ansible/roles/ocp-workload-bxms-dm-exp/defaults/main.yml
New file @@ -0,0 +1,49 @@ --- become_override: false ocp_username: jbride-redhat.com ocp_user_needs_quota: True ocp_user_groups: - OPENTLC-PROJECT-PROVISIONERS quota_requests_cpu: 5 quota_limits_cpu: 10 quota_requests_memory: '10Gi' quota_limits_memory: '20Gi' quota_configmaps: 10 quota_pods: 20 quota_persistentvolumeclaims: 20 quota_services: 30 quota_secrets: 30 quota_requests_storage: 50Gi build_status_retries: 40 build_status_delay: 20 deploy_status_retries: 25 deploy_status_delay: 20 # OCP Limit Range pod_min_mem: 10Mi pod_max_mem: 6Gi container_max_mem: 4Gi default_min_mem: 256Mi default_max_mem: 1Gi default_min_cpu: 250m default_max_cpu: 1000m # DM_IS_URL: https://raw.githubusercontent.com/jboss-container-images/rhdm-7-openshift-image/7.2.0.GA/rhdm72-image-streams.yaml DM_IS_FILE_NAME: "rhdm72-image-streams.yaml" DM_IS_URL: "/tmp/{{DM_IS_FILE_NAME}}" #DM_IMAGE_REGISTRY: registry.redhat.io DM_IMAGE_REGISTRY: registry.access.redhat.com SECRETS_TEMPLATE_URL: https://raw.githubusercontent.com/jboss-container-images/rhdm-7-openshift-image/7.1.1.GA/example-app-secret-template.yaml DM_TEMPLATE_URL: https://raw.githubusercontent.com/jboss-container-images/rhdm-7-openshift-image/7.2.0.GA/templates/rhdm72-authoring.yaml # DM_TEMPLATE_URL: https://raw.githubusercontent.com/gpe-mw-training/bxms_decision_mgmt_foundations_lab/master/resources/rhdm7-only.yaml ocp_apps_domain: apps.{{subdomain_base}} ansible/roles/ocp-workload-bxms-dm-exp/ilt_provision.sh
New file @@ -0,0 +1,101 @@ #!/bin/bash END_PROJECT_NUM=1 START_PROJECT_NUM=1 WORKLOAD="ocp-workload-bxms-dm" LOG_FILE=/tmp/$WORKLOAD for var in $@ do case "$var" in --HOST_GUID=*) HOST_GUID=`echo $var | cut -f2 -d\=` ;; --START_PROJECT_NUM=*) START_PROJECT_NUM=`echo $var | cut -f2 -d\=` ;; --END_PROJECT_NUM=*) END_PROJECT_NUM=`echo $var | cut -f2 -d\=` ;; -h) HELP=true ;; -help) HELP=true ;; esac done function ensurePreReqs() { if [ "x$HOST_GUID" == "x" ]; then echo -en "must pass parameter: --HOST_GUID=<ocp host GUID> . \n\n" help exit 1; fi LOG_FILE=$LOG_FILE-$HOST_GUID-$START_PROJECT_NUM-$END_PROJECT_NUM.log echo -en "starting\n\n" > $LOG_FILE echo -en "\n\nProvision log file found at: $LOG_FILE\n"; } function help() { echo -en "\n\nOPTIONS:"; echo -en "\n\t--HOST_GUID=* REQUIRED: specify GUID of target OCP environment)" echo -en "\n\t--START_PROJECT_NUM=* OPTIONAL: specify # of first OCP project to provision (defult = 1))" echo -en "\n\t--END_PROJECT_NUM=* OPTIONAL: specify # of OCP projects to provision (defualt = 1))" echo -en "\n\t-h this help manual" echo -en "\n\n\nExample: ./roles/$WORKLOAD/ilt_provision.sh --HOST_GUID=dev39 --START_PROJECT_NUM=1 --END_PROJECT_NUM=1\n\n" } function login() { echo -en "\nHOST_GUID=$HOST_GUID\n" >> $LOG_FILE oc login https://master.$HOST_GUID.openshift.opentlc.com -u opentlc-mgr -p r3dh4t1! } function initializeOpenshift() { oc create -f https://raw.githubusercontent.com/jboss-container-images/rhdm-7-openshift-image/ose-v1.4.8-1/rhdm70-image-streams.yaml -n openshift } function executeLoop() { echo -en "\nexecuteLoop() START_PROJECT_NUM = $START_PROJECT_NUM ; END_PROJECT_NUM=$END_PROJECT_NUM" >> $LOG_FILE for (( c=$START_PROJECT_NUM; c<=$END_PROJECT_NUM; c++ )) do GUID=$c OCP_USERNAME=user$c executeAnsible done } function executeAnsible() { TARGET_HOST="bastion.$HOST_GUID.openshift.opentlc.com" SSH_USERNAME="jbride-redhat.com" SSH_PRIVATE_KEY="id_ocp" # NOTE: Ensure you have ssh'd (as $SSH_USERNMAE) into the bastion node of your OCP cluster environment at $TARGET_HOST and logged in using opentlc-mgr account: # oc login https://master.$HOST_GUID.openshift.opentlc.com -u opentlc-mgr GUID=$PROJECT_PREFIX$GUID echo -en "\n\nexecuteAnsible(): Provisioning project with GUID = $GUID and OCP_USERNAME = $OCP_USERNAME\n" >> $LOG_FILE ansible-playbook -i ${TARGET_HOST}, ./configs/ocp-workloads/ocp-workload.yml \ -e"ansible_ssh_private_key_file=~/.ssh/${SSH_PRIVATE_KEY}" \ -e"ansible_user=${SSH_USERNAME}" \ -e"ocp_username=${OCP_USERNAME}" \ -e"ocp_workload=${WORKLOAD}" \ -e"guid=${GUID}" \ -e"ocp_user_needs_quota=true" \ -e"ocp_apps_domain=apps.${HOST_GUID}.openshift.opentlc.com" \ -e"ACTION=create" >> $LOG_FILE if [ $? -ne 0 ]; then echo -en "\n\n*** Error provisioning where GUID = $GUID\n\n " >> $LOG_FILE echo -en "\n\n*** Error provisioning where GUID = $GUID\n\n " exit 1; fi } ensurePreReqs login initializeOpenshift executeLoop ansible/roles/ocp-workload-bxms-dm-exp/readme.adoc
New file @@ -0,0 +1,35 @@ = ocp-workload-bxms-dm NOTE: Assumes the following has been executed: ----- $ oc create -f https://raw.githubusercontent.com/jboss-container-images/rhdm-7-openshift-image/7.1.1.GA/rhdm71-image-streams.yaml -n openshift ----- === Deploy a Workload with the `ocp-workload` playbook [Mostly for testing] ---- SUBDOMAIN_BASE=`oc whoami --show-server | cut -d'.' -f 2,3,4,5 | cut -d':' -f 1` GUID=jb45 WORKLOAD="ocp-workload-bxms-dm-exp" OCP_USERNAME="jbride-redhat.com" # a TARGET_HOST is specified in the command line, without using an inventory file ansible-playbook -i localhost, -c local ./configs/ocp-workloads/ocp-workload.yml \ -e"ocp_workload=${WORKLOAD}" \ -e"guid=${GUID}" \ -e"ACTION=create" \ -e"subdomain_base=$SUBDOMAIN_BASE" \ -e"ocp_username=$OCP_USERNAME" ---- === To Delete an environment ---- # a TARGET_HOST is specified in the command line, without using an inventory file ansible-playbook -i localhost, -c local ./configs/ocp-workloads/ocp-workload.yml \ -e"ocp_username=${OCP_USERNAME}" \ -e"ocp_workload=${WORKLOAD}" \ -e"guid=${GUID}" \ -e"ACTION=remove" ---- ansible/roles/ocp-workload-bxms-dm-exp/tasks/main.yml
New file @@ -0,0 +1,20 @@ --- - name: Running Pre Workload Tasks import_tasks: ./pre_workload.yml become: "{{ become_override | bool }}" when: ACTION == "create" or ACTION == "provision" - name: Running Workload Tasks import_tasks: ./workload.yml become: "{{ become_override | bool }}" when: ACTION == "create" or ACTION == "provision" - name: Running Post Workload Tasks import_tasks: ./post_workload.yml become: "{{ become_override | bool }}" when: ACTION == "create" or ACTION == "provision" - name: Running Workload removal Tasks import_tasks: ./remove_workload.yml become: "{{ become_override | bool }}" when: ACTION == "destroy" or ACTION == "remove" ansible/roles/ocp-workload-bxms-dm-exp/tasks/post_workload.yml
New file @@ -0,0 +1,5 @@ --- - name: post_workload Tasks Complete debug: msg: "Post-Software checks completed successfully" ansible/roles/ocp-workload-bxms-dm-exp/tasks/pre_workload.yml
New file @@ -0,0 +1,32 @@ --- # - name: Add user to developer group (allowed to create projects) # shell: "oadm groups add-users {{item}} {{ocp_username}}" # register: groupadd_register # with_items: "{{ocp_user_groups}}" # when: ocp_username is defined and ocp_user_groups is defined # # - name: test that command worked # debug: # var: groupadd_register # verbosity: 2 - name: Create user Quota - clusterresourcequota shell: | oc create clusterquota clusterquota-"{{ocp_username}}-{{guid}}" \ --project-annotation-selector=openshift.io/requester="{{ocp_username}}" \ --hard requests.cpu="{{quota_requests_cpu}}" \ --hard limits.cpu="{{quota_limits_cpu}}" \ --hard requests.memory="{{quota_requests_memory}}" \ --hard limits.memory="{{quota_limits_memory}}" \ --hard configmaps="{{quota_configmaps}}" \ --hard pods="{{quota_pods}}" \ --hard persistentvolumeclaims="{{quota_persistentvolumeclaims}}" \ --hard services="{{quota_services}}" \ --hard secrets="{{quota_secrets}}" \ --hard requests.storage="{{quota_requests_storage}}" ignore_errors: true - name: pre_workload Tasks Complete debug: msg: "Pre-Software checks completed successfully" ansible/roles/ocp-workload-bxms-dm-exp/tasks/remove_workload.yml
New file @@ -0,0 +1,23 @@ --- - name: post_workload Tasks Complete debug: msg: "Pre-Software checks completed successfully - Removed" - name: define ocp_project set_fact: ocp_project: "bxms-dm-{{guid}}" - name: Remove user Quota - oc delete clusterresourcequota "clusterquota-{{ocp_username}}-{{guid}}" shell: oc delete clusterresourcequota clusterquota-{{ocp_username}}-{{guid}} ignore_errors: true - name: Remove any lingering tmp files shell: "rm -rf /tmp/{{guid}}" - name: Remove user Project shell: "oc delete project {{ocp_project}}" - name: post_workload Tasks Complete debug: msg: "Post-Software checks completed successfully - Removed" ansible/roles/ocp-workload-bxms-dm-exp/tasks/wait_for_build.yml
New file @@ -0,0 +1,23 @@ --- # Purpose: # This script queries OCP for builds that exist but are not yet ready. # So long as there are unready builds, this script continues to loop # # Manual Test to determine list of unready builds : # 1) install jp : https://github.com/jmespath/jp # 2) oc get builds -o json | jp "items[? (status.phase != 'Complete') ].metadata.annotations.\"openshift.io/build-config.name\"" # # Documentation pertaining to jq syntax: # - http://jmespath.org/tutorial.html # - https://stackoverflow.com/questions/41261680/ansible-json-query-path-to-select-item-by-content # - name: "Wait for following builds to become ready: {{build_to_wait}}" command: 'oc get build -o json -n "{{ ocp_project }}"' register: build_state changed_when: false retries: "{{ build_status_retries }}" delay: "{{ build_status_delay }}" vars: query: "items[? (status.phase != 'Complete') ].metadata.annotations.\"openshift.io/build-config.name\"" until: "build_state.stdout |from_json |json_query(query) |intersect(build_to_wait) |length == 0" ansible/roles/ocp-workload-bxms-dm-exp/tasks/wait_for_deploy.yml
New file @@ -0,0 +1,20 @@ --- # Purpose: # This script queries OCP for replication controllers that exist but are not yet ready. # So long as there are unready replication controllers, this script continues to loop # # Manual Test to determine list of unready replication controllers : # 1) install jp : https://github.com/jmespath/jp # 2) oc get rc -o json | jp 'items[? (status.readyReplicas == ""|| status.readyReplicas == `0`) ].metadata.annotations."openshift.io/deployment-config.name"' # - name: "Wait for following deployments to become ready: {{pod_to_wait}}" command: 'oc get rc -o json -n "{{ ocp_project }}"' register: rc_state changed_when: false retries: "{{ deploy_status_retries }}" delay: "{{ deploy_status_delay }}" until: 'rc_state.stdout |from_json |json_query(''items[? (status.readyReplicas == ""|| status.readyReplicas == `0`) ].metadata.annotations."openshift.io/deployment-config.name"'') |intersect(pod_to_wait) |length == 0' # Documentation pertaining to jq syntax: # - http://jmespath.org/tutorial.html ansible/roles/ocp-workload-bxms-dm-exp/tasks/workload.yml
New file @@ -0,0 +1,108 @@ --- - name: define ocp_project set_fact: ocp_project: "bxms-dm-{{guid}}" - name: "Create project for workload {{ocp_project}}" shell: "oc new-project {{ocp_project}}" - name: "Label namespace" command: "oc label namespace {{ocp_project}} AAD='{{guid}}'" - name: Annotate the empty project as requested by user shell: "oc annotate namespace {{ocp_project}} openshift.io/requester={{ocp_username}} --overwrite" - name: Make sure we go back to default project shell: "oc project default" - name: Prep local filesystem for temp files file: path: "/tmp/{{guid}}" state: directory # Note; depending on the environment, OCP projects may or may not have default limit ranges - name: Delete default limitrange shell: | oc delete limitrange {{ocp_project}}-core-resource-limits -n {{ocp_project}} ignore_errors: true - name: Create a new limitrange template: src: templates/limitrange.yaml.j2 dest: /tmp/{{ocp_project}}_limitrange.yaml - shell: | oc create -f /tmp/{{ocp_project}}_limitrange.yaml -n {{ocp_project}} # Imagestreams are beginning to reference the new and secured registry.redhat.io . # Will switch this back to registry.access.redhat.com (until GPTE has an elab solution that allows for pull down from secured registries that is seemless to student - name: Update DM image streams template: src: "{{DM_IS_FILE_NAME}}" dest: "{{DM_IS_URL}}" - name: Load dm imagestream shell: "oc create -f {{DM_IS_URL}} -n {{ocp_project}}" - name: Create the Decision Manager Template shell: "oc create -f {{DM_TEMPLATE_URL}} -n {{ocp_project}}" - name: Initialize secrets template shell: "oc create -f {{SECRETS_TEMPLATE_URL}} -n {{ocp_project}}" - name: Create Decision Central Secret shell: "oc new-app --template=example-app-secret -n {{ocp_project}} -p SECRET_NAME=decisioncentral-app-secret" - name: Create Kie Server Secret shell: "oc new-app --template=example-app-secret -n {{ocp_project}} -p SECRET_NAME=kieserver-app-secret" - name: Prepare a local copy of the template for modifications shell: "oc process -f {{DM_TEMPLATE_URL}} \ -p IMAGE_STREAM_NAMESPACE={{ocp_project}} \ -p KIE_ADMIN_PWD=r3dh4t1! \ -p APPLICATION_NAME=rhdm -p DECISION_CENTRAL_HTTPS_SECRET=decisioncentral-app-secret -p KIE_SERVER_HTTPS_SECRET=kieserver-app-secret > /tmp/{{guid}}/rhdm72-authoring.json" - name: Modify template with pause build configs replace: path: '/tmp/{{guid}}/rhdm72-authoring.json' regexp: '("replicas": 1,\n)' replace: '\1\t\t\t\t\t"paused": true,\n' - name: Modify template with CPU limit replace: path: '/tmp/{{guid}}/rhdm72-authoring.json' regexp: '("memory":\s"[0-9]{1,2}[a-zA-Z]{1,2}")([,]*\s)' replace: '\1,\n\t\t\t\t\t"cpu": "1"\2' - name: Modify template with CPU requirements replace: path: '/tmp/{{guid}}/rhdm72-authoring.json' regexp: '("limits":\s{\s)' replace: '"requests": {"cpu":"500m","memory":"1Gi"},\n\t\t\t\t\t\1' - name: Create Decision Manager containers based in template {{DM_TEMPLATE_URL}} shell: "oc create -f /tmp/{{guid}}/rhdm72-authoring.json -n {{ocp_project}}" - name: resume rhdm-rhdmcentr shell: oc rollout resume dc/rhdm-rhdmcentr -n {{ocp_project}} - include_tasks: ./wait_for_deploy.yml static: no vars: pod_to_wait: - rhdm-rhdmcentr - name: resume rhdm-kieserver shell: oc rollout resume dc/rhdm-kieserver -n {{ocp_project}} - include_tasks: ./wait_for_deploy.yml static: no vars: pod_to_wait: - rhdm-kieserver - name: Give ocp_username access to ocp_project; user = {{ocp_username}} shell: "oc policy add-role-to-user admin {{ocp_username}} -n {{ocp_project}}" - name: workload Tasks Complete debug: msg: workload Tasks Complete ansible/roles/ocp-workload-bxms-dm-exp/templates/limitrange.yaml.j2
New file @@ -0,0 +1,23 @@ apiVersion: v1 kind: LimitRange metadata: name: {{ocp_project}}-core-resource-limits namespace: {{ocp_project}} spec: limits: - default: cpu: {{default_max_cpu}} memory: {{default_max_mem}} defaultRequest: cpu: {{default_min_cpu}} memory: {{default_min_mem}} max: memory: {{container_max_mem}} min: memory: 10Mi type: Container - max: memory: {{pod_max_mem}} min: memory: {{pod_min_mem}} type: Pod ansible/roles/ocp-workload-bxms-dm-exp/templates/rhdm72-image-streams.yaml
New file @@ -0,0 +1,113 @@ kind: List apiVersion: v1 metadata: name: rhdm72-image-streams annotations: description: ImageStream definitions for Red Hat Decision Manager 7.2 openshift.io/provider-display-name: Red Hat, Inc. items: - kind: ImageStream apiVersion: v1 metadata: name: rhdm72-decisioncentral-openshift annotations: openshift.io/display-name: Red Hat Decision Manager Decision Central 7.2 openshift.io/provider-display-name: Red Hat, Inc. spec: tags: - name: '1.0' annotations: description: Red Hat Decision Manager 7.2 - Decision Central image. iconClass: icon-jboss tags: rhdm supports: rhdm:7.2 version: '1.0' referencePolicy: type: Local from: kind: DockerImage name: "{{DM_IMAGE_REGISTRY}}/rhdm-7/rhdm72-decisioncentral-openshift:1.0" - kind: ImageStream apiVersion: v1 metadata: name: rhdm72-controller-openshift annotations: openshift.io/display-name: Red Hat Decision Manager Standalone Controller 7.2 openshift.io/provider-display-name: Red Hat, Inc. spec: tags: - name: '1.0' annotations: description: Red Hat Decision Manager 7.2 - Standalone Controller image. iconClass: icon-jboss tags: rhdm supports: rhdm:7.2 version: '1.0' referencePolicy: type: Local from: kind: DockerImage name: "{{DM_IMAGE_REGISTRY}}/rhdm-7/rhdm72-controller-openshift:1.0" - kind: ImageStream apiVersion: v1 metadata: name: rhdm72-kieserver-openshift annotations: openshift.io/display-name: Red Hat Decision Manager KIE Server 7.2 openshift.io/provider-display-name: Red Hat, Inc. spec: tags: - name: '1.0' annotations: description: Red Hat Decision Manager 7.2 - KIE Server image. iconClass: icon-jboss tags: rhdm supports: rhdm:7.2 version: '1.0' referencePolicy: type: Local from: kind: DockerImage name: "{{DM_IMAGE_REGISTRY}}/rhdm-7/rhdm72-kieserver-openshift:1.0" - kind: ImageStream apiVersion: v1 metadata: name: rhdm72-decisioncentral-indexing-openshift annotations: openshift.io/display-name: Red Hat Decision Manager Decision Central Indexing 7.2 openshift.io/provider-display-name: Red Hat, Inc. spec: tags: - name: '1.0' annotations: description: Red Hat Decision Manager 7.2 - Decision Central Indexing image. iconClass: icon-jboss tags: rhdm supports: rhdm:7.2 version: '1.0' referencePolicy: type: Local from: kind: DockerImage name: "{{DM_IMAGE_REGISTRY}}/rhdm-7-tech-preview/rhdm72-decisioncentral-indexing-openshift:1.0" - kind: ImageStream apiVersion: v1 metadata: name: rhdm72-optaweb-employee-rostering-openshift annotations: openshift.io/display-name: Red Hat Decision Manager KIE Server 7.2 openshift.io/provider-display-name: Red Hat, Inc. spec: tags: - name: '1.0' annotations: description: Red Hat Decision Manager 7.2 - Business Optimizer OptaWeb Employee Rostering image. iconClass: icon-jboss tags: rhdm supports: rhdm:7.2 version: '1.0' referencePolicy: type: Local from: kind: DockerImage name: "{{DM_IMAGE_REGISTRY}}/rhdm-7-tech-preview/rhdm72-optaweb-employee-rostering-openshift:1.0"