Skip to content
This repository was archived by the owner on Nov 24, 2025. It is now read-only.

Add a Federation to the Ansible Dataset Loader #5685

Merged
jhg03a merged 25 commits into from
Apr 14, 2021
Merged

Add a Federation to the Ansible Dataset Loader #5685

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
25 commits
Select commit Hold shift + click to select a range
1d7730e
Create a federation
zrhoffman Mar 29, 2021
53cbe7b
Assign the current User to the Federation
zrhoffman Mar 29, 2021
5b0b5a4
Assign the simple DNS Delivery Service to the Federation
zrhoffman Mar 29, 2021
88f7f88
Create Federation Resolvers
zrhoffman Mar 29, 2021
0abcdc6
Assign Federation Resolvers to the Federation
zrhoffman Mar 29, 2021
beba47e
Use dedicated Delivery Service simple-dns-for-federation for the Fede…
zrhoffman Apr 5, 2021
be59b7c
Assign dedicated User federationuser to the Federation
zrhoffman Apr 6, 2021
eae3aa9
Support an arbitrary number of federations
zrhoffman Apr 6, 2021
b12d28d
Do not run CDN-in-a-Box CI workflow if only tests or Ansible roles were
zrhoffman Apr 7, 2021
a3db0ee
Add missing }
zrhoffman Apr 8, 2021
a3318f9
Remove password attribute
zrhoffman Apr 8, 2021
2d785e8
Specify in Task names which Federation we are creating/assigning to
zrhoffman Apr 12, 2021
9eb9e77
Get Resolver type from array key
zrhoffman Apr 12, 2021
75b55ee
Nested loop over cdnDelegationList and dl_ds_merged_federations, not …
zrhoffman Apr 12, 2021
4eca8c3
Remove Federation User
zrhoffman Apr 12, 2021
1e4c074
Glob ignored paths
zrhoffman Apr 12, 2021
0ed0bd8
Revert "Remove Federation User"
zrhoffman Apr 12, 2021
4e59792
Give the Federations User the operations role
zrhoffman Apr 12, 2021
df86996
Get Federation User username from `dl_ds_default_federation_user`
zrhoffman Apr 12, 2021
e7e9484
Define federation_user
zrhoffman Apr 12, 2021
827614a
Remove federation_user var
zrhoffman Apr 12, 2021
7979799
Break `with_nested` Create Federations task into 2 separate tasks
zrhoffman Apr 13, 2021
da59608
Define federation_user for the task
zrhoffman Apr 14, 2021
7389ebf
Access response.id as a JSON query, not as an attribute
zrhoffman Apr 14, 2021
d59b637
Use /api/1.4/federations/all.json for federationmapping.polling.url
zrhoffman Apr 14, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 8 additions & 2 deletions .github/workflows/ciab.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,11 +37,14 @@ on:
- '!.github/actions/build-rpms/*'
- '!.github/actions/run-ciab/*'
- '!.github/workflows/ciab.yaml'
- 'infrastructure/ansible/**'
- 'LICENSE'
- 'licenses/**'
- 'misc/**'
- 'NOTICE'
- 'traffic_control/java'
- 'traffic_control/java/**'
- 'traffic_ops_ort/testing/**'
- 'traffic_ops/testing/**'
create:
pull_request:
paths-ignore:
Expand All @@ -57,11 +60,14 @@ on:
- '!.github/actions/build-rpms/*'
- '!.github/actions/run-ciab/*'
- '!.github/workflows/ciab.yaml'
- 'infrastructure/ansible/**'
- 'LICENSE'
- 'licenses/**'
- 'misc/**'
- 'NOTICE'
- 'traffic_control/java'
- 'traffic_control/java/**'
- 'traffic_ops_ort/testing/**'
- 'traffic_ops/testing/**'
types: [ opened, reopened, ready_for_review, synchronize ]

jobs:
Expand Down
1 change: 1 addition & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/).
- t3c: Added option to track config changes in git.
- ORT config generation: Added a rule to ip_allow such that PURGE requests are allowed over localhost
- Added integration to use ACME to generate new SSL certificates.
- Add a Federation to the Ansible Dataset Loader

### Fixed
- [#5690](https://github.com/apache/trafficcontrol/issues/5690) - Fixed github action for added/modified db migration file.
Expand Down
25 changes: 24 additions & 1 deletion infrastructure/ansible/roles/dataset_loader/defaults/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -108,6 +108,10 @@ dl_ds_default_users:
email: userB+userA@kabletown.invalid
fullName: A local account with RO rights
role: read-only
- username: '{{ dl_ds_default_federation_user }}'
email: '{{ dl_ds_default_federation_user }}@kabletown.invalid'
fullName: A dedicated user to assign existing Resolvers to and remove existing Resolvers from Federations
role: operations # TODO: Reduce role to federations level once a federations role (privilege level 15) exists

# TO Cachegroups
dl_ds_merged_cachegroups: "{{ dl_ds_default_cachegroups }}"
Expand Down Expand Up @@ -740,7 +744,7 @@ dl_ds_default_profile_cdntemplates:
secure: 0
- name: federationmapping.polling.url
configFile: CRConfig.json
value: https://${toHostname}/internal/api/1.3/federations.json
value: https://${toHostname}/api/1.4/federations/all.json
secure: 0
- name: geolocation.polling.interval
configFile: CRConfig.json
Expand Down Expand Up @@ -3879,6 +3883,10 @@ dl_ds_default_ds_template:
longDesc: A basic DNS routed Delivery Service
typeName: DNS
uniqueKey: simple-dns
- displayName: Simple HTTP DS for Federation
longDesc: A basic DNS routed Delivery Service for use with a Federation
typeName: DNS
uniqueKey: simple-dns-for-federation
- displayName: Simple DNS Live DS
longDesc: A basic DNS Live routed Delivery Service
typeName: DNS_LIVE
Expand Down Expand Up @@ -4042,3 +4050,18 @@ dl_ds_default_ds_template:
longDesc: A basic HTTP routed Delivery Service with Anonymous IP Block Enabled
anonymousBlockingEnabled: true
uniqueKey: simple-http-anon-block

# Federations
dl_ds_default_federation_user: federationuser
dl_ds_merged_federations: "{{ dl_ds_default_federations }}"
dl_ds_default_federations:
- deliveryService: simple-dns-for-federation-{{ Target_cdn_delegation | lower }}
mappings:
cname: 'foo.kabletown.net.'
resolvers:
resolve4:
- '0.0.0.0/0'
resolve6:
- '::/0'
ttl: 60
user: '{{ dl_ds_default_federation_user }}'
22 changes: 22 additions & 0 deletions infrastructure/ansible/roles/dataset_loader/tasks/dataset_loader.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -145,6 +145,12 @@
#no_log: true
failed_when: (create_user_out.status == 400 and create_user_out.json | to_json | from_json | json_query(error_query) | length != 0) or (create_user_out.status > 400 and create_user_out.status < 600)

- name: Get All Users
uri:
url: "{{ dl_to_url }}/api/{{ dl_to_api_version }}/users"
method: GET
register: get_all_users

- name: Create Cachegroups - Traffic Router
uri:
url: "{{ dl_to_url }}/api/{{ dl_to_api_version }}/cachegroups"
Expand Down Expand Up @@ -838,6 +844,22 @@
method: GET
register: get_all_ds

- name: Render Federations Lists
with_items: "{{ cdnDelegationList }}"
loop_control:
loop_var: Target_cdn_delegation
set_fact:
federations_for_cdn_delegation: "{{ dl_ds_default_federations }}"
register: federations_out

- name: Create Federations
vars:
federations_query: 'results[].ansible_facts[].federations_for_cdn_delegation[]'
with_items: "{{ federations_out | json_query(federations_query) }}"
loop_control:
loop_var: federation
include_tasks: federation_loader.yml

- name: Ensure SSL info directory exists
file:
state: directory
Expand Down
81 changes: 81 additions & 0 deletions infrastructure/ansible/roles/dataset_loader/tasks/federation_loader.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,81 @@
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#

- name: "Create Federation {{ federation.mappings.cname }}"
vars:
cdn_name_query: 'response[?xmlId == `{{ federation.deliveryService | to_json }}`].cdnName | [0]'
cdn_name: '{{ get_all_ds.json | json_query(cdn_name_query) }}'
uri:
url: "{{ dl_to_url }}/api/{{ dl_to_api_version }}/cdns/{{ cdn_name }}/federations"
method: POST
body: '{"cname":{{ federation.mappings.cname | to_json }},"ttl":{{ federation.mappings.ttl }}}'
register: create_federation_out

- name: "Get ID of Federation {{ federation.mappings.cname }}"
set_fact:
federation_id: "{{ create_federation_out.json.response.id }}"
federation_cname: "{{ create_federation_out.json.response.cname }}"

- name: "Assign User to Federation {{ federation_cname }}"
vars:
federation_user: "{{ federation.user }}"
federation_user_query: "response[?username == `{{ federation_user }}`].id | [0]"
federation_user_id: "{{ get_all_users.json | json_query(federation_user_query) }}"
uri:
url: "{{ dl_to_url }}/api/{{ dl_to_api_version }}/federations/{{ federation_id }}/users"
method: POST
body: '{"userIds":[{{ federation_user_id }}],"replace":false}'

- name: "Assign Delivery Service to Federation {{ federation_cname }}"
vars:
federation_ds_id_query: 'response[?xmlId == `{{ federation.deliveryService | to_json }}`].id | [0]'
federation_ds_id: "{{ get_all_ds.json | json_query(federation_ds_id_query) }}"
uri:
url: "{{ dl_to_url }}/api/{{ dl_to_api_version }}/federations/{{ federation_id }}/deliveryservices"
method: POST
body: '{"dsIds":[{{ federation_ds_id }}],"replace":false}'

- name: "Create Federation Resolvers of type {{ resolver_type_name }}"
with_dict: "{{ resolvers }}"
loop_control:
loop_var: resolver
vars:
resolvers: |
{
{%- for resolver_type, resolvers in federation.mappings.resolvers.items() -%}
{%- set resolver_type_loop = loop -%}
{%- for resolver in resolvers -%}
{{ resolver | to_json }}: {{ resolver_type | upper | to_json }}
{%- if not (loop.last and resolver_type_loop.last) -%},{%- endif -%}
{%- endfor -%}
{%- endfor -%}
}
resolver_type_name: "{{ resolver.value }}"
type_query: "[?name == `{{ resolver_type_name }}`].id | [0]"
resolver_type_id: "{{ get_all_types.json.response | json_query(type_query) }}"
ip_address: "{{ resolver.key }}"
uri:
url: "{{ dl_to_url }}/api/{{ dl_to_api_version }}/federation_resolvers"
method: POST
body: '{"ipAddress":{{ ip_address | to_json }},"typeId":{{ resolver_type_id }}}'
register: federation_resolver_out

- name: "Assign Federation Resolvers of type {{ resolver_type_name }} to Federation {{ federation_cname }}"
with_items: "{{ federation_resolver_out.results }}"
loop_control:
loop_var: resolver_post_response
uri:
url: "{{ dl_to_url }}/api/{{ dl_to_api_version }}/federations/{{ federation_id }}/federation_resolvers"
method: POST
body: '{"fedResolverIds":[{{ resolver_post_response.json | json_query("response.id") }}],"replace":false}'