---
|
# create codeready namespace
|
- name: create codeready namespace
|
k8s:
|
state: present
|
kind: Project
|
api_version: project.openshift.io/v1
|
definition:
|
metadata:
|
name: "codeready"
|
annotations:
|
openshift.io/description: ""
|
openshift.io/display-name: "CodeReady Project"
|
|
# deploy codeready operator
|
- name: Create operator subscription for CodeReady
|
k8s:
|
state: present
|
merge_type:
|
- strategic-merge
|
- merge
|
definition: "{{ lookup('file', item ) | from_yaml }}"
|
loop:
|
- ./files/codeready_operatorgroup.yaml
|
- ./files/codeready_subscription.yaml
|
|
# wait for CRD to be a thing
|
- name: Wait for CodeReady CRD to be ready
|
k8s_facts:
|
api_version: apiextensions.k8s.io/v1beta1
|
kind: CustomResourceDefinition
|
name: checlusters.org.eclipse.che
|
register: r_codeready_crd
|
retries: 200
|
delay: 10
|
until: r_codeready_crd.resources | list | length == 1
|
|
# deploy codeready CR
|
- name: Create CR for CodeReady
|
k8s:
|
state: present
|
merge_type:
|
- strategic-merge
|
- merge
|
definition: "{{ lookup('file', item ) | from_yaml }}"
|
loop:
|
- ./files/codeready_cr.yaml
|
|
# wait for che to be up
|
- name: wait for CRW to be running
|
uri:
|
url: http://codeready-codeready.{{ route_subdomain }}/dashboard/
|
register: result
|
until: result.status == 200
|
retries: "120"
|
delay: "15"
|
|
- name: Get codeready keycloak deployment
|
k8s_facts:
|
kind: Deployment
|
namespace: codeready
|
name: keycloak
|
register: r_keycloak_deployment
|
|
- name: show cr
|
debug:
|
msg: "existing keycloak deployment: {{ r_keycloak_deployment }}"
|
|
- name: set codeready username fact
|
set_fact:
|
codeready_sso_admin_username: "{{ r_keycloak_deployment.resources[0].spec.template.spec.containers[0].env | selectattr('name','equalto','SSO_ADMIN_USERNAME') |map (attribute='value') | list | first }}"
|
|
- name: set codeready password fact
|
set_fact:
|
codeready_sso_admin_password: "{{ r_keycloak_deployment.resources[0].spec.template.spec.containers[0].env | selectattr('name','equalto','SSO_ADMIN_PASSWORD') |map (attribute='value') | list | first }}"
|
|
- name: show codeready keycloak admin username
|
debug:
|
msg: "codeready keycloak admin username: {{ codeready_sso_admin_username }}"
|
|
- name: show codeready keycloak admin password
|
debug:
|
msg: "codeready keycloak admin password: {{ codeready_sso_admin_password }}"
|
|
- name: enable script upload
|
command: oc set env -n codeready deployment/keycloak JAVA_OPTS_APPEND="-Dkeycloak.profile.feature.scripts=enabled -Dkeycloak.profile.feature.upload_scripts=enabled"
|
|
- name: wait for keycloak to return
|
command: oc rollout -n codeready status --timeout=1m -w deployment/keycloak
|
register: cmd_res
|
retries: 120
|
delay: 10
|
until: cmd_res.rc == 0
|
|
- name: get keycloak pod
|
k8s_facts:
|
api_version: v1
|
kind: Pod
|
namespace: codeready
|
label_selectors:
|
- app = codeready
|
- component = keycloak
|
register: r_keycloak_pod
|
retries: 120
|
delay: 10
|
until: r_keycloak_pod.resources | list | length == 1
|
|
- name: Get SSO admin token
|
uri:
|
url: http://keycloak-codeready.{{ route_subdomain }}/auth/realms/master/protocol/openid-connect/token
|
method: POST
|
body:
|
username: "{{ codeready_sso_admin_username }}"
|
password: "{{ codeready_sso_admin_password }}"
|
grant_type: "password"
|
client_id: "admin-cli"
|
body_format: form-urlencoded
|
status_code: 200,201,204
|
register: sso_admin_token
|
|
- name: Import realm
|
uri:
|
url: http://keycloak-codeready.{{ route_subdomain }}/auth/admin/realms
|
method: POST
|
body_format: json
|
headers:
|
Content-Type: application/json
|
Authorization: "Bearer {{ sso_admin_token.json.access_token }}"
|
body: "{{ lookup('file', './files/quarkus-realm.json') }}"
|
## accept 409 Conflict in case realm exists
|
status_code: 200,201,204,409
|
register: result
|
retries: 120
|
delay: 10
|
until: result is succeeded
|
|
- name: create codeready users
|
include_tasks: add_che_user.yaml
|
vars:
|
user: "{{ item }}"
|
with_list: "{{ users }}"
|
|
- name: Get codeready SSO admin token
|
uri:
|
url: http://keycloak-codeready.{{ route_subdomain }}/auth/realms/master/protocol/openid-connect/token
|
method: POST
|
body:
|
username: "{{ codeready_sso_admin_username }}"
|
password: "{{ codeready_sso_admin_password }}"
|
grant_type: "password"
|
client_id: "admin-cli"
|
body_format: form-urlencoded
|
status_code: 200,201,204
|
register: codeready_sso_admin_token
|
|
- name: Increase codeready access token lifespans
|
uri:
|
url: http://keycloak-codeready.{{ route_subdomain }}/auth/admin/realms/codeready
|
method: PUT
|
headers:
|
Content-Type: application/json
|
Authorization: "Bearer {{ codeready_sso_admin_token.json.access_token }}"
|
body:
|
accessTokenLifespan: 28800
|
accessTokenLifespanForImplicitFlow: 28800
|
actionTokenGeneratedByUserLifespan: 28800
|
ssoSessionIdleTimeout: 28800
|
ssoSessionMaxLifespan: 28800
|
body_format: json
|
status_code: 204
|
|
- name: Get Codeready admin token
|
uri:
|
url: http://keycloak-codeready.{{ route_subdomain }}/auth/realms/codeready/protocol/openid-connect/token
|
method: POST
|
body:
|
username: admin
|
password: admin
|
grant_type: "password"
|
client_id: "admin-cli"
|
body_format: form-urlencoded
|
status_code: 200,201,204
|
register: che_admin_token
|
|
- name: Import stack imagestream
|
k8s:
|
state: present
|
merge_type:
|
- strategic-merge
|
- merge
|
definition: "{{ lookup('file', item ) | from_yaml }}"
|
loop:
|
- ./files/stack_imagestream.yaml
|
|
- name: wait for stack to be a thing
|
k8s_facts:
|
kind: ImageStream
|
name: quarkus-stack
|
namespace: openshift
|
register: r_stack_is
|
retries: 200
|
delay: 10
|
until: r_stack_is.resources | list | length == 1
|
|
- name: import stack image
|
shell: |
|
oc import-image --all quarkus-stack -n openshift
|
|
- name: Pre-create and warm user workspaces
|
include_tasks: create_che_workspace.yaml
|
vars:
|
user: "{{ item }}"
|
with_list: "{{ users }}"
|
|
- name: wait a minute and let the image download and be registered
|
pause:
|
minutes: 2
|
|
- name: Attempt to warm workspaces which failed to start
|
include_tasks: verify_che_workspace.yaml
|
vars:
|
user: "{{ item }}"
|
with_list: "{{ users }}"
|