fix(ansible): sanitize defaults and harden deployment (c094ea4e) · Commits · OOP / deploy / ansible

.gitignore

+1 −0

Original line number	Diff line number	Diff line
		@@ -14,6 +14,7 @@ ansible/.ansible/
		*.retry
		ansible_facts/
		ansible/secrets.yml
		ansible/inventory/hosts.local.yml

		# Automation folder - contains kubeconfig files generated by ansible
		automation/

+2 −2

Original line number	Diff line number	Diff line
		@@ -45,8 +45,8 @@ To contribute code, follow these steps:

		1. Clone the Repository:
		```bash
		git clone git@gitlab.i2cat.net:areas/software-networks/operator-platform/op-automation.git
		cd op-automation
		git clone https://labs.etsi.org/rep/oop/code/integration.git
		cd integration
		```

		2. Create a Feature Branch:

+9 −5

Original line number	Diff line number	Diff line
		@@ -24,7 +24,10 @@ source venv/bin/activate
		pip install -r requirements.txt
		ansible-galaxy collection install -r requirements.yml

		ansible-playbook playbooks/scenarios/dual_oop/deploy.yml --limit openop_2,openop_3
		cp inventory/hosts.yml inventory/hosts.local.yml
		cp secrets.example.yml secrets.yml

		ansible-playbook -i inventory/hosts.local.yml playbooks/scenarios/full_oop/deploy-kubernetes.yml --limit example_op_1
		```

		## Working scenarios
		@@ -42,14 +45,15 @@ For remote deployments, kubeconfigs are fetched locally to:

		Examples:

		- `~/kind-cluster-configs/openop_3/op1-kubeconfig.yaml`
		- `~/kind-cluster-configs/openop_2/op2-kubeconfig.yaml`
		- `~/kind-cluster-configs/example_op_1/operator-platform-external-kubeconfig.yaml`
		- `~/kind-cluster-configs/example_op_3/op1-kubeconfig.yaml`

		## Notes

		- Run playbooks from `ansible/`.
		- `ansible/secrets.yml` is local-only and gitignored.
		- `dual_oop` and `full_oop` load `secrets.yml` automatically.
		- `ansible/secrets.yml` is optional, local-only, and gitignored.
		- Copy `ansible/inventory/hosts.yml` to `ansible/inventory/hosts.local.yml` for site-specific inventory.
		- Copy `ansible/secrets.example.yml` to `ansible/secrets.yml` only when local overrides are needed.

		## Docs preview

+6 −5

Original line number	Diff line number	Diff line
		@@ -19,15 +19,16 @@
		# ==========================================
		# Project Paths
		# ==========================================
		op_automation_base: /home/sergio/i2cat/OperatorPlatform/OP_Automation
		i2edge_base_path: /home/sergio/i2cat/OperatorPlatform/i2edge
		op_automation_base: "{{ inventory_dir \| dirname \| dirname }}"
		i2edge_base_path: ""

		# ==========================================
		# Docker Registry Configuration
		# ==========================================
		# Registry host for Docker authentication (host:port only)
		docker_registry_host: "gitlab.i2cat.net:5050"
		docker_registry_username: "oauth2"
		docker_registry_host: ""
		docker_registry_username: ""
		docker_registry_password: "{{ gitlab_token \| default('') }}"

		# ==========================================
		# Kubernetes Platform Settings
		@@ -59,6 +60,6 @@ cert_sans:
		# Automatically uses host IP, falls back to localhost
		kubeconfig_server_host: "{{ ansible_default_ipv4.address \| default('localhost') }}"
		kubeconfig_server_url: "https://{{ kubeconfig_server_host }}:{{ api_server_port }}"
		kubeconfig_output_dir: "{{ op_automation_base }}/automation/1-kind-cluster"
		kubeconfig_output_dir: "{{ op_automation_base }}/automation/{{ inventory_hostname \| default('cluster') }}"
		kubeconfig_filename: operator-platform-external-kubeconfig.yaml
		kubeconfig_path: "{{ kubeconfig_output_dir }}/{{ kubeconfig_filename }}"

+1 −1

Original line number	Diff line number	Diff line
		---
		# Standalone DeMAS stack configuration

		demas_local_repo_path: /home/sergio/i2cat/DeMAS/demas
		demas_local_repo_path: ""
		demas_remote_repo_path: "/home/{{ ansible_user \| default('ubuntu') }}/demas"

		demas_cluster_name: demas-monitoring