ansible/configs/ocp-workloads/destroy_env.yml
@@ -15,8 +15,8 @@ set_fact: config_ocp_workloads: >- {{ config_ocp_workloads_defaults | combine( config_ocp_workloads_input | default( {} ), config_ocp_workloads_secret | default( {} ), recursive=true) | combine( config_ocp_workloads_vars | default( {} ), config_ocp_workloads_secrets | default( {} ), recursive=true) }} - name: Print combined role variables debug: ansible/configs/ocp-workloads/env_vars.yml
@@ -3,7 +3,7 @@ # Default variables # Can't use 'ocp_workloads' because that's the other input to the role... # Can be overridden via a dictionary called config_ocp_workloads_input # Can be overridden via a dictionary called config_ocp_workloads_vars config_ocp_workloads_defaults: virtualenv_path: /opt/virtualenvs/k8s ansible/configs/ocp-workloads/post_software.yml
@@ -10,8 +10,8 @@ set_fact: config_ocp_workloads: >- {{ config_ocp_workloads_defaults | combine( config_ocp_workloads_input | default( {} ), config_ocp_workloads_secret | default( {} ), recursive=true) | combine( config_ocp_workloads_vars | default( {} ), config_ocp_workloads_secrets | default( {} ), recursive=true) }} - name: Print combined role variables debug: ansible/roles/host-virtualenv/defaults/main.yml
New file @@ -0,0 +1,17 @@ --- become_override: False ocp_username: "system:admin" silent: False host_virtualenv_defaults: virtualenv_path: /opt/virtualenvs/k8s install_virtualenv: false virtualenv_package: - python-virtualenv # - python34-virtualenv # - python36-virtualenv virtualenv_python: /usr/bin/python python_packages: - ansible==2.9.6 - openshift=0.10.2 - selinux==0.2.1 ansible/roles/host-virtualenv/meta/main.yml
New file @@ -0,0 +1,15 @@ --- galaxy_info: role_name: host-virtualenv author: Wolfgang Kulhanek description: | Set up a Python VirtualEnv on a Host license: MIT min_ansible_version: 2.8 platforms: [] galaxy_tags: - ocp - openshift - python - virtualenv dependencies: [] ansible/roles/host-virtualenv/readme.adoc
New file @@ -0,0 +1,66 @@ = host-virtualenv - Set up a Python VirtualEnv on a host == Role overview * This role set up a Python virtual environment on a host. It consists of the following playbooks: ** Playbook: link:./tasks/pre_workload.yml[pre_workload.yml] - Sets up an environment for the workload deployment. *** Debug task will print out: `pre_workload Tasks completed successfully.` ** Playbook: link:./tasks/workload.yml[workload.yml] - Used to configure authentication *** Debug task will print out: `workload Tasks completed successfully.` ** Playbook: link:./tasks/post_workload.yml[post_workload.yml] - Used to configure the workload after deployment *** This role doesn't do anything here *** Debug task will print out: `post_workload Tasks completed successfully.` ** Playbook: link:./tasks/remove_workload.yml[remove_workload.yml] - Used to delete the workload *** This role removes authentication from OCP 4. This role does *not* recreate the kubeadmin user - the only way to use OpenShift after removing the workload is via the `system:admin` user from the bastion VM. *** Debug task will print out: `remove_workload Tasks completed successfully.` == Review the defaults variable file * This file link:./defaults/main.yml[./defaults/main.yml] contains all the variables you need to define to control the deployment of your workload. * The variable *ocp_username* is mandatory to assign the workload to the correct OpenShift user. * A variable *silent=True* can be passed to suppress debug messages. * You can modify any of these default values by adding `-e "variable_name=variable_value"` to the command line === Deploy a Workload with the `ocp-workload` playbook [Mostly for testing] ---- TARGET_HOST="bastion.wk.red.osp.opentlc.com" OCP_USERNAME="wkulhane" WORKLOAD="ocp4-workload-authentication" GUID=wk # a TARGET_HOST is specified in the command line, without using an inventory file ansible-playbook -i ${TARGET_HOST}, ./configs/ocp-workloads/ocp-workload.yml \ -e"ansible_ssh_private_key_file=~/.ssh/keytoyourhost.pem" \ -e"ansible_user=cloud-user" \ -e"ocp_username=${OCP_USERNAME}" \ -e"ocp_workload=${WORKLOAD}" \ -e"silent=False" \ -e"guid=${GUID}" \ -e"ACTION=create" ---- === To Delete an environment ---- TARGET_HOST="bastion.wk.red.osp.opentlc.com" OCP_USERNAME="wkulhane" WORKLOAD="ocp4-workload-authentication" GUID=wk # a TARGET_HOST is specified in the command line, without using an inventory file ansible-playbook -i ${TARGET_HOST}, ./configs/ocp-workloads/ocp-workload.yml \ -e"ansible_ssh_private_key_file=~/.ssh/keytoyourhost.pem" \ -e"ansible_user=ec2-user" \ -e"ocp_username=${OCP_USERNAME}" \ -e"ocp_workload=${WORKLOAD}" \ -e"guid=${GUID}" \ -e"ACTION=remove" ---- ansible/roles/host-virtualenv/tasks/main.yml
New file @@ -0,0 +1,32 @@ --- - name: Set up combined host_virtualenv dictionary set_fact: host_virtualenv: >- {{ host_virtualenv_defaults | combine(host_virtualenv_vars | default( {} ), host_virtualenv_secrets | default( {} ), recursive=true) }} - name: Print combined role variables debug: var: host_virtualenv verbosity: 2 - name: Check if desired virtualenv is available on the host stat: path: "{{ host_virtualenv.virtualenv_path}}/bin/python" register: r_virtualenv - name: Install Virtualenv if it doesn't exist yet when: - not r_virtualenv.exists block: - name: Ensure Virtualenv package is installed package: state: present name: "{{ host_virtualenv.virtualenv_package }}" - name: Set up Virtualenv pip: state: present name: "{{ host_virtualenv.python_packages }}" virtualenv: "{{ host_virtualenv.virtualenv_path }}" virtualenv_python: "{{ host_virtualenv.virtualenv_python }}" ansible/roles/ocp4-workload-authentication/defaults/main.yml
@@ -31,13 +31,13 @@ remove_kubeadmin: true # Override the defaults by setting the overrides in # ocp4_workload_logging_input: {} # ocp4_workload_logging_vars: {} # # For example to set up LDAP: # ocp4_workload_authentication_input: # ocp4_workload_authentication_vars: # idm_type: ldap # admin_user: wkulhane-redhat.com # Secret Variables should come from secrets file # ocp4_workload_authentication_secret: # ocp4_workload_authentication_secrets: # ldap_bind_password: <should come from secrets> ansible/roles/ocp4-workload-authentication/tasks/workload.yml
@@ -3,8 +3,8 @@ set_fact: ocp4_workload_authentication: >- {{ ocp4_workload_authentication_defaults | combine(ocp4_workload_authentication_input | default( {} ), ocp4_workload_authentication_secret | default( {} ), recursive=true) | combine(ocp4_workload_authentication_vars | default( {} ), ocp4_workload_authentication_secrets | default( {} ), recursive=true) }} - name: Print combined role variables debug: ansible/roles/ocp4-workload-logging/defaults/main.yml
@@ -11,7 +11,7 @@ elasticsearch_storage_request: "50Gi" # Override the defaults by setting the overrides in # ocp4_workload_logging_input: {} # ocp4_workload_logging_vars: {} # # Example: Set up Cluster Logging on dedicated nodes # In this example `elasticsearch` nodes. @@ -29,7 +29,7 @@ # value: reserved # effect: NoExecute # ocp4_workload_logging_inputs: # ocp4_workload_logging_vars: # node_role: "elasticsearch" # elasticsearch_replicas: 1 # elasticsearch_memory_request: "8Gi" ansible/roles/ocp4-workload-logging/tasks/workload.yml
@@ -3,8 +3,8 @@ set_fact: ocp4_workload_logging: >- {{ ocp4_workload_logging_defaults | combine(ocp4_workload_logging_input | default( {} ), ocp4_workload_logging_secret | default( {}), recursive=true ) | combine(ocp4_workload_logging_vars | default( {} ), ocp4_workload_logging_secrets | default( {}), recursive=true ) }} - name: Print combined role variables debug: ansible/roles/ocp4-workload-machinesets/defaults/main.yml
@@ -9,8 +9,7 @@ # more descriptive names. ocp4_workload_machinesets_defaults: machineset_groups: # Infranodes: Must be named "infra" if # desired # Infranodes: Must be named "infra" - name: infra autoscale: false total_replicas: 1 @@ -30,13 +29,10 @@ # instance_type for OpenStack # instance_type: "4c16g30d" # Override the defaults by setting the overrides in # ocp4_workload_logging_input: {} # To add Elasticsearch nodes (for Cluster Logging) add the following to # the ocp4_workload_machinesets_group: # # ocp4_workload_machinesets_input: # ocp4_workload_machinesets_vars: # - name: elasticsearch # autoscale: false # total_replicas: 1 @@ -56,7 +52,7 @@ # To add another group of worker nodes - with autoscaling enabled add # the following: # # ocp4_workload_machinesets_input: # ocp4_workload_machinesets_vars: # - name: worker-scaled # autoscale: true # total_replicas: 1 @@ -70,7 +66,7 @@ # following to the ocp4_workloads_machineset_group. # Make sure you have enough disk space (and quota): # # ocp4_workload_machinesets_input: # ocp4_workload_machinesets_vars: # - name: ocs # autoscale: false # total_replicas: 3 ansible/roles/ocp4-workload-machinesets/tasks/workload.yml
@@ -3,8 +3,8 @@ set_fact: ocp4_workload_machinesets: >- {{ ocp4_workload_machinesets_defaults | combine(ocp4_workload_machinesets_input | default( {} ), ocp4_workload_machinesets_secret | default( {} ), recursive=true ) | combine(ocp4_workload_machinesets_vars | default( {} ), ocp4_workload_machinesets_secrets | default( {} ), recursive=true ) }} - name: Print combined role variables debug: ansible/roles/ocp4-workload-quay-operator/defaults/main.yml
@@ -4,7 +4,7 @@ silent: False # Default variables. Overwrite with a dictionary # ocp4_workload_quay_operator_input # ocp4_workload_quay_operator_vars ocp4_workload_quay_operator_defaults: project: quay-enterprise @@ -87,7 +87,7 @@ # Access Credentials for Quay.io to pull Red Hat Quay # Should be overwritten via base64 encoded Global Variables !!! # reference https://access.redhat.com/solutions/3533201 # ocp4_workload_quay_operator_secret: # ocp4_workload_quay_operator_secrets: # quay_dockerconfigjson: 'pull_secret' # Internal variables. Don't set or change ansible/roles/ocp4-workload-quay-operator/tasks/remove_workload.yml
@@ -3,8 +3,8 @@ set_fact: ocp4_workload_quay_operator: >- {{ ocp4_workload_quay_operator_defaults | combine(ocp4_workload_quay_operator_input | default( {} ), ocp4_workload_quay_operator_secret | default( {} ), recursive=true) | combine(ocp4_workload_quay_operator_vars | default( {} ), ocp4_workload_quay_operator_secrets | default( {} ), recursive=true) }} - name: Remove Red Hat Quay Operator ansible/roles/ocp4-workload-quay-operator/tasks/workload.yml
@@ -3,8 +3,8 @@ set_fact: ocp4_workload_quay_operator: >- {{ ocp4_workload_quay_operator_defaults | combine(ocp4_workload_quay_operator_input | default( {} ), ocp4_workload_quay_operator_secret | default( {} ), recursive=true) | combine(ocp4_workload_quay_operator_vars | default( {} ), ocp4_workload_quay_operator_secrets | default( {} ), recursive=true) }} - name: Print combined role variables debug: