RedHatTraining/agnosticd.git

parent: eb3814aa | patch | commit | ignore whitespace

kmendez-redhat

2019-04-25 9e8f4291b851e5aefbfca69d180d1a4e27f60a08

Fixes for summit environment (#391)

6 files modified

1 files renamed

	ansible/configs/ocp4-workload-security-compliance-lab/requirements.yml	14 ●●●●● patch \| view \| raw \| blame \| history
	ansible/roles/ocp4-workload-security-compliance-lab/NOTES.txt	6 ●●●●● patch \| view \| raw \| blame \| history
	ansible/roles/ocp4-workload-security-compliance-lab/defaults/main.yml	9 ●●●●● patch \| view \| raw \| blame \| history
	ansible/roles/ocp4-workload-security-compliance-lab/tasks/main.yml	4 ●●●●● patch \| view \| raw \| blame \| history
	ansible/roles/ocp4-workload-security-compliance-lab/tasks/per_user.yml	13 ●●●●● patch \| view \| raw \| blame \| history
	ansible/roles/ocp4-workload-security-compliance-lab/templates/buildconfig.yml.j2	16 ●●●●● patch \| view \| raw \| blame \| history
	ansible/roles/ocp4-workload-security-compliance-lab/templates/daemon.json.j2	2 ●●●●● patch \| view \| raw \| blame \| history

 ansible/configs/ocp4-workload-security-compliance-lab/requirements.yml

@@ -1,21 +1,21 @@
---
- src: siamaksade.openshift_common_facts
  name: openshift_commons_facts
  name: siamaksade.openshift_commons_facts

- src: siamaksade.openshift_sonatype_nexus
  name: openshift_sonatype_nexus
  name: siamaksade.openshift_sonatype_nexus

- src: siamaksade.openshift_gogs
  name: openshift_gogs
  name: siamaksade.openshift_gogs

- src: siamaksade.openshift_jenkins
  name: openshift_jenkins
  name: siamaksade.openshift_jenkins

- src: siamaksade.openshift_workshopper
  name: openshift_workshopper
  name: siamaksade.openshift_workshopper

- src: siamaksade.openshift_coolstore
  name: openshift_coolstore
  name: siamaksade.openshift_coolstore

- src: siamaksade.openshift_quay
  name: openshift_quay
  name: siamaksade.openshift_quay

 ansible/roles/ocp4-workload-security-compliance-lab/NOTES.txt

@@ -10,6 +10,7 @@

ansible-playbook install_galaxy_roles.yml -e env_type=ocp-workloads


### SCRIPT START
GUID=8828
DOMAIN="cluster-${GUID}.${GUID}.openshiftworkshop.com"
@@ -42,12 +43,11 @@
                 -e"ocp_workload=${WORKLOAD}" \
                 -e"guid=${GUID}" \
                 -e"ocp_user_needs_quota=true" \
                 -e"ocp_master=${MASTER_HOSTNAME}" \
                 -e"ocp_apps_domain=${APPS_DOMAIN}" \
                 -e"admin_project=${WORKSHOP_PROJECT}" \
                 -e"user_count=${NUM_USERS}" \
                 -e"num_users=${NUM_USERS}" \
                 -e"user_password=${USER_PASSWORD}" \
                 -e"gogs_password=${GOGS_PASSWORD}" \
                 -e"subdomain_base_suffix=${DOMAIN}"
                 -e"ACTION=${ACTION}"
### SCRIPT END


 ansible/roles/ocp4-workload-security-compliance-lab/defaults/main.yml

@@ -1,12 +1,17 @@
---
# PROVIDED BY THE INFRA
# Uncomment and set a value to take effect. Else, will use the defaults
admin_project: ocp-security-workshop
admin_project: ocp-workshop
user_count_start: 1
user_count: 100
num_users: 50
#user_format: user%02d
user_format: user%d
user_password: "openshift"
ocp_bastion: "bastion.{{ guid }}{{ subdomain_base_suffix }}"
ocp_master: "master.{{ guid }}{{ subdomain_base_suffix }}"
ocp_apps_domain: apps.{{ guid }}{{ subdomain_base_suffix }}
ocp_user_needs_quota: "false"
user_count: "{{ num_users }}"

##
# VALUES SPECIFIC TO THIS WORKLOAD

 ansible/roles/ocp4-workload-security-compliance-lab/tasks/main.yml

@@ -1,7 +1,8 @@
---
- set_fact:
    tmp_dir: "/tmp/{{ guid }}"
    user_count_end: "{{ (user_count_start | int) + (user_count | int) - 1 }}"
    user_count_end: "{{ (user_count_start | int) + (num_users | int) - 1 }}"
   

- debug:
    msg: "Using {{tmp_dir}} as temp dir on bastion"
@@ -10,6 +11,7 @@
- debug:
    msg: "Provisioning users from {{user_count_start}} to {{user_count_end}} with format {{user_format}}"


- name: Running Pre Workload Tasks
  import_tasks: ./pre_workload.yml
  become: true

 ansible/roles/ocp4-workload-security-compliance-lab/tasks/per_user.yml

@@ -43,7 +43,7 @@
        - "{{ my_user }}-prod"

    - name: Create docker secret for quay
      command: "{{ openshift_cli }}  create secret docker-registry quay --docker-server=quay-secure-quay-enterprise.apps.cluster-{{ guid }}.{{ guid }}.openshiftworkshop.com --docker-username=admin --docker-password=admin123 -n {{ my_user }}"
      command: "{{ openshift_cli }}  create secret docker-registry quay --docker-server=quay-secure-quay-enterprise.{{ ocp_apps_domain }} --docker-username=admin --docker-password=admin123 -n {{ my_user }}"

    - name: Link secrets to service accounts
      command: "{{ openshift_cli }} secrets link {{ item }} quay -n {{ my_user }}"
@@ -61,13 +61,20 @@
    - name: Allow proper formatting of archived html in jenkins and install plugins
      command: "{{ openshift_cli }} set env dc/jenkins JENKINS_JAVA_OVERRIDES=-Dhudson.model.DirectoryBrowserSupport.CSP= -n {{ my_user }}"

    - name: Populate buildconfig template
      template:
        src: buildconfig.yml.j2
        dest: "{{tmp_dir}}/files/buildconfig.yaml"
        mode: '0644'

    - name: Create build template
      command: "{{ openshift_cli }} create -f {{tmp_dir}}/files/buildconfig.yaml -n {{ my_user }}"
      tags: always
      ignore_errors: true

    - name: Create jenkins pipeline
      command: "{{ openshift_cli }} new-app ecommerce-build-template -p GUID={{ guid }} -p GOGS_USER={{ my_user }} -p SSH_PASSWORD={{ user_password }} -n {{ my_user }}"
      #command: "{{ openshift_cli }} new-app ecommerce-build-template -p GUID={{ guid }} -p GOGS_USER={{ my_user }} -p SSH_PASSWORD={{ user_password }} -n {{ my_user }}"
      command: "{{ openshift_cli }} new-app ecommerce-build-template -p BASTION={{ ocp_bastion }} -p APP_DOMAIN={{ ocp_apps_domain }} -p API_ENDPOINT={{ ocp_master }}:6443 -p GUID={{ guid }} -p GOGS_USER={{ my_user }} -p SSH_PASSWORD={{ admin_password }} -n {{ my_user }}"
      tags: always
      ignore_errors: true

@@ -162,7 +169,7 @@
    - name: create user on bastion for openscap
      user:
        name: "{{ my_user }}"
        password: "{{ user_password | password_hash('sha512') }}"
        password: "{{ admin_password | password_hash('sha512') }}"
        password_lock: no
        state: present
        append: yes

 ansible/roles/ocp4-workload-security-compliance-lab/templates/buildconfig.yml.j2

File was renamed from ansible/roles/ocp4-workload-security-compliance-lab/files/buildconfig.yaml
@@ -24,6 +24,12 @@
  value: master
- description: SSH Password
  name: SSH_PASSWORD
- description: OCP Application domain
  name: APP_DOMAIN
- description: bastion
  name: BASTION
- description: OCP API Endpoint
  name: API_ENDPOINT
objects:
- apiVersion: v1
  kind: BuildConfig
@@ -40,7 +46,7 @@
    runPolicy: Serial
    source:
      git:
        uri:  http://gogs-ocp-workshop.apps.cluster-${GUID}.${GUID}.openshiftworkshop.com/${GOGS_USER}/SecurityDemos.git
        uri:  http://gogs-ocp-workshop.{{ ocp_apps_domain }}/${GOGS_USER}/SecurityDemos.git
        ref: ${GIT_BRANCH}
    strategy:
      jenkinsPipelineStrategy:
@@ -49,13 +55,19 @@
        - name: JENKINS_GIT_BRANCH
          value: ${GIT_BRANCH}
        - name: JENKINS_GIT_URL
          value: http://gogs-ocp-workshop.apps.cluster-${GUID}.${GUID}.openshiftworkshop.com/${GOGS_USER}/SecurityDemos.git
          value: http://gogs-ocp-workshop.{{ ocp_apps_domain }}/${GOGS_USER}/SecurityDemos.git
        - name: JENKINS_GUID
          value: ${GUID}
        - name: JENKINS_GOGS_USER
          value: ${GOGS_USER}
        - name: JENKINS_SSH_PASSWORD
          value: ${SSH_PASSWORD}
        - name: JENKINS_BASTION
          value: ${BASTION}
        - name: JENKINS_APP_DOMAIN
          value: ${APP_DOMAIN}
        - name: JENKINS_OCP_API_ENDPOINT
          value: ${API_ENDPOINT}
    triggers:
    - generic:
        secret: ${GOGS_USER}-ecommerce-pipeline

 ansible/roles/ocp4-workload-security-compliance-lab/templates/daemon.json.j2

@@ -1,3 +1,3 @@
{
  "insecure-registries" : ["image-registry-openshift-image-registry.apps.cluster-{{ guid }}.{{ guid }}.openshiftworkshop.com"]
  "insecure-registries" : ["image-registry-openshift-image-registry.{{ ocp_apps_domain }}"]
}

			@@ -1,21 +1,21 @@
			---
			- src: siamaksade.openshift_common_facts
			name: openshift_commons_facts
			name: siamaksade.openshift_commons_facts

			- src: siamaksade.openshift_sonatype_nexus
			name: openshift_sonatype_nexus
			name: siamaksade.openshift_sonatype_nexus

			- src: siamaksade.openshift_gogs
			name: openshift_gogs
			name: siamaksade.openshift_gogs

			- src: siamaksade.openshift_jenkins
			name: openshift_jenkins
			name: siamaksade.openshift_jenkins

			- src: siamaksade.openshift_workshopper
			name: openshift_workshopper
			name: siamaksade.openshift_workshopper

			- src: siamaksade.openshift_coolstore
			name: openshift_coolstore
			name: siamaksade.openshift_coolstore

			- src: siamaksade.openshift_quay
			name: openshift_quay
			name: siamaksade.openshift_quay

			@@ -10,6 +10,7 @@

			ansible-playbook install_galaxy_roles.yml -e env_type=ocp-workloads


			### SCRIPT START
			GUID=8828
			DOMAIN="cluster-${GUID}.${GUID}.openshiftworkshop.com"
			@@ -42,12 +43,11 @@
			-e"ocp_workload=${WORKLOAD}" \
			-e"guid=${GUID}" \
			-e"ocp_user_needs_quota=true" \
			-e"ocp_master=${MASTER_HOSTNAME}" \
			-e"ocp_apps_domain=${APPS_DOMAIN}" \
			-e"admin_project=${WORKSHOP_PROJECT}" \
			-e"user_count=${NUM_USERS}" \
			-e"num_users=${NUM_USERS}" \
			-e"user_password=${USER_PASSWORD}" \
			-e"gogs_password=${GOGS_PASSWORD}" \
			-e"subdomain_base_suffix=${DOMAIN}"
			-e"ACTION=${ACTION}"
			### SCRIPT END

			@@ -1,12 +1,17 @@
			---
			# PROVIDED BY THE INFRA
			# Uncomment and set a value to take effect. Else, will use the defaults
			admin_project: ocp-security-workshop
			admin_project: ocp-workshop
			user_count_start: 1
			user_count: 100
			num_users: 50
			#user_format: user%02d
			user_format: user%d
			user_password: "openshift"
			ocp_bastion: "bastion.{{ guid }}{{ subdomain_base_suffix }}"
			ocp_master: "master.{{ guid }}{{ subdomain_base_suffix }}"
			ocp_apps_domain: apps.{{ guid }}{{ subdomain_base_suffix }}
			ocp_user_needs_quota: "false"
			user_count: "{{ num_users }}"

			##
			# VALUES SPECIFIC TO THIS WORKLOAD

			@@ -1,7 +1,8 @@
			---
			- set_fact:
			tmp_dir: "/tmp/{{ guid }}"
			user_count_end: "{{ (user_count_start \| int) + (user_count \| int) - 1 }}"
			user_count_end: "{{ (user_count_start \| int) + (num_users \| int) - 1 }}"


			- debug:
			msg: "Using {{tmp_dir}} as temp dir on bastion"
			@@ -10,6 +11,7 @@
			- debug:
			msg: "Provisioning users from {{user_count_start}} to {{user_count_end}} with format {{user_format}}"


			- name: Running Pre Workload Tasks
			import_tasks: ./pre_workload.yml
			become: true

			@@ -43,7 +43,7 @@
			- "{{ my_user }}-prod"

			- name: Create docker secret for quay
			command: "{{ openshift_cli }} create secret docker-registry quay --docker-server=quay-secure-quay-enterprise.apps.cluster-{{ guid }}.{{ guid }}.openshiftworkshop.com --docker-username=admin --docker-password=admin123 -n {{ my_user }}"
			command: "{{ openshift_cli }} create secret docker-registry quay --docker-server=quay-secure-quay-enterprise.{{ ocp_apps_domain }} --docker-username=admin --docker-password=admin123 -n {{ my_user }}"

			- name: Link secrets to service accounts
			command: "{{ openshift_cli }} secrets link {{ item }} quay -n {{ my_user }}"
			@@ -61,13 +61,20 @@
			- name: Allow proper formatting of archived html in jenkins and install plugins
			command: "{{ openshift_cli }} set env dc/jenkins JENKINS_JAVA_OVERRIDES=-Dhudson.model.DirectoryBrowserSupport.CSP= -n {{ my_user }}"

			- name: Populate buildconfig template
			template:
			src: buildconfig.yml.j2
			dest: "{{tmp_dir}}/files/buildconfig.yaml"
			mode: '0644'

			- name: Create build template
			command: "{{ openshift_cli }} create -f {{tmp_dir}}/files/buildconfig.yaml -n {{ my_user }}"
			tags: always
			ignore_errors: true

			- name: Create jenkins pipeline
			command: "{{ openshift_cli }} new-app ecommerce-build-template -p GUID={{ guid }} -p GOGS_USER={{ my_user }} -p SSH_PASSWORD={{ user_password }} -n {{ my_user }}"
			#command: "{{ openshift_cli }} new-app ecommerce-build-template -p GUID={{ guid }} -p GOGS_USER={{ my_user }} -p SSH_PASSWORD={{ user_password }} -n {{ my_user }}"
			command: "{{ openshift_cli }} new-app ecommerce-build-template -p BASTION={{ ocp_bastion }} -p APP_DOMAIN={{ ocp_apps_domain }} -p API_ENDPOINT={{ ocp_master }}:6443 -p GUID={{ guid }} -p GOGS_USER={{ my_user }} -p SSH_PASSWORD={{ admin_password }} -n {{ my_user }}"
			tags: always
			ignore_errors: true

			@@ -162,7 +169,7 @@
			- name: create user on bastion for openscap
			user:
			name: "{{ my_user }}"
			password: "{{ user_password \| password_hash('sha512') }}"
			password: "{{ admin_password \| password_hash('sha512') }}"
			password_lock: no
			state: present
			append: yes

File was renamed from ansible/roles/ocp4-workload-security-compliance-lab/files/buildconfig.yaml
			@@ -24,6 +24,12 @@
			value: master
			- description: SSH Password
			name: SSH_PASSWORD
			- description: OCP Application domain
			name: APP_DOMAIN
			- description: bastion
			name: BASTION
			- description: OCP API Endpoint
			name: API_ENDPOINT
			objects:
			- apiVersion: v1
			kind: BuildConfig
			@@ -40,7 +46,7 @@
			runPolicy: Serial
			source:
			git:
			uri: http://gogs-ocp-workshop.apps.cluster-${GUID}.${GUID}.openshiftworkshop.com/${GOGS_USER}/SecurityDemos.git
			uri: http://gogs-ocp-workshop.{{ ocp_apps_domain }}/${GOGS_USER}/SecurityDemos.git
			ref: ${GIT_BRANCH}
			strategy:
			jenkinsPipelineStrategy:
			@@ -49,13 +55,19 @@
			- name: JENKINS_GIT_BRANCH
			value: ${GIT_BRANCH}
			- name: JENKINS_GIT_URL
			value: http://gogs-ocp-workshop.apps.cluster-${GUID}.${GUID}.openshiftworkshop.com/${GOGS_USER}/SecurityDemos.git
			value: http://gogs-ocp-workshop.{{ ocp_apps_domain }}/${GOGS_USER}/SecurityDemos.git
			- name: JENKINS_GUID
			value: ${GUID}
			- name: JENKINS_GOGS_USER
			value: ${GOGS_USER}
			- name: JENKINS_SSH_PASSWORD
			value: ${SSH_PASSWORD}
			- name: JENKINS_BASTION
			value: ${BASTION}
			- name: JENKINS_APP_DOMAIN
			value: ${APP_DOMAIN}
			- name: JENKINS_OCP_API_ENDPOINT
			value: ${API_ENDPOINT}
			triggers:
			- generic:
			secret: ${GOGS_USER}-ecommerce-pipeline

			@@ -1,3 +1,3 @@
			{
			"insecure-registries" : ["image-registry-openshift-image-registry.apps.cluster-{{ guid }}.{{ guid }}.openshiftworkshop.com"]
			"insecure-registries" : ["image-registry-openshift-image-registry.{{ ocp_apps_domain }}"]
			}