ansible/roles/ocp4-workload-debugging-workshop/defaults/main.yml
New file @@ -0,0 +1,33 @@ --- become_override: False ocp_username: opentlc-mgr silent: False num_users: 10 _workshop_operator_namespace: workshop-infra _workshop_user_password: r3dh4t1! _workshop_source_giturl: https://github.com/mcouliba/debugging-workshop _workshop_source_gitbranch: "3.1" _workshop_argocd_enabled: true _workshop_crw_enabled: true _workshop_crw_operatorhub_channel: latest _workshop_crw_operatorhub_csv: crwoperator.v2.0.0 _workshop_etherpad_enabled: true _workshop_gogs_enabled: false _workshop_gogs_image_name: quay.io/gpte-devops-automation/gogs-operator _workshop_gogs_image_tag: v0.12 _workshop_nexus_enabled: true _workshop_pipeline_enabled: false _workshop_pipeline_operatorhub_channel: dev-preview _workshop_servicemesh_operatorhub_csv: openshift-pipelines-operator.v0.8.2 _workshop_project_enabled: true _workshop_project_devname: my-project _workshop_project_stagingname: cn-project _workshop_servicemesh_enabled: true _workshop_servicemesh_operatorhub_channel: "1.0" _workshop_servicemesh_operatorhub_csv: servicemeshoperator.v1.0.7 _workshop_istioworkspace_enabled: true _workshop_workshopper_enabled: true _deploy_instance: True _on_rhpds_aws: True ansible/roles/ocp4-workload-debugging-workshop/readme.adoc
New file @@ -0,0 +1,152 @@ = ocp4-workload-debug-workshop - Deploy Debugging Workshop to OpenShift == Role overview * This role enables the Workshop Operator on an OpenShift 4 Cluster. It consists of the following playbooks: ** Playbook: link:./tasks/pre_workload.yml[pre_workload.yml] - Sets up an environment for the workload deployment. *** Debug task will print out: `pre_workload Tasks completed successfully.` ** Playbook: link:./tasks/workload.yml[workload.yml] - Used to deploy the Workshop Operator and then deploy a Workshop instance *** Debug task will print out: `workload Tasks completed successfully.` ** Playbook: link:./tasks/post_workload.yml[post_workload.yml] - Used to configure the workload after deployment *** This role doesn't do anything here *** Debug task will print out: `post_workload Tasks completed successfully.` ** Playbook: link:./tasks/remove_workload.yml[remove_workload.yml] - Used to delete the workload *** This role removes the Workshop Instance and Workshop operator from OCP 4. This role does *not* remove the project - there may be other items in it. *** Debug task will print out: `remove_workload Tasks completed successfully.` == Review the defaults variable file * This file link:./defaults/main.yml[./defaults/main.yml] contains all the variables you need to define to control the deployment of your workload. * The variable *ocp_username* is mandatory to assign the workload to the correct OpenShift user. * A variable *silent=True* can be passed to suppress debug messages. * You can modify any of these default values by adding `-e "variable_name=variable_value"` to the command line == Workshop Custom Resource The operator uses a custom resource *workshops.openshift.redhat.com/v1alpha1* to set the quota for all users in the cluster. Variables are in defaults/main.yaml and can be overwritten by setting them globally. [source,yaml] ---- apiVersion: openshift.redhat.com/v1alpha1 kind: Workshop metadata: name: debugging-workshop spec: users: {{ workshop_users }} etherpad: enabled: {{ _workshop_etherpad_enabled }} gogs: enabled: {{ _workshop_gogs_enabled }} nexus: enabled: {{ _workshop_nexus_enabled }} servicemesh: enabled: {{ _workshop_servicemesh_enabled }} jaegerOperatorImage: {{ _workshop_servicemesh_jaegerOperatorImage }} kialiOperatorImage: {{ _workshop_servicemesh_kialiOperatorImage }} istioOperatorImage: {{ _workshop_servicemesh_istioOperatorImage }} guide: enabled: {{ _workshop_guide_enabled }} openshiftConsoleUrl: {{ _workshop_guide_openshiftConsoleUrl }} openshiftApiUrl: {{ _workshop_guide_openshiftApiUrl }} openshiftUserPassword: {{ _workshop_guide_openshiftUserPassword }} gitRepositoryLabPath: {{ _workshop_guide_gitRepositoryLabPath }} gitRepositoryLabReference: {{ _workshop_guide_gitRepositoryLabReference }} gitRepositoryGuidePath: {{ _workshop_guide_gitRepositoryGuidePath }} gitRepositoryGuideReference: {{ _workshop_guide_gitRepositoryGuideReference }} gitRepositoryGuideContext: {{ _workshop_guide_gitRepositoryGuideContext }} gitRepositoryGuideFile: {{ _workshop_guide_gitRepositoryGuideFile }} workspaces: enabled: {{ _workshop_workspaces_enabled }} openShiftoAuth: {{ _workshop_workspaces_openShiftoAuth }} ---- === Deploy a Workload with the `ocp4-workload` playbook [Mostly for testing] ---- GUID=nantes-b032 TARGET_HOST="bastion.${GUID}.sandbox840.opentlc.com" WORKLOAD="ocp4-workload-debugging-workshop" # a TARGET_HOST is specified in the command line, without using an inventory file ansible-playbook -i ${TARGET_HOST}, ./configs/ocp-workloads/ocp-workload.yml \ -e"ansible_python_interpreter=/opt/virtualenvs/k8s/bin/python" \ -e"ansible_ssh_private_key_file=~/.ssh/id_rsa" \ -e"ansible_user=mcouliba-redhat.com" \ -e"ocp_workload=${WORKLOAD}" \ -e"silent=False" \ -e"guid=${GUID}" \ -e"ACTION=create" ---- === To Delete an environment ---- GUID=nantes-b032 TARGET_HOST="bastion.${GUID}.sandbox840.opentlc.com" WORKLOAD="ocp4-workload-debugging-workshop" # a TARGET_HOST is specified in the command line, without using an inventory file ansible-playbook -i ${TARGET_HOST}, ./configs/ocp-workloads/ocp-workload.yml \ -e"ansible_ssh_private_key_file=~/.ssh/id_rsa" \ -e"ansible_user=mcouliba-redhat.com" \ -e"ocp_workload=${WORKLOAD}" \ -e"guid=${GUID}" \ -e"ACTION=remove" ---- == Other related information: === Deploy Workload on OpenShift Cluster from an existing playbook: [source,yaml] ---- - name: Deploy a workload role on a master host hosts: all become: true gather_facts: False tags: - step007 roles: - { role: "{{ocp_workload}}", when: 'ocp_workload is defined' } ---- NOTE: You might want to change `hosts: all` to fit your requirements === Set up your Ansible inventory file * You can create an Ansible inventory file to define your connection method to your host (Master/Bastion with `oc` command) * You can also use the command line to define the hosts directly if your `ssh` configuration is set to connect to the host correctly * You can also use the command line to use localhost or if your cluster is already authenticated and configured in your `oc` configuration .Example inventory file [source, ini] ---- [gptehosts:vars] ansible_ssh_private_key_file=~/.ssh/keytoyourhost.pem ansible_user=ec2-user [gptehosts:children] openshift [openshift] bastion.cluster1.openshift.opentlc.com bastion.cluster2.openshift.opentlc.com bastion.cluster3.openshift.opentlc.com bastion.cluster4.openshift.opentlc.com [dev] bastion.cluster1.openshift.opentlc.com bastion.cluster2.openshift.opentlc.com [prod] bastion.cluster3.openshift.opentlc.com bastion.cluster4.openshift.opentlc.com ---- ansible/roles/ocp4-workload-debugging-workshop/tasks/main.yml
New file @@ -0,0 +1,31 @@ --- # Do not modify this file - name: Running Pre Workload Tasks include_tasks: file: ./pre_workload.yml apply: become: "{{ become_override | bool }}" when: ACTION == "create" or ACTION == "provision" - name: Running Workload Tasks include_tasks: file: ./workload.yml apply: become: "{{ become_override | bool }}" when: ACTION == "create" or ACTION == "provision" - name: Running Post Workload Tasks include_tasks: file: ./post_workload.yml apply: become: "{{ become_override | bool }}" when: ACTION == "create" or ACTION == "provision" - name: Running Workload removal Tasks include_tasks: file: ./remove_workload.yml apply: become: "{{ become_override | bool }}" when: ACTION == "destroy" or ACTION == "remove" ansible/roles/ocp4-workload-debugging-workshop/tasks/post_workload.yml
New file @@ -0,0 +1,68 @@ --- # Implement your Post Workload deployment tasks here - name: Check Workshop Infrastructure block: - name: "[{{ _workshop_operator_namespace }}] Reading deployments" k8s_facts: api_version: v1 kind: Deployment namespace: "{{ _workshop_operator_namespace }}" register: workshop_infra_verify_dc - name: "[{{ _workshop_operator_namespace }}] Checking deployments" fail: msg: "[{{ _workshop_operator_namespace }}] Some/all deployments are not ready" when: item.replicas is not defined or item.readyReplicas is not defined or item.replicas != item.readyReplicas loop: "{{ workshop_infra_verify_dc|json_query('resources[*].status') }}" - name: Check CodeReadyWorkspaces block: - name: "[workspaces] Reading deployments" k8s_facts: api_version: v1 kind: Deployment namespace: workspaces register: crw_verify_dc - name: "[workspaces] Checking deployments" fail: msg: "[workspaces] Some/all deployments are not ready" when: item.replicas is not defined or item.readyReplicas is not defined or item.replicas != item.readyReplicas loop: "{{ crw_verify_dc|json_query('resources[*].status') }}" - name: Check Istio block: - name: "[istio-system] Reading deployments" k8s_facts: api_version: v1 kind: Deployment namespace: istio-system register: istio_verify_dc - name: "[istio-system] Checking deployments" fail: msg: "[istio-system] Some/all deployments are not ready" when: item.replicas is not defined or item.readyReplicas is not defined or item.replicas != item.readyReplicas loop: "{{ istio_verify_dc|json_query('resources[*].status') }}" - name: Check Argo CD block: - name: "[argocd] Reading deployments" k8s_facts: api_version: v1 kind: Deployment namespace: argocd register: argocd_verify_dc - name: "[argocd] Checking deployments" fail: msg: "[argocd] Some/all deployments are not ready" when: item.replicas is not defined or item.readyReplicas is not defined or item.replicas != item.readyReplicas loop: "{{ argocd_verify_dc|json_query('resources[*].status') }}" # Leave this as the last task in the playbook. - name: post_workload tasks complete debug: msg: "Post-Workload Tasks completed successfully." when: not silent|bool ansible/roles/ocp4-workload-debugging-workshop/tasks/pre_workload.yml
New file @@ -0,0 +1,9 @@ --- # Implement your Pre Workload deployment tasks here # Leave this as the last task in the playbook. - name: pre_workload tasks complete debug: msg: "Pre-Workload tasks completed successfully." when: not silent|bool ansible/roles/ocp4-workload-debugging-workshop/tasks/remove_workload.yml
New file @@ -0,0 +1,30 @@ --- # Implement your Workload removal tasks here - name: Delete Workshop k8s: state: absent definition: "{{ lookup('template', './templates/opentlc-workshop.j2' ) | from_yaml }}" when: _deploy_instance|bool - name: Wait 15 seconds for the Workshop to disappear wait_for: timeout=15 delegate_to: localhost # Delete all objects except the project (there may be other stuff in it) - name: Delete OpenShift Objects for Workshop Operator (including the OPENTLC Workshop) k8s: state: absent definition: "{{ lookup('template', item ) | from_yaml }}" loop: - ./templates/operator.j2 - ./templates/role_binding.j2 - ./templates/role.j2 - ./templates/service_account.j2 - ./templates/crd.j2 # Leave this as the last task in the playbook. - name: remove_workload tasks complete debug: msg: "Remove Workload tasks completed successfully." when: not silent|bool ansible/roles/ocp4-workload-debugging-workshop/tasks/workload.yml
New file @@ -0,0 +1,72 @@ --- # Implement your Workload deployment tasks here - name: Setting up workload for user debug: msg: "Setting up workload for user ocp_username = {{ ocp_username }}" - name: Create Project for Workshop Operator k8s: state: present definition: "{{ lookup('template', './templates/project.j2' ) | from_yaml }}" register: r_create_project retries: 5 delay: 60 until: r_create_project is succeeded - name: Create OpenShift Objects for Workshop Operator k8s: state: present merge_type: - strategic-merge - merge definition: "{{ lookup('template', item ) | from_yaml }}" loop: - ./templates/crd.j2 - ./templates/service_account.j2 - ./templates/cluster_role.j2 - ./templates/cluster_role_binding.j2 - ./templates/operator.j2 - name: Deploy default Workshop instance when: _deploy_instance|bool block: - name: Create OpenShift Custom Resource for Workshop Instance k8s: state: present merge_type: - strategic-merge - merge definition: "{{ lookup('template', './templates/debugging-workshop.j2' ) | from_yaml }}" - name: Wait for CodeReady Workspaces to start k8s: api_version: v1 kind: Deployment name: codeready namespace: workspaces register: crw_deployment until: - crw_deployment.result is defined retries: 30 delay: 120 changed_when: false - name: Wait for the CodeReady Workspaces to be ready k8s: api_version: v1 kind: Deployment name: codeready namespace: workspaces register: crw_deployment until: - crw_deployment.result.status.readyReplicas is defined - crw_deployment.result.status.readyReplicas == 1 retries: 50 delay: 10 changed_when: false # Leave this as the last task in the playbook. - name: workload tasks complete debug: msg: "Workload Tasks completed successfully." when: not silent|bool ansible/roles/ocp4-workload-debugging-workshop/templates/cluster_role.j2
New file @@ -0,0 +1,167 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: openshift-workshop-operator rules: - apiGroups: - "" resources: - pods - services - endpoints - persistentvolumeclaims - events - configmaps - secrets - namespaces - serviceaccounts verbs: - '*' - apiGroups: - apps resources: - deployments - daemonsets - replicasets - statefulsets verbs: - '*' - apiGroups: - monitoring.coreos.com resources: - servicemonitors verbs: - get - create - apiGroups: - apps resourceNames: - openshift-workshop-operator resources: - deployments/finalizers verbs: - update - apiGroups: - openshift.redhat.com resources: - '*' verbs: - '*' - apiGroups: - route.openshift.io resources: - routes verbs: - '*' - apiGroups: - security.openshift.io resources: - securitycontextconstraints verbs: - list - update - watch - apiGroups: - rbac.authorization.k8s.io resources: - roles - rolebindings - clusterroles - clusterrolebindings verbs: - '*' - apiGroups: - apiextensions.k8s.io resources: - customresourcedefinitions verbs: - create - list - get - apiGroups: - org.eclipse.che resources: - checlusters verbs: - create - list - get - update - watch - apiGroups: - image.openshift.io resources: - imagestreams verbs: - create - list - get - apiGroups: - maistra.io resources: - servicemeshcontrolplanes - servicemeshmemberrolls verbs: - create - list - get - apiGroups: - admissionregistration.k8s.io resources: - validatingwebhookconfigurations verbs: - create - list - get - apiGroups: - gpte.opentlc.com resources: - nexus - gogs verbs: - create - list - get - apiGroups: - operators.coreos.com resources: - catalogsources - catalogsourceconfigs - operatorgroups - subscriptions - clusterserviceversions - installplans verbs: - create - list - get - update - watch - apiGroups: - networking.k8s.io resources: - networkpolicies verbs: - create - list - get - apiGroups: - oauth.openshift.io resources: - oauthclients verbs: - create - list - get - update - watch - apiGroups: - argoproj.io resources: - argocds verbs: - create - list - get - update - watch ansible/roles/ocp4-workload-debugging-workshop/templates/cluster_role_binding.j2
New file @@ -0,0 +1,14 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: openshift-workshop-operator subjects: - kind: ServiceAccount name: openshift-workshop-operator namespace: "{{ _workshop_operator_namespace }}" roleRef: kind: ClusterRole name: openshift-workshop-operator apiGroup: rbac.authorization.k8s.io
New file @@ -0,0 +1,15 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: name: workshops.openshift.redhat.com spec: group: openshift.redhat.com names: kind: Workshop listKind: WorkshopList plural: workshops singular: workshop scope: Namespaced subresources: status: {} version: v1alpha1 ansible/roles/ocp4-workload-debugging-workshop/templates/debugging-workshop.j2
New file @@ -0,0 +1,47 @@ apiVersion: openshift.redhat.com/v1alpha1 kind: Workshop metadata: name: debugging-workshop namespace: "{{ _workshop_operator_namespace }}" spec: user: number: {{ num_users }} password: "{{ _workshop_user_password }}" source: gitURL: "{{ _workshop_source_giturl }}" gitBranch: "{{ _workshop_source_gitbranch }}" infrastructure: argocd: enabled: {{ _workshop_argocd_enabled }} codeReadyWorkspace: enabled: {{ _workshop_crw_enabled }} operatorHub: channel: "{{ _workshop_crw_operatorhub_channel }}" clusterServiceVersion: "{{ _workshop_crw_operatorhub_csv }}" etherpad: enabled: {{ _workshop_etherpad_enabled }} gogs: enabled: {{ _workshop_gogs_enabled }} image: name: "{{ _workshop_gogs_image_name }}" tag: "{{ _workshop_gogs_image_tag }}" nexus: enabled: {{ _workshop_nexus_enabled }} pipeline: enabled: {{ _workshop_pipeline_enabled }} operatorHub: channel: "{{ _workshop_pipeline_operatorhub_channel }}" clusterServiceVersion: "{{ _workshop_servicemesh_operatorhub_csv }}" project: enabled: {{ _workshop_project_enabled }} devName: "{{ _workshop_project_devname }}" stagingName: "{{ _workshop_project_stagingname }}" serviceMesh: enabled: {{ _workshop_servicemesh_enabled }} serviceMeshOperatorHub: channel: "{{ _workshop_servicemesh_operatorhub_channel }}" clusterServiceVersion: "{{ _workshop_servicemesh_operatorhub_csv }}" istioWorkspace: enabled: {{ _workshop_istioworkspace_enabled }} workshopper: enabled: {{ _workshop_workshopper_enabled }} ansible/roles/ocp4-workload-debugging-workshop/templates/operator.j2
New file @@ -0,0 +1,34 @@ apiVersion: apps/v1 kind: Deployment metadata: name: openshift-workshop-operator namespace: "{{ _workshop_operator_namespace }}" spec: replicas: 1 selector: matchLabels: name: openshift-workshop-operator template: metadata: labels: name: openshift-workshop-operator spec: serviceAccountName: openshift-workshop-operator containers: - name: openshift-workshop-operator # Replace this with the built image name image: quay.io/mcouliba/openshift-workshop-operator:3.1 command: - openshift-workshop-operator imagePullPolicy: Always env: - name: WATCH_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: OPERATOR_NAME value: "openshift-workshop-operator" ansible/roles/ocp4-workload-debugging-workshop/templates/project.j2
New file @@ -0,0 +1,11 @@ apiVersion: project.openshift.io/v1 kind: Project metadata: annotations: openshift.io/description: "" openshift.io/display-name: "Workshop Infrastructure" openshift.io/requester: "{{ ocp_username }}" name: "{{ _workshop_operator_namespace }}" spec: finalizers: - kubernetes ansible/roles/ocp4-workload-debugging-workshop/templates/service_account.j2
New file @@ -0,0 +1,6 @@ apiVersion: v1 kind: ServiceAccount metadata: name: openshift-workshop-operator namespace: "{{ _workshop_operator_namespace }}"
