ansible/roles/ocp4-workload-template-service-broker/defaults/main.yml
New file @@ -0,0 +1,8 @@ --- become_override: False ocp_username: opentlc-mgr silent: False _broker_project: openshift-template-service-broker _broker_project_display: "OpenShift Template Service Broker" _broker_subscription_csv: "templateservicebrokeroperator.v0.2.0" ansible/roles/ocp4-workload-template-service-broker/files/service_catalog_api_server.yaml
New file @@ -0,0 +1,7 @@ apiVersion: operator.openshift.io/v1 kind: ServiceCatalogAPIServer metadata: name: cluster spec: logLevel: "Normal" managementState: Managed ansible/roles/ocp4-workload-template-service-broker/files/service_catalog_controller_manager.yaml
New file @@ -0,0 +1,7 @@ apiVersion: operator.openshift.io/v1 kind: ServiceCatalogControllerManager metadata: name: cluster spec: logLevel: "Normal" managementState: Managed ansible/roles/ocp4-workload-template-service-broker/readme.adoc
New file @@ -0,0 +1,119 @@ = ocp4-workload-template-service-broker - Deploy the Template Service Broker to OpenShift == Role overview * This role installs the Template Service Broker into an OpenShift Cluster. It consists of the following playbooks: ** Playbook: link:./tasks/pre_workload.yml[pre_workload.yml] - Sets up an environment for the workload deployment. *** Debug task will print out: `pre_workload Tasks completed successfully.` ** Playbook: link:./tasks/workload.yml[workload.yml] - Used to deploy the Template Service Broker *** This role creates a namespace (project), deploys the automation broker operator, then deploys *** Debug task will print out: `workload Tasks completed successfully.` ** Playbook: link:./tasks/post_workload.yml[post_workload.yml] - Used to configure the workload after deployment *** This role doesn't do anything here *** Debug task will print out: `post_workload Tasks completed successfully.` ** Playbook: link:./tasks/remove_workload.yml[remove_workload.yml] - Used to delete the workload *** This role removes the Template Service Broker *** Debug task will print out: `remove_workload Tasks completed successfully.` == Review the defaults variable file * This file link:./defaults/main.yml[./defaults/main.yml] contains all the variables you need to define to control the deployment of your workload. * The variable *ocp_username* is mandatory to assign the workload to the correct OpenShift user. * A variable *silent=True* can be passed to suppress debug messages. * Other variables: ** *_broker_project*: The name of the project to create and install the Template Service Broker to. Default: `openshift-template-service-broker` ** *_broker_project_display*: The display name of the project. Default: `OpenShift Template Service Broker` ** *_broker_subscription_csv*: The ClusterServiceVersion to be deployed. Default: `templateservicebrokeroperator.v0.2.0` * You can modify any of these default values by adding `-e "variable_name=variable_value"` to the command line === Deploy a Workload with the `ocp-workload` playbook [Mostly for testing] ---- TARGET_HOST="bastion.na311.openshift.opentlc.com" OCP_USERNAME="shacharb-redhat.com" WORKLOAD="ocp4-workload-template-service-broker" GUID=1001 # a TARGET_HOST is specified in the command line, without using an inventory file ansible-playbook -i ${TARGET_HOST}, ./configs/ocp-workloads/ocp-workload.yml \ -e"ansible_ssh_private_key_file=~/.ssh/keytoyourhost.pem" \ -e"ansible_user=ec2-user" \ -e"ocp_username=${OCP_USERNAME}" \ -e"ocp_workload=${WORKLOAD}" \ -e"silent=False" \ -e"guid=${GUID}" \ -e"ACTION=create" ---- === To Delete an environment ---- TARGET_HOST="bastion.na311.openshift.opentlc.com" OCP_USERNAME="ankay-redhat.com" WORKLOAD="ocp4-workload-template-service-broker" GUID=1002 # a TARGET_HOST is specified in the command line, without using an inventory file ansible-playbook -i ${TARGET_HOST}, ./configs/ocp-workloads/ocp-workload.yml \ -e"ansible_ssh_private_key_file=~/.ssh/keytoyourhost.pem" \ -e"ansible_user=ec2-user" \ -e"ocp_username=${OCP_USERNAME}" \ -e"ocp_workload=${WORKLOAD}" \ -e"guid=${GUID}" \ -e"ACTION=remove" ---- == Other related information: === Deploy Workload on OpenShift Cluster from an existing playbook: [source,yaml] ---- - name: Deploy a workload role on a master host hosts: all become: true gather_facts: False tags: - step007 roles: - { role: "{{ocp_workload}}", when: 'ocp_workload is defined' } ---- NOTE: You might want to change `hosts: all` to fit your requirements === Set up your Ansible inventory file * You can create an Ansible inventory file to define your connection method to your host (Master/Bastion with `oc` command) * You can also use the command line to define the hosts directly if your `ssh` configuration is set to connect to the host correctly * You can also use the command line to use localhost or if your cluster is already authenticated and configured in your `oc` configuration .Example inventory file [source, ini] ---- [gptehosts:vars] ansible_ssh_private_key_file=~/.ssh/keytoyourhost.pem ansible_user=ec2-user [gptehosts:children] openshift [openshift] bastion.cluster1.openshift.opentlc.com bastion.cluster2.openshift.opentlc.com bastion.cluster3.openshift.opentlc.com bastion.cluster4.openshift.opentlc.com [dev] bastion.cluster1.openshift.opentlc.com bastion.cluster2.openshift.opentlc.com [prod] bastion.cluster3.openshift.opentlc.com bastion.cluster4.openshift.opentlc.com ---- ansible/roles/ocp4-workload-template-service-broker/tasks/main.yml
New file @@ -0,0 +1,23 @@ --- # Do not modify this file - name: Running Pre Workload Tasks import_tasks: ./pre_workload.yml become: "{{ become_override | bool }}" when: ACTION == "create" or ACTION == "provision" - name: Running Workload Tasks import_tasks: ./workload.yml become: "{{ become_override | bool }}" when: ACTION == "create" or ACTION == "provision" - name: Running Post Workload Tasks import_tasks: ./post_workload.yml become: "{{ become_override | bool }}" when: ACTION == "create" or ACTION == "provision" - name: Running Workload removal Tasks import_tasks: ./remove_workload.yml become: "{{ become_override | bool }}" when: ACTION == "destroy" or ACTION == "remove" ansible/roles/ocp4-workload-template-service-broker/tasks/post_workload.yml
New file @@ -0,0 +1,9 @@ --- # Implement your Post Workload deployment tasks here # Leave this as the last task in the playbook. - name: post_workload tasks complete debug: msg: "Post-Workload Tasks completed successfully." when: not silent|bool ansible/roles/ocp4-workload-template-service-broker/tasks/pre_workload.yml
New file @@ -0,0 +1,8 @@ --- # Implement your Pre Workload deployment tasks here # Leave this as the last task in the playbook. - name: pre_workload tasks complete debug: msg: "Pre-Workload tasks completed successfully." when: not silent|bool ansible/roles/ocp4-workload-template-service-broker/tasks/remove_workload.yml
New file @@ -0,0 +1,33 @@ --- # Implement your Workload removal tasks here - name: Remove Template Service Broker k8s: state: absent definition: "{{ lookup('template', item ) | from_yaml }}" loop: - ./templates/template_service_broker.j2 - name: Remove Template Service Broker Operator k8s: state: absent definition: "{{ lookup('template', item ) | from_yaml }}" loop: - ./templates/subscription.j2 - ./templates/catalog_source.j2 - ./templates/operator_group.j2 # - name: Remove Template Service Broker Project # k8s: # name: "{{ _broker_project }}" # api_version: v1 # kind: Namespace # state: absent # Not removing the Service Broker objects because they may be used elsewhere. # Leave this as the last task in the playbook. - name: remove_workload tasks complete debug: msg: "Remove Workload tasks completed successfully." when: not silent|bool ansible/roles/ocp4-workload-template-service-broker/tasks/workload.yml
New file @@ -0,0 +1,61 @@ --- # Implement your Workload deployment tasks here - name: Setting up workload for user debug: msg: "Setting up workload for user ocp_username = {{ ocp_username }}" - name: Create OpenShift Objects for Service Broker k8s: state: present merge_type: - strategic-merge - merge definition: "{{ lookup('file', item ) | from_yaml }}" loop: - ./files/service_catalog_api_server.yaml - ./files/service_catalog_controller_manager.yaml - name: Create OpenShift Objects for Template Service Broker k8s: state: present merge_type: - strategic-merge - merge definition: "{{ lookup('template', item ) | from_yaml }}" loop: - ./templates/broker_project.j2 - ./templates/operator_group.j2 - ./templates/catalog_source.j2 - ./templates/subscription.j2 - name: Wait until CSV is Installed command: oc get csv "{{ _broker_subscription_csv }}" -o jsonpath --template='{.status.phase}' -n "{{ _broker_project }}" register: csv retries: 30 delay: 10 until: csv.stdout == "Succeeded" - name: Create Template Service Broker k8s: state: present merge_type: - strategic-merge - merge definition: "{{ lookup('template', item ) | from_yaml }}" loop: - ./templates/template_service_broker.j2 - name: Grant Template Service Broker Service Account cluster-admin k8s: state: present merge_type: - strategic-merge - merge definition: "{{ lookup('template', './templates/cluster_role_binding.j2' ) | from_yaml }}" # Leave this as the last task in the playbook. - name: workload tasks complete debug: msg: "Workload Tasks completed successfully." when: not silent|bool ansible/roles/ocp4-workload-template-service-broker/templates/broker_project.j2
New file @@ -0,0 +1,11 @@ apiVersion: project.openshift.io/v1 kind: Project metadata: annotations: openshift.io/description: "" openshift.io/display-name: "{{ _broker_project_display }}" openshift.io/requester: "{{ ocp_username }}" name: "{{ _broker_project }}" spec: finalizers: - kubernetes ansible/roles/ocp4-workload-template-service-broker/templates/catalog_source.j2
New file @@ -0,0 +1,13 @@ apiVersion: operators.coreos.com/v1alpha1 kind: CatalogSource metadata: name: installed-community-openshift-template-broker namespace: "{{ _broker_project }}" spec: address: community-operators.openshift-marketplace.svc.cluster.local:50051 displayName: Community Operators icon: base64data: "" mediatype: "" publisher: Community sourceType: grpc ansible/roles/ocp4-workload-template-service-broker/templates/cluster_role_binding.j2
New file @@ -0,0 +1,12 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: automation-broker-cluster-role-binding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: apiserver namespace: "{{ _broker_project }}" ansible/roles/ocp4-workload-template-service-broker/templates/operator_group.j2
New file @@ -0,0 +1,8 @@ apiVersion: operators.coreos.com/v1alpha2 kind: OperatorGroup metadata: name: template-service-broker-group namespace: "{{ _broker_project }}" spec: targetNamespaces: - "{{ _broker_project }}" ansible/roles/ocp4-workload-template-service-broker/templates/subscription.j2
New file @@ -0,0 +1,12 @@ apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: name: templateservicebroker namespace: "{{ _broker_project }}" spec: channel: alpha installPlanApproval: Automatic name: templateservicebroker source: installed-community-openshift-template-broker sourceNamespace: "{{ _broker_project }}" startingCSV: "{{ _broker_subscription_csv }}" ansible/roles/ocp4-workload-template-service-broker/templates/template_service_broker.j2
New file @@ -0,0 +1,6 @@ apiVersion: osb.openshift.io/v1alpha1 kind: TemplateServiceBroker metadata: name: openshift-template-service-broker namespace: "{{ _broker_project }}" spec: {}