ansible/roles/ocp-workload-3scale-lifecycle/defaults/main.yml | ●●●●● patch | view | raw | blame | history | |
ansible/roles/ocp-workload-3scale-lifecycle/readme.adoc | ●●●●● patch | view | raw | blame | history | |
ansible/roles/ocp-workload-3scale-lifecycle/tasks/main.yml | ●●●●● patch | view | raw | blame | history | |
ansible/roles/ocp-workload-3scale-lifecycle/tasks/post_workload.yml | ●●●●● patch | view | raw | blame | history | |
ansible/roles/ocp-workload-3scale-lifecycle/tasks/pre_workload.yml | ●●●●● patch | view | raw | blame | history | |
ansible/roles/ocp-workload-3scale-lifecycle/tasks/remove_workload.yml | ●●●●● patch | view | raw | blame | history | |
ansible/roles/ocp-workload-3scale-lifecycle/tasks/wait_for_build.yml | ●●●●● patch | view | raw | blame | history | |
ansible/roles/ocp-workload-3scale-lifecycle/tasks/wait_for_deploy.yml | ●●●●● patch | view | raw | blame | history | |
ansible/roles/ocp-workload-3scale-lifecycle/tasks/workload.yml | ●●●●● patch | view | raw | blame | history |
ansible/roles/ocp-workload-3scale-lifecycle/defaults/main.yml
New file @@ -0,0 +1,33 @@ --- ocp_username: hchin-redhat.com ocp_user_needs_quota: True ocp_user_groups: - OPENTLC-PROJECT-PROVISIONERS quota_requests_cpu: 5 quota_limits_cpu: 10 quota_requests_memory: '6Gi' quota_limits_memory: '8Gi' quota_configmaps: 15 quota_pods: 20 quota_persistentvolumeclaims: 20 quota_services: 150 quota_secrets: 150 quota_requests_storage: 50Gi ocp_domain: "{{subdomain_base}}" ocp_apps_domain: "apps.{{ocp_domain}}" build_status_retries: 20 build_status_delay: 20 deploy_status_retries: 15 deploy_status_delay: 20 APICURIO_UI_ROUTE: apicurio-studio.$OCP_SUFFIX APICURIO_API_ROUTE: apicurio-studio-api.$OCP_SUFFIX APICURIO_WS_ROUTE: apicurio-studio-ws.$OCP_SUFFIX MICROCKS_ROUTE_HOSTNAME: microcks.$OCP_SUFFIX ansible/roles/ocp-workload-3scale-lifecycle/readme.adoc
New file @@ -0,0 +1,32 @@ --- - name: Check if Red Hat SSO was already provisioned command: "oc get service sso -n {{shared_ns}}" register: sso_already_installed ignore_errors: true changed_when: false - name: Install Red Hat SSO in shared namespace {{shared_ns}} block: - name: define sso template version set_fact: sso_version: "ose-v1.4.15" - name: Make sure use shared namespace shell: "oc project {{shared_ns}}" - name: Create service accounts and secrets for RH SSO shell: "oc create -f https://raw.githubusercontent.com/jboss-openshift/application-templates/{{sso_version}}/secrets/sso-app-secret.json -n {{shared_ns}}" - name: Add cluster view policy to sa for clustering shell: "oc policy add-role-to-user view system:serviceaccount:{{shared_ns}}:sso-service-account -n {{shared_ns}}" - name: Import RH SSO template shell: "oc create -f https://raw.githubusercontent.com/jboss-openshift/application-templates/{{sso_version}}/sso/sso72-mysql-persistent.json" - name: Create RH SSO app shell: "oc new-app sso72-mysql-persistent -p HTTPS_NAME=jboss -p HTTPS_PASSWORD=mykeystorepass -p SSO_ADMIN_USERNAME=keyadmin \ -p SSO_ADMIN_PASSWORD=keypassword -n {{shared_ns}}" - name: Wait for Red Hat SSO to be running command: "oc get dc/sso -o yaml -n {{shared_ns}}" register: result until: '"availableReplicas: 1" in result.stdout' retries: 5 delay: 60 changed_when: false when: sso_already_installed is failed ansible/roles/ocp-workload-3scale-lifecycle/tasks/main.yml
New file @@ -0,0 +1,20 @@ --- - name: Running Pre Workload Tasks include: ./pre_workload.yml become: "{{ become_override | bool }}" when: ACTION == "create" or ACTION == "provision" - name: Running Workload Tasks include: ./workload.yml become: "{{ become_override | bool }}" when: ACTION == "create" or ACTION == "provision" - name: Running Post Workload Tasks include: ./post_workload.yml become: "{{ become_override | bool }}" when: ACTION == "create" or ACTION == "provision" - name: Running Workload removal Tasks include: ./remove_workload.yml become: "{{ become_override | bool }}" when: ACTION == "destroy" or ACTION == "remove" ansible/roles/ocp-workload-3scale-lifecycle/tasks/post_workload.yml
New file @@ -0,0 +1,5 @@ --- - name: post_workload Tasks Complete debug: msg: "Post-Software checks completed successfully" ansible/roles/ocp-workload-3scale-lifecycle/tasks/pre_workload.yml
New file @@ -0,0 +1,32 @@ --- # - name: Add user to developer group (allowed to create projects) # shell: "oadm groups add-users {{item}} {{ocp_username}}" # register: groupadd_register # with_items: "{{ocp_user_groups}}" # when: ocp_username is defined and ocp_user_groups is defined # # - name: test that command worked # debug: # var: groupadd_register # verbosity: 2 - name: Create user Quota - clusterresourcequota shell: | oc create clusterquota clusterquota-"{{ocp_username}}-{{guid}}" \ --project-annotation-selector=openshift.io/requester="{{ocp_username}}" \ --hard requests.cpu="{{quota_requests_cpu}}" \ --hard limits.cpu="{{quota_limits_cpu}}" \ --hard requests.memory="{{quota_requests_memory}}" \ --hard limits.memory="{{quota_limits_memory}}" \ --hard configmaps="{{quota_configmaps}}" \ --hard pods="{{quota_pods}}" \ --hard persistentvolumeclaims="{{quota_persistentvolumeclaims}}" \ --hard services="{{quota_services}}" \ --hard secrets="{{quota_secrets}}" \ --hard requests.storage="{{quota_requests_storage}}" ignore_errors: true - name: pre_workload Tasks Complete debug: msg: "Pre-Software checks completed successfully" ansible/roles/ocp-workload-3scale-lifecycle/tasks/remove_workload.yml
New file @@ -0,0 +1,31 @@ --- - name: post_workload Tasks Complete debug: msg: "Pre-Software checks completed successfully - Removed" - name: Remove user Quota - oc delete clusterresourcequota "clusterquota-{{ocp_username}}-{{guid}}" shell: oc delete clusterresourcequota clusterquota-{{ocp_username}}-{{guid}} ignore_errors: true - name: Remove any lingering tmp files shell: "rm -rf /tmp/{{guid}}" - name: Remove user Project shell: "oc delete project istio-system" ignore_errors: true #- name: clean up residual istio stuff # template: # src: templates/istio_cleanup.sh # dest: /tmp/istio_cleanup.sh # mode: 0755 #- shell: "/tmp/istio_cleanup.sh" - name: Delete Istio Control Plane shell: "oc delete -f /tmp/istio-demo-1.0.0.yaml" ignore_errors: true - name: post_workload Tasks Complete debug: msg: "Post-Software checks completed successfully - Removed" ansible/roles/ocp-workload-3scale-lifecycle/tasks/wait_for_build.yml
New file @@ -0,0 +1,23 @@ --- # Purpose: # This script queries OCP for builds that exist but are not yet ready. # So long as there are unready builds, this script continues to loop # # Manual Test to determine list of unready builds : # 1) install jp : https://github.com/jmespath/jp # 2) oc get builds -o json | jp "items[? (status.phase != 'Complete') ].metadata.annotations.\"openshift.io/build-config.name\"" # # Documentation pertaining to jq syntax: # - http://jmespath.org/tutorial.html # - https://stackoverflow.com/questions/41261680/ansible-json-query-path-to-select-item-by-content # - name: "Wait for following builds to become ready: {{build_to_wait}}" command: 'oc get build -o json -n "{{ ocp_project }}"' register: build_state changed_when: false retries: "{{ build_status_retries }}" delay: "{{ build_status_delay }}" vars: query: "items[? (status.phase != 'Complete') ].metadata.annotations.\"openshift.io/build-config.name\"" until: "build_state.stdout |from_json |json_query(query) |intersect(build_to_wait) |length == 0" ansible/roles/ocp-workload-3scale-lifecycle/tasks/wait_for_deploy.yml
New file @@ -0,0 +1,25 @@ --- # Purpose: # This script queries OCP for replica sets that exist but are not yet ready. # So long as there are unready replica sets, this script continues to loop # # Manual Test to determine list of unready replication controllers : # 1) install jp : https://github.com/jmespath/jp # 2) oc get rs -o json | jp 'items[? (status.readyReplicas == ""|| status.readyReplicas == `0`) ].metadata.labels.deployment' # Documentation pertaining to jq syntax: # - http://jmespath.org/tutorial.html # NOTE: requires a Deployment label of: deployment: <deploymentname> - name: "Wait for following deployments to become ready: {{pod_to_wait}}" command: 'oc get rs -o json -n "{{ ocp_project }}"' register: rs_state changed_when: false retries: "{{ deploy_status_retries }}" delay: "{{ deploy_status_delay }}" until: 'rs_state.stdout |from_json |json_query(''items[? (status.readyReplicas == ""|| status.readyReplicas == `0`) ].metadata.labels."deployment"'') |intersect(pod_to_wait) |length == 0' ansible/roles/ocp-workload-3scale-lifecycle/tasks/workload.yml
New file @@ -0,0 +1,13 @@ --- # Apicurio Studio oc create -f https://raw.githubusercontent.com/gpe-mw-training/rhte-api-as-business-labs/master/templates/apicurio-template.yml -n openshift # Microcks oc create -f https://raw.githubusercontent.com/gpe-mw-training/rhte-api-as-business-labs/master/templates/microcks-persistent-no-keycloak-template.yml -n openshift ### Create Lab Infra project oc adm new-project lab-infra --admin=opentlc-mgr --description="Lab Infrastructure project for SSO, Microcks & Apicurio Studio." ### Apicurio oc new-app --template=apicurio-studio --param=AUTH_ROUTE=http://$HOSTNAME_HTTP/auth --param=UI_ROUTE=$APICURIO_UI_ROUTE --param=API_ROUTE=$APICURIO_API_ROUTE --param=WS_ROUTE=$APICURIO_WS_ROUTE --param=API_JVM_MAX=2000m --param=API_MEM_LIMIT=3000Mi --param=WS_JVM_MAX=2000m --param=WS_MEM_LIMIT=2500Mi --param=UI_JVM_MAX=1800m --param=UI_MEM_LIMIT=2500Mi