From cd9d6fa8f9e5fce375d559b36d43577a6c5a0047 Mon Sep 17 00:00:00 2001
From: Steve Glover <steven.glover@gmail.com>
Date: Fri, 15 Mar 2019 07:27:30 +0000
Subject: [PATCH] SSL and Logging Fixed  (#69)

* Add Helm chart

* Add 'tracectx.transactionid' to logging, add support for logstash formatted (json) logging

* https://www.nomadproject.io/docs/internals/scheduling.html, add support for flat/text and logstash compatible logs files (to help with pushing logs to Elasticsearch), add persistent volume for Ansible RM, bump RM version

* Revert changes to docker compose script, tidy up config file

* Add missing PersistentVolume template, tidy up code

* Minor Readme update

* Minor values.yaml update

* NFV-2455 #37 support https

* Fix up logging import

* NFV-2455 #37 fix up Kubernetes service ports to include https

* NFV-2455 #37 remove bundled SSL certificate in favour of an SSL certificate "injected" by Kubernetes as a volume

* NFV-2455 #37 make SSL optional (default to http)

* NFV-2455 #37 change persistent volume directory names

* NFV-2455 #37 change persistent volume directory names

* Add README for Helm chart

* NFV-2455 #37 fix up SSL configuration switch (boolean handling)

* NFV-2455 #37 make http port the default, add information on how to install for https

* Minor updates: allow Kubernetes SSL Nodeport for Ansible RM to be set explicitly, bump version number to 1.3.0

* Output Ansible logs to "main" log, make SSL enabled by default when installing with Helm, mount SSL secret volume only if SSL is enabled

* Fix up version number to 1.3.2

* Fix up Docker image, update README
---
 ansible-adaptor/swagger_server/controllers/ans_handler.py | 5 +++++
 helm/osslm-ansible-resource-manager/Chart.yaml            | 4 ++--
 helm/osslm-ansible-resource-manager/README.md             | 2 +-
 .../templates/deployment.yaml                             | 2 +-
 .../osslm-ansible-resource-manager/templates/service.yaml | 3 +++
 helm/osslm-ansible-resource-manager/values.yaml           | 8 +++++---
 6 files changed, 17 insertions(+), 7 deletions(-)

diff --git a/ansible-adaptor/swagger_server/controllers/ans_handler.py b/ansible-adaptor/swagger_server/controllers/ans_handler.py
index 82191a2..a468cbe 100755
--- a/ansible-adaptor/swagger_server/controllers/ans_handler.py
+++ b/ansible-adaptor/swagger_server/controllers/ans_handler.py
@@ -310,6 +310,7 @@ def run(self):
         run an ansible playbook (sync mode) and return Results
         """
         self.logger.info('ansible playbook run started')
+        self.pbex._tqm._stdout_callback = self.callback
         self.pbex.run()
         return self.callback.properties, self.callback.is_run_ok()
 
@@ -320,10 +321,14 @@ def run_async(self):
         self.logger.info(str(self.request_id) + ': ' + 'ansible playbook run started ' + self.started_at.isoformat())
 
         self.log_request_status('IN_PROGRESS', 'running playbook', '', '')
+        self.pbex._tqm._stdout_callback = self.callback
         self.pbex.run()
         self.finished_at = datetime.now()
         self.logger.info(str(self.request_id) + ': ' + 'ansible playbook run finished ' + self.finished_at.isoformat())
 
+        self.logger.debug("Ansible facts")
+        self.logger.debug(json.dumps(self.callback.facts))
+
         if self.callback.is_run_ok():
             self.logger.info(str(self.request_id) + ': ' + 'ansible ran OK')
 
diff --git a/helm/osslm-ansible-resource-manager/Chart.yaml b/helm/osslm-ansible-resource-manager/Chart.yaml
index 707c724..d6019fb 100644
--- a/helm/osslm-ansible-resource-manager/Chart.yaml
+++ b/helm/osslm-ansible-resource-manager/Chart.yaml
@@ -1,6 +1,6 @@
 name: osslm-ansible-resource-manager
-version: 1.3.1
-appVersion: 1.3.1
+version: 1.3.2
+appVersion: 1.3.2
 apiVersion: v1
 description: A Helm chart for the osslm-ansible-resource-manager
 # maintainers:
diff --git a/helm/osslm-ansible-resource-manager/README.md b/helm/osslm-ansible-resource-manager/README.md
index 4010e61..a70d12d 100644
--- a/helm/osslm-ansible-resource-manager/README.md
+++ b/helm/osslm-ansible-resource-manager/README.md
@@ -41,7 +41,7 @@ NOTE: You can skip the need for persistent volumes by settings cassandra.persist
 Install Helm Chart
 
 ```
-helm install osslm-ansible-resource-manager-1.2.1.tgz --name osslm-ansible-rm --namespace default --values osslm-ansible-rm.values.yaml --debug
+helm install osslm-ansible-resource-manager-1.3.2.tgz --name osslm-ansible-rm --namespace default --values osslm-ansible-rm.values.yaml --debug
 #helm install osslm-ansible-resource-manager --name osslm-ansible-rm 
 ```
 
diff --git a/helm/osslm-ansible-resource-manager/templates/deployment.yaml b/helm/osslm-ansible-resource-manager/templates/deployment.yaml
index 7eef43f..a51d94c 100644
--- a/helm/osslm-ansible-resource-manager/templates/deployment.yaml
+++ b/helm/osslm-ansible-resource-manager/templates/deployment.yaml
@@ -33,7 +33,7 @@ spec:
           volumeMounts:
           - name: osslm-ansible-rm
             mountPath: /var/alm_ansible_rm
-          {{- if .Values.app.config.security.ssl.secretName }}
+          {{- if and .Values.app.config.security.ssl.enabled .Values.app.config.security.ssl.secretName }}
           - name: {{ .Values.app.config.security.ssl.secretName }}
             mountPath: /var/alm_ansible_rm/ssl
           {{- end }}
diff --git a/helm/osslm-ansible-resource-manager/templates/service.yaml b/helm/osslm-ansible-resource-manager/templates/service.yaml
index 4744396..2a05e2c 100644
--- a/helm/osslm-ansible-resource-manager/templates/service.yaml
+++ b/helm/osslm-ansible-resource-manager/templates/service.yaml
@@ -18,5 +18,8 @@ spec:
     targetPort: 8443
     protocol: TCP
     name: https
+{{- if eq .Values.service.type "NodePort" }}
+    nodePort: {{ .Values.service.sslNodePort }}
+{{- end }}
   selector:
     app: osslm-ansible-rm
\ No newline at end of file
diff --git a/helm/osslm-ansible-resource-manager/values.yaml b/helm/osslm-ansible-resource-manager/values.yaml
index 99c71fd..a4fa599 100644
--- a/helm/osslm-ansible-resource-manager/values.yaml
+++ b/helm/osslm-ansible-resource-manager/values.yaml
@@ -1,8 +1,8 @@
 ## Docker Image for the osslm-ansible-rm application
 docker:
   ## Make this the full path, including registry host and port if using one
-  image: osslm-ansible-rm
-  version: 1.2.1
+  image: accanto/osslm-ansible-rm
+  version: 1.3.2
   imagePullPolicy: IfNotPresent
 
 ## Configuration for the application deployment
@@ -59,9 +59,10 @@ app:
       # us to bundle the log message and other metadata in a json log message and let Fielbeat extract them
       # as top level fields in the Elasticsearch index.
       LOG_TYPE: logstash
-      ssl_enabled: "false"
+      ssl_enabled: "true"
     security:
       ssl:
+        enabled: true
         secretName: osslm-ansible-rm-tls
 
 persistence:
@@ -75,6 +76,7 @@ service:
   # Using NodePort allows access to the IPs through http://k8s-host:nodePort/
   type: NodePort
   nodePort: 31080
+  sslNodePort: 31081
 
 cassandra:
   enabled: false