ansible/roles/ocp-workload-iot-demo/defaults/main.yml
New file @@ -0,0 +1,30 @@ --- ocp_username: ccustine-redhat.com ocp_user_needs_quota: True ocp_user_groups: - OPENTLC-PROJECT-PROVISIONERS quota_requests_cpu: 5 quota_limits_cpu: 10 quota_requests_memory: '10Gi' quota_limits_memory: '20Gi' quota_configmaps: 4 quota_pods: 20 quota_persistentvolumeclaims: 5 quota_services: 15 quota_secrets: 30 quota_requests_storage: 5Gi openssl_self_signed: - name: 'apps.iiot-demo.rhiot.org' domains: ['*.apps.iiot-demo.rhiot.org', 'apps.iiot-demo.rhiot.org'] country: 'US' state: 'NC' city: 'Raleigh' organization: 'Red Hat' unit: 'IoT' email: 'ccustine@redhat.com' days: 3650 ansible/roles/ocp-workload-iot-demo/description.html
New file @@ -0,0 +1,16 @@ <h1>Industry 4.0 IoT demo</h1> <p><i>Industry 4.0 IoT Demo,</i> Showcasing the Red Hat, Eurotech, and Cloudera partnership and the IoT products that are available.</p> <p>Products and Projects:</p> <ul> <li>OpenShift Container Platform</li> <li>Eurotech Everyware Cloud (EC)<br/>As well as Everyware Software Framework (ESF)</li> <li>Cloudera Data Hub (CDH)</li> </ul> <p> This demo will create an entire working IoT environment</p> <b>Provisioning Time:</b> ~5 min <br> <br> <p><b>Need support?</b><br>Contact <a href="mailto:rhpds-admins@redhat.com">rhpds-admins@redhat.com</a></p> ansible/roles/ocp-workload-iot-demo/files/api.yml
New file @@ -0,0 +1,196 @@ --- kind: Template apiVersion: v1 metadata: name: ec-api annotations: openshift.io/display-name: Everyware Cloud API description: Everyware Cloud API service. iconClass: icon-ec tags: ec,api template.openshift.io/long-description: This template provides a standalone API server. template.openshift.io/provider-display-name: Eurotech S.p.A. template.openshift.io/support-url: https://support.eurotech.com message: "The following service(s) have been created in your project: ${EC_SERVICE_NAME}." labels: template: ec-api-template objects: - kind: Service apiVersion: v1 metadata: name: "${EC_SERVICE_NAME}" spec: ports: - name: "${EC_SERVICE_NAME}" protocol: TCP port: 8080 targetPort: 8080 selector: app: "${EC_SERVICE_NAME}" deploymentconfig: "${EC_SERVICE_NAME}" - apiVersion: v1 kind: Route metadata: annotations: openshift.io/host.generated: "true" creationTimestamp: null labels: template: ${EC_SERVICE_NAME}-template name: ${EC_SERVICE_NAME} spec: port: targetPort: ${EC_SERVICE_NAME} to: kind: Service name: ${EC_SERVICE_NAME} weight: 100 wildcardPolicy: None - apiVersion: v1 kind: DeploymentConfig metadata: generation: 1 labels: app: "${EC_SERVICE_NAME}" name: "${EC_SERVICE_NAME}" spec: replicas: 1 strategy: type: Recreate selector: app: "${EC_SERVICE_NAME}" deploymentconfig: "${EC_SERVICE_NAME}" template: metadata: labels: app: "${EC_SERVICE_NAME}" deploymentconfig: "${EC_SERVICE_NAME}" spec: imagePullSecrets: - name: redhat-iot-rhpds-pull-secret containers: - env: - name: DB_NAME valueFrom: secretKeyRef: name: "${EC_SECRET_DB}" key: name - name: DB_USERNAME valueFrom: secretKeyRef: name: "${EC_SECRET_DB}" key: username - name: DB_PASSWORD valueFrom: secretKeyRef: name: "${EC_SECRET_DB}" key: password - name: JAVA_OPTS value: -Xmx1G -Dcommons.db.connection.host=$MARIADB_SERVICE_HOST -Dcommons.db.connection.port=$MARIADB_SERVICE_PORT -Dcommons.db.jdbcConnectionUrlResolver=${DB_RESOLVER} -Dcommons.db.jdbc.driver=${DB_DRIVER} -Dcommons.db.connection.scheme=${DB_CONNECTION_SCHEME} -Dcommons.db.schema=${DB_SCHEMA_NAME} -Dcommons.db.schema.update=${DB_SCHEMA_UPDATE} -Dcommons.db.name=${DB_NAME} -Dcommons.db.username=${DB_USERNAME} -Dcommons.db.password=${DB_PASSWORD} -Dbroker.host=$EC_BROKER_MQTT_PORT_1883_TCP_ADDR -Ddatastore.elasticsearch.nodes=$ELASTICSEARCH_PORT_9200_TCP_ADDR -Ddatastore.elasticsearch.port=$ELASTICSEARCH_PORT_9200_TCP_PORT -Dcertificate.jwt.private.key=file:///tmp/key.pk8 -Dcertificate.jwt.certificate=file:///tmp/cert.pem -Dkapua.config.dir=/etc/opt/ec/defaults ${JAVA_OPTS_EXTRA} image: "quay.io/redhat-iot/${EC_SERVICE_NAME}:${IMAGE_VERSION}" imagePullPolicy: IfNotPresent name: "${EC_SERVICE_NAME}" ports: - containerPort: 8080 readinessProbe: httpGet: path: / port: 8080 initialDelaySeconds: 180 timeoutSeconds: 5 failureThreshold: 5 periodSeconds: 10 livenessProbe: timeoutSeconds: 5 initialDelaySeconds: 120 httpGet: path: / port: 8080 resources: limits: memory: "${MEMORY_LIMIT}" securityContext: runAsUser: 1000 restartPolicy: Always terminationGracePeriodSeconds: 30 securityContext: runAsUser: 1000 parameters: - name: IMAGE_VERSION description: The version of the image to use value: latest - name: MEMORY_LIMIT displayName: Memory Limit description: Maximum amount of memory the container can use. value: 2Gi required: true - name: NAMESPACE displayName: Namespace description: The OpenShift Namespace where the ImageStream resides. value: ec - name: EC_SERVICE_NAME displayName: EC api Service Name description: The name of the OpenShift Service. value: ec-api required: true # - name: BROKER_HOST # description: Address of the broker service # value: ec-broker.ec.svc.cluster.local # required: true # - name: STORAGE_HOST # description: Address of the storage service # value: elasticsearch.ec.svc.cluster.local # required: true # - name: STORAGE_PORT # description: Port of the storage service # value: "9200" # required: true # - name: DB_HOST # description: Address of the DB # value: mariadb.ec.svc.cluster.local # required: true # - name: DB_PORT # description: The version of the image to use # value: "3306" # required: true - name: DB_SCHEMA_NAME description: Automatically update DB schema value: "ecdb" required: true - name: DB_SCHEMA_UPDATE description: Automatically update DB schema value: "true" required: true - name: DB_RESOLVER description: JDBC connection URL resolver value: MariaDB required: true - name: DB_DRIVER description: JDBC driver value: org.mariadb.jdbc.Driver required: true - name: DB_CONNECTION_SCHEME description: JDBC connection scheme value: jdbc:mariadb required: true - name: EC_SECRET_DB description: Name of the secret containing DB credentials value: "ec-db" required: true ansible/roles/ocp-workload-iot-demo/files/broker.yml
New file @@ -0,0 +1,284 @@ --- kind: Template apiVersion: v1 metadata: name: ec-broker annotations: openshift.io/display-name: Everyware Cloud Broker description: Everyware Cloud Broker service. iconClass: icon-ec tags: ec,broker template.openshift.io/long-description: This template provides a standalone Broker server. template.openshift.io/provider-display-name: Eurotech S.p.A. template.openshift.io/support-url: https://support.eurotech.com message: "The following service(s) have been created in your project: ${EC_SERVICE_NAME}." labels: template: ec-broker-template objects: - kind: Service apiVersion: v1 metadata: name: "${EC_SERVICE_NAME}-mqtt" spec: ports: - name: "${EC_SERVICE_NAME}-mqtt" protocol: TCP port: 1883 nodePort: "${MQTT_NODE_PORT}" type: NodePort selector: app: "${EC_SERVICE_NAME}" - kind: Service apiVersion: v1 metadata: name: "${EC_SERVICE_NAME}-mqtts" spec: ports: - name: "${EC_SERVICE_NAME}-mqtts" protocol: TCP port: 8883 nodePort: "${MQTTS_NODE_PORT}" type: NodePort selector: app: "${EC_SERVICE_NAME}" - kind: Service apiVersion: v1 metadata: name: "${EC_SERVICE_NAME}-ws" spec: ports: - name: "${EC_SERVICE_NAME}-ws" protocol: TCP port: 61614 targetPort: 61614 selector: app: "${EC_SERVICE_NAME}" - apiVersion: v1 kind: Route metadata: annotations: openshift.io/host.generated: "true" creationTimestamp: null labels: template: ${EC_SERVICE_NAME}-template name: ${EC_SERVICE_NAME}-mqtt spec: port: targetPort: ${EC_SERVICE_NAME}-mqtt to: kind: Service name: ${EC_SERVICE_NAME}-mqtt weight: 100 wildcardPolicy: None - apiVersion: v1 kind: Route metadata: annotations: openshift.io/host.generated: "true" creationTimestamp: null labels: template: ${EC_SERVICE_NAME}-template name: ${EC_SERVICE_NAME}-ws spec: port: targetPort: ${EC_SERVICE_NAME}-ws to: kind: Service name: ${EC_SERVICE_NAME}-ws weight: 100 wildcardPolicy: None - apiVersion: v1 kind: Route metadata: annotations: openshift.io/host.generated: "true" creationTimestamp: null labels: template: ${EC_SERVICE_NAME}-template name: ${EC_SERVICE_NAME}-mqtts spec: port: targetPort: ${EC_SERVICE_NAME}-mqtts to: kind: Service name: ${EC_SERVICE_NAME}-mqtts weight: 100 wildcardPolicy: None - apiVersion: v1 kind: DeploymentConfig metadata: labels: app: "${EC_SERVICE_NAME}" name: "${EC_SERVICE_NAME}" spec: replicas: 1 strategy: type: Recreate selector: app: "${EC_SERVICE_NAME}" deploymentconfig: "${EC_SERVICE_NAME}" template: metadata: labels: app: "${EC_SERVICE_NAME}" deploymentconfig: "${EC_SERVICE_NAME}" spec: imagePullSecrets: - name: redhat-iot-rhpds-pull-secret containers: - env: - name: DB_NAME valueFrom: secretKeyRef: name: "${EC_SECRET_DB}" key: name - name: DB_USERNAME valueFrom: secretKeyRef: name: "${EC_SECRET_DB}" key: username - name: DB_PASSWORD valueFrom: secretKeyRef: name: "${EC_SECRET_DB}" key: password - name: EC_CRT valueFrom: secretKeyRef: name: "${EC_SECRET_CRT}" key: crt - name: EC_CA valueFrom: secretKeyRef: name: "${EC_SECRET_CRT}" key: ca - name: EC_KEY valueFrom: secretKeyRef: name: "${EC_SECRET_CRT}" key: key - name: DISABLE_SSL value: "${DISABLE_SSL}" - name: ACTIVEMQ_OPTS value: -Xmx1G -Dcommons.db.connection.host=$MARIADB_SERVICE_HOST -Dcommons.db.connection.port=$MARIADB_SERVICE_PORT -Dcommons.db.jdbcConnectionUrlResolver=${DB_RESOLVER} -Dcommons.db.jdbc.driver=${DB_DRIVER} -Dcommons.db.connection.scheme=${DB_CONNECTION_SCHEME} -Dcommons.db.schema=${DB_SCHEMA_NAME} -Dcommons.db.schema.update=${DB_SCHEMA_UPDATE} -Dcommons.db.name=${DB_NAME} -Dcommons.db.username=${DB_USERNAME} -Dcommons.db.password=${DB_PASSWORD} -Ddatastore.elasticsearch.nodes=$ELASTICSEARCH_PORT_9200_TCP_ADDR -Ddatastore.elasticsearch.port=$ELASTICSEARCH_PORT_9200_TCP_PORT -Dcertificate.jwt.private.key=file:///tmp/key.pk8 -Dcertificate.jwt.certificate=file:///tmp/cert.pem -Dkapua.config.dir=/etc/opt/ec/defaults ${JAVA_OPTS_EXTRA} image: "quay.io/redhat-iot/${EC_SERVICE_NAME}:${IMAGE_VERSION}" imagePullPolicy: IfNotPresent name: "${EC_SERVICE_NAME}" ports: - containerPort: 1883 - containerPort: 8883 - containerPort: 61614 readinessProbe: failureThreshold: 3 initialDelaySeconds: 15 periodSeconds: 10 successThreshold: 1 tcpSocket: port: 1883 timeoutSeconds: 1 resources: limits: memory: 2G securityContext: runAsUser: 185 volumeMounts: - mountPath: /opt/amq/data name: ec-broker-volume-1 restartPolicy: Always terminationGracePeriodSeconds: 30 volumes: - name: ec-broker-volume-1 emptyDir: {} # imagePullSecrets: # - name: eurotechreg parameters: - name: IMAGE_VERSION description: The version of the image to use value: latest - name: MEMORY_LIMIT displayName: Memory Limit description: Maximum amount of memory the container can use. value: 2Gi required: true - name: NAMESPACE displayName: Namespace description: The OpenShift Namespace where the ImageStream resides. value: ec - name: EC_SERVICE_NAME displayName: EC api Service Name description: The name of the OpenShift Service. value: ec-broker required: true # - name: STORAGE_HOST # description: Address of the storage service # value: elasticsearch.ec.svc.cluster.local # required: true # - name: STORAGE_PORT # description: Port of the storage service # value: "9200" # required: true # - name: DB_HOST # description: Address of the DB # value: mariadb.ec.svc.cluster.local # required: true # - name: DB_PORT # description: The version of the image to use # value: "3306" # required: true - name: DB_SCHEMA_NAME description: Automatically update DB schema value: "ecdb" required: true - name: DB_SCHEMA_UPDATE description: Automatically update DB schema value: "true" required: true - name: DB_RESOLVER description: JDBC connection URL resolver value: MariaDB required: true - name: DB_DRIVER description: JDBC driver value: org.mariadb.jdbc.Driver required: true - name: DB_CONNECTION_SCHEME description: JDBC connection scheme value: jdbc:mariadb required: true - name: MQTT_NODE_PORT description: Service node port for MQTT value: "31883" required: true - name: MQTTS_NODE_PORT description: Service node port for MQTTS value: "31993" required: true - name: DISABLE_SSL description: Name of the secret containing DB credentials value: "false" required: true - name: EC_SECRET_DB description: Name of the secret containing DB credentials value: "ec-db" required: true - name: EC_SECRET_CRT description: Name of the secret containing certificates value: "ec-crt" required: true ansible/roles/ocp-workload-iot-demo/files/console.yml
New file @@ -0,0 +1,204 @@ --- kind: Template apiVersion: v1 metadata: name: ec-console annotations: openshift.io/display-name: Everyware Cloud Console description: Everyware Cloud Console service. iconClass: icon-ec tags: ec,console template.openshift.io/long-description: This template provides a standalone Console server. template.openshift.io/provider-display-name: Eurotech S.p.A. template.openshift.io/support-url: https://support.eurotech.com message: "The following service(s) have been created in your project: ${EC_SERVICE_NAME}." labels: template: ec-console-template objects: - kind: Service apiVersion: v1 metadata: name: "${EC_SERVICE_NAME}" spec: ports: - name: "${EC_SERVICE_NAME}" protocol: TCP port: 8080 targetPort: 8080 selector: app: "${EC_SERVICE_NAME}" deploymentconfig: "${EC_SERVICE_NAME}" - apiVersion: v1 kind: Route metadata: annotations: openshift.io/host.generated: "true" creationTimestamp: null labels: template: ${EC_SERVICE_NAME}-template name: ${EC_SERVICE_NAME} spec: # host: ${EC_SERVICE_NAME}-${NAMESPACE}.apps.iot-dev.openshift.opentlc.com port: targetPort: ${EC_SERVICE_NAME} to: kind: Service name: ${EC_SERVICE_NAME} weight: 100 wildcardPolicy: None # status: # ingress: # - conditions: # - lastTransitionTime: 2018-06-21T14:32:36Z # status: "True" # type: Admitted # host: ec-console-iot-demo-1234.apps.iot-dev.openshift.opentlc.com # routerName: router # wildcardPolicy: None - apiVersion: v1 kind: DeploymentConfig metadata: generation: 1 labels: app: "${EC_SERVICE_NAME}" name: "${EC_SERVICE_NAME}" spec: replicas: 1 strategy: type: Recreate selector: app: "${EC_SERVICE_NAME}" deploymentconfig: "${EC_SERVICE_NAME}" template: metadata: labels: app: "${EC_SERVICE_NAME}" deploymentconfig: "${EC_SERVICE_NAME}" spec: imagePullSecrets: - name: redhat-iot-rhpds-pull-secret containers: - env: - name: DB_NAME valueFrom: secretKeyRef: name: "${EC_SECRET_DB}" key: name - name: DB_USERNAME valueFrom: secretKeyRef: name: "${EC_SECRET_DB}" key: username - name: DB_PASSWORD valueFrom: secretKeyRef: name: "${EC_SECRET_DB}" key: password - name: JAVA_OPTS value: -Xmx1G -Dcommons.db.connection.host=$MARIADB_SERVICE_HOST -Dcommons.db.connection.port=$MARIADB_SERVICE_PORT -Dcommons.db.jdbcConnectionUrlResolver=${DB_RESOLVER} -Dcommons.db.jdbc.driver=${DB_DRIVER} -Dcommons.db.connection.scheme=${DB_CONNECTION_SCHEME} -Dcommons.db.schema=${DB_SCHEMA_NAME} -Dcommons.db.schema.update=${DB_SCHEMA_UPDATE} -Dcommons.db.name=${DB_NAME} -Dcommons.db.username=${DB_USERNAME} -Dcommons.db.password=${DB_PASSWORD} -Dbroker.host=$EC_BROKER_MQTT_PORT_1883_TCP_ADDR -Ddatastore.elasticsearch.nodes=$ELASTICSEARCH_PORT_9200_TCP_ADDR -Ddatastore.elasticsearch.port=$ELASTICSEARCH_PORT_9200_TCP_PORT -Dcertificate.jwt.private.key=file:///tmp/key.pk8 -Dcertificate.jwt.certificate=file:///tmp/cert.pem -Dkapua.config.dir=/etc/opt/ec/defaults ${JAVA_OPTS_EXTRA} image: "quay.io/redhat-iot/${EC_SERVICE_NAME}:${IMAGE_VERSION}" imagePullPolicy: IfNotPresent name: "${EC_SERVICE_NAME}" ports: - containerPort: 8080 readinessProbe: httpGet: path: / port: 8080 initialDelaySeconds: 180 timeoutSeconds: 5 failureThreshold: 5 periodSeconds: 10 livenessProbe: timeoutSeconds: 5 initialDelaySeconds: 120 httpGet: path: / port: 8080 resources: limits: memory: "${MEMORY_LIMIT}" restartPolicy: Always terminationGracePeriodSeconds: 30 securityContext: runAsUser: 1000 parameters: - name: IMAGE_VERSION description: The version of the image to use value: latest - name: MEMORY_LIMIT displayName: Memory Limit description: Maximum amount of memory the container can use. value: 2Gi required: true - name: NAMESPACE displayName: Namespace description: The OpenShift Namespace where the ImageStream resides. value: ec - name: EC_SERVICE_NAME displayName: EC api Service Name description: The name of the OpenShift Service. value: ec-console required: true # - name: BROKER_HOST # description: Address of the broker service # value: ec-broker.ec.svc.cluster.local # required: true # - name: STORAGE_HOST # description: Address of the storage service # value: elasticsearch.ec.svc.cluster.local # required: true # - name: STORAGE_PORT # description: Port of the storage service # value: "9200" # required: true # - name: DB_HOST # description: Address of the DB # value: mariadb.ec.svc.cluster.local # required: true # - name: DB_PORT # description: The version of the image to use # value: "3306" # required: true - name: DB_SCHEMA_NAME description: Automatically update DB schema value: "ecdb" required: true - name: DB_SCHEMA_UPDATE description: Automatically update DB schema value: "true" required: true - name: DB_RESOLVER description: JDBC connection URL resolver value: MariaDB required: true - name: DB_DRIVER description: JDBC driver value: org.mariadb.jdbc.Driver required: true - name: DB_CONNECTION_SCHEME description: JDBC connection scheme value: jdbc:mariadb required: true - name: EC_SECRET_DB description: Name of the secret containing DB credentials value: "ec-db" required: true ansible/roles/ocp-workload-iot-demo/files/mariadb.yaml
New file @@ -0,0 +1,217 @@ apiVersion: template.openshift.io/v1 kind: Template labels: template: mariadb-persistent-template message: >- The following service(s) have been created in your project: ${DATABASE_SERVICE_NAME}. Username: ${MYSQL_USER} Password: ${MYSQL_PASSWORD} Database Name: ${MYSQL_DATABASE} Connection URL: mysql://${DATABASE_SERVICE_NAME}:3306/ For more information about using this template, including OpenShift considerations, see https://github.com/sclorg/mariadb-container/blob/master/10.2/root/usr/share/container-scripts/mysql/README.md. metadata: annotations: description: >- MariaDB database service, with persistent storage. For more information about using this template, including OpenShift considerations, see https://github.com/sclorg/mariadb-container/blob/master/10.2/root/usr/share/container-scripts/mysql/README.md. NOTE: Scaling to more than one replica is not supported. You must have persistent volumes available in your cluster to use this template. iconClass: icon-mariadb openshift.io/display-name: MariaDB openshift.io/documentation-url: >- https://github.com/sclorg/mariadb-container/blob/master/10.2/root/usr/share/container-scripts/mysql/README.md openshift.io/long-description: >- This template provides a standalone MariaDB server with a database created. The database is stored on persistent storage. The database name, username, and password are chosen via parameters when provisioning this service. openshift.io/provider-display-name: 'Red Hat, Inc.' openshift.io/support-url: 'https://access.redhat.com' tags: 'database,mariadb' # creationTimestamp: '2018-04-10T02:21:57Z' # name: mariadb-persistent # namespace: openshift # resourceVersion: '825' # selfLink: >- # /apis/template.openshift.io/v1/namespaces/openshift/templates/mariadb-persistent # uid: f1bac9c6-3c65-11e8-9f2c-80ee739e2757 objects: - apiVersion: v1 kind: Secret metadata: annotations: template.openshift.io/expose-database_name: '{.data[''database-name'']}' template.openshift.io/expose-password: '{.data[''database-password'']}' template.openshift.io/expose-root_password: '{.data[''database-root-password'']}' template.openshift.io/expose-username: '{.data[''database-user'']}' name: '${DATABASE_SERVICE_NAME}' stringData: database-name: '${MYSQL_DATABASE}' database-password: '${MYSQL_PASSWORD}' database-root-password: '${MYSQL_ROOT_PASSWORD}' database-user: '${MYSQL_USER}' - apiVersion: v1 kind: Service metadata: annotations: template.openshift.io/expose-uri: 'mysql://{.spec.clusterIP}:{.spec.ports[?(.name=="mariadb")].port}' name: '${DATABASE_SERVICE_NAME}' spec: ports: - name: mariadb port: 3306 selector: name: '${DATABASE_SERVICE_NAME}' - apiVersion: v1 kind: PersistentVolumeClaim metadata: name: '${DATABASE_SERVICE_NAME}' spec: accessModes: - ReadWriteOnce resources: requests: storage: '${VOLUME_CAPACITY}' - apiVersion: v1 kind: DeploymentConfig metadata: annotations: template.alpha.openshift.io/wait-for-ready: 'true' name: '${DATABASE_SERVICE_NAME}' spec: replicas: 1 selector: name: '${DATABASE_SERVICE_NAME}' strategy: type: Recreate template: metadata: labels: name: '${DATABASE_SERVICE_NAME}' spec: containers: - env: - name: MYSQL_USER valueFrom: secretKeyRef: key: database-user name: '${DATABASE_SERVICE_NAME}' - name: MYSQL_PASSWORD valueFrom: secretKeyRef: key: database-password name: '${DATABASE_SERVICE_NAME}' - name: MYSQL_ROOT_PASSWORD valueFrom: secretKeyRef: key: database-root-password name: '${DATABASE_SERVICE_NAME}' - name: MYSQL_DATABASE valueFrom: secretKeyRef: key: database-name name: '${DATABASE_SERVICE_NAME}' image: ' ' imagePullPolicy: IfNotPresent livenessProbe: initialDelaySeconds: 30 tcpSocket: port: 3306 timeoutSeconds: 1 name: mariadb ports: - containerPort: 3306 # readinessProbe: # exec: # command: # - /bin/sh # - '-i' # - '-c' # - >- # MYSQL_PWD="$MYSQL_PASSWORD" mysql -h 127.0.0.1 -u # $MYSQL_USER -D $MYSQL_DATABASE -e 'SELECT 1' # initialDelaySeconds: 5 # timeoutSeconds: 1 resources: limits: memory: '${MEMORY_LIMIT}' volumeMounts: - mountPath: /var/lib/mysql/data name: '${DATABASE_SERVICE_NAME}-data' volumes: - name: '${DATABASE_SERVICE_NAME}-data' persistentVolumeClaim: claimName: '${DATABASE_SERVICE_NAME}' triggers: - imageChangeParams: automatic: true containerNames: - mariadb from: kind: ImageStreamTag name: 'mariadb:${MARIADB_VERSION}' namespace: '${NAMESPACE}' type: ImageChange - type: ConfigChange # Parameters listed here: https://docs.openshift.com/container-platform/3.9/using_images/db_images/mariadb.html#mariadb-environment_variables parameters: - description: Maximum amount of memory the container can use. displayName: Memory Limit name: MEMORY_LIMIT required: true value: 512Mi - description: The OpenShift Namespace where the ImageStream resides. displayName: Namespace name: NAMESPACE value: openshift - description: The name of the OpenShift Service exposed for the database. displayName: Database Service Name name: DATABASE_SERVICE_NAME required: true value: mariadb - description: Username for MariaDB user that will be used for accessing the database. displayName: MariaDB Connection Username from: 'user[A-Z0-9]{3}' generate: expression name: MYSQL_USER required: true - description: Password for the MariaDB connection user. displayName: MariaDB Connection Password from: '[a-zA-Z0-9]{16}' generate: expression name: MYSQL_PASSWORD required: true - description: Password for the MariaDB root user. displayName: MariaDB root Password from: '[a-zA-Z0-9]{16}' generate: expression name: MYSQL_ROOT_PASSWORD required: true - description: Name of the MariaDB database accessed. displayName: MariaDB Database Name name: MYSQL_DATABASE required: true value: sampledb - description: 'Version of MariaDB image to be used (10.0, 10.1, 10.2 or latest).' displayName: Version of MariaDB Image name: MARIADB_VERSION required: true value: '10.2' - description: 'Volume space available for data, e.g. 512Mi, 2Gi.' displayName: Volume Capacity name: VOLUME_CAPACITY required: true value: 1Gi - description: 'Sets how the table names are stored and compared.' displayName: Mysql Lower Case Table Names (0 or 1) name: MYSQL_LOWER_CASE_TABLE_NAMES required: false value: '0' ansible/roles/ocp-workload-iot-demo/files/redhat-iot-rhpds-secret.yml
New file @@ -0,0 +1,7 @@ apiVersion: v1 kind: Secret metadata: name: redhat-iot-rhpds-pull-secret data: .dockerconfigjson: ewogICJhdXRocyI6IHsKICAgICJxdWF5LmlvIjogewogICAgICAiYXV0aCI6ICJjbVZrYUdGMExXbHZkQ3R5YUhCa2N6cElUVWREV0ZsWFMwUTVNVXRGTjFwSVFUQlRVa0pVTkV0V1MweFhUREJTVVROTVJFaFFNRlpDU0ZSUlFVTktRbFJQU1ZJek1WZEdPVGd3TmsweFUweEUiLAogICAgICAiZW1haWwiOiAiIgogICAgfQogIH0KfQ== type: kubernetes.io/dockerconfigjson ansible/roles/ocp-workload-iot-demo/files/vpn.yml
New file @@ -0,0 +1,193 @@ --- kind: Template apiVersion: v1 metadata: name: ec-vpn annotations: openshift.io/display-name: Everyware Cloud VPN Service description: Everyware Cloud VPN service. iconClass: icon-ec tags: ec,vpn template.openshift.io/long-description: This template provides a standalone VPN server. template.openshift.io/provider-display-name: Eurotech S.p.A. template.openshift.io/support-url: https://support.eurotech.com message: "The following service(s) have been created in your project: ${EC_SERVICE_NAME}." labels: template: ec-vpn-template objects: - kind: Service apiVersion: v1 metadata: name: "${EC_SERVICE_NAME}" spec: ports: - name: "${EC_SERVICE_NAME}" protocol: UDP port: 1194 nodePort: "${SERVICE_NODE_PORT}" type: NodePort selector: app: "${EC_SERVICE_NAME}" deploymentconfig: "${EC_SERVICE_NAME}" - apiVersion: v1 kind: DeploymentConfig metadata: generation: 1 labels: app: ${EC_SERVICE_NAME} name: ${EC_SERVICE_NAME} spec: replicas: 1 strategy: type: Recreate triggers: - type: ImageChange imageChangeParams: automatic: true containerNames: - "${EC_SERVICE_NAME}" from: kind: ImageStreamTag name: "${EC_SERVICE_NAME}:${IMAGE_VERSION}" namespace: "${NAMESPACE}" - type: ConfigChange selector: app: "${EC_SERVICE_NAME}" deploymentconfig: "${EC_SERVICE_NAME}" template: metadata: labels: app: "${EC_SERVICE_NAME}" deploymentconfig: "${EC_SERVICE_NAME}" spec: containers: - env: - name: DB_NAME valueFrom: secretKeyRef: name: "${EC_SECRET_DB}" key: name - name: DB_USERNAME valueFrom: secretKeyRef: name: "${EC_SECRET_DB}" key: username - name: DB_PASSWORD valueFrom: secretKeyRef: name: "${EC_SECRET_DB}" key: password - name: EC_CRT valueFrom: secretKeyRef: name: "${EC_SECRET_CRT}" key: crt - name: EC_CA valueFrom: secretKeyRef: name: "${EC_SECRET_CRT}" key: ca - name: EC_KEY valueFrom: secretKeyRef: name: "${EC_SECRET_CRT}" key: key - name: JAVA_OPTS value: -Xmx1G -Dcommons.db.connection.host=$MARIADB_101_RHEL7_PORT_3306_TCP_ADDR -Dcommons.db.connection.port=$MARIADB_101_RHEL7_PORT_3306_TCP_PORT -Dcommons.db.jdbcConnectionUrlResolver=${DB_RESOLVER} -Dcommons.db.jdbc.driver=${DB_DRIVER} -Dcommons.db.connection.scheme=${DB_CONNECTION_SCHEME} -Dcommons.db.schema=${DB_SCHEMA_NAME} -Dcommons.db.schema.update=${DB_SCHEMA_UPDATE} -Dcommons.db.name=${DB_NAME} -Dcommons.db.username=${DB_USERNAME} -Dcommons.db.password=${DB_PASSWORD} -Dcertificate.jwt.private.key=file:///tmp/key.pk8 -Dcertificate.jwt.certificate=file:///tmp/cert.pem -Dkapua.config.dir=/etc/opt/ec/defaults ${JAVA_OPTS_EXTRA} image: "${EC_SERVICE_NAME}:${IMAGE_VERSION}" imagePullPolicy: IfNotPresent name: "${EC_SERVICE_NAME}" command: - /docker-entrypoint.sh - /usr/sbin/openvpn - '--config' - '/etc/openvpn/server.conf' ports: - containerPort: 1194 protocol: UDP resources: limits: memory: "${MEMORY_LIMIT}" securityContext: privileged: true runAsUser: 0 capabilities: add: - NET_ADMIN restartPolicy: Always terminationGracePeriodSeconds: 30 # imagePullSecrets: # - name: eurotechreg parameters: - name: IMAGE_VERSION description: The version of the image to use value: latest - name: MEMORY_LIMIT displayName: Memory Limit description: Maximum amount of memory the container can use. value: 2Gi required: true - name: NAMESPACE displayName: Namespace description: The OpenShift Namespace where the ImageStream resides. value: ec - name: EC_SERVICE_NAME displayName: EC api Service Name description: The name of the OpenShift Service. value: ec-vpn required: true # - name: DB_HOST # description: Address of the DB # value: mariadb.ec.svc.cluster.local # required: true # - name: DB_PORT # description: The version of the image to use # value: "3306" # required: true - name: DB_SCHEMA_NAME description: Automatically update DB schema value: "ecdb" required: true - name: DB_SCHEMA_UPDATE description: Automatically update DB schema value: "true" required: true - name: DB_RESOLVER description: JDBC connection URL resolver value: MariaDB required: true - name: DB_DRIVER description: JDBC driver value: org.mariadb.jdbc.Driver required: true - name: DB_CONNECTION_SCHEME description: JDBC connection scheme value: jdbc:mariadb required: true - name: SERVICE_NODE_PORT description: Service node port value: "31194" required: true - name: EC_SECRET_DB description: Name of the secret containing DB credentials value: "ec-db" required: true - name: EC_SECRET_CRT description: Name of the secret containing certificates value: "ec-crt" required: true ansible/roles/ocp-workload-iot-demo/readme.adoc
New file @@ -0,0 +1,136 @@ = ocp-workload-developer-environment - Sample Config == Role overview * This is a simple role that does the following: ** Playbook: link:./tasks/pre_workload.yml[pre_workload.yml] - Sets up an environment for the workload deployment *** Adds a user to a list of groups defined in the link:./defaults/main.yml[defaults file]. *** Sets a cluster resource quota for the user based on the variables in the link:./defaults/main.yml[defaults file] . *** Debug task will print out: `pre_workload Tasks Complete` ** Playbook: link:./tasks/workload.yml[workload.yml] - Used to deploy the actual workload, i.e, 3scale, Mobile or some Demo *** This role doesn't do anything here *** Debug task will print out: `workload Tasks Complete` ** Playbook: link:./tasks/post_workload.yml[post_workload.yml] - Used to configure the workload after deployment *** This role doesn't do anything here *** Debug task will print out: `post_workload Tasks Complete` == Review the defaults variable file * This file link:./defaults/main.yml[./defaults/main.yml] contains all the variables you need to define to control the deployment of your workload. * You can modify any of these default values by adding `-e"variable_name=variable_value"` to the command line === Deploy Workload on OpenShift Cluster from an existing playbook: [source,yaml] ---- - name: Deploy a workload role on a master host hosts: all become: true gather_facts: False tags: - step007 roles: - { role: "{{ ANSIBLE_REPO_PATH }}/roles/{{ocp_workload}}", when: 'ocp_workload is defined' } ---- NOTE: You might want to change `hosts: all` to fit your requirements === Common configuration to run these playbooks You should have these environment variables defined/exported in your system in order to run these playbooks. ---- HOST_GUID=iot-dev ✭ TARGET_HOST="bastion.$HOST_GUID.openshift.opentlc.com" OCP_USERNAME="ccustine-redhat.com" SSH_USER="opentlc-mgr" SSH_PRIVATE_KEY="id_dsa" GUID=tmpguid WORKLOAD="ocp-workload-iot-demo" ---- === Deploy a Workload with the `ocp-workload` playbook [Mostly for testing] ---- WORKLOAD="ocp-workload-parksmap-demo" # a TARGET_HOST is specified in the command line, without using an inventory file ansible-playbook -i ${TARGET_HOST}, ./configs/ocp-workloads/ocp-workload.yml \ -e"ansible_ssh_private_key_file=~/.ssh/${SSH_PRIVATE_KEY}" \ -e"ansible_ssh_user=${SSH_USER}" \ -e"ANSIBLE_REPO_PATH=`pwd`" \ -e"ocp_username=${OCP_USERNAME}" \ -e"ocp_workload=${WORKLOAD}" \ -e"guid=${GUID}" \ -e"ocp_user_needs_quota=true" \ -e"ocp_master=master.${HOST_GUID}.openshift.opentlc.com" \ -e"ocp_apps_domain=apps.${HOST_GUID}.openshift.opentlc.com" \ -e"ACTION=create" ---- === To Delete an environment Use the common configuration first. Then run this. ---- WORKLOAD="ocp-workload-parksmap-demo" # a TARGET_HOST is specified in the command line, without using an inventory file ansible-playbook -i ${TARGET_HOST}, ./configs/ocp-workloads/ocp-workload.yml \ -e"ansible_ssh_private_key_file=~/.ssh/${SSH_PRIVATE_KEY}" \ -e"ansible_ssh_user=${SSH_USER}" \ -e"ANSIBLE_REPO_PATH=`pwd`" \ -e"ocp_username=${OCP_USERNAME}" \ -e"ocp_workload=${WORKLOAD}" \ -e"guid=${GUID}" \ -e"ACTION=remove" ---- == Set up your Ansible inventory file * You can create an Ansible inventory file to define your connection method to your host (Master/Bastion with OC command) * You can also use the command line to define the hosts directly if your `ssh` configuration is set to connect to the host correctly * You can also use the command line to use localhost or if your cluster is already authenticated and configured in your `oc` configuration [source, ini] .example inventory file ---- [gptehosts:vars] ansible_ssh_private_key_file=~/.ssh/keytoyourhost.pem ansible_ssh_user=ec2-user [gptehosts:children] openshift [openshift] bastion.cluster1.openshift.opentlc.com bastion.cluster2.openshift.opentlc.com bastion.cluster3.openshift.opentlc.com ansible_ssh_host=ec2-11-111-111-11.us-west-2.compute.amazonaws.com bastion.cluster4.openshift.opentlc.com [dev] bastion.cluster1.openshift.opentlc.com bastion.cluster2.openshift.opentlc.com [prod] bastion.cluster3.openshift.opentlc.com bastion.cluster4.openshift.opentlc.com ---- ansible/roles/ocp-workload-iot-demo/tasks/main.yml
New file @@ -0,0 +1,20 @@ --- - name: Running Pre Workload Tasks include: ./pre_workload.yml become: false when: ACTION == "create" or ACTION == "provision" - name: Running Workload Tasks include: ./workload.yml become: false when: ACTION == "create" or ACTION == "provision" - name: Running Post Workload Tasks include: ./post_workload.yml become: false when: ACTION == "create" or ACTION == "provision" - name: Running Workload removal Tasks include: ./remove_workload.yml become: false when: ACTION == "destroy" or ACTION == "remove" ansible/roles/ocp-workload-iot-demo/tasks/post_workload.yml
New file @@ -0,0 +1,9 @@ --- - name: Delete the remote files used in this role file: path: /tmp/{{guid}} state: absent - name: post_workload Tasks Complete debug: msg: "Post-Software checks completed successfully" ansible/roles/ocp-workload-iot-demo/tasks/pre_workload.yml
New file @@ -0,0 +1,40 @@ --- # - name: Add user to developer group (allowed to create projects) # shell: "oadm groups add-users {{item}} {{ocp_username}}" # register: groupadd_register # with_items: "{{ocp_user_groups}}" # when: ocp_username is defined and ocp_user_groups is defined # # - name: test that command worked # debug: # var: groupadd_register # verbosity: 2 - name: Create user Quota - clusterresourcequota shell: | oc create clusterquota clusterquota-"{{ocp_username}}-{{guid}}" \ --project-annotation-selector=openshift.io/requester="{{ocp_username}}" \ --hard requests.cpu="{{quota_requests_cpu}}" \ --hard limits.cpu="{{quota_limits_cpu}}" \ --hard requests.memory="{{quota_requests_memory}}" \ --hard limits.memory="{{quota_limits_memory}}" \ --hard configmaps="{{quota_configmaps}}" \ --hard pods="{{quota_pods}}" \ --hard persistentvolumeclaims="{{quota_persistentvolumeclaims}}" \ --hard services="{{quota_services}}" \ --hard secrets="{{quota_secrets}}" \ --hard requests.storage="{{quota_requests_storage}}" ignore_errors: true - name: Copy the files used in this role synchronize: src: "files/" dest: "/tmp/{{guid}}/" rsync_opts: - "--no-motd" - "--exclude=.git,*.qcow2" - name: pre_workload Tasks Complete debug: msg: "Pre-Software checks completed successfully" ansible/roles/ocp-workload-iot-demo/tasks/remove_workload.yml
New file @@ -0,0 +1,20 @@ --- - name: post_workload Tasks Complete debug: msg: "Pre-Software checks completed successfully - Removed" - name: define ocp_project set_fact: ocp_project: "iot-demo-{{guid}}" - name: Remove user Project shell: "oc delete project {{ocp_project}}" ignore_errors: true - name: Remove user Quota - oc delete clusterresourcequota "clusterquota-{{ocp_username}}-{{guid}}" shell: oc delete clusterresourcequota clusterquota-{{ocp_username}}-{{guid}} ignore_errors: true - name: post_workload Tasks Complete debug: msg: "Post-Software checks completed successfully - Removed" ansible/roles/ocp-workload-iot-demo/tasks/workload.yml
New file @@ -0,0 +1,67 @@ --- - name: define ocp_project set_fact: ocp_project: "iot-demo-{{guid}}" - name: Create project for IoT Demo shell: | oc new-project {{ocp_project}} \ --display-name="IoT Demo - {{guid}}" \ --description="Industry 4.0 IoT Demo" ignore_errors: true - name: Add anyuser shell: "oc adm policy add-scc-to-user anyuid -z default -n {{ocp_project}}" - name: Add Quay Image Pull Secret for Eurotech Images shell: "oc create -f /tmp/{{guid}}/redhat-iot-rhpds-secret.yml -n {{ocp_project}}" - name: Add MariaDB Secret shell: "oc create secret generic ec-db --from-literal=name=ecdb --from-literal=username=redhat --from-literal=password=RedHat123 -n {{ocp_project}}" - name: Generate Self Signed Certs command: > openssl req -new -x509 -nodes -days {{ item.days | default(3650) }} -subj "/C={{ item.country | default('') }}/ST={{ item.state | default('') }}/L={{ item.city | default('') }}/O={{ item.organization | default('') }}/OU={{ item.unit | default('') }}/CN={{ item.name }}/emailAddress={{ item.email | default('') }}" -newkey rsa:2048 -keyout /tmp/{{guid}}/certs/key.pem -out /tmp/{{guid}}/certs/cert.pem args: creates: /tmp/{{guid}}/certs/*.pem with_items: "{{ openssl_self_signed }}" - name: Add Self Signed Certs shell: "oc create secret generic ec-crt --from-file=crt=/tmp/{{guid}}/certs/cert.pem --from-file=key=/tmp/{{guid}}/certs/key.pem --from-file=ca=/tmp/{{guid}}/certs/cert.pem -n {{ocp_project}}" # -f /tmp/{{guid}}/mariadb.yaml - name: Deploy MariaDB shell: "oc new-app -e MYSQL_USER=redhat -e MYSQL_PASSWORD=RedHat123 -e MYSQL_DATABASE=ecdb -e MYSQL_LOWER_CASE_TABLE_NAMES=1 -e NAMESPACE=openshift -e VOLUME_CAPACITY=1Gi -e MARIADB_VERSION=10.2 mariadb:10.2 -n {{ocp_project}}" - name: Deploy Elasticsearch shell: "oc new-app -e 'ES_JAVA_OPTS=-Des.cluster.name=kapua-datastore -Des.http.cors.enabled=true -Des.http.cors.allow-origin=* -Xms256m -Xmx256m' elasticsearch:5.4 -n {{ocp_project}}" - name: Deploy EC Broker shell: "oc new-app -f /tmp/{{guid}}/broker.yml -p IMAGE_VERSION=5.0.0 -p NAMESPACE={{ocp_project}} -p EC_SECRET_DB=ec-db -p DISABLE_SSL=true -n {{ocp_project}}" - name: Deploy EC Console shell: "oc new-app -f /tmp/{{guid}}/console.yml -p 'IMAGE_VERSION=5.0.0' -p 'NAMESPACE={{ocp_project}}' -p 'EC_SECRET_DB=ec-db' -n {{ocp_project}}" - name: Deploy EC API shell: "oc new-app -f /tmp/{{guid}}/api.yml -p 'IMAGE_VERSION=5.0.0' -p 'NAMESPACE={{ocp_project}}' -p 'EC_SECRET_DB=ec-db' -n {{ocp_project}}" - name: Print Console URL debug: msg: "EC Console is running at http://ec-console-{{ocp_project}}.{{ocp_apps_domain}}" - name: Print MQTT Broker URL debug: msg: "EC Broker is running at: mqtt://ec-broker-mqtt.{{ocp_project}}.{{ocp_apps_domain}}:1883" - name: Annotate the completed project as requested by user shell: "oc annotate namespace {{ocp_project}} openshift.io/requester={{ocp_username}} --overwrite" - name: Give user access to the completed project shell: "oc policy add-role-to-user admin {{ocp_username}} -n {{ocp_project}}"