You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficcontrol.apache.org by GitBox <gi...@apache.org> on 2021/03/29 13:04:23 UTC
[GitHub] [trafficcontrol] zrhoffman opened a new pull request #5685: Add a Federation to the Ansible Dataset Loader
zrhoffman opened a new pull request #5685:
URL: https://github.com/apache/trafficcontrol/pull/5685
<!--
************ STOP!! ************
If this Pull Request is intended to fix a security vulnerability, DO NOT submit it! Instead, contact
the Apache Software Foundation Security Team at security@trafficcontrol.apache.org and follow the
guidelines at https://www.apache.org/security/ regarding vulnerability disclosure.
-->
## What does this PR (Pull Request) do?
<!-- Explain the changes you made here. If this fixes an Issue, identify it by
replacing the text in the checkbox item with the Issue number e.g.
- [x] This PR fixes #9001 OR is not related to any Issue
^ This will automatically close Issue number 9001 when the Pull Request is
merged (The '#' is important).
Be sure you check the box properly, see the "The following criteria are ALL
met by this PR" section for details.
-->
- This PR adds tasks to the `dataset_loader` to
* Create a Federation
* Assign a User to the Federation
* Assign a Delivery Service to the Federation
* Create Federation Resolvers
* Assign Federation Resolvers them to the Federation
- [x] This PR is not related to any Issue <!-- You can check for an issue here: https://github.com/apache/trafficcontrol/issues -->
## Which Traffic Control components are affected by this PR?
<!-- Please delete all components from this list that are NOT affected by this
Pull Request. Also, feel free to add the name of a tool or script that is
affected but not on the list.
Additionally, if this Pull Request does NOT affect documentation, please
explain why documentation is not required. -->
- Ansible roles
## What is the best way to verify this PR?
<!-- Please include here ALL the steps necessary to test your Pull Request. If
it includes tests (and most should), outline here the steps needed to run the
tests. If not, lay out the manual testing procedure and please explain why
tests are unnecessary for this Pull Request. -->
Build an Apache Traffic Control environment using Ansible roles.
## The following criteria are ALL met by this PR
<!-- Check the boxes to signify that the associated statement is true. To
"check a box", replace the space inside of the square brackets with an 'x'.
e.g.
- [ x] <- Wrong
- [x ] <- Wrong
- [] <- Wrong
- [*] <- Wrong
- [x] <- Correct!
-->
- [x] No testing framework exists for the Ansible roles yet
- [x] Existing documentation is sufficient
- [x] This PR includes an update to CHANGELOG.md
- [x] This PR includes any and all required license headers
- [x] This PR **DOES NOT FIX A SERIOUS SECURITY VULNERABILITY** (see [the Apache Software Foundation's security guidelines](https://www.apache.org/security/) for details)
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [trafficcontrol] zrhoffman commented on a change in pull request #5685: Add a Federation to the Ansible Dataset Loader
Posted by GitBox <gi...@apache.org>.
zrhoffman commented on a change in pull request #5685:
URL: https://github.com/apache/trafficcontrol/pull/5685#discussion_r611716902
##########
File path: infrastructure/ansible/roles/dataset_loader/defaults/main.yml
##########
@@ -108,6 +108,11 @@ dl_ds_default_users:
email: userB+userA@kabletown.invalid
fullName: A local account with RO rights
role: read-only
+ - username: '{{ federation_user }}'
+ password: '{{ to_admin_user_password }}'
+ email: '{{ federation_user }@kabletown.invalid'
+ fullName: A local account with admin rights
+ role: admin
Review comment:
~Removed Federation User in f85db07bc7.~
Reverted removing the Federation user in a5c8126911.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [trafficcontrol] zrhoffman commented on a change in pull request #5685: Add a Federation to the Ansible Dataset Loader
Posted by GitBox <gi...@apache.org>.
zrhoffman commented on a change in pull request #5685:
URL: https://github.com/apache/trafficcontrol/pull/5685#discussion_r611716902
##########
File path: infrastructure/ansible/roles/dataset_loader/defaults/main.yml
##########
@@ -108,6 +108,11 @@ dl_ds_default_users:
email: userB+userA@kabletown.invalid
fullName: A local account with RO rights
role: read-only
+ - username: '{{ federation_user }}'
+ password: '{{ to_admin_user_password }}'
+ email: '{{ federation_user }@kabletown.invalid'
+ fullName: A local account with admin rights
+ role: admin
Review comment:
Removed Federation User in f85db07bc7.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [trafficcontrol] zrhoffman commented on a change in pull request #5685: Add a Federation to the Ansible Dataset Loader
Posted by GitBox <gi...@apache.org>.
zrhoffman commented on a change in pull request #5685:
URL: https://github.com/apache/trafficcontrol/pull/5685#discussion_r611709181
##########
File path: infrastructure/ansible/roles/dataset_loader/tasks/federation_loader.yml
##########
@@ -0,0 +1,85 @@
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+- name: Create Federation
+ vars:
+ cdn_name_query: 'response[?xmlId == `{{ federation.deliveryService | to_json }}`].cdnName | [0]'
+ cdn_name: '{{ get_all_ds.json | json_query(cdn_name_query) }}'
+ uri:
+ url: "{{ dl_to_url }}/api/{{ dl_to_api_version }}/cdns/{{ cdn_name }}/federations"
+ method: POST
+ body: '{"cname":{{ federation.mappings.cname | to_json }},"ttl":{{ federation.mappings.ttl }}}'
+ register: create_federation_out
+
+- name: Get Federation ID
+ vars:
+ federation_id_query: response.id
+ set_fact:
+ federation_id: "{{ create_federation_out.json | json_query(federation_id_query) }}"
+
+- name: Assign User to Federation
+ vars:
+ federation_user_query: "response[?username == `{{ federation_user }}`].id | [0]"
+ federation_user_id: "{{ get_all_users.json | json_query(federation_user_query) }}"
+ uri:
+ url: "{{ dl_to_url }}/api/{{ dl_to_api_version }}/federations/{{ federation_id }}/users"
+ method: POST
+ body: '{"userIds":[{{ federation_user_id }}],"replace":false}'
+
+- name: Assign Delivery Service to Federation
+ vars:
+ federation_ds_id_query: 'response[?xmlId == `{{ federation.deliveryService | to_json }}`].id | [0]'
+ federation_ds_id: "{{ get_all_ds.json | json_query(federation_ds_id_query) }}"
+ uri:
+ url: "{{ dl_to_url }}/api/{{ dl_to_api_version }}/federations/{{ federation_id }}/deliveryservices"
+ method: POST
+ body: '{"dsIds":[{{ federation_ds_id }}],"replace":false}'
+
+- name: Create IPv4 Federation Resolvers
+ with_items: "{{ federation.mappings.resolve4 }}"
+ vars:
+ type_name: RESOLVE4
+ type_query: "[?name == `{{ type_name }}`].id | [0]"
+ resolve4_type_id: "{{ get_all_types.json.response | json_query(type_query) }}"
+ uri:
+ url: "{{ dl_to_url }}/api/{{ dl_to_api_version }}/federation_resolvers"
+ method: POST
+ body: '{"ipAddress":{{ item | to_json }},"typeId":{{ resolve4_type_id }}}'
+ register: ipv4_federation_resolver_out
+
+- name: Create IPv6 Federation Resolvers
+ with_items: "{{ federation.mappings.resolve6 }}"
+ vars:
+ type_name: RESOLVE6
+ type_query: "[?name == `{{ type_name }}`].id | [0]"
Review comment:
Deriving the Type name from the array key when looping through Resolvers to load in bf3756021f.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [trafficcontrol] jhg03a commented on a change in pull request #5685: Add a Federation to the Ansible Dataset Loader
Posted by GitBox <gi...@apache.org>.
jhg03a commented on a change in pull request #5685:
URL: https://github.com/apache/trafficcontrol/pull/5685#discussion_r611989234
##########
File path: infrastructure/ansible/roles/dataset_loader/defaults/main.yml
##########
@@ -4042,3 +4050,18 @@ dl_ds_default_ds_template:
longDesc: A basic HTTP routed Delivery Service with Anonymous IP Block Enabled
anonymousBlockingEnabled: true
uniqueKey: simple-http-anon-block
+
+# Federations
+dl_ds_default_federation_user: "{{ federation_user }}"
Review comment:
`federation_user` is undefined. It looks like it got added to the sample, but not the actual defaults.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [trafficcontrol] zrhoffman commented on a change in pull request #5685: Add a Federation to the Ansible Dataset Loader
Posted by GitBox <gi...@apache.org>.
zrhoffman commented on a change in pull request #5685:
URL: https://github.com/apache/trafficcontrol/pull/5685#discussion_r611714358
##########
File path: infrastructure/ansible/roles/dataset_loader/tasks/federation_loader.yml
##########
@@ -0,0 +1,85 @@
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+- name: Create Federation
+ vars:
+ cdn_name_query: 'response[?xmlId == `{{ federation.deliveryService | to_json }}`].cdnName | [0]'
+ cdn_name: '{{ get_all_ds.json | json_query(cdn_name_query) }}'
+ uri:
+ url: "{{ dl_to_url }}/api/{{ dl_to_api_version }}/cdns/{{ cdn_name }}/federations"
+ method: POST
+ body: '{"cname":{{ federation.mappings.cname | to_json }},"ttl":{{ federation.mappings.ttl }}}'
Review comment:
Yep it works for me using `ansible-playbook` version 2.10.7.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [trafficcontrol] zrhoffman commented on a change in pull request #5685: Add a Federation to the Ansible Dataset Loader
Posted by GitBox <gi...@apache.org>.
zrhoffman commented on a change in pull request #5685:
URL: https://github.com/apache/trafficcontrol/pull/5685#discussion_r611702111
##########
File path: infrastructure/ansible/roles/dataset_loader/defaults/main.yml
##########
@@ -108,6 +108,11 @@ dl_ds_default_users:
email: userB+userA@kabletown.invalid
fullName: A local account with RO rights
role: read-only
+ - username: '{{ federation_user }}'
+ password: '{{ to_admin_user_password }}'
+ email: '{{ federation_user }@kabletown.invalid'
+ fullName: A local account with admin rights
+ role: admin
Review comment:
While Admin-level permissions are not required for Users assigned to a Federation, that's not really a meaningful statement, because there is also no requirement that a User is even assigned to a Federation in order for Traffic Router to be able to use that Federation.
Admin-level permissions *are* required to POST to any Federations endpoint:
* `POST federation_resolvers`
* `POST federations`
* `POST federations/{{ID}}/deliveryservices`
* `POST federations/{{ID}}/federation_resolvers`
* `POST federations/{{ID}}/users`
So, creating a dedicated Federation User seems pointless if that User does not also have Admin-level permissions (any Admin-level user can assign Users, DSes, or Federation Resolvers to that Federation).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [trafficcontrol] zrhoffman commented on a change in pull request #5685: Add a Federation to the Ansible Dataset Loader
Posted by GitBox <gi...@apache.org>.
zrhoffman commented on a change in pull request #5685:
URL: https://github.com/apache/trafficcontrol/pull/5685#discussion_r610283647
##########
File path: infrastructure/ansible/roles/dataset_loader/defaults/main.yml
##########
@@ -108,6 +108,11 @@ dl_ds_default_users:
email: userB+userA@kabletown.invalid
fullName: A local account with RO rights
role: read-only
+ - username: '{{ federation_user }}'
+ password: '{{ to_admin_user_password }}'
+ email: '{{ federation_user }@kabletown.invalid'
Review comment:
Curly brace added in 8f71e75821.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [trafficcontrol] jhg03a merged pull request #5685: Add a Federation to the Ansible Dataset Loader
Posted by GitBox <gi...@apache.org>.
jhg03a merged pull request #5685:
URL: https://github.com/apache/trafficcontrol/pull/5685
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [trafficcontrol] zrhoffman commented on a change in pull request #5685: Add a Federation to the Ansible Dataset Loader
Posted by GitBox <gi...@apache.org>.
zrhoffman commented on a change in pull request #5685:
URL: https://github.com/apache/trafficcontrol/pull/5685#discussion_r611998052
##########
File path: infrastructure/ansible/roles/dataset_loader/defaults/main.yml
##########
@@ -21,6 +21,8 @@ dl_ts_url: https://stats.kabletown.invalid
# Credentials to use when logging into TrafficOps
dl_to_user:
dl_to_user_password:
+# Federation User account name
+federation_user: federationuser
Review comment:
Setting the value in `dl_ds_default_federation_user` in 0cf68cdc3d.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [trafficcontrol] jhg03a commented on a change in pull request #5685: Add a Federation to the Ansible Dataset Loader
Posted by GitBox <gi...@apache.org>.
jhg03a commented on a change in pull request #5685:
URL: https://github.com/apache/trafficcontrol/pull/5685#discussion_r611996189
##########
File path: infrastructure/ansible/roles/dataset_loader/defaults/main.yml
##########
@@ -21,6 +21,8 @@ dl_ts_url: https://stats.kabletown.invalid
# Credentials to use when logging into TrafficOps
dl_to_user:
dl_to_user_password:
+# Federation User account name
+federation_user: federationuser
Review comment:
Unprefixed vars in roles aren't best practice. Just set the value in `dl_ds_default_federation_user`.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [trafficcontrol] zrhoffman commented on a change in pull request #5685: Add a Federation to the Ansible Dataset Loader
Posted by GitBox <gi...@apache.org>.
zrhoffman commented on a change in pull request #5685:
URL: https://github.com/apache/trafficcontrol/pull/5685#discussion_r611713038
##########
File path: infrastructure/ansible/roles/dataset_loader/defaults/main.yml
##########
@@ -4042,3 +4051,16 @@ dl_ds_default_ds_template:
longDesc: A basic HTTP routed Delivery Service with Anonymous IP Block Enabled
anonymousBlockingEnabled: true
uniqueKey: simple-http-anon-block
+
+# Federations
+dl_ds_merged_federations: "{{ dl_ds_default_federations }}"
+dl_ds_default_federations:
+ - deliveryService: simple-dns-for-federation-{{ Target_cdn_delegation | lower }}
Review comment:
Defining `Target_cdn_delegation` in 367df6f339.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [trafficcontrol] zrhoffman commented on a change in pull request #5685: Add a Federation to the Ansible Dataset Loader
Posted by GitBox <gi...@apache.org>.
zrhoffman commented on a change in pull request #5685:
URL: https://github.com/apache/trafficcontrol/pull/5685#discussion_r610938233
##########
File path: infrastructure/ansible/roles/dataset_loader/tasks/federation_loader.yml
##########
@@ -0,0 +1,85 @@
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+- name: Create Federation
+ vars:
+ cdn_name_query: 'response[?xmlId == `{{ federation.deliveryService | to_json }}`].cdnName | [0]'
+ cdn_name: '{{ get_all_ds.json | json_query(cdn_name_query) }}'
+ uri:
+ url: "{{ dl_to_url }}/api/{{ dl_to_api_version }}/cdns/{{ cdn_name }}/federations"
+ method: POST
+ body: '{"cname":{{ federation.mappings.cname | to_json }},"ttl":{{ federation.mappings.ttl }}}'
+ register: create_federation_out
+
+- name: Get Federation ID
+ vars:
+ federation_id_query: response.id
+ set_fact:
+ federation_id: "{{ create_federation_out.json | json_query(federation_id_query) }}"
+
+- name: Assign User to Federation
+ vars:
+ federation_user_query: "response[?username == `{{ federation_user }}`].id | [0]"
+ federation_user_id: "{{ get_all_users.json | json_query(federation_user_query) }}"
+ uri:
+ url: "{{ dl_to_url }}/api/{{ dl_to_api_version }}/federations/{{ federation_id }}/users"
+ method: POST
+ body: '{"userIds":[{{ federation_user_id }}],"replace":false}'
+
+- name: Assign Delivery Service to Federation
+ vars:
+ federation_ds_id_query: 'response[?xmlId == `{{ federation.deliveryService | to_json }}`].id | [0]'
+ federation_ds_id: "{{ get_all_ds.json | json_query(federation_ds_id_query) }}"
+ uri:
+ url: "{{ dl_to_url }}/api/{{ dl_to_api_version }}/federations/{{ federation_id }}/deliveryservices"
Review comment:
Hmm I'm not sure what you mean. This is [`POST /federations/{{federation_id}}/deliveryservices`](https://traffic-control-cdn.readthedocs.io/en/latest/api/v1/federations_id_deliveryservices.html#post), the Delivery Service IDs go in the POST body.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [trafficcontrol] zrhoffman commented on pull request #5685: Add a Federation to the Ansible Dataset Loader
Posted by GitBox <gi...@apache.org>.
zrhoffman commented on pull request #5685:
URL: https://github.com/apache/trafficcontrol/pull/5685#issuecomment-819017302
Rebased onto master.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [trafficcontrol] jhg03a commented on a change in pull request #5685: Add a Federation to the Ansible Dataset Loader
Posted by GitBox <gi...@apache.org>.
jhg03a commented on a change in pull request #5685:
URL: https://github.com/apache/trafficcontrol/pull/5685#discussion_r608742557
##########
File path: infrastructure/ansible/roles/dataset_loader/defaults/main.yml
##########
@@ -108,6 +108,11 @@ dl_ds_default_users:
email: userB+userA@kabletown.invalid
fullName: A local account with RO rights
role: read-only
+ - username: '{{ federation_user }}'
+ password: '{{ to_admin_user_password }}'
Review comment:
The password field here should probably just be removed since it's not one anyone should ever login with. That will default it to a random 32 character string.
##########
File path: infrastructure/ansible/roles/dataset_loader/defaults/main.yml
##########
@@ -108,6 +108,11 @@ dl_ds_default_users:
email: userB+userA@kabletown.invalid
fullName: A local account with RO rights
role: read-only
+ - username: '{{ federation_user }}'
+ password: '{{ to_admin_user_password }}'
+ email: '{{ federation_user }@kabletown.invalid'
+ fullName: A local account with admin rights
+ role: admin
Review comment:
For a federation user, is admin level permissions required?
##########
File path: infrastructure/ansible/roles/dataset_loader/defaults/main.yml
##########
@@ -4042,3 +4051,16 @@ dl_ds_default_ds_template:
longDesc: A basic HTTP routed Delivery Service with Anonymous IP Block Enabled
anonymousBlockingEnabled: true
uniqueKey: simple-http-anon-block
+
+# Federations
+dl_ds_merged_federations: "{{ dl_ds_default_federations }}"
+dl_ds_default_federations:
+ - deliveryService: simple-dns-for-federation-{{ Target_cdn_delegation | lower }}
Review comment:
The var used here appears to be `federation` not `Target_cdn_delegation`
##########
File path: infrastructure/ansible/roles/dataset_loader/tasks/federation_loader.yml
##########
@@ -0,0 +1,85 @@
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+- name: Create Federation
+ vars:
+ cdn_name_query: 'response[?xmlId == `{{ federation.deliveryService | to_json }}`].cdnName | [0]'
+ cdn_name: '{{ get_all_ds.json | json_query(cdn_name_query) }}'
+ uri:
+ url: "{{ dl_to_url }}/api/{{ dl_to_api_version }}/cdns/{{ cdn_name }}/federations"
+ method: POST
+ body: '{"cname":{{ federation.mappings.cname | to_json }},"ttl":{{ federation.mappings.ttl }}}'
Review comment:
This breaks convention of using j2 templates when bodies include int/float/bool data types. If it works, that's fine.
##########
File path: infrastructure/ansible/roles/dataset_loader/tasks/federation_loader.yml
##########
@@ -0,0 +1,85 @@
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+- name: Create Federation
+ vars:
+ cdn_name_query: 'response[?xmlId == `{{ federation.deliveryService | to_json }}`].cdnName | [0]'
+ cdn_name: '{{ get_all_ds.json | json_query(cdn_name_query) }}'
+ uri:
+ url: "{{ dl_to_url }}/api/{{ dl_to_api_version }}/cdns/{{ cdn_name }}/federations"
+ method: POST
+ body: '{"cname":{{ federation.mappings.cname | to_json }},"ttl":{{ federation.mappings.ttl }}}'
Review comment:
I don't believe it's necessary to call `to_json` on a single string variable.
##########
File path: infrastructure/ansible/roles/dataset_loader/tasks/federation_loader.yml
##########
@@ -0,0 +1,85 @@
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+- name: Create Federation
+ vars:
+ cdn_name_query: 'response[?xmlId == `{{ federation.deliveryService | to_json }}`].cdnName | [0]'
+ cdn_name: '{{ get_all_ds.json | json_query(cdn_name_query) }}'
+ uri:
+ url: "{{ dl_to_url }}/api/{{ dl_to_api_version }}/cdns/{{ cdn_name }}/federations"
+ method: POST
+ body: '{"cname":{{ federation.mappings.cname | to_json }},"ttl":{{ federation.mappings.ttl }}}'
+ register: create_federation_out
+
+- name: Get Federation ID
+ vars:
+ federation_id_query: response.id
+ set_fact:
+ federation_id: "{{ create_federation_out.json | json_query(federation_id_query) }}"
+
+- name: Assign User to Federation
+ vars:
+ federation_user_query: "response[?username == `{{ federation_user }}`].id | [0]"
+ federation_user_id: "{{ get_all_users.json | json_query(federation_user_query) }}"
+ uri:
+ url: "{{ dl_to_url }}/api/{{ dl_to_api_version }}/federations/{{ federation_id }}/users"
+ method: POST
+ body: '{"userIds":[{{ federation_user_id }}],"replace":false}'
+
+- name: Assign Delivery Service to Federation
+ vars:
+ federation_ds_id_query: 'response[?xmlId == `{{ federation.deliveryService | to_json }}`].id | [0]'
Review comment:
I think `to_json` is redundant here since it's just a simple string.
##########
File path: infrastructure/ansible/roles/dataset_loader/tasks/federation_loader.yml
##########
@@ -0,0 +1,85 @@
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+- name: Create Federation
+ vars:
+ cdn_name_query: 'response[?xmlId == `{{ federation.deliveryService | to_json }}`].cdnName | [0]'
+ cdn_name: '{{ get_all_ds.json | json_query(cdn_name_query) }}'
+ uri:
+ url: "{{ dl_to_url }}/api/{{ dl_to_api_version }}/cdns/{{ cdn_name }}/federations"
+ method: POST
+ body: '{"cname":{{ federation.mappings.cname | to_json }},"ttl":{{ federation.mappings.ttl }}}'
+ register: create_federation_out
+
+- name: Get Federation ID
+ vars:
+ federation_id_query: response.id
+ set_fact:
+ federation_id: "{{ create_federation_out.json | json_query(federation_id_query) }}"
+
+- name: Assign User to Federation
+ vars:
+ federation_user_query: "response[?username == `{{ federation_user }}`].id | [0]"
+ federation_user_id: "{{ get_all_users.json | json_query(federation_user_query) }}"
+ uri:
+ url: "{{ dl_to_url }}/api/{{ dl_to_api_version }}/federations/{{ federation_id }}/users"
+ method: POST
+ body: '{"userIds":[{{ federation_user_id }}],"replace":false}'
+
+- name: Assign Delivery Service to Federation
+ vars:
+ federation_ds_id_query: 'response[?xmlId == `{{ federation.deliveryService | to_json }}`].id | [0]'
+ federation_ds_id: "{{ get_all_ds.json | json_query(federation_ds_id_query) }}"
+ uri:
+ url: "{{ dl_to_url }}/api/{{ dl_to_api_version }}/federations/{{ federation_id }}/deliveryservices"
Review comment:
I think you meant `federation_ds_id`
##########
File path: infrastructure/ansible/roles/dataset_loader/tasks/federation_loader.yml
##########
@@ -0,0 +1,85 @@
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+- name: Create Federation
+ vars:
+ cdn_name_query: 'response[?xmlId == `{{ federation.deliveryService | to_json }}`].cdnName | [0]'
+ cdn_name: '{{ get_all_ds.json | json_query(cdn_name_query) }}'
+ uri:
+ url: "{{ dl_to_url }}/api/{{ dl_to_api_version }}/cdns/{{ cdn_name }}/federations"
+ method: POST
+ body: '{"cname":{{ federation.mappings.cname | to_json }},"ttl":{{ federation.mappings.ttl }}}'
+ register: create_federation_out
+
+- name: Get Federation ID
+ vars:
+ federation_id_query: response.id
+ set_fact:
+ federation_id: "{{ create_federation_out.json | json_query(federation_id_query) }}"
+
+- name: Assign User to Federation
+ vars:
+ federation_user_query: "response[?username == `{{ federation_user }}`].id | [0]"
+ federation_user_id: "{{ get_all_users.json | json_query(federation_user_query) }}"
+ uri:
+ url: "{{ dl_to_url }}/api/{{ dl_to_api_version }}/federations/{{ federation_id }}/users"
+ method: POST
+ body: '{"userIds":[{{ federation_user_id }}],"replace":false}'
+
+- name: Assign Delivery Service to Federation
+ vars:
+ federation_ds_id_query: 'response[?xmlId == `{{ federation.deliveryService | to_json }}`].id | [0]'
+ federation_ds_id: "{{ get_all_ds.json | json_query(federation_ds_id_query) }}"
+ uri:
+ url: "{{ dl_to_url }}/api/{{ dl_to_api_version }}/federations/{{ federation_id }}/deliveryservices"
+ method: POST
+ body: '{"dsIds":[{{ federation_ds_id }}],"replace":false}'
+
+- name: Create IPv4 Federation Resolvers
+ with_items: "{{ federation.mappings.resolve4 }}"
+ vars:
+ type_name: RESOLVE4
+ type_query: "[?name == `{{ type_name }}`].id | [0]"
Review comment:
If you only use a variable in one place with no potential to override in some way, it shouldn't exist.
##########
File path: infrastructure/ansible/roles/dataset_loader/tasks/dataset_loader.yml
##########
@@ -838,6 +844,12 @@
method: GET
register: get_all_ds
+- name: Create Federations
+ include_tasks: federation_loader.yml
+ with_items: "{{ dl_ds_merged_federations }}"
Review comment:
Instead of looping on the federations, It needs to loop on the `cdnDelegationList`.
##########
File path: infrastructure/ansible/roles/dataset_loader/defaults/main.yml
##########
@@ -108,6 +108,11 @@ dl_ds_default_users:
email: userB+userA@kabletown.invalid
fullName: A local account with RO rights
role: read-only
+ - username: '{{ federation_user }}'
Review comment:
This var needs a default value such as using something higher up like `dl_ds_default_federation_user`. That way you don't have to apply defaults on every usage.
##########
File path: infrastructure/ansible/roles/dataset_loader/tasks/federation_loader.yml
##########
@@ -0,0 +1,85 @@
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+- name: Create Federation
+ vars:
+ cdn_name_query: 'response[?xmlId == `{{ federation.deliveryService | to_json }}`].cdnName | [0]'
+ cdn_name: '{{ get_all_ds.json | json_query(cdn_name_query) }}'
+ uri:
+ url: "{{ dl_to_url }}/api/{{ dl_to_api_version }}/cdns/{{ cdn_name }}/federations"
+ method: POST
+ body: '{"cname":{{ federation.mappings.cname | to_json }},"ttl":{{ federation.mappings.ttl }}}'
+ register: create_federation_out
+
+- name: Get Federation ID
+ vars:
+ federation_id_query: response.id
+ set_fact:
+ federation_id: "{{ create_federation_out.json | json_query(federation_id_query) }}"
+
+- name: Assign User to Federation
+ vars:
+ federation_user_query: "response[?username == `{{ federation_user }}`].id | [0]"
+ federation_user_id: "{{ get_all_users.json | json_query(federation_user_query) }}"
+ uri:
+ url: "{{ dl_to_url }}/api/{{ dl_to_api_version }}/federations/{{ federation_id }}/users"
+ method: POST
+ body: '{"userIds":[{{ federation_user_id }}],"replace":false}'
+
+- name: Assign Delivery Service to Federation
+ vars:
+ federation_ds_id_query: 'response[?xmlId == `{{ federation.deliveryService | to_json }}`].id | [0]'
+ federation_ds_id: "{{ get_all_ds.json | json_query(federation_ds_id_query) }}"
+ uri:
+ url: "{{ dl_to_url }}/api/{{ dl_to_api_version }}/federations/{{ federation_id }}/deliveryservices"
+ method: POST
+ body: '{"dsIds":[{{ federation_ds_id }}],"replace":false}'
+
+- name: Create IPv4 Federation Resolvers
+ with_items: "{{ federation.mappings.resolve4 }}"
+ vars:
+ type_name: RESOLVE4
+ type_query: "[?name == `{{ type_name }}`].id | [0]"
+ resolve4_type_id: "{{ get_all_types.json.response | json_query(type_query) }}"
+ uri:
+ url: "{{ dl_to_url }}/api/{{ dl_to_api_version }}/federation_resolvers"
+ method: POST
+ body: '{"ipAddress":{{ item | to_json }},"typeId":{{ resolve4_type_id }}}'
+ register: ipv4_federation_resolver_out
+
+- name: Create IPv6 Federation Resolvers
+ with_items: "{{ federation.mappings.resolve6 }}"
+ vars:
+ type_name: RESOLVE6
+ type_query: "[?name == `{{ type_name }}`].id | [0]"
Review comment:
If you only use a variable in one place with no potential to override in some way, it shouldn't exist.
##########
File path: infrastructure/ansible/roles/dataset_loader/defaults/main.yml
##########
@@ -108,6 +108,11 @@ dl_ds_default_users:
email: userB+userA@kabletown.invalid
fullName: A local account with RO rights
role: read-only
+ - username: '{{ federation_user }}'
+ password: '{{ to_admin_user_password }}'
+ email: '{{ federation_user }@kabletown.invalid'
Review comment:
Missing curly brace
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [trafficcontrol] zrhoffman commented on a change in pull request #5685: Add a Federation to the Ansible Dataset Loader
Posted by GitBox <gi...@apache.org>.
zrhoffman commented on a change in pull request #5685:
URL: https://github.com/apache/trafficcontrol/pull/5685#discussion_r611711518
##########
File path: infrastructure/ansible/roles/dataset_loader/tasks/dataset_loader.yml
##########
@@ -838,6 +844,12 @@
method: GET
register: get_all_ds
+- name: Create Federations
+ include_tasks: federation_loader.yml
+ with_items: "{{ dl_ds_merged_federations }}"
Review comment:
Looping over `cdnDelegationList` (and over `dl_ds_merged_federations` within that) in 367df6f339.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [trafficcontrol] zrhoffman commented on a change in pull request #5685: Add a Federation to the Ansible Dataset Loader
Posted by GitBox <gi...@apache.org>.
zrhoffman commented on a change in pull request #5685:
URL: https://github.com/apache/trafficcontrol/pull/5685#discussion_r611716902
##########
File path: infrastructure/ansible/roles/dataset_loader/defaults/main.yml
##########
@@ -108,6 +108,11 @@ dl_ds_default_users:
email: userB+userA@kabletown.invalid
fullName: A local account with RO rights
role: read-only
+ - username: '{{ federation_user }}'
+ password: '{{ to_admin_user_password }}'
+ email: '{{ federation_user }@kabletown.invalid'
+ fullName: A local account with admin rights
+ role: admin
Review comment:
~Removed Federation User in f85db07bc7.~
Reverted removing the Federation user in a5c812691.
##########
File path: infrastructure/ansible/roles/dataset_loader/defaults/main.yml
##########
@@ -108,6 +108,11 @@ dl_ds_default_users:
email: userB+userA@kabletown.invalid
fullName: A local account with RO rights
role: read-only
+ - username: '{{ federation_user }}'
Review comment:
~Removed Federation User in f85db07bc7.~
Reverted removing the Federation user in a5c812691.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [trafficcontrol] zrhoffman commented on a change in pull request #5685: Add a Federation to the Ansible Dataset Loader
Posted by GitBox <gi...@apache.org>.
zrhoffman commented on a change in pull request #5685:
URL: https://github.com/apache/trafficcontrol/pull/5685#discussion_r611844739
##########
File path: infrastructure/ansible/roles/dataset_loader/defaults/main.yml
##########
@@ -108,6 +108,11 @@ dl_ds_default_users:
email: userB+userA@kabletown.invalid
fullName: A local account with RO rights
role: read-only
+ - username: '{{ federation_user }}'
+ password: '{{ to_admin_user_password }}'
+ email: '{{ federation_user }@kabletown.invalid'
+ fullName: A local account with admin rights
+ role: admin
Review comment:
Reduced to *operations*-level permissions in 9be8f022f0 and added a *TODO* to reduce to *federations*-level permissions if that role is ever added as a Traffic Ops migration.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [trafficcontrol] zrhoffman commented on a change in pull request #5685: Add a Federation to the Ansible Dataset Loader
Posted by GitBox <gi...@apache.org>.
zrhoffman commented on a change in pull request #5685:
URL: https://github.com/apache/trafficcontrol/pull/5685#discussion_r610283572
##########
File path: infrastructure/ansible/roles/dataset_loader/defaults/main.yml
##########
@@ -108,6 +108,11 @@ dl_ds_default_users:
email: userB+userA@kabletown.invalid
fullName: A local account with RO rights
role: read-only
+ - username: '{{ federation_user }}'
+ password: '{{ to_admin_user_password }}'
Review comment:
Password field removed in ebab1dd8d9.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [trafficcontrol] zrhoffman commented on a change in pull request #5685: Add a Federation to the Ansible Dataset Loader
Posted by GitBox <gi...@apache.org>.
zrhoffman commented on a change in pull request #5685:
URL: https://github.com/apache/trafficcontrol/pull/5685#discussion_r611845570
##########
File path: infrastructure/ansible/roles/dataset_loader/defaults/main.yml
##########
@@ -108,6 +108,11 @@ dl_ds_default_users:
email: userB+userA@kabletown.invalid
fullName: A local account with RO rights
role: read-only
+ - username: '{{ federation_user }}'
Review comment:
Added default value `dl_ds_default_federation_user` in 7d64fdad49.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [trafficcontrol] zrhoffman commented on a change in pull request #5685: Add a Federation to the Ansible Dataset Loader
Posted by GitBox <gi...@apache.org>.
zrhoffman commented on a change in pull request #5685:
URL: https://github.com/apache/trafficcontrol/pull/5685#discussion_r611716737
##########
File path: infrastructure/ansible/roles/dataset_loader/defaults/main.yml
##########
@@ -108,6 +108,11 @@ dl_ds_default_users:
email: userB+userA@kabletown.invalid
fullName: A local account with RO rights
role: read-only
+ - username: '{{ federation_user }}'
Review comment:
~Removed Federation User in f85db07bc7.~
Reverted removing the Federation user in a5c8126911.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [trafficcontrol] zrhoffman commented on a change in pull request #5685: Add a Federation to the Ansible Dataset Loader
Posted by GitBox <gi...@apache.org>.
zrhoffman commented on a change in pull request #5685:
URL: https://github.com/apache/trafficcontrol/pull/5685#discussion_r610285428
##########
File path: infrastructure/ansible/roles/dataset_loader/tasks/federation_loader.yml
##########
@@ -0,0 +1,85 @@
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+- name: Create Federation
+ vars:
+ cdn_name_query: 'response[?xmlId == `{{ federation.deliveryService | to_json }}`].cdnName | [0]'
+ cdn_name: '{{ get_all_ds.json | json_query(cdn_name_query) }}'
+ uri:
+ url: "{{ dl_to_url }}/api/{{ dl_to_api_version }}/cdns/{{ cdn_name }}/federations"
+ method: POST
+ body: '{"cname":{{ federation.mappings.cname | to_json }},"ttl":{{ federation.mappings.ttl }}}'
+ register: create_federation_out
+
+- name: Get Federation ID
+ vars:
+ federation_id_query: response.id
+ set_fact:
+ federation_id: "{{ create_federation_out.json | json_query(federation_id_query) }}"
+
+- name: Assign User to Federation
+ vars:
+ federation_user_query: "response[?username == `{{ federation_user }}`].id | [0]"
+ federation_user_id: "{{ get_all_users.json | json_query(federation_user_query) }}"
+ uri:
+ url: "{{ dl_to_url }}/api/{{ dl_to_api_version }}/federations/{{ federation_id }}/users"
+ method: POST
+ body: '{"userIds":[{{ federation_user_id }}],"replace":false}'
+
+- name: Assign Delivery Service to Federation
+ vars:
+ federation_ds_id_query: 'response[?xmlId == `{{ federation.deliveryService | to_json }}`].id | [0]'
Review comment:
It's not redundant, it adds quotes.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [trafficcontrol] zrhoffman commented on pull request #5685: Add a Federation to the Ansible Dataset Loader
Posted by GitBox <gi...@apache.org>.
zrhoffman commented on pull request #5685:
URL: https://github.com/apache/trafficcontrol/pull/5685#issuecomment-817875608
Rebased to resolve a merge conflict in the changelog.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [trafficcontrol] zrhoffman commented on a change in pull request #5685: Add a Federation to the Ansible Dataset Loader
Posted by GitBox <gi...@apache.org>.
zrhoffman commented on a change in pull request #5685:
URL: https://github.com/apache/trafficcontrol/pull/5685#discussion_r611716737
##########
File path: infrastructure/ansible/roles/dataset_loader/defaults/main.yml
##########
@@ -108,6 +108,11 @@ dl_ds_default_users:
email: userB+userA@kabletown.invalid
fullName: A local account with RO rights
role: read-only
+ - username: '{{ federation_user }}'
Review comment:
~Removed Federation User in f85db07bc7.~
Reverted removing the Federation User in a5c8126911.
##########
File path: infrastructure/ansible/roles/dataset_loader/defaults/main.yml
##########
@@ -108,6 +108,11 @@ dl_ds_default_users:
email: userB+userA@kabletown.invalid
fullName: A local account with RO rights
role: read-only
+ - username: '{{ federation_user }}'
+ password: '{{ to_admin_user_password }}'
+ email: '{{ federation_user }@kabletown.invalid'
+ fullName: A local account with admin rights
+ role: admin
Review comment:
~Removed Federation User in f85db07bc7.~
Reverted removing the Federation User in a5c8126911.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [trafficcontrol] zrhoffman commented on a change in pull request #5685: Add a Federation to the Ansible Dataset Loader
Posted by GitBox <gi...@apache.org>.
zrhoffman commented on a change in pull request #5685:
URL: https://github.com/apache/trafficcontrol/pull/5685#discussion_r611716737
##########
File path: infrastructure/ansible/roles/dataset_loader/defaults/main.yml
##########
@@ -108,6 +108,11 @@ dl_ds_default_users:
email: userB+userA@kabletown.invalid
fullName: A local account with RO rights
role: read-only
+ - username: '{{ federation_user }}'
Review comment:
Removed Federation User in f85db07bc7.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [trafficcontrol] zrhoffman commented on a change in pull request #5685: Add a Federation to the Ansible Dataset Loader
Posted by GitBox <gi...@apache.org>.
zrhoffman commented on a change in pull request #5685:
URL: https://github.com/apache/trafficcontrol/pull/5685#discussion_r611708901
##########
File path: infrastructure/ansible/roles/dataset_loader/tasks/federation_loader.yml
##########
@@ -0,0 +1,85 @@
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+- name: Create Federation
+ vars:
+ cdn_name_query: 'response[?xmlId == `{{ federation.deliveryService | to_json }}`].cdnName | [0]'
+ cdn_name: '{{ get_all_ds.json | json_query(cdn_name_query) }}'
+ uri:
+ url: "{{ dl_to_url }}/api/{{ dl_to_api_version }}/cdns/{{ cdn_name }}/federations"
+ method: POST
+ body: '{"cname":{{ federation.mappings.cname | to_json }},"ttl":{{ federation.mappings.ttl }}}'
+ register: create_federation_out
+
+- name: Get Federation ID
+ vars:
+ federation_id_query: response.id
+ set_fact:
+ federation_id: "{{ create_federation_out.json | json_query(federation_id_query) }}"
+
+- name: Assign User to Federation
+ vars:
+ federation_user_query: "response[?username == `{{ federation_user }}`].id | [0]"
+ federation_user_id: "{{ get_all_users.json | json_query(federation_user_query) }}"
+ uri:
+ url: "{{ dl_to_url }}/api/{{ dl_to_api_version }}/federations/{{ federation_id }}/users"
+ method: POST
+ body: '{"userIds":[{{ federation_user_id }}],"replace":false}'
+
+- name: Assign Delivery Service to Federation
+ vars:
+ federation_ds_id_query: 'response[?xmlId == `{{ federation.deliveryService | to_json }}`].id | [0]'
+ federation_ds_id: "{{ get_all_ds.json | json_query(federation_ds_id_query) }}"
+ uri:
+ url: "{{ dl_to_url }}/api/{{ dl_to_api_version }}/federations/{{ federation_id }}/deliveryservices"
+ method: POST
+ body: '{"dsIds":[{{ federation_ds_id }}],"replace":false}'
+
+- name: Create IPv4 Federation Resolvers
+ with_items: "{{ federation.mappings.resolve4 }}"
+ vars:
+ type_name: RESOLVE4
+ type_query: "[?name == `{{ type_name }}`].id | [0]"
Review comment:
Deriving the Type name from the array key when looping through Resolvers to load in bf3756021f.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [trafficcontrol] zrhoffman commented on a change in pull request #5685: Add a Federation to the Ansible Dataset Loader
Posted by GitBox <gi...@apache.org>.
zrhoffman commented on a change in pull request #5685:
URL: https://github.com/apache/trafficcontrol/pull/5685#discussion_r611994733
##########
File path: infrastructure/ansible/roles/dataset_loader/defaults/main.yml
##########
@@ -4042,3 +4050,18 @@ dl_ds_default_ds_template:
longDesc: A basic HTTP routed Delivery Service with Anonymous IP Block Enabled
anonymousBlockingEnabled: true
uniqueKey: simple-http-anon-block
+
+# Federations
+dl_ds_default_federation_user: "{{ federation_user }}"
Review comment:
`federation_user` defined in 343bcbf8ea.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [trafficcontrol] zrhoffman commented on a change in pull request #5685: Add a Federation to the Ansible Dataset Loader
Posted by GitBox <gi...@apache.org>.
zrhoffman commented on a change in pull request #5685:
URL: https://github.com/apache/trafficcontrol/pull/5685#discussion_r610285720
##########
File path: infrastructure/ansible/roles/dataset_loader/tasks/federation_loader.yml
##########
@@ -0,0 +1,85 @@
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+- name: Create Federation
+ vars:
+ cdn_name_query: 'response[?xmlId == `{{ federation.deliveryService | to_json }}`].cdnName | [0]'
+ cdn_name: '{{ get_all_ds.json | json_query(cdn_name_query) }}'
+ uri:
+ url: "{{ dl_to_url }}/api/{{ dl_to_api_version }}/cdns/{{ cdn_name }}/federations"
+ method: POST
+ body: '{"cname":{{ federation.mappings.cname | to_json }},"ttl":{{ federation.mappings.ttl }}}'
Review comment:
It adds quotes, without which TO would return a 400-level response.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org