Merge branch 'development' of https://github.com/sborenst/ansible_agnostic_deployer into development
2 files deleted
59 files added
50 files modified
2 files renamed
| | |
| | | tower_job_template_name: Acme |
| | | tower_credential_name: Acme |
| | | tower_job_template_playbook: hackathons/rhte-2018-emea/ansible-role-httpd/tests/test.yml |
| | | tower_credential_username: ec2-user |
| | | tower_credential_username: ec2-user |
| | | |
| | | |
| | | ### Gogs Variables |
| | | ansible_service_mgr: systemd |
| | | gogs_admin_username: cicduser1 |
| | | gogs_admin_password: r3dh4t! |
| | |
| | | hosts: |
| | | - cicd* |
| | | become: true |
| | | gather_facts: False |
| | | gather_facts: True |
| | | vars_files: |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml" |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_secret_vars.yml" |
| | |
| | | setup: |
| | | filter: 'ansible_[od][si]*' |
| | | roles: |
| | | - { role: "{{ ANSIBLE_REPO_PATH }}/roles/geerlingguy.gogs" } |
| | | - { role: "{{ ANSIBLE_REPO_PATH }}/roles/host-gogs-server" } |
| | | - { role: "{{ ANSIBLE_REPO_PATH }}/roles/host-jenkins-server" } |
| | | - { role: "{{ ANSIBLE_REPO_PATH }}/roles/molecule" } |
| | | |
| | | - hosts: bastion |
| | | - hosts: bastions |
| | | become: false |
| | | vars_files: |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml" |
| | |
| | | src: "/root/.ssh/{{ guid }}key.pem" |
| | | register: credential_ssh_key |
| | | no_log: True |
| | | delegate_to: "{{ bastion_host }}" |
| | | when: response.json.count == 0 |
| | | |
| | | - name: Create Credential |
| | |
| | | deploy_openshift_post: false |
| | | deploy_env_post: false |
| | | install_metrics: true |
| | | install_prometheus: true |
| | | install_logging: true |
| | | ovs_plugin: "subnet" # This can also be set to: "multitenant" or "networkpolicy" |
| | | multi_tenant_setting: "os_sdn_network_plugin_name='redhat/openshift-ovs-{{ovs_plugin}}'" |
| | |
| | | cloudapps_suffix: 'apps.{{subdomain_base}}' |
| | | openshift_master_ldap_ca_file: 'openshift_master_ldap_ca_file=/root/ca.crt' |
| | | |
| | | ## If you are not part of GPTE you don't need this. |
| | | # Options for container_runtime: docker, cri-o |
| | | container_runtime: "docker" |
| | | docker_version: "{{ '1.12.6' if repo_version | version_compare('3.9', '<') else '1.13.1' }}" |
| | | docker_device: /dev/xvdb |
| | | |
| | | ## If you are not part of GPTE you don't need this. |
| | | opentlc_integration: true |
| | | |
| | | ################################################################################ |
| | | #### GENERIC EXAMPLE |
| | | #### |
| | | ################################################################################ |
| | | |
| | | install_common: true |
| | | install_nfs: true |
| | | install_glusterfs: false |
| | | glusterfs_hosted_device_name: /dev/xvdc |
| | | glusterfs_hosted_device_size: 300 |
| | | glusterfs_app_device_name: /dev/xvdd |
| | | glusterfs_app_device_size: 300 |
| | | |
| | | install_bastion: false |
| | | env_authorized_key: "{{guid}}key" |
| | | set_env_authorized_key: true |
| | | software_to_deploy: "openshift" |
| | | ################################################################################ |
| | | #### OCP IMPLEMENATATION LAB |
| | | ################################################################################ |
| | | |
| | | repo_version: '3.10' |
| | | repo_version: '3.10.14' |
| | | cloudapps_dns: '*.apps.{{subdomain_base}}.' |
| | | master_public_dns: "loadbalancer.{{subdomain_base}}." |
| | | |
| | |
| | | - tmux |
| | | - bind-utils |
| | | - wget |
| | | - nano |
| | | - ansible |
| | | - git |
| | | - vim-enhanced |
| | | - ansible |
| | | - at |
| | | - sysstat |
| | | - strace |
| | | - net-tools |
| | | - iptables-services |
| | | - bridge-utils |
| | | - kexec-tools |
| | | - sos |
| | | - psacct |
| | | - iotop |
| | | |
| | | rhel_repos: |
| | | - rhel-7-server-rpms |
| | | - rhel-7-server-extras-rpms |
| | | - rhel-7-server-ose-{{repo_version}}-rpms |
| | | - rhel-7-server-ansible-2.4-rpms |
| | | - rh-gluster-3-client-for-rhel-7-server-rpms |
| | | |
| | | use_subscription_manager: false |
| | | use_own_repos: true |
| | |
| | | |
| | | bastion_instance_type: "t2.xlarge" |
| | | |
| | | support_instance_type: "t2.medium" |
| | | support_instance_count: 3 |
| | | |
| | | node_instance_type: "t2.large" |
| | | node_instance_count: 3 |
| | | |
| | | infranode_instance_type: "t2.xlarge" |
| | | infranode_instance_count: 2 |
| | | loadbalancer_instance_count: 1 |
| | | loadbalancer_instance_type: "t2.small" |
| | | |
| | | master_instance_type: "t2.large" |
| | | master_instance_count: 3 |
| | | |
| | | loadbalancer_instance_count: 1 |
| | | loadbalancer_instance_type: "t2.small" |
| | | infranode_instance_type: "t2.xlarge" |
| | | infranode_instance_count: 2 |
| | | |
| | | node_instance_type: "t2.large" |
| | | node_instance_count: 3 |
| | | |
| | | support_instance_type: "t2.medium" |
| | | support_instance_count: 3 |
| | | |
| | | ansible_ssh_private_key_file: ~/.ssh/{{key_name}}.pem |
| | | |
| | |
| | | # |
| | | # /etc/ansible/hosts file for OpenShift Container Platform 3.10.14 |
| | | # ansible inventory for OpenShift Container Platform 3.10.14 |
| | | # |
| | | |
| | | [OSEv3:vars] |
| | |
| | | openshift_crio_docker_gc_node_selector={'runtime': 'cri-o'} |
| | | {% endif %} |
| | | |
| | | # Node Groups |
| | | openshift_node_groups=[{'name': 'node-config-master', 'labels': ['node-role.kubernetes.io/master=true','runtime={{container_runtime}}']}, {'name': 'node-config-infra', 'labels': ['node-role.kubernetes.io/infra=true','runtime={{container_runtime}}']}, {'name': 'node-config-glusterfs', 'labels': ['runtime={{container_runtime}}']}, {'name': 'node-config-compute', 'labels': ['node-role.kubernetes.io/compute=true','runtime={{container_runtime}}'], 'edits': [{ 'key': 'kubeletArguments.pods-per-core','value': ['20']}]}] |
| | | # Configure node kubelet arguments. pods-per-core is valid in OpenShift Origin 1.3 or OpenShift Container Platform 3.3 and later. -> These need to go into the above |
| | | # openshift_node_kubelet_args={'pods-per-core': ['10'], 'max-pods': ['250'], 'image-gc-high-threshold': ['85'], 'image-gc-low-threshold': ['75']} |
| | |
| | | # See: https://github.com/nickhammond/ansible-logrotate |
| | | logrotate_scripts=[{"name": "syslog", "path": "/var/log/cron\n/var/log/maillog\n/var/log/messages\n/var/log/secure\n/var/log/spooler\n", "options": ["daily", "rotate 7","size 500M", "compress", "sharedscripts", "missingok"], "scripts": {"postrotate": "/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true"}}] |
| | | |
| | | {% if install_glusterfs|bool %} |
| | | ########################################################################### |
| | | ### OpenShift Container Storage |
| | | ########################################################################### |
| | | |
| | | openshift_master_dynamic_provisioning_enabled=True |
| | | |
| | | # CNS storage cluster |
| | | # From https://github.com/red-hat-storage/openshift-cic |
| | | openshift_storage_glusterfs_namespace=openshift-storage |
| | | openshift_storage_glusterfs_storageclass=true |
| | | openshift_storage_glusterfs_storageclass_default=true |
| | | |
| | | openshift_storage_glusterfs_block_deploy=true |
| | | openshift_storage_glusterfs_block_host_vol_create=true |
| | | openshift_storage_glusterfs_block_host_vol_size=200 |
| | | openshift_storage_glusterfs_block_storageclass=true |
| | | openshift_storage_glusterfs_block_storageclass_default=false |
| | | |
| | | # Container image to use for glusterfs pods |
| | | openshift_storage_glusterfs_image="registry.access.redhat.com/rhgs3/rhgs-server-rhel7:v3.9" |
| | | |
| | | # Container image to use for glusterblock-provisioner pod |
| | | openshift_storage_glusterfs_block_image="registry.access.redhat.com/rhgs3/rhgs-gluster-block-prov-rhel7:v3.9" |
| | | |
| | | # Container image to use for heketi pods |
| | | openshift_storage_glusterfs_heketi_image="registry.access.redhat.com/rhgs3/rhgs-volmanager-rhel7:v3.9" |
| | | {% endif %} |
| | | |
| | | {% if install_nfs|bool %} |
| | | # Set this line to enable NFS |
| | |
| | | openshift_master_console_port={{master_api_port}} |
| | | |
| | | openshift_master_cluster_method=native |
| | | openshift_master_cluster_hostname={{master_lb_dns}} |
| | | openshift_master_cluster_hostname=loadbalancer1.{{guid}}.internal |
| | | openshift_master_cluster_public_hostname={{master_lb_dns}} |
| | | openshift_master_default_subdomain={{cloudapps_suffix}} |
| | | #openshift_master_ca_certificate={'certfile': '/root/intermediate_ca.crt', 'keyfile': '/root/intermediate_ca.key'} |
| | | openshift_master_overwrite_named_certificates={{openshift_master_overwrite_named_certificates}} |
| | | |
| | | {% if install_lets_encrypt_certificates|bool %} |
| | | openshift_master_named_certificates={{lets_encrypt_openshift_master_named_certificates|to_json}} |
| | | {% endif %} |
| | | |
| | | openshift_set_hostname=True |
| | | |
| | | ########################################################################### |
| | | ### OpenShift Network Vars |
| | |
| | | ### OpenShift Authentication Vars |
| | | ########################################################################### |
| | | |
| | | {% if install_idm == "ldap" or 'ldap' in install_idms|d([]) %} |
| | | {{openshift_master_ldap_ca_file}} |
| | | {% endif %} |
| | | |
| | | {% if install_idm == "htpasswd" or 'htpasswd' in install_idms|d([]) %} |
| | | # htpasswd Authentication |
| | | openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider'}] |
| | | openshift_master_htpasswd_file=/root/htpasswd.openshift |
| | | {% endif %} |
| | | |
| | | openshift_master_identity_providers={{identity_providers|to_json}} |
| | | |
| | | {% if admission_plugin_config is defined %} |
| | | ########################################################################### |
| | | ### OpenShift admission plugin config |
| | | ########################################################################### |
| | | |
| | | openshift_master_admission_plugin_config={{admission_plugin_config|to_json}} |
| | | {% endif %} |
| | | # LDAP Authentication (download ipa-ca.crt first) |
| | | # openshift_master_identity_providers=[{'name': 'ldap', 'challenge': 'true', 'login': 'true', 'kind': 'LDAPPasswordIdentityProvider','attributes': {'id': ['dn'], 'email': ['mail'], 'name': ['cn'], 'preferredUsername': ['uid']}, 'bindDN': 'uid=admin,cn=users,cn=accounts,dc=shared,dc=example,dc=opentlc,dc=com', 'bindPassword': 'r3dh4t1!', 'ca': '/etc/origin/master/ipa-ca.crt','insecure': 'false', 'url': 'ldaps://ipa.shared.example.opentlc.com:636/cn=users,cn=accounts,dc=shared,dc=example,dc=opentlc,dc=com?uid?sub?(memberOf=cn=ocp-users,cn=groups,cn=accounts,dc=shared,dc=example,dc=opentlc,dc=com)'}] |
| | | # openshift_master_ldap_ca_file=/root/ipa-ca.crt |
| | | |
| | | ########################################################################### |
| | | ### OpenShift Metrics and Logging Vars |
| | |
| | | ######################## |
| | | openshift_metrics_install_metrics={{install_metrics}} |
| | | |
| | | {% if install_nfs|bool and not install_glusterfs|bool %} |
| | | openshift_metrics_storage_kind=nfs |
| | | openshift_metrics_storage_access_modes=['ReadWriteOnce'] |
| | | openshift_metrics_storage_nfs_directory=/srv/nfs |
| | |
| | | openshift_metrics_storage_volume_size=10Gi |
| | | openshift_metrics_storage_labels={'storage': 'metrics'} |
| | | openshift_metrics_cassanda_pvc_storage_class_name='' |
| | | {% endif %} |
| | | |
| | | {% if install_glusterfs|bool %} |
| | | openshift_metrics_storage_kind=dynamic |
| | | openshift_metrics_storage_volume_size=20Gi |
| | | openshift_metrics_cassandra_pvc_storage_class_name='glusterfs-storage-block' |
| | | {% endif %} |
| | | |
| | | openshift_metrics_hawkular_nodeselector={"node-role.kubernetes.io/infra": "true"} |
| | | openshift_metrics_cassandra_nodeselector={"node-role.kubernetes.io/infra": "true"} |
| | |
| | | |
| | | # Enable cluster logging |
| | | ######################## |
| | | |
| | | openshift_logging_install_logging={{install_logging}} |
| | | |
| | | {% if install_nfs|bool and not install_glusterfs|bool %} |
| | |
| | | |
| | | openshift_hosted_router_replicas={{infranode_instance_count}} |
| | | |
| | | {% if install_lets_encrypt_certificates|bool %} |
| | | openshift_hosted_router_certificate={{lets_encrypt_openshift_hosted_router_certificate|to_json}} |
| | | {% endif %} |
| | | # openshift_hosted_router_certificate={"certfile": "/path/to/router.crt", "keyfile": "/path/to/router.key", "cafile": "/path/to/router-ca.crt"} |
| | | |
| | | openshift_hosted_registry_replicas=1 |
| | | openshift_hosted_registry_pullthrough=true |
| | | openshift_hosted_registry_acceptschema2=true |
| | | openshift_hosted_registry_enforcequota=true |
| | | |
| | | {% if s3user_access_key is defined %} |
| | | # Registry AWS S3 |
| | | # S3 bucket must already exist. |
| | | openshift_hosted_registry_storage_kind=object |
| | | openshift_hosted_registry_storage_provider=s3 |
| | | openshift_hosted_registry_storage_s3_accesskey={{ s3user_access_key }} |
| | | openshift_hosted_registry_storage_s3_secretkey={{ s3user_secret_access_key }} |
| | | openshift_hosted_registry_storage_s3_bucket={{ project_tag }} |
| | | openshift_hosted_registry_storage_s3_region={{ aws_region_final|d(aws_region) }} |
| | | openshift_hosted_registry_storage_s3_chunksize=26214400 |
| | | openshift_hosted_registry_storage_s3_rootdirectory=/registry |
| | | openshift_hosted_registry_replicas=1 |
| | | |
| | | {% if install_nfs|bool %} |
| | | openshift_hosted_registry_storage_kind=nfs |
| | | openshift_hosted_registry_storage_access_modes=['ReadWriteMany'] |
| | | openshift_hosted_registry_storage_nfs_directory=/srv/nfs |
| | | openshift_hosted_registry_storage_nfs_options='*(rw,root_squash)' |
| | | openshift_hosted_registry_storage_volume_name=registry |
| | | openshift_hosted_registry_storage_volume_size=20Gi |
| | | openshift_hosted_registry_pullthrough=true |
| | | openshift_hosted_registry_acceptschema2=true |
| | | openshift_hosted_registry_enforcequota=true |
| | | {% endif %} |
| | | |
| | | ########################################################################### |
| | |
| | | ### OpenShift Hosts |
| | | ########################################################################### |
| | | [OSEv3:children] |
| | | lb |
| | | masters |
| | | etcd |
| | | nodes |
| | |
| | | nfs |
| | | {% endif %} |
| | | {% if install_glusterfs|bool %} |
| | | glusterfs |
| | | #glusterfs |
| | | {% endif %} |
| | | {% if groups['newnodes']|d([])|length > 0 %} |
| | | new_nodes |
| | | {% endif %} |
| | | |
| | | [lb] |
| | | {% for host in groups['loadbalancers'] %} |
| | | {{ hostvars[host].internaldns }} |
| | | {% endfor %} |
| | | |
| | | [masters] |
| | | {% for host in groups['masters']|sort %} |
| | |
| | | {% endfor %} |
| | | |
| | | ## These are regular nodes |
| | | {% for host in groups['nodes']|sort |
| | | if host not in groups['newnodes']|d([]) |
| | | and host not in groups['glusterfs']|d([]) |
| | | %} |
| | | {% for host in groups['nodes']|sort %} |
| | | {{ hostvars[host].internaldns }} openshift_node_group_name='node-config-compute' |
| | | {% endfor %} |
| | | |
| | | {% if groups['glusterfs']|d([])|length > 0 %} |
| | | ## These are glusterfs nodes |
| | | {% for host in groups['glusterfs']|sort %} |
| | | {{ hostvars[host].internaldns }} openshift_node_group_name='node-config-compute' |
| | | ## These are OCS nodes |
| | | {% for host in groups['support']|sort %} |
| | | # {{ hostvars[host].internaldns }} openshift_node_group_name='node-config-compute' |
| | | {% endfor %} |
| | | {% endif %} |
| | | |
| | | {% if groups['newnodes']|d([])|length > 0 %} |
| | | # scaleup performed, leave an empty group, see: |
| | | # https://docs.openshift.com/container-platform/3.7/install_config/adding_hosts_to_existing_cluster.html |
| | | [new_nodes] |
| | | {% for host in groups['newnodes']|sort %} |
| | | {{ hostvars[host].internaldns }} ansible_ssh_user={{remote_user}} ansible_ssh_private_key_file=~/.ssh/{{key_name}}.pem openshift_node_group_name='node-config-compute' |
| | | {% endfor %} |
| | | {% endif %} |
| | | |
| | | {% if install_nfs|bool %} |
| | | [nfs] |
| | |
| | | {% endfor %} |
| | | {% endif %} |
| | | |
| | | {% if install_glusterfs|bool %} |
| | | {% set query = "[?name=='support']|[0].volumes[?purpose=='glusterfs'].device_name" %} |
| | | [glusterfs] |
| | | {% for host in groups['glusterfs']|sort %} |
| | | {% if loop.index % 3 == 1 %} |
| | | {% set glusterfs_zone = 1 %} |
| | | {% elif loop.index % 3 == 2 %} |
| | | {% set glusterfs_zone = 2 %} |
| | | {% elif loop.index % 3 == 0 %} |
| | | {% set glusterfs_zone = 3 %} |
| | | {% endif %} |
| | | {% if cloud_provider == 'ec2' %} |
| | | {{ hostvars[host].internaldns }} glusterfs_zone={{ glusterfs_zone }} glusterfs_devices='{{instances|json_query(query)|to_json}}' |
| | | {% elif cloud_provider == 'azure' %} |
| | | {{ hostvars[host].internaldns }} glusterfs_zone={{ glusterfs_zone }} glusterfs_devices='{{ [ hostvars[host].glusterfs_device_name ] |to_json}}' |
| | | {% endif %} |
| | | #[glusterfs] |
| | | {% for host in groups['support']|sort %} |
| | | # {{ hostvars[host].internaldns }} glusterfs_devices='[ "{{ glusterfs_app_device_name }}" ]' |
| | | {% endfor %} |
| | | {% endif %} |
New file |
| | |
| | | # |
| | | # LAB inventory |
| | | # ansible inventory for OpenShift Container Platform 3.10.14 |
| | | # |
| | | |
| | | [OSEv3:vars] |
| | | |
| | | ########################################################################### |
| | | ### Ansible Vars |
| | | ########################################################################### |
| | | timeout=60 |
| | | ansible_user={{ansible_ssh_user}} |
| | | ansible_become=yes |
| | | |
| | | ########################################################################### |
| | | ### OpenShift Basic Vars |
| | | ########################################################################### |
| | | |
| | | openshift_disable_check="disk_availability,memory_availability,docker_image_availability" |
| | | |
| | | openshift_node_groups=[{'name': 'node-config-master', 'labels': ['node-role.kubernetes.io/master=true','runtime={{container_runtime}}']}, {'name': 'node-config-infra', 'labels': ['node-role.kubernetes.io/infra=true','runtime={{container_runtime}}']}, {'name': 'node-config-glusterfs', 'labels': ['runtime={{container_runtime}}']}, {'name': 'node-config-compute', 'labels': ['node-role.kubernetes.io/compute=true','runtime={{container_runtime}}'], 'edits': [{ 'key': 'kubeletArguments.pods-per-core','value': ['20']}]}] |
| | | # Configure node kubelet arguments. pods-per-core is valid in OpenShift Origin 1.3 or OpenShift Container Platform 3.3 and later. -> These need to go into the above |
| | | # openshift_node_kubelet_args={'pods-per-core': ['10'], 'max-pods': ['250'], 'image-gc-high-threshold': ['85'], 'image-gc-low-threshold': ['75']} |
| | | |
| | | # Configure logrotate scripts |
| | | # See: https://github.com/nickhammond/ansible-logrotate |
| | | logrotate_scripts=[{"name": "syslog", "path": "/var/log/cron\n/var/log/maillog\n/var/log/messages\n/var/log/secure\n/var/log/spooler\n", "options": ["daily", "rotate 7","size 500M", "compress", "sharedscripts", "missingok"], "scripts": {"postrotate": "/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true"}}] |
| | | |
| | | ########################################################################### |
| | | ### OpenShift Hosts |
| | | ########################################################################### |
| | | [OSEv3:children] |
| | | lb |
| | | masters |
| | | etcd |
| | | nodes |
| | | {% if install_nfs|bool %} |
| | | nfs |
| | | {% endif %} |
| | | {% if install_glusterfs|bool %} |
| | | #glusterfs |
| | | {% endif %} |
| | | |
| | | [lb] |
| | | {% for host in groups['loadbalancers'] %} |
| | | {{ hostvars[host].internaldns }} |
| | | {% endfor %} |
| | | |
| | | [masters] |
| | | {% for host in groups['masters']|sort %} |
| | | {{ hostvars[host].internaldns }} |
| | | {% endfor %} |
| | | |
| | | [etcd] |
| | | {% for host in groups['masters']|sort %} |
| | | {{ hostvars[host].internaldns }} |
| | | {% endfor %} |
| | | |
| | | [nodes] |
| | | ## These are the masters |
| | | {% for host in groups['masters']|sort %} |
| | | {{ hostvars[host].internaldns }} openshift_node_group_name='node-config-master' |
| | | {% endfor %} |
| | | |
| | | ## These are infranodes |
| | | {% for host in groups['infranodes']|sort %} |
| | | {{ hostvars[host].internaldns }} openshift_node_group_name='node-config-infra' |
| | | {% endfor %} |
| | | |
| | | ## These are regular nodes |
| | | {% for host in groups['nodes']|sort %} |
| | | {{ hostvars[host].internaldns }} openshift_node_group_name='node-config-compute' |
| | | {% endfor %} |
| | | |
| | | ## These are OCS nodes |
| | | {% for host in groups['support']|sort %} |
| | | # {{ hostvars[host].internaldns }} openshift_node_group_name='node-config-compute' |
| | | {% endfor %} |
| | | |
| | | {% if install_nfs|bool %} |
| | | [nfs] |
| | | {% for host in [groups['support']|sort|first] %} |
| | | {{ hostvars[host].internaldns }} |
| | | {% endfor %} |
| | | {% endif %} |
| | | |
| | | #[glusterfs] |
| | | {% for host in groups['support']|sort %} |
| | | # {{ hostvars[host].internaldns }} glusterfs_devices='[ "{{ glusterfs_app_device_name }}" ]' |
| | | {% endfor %} |
New file |
| | |
| | | [OSEv3:vars] |
| | | |
| | | ########################################################################### |
| | | ### Ansible Vars |
| | | ########################################################################### |
| | | timeout=60 |
| | | ansible_become=yes |
| | | ansible_ssh_user={{ansible_ssh_user}} |
| | | |
| | | # disable memory check, as we are not a production environment |
| | | openshift_disable_check="memory_availability" |
| | | |
| | | # Set this line to enable NFS |
| | | openshift_enable_unsupported_configurations=True |
| | | |
| | | |
| | | ########################################################################### |
| | | ### OpenShift Hosts |
| | | ########################################################################### |
| | | [OSEv3:children] |
| | | lb |
| | | masters |
| | | etcd |
| | | nodes |
| | | nfs |
| | | #glusterfs |
| | | |
| | | [lb] |
| | | {% for host in groups['loadbalancers'] %} |
| | | {{ hostvars[host].internaldns }} |
| | | {% endfor %} |
| | | |
| | | [masters] |
| | | {% for host in groups['masters']|sort %} |
| | | {{ hostvars[host].internaldns }} |
| | | {% endfor %} |
| | | |
| | | [etcd] |
| | | {% for host in groups['masters']|sort %} |
| | | {{ hostvars[host].internaldns }} |
| | | {% endfor %} |
| | | |
| | | [nodes] |
| | | ## These are the masters |
| | | {% for host in groups['masters']|sort %} |
| | | {{ hostvars[host].internaldns }} openshift_hostname={{ hostvars[host].internaldns }} openshift_node_labels="{'env': 'master', 'cluster': '{{guid}}'}" |
| | | {% endfor %} |
| | | |
| | | ## These are infranodes |
| | | {% for host in groups['infranodes']|sort %} |
| | | {{ hostvars[host].internaldns }} openshift_hostname={{ hostvars[host].internaldns }} openshift_node_labels="{'env':'infra', 'cluster': '{{guid}}'}" |
| | | {% endfor %} |
| | | |
| | | ## These are regular nodes |
| | | {% for host in groups['nodes']|sort %} |
| | | {{ hostvars[host].internaldns }} openshift_hostname={{ hostvars[host].internaldns }} openshift_node_labels="{'env':'app', 'cluster': '{{guid}}'}" |
| | | {% endfor %} |
| | | |
| | | ## These are CNS nodes |
| | | {% for host in groups['support']|sort %} |
| | | # {{ hostvars[host].internaldns }} openshift_hostname={{ hostvars[host].internaldns }} openshift_node_labels="{'env':'glusterfs', 'cluster': '{{guid}}'}" |
| | | {% endfor %} |
| | | |
| | | [nfs] |
| | | {% set nfshost = groups['support']|sort|first %} |
| | | {{ hostvars[nfshost].internaldns }} openshift_hostname={{ hostvars[nfshost].internaldns }} |
| | | |
| | | #[glusterfs] |
| | | {% for host in groups['support']|sort %} |
| | | # {{ hostvars[host].internaldns }} glusterfs_devices='[ "{{ glusterfs_app_device_name }}" ]' |
| | | {% endfor %} |
| | |
| | | connection: local |
| | | become: false |
| | | vars_files: |
| | | - "./env_vars.yml" |
| | | - "./env_secret_vars.yml" |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml" |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_secret_vars.yml" |
| | | tags: |
| | | - step002 |
| | | - post_infrastructure |
| | |
| | | #vim: set ft=ansible: |
| | | # vim: set ft=ansible: |
| | | --- |
| | | - name: Step 005 - Post Software deployment |
| | | hosts: localhost |
| | |
| | | tags: |
| | | - step005 |
| | | tasks: |
| | | - name: Generate /etc/ansible/hosts file with lab hosts template |
| | | - name: Generate /etc/ansible/hosts file with lab inv template |
| | | template: |
| | | src: "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/files/labs_hosts_template.j2" |
| | | src: "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/files/labs_hosts_template.{{ osrelease }}.j2" |
| | | dest: "{{ ANSIBLE_REPO_PATH }}/workdir/labs_hosts-{{ env_type }}-{{ guid }}" |
| | | |
| | | - name: Run openshift host provision on the bastion |
| | | gather_facts: False |
| | | become: yes |
| | | hosts: |
| | | - bastions |
| | | vars_files: |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml" |
| | | roles: |
| | | - role: "{{ ANSIBLE_REPO_PATH }}/roles/host-ocp-provisioner" |
| | | |
| | | - name: Configure NFS host for user-vols if required |
| | | hosts: support |
| | |
| | | vars_files: |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml" |
| | | tasks: |
| | | - name: Move complete inventory file to preserve directory. |
| | | shell: mv /etc/ansible/hosts /var/preserve/ |
| | | - name: Copy complete inventory file to bastion:/var/preserve/hosts |
| | | copy: |
| | | src: "{{ ANSIBLE_REPO_PATH }}/workdir/hosts-{{ env_type }}-{{ guid }}" |
| | | dest: /var/preserve/hosts |
| | | tags: preserve_complete_ansible_inventory |
| | | |
| | | - name: Copy over ansible hosts file, lab version |
| | |
| | | tags: |
| | | - overwrite_hosts_with_lab_hosts |
| | | |
| | | ## Create PVs for uservols if required |
| | | ## Create PV objects for uservols if required |
| | | - name: get nfs Hostname |
| | | set_fact: |
| | | nfs_host: "{{ groups['support']|sort|first }}" |
| | |
| | | |
| | | # vim: set ft=ansible: |
| | | # --- |
| | | - name: Step 003 - Create env key |
| | | hosts: localhost |
| | | connection: local |
| | |
| | | # Cloudformation template or equivalent should tag all hosts with Project:{{ env_type }}-{{ guid }} |
| | | |
| | | - name: Configure all hosts with Repositories, Common Files and Set environment key |
| | | hosts: all |
| | | hosts: |
| | | - all:!windows |
| | | become: true |
| | | gather_facts: False |
| | | vars_files: |
| | |
| | | tags: |
| | | - step004 |
| | | - common_tasks |
| | | pre_tasks: |
| | | - name: add rhel-7-server-ansible-2.4-rpms repo for OCP 3.9+ |
| | | set_fact: |
| | | rhel_repos: "{{ rhel_repos + ['rhel-7-server-ansible-2.4-rpms'] }}" |
| | | when: osrelease is version_compare('3.9', '>=') |
| | | roles: |
| | | - { role: "{{ ANSIBLE_REPO_PATH }}/roles/set-repositories", when: 'repo_method is defined' } |
| | | - { role: "{{ ANSIBLE_REPO_PATH }}/roles/common", when: 'install_common' } |
| | | - { role: "{{ ANSIBLE_REPO_PATH }}/roles/set_env_authorized_key", when: 'set_env_authorized_key' } |
| | | - role: "{{ ANSIBLE_REPO_PATH }}/roles/set-repositories" |
| | | when: repo_method is defined |
| | | - role: "{{ ANSIBLE_REPO_PATH }}/roles/common" |
| | | when: install_common|bool |
| | | - role: "{{ ANSIBLE_REPO_PATH }}/roles/set_env_authorized_key" |
| | | when: set_env_authorized_key|bool |
| | | |
| | | - name: Configuring Bastion Hosts |
| | | hosts: bastions |
| | | become: true |
| | | gather_facts: false |
| | | vars_files: |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml" |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_secret_vars.yml" |
| | |
| | | tags: |
| | | - step004 |
| | | - bastion_tasks |
| | | |
| | | |
| | | - name: PreSoftware flight-check |
| | | hosts: localhost |
| | |
| | | ###### OR PASS as "-e" args to ansible-playbook command |
| | | |
| | | ### Common Host settings |
| | | repo_version: "3.9" |
| | | repo_version: "3.10" |
| | | repo_method: file # Other Options are: file, satellite and rhn |
| | | |
| | | cached_packages: |
| | |
| | | ## files and anything that identifies this environment from another "just like it" |
| | | guid: defaultguid |
| | | |
| | | env_type: ocp-multi-cloud-example |
| | | # This var is used to identify stack (cloudformation, azure resourcegroup, ...) |
| | | project_tag: "{{ env_type }}-{{ guid }}" |
| | | |
| | |
| | | cloudapps_suffix: 'apps.{{subdomain_base}}' |
| | | ## TODO: This should be registered as a variable. Awk for os verions (OCP). |
| | | ## yum info openshift... |
| | | osrelease: 3.9.30 |
| | | osrelease: 3.10.14 |
| | | openshift_master_overwrite_named_certificates: true |
| | | timeout: 60 |
| | | |
| | |
| | | --- |
| | | AWSTemplateFormatVersion: "2010-09-09" |
| | | Mappings: |
| | | RegionMapping: |
| | | us-east-1: |
| | | {% if osrelease is version_compare('3.9.25', '>=') %} |
| | | RHELAMI: ami-6871a115 |
| | | {% else %} |
| | | RHELAMI: ami-c998b6b2 |
| | | {% endif %} |
| | | us-east-2: |
| | | {% if osrelease is version_compare('3.9.25', '>=') %} |
| | | RHELAMI: ami-03291866 |
| | | {% else %} |
| | | RHELAMI: ami-cfdafaaa |
| | | {% endif %} |
| | | us-west-1: |
| | | {% if osrelease is version_compare('3.9.25', '>=') %} |
| | | RHELAMI: ami-18726478 |
| | | {% else %} |
| | | RHELAMI: ami-66eec506 |
| | | {% endif %} |
| | | us-west-2: |
| | | {% if osrelease is version_compare('3.9.25', '>=') %} |
| | | RHELAMI: ami-28e07e50 |
| | | {% else %} |
| | | RHELAMI: ami-223f945a |
| | | {% endif %} |
| | | eu-west-1: |
| | | {% if osrelease is version_compare('3.9.25', '>=') %} |
| | | RHELAMI: ami-7c491f05 |
| | | {% else %} |
| | | RHELAMI: ami-bb9a6bc2 |
| | | {% endif %} |
| | | eu-central-1: |
| | | {% if osrelease is version_compare('3.9.25', '>=') %} |
| | | RHELAMI: ami-c86c3f23 |
| | | {% else %} |
| | | RHELAMI: ami-d74be5b8 |
| | | {% endif %} |
| | | ap-northeast-1: |
| | | {% if osrelease is version_compare('3.9.25', '>=') %} |
| | | RHELAMI: ami-6b0d5f0d |
| | | {% else %} |
| | | RHELAMI: ami-30ef0556 |
| | | {% endif %} |
| | | ap-northeast-2: |
| | | {% if osrelease is version_compare('3.9.25', '>=') %} |
| | | RHELAMI: ami-3eee4150 |
| | | {% else %} |
| | | RHELAMI: ami-0f5a8361 |
| | | {% endif %} |
| | | ap-southeast-1: |
| | | {% if osrelease is version_compare('3.9.25', '>=') %} |
| | | RHELAMI: ami-76144b0a |
| | | {% else %} |
| | | RHELAMI: ami-10bb2373 |
| | | {% endif %} |
| | | ap-southeast-2: |
| | | {% if osrelease is version_compare('3.9.25', '>=') %} |
| | | RHELAMI: ami-67589505 |
| | | {% else %} |
| | | RHELAMI: ami-ccecf5af |
| | | {% endif %} |
| | | ap-south-1: |
| | | {% if osrelease is version_compare('3.9.25', '>=') %} |
| | | RHELAMI: ami-5b673c34 |
| | | {% else %} |
| | | RHELAMI: ami-cdbdd7a2 |
| | | {% endif %} |
| | | sa-east-1: |
| | | {% if osrelease is version_compare('3.9.25', '>=') %} |
| | | RHELAMI: ami-b0b7e3dc |
| | | {% else %} |
| | | RHELAMI: ami-a789ffcb |
| | | {% endif %} |
| | | DNSMapping: |
| | | us-east-1: |
| | | domain: "us-east-1.compute.internal" |
| | | us-west-1: |
| | | domain: "us-west-1.compute.internal" |
| | | us-west-2: |
| | | domain: "us-west-2.compute.internal" |
| | | eu-west-1: |
| | | domain: "eu-west-1.compute.internal" |
| | | eu-central-1: |
| | | domain: "eu-central-1.compute.internal" |
| | | ap-northeast-1: |
| | | domain: "ap-northeast-1.compute.internal" |
| | | ap-northeast-2: |
| | | domain: "ap-northeast-2.compute.internal" |
| | | ap-southeast-1: |
| | | domain: "ap-southeast-1.compute.internal" |
| | | ap-southeast-2: |
| | | domain: "ap-southeast-2.compute.internal" |
| | | sa-east-1: |
| | | domain: "sa-east-1.compute.internal" |
| | | ap-south-1: |
| | | domain: "ap-south-1.compute.internal" |
| | | {% include 'templates/region_mapping.j2' %} |
| | | |
| | | Resources: |
| | | Vpc: |
| | |
| | | {{instance['name']}}{{loop.index}}: |
| | | Type: "AWS::EC2::Instance" |
| | | Properties: |
| | | {% if (instance_default_image is defined |
| | | and env_type in instance_default_image |
| | | and osrelease in instance_default_image[env_type] |
| | | and aws_region in instance_default_image[env_type][osrelease]) |
| | | %} |
| | | ImageId: {{ instance_default_image[env_type][osrelease][aws_region] }} |
| | | {% else %} |
| | | ImageId: |
| | | Fn::FindInMap: |
| | | - RegionMapping |
| | | - Ref: AWS::Region |
| | | - {{ instance['image_id'] | default('RHELAMI') }} |
| | | {% endif %} |
| | | InstanceType: "{{instance['flavor'][cloud_provider]}}" |
| | | KeyName: "{{instance['key_name'] | default(key_name)}}" |
| | | {% if instance['UserData'] is defined %} |
New file |
| | |
| | | = Create custom image for this env |
| | | |
| | | You will find a packer file `packer.json`. |
| | | |
| | | To create the image for a specific version: |
| | | |
| | | ---- |
| | | packer build -var-file=~/secrets/rhte.json -var "ANSIBLE_REPO_PATH=$(pwd)/../../" -var own_repo_path=http://... packer.json |
| | | ---- |
| | | |
| | | |
| | | Where `rhte.json` contains: |
| | | |
| | | ---- |
| | | { |
| | | "aws_access_key_id": "...", |
| | | "aws_secret_access_key": "..." |
| | | } |
| | | ---- |
| | | |
| | | |
| | | This will create an image that you can define in the `instance_default_image` dictionary, for example: |
| | | |
| | | ---- |
| | | instance_default_image: |
| | | ocp-multi-cloud-example: |
| | | 3.10.14: |
| | | us-east-1: ami-xxxx |
| | | ---- |
New file |
| | |
| | | { |
| | | "builders": [ |
| | | { |
| | | "type": "amazon-ebs", |
| | | "access_key": "{{user `aws_access_key_id`}}", |
| | | "secret_key": "{{user `aws_secret_access_key`}}", |
| | | "region": "us-east-1", |
| | | "source_ami": "ami-6871a115", |
| | | "ami_regions": "us-east-1", |
| | | "instance_type": "t2.large", |
| | | "ssh_username": "ec2-user", |
| | | "ami_name": "packer updated RHEL 7.5 ocp-multi-cloud-example {{timestamp}}" |
| | | } |
| | | ], |
| | | |
| | | "provisioners": [ |
| | | { |
| | | "type": "ansible", |
| | | "playbook_file": "./pre_software.yml", |
| | | "user": "ec2-user", |
| | | "extra_arguments": [ |
| | | "--extra-vars", "ANSIBLE_REPO_PATH={{user `ANSIBLE_REPO_PATH`}}", |
| | | "--extra-vars", "own_repo_path={{user `own_repo_path`}}", |
| | | "--extra-vars", "env_type=ocp-multi-cloud-example", |
| | | "--tags", "packer" |
| | | ], |
| | | "ansible_env_vars": ["ANSIBLE_HOST_KEY_CHECKING=False"] |
| | | } |
| | | ] |
| | | } |
| | |
| | | - step004 |
| | | - step004.2 |
| | | - common_tasks |
| | | - packer |
| | | roles: |
| | | - role: "{{ ANSIBLE_REPO_PATH }}/roles/set-repositories" |
| | | when: repo_method is defined |
| | |
| | | - nodes |
| | | - infranodes |
| | | - masters |
| | | - default |
| | | become: true |
| | | gather_facts: false |
| | | vars_files: |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml" |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_secret_vars.yml" |
| | | tags: |
| | | - packer |
| | | tasks: |
| | | - name: install openshift_node packages |
| | | yum: |
New file |
| | |
| | | # |
| | | # /etc/ansible/hosts file for OpenShift Container Platform 3.10.34 |
| | | # |
| | | |
| | | [OSEv3:vars] |
| | | |
| | | ########################################################################### |
| | | ### Ansible Vars |
| | | ########################################################################### |
| | | timeout=60 |
| | | ansible_user={{ansible_ssh_user}} |
| | | ansible_become=yes |
| | | |
| | | ########################################################################### |
| | | ### OpenShift Basic Vars |
| | | ########################################################################### |
| | | |
| | | openshift_deployment_type=openshift-enterprise |
| | | |
| | | openshift_disable_check="disk_availability,memory_availability,docker_image_availability" |
| | | |
| | | oreg_url=registry.access.redhat.com/openshift3/ose-${component}:${version} |
| | | openshift_examples_modify_imagestreams=true |
| | | |
| | | {% if container_runtime == "cri-o" %} |
| | | openshift_use_crio=True |
| | | openshift_crio_enable_docker_gc=True |
| | | openshift_crio_docker_gc_node_selector={'runtime': 'cri-o'} |
| | | {% endif %} |
| | | |
| | | openshift_node_groups=[{'name': 'node-config-master', 'labels': ['node-role.kubernetes.io/master=true','runtime={{container_runtime}}']}, {'name': 'node-config-infra', 'labels': ['node-role.kubernetes.io/infra=true','runtime={{container_runtime}}']}, {'name': 'node-config-glusterfs', 'labels': ['runtime={{container_runtime}}']}, {'name': 'node-config-compute', 'labels': ['node-role.kubernetes.io/compute=true','runtime={{container_runtime}}'], 'edits': [{ 'key': 'kubeletArguments.pods-per-core','value': ['20']}]}] |
| | | # Configure node kubelet arguments. pods-per-core is valid in OpenShift Origin 1.3 or OpenShift Container Platform 3.3 and later. -> These need to go into the above |
| | | # openshift_node_kubelet_args={'pods-per-core': ['10'], 'max-pods': ['250'], 'image-gc-high-threshold': ['85'], 'image-gc-low-threshold': ['75']} |
| | | |
| | | # Configure logrotate scripts |
| | | # See: https://github.com/nickhammond/ansible-logrotate |
| | | logrotate_scripts=[{"name": "syslog", "path": "/var/log/cron\n/var/log/maillog\n/var/log/messages\n/var/log/secure\n/var/log/spooler\n", "options": ["daily", "rotate 7","size 500M", "compress", "sharedscripts", "missingok"], "scripts": {"postrotate": "/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true"}}] |
| | | |
| | | {% if install_glusterfs|bool %} |
| | | ########################################################################### |
| | | ### OpenShift Container Storage |
| | | ########################################################################### |
| | | |
| | | openshift_master_dynamic_provisioning_enabled=True |
| | | |
| | | # CNS storage cluster |
| | | # From https://github.com/red-hat-storage/openshift-cic |
| | | openshift_storage_glusterfs_namespace=openshift-storage |
| | | openshift_storage_glusterfs_storageclass=true |
| | | openshift_storage_glusterfs_storageclass_default=true |
| | | |
| | | openshift_storage_glusterfs_block_deploy=true |
| | | openshift_storage_glusterfs_block_host_vol_create=true |
| | | openshift_storage_glusterfs_block_host_vol_size=200 |
| | | openshift_storage_glusterfs_block_storageclass=true |
| | | openshift_storage_glusterfs_block_storageclass_default=false |
| | | |
| | | # Container image to use for glusterfs pods |
| | | openshift_storage_glusterfs_image="registry.access.redhat.com/rhgs3/rhgs-server-rhel7:v3.9" |
| | | |
| | | # Container image to use for glusterblock-provisioner pod |
| | | openshift_storage_glusterfs_block_image="registry.access.redhat.com/rhgs3/rhgs-gluster-block-prov-rhel7:v3.9" |
| | | |
| | | # Container image to use for heketi pods |
| | | openshift_storage_glusterfs_heketi_image="registry.access.redhat.com/rhgs3/rhgs-volmanager-rhel7:v3.9" |
| | | {% endif %} |
| | | |
| | | {% if install_nfs|bool %} |
| | | # Set this line to enable NFS |
| | | openshift_enable_unsupported_configurations=True |
| | | {% endif %} |
| | | |
| | | ########################################################################### |
| | | ### OpenShift Cockpit Vars |
| | | ########################################################################### |
| | | |
| | | # Enable cockpit |
| | | osm_use_cockpit=true |
| | | osm_cockpit_plugins=['cockpit-kubernetes'] |
| | | |
| | | ########################################################################### |
| | | ### OpenShift Master Vars |
| | | ########################################################################### |
| | | |
| | | openshift_master_api_port={{master_api_port}} |
| | | openshift_master_console_port={{master_api_port}} |
| | | |
| | | openshift_master_cluster_method=native |
| | | openshift_master_cluster_hostname={{master_lb_dns}} |
| | | openshift_master_cluster_public_hostname={{master_lb_dns}} |
| | | openshift_master_default_subdomain={{cloudapps_suffix}} |
| | | openshift_master_overwrite_named_certificates={{openshift_master_overwrite_named_certificates}} |
| | | |
| | | {% if install_lets_encrypt_certificates|bool %} |
| | | openshift_master_named_certificates={{lets_encrypt_openshift_master_named_certificates|to_json}} |
| | | {% endif %} |
| | | |
| | | openshift_set_hostname=True |
| | | |
| | | ########################################################################### |
| | | ### OpenShift Network Vars |
| | | ########################################################################### |
| | | |
| | | osm_cluster_network_cidr=10.1.0.0/16 |
| | | openshift_portal_net=172.30.0.0/16 |
| | | |
| | | # os_sdn_network_plugin_name='redhat/openshift-ovs-networkpolicy' |
| | | {{multi_tenant_setting}} |
| | | |
| | | ########################################################################### |
| | | ### OpenShift Authentication Vars |
| | | ########################################################################### |
| | | |
| | | {% if install_idm == "ldap" or 'ldap' in install_idms|d([]) %} |
| | | {{openshift_master_ldap_ca_file}} |
| | | {% endif %} |
| | | |
| | | {% if install_idm == "htpasswd" or 'htpasswd' in install_idms|d([]) %} |
| | | openshift_master_htpasswd_file=/root/htpasswd.openshift |
| | | {% endif %} |
| | | |
| | | openshift_master_identity_providers={{identity_providers|to_json}} |
| | | |
| | | {% if admission_plugin_config is defined %} |
| | | ########################################################################### |
| | | ### OpenShift admission plugin config |
| | | ########################################################################### |
| | | |
| | | openshift_master_admission_plugin_config={{admission_plugin_config|to_json}} |
| | | {% endif %} |
| | | |
| | | ########################################################################### |
| | | ### OpenShift Metrics and Logging Vars |
| | | ########################################################################### |
| | | |
| | | ######################## |
| | | # Enable cluster metrics |
| | | ######################## |
| | | openshift_metrics_install_metrics={{install_metrics}} |
| | | |
| | | {% if install_nfs|bool and not install_glusterfs|bool %} |
| | | openshift_metrics_storage_kind=nfs |
| | | openshift_metrics_storage_access_modes=['ReadWriteOnce'] |
| | | openshift_metrics_storage_nfs_directory=/srv/nfs |
| | | openshift_metrics_storage_nfs_options='*(rw,root_squash)' |
| | | openshift_metrics_storage_volume_name=metrics |
| | | openshift_metrics_storage_volume_size=10Gi |
| | | openshift_metrics_storage_labels={'storage': 'metrics'} |
| | | openshift_metrics_cassanda_pvc_storage_class_name='' |
| | | {% endif %} |
| | | |
| | | {% if install_glusterfs|bool %} |
| | | openshift_metrics_storage_kind=dynamic |
| | | openshift_metrics_storage_volume_size=20Gi |
| | | openshift_metrics_cassandra_pvc_storage_class_name='glusterfs-storage-block' |
| | | {% endif %} |
| | | |
| | | openshift_metrics_hawkular_nodeselector={"node-role.kubernetes.io/infra": "true"} |
| | | openshift_metrics_cassandra_nodeselector={"node-role.kubernetes.io/infra": "true"} |
| | | openshift_metrics_heapster_nodeselector={"node-role.kubernetes.io/infra": "true"} |
| | | |
| | | # Store Metrics for 2 days |
| | | openshift_metrics_duration=2 |
| | | |
| | | {% if install_prometheus|bool %} |
| | | ######################### |
| | | # Add Prometheus Metrics: |
| | | ######################### |
| | | openshift_hosted_prometheus_deploy=true |
| | | openshift_prometheus_namespace=openshift-metrics |
| | | openshift_prometheus_node_selector={"node-role.kubernetes.io/infra":"true"} |
| | | |
| | | # Prometheus |
| | | {% if install_glusterfs|bool %} |
| | | openshift_prometheus_storage_type='pvc' |
| | | openshift_prometheus_storage_kind=dynamic |
| | | openshift_prometheus_storage_class='glusterfs-storage-block' |
| | | openshift_prometheus_storage_volume_size=20Gi |
| | | openshift_prometheus_storage_access_modes=['ReadWriteOnce'] |
| | | openshift_prometheus_storage_volume_name=prometheus |
| | | {% elif install_nfs|bool %} |
| | | openshift_prometheus_storage_type='emptydir' |
| | | {% endif %} |
| | | |
| | | # For prometheus-alertmanager |
| | | {% if install_glusterfs|bool %} |
| | | openshift_prometheus_alertmanager_storage_type='pvc' |
| | | openshift_prometheus_alertmanager_storage_kind=dynamic |
| | | openshift_prometheus_alertmanager_storage_class='glusterfs-storage-block' |
| | | openshift_prometheus_alertmanager_storage_access_modes=['ReadWriteOnce'] |
| | | openshift_prometheus_alertmanager_storage_volume_size=10Gi |
| | | openshift_prometheus_alertmanager_storage_volume_name=prometheus-alertmanager |
| | | {% elif install_nfs|bool %} |
| | | openshift_prometheus_alertmanager_storage_type='emptydir' |
| | | {% endif %} |
| | | |
| | | # For prometheus-alertbuffer |
| | | {% if install_glusterfs|bool %} |
| | | openshift_prometheus_alertbuffer_storage_type='pvc' |
| | | openshift_prometheus_alertbuffer_storage_kind=dynamic |
| | | openshift_prometheus_alertbuffer_storage_class='glusterfs-storage-block' |
| | | openshift_prometheus_alertbuffer_storage_access_modes=['ReadWriteOnce'] |
| | | openshift_prometheus_alertbuffer_storage_volume_name=prometheus-alertbuffer |
| | | openshift_prometheus_alertbuffer_storage_volume_size=10Gi |
| | | {% elif install_nfs|bool %} |
| | | openshift_prometheus_alertbuffer_storage_type='emptydir' |
| | | {% endif %} |
| | | |
| | | # Suggested Quotas and limits for Prometheus components: |
| | | openshift_prometheus_memory_requests=2Gi |
| | | openshift_prometheus_cpu_requests=750m |
| | | openshift_prometheus_memory_limit=2Gi |
| | | openshift_prometheus_cpu_limit=750m |
| | | openshift_prometheus_alertmanager_memory_requests=300Mi |
| | | openshift_prometheus_alertmanager_cpu_requests=200m |
| | | openshift_prometheus_alertmanager_memory_limit=300Mi |
| | | openshift_prometheus_alertmanager_cpu_limit=200m |
| | | openshift_prometheus_alertbuffer_memory_requests=300Mi |
| | | openshift_prometheus_alertbuffer_cpu_requests=200m |
| | | openshift_prometheus_alertbuffer_memory_limit=300Mi |
| | | openshift_prometheus_alertbuffer_cpu_limit=200m |
| | | # The following file will need to be copied over to the bastion before deployment |
| | | # There is an example in ocp-workshop/files |
| | | # openshift_prometheus_additional_rules_file=/root/prometheus_alerts_rules.yml |
| | | |
| | | # Grafana |
| | | openshift_grafana_node_selector={"node-role.kubernetes.io/infra":"true"} |
| | | openshift_grafana_storage_type=pvc |
| | | openshift_grafana_pvc_size=2Gi |
| | | openshift_grafana_node_exporter=true |
| | | openshift_grafana_prometheus_namespace="openshift-metrics" |
| | | openshift_grafana_prometheus_serviceaccount="prometheus" |
| | | openshift_grafana_prometheus_route="prometheus" |
| | | |
| | | {% if install_glusterfs|bool %} |
| | | openshift_grafana_sc_name=glusterfs-storage |
| | | {% endif %} |
| | | |
| | | {% endif %} |
| | | |
| | | # Enable cluster logging |
| | | ######################## |
| | | openshift_logging_install_logging={{install_logging}} |
| | | |
| | | {% if install_nfs|bool and not install_glusterfs|bool %} |
| | | openshift_logging_storage_kind=nfs |
| | | openshift_logging_storage_access_modes=['ReadWriteOnce'] |
| | | openshift_logging_storage_nfs_directory=/srv/nfs |
| | | openshift_logging_storage_nfs_options='*(rw,root_squash)' |
| | | openshift_logging_storage_volume_name=logging |
| | | openshift_logging_storage_volume_size=10Gi |
| | | openshift_logging_storage_labels={'storage': 'logging'} |
| | | openshift_logging_es_pvc_storage_class_name='' |
| | | {% endif %} |
| | | {% if install_glusterfs|bool %} |
| | | openshift_logging_es_pvc_dynamic=true |
| | | openshift_logging_es_pvc_size=20Gi |
| | | openshift_logging_es_cluster_size=1 |
| | | openshift_logging_es_pvc_storage_class_name='glusterfs-storage-block' |
| | | {% endif %} |
| | | |
| | | openshift_logging_kibana_nodeselector={"node-role.kubernetes.io/infra": "true"} |
| | | openshift_logging_curator_nodeselector={"node-role.kubernetes.io/infra": "true"} |
| | | openshift_logging_es_nodeselector={"node-role.kubernetes.io/infra": "true"} |
| | | |
| | | openshift_logging_es_cluster_size=1 |
| | | openshift_logging_curator_default_days=3 |
| | | |
| | | ########################################################################### |
| | | ### OpenShift Router and Registry Vars |
| | | ########################################################################### |
| | | |
| | | openshift_hosted_router_replicas={{infranode_instance_count}} |
| | | |
| | | {% if install_lets_encrypt_certificates|bool %} |
| | | openshift_hosted_router_certificate={{lets_encrypt_openshift_hosted_router_certificate|to_json}} |
| | | {% endif %} |
| | | |
| | | openshift_hosted_registry_replicas=1 |
| | | openshift_hosted_registry_pullthrough=true |
| | | openshift_hosted_registry_acceptschema2=true |
| | | openshift_hosted_registry_enforcequota=true |
| | | |
| | | {% if s3user_access_key is defined %} |
| | | # Registry AWS S3 |
| | | # S3 bucket must already exist. |
| | | openshift_hosted_registry_storage_kind=object |
| | | openshift_hosted_registry_storage_provider=s3 |
| | | openshift_hosted_registry_storage_s3_accesskey={{ s3user_access_key }} |
| | | openshift_hosted_registry_storage_s3_secretkey={{ s3user_secret_access_key }} |
| | | openshift_hosted_registry_storage_s3_bucket={{ project_tag }} |
| | | openshift_hosted_registry_storage_s3_region={{ aws_region_final|d(aws_region) }} |
| | | openshift_hosted_registry_storage_s3_chunksize=26214400 |
| | | openshift_hosted_registry_storage_s3_rootdirectory=/registry |
| | | {% endif %} |
| | | |
| | | ########################################################################### |
| | | ### OpenShift Service Catalog Vars |
| | | ########################################################################### |
| | | |
| | | openshift_enable_service_catalog=true |
| | | |
| | | template_service_broker_install=true |
| | | # openshift_template_service_broker_namespaces=['openshift'] |
| | | |
| | | ansible_service_broker_install=true |
| | | ansible_service_broker_local_registry_whitelist=['.*-apb$'] |
| | | |
| | | ########################################################################### |
| | | ### OpenShift Hosts |
| | | ########################################################################### |
| | | [OSEv3:children] |
| | | masters |
| | | etcd |
| | | nodes |
| | | {% if install_nfs|bool %} |
| | | nfs |
| | | {% endif %} |
| | | {% if install_glusterfs|bool %} |
| | | glusterfs |
| | | {% endif %} |
| | | {% if groups['newnodes']|d([])|length > 0 %} |
| | | new_nodes |
| | | {% endif %} |
| | | |
| | | [masters] |
| | | {% for host in groups['masters']|sort %} |
| | | {{ hostvars[host].internaldns }} |
| | | {% endfor %} |
| | | |
| | | [etcd] |
| | | {% for host in groups['masters']|sort %} |
| | | {{ hostvars[host].internaldns }} |
| | | {% endfor %} |
| | | |
| | | [nodes] |
| | | ## These are the masters |
| | | {% for host in groups['masters']|sort %} |
| | | {{ hostvars[host].internaldns }} openshift_node_group_name='node-config-master' |
| | | {% endfor %} |
| | | |
| | | ## These are infranodes |
| | | {% for host in groups['infranodes']|sort %} |
| | | {{ hostvars[host].internaldns }} openshift_node_group_name='node-config-infra' |
| | | {% endfor %} |
| | | |
| | | ## These are regular nodes |
| | | {% for host in groups['nodes']|sort |
| | | if host not in groups['newnodes']|d([]) |
| | | and host not in groups['glusterfs']|d([]) |
| | | %} |
| | | {{ hostvars[host].internaldns }} openshift_node_group_name='node-config-compute' |
| | | {% endfor %} |
| | | |
| | | {% if groups['glusterfs']|d([])|length > 0 %} |
| | | ## These are glusterfs nodes |
| | | {% for host in groups['glusterfs']|sort %} |
| | | {{ hostvars[host].internaldns }} openshift_node_group_name='node-config-compute' |
| | | {% endfor %} |
| | | {% endif %} |
| | | |
| | | {% if groups['newnodes']|d([])|length > 0 %} |
| | | # scaleup performed, leave an empty group, see: |
| | | # https://docs.openshift.com/container-platform/3.7/install_config/adding_hosts_to_existing_cluster.html |
| | | [new_nodes] |
| | | {% for host in groups['newnodes']|sort %} |
| | | {{ hostvars[host].internaldns }} ansible_ssh_user={{remote_user}} ansible_ssh_private_key_file=~/.ssh/{{key_name}}.pem openshift_node_group_name='node-config-compute' |
| | | {% endfor %} |
| | | {% endif %} |
| | | |
| | | {% if install_nfs|bool %} |
| | | [nfs] |
| | | {% for host in [groups['support']|sort|first] %} |
| | | {{ hostvars[host].internaldns }} |
| | | {% endfor %} |
| | | {% endif %} |
| | | |
| | | {% if install_glusterfs|bool %} |
| | | {% set query = "[?name=='support']|[0].volumes[?purpose=='glusterfs'].device_name" %} |
| | | [glusterfs] |
| | | {% for host in groups['glusterfs']|sort %} |
| | | {% if loop.index % 3 == 1 %} |
| | | {% set glusterfs_zone = 1 %} |
| | | {% elif loop.index % 3 == 2 %} |
| | | {% set glusterfs_zone = 2 %} |
| | | {% elif loop.index % 3 == 0 %} |
| | | {% set glusterfs_zone = 3 %} |
| | | {% endif %} |
| | | {% if cloud_provider == 'ec2' %} |
| | | {{ hostvars[host].internaldns }} glusterfs_zone={{ glusterfs_zone }} glusterfs_devices='{{instances|json_query(query)|to_json}}' |
| | | {% elif cloud_provider == 'azure' %} |
| | | {{ hostvars[host].internaldns }} glusterfs_zone={{ glusterfs_zone }} glusterfs_devices='{{ [ hostvars[host].glusterfs_device_name ] |to_json}}' |
| | | {% endif %} |
| | | {% endfor %} |
| | | {% endif %} |
| | |
| | | - name: Redeploy dockergc DaemonSet pods |
| | | shell: "oc delete pod $(oc get pods -n default|grep dockergc|awk -c '{print $1}') -n default" |
| | | |
| | | # - name: Fix Error pods when using CRI-O (3.10+) |
| | | # gather_facts: False |
| | | # become: yes |
| | | # hosts: masters |
| | | # run_once: true |
| | | # vars_files: |
| | | # - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml" |
| | | # tasks: |
| | | # - name: Fix cri-o containers in error state |
| | | # when: |
| | | # - osrelease is version_compare('3.10.0', '>=') |
| | | # - container_runtime == "cri-o" |
| | | # block: |
| | | # - name: Find Elasticsearch Deployment Config |
| | | # shell: "oc get dc -o=custom-columns=NAME:.metadata.name -n openshift-logging|grep data" |
| | | # register: logging_dc |
| | | # - name: Redeploy elasticsearcht pods |
| | | # shell: "oc rollout latest {{ logging_dc.stdout }} -n openshift-logging" |
| | | # - name: Redeploy asb |
| | | # shell: "oc rollout latest asb -n openshift-ansible-broker" |
| | | |
| | | # Install OpenWhisk |
| | | - name: Install OpenWhisk |
| | | hosts: masters |
| | |
| | | - name: Add admin permissions to admin_user for Grafana project |
| | | shell: "oc policy add-role-to-user admin {{admin_user}} -n openshift-grafana" |
| | | when: grafana_exists is failed |
| | | |
| | | # Update Firewall Rules for Node Exporter to work (3.10 and onwards). |
| | | - name: Node Exporter and Grafana Configuration (3.10+) |
| | | gather_facts: False |
| | | become: yes |
| | | hosts: |
| | | - nodes |
| | | - infranodes |
| | | - masters |
| | | vars_files: |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml" |
| | | tags: |
| | | - install_prometheus |
| | | tasks: |
| | | - when: |
| | | - install_prometheus|d(False)|bool |
| | | - osrelease is version_compare("3.10", ">=") |
| | | block: |
| | | # Node Exporters on all Nodes liston on port 9100. |
| | | # Open Firewall Port 9100 for future sessions by adding |
| | | # the rule to the iptables file. |
| | | - name: Open Firewall port 9100 for future sessions |
| | | lineinfile: |
| | | dest: /etc/sysconfig/iptables |
| | | insertafter: '-A FORWARD -j REJECT --reject-with icmp-host-prohibited' |
| | | line: '-A OS_FIREWALL_ALLOW -p tcp -m state --state NEW -m tcp --dport 9100 -j ACCEPT' |
| | | state: present |
| | | # Open Firewall Port 9100 for current session by adding |
| | | # the rule to the current iptables configuration. We won't |
| | | # need to restart the iptables service - which will ensure |
| | | # all OpenShift rules stay in place. |
| | | - name: Open Firewall Port 9100 for current session |
| | | iptables: |
| | | action: insert |
| | | protocol: tcp |
| | | destination_port: 9100 |
| | | state: present |
| | | chain: OS_FIREWALL_ALLOW |
| | | jump: ACCEPT |
| | | |
| | | - name: Customize Service Catalog UI for workshops |
| | | hosts: masters |
| | |
| | | when: install_maistra|d(False)|bool |
| | | |
| | | # WK Added for RHTE |
| | | # Install Infrastructure workloads first |
| | | # - name: Install ocp-infra workloads |
| | | # hosts: masters |
| | | # gather_facts: false |
| | | # run_once: true |
| | | # become: yes |
| | | # vars_files: |
| | | # - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml" |
| | | # - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_secret_vars.yml" |
| | | # tasks: |
| | | # - name: Install ocp-infra workloads |
| | | # when: |
| | | # - infra_workloads|d("")|length > 0 |
| | | # block: |
| | | # - name: Check if admin_user is set |
| | | # fail: |
| | | # msg: admin_user must be set for ocp-infra workloads |
| | | # when: |
| | | # - not admin_user is defined or admin_user|length == 0 |
| | | # - name: Install ocp-infra-workloads |
| | | # when: |
| | | # - infra_workloads|d("")|length >0 |
| | | # block: |
| | | # - name: Deploy ocp-infra workloads |
| | | # include_role: |
| | | # name: "{{ ANSIBLE_REPO_PATH }}/roles/{{ workload_loop_var }}" |
| | | # vars: |
| | | # admin_user: "{{ admin_user }}" |
| | | # ocp_username: "{{ admin_user }}" |
| | | # ACTION: "provision" |
| | | # loop: "{{ infra_workloads.split(',')|list }}" |
| | | # loop_control: |
| | | # loop_var: workload_loop_var |
| | | |
| | | # Install User Workloads second |
| | | # - name: Install ocp-workload workloads for multiple Users |
| | | # hosts: masters |
| | | # gather_facts: false |
| | |
| | | # loop: "{{ users | product(student_workloads.split(','))|list }}" |
| | | # loop_control: |
| | | # loop_var: workload_loop_var |
| | | |
| | | # - name: Install ocp-infra workloads |
| | | # hosts: masters |
| | | # gather_facts: false |
| | | # run_once: true |
| | | # become: yes |
| | | # vars_files: |
| | | # - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml" |
| | | # - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_secret_vars.yml" |
| | | # tasks: |
| | | # - name: Install ocp-infra workloads |
| | | # when: |
| | | # - infra_workloads|d("")|length > 0 |
| | | # block: |
| | | # - name: Check if admin_user is set |
| | | # fail: |
| | | # msg: admin_user must be set for ocp-infra workloads |
| | | # when: |
| | | # - not admin_user is defined or admin_user|length == 0 |
| | | # - name: Install ocp-infra-workloads |
| | | # when: |
| | | # - infra_workloads|d("")|length >0 |
| | | # block: |
| | | # - name: Deploy ocp-infra workloads |
| | | # include_role: |
| | | # name: "{{ ANSIBLE_REPO_PATH }}/roles/{{ workload_loop_var[1] }}" |
| | | # vars: |
| | | # admin_user: "{{ admin_user }}" |
| | | # ocp_username: "user{{ workload_loop_var[0] }}" |
| | | # ACTION: "provision" |
| | | # loop: "{{ infra_workloads.split(',')|list }}" |
| | | # loop_control: |
| | | # loop_var: workload_loop_var |
| | | # WK Added for RHTE End |
| | | |
| | | - name: Zabbix for masters |
| | |
| | | vars: |
| | | zabbix_auto_registration_keyword: OCP Host |
| | | tasks: |
| | | - when: install_zabbix_bool |
| | | - when: install_zabbix|bool |
| | | include_role: |
| | | name: "{{ ANSIBLE_REPO_PATH }}/roles/zabbix-client" |
| | | tags: |
New file |
| | |
| | | = OCP Client VM (ocp-clientvm) Standard Config |
| | | |
| | | == Set up your "Secret" variables |
| | | |
| | | * You need to provide some credentials for deployments to work |
| | | * Create a file called "env_secret_vars.yml" and put it in the ./ansible/configs/CONFIGNAME/ directory. |
| | | ** At this point this file *has to be created* even if no vars from it are used. |
| | | * You can choose to provide these values as extra vars (-e "var=value") in the command line if you prefer not to keep sensitive information in a file. |
| | | |
| | | .Example contents of "Secret" Vars file |
| | | ---- |
| | | # ## Logon credentials for Red Hat Network |
| | | # ## Required if using the subscription component |
| | | # ## of this playbook. |
| | | rhel_subscription_user: '' |
| | | rhel_subscription_pass: '' |
| | | # |
| | | # ## AWS Credentials. This is required. |
| | | aws_access_key_id: "" |
| | | aws_secret_access_key: "" |
| | | # |
| | | #If using repo_method: satellite, you must set these values as well. |
| | | satellite_url: https://satellite.example.com |
| | | satellite_org: Sat_org_name |
| | | satellite_activationkey: "rhel7basic" |
| | | ---- |
| | | |
| | | == Review the Env_Type variable file |
| | | |
| | | * This file link:./env_vars.yml[./env_vars.yml] contains all the variables you need to define to control the deployment of your environment. |
| | | |
| | | |
| | | === IPA registration |
| | | |
| | | You can either provide `ipa_host_password` or a couple `ipa_kerberos_user`/`ipa_kerberos_password` to register the host to the ipa server. See link:../../roles/bastion-opentlc-ipa[roles/bastion-opentlc-ipa]. |
| | | |
| | | == Running Ansible Playbook |
| | | |
| | | You can run the playbook with the following arguments to overwrite the default variable values: |
| | | |
| | | [source,bash] |
| | | ---- |
| | | GUID=testclientvm1 |
| | | REGION=us-east-1 |
| | | KEYNAME=ocpkey |
| | | ENVTYPE="ocp-clientvm" |
| | | CLOUDPROVIDER=ec2 |
| | | HOSTZONEID='Z186MFNM7DX4NF' |
| | | REPO_PATH='https://admin.example.com/repos/ocp/3.9.14/' |
| | | BASESUFFIX='.example.opentlc.com' |
| | | REPO_VERSION=3.9 |
| | | DEPLOYER_REPO_PATH=`pwd` |
| | | OSRELEASE=3.9.14 |
| | | |
| | | ansible-playbook main.yml \ |
| | | -e "guid=${GUID}" \ |
| | | -e "env_type=${ENVTYPE}" \ |
| | | -e "osrelease=${OSRELEASE}" \ |
| | | -e "repo_version=${REPO_VERSION}" \ |
| | | -e "docker_version=1.13.1" \ |
| | | -e "cloud_provider=${CLOUDPROVIDER}" |
| | | -e "aws_region=${REGION}" \ |
| | | -e "HostedZoneId=${HOSTZONEID}" \ |
| | | -e "key_name=${KEYNAME}" \ |
| | | -e "subdomain_base_suffix=${BASESUFFIX}" \ |
| | | -e "clientvm_instance_type=t2.large" \ |
| | | -e "email=name@example.com" \ |
| | | -e "software_to_deploy=none" \ |
| | | -e "ANSIBLE_REPO_PATH=${DEPLOYER_REPO_PATH}" \ |
| | | -e "own_repo_path=${REPO_PATH}" |
| | | ---- |
| | | |
| | | === Satellite version |
| | | ---- |
| | | GUID=testclientvm1 |
| | | REGION=us-east-1 |
| | | KEYNAME=ocpkey |
| | | ENVTYPE="ocp-clientvm" |
| | | CLOUDPROVIDER=ec2 |
| | | HOSTZONEID='Z186MFNM7DX4NF' |
| | | BASESUFFIX='.example.opentlc.com' |
| | | REPO_VERSION=3.9 |
| | | DEPLOYER_REPO_PATH=`pwd` |
| | | |
| | | LOG_FILE=/tmp/${ENVTYPE}-${GUID}.log |
| | | IPAPASS=$5 |
| | | |
| | | if [ "$1" = "provision" ] ; then |
| | | |
| | | echo "Provisioning: ${STACK_NAME}" 1>> $LOG_FILE 2>> $LOG_FILE |
| | | |
| | | ansible-playbook ${DEPLOYER_REPO_PATH}/main.yml \ |
| | | -e "guid=${GUID}" \ |
| | | -e "env_type=${ENVTYPE}" \ |
| | | -e "key_name=${KEYNAME}" \ |
| | | -e "cloud_provider=${CLOUDPROVIDER}" \ |
| | | -e "aws_region=${REGION}" \ |
| | | -e "HostedZoneId=${HOSTZONEID}" \ |
| | | -e "subdomain_base_suffix=${BASESUFFIX}" \ |
| | | -e "clientvm_instance_type=t2.large" \ |
| | | -e "ipa_host_password=${IPAPASS}" |
| | | -e "repo_method=satellite" \ |
| | | -e "repo_version=${REPO_VERSION}" \ |
| | | -e "email=name@example.com" \ |
| | | -e "software_to_deploy=none" \ |
| | | -e "osrelease=3.9.14" \ |
| | | -e "docker_version=1.13.1" \ |
| | | -e "ANSIBLE_REPO_PATH=${DEPLOYER_REPO_PATH}" 1>> $LOG_FILE 2>> $LOG_FILE |
| | | ---- |
| | | |
| | | === To Delete an environment |
| | | ---- |
| | | REGION=us-east-1 |
| | | KEYNAME=ocpkey |
| | | GUID=testclientvm1 |
| | | ENVTYPE="ocp-clientvm" |
| | | CLOUDPROVIDER=ec2 |
| | | HOSTZONEID='Z186MFNM7DX4NF' |
| | | |
| | | ansible-playbook ./configs/${ENVTYPE}/destroy_env.yml \ |
| | | -e "guid=${GUID}" \ |
| | | -e "env_type=${ENVTYPE}" \ |
| | | -e "cloud_provider=${CLOUDPROVIDER}" \ |
| | | -e "aws_region=${REGION}" \ |
| | | -e "HostedZoneId=${HOSTZONEID}" \ |
| | | -e "key_name=${KEYNAME}" \ |
| | | -e "subdomain_base_suffix=${BASESUFFIX}" |
| | | ---- |
| | | |
| | | |
| | | == Example RC file |
| | | |
| | | Use a RC file like this one to create a ClientVM with the wrapper.sh script: |
| | | |
| | | ---- |
| | | GUID=myclient |
| | | REGION=us-east-1 |
| | | KEYNAME=ocpkey |
| | | ENVTYPE=ocp-clientvm |
| | | SOFTWARE_TO_DEPLOY=none |
| | | HOSTZONEID='Z3IHLWJZOU9SRT' |
| | | ENVTYPE_ARGS=( |
| | | -e repo_version=3.9 |
| | | -e osrelease=3.9.14 |
| | | -e own_repo_path=http://admin.example.com/repos/ocp/3.9.14 |
| | | -e docker_version=1.13.1 |
| | | -e "clientvm_instance_type=t2.large" |
| | | -e "subdomain_base_suffix=.example.opentlc.com" |
| | | ) |
| | | ---- |
New file |
| | |
| | | --- |
| | | - name: Delete Infrastructure |
| | | hosts: localhost |
| | | connection: local |
| | | gather_facts: False |
| | | become: no |
| | | vars_files: |
| | | - "./env_vars.yml" |
| | | - "./env_secret_vars.yml" |
| | | |
| | | tasks: |
| | | - debug: |
| | | msg: Deleting Infrastructure |
| | | |
| | | - import_playbook: "../../cloud_providers/ec2_destroy_env.yml" |
New file |
| | |
| | | ###### VARIABLES YOU SHOULD CONFIGURE FOR YOUR DEPLOYEMNT |
| | | ###### OR PASS as "-e" args to ansible-playbook command |
| | | |
| | | ### Common Host settings |
| | | repo_method: file # Other Options are: file, satellite and rhn |
| | | # Do you want to run a full yum update |
| | | update_packages: true |
| | | #If using repo_method: satellite, you must set these values as well. |
| | | # satellite_url: https://satellite.example.com |
| | | # satellite_org: Sat_org_name |
| | | # satellite_activationkey: "rhel7basic" |
| | | |
| | | ## guid is the deployment unique identifier, it will be appended to all tags, |
| | | ## files and anything that identifies this environment from another "just like it" |
| | | guid: defaultguid |
| | | |
| | | # The next flag is 1 by default. If it is set to more than 1 then instead of creating |
| | | # clientvm.guid.baseurl it will create clientvm{1..num_users}.guid.baseurl |
| | | num_users: 1 |
| | | install_bastion: true |
| | | install_common: true |
| | | install_opentlc_integration: true |
| | | install_ipa_client: false |
| | | # Install a user id 'student'. If install_student_user=true then a global variable |
| | | # student_password=password needs to be provided with the password to set for the user student |
| | | install_student_user: false |
| | | docker_device: /dev/xvdb |
| | | docker_version: "{{ '1.12.6' if repo_version | version_compare('3.9', '<') else '1.13.1' }}" |
| | | |
| | | ### If you want a Key Pair name created and injected into the hosts, |
| | | # set `set_env_authorized_key` to true and set the keyname in `env_authorized_key` |
| | | # you can use the key used to create the environment or use your own self generated key |
| | | # if you set "use_own_key" to false your PRIVATE key will be copied to the bastion. (This is {{key_name}}) |
| | | |
| | | use_own_key: true |
| | | env_authorized_key: "{{guid}}key" |
| | | ansible_ssh_private_key_file: ~/.ssh/{{key_name}}.pem |
| | | set_env_authorized_key: true |
| | | |
| | | # Is this running from Red Hat Ansible Tower |
| | | tower_run: false |
| | | |
| | | ### AWS EC2 Environment settings |
| | | |
| | | ### Route 53 Zone ID (AWS) |
| | | # This is the Route53 HostedZoneId where you will create your Public DNS entries |
| | | # This only needs to be defined if your CF template uses route53 |
| | | HostedZoneId: Z3IHLWJZOU9SRT |
| | | # The region to be used, if not specified by -e in the command line |
| | | aws_region: us-east-1 |
| | | # The key that is used to |
| | | key_name: "default_key_name" |
| | | |
| | | ## Networking (AWS) |
| | | subdomain_base_short: "{{ guid }}" |
| | | subdomain_base_suffix: ".example.opentlc.com" |
| | | subdomain_base: "{{subdomain_base_short}}{{subdomain_base_suffix}}" |
| | | |
| | | ## Environment Sizing |
| | | |
| | | clientvm_instance_type: "t2.large" |
| | | |
| | | ###### VARIABLES YOU SHOULD ***NOT*** CONFIGURE FOR YOUR DEPLOYEMNT |
| | | |
| | | ## This might get removed |
| | | env_specific_images: |
| | | # - "registry.access.redhat.com/jboss-eap-7/eap70-openshift:latest" |
| | | # - "registry.access.redhat.com/openshift3/jenkins-2-rhel7:latest" |
| | | # - "registry.access.redhat.com/openshift3/jenkins-slave-maven-rhel7:latest" |
| | | |
| | | #### Vars for the OpenShift Ansible hosts file |
| | | ## TODO: This should be registered as a variable. Awk for os verions (OCP). |
| | | ## yum info openshift... |
| | | osrelease: 3.9.40 |
| | | |
| | | ###### You can, but you usually wouldn't need to. |
| | | ansible_ssh_user: ec2-user |
| | | remote_user: ec2-user |
| | | |
| | | common_packages: |
| | | - git |
| | | - ansible |
| | | - docker |
| | | |
| | | rhel_repos: |
| | | - rhel-7-server-rpms |
| | | - rhel-7-server-extras-rpms |
| | | - rhel-7-server-ose-{{repo_version}}-rpms |
| | | - rhel-7-fast-datapath-rpms |
| | | - rhel-7-server-ansible-2.4-rpms |
| | | |
| | | # use_subscription_manager: false |
| | | # use_own_repos: true |
| | | # |
| | | # rhn_pool_id_string: OpenShift Container Platform |
| | | |
| | | ### CLOUDFORMATIONS vars |
| | | |
| | | project_tag: "{{ env_type }}-{{ guid }}" |
| | | |
| | | create_internal_dns_entries: false |
| | | zone_internal_dns: "{{guid}}.internal." |
| | | chomped_zone_internal_dns: "{{guid}}.internal" |
| | | zone_public_dns: "{{subdomain_base}}." |
| | | |
| | | bastion_public_dns: "bastion.{{subdomain_base}}." |
| | | bastion_public_dns_chomped: "bastion.{{subdomain_base}}" |
| | | vpcid_name_tag: "{{subdomain_base}}" |
| | | |
| | | az_1_name: "{{ aws_region }}a" |
| | | az_2_name: "{{ aws_region }}b" |
| | | |
| | | subnet_private_1_cidr_block: "192.168.2.0/24" |
| | | subnet_private_1_az: "{{ az_2_name }}" |
| | | subnet_private_1_name_tag: "{{subdomain_base}}-private" |
| | | |
| | | subnet_private_2_cidr_block: "192.168.1.0/24" |
| | | subnet_private_2_az: "{{ az_1_name }}" |
| | | subnet_private_2_name_tag: "{{subdomain_base}}-private" |
| | | |
| | | subnet_public_1_cidr_block: "192.168.10.0/24" |
| | | subnet_public_1_az: "{{ az_1_name }}" |
| | | subnet_public_1_name_tag: "{{subdomain_base}}-public" |
| | | |
| | | subnet_public_2_cidr_block: "192.168.20.0/24" |
| | | subnet_public_2_az: "{{ az_2_name }}" |
| | | subnet_public_2_name_tag: "{{subdomain_base}}-public" |
| | | |
| | | dopt_domain_name: "{{ aws_region }}.compute.internal" |
| | | |
| | | rtb_public_name_tag: "{{subdomain_base}}-public" |
| | | rtb_private_name_tag: "{{subdomain_base}}-private" |
| | | |
| | | cf_template_description: "{{ env_type }}-{{ guid }} template " |
| | | |
| | | cloudformation_retries: 2 |
| | | ocp_report: false |
| | | |
| | | rootfs_size_clientvm: 200 |
| | | |
| | | instances: |
| | | - name: "clientvm" |
| | | count: "{{num_users}}" |
| | | public_dns: true |
| | | flavor: |
| | | "ec2": "{{clientvm_instance_type}}" |
| | | tags: |
| | | - key: "AnsibleGroup" |
| | | value: "bastions" |
| | | - key: "ostype" |
| | | value: "linux" |
| | | rootfs_size: "{{ rootfs_size_clientvm }}" |
| | | volumes: |
| | | - device_name: "{{docker_device}}" |
| | | volume_size: 100 |
| | | volume_type: gp2 |
New file |
| | |
| | | #jinja2: lstrip_blocks: True |
| | | --- |
| | | AWSTemplateFormatVersion: "2010-09-09" |
| | | Mappings: |
| | | RegionMapping: |
| | | us-east-1: |
| | | {% if osrelease is version_compare('3.9.25', '>=') %} |
| | | RHELAMI: ami-6871a115 |
| | | {% else %} |
| | | RHELAMI: ami-c998b6b2 |
| | | {% endif %} |
| | | us-east-2: |
| | | {% if osrelease is version_compare('3.9.25', '>=') %} |
| | | RHELAMI: ami-03291866 |
| | | {% else %} |
| | | RHELAMI: ami-cfdafaaa |
| | | {% endif %} |
| | | us-west-1: |
| | | {% if osrelease is version_compare('3.9.25', '>=') %} |
| | | RHELAMI: ami-18726478 |
| | | {% else %} |
| | | RHELAMI: ami-66eec506 |
| | | {% endif %} |
| | | us-west-2: |
| | | {% if osrelease is version_compare('3.9.25', '>=') %} |
| | | RHELAMI: ami-223f945a |
| | | {% else %} |
| | | RHELAMI: ami-9fa343e7 |
| | | {% endif %} |
| | | eu-west-1: |
| | | {% if osrelease is version_compare('3.9.25', '>=') %} |
| | | RHELAMI: ami-7c491f05 |
| | | {% else %} |
| | | RHELAMI: ami-bb9a6bc2 |
| | | {% endif %} |
| | | eu-central-1: |
| | | {% if osrelease is version_compare('3.9.25', '>=') %} |
| | | RHELAMI: ami-c86c3f23 |
| | | {% else %} |
| | | RHELAMI: ami-d74be5b8 |
| | | {% endif %} |
| | | ap-northeast-1: |
| | | {% if osrelease is version_compare('3.9.25', '>=') %} |
| | | RHELAMI: ami-6b0d5f0d |
| | | {% else %} |
| | | RHELAMI: ami-30ef0556 |
| | | {% endif %} |
| | | ap-northeast-2: |
| | | {% if osrelease is version_compare('3.9.25', '>=') %} |
| | | RHELAMI: ami-3eee4150 |
| | | {% else %} |
| | | RHELAMI: ami-0f5a8361 |
| | | {% endif %} |
| | | ap-southeast-1: |
| | | {% if osrelease is version_compare('3.9.25', '>=') %} |
| | | RHELAMI: ami-76144b0a |
| | | {% else %} |
| | | RHELAMI: ami-10bb2373 |
| | | {% endif %} |
| | | ap-southeast-2: |
| | | {% if osrelease is version_compare('3.9.25', '>=') %} |
| | | RHELAMI: ami-67589505 |
| | | {% else %} |
| | | RHELAMI: ami-ccecf5af |
| | | {% endif %} |
| | | ap-south-1: |
| | | {% if osrelease is version_compare('3.9.25', '>=') %} |
| | | RHELAMI: ami-5b673c34 |
| | | {% else %} |
| | | RHELAMI: ami-cdbdd7a2 |
| | | {% endif %} |
| | | sa-east-1: |
| | | {% if osrelease is version_compare('3.9.25', '>=') %} |
| | | RHELAMI: ami-b0b7e3dc |
| | | {% else %} |
| | | RHELAMI: ami-a789ffcb |
| | | {% endif %} |
| | | DNSMapping: |
| | | us-east-1: |
| | | domain: "us-east-1.compute.internal" |
| | | us-west-1: |
| | | domain: "us-west-1.compute.internal" |
| | | us-west-2: |
| | | domain: "us-west-2.compute.internal" |
| | | eu-west-1: |
| | | domain: "eu-west-1.compute.internal" |
| | | eu-central-1: |
| | | domain: "eu-central-1.compute.internal" |
| | | ap-northeast-1: |
| | | domain: "ap-northeast-1.compute.internal" |
| | | ap-northeast-2: |
| | | domain: "ap-northeast-2.compute.internal" |
| | | ap-southeast-1: |
| | | domain: "ap-southeast-1.compute.internal" |
| | | ap-southeast-2: |
| | | domain: "ap-southeast-2.compute.internal" |
| | | sa-east-1: |
| | | domain: "sa-east-1.compute.internal" |
| | | ap-south-1: |
| | | domain: "ap-south-1.compute.internal" |
| | | |
| | | Resources: |
| | | Vpc: |
| | | Type: "AWS::EC2::VPC" |
| | | Properties: |
| | | CidrBlock: "192.199.0.0/16" |
| | | EnableDnsSupport: true |
| | | EnableDnsHostnames: true |
| | | Tags: |
| | | - Key: Name |
| | | Value: "{{vpcid_name_tag}}" |
| | | - Key: Hostlication |
| | | Value: |
| | | Ref: "AWS::StackId" |
| | | |
| | | VpcInternetGateway: |
| | | Type: "AWS::EC2::InternetGateway" |
| | | |
| | | VpcGA: |
| | | Type: "AWS::EC2::VPCGatewayAttachment" |
| | | Properties: |
| | | InternetGatewayId: |
| | | Ref: VpcInternetGateway |
| | | VpcId: |
| | | Ref: Vpc |
| | | |
| | | VpcRouteTable: |
| | | Type: "AWS::EC2::RouteTable" |
| | | Properties: |
| | | VpcId: |
| | | Ref: Vpc |
| | | |
| | | VPCRouteInternetGateway: |
| | | DependsOn: VpcGA |
| | | Type: "AWS::EC2::Route" |
| | | Properties: |
| | | GatewayId: |
| | | Ref: VpcInternetGateway |
| | | DestinationCidrBlock: "0.0.0.0/0" |
| | | RouteTableId: |
| | | Ref: VpcRouteTable |
| | | |
| | | PublicSubnet: |
| | | Type: "AWS::EC2::Subnet" |
| | | DependsOn: |
| | | - Vpc |
| | | Properties: |
| | | {% if aws_availability_zone is defined %} |
| | | AvailabilityZone: {{ aws_availability_zone }} |
| | | {% endif %} |
| | | CidrBlock: "192.199.0.0/24" |
| | | Tags: |
| | | - Key: Name |
| | | Value: "{{project_tag}}" |
| | | - Key: Hostlication |
| | | Value: |
| | | Ref: "AWS::StackId" |
| | | MapPublicIpOnLaunch: true |
| | | VpcId: |
| | | Ref: Vpc |
| | | |
| | | PublicSubnetRTA: |
| | | Type: "AWS::EC2::SubnetRouteTableAssociation" |
| | | Properties: |
| | | RouteTableId: |
| | | Ref: VpcRouteTable |
| | | SubnetId: |
| | | Ref: PublicSubnet |
| | | |
| | | HostSG: |
| | | Type: "AWS::EC2::SecurityGroup" |
| | | Properties: |
| | | GroupDescription: Host |
| | | VpcId: |
| | | Ref: Vpc |
| | | Tags: |
| | | - Key: Name |
| | | Value: host_sg |
| | | |
| | | HostUDPPorts: |
| | | Type: "AWS::EC2::SecurityGroupIngress" |
| | | Properties: |
| | | GroupId: |
| | | Fn::GetAtt: |
| | | - HostSG |
| | | - GroupId |
| | | IpProtocol: udp |
| | | FromPort: 60000 |
| | | ToPort: 60003 |
| | | CidrIp: "0.0.0.0/0" |
| | | |
| | | HostTCPPortsSSH: |
| | | Type: "AWS::EC2::SecurityGroupIngress" |
| | | Properties: |
| | | GroupId: |
| | | Fn::GetAtt: |
| | | - HostSG |
| | | - GroupId |
| | | IpProtocol: tcp |
| | | FromPort: 22 |
| | | ToPort: 22 |
| | | CidrIp: "0.0.0.0/0" |
| | | HostTCPPortsHTTP: |
| | | Type: "AWS::EC2::SecurityGroupIngress" |
| | | Properties: |
| | | GroupId: |
| | | Fn::GetAtt: |
| | | - HostSG |
| | | - GroupId |
| | | IpProtocol: tcp |
| | | FromPort: 80 |
| | | ToPort: 80 |
| | | CidrIp: "0.0.0.0/0" |
| | | HostTCPPortsHTTPS: |
| | | Type: "AWS::EC2::SecurityGroupIngress" |
| | | Properties: |
| | | GroupId: |
| | | Fn::GetAtt: |
| | | - HostSG |
| | | - GroupId |
| | | IpProtocol: tcp |
| | | FromPort: 443 |
| | | ToPort: 443 |
| | | CidrIp: "0.0.0.0/0" |
| | | HostTCPPorts8443: |
| | | Type: "AWS::EC2::SecurityGroupIngress" |
| | | Properties: |
| | | GroupId: |
| | | Fn::GetAtt: |
| | | - HostSG |
| | | - GroupId |
| | | IpProtocol: tcp |
| | | FromPort: 8443 |
| | | ToPort: 8443 |
| | | CidrIp: "0.0.0.0/0" |
| | | |
| | | |
| | | zoneinternalidns: |
| | | Type: "AWS::Route53::HostedZone" |
| | | Properties: |
| | | Name: "{{ zone_internal_dns }}" |
| | | VPCs: |
| | | - VPCId: |
| | | Ref: Vpc |
| | | VPCRegion: |
| | | Ref: "AWS::Region" |
| | | HostedZoneConfig: |
| | | Comment: "Created By ansible agnostic deployer" |
| | | |
| | | {% if num_users|d(1)|int > 1 %} |
| | | {% for c in range(1,num_users|int+1) %} |
| | | |
| | | CloudDNS{{loop.index}}: |
| | | Type: AWS::Route53::RecordSetGroup |
| | | DependsOn: |
| | | - "clientvm{{loop.index}}EIP" |
| | | Properties: |
| | | HostedZoneId: "{{HostedZoneId}}" |
| | | RecordSets: |
| | | - Name: "*.apps.clientvm{{loop.index}}.{{subdomain_base}}" |
| | | Type: A |
| | | TTL: 900 |
| | | ResourceRecords: |
| | | - Fn::GetAtt: |
| | | - clientvm{{loop.index}} |
| | | - PublicIp |
| | | |
| | | clientvm{{loop.index}}: |
| | | Type: "AWS::EC2::Instance" |
| | | Properties: |
| | | ImageId: |
| | | Fn::FindInMap: |
| | | - RegionMapping |
| | | - Ref: AWS::Region |
| | | - 'RHELAMI' |
| | | InstanceType: "{{instances[0]['flavor'][cloud_provider]}}" |
| | | KeyName: "{{instances[0]['key_name'] | default(key_name)}}" |
| | | SecurityGroupIds: |
| | | - "Fn::GetAtt": |
| | | - HostSG |
| | | - GroupId |
| | | SubnetId: |
| | | Ref: PublicSubnet |
| | | Tags: |
| | | - Key: Name |
| | | Value: clientvm{{loop.index}} |
| | | - Key: internaldns |
| | | Value: clientvm{{loop.index}}.{{chomped_zone_internal_dns}} |
| | | - Key: "owner" |
| | | Value: "{{ email | default('unknownuser') }}" |
| | | - Key: "Project" |
| | | Value: "{{project_tag}}" |
| | | - Key: "{{project_tag}}" |
| | | Value: "{{ instances[0]['name'] }}" |
| | | {% for tag in instances[0]['tags'] %} |
| | | - Key: {{tag['key']}} |
| | | Value: {{tag['value']}} |
| | | {% endfor %} |
| | | BlockDeviceMappings: |
| | | - DeviceName: "/dev/sda1" |
| | | Ebs: |
| | | VolumeSize: {{ instances[0]['rootfs_size'] | default('50') }} |
| | | {% for vol in instances[0]['volumes']|default([]) %} |
| | | - DeviceName: "{{ vol['device_name'] }}" |
| | | Ebs: |
| | | VolumeType: "{{ vol['volume_type'] | d('gp2') }}" |
| | | VolumeSize: "{{ vol['volume_size'] | d('20') }}" |
| | | {% endfor %} |
| | | |
| | | clientvm{{loop.index}}InternalDNS: |
| | | Type: "AWS::Route53::RecordSetGroup" |
| | | Properties: |
| | | HostedZoneId: |
| | | Ref: zoneinternalidns |
| | | RecordSets: |
| | | - Name: "clientvm{{loop.index}}.{{zone_internal_dns}}" |
| | | Type: A |
| | | TTL: 10 |
| | | ResourceRecords: |
| | | - "Fn::GetAtt": |
| | | - clientvm{{loop.index}} |
| | | - PrivateIp |
| | | - Name: "bastion{{loop.index}}.{{zone_internal_dns}}" |
| | | Type: A |
| | | TTL: 10 |
| | | ResourceRecords: |
| | | - "Fn::GetAtt": |
| | | - clientvm{{loop.index}} |
| | | - PrivateIp |
| | | |
| | | clientvm{{loop.index}}EIP: |
| | | Type: "AWS::EC2::EIP" |
| | | DependsOn: |
| | | - VpcGA |
| | | Properties: |
| | | InstanceId: |
| | | Ref: clientvm{{loop.index}} |
| | | |
| | | clientvm{{loop.index}}PublicDNS: |
| | | Type: "AWS::Route53::RecordSetGroup" |
| | | DependsOn: |
| | | - clientvm{{loop.index}}EIP |
| | | Properties: |
| | | HostedZoneId: {{HostedZoneId}} |
| | | RecordSets: |
| | | - Name: "clientvm{{loop.index}}.{{subdomain_base}}." |
| | | Type: A |
| | | TTL: 10 |
| | | ResourceRecords: |
| | | - "Fn::GetAtt": |
| | | - clientvm{{loop.index}} |
| | | - PublicIp |
| | | - Name: "bastion{{loop.index}}.{{subdomain_base}}." |
| | | Type: A |
| | | TTL: 10 |
| | | ResourceRecords: |
| | | - "Fn::GetAtt": |
| | | - clientvm{{loop.index}} |
| | | - PublicIp |
| | | {% endfor %} |
| | | |
| | | {% else %} |
| | | |
| | | CloudDNS: |
| | | Type: AWS::Route53::RecordSetGroup |
| | | DependsOn: |
| | | - "clientvmEIP" |
| | | Properties: |
| | | HostedZoneId: "{{HostedZoneId}}" |
| | | RecordSets: |
| | | - Name: "*.apps.clientvm.{{subdomain_base}}" |
| | | Type: A |
| | | TTL: 900 |
| | | ResourceRecords: |
| | | - Fn::GetAtt: |
| | | - clientvm |
| | | - PublicIp |
| | | |
| | | clientvm: |
| | | Type: "AWS::EC2::Instance" |
| | | Properties: |
| | | ImageId: |
| | | Fn::FindInMap: |
| | | - RegionMapping |
| | | - Ref: AWS::Region |
| | | - 'RHELAMI' |
| | | InstanceType: "{{instances[0]['flavor'][cloud_provider]}}" |
| | | KeyName: "{{instances[0]['key_name'] | default(key_name)}}" |
| | | SecurityGroupIds: |
| | | - "Fn::GetAtt": |
| | | - HostSG |
| | | - GroupId |
| | | SubnetId: |
| | | Ref: PublicSubnet |
| | | Tags: |
| | | - Key: Name |
| | | Value: clientvm |
| | | - Key: internaldns |
| | | Value: clientvm.{{chomped_zone_internal_dns}} |
| | | - Key: "owner" |
| | | Value: "{{ email | default('unknownuser') }}" |
| | | - Key: "Project" |
| | | Value: "{{project_tag}}" |
| | | - Key: "{{project_tag}}" |
| | | Value: "{{ instances[0]['name'] }}" |
| | | {% for tag in instances[0]['tags'] %} |
| | | - Key: {{tag['key']}} |
| | | Value: {{tag['value']}} |
| | | {% endfor %} |
| | | BlockDeviceMappings: |
| | | - DeviceName: "/dev/sda1" |
| | | Ebs: |
| | | VolumeSize: {{ instances[0]['rootfs_size'] | default('50') }} |
| | | {% for vol in instances[0]['volumes']|default([]) %} |
| | | - DeviceName: "{{ vol['device_name'] }}" |
| | | Ebs: |
| | | VolumeType: "{{ vol['volume_type'] | d('gp2') }}" |
| | | VolumeSize: "{{ vol['volume_size'] | d('20') }}" |
| | | {% endfor %} |
| | | |
| | | clientvmInternalDNS: |
| | | Type: "AWS::Route53::RecordSetGroup" |
| | | Properties: |
| | | HostedZoneId: |
| | | Ref: zoneinternalidns |
| | | RecordSets: |
| | | - Name: "clientvm.{{zone_internal_dns}}" |
| | | Type: A |
| | | TTL: 10 |
| | | ResourceRecords: |
| | | - "Fn::GetAtt": |
| | | - clientvm |
| | | - PrivateIp |
| | | - Name: "bastion.{{zone_internal_dns}}" |
| | | Type: A |
| | | TTL: 10 |
| | | ResourceRecords: |
| | | - "Fn::GetAtt": |
| | | - clientvm |
| | | - PrivateIp |
| | | |
| | | clientvmEIP: |
| | | Type: "AWS::EC2::EIP" |
| | | DependsOn: |
| | | - VpcGA |
| | | Properties: |
| | | InstanceId: |
| | | Ref: clientvm |
| | | |
| | | clientvmPublicDNS: |
| | | Type: "AWS::Route53::RecordSetGroup" |
| | | DependsOn: |
| | | - clientvmEIP |
| | | Properties: |
| | | HostedZoneId: {{HostedZoneId}} |
| | | RecordSets: |
| | | - Name: "clientvm.{{subdomain_base}}." |
| | | Type: A |
| | | TTL: 10 |
| | | ResourceRecords: |
| | | - "Fn::GetAtt": |
| | | - clientvm |
| | | - PublicIp |
| | | - Name: "bastion.{{subdomain_base}}." |
| | | Type: A |
| | | TTL: 10 |
| | | ResourceRecords: |
| | | - "Fn::GetAtt": |
| | | - clientvm |
| | | - PublicIp |
| | | {% endif %} |
| | | |
| | | Outputs: |
| | | Route53internalzoneOutput: |
| | | Description: The ID of the internal route 53 zone |
| | | Value: |
| | | Ref: zoneinternalidns |
New file |
| | |
| | | |
| | | ########################################################################### |
| | | ### ClientVM Hosts |
| | | ### Dummy file |
| | | ########################################################################### |
New file |
| | |
| | | [Unit] |
| | | Description=OpenShift oc cluster up Service |
| | | After=docker.service |
| | | Requires=docker.service |
| | | |
| | | [Service] |
| | | ExecStart=/bin/oc cluster up --base-dir={{ ocp_root }} --public-hostname={{ hostname }} --routing-suffix=apps.{{ hostname }} --loglevel=1 |
| | | ExecStop=/bin/oc cluster down |
| | | WorkingDirectory={{ ocp_root }} |
| | | Restart=no |
| | | StandardOutput=syslog |
| | | StandardError=syslog |
| | | SyslogIdentifier=occlusterup |
| | | User=root |
| | | Type=oneshot |
| | | RemainAfterExit=yes |
| | | TimeoutSec=300 |
| | | |
| | | [Install] |
| | | WantedBy=multi-user.target |
New file |
| | |
| | | # This is a system-wide configuration file used to |
| | | # keep track of registries for various container backends. |
| | | # It adheres to TOML format and does not support recursive |
| | | # lists of registries. |
| | | |
| | | # The default location for this configuration file is /etc/containers/registries.conf. |
| | | |
| | | # The only valid categories are: 'registries.search', 'registries.insecure', |
| | | # and 'registries.block'. |
| | | |
| | | [registries.search] |
| | | registries = ['registry.access.redhat.com'] |
| | | |
| | | # If you need to access insecure registries, add the registry's fully-qualified name. |
| | | # An insecure registry is one that does not have a valid SSL certificate or only does HTTP. |
| | | [registries.insecure] |
| | | registries = ['172.30.0.0/16'] |
| | | |
| | | |
| | | # If you need to block pull access from a registry, uncomment the section below |
| | | # and add the registries fully-qualified name. |
| | | # |
| | | # Docker only |
| | | [registries.block] |
| | | registries = [] |
New file |
| | |
| | | [rhel-7-server-rpms] |
| | | name=Red Hat Enterprise Linux 7 |
| | | baseurl={{own_repo_path}}/rhel-7-server-rpms |
| | | enabled=1 |
| | | gpgcheck=0 |
| | | |
| | | [rhel-7-server-rh-common-rpms] |
| | | name=Red Hat Enterprise Linux 7 Common |
| | | baseurl={{own_repo_path}}/rhel-7-server-rh-common-rpms |
| | | enabled=1 |
| | | gpgcheck=0 |
| | | |
| | | [rhel-7-server-extras-rpms] |
| | | name=Red Hat Enterprise Linux 7 Extras |
| | | baseurl={{own_repo_path}}/rhel-7-server-extras-rpms |
| | | enabled=1 |
| | | gpgcheck=0 |
| | | |
| | | [rhel-7-server-optional-rpms] |
| | | name=Red Hat Enterprise Linux 7 Optional |
| | | baseurl={{own_repo_path}}/rhel-7-server-optional-rpms |
| | | enabled=1 |
| | | gpgcheck=0 |
| | | |
| | | [rhel-7-server-ose-{{repo_version}}-rpms] |
| | | name=Red Hat Enterprise Linux 7 OSE {{repo_version}} |
| | | baseurl={{own_repo_path}}/rhel-7-server-ose-{{repo_version}}-rpms |
| | | enabled=1 |
| | | gpgcheck=0 |
| | | |
| | | ## Required since OCP 3.5 |
| | | [rhel-7-fast-datapath-rpms] |
| | | name=Red Hat Enterprise Linux Fast Datapath (RHEL 7 Server) (RPMs) |
| | | baseurl={{own_repo_path}}/rhel-7-fast-datapath-rpms |
| | | enabled=1 |
| | | gpgcheck=0 |
| | | |
| | | {% if osrelease is version_compare('3.9', '>=') %} |
| | | ## Required since OCP 3.9 |
| | | [rhel-7-server-ansible-2.4-rpms] |
| | | name=Red Hat Enterprise Linux Ansible (RPMs) |
| | | baseurl={{own_repo_path}}/rhel-7-server-ansible-2.4-rpms |
| | | enabled=1 |
| | | gpgcheck=0 |
| | | {% endif %} |
New file |
| | |
| | | #!/bin/bash |
| | | oc cluster up --public-hostname={{ hostname }} --routing-suffix=apps.{{ hostname }} |
New file |
| | |
| | | --- |
| | | mgr_users: |
| | | - name: opentlc-mgr |
| | | home: /home/opentlc-mgr |
| | | authorized_keys: |
| | | - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4OojwKH74UWVOY92y87Tb/b56CMJoWbz2gyEYsr3geOc2z/n1pXMwPfiC2KT7rALZFHofc+x6vfUi6px5uTm06jXa78S7UB3MX56U3RUd8XF3svkpDzql1gLRbPIgL1h0C7sWHfr0K2LG479i0nPt/X+tjfsAmT3nWj5PVMqSLFfKrOs6B7dzsqAcQPInYIM+Pqm/pXk+Tjc7cfExur2oMdzx1DnF9mJaj1XTnMsR81h5ciR2ogXUuns0r6+HmsHzdr1I1sDUtd/sEVu3STXUPR8oDbXBsb41O5ek6E9iacBJ327G3/1SWwuLoJsjZM0ize+iq3HpT1NqtOW6YBLR opentlc-mgr@inf00-mwl.opentlc.com |
New file |
| | |
| | | - name: Step 002 Post Infrastructure |
| | | hosts: localhost |
| | | connection: local |
| | | become: false |
| | | vars_files: |
| | | - "./env_vars.yml" |
| | | - "./env_secret_vars.yml" |
| | | tags: |
| | | - step002 |
| | | - post_infrastructure |
| | | tasks: |
| | | - name: Job Template to launch a Job Template with update on launch inventory set |
| | | uri: |
| | | url: "https://{{ ansible_tower_ip }}/api/v1/job_templates/{{ job_template_id }}/launch/" |
| | | method: POST |
| | | user: "{{tower_admin}}" |
| | | password: "{{tower_admin_password}}" |
| | | body: |
| | | extra_vars: |
| | | guid: "{{guid}}" |
| | | ipa_host_password: "{{ipa_host_password}}" |
| | | |
| | | body_format: json |
| | | validate_certs: False |
| | | HEADER_Content-Type: "application/json" |
| | | status_code: 200, 201 |
| | | when: tower_run == 'true' |
New file |
| | |
| | | --- |
| | | - name: Step 00xxxxx post software |
| | | hosts: bastions |
| | | become: yes |
| | | gather_facts: False |
| | | vars_files: |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml" |
| | | tasks: |
| | | - debug: |
| | | msg: "Post-Software Steps starting" |
| | | |
| | | - name: Set hostname fact |
| | | set_fact: |
| | | hostname: "{{ ansible_hostname}}.{{subdomain_base}}" |
| | | - name: Set hostname |
| | | hostname: |
| | | name: "{{ hostname }}" |
| | | - name: Make hostname permanent |
| | | command: "echo {{ hostname }} > /etc/hostname" |
| | | - name: Ensure software is installed |
| | | yum: |
| | | name: "{{ item }}" |
| | | state: latest |
| | | with_items: |
| | | - git |
| | | - vim |
| | | - ansible |
| | | - docker |
| | | - name: Copy docker registries.conf file |
| | | copy: |
| | | src: ./files/registries.conf |
| | | dest: /etc/containers/registries.conf |
| | | mode: 0644 |
| | | owner: root |
| | | group: root |
| | | - name: Restart docker |
| | | systemd: |
| | | name: docker |
| | | state: restarted |
| | | # - name: Upload oc-cluster up script |
| | | # template: |
| | | # src: ./files/start_oc.sh.j2 |
| | | # dest: /usr/bin/start_oc.sh |
| | | # owner: root |
| | | # group: root |
| | | # mode: 0755 |
| | | - name: Install AAD |
| | | git: |
| | | repo: https://github.com/sborenst/ansible_agnostic_deployer |
| | | clone: yes |
| | | dest: "/root/ansible_agnostic_deployer" |
| | | version: "development" |
| | | |
| | | - name: Set OpenShift root config directory |
| | | set_fact: |
| | | ocp_root: "/var/lib/openshift" |
| | | |
| | | - name: Ensure OpenShift config directory is there |
| | | file: |
| | | path: "{{ ocp_root }}" |
| | | state: directory |
| | | owner: root |
| | | group: root |
| | | mode: 0775 |
| | | |
| | | - name: Create oc_cluster system service |
| | | template: |
| | | src: ./files/oc-cluster.service.j2 |
| | | dest: "/usr/lib/systemd/system/oc-cluster.service" |
| | | |
| | | - name: Enable and start oc-cluster system service |
| | | systemd: |
| | | name: oc-cluster |
| | | enabled: yes |
| | | state: started |
| | | - name: Wait for oc-cluster to be up and running |
| | | wait_for: |
| | | host: "{{ hostname }}" |
| | | port: 8443 |
| | | sleep: 2 |
| | | - name: Check if cluster is already set up |
| | | stat: |
| | | path: /root/.setupcomplete |
| | | register: occluster_setup |
| | | - name: Setup and configure oc cluster |
| | | when: not occluster_setup.stat.exists |
| | | block: |
| | | - name: Login as system:admin |
| | | shell: "oc login -u system:admin" |
| | | - name: Deploy workloads into cluster |
| | | shell: 'ansible-playbook -i localhost, -c local /root/ansible_agnostic_deployer/ansible/configs/ocp-workloads/ocp-workload.yml -e"ANSIBLE_REPO_PATH=/root/ansible_agnostic_deployer/ansible" -e"ocp_username=developer" -e"ocp_workload={{ item }}" -e"guid=a1001" -e"ocp_user_needs_quota=false" -e"ocp_domain=https://{{ hostname }}:8443" -e"ACTION=create"' |
| | | chdir: /root/ansible_agnostic_deployer |
| | | with_items: "{{ student_workloads.split(',')|list }}" |
| | | - name: Touch setup file |
| | | command: touch /root/.setupcomplete |
| | | |
| | | - name: PostSoftware flight-check |
| | | hosts: localhost |
| | | connection: local |
| | | gather_facts: false |
| | | become: false |
| | | vars_files: |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml" |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_secret_vars.yml" |
| | | tags: |
| | | - post_flight_check |
| | | tasks: |
| | | - debug: |
| | | msg: "Post-Software checks completed successfully" |
New file |
| | |
| | | - name: Step 000 Pre Infrastructure |
| | | hosts: localhost |
| | | connection: local |
| | | become: false |
| | | vars_files: |
| | | - "./env_vars.yml" |
| | | - "./env_secret_vars.yml" |
| | | tags: |
| | | - step001 |
| | | - pre_infrastructure |
| | | tasks: |
| | | - debug: |
| | | msg: "Step 000 Pre Infrastructure - Dummy action" |
New file |
| | |
| | | --- |
| | | - name: Step 003 - Create env key |
| | | hosts: localhost |
| | | connection: local |
| | | gather_facts: false |
| | | become: false |
| | | vars_files: |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml" |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_secret_vars.yml" |
| | | tags: |
| | | - step003 |
| | | - generate_env_keys |
| | | tasks: |
| | | - name: Generate SSH keys |
| | | shell: ssh-keygen -b 2048 -t rsa -f "{{ ANSIBLE_REPO_PATH }}/workdir/{{env_authorized_key}}" -q -N "" |
| | | args: |
| | | creates: "{{ ANSIBLE_REPO_PATH }}/workdir/{{env_authorized_key}}" |
| | | when: set_env_authorized_key |
| | | |
| | | - name: fix permission |
| | | file: |
| | | path: "{{ ANSIBLE_REPO_PATH }}/workdir/{{env_authorized_key}}" |
| | | mode: 0400 |
| | | when: set_env_authorized_key |
| | | |
| | | - name: Generate SSH pub key |
| | | shell: ssh-keygen -y -f "{{ ANSIBLE_REPO_PATH }}/workdir/{{env_authorized_key}}" > "{{ ANSIBLE_REPO_PATH }}/workdir/{{env_authorized_key}}.pub" |
| | | args: |
| | | creates: "{{ ANSIBLE_REPO_PATH }}/workdir/{{env_authorized_key}}.pub" |
| | | when: set_env_authorized_key |
| | | |
| | | # Cloudformation template or equivalent should tag all hosts with Project:{{ env_type }}-{{ guid }} |
| | | - name: Configure all hosts with Repositories, Common Files and Set environment key |
| | | hosts: |
| | | - all:!windows |
| | | become: true |
| | | gather_facts: False |
| | | vars_files: |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml" |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_secret_vars.yml" |
| | | tags: |
| | | - step004 |
| | | - common_tasks |
| | | roles: |
| | | - { role: "{{ ANSIBLE_REPO_PATH }}/roles/set-repositories", when: 'repo_method is defined' } |
| | | - { role: "{{ ANSIBLE_REPO_PATH }}/roles/common", when: 'install_common' } |
| | | - { role: "{{ ANSIBLE_REPO_PATH }}/roles/set_env_authorized_key", when: 'set_env_authorized_key' } |
| | | |
| | | - name: Configuring Bastion Hosts |
| | | hosts: bastions |
| | | become: true |
| | | vars_files: |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml" |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_secret_vars.yml" |
| | | roles: |
| | | - { role: "{{ ANSIBLE_REPO_PATH }}/roles/bastion", when: 'install_bastion' } |
| | | - { role: "{{ ANSIBLE_REPO_PATH }}/roles/bastion-opentlc-ipa", when: 'install_ipa_client' } |
| | | - { role: "{{ ANSIBLE_REPO_PATH }}/roles/bastion-student-user", when: 'install_student_user' } |
| | | tags: |
| | | - step004 |
| | | - bastion_tasks |
| | | |
| | | - name: PreSoftware flight-check |
| | | hosts: localhost |
| | | connection: local |
| | | gather_facts: false |
| | | become: false |
| | | vars_files: |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml" |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_secret_vars.yml" |
| | | tags: |
| | | - flight_check |
| | | tasks: |
| | | - debug: |
| | | msg: "Pre-Software checks completed successfully" |
New file |
| | |
| | | --- |
| | | - name: Step 00xxxxx software |
| | | hosts: localhost |
| | | gather_facts: False |
| | | become: false |
| | | vars_files: |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml" |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_secret_vars.yml" |
| | | tasks: |
| | | - debug: |
| | | msg: "Software tasks started" |
| | | |
| | | - name: Set up ClientVM |
| | | hosts: bastions |
| | | gather_facts: false |
| | | become: true |
| | | vars_files: |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml" |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_secret_vars.yml" |
| | | tasks: |
| | | - name: Set up Client VM |
| | | include_role: |
| | | name: "{{ ANSIBLE_REPO_PATH }}/roles/ocp-client-vm" |
| | | |
| | | - name: Software flight-check |
| | | hosts: localhost |
| | | connection: local |
| | | gather_facts: false |
| | | become: false |
| | | tags: |
| | | - post_flight_check |
| | | tasks: |
| | | - debug: |
| | | msg: "Software checks completed successfully" |
| | |
| | | vars_files: |
| | | - "./env_vars.yml" |
| | | - "./env_secret_vars.yml" |
| | | |
| | | environment: |
| | | AWS_ACCESS_KEY_ID: "{{aws_access_key_id}}" |
| | | AWS_SECRET_ACCESS_KEY: "{{aws_secret_access_key}}" |
| | | AWS_DEFAULT_REGION: "{{aws_region_final|d(aws_region)}}" |
| | | tasks: |
| | | - name: Fetch autoscaling name |
| | | slurp: |
| | | src: "{{ANSIBLE_REPO_PATH}}/workdir/{{ env_type }}.{{ guid }}.AutoScalingGroupClientVM" |
| | | register: asg_r |
| | | ignore_errors: yes |
| | | |
| | | - name: Delete AutoScalingGroupClientVM |
| | | command: >- |
| | | aws autoscaling delete-auto-scaling-group --force-delete --auto-scaling-group-name {{asg_r.content|b64decode}} |
| | | ignore_errors: yes |
| | | |
| | | - name: Get DNS record for each clientVM |
| | | route53: |
| | | state: get |
| | | zone: "{{subdomain_base_suffix[1:]}}." |
| | | record: "clientvm{{idx}}.{{subdomain_base}}." |
| | | type: A |
| | | with_sequence: start=0 end={{num_users|default(100)}} |
| | | loop_control: |
| | | index_var: idx |
| | | ignore_errors: yes |
| | | register: rec |
| | | |
| | | - name: Delete DNS record for each clientVM |
| | | route53: |
| | | zone: "{{item.set.zone}}" |
| | | record: "{{item.set.record}}" |
| | | type: "{{item.set.type}}" |
| | | value: "{{item.set.value}}" |
| | | ttl: "{{item.set.ttl}}" |
| | | state: absent |
| | | when: >- |
| | | 'set' in item and 'record' in item.set |
| | | with_items: "{{rec.results}}" |
| | | ignore_errors: yes |
| | | |
| | | - name: Delete instance |
| | | ec2_instance: |
| | | state: absent |
| | | filters: |
| | | instance-state-name: running |
| | | "tag:Project": "{{project_tag}}" |
| | | when: project_tag is defined |
| | | |
| | | - name: Delete S3 bucket |
| | | environment: |
| | | AWS_ACCESS_KEY_ID: "{{aws_access_key_id}}" |
| | |
| | | volume_type: gp2 |
| | | purpose: docker |
| | | lun: 0 |
| | | - name: "clientvm" |
| | | count: "{{num_users}}" |
| | | public_dns: true |
| | | flavor: |
| | | "ec2": "{{clientvm_instance_type}}" |
| | | tags: |
| | | - key: "AnsibleGroup" |
| | | value: "clientvms" |
| | | - key: "ostype" |
| | | value: "linux" |
| | | rootfs_size: "{{ rootfs_size_clientvm }}" |
| | | volumes: |
| | | - device_name: "{{docker_device}}" |
| | | volume_size: 100 |
| | | volume_type: gp2 |
| | | # - name: "clientvm" |
| | | # count: "{{num_users}}" |
| | | # public_dns: true |
| | | # flavor: |
| | | # "ec2": "{{clientvm_instance_type}}" |
| | | # tags: |
| | | # - key: "AnsibleGroup" |
| | | # value: "clientvms" |
| | | # - key: "ostype" |
| | | # value: "linux" |
| | | # rootfs_size: "{{ rootfs_size_clientvm }}" |
| | | # volumes: |
| | | # - device_name: "{{docker_device}}" |
| | | # volume_size: 100 |
| | | # volume_type: gp2 |
| | | |
| | | - name: "support" |
| | | count: "{{support_instance_count}}" |
| | |
| | | --- |
| | | AWSTemplateFormatVersion: "2010-09-09" |
| | | Mappings: |
| | | RegionMapping: |
| | | us-east-1: |
| | | {% if osrelease is version_compare('3.9.25', '>=') %} |
| | | RHELAMI: ami-6871a115 |
| | | {% else %} |
| | | RHELAMI: ami-c998b6b2 |
| | | {% endif %} |
| | | us-east-2: |
| | | {% if osrelease is version_compare('3.9.25', '>=') %} |
| | | RHELAMI: ami-03291866 |
| | | {% else %} |
| | | RHELAMI: ami-cfdafaaa |
| | | {% endif %} |
| | | us-west-1: |
| | | {% if osrelease is version_compare('3.9.25', '>=') %} |
| | | RHELAMI: ami-18726478 |
| | | {% else %} |
| | | RHELAMI: ami-66eec506 |
| | | {% endif %} |
| | | us-west-2: |
| | | {% if osrelease is version_compare('3.9.25', '>=') %} |
| | | RHELAMI: ami-28e07e50 |
| | | {% else %} |
| | | RHELAMI: ami-223f945a |
| | | {% endif %} |
| | | eu-west-1: |
| | | {% if osrelease is version_compare('3.9.25', '>=') %} |
| | | RHELAMI: ami-7c491f05 |
| | | {% else %} |
| | | RHELAMI: ami-bb9a6bc2 |
| | | {% endif %} |
| | | eu-central-1: |
| | | {% if osrelease is version_compare('3.9.25', '>=') %} |
| | | RHELAMI: ami-c86c3f23 |
| | | {% else %} |
| | | RHELAMI: ami-d74be5b8 |
| | | {% endif %} |
| | | ap-northeast-1: |
| | | {% if osrelease is version_compare('3.9.25', '>=') %} |
| | | RHELAMI: ami-6b0d5f0d |
| | | {% else %} |
| | | RHELAMI: ami-30ef0556 |
| | | {% endif %} |
| | | ap-northeast-2: |
| | | {% if osrelease is version_compare('3.9.25', '>=') %} |
| | | RHELAMI: ami-3eee4150 |
| | | {% else %} |
| | | RHELAMI: ami-0f5a8361 |
| | | {% endif %} |
| | | ap-southeast-1: |
| | | {% if osrelease is version_compare('3.9.25', '>=') %} |
| | | RHELAMI: ami-76144b0a |
| | | {% else %} |
| | | RHELAMI: ami-10bb2373 |
| | | {% endif %} |
| | | ap-southeast-2: |
| | | {% if osrelease is version_compare('3.9.25', '>=') %} |
| | | RHELAMI: ami-67589505 |
| | | {% else %} |
| | | RHELAMI: ami-ccecf5af |
| | | {% endif %} |
| | | ap-south-1: |
| | | {% if osrelease is version_compare('3.9.25', '>=') %} |
| | | RHELAMI: ami-5b673c34 |
| | | {% else %} |
| | | RHELAMI: ami-cdbdd7a2 |
| | | {% endif %} |
| | | sa-east-1: |
| | | {% if osrelease is version_compare('3.9.25', '>=') %} |
| | | RHELAMI: ami-b0b7e3dc |
| | | {% else %} |
| | | RHELAMI: ami-a789ffcb |
| | | {% endif %} |
| | | DNSMapping: |
| | | us-east-1: |
| | | domain: "us-east-1.compute.internal" |
| | | us-west-1: |
| | | domain: "us-west-1.compute.internal" |
| | | us-west-2: |
| | | domain: "us-west-2.compute.internal" |
| | | eu-west-1: |
| | | domain: "eu-west-1.compute.internal" |
| | | eu-central-1: |
| | | domain: "eu-central-1.compute.internal" |
| | | ap-northeast-1: |
| | | domain: "ap-northeast-1.compute.internal" |
| | | ap-northeast-2: |
| | | domain: "ap-northeast-2.compute.internal" |
| | | ap-southeast-1: |
| | | domain: "ap-southeast-1.compute.internal" |
| | | ap-southeast-2: |
| | | domain: "ap-southeast-2.compute.internal" |
| | | sa-east-1: |
| | | domain: "sa-east-1.compute.internal" |
| | | ap-south-1: |
| | | domain: "ap-south-1.compute.internal" |
| | | {% include 'templates/region_mapping.j2' %} |
| | | |
| | | Resources: |
| | | Vpc: |
| | |
| | | MapPublicIpOnLaunch: true |
| | | VpcId: |
| | | Ref: Vpc |
| | | |
| | | |
| | | PublicSubnetRTA: |
| | | Type: "AWS::EC2::SubnetRouteTableAssociation" |
| | |
| | | - infranode{{loop.index}} |
| | | - PublicIp |
| | | {% endfor %} |
| | | |
| | | clientVMLaunchConfiguration: |
| | | Type: AWS::AutoScaling::LaunchConfiguration |
| | | DependsOn: HostSG |
| | | Properties: |
| | | AssociatePublicIpAddress: True |
| | | BlockDeviceMappings: |
| | | - DeviceName: "/dev/sda1" |
| | | Ebs: |
| | | VolumeSize: {{ rootfs_size_clientvm }} |
| | | - DeviceName: "{{docker_device}}" |
| | | Ebs: |
| | | VolumeSize: 100 |
| | | VolumeType: gp2 |
| | | ImageId: |
| | | Fn::FindInMap: |
| | | - RegionMapping |
| | | - Ref: AWS::Region |
| | | - RHELAMI |
| | | InstanceType: {{clientvm_instance_type}} |
| | | KeyName: {{key_name}} |
| | | SecurityGroups: |
| | | - "Fn::GetAtt": |
| | | - HostSG |
| | | - GroupId |
| | | |
| | | clientVMScalingGroup: |
| | | Type: AWS::AutoScaling::AutoScalingGroup |
| | | DependsOn: VpcGA |
| | | Properties: |
| | | VPCZoneIdentifier: |
| | | - Ref: PublicSubnet |
| | | #AvailabilityZones: |
| | | # Fn::GetAZs: "" |
| | | # - Fn::GetAtt: |
| | | # - PublicSubnetClientVM |
| | | # - AvailabilityZone |
| | | # - Fn::GetAtt: |
| | | # - PublicSubnetClientVM2 |
| | | # - AvailabilityZone |
| | | LaunchConfigurationName: |
| | | Ref: clientVMLaunchConfiguration |
| | | MinSize: {{num_users}} |
| | | MaxSize: 200 |
| | | DesiredCapacity: {{num_users}} |
| | | Tags: |
| | | - Key: isolated |
| | | Value: True |
| | | PropagateAtLaunch: True |
| | | - Key: "owner" |
| | | Value: "{{ email | default('unknownuser') }}" |
| | | PropagateAtLaunch: True |
| | | - Key: "Project" |
| | | Value: "{{project_tag}}" |
| | | PropagateAtLaunch: True |
| | | - Key: "{{project_tag}}" |
| | | Value: "clientvm" |
| | | PropagateAtLaunch: True |
| | | - Key: "AnsibleGroup" |
| | | Value: "clientvms" |
| | | PropagateAtLaunch: True |
| | | - Key: "ostype" |
| | | Value: "linux" |
| | | PropagateAtLaunch: True |
| | | |
| | | |
| | | {% for instance in instances %} |
| | | {% if instance['dns_loadbalancer']|d(false)|bool and not instance['unique']|d(false)|bool %} |
| | |
| | | Ref: RegistryS3 |
| | | |
| | | Outputs: |
| | | AutoScalingGroupClientVM: |
| | | Value: |
| | | Ref: clientVMScalingGroup |
| | | Route53internalzoneOutput: |
| | | Description: The ID of the internal route 53 zone |
| | | Value: |
New file |
| | |
| | | # |
| | | # /etc/ansible/hosts file for OpenShift Container Platform 3.10.34 |
| | | # |
| | | |
| | | [OSEv3:vars] |
| | | |
| | | ########################################################################### |
| | | ### Ansible Vars |
| | | ########################################################################### |
| | | timeout=60 |
| | | ansible_user={{ansible_ssh_user}} |
| | | ansible_become=yes |
| | | |
| | | ########################################################################### |
| | | ### OpenShift Basic Vars |
| | | ########################################################################### |
| | | |
| | | openshift_deployment_type=openshift-enterprise |
| | | |
| | | openshift_disable_check="disk_availability,memory_availability,docker_image_availability" |
| | | |
| | | oreg_url=registry.access.redhat.com/openshift3/ose-${component}:${version} |
| | | openshift_examples_modify_imagestreams=true |
| | | |
| | | {% if container_runtime == "cri-o" %} |
| | | openshift_use_crio=True |
| | | openshift_crio_enable_docker_gc=True |
| | | openshift_crio_docker_gc_node_selector={'runtime': 'cri-o'} |
| | | {% endif %} |
| | | |
| | | openshift_node_groups=[{'name': 'node-config-master', 'labels': ['node-role.kubernetes.io/master=true','runtime={{container_runtime}}']}, {'name': 'node-config-infra', 'labels': ['node-role.kubernetes.io/infra=true','runtime={{container_runtime}}']}, {'name': 'node-config-glusterfs', 'labels': ['runtime={{container_runtime}}']}, {'name': 'node-config-compute', 'labels': ['node-role.kubernetes.io/compute=true','runtime={{container_runtime}}'], 'edits': [{ 'key': 'kubeletArguments.pods-per-core','value': ['20']}]}] |
| | | # Configure node kubelet arguments. pods-per-core is valid in OpenShift Origin 1.3 or OpenShift Container Platform 3.3 and later. -> These need to go into the above |
| | | # openshift_node_kubelet_args={'pods-per-core': ['10'], 'max-pods': ['250'], 'image-gc-high-threshold': ['85'], 'image-gc-low-threshold': ['75']} |
| | | |
| | | # Configure logrotate scripts |
| | | # See: https://github.com/nickhammond/ansible-logrotate |
| | | logrotate_scripts=[{"name": "syslog", "path": "/var/log/cron\n/var/log/maillog\n/var/log/messages\n/var/log/secure\n/var/log/spooler\n", "options": ["daily", "rotate 7","size 500M", "compress", "sharedscripts", "missingok"], "scripts": {"postrotate": "/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true"}}] |
| | | |
| | | {% if install_glusterfs|bool %} |
| | | ########################################################################### |
| | | ### OpenShift Container Storage |
| | | ########################################################################### |
| | | |
| | | openshift_master_dynamic_provisioning_enabled=True |
| | | |
| | | # CNS storage cluster |
| | | # From https://github.com/red-hat-storage/openshift-cic |
| | | openshift_storage_glusterfs_namespace=openshift-storage |
| | | openshift_storage_glusterfs_storageclass=true |
| | | openshift_storage_glusterfs_storageclass_default=true |
| | | |
| | | openshift_storage_glusterfs_block_deploy=true |
| | | openshift_storage_glusterfs_block_host_vol_create=true |
| | | openshift_storage_glusterfs_block_host_vol_size=200 |
| | | openshift_storage_glusterfs_block_storageclass=true |
| | | openshift_storage_glusterfs_block_storageclass_default=false |
| | | |
| | | # Container image to use for glusterfs pods |
| | | openshift_storage_glusterfs_image="registry.access.redhat.com/rhgs3/rhgs-server-rhel7:v3.9" |
| | | |
| | | # Container image to use for glusterblock-provisioner pod |
| | | openshift_storage_glusterfs_block_image="registry.access.redhat.com/rhgs3/rhgs-gluster-block-prov-rhel7:v3.9" |
| | | |
| | | # Container image to use for heketi pods |
| | | openshift_storage_glusterfs_heketi_image="registry.access.redhat.com/rhgs3/rhgs-volmanager-rhel7:v3.9" |
| | | {% endif %} |
| | | |
| | | {% if install_nfs|bool %} |
| | | # Set this line to enable NFS |
| | | openshift_enable_unsupported_configurations=True |
| | | {% endif %} |
| | | |
| | | ########################################################################### |
| | | ### OpenShift Cockpit Vars |
| | | ########################################################################### |
| | | |
| | | # Enable cockpit |
| | | osm_use_cockpit=true |
| | | osm_cockpit_plugins=['cockpit-kubernetes'] |
| | | |
| | | ########################################################################### |
| | | ### OpenShift Master Vars |
| | | ########################################################################### |
| | | |
| | | openshift_master_api_port={{master_api_port}} |
| | | openshift_master_console_port={{master_api_port}} |
| | | |
| | | openshift_master_cluster_method=native |
| | | openshift_master_cluster_hostname={{master_lb_dns}} |
| | | openshift_master_cluster_public_hostname={{master_lb_dns}} |
| | | openshift_master_default_subdomain={{cloudapps_suffix}} |
| | | openshift_master_overwrite_named_certificates={{openshift_master_overwrite_named_certificates}} |
| | | |
| | | {% if install_lets_encrypt_certificates|bool %} |
| | | openshift_master_named_certificates={{lets_encrypt_openshift_master_named_certificates|to_json}} |
| | | {% endif %} |
| | | |
| | | openshift_set_hostname=True |
| | | |
| | | ########################################################################### |
| | | ### OpenShift Network Vars |
| | | ########################################################################### |
| | | |
| | | osm_cluster_network_cidr=10.1.0.0/16 |
| | | openshift_portal_net=172.30.0.0/16 |
| | | |
| | | # os_sdn_network_plugin_name='redhat/openshift-ovs-networkpolicy' |
| | | {{multi_tenant_setting}} |
| | | |
| | | ########################################################################### |
| | | ### OpenShift Authentication Vars |
| | | ########################################################################### |
| | | |
| | | {% if install_idm == "ldap" or 'ldap' in install_idms|d([]) %} |
| | | {{openshift_master_ldap_ca_file}} |
| | | {% endif %} |
| | | |
| | | {% if install_idm == "htpasswd" or 'htpasswd' in install_idms|d([]) %} |
| | | openshift_master_htpasswd_file=/root/htpasswd.openshift |
| | | {% endif %} |
| | | |
| | | openshift_master_identity_providers={{identity_providers|to_json}} |
| | | |
| | | {% if admission_plugin_config is defined %} |
| | | ########################################################################### |
| | | ### OpenShift admission plugin config |
| | | ########################################################################### |
| | | |
| | | openshift_master_admission_plugin_config={{admission_plugin_config|to_json}} |
| | | {% endif %} |
| | | |
| | | ########################################################################### |
| | | ### OpenShift Metrics and Logging Vars |
| | | ########################################################################### |
| | | |
| | | ######################## |
| | | # Enable cluster metrics |
| | | ######################## |
| | | openshift_metrics_install_metrics={{install_metrics}} |
| | | |
| | | {% if install_nfs|bool and not install_glusterfs|bool %} |
| | | openshift_metrics_storage_kind=nfs |
| | | openshift_metrics_storage_access_modes=['ReadWriteOnce'] |
| | | openshift_metrics_storage_nfs_directory=/srv/nfs |
| | | openshift_metrics_storage_nfs_options='*(rw,root_squash)' |
| | | openshift_metrics_storage_volume_name=metrics |
| | | openshift_metrics_storage_volume_size=10Gi |
| | | openshift_metrics_storage_labels={'storage': 'metrics'} |
| | | openshift_metrics_cassanda_pvc_storage_class_name='' |
| | | {% endif %} |
| | | |
| | | {% if install_glusterfs|bool %} |
| | | openshift_metrics_storage_kind=dynamic |
| | | openshift_metrics_storage_volume_size=20Gi |
| | | openshift_metrics_cassandra_pvc_storage_class_name='glusterfs-storage-block' |
| | | {% endif %} |
| | | |
| | | openshift_metrics_hawkular_nodeselector={"node-role.kubernetes.io/infra": "true"} |
| | | openshift_metrics_cassandra_nodeselector={"node-role.kubernetes.io/infra": "true"} |
| | | openshift_metrics_heapster_nodeselector={"node-role.kubernetes.io/infra": "true"} |
| | | |
| | | # Store Metrics for 2 days |
| | | openshift_metrics_duration=2 |
| | | |
| | | {% if install_prometheus|bool %} |
| | | ######################### |
| | | # Add Prometheus Metrics: |
| | | ######################### |
| | | openshift_hosted_prometheus_deploy=true |
| | | openshift_prometheus_namespace=openshift-metrics |
| | | openshift_prometheus_node_selector={"node-role.kubernetes.io/infra":"true"} |
| | | |
| | | # Prometheus |
| | | {% if install_glusterfs|bool %} |
| | | openshift_prometheus_storage_type='pvc' |
| | | openshift_prometheus_storage_kind=dynamic |
| | | openshift_prometheus_storage_class='glusterfs-storage-block' |
| | | openshift_prometheus_storage_volume_size=20Gi |
| | | openshift_prometheus_storage_access_modes=['ReadWriteOnce'] |
| | | openshift_prometheus_storage_volume_name=prometheus |
| | | {% elif install_nfs|bool %} |
| | | openshift_prometheus_storage_type='emptydir' |
| | | {% endif %} |
| | | |
| | | # For prometheus-alertmanager |
| | | {% if install_glusterfs|bool %} |
| | | openshift_prometheus_alertmanager_storage_type='pvc' |
| | | openshift_prometheus_alertmanager_storage_kind=dynamic |
| | | openshift_prometheus_alertmanager_storage_class='glusterfs-storage-block' |
| | | openshift_prometheus_alertmanager_storage_access_modes=['ReadWriteOnce'] |
| | | openshift_prometheus_alertmanager_storage_volume_size=10Gi |
| | | openshift_prometheus_alertmanager_storage_volume_name=prometheus-alertmanager |
| | | {% elif install_nfs|bool %} |
| | | openshift_prometheus_alertmanager_storage_type='emptydir' |
| | | {% endif %} |
| | | |
| | | # For prometheus-alertbuffer |
| | | {% if install_glusterfs|bool %} |
| | | openshift_prometheus_alertbuffer_storage_type='pvc' |
| | | openshift_prometheus_alertbuffer_storage_kind=dynamic |
| | | openshift_prometheus_alertbuffer_storage_class='glusterfs-storage-block' |
| | | openshift_prometheus_alertbuffer_storage_access_modes=['ReadWriteOnce'] |
| | | openshift_prometheus_alertbuffer_storage_volume_name=prometheus-alertbuffer |
| | | openshift_prometheus_alertbuffer_storage_volume_size=10Gi |
| | | {% elif install_nfs|bool %} |
| | | openshift_prometheus_alertbuffer_storage_type='emptydir' |
| | | {% endif %} |
| | | |
| | | # Suggested Quotas and limits for Prometheus components: |
| | | openshift_prometheus_memory_requests=2Gi |
| | | openshift_prometheus_cpu_requests=750m |
| | | openshift_prometheus_memory_limit=2Gi |
| | | openshift_prometheus_cpu_limit=750m |
| | | openshift_prometheus_alertmanager_memory_requests=300Mi |
| | | openshift_prometheus_alertmanager_cpu_requests=200m |
| | | openshift_prometheus_alertmanager_memory_limit=300Mi |
| | | openshift_prometheus_alertmanager_cpu_limit=200m |
| | | openshift_prometheus_alertbuffer_memory_requests=300Mi |
| | | openshift_prometheus_alertbuffer_cpu_requests=200m |
| | | openshift_prometheus_alertbuffer_memory_limit=300Mi |
| | | openshift_prometheus_alertbuffer_cpu_limit=200m |
| | | # The following file will need to be copied over to the bastion before deployment |
| | | # There is an example in ocp-workshop/files |
| | | # openshift_prometheus_additional_rules_file=/root/prometheus_alerts_rules.yml |
| | | |
| | | # Grafana |
| | | openshift_grafana_node_selector={"node-role.kubernetes.io/infra":"true"} |
| | | openshift_grafana_storage_type=pvc |
| | | openshift_grafana_pvc_size=2Gi |
| | | openshift_grafana_node_exporter=true |
| | | openshift_grafana_prometheus_namespace="openshift-metrics" |
| | | openshift_grafana_prometheus_serviceaccount="prometheus" |
| | | openshift_grafana_prometheus_route="prometheus" |
| | | |
| | | {% if install_glusterfs|bool %} |
| | | openshift_grafana_sc_name=glusterfs-storage |
| | | {% endif %} |
| | | |
| | | {% endif %} |
| | | |
| | | # Enable cluster logging |
| | | ######################## |
| | | openshift_logging_install_logging={{install_logging}} |
| | | |
| | | {% if install_nfs|bool and not install_glusterfs|bool %} |
| | | openshift_logging_storage_kind=nfs |
| | | openshift_logging_storage_access_modes=['ReadWriteOnce'] |
| | | openshift_logging_storage_nfs_directory=/srv/nfs |
| | | openshift_logging_storage_nfs_options='*(rw,root_squash)' |
| | | openshift_logging_storage_volume_name=logging |
| | | openshift_logging_storage_volume_size=10Gi |
| | | openshift_logging_storage_labels={'storage': 'logging'} |
| | | openshift_logging_es_pvc_storage_class_name='' |
| | | {% endif %} |
| | | {% if install_glusterfs|bool %} |
| | | openshift_logging_es_pvc_dynamic=true |
| | | openshift_logging_es_pvc_size=20Gi |
| | | openshift_logging_es_cluster_size=1 |
| | | openshift_logging_es_pvc_storage_class_name='glusterfs-storage-block' |
| | | {% endif %} |
| | | |
| | | openshift_logging_kibana_nodeselector={"node-role.kubernetes.io/infra": "true"} |
| | | openshift_logging_curator_nodeselector={"node-role.kubernetes.io/infra": "true"} |
| | | openshift_logging_es_nodeselector={"node-role.kubernetes.io/infra": "true"} |
| | | |
| | | openshift_logging_es_cluster_size=1 |
| | | openshift_logging_curator_default_days=3 |
| | | |
| | | ########################################################################### |
| | | ### OpenShift Router and Registry Vars |
| | | ########################################################################### |
| | | |
| | | openshift_hosted_router_replicas={{infranode_instance_count}} |
| | | |
| | | {% if install_lets_encrypt_certificates|bool %} |
| | | openshift_hosted_router_certificate={{lets_encrypt_openshift_hosted_router_certificate|to_json}} |
| | | {% endif %} |
| | | |
| | | openshift_hosted_registry_replicas=1 |
| | | openshift_hosted_registry_pullthrough=true |
| | | openshift_hosted_registry_acceptschema2=true |
| | | openshift_hosted_registry_enforcequota=true |
| | | |
| | | {% if s3user_access_key is defined %} |
| | | # Registry AWS S3 |
| | | # S3 bucket must already exist. |
| | | openshift_hosted_registry_storage_kind=object |
| | | openshift_hosted_registry_storage_provider=s3 |
| | | openshift_hosted_registry_storage_s3_accesskey={{ s3user_access_key }} |
| | | openshift_hosted_registry_storage_s3_secretkey={{ s3user_secret_access_key }} |
| | | openshift_hosted_registry_storage_s3_bucket={{ project_tag }} |
| | | openshift_hosted_registry_storage_s3_region={{ aws_region_final|d(aws_region) }} |
| | | openshift_hosted_registry_storage_s3_chunksize=26214400 |
| | | openshift_hosted_registry_storage_s3_rootdirectory=/registry |
| | | {% endif %} |
| | | |
| | | ########################################################################### |
| | | ### OpenShift Service Catalog Vars |
| | | ########################################################################### |
| | | |
| | | openshift_enable_service_catalog=true |
| | | |
| | | template_service_broker_install=true |
| | | # openshift_template_service_broker_namespaces=['openshift'] |
| | | |
| | | ansible_service_broker_install=true |
| | | ansible_service_broker_local_registry_whitelist=['.*-apb$'] |
| | | |
| | | ########################################################################### |
| | | ### OpenShift Hosts |
| | | ########################################################################### |
| | | [OSEv3:children] |
| | | masters |
| | | etcd |
| | | nodes |
| | | {% if install_nfs|bool %} |
| | | nfs |
| | | {% endif %} |
| | | {% if install_glusterfs|bool %} |
| | | glusterfs |
| | | {% endif %} |
| | | {% if groups['newnodes']|d([])|length > 0 %} |
| | | new_nodes |
| | | {% endif %} |
| | | |
| | | [masters] |
| | | {% for host in groups['masters']|sort %} |
| | | {{ hostvars[host].internaldns }} |
| | | {% endfor %} |
| | | |
| | | [etcd] |
| | | {% for host in groups['masters']|sort %} |
| | | {{ hostvars[host].internaldns }} |
| | | {% endfor %} |
| | | |
| | | [nodes] |
| | | ## These are the masters |
| | | {% for host in groups['masters']|sort %} |
| | | {{ hostvars[host].internaldns }} openshift_node_group_name='node-config-master' |
| | | {% endfor %} |
| | | |
| | | ## These are infranodes |
| | | {% for host in groups['infranodes']|sort %} |
| | | {{ hostvars[host].internaldns }} openshift_node_group_name='node-config-infra' |
| | | {% endfor %} |
| | | |
| | | ## These are regular nodes |
| | | {% for host in groups['nodes']|sort |
| | | if host not in groups['newnodes']|d([]) |
| | | and host not in groups['glusterfs']|d([]) |
| | | %} |
| | | {{ hostvars[host].internaldns }} openshift_node_group_name='node-config-compute' |
| | | {% endfor %} |
| | | |
| | | {% if groups['glusterfs']|d([])|length > 0 %} |
| | | ## These are glusterfs nodes |
| | | {% for host in groups['glusterfs']|sort %} |
| | | {{ hostvars[host].internaldns }} openshift_node_group_name='node-config-compute' |
| | | {% endfor %} |
| | | {% endif %} |
| | | |
| | | {% if groups['newnodes']|d([])|length > 0 %} |
| | | # scaleup performed, leave an empty group, see: |
| | | # https://docs.openshift.com/container-platform/3.7/install_config/adding_hosts_to_existing_cluster.html |
| | | [new_nodes] |
| | | {% for host in groups['newnodes']|sort %} |
| | | {{ hostvars[host].internaldns }} ansible_ssh_user={{remote_user}} ansible_ssh_private_key_file=~/.ssh/{{key_name}}.pem openshift_node_group_name='node-config-compute' |
| | | {% endfor %} |
| | | {% endif %} |
| | | |
| | | {% if install_nfs|bool %} |
| | | [nfs] |
| | | {% for host in [groups['support']|sort|first] %} |
| | | {{ hostvars[host].internaldns }} |
| | | {% endfor %} |
| | | {% endif %} |
| | | |
| | | {% if install_glusterfs|bool %} |
| | | {% set query = "[?name=='support']|[0].volumes[?purpose=='glusterfs'].device_name" %} |
| | | [glusterfs] |
| | | {% for host in groups['glusterfs']|sort %} |
| | | {% if loop.index % 3 == 1 %} |
| | | {% set glusterfs_zone = 1 %} |
| | | {% elif loop.index % 3 == 2 %} |
| | | {% set glusterfs_zone = 2 %} |
| | | {% elif loop.index % 3 == 0 %} |
| | | {% set glusterfs_zone = 3 %} |
| | | {% endif %} |
| | | {% if cloud_provider == 'ec2' %} |
| | | {{ hostvars[host].internaldns }} glusterfs_zone={{ glusterfs_zone }} glusterfs_devices='{{instances|json_query(query)|to_json}}' |
| | | {% elif cloud_provider == 'azure' %} |
| | | {{ hostvars[host].internaldns }} glusterfs_zone={{ glusterfs_zone }} glusterfs_devices='{{ [ hostvars[host].glusterfs_device_name ] |to_json}}' |
| | | {% endif %} |
| | | {% endfor %} |
| | | {% endif %} |
| | |
| | | - step002 |
| | | - post_infrastructure |
| | | tasks: |
| | | - environment: |
| | | AWS_ACCESS_KEY_ID: "{{aws_access_key_id}}" |
| | | AWS_SECRET_ACCESS_KEY: "{{aws_secret_access_key}}" |
| | | AWS_DEFAULT_REGION: "{{aws_region_final|d(aws_region)}}" |
| | | block: |
| | | - name: Deactivate autoscaling |
| | | command: >- |
| | | aws autoscaling suspend-processes --auto-scaling-group-name |
| | | {{cloudformation_out_final.stack_outputs.AutoScalingGroupClientVM}} |
| | | |
| | | - name: Write down autoscaling name |
| | | copy: |
| | | dest: "{{ANSIBLE_REPO_PATH}}/workdir/{{ env_type }}.{{ guid }}.AutoScalingGroupClientVM" |
| | | content: "{{cloudformation_out_final.stack_outputs.AutoScalingGroupClientVM}}" |
| | | |
| | | - name: Allocate and associate an EIP to the clientVMs |
| | | ec2_eip: |
| | | device_id: "{{hostvars[item].instance_id}}" |
| | | with_items: "{{groups['clientvms']}}" |
| | | register: eips |
| | | |
| | | # reimport roles to update inventory, and regenerate ssh config, since |
| | | # we're using public ip to connect to clientVMs |
| | | - name: Run infra-ec2-create-inventory Role |
| | | import_role: |
| | | name: "{{ ANSIBLE_REPO_PATH }}/roles/infra-ec2-create-inventory" |
| | | - name: Run Common SSH Config Generator Role |
| | | import_role: |
| | | name: "{{ANSIBLE_REPO_PATH}}/roles/infra-common-ssh-config-generate" |
| | | |
| | | - name: Create DNS record for each clientVM |
| | | route53: |
| | | hosted_zone_id: "{{HostedZoneId}}" |
| | | zone: "{{subdomain_base}}" |
| | | record: "clientvm{{idx}}.{{subdomain_base}}" |
| | | state: present |
| | | type: A |
| | | ttl: 90 |
| | | value: "{{hostvars[item].public_ip_address}}" |
| | | with_items: "{{groups['clientvms']}}" |
| | | loop_control: |
| | | index_var: idx |
| | | |
| | | - name: Rename instance |
| | | ec2_tag: |
| | | state: present |
| | | resource: "{{hostvars[item].instance_id}}" |
| | | tags: |
| | | Name: "clientvm{{idx}}" |
| | | with_items: "{{groups['clientvms']}}" |
| | | loop_control: |
| | | index_var: idx |
| | | |
| | | - name: Job Template to launch a Job Template with update on launch inventory set |
| | | uri: |
| | |
| | | - when: |
| | | - install_prometheus|d(False)|bool |
| | | - osrelease is version_compare("3.10", ">=") |
| | | - osrelease is version_compare("3.10.34", "<") |
| | | block: |
| | | # Node Exporters on all Nodes liston on port 9100. |
| | | # Open Firewall Port 9100 for future sessions by adding |
| | |
| | | vars: |
| | | zabbix_auto_registration_keyword: OCP Host |
| | | tasks: |
| | | - when: install_zabbix_bool |
| | | - when: install_zabbix|bool |
| | | include_role: |
| | | name: "{{ ANSIBLE_REPO_PATH }}/roles/zabbix-client" |
| | | tags: |
New file |
| | |
| | | --- |
| | | student_name: lab-user |
| | |
| | | when: |
| | | - student_password is not defined |
| | | |
| | | - name: Create user lab-user |
| | | - name: Create user |
| | | user: |
| | | name: lab-user |
| | | name: "{{ student_name }}" |
| | | password: "{{ student_password|password_hash('sha512') }}" |
| | | comment: GTPE Student |
| | | group: users |
| | |
| | | lineinfile: |
| | | path: '/etc/sudoers' |
| | | state: present |
| | | line: 'student ALL=(ALL) NOPASSWD: ALL' |
| | | line: "{{ student_name }} ALL=(ALL) NOPASSWD: ALL" |
| | | insertafter: '^ec2-user' |
| | | |
| | | - name: Restart sshd |
New file |
| | |
| | | *.retry |
| | | tests/test.sh |
New file |
| | |
| | | --- |
| | | services: docker |
| | | |
| | | env: |
| | | # Test source install on latest supported OSes. |
| | | - distro: centos7 |
| | | playbook: test-source.yml |
| | | GIT_VERSION: 2.16.2 |
| | | - distro: fedora27 |
| | | playbook: test-source.yml |
| | | GIT_VERSION: 2.16.2 |
| | | - distro: ubuntu1804 |
| | | playbook: test-source.yml |
| | | GIT_VERSION: 2.16.2 |
| | | |
| | | # Test package install on all supported OSes. |
| | | - distro: centos7 |
| | | playbook: test.yml |
| | | GIT_VERSION: 1.8.3.1 |
| | | - distro: centos6 |
| | | playbook: test.yml |
| | | GIT_VERSION: 1.7.1 |
| | | - distro: fedora27 |
| | | playbook: test.yml |
| | | GIT_VERSION: 2.14.3 |
| | | - distro: ubuntu1804 |
| | | playbook: test.yml |
| | | GIT_VERSION: 2.15.1 |
| | | - distro: ubuntu1604 |
| | | playbook: test.yml |
| | | GIT_VERSION: 2.7.4 |
| | | - distro: ubuntu1404 |
| | | playbook: test.yml |
| | | GIT_VERSION: 1.9.1 |
| | | - distro: debian8 |
| | | playbook: test.yml |
| | | GIT_VERSION: 2.1.4 |
| | | |
| | | script: |
| | | # Configure test script so we can run extra tests after playbook is run. |
| | | - export container_id=$(date +%s) |
| | | - export cleanup=false |
| | | |
| | | # Download test shim. |
| | | - wget -O ${PWD}/tests/test.sh https://gist.githubusercontent.com/geerlingguy/73ef1e5ee45d8694570f334be385e181/raw/ |
| | | - chmod +x ${PWD}/tests/test.sh |
| | | |
| | | # Run tests. |
| | | - ${PWD}/tests/test.sh |
| | | |
| | | # Ensure Git is installed and at the right version. |
| | | - 'docker exec --tty ${container_id} env TERM=xterm which git' |
| | | - 'docker exec --tty ${container_id} env TERM=xterm test -x /usr/bin/git' |
| | | |
| | | - 'docker exec --tty ${container_id} env TERM=xterm git --version' |
| | | - 'docker exec --tty ${container_id} env TERM=xterm /usr/bin/git --version | grep -qF "$GIT_VERSION"' |
| | | |
| | | notifications: |
| | | webhooks: https://galaxy.ansible.com/api/v1/notifications/ |
New file |
| | |
| | | The MIT License (MIT) |
| | | |
| | | Copyright (c) 2017 Jeff Geerling |
| | | |
| | | Permission is hereby granted, free of charge, to any person obtaining a copy of |
| | | this software and associated documentation files (the "Software"), to deal in |
| | | the Software without restriction, including without limitation the rights to |
| | | use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of |
| | | the Software, and to permit persons to whom the Software is furnished to do so, |
| | | subject to the following conditions: |
| | | |
| | | The above copyright notice and this permission notice shall be included in all |
| | | copies or substantial portions of the Software. |
| | | |
| | | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |
| | | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS |
| | | FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR |
| | | COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER |
| | | IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN |
| | | CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. |
New file |
| | |
| | | # Ansible Role: Git |
| | | |
| | | [![Build Status](https://travis-ci.org/geerlingguy/ansible-role-git.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-git) |
| | | |
| | | Installs Git, a distributed version control system, on any RHEL/CentOS or Debian/Ubuntu Linux system. |
| | | |
| | | ## Requirements |
| | | |
| | | None. |
| | | |
| | | ## Role Variables |
| | | |
| | | Available variables are listed below, along with default values (see `defaults/main.yml`): |
| | | |
| | | workspace: /root |
| | | |
| | | Where certain files will be downloaded and adjusted prior to git installation, if needed. |
| | | |
| | | git_enablerepo: "" |
| | | |
| | | This variable, a well as `git_packages`, will be used to install git via a particular `yum` repo if `git_install_from_source` is false (CentOS only). Any additional repositories you have installed that you would like to use for a newer/different Git version. |
| | | |
| | | git_packages: |
| | | - git |
| | | - git-svn |
| | | |
| | | The specific Git packages that will be installed. By default, `git-svn` is included, but you can easily add this variable to your playbook's variables and remove `git-svn` if desired. |
| | | |
| | | git_install_from_source: false |
| | | git_install_path: "/usr" |
| | | git_version: "2.16.2" |
| | | |
| | | Whether to install Git from source; if set to `true`, `git_version` is required and will be used to install a particular version of git (see all available versions here: https://www.kernel.org/pub/software/scm/git/), and `git_install_path` defines where git should be installed. |
| | | |
| | | git_install_from_source_force_update: false |
| | | |
| | | If git is already installed at and older version, force a new source build. Only applies if `git_install_from_source` is `true`. |
| | | |
| | | ## Dependencies |
| | | |
| | | None. |
| | | |
| | | ## Example Playbook |
| | | |
| | | - hosts: servers |
| | | roles: |
| | | - { role: geerlingguy.git } |
| | | |
| | | ## License |
| | | |
| | | MIT / BSD |
| | | |
| | | ## Author Information |
| | | |
| | | This role was created in 2014 by [Jeff Geerling](https://www.jeffgeerling.com/), author of [Ansible for DevOps](https://www.ansiblefordevops.com/). |
New file |
| | |
| | | --- |
| | | workspace: /root |
| | | |
| | | # If git_install_from_source is set to false, these two variables define whether |
| | | # to use an additional repo for the package installation, and which git packages |
| | | # will be installed. |
| | | git_enablerepo: "" |
| | | git_packages: |
| | | - git |
| | | - git-svn |
| | | |
| | | # If set to TRUE, git will be installed from source, using the version set with |
| | | # the 'git_version' variable instead of using a package. |
| | | git_install_from_source: false |
| | | git_install_path: "/usr" |
| | | git_version: "2.16.2" |
| | | |
| | | # If git is already installed at and older version, force a new source build. |
| | | # Only applies if git_install_from_source is `true`. |
| | | git_install_from_source_force_update: false |
| | | |
| | | # Leave this at it's default. |
| | | git_reinstall_from_source: false |
New file |
| | |
| | | {install_date: 'Thu Aug 30 16:27:09 2018', version: 2.0.2} |
New file |
| | |
| | | --- |
| | | dependencies: [] |
| | | |
| | | galaxy_info: |
| | | author: geerlingguy |
| | | description: Git version control software |
| | | company: "Midwestern Mac, LLC" |
| | | license: "license (BSD, MIT)" |
| | | min_ansible_version: 2.4 |
| | | platforms: |
| | | - name: EL |
| | | versions: |
| | | - all |
| | | - name: Fedora |
| | | versions: |
| | | - all |
| | | - name: Debian |
| | | versions: |
| | | - all |
| | | - name: Ubuntu |
| | | versions: |
| | | - all |
| | | galaxy_tags: |
| | | - development |
| | | - system |
| | | - git |
| | | - vcs |
| | | - source |
| | | - code |
New file |
| | |
| | | --- |
| | | |
| | | - name: Include OS-specific variables (RedHat). |
| | | include_vars: "{{ ansible_os_family }}.yml" |
| | | when: |
| | | - ansible_os_family == "RedHat" |
| | | - ansible_distribution != "Fedora" |
| | | |
| | | - name: Include OS-specific variables (Fedora). |
| | | include_vars: "{{ ansible_distribution }}.yml" |
| | | when: ansible_distribution == "Fedora" |
| | | |
| | | - name: Include OS-specific variables (Debian). |
| | | include_vars: "{{ ansible_os_family }}.yml" |
| | | when: ansible_os_family == "Debian" |
| | | |
| | | - name: Define git_install_from_source_dependencies. |
| | | set_fact: |
| | | git_install_from_source_dependencies: "{{ __git_install_from_source_dependencies | list }}" |
| | | when: git_install_from_source_dependencies is not defined |
| | | |
| | | - name: Ensure git's dependencies are installed (RedHat). |
| | | package: "name={{ item }} state=present" |
| | | with_items: "{{ git_install_from_source_dependencies }}" |
| | | when: ansible_os_family == 'RedHat' |
| | | |
| | | - name: Ensure git's dependencies are installed (Debian). |
| | | apt: "name={{ item }} state=present" |
| | | with_items: "{{ git_install_from_source_dependencies }}" |
| | | when: ansible_os_family == 'Debian' |
| | | |
| | | - name: Get installed version. |
| | | command: > |
| | | git --version |
| | | warn=no |
| | | changed_when: false |
| | | failed_when: false |
| | | check_mode: no |
| | | register: git_installed_version |
| | | |
| | | - name: Force git install if the version numbers do not match. |
| | | set_fact: |
| | | git_reinstall_from_source: true |
| | | when: |
| | | - git_install_from_source_force_update |
| | | - (git_installed_version.rc == 0) and (git_installed_version.stdout | regex_replace("^.*?([0-9\.]+)$", "\\1") | version_compare(git_version, operator="!=")) |
| | | |
| | | - name: Download git. |
| | | get_url: |
| | | url: "https://www.kernel.org/pub/software/scm/git/git-{{ git_version }}.tar.gz" |
| | | dest: "{{ workspace }}/git-{{ git_version }}.tar.gz" |
| | | when: (git_installed_version.rc != 0) or git_reinstall_from_source |
| | | |
| | | - name: Expand git archive. |
| | | unarchive: |
| | | src: "{{ workspace }}/git-{{ git_version }}.tar.gz" |
| | | dest: "{{ workspace }}" |
| | | creates: "{{ workspace }}/git-{{ git_version }}/README" |
| | | copy: no |
| | | when: (git_installed_version.rc != 0) or git_reinstall_from_source |
| | | |
| | | - name: Build git. |
| | | command: > |
| | | make prefix={{ git_install_path }} {{ item }} |
| | | chdir={{ workspace }}/git-{{ git_version }} |
| | | with_items: |
| | | - all |
| | | - install |
| | | when: (git_installed_version.rc != 0) or git_reinstall_from_source |
| | | become: yes |
New file |
| | |
| | | --- |
| | | - name: Ensure git is installed (RedHat). |
| | | package: |
| | | name: "{{ item }}" |
| | | state: present |
| | | enablerepo: "{{ git_enablerepo }}" |
| | | with_items: "{{ git_packages }}" |
| | | when: (git_install_from_source == false) and (ansible_os_family == 'RedHat') |
| | | |
| | | - name: Update apt cache (Debian). |
| | | apt: update_cache=yes cache_valid_time=86400 |
| | | when: ansible_os_family == 'Debian' |
| | | |
| | | - name: Ensure git is installed (Debian). |
| | | apt: |
| | | name: "{{ item }}" |
| | | state: present |
| | | with_items: "{{ git_packages }}" |
| | | when: (git_install_from_source == false) and (ansible_os_family == 'Debian') |
| | | |
| | | # Install git from source when git_install_from_source is true. |
| | | - import_tasks: install-from-source.yml |
| | | when: git_install_from_source == true |
New file |
| | |
| | | # Ansible Role tests |
| | | |
| | | To run the test playbook(s) in this directory: |
| | | |
| | | 1. Install and start Docker. |
| | | 1. Download the test shim (see .travis.yml file for the URL) into `tests/test.sh`: |
| | | - `wget -O tests/test.sh https://gist.githubusercontent.com/geerlingguy/73ef1e5ee45d8694570f334be385e181/raw/` |
| | | 1. Make the test shim executable: `chmod +x tests/test.sh`. |
| | | 1. Run (from the role root directory) `distro=[distro] playbook=[playbook] ./tests/test.sh` |
| | | |
| | | If you don't want the container to be automatically deleted after the test playbook is run, add the following environment variables: `cleanup=false container_id=$(date +%s)` |
New file |
| | |
| | | --- |
| | | - hosts: all |
| | | |
| | | vars: |
| | | git_install_from_source: true |
| | | git_install_from_source_force_update: true |
| | | git_version: "2.16.2" |
| | | |
| | | pre_tasks: |
| | | - name: Update apt cache. |
| | | apt: update_cache=yes cache_valid_time=600 |
| | | when: ansible_os_family == 'Debian' |
| | | changed_when: false |
| | | |
| | | roles: |
| | | - role_under_test |
New file |
| | |
| | | --- |
| | | - hosts: all |
| | | |
| | | vars: |
| | | git_install_from_source: false |
| | | git_install_path: /usr/local |
| | | |
| | | pre_tasks: |
| | | - name: Update apt cache. |
| | | apt: update_cache=yes cache_valid_time=600 |
| | | when: ansible_os_family == 'Debian' |
| | | changed_when: false |
| | | |
| | | roles: |
| | | - role_under_test |
New file |
| | |
| | | --- |
| | | git_install_from_source_dependencies: |
| | | - libcurl4-gnutls-dev |
| | | - libexpat1-dev |
| | | - gettext |
| | | - libssl-dev |
| | | - zlib1g-dev |
| | | - build-essential |
| | | - gcc |
| | | |
New file |
| | |
| | | --- |
| | | git_install_from_source_dependencies: |
| | | - gettext-devel |
| | | - expat-devel |
| | | - curl-devel |
| | | - zlib-devel |
| | | - perl-devel |
| | | - openssl-devel |
| | | - subversion-perl |
| | | - make |
| | | - gcc |
| | | - tar |
| | | |
New file |
| | |
| | | --- |
| | | git_install_from_source_dependencies: |
| | | - gettext-devel |
| | | - expat-devel |
| | | - curl-devel |
| | | - zlib-devel |
| | | - perl-devel |
| | | - openssl-devel |
| | | - subversion-perl |
| | | - make |
| | | - gcc |
| | | |
New file |
| | |
| | | --- |
| | | # This space intentionally left blank. |
| | | |
New file |
| | |
| | | *.retry |
| | | tests/test.sh |
New file |
| | |
| | | --- |
| | | services: docker |
| | | |
| | | env: |
| | | - distro: centos7 |
| | | - distro: ubuntu1604 |
| | | - distro: ubuntu1404 |
| | | - distro: ubuntu1204 |
| | | - distro: debian8 |
| | | |
| | | script: |
| | | # Configure test script so we can run extra tests after playbook is run. |
| | | - export container_id=$(date +%s) |
| | | - export cleanup=false |
| | | |
| | | # Download test shim. |
| | | - wget -O ${PWD}/tests/test.sh https://gist.githubusercontent.com/geerlingguy/73ef1e5ee45d8694570f334be385e181/raw/ |
| | | - chmod +x ${PWD}/tests/test.sh |
| | | |
| | | # Run tests. |
| | | - ${PWD}/tests/test.sh |
| | | |
| | | # Check if we get an installation page. |
| | | - 'docker exec --tty ${container_id} env TERM=xterm curl http://localhost:3000/install' |
| | | |
| | | notifications: |
| | | webhooks: https://galaxy.ansible.com/api/v1/notifications/ |
New file |
| | |
| | | The MIT License (MIT) |
| | | |
| | | Copyright (c) 2017 Jeff Geerling |
| | | |
| | | Permission is hereby granted, free of charge, to any person obtaining a copy of |
| | | this software and associated documentation files (the "Software"), to deal in |
| | | the Software without restriction, including without limitation the rights to |
| | | use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of |
| | | the Software, and to permit persons to whom the Software is furnished to do so, |
| | | subject to the following conditions: |
| | | |
| | | The above copyright notice and this permission notice shall be included in all |
| | | copies or substantial portions of the Software. |
| | | |
| | | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |
| | | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS |
| | | FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR |
| | | COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER |
| | | IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN |
| | | CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. |
New file |
| | |
| | | # Ansible Role: Gogs |
| | | |
| | | [![Build Status](https://travis-ci.org/geerlingguy/ansible-role-gogs.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-gogs) |
| | | |
| | | Installs [Gogs](https://github.com/gogits/gogs), a Go-based front-end to Git, on RedHat or Debian-based linux systems. |
| | | |
| | | After the playbook is finished, visit the gogs server (on port 3000 by default), and you will be redirected to the /install page, where you can configure an administrator account and other default options. |
| | | |
| | | ## Requirements |
| | | |
| | | Requires git (via `geerlingguy.git`), and at least the Gogs HTTP port (3000 by default) open on your system's firewall. Install MySQL (e.g. via `geerlingguy.mysql`) prior to installing Gogs if you would like to use MySQL instead of built-in SQLite support. |
| | | |
| | | ## Role Variables |
| | | |
| | | Available variables are listed below, along with default values (see `defaults/main.yml`): |
| | | |
| | | gogs_user: git |
| | | gogs_user_home: /home/git |
| | | |
| | | The user and home under which Gogs will run and be installed. |
| | | |
| | | gogs_binary_url: https://github.com/gogits/gogs/releases/download/v0.3.1/linux_amd64.zip |
| | | |
| | | Download URL for the Gogs binary. |
| | | |
| | | gogs_http_port: "3000" |
| | | |
| | | HTTP port over which Gogs will be accessed. |
| | | |
| | | gogs_use_mysql: false |
| | | gogs_db_name: gogs |
| | | gogs_db_username: gogs |
| | | gogs_db_password: root |
| | | |
| | | MySQL database support. Set `gogs_use_mysql` to `true` to configure MySQL for gogs, using the database name, username, and password defined by the respective variables. |
| | | |
| | | ## Dependencies |
| | | |
| | | - geerlingguy.git |
| | | |
| | | ## Example Playbook |
| | | |
| | | - hosts: servers |
| | | vars_files: |
| | | - vars/main.yml |
| | | roles: |
| | | - geerlingguy.gogs |
| | | |
| | | *Inside `vars/main.yml`*: |
| | | |
| | | gogs_http_port: "8080" |
| | | |
| | | ## License |
| | | |
| | | MIT / BSD |
| | | |
| | | ## Author Information |
| | | |
| | | This role was created in 2014 by [Jeff Geerling](https://www.jeffgeerling.com/), author of [Ansible for DevOps](https://www.ansiblefordevops.com/). |
New file |
| | |
| | | --- |
| | | gogs_user: git |
| | | gogs_user_home: /home/git |
| | | gogs_binary_url: https://github.com/gogits/gogs/releases/download/v0.9.97/linux_amd64.tar.gz |
| | | gogs_http_port: "3000" |
| | | gogs_use_mysql: false |
| | | gogs_db_name: gogs |
| | | gogs_db_username: gogs |
| | | gogs_db_password: root |
New file |
| | |
| | | --- |
| | | - name: restart gogs |
| | | service: name=gogs state=restarted |
New file |
| | |
| | | {install_date: 'Thu Aug 30 16:27:17 2018', version: 1.4.2} |
New file |
| | |
| | | --- |
| | | dependencies: |
| | | - geerlingguy.git |
| | | |
| | | galaxy_info: |
| | | author: geerlingguy |
| | | description: "Gogs: Go Git Service" |
| | | company: "Midwestern Mac, LLC" |
| | | license: "license (BSD, MIT)" |
| | | min_ansible_version: 1.8 |
| | | platforms: |
| | | - name: EL |
| | | versions: |
| | | - 6 |
| | | - 7 |
| | | - name: Ubuntu |
| | | versions: |
| | | - all |
| | | - name: Debian |
| | | versions: |
| | | - all |
| | | galaxy_tags: |
| | | - development |
| | | - web |
New file |
| | |
| | | --- |
| | | - name: Create Gogs MySQL user. |
| | | mysql_user: |
| | | name: "{{ gogs_db_username }}" |
| | | host: "{{ item }}" |
| | | priv: "{{ gogs_db_name }}.*:ALL" |
| | | password: "{{ gogs_db_password }}" |
| | | with_items: |
| | | - 127.0.0.1 |
| | | - ::1 |
| | | - localhost |
| | | when: gogs_use_mysql |
| | | notify: restart gogs |
| | | |
| | | - name: Create Gogs MySQL database. |
| | | mysql_db: |
| | | db: "{{ gogs_db_name }}" |
| | | state: present |
| | | when: gogs_use_mysql |
| | | notify: restart gogs |
New file |
| | |
| | | --- |
| | | - name: Make Gogs init script executable. |
| | | file: |
| | | path: "{{ gogs_user_home }}/{{ gogs_init_script_path }}" |
| | | mode: 0755 |
| | | |
| | | - name: Symlink Gogs binary and startup scripts. |
| | | file: |
| | | src: "{{ item.src }}" |
| | | dest: "{{ item.dest }}" |
| | | state: link |
| | | with_items: |
| | | - { src: "{{ gogs_user_home }}/gogs/gogs", dest: "/usr/local/bin/gogs" } |
| | | - { src: "{{ gogs_user_home }}/{{ gogs_init_script_path }}" , dest: "/etc/init.d/gogs" } |
| | | notify: restart gogs |
| | | |
| | | - name: Copy Gogs systemd unit file into place (for systemd systems). |
| | | template: |
| | | src: gogs.unit.j2 |
| | | dest: /etc/systemd/system/gogs.service |
| | | owner: root |
| | | group: root |
| | | mode: 0755 |
| | | when: "ansible_service_mgr == 'systemd'" |
New file |
| | |
| | | --- |
| | | # Include variables and define needed variables. |
| | | - name: Include OS-specific variables. |
| | | include_vars: "{{ ansible_os_family }}.yml" |
| | | |
| | | - name: Ensure unzip is installed. |
| | | package: name=unzip state=present |
| | | |
| | | - name: Create user for Gogs. |
| | | user: |
| | | name: "{{ gogs_user }}" |
| | | comment: Gogs |
| | | home: "{{ gogs_user_home }}" |
| | | |
| | | - name: Check if Gogs is already installed. |
| | | stat: path=/usr/local/bin/gogs |
| | | register: gogs_bin |
| | | |
| | | - name: Download Gogs. |
| | | get_url: |
| | | url: "{{ gogs_binary_url }}" |
| | | dest: "{{ gogs_user_home }}/gogs.zip" |
| | | owner: "{{ gogs_user }}" |
| | | group: "{{ gogs_user }}" |
| | | when: gogs_bin.stat.islnk is not defined |
| | | |
| | | - name: Expand Gogs. |
| | | unarchive: |
| | | src: "{{ gogs_user_home }}/gogs.zip" |
| | | dest: "{{ gogs_user_home }}" |
| | | group: "{{ gogs_user }}" |
| | | owner: "{{ gogs_user }}" |
| | | copy: no |
| | | when: gogs_bin.stat.islnk is not defined |
| | | |
| | | - include: init-setup.yml |
| | | - include: gogs-mysql.yml |
| | | |
| | | - name: Create Gogs log folder. |
| | | file: |
| | | path: "{{ gogs_user_home }}/gogs/log" |
| | | state: directory |
| | | owner: "{{ gogs_user }}" |
| | | group: "{{ gogs_user }}" |
| | | mode: 0755 |
| | | |
| | | - name: Ensure Gogs is running. |
| | | service: name=gogs state=started enabled=yes |
New file |
| | |
| | | [Unit] |
| | | Description=Gogs (Go Git Service) |
| | | After=syslog.target |
| | | After=network.target |
| | | #After=mysqld.service |
| | | #After=postgresql.service |
| | | #After=memcached.service |
| | | #After=redis.service |
| | | |
| | | [Service] |
| | | # Modify these two values and uncomment them if you have |
| | | # repos with lots of files and get an HTTP error 500 because |
| | | # of that |
| | | ### |
| | | #LimitMEMLOCK=infinity |
| | | #LimitNOFILE=65535 |
| | | Type=simple |
| | | User={{ gogs_user }} |
| | | Group={{ gogs_user }} |
| | | WorkingDirectory={{ gogs_user_home }}/gogs |
| | | ExecStart={{ gogs_user_home }}/gogs/gogs web |
| | | Restart=always |
| | | Environment=USER={{ gogs_user }} HOME={{ gogs_user_home }} |
| | | |
| | | [Install] |
| | | WantedBy=multi-user.target |
New file |
| | |
| | | # Ansible Role tests |
| | | |
| | | To run the test playbook(s) in this directory: |
| | | |
| | | 1. Install and start Docker. |
| | | 1. Download the test shim (see .travis.yml file for the URL) into `tests/test.sh`: |
| | | - `wget -O tests/test.sh https://gist.githubusercontent.com/geerlingguy/73ef1e5ee45d8694570f334be385e181/raw/` |
| | | 1. Make the test shim executable: `chmod +x tests/test.sh`. |
| | | 1. Run (from the role root directory) `distro=[distro] playbook=[playbook] ./tests/test.sh` |
| | | |
| | | If you don't want the container to be automatically deleted after the test playbook is run, add the following environment variables: `cleanup=false container_id=$(date +%s)` |
New file |
| | |
| | | --- |
| | | - src: geerlingguy.git |
New file |
| | |
| | | - hosts: all |
| | | |
| | | pre_tasks: |
| | | - name: Update apt cache. |
| | | apt: update_cache=yes cache_valid_time=600 |
| | | when: ansible_os_family == 'Debian' |
| | | changed_when: false |
| | | |
| | | - name: Ensure build dependencies are installed. |
| | | package: name=curl state=present |
| | | |
| | | roles: |
| | | - geerlingguy.git |
| | | - role_under_test |
New file |
| | |
| | | --- |
| | | gogs_init_script_path: gogs/scripts/init/debian/gogs |
New file |
| | |
| | | --- |
| | | gogs_init_script_path: gogs/scripts/init/centos/gogs |
| | |
| | | --- |
| | | - name: Start host-jenkins-server installer |
| | | debug: |
| | | msg: "Do the needful to deploy host-jenkins-server" |
| | | - name: Run gogs Config with admin user creation |
| | | uri: |
| | | url: http://{{ ansible_hostname }}:3000/install |
| | | method: POST |
| | | body: "{{ lookup('template', 'templates/gogs_config.j2') }}" |
| | | status_code: 302 |
New file |
| | |
| | | db_type=SQLite3&db_path=data/gogs.db&app_name=Gogs&repo_root_path=/home/git/gogs-repositories&run_user=git&domain=example.opentlc.com&ssh_port=22&http_port=3000&app_url=http://localhost:3000/&log_root_path=/home/git/gogs/log&smtp_host=&smtp_from=&smtp_user=&smtp_passwd=&disable_gravatar=true&enable_captcha=false®ister_confirm=false&admin_name={{ gogs_admin_username}}&admin_passwd={{ gogs_admin_password }}&admin_confirm_passwd={{ gogs_admin_password }}&admin_email=admin@example.com |
| | |
| | | marker: "##### {mark} ADDED Node Proxy Config {{ item }} {{ env_type }}-{{ guid }} ######" |
| | | block: | |
| | | Host {{ item }} {{ hostvars[item].public_ip_address | default('') }} {{ hostvars[item].shortname |d('')}} |
| | | {% if hostvars[item].isolated %} |
| | | Hostname {{ hostvars[item].public_ip_address }} |
| | | {% else %} |
| | | Hostname {{ hostvars[item].private_ip_address }} |
| | | {% endif %} |
| | | User {{ remote_user }} |
| | | IdentityFile {{ ssh_key | default(ansible_ssh_private_key_file) | default(default_key_name)}} |
| | | ProxyCommand ssh -F {{ ansible_ssh_config }} {{ bastion_hostname }} -W %h:%p |
| | |
| | | key_name: "{{item['key_name']}}" |
| | | state: "{{item['state']}}" |
| | | internaldns: "{{item.tags.internaldns | default(item.private_dns_name)}}" |
| | | isolated: "{{item.tags.isolated | default(false)}}" |
| | | instance_id: "{{ item.id }}" |
| | | region: "{{item['region']}}" |
| | | public_dns_name: "{{item['public_dns_name']}}" |
| | |
| | | - cloudformation_out is defined |
| | | - cloudformation_out is failed |
| | | |
| | | - name: Launch CloudFormation template |
| | | - name: Launch CloudFormation template (local) |
| | | # environment: |
| | | # AWS_ACCESS_KEY_ID: "{{aws_access_key_id}}" |
| | | # AWS_SECRET_ACCESS_KEY: "{{aws_secret_access_key}}" |
| | |
| | | register: cloudformation_out |
| | | until: >- |
| | | cloudformation_out is succeeded |
| | | or cloudformation_out.output in ["Stack CREATE complete", "Stack is already up-to-date."] |
| | | or ( |
| | | 'output' in cloudformation_out |
| | | and cloudformation_out.output in ["Stack CREATE complete", "Stack is already up-to-date."] |
| | | ) |
| | | retries: "{{ cloudformation_retries | default(3) }}" |
| | | delay: "{{ cloudformation_retry_delay | default(30) }}" |
| | | when: stat_template.stat.size <= 51200 |
| | | ignore_errors: yes |
| | | |
| | | - name: Launch CloudFormation template (from S3) |
| | | # environment: |
| | | # AWS_ACCESS_KEY_ID: "{{aws_access_key_id}}" |
| | | # AWS_SECRET_ACCESS_KEY: "{{aws_secret_access_key}}" |
| | | # AWS_DEFAULT_REGION: "{{aws_region_loop|d(aws_region)}}" |
| | | cloudformation: |
| | | aws_access_key: "{{ aws_access_key_id }}" |
| | | aws_secret_key: "{{ aws_secret_access_key }}" |
| | | stack_name: "{{ project_tag }}" |
| | | state: "present" |
| | | region: "{{ aws_region_loop | d(aws_region) | d(region) | d('us-east-1')}}" |
| | | # rollback is unreliable, it can make this task hang forever. |
| | | disable_rollback: true |
| | | template_url: "https://s3.amazonaws.com/redhat-gpe-cloudformation-templates/{{env_type}}.{{guid}}.{{cloud_provider}}_cloud_template" |
| | | tags: "{{ cf_tags | combine(cloud_tags_final)}}" |
| | | tags: |
| | | - aws_infrastructure_deployment |
| | | - provision_cf_template |
| | | register: cloudformation_out |
| | | until: >- |
| | | cloudformation_out is succeeded |
| | | or ( |
| | | 'output' in cloudformation_out |
| | | and cloudformation_out.output in ["Stack CREATE complete", "Stack is already up-to-date."] |
| | | ) |
| | | retries: "{{ cloudformation_retries | default(3) }}" |
| | | delay: "{{ cloudformation_retry_delay | default(30) }}" |
| | | when: stat_template.stat.size > 51200 |
| | | ignore_errors: yes |
| | | |
| | | - name: debug cloudformation |
| | |
| | | - gen_cf_template |
| | | - minify_template |
| | | |
| | | |
| | | |
| | | ######################### Copy CF Template to S3 if too big |
| | | - name: Stat CloudFormation template |
| | | stat: |
| | | path: "{{ANSIBLE_REPO_PATH}}/workdir/{{ env_type }}.{{ guid }}.{{cloud_provider}}_cloud_template" |
| | | register: stat_template |
| | | tags: |
| | | - aws_infrastructure_deployment |
| | | - gen_cf_template |
| | | |
| | | - when: |
| | | stat_template.stat.size > 51200 |
| | | tags: |
| | | - aws_infrastructure_deployment |
| | | - gen_cf_template |
| | | environment: |
| | | AWS_ACCESS_KEY_ID: "{{aws_access_key_id}}" |
| | | AWS_SECRET_ACCESS_KEY: "{{aws_secret_access_key}}" |
| | | AWS_DEFAULT_REGION: "{{aws_region_final|d(aws_region)}}" |
| | | block: |
| | | - name: Create bucket |
| | | s3_bucket: |
| | | name: redhat-gpe-cloudformation-templates |
| | | - name: Copy Template to S3 |
| | | aws_s3: |
| | | bucket: redhat-gpe-cloudformation-templates |
| | | object: "{{ env_type }}.{{ guid }}.{{cloud_provider}}_cloud_template" |
| | | src: "{{ANSIBLE_REPO_PATH}}/workdir/{{ env_type }}.{{ guid }}.{{cloud_provider}}_cloud_template" |
| | | mode: put |
| | | |
| | | ######################### Validate CF Template |
| | | |
| | | - name: validate cloudformation template |
| | | - name: validate cloudformation template (local) |
| | | environment: |
| | | AWS_ACCESS_KEY_ID: "{{aws_access_key_id}}" |
| | | AWS_SECRET_ACCESS_KEY: "{{aws_secret_access_key}}" |
| | |
| | | tags: |
| | | - aws_infrastructure_deployment |
| | | - validate_cf_template |
| | | when: stat_template.stat.size <= 51200 |
| | | |
| | | - name: validate cloudformation template (S3) |
| | | environment: |
| | | AWS_ACCESS_KEY_ID: "{{aws_access_key_id}}" |
| | | AWS_SECRET_ACCESS_KEY: "{{aws_secret_access_key}}" |
| | | AWS_DEFAULT_REGION: "{{aws_region_final|d(aws_region)}}" |
| | | command: >- |
| | | aws cloudformation validate-template |
| | | --region {{ aws_region_final | d(aws_region) | default(region) | default('us-east-1')}} |
| | | --template-url https://s3.amazonaws.com/redhat-gpe-cloudformation-templates/{{env_type}}.{{guid}}.{{cloud_provider}}_cloud_template |
| | | changed_when: false |
| | | register: cloudformation_validation |
| | | until: cloudformation_validation is succeeded |
| | | delay: 20 |
| | | tags: |
| | | - aws_infrastructure_deployment |
| | | - validate_cf_template |
| | | when: stat_template.stat.size > 51200 |
| | | |
| | | ######################### Launch CF Template |
New file |
| | |
| | | RegionMapping: |
| | | us-east-1: |
| | | {% if osrelease is version_compare('3.9.25', '>=') %} |
| | | RHELAMI: ami-6871a115 |
| | | {% else %} |
| | | RHELAMI: ami-c998b6b2 |
| | | {% endif %} |
| | | us-east-2: |
| | | {% if osrelease is version_compare('3.9.25', '>=') %} |
| | | RHELAMI: ami-03291866 |
| | | {% else %} |
| | | RHELAMI: ami-cfdafaaa |
| | | {% endif %} |
| | | us-west-1: |
| | | {% if osrelease is version_compare('3.9.25', '>=') %} |
| | | RHELAMI: ami-18726478 |
| | | {% else %} |
| | | RHELAMI: ami-66eec506 |
| | | {% endif %} |
| | | us-west-2: |
| | | {% if osrelease is version_compare('3.9.25', '>=') %} |
| | | RHELAMI: ami-28e07e50 |
| | | {% else %} |
| | | RHELAMI: ami-223f945a |
| | | {% endif %} |
| | | eu-west-1: |
| | | {% if osrelease is version_compare('3.9.25', '>=') %} |
| | | RHELAMI: ami-7c491f05 |
| | | {% else %} |
| | | RHELAMI: ami-bb9a6bc2 |
| | | {% endif %} |
| | | eu-central-1: |
| | | {% if osrelease is version_compare('3.9.25', '>=') %} |
| | | RHELAMI: ami-c86c3f23 |
| | | {% else %} |
| | | RHELAMI: ami-d74be5b8 |
| | | {% endif %} |
| | | ap-northeast-1: |
| | | {% if osrelease is version_compare('3.9.25', '>=') %} |
| | | RHELAMI: ami-6b0d5f0d |
| | | {% else %} |
| | | RHELAMI: ami-30ef0556 |
| | | {% endif %} |
| | | ap-northeast-2: |
| | | {% if osrelease is version_compare('3.9.25', '>=') %} |
| | | RHELAMI: ami-3eee4150 |
| | | {% else %} |
| | | RHELAMI: ami-0f5a8361 |
| | | {% endif %} |
| | | ap-southeast-1: |
| | | {% if osrelease is version_compare('3.9.25', '>=') %} |
| | | RHELAMI: ami-76144b0a |
| | | {% else %} |
| | | RHELAMI: ami-10bb2373 |
| | | {% endif %} |
| | | ap-southeast-2: |
| | | {% if osrelease is version_compare('3.9.25', '>=') %} |
| | | RHELAMI: ami-67589505 |
| | | {% else %} |
| | | RHELAMI: ami-ccecf5af |
| | | {% endif %} |
| | | ap-south-1: |
| | | {% if osrelease is version_compare('3.9.25', '>=') %} |
| | | RHELAMI: ami-5b673c34 |
| | | {% else %} |
| | | RHELAMI: ami-cdbdd7a2 |
| | | {% endif %} |
| | | sa-east-1: |
| | | {% if osrelease is version_compare('3.9.25', '>=') %} |
| | | RHELAMI: ami-b0b7e3dc |
| | | {% else %} |
| | | RHELAMI: ami-a789ffcb |
| | | {% endif %} |
| | |
| | | ocp_user_groups: |
| | | - OPENTLC-PROJECT-PROVISIONERS |
| | | |
| | | # By default, this 3scale multi-tenant environment will be owned by user102 |
| | | ocp_username: user102 |
| | | # By default, this 3scale multi-tenant environment will be owned by admin1 |
| | | ocp_username: admin1 |
| | | |
| | | ocp_user_needs_quota: true |
| | | |
| | | quota_requests_cpu: 10 |
| | | quota_limits_cpu: 20 |
| | | |
| | | quota_requests_memory: '10Gi' |
| | | quota_limits_memory: '25Gi' |
| | | quota_limits_memory: '23Gi' |
| | | |
| | | quota_configmaps: 15 |
| | | quota_pods: 30 |
| | |
| | | |
| | | # new tenants |
| | | tenant_output_dir: /tmp/3scale_tenants |
| | | tenant_provisioning_log_file: tenant_provisioning.log |
| | | tenant_provisioning_results_file: user_info_file.txt |
| | | start_tenant: 1 |
| | | end_tenant: 100 |
| | | tenantAdminPasswd: r3dh4t1! |
| | |
| | | . This workload requires installation of xmlstarlet on target host executing this ansible |
| | | . This workload only needs to be executed once per OCP cluster |
| | | . This workload provisions a single centralized 3scale multi-tenant app in a single OCP namespace called: 3scale-mt-$GUID |
| | | . The OCP namespace for 3scale multi-tenant app will be owned by the following user: |
| | | .. user102 |
| | | .. user102 will be assigned a clusterquota so as to manage limits and requests assigned to 3scale |
| | | . The OCP namespace for 3scale multi-tenant app will be owned by the following non-existant user: |
| | | .. admin1 |
| | | .. admin1 will be assigned a clusterquota so as to manage limits and requests assigned to 3scale |
| | | |
| | | === Tenants |
| | | |
| | |
| | | == Execution using localhost oc client |
| | | |
| | | ----- |
| | | WORKLOAD="ocp-workload-3scale-multitenant" |
| | | |
| | | # valid values: "all" , "3scale" or "tenants" |
| | | TAGS=all |
| | | # valid values: "tenants" |
| | | TAGS=tenants |
| | | |
| | | # Tenant related variables |
| | | START_TENANT=1 |
| | | END_TENANT=1 |
| | | CREATE_GWS_WITH_EACH_TENANT=true |
| | | |
| | | |
| | | WORKLOAD="ocp-workload-3scale-multitenant" |
| | | REGION=`oc whoami --show-server | cut -d'.' -f 2` |
| | | OCP_DOMAIN=$REGION.openshift.opentlc.com |
| | | GUID=adm0 |
| | | |
| | | CREATE_GWS_WITH_EACH_TENANT=true |
| | | |
| | | ansible-playbook -i localhost, -c local ./configs/ocp-workloads/ocp-workload.yml \ |
| | | -e"ANSIBLE_REPO_PATH=`pwd`" \ |
| | |
| | | |
| | | - name: Create user Quota - clusterresourcequota |
| | | shell: | |
| | | oc create clusterquota clusterquota-"{{ocp_username}}-{{guid}}" \ |
| | | oc create clusterquota clusterquota-"{{ocp_username}}-{{ocp_project}}" \ |
| | | --project-annotation-selector=openshift.io/requester="{{ocp_username}}" \ |
| | | --hard requests.cpu="{{quota_requests_cpu}}" \ |
| | | --hard limits.cpu="{{quota_limits_cpu}}" \ |
| | |
| | | debug: |
| | | msg: "Pre-Software checks completed successfully - Removed" |
| | | |
| | | - name: Remove user Quota - oc delete clusterresourcequota "clusterquota-{{ocp_username}}-{{guid}}" |
| | | shell: oc delete clusterresourcequota clusterquota-{{ocp_username}}-{{guid}} |
| | | ignore_errors: true |
| | | |
| | | - name: Remove user Quota - oc delete clusterresourcequota "clusterquota-{{ocp_username}}" |
| | | shell: oc delete clusterresourcequota clusterquota-{{ocp_username}} |
| | | - name: Remove user Quota - oc delete clusterresourcequota "clusterquota-{{ocp_username}}-{{ocp_project}}" |
| | | shell: oc delete clusterresourcequota clusterquota-{{ocp_username}}-{{ocp_project}} |
| | | ignore_errors: true |
| | | |
| | | - name: Remove user Project |
| | | shell: "oc delete project {{ocp_project}}" |
| | | |
| | | |
| | | ##### TENANT Management ####### |
| | | |
| | | - name: Copy tenant provisioning script to known path |
| | | template: |
| | | src: templates/manage_tenants.sh |
| | | dest: /tmp/manage_tenants.sh |
| | | mode: 0755 |
| | | tags: all,tenants |
| | | vars: |
| | | create_tenants: "false" |
| | | - name: Create tenants |
| | | shell: "/tmp/manage_tenants.sh" |
| | | tags: all,tenants |
| | | ############################################## |
| | | |
| | | |
| | | |
| | | - name: post_workload Tasks Complete |
| | | debug: |
| | | msg: "Post-Software checks completed successfully - Removed" |
| | |
| | | # Use this ansible play for this course only. |
| | | # Afterwards, leverage (and contribute to) the original ansible playbook created by nmasse-itix. |
| | | |
| | | - name: "Create project for workload {{ocp_project}}" |
| | | - name: check if user is cluster admin |
| | | shell: "oc get project default" |
| | | register: default_project_result |
| | | ignore_errors: true |
| | | changed_when: false |
| | | |
| | | - fail: |
| | | msg: "User does not have cluster-admin rights to install Istio" |
| | | when: default_project_result is failed |
| | | |
| | | - name: check if API Manager deployed |
| | | shell: "oc get project {{ocp_project}}" |
| | | register: api_project_result |
| | | ignore_errors: true |
| | | changed_when: false |
| | | |
| | | - name: "Create project {{ocp_project}}" |
| | | shell: "oc new-project {{ocp_project}} --display-name={{ocp_project}}" |
| | | tags: all,3scale |
| | | when: api_project_result is failed |
| | | |
| | | - name: "Label namespace" |
| | | command: "oc label namespace {{ocp_project}} AAD='{{guid}}'" |
| | | tags: all,3scale |
| | | when: api_project_result is failed |
| | | |
| | | - name: Make sure we go back do default project |
| | | shell: "oc project default" |
| | | tags: all,3scale |
| | | |
| | | when: api_project_result is failed |
| | | |
| | | ################ Multitenent AMP ##################### |
| | | |
| | |
| | | url: "{{ threescale_template }}" |
| | | dest: "{{modified_template_path}}" |
| | | force: yes |
| | | tags: all,3scale |
| | | when: api_project_result is failed |
| | | |
| | | |
| | | - name: Process the OpenShift Template and create the OpenShift objects for the 3scale API Management Platform |
| | |
| | | -p "WILDCARD_DOMAIN={{ ocp_apps_domain }}" \ |
| | | -n "{{ ocp_project }}" \ |
| | | > {{new_app_output}} |
| | | tags: all,3scale |
| | | when: api_project_result is failed |
| | | |
| | | - name: output message |
| | | debug: |
| | | msg: new-app output available at {{new_app_output}} |
| | | tags: all,3scale |
| | | when: api_project_result is failed |
| | | |
| | | |
| | | # #### Storage Tier |
| | |
| | | - system-mysql |
| | | - system-redis |
| | | - zync-database |
| | | tags: all,3scale |
| | | when: api_project_result is failed |
| | | - include: wait_for_deploy.yml |
| | | static: no |
| | | vars: |
| | |
| | | - system-mysql |
| | | - system-redis |
| | | - zync-database |
| | | tags: all,3scale |
| | | when: api_project_result is failed |
| | | |
| | | |
| | | # #### Backend Listeners |
| | |
| | | with_items: |
| | | - backend-listener |
| | | - backend-worker |
| | | tags: all,3scale |
| | | when: api_project_result is failed |
| | | - include: wait_for_deploy.yml |
| | | static: no |
| | | vars: |
| | | pod_to_wait: |
| | | - backend-listener |
| | | - backend-worker |
| | | tags: all,3scale |
| | | when: api_project_result is failed |
| | | |
| | | # #### System Tier |
| | | - name: "Resume {{with_items}}" |
| | | command: oc rollout resume dc/"{{ item }}" -n "{{ ocp_project }}" |
| | | with_items: |
| | | - system-app |
| | | tags: all,3scale |
| | | when: api_project_result is failed |
| | | - include: wait_for_deploy.yml |
| | | static: no |
| | | vars: |
| | | pod_to_wait: |
| | | - system-app |
| | | tags: all,3scale |
| | | when: api_project_result is failed |
| | | |
| | | # #### Utility Tier |
| | | - name: "Resume {{with_items}}" |
| | |
| | | - system-sidekiq |
| | | - system-sphinx |
| | | - backend-cron |
| | | tags: all,3scale |
| | | when: api_project_result is failed |
| | | - include: wait_for_deploy.yml |
| | | static: no |
| | | vars: |
| | |
| | | - system-sidekiq |
| | | - system-sphinx |
| | | - backend-cron |
| | | tags: all,3scale |
| | | when: api_project_result is failed |
| | | |
| | | |
| | | # #### Gateway Tier |
| | |
| | | - apicast-staging |
| | | - apicast-production |
| | | - apicast-wildcard-router |
| | | tags: all,3scale |
| | | when: api_project_result is failed |
| | | - include: wait_for_deploy.yml |
| | | static: no |
| | | vars: |
| | |
| | | - apicast-staging |
| | | - apicast-production |
| | | - apicast-wildcard-router |
| | | tags: all,3scale |
| | | when: api_project_result is failed |
| | | |
| | | # #### Zync / RHSSO Sync Tier |
| | | - name: "Resume {{with_items}}" |
| | | command: oc rollout resume dc/"{{ item }}" -n "{{ ocp_project }}" |
| | | with_items: |
| | | - zync |
| | | tags: all,3scale |
| | | when: api_project_result is failed |
| | | - include: wait_for_deploy.yml |
| | | static: no |
| | | vars: |
| | | pod_to_wait: |
| | | - zync |
| | | tags: all,3scale |
| | | when: api_project_result is failed |
| | | ################################################################### |
| | | |
| | | |
| | | ################ Tenant Rollout ##################### |
| | | - name: Tenant provisioning starting |
| | | debug: |
| | | msg: |
| | | - "tenant_output_dir: {{tenant_output_dir}}" |
| | | - "tenant_provisioning_log_file = {{tenant_output_dir}}/{{tenant_provisioning_log_file}}" |
| | | - "tenant_provisioning_results_file = {{tenant_output_dir}}/{{tenant_provisioning_results_file}}" |
| | | - "start and end tenants = {{start_tenant}} {{end_tenant}}" |
| | | - "create API Gateways for each tenant = {{create_gws_with_each_tenant}}" |
| | | tags: tenants |
| | | |
| | | - name: Copy tenant provisioning script to known path |
| | | template: |
| | | src: templates/create_tenants.sh |
| | | dest: /tmp/create_tenants.sh |
| | | src: templates/manage_tenants.sh |
| | | dest: /tmp/manage_tenants.sh |
| | | mode: 0755 |
| | | tags: all,tenants |
| | | tags: tenants |
| | | vars: |
| | | create_tenants: "true" |
| | | |
| | | - name: Create tenants |
| | | shell: "/tmp/create_tenants.sh" |
| | | tags: all,tenants |
| | | shell: "/tmp/manage_tenants.sh" |
| | | tags: tenants |
| | | |
| | | - name: Creation of tenants complete |
| | | debug: |
| | | msg: Creation of tenants complete. output files available at {{tenant_output_dir}} |
| | | tags: all,tenants |
| | | tags: tenants |
| | | ################################################################### |
| | | |
| | | |
| | | - name: workload Tasks Complete |
| | | debug: |
| | | msg: workload Tasks Complete |
| | | tags: all |
File was renamed from ansible/roles/ocp-workload-3scale-multitenant/templates/create_tenants.sh |
| | |
| | | master_access_token={{master_access_token}} |
| | | tenantAdminPasswd={{tenantAdminPasswd}} |
| | | create_tenant_url=https://{{ocp_project}}-master-admin.{{ocp_apps_domain}}/master/api/providers.xml |
| | | delete_tenant_url=https://{{ocp_project}}-master-admin.{{ocp_apps_domain}}/master/api/providers.xml |
| | | output_dir={{tenant_output_dir}} |
| | | user_info_file=$output_dir/user_info_file.txt |
| | | log_file=$output_dir/tenant_provisioning.log |
| | | user_info_file=$output_dir/{{tenant_provisioning_results_file}} |
| | | log_file=$output_dir/{{tenant_provisioning_log_file}} |
| | | createGWs={{create_gws_with_each_tenant}} |
| | | |
| | | create_tenants={{create_tenants}} |
| | | |
| | | function prep() { |
| | | mkdir -p $output_dir |
| | | } |
| | | |
| | | function createAndActivateTenants() { |
| | | |
| | | echo -en "\n\nCreating tenants $startTenant through $endTenant \n" > $log_file |
| | | echo -en "GUID\tOCP user id\tOCP user passwd\t3scale admin URL\tAPI admin Id\tAPI admin passwd\tAPI admin access token\n\t\t\t\t\t" > $user_info_file |
| | | |
| | | curl -o $output_dir/3scale-apicast.yml https://raw.githubusercontent.com/gpe-mw-training/3scale_onpremise_implementation_labs/master/resources/rhte/3scale-apicast.yml |
| | | |
| | | for i in $(seq ${startTenant} ${endTenant}) ; do |
| | | orgName=user$i-3scale-mt; |
| | |
| | | |
| | | THREESCALE_PORTAL_ENDPOINT=https://$tenant_access_token@$orgName-admin.{{ocp_apps_domain}} |
| | | |
| | | |
| | | # 9) Create staging gateway |
| | | oc new-app \ |
| | | -f $HOME/lab/3scale-apicast.yml \ |
| | | -f $output_dir/3scale-apicast.yml \ |
| | | --param THREESCALE_PORTAL_ENDPOINT=$THREESCALE_PORTAL_ENDPOINT \ |
| | | --param APP_NAME=stage-apicast \ |
| | | --param ROUTE_NAME=$orgName-mt-stage-generic \ |
| | |
| | | |
| | | # 10) Create production gateway |
| | | oc new-app \ |
| | | -f $HOME/lab/3scale-apicast.yml \ |
| | | -f $output_dir/3scale-apicast.yml \ |
| | | --param THREESCALE_PORTAL_ENDPOINT=$THREESCALE_PORTAL_ENDPOINT \ |
| | | --param APP_NAME=prod-apicast \ |
| | | --param ROUTE_NAME=$orgName-mt-prod-generic \ |
| | |
| | | |
| | | } |
| | | |
| | | mkdir -p $output_dir |
| | | createAndActivateTenants |
| | | function deleteTenants() { |
| | | |
| | | echo -en "\n\nDeleting tenants $startTenant through $endTenant \n" > $log_file |
| | | |
| | | for i in $(seq ${startTenant} ${endTenant}) ; do |
| | | orgName=user$i-3scale-mt; |
| | | tenantAdminId=user$i; |
| | | |
| | | #1) delete tenant project |
| | | oc adm new-project $tenantAdminId-gw >> $log_file |
| | | |
| | | #2) delete routes |
| | | oc delete route $orgName-provider -n {{ocp_project}} >> $log_file |
| | | oc delete route $orgName-developer -n {{ocp_project}} >> $log_file |
| | | |
| | | #3) delete tenant in 3scale API Manager |
| | | curl -k \ |
| | | -X DELETE \ |
| | | -d access_token=$master_access_token \ |
| | | -d org_name=$orgName \ |
| | | $delete_tenant_url >> $log_file |
| | | |
| | | done |
| | | |
| | | } |
| | | |
| | | prep |
| | | if [ "x$create_tenants" == "xtrue" ]; then |
| | | createAndActivateTenants |
| | | else |
| | | deleteTenants |
| | | fi |
| | |
| | | MAVEN_REPO_URL: http://nexus3.default.svc.cluster.local:8081/repository/maven-public/ |
| | | |
| | | POSTGRESQL_IMAGE_STREAM_TAG: 9.5 |
| | | pam_tag: 1.2-3 |
| | | pam_tag: 7.0.2.GA |
| | | app_name: rht |
| | | |
| | | pam_secrets_yml: https://raw.githubusercontent.com/jboss-container-images/rhpam-7-openshift-image/7.0.2.GA/example-app-secret-template.yaml |
| | | pam_imagestreams_yml: https://raw.githubusercontent.com/jboss-container-images/rhpam-7-openshift-image/{{pam_tag}}/rhpam70-image-streams.yaml |
| | | pam_secrets_yml: https://raw.githubusercontent.com/jboss-container-images/rhpam-7-openshift-image/{{pam_tag}}/example-app-secret-template.yaml |
| | | pam_secrets_template_name: example-app-secret |
| | | bcentral_app_secret: businesscentral-app-secret |
| | | kserver_app_secret: kserver-app-secret |
| | | |
| | | pam_template_yml: https://raw.githubusercontent.com/jboss-container-images/rhpam-7-openshift-image/7.0.2.GA/templates/rhpam70-authoring.yaml |
| | | pam_template_yml: https://raw.githubusercontent.com/jboss-container-images/rhpam-7-openshift-image/{{pam_tag}}/templates/rhpam70-authoring.yaml |
| | | pam_template_name: rhpam70-authoring |
| | |
| | | -e"ocp_user_needs_quota=true" \ |
| | | -e"guid=$GUID" \ |
| | | -e"ocp_domain=$OCP_DOMAIN" \ |
| | | -e"ACTION=create" |
| | | -e"ACTION=create" \ |
| | | -e"ocp_username=dtorresf-redhat.com" |
| | | |
| | | ansible-playbook -i localhost, -c local ./configs/ocp-workloads/ocp-workload.yml \ |
| | | -e"ANSIBLE_REPO_PATH=`pwd`" \ |
| | | -e"ocp_workload=${WORKLOAD}" \ |
| | | -e"guid=$GUID" \ |
| | | -e"ACTION=remove" |
| | | -e"ACTION=remove" \ |
| | | -e"ocp_username=dtorresf-redhat.com" |
| | | ----- |
| | | |
| | | |
| | |
| | | - name: Make sure we go back to default project |
| | | shell: "oc project default" |
| | | |
| | | - name: Initialize the project templates, {{pam_template_yml}} |
| | | shell: "oc create -f {{pam_template_yml}} -n {{ocp_project}}" |
| | | - shell: "oc create -f {{pam_secrets_yml}} -n {{ocp_project}}" |
| | | |
| | | - name: Prep local filesystem for temp files |
| | | file: |
| | | path: "/tmp/{{guid}}" |
| | | state: directory |
| | | |
| | | - name: Copy pam imagestream using the following tag, {{pam_tag}} |
| | | template: |
| | | src: templates/rhpam70-image-streams.yaml |
| | | dest: /tmp/{{guid}}/rhpam70-image-streams.yaml |
| | | - name: Prepare a local copy of the template for modifications |
| | | shell: "oc process -f {{pam_template_yml}} \ |
| | | -p IMAGE_STREAM_NAMESPACE={{ocp_project}} \ |
| | | -p KIE_ADMIN_PWD={{kie_admin_passwd}} \ |
| | | -p APPLICATION_NAME={{app_name}} \ |
| | | -p BUSINESS_CENTRAL_HTTPS_SECRET={{bcentral_app_secret}} \ |
| | | -p KIE_SERVER_HTTPS_SECRET={{kserver_app_secret}} > /tmp/{{guid}}/{{pam_template_name}}.json" |
| | | |
| | | - name: Modify template with pause build configs |
| | | replace: |
| | | path: '/tmp/{{guid}}/{{pam_template_name}}.json' |
| | | regexp: '("replicas": 1,\n)' |
| | | replace: '\1\t\t\t\t\t"paused": true,\n' |
| | | |
| | | - name: Create template for secrets {{pam_secrets_yml}} |
| | | shell: "oc create -f {{pam_secrets_yml}} -n {{ocp_project}}" |
| | | |
| | | - name: Load pam imagestream |
| | | shell: "oc create -f https://raw.githubusercontent.com/jboss-container-images/rhpam-7-openshift-image/7.0.2.GA/rhpam70-image-streams.yaml -n {{ocp_project}}" |
| | | shell: "oc create -f {{pam_imagestreams_yml}} -n {{ocp_project}}" |
| | | |
| | | - name: Load pam secret, {{kserver_app_secret}} |
| | | shell: | |
| | |
| | | -n {{ocp_project}} |
| | | |
| | | - name: Initialize OCP resources from the project template using app_name = {{app_name}} |
| | | shell: | |
| | | oc new-app --name=pam-lab -n {{ocp_project}} --template={{pam_template_name}} \ |
| | | -p IMAGE_STREAM_NAMESPACE={{ocp_project}} \ |
| | | -p KIE_ADMIN_PWD={{kie_admin_passwd}} \ |
| | | -p APPLICATION_NAME={{app_name}} \ |
| | | -p BUSINESS_CENTRAL_HTTPS_SECRET={{bcentral_app_secret}} \ |
| | | -p KIE_SERVER_HTTPS_SECRET={{kserver_app_secret}} \ |
| | | -n {{ocp_project}} > /tmp/{{guid}}/gpte-pam-lab.txt |
| | | |
| | | # Do not cancel, just pause, it will be modified next. |
| | | - name: pause {{app_name}}-rhpamcentr |
| | | shell: oc rollout pause dc/{{app_name}}-rhpamcentr -n {{ocp_project}} |
| | | |
| | | - name: modify business central deployment for additional java options |
| | | shell: | |
| | | oc env dc/{{app_name}}-rhpamcentr -n {{ocp_project}} \ |
| | | JAVA_OPTS_APPEND='-Xms512m -Xmx1536m -XX:MetaspaceSize=128M -XX:MaxMetaspaceSize=1536m -Xrs' |
| | | |
| | | - name: cancel {{app_name}}-kieserver initial rollout |
| | | shell: oc rollout cancel dc/{{app_name}}-kieserver -n {{ocp_project}} |
| | | shell: "oc create -f /tmp/{{guid}}/{{pam_template_name}}.json -n {{ocp_project}}" |
| | | |
| | | - name: resume {{app_name}}-rhpamcentr |
| | | shell: oc rollout resume dc/{{app_name}}-rhpamcentr -n {{ocp_project}} |
| | | |
| | | - include_tasks: ./wait_for_deploy.yml |
| | | static: no |
| | | vars: |
| | |
| | | - "{{app_name}}-rhpamcentr" |
| | | |
| | | - name: resume {{app_name}}-kieserver |
| | | shell: oc deploy --latest dc/{{app_name}}-kieserver -n {{ocp_project}} |
| | | shell: oc rollout resume dc/{{app_name}}-kieserver -n {{ocp_project}} |
| | | |
| | | - include_tasks: ./wait_for_deploy.yml |
| | | static: no |
| | | vars: |
| | |
| | | --- |
| | | |
| | | - name: check if user is cluster admin |
| | | shell: "oc get project default" |
| | | register: default_project_result |
| | | ignore_errors: true |
| | | changed_when: false |
| | | |
| | | - fail: |
| | | msg: "User does not have cluster-admin rights to install Istio" |
| | | when: default_project_result is failed |
| | | |
| | | |
| | | - name: Create project for workload; project = {{ocp_project}} |
| | | shell: "oc new-project {{ocp_project}} --display-name={{ocp_project}}" |
| | | |
| | |
| | | quota_limits_cpu: 10 |
| | | |
| | | quota_requests_memory: '6Gi' |
| | | quota_limits_memory: '20Gi' |
| | | quota_limits_memory: '8Gi' |
| | | |
| | | quota_configmaps: 15 |
| | | quota_pods: 20 |
| | |
| | | |
| | | . Using a version of oc utility that corresponds to your target OCP cluster, ensure oc utility is already authenticated as the cluster-admin: opentlc-mgr |
| | | . This workload provisions a single Istio environment in an OCP cluster. |
| | | . The OCP namespace for istio will be owned by admin199 |
| | | .. user100 will be assigned a clusterquota so as to manage limits and requests assigned to Istio |
| | | . The OCP namespace for istio will be owned by a non-existant user: admin1 |
| | | .. admin1 will be assigned a clusterquota so as to manage limits and requests assigned to Istio |
| | | . This workload only needs to be executed once per OCP cluster |
| | | |
| | | |
| | |
| | | |
| | | ----- |
| | | WORKLOAD="ocp-workload-istio-community" |
| | | GUID=199 |
| | | GUID=admin1 |
| | | OCP_USERNAME="admin$GUID" |
| | | HOST_GUID=`oc whoami --show-server | cut -d'.' -f 2` |
| | | OCP_DOMAIN=$HOST_GUID.openshift.opentlc.com |
| | | NEEDS_QUOTA=true |
| | | |
| | | ansible-playbook -i localhost, -c local ./configs/ocp-workloads/ocp-workload.yml \ |
| | | -e"ANSIBLE_REPO_PATH=`pwd`" \ |
| | | -e"ocp_username=${OCP_USERNAME}" \ |
| | | -e"ocp_workload=${WORKLOAD}" \ |
| | | -e"guid=${GUID}" \ |
| | | -e"ocp_user_needs_quota=false" \ |
| | | -e"ocp_user_needs_quota=${NEEDS_QUOTA}" \ |
| | | -e"ocp_domain=$OCP_DOMAIN" \ |
| | | -e"ACTION=create" |
| | | |
| | |
| | | --- |
| | | |
| | | - name: check if user is cluster admin |
| | | shell: "oc get project default" |
| | | register: default_project_result |
| | | ignore_errors: true |
| | | changed_when: false |
| | | |
| | | - fail: |
| | | msg: "User does not have cluster-admin rights to install Istio" |
| | | when: default_project_result is failed |
| | | |
| | | - name: define user ocp_project |
| | | set_fact: |
| | | ocp_project: "istio-system" |
| | |
| | | register: oc_projects |
| | | changed_when: false |
| | | |
| | | - name: "Add anyuid scc to all authenticated: {{oc_projects.stdout_lines}}" |
| | | - name: "Add anyuid scc to all authenticated in project {{oc_project}}" |
| | | shell: "oc adm policy add-scc-to-group anyuid system:authenticated -n {{ocp_project}}" |
| | | when: '"projects/" ~ "istio-system" not in oc_projects.stdout_lines' |
| | | |
| | |
| | | dest: /tmp/istio-demo-1.0.0.yaml |
| | | when: '"projects/" ~ "istio-system" not in oc_projects.stdout_lines' |
| | | |
| | | - name: set ocp_project to istio-system to support wait for deploy |
| | | set_fact: |
| | | ocp_project: istio-system |
| | | |
| | | - name: Provision Istio Control Plane (which creates istio-system namespace) |
| | | shell: "oc create -f /tmp/istio-demo-1.0.0.yaml" |
| | | when: '"projects/" ~ "istio-system" not in oc_projects.stdout_lines' |
| | | |
| | | # TO-DO: investigate why this isn't working |
| | | - name: wait for istio deployments |
| | | include_tasks: ./wait_for_deploy.yml |
| | | static: no |
| | | vars: |
| | | pod_to_wait: |
| | | - istio-citadel |
| | | - istio-egressgateway |
| | | - istio-galley |
| | | - istio-ingressgateway |
| | | - istio-pilot |
| | | - istio-policy |
| | | - istio-sidecar-injector |
| | | - istio-statsd-prom-bridge |
| | | - istio-telemetry |
| | | - istio-tracing |
| | | |
| | | - name: wait for Istio monitoring UIs |
| | | include_tasks: ./wait_for_deploy.yml |
| | | static: no |
| | | vars: |
| | | pod_to_wait: |
| | | - grafana |
| | | - prometheus |
| | | - servicegraph |
| | | - name: wait for istio sidecar-injector to initialize |
| | | shell: "oc get deployment istio-sidecar-injector -o jsonpath='{.status.availableReplicas}' -n istio-system" |
| | | register: sidecar_injector_replicas |
| | | until: sidecar_injector_replicas.stdout == "1" |
| | | retries: "30" |
| | | delay: "30" |
| | | |
| | | - name: Expose routes |
| | | shell: | |
| | |
| | | --- |
| | | become_override: false |
| | | ocp_username: jbride-redhat.com |
| | | ocp_user_needs_quota: True |
| | | |
| | | ocp_user_groups: |
| | | - OPENTLC-PROJECT-PROVISIONERS |
| | |
| | | quota_limits_cpu: 10 |
| | | |
| | | quota_requests_memory: '6Gi' |
| | | quota_limits_memory: '20Gi' |
| | | quota_limits_memory: '15Gi' |
| | | |
| | | quota_configmaps: 20 |
| | | quota_pods: 20 |
| | |
| | | docker_registry_url: docker-registry.default.svc:5000 |
| | | |
| | | lab_name: rhte-mw-api-mesh |
| | | |
| | | ocp_user_needs_quota: True |
| | | cluster_quota_name: "clusterquota-{{lab_name}}-{{ocp_username}}" |
New file |
| | |
| | | #!/bin/bash |
| | | |
| | | START_PROJECT_NUM=1 |
| | | END_PROJECT_NUM=1 |
| | | WORKLOAD="ocp-workload-rhte-mw-api-mesh" |
| | | LOG_FILE=/tmp/$WORKLOAD |
| | | HOST_GUID=`oc whoami --show-server | cut -d'.' -f 2` |
| | | OCP_DOMAIN=$HOST_GUID.openshift.opentlc.com |
| | | |
| | | PATH_TO_AAD_ROOT=$TRAINING/gpte/ansible_agnostic_deployer/ansible |
| | | |
| | | |
| | | for var in $@ |
| | | do |
| | | case "$var" in |
| | | --START_PROJECT_NUM=*) START_PROJECT_NUM=`echo $var | cut -f2 -d\=` ;; |
| | | --END_PROJECT_NUM=*) END_PROJECT_NUM=`echo $var | cut -f2 -d\=` ;; |
| | | --PATH_TO_AAD_ROOT=*) PATH_TO_AAD_ROOT=`echo $var | cut -f2 -d\=` ;; |
| | | -h) HELP=true ;; |
| | | -help) HELP=true ;; |
| | | --help) HELP=true ;; |
| | | esac |
| | | done |
| | | |
| | | function ensurePreReqs() { |
| | | if [ "x$HOST_GUID" == "x" ]; then |
| | | echo -en "must pass parameter: --HOST_GUID=<ocp host GUID> . \n\n" |
| | | help |
| | | exit 1; |
| | | fi |
| | | |
| | | LOG_FILE=$LOG_FILE-$HOST_GUID-$START_PROJECT_NUM-$END_PROJECT_NUM.log |
| | | echo -en "starting\n\n" > $LOG_FILE |
| | | |
| | | echo -en "\n\nProvision log file found at: $LOG_FILE\n"; |
| | | } |
| | | |
| | | function help() { |
| | | echo -en "\n\nOPTIONS:"; |
| | | echo -en "\n\t--START_PROJECT_NUM=* OPTIONAL: specify # of first OCP project to provision (defult = 1))" |
| | | echo -en "\n\t--END_PROJECT_NUM=* OPTIONAL: specify # of OCP projects to provision (defualt = 1))" |
| | | echo -en "\n\t--PATH_TO_AAD_ROOT=* OPTIONAL: (defualt = $PATH_TO_AAD_ROOT))" |
| | | echo -en "\n\t-h this help manual" |
| | | echo -en "\n\n\nExample: ./roles/$WORKLOAD/ilt_provision.sh --HOST_GUID=dev39 --START_PROJECT_NUM=1 --END_PROJECT_NUM=1\n\n" |
| | | } |
| | | |
| | | |
| | | function login() { |
| | | |
| | | echo -en "\nHOST_GUID=$HOST_GUID\n" >> $LOG_FILE |
| | | oc login https://master.$HOST_GUID.openshift.opentlc.com -u opentlc-mgr -p r3dh4t1! |
| | | } |
| | | |
| | | |
| | | function executeLoop() { |
| | | |
| | | echo -en "\nexecuteLoop() START_PROJECT_NUM = $START_PROJECT_NUM ; END_PROJECT_NUM=$END_PROJECT_NUM" >> $LOG_FILE |
| | | |
| | | for (( c=$START_PROJECT_NUM; c<=$END_PROJECT_NUM; c++ )) |
| | | do |
| | | GUID=$c |
| | | OCP_USERNAME=user$c |
| | | executeAnsibleViaLocalhost |
| | | done |
| | | } |
| | | |
| | | |
| | | function executeAnsibleViaLocalhost() { |
| | | |
| | | GUID=$PROJECT_PREFIX$GUID |
| | | |
| | | echo -en "\n\nexecuteAnsibleViaLocalhost(): Provisioning project with GUID = $GUID and OCP_USERNAME = $OCP_USERNAME\n" >> $LOG_FILE |
| | | |
| | | ansible-playbook -i localhost, -c local ./configs/ocp-workloads/ocp-workload.yml \ |
| | | -e"ANSIBLE_REPO_PATH=`pwd`" \ |
| | | -e"ocp_username=${OCP_USERNAME}" \ |
| | | -e"ocp_workload=${WORKLOAD}" \ |
| | | -e"guid=${GUID}" \ |
| | | -e"ocp_user_needs_quota=true" \ |
| | | -e"ocp_domain=$OCP_DOMAIN" \ |
| | | -e"ACTION=create" >> $LOG_FILE |
| | | |
| | | if [ $? -ne 0 ]; |
| | | then |
| | | echo -en "\n\n*** Error provisioning where GUID = $GUID\n\n " >> $LOG_FILE |
| | | echo -en "\n\n*** Error provisioning where GUID = $GUID\n\n " |
| | | exit 1; |
| | | fi |
| | | } |
| | | |
| | | if [ "x$HELP" == "xtrue" ]; then |
| | | help |
| | | exit 0 |
| | | fi |
| | | |
| | | cd $PATH_TO_AAD_ROOT |
| | | ensurePreReqs |
| | | login |
| | | executeLoop |
| | | |
| | |
| | | WORKLOAD="ocp-workload-rhte-mw-api-mesh" |
| | | GUID=1 |
| | | OCP_USERNAME="user$GUID" |
| | | HOST_GUID=`oc whoami --show-server | cut -d'.' -f 2` |
| | | OCP_DOMAIN=$HOST_GUID.openshift.opentlc.com |
| | | REGION=`oc whoami --show-server | cut -d'.' -f 2` |
| | | OCP_DOMAIN=$REGION.openshift.opentlc.com |
| | | ansible-playbook -i localhost, -c local ./configs/ocp-workloads/ocp-workload.yml \ |
| | | -e"ANSIBLE_REPO_PATH=`pwd`" \ |
| | | -e"ocp_username=${OCP_USERNAME}" \ |
| | |
| | | # var: groupadd_register |
| | | # verbosity: 2 |
| | | |
| | | - name: Create user Quota - clusterresourcequota |
| | | - name: Create user Quota - "{{cluster_quota_name}}" |
| | | shell: | |
| | | oc create clusterquota clusterquota-"{{ocp_username}}-{{guid}}" \ |
| | | oc create clusterquota "{{cluster_quota_name}}" \ |
| | | --project-annotation-selector=openshift.io/requester="{{ocp_username}}" \ |
| | | --hard requests.cpu="{{quota_requests_cpu}}" \ |
| | | --hard limits.cpu="{{quota_limits_cpu}}" \ |
| | |
| | | set_fact: |
| | | ocp_project: "{{lab_name}}-{{guid}}" |
| | | |
| | | - name: Remove user Quota - oc delete clusterresourcequota "clusterquota-{{ocp_username}}-{{guid}}" |
| | | shell: oc delete clusterresourcequota clusterquota-{{ocp_username}}-{{guid}} |
| | | - name: Remove user Quota - oc delete clusterresourcequota "{{cluster_quota_name}}" |
| | | shell: oc delete clusterresourcequota {{cluster_quota_name}} |
| | | ignore_errors: true |
| | | |
| | | - name: Remove any lingering tmp files |
| | |
| | | timeoutSeconds: 1 |
| | | resources: |
| | | limits: |
| | | cpu: 500m |
| | | cpu: 250m |
| | | memory: 1Gi |
| | | requests: |
| | | cpu: 100m |
| | |
| | | timeoutSeconds: 1 |
| | | resources: |
| | | limits: |
| | | cpu: 500m |
| | | cpu: 250m |
| | | memory: 500Mi |
| | | requests: |
| | | cpu: 500m |
| | | cpu: 125m |
| | | memory: 500Mi |
| | | securityContext: |
| | | privileged: false |
| | |
| | | --- |
| | | become_override: false |
| | | ocp_username: jbride-redhat.com |
| | | ocp_user_needs_quota: False |
| | | |
| | | ocp_user_groups: |
| | | - OPENTLC-PROJECT-PROVISIONERS |
| | |
| | | deploy_status_retries: 15 |
| | | deploy_status_delay: 20 |
| | | |
| | | lab_name: rhte-mw-msa-mesh |
| | | lab_1_name: coolstore-catalog |
| | | lab_2_name: coolstore-gateway |
| | | |
| | | ocp_user_needs_quota: True |
| | | cluster_quota_name: "clusterquota-{{lab_name}}-{{ocp_username}}" |
| | |
| | | # var: groupadd_register |
| | | # verbosity: 2 |
| | | |
| | | - name: Create user Quota - clusterresourcequota |
| | | - name: Create user Quota - {{cluster_quota_name}} |
| | | shell: | |
| | | oc create clusterquota clusterquota-"{{ocp_username}}-{{guid}}" \ |
| | | oc create clusterquota "{{cluster_quota_name}}" \ |
| | | --project-annotation-selector=openshift.io/requester="{{ocp_username}}" \ |
| | | --hard requests.cpu="{{quota_requests_cpu}}" \ |
| | | --hard limits.cpu="{{quota_limits_cpu}}" \ |
| | |
| | | set_fact: |
| | | ocp_project: "{{ocp_username}}-{{lab_1_name}}" |
| | | |
| | | - name: Remove user Quota - oc delete clusterresourcequota "clusterquota-{{ocp_username}}-{{guid}}" |
| | | shell: oc delete clusterresourcequota clusterquota-{{ocp_username}}-{{guid}} |
| | | - name: Remove user Quota - oc delete clusterresourcequota "{{cluster_quota_name}}" |
| | | shell: oc delete clusterresourcequota {{cluster_quota_name}} |
| | | ignore_errors: true |
| | | |
| | | - name: Remove any lingering tmp files |
| | |
| | | timeoutSeconds: 1 |
| | | resources: |
| | | limits: |
| | | cpu: 500m |
| | | cpu: 250m |
| | | memory: 1Gi |
| | | requests: |
| | | cpu: 100m |
| | |
| | | timeoutSeconds: 1 |
| | | resources: |
| | | limits: |
| | | cpu: 500m |
| | | cpu: 250m |
| | | memory: 500Mi |
| | | requests: |
| | | cpu: 500m |
| | | cpu: 100m |
| | | memory: 500Mi |
| | | securityContext: |
| | | privileged: false |
| | |
| | | Corresponds to the link:https://drive.google.com/open?id=1AjAty4tY5HmrOXiZ6p5f3wEd_XQEJhp-zKHaq-aFnhE[Microservices Orchestration] Tech Exchange Lab. |
| | | |
| | | |
| | | === Deploy a Workload with the `ocp-workload` playbook [Mostly for testing] |
| | | == Deploy a Workload using local oc utility |
| | | |
| | | ---- |
| | | GUID=jb45 |
| | | HOST_GUID=dev39 |
| | | TARGET_HOST="bastion.$HOST_GUID.openshift.opentlc.com" |
| | | OCP_USERNAME="jbride-redhat.com" |
| | | WORKLOAD="ocp-workload-rhte-mw-msa-orchestration" |
| | | SSH_USERNAME="jbride-redhat.com" |
| | | SSH_PRIVATE_KEY="id_ocp" |
| | | GUID=1 |
| | | OCP_USERNAME="user$GUID" |
| | | REGION=`oc whoami --show-server | cut -d'.' -f 2` |
| | | OCP_DOMAIN=$REGION.openshift.opentlc.com |
| | | |
| | | |
| | | # a TARGET_HOST is specified in the command line, without using an inventory file |
| | | ansible-playbook -i ${TARGET_HOST}, ./configs/ocp-workloads/ocp-workload.yml \ |
| | | -e"ansible_ssh_private_key_file=~/.ssh/${SSH_PRIVATE_KEY}" \ |
| | | -e"ansible_ssh_user=${SSH_USERNAME}" \ |
| | | ansible-playbook -i localhost, -c local ./configs/ocp-workloads/ocp-workload.yml \ |
| | | -e"ANSIBLE_REPO_PATH=`pwd`" \ |
| | | -e"ocp_username=${OCP_USERNAME}" \ |
| | | -e"ocp_workload=${WORKLOAD}" \ |
| | |
| | | -e"ocp_apps_domain=apps.${HOST_GUID}.openshift.opentlc.com" \ |
| | | -e"ACTION=create" |
| | | |
| | | ---- |
| | | |
| | | === To Delete an environment |
| | | ---- |
| | | GUID=jb45 |
| | | HOST_GUID=dev39 |
| | | TARGET_HOST="bastion.$HOST_GUID.openshift.opentlc.com" |
| | | OCP_USERNAME="jbride-redhat.com" |
| | | WORKLOAD="ocp-workload-rhte-mw-msa-orchestration" |
| | | SSH_USERNAME="jbride-redhat.com" |
| | | SSH_PRIVATE_KEY="id_ocp" |
| | | |
| | | # a TARGET_HOST is specified in the command line, without using an inventory file |
| | | ansible-playbook -i ${TARGET_HOST}, ./configs/ocp-workloads/ocp-workload.yml \ |
| | | -e"ansible_ssh_private_key_file=~/.ssh/${SSH_PRIVATE_KEY}" \ |
| | | -e"ansible_ssh_user=${SSH_USERNAME}" \ |
| | | ansible-playbook -i localhost, -c local ./configs/ocp-workloads/ocp-workload.yml \ |
| | | -e"ANSIBLE_REPO_PATH=`pwd`" \ |
| | | -e"ocp_username=${OCP_USERNAME}" \ |
| | | -e"ocp_workload=${WORKLOAD}" \ |
| | |
| | | |
| | | # ####### lab specific tasks ############## # |
| | | |
| | | |
| | | # Components: |
| | | # 1) AMQ 7 broker |
| | | # 2) PAM kie-server w/ postgresql (possibly with business central) |
| | | # 1) enmasse ( configured via configmaps ) |
| | | # 2) embedded spring-boot based kie-server w/ postgresql |
| | | # 3) backend business services |
| | | # 4) centralized rh-sso |
| | | # 5) centralized nexus (proxy repo and lab artifact repo (need to segregate between students ) ) |
| | | # 4) rh-sso |
| | | # 5) nexus |
| | | |
| | | |
| | | #################################################### |
| | | |
| | |
| | | ocp_user_groups: |
| | | - OPENTLC-PROJECT-PROVISIONERS |
| | | |
| | | quota_requests_cpu: 5 |
| | | quota_limits_cpu: 10 |
| | | quota_requests_cpu: 10 |
| | | quota_limits_cpu: 30 |
| | | |
| | | quota_requests_memory: '6Gi' |
| | | quota_limits_memory: '20Gi' |
| | | quota_requests_memory: '10Gi' |
| | | quota_limits_memory: '60Gi' |
| | | |
| | | quota_configmaps: 10 |
| | | quota_pods: 20 |
| | | quota_configmaps: 20 |
| | | quota_pods: 40 |
| | | quota_persistentvolumeclaims: 20 |
| | | quota_services: 30 |
| | | quota_secrets: 30 |
| | | quota_services: 50 |
| | | quota_secrets: 100 |
| | | quota_requests_storage: 50Gi |
| | | |
| | | ocp_domain: "{{subdomain_base}}" |
| | |
| | | deploy_status_retries: 15 |
| | | deploy_status_delay: 20 |
| | | |
| | | # Corresponds to project names |
| | | lab_name: rhte-mw-op-intel |
| | | lab_1_name: lab1-kafka-project |
| | | lab_2_name: lab2-kafka-project |
| | | lab_3_name: lab3-spark-simple-project |
| | | lab_4_name: lab4-spark-medium-project |
| | | lab_5_name: lab5-spark-complex-project |
| | | lab_1_name: "{{ocp_username}}-lab1-kafka-project" |
| | | lab_2_name: "{{ocp_username}}-lab2-kafka-project" |
| | | lab_3_name: "{{ocp_username}}-lab3-spark-simple-project" |
| | | lab_4_name: "{{ocp_username}}-lab4-spark-medium-zepnb-project" |
| | | lab_5_name: "{{ocp_username}}-lab5-spark-medium-jpynb-project" |
| | | lab_6_name: "{{ocp_username}}-lab6-spark-complex-project" |
| | | |
| | | # Corresponds to app names |
| | | spark_app_1: oshinko-webui |
| | | spark_app_2: spark-drools |
| | | spark_app_3: apache-zeppelin |
| | | |
| | | ########## Templates for RHTE Lab 6 Op Intel ################# |
| | | |
| | |
| | | kafkaconnect_crd_yaml: "{{clusteroperator_yaml}}/04-Crd-kafkaconnect.yaml" |
| | | kafkaconnects2i_crd_yaml: "{{clusteroperator_yaml}}/04-Crd-kafkaconnects2i.yaml" |
| | | kafkatopic_crd_yaml: "{{clusteroperator_yaml}}/04-Crd-kafkatopic.yaml" |
| | | kafkauser_crd_yaml: "{{clusteroperator_yaml}}/04-Crd-kafkauser.yaml" |
| | | clusteroperator_deployment_yaml: "{{clusteroperator_yaml}}/05-Deployment-strimzi-cluster-operator.yaml" |
| | | kafkapersistent_yaml: "{{strimzi_url}}/kafka/kafka-persistent.yaml" |
| | | kafkatopic_yaml: "{{strimzi_url}}/topic/kafka-topic.yaml" |
| | | kafkatopic2_yaml: "{{strimzi_url}}/topic/kafka-topic2.yaml" |
| | | kafkauser_yaml: "{{strimzi_url}}/user/kafka-user.yaml" |
| | | helloword_yaml: "{{strimzi_url}}/hello-world/deployment.yaml" |
| | | |
| | |
| | | jupyter_yaml: "https://raw.githubusercontent.com/gpe-mw-training/operational_intelligence/master/templates/resources-jupyter.yaml" |
| | | strimzi_yaml: "https://raw.githubusercontent.com/gpe-mw-training/operational_intelligence/master/templates/openshift-strimzi-kafka-template.yaml" |
| | | nbconf_yaml: "https://raw.githubusercontent.com/honghuac/rhte2018/master/spark/nbconf.yaml" |
| | | kafkatopic2_yaml: "https://raw.githubusercontent.com/gpe-mw-training/operational_intelligence/master/templates/kafka-topic-configmap.yaml" |
| | | kafkatopic3_yaml: "https://raw.githubusercontent.com/gpe-mw-training/operational_intelligence/master/templates/kafka-topic-configmap.yaml" |
| | | spark_dc: "oshinko-java-spark-build-dc" |
| | | |
| | | # Corresponds to Git repos |
| | | spark_git: "https://github.com/gpe-mw-training/operational_intelligence/tree/master/spark-drools" |
| | | zeppelin_git: "https://github.com/rimolive/zeppelin-notebooks.git" |
| | | |
| | | |
| | | |
| | | ################################################################# |
| | |
| | | === Deploy a Workload with the `ocp-workload` playbook [Mostly for testing] |
| | | |
| | | ---- |
| | | GUID=jb45 |
| | | HOST_GUID=dev39 |
| | | TARGET_HOST="master.$HOST_GUID.openshift.opentlc.com" |
| | | OCP_USERNAME="jbride-redhat.com" |
| | | WORKLOAD="ocp-workload-rhte-mw-op-intel" |
| | | |
| | | # a TARGET_HOST is specified in the command line, without using an inventory file |
| | | ansible-playbook -i localhost, -c local ./configs/ocp-workloads/ocp-workload.yml \ |
| | | -e"ANSIBLE_REPO_PATH=`pwd`" \ |
| | | -e"ocp_workload=${WORKLOAD}" \ |
| | | -e"ocp_username=${OCP_USERNAME}" \ |
| | | -e"guid=${GUID}" \ |
| | | -e"ocp_user_needs_quota=true" \ |
| | | -e"ocp_domain=${OCP_DOMAIN}" \ |
| | | -e"ACTION=create" |
| | | |
| | | ---- |
| | | |
| | | === To Delete an environment |
| | | ---- |
| | | GUID=jb45 |
| | | HOST_GUID=dev39 |
| | | TARGET_HOST="master.$HOST_GUID.openshift.opentlc.com" |
| | | OCP_USERNAME="jbride-redhat.com" |
| | | WORKLOAD="ocp-workload-rhte-mw-op-intel" |
| | | |
| | | # a TARGET_HOST is specified in the command line, without using an inventory file |
| | | ======= |
| | | WORKLOAD="ocp-workload-rhte-mw-op-intel" |
| | | OCP_USERNAME="jbride-redhat.com" |
| | | |
| | |
| | | become: "{{ become_override | bool }}" |
| | | when: ACTION == "create" or ACTION == "provision" |
| | | |
| | | - name: Running Workload Tasks |
| | | include: ./workload.yml |
| | | - name: Running Strimzi Workload Tasks |
| | | include: ./strimzi_workload.yml |
| | | become: "{{ become_override | bool }}" |
| | | when: ACTION == "create" or ACTION == "provision" |
| | | |
| | | - name: Running Spark Workload Tasks |
| | | include: ./spark_workload.yml |
| | | become: "{{ become_override | bool }}" |
| | | when: ACTION == "create" or ACTION == "provision" |
| | | |
| | |
| | | shell: "oc delete project {{lab_5_name}}" |
| | | ignore_errors: true |
| | | |
| | | - name: Remove Project {{lab_6_name}} |
| | | shell: "oc delete project {{lab_6_name}}" |
| | | ignore_errors: true |
| | | |
| | | - name: post_workload Tasks Complete |
| | | debug: |
| | | msg: "Post-Software checks completed successfully - Removed" |
New file |
| | |
| | | --- |
| | | - name: define ocp_project |
| | | set_fact: |
| | | ocp_project: "{{lab_name}}-{{guid}}" |
| | | |
| | | # ####### Spark Installation ############## # |
| | | # Components: |
| | | # 1) Apache Spark |
| | | #################################################### |
| | | |
| | | - name: Lab 6 Op Intel Installation workload Tasks Start |
| | | debug: |
| | | msg: Lab 6 Op Intel Installation workload Tasks Start |
| | | |
| | | - name: Spark Installation Tasks Begin |
| | | debug: |
| | | msg: Spark Installation Tasks Begin |
| | | |
| | | - name: Simple Spark Lab Installation Tasks Begin |
| | | debug: |
| | | msg: Simple Spark Lab Installation Tasks Begin |
| | | |
| | | - name: Create project for workload {{lab_3_name}} |
| | | shell: "oc new-project {{lab_3_name}}" |
| | | ignore_errors: true |
| | | |
| | | - name: Label namespace for project {{lab_3_name}} |
| | | command: "oc label namespace {{lab_3_name}} AAD='{{guid}}'" |
| | | ignore_errors: true |
| | | |
| | | - name: Make sure we go back to default project |
| | | shell: "oc project default" |
| | | |
| | | - name: Give user {{guid}} access to ocp_project {{lab_3_name}} |
| | | shell: "oc policy add-role-to-user admin {{guid}} -n {{lab_3_name}}" |
| | | ignore_errors: true |
| | | |
| | | - name: delete temp dir if it exists |
| | | file: |
| | | path: /tmp/{{ocp_project}} |
| | | state: absent |
| | | - file: |
| | | path: /tmp/{{ocp_project}} |
| | | state: directory |
| | | |
| | | - name: Create spark cluster environment in project {{lab_3_name}} |
| | | shell: "oc create -f {{ spark_yaml }} -n {{lab_3_name}}" |
| | | ignore_errors: true |
| | | |
| | | - name: Create oshinko web app in project {{lab_3_name}} |
| | | shell: "oc new-app {{ spark_app_1 }} -n {{lab_3_name}}" |
| | | ignore_errors: true |
| | | |
| | | - name: Create spark cluster app in project {{lab_3_name}} |
| | | shell: "oc new-app --template {{ spark_dc }} |
| | | -p APPLICATION_NAME={{ spark_app_2 }} |
| | | -p APP_MAIN_CLASS=com.redhat.gpte.App |
| | | -p GIT_URI={{ spark_git }} |
| | | -p APP_FILE=spark-drools.jar |
| | | -p OSHINKO_DEL_CLUSTER=false |
| | | -n {{lab_3_name}}" |
| | | ignore_errors: true |
| | | |
| | | - name: Simple Spark Lab Installation Tasks Complete |
| | | debug: |
| | | msg: Simple Spark Lab Installation Tasks Complete |
| | | |
| | | - name: Medium Spark Lab Installation Tasks Begin |
| | | debug: |
| | | msg: Medium Spark Lab Installation Tasks Begin |
| | | |
| | | - name: Create project for workload {{lab_4_name}} |
| | | shell: "oc new-project {{lab_4_name}}" |
| | | ignore_errors: true |
| | | |
| | | - name: Label namespace for project {{lab_4_name}} |
| | | command: "oc label namespace {{lab_4_name}} AAD='{{guid}}'" |
| | | ignore_errors: true |
| | | |
| | | - name: Give user {{guid}} access to ocp_project {{lab_4_name}} |
| | | shell: "oc policy add-role-to-user admin {{guid}} -n {{lab_4_name}}" |
| | | ignore_errors: true |
| | | |
| | | - name: Create ZEPPELIN NOTEBOOK environment in project {{lab_4_name}} |
| | | shell: "oc create -f {{ zeppelin_yaml }} -n {{lab_4_name}}" |
| | | ignore_errors: true |
| | | |
| | | - name: Create ZEPPELIN NOTEBOOK app in project {{lab_4_name}} |
| | | shell: "oc new-app --template=$namespace/apache-zeppelin-openshift |
| | | -p APPLICATION_NAME={{ spark_app_3 }} |
| | | -p GIT_URI={{ zeppelin_git }} |
| | | -p ZEPPELIN_INTERPRETERS=md |
| | | -n {{lab_4_name}}" |
| | | ignore_errors: true |
| | | |
| | | - name: Create project for workload {{lab_5_name}} |
| | | shell: "oc new-project {{lab_5_name}}" |
| | | ignore_errors: true |
| | | |
| | | - name: Label namespace for project {{lab_5_name}} |
| | | command: "oc label namespace {{lab_5_name}} AAD='{{guid}}'" |
| | | ignore_errors: true |
| | | |
| | | - name: Give user {{guid}} access to ocp_project {{lab_5_name}} |
| | | shell: "oc policy add-role-to-user admin {{guid}} -n {{lab_5_name}}" |
| | | ignore_errors: true |
| | | |
| | | - name: Make sure we go back to default project |
| | | shell: "oc project default" |
| | | |
| | | - name: Create JUPYTER NOTEBOOK environment in project {{lab_5_name}} |
| | | shell: "oc create -f {{ jupyter_yaml }} -n {{lab_5_name}}" |
| | | ignore_errors: true |
| | | |
| | | - name: Create JUPYTER NOTEBOOK app in project {{lab_5_name}} |
| | | shell: "oc new-app --template radanalytics-jupyter-notebook |
| | | -p JUPYTER_NOTEBOOK_PASSWORD=developer |
| | | -n {{lab_5_name}}" |
| | | ignore_errors: true |
| | | |
| | | - name: Create JUPYTER NOTEBOOK configuration in project {{lab_5_name}} |
| | | shell: "oc create -f {{ nbconf_yaml }} -n {{lab_5_name}}" |
| | | ignore_errors: true |
| | | |
| | | - name: Medium Spark Lab Installation Tasks Complete |
| | | debug: |
| | | msg: Medium Spark Lab Installation Tasks Complete |
| | | |
| | | - name: Complex Spark Lab Installation Tasks Begin |
| | | debug: |
| | | msg: Complex Spark Lab Installation Tasks Begin |
| | | |
| | | - name: Create project for workload {{lab_6_name}} |
| | | shell: "oc new-project {{lab_6_name}}" |
| | | ignore_errors: true |
| | | |
| | | - name: Label namespace for project {{lab_6_name}} |
| | | command: "oc label namespace {{lab_6_name}} AAD='{{guid}}'" |
| | | ignore_errors: true |
| | | |
| | | - name: Make sure we go back to default project |
| | | shell: "oc project default" |
| | | |
| | | - name: Give user {{guid}} access to ocp_project {{lab_6_name}} |
| | | shell: "oc policy add-role-to-user admin {{guid}} -n {{lab_6_name}}" |
| | | ignore_errors: true |
| | | |
| | | - name: Create ZEPPELIN NOTEBOOK environment in project {{lab_6_name}} |
| | | shell: "oc create -f {{ zeppelin_yaml }} -n {{lab_6_name}}" |
| | | ignore_errors: true |
| | | |
| | | - name: Create ZEPPELIN NOTEBOOK app in project {{lab_6_name}} |
| | | shell: "oc new-app --template=$namespace/apache-zeppelin-openshift |
| | | -p APPLICATION_NAME={{ spark_app_3 }} |
| | | -p GIT_URI={{ zeppelin_git }} |
| | | -p ZEPPELIN_INTERPRETERS=md |
| | | -n {{lab_6_name}}" |
| | | ignore_errors: true |
| | | |
| | | - name: Create spark cluster environment in project {{lab_6_name}} |
| | | shell: "oc create -f {{ spark_yaml }} -n {{lab_6_name}}" |
| | | ignore_errors: true |
| | | |
| | | - name: Create oshinko web app in project {{lab_6_name}} |
| | | shell: "oc new-app {{ spark_app_1 }} -n {{lab_6_name}}" |
| | | ignore_errors: true |
| | | |
| | | - name: Complex Spark Lab Installation Tasks Complete |
| | | debug: |
| | | msg: Complex Spark Lab Installation Tasks Complete |
| | | |
| | | - name: Spark Installation Tasks Complete |
| | | debug: |
| | | msg: Spark Installation Tasks Complete |
| | | |
| | | - name: Lab 6 Op Intel Installation workload Tasks Complete |
| | | debug: |
| | | msg: Lab 6 Op Intel Installation workload Tasks Complete |
File was renamed from ansible/roles/ocp-workload-rhte-mw-op-intel/tasks/workload.yml |
| | |
| | | # 1) Kafka |
| | | #################################################### |
| | | |
| | | - name: Strimzi Installation Tasks Start |
| | | - name: Lab 6 Op Intel Installation workload Tasks Start |
| | | debug: |
| | | msg: Strimzi Installation Tasks Start |
| | | msg: Lab 6 Op Intel Installation workload Tasks Start |
| | | |
| | | - name: define user user2_kafka_project |
| | | set_fact: |
| | | user2_kafka_project: "{{ocp_username}}-{{lab_1_name}}" |
| | | - name: Strimzi Installation Tasks Begin |
| | | debug: |
| | | msg: Strimzi Installation Tasks Begin |
| | | |
| | | - name: "Create project for workload {{lab_1_name}}" |
| | | - name: Create project for workload {{lab_1_name}} |
| | | shell: "oc new-project {{lab_1_name}}" |
| | | ignore_errors: true |
| | | |
| | | - name: "Label namespace" |
| | | - name: Label namespace |
| | | command: "oc label namespace {{lab_1_name}} AAD='{{guid}}'" |
| | | ignore_errors: true |
| | | |
| | | - name: Make sure we go back to default project |
| | | shell: "oc project default" |
| | | |
| | | - name: Add user as admin to the project |
| | | shell: "oc adm policy add-role-to-user admin {{ocp_username}} -n {{lab_1_name}}" |
| | | |
| | | - name: Give user {{guid}} access to ocp_project {{lab_1_name}} |
| | | shell: "oc policy add-role-to-user admin {{guid}} -n {{lab_1_name}}" |
| | | ignore_errors: true |
| | | |
| | | - name: delete temp dir if it exists |
| | | file: |
| | |
| | | |
| | | - name: Create SA for strimzi cluster operator |
| | | shell: "oc apply -f {{ serviceaccount_yaml }} -n {{lab_1_name}}" |
| | | ignore_errors: true |
| | | |
| | | - name: Create cluster role for strimzi cluster operator |
| | | shell: "oc apply -f {{ clusteroperator_role_yaml }} -n {{lab_1_name}}" |
| | | ignore_errors: true |
| | | |
| | | - name: Create cluster role binding for strimzi cluster operator |
| | | shell: "oc apply -f {{ clusteroperator_rolebinding_yaml }} -n {{lab_1_name}}" |
| | | ignore_errors: true |
| | | |
| | | - name: Create cluster role for Kafka broker |
| | | shell: "oc apply -f {{ kafkabroker_role_yaml }} -n {{lab_1_name}}" |
| | | |
| | | - name: Create cluster role binding for strimzi-cluster-operator-topic-operator-delegation |
| | | shell: "" |
| | | |
| | | - name: Create cluster role for strimzi-topic operator |
| | | shell: "oc apply -f {{ topicoperator_SOMETHING_yaml }} -n {{lab_1_name}}" |
| | | ignore_errors: true |
| | | |
| | | - name: Create cluster role binding for strimzi-cluster-operator-topic-operator-delegation |
| | | shell: "oc apply -f {{ topicoperator_rolebinding_yaml }} -n {{lab_1_name}}" |
| | | ignore_errors: true |
| | | |
| | | - name: Add CRD for Kafka |
| | | shell: "oc apply -f {{ kafka_crd_yaml }} -n {{lab_1_name}}" |
| | | ignore_errors: true |
| | | |
| | | - name: Add CRD for Kafka connect |
| | | shell: "oc apply -f {{ kafkaconnect_crd_yaml }} -n {{lab_1_name}}" |
| | | ignore_errors: true |
| | | |
| | | - name: Add CRD for Kafka connect s2i |
| | | shell: "oc apply -f {{ kafkaconnects2i_crd_yaml }} -n {{lab_1_name}}" |
| | | ignore_errors: true |
| | | |
| | | - name: Add CRD for Kafka topic |
| | | shell: "oc apply -f {{ kafkatopic_crd_yaml }} -n {{lab_1_name}}" |
| | | ignore_errors: true |
| | | |
| | | - name: Add CRD for Kafka user |
| | | shell: "oc apply -f {{ kafkauser_crd_yaml }} -n {{lab_1_name}}" |
| | | |
| | | ignore_errors: true |
| | | |
| | | - name: Deploy Kafka |
| | | shell: "oc apply -f examples/install/cluster-operator/05-Deployment-strimzi-cluster-operator.yaml -n {{lab_1_name}}" |
| | | shell: "oc apply -f {{clusteroperator_deployment_yaml}} -n {{lab_1_name}}" |
| | | ignore_errors: true |
| | | |
| | | - name: Apply Kafka Persistent template |
| | | shell: "oc apply -f {{ kafkapersistent_yaml }} -n {{lab_1_name}}" |
| | | ignore_errors: true |
| | | |
| | | - name: Create Kafka topics |
| | | - name: Create first Kafka topic |
| | | shell: "oc apply -f {{ kafkatopic_yaml }} -n {{lab_1_name}}" |
| | | ignore_errors: true |
| | | |
| | | - name: Create second Kafka topic |
| | | shell: "oc apply -f {{ kafkatopic2_yaml }} -n {{lab_1_name}}" |
| | | ignore_errors: true |
| | | |
| | | #- name: Create third Kafka topic |
| | | # shell: "oc apply -f {{ kafkatopic3_yaml }} -n {{lab_1_name}}" |
| | | |
| | | - name: Create Kafka users |
| | | shell: "oc apply -f {{ kafkauser_yaml }} -n {{lab_1_name}}" |
| | | ignore_errors: true |
| | | |
| | | - name: Annotate the empty project as requested by user [what does this do?] |
| | | shell: "oc annotate namespace {{lab_1_name}} openshift.io/requester={{ocp_username}} --overwrite" |
| | | - name: Create Kafka connect deployment |
| | | shell: "oc apply -f examples/kafka-connect/kafka-connect.yaml -n {{lab_1_name}}" |
| | | |
| | | - name: Strimzi Installation Tasks Complete |
| | | debug: |