ansible/roles/ocp4-workload-pam-fraudmanagement-workshop/defaults/main.yml
@@ -18,4 +18,6 @@ _prometheus_csv_version: prometheusoperator.0.32.0 _gitea_admin_name: gitadmin _account_password: a123456 _account_password: a123456 _user_login_password: openshift ansible/roles/ocp4-workload-pam-fraudmanagement-workshop/files/businessautomation/imagestreams.yml
New file @@ -0,0 +1,38 @@ --- kind: List apiVersion: v1 metadata: name: businessautomation-operator-imagestreams items: - apiVersion: image.openshift.io/v1 kind: ImageStream metadata: name: rhpam-businesscentral-rhel8 spec: lookupPolicy: local: false tags: - annotations: null from: kind: DockerImage name: registry.redhat.io/rhpam-7/rhpam-businesscentral-rhel8:7.6.0 importPolicy: {} name: 7.6.0 referencePolicy: type: Local - apiVersion: image.openshift.io/v1 kind: ImageStream metadata: name: rhpam-kieserver-rhel8 spec: lookupPolicy: local: false tags: - annotations: null from: kind: DockerImage name: registry.redhat.io/rhpam-7/rhpam-kieserver-rhel8:7.6.0 importPolicy: {} name: 7.6.0 referencePolicy: type: Local ansible/roles/ocp4-workload-pam-fraudmanagement-workshop/files/businessautomation/kie.yml
@@ -1,6 +1,6 @@ apiVersion: app.kiegroup.org/v2 kind: KieApp metadata: name: rhpam-trial name: rhpam-authoring spec: environment: rhpam-trial environment: rhpam-authoring ansible/roles/ocp4-workload-pam-fraudmanagement-workshop/files/fuse/fuse-imagepuller.yml
File was deleted ansible/roles/ocp4-workload-pam-fraudmanagement-workshop/files/fuse/quickstarts/eap-camel-amq-template.json
File was deleted ansible/roles/ocp4-workload-pam-fraudmanagement-workshop/files/fuse/quickstarts/eap-camel-cdi-template.json
File was deleted ansible/roles/ocp4-workload-pam-fraudmanagement-workshop/files/fuse/quickstarts/eap-camel-cxf-jaxrs-template.json
File was deleted ansible/roles/ocp4-workload-pam-fraudmanagement-workshop/files/fuse/quickstarts/eap-camel-cxf-jaxws-template.json
File was deleted ansible/roles/ocp4-workload-pam-fraudmanagement-workshop/files/fuse/quickstarts/eap-camel-jpa-template.json
File was deleted ansible/roles/ocp4-workload-pam-fraudmanagement-workshop/files/fuse/quickstarts/karaf-camel-amq-template.json
File was deleted ansible/roles/ocp4-workload-pam-fraudmanagement-workshop/files/fuse/quickstarts/karaf-camel-log-template.json
File was deleted ansible/roles/ocp4-workload-pam-fraudmanagement-workshop/files/fuse/quickstarts/karaf-camel-rest-sql-template.json
File was deleted ansible/roles/ocp4-workload-pam-fraudmanagement-workshop/files/fuse/quickstarts/karaf-cxf-rest-template.json
File was deleted ansible/roles/ocp4-workload-pam-fraudmanagement-workshop/files/fuse/quickstarts/spring-boot-2-camel-amq-template.json
File was deleted ansible/roles/ocp4-workload-pam-fraudmanagement-workshop/files/fuse/quickstarts/spring-boot-2-camel-drools-template.json
File was deleted ansible/roles/ocp4-workload-pam-fraudmanagement-workshop/files/fuse/quickstarts/spring-boot-2-camel-infinispan-template.json
File was deleted ansible/roles/ocp4-workload-pam-fraudmanagement-workshop/files/fuse/quickstarts/spring-boot-2-camel-rest-3scale-template.json
File was deleted ansible/roles/ocp4-workload-pam-fraudmanagement-workshop/files/fuse/quickstarts/spring-boot-2-camel-rest-sql-template.json
File was deleted ansible/roles/ocp4-workload-pam-fraudmanagement-workshop/files/fuse/quickstarts/spring-boot-2-camel-teiid-template.json
File was deleted ansible/roles/ocp4-workload-pam-fraudmanagement-workshop/files/fuse/quickstarts/spring-boot-2-camel-template.json
File was deleted ansible/roles/ocp4-workload-pam-fraudmanagement-workshop/files/fuse/quickstarts/spring-boot-2-camel-xa-template.json
File was deleted ansible/roles/ocp4-workload-pam-fraudmanagement-workshop/files/fuse/quickstarts/spring-boot-2-camel-xml-template.json
File was deleted ansible/roles/ocp4-workload-pam-fraudmanagement-workshop/files/fuse/quickstarts/spring-boot-2-cxf-jaxrs-template.json
File was deleted ansible/roles/ocp4-workload-pam-fraudmanagement-workshop/files/fuse/quickstarts/spring-boot-2-cxf-jaxws-template.json
File was deleted ansible/roles/ocp4-workload-pam-fraudmanagement-workshop/files/fuse/quickstarts/spring-boot-camel-amq-template.json
File was deleted ansible/roles/ocp4-workload-pam-fraudmanagement-workshop/files/fuse/quickstarts/spring-boot-camel-config-template.json
File was deleted ansible/roles/ocp4-workload-pam-fraudmanagement-workshop/files/fuse/quickstarts/spring-boot-camel-drools-template.json
File was deleted ansible/roles/ocp4-workload-pam-fraudmanagement-workshop/files/fuse/quickstarts/spring-boot-camel-infinispan-template.json
File was deleted ansible/roles/ocp4-workload-pam-fraudmanagement-workshop/files/fuse/quickstarts/spring-boot-camel-rest-3scale-template.json
File was deleted ansible/roles/ocp4-workload-pam-fraudmanagement-workshop/files/fuse/quickstarts/spring-boot-camel-rest-sql-template.json
File was deleted ansible/roles/ocp4-workload-pam-fraudmanagement-workshop/files/fuse/quickstarts/spring-boot-camel-template.json
File was deleted ansible/roles/ocp4-workload-pam-fraudmanagement-workshop/files/fuse/quickstarts/spring-boot-camel-xa-template.json
File was deleted ansible/roles/ocp4-workload-pam-fraudmanagement-workshop/files/fuse/quickstarts/spring-boot-camel-xml-template.json
File was deleted ansible/roles/ocp4-workload-pam-fraudmanagement-workshop/files/fuse/quickstarts/spring-boot-cxf-jaxrs-template.json
File was deleted ansible/roles/ocp4-workload-pam-fraudmanagement-workshop/files/fuse/quickstarts/spring-boot-cxf-jaxws-template.json
File was deleted ansible/roles/ocp4-workload-pam-fraudmanagement-workshop/files/gitea/server.yml
@@ -6,4 +6,5 @@ postgresqlVolumeSize: 4Gi giteaVolumeSize: 4Gi giteaSsl: True giteaServiceName: mygitea giteaServiceName: mygitea giteaImageTag: 1.11.0 ansible/roles/ocp4-workload-pam-fraudmanagement-workshop/files/namespace-limits.yml
New file @@ -0,0 +1,13 @@ apiVersion: v1 kind: LimitRange metadata: name: limits spec: limits: - default: memory: 2048Mi cpu: 2000m defaultRequest: memory: 512Mi cpu: 500m type: Container ansible/roles/ocp4-workload-pam-fraudmanagement-workshop/files/namespace-quota.yml
New file @@ -0,0 +1,10 @@ apiVersion: v1 kind: ResourceQuota metadata: name: quota spec: hard: requests.cpu: '20' requests.memory: 20Gi limits.cpu: '50' limits.memory: 50Gi ansible/roles/ocp4-workload-pam-fraudmanagement-workshop/tasks/pre_workload.yml
@@ -25,16 +25,6 @@ path: "{{ tmp_dir }}" state: directory - name: Copy the role files to the remote host copy: src: files dest: "{{ tmp_dir }}" - name: Copy the role templates to the remote host copy: src: templates dest: "{{ tmp_dir }}" # Leave this as the last task in the playbook. - name: pre_workload tasks complete debug: ansible/roles/ocp4-workload-pam-fraudmanagement-workshop/tasks/workload.yml
@@ -16,6 +16,11 @@ oc get ingresscontroller/default -n openshift-ingress-operator -o jsonpath='{.status.domain}' -n openshift-ingress-operator register: ingressdomain - name: Get server via whoami command: > oc whoami --show-server register: ocwhoami - name: Run tasks per cluster include_tasks: workload_cluster.yml ansible/roles/ocp4-workload-pam-fraudmanagement-workshop/tasks/workload_cluster.yml
@@ -5,6 +5,9 @@ - name: AMQ Streams for cluster include_tasks: workload_per_cluster_amqstreams.yml - name: Business Automation for cluster include_tasks: workload_per_cluster_businessautomation.yml - name: CodeReady Workspaces for cluster include_tasks: workload_per_cluster_codereadyworkspaces.yml ansible/roles/ocp4-workload-pam-fraudmanagement-workshop/tasks/workload_per_cluster_amqstreams.yml
@@ -6,7 +6,9 @@ - name: Create namespace for {{ _namespace }} k8s: state: present definition: "{{ lookup('template', role_path ~ '/templates/namespace.j2' ) | from_yaml }}" definition: "{{ lookup('template', role_path ~ '/templates/namespace-without-requester.j2' ) | from_yaml }}" vars: _description: "AMQ Streams" - name: Create OperatorGroup k8s: ansible/roles/ocp4-workload-pam-fraudmanagement-workshop/tasks/workload_per_cluster_businessautomation.yml
New file @@ -0,0 +1,6 @@ --- - name: Create image streams for Businessa Automation k8s: state: present namespace: openshift definition: "{{ lookup('file', role_path ~ '/files/businessautomation/imagestreams.yml') | from_yaml }}" ansible/roles/ocp4-workload-pam-fraudmanagement-workshop/tasks/workload_per_cluster_codereadyworkspaces.yml
@@ -6,7 +6,9 @@ - name: Create namespace for {{ _namespace }} k8s: state: present definition: "{{ lookup('template', role_path ~ '/templates/namespace.j2' ) | from_yaml }}" definition: "{{ lookup('template', role_path ~ '/templates/namespace-without-requester.j2' ) | from_yaml }}" vars: _description: "Codeready Workspaces" - name: Create OperatorGroup for the operators k8s: ansible/roles/ocp4-workload-pam-fraudmanagement-workshop/tasks/workload_per_cluster_fuse.yml
@@ -5,7 +5,7 @@ namespace: openshift-cluster-samples-operator definition: "{{ lookup('file', role_path ~ '/files/fuse/samples-operator-patch.yml') | from_yaml }}" - name: Create imagestreams for Fuse - name: Create image streams for Fuse k8s: state: present namespace: openshift ansible/roles/ocp4-workload-pam-fraudmanagement-workshop/tasks/workload_per_cluster_gitea.yml
@@ -6,7 +6,9 @@ - name: Create namespace for {{ _namespace }} k8s: state: present definition: "{{ lookup('template', role_path ~ '/templates/namespace.j2' ) | from_yaml }}" definition: "{{ lookup('template', role_path ~ '/templates/namespace-without-requester.j2' ) | from_yaml }}" vars: _description: "Gitea" - name: Create OperatorGroup for the operators k8s: ansible/roles/ocp4-workload-pam-fraudmanagement-workshop/tasks/workload_per_project_businessautomation.yml
@@ -17,16 +17,20 @@ k8s: state: present namespace: "{{ _namespace }}" definition: "{{ lookup('template', role_path ~ '/files/businessautomation/kie.yml' ) | from_yaml }}" definition: "{{ lookup('file', role_path ~ '/files/businessautomation/kie.yml' ) | from_yaml }}" - name: Wait until KieApp has Deployed condition command: > oc get kieapp/rhpam-trial -o jsonpath='{.status.conditions[?(@.type=="Deployed")].status}' -n "{{ _namespace }}" oc get kieapp/rhpam-authoring -o jsonpath='{.status.conditions[?(@.type=="Deployed")].status}' -n "{{ _namespace }}" register: kieapp retries: "{{ _retry }}" delay: "{{ _delay }}" until: kieapp.stdout == "True" - name: todo debug: msg: "TODO: Is the deployed KieApp usable for the workshop? or do we need something else?" - name: Check KieServer is running command: > oc rollout status DeploymentConfig/rhpam-authoring-kieserver --watch=true -n "{{ _namespace }}" - name: Check BusinessCentral is running command: > oc rollout status DeploymentConfig/rhpam-authoring-rhpamcentr --watch=true -n "{{ _namespace }}" ansible/roles/ocp4-workload-pam-fraudmanagement-workshop/tasks/workload_per_project_codereadyworkspaces.yml
@@ -53,8 +53,4 @@ Authorization: "Bearer {{ user_token.json.access_token }}" body: "{{ lookup('template', role_path ~ '/templates/codeready-workspaces/workspace.j2') }}" body_format: json status_code: 201,409 - name: todo debug: msg: "TODO: Deploy quarkus workspace and other plugins needed by pam/dm" status_code: 201,409 ansible/roles/ocp4-workload-pam-fraudmanagement-workshop/tasks/workload_per_project_fuse.yml
File was deleted ansible/roles/ocp4-workload-pam-fraudmanagement-workshop/tasks/workload_per_project_fuseworkload.yml
@@ -19,12 +19,4 @@ k8s: state: present namespace: "{{ _namespace }}" definition: "{{ fusework.stdout | from_json }}" - name: Start and follow Fuse workload build command: > oc start-build BuildConfig/pam-fraudmanagement-fuse --wait -n "{{ _namespace }}" - name: Check Fuse workload is running command: > oc rollout status DeploymentConfig/pam-fraudmanagement-fuse --watch=true -n "{{ _namespace }}" definition: "{{ fusework.stdout | from_json }}" ansible/roles/ocp4-workload-pam-fraudmanagement-workshop/tasks/workload_project.yml
@@ -8,6 +8,27 @@ state: present definition: "{{ lookup('template', role_path ~ '/templates/namespace.j2' ) | from_yaml }}" - name: Create quota in namespace {{ _namespace }} k8s: state: present namespace: "{{ _namespace }}" definition: "{{ lookup('file', role_path ~ '/files/namespace-quota.yml' ) | from_yaml }}" - name: Create limits in namespace {{ _namespace }} k8s: state: present namespace: "{{ _namespace }}" definition: "{{ lookup('file', role_path ~ '/files/namespace-limits.yml' ) | from_yaml }}" - name: Create admin rolebinding for user{{ user_num }} in namespace {{ _namespace }} k8s: state: present namespace: "{{ _namespace }}" definition: "{{ lookup('template', role_path ~ '/templates/namespace-admin-rolebinding.j2' ) | from_yaml }}" - name: Check user{{ user_num }} can login command: "oc login --username=user{{ user_num }} --password={{ _user_login_password }} {{ ocwhoami.stdout }} -n {{ _namespace }} --insecure-skip-tls-verify=true --config={{ tmp_dir }}.kube/{{ _namespace }}-config" - name: Create OperatorGroup for the operators k8s: state: present @@ -21,10 +42,7 @@ - name: Business Automation for {{ _namespace }} include_tasks: workload_per_project_businessautomation.yml - name: Fuse for {{ _namespace }} include_tasks: workload_per_project_fuse.yml - name: Gitea for {{ _namespace }} include_tasks: workload_per_project_gitea.yml ansible/roles/ocp4-workload-pam-fraudmanagement-workshop/templates/namespace-admin-rolebinding.j2
New file @@ -0,0 +1,12 @@ kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: user{{ user_num }}-admin subjects: - kind: User apiGroup: rbac.authorization.k8s.io name: user{{ user_num }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: admin ansible/roles/ocp4-workload-pam-fraudmanagement-workshop/templates/namespace-without-requester.j2
New file @@ -0,0 +1,9 @@ apiVersion: v1 kind: Namespace metadata: annotations: openshift.io/display-name: "{{ _description }}" name: "{{ _namespace }}" spec: finalizers: - kubernetes ansible/roles/ocp4-workload-pam-fraudmanagement-workshop/templates/namespace.j2
@@ -3,7 +3,8 @@ metadata: annotations: openshift.io/description: "ocp4-workload-pam-fraudmanagement-workshop" openshift.io/display-name: "" openshift.io/display-name: "Summit 2020: Proactive Fraud Management with Case Management, Kafka and DMN Services" openshift.io/requester: "user{{ user_num }}" name: "{{ _namespace }}" spec: finalizers: