Pass additional parameters to facilitate provisioning of wildcard certificate (#112)

* Retrieve Controlplane and Dataplane IP address from provided values in environment.yaml and pass to Ansible inventory file

* Pass Neustar UltraDNS credentials through to Ansible Inventory

* Addition of slack webhook parameter for acme.sh notification and change of casing for UltraDNS credentials

Author: benbacon

bastion-template.yaml

@@ -180,6 +180,21 @@ parameters:
   ansible_branch:
     type: string
     description: Ansible branch that is pulled on bastion deployment.
+  controlplane_ip:
+    type: string
+    description: Floating IP address associated with controlplane port
+  dataplane_ip:
+    type: string
+    description: Floating IP address associated with dataplane port
+  neustar_ultradns_username:
+    type: string
+    description: Neustar UltraDNS username to allow authentication to UltraDNS API
+  neustar_ultradns_password:
+    type: string
+    description: Neustar UltraDNS password to allow authentication to UltraDNS API
+  slack_webhook_url_acme_sh:
+    type: string
+    description: Slack Webhook URL for acme.sh notifications
 
 resources:
   bastion_port:
@@ -306,6 +321,11 @@ resources:
             __registry_user__: { get_param: [ registry_details, registry_user ] }
             __registry_password__ : { get_param: [ registry_details, registry_password ] }
             __ansible_branch__ : { get_param: ansible_branch }
+            __controlplane_ip__ : { get_param: controlplane_ip }
+            __dataplane_ip__ : { get_param: dataplane_ip }
+            __neustar_ultradns_username__ : { get_param: neustar_ultradns_username }
+            __neustar_ultradns_password__ : { get_param: neustar_ultradns_password }
+            __slack_webhook_url_acme_sh__ : { get_param: slack_webhook_url_acme_sh }
           template: { get_file: 'files/setup_bastion.yaml' }
       outputs:
       - name: result

deploy.sh

@@ -22,7 +22,6 @@ if [[ $multinetwork == true ]]; then
      tr '[:upper:]' '[:lower:]')
 fi
 
-
 function validateSetup() {
   if [[ -z ${OS_PROJECT_ID} ]]; then
     echo -e "\nYou must source your OpenStack RC file so we can access the OpenStack API\n"
@@ -38,6 +37,15 @@ function getPassword() {
   fi
 }
 
+function getDataFromOpenstackProject() {
+  controlplane_ip=$(python -c "import yaml;d=yaml.load(open('environment.yaml'));print(d['parameter_defaults']['controlplane_floating_ip'])" | xargs -I % openstack floating ip show % -c floating_ip_address -f value)
+  dataplane_ip=$(python -c "import yaml;d=yaml.load(open('environment.yaml'));print(d['parameter_defaults']['dataplane_floating_ip'])" | xargs -I % openstack floating ip show % -c floating_ip_address -f value)
+  if [[ -z ${controlplane_ip} || -z ${dataplane_ip} ]]; then
+    echo -e "\nControlplane or Dataplane IP could not be retrieved, are the IDs in your environment file correct and are you authenticating correctly?\n"
+    exit 1
+  fi
+}
+
 function setupHeatTemplate() {
   ansible-playbook ./setup-heat-templates.yaml \
     --extra-vars "multinetwork=${multinetwork}" \
@@ -49,6 +57,8 @@ function deployHeatStack() {
   openstack stack create -f yaml -t openshift.yaml openshift-${OS_PROJECT_NAME} \
     -e rhel_reg_creds.yaml \
     -e environment.yaml \
+    --parameter controlplane_ip="${controlplane_ip}" \
+    --parameter dataplane_ip="${dataplane_ip}" \
     --parameter time="$(date)" \
     --parameter os_auth_url="${OS_AUTH_URL}" \
     --parameter os_tenant_id="${OS_PROJECT_ID}" \
@@ -65,6 +75,7 @@ function showBastionIp() {
 
 validateSetup
 getPassword
+getDataFromOpenstackProject
 setupHeatTemplate
 deployHeatStack
 showBastionIp

environment_example.yaml

@@ -81,3 +81,6 @@ parameter_defaults:
   #  registry_user: "<registry_user>"
   #  registry_password: "<registry_password>"
   ansible_branch: "v3.11"
+  neustar_ultradns_username: "<neustar_ultradns_username>"
+  neustar_ultradns_password: "<neustar_ultradns_password>"
+  slack_webhook_url_acme_sh: "<Slack Webhook URL for acme.sh notifications>"

files/setup_bastion.yaml

@@ -59,6 +59,11 @@
     registryUser: __registry_user__
     registryPassword: __registry_password__
     ansibleBranch: __ansible_branch__
+    controlplaneIp: __controlplane_ip__
+    dataplaneIp: __dataplane_ip__
+    neustarUltraDnsUsername: __neustar_ultradns_username__
+    neustarUltraDnsPassword: __neustar_ultradns_password__
+    slackWebhookUrlAcmeSh: __slack_webhook_url_acme_sh__
 
   tasks:
     - name: Check if stack update or create and register variable
@@ -245,6 +250,8 @@
           node_routes: {{ nodeRoutes | to_json }}
           internalNetworkCidr: {{ internalNetworkCidr }}
           bastion_ip: {{ bastionIp }}
+          controlplane_ip: {{ controlplaneIp }}
+          dataplane_ip: {{ dataplaneIp }}
           {% if multinetwork %}
           net2_routes: {{ net2Routes | to_json }}
           net2_ntp_servers: {{ net2NTPServers | to_json }}
@@ -267,6 +274,9 @@
           registryUrl: {{ registryUrl }}
           registryUser: {{ registryUser }}
           registryPassword: {{ registryPassword }}
+          neustarUltraDnsUsername: {{ neustarUltraDnsUsername }}
+          neustarUltraDnsPassword: {{ neustarUltraDnsPassword }}
+          slackWebhookUrlAcmeSh: {{ slackWebhookUrlAcmeSh }}
 
     - name: create ansible variables directory
       file:

top-level-template.yaml

@@ -172,7 +172,21 @@ parameters:
     type: string
     description: Ansible branch that will be pulled on bastion deployment.
     default: master
-
+  controlplane_ip:
+    type: string
+    description: Floating IP address associated with controlplane port
+  dataplane_ip:
+    type: string
+    description: Floating IP address associated with dataplane port
+  neustar_ultradns_username:
+    type: string
+    description: Neustar UltraDNS username to allow authentication to UltraDNS API
+  neustar_ultradns_password:
+    type: string
+    description: Neustar UltraDNS password to allow authentication to UltraDNS API
+  slack_webhook_url_acme_sh:
+    type: string
+    description: Slack Webhook URL for acme.sh notifications
 
 resources:
   internal_network:
@@ -477,8 +491,12 @@ resources:
         sso_config: { get_param: sso_config }
         external_service_subnet: { get_param: [ network_config, service_subnet ] }
         registry_details: { get_param: registry_details }
-        ansible_branch: {get_param: ansible_branch }
-
+        ansible_branch: { get_param: ansible_branch }
+        controlplane_ip: { get_param: controlplane_ip }
+        dataplane_ip: { get_param: dataplane_ip }
+        neustar_ultradns_username: { get_param: neustar_ultradns_username }
+        neustar_ultradns_password: { get_param: neustar_ultradns_password }
+        slack_webhook_url_acme_sh: { get_param: slack_webhook_url_acme_sh }
 
 conditions:
   multinetwork: