diff --git a/Dockerfile b/Dockerfile index 6d5da660..f69b0f4f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -14,7 +14,7 @@ RUN curl -sLO https://storage.googleapis.com/kubernetes-release/release/v{$kubec # Installation FROM baseline -ARG helm_version=3.8.1 +ARG helm_version=3.9.4 ARG aws_cli_version=2.7.22 ARG gcp_cli_version=409.0.0 diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index fa166d93..8fdde465 100644 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -1,4 +1,8 @@ #!/usr/bin/env bash + +# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 + set -e # setup container user diff --git a/docs/CONFIG-VARS.md b/docs/CONFIG-VARS.md index 3d919d04..28764491 100644 --- a/docs/CONFIG-VARS.md +++ b/docs/CONFIG-VARS.md @@ -37,7 +37,7 @@ Supported configuration variables are listed in the table below. All variables | Name | Description | Type | Default | Required | Notes | Tasks | | :--- | ---: | ---: | ---: | ---: | ---: | ---: | -| DEPLOY | Whether to deploy the SAS Viya platform or stop at generating kustomization.yaml and manifest | bool | true | false | | viya | +| DEPLOY | Whether to deploy the SAS Viya platform and SAS Viya Platform Deployment Operator or stop at generating kustomization.yaml and manifests | bool | true | false | This flag can also prevent the uninstall of both the SAS Viya platform and SAS Viya Platform Deployment Operator | viya | | LOADBALANCER_SOURCE_RANGES | IP addresses to allow to reach the ingress | [string] | | true | When deploying in a cloud environment, be sure to add the cloud NAT IP address. | baseline, viya | | BASE_DIR | Path to store persistent files | string | $HOME | false | | all | | KUBECONFIG | Path to kubeconfig file | string | | true | | viya | @@ -163,6 +163,11 @@ When V4_CFG_MANAGE_STORAGE is set to `true`, the `sas` and `pg-storage` storage | V4M_KEY | Path to TLS key to use for all monitoring/logging services | string | | false | As an alternative, you can set the per-service certificate. | cluster-logging, cluster-monitoring, viya-monitoring | | V4M_NODE_PLACEMENT_ENABLE | Whether to enable workload node placement for viya4-monitoring-kubernetes stack | bool | false | false | | cluster-logging, cluster-monitoring, viya-monitoring | | V4M_STORAGECLASS | StorageClass name | string | v4m | false | When V4_CFG_MANAGE_STORAGE is false, set to the name of your pre-existing StorageClass that supports ReadWriteOnce. | cluster-logging, cluster-monitoring, viya-monitoring | +| V4M_ROUTING | Which routing type to use for viya4-monitoring-kubernetes applications | string | host-based | false | Supported values: [`host-based`, `path-based`] For host-based routing, the application name is part of the host name itself `https://dashboards.host.cluster.example.com/` For path-based routing, the host name is fixed and the application name is appended as a path on the URL `https://host.cluster.example.com/dashboards` | cluster-logging, cluster-monitoring | + +#### Open Source Kubernetes + +When deploying `cluster-logging` or `cluster-monitoring` applications to kubernetes cluster infrastructure provisioned with the [Open Source Kubernetes viya4-iac-k8s](https://github.com/sassoftware/viya4-iac-k8s) project, you must explicitly set the value for `V4M_STORAGECLASS` to a pre-existing Storage Class (for example: `local-storage`) regardless of the value set for `V4_CFG_MANAGE_STORAGE`. While other storage classes can be used, the `local-storage` class is **recommended** for the Viya Monitoring and Loggging tools. ### Monitoring diff --git a/docs/Troubleshooting.md b/docs/Troubleshooting.md index 0e9a0e98..7cbdfe78 100644 --- a/docs/Troubleshooting.md +++ b/docs/Troubleshooting.md @@ -5,6 +5,9 @@ - [SAS Viya Orchestration Tool](#sas-viya-orchestration-tool) - [SAS Viya Deployment Operator](#sas-viya-deployment-operator) - [EKS - Cluster Autoscaler Installation](#eks---cluster-autoscaler-installation) + - [kustomize - Generate deployment manifest](#kustomize---generate-deployment-manifest) + - [Ingress-Nginx issue - Unable to access SAS Viya Platform web apps](#ingress-nginx-issue---unable-to-access-sas-viya-platform-web-apps) + ## Debug Mode Debug mode can be enabled by adding "-vvv" to the end of the docker or ansible commands @@ -121,7 +124,7 @@ Note: As documented in our [CONFIG-VARS.md](./CONFIG-VARS.md), EKS 1.24 and lowe ### Solution: -Note: If you used viya4-iac-aws:5.6.0 or never to create your infrastructure, these steps are not applicable for you. This role & policy should already be correct. +Note: If you used viya4-iac-aws:5.6.0 or newer to create your infrastructure, these steps are not applicable for you. This role & policy should already be correct. 1. Scale the `cluster-autoscaler-aws-cluster-autoscaler` deployment down to 0 ```bash @@ -143,4 +146,88 @@ Note: If you used viya4-iac-aws:5.6.0 or never to create your infrastructure, th 2. Scale the `cluster-autoscaler-aws-cluster-autoscaler` deployment back to 1 ```bash kubectl scale --replicas=1 deployment/cluster-autoscaler-aws-cluster-autoscaler - ``` \ No newline at end of file + ``` + + +## kustomize - Generate deployment manifest + +### Symptom: + +While deploying the SAS Viya platform to a cluster with the "viya" and "install" Ansible task tags specified, the following error message is encountered when the "vdm : kustomize - Generate deployment manifest" task executes: + +```bash +TASK [vdm : kustomize - Generate deployment manifest] ************************ +fatal: [localhost]: FAILED! => changed=true + cmd: + - kustomize + - build + - + - --load_restrictor=none + - -o + - + delta: + end: + msg: non-zero return code + rc: 1 + start: + stderr: |- + Error: failed to apply json patch '- op: add + path: /spwc/volumeClaimTemplates/0/spec/storageClassName + value: sas': add operation does not apply: doc is missing path: "/spec/volumeClaimTemplates/0/spec/storageClassName": missing value + stderr_lines: + stdout: '' + stdout_lines: +``` + +### Diagnosis: + +The sas-data-agent-server-colocated component was added to the 2022.09 cadence of the SAS Viya Platform. That component contains a StatefulSet object which does not have a "/spec/volumeClaimTemplates/0/spec/storageClassName" path element. For viya4-deployment releases prior to v5.4.0, a PatchTransformer expects to find that path element in each StatefulSet. + +### Solution: + +As of [release viya4-deployment:5.4.0](https://github.com/sassoftware/viya4-deployment/releases/tag/5.4.0), the StatefulSet PatchTransformer is intentionally skipped for the sas-data-agent-server-colocated component. Using [release viya4-deployment:5.4.0](https://github.com/sassoftware/viya4-deployment/releases/tag/5.4.0) or later for your SAS Viya Platform deployment will eliminate this error. + + +## Ingress-Nginx issue - Unable to access SAS Viya Platform web apps +### Symptom: +After upgrading your AKS cluster's Kubernetes version to 1.24 or later, you are unable to access the SAS Viya Platform web apps. All the pods are running and errors are only seen in ingress-nginx logs: + +```bash +W0320 20:15:25.141987 7 controller.go:1354] Using default certificate +W0320 20:15:25.141997 7 controller.go:1347] Unexpected error validating SSL certificate "deploy/sas-ingress-certificate-5gc77h2dhg" for server "*.deploy.test.example.com": x509: certificate is valid for test-aks.example.com, not *.deploy.test.example.com +W0320 20:15:25.142005 7 controller.go:1348] Validating certificate against DNS names. This will be deprecated in a future version +W0320 20:15:25.142013 7 controller.go:1353] SSL certificate "deploy/sas-ingress-certificate-5gc77h2dhg" does not contain a Common Name or Subject Alternative Name for server "*.deploy.test.example.com": x509: certificate is valid for test-aks.example.com, not *.deploy.test.example.com +``` + +### Diagnosis: +This issue is related to Azure LoadBalancer’s probing. The appProtocol support inside cloud provider has broken ingress-nginx for AKS clusters >=1.22. The issue was caused by two reasons: +* the new version of nginx ingress controller added appProtocol and its probe path has to be `/healthz`; +* the new version of cloud-controller-manager added HTTP probing with default path `/` for appProtocol=http services. + +The `Custom Load Balancer health probe` section in the [Azure LoadBalancer](https://cloud-provider-azure.sigs.k8s.io/topics/loadbalancer/#custom-load-balancer-health-probe) document states that: + +>Tcp, Http and Https are three protocols supported by load balancer service. Currently, the default protocol of the health probe varies among services with different transport protocols, app protocols, annotations and external traffic policies. +>1. for local services, HTTP and /healthz would be used. The health probe will query NodeHealthPort rather than actual backend service +>2. for cluster TCP services, TCP would be used. +>3. for cluster UDP services, no health probes. +> +> Since v1.20, service annotation `service.beta.kubernetes.io/azure-load-balancer-health-probe-request-path` is introduced to determine the health probe behavior. + >- For clusters <=1.23, spec.ports.appProtocol would only be used as probe protocol when `service.beta.kubernetes.io/azure-load-balancer-health-probe-request-path` is also set. + > - For clusters >1.24, spec.ports.appProtocol would be used as probe protocol and `/` would be used as default probe request path (`service.beta.kubernetes.io/azure-load-balancer-health-probe-request-path` could be used to change to a different request path). + +To resolve this issue the ingress-nginx version should be 1.3.0 (or later) with the following annotation configured : +> --set controller.service.annotations."service\.beta\.kubernetes\.io/azure-load-balancer-health-probe-request-path"=/healthz + +### Solution: +For Users upgrading their AKS cluster's Kubernetes version to 1.24 (or later) and used viya4-deployment v6.3.0 (or prior) for the SAS Viya Platform deployment, you must use viya4-deployment v6.4.0 (or later) and re-run the baseline install task. + +If you prefer to continue using the existing viya4-deployment version then add the following in your ansible-var.yaml and re-run baseline install task : + +```bash +INGRESS_NGINX_CHART_VERSION: 4.3.0 +INGRESS_NGINX_CONFIG: + controller: + service: + annotations: + service.beta.kubernetes.io/azure-load-balancer-health-probe-request-path: /healthz +``` diff --git a/docs/user/AnsibleUsage.md b/docs/user/AnsibleUsage.md index 57b90f39..e213e5ea 100644 --- a/docs/user/AnsibleUsage.md +++ b/docs/user/AnsibleUsage.md @@ -109,3 +109,11 @@ Any number of tasks can be run at the same time. An action can run against a sin -e JUMP_SVR_PRIVATE_KEY=$HOME/.ssh/id_rsa \ playbooks/playbook.yaml --tags "baseline,viya,cluster-logging,cluster-monitoring,viya-monitoring,uninstall" ``` + +### Ansible Config + +In the examples above, we are running `ansible-playbook` from within the project directory. This means Ansible will automatically load the project's `ansible.cfg` file which contains configuration settings to properly run this project's playbook. If you are calling the playbook from a directory outside of this project's folder, it is important to set the following Ansible environment variable prior to running the playbook so that the configuration file gets loaded. + +```bash +export ANSIBLE_CONFIG=${WORKSPACE}/viya4-deployment/ansible.cfg +``` \ No newline at end of file diff --git a/docs/user/SingleStore.md b/docs/user/SingleStore.md index 05c0f62a..902882b7 100644 --- a/docs/user/SingleStore.md +++ b/docs/user/SingleStore.md @@ -8,9 +8,27 @@ If your SAS software order included SAS Viya with SingleStore, additional requir ## Deploying SAS Viya with SingleStore Using SAS Viya 4 Deployment -You can deploy SAS Viya with SingleStore into a Kubernetes cluster that is running in Microsoft Azure. The [SAS Viya 4 Infrastructure as Code (IaC) for Microsoft Azure](https://github.com/sassoftware/viya4-iac-azure) GitHub project can automatically provision the required infrastructure components that support SAS Viya with SingleStore deployments. +You can deploy SAS Viya with SingleStore into a Kubernetes cluster running under: +- Azure Kubernetes Service (AKS) in Microsoft Azure +- Elastic Kubernetes Service (EKS) in Amazon Web Services (AWS) +- Open Source Kubernetes on your own machines -Refer to the [SingleStore sample input file](https://github.com/sassoftware/viya4-iac-azure/blob/main/examples/sample-input-singlestore.tfvars) for Terraform configuration values that create an Azure cluster suitable for deploying SAS Viya and SingleStore. +## Cluster Provisioning for SAS Viya with SingleStore + +### Azure Kubernetes Service (AKS) Cluster in Microsoft Azure + +The [SAS Viya 4 IaC for Microsoft Azure](https://github.com/sassoftware/viya4-iac-azure) GitHub project can automatically provision the required infrastructure components that support SAS Viya with SingleStore deployments. +Refer to the [SingleStore sample input file](https://github.com/sassoftware/viya4-iac-azure/blob/main/examples/sample-input-singlestore.tfvars) for Terraform configuration values that create an AKS cluster that is suitable for deploying SAS Viya and SingleStore. + +### EKS Cluster in AWS + +The [SAS Viya 4 IaC for AWS](https://github.com/sassoftware/viya4-iac-aws) GitHub project can automatically provision the required infrastructure components that support SAS Viya with SingleStore deployments. +Refer to the [SingleStore sample input file](https://github.com/sassoftware/viya4-iac-aws/blob/main/examples/sample-input-singlestore.tfvars) for Terraform configuration values that create an EKS cluster that is suitable for deploying SAS Viya and SingleStore. + +### Open Source Kubernetes Cluster + +The [SAS Viya 4 Infrastructure as Code (IaC) for Open Source Kubernetes](https://github.com/sassoftware/viya4-iac-k8s) GitHub project can automatically provision the required infrastructure components that support SAS Viya with SingleStore deployments. +Refer to the [SingleStore sample input file](https://github.com/sassoftware/viya4-iac-k8s/blob/main/examples/vsphere/sample-terraform-static-singlestore.tfvars) for Terraform configuration values that create an Open Source Kubernetes cluster that is suitable for deploying SAS Viya and SingleStore. ## Customizing SingleStore Deployment Overlays diff --git a/playbooks/playbook.yaml b/playbooks/playbook.yaml index d0a962ab..f000ba44 100644 --- a/playbooks/playbook.yaml +++ b/playbooks/playbook.yaml @@ -1,3 +1,6 @@ +# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 + - hosts: localhost tasks: - name: global tmp dir diff --git a/roles/baseline/defaults/main.yml b/roles/baseline/defaults/main.yml index 824f5816..99c297e9 100644 --- a/roles/baseline/defaults/main.yml +++ b/roles/baseline/defaults/main.yml @@ -1,3 +1,6 @@ +# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 + V4_CFG_TLS_MODE: "full-stack" # other valid values are front-door, ingress-only, and disabled V4_CFG_RWX_FILESTORE_PATH: /export V4_CFG_INGRESS_TYPE: ingress @@ -63,6 +66,13 @@ INGRESS_NGINX_CONFIG: command: ["/bin/sh", "-c", "sleep 5; /usr/local/nginx/sbin/nginx -c /etc/nginx/nginx.conf -s quit; while pgrep -x nginx; do sleep 1; done"] terminationGracePeriodSeconds: 600 +# Add annotation to include Azure load-balancer health probe request path +INGRESS_NGINX_AZURE_LB_HEALTH_PROBE_CONFIG: + controller: + service: + annotations: + service.beta.kubernetes.io/azure-load-balancer-health-probe-request-path: /healthz + # Update default load-balancer for AWS to be NLB INGRESS_NGINX_AWS_NLB_CONFIG: controller: diff --git a/roles/baseline/tasks/cert-manager.yaml b/roles/baseline/tasks/cert-manager.yaml index f9e08add..ae944a66 100644 --- a/roles/baseline/tasks/cert-manager.yaml +++ b/roles/baseline/tasks/cert-manager.yaml @@ -1,3 +1,6 @@ +# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 + --- - name: Deploy cert-manager kubernetes.core.helm: diff --git a/roles/baseline/tasks/cluster-autoscaler.yaml b/roles/baseline/tasks/cluster-autoscaler.yaml index d162ac02..56c3d831 100644 --- a/roles/baseline/tasks/cluster-autoscaler.yaml +++ b/roles/baseline/tasks/cluster-autoscaler.yaml @@ -1,3 +1,6 @@ +# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 + --- - name: Set the default CLUSTER_AUTOSCALER_CHART_VERSION if not specified diff --git a/roles/baseline/tasks/contour.yaml b/roles/baseline/tasks/contour.yaml index ffe86d96..e317c4d1 100644 --- a/roles/baseline/tasks/contour.yaml +++ b/roles/baseline/tasks/contour.yaml @@ -1,3 +1,6 @@ +# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 + --- - name: Deploy contour kubernetes.core.helm: diff --git a/roles/baseline/tasks/ebs-csi-driver.yaml b/roles/baseline/tasks/ebs-csi-driver.yaml index 1624510c..4016550f 100644 --- a/roles/baseline/tasks/ebs-csi-driver.yaml +++ b/roles/baseline/tasks/ebs-csi-driver.yaml @@ -1,3 +1,6 @@ +# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 + --- - name: Deploy ebs-csi-driver kubernetes.core.helm: diff --git a/roles/baseline/tasks/ingress-nginx.yaml b/roles/baseline/tasks/ingress-nginx.yaml index e0e8dace..224b4fd4 100644 --- a/roles/baseline/tasks/ingress-nginx.yaml +++ b/roles/baseline/tasks/ingress-nginx.yaml @@ -1,3 +1,6 @@ +# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 + --- - set_fact: INGRESS_NGINX_CONFIG: "{{ INGRESS_NGINX_CONFIG |combine(private_ingress[PROVIDER], recursive=True)}}" @@ -37,6 +40,15 @@ - install - update +- name: Update INGRESS_NGINX_CONFIG to add Azure load-balancer health probe request path + set_fact: + INGRESS_NGINX_CONFIG: "{{ INGRESS_NGINX_CONFIG|combine(INGRESS_NGINX_AZURE_LB_HEALTH_PROBE_CONFIG, recursive=True)}}" + when: + - PROVIDER == "azure" + tags: + - install + - update + - name: Apply Mitigation for CVE-2021-25742 block: - name: Retreive K8s cluster information diff --git a/roles/baseline/tasks/main.yaml b/roles/baseline/tasks/main.yaml index 1a547d1b..adab9e91 100644 --- a/roles/baseline/tasks/main.yaml +++ b/roles/baseline/tasks/main.yaml @@ -1,3 +1,6 @@ +# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 + --- - name: Include nfs-subdir-external-provisioner diff --git a/roles/baseline/tasks/metrics-server.yaml b/roles/baseline/tasks/metrics-server.yaml index 0e32308f..6dc6c443 100644 --- a/roles/baseline/tasks/metrics-server.yaml +++ b/roles/baseline/tasks/metrics-server.yaml @@ -1,3 +1,6 @@ +# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 + --- - name: Check for metrics service kubernetes.core.k8s_info: diff --git a/roles/baseline/tasks/nfs-subdir-external-provisioner.yaml b/roles/baseline/tasks/nfs-subdir-external-provisioner.yaml index f89c12c5..069d13e0 100644 --- a/roles/baseline/tasks/nfs-subdir-external-provisioner.yaml +++ b/roles/baseline/tasks/nfs-subdir-external-provisioner.yaml @@ -1,3 +1,6 @@ +# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 + --- - name: Remove deprecated nfs-client-provisioner kubernetes.core.helm: diff --git a/roles/common/defaults/main.yml b/roles/common/defaults/main.yml index 5e2f69b0..ad11fca4 100644 --- a/roles/common/defaults/main.yml +++ b/roles/common/defaults/main.yml @@ -1,2 +1,5 @@ +# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 + V4_CFG_POSTGRES_SERVERS: default: {} diff --git a/roles/common/lookup_plugins/tfstate.py b/roles/common/lookup_plugins/tfstate.py index 2e327ae4..95b2a59e 100644 --- a/roles/common/lookup_plugins/tfstate.py +++ b/roles/common/lookup_plugins/tfstate.py @@ -1,3 +1,7 @@ +# +# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# from __future__ import (absolute_import, division, print_function) __metaclass__ = type diff --git a/roles/common/tasks/main.yaml b/roles/common/tasks/main.yaml index 55a95e33..3f1d6239 100644 --- a/roles/common/tasks/main.yaml +++ b/roles/common/tasks/main.yaml @@ -1,3 +1,6 @@ +# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 + - name: Load config file include_vars: file: "{{ CONFIG }}" diff --git a/roles/common/tasks/migrations.yaml b/roles/common/tasks/migrations.yaml index 405b7fb3..89dc49f3 100644 --- a/roles/common/tasks/migrations.yaml +++ b/roles/common/tasks/migrations.yaml @@ -1,3 +1,6 @@ +# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 + - block: diff --git a/roles/common/tasks/task-validations.yaml b/roles/common/tasks/task-validations.yaml index 42117b5a..91d3b20c 100644 --- a/roles/common/tasks/task-validations.yaml +++ b/roles/common/tasks/task-validations.yaml @@ -1,3 +1,6 @@ +# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 + --- - name: task validation diff --git a/roles/istio/defaults/main.yml b/roles/istio/defaults/main.yml index 6b4b4cb2..f06e0109 100644 --- a/roles/istio/defaults/main.yml +++ b/roles/istio/defaults/main.yml @@ -1,3 +1,6 @@ +# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 + --- target_arch: x86_64 loadBalancerSourceRanges: ["109.232.56.224/27", "149.173.0.0/16", "194.206.69.176/28"] diff --git a/roles/istio/tasks/main.yml b/roles/istio/tasks/main.yml index c63c87d9..40f1f2a5 100644 --- a/roles/istio/tasks/main.yml +++ b/roles/istio/tasks/main.yml @@ -1,3 +1,6 @@ +# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 + --- - name: Download istio shell: diff --git a/roles/istio/tests/test.yml b/roles/istio/tests/test.yml index bb79681e..b5c82b3e 100644 --- a/roles/istio/tests/test.yml +++ b/roles/istio/tests/test.yml @@ -1,5 +1,8 @@ +# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 + --- - hosts: localhost remote_user: root roles: - - deploy \ No newline at end of file + - deploy diff --git a/roles/istio/vars/main.yml b/roles/istio/vars/main.yml index dd06e3da..5a558471 100644 --- a/roles/istio/vars/main.yml +++ b/roles/istio/vars/main.yml @@ -1,2 +1,5 @@ +# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 + --- -# vars file for deploy \ No newline at end of file +# vars file for deploy diff --git a/roles/jump-server/defaults/main.yml b/roles/jump-server/defaults/main.yml index 6344e7e8..54978483 100644 --- a/roles/jump-server/defaults/main.yml +++ b/roles/jump-server/defaults/main.yml @@ -1,3 +1,6 @@ +# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 + JUMP_SVR_RWX_FILESTORE_PATH: /viya-share folder_owner: nobody -folder_group: nobody \ No newline at end of file +folder_group: nobody diff --git a/roles/jump-server/tasks/main.yml b/roles/jump-server/tasks/main.yml index 7ac68471..4568abc5 100644 --- a/roles/jump-server/tasks/main.yml +++ b/roles/jump-server/tasks/main.yml @@ -1,3 +1,6 @@ +# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 + --- - name: jump-server - add host add_host: diff --git a/roles/monitoring/defaults/main.yaml b/roles/monitoring/defaults/main.yaml index ba28f34f..3c515d3f 100644 --- a/roles/monitoring/defaults/main.yaml +++ b/roles/monitoring/defaults/main.yaml @@ -1,3 +1,6 @@ +# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 + KUBECONFIG: ~/.kube/config NAMESPACE: null V4_CFG_MANAGE_STORAGE: true @@ -9,6 +12,7 @@ V4M_NODE_PLACEMENT_ENABLE: false V4M_BASE_DOMAIN: "{{ V4_CFG_BASE_DOMAIN }}" V4M_CERT: null V4M_KEY: null +V4M_ROUTING: host-based V4M_LOGGING_NAMESPACE: logging V4M_MONITORING_NAMESPACE: monitoring diff --git a/roles/monitoring/files/aws-storageclass.yaml b/roles/monitoring/files/aws-storageclass.yaml index 567928e2..e5846ab3 100644 --- a/roles/monitoring/files/aws-storageclass.yaml +++ b/roles/monitoring/files/aws-storageclass.yaml @@ -1,3 +1,6 @@ +# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 + allowVolumeExpansion: true apiVersion: storage.k8s.io/v1 kind: StorageClass @@ -13,4 +16,4 @@ parameters: reclaimPolicy: Delete # Set binding mode to WaitForFirstConsumer to avoid # volume node affinity issues -volumeBindingMode: WaitForFirstConsumer \ No newline at end of file +volumeBindingMode: WaitForFirstConsumer diff --git a/roles/monitoring/files/azure-storageclass.yaml b/roles/monitoring/files/azure-storageclass.yaml index 8b9fadb4..530ec8ab 100644 --- a/roles/monitoring/files/azure-storageclass.yaml +++ b/roles/monitoring/files/azure-storageclass.yaml @@ -1,3 +1,6 @@ +# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 + allowVolumeExpansion: true apiVersion: storage.k8s.io/v1 kind: StorageClass @@ -12,4 +15,4 @@ provisioner: kubernetes.io/azure-disk reclaimPolicy: Delete # Set binding mode to WaitForFirstConsumer to avoid # volume node affinity issues -volumeBindingMode: WaitForFirstConsumer \ No newline at end of file +volumeBindingMode: WaitForFirstConsumer diff --git a/roles/monitoring/files/gcp-storageclass.yaml b/roles/monitoring/files/gcp-storageclass.yaml index 7bad3a6d..23dd3c01 100644 --- a/roles/monitoring/files/gcp-storageclass.yaml +++ b/roles/monitoring/files/gcp-storageclass.yaml @@ -1,3 +1,6 @@ +# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 + allowVolumeExpansion: true apiVersion: storage.k8s.io/v1 kind: StorageClass diff --git a/roles/monitoring/tasks/cluster-logging.yaml b/roles/monitoring/tasks/cluster-logging.yaml index 7b649edb..8d364ad5 100644 --- a/roles/monitoring/tasks/cluster-logging.yaml +++ b/roles/monitoring/tasks/cluster-logging.yaml @@ -1,3 +1,6 @@ +# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 + --- - name: cluster-logging - create userdir file: @@ -50,21 +53,49 @@ tags: - install -- name: cluster-logging - opensearch user values +- name: cluster-logging - host-based opensearch user values template: - src: "user-values-opensearch.yaml" + src: "host-based/user-values-opensearch.yaml" dest: "{{ tmpdir.path }}/logging/user-values-opensearch.yaml" mode: "0660" + when: + - V4M_ROUTING|lower == 'host-based' tags: - install - update - uninstall -- name: cluster-logging - osd user values +- name: cluster-logging - host-based osd user values template: - src: "user-values-osd.yaml" + src: "host-based/user-values-osd.yaml" dest: "{{ tmpdir.path }}/logging/user-values-osd.yaml" mode: "0660" + when: + - V4M_ROUTING|lower == 'host-based' + tags: + - install + - update + - uninstall + +- name: cluster-logging - path-based opensearch user values + template: + src: "path-based/user-values-opensearch.yaml" + dest: "{{ tmpdir.path }}/logging/user-values-opensearch.yaml" + mode: "0660" + when: + - V4M_ROUTING|lower == 'path-based' + tags: + - install + - update + - uninstall + +- name: cluster-logging - path-based osd user values + template: + src: "path-based/user-values-osd.yaml" + dest: "{{ tmpdir.path }}/logging/user-values-osd.yaml" + mode: "0660" + when: + - V4M_ROUTING|lower == 'path-based' tags: - install - update diff --git a/roles/monitoring/tasks/cluster-monitoring.yaml b/roles/monitoring/tasks/cluster-monitoring.yaml index 5d955f11..6f3570f3 100644 --- a/roles/monitoring/tasks/cluster-monitoring.yaml +++ b/roles/monitoring/tasks/cluster-monitoring.yaml @@ -1,3 +1,6 @@ +# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 + --- - name: cluster-monitoring - create userdir file: @@ -38,16 +41,37 @@ - name: cluster-monitoring - output credentials debug: - msg: + msg: - "Grafana - username: admin, password: {{ V4M_GRAFANA_PASSWORD }}" tags: - install -- name: cluster-monitoring - user values +- name: cluster-monitoring - host-based user values template: - src: "user-values-prom-operator.yaml" + src: "host-based/user-values-prom-operator.yaml" dest: "{{ tmpdir.path }}/monitoring/user-values-prom-operator.yaml" mode: "0660" + when: + - V4M_ROUTING|lower == 'host-based' + tags: + - install + - update + - uninstall + +- name: cluster-monitoring - path-based user values + block: + - name: copy operator yaml + template: + src: "path-based/user-values-prom-operator.yaml" + dest: "{{ tmpdir.path }}/monitoring/user-values-prom-operator.yaml" + mode: "0660" + - name: copy user env + template: + src: "path-based/user.env" + dest: "{{ tmpdir.path }}/monitoring/user.env" + mode: "0660" + when: + - V4M_ROUTING|lower == 'path-based' tags: - install - update @@ -77,7 +101,7 @@ tls.key: >- {{ lookup('file', V4M_GRAFANA_KEY ) |b64encode }} type: kubernetes.io/tls - when: + when: - V4M_GRAFANA_CERT is not none - V4M_GRAFANA_KEY is not none tags: @@ -100,7 +124,7 @@ tls.key: >- {{ lookup('file', V4M_PROMETHEUS_KEY ) |b64encode }} type: kubernetes.io/tls - when: + when: - V4M_PROMETHEUS_CERT is not none - V4M_PROMETHEUS_KEY is not none tags: @@ -123,7 +147,7 @@ tls.key: >- {{ lookup('file', V4M_ALERTMANAGER_KEY ) |b64encode }} type: kubernetes.io/tls - when: + when: - V4M_ALERTMANAGER_CERT is not none - V4M_ALERTMANAGER_KEY is not none tags: diff --git a/roles/monitoring/tasks/main.yaml b/roles/monitoring/tasks/main.yaml index f62bb970..5b85fb2d 100644 --- a/roles/monitoring/tasks/main.yaml +++ b/roles/monitoring/tasks/main.yaml @@ -1,4 +1,19 @@ +# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 + --- +- name: v4m - ensure supported value for V4M_ROUTING + ansible.builtin.assert: + that: '{{ ["host-based", "path-based"] | intersect(V4M_ROUTING) | count == 1}}' + msg: > + Invalid V4M_ROUTING value: {{ V4M_ROUTING }} + + Supported values for V4M_ROUTING are `host-based` or `path-based` + tags: + - install + - uninstall + - update + - name: v4m - download git: repo: https://github.com/sassoftware/viya4-monitoring-kubernetes.git diff --git a/roles/monitoring/tasks/viya-monitoring.yaml b/roles/monitoring/tasks/viya-monitoring.yaml index e434d7db..9268d616 100644 --- a/roles/monitoring/tasks/viya-monitoring.yaml +++ b/roles/monitoring/tasks/viya-monitoring.yaml @@ -1,3 +1,6 @@ +# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 + --- - name: viya-monitoring - download viya4-monitoring-kubernetes git: diff --git a/roles/monitoring/templates/user-values-opensearch.yaml b/roles/monitoring/templates/host-based/user-values-opensearch.yaml similarity index 100% rename from roles/monitoring/templates/user-values-opensearch.yaml rename to roles/monitoring/templates/host-based/user-values-opensearch.yaml diff --git a/roles/monitoring/templates/user-values-osd.yaml b/roles/monitoring/templates/host-based/user-values-osd.yaml similarity index 100% rename from roles/monitoring/templates/user-values-osd.yaml rename to roles/monitoring/templates/host-based/user-values-osd.yaml diff --git a/roles/monitoring/templates/user-values-prom-operator.yaml b/roles/monitoring/templates/host-based/user-values-prom-operator.yaml similarity index 92% rename from roles/monitoring/templates/user-values-prom-operator.yaml rename to roles/monitoring/templates/host-based/user-values-prom-operator.yaml index 4420a5ff..fa8e9d44 100644 --- a/roles/monitoring/templates/user-values-prom-operator.yaml +++ b/roles/monitoring/templates/host-based/user-values-prom-operator.yaml @@ -2,8 +2,6 @@ prometheus: # Disable default configuration of NodePort service: type: ClusterIP - port: 443 - targetPort: 443 nodePort: null # Define host-based ingress ingress: @@ -31,8 +29,10 @@ alertmanager: nodePort: null # Define host-based ingress ingress: - enabled: true + annotations: + nginx.ingress.kubernetes.io/backend-protocol: HTTPS ingressClassName: nginx + enabled: true tls: - hosts: - {{ V4M_ALERTMANAGER_FQDN }} @@ -55,7 +55,6 @@ grafana: ingress: annotations: nginx.ingress.kubernetes.io/backend-protocol: HTTPS - # nginx.ingress.kubernetes.io/rewrite-target: "/grafana" enabled: true ingressClassName: nginx tls: @@ -68,7 +67,7 @@ grafana: "grafana.ini": server: domain: {{ V4M_BASE_DOMAIN }} - root_url: https://{{ V4M_GRAFANA_FQDN }} + root_url: "https://{{ V4M_GRAFANA_FQDN }}" serve_from_sub_path: false testFramework: enabled: false diff --git a/roles/monitoring/templates/path-based/user-values-opensearch.yaml b/roles/monitoring/templates/path-based/user-values-opensearch.yaml new file mode 100644 index 00000000..8a174956 --- /dev/null +++ b/roles/monitoring/templates/path-based/user-values-opensearch.yaml @@ -0,0 +1,18 @@ +# OpenSearch ingress is optional +ingress: + ingressClassName: nginx + annotations: + nginx.ingress.kubernetes.io/configuration-snippet: | + rewrite (?i)/search/(.*) /$1 break; + rewrite (?i)/search$ / break; + nginx.ingress.kubernetes.io/rewrite-target: /search + nginx.ingress.kubernetes.io/backend-protocol: HTTPS + enabled: true + path: /search + pathType: Prefix + hosts: + - {{ V4M_BASE_DOMAIN }} + tls: + - secretName: elasticsearch-ingress-tls-secret + hosts: + - {{ V4M_BASE_DOMAIN }} diff --git a/roles/monitoring/templates/path-based/user-values-osd.yaml b/roles/monitoring/templates/path-based/user-values-osd.yaml new file mode 100644 index 00000000..1ebf4c25 --- /dev/null +++ b/roles/monitoring/templates/path-based/user-values-osd.yaml @@ -0,0 +1,45 @@ +extraEnvs: +# SERVER_BASEPATH needed for path-based ingress +- name: SERVER_BASEPATH + value: /dashboards +# OSD_ENABLE_TLS, Username & password need to be set here since helm *replaces* array values +- name: OSD_ENABLE_TLS + valueFrom: + secretKeyRef: + name: v4m-osd-tls-enabled + key: enable_tls +- name: OPENSEARCH_USERNAME + valueFrom: + secretKeyRef: + name: internal-user-kibanaserver + key: username +- name: OPENSEARCH_PASSWORD + valueFrom: + secretKeyRef: + name: internal-user-kibanaserver + key: password +service: + type: ClusterIP + nodePort: null +ingress: + ingressClassName: nginx + annotations: + nginx.ingress.kubernetes.io/affinity: "cookie" + nginx.ingress.kubernetes.io/configuration-snippet: | + rewrite (?i)/dashboards/(.*) /$1 break; + rewrite (?i)/dashboards$ / break; + nginx.ingress.kubernetes.io/rewrite-target: /dashboards + nginx.ingress.kubernetes.io/backend-protocol: HTTPS + enabled: true + hosts: + - host: {{ V4M_BASE_DOMAIN }} + paths: + - path: /dashboards + backend: + serviceName: v4m-osd + servicePort: 5601 + + tls: + - secretName: kibana-ingress-tls-secret + hosts: + - {{ V4M_BASE_DOMAIN }} diff --git a/roles/monitoring/templates/path-based/user-values-prom-operator.yaml b/roles/monitoring/templates/path-based/user-values-prom-operator.yaml new file mode 100644 index 00000000..3f583b65 --- /dev/null +++ b/roles/monitoring/templates/path-based/user-values-prom-operator.yaml @@ -0,0 +1,74 @@ +grafana: + # Disable default configuration of NodePort + service: + type: ClusterIP + nodePort: null + ingress: + ingressClassName: nginx + annotations: + nginx.ingress.kubernetes.io/backend-protocol: HTTPS + enabled: true + tls: + - hosts: + - {{ V4M_BASE_DOMAIN }} + secretName: grafana-ingress-tls-secret + hosts: + - {{ V4M_BASE_DOMAIN }} + path: /grafana + pathType: Prefix + "grafana.ini": + server: + domain: {{ V4M_BASE_DOMAIN }} + root_url: "https://{{ V4M_BASE_DOMAIN }}/grafana" + serve_from_sub_path: true + +# Note that Prometheus and Alertmanager do not have any +# authentication configured by default, exposing an +# unauthenticated applicaton without other restrictions +# in place is insecure. + +prometheus: + # Disable default configuration of NodePort + service: + type: ClusterIP + nodePort: null + # Define path-based ingress + ingress: + ingressClassName: nginx + annotations: + nginx.ingress.kubernetes.io/backend-protocol: HTTPS + enabled: true + tls: + - hosts: + - {{ V4M_BASE_DOMAIN }} + secretName: prometheus-ingress-tls-secret + hosts: + - {{ V4M_BASE_DOMAIN }} + path: /prometheus + pathType: Prefix + prometheusSpec: + routePrefix: /prometheus + externalUrl: "https://{{ V4M_BASE_DOMAIN }}/prometheus" + +alertmanager: + # Disable default configuration of NodePort + service: + type: ClusterIP + nodePort: null + # Define path-based ingress + ingress: + annotations: + nginx.ingress.kubernetes.io/backend-protocol: HTTPS + ingressClassName: nginx + enabled: true + tls: + - hosts: + - {{ V4M_BASE_DOMAIN }} + secretName: alertmanager-ingress-tls-secret + hosts: + - {{ V4M_BASE_DOMAIN }} + path: /alertmanager + pathType: Prefix + alertmanagerSpec: + routePrefix: /alertmanager + externalUrl: "https://{{ V4M_BASE_DOMAIN }}/alertmanager" diff --git a/roles/monitoring/templates/path-based/user.env b/roles/monitoring/templates/path-based/user.env new file mode 100644 index 00000000..b66d0bbf --- /dev/null +++ b/roles/monitoring/templates/path-based/user.env @@ -0,0 +1 @@ +MON_TLS_PATH_INGRESS=true diff --git a/roles/monitoring/templates/secret.yaml b/roles/monitoring/templates/secret.yaml deleted file mode 100644 index 608cd6f4..00000000 --- a/roles/monitoring/templates/secret.yaml +++ /dev/null @@ -1,11 +0,0 @@ -kind: Secret -apiVersion: v1 -metadata: - name: {{ tls_name }} - namespace: {{ tls_namespace }} -data: - tls.crt: >- - {{ tls_cert }} - tls.key: >- - {{ tls_key }} -type: kubernetes.io/tls diff --git a/roles/monitoring/templates/user-values-pushgateway.yaml b/roles/monitoring/templates/user-values-pushgateway.yaml deleted file mode 100644 index ee375ae6..00000000 --- a/roles/monitoring/templates/user-values-pushgateway.yaml +++ /dev/null @@ -1,2 +0,0 @@ -persistentVolume: - storageClass: {{ V4M_STORAGECLASS }} \ No newline at end of file diff --git a/roles/monitoring/vars/main.yaml b/roles/monitoring/vars/main.yaml index 3f66ddd7..6cfb5076 100644 --- a/roles/monitoring/vars/main.yaml +++ b/roles/monitoring/vars/main.yaml @@ -1,3 +1,6 @@ +# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 + logging_map: secret: internal-user-admin: V4M_KIBANA_PASSWORD diff --git a/roles/multi-tenancy/defaults/main.yml b/roles/multi-tenancy/defaults/main.yml index 86c7b1ff..a38338be 100644 --- a/roles/multi-tenancy/defaults/main.yml +++ b/roles/multi-tenancy/defaults/main.yml @@ -1,3 +1,6 @@ +# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 + ## Multi-tenant # Updating HOST to remove https diff --git a/roles/multi-tenancy/tasks/main.yaml b/roles/multi-tenancy/tasks/main.yaml index 1bf36276..b18e6ba7 100644 --- a/roles/multi-tenancy/tasks/main.yaml +++ b/roles/multi-tenancy/tasks/main.yaml @@ -1,3 +1,6 @@ +# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 + --- - name: multi-tenant role - setup include_tasks: multi-tenant-setup.yaml diff --git a/roles/multi-tenancy/tasks/multi-tenant-onboard-offboard.yaml b/roles/multi-tenancy/tasks/multi-tenant-onboard-offboard.yaml index c4678109..3ee7b674 100644 --- a/roles/multi-tenancy/tasks/multi-tenant-onboard-offboard.yaml +++ b/roles/multi-tenancy/tasks/multi-tenant-onboard-offboard.yaml @@ -1,3 +1,6 @@ +# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 + --- # Apply the service account role - name: apply service account role diff --git a/roles/multi-tenancy/tasks/multi-tenant-setup.yaml b/roles/multi-tenancy/tasks/multi-tenant-setup.yaml index eea0b470..bee0290f 100644 --- a/roles/multi-tenancy/tasks/multi-tenant-setup.yaml +++ b/roles/multi-tenancy/tasks/multi-tenant-setup.yaml @@ -1,3 +1,6 @@ +# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 + --- - name: create sas-tenant-job folder file: diff --git a/roles/multi-tenancy/tasks/onboard-offboard-cas-servers.yaml b/roles/multi-tenancy/tasks/onboard-offboard-cas-servers.yaml index e8b54550..691aad1c 100644 --- a/roles/multi-tenancy/tasks/onboard-offboard-cas-servers.yaml +++ b/roles/multi-tenancy/tasks/onboard-offboard-cas-servers.yaml @@ -1,3 +1,6 @@ +# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 + --- # Update Resources in Kustomization.yaml - name: check if cas resources present diff --git a/roles/multi-tenancy/tasks/tenant-cas-customizations.yaml b/roles/multi-tenancy/tasks/tenant-cas-customizations.yaml index 540aeb0a..fc7afddf 100644 --- a/roles/multi-tenancy/tasks/tenant-cas-customizations.yaml +++ b/roles/multi-tenancy/tasks/tenant-cas-customizations.yaml @@ -1,3 +1,6 @@ +# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 + --- - name: update tenant cas customizations block: diff --git a/roles/orchestration-common/defaults/main.yaml b/roles/orchestration-common/defaults/main.yaml index 5ec3d4d6..792a31c2 100644 --- a/roles/orchestration-common/defaults/main.yaml +++ b/roles/orchestration-common/defaults/main.yaml @@ -1,3 +1,6 @@ +# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 + V4_CFG_CR_USER: null V4_CFG_CR_PASSWORD: null V4_CFG_CR_URL: https://cr.sas.com diff --git a/roles/orchestration-common/tasks/orchestration_tooling.yaml b/roles/orchestration-common/tasks/orchestration_tooling.yaml index b19fabff..36c94637 100644 --- a/roles/orchestration-common/tasks/orchestration_tooling.yaml +++ b/roles/orchestration-common/tasks/orchestration_tooling.yaml @@ -1,3 +1,6 @@ +# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 + # These tasks are responsible for pulling or downloading the sas-orchestration image # so that the tooling it contains may be used during the deployment process. diff --git a/roles/vdm/defaults/main.yaml b/roles/vdm/defaults/main.yaml index ea53a3a8..3f9d79a8 100644 --- a/roles/vdm/defaults/main.yaml +++ b/roles/vdm/defaults/main.yaml @@ -1,3 +1,6 @@ +# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 + PROVIDER: custom #[azure|aws|gcp|custom] NAMESPACE: null CLUSTER_NAME: null diff --git a/roles/vdm/files/sitedefault-mt.yaml b/roles/vdm/files/sitedefault-mt.yaml index 861c311d..7d860c95 100644 --- a/roles/vdm/files/sitedefault-mt.yaml +++ b/roles/vdm/files/sitedefault-mt.yaml @@ -1,3 +1,6 @@ +# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 + cacerts: config: application: diff --git a/roles/vdm/files/sitedefault.yaml b/roles/vdm/files/sitedefault.yaml index 9c717d0a..56851b55 100644 --- a/roles/vdm/files/sitedefault.yaml +++ b/roles/vdm/files/sitedefault.yaml @@ -1,3 +1,6 @@ +# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 + cacerts: config: application: diff --git a/roles/vdm/library/overlay_facts.py b/roles/vdm/library/overlay_facts.py index c79e5550..70754ab8 100644 --- a/roles/vdm/library/overlay_facts.py +++ b/roles/vdm/library/overlay_facts.py @@ -1,3 +1,7 @@ +# +# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# from ansible.module_utils.basic import AnsibleModule from packaging.version import parse as parse_version import os diff --git a/roles/vdm/library/siteconfig_info.py b/roles/vdm/library/siteconfig_info.py index 84520f4e..5cab7d10 100644 --- a/roles/vdm/library/siteconfig_info.py +++ b/roles/vdm/library/siteconfig_info.py @@ -1,3 +1,7 @@ +# +# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# from ansible.module_utils.basic import * import glob import yaml diff --git a/roles/vdm/tasks/assets.yaml b/roles/vdm/tasks/assets.yaml index d58eddcf..9c255010 100644 --- a/roles/vdm/tasks/assets.yaml +++ b/roles/vdm/tasks/assets.yaml @@ -1,3 +1,6 @@ +# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 + --- - name: assets - Download viya4-orders-cli get_url: diff --git a/roles/vdm/tasks/cas.yaml b/roles/vdm/tasks/cas.yaml index 91276e44..0785626e 100644 --- a/roles/vdm/tasks/cas.yaml +++ b/roles/vdm/tasks/cas.yaml @@ -1,3 +1,6 @@ +# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 + --- - name: "cas - base" overlay_facts: diff --git a/roles/vdm/tasks/connect.yaml b/roles/vdm/tasks/connect.yaml index 7e8f0e40..64c97f0f 100644 --- a/roles/vdm/tasks/connect.yaml +++ b/roles/vdm/tasks/connect.yaml @@ -1,3 +1,6 @@ +# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 + --- - name: "connect - Loadbalancer " overlay_facts: diff --git a/roles/vdm/tasks/copy_overlay.yaml b/roles/vdm/tasks/copy_overlay.yaml index 3d0615e1..4f19fe62 100644 --- a/roles/vdm/tasks/copy_overlay.yaml +++ b/roles/vdm/tasks/copy_overlay.yaml @@ -1,3 +1,6 @@ +# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 + --- - name: copy - create VDM {{ resource }} folder file: diff --git a/roles/vdm/tasks/deploy.yaml b/roles/vdm/tasks/deploy.yaml index be9cefd4..d172eac0 100644 --- a/roles/vdm/tasks/deploy.yaml +++ b/roles/vdm/tasks/deploy.yaml @@ -1,3 +1,6 @@ +# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 + --- - name: deploy - Apply SAS Viya deployment kubernetes.core.k8s: diff --git a/roles/vdm/tasks/deployment_operator.yaml b/roles/vdm/tasks/deployment_operator.yaml index 08c3eae8..933921c7 100644 --- a/roles/vdm/tasks/deployment_operator.yaml +++ b/roles/vdm/tasks/deployment_operator.yaml @@ -1,3 +1,6 @@ +# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 + --- - name: deployment-operator - validate V4_DEPLOYMENT_OPERATOR_SCOPE ansible.builtin.assert: @@ -227,6 +230,8 @@ state: present namespace: "{{ V4_DEPLOYMENT_OPERATOR_NAMESPACE }}" kubeconfig: "{{ KUBECONFIG }}" + when: + - DEPLOY tags: - install - update @@ -286,6 +291,7 @@ - result.stdout|length > 0 when: - cluster_sasdeployments.resources|length == 0 + - DEPLOY tags: - uninstall @@ -300,6 +306,7 @@ state: absent when: - cluster_sasdeployments.resources|length == 0 + - DEPLOY tags: - uninstall @@ -310,5 +317,6 @@ when: - V4_DEPLOYMENT_OPERATOR_SCOPE|lower == "cluster" - cluster_sasdeployments.resources|length == 0 + - DEPLOY tags: - uninstall diff --git a/roles/vdm/tasks/elasticsearch.yaml b/roles/vdm/tasks/elasticsearch.yaml index f9402887..bf0dbbb4 100644 --- a/roles/vdm/tasks/elasticsearch.yaml +++ b/roles/vdm/tasks/elasticsearch.yaml @@ -1,3 +1,6 @@ +# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 + --- - name: elasticsearch - folder check stat: diff --git a/roles/vdm/tasks/kustomize.yaml b/roles/vdm/tasks/kustomize.yaml index a612c6fc..4454901e 100644 --- a/roles/vdm/tasks/kustomize.yaml +++ b/roles/vdm/tasks/kustomize.yaml @@ -1,3 +1,6 @@ +# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 + --- - command: | git log -1 --format=format:"%H" diff --git a/roles/vdm/tasks/main.yaml b/roles/vdm/tasks/main.yaml index cc3d86f7..b42f7661 100644 --- a/roles/vdm/tasks/main.yaml +++ b/roles/vdm/tasks/main.yaml @@ -1,3 +1,6 @@ +# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 + --- - file: state: directory diff --git a/roles/vdm/tasks/mirror.yaml b/roles/vdm/tasks/mirror.yaml index a214360d..ea269d4b 100644 --- a/roles/vdm/tasks/mirror.yaml +++ b/roles/vdm/tasks/mirror.yaml @@ -1,3 +1,6 @@ +# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 + --- - name: mirror - copy example copy: diff --git a/roles/vdm/tasks/multi_tenant.yaml b/roles/vdm/tasks/multi_tenant.yaml index 90ca5750..113c24a2 100644 --- a/roles/vdm/tasks/multi_tenant.yaml +++ b/roles/vdm/tasks/multi_tenant.yaml @@ -1,3 +1,6 @@ +# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 + --- - name: multitenant - folder check stat: diff --git a/roles/vdm/tasks/sasdeployment_custom_resource.yaml b/roles/vdm/tasks/sasdeployment_custom_resource.yaml index 6c3ffa0f..8df2d275 100644 --- a/roles/vdm/tasks/sasdeployment_custom_resource.yaml +++ b/roles/vdm/tasks/sasdeployment_custom_resource.yaml @@ -1,3 +1,6 @@ +# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 + # These tasks are responsible for generating the SASDeployment Custom Resource --- diff --git a/roles/vdm/tasks/sizing.yaml b/roles/vdm/tasks/sizing.yaml index 72cffce2..b1c9e929 100644 --- a/roles/vdm/tasks/sizing.yaml +++ b/roles/vdm/tasks/sizing.yaml @@ -1,3 +1,6 @@ +# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 + --- - name: sizing - minimal overlay_facts: diff --git a/roles/vdm/tasks/start_stop.yaml b/roles/vdm/tasks/start_stop.yaml index d1cad2e1..f0128859 100644 --- a/roles/vdm/tasks/start_stop.yaml +++ b/roles/vdm/tasks/start_stop.yaml @@ -1,3 +1,6 @@ +# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 + - name: start_stop - validate cadence version ansible.builtin.fail: msg: > diff --git a/roles/vdm/tasks/storage.yaml b/roles/vdm/tasks/storage.yaml index 9da3854d..7f28fd31 100644 --- a/roles/vdm/tasks/storage.yaml +++ b/roles/vdm/tasks/storage.yaml @@ -1,3 +1,6 @@ +# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 + --- - name: storage - storageclass overlay_facts: diff --git a/roles/vdm/tasks/tls.yaml b/roles/vdm/tasks/tls.yaml index 2f9c32bc..492189c1 100644 --- a/roles/vdm/tasks/tls.yaml +++ b/roles/vdm/tasks/tls.yaml @@ -1,3 +1,6 @@ +# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 + # There are several TLS ingress scenarios: # The mode: full-stack, front-door and disabled # Each can have either customer provided certs or cert-manager generated certs diff --git a/roles/vdm/vars/main.yaml b/roles/vdm/vars/main.yaml index 98262f08..a822c849 100644 --- a/roles/vdm/vars/main.yaml +++ b/roles/vdm/vars/main.yaml @@ -1,3 +1,6 @@ +# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 + PROXY_SQL_IMAGE: gcr.io/cloudsql-docker/gce-proxy:1.20.2 vdm_overlays: {}