ansible/roles/ocp-workload-fuse-enmasse/defaults/main.yml | ●●●●● patch | view | raw | blame | history | |
ansible/roles/ocp-workload-fuse-enmasse/readme.adoc | ●●●●● patch | view | raw | blame | history | |
ansible/roles/ocp-workload-fuse-enmasse/tasks/main.yml | ●●●●● patch | view | raw | blame | history | |
ansible/roles/ocp-workload-fuse-enmasse/tasks/post_workload.yml | ●●●●● patch | view | raw | blame | history | |
ansible/roles/ocp-workload-fuse-enmasse/tasks/pre_workload.yml | ●●●●● patch | view | raw | blame | history | |
ansible/roles/ocp-workload-fuse-enmasse/tasks/remove_workload.yml | ●●●●● patch | view | raw | blame | history | |
ansible/roles/ocp-workload-fuse-enmasse/tasks/workload.yml | ●●●●● patch | view | raw | blame | history |
ansible/roles/ocp-workload-fuse-enmasse/defaults/main.yml
New file @@ -0,0 +1,19 @@ --- ocp_username: shachar-redhat.com ocp_user_needs_quota: True ocp_user_groups: - OPENTLC-PROJECT-PROVISIONERS quota_requests_cpu: 5 quota_limits_cpu: 10 quota_requests_memory: '6Gi' quota_limits_memory: '20Gi' quota_configmaps: 10 quota_pods: 20 quota_persistentvolumeclaims: 20 quota_services: 30 quota_secrets: 30 quota_requests_storage: 50Gi ansible/roles/ocp-workload-fuse-enmasse/readme.adoc
New file @@ -0,0 +1,127 @@ = ocp-workload-developer-environment - Sample Config == Role overview * This is a simple role that does the following: ** Playbook: link:./tasks/pre_workload.yml[pre_workload.yml] - Sets up an environment for the workload deployment *** Adds a user to a list of groups defined in the link:./defaults/main.yml[defaults file]. *** Sets a cluster resource quota for the user based on the variables in the link:./defaults/main.yml[defaults file] . *** Debug task will print out: `pre_workload Tasks Complete` ** Playbook: link:./tasks/workload.yml[workload.yml] - Used to deploy the actual workload, i.e, 3scale, Mobile or some Demo *** This role doesn't do anything here *** Debug task will print out: `workload Tasks Complete` ** Playbook: link:./tasks/post_workload.yml[post_workload.yml] - Used to configure the workload after deployment *** This role doesn't do anything here *** Debug task will print out: `post_workload Tasks Complete` == Review the defaults variable file * This file link:./defaults/main.yml[./defaults/main.yml] contains all the variables you need to define to control the deployment of your workload. * You can modify any of these default values by adding `-e"variable_name=variable_value"` to the command line === Deploy Workload on OpenShift Cluster from an existing playbook: [source,yaml] ---- - name: Deploy a workload role on a master host hosts: all become: true gather_facts: False tags: - step007 roles: - { role: "{{ ANSIBLE_REPO_PATH }}/roles/{{ocp_workload}}", when: 'ocp_workload is defined' } ---- NOTE: You might want to change `hosts: all` to fit your requirements === Deploy a Workload with the `ocp-workload` playbook [Mostly for testing] ---- TARGET_HOST="bastion.dev37.openshift.opentlc.com" OCP_USERNAME="shacharb-redhat.com" WORKLOAD="ocp-workload-fuse-ignite" GUID=3005 # a TARGET_HOST is specified in the command line, without using an inventory file ansible-playbook -i ${TARGET_HOST}, ./configs/ocp-workloads/ocp-workload.yml \ -e"ansible_ssh_private_key_file=~/.ssh/keytoyourhost.pem" \ -e"ansible_ssh_user=ec2-user" \ -e"ANSIBLE_REPO_PATH=`pwd`" \ -e"ocp_username=${OCP_USERNAME}" \ -e"ocp_workload=${WORKLOAD}" \ -e"guid=${GUID}" \ -e"ocp_user_needs_quota=true" \ -e"ocp_apps_domain=apps.rhpds.openshift.opentlc.com" \ -e"ACTION=create" ---- === To Delete an environment ---- TARGET_HOST="bastion.dev37.openshift.opentlc.com" OCP_USERNAME="shacharb-redhat.com" WORKLOAD="ocp-workload-fuse-ignite" GUID=3005 # a TARGET_HOST is specified in the command line, without using an inventory file ansible-playbook -i ${TARGET_HOST}, ./configs/ocp-workloads/ocp-workload.yml \ -e"ansible_ssh_private_key_file=~/.ssh/keytoyourhost.pem" \ -e"ansible_ssh_user=ec2-user" \ -e"ANSIBLE_REPO_PATH=`pwd`" \ -e"ocp_username=${OCP_USERNAME}" \ -e"ocp_workload=${WORKLOAD}" \ -e"guid=${GUID}" \ -e"ACTION=remove" ---- == Set up your Ansible inventory file * You can create an Ansible inventory file to define your connection method to your host (Master/Bastion with OC command) * You can also use the command line to define the hosts directly if your `ssh` configuration is set to connect to the host correctly * You can also use the command line to use localhost or if your cluster is already authenticated and configured in your `oc` configuration [source, ini] .example inventory file ---- [gptehosts:vars] ansible_ssh_private_key_file=~/.ssh/keytoyourhost.pem ansible_ssh_user=ec2-user [gptehosts:children] openshift [openshift] bastion.cluster1.openshift.opentlc.com bastion.cluster2.openshift.opentlc.com bastion.cluster3.openshift.opentlc.com ansible_ssh_host=ec2-11-111-111-11.us-west-2.compute.amazonaws.com bastion.cluster4.openshift.opentlc.com [dev] bastion.cluster1.openshift.opentlc.com bastion.cluster2.openshift.opentlc.com [prod] bastion.cluster3.openshift.opentlc.com bastion.cluster4.openshift.opentlc.com ---- ansible/roles/ocp-workload-fuse-enmasse/tasks/main.yml
New file @@ -0,0 +1,20 @@ --- - name: Running Pre Workload Tasks include: ./pre_workload.yml become: true when: ACTION == "create" or ACTION == "provision" - name: Running Workload Tasks include: ./workload.yml become: true when: ACTION == "create" or ACTION == "provision" - name: Running Post Workload Tasks include: ./post_workload.yml become: true when: ACTION == "create" or ACTION == "provision" - name: Running Workload removal Tasks include: ./remove_workload.yml become: true when: ACTION == "destroy" or ACTION == "remove" ansible/roles/ocp-workload-fuse-enmasse/tasks/post_workload.yml
New file @@ -0,0 +1,5 @@ --- - name: post_workload Tasks Complete debug: msg: "Post-Software checks completed successfully" ansible/roles/ocp-workload-fuse-enmasse/tasks/pre_workload.yml
New file @@ -0,0 +1,32 @@ --- # - name: Add user to developer group (allowed to create projects) # shell: "oadm groups add-users {{item}} {{ocp_username}}" # register: groupadd_register # with_items: "{{ocp_user_groups}}" # when: ocp_username is defined and ocp_user_groups is defined # # - name: test that command worked # debug: # var: groupadd_register # verbosity: 2 - name: Create user Quota - clusterresourcequota shell: | oc create clusterquota clusterquota-"{{ocp_username}}-{{guid}}" \ --project-annotation-selector=openshift.io/requester="{{ocp_username}}" \ --hard requests.cpu="{{quota_requests_cpu}}" \ --hard limits.cpu="{{quota_limits_cpu}}" \ --hard requests.memory="{{quota_requests_memory}}" \ --hard limits.memory="{{quota_limits_memory}}" \ --hard configmaps="{{quota_configmaps}}" \ --hard pods="{{quota_pods}}" \ --hard persistentvolumeclaims="{{quota_persistentvolumeclaims}}" \ --hard services="{{quota_services}}" \ --hard secrets="{{quota_secrets}}" \ --hard requests.storage="{{quota_requests_storage}}" ignore_errors: true - name: pre_workload Tasks Complete debug: msg: "Pre-Software checks completed successfully" ansible/roles/ocp-workload-fuse-enmasse/tasks/remove_workload.yml
New file @@ -0,0 +1,24 @@ --- - name: post_workload Tasks Complete debug: msg: "Pre-Software checks completed successfully - Removed" - name: define ocp_project set_fact: ocp_project: "fuse-{{guid}}" - name: Remove user Quota - oc delete clusterresourcequota "clusterquota-{{ocp_username}}-{{guid}}" shell: oc delete clusterresourcequota clusterquota-{{ocp_username}}-{{guid}} ignore_errors: true - name: Remove user Quota - oc delete clusterresourcequota "clusterquota-{{ocp_username}}" shell: oc delete clusterresourcequota clusterquota-{{ocp_username}} ignore_errors: true - name: Remove user Project shell: "oc delete project {{ocp_project}}" ignore_errors: true - name: post_workload Tasks Complete debug: msg: "Post-Software checks completed successfully - Removed" ansible/roles/ocp-workload-fuse-enmasse/tasks/workload.yml
New file @@ -0,0 +1,31 @@ --- - name: define ocp_project set_fact: ocp_project: "fuse-{{guid}}" - name: Create project for workload shell: "oc new-project {{ocp_project}}" - name: Make sure we go back do default project shell: "oc project default" - name: Create serviceaccount-as-oauthclient shell: "oc create -f https://raw.githubusercontent.com/syndesisio/syndesis/master/app/deploy/support/serviceaccount-as-oauthclient-restricted.yml -n {{ocp_project}} " - name: Create workload template shell: "oc create -f https://raw.githubusercontent.com/syndesisio/syndesis/master/app/deploy/syndesis-restricted.yml -n {{ocp_project}} " - name: Create the workload app shell: | oc new-app syndesis-restricted -p ROUTE_HOSTNAME=fuse.{{ocp_project}}.{{ocp_apps_domain}} \ -p OPENSHIFT_PROJECT={{ocp_project}} \ -p OPENSHIFT_OAUTH_CLIENT_SECRET=$(oc sa get-token syndesis-oauth-client -n {{ocp_project}}) -n {{ocp_project}} - name: Give ocp_username access to ocp_project shell: "oc policy add-role-to-user admin {{ocp_username}} -n {{ocp_project}}" - name: workload Tasks Complete debug: msg: workload Tasks Complete