Merge branch 'development' of https://github.com/sborenst/ansible_agnostic_deployer into development
3 files deleted
29 files added
45 files modified
New file |
| | |
| | | --- |
| | | # if fallback_regions is defined, detect the region |
| | | - when: fallback_regions is defined |
| | | block: |
| | | - name: fallback_regions is defined, detect region for AWS |
| | | environment: |
| | | AWS_ACCESS_KEY_ID: "{{aws_access_key_id}}" |
| | | AWS_SECRET_ACCESS_KEY: "{{aws_secret_access_key}}" |
| | | command: >- |
| | | aws cloudformation describe-stacks |
| | | --stack-name {{project_tag}} --region {{item}} |
| | | register: cloudformation_detect |
| | | with_items: "{{ [aws_region] + fallback_regions|d([]) }}" |
| | | changed_when: false |
| | | failed_when: false |
| | | |
| | | - name: Set aws_region_final |
| | | set_fact: |
| | | aws_region_final: "{{item._ansible_item_label}}" |
| | | with_items: "{{cloudformation_detect.results}}" |
| | | loop_control: |
| | | label: "{{item._ansible_item_label|d('unknown')}}" |
| | | when: item.rc == 0 |
| | | |
| | | # else just set as the provided aws_region |
| | | - name: Set aws_region_final as provided with aws_region |
| | | when: fallback_regions is not defined |
| | | set_fact: |
| | | aws_region_final: "{{aws_region}}" |
| | |
| | | - step001.1 |
| | | - deploy_infrastructure |
| | | tasks: |
| | | # for SSH first access to ec2 instances we always use the key defined in the CloudFormation |
| | | # template by the name {{key_name}} |
| | | # This variable is used when generation ssh config. |
| | | # - name: Get ssh pub key |
| | | # tags: |
| | | # - must |
| | | # set_fact: |
| | | # ssh_key: "~/.ssh/{{key_name}}.pem" |
| | | |
| | | - name: Run infra-ec2-template-generate Role |
| | | import_role: |
| | | name: "{{ ANSIBLE_REPO_PATH }}/roles/infra-ec2-template-generate" |
| | |
| | | - create_inventory |
| | | - create_ssh_config |
| | | tasks: |
| | | # Sometimes the infra step is skipped, for example when scaling up a cluster. |
| | | # when step001.1 is skipped, aws_region_final is not defined. |
| | | - when: aws_region_final is not defined |
| | | include_tasks: ec2_detect_region_tasks.yml |
| | | |
| | | - name: Run infra-ec2-create-inventory Role |
| | | import_role: |
| | | name: "{{ ANSIBLE_REPO_PATH }}/roles/infra-ec2-create-inventory" |
| | |
| | | RegionMapping: |
| | | us-east-1: |
| | | RHELAMI: ami-c998b6b2 |
| | | WIN2012R2AMI: ami-93118ee9 |
| | | WIN2012R2AMI: ami-0dcdd073eeabb0101 |
| | | us-east-2: |
| | | RHELAMI: ami-cfdafaaa |
| | | WIN2012R2AMI: ami-72745d17 |
| | |
| | | RegionMapping: |
| | | us-east-1: |
| | | RHELAMI: ami-c998b6b2 |
| | | WIN2012R2AMI: ami-93118ee9 |
| | | WIN2012R2AMI: ami-0dcdd073eeabb0101 |
| | | us-east-2: |
| | | RHELAMI: ami-cfdafaaa |
| | | WIN2012R2AMI: ami-72745d17 |
| | |
| | | RegionMapping: |
| | | us-east-1: |
| | | RHELAMI: ami-c998b6b2 |
| | | WIN2012R2AMI: ami-93118ee9 |
| | | WIN2012R2AMI: ami-0dcdd073eeabb0101 |
| | | us-east-2: |
| | | RHELAMI: ami-cfdafaaa |
| | | WIN2012R2AMI: ami-72745d17 |
| | |
| | | ec2: "t2.medium" |
| | | azure: Standard_A2_V2 |
| | | |
| | | bastion_instance_image: RHEL75 |
| | | |
| | | node_instance_type: |
| | | ec2: "t2.medium" |
| | | azure: Standard_A2_V2 |
| | | |
| | | node_instance_image: RHEL75 |
| | | |
| | | |
| | | # How many do you want for each instance type |
| | | node_instance_count: 1 |
| | | |
| | | |
| | | # Environment Instances |
| | | instances: |
| | |
| | | unique: true |
| | | public_dns: true |
| | | dns_loadbalancer: false |
| | | flavor: "{{bastion_instance_type}}" |
| | | image: "{{ bastion_instance_image }}" |
| | | flavor: |
| | | ec2: "t2.medium" |
| | | azure: Standard_A2_V2 |
| | | tags: |
| | | - key: "AnsibleGroup" |
| | | value: "bastions" |
| | |
| | | value: "linux" |
| | | - key: "instance_filter" |
| | | value: "{{ env_type }}-{{ email }}" |
| | | rootfs_size: 20 |
| | | volumes: |
| | | - name: '/dev/sda1' |
| | | size: 20 |
| | | security_groups: |
| | | - "BastionSG" |
| | | |
| | | - name: "node" |
| | | count: "{{node_instance_count}}" |
| | | public_dns: true |
| | | dns_loadbalancer: false |
| | | flavor: "{{bastion_instance_type}}" |
| | | image: "{{ node_instance_image }}" |
| | | flavor: |
| | | ec2: "t2.medium" |
| | | azure: Standard_A2_V2 |
| | | tags: |
| | | - key: "AnsibleGroup" |
| | | value: "nodes" |
| | |
| | | [3tierapp:vars] |
| | | |
| | | [all:vars] |
| | | ########################################################################### |
| | | ### Ansible Vars |
| | | ########################################################################### |
| | |
| | | ansible_ssh_user={{remote_user}} |
| | | ansible_ssh_private_key_file="~/.ssh/{{guid}}key.pem" |
| | | ansible_ssh_common_args="-o StrictHostKeyChecking=no" |
| | | [3tierapp:children] |
| | | frontends |
| | | apps |
| | | appdbs |
| | | support |
| | | |
| | | |
| | | [frontends] |
| | | [nodes] |
| | | ## These are the frontends |
| | | {% for host in groups['frontends'] %} |
| | | frontend{{loop.index}}.{{chomped_zone_internal_dns}} ansible_ssh_host=frontend{{loop.index}}.{{subdomain_base}} |
| | | {% endfor %} |
| | | |
| | | [apps] |
| | | ## These are the apps |
| | | {% for host in groups['apps'] %} |
| | | app{{loop.index}}.{{chomped_zone_internal_dns}} ansible_ssh_host=app{{loop.index}}.{{subdomain_base}} |
| | | {% endfor %} |
| | | |
| | | [appdbs] |
| | | ## These are the appdbs |
| | | {% for host in groups['appdbs'] %} |
| | | appdb{{loop.index}}.{{chomped_zone_internal_dns}} ansible_ssh_host=appdb{{loop.index}}.{{subdomain_base}} |
| | | {% endfor %} |
| | | |
| | | ## These are the support |
| | | [support] |
| | | {% for host in groups['support'] %} |
| | | support{{loop.index}}.{{chomped_zone_internal_dns}} ansible_ssh_host=support{{loop.index}}.{{subdomain_base}} |
| | | {% for host in groups['nodes']|d([]) %} |
| | | node{{loop.index}}.{{chomped_zone_internal_dns}} ansible_ssh_host=frontend{{loop.index}}.{{subdomain_base}} |
| | | {% endfor %} |
| | |
| | | tags: |
| | | - common_tasks |
| | | roles: |
| | | - { role: "{{ ANSIBLE_REPO_PATH }}/roles/set-repositories", when: 'repo_method is defined' } |
| | | - { role: "{{ ANSIBLE_REPO_PATH }}/roles/common", when: 'install_common' } |
| | | - { role: "{{ ANSIBLE_REPO_PATH }}/roles/set_env_authorized_key", when: 'set_env_authorized_key' } |
| | | - role: "{{ ANSIBLE_REPO_PATH }}/roles/set-repositories" |
| | | when: repo_method is defined |
| | | |
| | | - role: "{{ ANSIBLE_REPO_PATH }}/roles/common" |
| | | when: install_common | bool |
| | | |
| | | - role: "{{ ANSIBLE_REPO_PATH }}/roles/set_env_authorized_key" |
| | | when: set_env_authorized_key | bool |
| | | |
| | | - name: Configuring Bastion Hosts |
| | | hosts: |
| | |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_secret_vars.yml" |
| | | roles: |
| | | - { role: "{{ ANSIBLE_REPO_PATH }}/roles/bastion", when: 'install_bastion' } |
| | | - { role: "{{ ANSIBLE_REPO_PATH }}/roles/bastion-opentlc-ipa", when: 'install_ipa_client' } |
| | | - { role: "{{ ANSIBLE_REPO_PATH }}/roles/bastion-student-user", when: 'install_student_user' } |
| | | - { role: "{{ ANSIBLE_REPO_PATH }}/roles/bastion-opentlc-ipa", when: 'install_ipa_client' } |
| | | tags: |
| | | - step004 |
| | | - bastion_tasks |
| | |
| | | ###### OR PASS as "-e" args to ansible-playbook command |
| | | |
| | | ### Common Host settings |
| | | repo_version: "3.10" |
| | | repo_version: "3.11" |
| | | repo_method: file # Other Options are: file, satellite and rhn |
| | | |
| | | #If using repo_method: satellite, you must set these values as well. |
| | |
| | | install_ipa_client: false |
| | | install_lets_encrypt_certificates: false |
| | | install_openwhisk: false |
| | | install_metrics: true |
| | | install_logging: true |
| | | install_metrics: false |
| | | install_logging: false |
| | | install_aws_broker: false |
| | | |
| | | glusterfs_device_name: /dev/xvdc |
| | |
| | | cloudapps_suffix: 'apps.{{subdomain_base}}' |
| | | ## TODO: This should be registered as a variable. Awk for os verions (OCP). |
| | | ## yum info openshift... |
| | | osrelease: "3.10.14" |
| | | installer_release: "3.10.21" |
| | | osrelease: "3.11.16" |
| | | installer_release: "3.11.16" |
| | | openshift_master_overwrite_named_certificates: true |
| | | timeout: 60 |
| | | |
| | |
| | | #user_vols_size: 10Gi |
| | | |
| | | cache_images: |
| | | - "registry.access.redhat.com/jboss-eap-7/eap70-openshift:latest" |
| | | - "registry.access.redhat.com/openshift3/jenkins-2-rhel7:v{{ repo_version }}" |
| | | - "registry.access.redhat.com/openshift3/jenkins-slave-maven-rhel7:v{{ repo_version }}" |
| | | - "docker.io/caffe2ai/caffe2:latest" |
| | | - "docker.io/mirrorgooglecontainers/cuda-vector-add:v0.1" |
| | | |
| | | ### CLOUDFORMATIONS vars |
| | | |
| | |
| | | Mappings: |
| | | RegionMapping: |
| | | us-east-1: |
| | | RHELAMI: ami-0d70a070 |
| | | RHELAMI: ami-06fd194eff2ab1451 |
| | | DNSMapping: |
| | | us-east-1: |
| | | domain: "us-east-1.compute.internal" |
New file |
| | |
| | | # |
| | | # /etc/ansible/hosts file for OpenShift Container Platform 3.11.16 |
| | | # |
| | | |
| | | [OSEv3:vars] |
| | | |
| | | ########################################################################### |
| | | ### Ansible Vars |
| | | ########################################################################### |
| | | timeout=60 |
| | | ansible_user={{ansible_ssh_user}} |
| | | ansible_become=yes |
| | | log_path=/root |
| | | |
| | | ########################################################################### |
| | | ### OpenShift Basic Vars |
| | | ########################################################################### |
| | | |
| | | openshift_deployment_type=openshift-enterprise |
| | | |
| | | openshift_disable_check="disk_availability,memory_availability,docker_image_availability" |
| | | |
| | | openshift_image_tag=v{{ osrelease }} |
| | | openshift_pgk_version=v{{ osrelease }} |
| | | openshift_release={{ osrelease }} |
| | | |
| | | {% if container_runtime == "cri-o" %} |
| | | openshift_use_crio=True |
| | | openshift_crio_enable_docker_gc=True |
| | | openshift_crio_docker_gc_node_selector={'runtime': 'cri-o'} |
| | | {% endif %} |
| | | |
| | | openshift_node_groups=[{'name': 'node-config-all-in-one', 'labels': ['node-role.kubernetes.io/master=true', 'node-role.kubernetes.io/infra=true', 'node-role.kubernetes.io/compute=true']}] |
| | | |
| | | # Configure logrotate scripts |
| | | # See: https://github.com/nickhammond/ansible-logrotate |
| | | logrotate_scripts=[{"name": "syslog", "path": "/var/log/cron\n/var/log/maillog\n/var/log/messages\n/var/log/secure\n/var/log/spooler\n", "options": ["daily", "rotate 7","size 500M", "compress", "sharedscripts", "missingok"], "scripts": {"postrotate": "/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true"}}] |
| | | |
| | | # Deploy Operator Lifecycle Management Tech Preview |
| | | openshift_enable_olm=false |
| | | ########################################################################## |
| | | ### OpenShift Registries Locations |
| | | ########################################################################### |
| | | |
| | | oreg_url=registry.redhat.io/openshift3/ose-${component}:${version} |
| | | oreg_auth_user={{ redhat_registry_user }} |
| | | oreg_auth_password={{ redhat_registry_password }} |
| | | |
| | | # For Operator Framework Images |
| | | openshift_additional_registry_credentials=[{'host':'registry.connect.redhat.com','user':'{{ redhat_registry_user}}','password':'{{ redhat_registry_password }}','test_image':'mongodb/enterprise-operator:0.3.2'}] |
| | | |
| | | openshift_examples_modify_imagestreams=true |
| | | |
| | | #{% if install_glusterfs|bool %} |
| | | ############################################################################ |
| | | #### OpenShift Container Storage |
| | | ############################################################################ |
| | | # |
| | | #openshift_master_dynamic_provisioning_enabled=false |
| | | # |
| | | ## CNS storage cluster |
| | | ## From https://github.com/red-hat-storage/openshift-cic |
| | | #openshift_storage_glusterfs_namespace=openshift-storage |
| | | #openshift_storage_glusterfs_storageclass=true |
| | | #openshift_storage_glusterfs_storageclass_default=true |
| | | # |
| | | #openshift_storage_glusterfs_block_deploy=true |
| | | #openshift_storage_glusterfs_block_host_vol_create=true |
| | | #openshift_storage_glusterfs_block_host_vol_size=200 |
| | | #openshift_storage_glusterfs_block_storageclass=true |
| | | #openshift_storage_glusterfs_block_storageclass_default=false |
| | | # |
| | | ## Container image to use for glusterfs pods |
| | | #openshift_storage_glusterfs_image="registry.access.redhat.com/rhgs3/rhgs-server-rhel7:{{ glusterfs_image_tag }}" |
| | | # |
| | | ## Container image to use for glusterblock-provisioner pod |
| | | #openshift_storage_glusterfs_block_image="registry.access.redhat.com/rhgs3/rhgs-gluster-block-prov-rhel7:{{ glusterfs_image_tag }}" |
| | | # |
| | | ## Container image to use for heketi pods |
| | | #openshift_storage_glusterfs_heketi_image="registry.access.redhat.com/rhgs3/rhgs-volmanager-rhel7:{{ glusterfs_image_tag }}" |
| | | #{% endif %} |
| | | |
| | | #{% if install_nfs|bool %} |
| | | ## Set this line to enable NFS |
| | | #openshift_enable_unsupported_configurations=True |
| | | #{% endif %} |
| | | |
| | | ########################################################################### |
| | | ### OpenShift Cockpit Vars |
| | | ########################################################################### |
| | | |
| | | # Enable cockpit |
| | | osm_use_cockpit=false |
| | | osm_cockpit_plugins=['cockpit-kubernetes'] |
| | | |
| | | ########################################################################### |
| | | ### OpenShift Master Vars |
| | | ########################################################################### |
| | | |
| | | openshift_master_api_port={{master_api_port}} |
| | | openshift_master_console_port={{master_api_port}} |
| | | |
| | | openshift_master_cluster_method=native |
| | | openshift_master_cluster_hostname={{master_lb_dns}} |
| | | openshift_master_cluster_public_hostname={{master_lb_dns}} |
| | | openshift_master_default_subdomain={{cloudapps_suffix}} |
| | | openshift_master_overwrite_named_certificates={{openshift_master_overwrite_named_certificates}} |
| | | |
| | | {% if install_lets_encrypt_certificates|bool %} |
| | | openshift_master_named_certificates={{lets_encrypt_openshift_master_named_certificates|to_json}} |
| | | {% endif %} |
| | | |
| | | openshift_set_hostname=True |
| | | openshift_clock_enabled=True |
| | | |
| | | ########################################################################### |
| | | ### OpenShift Network Vars |
| | | ########################################################################### |
| | | |
| | | osm_cluster_network_cidr=10.1.0.0/16 |
| | | openshift_portal_net=172.30.0.0/16 |
| | | |
| | | #os_sdn_network_plugin_name='redhat/openshift-ovs-multitenant' |
| | | {{multi_tenant_setting}} |
| | | |
| | | ########################################################################### |
| | | ### OpenShift Authentication Vars |
| | | ########################################################################### |
| | | |
| | | {% if install_idm == "ldap" or 'ldap' in install_idms|d([]) %} |
| | | {{openshift_master_ldap_ca_file}} |
| | | {% endif %} |
| | | |
| | | {% if install_idm == "htpasswd" or 'htpasswd' in install_idms|d([]) %} |
| | | openshift_master_htpasswd_file=/root/htpasswd.openshift |
| | | {% endif %} |
| | | |
| | | openshift_master_identity_providers={{identity_providers|to_json}} |
| | | |
| | | {% if admission_plugin_config is defined %} |
| | | ########################################################################### |
| | | ### OpenShift admission plugin config |
| | | ########################################################################### |
| | | |
| | | openshift_master_admission_plugin_config={{admission_plugin_config|to_json}} |
| | | {% endif %} |
| | | |
| | | ########################################################################### |
| | | ### OpenShift Metrics and Logging Vars |
| | | ########################################################################### |
| | | |
| | | #################### |
| | | # Prometheus Metrics |
| | | #################### |
| | | |
| | | openshift_cluster_monitoring_operator_install=false |
| | | |
| | | ################# |
| | | # Cluster metrics |
| | | ################# |
| | | openshift_metrics_install_metrics={{install_metrics}} |
| | | |
| | | ################# |
| | | # Cluster logging |
| | | ################# |
| | | openshift_logging_install_logging={{ install_logging }} |
| | | openshift_logging_install_eventrouter={{ install_logging }} |
| | | |
| | | ########################################################################### |
| | | ### OpenShift Router and Registry Vars |
| | | ########################################################################### |
| | | |
| | | #openshift_hosted_router_replicas={{infranode_instance_count}} |
| | | |
| | | {% if install_lets_encrypt_certificates|bool %} |
| | | openshift_hosted_router_certificate={{lets_encrypt_openshift_hosted_router_certificate|to_json}} |
| | | {% endif %} |
| | | |
| | | {% if s3user_access_key is defined %} |
| | | # Registry AWS S3 |
| | | # S3 bucket must already exist. |
| | | openshift_hosted_registry_storage_kind=object |
| | | openshift_hosted_registry_storage_provider=s3 |
| | | openshift_hosted_registry_storage_s3_accesskey={{ s3user_access_key }} |
| | | openshift_hosted_registry_storage_s3_secretkey={{ s3user_secret_access_key }} |
| | | openshift_hosted_registry_storage_s3_bucket={{ project_tag }} |
| | | openshift_hosted_registry_storage_s3_region={{ aws_region_final|d(aws_region) }} |
| | | openshift_hosted_registry_storage_s3_chunksize=26214400 |
| | | openshift_hosted_registry_storage_s3_rootdirectory=/registry |
| | | {% endif %} |
| | | openshift_hosted_registry_replicas=1 |
| | | openshift_hosted_registry_pullthrough=true |
| | | openshift_hosted_registry_acceptschema2=true |
| | | openshift_hosted_registry_enforcequota=true |
| | | |
| | | ########################################################################### |
| | | ### OpenShift Service Catalog Vars |
| | | ########################################################################### |
| | | |
| | | openshift_enable_service_catalog=false |
| | | |
| | | template_service_broker_install=false |
| | | openshift_template_service_broker_namespaces=['openshift'] |
| | | |
| | | ansible_service_broker_install=false |
| | | ansible_service_broker_local_registry_whitelist=['.*-apb$'] |
| | | |
| | | ########################################################################### |
| | | ### OpenShift Hosts |
| | | ########################################################################### |
| | | [OSEv3:children] |
| | | masters |
| | | etcd |
| | | nodes |
| | | |
| | | [masters] |
| | | {% for host in groups['bastions'] %} |
| | | {{ hostvars[host].internaldns }} |
| | | {% endfor %} |
| | | |
| | | [etcd] |
| | | {% for host in groups['bastions'] %} |
| | | {{ hostvars[host].internaldns }} |
| | | {% endfor %} |
| | | |
| | | [nodes] |
| | | ## These are the masters |
| | | {% for host in groups['bastions'] %} |
| | | {{ hostvars[host].internaldns }} host_zone={{hostvars[host]['placement']}} openshift_hostname={{ hostvars[host].internaldns }} openshift_node_group_name="node-config-all-in-one" |
| | | {% endfor %} |
| | |
| | | |
| | | {% if osrelease is version_compare('3.9', '>=') %} |
| | | ## Required since OCP 3.9 |
| | | [rhel-7-server-ansible-2.4-rpms] |
| | | [rhel-7-server-ansible-2.6-rpms] |
| | | name=Red Hat Enterprise Linux Ansible (RPMs) |
| | | baseurl={{own_repo_path}}/rhel-7-server-ansible-2.4-rpms |
| | | baseurl={{own_repo_path}}/rhel-7-server-ansible-2.6-rpms |
| | | enabled=1 |
| | | gpgcheck=0 |
| | | {% endif %} |
| | |
| | | - step005.1 |
| | | - gpu_install_config |
| | | tasks: |
| | | - name: pre-pull relevant images |
| | | command: docker pull {{ item }} |
| | | with_items: |
| | | - "{{ cache_images }}" |
| | | |
| | | - name: clone the psap repository onto the bastion |
| | | git: |
| | | repo: 'https://github.com/thoraxe/openshift-psap.git' |
| | | dest: '/root/openshift-psap' |
| | | version: 'ocp-310-0.6' |
| | | version: 'ocp-311-0.7' |
| | | force: yes |
| | | update: yes |
| | | |
| | |
| | | tasks: |
| | | # if we do something multi-node this will have to change to look for the total number of gpu nodes |
| | | - name: Check that the daemonset is ready |
| | | command: oc get daemonset -n nvidia-device-plugin nvidia-deviceplugin-daemonset -o jsonpath --template='{.status.numberReady}' |
| | | command: oc get daemonset -n kube-system nvidia-deviceplugin-daemonset -o jsonpath --template='{.status.numberReady}' |
| | | register: daemonset_ready_out |
| | | until: 'daemonset_ready_out.stdout | int >= 1' |
| | | retries: 5 |
| | |
| | | user_vols: 200 |
| | | user_vols_size: 4Gi |
| | | master_api_port: 443 |
| | | osrelease: 3.9.30 |
| | | osrelease: 3.11.16 |
| | | openshift_master_overwrite_named_certificates: true |
| | | deploy_openshift: true |
| | | deploy_openshift_post: true |
| | | deploy_env_post: true |
| | | install_metrics: true |
| | | install_logging: true |
| | | ovs_plugin: "subnet" # This can also be set to: "multitenant" |
| | | ovs_plugin: "networkpolicy" # This can also be set to: "multitenant" |
| | | multi_tenant_setting: "os_sdn_network_plugin_name='redhat/openshift-ovs-{{ovs_plugin}}'" |
| | | master_lb_dns: "loadbalancer1.{{subdomain_base}}" |
| | | cloudapps_suffix: 'apps.{{subdomain_base}}' |
| | |
| | | #### OCP IMPLEMENATATION LAB |
| | | ################################################################################ |
| | | |
| | | repo_version: '3.9' |
| | | repo_version: '3.11' |
| | | cloudapps_dns: '*.apps.{{subdomain_base}}.' |
| | | master_public_dns: "loadbalancer.{{subdomain_base}}." |
| | | |
| | | install_ansible_version: "{{ '2.4' if repo_version is version_compare('3.11', '<') else '2.6' }}" |
| | | |
| | | ################################################################################ |
| | | #### Common host variables |
| | |
| | | - rhel-7-server-rpms |
| | | - rhel-7-server-extras-rpms |
| | | - rhel-7-server-ose-{{repo_version}}-rpms |
| | | - rhel-7-server-ansible--{{install_ansible_version}}-rpms |
| | | |
| | | use_subscription_manager: false |
| | | use_own_repos: true |
| | |
| | | - name: MoshPublic |
| | | description: "Public Mosh Access for bastions" |
| | | from_port: 60000 |
| | | to_port: 60001 |
| | | to_port: 61000 |
| | | protocol: udp |
| | | cidr: "0.0.0.0/0" |
| | | rule_type: Ingress |
| | |
| | | {% else %} |
| | | RHELAMI: ami-a789ffcb |
| | | {% endif %} |
| | | |
| | | DNSMapping: |
| | | us-east-1: |
| | | domain: "us-east-1.compute.internal" |
| | |
| | | Vpc: |
| | | Type: "AWS::EC2::VPC" |
| | | Properties: |
| | | CidrBlock: "{{vpcid_cidr_block}}" |
| | | CidrBlock: "192.199.0.0/16" |
| | | EnableDnsSupport: true |
| | | EnableDnsHostnames: true |
| | | Tags: |
| | |
| | | RouteTableId: |
| | | Ref: VpcRouteTable |
| | | |
| | | {% for subnet in subnets %} |
| | | {{subnet['name']}}: |
| | | PublicSubnet: |
| | | Type: "AWS::EC2::Subnet" |
| | | DependsOn: |
| | | - Vpc |
| | | Properties: |
| | | CidrBlock: "{{subnet['cidr']}}" |
| | | CidrBlock: "192.199.0.0/24" |
| | | Tags: |
| | | - Key: Name |
| | | Value: "{{project_tag}}" |
| | | - Key: Hostlication |
| | | Value: |
| | | Ref: "AWS::StackId" |
| | | MapPublicIpOnLaunch: true |
| | | VpcId: |
| | | Ref: Vpc |
| | | {% endfor %} |
| | | |
| | | PublicSubnetRTA: |
| | | Type: "AWS::EC2::SubnetRouteTableAssociation" |
| | |
| | | SubnetId: |
| | | Ref: PublicSubnet |
| | | |
| | | {% for security_group in security_groups %} |
| | | {{security_group['name']}}: |
| | | HostSG: |
| | | Type: "AWS::EC2::SecurityGroup" |
| | | Properties: |
| | | GroupDescription: Host |
| | |
| | | Ref: Vpc |
| | | Tags: |
| | | - Key: Name |
| | | Value: "{{security_group['name']}}" |
| | | {% endfor %} |
| | | Value: host_sg |
| | | |
| | | |
| | | {% for security_group in security_groups %} |
| | | {% for rule in security_group['rules'] %} |
| | | {{security_group['name']}}{{rule['name']}}: |
| | | Type: "AWS::EC2::SecurityGroup{{rule['rule_type']}}" |
| | | HostUDPPorts: |
| | | Type: "AWS::EC2::SecurityGroupIngress" |
| | | Properties: |
| | | GroupId: |
| | | Fn::GetAtt: |
| | | - "{{security_group['name']}}" |
| | | - GroupId |
| | | IpProtocol: {{rule['protocol']}} |
| | | FromPort: {{rule['from_port']}} |
| | | ToPort: {{rule['to_port']}} |
| | | {% if rule['cidr'] is defined %} |
| | | CidrIp: "{{rule['cidr']}}" |
| | | {% endif %} |
| | | {% if rule['from_group'] is defined %} |
| | | SourceSecurityGroupId: |
| | | Fn::GetAtt: |
| | | - "{{rule['from_group']}}" |
| | | - GroupId |
| | | {% endif %} |
| | | {% endfor %} |
| | | {% endfor %} |
| | | GroupId: |
| | | Fn::GetAtt: |
| | | - HostSG |
| | | - GroupId |
| | | IpProtocol: udp |
| | | FromPort: 0 |
| | | ToPort: 65535 |
| | | CidrIp: "0.0.0.0/0" |
| | | |
| | | HostTCPPorts: |
| | | Type: "AWS::EC2::SecurityGroupIngress" |
| | | Properties: |
| | | GroupId: |
| | | Fn::GetAtt: |
| | | - HostSG |
| | | - GroupId |
| | | IpProtocol: tcp |
| | | FromPort: 0 |
| | | ToPort: 65535 |
| | | CidrIp: "0.0.0.0/0" |
| | | |
| | | zoneinternalidns: |
| | | Type: "AWS::Route53::HostedZone" |
| | |
| | | CloudDNS: |
| | | Type: AWS::Route53::RecordSetGroup |
| | | DependsOn: |
| | | {% for c in range(1,(loadbalancer_instance_count|int)+1) %} |
| | | - "loadbalancer{{loop.index}}EIP" |
| | | {% for c in range(1,(infranode_instance_count|int)+1) %} |
| | | - "infranode{{loop.index}}EIP" |
| | | {% endfor %} |
| | | Properties: |
| | | HostedZoneId: "{{HostedZoneId}}" |
| | |
| | | Type: A |
| | | TTL: 900 |
| | | ResourceRecords: |
| | | {% for c in range(1,(loadbalancer_instance_count|int)+1) %} |
| | | {% for c in range(1,(infranode_instance_count|int)+1) %} |
| | | - Fn::GetAtt: |
| | | - loadbalancer{{loop.index}} |
| | | - infranode{{loop.index}} |
| | | - PublicIp |
| | | {% endfor %} |
| | | |
| | |
| | | {% endif %} |
| | | SecurityGroupIds: |
| | | - "Fn::GetAtt": |
| | | - {{instance['security_group']}} |
| | | - HostSG |
| | | - GroupId |
| | | SubnetId: |
| | | Ref: {{instance['subnet']}} |
| | | Ref: PublicSubnet |
| | | Tags: |
| | | {% if instance['unique'] | d(false) | bool %} |
| | | - Key: Name |
New file |
| | |
| | | # |
| | | # ansible inventory for OpenShift Container Platform 3.11.16 |
| | | # AgnosticD ansible-config: ocp-ha-lab |
| | | |
| | | [OSEv3:vars] |
| | | |
| | | ########################################################################### |
| | | ### Ansible Vars |
| | | ########################################################################### |
| | | timeout=60 |
| | | ansible_user={{ansible_ssh_user}} |
| | | ansible_become=yes |
| | | |
| | | ########################################################################### |
| | | ### OpenShift Basic Vars |
| | | ########################################################################### |
| | | |
| | | openshift_deployment_type=openshift-enterprise |
| | | |
| | | openshift_disable_check="disk_availability,memory_availability,docker_image_availability" |
| | | |
| | | # OpenShift Version: |
| | | # If you modify the openshift_image_tag or the openshift_pkg_version variables after the cluster is set up, then an upgrade can be triggered, resulting in downtime. |
| | | # If openshift_image_tag is set, its value is used for all hosts in system container environments, even those that have another version installed. If |
| | | # Use this variable to specify a container image tag to install or configure. |
| | | #openshift_pkg_version is set, its value is used for all hosts in RPM-based environments, even those that have another version installed. |
| | | openshift_image_tag=v{{ osrelease }} |
| | | # Use this variable to specify an RPM version to install or configure. |
| | | openshift_pkg_version=-{{ osrelease }} |
| | | openshift_release={{ osrelease }} |
| | | |
| | | {% if container_runtime == "cri-o" %} |
| | | openshift_use_crio=True |
| | | openshift_crio_enable_docker_gc=True |
| | | openshift_crio_docker_gc_node_selector={'runtime': 'cri-o'} |
| | | {% endif %} |
| | | |
| | | # Node Groups |
| | | openshift_node_groups=[{'name': 'node-config-master', 'labels': ['node-role.kubernetes.io/master=true','runtime={{container_runtime}}']}, {'name': 'node-config-infra', 'labels': ['node-role.kubernetes.io/infra=true','runtime={{container_runtime}}']}, {'name': 'node-config-compute', 'labels': ['node-role.kubernetes.io/compute=true','runtime={{container_runtime}}'], 'edits': [{ 'key': 'kubeletArguments.pods-per-core','value': ['20']}]}] |
| | | # Configure node kubelet arguments. pods-per-core is valid in OpenShift Origin 1.3 or OpenShift Container Platform 3.3 and later. -> These need to go into the above |
| | | # openshift_node_kubelet_args={'pods-per-core': ['10'], 'max-pods': ['250'], 'image-gc-high-threshold': ['85'], 'image-gc-low-threshold': ['75']} |
| | | |
| | | # Configure logrotate scripts |
| | | # See: https://github.com/nickhammond/ansible-logrotate |
| | | logrotate_scripts=[{"name": "syslog", "path": "/var/log/cron\n/var/log/maillog\n/var/log/messages\n/var/log/secure\n/var/log/spooler\n", "options": ["daily", "rotate 7","size 500M", "compress", "sharedscripts", "missingok"], "scripts": {"postrotate": "/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true"}}] |
| | | |
| | | # Deploy Operator Lifecycle Manager Tech Preview |
| | | openshift_enable_olm=true |
| | | |
| | | ########################################################################### |
| | | ### OpenShift Registries Locations |
| | | ########################################################################### |
| | | |
| | | #oreg_url=registry.access.redhat.com/openshift3/ose-${component}:${version} |
| | | oreg_url=isolated1.{{ guid }}.internal:5000/openshift3/ose-${component}:${version} |
| | | #oreg_auth_user={{ redhat_registry_user }} |
| | | #oreg_auth_password={{ redhat_registry_password }} |
| | | |
| | | openshift_docker_insecure_registries=isolated1.{{ guid }}.internal:5000 |
| | | |
| | | # For Operator Framework Images |
| | | openshift_additional_registry_credentials=[{'host':'registry.connect.redhat.com','user':'{{ redhat_registry_user }}','password':'{{ redhat_registry_password }}','test_image':'mongodb/enterprise-operator:0.3.2'}] |
| | | |
| | | openshift_examples_modify_imagestreams=true |
| | | |
| | | {% if install_glusterfs|bool %} |
| | | ########################################################################### |
| | | ### OpenShift Container Storage |
| | | ########################################################################### |
| | | |
| | | openshift_master_dynamic_provisioning_enabled=True |
| | | |
| | | # CNS storage cluster |
| | | # From https://github.com/red-hat-storage/openshift-cic |
| | | openshift_storage_glusterfs_namespace=openshift-storage |
| | | openshift_storage_glusterfs_storageclass=true |
| | | openshift_storage_glusterfs_storageclass_default=false |
| | | |
| | | openshift_storage_glusterfs_block_deploy=true |
| | | openshift_storage_glusterfs_block_host_vol_create=true |
| | | openshift_storage_glusterfs_block_host_vol_size=200 |
| | | openshift_storage_glusterfs_block_storageclass=true |
| | | openshift_storage_glusterfs_block_storageclass_default=true |
| | | |
| | | # Container image to use for glusterfs pods |
| | | openshift_storage_glusterfs_image="registry.access.redhat.com/rhgs3/rhgs-server-rhel7:{{ glusterfs_image_tag }}" |
| | | |
| | | # Container image to use for glusterblock-provisioner pod |
| | | openshift_storage_glusterfs_block_image="registry.access.redhat.com/rhgs3/rhgs-gluster-block-prov-rhel7:{{ glusterfs_image_tag }}" |
| | | |
| | | # Container image to use for heketi pods |
| | | openshift_storage_glusterfs_heketi_image="registry.access.redhat.com/rhgs3/rhgs-volmanager-rhel7:{{ glusterfs_image_tag }}" |
| | | |
| | | # GlusterFS version |
| | | # Knowledgebase |
| | | # https://access.redhat.com/solutions/3617551 |
| | | # Bugzilla |
| | | # https://bugzilla.redhat.com/show_bug.cgi?id=163.1057 |
| | | # Complete OpenShift GlusterFS Configuration README |
| | | # https://github.com/openshift/openshift-ansible/tree/master/roles/openshift_storage_glusterfs |
| | | openshift_storage_glusterfs_version=v3.10 |
| | | openshift_storage_glusterfs_block_version=v3.10 |
| | | openshift_storage_glusterfs_s3_version=v3.10 |
| | | openshift_storage_glusterfs_heketi_version=v3.10 |
| | | # openshift_storage_glusterfs_registry_version=v3.10 |
| | | # openshift_storage_glusterfs_registry_block_version=v3.10 |
| | | # openshift_storage_glusterfs_registry_s3_version=v3.10 |
| | | # openshift_storage_glusterfs_registry_heketi_version=v3.10 |
| | | {% endif %} |
| | | |
| | | {% if install_nfs|bool %} |
| | | # Set this line to enable NFS |
| | | openshift_enable_unsupported_configurations=True |
| | | {% endif %} |
| | | |
| | | ########################################################################### |
| | | ### OpenShift Master Vars |
| | | ########################################################################### |
| | | |
| | | openshift_master_api_port={{master_api_port}} |
| | | openshift_master_console_port={{master_api_port}} |
| | | |
| | | #Default: openshift_master_cluster_method=native |
| | | openshift_master_cluster_hostname=loadbalancer1.{{guid}}.internal |
| | | openshift_master_cluster_public_hostname={{master_lb_dns}} |
| | | openshift_master_default_subdomain={{cloudapps_suffix}} |
| | | #openshift_master_ca_certificate={'certfile': '/root/intermediate_ca.crt', 'keyfile': '/root/intermediate_ca.key'} |
| | | openshift_master_overwrite_named_certificates={{openshift_master_overwrite_named_certificates}} |
| | | |
| | | # Audit log |
| | | # openshift_master_audit_config={"enabled": true, "auditFilePath": "/var/log/openpaas-oscp-audit/openpaas-oscp-audit.log", "maximumFileRetentionDays": 14, "maximumFileSizeMegabytes": 500, "maximumRetainedFiles": 5} |
| | | |
| | | # ocp-ha-lab |
| | | # AWS Autoscaler |
| | | #openshift_master_bootstrap_auto_approve=false |
| | | # This variable is a cluster identifier unique to the AWS Availability Zone. Using this avoids potential issues in Amazon Web Services (AWS) with multiple zones or multiple clusters. |
| | | #openshift_clusterid |
| | | |
| | | ########################################################################### |
| | | ### OpenShift Network Vars |
| | | ########################################################################### |
| | | |
| | | osm_cluster_network_cidr=10.1.0.0/16 |
| | | openshift_portal_net=172.30.0.0/16 |
| | | |
| | | # os_sdn_network_plugin_name='redhat/openshift-ovs-networkpolicy' |
| | | {{multi_tenant_setting}} |
| | | |
| | | ########################################################################### |
| | | ### OpenShift Authentication Vars |
| | | ########################################################################### |
| | | |
| | | |
| | | # LDAP AND HTPASSWD Authentication (download ipa-ca.crt first) |
| | | #openshift_master_identity_providers=[{'name': 'ldap', 'challenge': 'true', 'login': 'true', 'kind': 'LDAPPasswordIdentityProvider','attributes': {'id': ['dn'], 'email': ['mail'], 'name': ['cn'], 'preferredUsername': ['uid']}, 'bindDN': 'uid=admin,cn=users,cn=accounts,dc=shared,dc=example,dc=opentlc,dc=com', 'bindPassword': 'r3dh4t1!', 'ca': '/etc/origin/master/ipa-ca.crt','insecure': 'false', 'url': 'ldaps://ipa.shared.example.opentlc.com:636/cn=users,cn=accounts,dc=shared,dc=example,dc=opentlc,dc=com?uid?sub?(memberOf=cn=ocp-users,cn=groups,cn=accounts,dc=shared,dc=example,dc=opentlc,dc=com)'},{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider'}] |
| | | |
| | | # Just LDAP |
| | | #openshift_master_identity_providers=[{'name': 'ldap', 'challenge': 'true', 'login': 'true', 'kind': 'LDAPPasswordIdentityProvider','attributes': {'id': ['dn'], 'email': ['mail'], 'name': ['cn'], 'preferredUsername': ['uid']}, 'bindDN': 'uid=admin,cn=users,cn=accounts,dc=shared,dc=example,dc=opentlc,dc=com', 'bindPassword': 'r3dh4t1!', 'ca': '/etc/origin/master/ipa-ca.crt','insecure': 'false', 'url': 'ldaps://ipa.shared.example.opentlc.com:636/cn=users,cn=accounts,dc=shared,dc=example,dc=opentlc,dc=com?uid?sub?(memberOf=cn=ocp-users,cn=groups,cn=accounts,dc=shared,dc=example,dc=opentlc,dc=com)'}] |
| | | |
| | | # Just HTPASSWD |
| | | openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider'}] |
| | | |
| | | # LDAP and HTPASSWD dependencies |
| | | |
| | | openshift_master_htpasswd_file=/root/htpasswd.openshift |
| | | #openshift_master_ldap_ca_file=/root/ipa-ca.crt |
| | | |
| | | {% if admission_plugin_config is defined %} |
| | | ########################################################################### |
| | | ### OpenShift admission plugin config |
| | | ########################################################################### |
| | | |
| | | openshift_master_admission_plugin_config={{admission_plugin_config|to_json}} |
| | | {% endif %} |
| | | |
| | | ########################################################################### |
| | | ### OpenShift Metrics and Logging Vars |
| | | ########################################################################### |
| | | |
| | | ######################### |
| | | # Prometheus Metrics |
| | | ######################### |
| | | |
| | | openshift_hosted_prometheus_deploy=true |
| | | openshift_prometheus_namespace=openshift-metrics |
| | | openshift_prometheus_node_selector={"node-role.kubernetes.io/infra":"true"} |
| | | |
| | | openshift_cluster_monitoring_operator_install=true |
| | | |
| | | {% if install_glusterfs|bool %} |
| | | openshift_cluster_monitoring_operator_prometheus_storage_capacity=20Gi |
| | | openshift_cluster_monitoring_operator_alertmanager_storage_capacity=2Gi |
| | | openshift_cluster_monitoring_operator_prometheus_storage_enabled=True |
| | | openshift_cluster_monitoring_operator_alertmanager_storage_enabled=True |
| | | |
| | | # The next two will be enabled in 3.11.z |
| | | # will use deafult storage class until then |
| | | # so set the block storage class as default |
| | | |
| | | # openshift_cluster_monitoring_operator_prometheus_storage_class_name='glusterfs-storage-block' |
| | | # openshift_cluster_monitoring_operator_alertmanager_storage_class_name='glusterfs-storage-block' |
| | | {% endif %} |
| | | |
| | | ######################## |
| | | # Cluster Metrics |
| | | ######################## |
| | | |
| | | openshift_metrics_install_metrics={{install_metrics}} |
| | | |
| | | {% if install_nfs|bool and not install_glusterfs|bool %} |
| | | openshift_metrics_storage_kind=nfs |
| | | openshift_metrics_storage_access_modes=['ReadWriteOnce'] |
| | | openshift_metrics_storage_nfs_directory=/srv/nfs |
| | | openshift_metrics_storage_nfs_options='*(rw,root_squash)' |
| | | openshift_metrics_storage_volume_name=metrics |
| | | openshift_metrics_storage_volume_size=10Gi |
| | | openshift_metrics_storage_labels={'storage': 'metrics'} |
| | | openshift_metrics_cassandra_pvc_storage_class_name='' |
| | | {% endif %} |
| | | |
| | | {% if install_glusterfs|bool %} |
| | | openshift_metrics_cassandra_storage_type=dynamic |
| | | openshift_metrics_cassandra_pvc_storage_class_name='glusterfs-storage-block' |
| | | {% endif %} |
| | | |
| | | openshift_metrics_hawkular_nodeselector={"node-role.kubernetes.io/infra": "true"} |
| | | openshift_metrics_cassandra_nodeselector={"node-role.kubernetes.io/infra": "true"} |
| | | openshift_metrics_heapster_nodeselector={"node-role.kubernetes.io/infra": "true"} |
| | | |
| | | # Store Metrics for 2 days |
| | | openshift_metrics_duration=2 |
| | | |
| | | # Suggested Quotas and limits for Prometheus components: |
| | | openshift_prometheus_memory_requests=2Gi |
| | | openshift_prometheus_cpu_requests=750m |
| | | openshift_prometheus_memory_limit=2Gi |
| | | openshift_prometheus_cpu_limit=750m |
| | | openshift_prometheus_alertmanager_memory_requests=300Mi |
| | | openshift_prometheus_alertmanager_cpu_requests=200m |
| | | openshift_prometheus_alertmanager_memory_limit=300Mi |
| | | openshift_prometheus_alertmanager_cpu_limit=200m |
| | | openshift_prometheus_alertbuffer_memory_requests=300Mi |
| | | openshift_prometheus_alertbuffer_cpu_requests=200m |
| | | openshift_prometheus_alertbuffer_memory_limit=300Mi |
| | | openshift_prometheus_alertbuffer_cpu_limit=200m |
| | | |
| | | {# The following file will need to be copied over to the bastion before deployment |
| | | # There is an example in ocp-workshop/files |
| | | # openshift_prometheus_additional_rules_file=/root/prometheus_alerts_rules.yml #} |
| | | |
| | | # Grafana |
| | | openshift_grafana_node_selector={"node-role.kubernetes.io/infra":"true"} |
| | | openshift_grafana_storage_type=pvc |
| | | openshift_grafana_pvc_size=2Gi |
| | | openshift_grafana_node_exporter=true |
| | | {% if install_glusterfs|bool %} |
| | | openshift_grafana_sc_name=glusterfs-storage |
| | | {% endif %} |
| | | |
| | | ######################## |
| | | # Cluster Logging |
| | | ######################## |
| | | |
| | | openshift_logging_install_logging={{install_logging}} |
| | | openshift_logging_install_eventrouter={{install_logging}} |
| | | |
| | | {% if install_nfs|bool and not install_glusterfs|bool %} |
| | | openshift_logging_storage_kind=nfs |
| | | openshift_logging_storage_access_modes=['ReadWriteOnce'] |
| | | openshift_logging_storage_nfs_directory=/srv/nfs |
| | | openshift_logging_storage_nfs_options='*(rw,root_squash)' |
| | | openshift_logging_storage_volume_name=logging |
| | | openshift_logging_storage_volume_size=10Gi |
| | | openshift_logging_storage_labels={'storage': 'logging'} |
| | | openshift_logging_es_pvc_storage_class_name='' |
| | | {% endif %} |
| | | {% if install_glusterfs|bool %} |
| | | openshift_logging_es_pvc_dynamic=true |
| | | openshift_logging_es_pvc_size=20Gi |
| | | openshift_logging_es_pvc_storage_class_name='glusterfs-storage-block' |
| | | {% endif %} |
| | | openshift_logging_es_memory_limit=8Gi |
| | | openshift_logging_es_cluster_size=1 |
| | | openshift_logging_curator_default_days=2 |
| | | |
| | | openshift_logging_kibana_nodeselector={"node-role.kubernetes.io/infra": "true"} |
| | | openshift_logging_curator_nodeselector={"node-role.kubernetes.io/infra": "true"} |
| | | openshift_logging_es_nodeselector={"node-role.kubernetes.io/infra": "true"} |
| | | openshift_logging_eventrouter_nodeselector={"node-role.kubernetes.io/infra": "true"} |
| | | |
| | | ########################################################################### |
| | | ### OpenShift Router and Registry Vars |
| | | ########################################################################### |
| | | |
| | | # default selectors for router and registry services |
| | | # openshift_router_selector='node-role.kubernetes.io/infra=true' |
| | | # openshift_registry_selector='node-role.kubernetes.io/infra=true' |
| | | |
| | | openshift_hosted_router_replicas={{infranode_instance_count}} |
| | | |
| | | # openshift_hosted_router_certificate={"certfile": "/path/to/router.crt", "keyfile": "/path/to/router.key", "cafile": "/path/to/router-ca.crt"} |
| | | |
| | | openshift_hosted_registry_replicas=1 |
| | | openshift_hosted_registry_pullthrough=true |
| | | openshift_hosted_registry_acceptschema2=true |
| | | openshift_hosted_registry_enforcequota=true |
| | | |
| | | {% if install_glusterfs|bool %} |
| | | openshift_hosted_registry_storage_kind=glusterfs |
| | | openshift_hosted_registry_storage_volume_size=10Gi |
| | | openshift_hosted_registry_selector="node-role.kubernetes.io/infra=true" |
| | | {% endif %} |
| | | |
| | | {% if install_nfs|bool %} |
| | | openshift_hosted_registry_storage_kind=nfs |
| | | openshift_hosted_registry_storage_access_modes=['ReadWriteMany'] |
| | | openshift_hosted_registry_storage_nfs_directory=/srv/nfs |
| | | openshift_hosted_registry_storage_nfs_options='*(rw,root_squash)' |
| | | openshift_hosted_registry_storage_volume_name=registry |
| | | openshift_hosted_registry_storage_volume_size=20Gi |
| | | {% endif %} |
| | | |
| | | ########################################################################### |
| | | ### OpenShift Service Catalog Vars |
| | | ########################################################################### |
| | | |
| | | # default=true |
| | | openshift_enable_service_catalog=true |
| | | |
| | | # default=true |
| | | template_service_broker_install=true |
| | | openshift_template_service_broker_namespaces=['openshift'] |
| | | |
| | | # default=true |
| | | ansible_service_broker_install=true |
| | | ansible_service_broker_local_registry_whitelist=['.*-apb$'] |
| | | |
| | | ########################################################################### |
| | | ### OpenShift Hosts |
| | | ########################################################################### |
| | | # openshift_node_labels DEPRECATED |
| | | # openshift_node_problem_detector_install |
| | | |
| | | [OSEv3:children] |
| | | lb |
| | | masters |
| | | etcd |
| | | nodes |
| | | {% if install_nfs|bool %} |
| | | nfs |
| | | {% endif %} |
| | | {% if install_glusterfs|bool %} |
| | | glusterfs |
| | | {% endif %} |
| | | |
| | | [lb] |
| | | {% for host in groups['loadbalancers'] %} |
| | | {{ hostvars[host].internaldns }} |
| | | {% endfor %} |
| | | |
| | | [masters] |
| | | {% for host in groups['masters']|sort %} |
| | | {{ hostvars[host].internaldns }} |
| | | {% endfor %} |
| | | |
| | | [etcd] |
| | | {% for host in groups['masters']|sort %} |
| | | {{ hostvars[host].internaldns }} |
| | | {% endfor %} |
| | | |
| | | [nodes] |
| | | ## These are the masters |
| | | {% for host in groups['masters']|sort %} |
| | | {{ hostvars[host].internaldns }} openshift_node_group_name='node-config-master' |
| | | {% endfor %} |
| | | |
| | | ## These are infranodes |
| | | {% for host in groups['infranodes']|sort %} |
| | | {{ hostvars[host].internaldns }} openshift_node_group_name='node-config-infra' |
| | | {% endfor %} |
| | | |
| | | ## These are regular nodes |
| | | {% for host in groups['nodes']|sort %} |
| | | {{ hostvars[host].internaldns }} openshift_node_group_name='node-config-compute' |
| | | {% endfor %} |
| | | |
| | | {% if install_glusterfs|bool %} |
| | | ## These are OCS nodes |
| | | {% for host in groups['support']|sort %} |
| | | {{ hostvars[host].internaldns }} openshift_node_group_name='node-config-compute' |
| | | {% endfor %} |
| | | {% endif %} |
| | | |
| | | {% if install_nfs|bool %} |
| | | [nfs] |
| | | {% for host in [groups['support']|sort|first] %} |
| | | {{ hostvars[host].internaldns }} |
| | | {% endfor %} |
| | | {% endif %} |
| | | |
| | | {% if install_glusterfs|bool %} |
| | | [glusterfs] |
| | | {% for host in groups['support']|sort %} |
| | | {{ hostvars[host].internaldns }} glusterfs_devices='[ "{{ glusterfs_app_device_name }}" ]' |
| | | {% endfor %} |
| | | {% endif %} |
New file |
| | |
| | | # |
| | | # ansible inventory for OpenShift Container Platform 3.11.16 |
| | | # AgnosticD ansible-config: ocp-ha-lab |
| | | |
| | | [OSEv3:vars] |
| | | |
| | | ########################################################################### |
| | | ### Ansible Vars |
| | | ########################################################################### |
| | | timeout=60 |
| | | ansible_user={{ansible_ssh_user}} |
| | | ansible_become=yes |
| | | |
| | | ########################################################################### |
| | | ### OpenShift Basic Vars |
| | | ########################################################################### |
| | | |
| | | openshift_deployment_type=openshift-enterprise |
| | | |
| | | openshift_disable_check="disk_availability,memory_availability,docker_image_availability" |
| | | |
| | | # OpenShift Version: |
| | | # If you modify the openshift_image_tag or the openshift_pkg_version variables after the cluster is set up, then an upgrade can be triggered, resulting in downtime. |
| | | # If openshift_image_tag is set, its value is used for all hosts in system container environments, even those that have another version installed. If |
| | | # Use this variable to specify a container image tag to install or configure. |
| | | #openshift_pkg_version is set, its value is used for all hosts in RPM-based environments, even those that have another version installed. |
| | | openshift_image_tag= |
| | | # Use this variable to specify an RPM version to install or configure. |
| | | openshift_pkg_version= |
| | | openshift_release= |
| | | |
| | | {% if container_runtime == "cri-o" %} |
| | | openshift_use_crio= |
| | | openshift_crio_enable_docker_gc= |
| | | openshift_crio_docker_gc_node_selector= |
| | | {% endif %} |
| | | |
| | | # Node Groups |
| | | openshift_node_groups= |
| | | # Configure node kubelet arguments. pods-per-core is valid in OpenShift Origin 1.3 or OpenShift Container Platform 3.3 and later. -> These need to go into the above |
| | | # openshift_node_kubelet_args={'pods-per-core': ['10'], 'max-pods': ['250'], 'image-gc-high-threshold': ['85'], 'image-gc-low-threshold': ['75']} |
| | | |
| | | # Configure logrotate scripts |
| | | # See: https://github.com/nickhammond/ansible-logrotate |
| | | logrotate_scripts=[{"name": "syslog", "path": "/var/log/cron\n/var/log/maillog\n/var/log/messages\n/var/log/secure\n/var/log/spooler\n", "options": ["daily", "rotate 7","size 500M", "compress", "sharedscripts", "missingok"], "scripts": {"postrotate": "/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true"}}] |
| | | |
| | | # Deploy Operator Lifecycle Manager Tech Preview |
| | | openshift_enable_olm= |
| | | |
| | | ########################################################################### |
| | | ### OpenShift Registries Locations |
| | | ########################################################################### |
| | | |
| | | #oreg_url=registry.access.redhat.com/openshift3/ose-${component}:${version} |
| | | oreg_url= |
| | | oreg_auth_user= |
| | | oreg_auth_password= |
| | | |
| | | # For Operator Framework Images |
| | | openshift_additional_registry_credentials= |
| | | |
| | | openshift_examples_modify_imagestreams= |
| | | |
| | | {% if install_glusterfs|bool %} |
| | | ########################################################################### |
| | | ### OpenShift Container Storage |
| | | ########################################################################### |
| | | |
| | | openshift_master_dynamic_provisioning_enabled= |
| | | |
| | | # CNS storage cluster |
| | | # From https://github.com/red-hat-storage/openshift-cic |
| | | openshift_storage_glusterfs_namespace= |
| | | openshift_storage_glusterfs_storageclass= |
| | | openshift_storage_glusterfs_storageclass_default= |
| | | |
| | | openshift_storage_glusterfs_block_deploy= |
| | | openshift_storage_glusterfs_block_host_vol_create= |
| | | openshift_storage_glusterfs_block_host_vol_size= |
| | | openshift_storage_glusterfs_block_storageclass= |
| | | openshift_storage_glusterfs_block_storageclass_default= |
| | | |
| | | # Container image to use for glusterfs pods |
| | | openshift_storage_glusterfs_image= |
| | | |
| | | # Container image to use for glusterblock-provisioner pod |
| | | openshift_storage_glusterfs_block_image= |
| | | |
| | | # Container image to use for heketi pods |
| | | openshift_storage_glusterfs_heketi_image= |
| | | |
| | | # GlusterFS version |
| | | # Knowledgebase |
| | | # https://access.redhat.com/solutions/3617551 |
| | | # Bugzilla |
| | | # https://bugzilla.redhat.com/show_bug.cgi?id=163.1057 |
| | | # Complete OpenShift GlusterFS Configuration README |
| | | # https://github.com/openshift/openshift-ansible/tree/master/roles/openshift_storage_glusterfs |
| | | openshift_storage_glusterfs_version= |
| | | openshift_storage_glusterfs_block_version= |
| | | openshift_storage_glusterfs_s3_version= |
| | | openshift_storage_glusterfs_heketi_version= |
| | | # openshift_storage_glusterfs_registry_version=v3.10 |
| | | # openshift_storage_glusterfs_registry_block_version=v3.10 |
| | | # openshift_storage_glusterfs_registry_s3_version=v3.10 |
| | | # openshift_storage_glusterfs_registry_heketi_version=v3.10 |
| | | {% endif %} |
| | | |
| | | {% if install_nfs|bool %} |
| | | # Set this line to enable NFS |
| | | openshift_enable_unsupported_configurations= |
| | | {% endif %} |
| | | |
| | | ########################################################################### |
| | | ### OpenShift Master Vars |
| | | ########################################################################### |
| | | |
| | | openshift_master_api_port= |
| | | openshift_master_console_port= |
| | | |
| | | #Default: openshift_master_cluster_method=native |
| | | openshift_master_cluster_hostname= |
| | | openshift_master_cluster_public_hostname= |
| | | openshift_master_default_subdomain= |
| | | #openshift_master_ca_certificate= |
| | | openshift_master_overwrite_named_certificates= |
| | | |
| | | # Audit log |
| | | # openshift_master_audit_config={"enabled": true, "auditFilePath": "/var/log/openpaas-oscp-audit/openpaas-oscp-audit.log", "maximumFileRetentionDays": 14, "maximumFileSizeMegabytes": 500, "maximumRetainedFiles": 5} |
| | | |
| | | # ocp-ha-lab |
| | | # AWS Autoscaler |
| | | #openshift_master_bootstrap_auto_approve=false |
| | | # This variable is a cluster identifier unique to the AWS Availability Zone. Using this avoids potential issues in Amazon Web Services (AWS) with multiple zones or multiple clusters. |
| | | #openshift_clusterid |
| | | |
| | | ########################################################################### |
| | | ### OpenShift Network Vars |
| | | ########################################################################### |
| | | |
| | | osm_cluster_network_cidr=10.1.0.0/16 |
| | | openshift_portal_net=172.30.0.0/16 |
| | | |
| | | # os_sdn_network_plugin_name='redhat/openshift-ovs-networkpolicy' |
| | | {{multi_tenant_setting}} |
| | | |
| | | ########################################################################### |
| | | ### OpenShift Authentication Vars |
| | | ########################################################################### |
| | | |
| | | |
| | | # LDAP AND HTPASSWD Authentication (download ipa-ca.crt first) |
| | | #openshift_master_identity_providers= |
| | | |
| | | # Just LDAP |
| | | #openshift_master_identity_providers=[{'name': 'ldap', 'challenge': 'true', 'login': 'true', 'kind': 'LDAPPasswordIdentityProvider','attributes': {'id': ['dn'], 'email': ['mail'], 'name': ['cn'], 'preferredUsername': ['uid']}, 'bindDN': 'uid=admin,cn=users,cn=accounts,dc=shared,dc=example,dc=opentlc,dc=com', 'bindPassword': 'r3dh4t1!', 'ca': '/etc/origin/master/ipa-ca.crt','insecure': 'false', 'url': 'ldaps://ipa.shared.example.opentlc.com:636/cn=users,cn=accounts,dc=shared,dc=example,dc=opentlc,dc=com?uid?sub?(memberOf=cn=ocp-users,cn=groups,cn=accounts,dc=shared,dc=example,dc=opentlc,dc=com)'}] |
| | | |
| | | # Just HTPASSWD |
| | | openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider'}] |
| | | |
| | | # LDAP and HTPASSWD dependencies |
| | | |
| | | openshift_master_htpasswd_file=/root/htpasswd.openshift |
| | | #openshift_master_ldap_ca_file=/root/ipa-ca.crt |
| | | |
| | | {% if admission_plugin_config is defined %} |
| | | ########################################################################### |
| | | ### OpenShift admission plugin config |
| | | ########################################################################### |
| | | |
| | | openshift_master_admission_plugin_config={{admission_plugin_config|to_json}} |
| | | {% endif %} |
| | | |
| | | ########################################################################### |
| | | ### OpenShift Metrics and Logging Vars |
| | | ########################################################################### |
| | | |
| | | ######################### |
| | | # Prometheus Metrics |
| | | ######################### |
| | | |
| | | openshift_hosted_prometheus_deploy= |
| | | openshift_prometheus_namespace= |
| | | openshift_prometheus_node_selector= |
| | | |
| | | openshift_cluster_monitoring_operator_install= |
| | | |
| | | {% if install_glusterfs|bool %} |
| | | openshift_cluster_monitoring_operator_prometheus_storage_capacity=20Gi |
| | | openshift_cluster_monitoring_operator_alertmanager_storage_capacity=2Gi |
| | | openshift_cluster_monitoring_operator_prometheus_storage_enabled=True |
| | | openshift_cluster_monitoring_operator_alertmanager_storage_enabled=True |
| | | |
| | | # The next two will be enabled in 3.11.z |
| | | # will use deafult storage class until then |
| | | # so set the block storage class as default |
| | | |
| | | # openshift_cluster_monitoring_operator_prometheus_storage_class_name='glusterfs-storage-block' |
| | | # openshift_cluster_monitoring_operator_alertmanager_storage_class_name='glusterfs-storage-block' |
| | | {% endif %} |
| | | |
| | | ######################## |
| | | # Cluster Metrics |
| | | ######################## |
| | | |
| | | openshift_metrics_install_metrics= |
| | | |
| | | {% if install_nfs|bool and not install_glusterfs|bool %} |
| | | openshift_metrics_storage_kind= |
| | | openshift_metrics_storage_access_modes= |
| | | openshift_metrics_storage_nfs_directory= |
| | | openshift_metrics_storage_nfs_options= |
| | | openshift_metrics_storage_volume_name= |
| | | openshift_metrics_storage_volume_size= |
| | | openshift_metrics_storage_labels= |
| | | openshift_metrics_cassandra_pvc_storage_class_name= |
| | | {% endif %} |
| | | |
| | | {% if install_glusterfs|bool %} |
| | | openshift_metrics_cassandra_storage_type= |
| | | openshift_metrics_cassandra_pvc_storage_class_name= |
| | | {% endif %} |
| | | |
| | | openshift_metrics_hawkular_nodeselector= |
| | | openshift_metrics_cassandra_nodeselector= |
| | | openshift_metrics_heapster_nodeselector= |
| | | |
| | | # Store Metrics for 2 days |
| | | openshift_metrics_duration=2 |
| | | |
| | | # Suggested Quotas and limits for Prometheus components: |
| | | openshift_prometheus_memory_requests=2Gi |
| | | openshift_prometheus_cpu_requests=750m |
| | | openshift_prometheus_memory_limit=2Gi |
| | | openshift_prometheus_cpu_limit=750m |
| | | openshift_prometheus_alertmanager_memory_requests=300Mi |
| | | openshift_prometheus_alertmanager_cpu_requests=200m |
| | | openshift_prometheus_alertmanager_memory_limit=300Mi |
| | | openshift_prometheus_alertmanager_cpu_limit=200m |
| | | openshift_prometheus_alertbuffer_memory_requests=300Mi |
| | | openshift_prometheus_alertbuffer_cpu_requests=200m |
| | | openshift_prometheus_alertbuffer_memory_limit=300Mi |
| | | openshift_prometheus_alertbuffer_cpu_limit=200m |
| | | |
| | | {# The following file will need to be copied over to the bastion before deployment |
| | | # There is an example in ocp-workshop/files |
| | | # openshift_prometheus_additional_rules_file=/root/prometheus_alerts_rules.yml #} |
| | | |
| | | # Grafana |
| | | openshift_grafana_node_selector= |
| | | openshift_grafana_storage_type= |
| | | openshift_grafana_pvc_size= |
| | | openshift_grafana_node_exporter= |
| | | {% if install_glusterfs|bool %} |
| | | openshift_grafana_sc_name=glusterfs-storage |
| | | {% endif %} |
| | | |
| | | ######################## |
| | | # Cluster Logging |
| | | ######################## |
| | | |
| | | openshift_logging_install_logging= |
| | | openshift_logging_install_eventrouter= |
| | | |
| | | {% if install_nfs|bool and not install_glusterfs|bool %} |
| | | openshift_logging_storage_kind= |
| | | openshift_logging_storage_access_modes= |
| | | openshift_logging_storage_nfs_directory= |
| | | openshift_logging_storage_nfs_options= |
| | | openshift_logging_storage_volume_name= |
| | | openshift_logging_storage_volume_size= |
| | | openshift_logging_storage_labels= |
| | | openshift_logging_es_pvc_storage_class_name= |
| | | {% endif %} |
| | | {% if install_glusterfs|bool %} |
| | | openshift_logging_es_pvc_dynamic=true |
| | | openshift_logging_es_pvc_size=20Gi |
| | | openshift_logging_es_pvc_storage_class_name='glusterfs-storage-block' |
| | | {% endif %} |
| | | openshift_logging_es_memory_limit=8Gi |
| | | openshift_logging_es_cluster_size=1 |
| | | openshift_logging_curator_default_days=2 |
| | | |
| | | openshift_logging_kibana_nodeselector= |
| | | openshift_logging_curator_nodeselector= |
| | | openshift_logging_es_nodeselector= |
| | | openshift_logging_eventrouter_nodeselector= |
| | | |
| | | ########################################################################### |
| | | ### OpenShift Router and Registry Vars |
| | | ########################################################################### |
| | | |
| | | # default selectors for router and registry services |
| | | # openshift_router_selector='node-role.kubernetes.io/infra=true' |
| | | # openshift_registry_selector='node-role.kubernetes.io/infra=true' |
| | | |
| | | openshift_hosted_router_replicas= |
| | | |
| | | # openshift_hosted_router_certificate={"certfile": "/path/to/router.crt", "keyfile": "/path/to/router.key", "cafile": "/path/to/router-ca.crt"} |
| | | |
| | | openshift_hosted_registry_replicas=1 |
| | | openshift_hosted_registry_pullthrough=true |
| | | openshift_hosted_registry_acceptschema2=true |
| | | openshift_hosted_registry_enforcequota=true |
| | | |
| | | {% if install_glusterfs|bool %} |
| | | openshift_hosted_registry_storage_kind=glusterfs |
| | | openshift_hosted_registry_storage_volume_size=10Gi |
| | | openshift_hosted_registry_selector="node-role.kubernetes.io/infra=true" |
| | | {% endif %} |
| | | |
| | | {% if install_nfs|bool %} |
| | | openshift_hosted_registry_storage_kind= |
| | | openshift_hosted_registry_storage_access_modes= |
| | | openshift_hosted_registry_storage_nfs_directory= |
| | | openshift_hosted_registry_storage_nfs_options= |
| | | openshift_hosted_registry_storage_volume_name= |
| | | openshift_hosted_registry_storage_volume_size= |
| | | {% endif %} |
| | | |
| | | ########################################################################### |
| | | ### OpenShift Service Catalog Vars |
| | | ########################################################################### |
| | | |
| | | # default=true |
| | | openshift_enable_service_catalog= |
| | | |
| | | # default=true |
| | | template_service_broker_install= |
| | | openshift_template_service_broker_namespaces= |
| | | |
| | | # default=true |
| | | ansible_service_broker_install=true |
| | | ansible_service_broker_local_registry_whitelist=['.*-apb$'] |
| | | |
| | | ########################################################################### |
| | | ### OpenShift Hosts |
| | | ########################################################################### |
| | | # openshift_node_labels DEPRECATED |
| | | # openshift_node_problem_detector_install |
| | | |
| | | [OSEv3:children] |
| | | lb |
| | | masters |
| | | etcd |
| | | nodes |
| | | {% if install_nfs|bool %} |
| | | nfs |
| | | {% endif %} |
| | | {% if install_glusterfs|bool %} |
| | | glusterfs |
| | | {% endif %} |
| | | |
| | | [lb] |
| | | {% for host in groups['loadbalancers'] %} |
| | | {{ hostvars[host].internaldns }} |
| | | {% endfor %} |
| | | |
| | | [masters] |
| | | {% for host in groups['masters']|sort %} |
| | | {{ hostvars[host].internaldns }} |
| | | {% endfor %} |
| | | |
| | | [etcd] |
| | | {% for host in groups['masters']|sort %} |
| | | {{ hostvars[host].internaldns }} |
| | | {% endfor %} |
| | | |
| | | [nodes] |
| | | ## These are the masters |
| | | {% for host in groups['masters']|sort %} |
| | | {{ hostvars[host].internaldns }} openshift_node_group_name='node-config-master' openshift_node_problem_detector_install=true |
| | | {% endfor %} |
| | | |
| | | ## These are infranodes |
| | | {% for host in groups['infranodes']|sort %} |
| | | {{ hostvars[host].internaldns }} openshift_node_group_name='node-config-infra' openshift_node_problem_detector_install=true |
| | | {% endfor %} |
| | | |
| | | ## These are regular nodes |
| | | {% for host in groups['nodes']|sort %} |
| | | {{ hostvars[host].internaldns }} openshift_node_group_name='node-config-compute' openshift_node_problem_detector_install=true |
| | | {% endfor %} |
| | | |
| | | {% if install_glusterfs|bool %} |
| | | ## These are OCS nodes |
| | | {% for host in groups['support']|sort %} |
| | | {{ hostvars[host].internaldns }} openshift_node_group_name='node-config-compute' openshift_node_problem_detector_install=true |
| | | {% endfor %} |
| | | {% endif %} |
| | | |
| | | {% if install_nfs|bool %} |
| | | [nfs] |
| | | {% for host in [groups['support']|sort|first] %} |
| | | {{ hostvars[host].internaldns }} |
| | | {% endfor %} |
| | | {% endif %} |
| | | |
| | | {% if install_glusterfs|bool %} |
| | | [glusterfs] |
| | | {% for host in groups['support']|sort %} |
| | | {{ hostvars[host].internaldns }} glusterfs_devices='[ "{{ glusterfs_app_device_name }}" ]' |
| | | {% endfor %} |
| | | {% endif %} |
New file |
| | |
| | | groups: |
| | | - name: etcd-rules |
| | | interval: 10s # defaults to global interval |
| | | rules: |
| | | - alert: "Node Down" |
| | | expr: up{job="kubernetes-nodes"} == 0 |
| | | annotations: |
| | | component: "ContainerNode" |
| | | severity: "HIGH" |
| | | message: "Node {{$labels.instance}} is down" |
| | | - alert: "Lost ETCD" |
| | | expr: up{job="etcd"} == 0 |
| | | annotations: |
| | | component: "ETCD" |
| | | severity: "HIGH" |
| | | message: "ETCD {{$labels.instance}} is down" |
| | | - alert: "Time drift" |
| | | expr: sqrt((scalar(avg(node_time{job="kubernetes-nodes-exporter"})) - node_time{job="kubernetes-nodes-exporter"} )^2) > 60 |
| | | for: 30s |
| | | annotations: |
| | | component: "NTP" |
| | | severity: "HIGH" |
| | | message: "Node {{$labels.instance}} has time drift bigger than 60 from average time" |
| | | - name: scheduler-rules |
| | | interval: 10s # defaults to global interval |
| | | rules: |
| | | - alert: "Scheduler node1" |
| | | expr: ( (sum(kubelet_running_pod_count{instance=~"^node.*"}) / ((count(node_time) - 6))) * 2 ) < (sum(kubelet_running_pod_count{instance=~"^node1.*"})) |
| | | annotations: |
| | | component: "Scheduler" |
| | | severity: "HIGH" |
| | | message: "Node node1.example.com has more pods than average" |
| | | - alert: "Scheduler node2" |
| | | expr: ( (sum(kubelet_running_pod_count{instance=~"^node.*"}) / ((count(node_time) - 6))) *2 ) < (sum(kubelet_running_pod_count{instance=~"^node2.*"})) |
| | | annotations: |
| | | component: "Scheduler" |
| | | severity: "HIGH" |
| | | message: "Node node2.example.com has more pods than average" |
| | | - alert: "Scheduler node3" |
| | | expr: ( (sum(kubelet_running_pod_count{instance=~"^node.*"}) / ((count(node_time) - 6))) *2 ) < (sum(kubelet_running_pod_count{instance=~"^node3.*"})) |
| | | annotations: |
| | | component: "Scheduler" |
| | | severity: "HIGH" |
| | | message: "Node node3.example.com has more pods than average" |
| | | - alert: "Builds Failing" |
| | | expr: sum(openshift_build_total{phase=~"Failed|Error"}) > 10 |
| | | annotations: |
| | | component: "OpenShift Builds" |
| | | severity: "HIGH" |
| | | message: "There is a high volume of builds failing" |
| | | - alert: "Registry storage" |
| | | expr: (avg(kubelet_volume_stats_used_bytes{persistentvolumeclaim="registry-claim"}) * 100) / avg(kubelet_volume_stats_capacity_bytes{persistentvolumeclaim="registry-claim"}) > 80 |
| | | annotations: |
| | | component: "Registry Storage" |
| | | severity: "MEDIUM" |
| | | message: "Storage limit reached more than 80% " |
| | | - alert: "Registry storage" |
| | | expr: (avg(kubelet_volume_stats_used_bytes{persistentvolumeclaim="registry-claim"}) * 100) / avg(kubelet_volume_stats_capacity_bytes{persistentvolumeclaim="registry-claim"}) > 95 |
| | | annotations: |
| | | component: "Registry Storage" |
| | | severity: "HIGH" |
| | | message: "Storage limit reached more than 95% " |
| | | - alert: "DNS Errors" |
| | | expr: changes(node_dnsmasq_sync_error_count_total[2m]) >=1 |
| | | annotations: |
| | | component: "dnsmasq" |
| | | severity: "HIGH" |
| | | message: "DNS errors detected. Check grafana for more details" |
New file |
| | |
| | | [rhel-7-server-rpms] |
| | | name=Red Hat Enterprise Linux 7 |
| | | baseurl={{own_repo_path}}/rhel-7-server-rpms |
| | | enabled=1 |
| | | gpgcheck=0 |
| | | |
| | | [rhel-7-server-rh-common-rpms] |
| | | name=Red Hat Enterprise Linux 7 Common |
| | | baseurl={{own_repo_path}}/rhel-7-server-rh-common-rpms |
| | | enabled=1 |
| | | gpgcheck=0 |
| | | |
| | | [rhel-7-server-extras-rpms] |
| | | name=Red Hat Enterprise Linux 7 Extras |
| | | baseurl={{own_repo_path}}/rhel-7-server-extras-rpms |
| | | enabled=1 |
| | | gpgcheck=0 |
| | | |
| | | [rhel-7-server-optional-rpms] |
| | | name=Red Hat Enterprise Linux 7 Optional |
| | | baseurl={{own_repo_path}}/rhel-7-server-optional-rpms |
| | | enabled=1 |
| | | gpgcheck=0 |
| | | |
| | | [rhel-7-server-ose-{{repo_version}}-rpms] |
| | | name=Red Hat Enterprise Linux 7 OSE {{repo_version}} |
| | | baseurl={{own_repo_path}}/rhel-7-server-ose-{{repo_version}}-rpms |
| | | enabled=1 |
| | | gpgcheck=0 |
| | | |
| | | {% if osrelease is version_compare('3.10', '<=') %} |
| | | [rhel-7-fast-datapath-rpms] |
| | | name=Red Hat Enterprise Linux Fast Datapath (RHEL 7 Server) (RPMs) |
| | | baseurl={{own_repo_path}}/rhel-7-fast-datapath-rpms |
| | | enabled=1 |
| | | gpgcheck=0 |
| | | {% endif %} |
| | | |
| | | {% if osrelease is version_compare('3.10', '>=') %} |
| | | ## Required since OCP 3.10 |
| | | [rh-gluster-3-client-for-rhel-7-server-rpms] |
| | | name=Red Hat Enterprise Linux GlusterFS Client (RPMs) |
| | | baseurl={{own_repo_path}}/rh-gluster-3-client-for-rhel-7-server-rpms |
| | | enabled=1 |
| | | gpgcheck=0 |
| | | {% endif %} |
| | | |
| | | [rhel-7-server-ansible-{{install_ansible_version}}-rpms] |
| | | name=Red Hat Enterprise Linux Ansible (RPMs) |
| | | baseurl={{own_repo_path}}/rhel-7-server-ansible-{{install_ansible_version}}-rpms |
| | | enabled=1 |
| | | gpgcheck=0 |
| | | |
| | |
| | | [rhel-7-server-rpms] |
| | | name=Red Hat Enterprise Linux 7 |
| | | baseurl=http://{{hostvars[groups['isolated'][0]].internaldns}}{{ own_repo_path | urlsplit('path') }}rhel-7-server-rpms |
| | | baseurl=http://{{hostvars[groups['isolated'][0]].internaldns}}{{ own_repo_path | urlsplit('path') }}/rhel-7-server-rpms |
| | | enabled=1 |
| | | gpgcheck=0 |
| | | |
| | | [rhel-7-server-rh-common-rpms] |
| | | name=Red Hat Enterprise Linux 7 Common |
| | | baseurl=http://{{hostvars[groups['isolated'][0]].internaldns}}{{ own_repo_path | urlsplit('path') }}rhel-7-server-rh-common-rpms |
| | | baseurl=http://{{hostvars[groups['isolated'][0]].internaldns}}{{ own_repo_path | urlsplit('path') }}/rhel-7-server-rh-common-rpms |
| | | enabled=1 |
| | | gpgcheck=0 |
| | | |
| | | [rhel-7-server-extras-rpms] |
| | | name=Red Hat Enterprise Linux 7 Extras |
| | | baseurl=http://{{hostvars[groups['isolated'][0]].internaldns}}{{ own_repo_path | urlsplit('path') }}rhel-7-server-extras-rpms |
| | | baseurl=http://{{hostvars[groups['isolated'][0]].internaldns}}{{ own_repo_path | urlsplit('path') }}/rhel-7-server-extras-rpms |
| | | enabled=1 |
| | | gpgcheck=0 |
| | | |
| | | [rhel-7-server-optional-rpms] |
| | | name=Red Hat Enterprise Linux 7 Optional |
| | | baseurl=http://{{hostvars[groups['isolated'][0]].internaldns}}{{ own_repo_path | urlsplit('path') }}rhel-7-server-optional-rpms |
| | | baseurl=http://{{hostvars[groups['isolated'][0]].internaldns}}{{ own_repo_path | urlsplit('path') }}/rhel-7-server-optional-rpms |
| | | enabled=1 |
| | | gpgcheck=0 |
| | | |
| | | [rhel-7-server-ose-{{repo_version}}-rpms] |
| | | name=Red Hat Enterprise Linux 7 OSE {{repo_version}} |
| | | baseurl=http://{{hostvars[groups['isolated'][0]].internaldns}}{{ own_repo_path | urlsplit('path') }}rhel-7-server-ose-{{repo_version}}-rpms |
| | | baseurl=http://{{hostvars[groups['isolated'][0]].internaldns}}{{ own_repo_path | urlsplit('path') }}/rhel-7-server-ose-{{repo_version}}-rpms |
| | | enabled=1 |
| | | gpgcheck=0 |
| | | |
| | | |
| | | {% if osrelease is version_compare('3.10', '<=') %} |
| | | [rhel-7-fast-datapath-rpms] |
| | | name=Red Hat Enterprise Linux 7 Fast Datapath |
| | | baseurl=http://{{hostvars[groups['isolated'][0]].internaldns}}{{ own_repo_path | urlsplit('path') }}rhel-7-fast-datapath-rpms |
| | | baseurl=http://{{hostvars[groups['isolated'][0]].internaldns}}{{ own_repo_path | urlsplit('path') }}/rhel-7-fast-datapath-rpms |
| | | enabled=1 |
| | | gpgcheck=0 |
| | | {% endif %} |
| | | |
| | | {% if osrelease is version_compare('3.9', '>=') %} |
| | | ## Required since OCP 3.9 |
| | | [rhel-7-server-ansible-2.4-rpms] |
| | | [rhel-7-server-ansible-{{ install_ansible_version }}-rpms] |
| | | name=Red Hat Enterprise Linux Ansible (RPMs) |
| | | baseurl=http://{{hostvars[groups['isolated'][0]].internaldns}}{{ own_repo_path | urlsplit('path') }}rhel-7-server-ansible-2.4-rpms |
| | | baseurl=http://{{hostvars[groups['isolated'][0]].internaldns}}{{ own_repo_path | urlsplit('path') }}/rhel-7-server-ansible-{{ install_ansible_version }}-rpms |
| | | enabled=1 |
| | | gpgcheck=0 |
| | | {% endif %} |
| | |
| | | connection: local |
| | | become: false |
| | | vars_files: |
| | | - "./env_vars.yml" |
| | | - "./env_secret_vars.yml" |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml" |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_secret_vars.yml" |
| | | tags: |
| | | - step002 |
| | | - post_infrastructure |
| | |
| | | #vim: set ft=ansible: |
| | | # vim: set ft=ansible: |
| | | --- |
| | | - name: Step 005 - Post Software deployment |
| | | hosts: localhost |
| | |
| | | tags: |
| | | - step005 |
| | | tasks: |
| | | - name: Generate /etc/ansible/hosts file with lab hosts template |
| | | - name: Generate /etc/ansible/hosts file with lab inv template |
| | | template: |
| | | src: "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/files/labs_hosts_template.j2" |
| | | src: "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/files/labs_hosts_template.{{ osrelease }}.j2" |
| | | dest: "{{ ANSIBLE_REPO_PATH }}/workdir/labs_hosts-{{ env_type }}-{{ guid }}" |
| | | |
| | | - name: Run openshift host provision on the bastion |
| | | gather_facts: False |
| | | become: yes |
| | | hosts: |
| | | - bastions |
| | | vars_files: |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml" |
| | | roles: |
| | | - role: "{{ ANSIBLE_REPO_PATH }}/roles/host-ocp-provisioner" |
| | | |
| | | - name: Configure NFS host for user-vols if required |
| | | hosts: support |
| | |
| | | vars_files: |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml" |
| | | tasks: |
| | | - name: Move complete inventory file to preserve directory. |
| | | shell: mv /etc/ansible/hosts /var/preserve/ |
| | | - name: Copy complete inventory file to bastion /var/preserve/hosts |
| | | copy: |
| | | src: "{{ ANSIBLE_REPO_PATH }}/workdir/hosts-{{ env_type }}-{{ guid }}" |
| | | dest: /var/preserve/hosts |
| | | tags: preserve_complete_ansible_inventory |
| | | |
| | | - name: copy prometheus rules file to bastion |
| | | copy: |
| | | src: "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/files/prometheus_alerts_rules.yml" |
| | | dest: /root/prometheus_alerts_rules.yml |
| | | |
| | | - name: Copy over ansible hosts file, lab version |
| | | copy: |
| | |
| | | - overwrite_hosts_with_lab_hosts |
| | | |
| | | # sssd bug, fixed by restart |
| | | - name: restart sssd |
| | | service: |
| | | name: sssd |
| | | state: restarted |
| | | when: install_ipa_client |
| | | # - name: restart sssd |
| | | # service: |
| | | # name: sssd |
| | | # state: restarted |
| | | # when: install_ipa_client |
| | | ## Create PVs for uservols if required |
| | | - name: get nfs Hostname |
| | | set_fact: |
| | |
| | | template: |
| | | src: "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/files/pvs.j2" |
| | | dest: "/root/pvs-{{ env_type }}-{{ guid }}.yml" |
| | | tags: [ gen_pv_file ] |
| | | when: pv_list.0 is defined |
| | | tags: |
| | | - openshift_nfs_config |
| | | - gen_pv_file |
| | | - set_fact: |
| | | pv_size: "{{user_vols_size}}" |
| | | persistentVolumeReclaimPolicy: Recycle |
| | |
| | | - openshift_nfs_config |
| | | |
| | | - shell: 'oc create -f /root/pvs-{{ env_type }}-{{ guid }}.yml || oc replace -f /root/pvs-{{ env_type }}-{{ guid }}.yml' |
| | | tags: |
| | | - create_user_pv |
| | | when: pv_list.0 is defined |
| | | tags: |
| | | - openshift_nfs_config |
| | | - create_user_pv |
| | | |
| | | - shell: 'oc create -f /root/userpvs-{{ env_type }}-{{ guid }}.yml || oc replace -f /root/userpvs-{{ env_type }}-{{ guid }}.yml' |
| | | tags: |
| | | - create_user_pv |
| | | - openshift_nfs_config |
| | | |
| | | - import_role: |
| | | name: "{{ ANSIBLE_REPO_PATH }}/roles/bastion-opentlc-ipa" |
| | | when: install_ipa_client|bool |
| | | |
| | | - name: PostSoftware flight-check |
| | | hosts: localhost |
| | | connection: local |
| | |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_secret_vars.yml" |
| | | roles: |
| | | - { role: "{{ ANSIBLE_REPO_PATH }}/roles/bastion", when: 'install_bastion' } |
| | | - { role: "{{ ANSIBLE_REPO_PATH }}/roles/bastion-opentlc-ipa", when: 'install_ipa_client' } |
| | | # - { role: "{{ ANSIBLE_REPO_PATH }}/roles/bastion-opentlc-ipa", when: 'install_ipa_client' } |
| | | tags: |
| | | - step004 |
| | | - bastion_tasks |
| | |
| | | |
| | | |
| | | # LDAP AND HTPASSWD Authentication (download ipa-ca.crt first) |
| | | openshift_master_identity_providers=[{'name': 'ldap', 'challenge': 'true', 'login': 'true', 'kind': 'LDAPPasswordIdentityProvider','attributes': {'id': ['dn'], 'email': ['mail'], 'name': ['cn'], 'preferredUsername': ['uid']}, 'bindDN': 'uid=admin,cn=users,cn=accounts,dc=shared,dc=example,dc=opentlc,dc=com', 'bindPassword': 'r3dh4t1!', 'ca': '/etc/origin/master/ipa-ca.crt','insecure': 'false', 'url': 'ldaps://ipa.shared.example.opentlc.com:636/cn=users,cn=accounts,dc=shared,dc=example,dc=opentlc,dc=com?uid?sub?(memberOf=cn=ocp-users,cn=groups,cn=accounts,dc=shared,dc=example,dc=opentlc,dc=com)'},{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider'}] |
| | | #openshift_master_identity_providers=[{'name': 'ldap', 'challenge': 'true', 'login': 'true', 'kind': 'LDAPPasswordIdentityProvider','attributes': {'id': ['dn'], 'email': ['mail'], 'name': ['cn'], 'preferredUsername': ['uid']}, 'bindDN': 'uid=admin,cn=users,cn=accounts,dc=shared,dc=example,dc=opentlc,dc=com', 'bindPassword': 'r3dh4t1!', 'ca': '/etc/origin/master/ipa-ca.crt','insecure': 'false', 'url': 'ldaps://ipa.shared.example.opentlc.com:636/cn=users,cn=accounts,dc=shared,dc=example,dc=opentlc,dc=com?uid?sub?(memberOf=cn=ocp-users,cn=groups,cn=accounts,dc=shared,dc=example,dc=opentlc,dc=com)'},{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider'}] |
| | | |
| | | # Just LDAP |
| | | #openshift_master_identity_providers=[{'name': 'ldap', 'challenge': 'true', 'login': 'true', 'kind': 'LDAPPasswordIdentityProvider','attributes': {'id': ['dn'], 'email': ['mail'], 'name': ['cn'], 'preferredUsername': ['uid']}, 'bindDN': 'uid=admin,cn=users,cn=accounts,dc=shared,dc=example,dc=opentlc,dc=com', 'bindPassword': 'r3dh4t1!', 'ca': '/etc/origin/master/ipa-ca.crt','insecure': 'false', 'url': 'ldaps://ipa.shared.example.opentlc.com:636/cn=users,cn=accounts,dc=shared,dc=example,dc=opentlc,dc=com?uid?sub?(memberOf=cn=ocp-users,cn=groups,cn=accounts,dc=shared,dc=example,dc=opentlc,dc=com)'}] |
| | | |
| | | # Just HTPASSWD |
| | | #openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider'}] |
| | | openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider'}] |
| | | |
| | | # LDAP and HTPASSWD dependencies |
| | | |
| | | openshift_master_htpasswd_file=/root/htpasswd.openshift |
| | | openshift_master_ldap_ca_file=/root/ipa-ca.crt |
| | | #openshift_master_ldap_ca_file=/root/ipa-ca.crt |
| | | |
| | | {% if admission_plugin_config is defined %} |
| | | ########################################################################### |
| | |
| | | |
| | | |
| | | # LDAP AND HTPASSWD Authentication (download ipa-ca.crt first) |
| | | openshift_master_identity_providers= |
| | | #openshift_master_identity_providers= |
| | | |
| | | # Just LDAP |
| | | #openshift_master_identity_providers=[{'name': 'ldap', 'challenge': 'true', 'login': 'true', 'kind': 'LDAPPasswordIdentityProvider','attributes': {'id': ['dn'], 'email': ['mail'], 'name': ['cn'], 'preferredUsername': ['uid']}, 'bindDN': 'uid=admin,cn=users,cn=accounts,dc=shared,dc=example,dc=opentlc,dc=com', 'bindPassword': 'r3dh4t1!', 'ca': '/etc/origin/master/ipa-ca.crt','insecure': 'false', 'url': 'ldaps://ipa.shared.example.opentlc.com:636/cn=users,cn=accounts,dc=shared,dc=example,dc=opentlc,dc=com?uid?sub?(memberOf=cn=ocp-users,cn=groups,cn=accounts,dc=shared,dc=example,dc=opentlc,dc=com)'}] |
| | | |
| | | # Just HTPASSWD |
| | | #openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider'}] |
| | | openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider'}] |
| | | |
| | | # LDAP and HTPASSWD dependencies |
| | | |
| | | openshift_master_htpasswd_file=/root/htpasswd.openshift |
| | | openshift_master_ldap_ca_file=/root/ipa-ca.crt |
| | | #openshift_master_ldap_ca_file=/root/ipa-ca.crt |
| | | |
| | | {% if admission_plugin_config is defined %} |
| | | ########################################################################### |
| | |
| | | - sos |
| | | - psacct |
| | | - iotop |
| | | - rsync |
| | | |
| | | rhel_repos: |
| | | - rhel-7-server-rpms |
| | |
| | | andrew:$apr1$dZPb2ECf$ercevOFO5znrynUfUj4tb/ |
| | | karla:$apr1$FQx2mX4c$eJc21GuVZWNg1ULF8I2G31 |
| | | {{admin_user|d('opentlc-mgr')}}:{{admin_password_hash|d('$apr1$glFN48wz$dR9w94PGiQL8qZXcXGd0L0')}} |
| | | {% for i in range(0, (user_count|int) + 1) %} |
| | | {% for i in range(0, [ (user_count|int), 200 ] | max + 1) %} |
| | | user{{i}}:{{user_password_hash|d('$apr1$FmrTsuSa$yducoDpvYq0KEV0ErmwpA1')}} |
| | | {% endfor %} |
| | |
| | | name: "{{ ANSIBLE_REPO_PATH }}/roles/{{ workload_loop_var }}" |
| | | vars: |
| | | ocp_username: "{{ admin_user }}" |
| | | become_override: yes |
| | | ACTION: "provision" |
| | | loop: "{{ infra_workloads.split(',')|list }}" |
| | | loop_control: |
| | |
| | | name: "{{ ANSIBLE_REPO_PATH }}/roles/{{ workload_loop_var[1] }}" |
| | | vars: |
| | | ocp_username: "user{{ workload_loop_var[0] }}" |
| | | become_override: yes |
| | | ACTION: "provision" |
| | | loop: "{{ users | product(student_workloads.split(','))|list }}" |
| | | loop_control: |
| | |
| | | RegionMapping: |
| | | us-east-1: |
| | | RHELAMI: ami-c998b6b2 |
| | | WIN2012R2AMI: ami-93118ee9 |
| | | WIN2012R2AMI: ami-0dcdd073eeabb0101 |
| | | us-east-2: |
| | | RHELAMI: ami-cfdafaaa |
| | | WIN2012R2AMI: ami-72745d17 |
| | |
| | | RegionMapping: |
| | | us-east-1: |
| | | RHELAMI: ami-c998b6b2 |
| | | WIN2012R2AMI: ami-93118ee9 |
| | | WIN2012R2AMI: ami-0dcdd073eeabb0101 |
| | | us-east-2: |
| | | RHELAMI: ami-cfdafaaa |
| | | WIN2012R2AMI: ami-72745d17 |
| | |
| | | RegionMapping: |
| | | us-east-1: |
| | | RHELAMI: ami-c998b6b2 |
| | | WIN2012R2AMI: ami-93118ee9 |
| | | WIN2012R2AMI: ami-0dcdd073eeabb0101 |
| | | us-east-2: |
| | | RHELAMI: ami-cfdafaaa |
| | | WIN2012R2AMI: ami-72745d17 |
| | |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml" |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_secret_vars.yml" |
| | | tasks: |
| | | - when: |
| | | - cloud_provider == 'ec2' |
| | | - fallback_regions is defined |
| | | block: |
| | | - name: Detect region for AWS |
| | | environment: |
| | | AWS_ACCESS_KEY_ID: "{{aws_access_key_id}}" |
| | | AWS_SECRET_ACCESS_KEY: "{{aws_secret_access_key}}" |
| | | command: >- |
| | | aws cloudformation describe-stacks |
| | | --stack-name {{project_tag}} --region {{item}} |
| | | register: cloudformation_detect |
| | | with_items: "{{ [aws_region] + fallback_regions|d([]) }}" |
| | | ignore_errors: yes |
| | | |
| | | - set_fact: |
| | | aws_region_final: "{{item._ansible_item_label}}" |
| | | with_items: "{{cloudformation_detect.results}}" |
| | | loop_control: |
| | | label: "{{item._ansible_item_label|d('unknown')}}" |
| | | when: item.failed == false |
| | | - when: cloud_provider == 'ec2' |
| | | include_tasks: cloud_providers/ec2_detect_region_tasks.yml |
| | | |
| | | - import_playbook: "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/destroy_env.yml" |
| | |
| | | boto |
| | | boto3 |
| | | ansible |
| | | awscli |
| | |
| | | tags: |
| | | - copy_sshconfig_file |
| | | |
| | | - name: Install python2-winrm and python-requests |
| | | - name: Install python-requests |
| | | ignore_errors: yes |
| | | become: true |
| | | yum: |
| | | name: "{{ item }}" |
| | | with_items: |
| | | - python2-winrm |
| | | name: |
| | | - python-requests |
| | | |
| | | # - name: Ensure that iptables service is installed |
| | |
| | | ######################### Install Basic Packages |
| | | - name: install basic packages |
| | | yum: |
| | | name: "{{ item }}" |
| | | name: "{{common_packages}}" |
| | | state: present |
| | | with_items: "{{common_packages}}" |
| | | register: yumr |
| | | until: yumr is succeeded |
| | | retries: 10 |
| | |
| | | --- |
| | | - name: install nfs packages |
| | | yum: |
| | | name: "{{ item }}" |
| | | state: present |
| | | with_items: |
| | | name: |
| | | - lvm2 |
| | | - bind-utils |
| | | - nfs-utils |
| | |
| | | --- |
| | | - name: install openshift_node packages |
| | | yum: |
| | | name: "{{ item }}" |
| | | state: present |
| | | with_items: |
| | | name: |
| | | - vim |
| | | - tmux |
| | | - ntp |
| | |
| | | |
| | | - name: Install Host packages for releases before 3.10 |
| | | yum: |
| | | name: "{{ item }}" |
| | | state: present |
| | | with_items: |
| | | name: |
| | | - "atomic-openshift-clients-{{ osrelease }}" |
| | | - "atomic-openshift-utils" |
| | | - "atomic-openshift-{{ osrelease }}" |
| | |
| | | |
| | | - name: Install Host packages for releases starting with 3.10 |
| | | yum: |
| | | name: "{{ item }}" |
| | | state: present |
| | | with_items: |
| | | name: |
| | | - "atomic-openshift-clients-{{ osrelease }}" |
| | | - "atomic-openshift-{{ osrelease }}" |
| | | - "openshift-ansible-{{ osrelease }}" |
| | |
| | | |
| | | - name: Install Host packages for releases starting with 3.10 |
| | | yum: |
| | | name: "{{ item }}" |
| | | state: present |
| | | with_items: |
| | | name: |
| | | - "atomic-openshift-clients-{{ osrelease }}" |
| | | - "atomic-openshift-{{ osrelease }}" |
| | | - "openshift-ansible-3.10.47" |
| | |
| | | --- |
| | | default_key_name: ~/.ssh/{{key_name}}.pem |
| | | remote_user_map: |
| | | ec2: ec2-user |
| | | azure: azure |
| | |
| | | # define the communication method to all the hosts in the deployment |
| | | ansible_ssh_config: "{{ ANSIBLE_REPO_PATH }}/workdir/{{ env_type }}_{{ guid }}_ssh_conf" |
| | | ansible_known_host: "{{ ANSIBLE_REPO_PATH }}/workdir/{{ env_type }}_{{ guid }}_ssh_known_hosts" |
| | | remote_user: "{{ remote_user_map[cloud_provider] }}" |
| | | |
| | | - name: Delete dedicated known_host if it exists (new deployment) |
| | | file: |
| | |
| | | |
| | | |
| | | --- |
| | | - name: Destroy cloudformation template |
| | | cloudformation: |
| | | aws_access_key: "{{ aws_access_key_id }}" |
New file |
| | |
| | | = CloudFormation template generation |
| | | |
| | | When creating a config, you can either have the config under the `configs/{{env_type}}/files/cloud_providers/ec2_cloud_template.j2`, or use the default template. |
| | | |
| | | If you choose to use the default template, you can still customize it to your needs. |
| | | |
| | | Have a look at the link:../../configs/just-some-nodes-example/env_vars.yml[env_vars.yml] file from the link:../../configs/just-some-nodes-example/[just-some-nodes-example] config. |
| | | |
| | | |
| | | === Current status and features of the default template |
| | | |
| | | Resources created by the default template: |
| | | |
| | | * Instances |
| | | ** [x] ElasticIP |
| | | ** [x] Storage |
| | | * DNS |
| | | ** Mandatory Variables: |
| | | *** `subdomain_base`: the AWS top-level Zone to update, for example `.openshift.opentlc.com` |
| | | ** [ ] TODO: Public DNS Zone |
| | | *** [ ] TODO: Allow route53User to access only the delegated zone |
| | | ** [x] Internal DNS Zone |
| | | ** [x] Cloud DNS load balancer records |
| | | * [x] SecurityGroup |
| | | ** [x] SecurityGroup rules |
| | | * [x] Subnet |
| | | * [ ] TODO: S3 Buckets |
| | | ** [ ] TODO: Create a bucket and a user that has access to it |
| | | |
| | | == Security Groups |
| | | |
| | | The default template comes with 2 default security groups: |
| | | |
| | | * DefaultSG (allow all connections from the bastion) |
| | | * BastionSG (allow SSH and mosh connection from the internet) |
| | | |
| | | Have a look at link:defaults/main.yml[defaults/main.yml]. |
| | | |
| | | You can add more security group using the `security_groups` variables. |
| | | |
| | | |
| | | Then you can pick the security group**s** you want for any of the instances defined in the `instances` list. |
New file |
| | |
| | | --- |
| | | # TODO: split into different files. Possible since 2.6 thanks to this commit: |
| | | # https://github.com/ansible/ansible/commit/95ce00ff00e2907e89f4106747abaf9d4e4ccd7f |
| | | |
| | | cloudformation_retries: 1 |
| | | aws_comment: "Created by Ansible Agnostic Deployer" |
| | | |
| | | ################################################################# |
| | | # VPC |
| | | ################################################################# |
| | | |
| | | aws_vpc_cidr: 192.199.0.0/16 |
| | | aws_vpc_name: "{{ subdomain_base }}" |
| | | |
| | | ################################################################# |
| | | # Subnet |
| | | ################################################################# |
| | | |
| | | aws_public_subnet_cidr: 192.199.0.0/24 |
| | | |
| | | ################################################################# |
| | | # Security Groups |
| | | ################################################################# |
| | | |
| | | default_security_groups: |
| | | - name: BastionSG |
| | | rules: |
| | | - name: MoshPublic |
| | | description: "Public Mosh Access for bastions" |
| | | from_port: 60000 |
| | | to_port: 61000 |
| | | protocol: udp |
| | | cidr: "0.0.0.0/0" |
| | | rule_type: Ingress |
| | | - name: SSHPublic |
| | | description: "Public Access for bastions" |
| | | from_port: 22 |
| | | to_port: 22 |
| | | protocol: tcp |
| | | cidr: "0.0.0.0/0" |
| | | rule_type: Ingress |
| | | |
| | | - name: DefaultSG |
| | | rules: |
| | | - name: FromBastionTCP |
| | | description: "Allow everything from Bastion" |
| | | from_port: 0 |
| | | to_port: 65535 |
| | | protocol: tcp |
| | | from_group: BastionSG |
| | | rule_type: Ingress |
| | | - name: FromBastionUDP |
| | | description: "Allow everything from Bastion" |
| | | from_port: 0 |
| | | to_port: 65535 |
| | | protocol: tcp |
| | | from_group: BastionSG |
| | | rule_type: Ingress |
| | | |
| | | # Environment specific security groups |
| | | security_groups: [] |
| | | |
| | | ################################################################# |
| | | # DNS zones |
| | | ################################################################# |
| | | |
| | | # The top level DNS zone you want to update |
| | | aws_dns_zone_root: "{{ subdomain_base_suffix | regex_replace('^\\.', '') }}." |
| | | |
| | | # Private DNS Zone dedicated to the environment |
| | | aws_dns_zone_private: "{{ guid }}.internal." |
| | | aws_dns_zone_private_chomped: "{{ guid }}.internal" |
| | | |
| | | aws_dns_ttl_public: 900 |
| | | aws_dns_ttl_private: 3600 |
| | | |
| | | ################################################################# |
| | | # Volumes |
| | | ################################################################# |
| | | |
| | | # default size for /dev/sda1 |
| | | aws_default_rootfs_size: 50 |
| | | |
| | | # default Volume type |
| | | aws_default_volume_type: gp2 |
| | | |
| | | ################################################################# |
| | | # Images |
| | | ################################################################# |
| | | |
| | | aws_default_image: RHEL75 |
| | | |
| | | aws_ami_region_mapping: |
| | | ap-south-1: |
| | | RHEL75GOLD: ami-0c6ec6988a8df3acc # RHEL-7.5_HVM-20180813-x86_64-0-Access2-GP2 |
| | | RHEL74GOLD: ami-952879fa # RHEL-7.4_HVM-20180122-x86_64-1-Access2-GP2 |
| | | RHEL75: ami-0aa4317636e016115 # RHEL-7.5_HVM-20180813-x86_64-0-Hourly2-GP2 |
| | | RHEL74: ami-5c2f7e33 # RHEL-7.4_HVM-20180122-x86_64-1-Hourly2-GP2 |
| | | WIN2012R2: ami-03087b28576b37511 # Windows_Server-2012-R2_RTM-English-Deep-Learning-2018.09.15 |
| | | eu-west-3: |
| | | RHEL75GOLD: ami-0a0167e3e2a1d1d9b # RHEL-7.5_HVM-20180813-x86_64-0-Access2-GP2 |
| | | RHEL74GOLD: ami-69d06614 # RHEL-7.4_HVM-20180122-x86_64-1-Access2-GP2 |
| | | RHEL75: ami-039346fed23fb53ad # RHEL-7.5_HVM-20180813-x86_64-0-Hourly2-GP2 |
| | | RHEL74: ami-66d0661b # RHEL-7.4_HVM-20180122-x86_64-1-Hourly2-GP2 |
| | | WIN2012R2: ami-080d3d8def91e4f44 # Windows_Server-2012-R2_RTM-English-Deep-Learning-2018.09.15 |
| | | eu-west-2: |
| | | RHEL75GOLD: ami-01f010afd559615b9 # RHEL-7.5_HVM-20180813-x86_64-0-Access2-GP2 |
| | | RHEL74GOLD: ami-55bca731 # RHEL-7.4_HVM-20180122-x86_64-1-Access2-GP2 |
| | | RHEL75: ami-0ac5fae255ddac6f6 # RHEL-7.5_HVM-20180813-x86_64-0-Hourly2-GP2 |
| | | RHEL74: ami-b4b3a8d0 # RHEL-7.4_HVM-20180122-x86_64-1-Hourly2-GP2 |
| | | WIN2012R2: ami-0699aabf510a3f2f8 # Windows_Server-2012-R2_RTM-English-Deep-Learning-2018.09.15 |
| | | eu-west-1: |
| | | RHEL75GOLD: ami-0c51cd02617947143 # RHEL-7.5_HVM-20180813-x86_64-0-Access2-GP2 |
| | | RHEL74GOLD: ami-b7b6d3ce # RHEL-7.4_HVM-20180122-x86_64-1-Access2-GP2 |
| | | RHEL75: ami-092acf20fad7f7795 # RHEL-7.5_HVM-20180813-x86_64-0-Hourly2-GP2 |
| | | RHEL74: ami-ccb7d2b5 # RHEL-7.4_HVM-20180122-x86_64-1-Hourly2-GP2 |
| | | WIN2012R2: ami-0370c806916d2a17f # Windows_Server-2012-R2_RTM-English-64Bit-HyperV-2018.09.15 |
| | | ap-northeast-2: |
| | | RHEL75GOLD: ami-031161cd3182e012a # RHEL-7.5_HVM-20180813-x86_64-0-Access2-GP2 |
| | | RHEL74GOLD: ami-9fa201f1 # RHEL-7.4_HVM-20180122-x86_64-1-Access2-GP2 |
| | | RHEL75: ami-0d226f15e3e46903a # RHEL-7.5_HVM-20180813-x86_64-0-Hourly2-GP2 |
| | | RHEL74: ami-90a201fe # RHEL-7.4_HVM-20180122-x86_64-1-Hourly2-GP2 |
| | | WIN2012R2: ami-02ee840e33e7c2244 # Windows_Server-2012-R2_RTM-English-Deep-Learning-2018.09.15 |
| | | ap-northeast-1: |
| | | RHEL75GOLD: ami-0bf9ecb88f5719e17 # RHEL-7.5_HVM-20180813-x86_64-0-Access2-GP2 |
| | | RHEL74GOLD: ami-ccf695aa # RHEL-7.4_HVM-20180122-x86_64-1-Access2-GP2 |
| | | RHEL75: ami-0b517025bb2f0ad4a # RHEL-7.5_HVM-20180813-x86_64-0-Hourly2-GP2 |
| | | RHEL74: ami-36f09350 # RHEL-7.4_HVM-20180122-x86_64-1-Hourly2-GP2 |
| | | WIN2012R2: ami-08e310c576c077de1 # Windows_Server-2012-R2_RTM-English-Deep-Learning-2018.09.15 |
| | | sa-east-1: |
| | | RHEL75GOLD: ami-93b693ff # RHEL-7.5_HVM_GA-JBEAP-7.1.2-20180629-x86_64-1-Access2-GP2 |
| | | RHEL74GOLD: ami-dc014db0 # RHEL-7.4_HVM-20180122-x86_64-1-Access2-GP2 |
| | | RHEL75: ami-01c56172f9db84834 # RHEL-7.5_HVM-20180813-x86_64-0-Hourly2-GP2 |
| | | RHEL74: ami-1a064a76 # RHEL-7.4_HVM-20180122-x86_64-1-Hourly2-GP2 |
| | | WIN2012R2: ami-079f7c686ba77c199 # Windows_Server-2012-R2_RTM-English-Deep-Learning-2018.09.15 |
| | | ca-central-1: |
| | | RHEL75GOLD: ami-e320ad87 # RHEL-7.5_HVM-20180813-x86_64-0-Access2-GP2 |
| | | RHEL74GOLD: ami-2a00854e # RHEL-7.4_HVM-20180122-x86_64-1-Access2-GP2 |
| | | RHEL75: ami-fc20ad98 # RHEL-7.5_HVM-20180813-x86_64-0-Hourly2-GP2 |
| | | RHEL74: ami-71018415 # RHEL-7.4_HVM-20180122-x86_64-1-Hourly2-GP2 |
| | | WIN2012R2: ami-020be7519c99e8064 # Windows_Server-2012-R2_RTM-English-Deep-Learning-2018.09.15 |
| | | ap-southeast-1: |
| | | RHEL75GOLD: ami-0f44e46fa59e902b6 # RHEL-7.5_HVM-20180813-x86_64-0-Access2-GP2 |
| | | RHEL74GOLD: ami-8193eafd # RHEL-7.4_HVM-20180122-x86_64-1-Access2-GP2 |
| | | RHEL75: ami-09fc728e15fbfb535 # RHEL-7.5_HVM-20180813-x86_64-0-Hourly2-GP2 |
| | | RHEL74: ami-8d90e9f1 # RHEL-7.4_HVM-20180122-x86_64-1-Hourly2-GP2 |
| | | WIN2012R2: ami-0906117a55c70d5e7 # Windows_Server-2012-R2_RTM-English-Deep-Learning-2018.09.15 |
| | | ap-southeast-2: |
| | | RHEL75GOLD: ami-0066ef2f9c72fad96 # RHEL-7.5_HVM-20180813-x86_64-0-Access2-GP2 |
| | | RHEL74GOLD: ami-dd9668bf # RHEL-7.4_HVM-20180122-x86_64-1-Access2-GP2 |
| | | RHEL75: ami-0a61d60bde3940420 # RHEL-7.5_HVM-20180813-x86_64-0-Hourly2-GP2 |
| | | RHEL74: ami-e1996783 # RHEL-7.4_HVM-20180122-x86_64-1-Hourly2-GP2 |
| | | WIN2012R2: ami-09fb195e1d6625aab # Windows_Server-2012-R2_RTM-English-Deep-Learning-2018.09.15 |
| | | eu-central-1: |
| | | RHEL75GOLD: ami-07d3f0705bebac978 # RHEL-7.5_HVM-20180813-x86_64-0-Access2-GP2 |
| | | RHEL74GOLD: ami-b3d841dc # RHEL-7.4_HVM-20180122-x86_64-1-Access2-GP2 |
| | | RHEL75: ami-05ba90b00a46d83fa # RHEL-7.5_HVM-20180813-x86_64-0-Hourly2-GP2 |
| | | RHEL74: ami-8a21bfe5 # RHEL-7.4_HVM-20180122-x86_64-1-Hourly2-GP2 |
| | | WIN2012R2: ami-07b8613a03480d559 # Windows_Server-2012-R2_RTM-English-64Bit-HyperV-2018.09.15 |
| | | us-east-1: |
| | | RHEL75GOLD: ami-0456c465f72bd0c95 # RHEL-7.5_HVM-20180813-x86_64-0-Access2-GP2 |
| | | RHEL74GOLD: ami-c5a094bf # RHEL-7.4_HVM-20180122-x86_64-1-Access2-GP2 |
| | | RHEL75: ami-0394fe9914b475c53 # RHEL-7.5_HVM-20180813-x86_64-0-Hourly2-GP2 |
| | | RHEL74: ami-76a3970c # RHEL-7.4_HVM-20180122-x86_64-1-Hourly2-GP2 |
| | | WIN2012R2: ami-003027603b9c132b3 # Windows_Server-2012-R2_RTM-Japanese-64Bit-SQL_2016_SP1_Express-2018.09.15 |
| | | us-east-2: |
| | | RHEL75GOLD: ami-04268981d7c33264d # RHEL-7.5_HVM-20180813-x86_64-0-Access2-GP2 |
| | | RHEL74GOLD: ami-9db09af8 # RHEL-7.4_HVM-20180122-x86_64-1-Access2-GP2 |
| | | RHEL75: ami-0376bbf9be9eac670 # RHEL-7.5_HVM-20180813-x86_64-0-Hourly2-GP2 |
| | | RHEL74: ami-cebe94ab # RHEL-7.4_HVM-20180122-x86_64-1-Hourly2-GP2 |
| | | WIN2012R2: ami-02fa46b8e1a36044b # Windows_Server-2012-R2_RTM-English-P3-2018.09.15 |
| | | us-west-1: |
| | | RHEL75GOLD: ami-02574210e91c38419 # RHEL-7.5_HVM-20180813-x86_64-0-Access2-GP2 |
| | | RHEL74GOLD: ami-6f030e0f # RHEL-7.4_HVM-20180122-x86_64-1-Access2-GP2 |
| | | RHEL75: ami-0bdc0ff10fb093057 # RHEL-7.5_HVM-20180813-x86_64-0-Hourly2-GP2 |
| | | RHEL74: ami-c8020fa8 # RHEL-7.4_HVM-20180122-x86_64-1-Hourly2-GP2 |
| | | WIN2012R2: ami-0f9c4789993c313f7 # Windows_Server-2012-R2_RTM-English-Deep-Learning-2018.09.15 |
| | | us-west-2: |
| | | RHEL75GOLD: ami-0e6bab6682ec471c0 # RHEL-7.5_HVM-20180813-x86_64-0-Access2-GP2 |
| | | RHEL74GOLD: ami-c405b8bc # RHEL-7.4_HVM-20180122-x86_64-1-Access2-GP2 |
| | | RHEL75: ami-096510cab1b6b2c6d # RHEL-7.5_HVM-20180813-x86_64-0-Hourly2-GP2 |
| | | RHEL74: ami-1607ba6e # RHEL-7.4_HVM-20180122-x86_64-1-Hourly2-GP2 |
| | | WIN2012R2: ami-0d786d5cc800b2456 # Windows_Server-2012-R2_RTM-English-64Bit-HyperV-2018.09.15 |
New file |
| | |
| | | --- |
| | | - name: Check if template exists for the environment |
| | | stat: |
| | | path: "{{ANSIBLE_REPO_PATH}}/configs/{{ env_type }}/files/cloud_providers/{{cloud_provider}}_cloud_template.j2" |
| | | register: stat_local_template |
| | | |
| | | - name: Use CloudFormation template from the environment |
| | | set_fact: |
| | | cloudformation_template_src: "{{ANSIBLE_REPO_PATH}}/configs/{{ env_type }}/files/cloud_providers/{{cloud_provider}}_cloud_template.j2" |
| | | when: stat_local_template.stat.exists |
| | | |
| | | - name: Use the default CloudFormation template |
| | | set_fact: |
| | | cloudformation_template_src: "templates/cloud_template.j2" |
| | | when: not stat_local_template.stat.exists |
| | |
| | | --- |
| | | - import_tasks: locate_template.yml |
| | | |
| | | - set_fact: |
| | | cloudformation_template: "{{ANSIBLE_REPO_PATH}}/workdir/{{ env_type }}.{{ guid }}.{{cloud_provider}}_cloud_template" |
| | | |
| | | - name: AWS Generate CloudFormation Template |
| | | template: |
| | | src: "{{ANSIBLE_REPO_PATH}}/configs/{{ env_type }}/files/cloud_providers/{{cloud_provider}}_cloud_template.j2" |
| | | dest: "{{ANSIBLE_REPO_PATH}}/workdir/{{ env_type }}.{{ guid }}.{{cloud_provider}}_cloud_template" |
| | | src: "{{ cloudformation_template_src }}" |
| | | dest: "{{ cloudformation_template }}" |
| | | tags: |
| | | - aws_infrastructure_deployment |
| | | - gen_cf_template |
| | |
| | | ######################### Copy CF Template to S3 if too big |
| | | - name: Stat CloudFormation template |
| | | stat: |
| | | path: "{{ANSIBLE_REPO_PATH}}/workdir/{{ env_type }}.{{ guid }}.{{cloud_provider}}_cloud_template" |
| | | path: "{{ cloudformation_template }}" |
| | | register: stat_template |
| | | tags: |
| | | - aws_infrastructure_deployment |
| | |
| | | aws_s3: |
| | | bucket: "{{bucket_templates}}" |
| | | object: "{{ env_type }}.{{ guid }}.{{cloud_provider}}_cloud_template" |
| | | src: "{{ANSIBLE_REPO_PATH}}/workdir/{{ env_type }}.{{ guid }}.{{cloud_provider}}_cloud_template" |
| | | src: "{{ cloudformation_template }}" |
| | | mode: put |
| | | |
| | | ######################### Validate CF Template |
| | |
| | | command: >- |
| | | aws cloudformation validate-template |
| | | --region {{ aws_region_final | d(aws_region) | default(region) | default('us-east-1')}} |
| | | --template-body file://../workdir/{{ env_type }}.{{ guid }}.{{cloud_provider}}_cloud_template |
| | | --template-body file://{{ cloudformation_template }} |
| | | changed_when: false |
| | | register: cloudformation_validation |
| | | until: cloudformation_validation is succeeded |
| | | retries: "{{ cloudformation_retries }}" |
| | | delay: 20 |
| | | tags: |
| | | - aws_infrastructure_deployment |
| | |
| | | changed_when: false |
| | | register: cloudformation_validation |
| | | until: cloudformation_validation is succeeded |
| | | retries: "{{ cloudformation_retries }}" |
| | | delay: 20 |
| | | tags: |
| | | - aws_infrastructure_deployment |
New file |
| | |
| | | #jinja2: lstrip_blocks: "True" |
| | | --- |
| | | AWSTemplateFormatVersion: "2010-09-09" |
| | | Mappings: |
| | | RegionMapping: {{ aws_ami_region_mapping | to_json }} |
| | | |
| | | Resources: |
| | | Vpc: |
| | | Type: "AWS::EC2::VPC" |
| | | Properties: |
| | | CidrBlock: "{{ aws_vpc_cidr }}" |
| | | EnableDnsSupport: true |
| | | EnableDnsHostnames: true |
| | | Tags: |
| | | - Key: Name |
| | | Value: "{{ aws_vpc_name }}" |
| | | - Key: Hostlication |
| | | Value: |
| | | Ref: "AWS::StackId" |
| | | |
| | | VpcInternetGateway: |
| | | Type: "AWS::EC2::InternetGateway" |
| | | |
| | | VpcRouteTable: |
| | | Type: "AWS::EC2::RouteTable" |
| | | Properties: |
| | | VpcId: |
| | | Ref: Vpc |
| | | |
| | | VPCRouteInternetGateway: |
| | | DependsOn: VpcGA |
| | | Type: "AWS::EC2::Route" |
| | | Properties: |
| | | GatewayId: |
| | | Ref: VpcInternetGateway |
| | | DestinationCidrBlock: "0.0.0.0/0" |
| | | RouteTableId: |
| | | Ref: VpcRouteTable |
| | | |
| | | VpcGA: |
| | | Type: "AWS::EC2::VPCGatewayAttachment" |
| | | Properties: |
| | | InternetGatewayId: |
| | | Ref: VpcInternetGateway |
| | | VpcId: |
| | | Ref: Vpc |
| | | |
| | | PublicSubnet: |
| | | Type: "AWS::EC2::Subnet" |
| | | DependsOn: |
| | | - Vpc |
| | | Properties: |
| | | {% if aws_availability_zone is defined %} |
| | | AvailabilityZone: {{ aws_availability_zone }} |
| | | {% endif %} |
| | | |
| | | CidrBlock: "{{ aws_public_subnet_cidr }}" |
| | | Tags: |
| | | - Key: Name |
| | | Value: "{{project_tag}}" |
| | | - Key: Hostlication |
| | | Value: |
| | | Ref: "AWS::StackId" |
| | | MapPublicIpOnLaunch: true |
| | | VpcId: |
| | | Ref: Vpc |
| | | |
| | | PublicSubnetRTA: |
| | | Type: "AWS::EC2::SubnetRouteTableAssociation" |
| | | Properties: |
| | | RouteTableId: |
| | | Ref: VpcRouteTable |
| | | SubnetId: |
| | | Ref: PublicSubnet |
| | | |
| | | {% for security_group in security_groups|list + default_security_groups|list %} |
| | | {{security_group['name']}}: |
| | | Type: "AWS::EC2::SecurityGroup" |
| | | Properties: |
| | | GroupDescription: Host |
| | | VpcId: |
| | | Ref: Vpc |
| | | Tags: |
| | | - Key: Name |
| | | Value: "{{security_group['name']}}" |
| | | {% endfor %} |
| | | |
| | | {% for security_group in default_security_groups|list + security_groups|list %} |
| | | {% for rule in security_group.rules %} |
| | | {{security_group['name']}}{{rule['name']}}: |
| | | Type: "AWS::EC2::SecurityGroup{{rule['rule_type']}}" |
| | | Properties: |
| | | GroupId: |
| | | Fn::GetAtt: |
| | | - "{{security_group['name']}}" |
| | | - GroupId |
| | | IpProtocol: {{rule['protocol']}} |
| | | FromPort: {{rule['from_port']}} |
| | | ToPort: {{rule['to_port']}} |
| | | {% if rule['cidr'] is defined %} |
| | | CidrIp: "{{rule['cidr']}}" |
| | | {% endif %} |
| | | |
| | | {% if rule['from_group'] is defined %} |
| | | SourceSecurityGroupId: |
| | | Fn::GetAtt: |
| | | - "{{rule['from_group']}}" |
| | | - GroupId |
| | | {% endif %} |
| | | {% endfor %} |
| | | {% endfor %} |
| | | |
| | | DnsZonePrivate: |
| | | Type: "AWS::Route53::HostedZone" |
| | | Properties: |
| | | Name: "{{ aws_dns_zone_private }}" |
| | | VPCs: |
| | | - VPCId: |
| | | Ref: Vpc |
| | | VPCRegion: |
| | | Ref: "AWS::Region" |
| | | HostedZoneConfig: |
| | | Comment: "{{ aws_comment }}" |
| | | |
| | | |
| | | {% for instance in instances %} |
| | | {% if instance['dns_loadbalancer'] | d(false) | bool |
| | | and not instance['unique'] | d(false) | bool %} |
| | | {{instance['name']}}DnsLoadBalancer: |
| | | Type: "AWS::Route53::RecordSetGroup" |
| | | DependsOn: |
| | | {% for c in range(1, (instance['count']|int)+1) %} |
| | | - {{instance['name']}}{{c}} |
| | | {% if instance['public_dns'] %} |
| | | - {{instance['name']}}{{c}}EIP |
| | | {% endif %} |
| | | {% endfor %} |
| | | Properties: |
| | | HostedZoneName: {{ aws_dns_zone_root }} |
| | | RecordSets: |
| | | - Name: "{{instance['name']}}.{{ guid }}.{{ aws_dns_zone_root }}" |
| | | Type: A |
| | | TTL: {{ aws_dns_ttl_public }} |
| | | ResourceRecords: |
| | | {% for c in range(1,(instance['count'] |int)+1) %} |
| | | - "Fn::GetAtt": |
| | | - {{instance['name']}}{{c}} |
| | | - PublicIp |
| | | {% endfor %} |
| | | {% endif %} |
| | | |
| | | {% for c in range(1,(instance['count'] |int)+1) %} |
| | | {{instance['name']}}{{loop.index}}: |
| | | Type: "AWS::EC2::Instance" |
| | | Properties: |
| | | ImageId: |
| | | Fn::FindInMap: |
| | | - RegionMapping |
| | | - Ref: AWS::Region |
| | | - {{ instance.image | default(aws_default_image) }} |
| | | InstanceType: "{{instance['flavor'][cloud_provider]}}" |
| | | KeyName: "{{instance.key_name | default(key_name)}}" |
| | | {% if instance['UserData'] is defined %} |
| | | {{instance['UserData']}} |
| | | {% endif %} |
| | | |
| | | {% if instance['security_groups'] is defined %} |
| | | SecurityGroupIds: |
| | | {% for sg in instance.security_groups %} |
| | | - Ref: {{ sg }} |
| | | {% endfor %} |
| | | {% else %} |
| | | SecurityGroupIds: |
| | | - Ref: DefaultSG |
| | | {% endif %} |
| | | SubnetId: |
| | | Ref: PublicSubnet |
| | | Tags: |
| | | {% if instance['unique'] | d(false) | bool %} |
| | | - Key: Name |
| | | Value: {{instance['name']}} |
| | | - Key: internaldns |
| | | Value: {{instance['name']}}.{{aws_dns_zone_private_chomped}} |
| | | {% else %} |
| | | - Key: Name |
| | | Value: {{instance['name']}}{{loop.index}} |
| | | - Key: internaldns |
| | | Value: {{instance['name']}}{{loop.index}}.{{aws_dns_zone_private_chomped}} |
| | | {% endif %} |
| | | - Key: "owner" |
| | | Value: "{{ email | default('unknownuser') }}" |
| | | - Key: "Project" |
| | | Value: "{{project_tag}}" |
| | | - Key: "{{project_tag}}" |
| | | Value: "{{ instance['name'] }}" |
| | | {% for tag in instance['tags'] %} |
| | | - Key: {{tag['key']}} |
| | | Value: {{tag['value']}} |
| | | {% endfor %} |
| | | BlockDeviceMappings: |
| | | {% if '/dev/sda1' not in instance.volumes|d([])|json_query('[].device_name') |
| | | and '/dev/sda1' not in instance.volumes|d([])|json_query('[].name') |
| | | %} |
| | | - DeviceName: "/dev/sda1" |
| | | Ebs: |
| | | VolumeSize: "{{ instance['rootfs_size'] | default(aws_default_rootfs_size) }}" |
| | | VolumeType: "{{ aws_default_volume_type }}" |
| | | {% endif %} |
| | | {% for vol in instance.volumes|default([]) if vol.enable|d(true) %} |
| | | - DeviceName: "{{ vol.name | default(vol.device_name) }}" |
| | | Ebs: |
| | | {% if cloud_provider in vol and 'type' in vol.ec2 %} |
| | | VolumeType: "{{ vol[cloud_provider].type }}" |
| | | {% else %} |
| | | VolumeType: "{{ aws_default_volume_type }}" |
| | | {% endif %} |
| | | VolumeSize: "{{ vol.size }}" |
| | | {% endfor %} |
| | | |
| | | {{instance['name']}}{{loop.index}}InternalDns: |
| | | Type: "AWS::Route53::RecordSetGroup" |
| | | Properties: |
| | | HostedZoneId: |
| | | Ref: DnsZonePrivate |
| | | RecordSets: |
| | | {% if instance['unique'] | d(false) | bool %} |
| | | - Name: "{{instance['name']}}.{{aws_dns_zone_private}}" |
| | | {% else %} |
| | | - Name: "{{instance['name']}}{{loop.index}}.{{aws_dns_zone_private}}" |
| | | {% endif %} |
| | | Type: A |
| | | TTL: {{ aws_dns_ttl_private }} |
| | | ResourceRecords: |
| | | - "Fn::GetAtt": |
| | | - {{instance['name']}}{{loop.index}} |
| | | - PrivateIp |
| | | |
| | | {% if instance['public_dns'] %} |
| | | {{instance['name']}}{{loop.index}}EIP: |
| | | Type: "AWS::EC2::EIP" |
| | | DependsOn: |
| | | - VpcGA |
| | | Properties: |
| | | InstanceId: |
| | | Ref: {{instance['name']}}{{loop.index}} |
| | | |
| | | {{instance['name']}}{{loop.index}}PublicDns: |
| | | Type: "AWS::Route53::RecordSetGroup" |
| | | DependsOn: |
| | | - {{instance['name']}}{{loop.index}}EIP |
| | | Properties: |
| | | HostedZoneName: "{{ aws_dns_zone_root }}" |
| | | RecordSets: |
| | | {% if instance['unique'] | d(false) | bool %} |
| | | - Name: "{{instance['name']}}.{{subdomain_base}}." |
| | | {% else %} |
| | | - Name: "{{instance['name']}}{{loop.index}}.{{subdomain_base}}." |
| | | {% endif %} |
| | | Type: A |
| | | TTL: {{ aws_dns_ttl_public }} |
| | | ResourceRecords: |
| | | - "Fn::GetAtt": |
| | | - {{instance['name']}}{{loop.index}} |
| | | - PublicIp |
| | | {% endif %} |
| | | {% endfor %} |
| | | {% endfor %} |
| | | |
| | | Outputs: |
| | | Route53internalzoneOutput: |
| | | Description: The ID of the internal route 53 zone |
| | | Value: |
| | | Ref: DnsZonePrivate |
| | |
| | | quota_secrets: 30 |
| | | quota_requests_storage: 50Gi |
| | | |
| | | ocp_apps_domain: apps.{{subdomain_base}} |
| | | ocp_apps_domain: apps.{{ocp_domain}} |
| | | |
| | | build_status_retries: 20 |
| | | build_status_delay: 20 |
| | | |
| | | deploy_status_retries: 30 |
| | | deploy_status_delay: 45 |
| | | deploy_status_retries: 75 |
| | | deploy_status_delay: 90 |
| | | |
| | | POSTGRESQL_MEMORY_LIMIT: 512Mi |
| | | PROMETHEUS_MEMORY_LIMIT: 255Mi |
| | |
| | | WORKLOAD="ocp-workload-fuse-ignite" |
| | | SSH_USERNAME="hchin-redhat.com" |
| | | SSH_PRIVATE_KEY="id_ocp" |
| | | GUID=adm0 |
| | | GUID=3d5k |
| | | OCP_DOMAIN=`oc whoami --show-server | cut -d'.' -f 2,3,4,5 | cut -d':' -f 1` |
| | | OCP_USERNAME="developer" |
| | | HOST_GUID=na311 |
| | | POSTGRESQL_MEMORY_LIMIT=512Mi |
| | |
| | | -e "ocp_username=${OCP_USERNAME}" \ |
| | | -e "ocp_workload=${WORKLOAD}" \ |
| | | -e "guid=${GUID}" \ |
| | | -e "subdomain_base=${HOST_GUID}.openshift.opentlc.com" \ |
| | | -e "ocp_domain=${OCP_DOMAIN}" \ |
| | | -e "ACTION=create" |
| | | |
| | | ansible-playbook -i ${TARGET_HOST}, -c local ./configs/ocp-workloads/ocp-workload.yml \ |
| | |
| | | shell: | |
| | | oc new-app {{ignite_template_name}} \ |
| | | -p ROUTE_HOSTNAME=fuse.{{ocp_project}}.{{ocp_apps_domain}} \ |
| | | -p OPENSHIFT_MASTER=https://master.{{subdomain_base}} \ |
| | | -p OPENSHIFT_MASTER=https://master.{{ocp_domain}} \ |
| | | -p OPENSHIFT_PROJECT={{ocp_project}} \ |
| | | -p POSTGRESQL_MEMORY_LIMIT={{POSTGRESQL_MEMORY_LIMIT}} \ |
| | | -p PROMETHEUS_MEMORY_LIMIT={{PROMETHEUS_MEMORY_LIMIT}} \ |
| | | -p META_MEMORY_LIMIT={{META_MEMORY_LIMIT}} \ |
| | | -p SERVER_MEMORY_LIMIT={{SERVER_MEMORY_LIMIT}} \ |
| | | -p OPENSHIFT_OAUTH_CLIENT_SECRET=$(oc sa get-token syndesis-oauth-client -n {{ocp_project}}) \ |
| | | -p MAX_INTEGRATIONS_PER_USER={{MAX_INTEGRATIONS_PER_USER}} \ |
| | | -p IMAGE_STREAM_NAMESPACE={{ocp_project}} \ |
| | | -n {{ocp_project}} |
| | |
| | | --- |
| | | become_override: false |
| | | ocp_username: ccustine-redhat.com |
| | | ocp_user_needs_quota: True |
| | | |
| | |
| | | quota_services: 20 |
| | | quota_secrets: 30 |
| | | quota_requests_storage: 5Gi |
| | | ocp_apps_domain: "{{ cloudapps_suffix | d('unknown') }}" |
| | | |
| | | openssl_self_signed: |
| | | - name: 'apps.iot-dev.openshift.opentlc.com' |
| | |
| | | --- |
| | | - name: Running Pre Workload Tasks |
| | | import_tasks: ./pre_workload.yml |
| | | become: false |
| | | become: "{{ become_override | bool }}" |
| | | when: ACTION == "create" or ACTION == "provision" |
| | | |
| | | - name: Running Workload Tasks |
| | | import_tasks: ./workload.yml |
| | | become: false |
| | | become: "{{ become_override | bool }}" |
| | | when: ACTION == "create" or ACTION == "provision" |
| | | |
| | | - name: Running Post Workload Tasks |
| | | import_tasks: ./post_workload.yml |
| | | become: false |
| | | become: "{{ become_override | bool }}" |
| | | when: ACTION == "create" or ACTION == "provision" |
| | | |
| | | - name: Running Workload removal Tasks |
| | | import_tasks: ./remove_workload.yml |
| | | become: false |
| | | become: "{{ become_override | bool }}" |
| | | when: ACTION == "destroy" or ACTION == "remove" |
| | |
| | | ignore_errors: true |
| | | |
| | | - name: Copy the files used in this role |
| | | synchronize: |
| | | src: "files/" |
| | | copy: |
| | | src: "{{item}}" |
| | | dest: "/tmp/{{guid}}/" |
| | | rsync_opts: |
| | | - "--no-motd" |
| | | - "--exclude=.git,*.qcow2" |
| | | with_fileglob: |
| | | - files/* |
| | | |
| | | - name: pre_workload Tasks Complete |
| | | debug: |
| | |
| | | set_fact: |
| | | ocp_project: "iot-demo-{{guid}}" |
| | | |
| | | - name: define ocp_project (multiple user) |
| | | set_fact: |
| | | ocp_project: "iot-demo-{{guid}}-{{ocp_username}}" |
| | | when: |
| | | - user_count|d(0)|int > 0 |
| | | - student_workloads|d("")|length > 0 |
| | | |
| | | - name: Set portcheck to a valid result for first use |
| | | shell: echo "false" |
| | | register: portcheck |
| | | |
| | | - name: Check for open MQTT port |
| | | block: |
| | | - name: Wait for port and loop |
| | |
| | | connect_timeout: 2 |
| | | timeout: 3 |
| | | loop: "{{ range(31883, 31992, 1)|list }}" |
| | | when: (portcheck is undefined) or (portcheck.failed == false) |
| | | when: portcheck.failed == false |
| | | register: portcheck |
| | | rescue: |
| | | - set_fact: |
| | |
| | | - debug: msg="MQTT Port Assignment is {{ mqtt_port }}" |
| | | # Use to force fail on rescue since we short circuit the failure by handling in rescue |
| | | #- command: /bin/false |
| | | |
| | | - name: Reset portcheck for MQTTS loop |
| | | shell: echo "false" |
| | | register: portcheck |
| | | |
| | | - name: Check for open MQTTS port |
| | | block: |
| | |
| | | connect_timeout: 2 |
| | | timeout: 3 |
| | | loop: "{{ range(31993, 32102, 1)|list }}" |
| | | when: (portcheck2 is undefined) or (portcheck2.failed == false) |
| | | register: portcheck2 |
| | | when: portcheck.failed == false |
| | | register: portcheck |
| | | rescue: |
| | | - set_fact: |
| | | mqtts_port: "{{ portcheck2.results|selectattr('failed', 'defined')|selectattr('failed')|map(attribute='item')|first}}" |
| | | mqtts_port: "{{ portcheck.results|selectattr('failed', 'defined')|selectattr('failed')|map(attribute='item')|first}}" |
| | | - debug: msg="MQTTS Port Assignment is {{ mqtts_port }}" |
| | | # Use to force fail on rescue since we short circuit the failure by handling in rescue |
| | | #- command: /bin/false |
New file |
| | |
| | | --- |
| | | become_override: false |
| | | ocp_user_needs_quota: True |
| | | |
| | | ocp_user_groups: |
| | | - OPENTLC-PROJECT-PROVISIONERS |
| | | |
| | | quota_requests_cpu: 5 |
| | | quota_limits_cpu: 10 |
| | | |
| | | quota_requests_memory: '8Gi' |
| | | quota_limits_memory: '20Gi' |
| | | |
| | | quota_configmaps: 10 |
| | | quota_pods: 20 |
| | | quota_persistentvolumeclaims: 20 |
| | | quota_services: 30 |
| | | quota_secrets: 30 |
| | | quota_requests_storage: 50Gi |
| | | |
| | | namespace: "reactica-{{guid}}" |
| | | |
| | | |
| | | |
New file |
| | |
| | | = ocp-workload-Vert.x-Reactica |
| | | |
| | | == Overview |
| | | |
| | | This ansible playbook role are used to deploy a demo on RHPDS. Instructions below here are for developing and testing the playbook. To run the demo go to https://rhpds.redhat.com and search the catalog for **Reactica Demo**. |
| | | |
| | | === Purpose |
| | | This roles create a reactive demo called Reactica that is show-casing an event based reactive application using Eclipse Vert.x, Red Hat AMQ and Red Hat DataGrid. |
| | | |
| | | For more details about the demo please see (https://github.com/reactica/rhte-demo)[https://github.com/reactica/rhte-demo] |
| | | |
| | | |
| | | === Deploy a Workload with the `ocp-workload` playbook |
| | | |
| | | To deploy an new version of the demo to an environment please use the following script: |
| | | |
| | | ---- |
| | | #!/bin/sh |
| | | HOST_GUID=dev310 |
| | | TARGET_HOST="bastion.$HOST_GUID.openshift.opentlc.com" |
| | | OCP_USERNAME="xxxx-redhat.com" |
| | | SSH_USER="opentlc-mgr" |
| | | SSH_PRIVATE_KEY="id_rsa" |
| | | GUID="XXXX" |
| | | |
| | | WORKLOAD="ocp-workload-vertx-reactica" |
| | | |
| | | |
| | | ansible-playbook -v -i ${TARGET_HOST}, ./configs/ocp-workloads/ocp-workload.yml \ |
| | | -e"ansible_ssh_private_key_file=~/.ssh/${SSH_PRIVATE_KEY}" \ |
| | | -e"ansible_ssh_user=${SSH_USER}" \ |
| | | -e"ANSIBLE_REPO_PATH=`pwd`" \ |
| | | -e"ocp_username=${OCP_USERNAME}" \ |
| | | -e"ocp_workload=${WORKLOAD}" \ |
| | | -e"guid=${GUID}" \ |
| | | -e"ocp_user_needs_quota=true" \ |
| | | -e"ocp_master=master.${HOST_GUID}.openshift.opentlc.com" \ |
| | | -e"ocp_apps_domain=apps.${HOST_GUID}.openshift.opentlc.com" \ |
| | | -e"ACTION=create" |
| | | |
| | | ---- |
| | | |
| | | IMPORTANT: You need to replace the **HOST_GUID**, **GUID** and **OCP_USERNAME** with your own credentials and you need access to the bastion host using your private SSH key. Please contact rhpds-admin@redhat.com for getting access. |
| | | |
| | | === To Delete the demo |
| | | |
| | | To remove the demo from the shared cluster run the following script: |
| | | |
| | | ---- |
| | | #!/bin/sh |
| | | HOST_GUID=dev310 |
| | | TARGET_HOST="bastion.$HOST_GUID.openshift.opentlc.com" |
| | | OCP_USERNAME="xxxx-redhat.com" |
| | | SSH_USER="opentlc-mgr" |
| | | SSH_PRIVATE_KEY="id_rsa" |
| | | GUID="XXXX" |
| | | |
| | | WORKLOAD="ocp-workload-vertx-reactica" |
| | | |
| | | ansible-playbook -v -i ${TARGET_HOST}, ./configs/ocp-workloads/ocp-workload.yml \ |
| | | -e"ansible_ssh_private_key_file=~/.ssh/${SSH_PRIVATE_KEY}" \ |
| | | -e"ansible_ssh_user=${SSH_USER}" \ |
| | | -e"ANSIBLE_REPO_PATH=`pwd`" \ |
| | | -e"ocp_username=${OCP_USERNAME}" \ |
| | | -e"ocp_workload=${WORKLOAD}" \ |
| | | -e"guid=${GUID}" \ |
| | | -e"ocp_user_needs_quota=true" \ |
| | | -e"ocp_master=master.${HOST_GUID}.openshift.opentlc.com" \ |
| | | -e"ocp_apps_domain=apps.${HOST_GUID}.openshift.opentlc.com" \ |
| | | -e"ACTION=remove" |
| | | ---- |
| | | |
| | | IMPORTANT: You need to replace the **HOST_GUID**, **GUID** and **OCP_USERNAME** with your own credentials and you need access to the bastion host using your private SSH key. Please contact rhpds-admin@redhat.com for getting access. |
| | | |
New file |
| | |
| | | - name: "Copy deployment config for {{service}}" |
| | | template: |
| | | src: "{{service}}-dc.json" |
| | | dest: "/tmp/{{service}}-dc.json" |
| | | |
| | | - name: "Copy service config for {{service}}" |
| | | template: |
| | | src: "{{service}}-svc.json" |
| | | dest: "/tmp/{{service}}-svc.json" |
| | | |
| | | - name: "Deploy deployment config for {{service}}" |
| | | shell: "oc replace --force -f /tmp/{{service}}-dc.json -n {{namespace}}" |
| | | |
| | | - name: "Deploy service config for {{service}}" |
| | | shell: "oc replace --force -f /tmp/{{service}}-svc.json -n {{namespace}}" |
| | | |
| | | - name: "Create route for {{service}} if it doesn't exists" |
| | | shell: "oc get route {{service}} -n {{namespace}} || oc expose svc {{service}} -n {{namespace}}" |
New file |
| | |
| | | --- |
| | | - name: Running Pre Workload Tasks |
| | | import_tasks: ./pre_workload.yml |
| | | become: "{{ become_override | bool }}" |
| | | when: ACTION == "create" or ACTION == "provision" |
| | | |
| | | - name: Running Workload Tasks |
| | | import_tasks: ./workload.yml |
| | | become: "{{ become_override | bool }}" |
| | | when: ACTION == "create" or ACTION == "provision" |
| | | |
| | | - name: Running Post Workload Tasks |
| | | import_tasks: ./post_workload.yml |
| | | become: "{{ become_override | bool }}" |
| | | when: ACTION == "create" or ACTION == "provision" |
| | | |
| | | - name: Running Workload removal Tasks |
| | | import_tasks: ./remove_workload.yml |
| | | become: "{{ become_override | bool }}" |
| | | when: ACTION == "destroy" or ACTION == "remove" |
New file |
| | |
| | | --- |
| | | |
| | | - name: post_workload Tasks Complete |
| | | debug: |
| | | msg: "Post-Software checks completed successfully" |
New file |
| | |
| | | --- |
| | | |
| | | # - name: Add user to developer group (allowed to create projects) |
| | | # shell: "oadm groups add-users {{item}} {{ocp_username}}" |
| | | # register: groupadd_register |
| | | # with_items: "{{ocp_user_groups}}" |
| | | # when: ocp_username is defined and ocp_user_groups is defined |
| | | |
| | | # - name: test that command worked |
| | | # debug: |
| | | # var: groupadd_register |
| | | # verbosity: 2 |
| | | |
| | | - name: Create user Quota - clusterresourcequota |
| | | shell: | |
| | | oc create clusterquota clusterquota-"{{ocp_username}}-{{guid}}" \ |
| | | --project-annotation-selector=openshift.io/requester="{{ocp_username}}" \ |
| | | --hard requests.cpu="{{quota_requests_cpu}}" \ |
| | | --hard limits.cpu="{{quota_limits_cpu}}" \ |
| | | --hard requests.memory="{{quota_requests_memory}}" \ |
| | | --hard limits.memory="{{quota_limits_memory}}" \ |
| | | --hard configmaps="{{quota_configmaps}}" \ |
| | | --hard pods="{{quota_pods}}" \ |
| | | --hard persistentvolumeclaims="{{quota_persistentvolumeclaims}}" \ |
| | | --hard services="{{quota_services}}" \ |
| | | --hard secrets="{{quota_secrets}}" \ |
| | | --hard requests.storage="{{quota_requests_storage}}" |
| | | ignore_errors: true |
| | | |
| | | - name: pre_workload Tasks Complete |
| | | debug: |
| | | msg: "Pre-Software checks completed successfully" |
New file |
| | |
| | | --- |
| | | - name: post_workload Tasks Complete |
| | | debug: |
| | | msg: "Pre-Software checks completed successfully - Removed" |
| | | |
| | | |
| | | # - name: Remove user from groups {{ocp_user_groups}} |
| | | # shell: oc adm groups remove-users {{item}} {{ocp_username}} |
| | | # with_items: "{{ocp_user_groups}}" |
| | | # ignore_errors: true |
| | | |
| | | - name: Remove user Quota - oc delete clusterresourcequota "clusterquota-{{ocp_username}}-{{guid}}" |
| | | shell: "oc delete clusterresourcequota clusterquota-{{ocp_username}}-{{guid}}" |
| | | ignore_errors: true |
| | | |
| | | - name: Remove user Quota - oc delete clusterresourcequota "clusterquota-{{ocp_username}}" |
| | | shell: "oc delete clusterresourcequota clusterquota-{{ocp_username}}" |
| | | ignore_errors: true |
| | | |
| | | - name: Remove user Projects - oc get projects |
| | | shell: "oc get project {{namespace}} && oc delete project {{namespace}} || (echo 'No project with name {{namespace}} exists'; exit 0)" |
| | | |
| | | - name: Make sure we go back to default project |
| | | shell: "oc project default" |
| | | |
| | | - name: post_workload Tasks Complete |
| | | debug: |
| | | msg: "Post-Software checks completed successfully - Removed" |
| | | |
New file |
| | |
| | | --- |
| | | |
| | | # Project and user administration |
| | | |
| | | - name: "Create project for workload {{namespace}}" |
| | | shell: "oc get project {{namespace}} || oc new-project {{namespace}} --display-name='Reactica'" |
| | | |
| | | - name: "Give user access to the project" |
| | | shell: "oc adm policy add-role-to-user admin {{ocp_username}} -n {{namespace}}" |
| | | |
| | | - name: "Label namespace" |
| | | command: "oc label namespace {{namespace}} AAD='{{guid}}'" |
| | | |
| | | - name: Make sure we go back to default project |
| | | shell: "oc project default" |
| | | |
| | | # ############### Installing images streams and templates ############### |
| | | |
| | | - name: Install AMQ ImageStream |
| | | shell: "oc replace --force -f https://raw.githubusercontent.com/jboss-container-images/jboss-amq-7-broker-openshift-image/amq-broker-71/amq-broker-7-image-streams.yaml -n {{namespace}}" |
| | | |
| | | - name: Install DataGrid ImageStream |
| | | shell: "curl -s https://raw.githubusercontent.com/jboss-container-images/jboss-datagrid-7-openshift-image/datagrid72/templates/datagrid72-image-stream.json | sed 's/registry.redhat.io/registry.access.redhat.com/g' | oc replace --force -n {{namespace}} -f -" |
| | | args: |
| | | warn: false |
| | | |
| | | - name: Install AMQ template |
| | | shell: "oc replace --force -f https://github.com/jboss-container-images/jboss-amq-7-broker-openshift-image/raw/amq-broker-71/templates/amq-broker-71-basic.yaml -n {{namespace}}" |
| | | |
| | | - name: Install DataGrid template |
| | | shell: "oc replace --force -f https://raw.githubusercontent.com/jboss-container-images/jboss-datagrid-7-openshift-image/datagrid72/templates/datagrid72-basic.json -n {{namespace}}" |
| | | |
| | | |
| | | ## Deploying AMQ and DataGrid ### |
| | | |
| | | - name: Deploying AMQ |
| | | shell: "oc get dc eventstream-amq -n {{namespace}} || oc new-app --template=amq-broker-71-basic -p APPLICATION_NAME=eventstream -p AMQ_QUEUES=USER_QUEUE,ENTER_EVENT_QUEUE,RIDE_EVENT_QUEUE,QLC_QUEUE,CL_QUEUE -p AMQ_USER=user -p AMQ_PASSWORD=user123 -p AMQ_PROTOCOL=amqp -p IMAGE_STREAM_NAMESPACE={{namespace}} -n {{namespace}}" |
| | | |
| | | - name: Deploying DataGrid |
| | | shell: "oc get dc eventstore-dg -n {{namespace}} || oc new-app --template=datagrid72-basic -p APPLICATION_NAME=eventstore-dg -p CACHE_NAMES=userevents,rideevents,users -p IMAGE_STREAM_NAMESPACE={{namespace}} -n {{namespace}}" |
| | | |
| | | - name: Wait for AMQ to be availble |
| | | shell: "oc get pods -n {{namespace}} | grep eventstream-amq | grep -s Running" |
| | | retries: 30 |
| | | delay: 10 |
| | | register: result |
| | | until: result is succeeded |
| | | |
| | | - name: Wait for DG to be availble |
| | | shell: "oc get pods -n {{namespace}} | grep eventstore-dg | grep -s Running" |
| | | retries: 30 |
| | | delay: 10 |
| | | register: result |
| | | until: result is succeeded |
| | | |
| | | |
| | | - name: Add the view role to the default service account |
| | | shell: "oc policy add-role-to-user view -z default -n {{namespace}}" |
| | | |
| | | - name: Copy catalog service configmap to known path |
| | | template: |
| | | src: application.yaml |
| | | dest: /tmp/application.yaml |
| | | |
| | | - name: Create the application configuration for the apps |
| | | shell: "oc get configmap reactica-config -n {{namespace}} || oc create configmap reactica-config --from-file=/tmp/application.yaml -n {{namespace}}" |
| | | |
| | | - name: Create services |
| | | include_tasks: create-dc-svc-and-route.yml service="{{item}}" |
| | | with_items: |
| | | - event-store |
| | | - billboard |
| | | - current-line-updater |
| | | - queue-length-calculator |
| | | - event-generator |
| | | |
| | | - name: Make sure we go back to default project |
| | | shell: "oc project default" |
| | | |
New file |
| | |
| | | --- |
| | | user-simulator: |
| | | period-in-seconds: 5 |
| | | jitter-in-seconds: 2 |
| | | enabled: false |
| | | |
| | | ride-simulator: |
| | | duration-in-seconds: 30 |
| | | users-per-ride: 5 |
| | | jitter-in-seconds: 5 |
| | | enabled: true |
New file |
| | |
| | | { |
| | | "apiVersion": "apps.openshift.io/v1", |
| | | "kind": "DeploymentConfig", |
| | | "metadata": { |
| | | "labels": { |
| | | "app": "billboard", |
| | | "group": "com.redhat.coderland.reactica", |
| | | "provider": "fabric8", |
| | | "version": "0.1-SNAPSHOT" |
| | | }, |
| | | "name": "billboard" |
| | | }, |
| | | "spec": { |
| | | "replicas": 1, |
| | | "selector": { |
| | | "app": "billboard", |
| | | "group": "com.redhat.coderland.reactica", |
| | | "provider": "fabric8" |
| | | }, |
| | | "strategy": { |
| | | "activeDeadlineSeconds": 21600, |
| | | "resources": {}, |
| | | "rollingParams": { |
| | | "intervalSeconds": 1, |
| | | "maxSurge": "25%", |
| | | "maxUnavailable": "25%", |
| | | "timeoutSeconds": 3600, |
| | | "updatePeriodSeconds": 1 |
| | | }, |
| | | "type": "Rolling" |
| | | }, |
| | | "template": { |
| | | "metadata": { |
| | | "labels": { |
| | | "app": "billboard", |
| | | "group": "com.redhat.coderland.reactica", |
| | | "provider": "fabric8", |
| | | "version": "0.1-SNAPSHOT" |
| | | } |
| | | }, |
| | | "spec": { |
| | | "containers": [ |
| | | { |
| | | "env": [ |
| | | { |
| | | "name": "VERTX_CONFIG_PATH", |
| | | "value": "/deployments/conf/config.yml" |
| | | }, |
| | | { |
| | | "name": "KUBERNETES_NAMESPACE", |
| | | "valueFrom": { |
| | | "fieldRef": { |
| | | "apiVersion": "v1", |
| | | "fieldPath": "metadata.namespace" |
| | | } |
| | | } |
| | | } |
| | | ], |
| | | "image": "quay.io/redhat/reactica-billboard:latest", |
| | | "imagePullPolicy": "Always", |
| | | "livenessProbe": { |
| | | "failureThreshold": 3, |
| | | "httpGet": { |
| | | "path": "/health", |
| | | "port": 8080, |
| | | "scheme": "HTTP" |
| | | }, |
| | | "initialDelaySeconds": 180, |
| | | "periodSeconds": 10, |
| | | "successThreshold": 1, |
| | | "timeoutSeconds": 1 |
| | | }, |
| | | "name": "vertx", |
| | | "ports": [ |
| | | { |
| | | "containerPort": 8080, |
| | | "name": "http", |
| | | "protocol": "TCP" |
| | | }, |
| | | { |
| | | "containerPort": 9779, |
| | | "name": "prometheus", |
| | | "protocol": "TCP" |
| | | }, |
| | | { |
| | | "containerPort": 8778, |
| | | "name": "jolokia", |
| | | "protocol": "TCP" |
| | | } |
| | | ], |
| | | "readinessProbe": { |
| | | "failureThreshold": 3, |
| | | "httpGet": { |
| | | "path": "/health", |
| | | "port": 8080, |
| | | "scheme": "HTTP" |
| | | }, |
| | | "initialDelaySeconds": 10, |
| | | "periodSeconds": 10, |
| | | "successThreshold": 1, |
| | | "timeoutSeconds": 1 |
| | | }, |
| | | "resources": {}, |
| | | "securityContext": { |
| | | "privileged": false |
| | | }, |
| | | "terminationMessagePath": "/dev/termination-log", |
| | | "terminationMessagePolicy": "File", |
| | | "volumeMounts": [ |
| | | { |
| | | "mountPath": "/deployments/conf", |
| | | "name": "config" |
| | | } |
| | | ] |
| | | } |
| | | ], |
| | | "dnsPolicy": "ClusterFirst", |
| | | "restartPolicy": "Always", |
| | | "schedulerName": "default-scheduler", |
| | | "securityContext": {}, |
| | | "terminationGracePeriodSeconds": 30, |
| | | "volumes": [ |
| | | { |
| | | "configMap": { |
| | | "defaultMode": 420, |
| | | "items": [ |
| | | { |
| | | "key": "application.yaml", |
| | | "path": "config.yml" |
| | | } |
| | | ], |
| | | "name": "reactica-config", |
| | | "optional": true |
| | | }, |
| | | "name": "config" |
| | | } |
| | | ] |
| | | } |
| | | } |
| | | } |
| | | } |
New file |
| | |
| | | { |
| | | "apiVersion": "v1", |
| | | "kind": "Service", |
| | | "metadata": { |
| | | "labels": { |
| | | "app": "billboard", |
| | | "expose": "true", |
| | | "group": "com.redhat.coderland.reactica", |
| | | "provider": "fabric8", |
| | | "version": "0.1-SNAPSHOT" |
| | | }, |
| | | "name": "billboard" |
| | | }, |
| | | "spec": { |
| | | "ports": [ |
| | | { |
| | | "name": "http", |
| | | "port": 8080, |
| | | "protocol": "TCP", |
| | | "targetPort": 8080 |
| | | } |
| | | ], |
| | | "selector": { |
| | | "app": "billboard", |
| | | "group": "com.redhat.coderland.reactica", |
| | | "provider": "fabric8" |
| | | }, |
| | | "sessionAffinity": "None", |
| | | "type": "ClusterIP" |
| | | }, |
| | | "status": { |
| | | "loadBalancer": {} |
| | | } |
| | | } |
New file |
| | |
| | | { |
| | | "apiVersion": "apps.openshift.io/v1", |
| | | "kind": "DeploymentConfig", |
| | | "metadata": { |
| | | "labels": { |
| | | "app": "current-line-updater", |
| | | "group": "com.redhat.coderland.reactica", |
| | | "provider": "fabric8", |
| | | "version": "0.1-SNAPSHOT" |
| | | }, |
| | | "name": "current-line-updater" |
| | | }, |
| | | "spec": { |
| | | "replicas": 1, |
| | | "selector": { |
| | | "app": "current-line-updater", |
| | | "group": "com.redhat.coderland.reactica", |
| | | "provider": "fabric8" |
| | | }, |
| | | "strategy": { |
| | | "activeDeadlineSeconds": 21600, |
| | | "resources": {}, |
| | | "rollingParams": { |
| | | "intervalSeconds": 1, |
| | | "maxSurge": "25%", |
| | | "maxUnavailable": "25%", |
| | | "timeoutSeconds": 3600, |
| | | "updatePeriodSeconds": 1 |
| | | }, |
| | | "type": "Rolling" |
| | | }, |
| | | "template": { |
| | | "metadata": { |
| | | "labels": { |
| | | "app": "current-line-updater", |
| | | "group": "com.redhat.coderland.reactica", |
| | | "provider": "fabric8", |
| | | "version": "0.1-SNAPSHOT" |
| | | } |
| | | }, |
| | | "spec": { |
| | | "containers": [ |
| | | { |
| | | "env": [ |
| | | { |
| | | "name": "KUBERNETES_NAMESPACE", |
| | | "valueFrom": { |
| | | "fieldRef": { |
| | | "apiVersion": "v1", |
| | | "fieldPath": "metadata.namespace" |
| | | } |
| | | } |
| | | } |
| | | ], |
| | | "image": "quay.io/redhat/reactica-current-line-updater:latest", |
| | | "imagePullPolicy": "Always", |
| | | "name": "vertx", |
| | | "ports": [ |
| | | { |
| | | "containerPort": 8080, |
| | | "name": "http", |
| | | "protocol": "TCP" |
| | | }, |
| | | { |
| | | "containerPort": 9779, |
| | | "name": "prometheus", |
| | | "protocol": "TCP" |
| | | }, |
| | | { |
| | | "containerPort": 8778, |
| | | "name": "jolokia", |
| | | "protocol": "TCP" |
| | | } |
| | | ], |
| | | "resources": {}, |
| | | "securityContext": { |
| | | "privileged": false |
| | | }, |
| | | "terminationMessagePath": "/dev/termination-log", |
| | | "terminationMessagePolicy": "File" |
| | | } |
| | | ], |
| | | "dnsPolicy": "ClusterFirst", |
| | | "restartPolicy": "Always", |
| | | "schedulerName": "default-scheduler", |
| | | "securityContext": {}, |
| | | "terminationGracePeriodSeconds": 30 |
| | | } |
| | | } |
| | | } |
| | | } |
New file |
| | |
| | | { |
| | | "apiVersion": "v1", |
| | | "kind": "Service", |
| | | "metadata": { |
| | | "labels": { |
| | | "app": "current-line-updater", |
| | | "expose": "true", |
| | | "group": "com.redhat.coderland.reactica", |
| | | "provider": "fabric8", |
| | | "version": "0.1-SNAPSHOT" |
| | | }, |
| | | "name": "current-line-updater" |
| | | }, |
| | | "spec": { |
| | | "clusterIP": "172.30.180.45", |
| | | "ports": [ |
| | | { |
| | | "name": "http", |
| | | "port": 8080, |
| | | "protocol": "TCP", |
| | | "targetPort": 8080 |
| | | } |
| | | ], |
| | | "selector": { |
| | | "app": "current-line-updater", |
| | | "group": "com.redhat.coderland.reactica", |
| | | "provider": "fabric8" |
| | | }, |
| | | "sessionAffinity": "None", |
| | | "type": "ClusterIP" |
| | | }, |
| | | "status": { |
| | | "loadBalancer": {} |
| | | } |
| | | } |
New file |
| | |
| | | { |
| | | "apiVersion": "apps.openshift.io/v1", |
| | | "kind": "DeploymentConfig", |
| | | "metadata": { |
| | | "labels": { |
| | | "app": "event-generator", |
| | | "group": "com.redhat.coderland.reactica", |
| | | "provider": "fabric8", |
| | | "version": "0.1-SNAPSHOT" |
| | | }, |
| | | "name": "event-generator" |
| | | }, |
| | | "spec": { |
| | | "replicas": 1, |
| | | "selector": { |
| | | "app": "event-generator", |
| | | "group": "com.redhat.coderland.reactica", |
| | | "provider": "fabric8" |
| | | }, |
| | | "strategy": { |
| | | "activeDeadlineSeconds": 21600, |
| | | "resources": {}, |
| | | "rollingParams": { |
| | | "intervalSeconds": 1, |
| | | "maxSurge": "25%", |
| | | "maxUnavailable": "25%", |
| | | "timeoutSeconds": 3600, |
| | | "updatePeriodSeconds": 1 |
| | | }, |
| | | "type": "Rolling" |
| | | }, |
| | | "template": { |
| | | "metadata": { |
| | | "labels": { |
| | | "app": "event-generator", |
| | | "group": "com.redhat.coderland.reactica", |
| | | "provider": "fabric8", |
| | | "version": "0.1-SNAPSHOT" |
| | | } |
| | | }, |
| | | "spec": { |
| | | "containers": [ |
| | | { |
| | | "env": [ |
| | | { |
| | | "name": "VERTX_CONFIG_PATH", |
| | | "value": "/deployments/conf/config.yml" |
| | | }, |
| | | { |
| | | "name": "KUBERNETES_NAMESPACE", |
| | | "valueFrom": { |
| | | "fieldRef": { |
| | | "apiVersion": "v1", |
| | | "fieldPath": "metadata.namespace" |
| | | } |
| | | } |
| | | } |
| | | ], |
| | | "image": "quay.io/redhat/reactica-event-generator:latest", |
| | | "imagePullPolicy": "Always", |
| | | "livenessProbe": { |
| | | "failureThreshold": 3, |
| | | "httpGet": { |
| | | "path": "/health", |
| | | "port": 8080, |
| | | "scheme": "HTTP" |
| | | }, |
| | | "initialDelaySeconds": 180, |
| | | "periodSeconds": 10, |
| | | "successThreshold": 1, |
| | | "timeoutSeconds": 1 |
| | | }, |
| | | "name": "vertx", |
| | | "ports": [ |
| | | { |
| | | "containerPort": 8080, |
| | | "name": "http", |
| | | "protocol": "TCP" |
| | | }, |
| | | { |
| | | "containerPort": 9779, |
| | | "name": "prometheus", |
| | | "protocol": "TCP" |
| | | }, |
| | | { |
| | | "containerPort": 8778, |
| | | "name": "jolokia", |
| | | "protocol": "TCP" |
| | | } |
| | | ], |
| | | "readinessProbe": { |
| | | "failureThreshold": 3, |
| | | "httpGet": { |
| | | "path": "/health", |
| | | "port": 8080, |
| | | "scheme": "HTTP" |
| | | }, |
| | | "initialDelaySeconds": 10, |
| | | "periodSeconds": 10, |
| | | "successThreshold": 1, |
| | | "timeoutSeconds": 1 |
| | | }, |
| | | "resources": {}, |
| | | "securityContext": { |
| | | "privileged": false |
| | | }, |
| | | "terminationMessagePath": "/dev/termination-log", |
| | | "terminationMessagePolicy": "File", |
| | | "volumeMounts": [ |
| | | { |
| | | "mountPath": "/deployments/conf", |
| | | "name": "config" |
| | | } |
| | | ] |
| | | } |
| | | ], |
| | | "dnsPolicy": "ClusterFirst", |
| | | "restartPolicy": "Always", |
| | | "schedulerName": "default-scheduler", |
| | | "securityContext": {}, |
| | | "terminationGracePeriodSeconds": 30, |
| | | "volumes": [ |
| | | { |
| | | "configMap": { |
| | | "defaultMode": 420, |
| | | "items": [ |
| | | { |
| | | "key": "application.yaml", |
| | | "path": "config.yml" |
| | | } |
| | | ], |
| | | "name": "reactica-config", |
| | | "optional": true |
| | | }, |
| | | "name": "config" |
| | | } |
| | | ] |
| | | } |
| | | } |
| | | } |
| | | } |
New file |
| | |
| | | { |
| | | "apiVersion": "v1", |
| | | "kind": "Service", |
| | | "metadata": { |
| | | "labels": { |
| | | "app": "event-generator", |
| | | "expose": "true", |
| | | "group": "com.redhat.coderland.reactica", |
| | | "provider": "fabric8", |
| | | "version": "0.1-SNAPSHOT" |
| | | }, |
| | | "name": "event-generator" |
| | | }, |
| | | "spec": { |
| | | "clusterIP": "172.30.52.249", |
| | | "ports": [ |
| | | { |
| | | "name": "http", |
| | | "port": 8080, |
| | | "protocol": "TCP", |
| | | "targetPort": 8080 |
| | | } |
| | | ], |
| | | "selector": { |
| | | "app": "event-generator", |
| | | "group": "com.redhat.coderland.reactica", |
| | | "provider": "fabric8" |
| | | }, |
| | | "sessionAffinity": "None", |
| | | "type": "ClusterIP" |
| | | }, |
| | | "status": { |
| | | "loadBalancer": {} |
| | | } |
| | | } |
New file |
| | |
| | | { |
| | | "apiVersion": "apps.openshift.io/v1", |
| | | "kind": "DeploymentConfig", |
| | | "metadata": { |
| | | "labels": { |
| | | "app": "event-store", |
| | | "group": "com.redhat.coderland.reactica", |
| | | "provider": "fabric8", |
| | | "version": "0.1-SNAPSHOT" |
| | | }, |
| | | "name": "event-store" |
| | | }, |
| | | "spec": { |
| | | "replicas": 1, |
| | | "selector": { |
| | | "app": "event-store", |
| | | "group": "com.redhat.coderland.reactica", |
| | | "provider": "fabric8" |
| | | }, |
| | | "strategy": { |
| | | "rollingParams": { |
| | | "intervalSeconds": 1, |
| | | "maxSurge": "25%", |
| | | "maxUnavailable": "25%", |
| | | "timeoutSeconds": 3600, |
| | | "updatePeriodSeconds": 1 |
| | | }, |
| | | "type": "Rolling" |
| | | }, |
| | | "template": { |
| | | "metadata": { |
| | | "labels": { |
| | | "app": "event-store", |
| | | "group": "com.redhat.coderland.reactica", |
| | | "provider": "fabric8", |
| | | "version": "0.1-SNAPSHOT" |
| | | } |
| | | }, |
| | | "spec": { |
| | | "containers": [ |
| | | { |
| | | "env": [ |
| | | { |
| | | "name": "KUBERNETES_NAMESPACE", |
| | | "valueFrom": { |
| | | "fieldRef": { |
| | | "apiVersion": "v1", |
| | | "fieldPath": "metadata.namespace" |
| | | } |
| | | } |
| | | } |
| | | ], |
| | | "image": "quay.io/redhat/reactica-event-store:latest", |
| | | "imagePullPolicy": "Always", |
| | | "name": "vertx", |
| | | "ports": [ |
| | | { |
| | | "containerPort": 8080, |
| | | "name": "http", |
| | | "protocol": "TCP" |
| | | }, |
| | | { |
| | | "containerPort": 9779, |
| | | "name": "prometheus", |
| | | "protocol": "TCP" |
| | | }, |
| | | { |
| | | "containerPort": 8778, |
| | | "name": "jolokia", |
| | | "protocol": "TCP" |
| | | } |
| | | ] |
| | | } |
| | | ], |
| | | "dnsPolicy": "ClusterFirst", |
| | | "restartPolicy": "Always", |
| | | "terminationGracePeriodSeconds": 30 |
| | | } |
| | | } |
| | | } |
| | | } |
New file |
| | |
| | | { |
| | | "apiVersion": "v1", |
| | | "kind": "Service", |
| | | "metadata": { |
| | | "labels": { |
| | | "app": "event-store", |
| | | "expose": "true", |
| | | "group": "com.redhat.coderland.reactica", |
| | | "provider": "fabric8", |
| | | "version": "0.1-SNAPSHOT" |
| | | }, |
| | | "name": "event-store" |
| | | }, |
| | | "spec": { |
| | | "ports": [ |
| | | { |
| | | "name": "http", |
| | | "port": 8080, |
| | | "protocol": "TCP", |
| | | "targetPort": 8080 |
| | | } |
| | | ], |
| | | "selector": { |
| | | "app": "event-store", |
| | | "group": "com.redhat.coderland.reactica", |
| | | "provider": "fabric8" |
| | | }, |
| | | "sessionAffinity": "None", |
| | | "type": "ClusterIP" |
| | | } |
| | | } |
New file |
| | |
| | | { |
| | | "apiVersion": "apps.openshift.io/v1", |
| | | "kind": "DeploymentConfig", |
| | | "metadata": { |
| | | "labels": { |
| | | "app": "queue-length-calculator", |
| | | "group": "com.redhat.coderland.reactica", |
| | | "provider": "fabric8", |
| | | "version": "0.1-SNAPSHOT" |
| | | }, |
| | | "name": "queue-length-calculator" |
| | | }, |
| | | "spec": { |
| | | "replicas": 1, |
| | | "selector": { |
| | | "app": "queue-length-calculator", |
| | | "group": "com.redhat.coderland.reactica", |
| | | "provider": "fabric8" |
| | | }, |
| | | "strategy": { |
| | | "activeDeadlineSeconds": 21600, |
| | | "resources": {}, |
| | | "rollingParams": { |
| | | "intervalSeconds": 1, |
| | | "maxSurge": "25%", |
| | | "maxUnavailable": "25%", |
| | | "timeoutSeconds": 3600, |
| | | "updatePeriodSeconds": 1 |
| | | }, |
| | | "type": "Rolling" |
| | | }, |
| | | "template": { |
| | | "metadata": { |
| | | "labels": { |
| | | "app": "queue-length-calculator", |
| | | "group": "com.redhat.coderland.reactica", |
| | | "provider": "fabric8", |
| | | "version": "0.1-SNAPSHOT" |
| | | } |
| | | }, |
| | | "spec": { |
| | | "containers": [ |
| | | { |
| | | "env": [ |
| | | { |
| | | "name": "VERTX_CONFIG_PATH", |
| | | "value": "/deployments/conf/config.yml" |
| | | }, |
| | | { |
| | | "name": "KUBERNETES_NAMESPACE", |
| | | "valueFrom": { |
| | | "fieldRef": { |
| | | "apiVersion": "v1", |
| | | "fieldPath": "metadata.namespace" |
| | | } |
| | | } |
| | | } |
| | | ], |
| | | "image": "quay.io/redhat/reactica-queue-lenght-calculator:latest", |
| | | "imagePullPolicy": "Always", |
| | | "name": "vertx", |
| | | "ports": [ |
| | | { |
| | | "containerPort": 8080, |
| | | "name": "http", |
| | | "protocol": "TCP" |
| | | }, |
| | | { |
| | | "containerPort": 9779, |
| | | "name": "prometheus", |
| | | "protocol": "TCP" |
| | | }, |
| | | { |
| | | "containerPort": 8778, |
| | | "name": "jolokia", |
| | | "protocol": "TCP" |
| | | } |
| | | ], |
| | | "resources": {}, |
| | | "securityContext": { |
| | | "privileged": false |
| | | }, |
| | | "terminationMessagePath": "/dev/termination-log", |
| | | "terminationMessagePolicy": "File", |
| | | "volumeMounts": [ |
| | | { |
| | | "mountPath": "/deployments/conf", |
| | | "name": "config" |
| | | } |
| | | ] |
| | | } |
| | | ], |
| | | "dnsPolicy": "ClusterFirst", |
| | | "restartPolicy": "Always", |
| | | "schedulerName": "default-scheduler", |
| | | "securityContext": {}, |
| | | "terminationGracePeriodSeconds": 30, |
| | | "volumes": [ |
| | | { |
| | | "configMap": { |
| | | "defaultMode": 420, |
| | | "items": [ |
| | | { |
| | | "key": "application.yaml", |
| | | "path": "config.yml" |
| | | } |
| | | ], |
| | | "name": "reactica-config", |
| | | "optional": true |
| | | }, |
| | | "name": "config" |
| | | } |
| | | ] |
| | | } |
| | | } |
| | | } |
| | | } |
New file |
| | |
| | | { |
| | | "apiVersion": "v1", |
| | | "kind": "Service", |
| | | "metadata": { |
| | | "labels": { |
| | | "app": "queue-length-calculator", |
| | | "expose": "true", |
| | | "group": "com.redhat.coderland.reactica", |
| | | "provider": "fabric8", |
| | | "version": "0.1-SNAPSHOT" |
| | | }, |
| | | "name": "queue-length-calculator" |
| | | }, |
| | | "spec": { |
| | | "clusterIP": "172.30.74.154", |
| | | "ports": [ |
| | | { |
| | | "name": "http", |
| | | "port": 8080, |
| | | "protocol": "TCP", |
| | | "targetPort": 8080 |
| | | } |
| | | ], |
| | | "selector": { |
| | | "app": "queue-length-calculator", |
| | | "group": "com.redhat.coderland.reactica", |
| | | "provider": "fabric8" |
| | | }, |
| | | "sessionAffinity": "None", |
| | | "type": "ClusterIP" |
| | | }, |
| | | "status": { |
| | | "loadBalancer": {} |
| | | } |
| | | } |
| | |
| | | #!/bin/bash |
| | | |
| | | name=$1 |
| | | for region in $(aws ec2 describe-regions --query "Regions[].RegionName" --output text) |
| | | # Generate yaml containing image information for each region |
| | | |
| | | search_images() { |
| | | owner=$1 |
| | | pattern=$2 |
| | | ispublic=$3 |
| | | aws ec2 describe-images \ |
| | | --owners ${owner} \ |
| | | --filters "Name=name,Values=${pattern}" "Name=is-public,Values=${ispublic}" \ |
| | | --query "reverse(sort_by(Images, &CreationDate))[0].{name: Name, id: ImageId}" \ |
| | | --output text \ |
| | | --region $region | awk '{print $1 " # " $2}' |
| | | } |
| | | |
| | | #for region in us-east-1 |
| | | for region in $(aws ec2 describe-regions --query "Regions[].RegionName" --output text --region us-east-1) |
| | | do |
| | | echo "${region}: $(aws ec2 describe-images --owners amazon 309956199498 --filters Name=name,Values=${name} --query "reverse(sort_by(Images, &CreationDate))[0].ImageId" --output text --region $region)" |
| | | echo "${region}:" |
| | | echo -n " RHEL75GOLD: " |
| | | search_images 309956199498 'RHEL-7.5*Access*' false |
| | | |
| | | echo -n " RHEL74GOLD: " |
| | | search_images 309956199498 'RHEL-7.4*Access*' false |
| | | |
| | | echo -n " RHEL75: " |
| | | search_images 309956199498 'RHEL-7.5*' true |
| | | |
| | | echo -n " RHEL74: " |
| | | search_images 309956199498 'RHEL-7.4*' true |
| | | |
| | | echo -n " WIN2012R2: " |
| | | search_images 801119661308 'Windows_Server-2012-R2*' true |
| | | done |
| | | |
| | | # For azure |