ansible/roles/ocp4-workload-quarkus-workshop/defaults/main.yml
@@ -3,23 +3,11 @@ ocp_username: opentlc-mgr silent: False crw_workspace: che guides_workspace: guides che_stack_definition: docker.io/schtool/che-quarkus-workshop:latest num_users: 5 workshop_openshift_user_name: userNN workshop_openshift_user_name: userXX workshop_openshift_user_password: 'r3dh4t1!' workshop_che_user_name: userNN workshop_che_user_password: passNN workshop_che_user_name: userXX workshop_che_user_password: 'r3dh4t1!' workshop_shortenYn: N workshop_labs_url: "_workshop.yml" # OCP Limit Range pod_min_mem: 10Mi pod_max_mem: 6Gi container_max_mem: 10Gi default_min_mem: 256Mi default_max_mem: 10Gi default_min_cpu: 500m default_max_cpu: 1500m ansible/roles/ocp4-workload-quarkus-workshop/files/amqstreams_subscription.yaml
New file @@ -0,0 +1,13 @@ --- apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: name: amq-streams namespace: openshift-operators spec: channel: stable installPlanApproval: Automatic name: amq-streams source: redhat-operators sourceNamespace: openshift-marketplace startingCSV: amqstreams.v1.3.0 ansible/roles/ocp4-workload-quarkus-workshop/files/cm-custom-codeready.yaml
File was deleted ansible/roles/ocp4-workload-quarkus-workshop/files/codeready.yaml
File was deleted ansible/roles/ocp4-workload-quarkus-workshop/files/codeready_catalog_source.yaml
File was deleted ansible/roles/ocp4-workload-quarkus-workshop/files/codeready_cr.yaml
New file @@ -0,0 +1,36 @@ --- apiVersion: org.eclipse.che/v1 kind: CheCluster metadata: name: codeready-workspaces namespace: codeready spec: server: cheImageTag: '' cheFlavor: codeready devfileRegistryImage: '' pluginRegistryImage: '' tlsSupport: false selfSignedCert: false serverMemoryRequest: '2Gi' serverMemoryLimit: '6Gi' customCheProperties: CHE_LIMITS_WORKSPACE_IDLE_TIMEOUT: "0" database: externalDb: false chePostgresHostName: '' chePostgresPort: '' chePostgresUser: '' chePostgresPassword: '' chePostgresDb: '' auth: openShiftoAuth: false identityProviderImage: '' externalIdentityProvider: false identityProviderURL: '' identityProviderRealm: '' identityProviderClientId: '' storage: pvcStrategy: per-workspace pvcClaimSize: 1Gi preCreateSubPaths: true ansible/roles/ocp4-workload-quarkus-workshop/files/codeready_namespace.yaml
File was deleted ansible/roles/ocp4-workload-quarkus-workshop/files/codeready_operatorgroup.yaml
@@ -2,11 +2,11 @@ apiVersion: operators.coreos.com/v1 kind: OperatorGroup metadata: name: codeready-operator-group namespace: che generateName: codeready- annotations: olm.providedAPIs: CheCluster.v1.org.eclipse.che name: codeready-operator-group namespace: codeready spec: targetNamespaces: - che - codeready ansible/roles/ocp4-workload-quarkus-workshop/files/codeready_subscription.yaml
@@ -3,14 +3,11 @@ kind: Subscription metadata: name: codeready-workspaces namespace: che labels: csc-owner-name: installed-redhat-codeready csc-owner-namespace: openshift-marketplace namespace: codeready spec: channel: previous channel: latest installPlanApproval: Automatic name: codeready-workspaces source: installed-redhat-codeready sourceNamespace: che startingCSV: crwoperator.v1.2.2 source: redhat-operators sourceNamespace: openshift-marketplace startingCSV: crwoperator.v2.0.0 ansible/roles/ocp4-workload-quarkus-workshop/files/jaeger_subscription.yaml
New file @@ -0,0 +1,13 @@ --- apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: name: jaeger-product namespace: openshift-operators spec: channel: stable installPlanApproval: Automatic name: jaeger-product source: redhat-operators sourceNamespace: openshift-marketplace startingCSV: jaeger-operator.v1.13.1 ansible/roles/ocp4-workload-quarkus-workshop/files/stack.Dockerfile
New file @@ -0,0 +1,48 @@ # syntax = docker/dockerfile:experimental # To build this stack: # Put your Red Hat Developer credentials in rhsm.secret.yaml file in this same directory, whose contents should be: # RH_USERNAME=your-username # RH_PASSWORD=your-password # # then: # DOCKER_BUILDKIT=1 docker build --progress=plain --secret id=rhsm,src=rhsm.secret.yaml -t quay.io/username/quarkus-workshop-stack:VVV -f stack.Dockerfile . # docker push quay.io/username/quay.io/username/quarkus-workshop-stack:VVVV FROM registry.redhat.io/codeready-workspaces/stacks-java-rhel8:2.0 ENV GRAALVM_VERSION=19.3.1 ENV QUARKUS_VERSION=1.2.1.Final ENV MVN_VERSION=3.6.3 ENV GRAALVM_HOME="/usr/local/graalvm-ce-java8-${GRAALVM_VERSION}" ENV MAVEN_OPTS="-Xmx4G -Xss128M -XX:MetaspaceSize=1G -XX:MaxMetaspaceSize=2G -XX:+CMSClassUnloadingEnabled" ENV PATH="/usr/local/maven/apache-maven-${MVN_VERSION}/bin:${PATH}" USER root RUN wget -O /tmp/oc.tar.gz https://mirror.openshift.com/pub/openshift-v4/clients/oc/4.3/linux/oc.tar.gz && cd /usr/bin && tar -xvzf /tmp/oc.tar.gz && chmod a+x /usr/bin/oc && rm -f /tmp/oc.tar.gz RUN wget -O /tmp/kn.tar.gz https://mirror.openshift.com/pub/openshift-v4/clients/serverless/0.11.0/kn-linux-amd64-0.11.0.tar.gz && cd /usr/bin && tar -xvzf /tmp/kn.tar.gz ./kn && chmod a+x kn && rm -f /tmp/kn.tar.gz RUN wget -O /tmp/tkn.tar.gz https://github.com/tektoncd/cli/releases/download/v0.7.1/tkn_0.7.1_Linux_x86_64.tar.gz && cd /usr/bin && tar -xvzf /tmp/tkn.tar.gz tkn&& chmod a+x tkn && rm -f /tmp/tkn.tar.gz RUN wget -O /tmp/graalvm.tar.gz https://github.com/graalvm/graalvm-ce-builds/releases/download/vm-${GRAALVM_VERSION}/graalvm-ce-java8-linux-amd64-${GRAALVM_VERSION}.tar.gz && cd /usr/local && tar -xvzf /tmp/graalvm.tar.gz && rm -rf /tmp/graalvm.tar.gz && ${GRAALVM_HOME}/bin/gu install native-image RUN wget -O /tmp/mvn.tar.gz https://www-us.apache.org/dist/maven/maven-3/${MVN_VERSION}/binaries/apache-maven-${MVN_VERSION}-bin.tar.gz && tar xzf /tmp/mvn.tar.gz && rm -rf /tmp/mvn.tar.gz && mkdir /usr/local/maven && mv apache-maven-${MVN_VERSION}/ /usr/local/maven/ && alternatives --install /usr/bin/mvn mvn /usr/local/maven/apache-maven-${MVN_VERSION}/bin/mvn 1 RUN --mount=type=secret,id=rhsm username="$(grep RH_USERNAME /run/secrets/rhsm|cut -d= -f2)" && password="$(grep RH_PASSWORD /run/secrets/rhsm|cut -d= -f2)" && subscription-manager register --username $username --password $password --auto-attach && yum install -y gcc zlib-devel && yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm && yum install -y siege jq && subscription-manager remove --all && subscription-manager unregister USER jboss RUN cd /tmp && mkdir project && cd project && mvn io.quarkus:quarkus-maven-plugin:${QUARKUS_VERSION}:create -DprojectGroupId=org.acme -DprojectArtifactId=footest -Dextensions="quarkus-agroal,quarkus-arc,quarkus-hibernate-orm,quarkus-hibernate-orm-panache,quarkus-jdbc-h2,quarkus-jdbc-postgresql,quarkus-kubernetes,quarkus-scheduler,quarkus-smallrye-fault-tolerance,quarkus-smallrye-health,quarkus-smallrye-opentracing" && mvn -f footest clean compile package && cd / && rm -rf /tmp/project RUN cd /tmp && mkdir project && cd project && mvn io.quarkus:quarkus-maven-plugin:${QUARKUS_VERSION}:create -DprojectGroupId=org.acme -DprojectArtifactId=footest -Dextensions="quarkus-smallrye-reactive-streams-operators,quarkus-smallrye-reactive-messaging,quarkus-smallrye-reactive-messaging-kafka,quarkus-swagger-ui,quarkus-vertx,quarkus-kafka-client, quarkus-smallrye-metrics,quarkus-smallrye-openapi" && mvn -f footest clean compile package -Pnative && cd / && rm -rf /tmp/project RUN siege && sed -i 's/^connection = close/connection = keep-alive/' $HOME/.siege/siege.conf && sed -i 's/^benchmark = false/benchmark = true/' $HOME/.siege/siege.conf RUN echo '-w "\n"' > $HOME/.curlrc USER root RUN chown -R jboss /home/jboss/.m2 RUN chmod -R a+w /home/jboss/.m2 USER jboss ansible/roles/ocp4-workload-quarkus-workshop/files/stack.json
File was deleted ansible/roles/ocp4-workload-quarkus-workshop/files/stack_imagestream.yaml
File was renamed from ansible/roles/ocp4-workload-quarkus-workshop/templates/stack.imagestream.j2 @@ -1,3 +1,4 @@ --- apiVersion: image.openshift.io/v1 kind: ImageStream metadata: @@ -13,5 +14,5 @@ version: "1.0" from: kind: DockerImage name: {{ che_stack_definition }} name: quay.io/openshiftlabs/quarkus-workshop-stack:1.0 name: "1.0" ansible/roles/ocp4-workload-quarkus-workshop/tasks/add_che_user.yaml
@@ -1,24 +1,24 @@ --- - name: Get SSO admin token - name: Get codeready SSO admin token uri: url: http://keycloak-che.{{ route_subdomain }}/auth/realms/master/protocol/openid-connect/token url: http://keycloak-codeready.{{ route_subdomain }}/auth/realms/master/protocol/openid-connect/token method: POST body: username: "{{ sso_admin_username.stdout }}" password: "{{ sso_admin_password.stdout }}" username: "{{ codeready_sso_admin_username }}" password: "{{ codeready_sso_admin_password }}" grant_type: "password" client_id: "admin-cli" body_format: form-urlencoded status_code: 200,201,204 register: sso_admin_token register: codeready_sso_admin_token - name: Add user {{ user }} to Che uri: url: http://keycloak-che.{{ route_subdomain }}/auth/admin/realms/codeready/users url: http://keycloak-codeready.{{ route_subdomain }}/auth/admin/realms/codeready/users method: POST headers: Content-Type: application/json Authorization: "Bearer {{ sso_admin_token.json.access_token }}" Authorization: "Bearer {{ codeready_sso_admin_token.json.access_token }}" body: username: "{{ user }}" enabled: true ansible/roles/ocp4-workload-quarkus-workshop/tasks/create_che_workspace.yaml
@@ -1,7 +1,7 @@ --- - name: "Get Che {{ user }} token" uri: url: http://keycloak-che.{{ route_subdomain }}/auth/realms/codeready/protocol/openid-connect/token url: http://keycloak-codeready.{{ route_subdomain }}/auth/realms/codeready/protocol/openid-connect/token method: POST body: username: "{{ user }}" @@ -12,13 +12,14 @@ status_code: 200 register: user_token - name: Import stack definition for {{ user }} - name: Create workspace for {{ user }} from devfile uri: url: "http://codeready-che.{{ route_subdomain }}/api/workspace?start-after-create=true&namespace={{ user }}" url: "http://codeready-codeready.{{ route_subdomain }}/api/workspace/devfile?start-after-create=true&namespace={{ user }}" method: POST headers: Content-Type: application/json Authorization: "Bearer {{ user_token.json.access_token }}" body: "{{ lookup('file', './files/workspace.json') | replace('WORKSPACENAME', 'workspace-' + user) }}" body: "{{ lookup('template', './templates/devfile.json.j2') }}" body_format: json status_code: 201,409 register: workspace_def ansible/roles/ocp4-workload-quarkus-workshop/tasks/create_project.yaml
@@ -6,10 +6,10 @@ api_version: project.openshift.io/v1 definition: metadata: name: "{{ user }}-project" name: "{{ name }}" annotations: openshift.io/description: "" openshift.io/display-name: "Quarkus Workshop" openshift.io/display-name: "Quarkus Workshop project for {{ user }}" - name: assign permissions for user {{ user }} k8s: state: present @@ -18,7 +18,7 @@ definition: metadata: name: admin namespace: "{{ user }}-project" namespace: "{{ name }}" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole ansible/roles/ocp4-workload-quarkus-workshop/tasks/install-amqstreams.yaml
New file @@ -0,0 +1,25 @@ --- # Setup AMQ Streams (kafka) via operator - name: Create OpenShift Objects for amq streams k8s: state: present merge_type: - strategic-merge - merge definition: "{{ lookup('file', item ) | from_yaml }}" loop: - ./files/amqstreams_subscription.yaml # wait for amq (kafka) CRDs - name: Wait for Kafka CRD k8s_facts: api_version: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition name: kafkas.kafka.strimzi.io register: r_kafka_crd retries: 200 delay: 10 ignore_errors: yes until: r_kafka_crd.resources | list | length == 1
New file @@ -0,0 +1,219 @@ --- # create codeready namespace - name: create codeready namespace k8s: state: present kind: Project api_version: project.openshift.io/v1 definition: metadata: name: "codeready" annotations: openshift.io/description: "" openshift.io/display-name: "CodeReady Project" # deploy codeready operator - name: Create operator subscription for CodeReady k8s: state: present merge_type: - strategic-merge - merge definition: "{{ lookup('file', item ) | from_yaml }}" loop: - ./files/codeready_operatorgroup.yaml - ./files/codeready_subscription.yaml # wait for CRD to be a thing - name: Wait for CodeReady CRD to be ready k8s_facts: api_version: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition name: checlusters.org.eclipse.che register: r_codeready_crd retries: 200 delay: 10 ignore_errors: yes until: r_codeready_crd.resources | list | length == 1 # deploy codeready CR - name: Create CR for CodeReady k8s: state: present merge_type: - strategic-merge - merge definition: "{{ lookup('file', item ) | from_yaml }}" loop: - ./files/codeready_cr.yaml # wait for che to be up - name: wait for CRW to be running uri: url: http://codeready-codeready.{{ route_subdomain }}/dashboard/ register: result until: result.status == 200 retries: "120" delay: "15" - name: Get codeready keycloak deployment k8s_facts: kind: Deployment namespace: codeready name: keycloak register: r_keycloak_deployment - name: show cr debug: msg: "existing keycloak deployment: {{ r_keycloak_deployment }}" - name: set codeready username fact set_fact: codeready_sso_admin_username: "{{ r_keycloak_deployment.resources[0].spec.template.spec.containers[0].env | selectattr('name','equalto','SSO_ADMIN_USERNAME') |map (attribute='value') | list | first }}" - name: set codeready password fact set_fact: codeready_sso_admin_password: "{{ r_keycloak_deployment.resources[0].spec.template.spec.containers[0].env | selectattr('name','equalto','SSO_ADMIN_PASSWORD') |map (attribute='value') | list | first }}" - name: show codeready keycloak admin username debug: msg: "codeready keycloak admin username: {{ codeready_sso_admin_username }}" - name: show codeready keycloak admin password debug: msg: "codeready keycloak admin password: {{ codeready_sso_admin_password }}" - name: enable script upload command: oc set env -n codeready deployment/keycloak JAVA_OPTS_APPEND="-Dkeycloak.profile.feature.scripts=enabled -Dkeycloak.profile.feature.upload_scripts=enabled" - name: wait for keycloak to return command: oc rollout -n codeready status --timeout=1m -w deployment/keycloak register: cmd_res retries: 120 delay: 10 until: cmd_res.rc == 0 - name: get keycloak pod k8s_facts: api_version: v1 kind: Pod namespace: codeready label_selectors: - app = codeready - component = keycloak register: r_keycloak_pod retries: 120 delay: 10 until: r_keycloak_pod.resources | list | length == 1 - name: Get SSO admin token uri: url: http://keycloak-codeready.{{ route_subdomain }}/auth/realms/master/protocol/openid-connect/token method: POST body: username: "{{ codeready_sso_admin_username }}" password: "{{ codeready_sso_admin_password }}" grant_type: "password" client_id: "admin-cli" body_format: form-urlencoded status_code: 200,201,204 register: sso_admin_token - name: Import realm uri: url: http://keycloak-codeready.{{ route_subdomain }}/auth/admin/realms method: POST body_format: json headers: Content-Type: application/json Authorization: "Bearer {{ sso_admin_token.json.access_token }}" body: "{{ lookup('file', './files/quarkus-realm.json') }}" ## accept 409 Conflict in case realm exists status_code: 200,201,204,409 register: result retries: 120 delay: 10 until: result is succeeded - name: create codeready users include_tasks: add_che_user.yaml vars: user: "{{ item }}" with_list: "{{ users }}" - name: Get codeready SSO admin token uri: url: http://keycloak-codeready.{{ route_subdomain }}/auth/realms/master/protocol/openid-connect/token method: POST body: username: "{{ codeready_sso_admin_username }}" password: "{{ codeready_sso_admin_password }}" grant_type: "password" client_id: "admin-cli" body_format: form-urlencoded status_code: 200,201,204 register: codeready_sso_admin_token - name: Increase codeready access token lifespans uri: url: http://keycloak-codeready.{{ route_subdomain }}/auth/admin/realms/codeready method: PUT headers: Content-Type: application/json Authorization: "Bearer {{ codeready_sso_admin_token.json.access_token }}" body: accessTokenLifespan: 28800 accessTokenLifespanForImplicitFlow: 28800 actionTokenGeneratedByUserLifespan: 28800 ssoSessionIdleTimeout: 28800 ssoSessionMaxLifespan: 28800 body_format: json status_code: 204 - name: Get Codeready admin token uri: url: http://keycloak-codeready.{{ route_subdomain }}/auth/realms/codeready/protocol/openid-connect/token method: POST body: username: admin password: admin grant_type: "password" client_id: "admin-cli" body_format: form-urlencoded status_code: 200,201,204 register: che_admin_token - name: Import stack imagestream k8s: state: present merge_type: - strategic-merge - merge definition: "{{ lookup('file', item ) | from_yaml }}" loop: - ./files/stack_imagestream.yaml - name: wait for stack to be a thing k8s_facts: kind: ImageStream name: quarkus-stack namespace: openshift register: r_stack_is retries: 200 delay: 10 ignore_errors: yes until: r_stack_is.resources | list | length == 1 - name: import stack image shell: | oc import-image --all quarkus-stack -n openshift - name: wait a minute and let the image download and be registered so workspaces start up pause: minutes: 5 - name: Pre-create and warm user workspaces include_tasks: create_che_workspace.yaml vars: user: "{{ item }}" with_list: "{{ users }}" ansible/roles/ocp4-workload-quarkus-workshop/tasks/install-jaeger.yaml
New file @@ -0,0 +1,23 @@ --- - name: Create OpenShift Objects for jaeger k8s: state: present merge_type: - strategic-merge - merge definition: "{{ lookup('file', item ) | from_yaml }}" loop: - ./files/jaeger_subscription.yaml - name: Wait for Jaeger CRD k8s_facts: api_version: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition name: jaegers.jaegertracing.io register: r_jaeger_crd retries: 200 delay: 10 ignore_errors: yes until: r_jaeger_crd.resources | list | length == 1
@@ -16,11 +16,13 @@ - "user.info: OpenShift Console: {{ console_url }}" - "user.info: Cluster admin login with '{{ ocp_username }}' / 'r3dh4t1!'" - "user.info: " - "user.info: CodeReady Console: http://codeready-che.{{ route_subdomain }}" - "user.info: OpenShift/Kubernetes API (use with oc login): {{ master_url }}" - "user.info: " - "user.info: CodeReady Console: http://codeready-codeready.{{ route_subdomain }}" - "user.info: Admin login with 'admin' / 'admin'" - "user.info: " - "user.info: Red Hat SSO Console: http://keycloak-che.{{ route_subdomain }}" - "user.info: Admin login with: '{{ sso_admin_username.stdout }}' / '{{ sso_admin_password.stdout }}'" - "user.info: Red Hat SSO Console: http://keycloak-codeready.{{ route_subdomain }}" - "user.info: Find admin credentials with oc set env deployment/keycloak -n codeready --list" - "user.info: " - "user.info: NOTE: Workspaces in CodeReady are provisioned asynchronously and may not" - "user.info: be accessible until rollout finishes shortly." ansible/roles/ocp4-workload-quarkus-workshop/tasks/remove_workload.yml
@@ -21,30 +21,13 @@ kind: Project api_version: project.openshift.io/v1 - name: Delete OpenShift Objects for Che ignore_errors: yes # TODO delete CodeReady - name: remove the CodeReady k8s: state: absent definition: "{{ lookup('file', item ) | from_yaml }}" loop: - ./files/codeready_namespace.yaml - ./files/codeready_operatorgroup.yaml - ./files/codeready_catalog_source.yaml - ./files/codeready_subscription.yaml - name: delete CodeReady CRD shell: | oc delete customresourcedefinition/checlusters.org.eclipse.che ignore_errors: true - name: Delete OpenShift Objects for Strimzi ignore_errors: yes k8s: state: absent definition: "{{ lookup('file', item ) | from_yaml }}" loop: - ./files/strimzi_catalog_source.yaml - ./files/strimzi_subscription.yaml name: "codeready" kind: Project api_version: project.openshift.io/v1 # Leave this as the last task in the playbook. - name: remove_workload tasks complete ansible/roles/ocp4-workload-quarkus-workshop/tasks/workload.yml
@@ -18,7 +18,8 @@ include_tasks: create_project.yaml vars: user: "{{ item }}" with_list: "{{ users }}" name: "{{ item }}-project" loop: "{{ users }}" # Deploy guides - name: create guides project @@ -33,24 +34,30 @@ openshift.io/description: "" openshift.io/display-name: "Quarkus Workshop Guides" - name: search for guide k8s_facts: kind: DeploymentConfig name: web namespace: guides register: r_guide_dc - name: deploy guides when: r_guide_dc.resources | list | length == 0 shell: > oc new-app -n guides quay.io/osevg/workshopper --name=web -e CHE_USER_NAME='{{ workshop_che_user_name}}' oc new-app -n guides quay.io/jamesfalkner/workshopper --name=web -e CHE_USER_PASSWORD='{{ workshop_che_user_password }}' -e OPENSHIFT_USER_NAME='{{ workshop_openshift_user_name }}' -e OPENSHIFT_USER_PASSWORD='{{ workshop_openshift_user_password }}' -e MASTER_URL={{ master_url }} -e CONSOLE_URL={{ console_url }} -e CHE_URL=http://codeready-che.{{ route_subdomain }} -e KEYCLOAK_URL=http://keycloak-che.{{ route_subdomain }} -e CHE_URL=http://codeready-codeready.{{ route_subdomain }} -e KEYCLOAK_URL=http://keycloak-codeready.{{ route_subdomain }} -e ROUTE_SUBDOMAIN={{ route_subdomain }} -e CONTENT_URL_PREFIX='https://raw.githubusercontent.com/RedHatWorkshops/quarkus-workshop/master/docs/' -e WORKSHOPS_URLS='https://raw.githubusercontent.com/RedHatWorkshops/quarkus-workshop/master/docs/{{ workshop_labs_url }}' -e CONTENT_URL_PREFIX='https://raw.githubusercontent.com/RedHatWorkshops/quarkus-workshop/ocp-4.3/docs/' -e WORKSHOPS_URLS='https://raw.githubusercontent.com/RedHatWorkshops/quarkus-workshop/ocp-4.3/docs/{{ workshop_labs_url }}' -e LOG_TO_STDOUT=true ignore_errors: true - name: create the Route for guides when: r_guide_dc.resources | list | length == 0 k8s: namespace: guides state: present @@ -70,311 +77,56 @@ targetPort: 8080-tcp register: Route # Install Che via operator - name: Create OpenShift Objects for Che k8s: state: present merge_type: - strategic-merge - merge definition: "{{ lookup('file', item ) | from_yaml }}" loop: - ./files/codeready_namespace.yaml - ./files/codeready_operatorgroup.yaml - ./files/codeready_catalog_source.yaml - ./files/codeready_subscription.yaml - name: Wait for CodeReady CRD # Install CRW via operator - name: see if codeready is installed k8s_facts: api_version: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition name: checlusters.org.eclipse.che register: r_codeready_crd retries: 200 delay: 10 ignore_errors: yes until: r_codeready_crd.resources | list | length == 1 - name: Notify user if CodeReady deployment failed when: not r_codeready_crd.resources | list | length == 1 debug: msg: "user.info: *** CodeReady operator could not be installed ***" - name: Look for CodeReady CR k8s_facts: api_version: org.eclipse.che/v1 kind: CheCluster namespace: che name: codeready name: codeready-workspaces namespace: codeready register: r_codeready_cr - name: show cr - name: show codeready cr debug: msg: "existing codeready cr: {{ r_codeready_cr }}" msg: "existing codeready project: {{ r_codeready_cr }}" - name: Create OpenShift Objects for CodeReady if not existing - name: install codeready when: r_codeready_cr.resources | list | length == 0 k8s: state: present merge_type: - strategic-merge - merge definition: "{{ lookup('file', item ) | from_yaml }}" loop: - ./files/codeready.yaml include_tasks: install-codeready.yaml - name: wait for CRW to be running uri: url: http://codeready-che.{{ route_subdomain }}/dashboard/ register: result until: result.status == 200 retries: "120" delay: "15" tags: eclipse-che - name: Search for CodeReady ConfigMap # Install AMQ Streams for all workspaces - name: Look for amq subscription k8s_facts: kind: ConfigMap namespace: che name: custom register: codeready_cm api_version: operators.coreos.com/v1alpha1 kind: Subscription name: amq-streams namespace: openshift-operators register: r_amq_sub - name: show cm object - name: show existing amq sub debug: msg: "Codeready Configmap: {{ codeready_cm }}" msg: "existing amq sub: {{ r_amq_sub }}" # Workaround for PVC problem - name: Alternative to volumeBindingMode=WaitForFirstConsumer when: (codeready_cm.resources[0].data.CHE_INFRA_KUBERNETES_PVC_WAIT__BOUND is undefined) or (codeready_cm.resources[0].data.CHE_INFRA_KUBERNETES_PVC_WAIT__BOUND == true) k8s: state: present merge_type: - strategic-merge - merge definition: "{{ lookup('file', './files/cm-custom-codeready.yaml' ) | from_yaml }}" - name: Create OpenShift Objects for Kafka (amq streams) when: r_amq_sub.resources | list | length == 0 include_tasks: install-amqstreams.yaml - name: Search for CodeReady Pod # Install Jaeger for all workspaces - name: Look for jaeger subscription k8s_facts: kind: Pod namespace: che label_selectors: - app = codeready - component = codeready register: codeready_pod api_version: operators.coreos.com/v1alpha1 kind: Subscription name: jaeger-product namespace: openshift-operators register: r_jaeger_sub - name: Restart CodeReady Pod when: (codeready_cm.resources[0].data.CHE_INFRA_KUBERNETES_PVC_WAIT__BOUND is undefined) or (codeready_cm.resources[0].data.CHE_INFRA_KUBERNETES_PVC_WAIT__BOUND == true) k8s: state: absent api_version: v1 kind: Pod name: "{{ codeready_pod.resources[0].metadata.name }}" namespace: che - name: wait for CRW to be running after PVC workaround when: (codeready_cm.resources[0].data.CHE_INFRA_KUBERNETES_PVC_WAIT__BOUND is undefined) or (codeready_cm.resources[0].data.CHE_INFRA_KUBERNETES_PVC_WAIT__BOUND == true) uri: url: http://codeready-che.{{ route_subdomain }}/dashboard/ register: result until: result.status == 200 retries: "120" delay: "15" tags: eclipse-che # get ingress host - name: Get ingress host k8s_facts: api_version: v1 kind: Service name: router-default namespace: openshift-ingress register: r_router_default - name: Show ingress object - name: show existing jaeger sub debug: msg: "Ingress object: {{ r_router_default }}" msg: "existing jaeger sub: {{ r_jaeger_sub }}" - name: Show ingress host name debug: msg: "Ingress hostname: {{ r_router_default.resources[0].status.loadBalancer.ingress[0].hostname }}" # Fix AWS ELB connection timeout - name: Get ELB name become_user: ec2-user shell: | sudo -u ec2-user aws elb describe-load-balancers --region {{ aws_region }} | jq '.LoadBalancerDescriptions | map(select( .DNSName == "{{ r_router_default.resources[0].status.loadBalancer.ingress[0].hostname }}"))' | jq -r '.[0].LoadBalancerName' register: lbname - name: Show load balancer name debug: msg: "Load balancer name: {{ lbname.stdout }}" - name: Fix load balancer become_user: ec2-user shell: | sudo -u ec2-user aws elb modify-load-balancer-attributes --region {{ aws_region }} --load-balancer-name {{ lbname.stdout }} --load-balancer-attributes "{\"ConnectionSettings\":{\"IdleTimeout\":300}}" # add keycloak realm - name: Get SSO username shell: | oc get deployment keycloak -n che -o=jsonpath={'.spec.template.spec.containers[0].env[?(@.name=="SSO_ADMIN_USERNAME")].value'} register: sso_admin_username - name: Get SSO password shell: | oc get deployment keycloak -n che -o=jsonpath={'.spec.template.spec.containers[0].env[?(@.name=="SSO_ADMIN_PASSWORD")].value'} register: sso_admin_password - name: Print SSO connection info debug: msg: "url: http://keycloak-che.{{ route_subdomain }} username: {{ sso_admin_username.stdout }} password: {{ sso_admin_password.stdout }}" - name: Get SSO admin token uri: url: http://keycloak-che.{{ route_subdomain }}/auth/realms/master/protocol/openid-connect/token method: POST body: username: "{{ sso_admin_username.stdout }}" password: "{{ sso_admin_password.stdout }}" grant_type: "password" client_id: "admin-cli" body_format: form-urlencoded status_code: 200,201,204 register: sso_admin_token - name: Import realm uri: url: http://keycloak-che.{{ route_subdomain }}/auth/admin/realms method: POST body_format: json headers: Content-Type: application/json Authorization: "Bearer {{ sso_admin_token.json.access_token }}" body: "{{ lookup('file', './files/quarkus-realm.json') }}" ## accept 409 Conflict in case realm exists status_code: 200,201,204,409 # Add users to Che - name: Add users to che include_tasks: add_che_user.yaml vars: user: "{{ item }}" with_list: "{{ users }}" # Import stack definition - name: Get Che admin token uri: url: http://keycloak-che.{{ route_subdomain }}/auth/realms/codeready/protocol/openid-connect/token method: POST body: username: admin password: admin grant_type: "password" client_id: "admin-cli" body_format: form-urlencoded status_code: 200,201,204 register: che_admin_token - name: Import stack definition uri: url: http://codeready-che.{{ route_subdomain }}/api/stack method: POST headers: Content-Type: application/json Authorization: "Bearer {{ che_admin_token.json.access_token }}" body: "{{ lookup('file', './files/stack.json') }}" body_format: json ## accept 409 in case it already exists status_code: 201,409 # Get stack definition - name: Get stack definitions uri: url: http://codeready-che.{{ route_subdomain }}/api/stack method: GET headers: Authorization: "Bearer {{ che_admin_token.json.access_token }}" status_code: 200 register: stack_definitions - name: Set Stack permissions uri: url: http://codeready-che.{{ route_subdomain }}/api/permissions method: POST headers: Content-Type: application/json Authorization: "Bearer {{ che_admin_token.json.access_token }}" body: userId: "*" domainId: "stack" instanceId: "{{ item }}" actions: ["read", "search"] body_format: json status_code: 204 with_list: "{{ stack_definitions | json_query('json[*].id') }}" # Adjust che limits - name: Delete default limitrange shell: | oc delete limitrange che-core-resource-limits -n che ignore_errors: true - name: Create a new limitrange template: src: ./templates/che-limitrange.j2 dest: /tmp/che-limitrange.yaml - shell: | oc create -f /tmp/che-limitrange.yaml -n che - name: Import stack imagestream k8s: state: present merge_type: - strategic-merge - merge definition: "{{ lookup('template', item ) | from_yaml }}" loop: - ./templates/stack.imagestream.j2 - name: Wait for ImageStream definition k8s_facts: kind: ImageStream name: quarkus-stack namespace: openshift register: r_imagestream_d retries: 200 delay: 10 ignore_errors: yes until: r_imagestream_d.resources | list | length == 1 - name: print imagestream debug: msg: "imagestream: {{ r_imagestream_d }}" - name: import imagestream shell: | oc import-image --all quarkus-stack -n openshift - name: Pre-create user workspaces include_tasks: create_che_workspace.yaml vars: user: "{{ item }}" with_list: "{{ users }}" # Install Strimzi operator for all workspaces # Install Che via operator - name: Create OpenShift Objects for Strimzi k8s: state: present merge_type: - strategic-merge - merge definition: "{{ lookup('file', item ) | from_yaml }}" loop: - ./files/strimzi_catalog_source.yaml - ./files/strimzi_subscription.yaml - name: Create OpenShift Objects for Jaeger when: r_jaeger_sub.resources | list | length == 0 include_tasks: install-jaeger.yaml # Leave this as the last task in the playbook. - name: workload tasks complete ansible/roles/ocp4-workload-quarkus-workshop/templates/che-limitrange.j2
File was deleted ansible/roles/ocp4-workload-quarkus-workshop/templates/che-user.j2
File was deleted ansible/roles/ocp4-workload-quarkus-workshop/templates/devfile.json.j2
New file @@ -0,0 +1,121 @@ { "apiVersion": "1.0.0", "metadata": { "name": "{{ user }}-workspace" }, "components": [ { "id": "redhat/java/latest", "type": "chePlugin" }, { "mountSources": true, "memoryLimit": "3Gi", "type": "dockerimage", "volumes": [ { "name": "m2", "containerPath": "/home/jboss/.m2" } ], "alias": "quarkus-tools", "image": "image-registry.openshift-image-registry.svc:5000/openshift/quarkus-stack:1.0", "env": [ { "value": "/home/jboss/.m2", "name": "MAVEN_CONFIG" }, { "value": "-Xmx4G -Xss128M -XX:MetaspaceSize=1G -XX:MaxMetaspaceSize=2G -XX:+CMSClassUnloadingEnabled", "name": "MAVEN_OPTS" } ], "endpoints": [ { "name": "web-{{ user }}", "port": 8080, "attributes": { "discoverable": "true", "public": "true", "protocol": "http" } }, { "name": "debug-{{ user }}", "port": 5005, "attributes": { "discoverable": "false", "public": "false", "protocol": "jdwp" } } ] } ], "commands": [ { "name": "Login to OpenShift", "actions": [ { "type": "exec", "component": "quarkus-tools", "command": "oc login https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_SERVICE_PORT --insecure-skip-tls-verify=true", "workdir": "${CHE_PROJECTS_ROOT}" } ] }, { "name": "Run Tests", "actions": [ { "type": "exec", "component": "quarkus-tools", "command": "mvn verify -f ${CHE_PROJECTS_ROOT}/quarkus-workshop-labs", "workdir": "${CHE_PROJECTS_ROOT}" } ] }, { "name": "Start Live Coding", "actions": [ { "type": "exec", "component": "quarkus-tools", "command": "mvn clean compile quarkus:dev -f ${CHE_PROJECTS_ROOT}/quarkus-workshop-labs", "workdir": "${CHE_PROJECTS_ROOT}" } ] }, { "name": "Package App for OpenShift", "actions": [ { "type": "exec", "component": "quarkus-tools", "command": "mvn package -DuberJar=true -DskipTests -f ${CHE_PROJECTS_ROOT}/quarkus-workshop-labs", "workdir": "${CHE_PROJECTS_ROOT}" } ] }, { "name": "Build Native App", "actions": [ { "type": "exec", "component": "quarkus-tools", "command": "mvn package -Pnative -DskipTests -f ${CHE_PROJECTS_ROOT}/quarkus-workshop-labs", "workdir": "${CHE_PROJECTS_ROOT}" } ] }, { "name": "Start Debugger on 5005", "actions": [ { "type": "vscode-launch", "referenceContent": "{\n \"version\": \"0.2.0\",\n \"configurations\": [\n {\n \"type\": \"java\",\n \"request\": \"attach\",\n \"name\": \"Attach to App\",\n \"hostName\": \"localhost\",\n \"port\": 5005\n }\n ]\n}\n" } ] } ] }
