:
+ - "{{ app_data_path }}/nexus_data:/nexus-data:rw"
+ state: started
+ restart_policy: unless-stopped
diff --git a/ansible/roles/nexus/tasks/main.yml b/ansible/roles/nexus/tasks/main.yml
new file mode 100644
index 0000000..c5905b1
--- /dev/null
+++ b/ansible/roles/nexus/tasks/main.yml
@@ -0,0 +1,2 @@
+---
+- include_tasks: "{{ phase }}.yml"
diff --git a/ansible/roles/nexus/tasks/runtime-populate.yml b/ansible/roles/nexus/tasks/runtime-populate.yml
new file mode 100644
index 0000000..e22b650
--- /dev/null
+++ b/ansible/roles/nexus/tasks/runtime-populate.yml
@@ -0,0 +1,12 @@
+---
+- name: Find images to be inserted into nexus in runtime
+ find:
+ paths: "{{ aux_data_path }}"
+ patterns: '*.tar'
+ register: tar_images
+
+# WA: block of tasks cant be executed in iterations
+# need to iterate over those tasks in include
+- include: "insert-images.yml"
+ with_items: "{{ tar_images.files }}"
+
diff --git a/ansible/roles/nexus/vars/main.yml b/ansible/roles/nexus/vars/main.yml
new file mode 100644
index 0000000..6394416
--- /dev/null
+++ b/ansible/roles/nexus/vars/main.yml
@@ -0,0 +1 @@
+nexus_url: "https://nexus.{{ hostvars[groups.infrastructure[0]].ansible_nodename }}"