https://github.com/redhat-gpe/bxms_rules_development_experienced/issues/22

diego-torres

2019-02-05 10a2e010f87d6afe3bfa71f342288699083ffc59

https://github.com/redhat-gpe/bxms_rules_development_experienced/issues/22

 ansible/roles/ocp-workload-bxms-dm-exp/defaults/main.yml

New file
@@ -0,0 +1,49 @@
---
become_override: false
ocp_username: jbride-redhat.com
ocp_user_needs_quota: True

ocp_user_groups:
  - OPENTLC-PROJECT-PROVISIONERS

quota_requests_cpu: 5
quota_limits_cpu: 10

quota_requests_memory: '10Gi'
quota_limits_memory: '20Gi'

quota_configmaps: 10
quota_pods: 20
quota_persistentvolumeclaims: 20
quota_services: 30
quota_secrets: 30
quota_requests_storage: 50Gi

build_status_retries: 40
build_status_delay: 20

deploy_status_retries: 25
deploy_status_delay: 20

# OCP Limit Range
pod_min_mem: 10Mi
pod_max_mem: 6Gi
container_max_mem: 4Gi
default_min_mem: 256Mi
default_max_mem: 1Gi
default_min_cpu: 250m
default_max_cpu: 1000m

# DM_IS_URL: https://raw.githubusercontent.com/jboss-container-images/rhdm-7-openshift-image/7.2.0.GA/rhdm72-image-streams.yaml
DM_IS_FILE_NAME: "rhdm72-image-streams.yaml"
DM_IS_URL: "/tmp/{{DM_IS_FILE_NAME}}"

#DM_IMAGE_REGISTRY: registry.redhat.io
DM_IMAGE_REGISTRY: registry.access.redhat.com

SECRETS_TEMPLATE_URL: https://raw.githubusercontent.com/jboss-container-images/rhdm-7-openshift-image/7.1.1.GA/example-app-secret-template.yaml

DM_TEMPLATE_URL: https://raw.githubusercontent.com/jboss-container-images/rhdm-7-openshift-image/7.2.0.GA/templates/rhdm72-authoring.yaml
# DM_TEMPLATE_URL: https://raw.githubusercontent.com/gpe-mw-training/bxms_decision_mgmt_foundations_lab/master/resources/rhdm7-only.yaml

ocp_apps_domain: apps.{{subdomain_base}}

 ansible/roles/ocp-workload-bxms-dm-exp/ilt_provision.sh

New file
@@ -0,0 +1,101 @@
#!/bin/bash

END_PROJECT_NUM=1
START_PROJECT_NUM=1
WORKLOAD="ocp-workload-bxms-dm"
LOG_FILE=/tmp/$WORKLOAD

for var in $@
do
    case "$var" in
        --HOST_GUID=*) HOST_GUID=`echo $var | cut -f2 -d\=` ;;
        --START_PROJECT_NUM=*) START_PROJECT_NUM=`echo $var | cut -f2 -d\=` ;;
        --END_PROJECT_NUM=*) END_PROJECT_NUM=`echo $var | cut -f2 -d\=` ;;
        -h) HELP=true ;;
        -help) HELP=true ;;
    esac
done

function ensurePreReqs() {
    if [ "x$HOST_GUID" == "x" ]; then
            echo -en "must pass parameter: --HOST_GUID=<ocp host GUID> . \n\n"
            help
            exit 1;
    fi

    LOG_FILE=$LOG_FILE-$HOST_GUID-$START_PROJECT_NUM-$END_PROJECT_NUM.log
    echo -en "starting\n\n" > $LOG_FILE

    echo -en "\n\nProvision log file found at: $LOG_FILE\n";
}

function help() {
    echo -en "\n\nOPTIONS:";
    echo -en "\n\t--HOST_GUID=*             REQUIRED: specify GUID of target OCP environment)"
    echo -en "\n\t--START_PROJECT_NUM=*     OPTIONAL: specify # of first OCP project to provision (defult = 1))"
    echo -en "\n\t--END_PROJECT_NUM=*       OPTIONAL: specify # of OCP projects to provision (defualt = 1))"
    echo -en "\n\t-h                        this help manual"
    echo -en "\n\n\nExample:                ./roles/$WORKLOAD/ilt_provision.sh --HOST_GUID=dev39 --START_PROJECT_NUM=1 --END_PROJECT_NUM=1\n\n"
}


function login() {

    echo -en "\nHOST_GUID=$HOST_GUID\n" >> $LOG_FILE
    oc login https://master.$HOST_GUID.openshift.opentlc.com -u opentlc-mgr -p r3dh4t1!
}

function initializeOpenshift() {

    oc create -f https://raw.githubusercontent.com/jboss-container-images/rhdm-7-openshift-image/ose-v1.4.8-1/rhdm70-image-streams.yaml -n openshift
}


function executeLoop() {

    echo -en "\nexecuteLoop() START_PROJECT_NUM = $START_PROJECT_NUM ;  END_PROJECT_NUM=$END_PROJECT_NUM" >> $LOG_FILE

    for (( c=$START_PROJECT_NUM; c<=$END_PROJECT_NUM; c++ ))
    do
        GUID=$c
        OCP_USERNAME=user$c
        executeAnsible
    done
}

function executeAnsible() {
    TARGET_HOST="bastion.$HOST_GUID.openshift.opentlc.com"
    SSH_USERNAME="jbride-redhat.com"
    SSH_PRIVATE_KEY="id_ocp"

    # NOTE:  Ensure you have ssh'd (as $SSH_USERNMAE) into the bastion node of your OCP cluster environment at $TARGET_HOST and logged in using opentlc-mgr account:
    #           oc login https://master.$HOST_GUID.openshift.opentlc.com -u opentlc-mgr


    GUID=$PROJECT_PREFIX$GUID

    echo -en "\n\nexecuteAnsible():  Provisioning project with GUID = $GUID and OCP_USERNAME = $OCP_USERNAME\n" >> $LOG_FILE

    ansible-playbook -i ${TARGET_HOST}, ./configs/ocp-workloads/ocp-workload.yml \
                 -e"ansible_ssh_private_key_file=~/.ssh/${SSH_PRIVATE_KEY}" \
                 -e"ansible_user=${SSH_USERNAME}" \

                    -e"ocp_username=${OCP_USERNAME}" \
                    -e"ocp_workload=${WORKLOAD}" \
                    -e"guid=${GUID}" \
                    -e"ocp_user_needs_quota=true" \
                    -e"ocp_apps_domain=apps.${HOST_GUID}.openshift.opentlc.com" \
                    -e"ACTION=create" >> $LOG_FILE
    if [ $? -ne 0 ];
    then
        echo -en "\n\n*** Error provisioning where GUID = $GUID\n\n " >> $LOG_FILE
        echo -en "\n\n*** Error provisioning where GUID = $GUID\n\n "
        exit 1;
    fi
}

ensurePreReqs
login
initializeOpenshift
executeLoop


 ansible/roles/ocp-workload-bxms-dm-exp/readme.adoc

New file
@@ -0,0 +1,35 @@
= ocp-workload-bxms-dm

NOTE:  Assumes the following has been executed:

-----
$ oc create -f  https://raw.githubusercontent.com/jboss-container-images/rhdm-7-openshift-image/7.1.1.GA/rhdm71-image-streams.yaml -n openshift
-----

=== Deploy a Workload with the `ocp-workload` playbook [Mostly for testing]
----
SUBDOMAIN_BASE=`oc whoami --show-server | cut -d'.' -f 2,3,4,5 | cut -d':' -f 1`
GUID=jb45
WORKLOAD="ocp-workload-bxms-dm-exp"
OCP_USERNAME="jbride-redhat.com"

# a TARGET_HOST is specified in the command line, without using an inventory file
ansible-playbook -i localhost, -c local ./configs/ocp-workloads/ocp-workload.yml \
                    -e"ocp_workload=${WORKLOAD}" \
                    -e"guid=${GUID}" \
                    -e"ACTION=create" \
                    -e"subdomain_base=$SUBDOMAIN_BASE" \
                    -e"ocp_username=$OCP_USERNAME"

----

=== To Delete an environment
----

# a TARGET_HOST is specified in the command line, without using an inventory file
ansible-playbook -i localhost, -c local ./configs/ocp-workloads/ocp-workload.yml \
                    -e"ocp_username=${OCP_USERNAME}" \
                    -e"ocp_workload=${WORKLOAD}" \
                    -e"guid=${GUID}" \
                    -e"ACTION=remove"
----

 ansible/roles/ocp-workload-bxms-dm-exp/tasks/main.yml

New file
@@ -0,0 +1,20 @@
---
- name: Running Pre Workload Tasks
  import_tasks: ./pre_workload.yml
  become: "{{ become_override | bool }}"
  when: ACTION == "create" or ACTION == "provision"

- name: Running Workload Tasks
  import_tasks: ./workload.yml
  become: "{{ become_override | bool }}"
  when: ACTION == "create" or ACTION == "provision"

- name: Running Post Workload Tasks
  import_tasks: ./post_workload.yml
  become: "{{ become_override | bool }}"
  when: ACTION == "create" or ACTION == "provision"

- name: Running Workload removal Tasks
  import_tasks: ./remove_workload.yml
  become: "{{ become_override | bool }}"
  when: ACTION == "destroy" or ACTION == "remove"

 ansible/roles/ocp-workload-bxms-dm-exp/tasks/post_workload.yml

New file
@@ -0,0 +1,5 @@
---

- name: post_workload Tasks Complete
  debug:
    msg: "Post-Software checks completed successfully"

 ansible/roles/ocp-workload-bxms-dm-exp/tasks/pre_workload.yml

New file
@@ -0,0 +1,32 @@
---

# - name: Add user to developer group (allowed to create projects)
#   shell: "oadm groups add-users {{item}} {{ocp_username}}"
#   register: groupadd_register
#   with_items: "{{ocp_user_groups}}"
#   when: ocp_username is defined and ocp_user_groups is defined
#
# - name: test that command worked
#   debug:
#     var: groupadd_register
#     verbosity: 2

- name: Create user Quota - clusterresourcequota
  shell: |
        oc create clusterquota clusterquota-"{{ocp_username}}-{{guid}}" \
        --project-annotation-selector=openshift.io/requester="{{ocp_username}}" \
        --hard requests.cpu="{{quota_requests_cpu}}" \
        --hard limits.cpu="{{quota_limits_cpu}}"  \
        --hard requests.memory="{{quota_requests_memory}}" \
        --hard limits.memory="{{quota_limits_memory}}" \
        --hard configmaps="{{quota_configmaps}}" \
        --hard pods="{{quota_pods}}" \
        --hard persistentvolumeclaims="{{quota_persistentvolumeclaims}}"  \
        --hard services="{{quota_services}}" \
        --hard secrets="{{quota_secrets}}" \
        --hard requests.storage="{{quota_requests_storage}}"
  ignore_errors: true

- name: pre_workload Tasks Complete
  debug:
    msg: "Pre-Software checks completed successfully"

 ansible/roles/ocp-workload-bxms-dm-exp/tasks/remove_workload.yml

New file
@@ -0,0 +1,23 @@
---
- name: post_workload Tasks Complete
  debug:
    msg: "Pre-Software checks completed successfully - Removed"

- name: define ocp_project
  set_fact:
    ocp_project: "bxms-dm-{{guid}}"

- name: Remove user Quota - oc delete clusterresourcequota  "clusterquota-{{ocp_username}}-{{guid}}"
  shell: oc delete clusterresourcequota clusterquota-{{ocp_username}}-{{guid}}
  ignore_errors: true

- name: Remove any lingering tmp files
  shell: "rm -rf /tmp/{{guid}}"

- name: Remove user Project
  shell: "oc delete project {{ocp_project}}"


- name: post_workload Tasks Complete
  debug:
    msg: "Post-Software checks completed successfully - Removed"

 ansible/roles/ocp-workload-bxms-dm-exp/tasks/wait_for_build.yml

New file
@@ -0,0 +1,23 @@
---

# Purpose:
#   This script queries OCP for builds that exist but are not yet ready.
#   So long as there are unready builds, this script continues to loop
#
# Manual Test to determine list of unready builds :
#  1) install jp :  https://github.com/jmespath/jp
#  2) oc get builds -o json | jp "items[?  (status.phase != 'Complete') ].metadata.annotations.\"openshift.io/build-config.name\""
#
#  Documentation pertaining to jq syntax:
#    - http://jmespath.org/tutorial.html
#    - https://stackoverflow.com/questions/41261680/ansible-json-query-path-to-select-item-by-content
#
- name: "Wait for following builds to become ready: {{build_to_wait}}"
  command: 'oc get build -o json -n "{{ ocp_project }}"'
  register: build_state
  changed_when: false
  retries: "{{ build_status_retries }}"
  delay: "{{ build_status_delay }}"
  vars:
    query: "items[?  (status.phase != 'Complete') ].metadata.annotations.\"openshift.io/build-config.name\""
  until: "build_state.stdout |from_json |json_query(query) |intersect(build_to_wait) |length == 0"

 ansible/roles/ocp-workload-bxms-dm-exp/tasks/wait_for_deploy.yml

New file
@@ -0,0 +1,20 @@
---

# Purpose:
#   This script queries OCP for replication controllers that exist but are not yet ready.
#   So long as there are unready replication controllers, this script continues to loop
#
# Manual Test to determine list of unready replication controllers :
#  1) install jp :  https://github.com/jmespath/jp
#  2) oc get rc -o json | jp 'items[?  (status.readyReplicas == ""|| status.readyReplicas == `0`) ].metadata.annotations."openshift.io/deployment-config.name"'
#
- name: "Wait for following deployments to become ready: {{pod_to_wait}}"
  command: 'oc get rc -o json -n "{{ ocp_project }}"'
  register: rc_state
  changed_when: false
  retries: "{{ deploy_status_retries }}"
  delay: "{{ deploy_status_delay }}"
  until: 'rc_state.stdout |from_json |json_query(''items[?  (status.readyReplicas == ""|| status.readyReplicas == `0`) ].metadata.annotations."openshift.io/deployment-config.name"'') |intersect(pod_to_wait) |length == 0'

#  Documentation pertaining to jq syntax:
#    - http://jmespath.org/tutorial.html

 ansible/roles/ocp-workload-bxms-dm-exp/tasks/workload.yml

New file
@@ -0,0 +1,108 @@
---
- name: define ocp_project
  set_fact:
    ocp_project: "bxms-dm-{{guid}}"

- name: "Create project for workload {{ocp_project}}"
  shell: "oc new-project {{ocp_project}}"

- name: "Label namespace"
  command: "oc label namespace {{ocp_project}} AAD='{{guid}}'"

- name: Annotate the empty project as requested by user
  shell: "oc annotate namespace {{ocp_project}} openshift.io/requester={{ocp_username}} --overwrite"

- name: Make sure we go back to default project
  shell: "oc project default"

- name: Prep local filesystem for temp files
  file:
    path: "/tmp/{{guid}}"
    state: directory

# Note; depending on the environment, OCP projects may or may not have default limit ranges
- name: Delete default limitrange
  shell: |
    oc delete limitrange {{ocp_project}}-core-resource-limits -n {{ocp_project}}
  ignore_errors: true

- name: Create a new limitrange
  template:
    src: templates/limitrange.yaml.j2
    dest: /tmp/{{ocp_project}}_limitrange.yaml
- shell: |
    oc create -f /tmp/{{ocp_project}}_limitrange.yaml -n {{ocp_project}}

# Imagestreams are beginning to reference the new and secured registry.redhat.io .
# Will switch this back to registry.access.redhat.com  (until GPTE has an elab solution that allows for pull down from secured registries that is seemless to student
- name: Update DM image streams
  template:
    src: "{{DM_IS_FILE_NAME}}"
    dest: "{{DM_IS_URL}}"

- name: Load dm imagestream
  shell: "oc create -f {{DM_IS_URL}} -n {{ocp_project}}"

- name: Create the Decision Manager Template
  shell: "oc create -f {{DM_TEMPLATE_URL}} -n {{ocp_project}}"

- name: Initialize secrets template
  shell: "oc create -f {{SECRETS_TEMPLATE_URL}} -n {{ocp_project}}"

- name: Create Decision Central Secret
  shell: "oc new-app --template=example-app-secret -n {{ocp_project}} -p SECRET_NAME=decisioncentral-app-secret"

- name: Create Kie Server Secret
  shell: "oc new-app --template=example-app-secret -n {{ocp_project}} -p SECRET_NAME=kieserver-app-secret"

- name: Prepare a local copy of the template for modifications
  shell: "oc process -f {{DM_TEMPLATE_URL}} \
          -p IMAGE_STREAM_NAMESPACE={{ocp_project}} \
          -p KIE_ADMIN_PWD=r3dh4t1! \
          -p APPLICATION_NAME=rhdm
          -p DECISION_CENTRAL_HTTPS_SECRET=decisioncentral-app-secret
          -p KIE_SERVER_HTTPS_SECRET=kieserver-app-secret > /tmp/{{guid}}/rhdm72-authoring.json"

- name: Modify template with pause build configs
  replace:
    path: '/tmp/{{guid}}/rhdm72-authoring.json'
    regexp: '("replicas": 1,\n)'
    replace: '\1\t\t\t\t\t"paused": true,\n'

- name: Modify template with CPU limit
  replace:
    path: '/tmp/{{guid}}/rhdm72-authoring.json'
    regexp: '("memory":\s"[0-9]{1,2}[a-zA-Z]{1,2}")([,]*\s)'
    replace: '\1,\n\t\t\t\t\t"cpu": "1"\2'

- name: Modify template with CPU requirements
  replace:
    path: '/tmp/{{guid}}/rhdm72-authoring.json'
    regexp: '("limits":\s{\s)'
    replace: '"requests": {"cpu":"500m","memory":"1Gi"},\n\t\t\t\t\t\1'

- name: Create Decision Manager containers based in template {{DM_TEMPLATE_URL}}
  shell: "oc create -f /tmp/{{guid}}/rhdm72-authoring.json -n {{ocp_project}}"

- name: resume rhdm-rhdmcentr
  shell: oc rollout resume dc/rhdm-rhdmcentr -n {{ocp_project}}
- include_tasks: ./wait_for_deploy.yml
  static: no
  vars:
    pod_to_wait:
      - rhdm-rhdmcentr

- name: resume rhdm-kieserver
  shell: oc rollout resume dc/rhdm-kieserver -n {{ocp_project}}
- include_tasks: ./wait_for_deploy.yml
  static: no
  vars:
    pod_to_wait:
      - rhdm-kieserver

- name: Give ocp_username access to ocp_project; user = {{ocp_username}}
  shell: "oc policy add-role-to-user admin {{ocp_username}} -n {{ocp_project}}"

- name: workload Tasks Complete
  debug:
    msg: workload Tasks Complete

 ansible/roles/ocp-workload-bxms-dm-exp/templates/limitrange.yaml.j2

New file
@@ -0,0 +1,23 @@
apiVersion: v1
kind: LimitRange
metadata:
  name: {{ocp_project}}-core-resource-limits
  namespace: {{ocp_project}}
spec:
  limits:
  - default:
      cpu: {{default_max_cpu}}
      memory: {{default_max_mem}}
    defaultRequest:
      cpu: {{default_min_cpu}}
      memory: {{default_min_mem}}
    max:
      memory: {{container_max_mem}}
    min:
      memory: 10Mi
    type: Container
  - max:
      memory: {{pod_max_mem}}
    min:
      memory: {{pod_min_mem}}
    type: Pod

 ansible/roles/ocp-workload-bxms-dm-exp/templates/rhdm72-image-streams.yaml

New file
@@ -0,0 +1,113 @@
kind: List
apiVersion: v1
metadata:
  name: rhdm72-image-streams
  annotations:
    description: ImageStream definitions for Red Hat Decision Manager 7.2
    openshift.io/provider-display-name: Red Hat, Inc.
items:
- kind: ImageStream
  apiVersion: v1
  metadata:
    name: rhdm72-decisioncentral-openshift
    annotations:
      openshift.io/display-name: Red Hat Decision Manager Decision Central 7.2
      openshift.io/provider-display-name: Red Hat, Inc.
  spec:
    tags:
    - name: '1.0'
      annotations:
        description: Red Hat Decision Manager 7.2 - Decision Central image.
        iconClass: icon-jboss
        tags: rhdm
        supports: rhdm:7.2
        version: '1.0'
      referencePolicy:
        type: Local
      from:
        kind: DockerImage
        name: "{{DM_IMAGE_REGISTRY}}/rhdm-7/rhdm72-decisioncentral-openshift:1.0"
- kind: ImageStream
  apiVersion: v1
  metadata:
    name: rhdm72-controller-openshift
    annotations:
      openshift.io/display-name: Red Hat Decision Manager Standalone Controller 7.2
      openshift.io/provider-display-name: Red Hat, Inc.
  spec:
    tags:
    - name: '1.0'
      annotations:
        description: Red Hat Decision Manager 7.2 - Standalone Controller image.
        iconClass: icon-jboss
        tags: rhdm
        supports: rhdm:7.2
        version: '1.0'
      referencePolicy:
        type: Local
      from:
        kind: DockerImage
        name: "{{DM_IMAGE_REGISTRY}}/rhdm-7/rhdm72-controller-openshift:1.0"
- kind: ImageStream
  apiVersion: v1
  metadata:
    name: rhdm72-kieserver-openshift
    annotations:
      openshift.io/display-name: Red Hat Decision Manager KIE Server 7.2
      openshift.io/provider-display-name: Red Hat, Inc.
  spec:
    tags:
    - name: '1.0'
      annotations:
        description: Red Hat Decision Manager 7.2 - KIE Server image.
        iconClass: icon-jboss
        tags: rhdm
        supports: rhdm:7.2
        version: '1.0'
      referencePolicy:
        type: Local
      from:
        kind: DockerImage
        name: "{{DM_IMAGE_REGISTRY}}/rhdm-7/rhdm72-kieserver-openshift:1.0"
- kind: ImageStream
  apiVersion: v1
  metadata:
    name: rhdm72-decisioncentral-indexing-openshift
    annotations:
      openshift.io/display-name: Red Hat Decision Manager Decision Central Indexing 7.2
      openshift.io/provider-display-name: Red Hat, Inc.
  spec:
    tags:
    - name: '1.0'
      annotations:
        description: Red Hat Decision Manager 7.2 - Decision Central Indexing image.
        iconClass: icon-jboss
        tags: rhdm
        supports: rhdm:7.2
        version: '1.0'
      referencePolicy:
        type: Local
      from:
        kind: DockerImage
        name: "{{DM_IMAGE_REGISTRY}}/rhdm-7-tech-preview/rhdm72-decisioncentral-indexing-openshift:1.0"
- kind: ImageStream
  apiVersion: v1
  metadata:
    name: rhdm72-optaweb-employee-rostering-openshift
    annotations:
      openshift.io/display-name: Red Hat Decision Manager KIE Server 7.2
      openshift.io/provider-display-name: Red Hat, Inc.
  spec:
    tags:
    - name: '1.0'
      annotations:
        description: Red Hat Decision Manager 7.2 - Business Optimizer OptaWeb Employee Rostering image.
        iconClass: icon-jboss
        tags: rhdm
        supports: rhdm:7.2
        version: '1.0'
      referencePolicy:
        type: Local
      from:
        kind: DockerImage
        name: "{{DM_IMAGE_REGISTRY}}/rhdm-7-tech-preview/rhdm72-optaweb-employee-rostering-openshift:1.0"