Merge branch 'development' of github.com:hguerrero/ansible_agnostic_deployer into development
102 files added
36 files modified
| | |
| | | ansible/judd.sh |
| | | *.swp |
| | | scripts/*.rc |
| | | wk*.rc |
New file |
| | |
| | | --- |
| | | - name: Delete Infrastructure |
| | | hosts: localhost |
| | | connection: local |
| | | gather_facts: False |
| | | become: no |
| | | vars_files: |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml" |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_secret_vars.yml" |
| | | |
| | | tasks: |
| | | - name: Destroy cloudformation template |
| | | cloudformation: |
| | | stack_name: "{{project_tag}}" |
| | | state: "absent" |
| | | region: "{{aws_region}}" |
| | | disable_rollback: false |
| | | tags: |
| | | Stack: "project {{env_type}}-{{ guid }}" |
| | | tags: |
| | | - destroying |
| | | - destroy_cf_deployment |
| | | - destroy_cloud_deployment |
| | | register: cloudformation_result |
| | | until: cloudformation_result|succeeded |
| | | retries: 5 |
| | | delay: 60 |
| | | ignore_errors: yes |
| | | when: cloud_provider == 'ec2' |
| | | |
| | | - name: report Cloudformation error |
| | | fail: |
| | | msg: "FAIL {{ project_tag }} Destroy Cloudformation" |
| | | when: |
| | | - not cloudformation_result|succeeded |
| | | - cloud_provider == 'ec2' |
| | | tags: |
| | | - destroying |
| | | - destroy_cf_deployment |
| | | - destroy_cloud_deployment |
| | |
| | | copy: |
| | | dest: "{{ANSIBLE_REPO_PATH}}/workdir/{{ env_type }}.{{ guid }}.s3user.credentials" |
| | | content: | |
| | | * S3 Bucket for registry: {{s3user}} |
| | | * S3 Bucket for registry: {{s3user}} |
| | | ** S3User access key: {{s3user_access_key}} |
| | | ** S3User secret key: {{s3user_secret_access_key}} |
| | | when: s3user_access_key is defined |
| | | |
| | | - name: get Route53User credentials from stack outputs |
| | | set_fact: |
| | | route53user: "{{ cloudformation_out.stack_outputs.Route53User }}" |
| | | route53user_access_key: "{{ cloudformation_out.stack_outputs.Route53UserAccessKey }}" |
| | | route53user_secret_access_key: "{{ cloudformation_out.stack_outputs.Route53UserSecretAccessKey }}" |
| | | when: |
| | | - cloudformation_out.stack_outputs.Route53UserAccessKey is defined |
| | | - cloudformation_out.stack_outputs.Route53UserSecretAccessKey is defined |
| | | tags: |
| | | - provision_cf_template |
| | | |
| | | - name: write down Route53User credentials |
| | | copy: |
| | | dest: "{{ANSIBLE_REPO_PATH}}/workdir/{{ env_type }}.{{ guid }}.route53user.credentials" |
| | | content: | |
| | | * Route53 User for Let's Encrypt: {{ route53user }} |
| | | ** Route53User access key: {{ route53user_access_key }} |
| | | ** Route53User secret key: {{ route53user_secret_access_key }} |
| | | when: route53user_access_key is defined |
| | | |
| | | - name: Gather EC2 facts |
| | | ec2_remote_facts: |
| | |
| | | - name: wait for windows host to be available |
| | | wait_for_connection: |
| | | timeout: 900 |
| | | connect_timeout: 60 |
| | | delay: 120 |
New file |
| | |
| | | = Configs |
| | | |
| | | This directory contains playbooks to provision, deploy, configure softwares. Each config should containsthose files: |
| | | |
| | | * `pre_infra.yml` |
| | | * `post_infra.yml` |
| | | * `pre_software.yml` |
| | | * `software.yml` |
| | | * `post_software.yml` |
| | | * `env_vars.yml` |
| | | * `destroy_env.yml` |
| | | |
| | | For more details see link:../main.yml[main.yml] and link:generic-example[generic-example]. |
New file |
| | |
| | | --- |
| | | - name: Step 00xxxxx software |
| | | hosts: localhost |
| | | gather_facts: False |
| | | become: false |
| | | tasks: |
| | | - debug: |
| | | msg: "Software tasks Started" |
| | | |
| | | - name: Software flight-check |
| | | hosts: localhost |
| | | connection: local |
| | | gather_facts: false |
| | | become: false |
| | | tags: |
| | | - post_flight_check |
| | | tasks: |
| | | - debug: |
| | | msg: "Software checks completed successfully" |
New file |
| | |
| | | --- |
| | | - name: Step 00xxxxx software |
| | | hosts: localhost |
| | | gather_facts: False |
| | | become: false |
| | | tasks: |
| | | - debug: |
| | | msg: "Software tasks Started" |
| | | |
| | | - name: Software flight-check |
| | | hosts: localhost |
| | | connection: local |
| | | gather_facts: false |
| | | become: false |
| | | tags: |
| | | - post_flight_check |
| | | tasks: |
| | | - debug: |
| | | msg: "Software checks completed successfully" |
New file |
| | |
| | | --- |
| | | - name: Step 00xxxxx software |
| | | hosts: localhost |
| | | gather_facts: False |
| | | become: false |
| | | tasks: |
| | | - debug: |
| | | msg: "Software tasks Started" |
| | | |
| | | - name: Software flight-check |
| | | hosts: localhost |
| | | connection: local |
| | | gather_facts: false |
| | | become: false |
| | | tags: |
| | | - post_flight_check |
| | | tasks: |
| | | - debug: |
| | | msg: "Software checks completed successfully" |
New file |
| | |
| | | --- |
| | | - name: Step 00xxxxx software |
| | | hosts: localhost |
| | | gather_facts: False |
| | | become: false |
| | | tasks: |
| | | - debug: |
| | | msg: "Software tasks Started" |
| | | |
| | | - name: Software flight-check |
| | | hosts: localhost |
| | | connection: local |
| | | gather_facts: false |
| | | become: false |
| | | tags: |
| | | - post_flight_check |
| | | tasks: |
| | | - debug: |
| | | msg: "Software checks completed successfully" |
New file |
| | |
| | | --- |
| | | - name: Step 00xxxxx software |
| | | hosts: localhost |
| | | gather_facts: False |
| | | become: false |
| | | tasks: |
| | | - debug: |
| | | msg: "Software tasks Started" |
| | | |
| | | - name: Software flight-check |
| | | hosts: localhost |
| | | connection: local |
| | | gather_facts: false |
| | | become: false |
| | | tags: |
| | | - post_flight_check |
| | | tasks: |
| | | - debug: |
| | | msg: "Software checks completed successfully" |
New file |
| | |
| | | = How to create an Environment Type |
| | | |
| | | == Create a base for your new environment type |
| | | |
| | | * Duplicate the "generic-example" environemnt type directory or use another |
| | | environment type directory that is closer to your end goal. |
| | | |
| | | == Edit your cloud provider "blueprint" or "template" |
| | | |
| | | NOTE: At this point this is "aws" based, with time we will have other providers. |
| | | |
| | | * Edit the link:./files/cloud_providers/ec2_cloud_template.j2[./files/cloud_provides/ec2_cloud_template.j2] |
| | | |
| | | * Add Security Groups if you require any. |
| | | * Add LaunchConfigs and AutoScale Groups |
| | | |
| | | ---- |
| | | "HostLC": { |
| | | "Type": "AWS::AutoScaling::LaunchConfiguration", |
| | | "Properties": { |
| | | "AssociatePublicIpAddress": true, |
| | | "ImageId": { |
| | | "Fn::FindInMap": [ |
| | | "RegionMapping", |
| | | { |
| | | "Ref": "AWS::Region" |
| | | }, |
| | | "AMI" |
| | | ] |
| | | }, |
| | | "InstanceType": "{{host_instance_type}}", |
| | | "KeyName": "{{key_name}}", |
| | | "SecurityGroups": [ |
| | | { |
| | | "Ref": "HostSG" |
| | | } |
| | | ], |
| | | "BlockDeviceMappings": [ |
| | | { |
| | | "DeviceName": "/dev/xvda", |
| | | "Ebs": { |
| | | "VolumeSize": 30 |
| | | } |
| | | }, |
| | | { |
| | | "DeviceName": "/dev/xvdb", |
| | | "Ebs": { |
| | | "VolumeSize": 100 |
| | | } |
| | | } |
| | | ] |
| | | } |
| | | }, |
| | | "HostAsg": { |
| | | "Type": "AWS::AutoScaling::AutoScalingGroup", |
| | | "Properties": { |
| | | "DesiredCapacity": {{host_instance_count}}, |
| | | "LaunchConfigurationName": { |
| | | "Ref": "HostLC" |
| | | }, |
| | | "MaxSize": 100, |
| | | "MinSize": 1, |
| | | "Tags": [ |
| | | { |
| | | "Key": "Name", |
| | | "Value": "host", |
| | | "PropagateAtLaunch": true |
| | | }, |
| | | { |
| | | "Key": "AnsibleGroup", |
| | | "Value": "hosts", |
| | | "PropagateAtLaunch": true |
| | | }, |
| | | { |
| | | "Key": "Project", |
| | | "Value": "{{project_tag}}", |
| | | "PropagateAtLaunch": true |
| | | }, |
| | | { |
| | | "Key": "{{ project_tag }}", |
| | | "Value": "host", |
| | | "PropagateAtLaunch": true |
| | | } |
| | | ], |
| | | "VPCZoneIdentifier": [ |
| | | { |
| | | "Ref": "PublicSubnet" |
| | | } |
| | | ] |
| | | } |
| | | }, |
| | | ---- |
| | | |
| | | ** Pay attention to the Tags created for the different AS groups |
| | | |
| | | ---- |
| | | |
| | | { |
| | | "Key": "Project", |
| | | "Value": "{{project_tag}}", |
| | | "PropagateAtLaunch": true |
| | | }, |
| | | { |
| | | "Key": "{{ project_tag }}", |
| | | "Value": "host", |
| | | "PropagateAtLaunch": true |
| | | } |
| | | |
| | | ---- |
| | | |
| | | |
| | | * Add DNS Entries you need for your environment: |
| | | ---- |
| | | "MasterDNS": { |
| | | "Type": "AWS::Route53::RecordSetGroup", |
| | | "DependsOn": "Master", |
| | | "Properties": { |
| | | "HostedZoneId": "{{HostedZoneId}}", |
| | | "RecordSets": [ |
| | | { |
| | | "Name": "{{master_public_dns}}", |
| | | "Type": "A", |
| | | "TTL": "10", |
| | | "ResourceRecords": [ |
| | | { |
| | | "Fn::GetAtt": [ |
| | | "Master", |
| | | "PublicIp" |
| | | ] |
| | | } |
| | | ] |
| | | } |
| | | ] |
| | | } |
| | | }, |
| | | |
| | | ---- |
| | | |
| | | * Add S3 or other resources you require: |
| | | ---- |
| | | |
| | | "RegistryS3": { |
| | | "Type": "AWS::S3::Bucket", |
| | | "Properties": { |
| | | "BucketName": "{{ env_type }}-{{ guid }}", |
| | | "Tags": [ |
| | | { |
| | | "Key": "Name", |
| | | "Value": "s3-{{ env_type }}-{{ guid }}" |
| | | }, |
| | | { |
| | | "Key": "Project", |
| | | "Value": "{{project_tag}}" |
| | | } |
| | | ] |
| | | } |
| | | } |
| | | }, |
| | | ---- |
| | | |
| | | * Add any "outputs" you need from the cloud provider: |
| | | ---- |
| | | "RegistryS3Output": { |
| | | "Description": "The ID of the S3 Bucket", |
| | | "Value": { |
| | | "Ref": "RegistryS3" |
| | | }}, |
| | | |
| | | ---- |
| | | |
| | | |
| | | |
| | | == Internal DNS file |
| | | |
| | | |
| | | * Edit the internal dns template: link:./files/ec2_internal_dns.json.j2[./files/ec2_internal_dns.json.j2] |
| | | ** You can create nicely indexed internal hostname by creating a for loop in the file for each host group |
| | | ---- |
| | | {% for host in groups['support'] %} |
| | | { |
| | | "Action": "{{DNS_action}}", |
| | | "ResourceRecordSet": { |
| | | "Name": "support{{loop.index}}.{{zone_internal_dns}}", |
| | | "Type": "A", |
| | | "TTL": 20, |
| | | "ResourceRecords": [ { "Value": "{{hostvars[host]['ec2_private_ip_address']}}" } ] |
| | | } |
| | | }, |
| | | |
| | | ---- |
New file |
| | |
| | | = OPENTLC OCP-IMPLEMENTATION-LAB Env_Type config |
| | | |
| | | For example, we will include things such as ec2 instance names, secret |
| | | variables such as private/public key pair information, passwords, etc. |
| | | |
| | | Eventually, all sensitive information will be encrypted via Ansible Vault. The |
| | | inclusion as well as instructions on doing this will be included in a later |
| | | release. |
| | | |
| | | == Set up your "Secret" variables |
| | | |
| | | * You need to provide some credentials for deployments to work |
| | | * Create a file called "env_secret_vars.yml" and put it in the |
| | | ./ansible/configs/CONFIGNAME/ directory. |
| | | ** At this point this file has to be created even if no vars from it are used. |
| | | * You can choose to provide these values as extra vars (-e "var=value") in the |
| | | command line if you prefer not to keep sensitive information in a file. |
| | | * In the future we will use ansible vault for this. |
| | | |
| | | .Example contents of "Secret" Vars file |
| | | ---- |
| | | # ## Logon credentials for Red Hat Network |
| | | # ## Required if using the subscription component |
| | | # ## of this playbook. |
| | | rhel_subscription_user: '' |
| | | rhel_subscription_pass: '' |
| | | # |
| | | # ## LDAP Bind Password |
| | | bindPassword: '' |
| | | # |
| | | # ## Desired openshift admin name and password |
| | | admin_user: "" |
| | | admin_user_password: "" |
| | | # |
| | | # ## AWS Credentials. This is required. |
| | | aws_access_key_id: "" |
| | | aws_secret_access_key: "" |
| | | ---- |
| | | |
| | | |
| | | == Review the Env_Type variable file |
| | | |
| | | * This file link:./env_vars.yml[./env_vars.yml] contains all the variables you |
| | | need to define to control the deployment of your environment. |
| | | |
| | | == Running Ansible Playbook |
| | | |
| | | . You can run the playbook with the following arguments to overwrite the default variable values: |
| | | [source,bash] |
| | | ---- |
| | | # Set the your environment variables (this is optional, but makes life easy) |
| | | |
| | | REGION=us-east-1 |
| | | KEYNAME=ocpkey |
| | | GUID=testimp35 |
| | | ENVTYPE="ocp-implementation-lab" |
| | | CLOUDPROVIDER=ec2 |
| | | HOSTZONEID='Z3IHLWJZOU9SRT' |
| | | REPO_PATH='https://admin.example.com/repos/ocp/3.5/' |
| | | BASESUFFIX='.example.opentlc.com' |
| | | |
| | | REPO_VERSION=3.5 |
| | | NODE_COUNT=2 |
| | | IPAPASS=ipapass |
| | | |
| | | ## For a HA environment that is not installed with OpenShift |
| | | |
| | | time ansible-playbook ./main.yml \ |
| | | -e "osrelease=3.5.5.5" -e "repo_version=${REPO_VERSION}" -e "docker_version=1.12.6" \ |
| | | -e "guid=${GUID}" -e "env_type=${ENVTYPE}" -e "cloud_provider=${CLOUDPROVIDER}" \ |
| | | -e "aws_region=${REGION}" -e "HostedZoneId=${HOSTZONEID}" -e "key_name=${KEYNAME}" \ |
| | | -e "subdomain_base_suffix=${BASESUFFIX}" -e "install_idm=htpasswd" \ |
| | | -e "node_instance_count=${NODE_COUNT}" -e "infranode_instance_count=1" -e "master_instance_count=1" \ |
| | | -e "software_to_deploy=none" -e "own_repo_path=${REPO_PATH}" -e "ipa_host_password=${IPAPASS}" \ |
| | | -e "tower_run=false" |
| | | |
| | | . To Delete an environment |
| | | ---- |
| | | |
| | | #To Destroy an Env |
| | | ansible-playbook ./configs/${ENVTYPE}/destroy_env.yml \ |
| | | -e "guid=${GUID}" -e "env_type=${ENVTYPE}" -e "cloud_provider=${CLOUDPROVIDER}" -e "aws_region=${REGION}" \ |
| | | -e "HostedZoneId=${HOSTZONEID}" -e "key_name=${KEYNAME}" -e "subdomain_base_suffix=${BASESUFFIX}" |
| | | |
| | | ---- |
New file |
| | |
| | | - name: Starting environment deployment |
| | | hosts: localhost |
| | | connection: local |
| | | gather_facts: False |
| | | become: no |
| | | vars_files: |
| | | - "./env_vars.yml" |
| | | - "./env_secret_vars.yml" |
| | | |
| | | tasks: |
| | | # - name: get internal dns zone id if not provided |
| | | # environment: |
| | | # AWS_ACCESS_KEY_ID: "{{aws_access_key_id}}" |
| | | # AWS_SECRET_ACCESS_KEY: "{{aws_secret_access_key}}" |
| | | # AWS_DEFAULT_REGION: "{{aws_region}}" |
| | | # shell: "aws route53 list-hosted-zones-by-name --region={{aws_region}} --dns-name={{guid}}.internal. --output text --query='HostedZones[*].Id' | awk -F'/' '{print $3}'" |
| | | # register: internal_zone_id_register |
| | | # - debug: |
| | | # var: internal_zone_id_register |
| | | # - name: Store internal route53 ID |
| | | # set_fact: |
| | | # internal_zone_id: "{{ internal_zone_id_register.stdout }}" |
| | | # when: 'internal_zone_id_register is defined' |
| | | # - name: delete internal dns names |
| | | # environment: |
| | | # AWS_ACCESS_KEY_ID: "{{aws_access_key_id}}" |
| | | # AWS_SECRET_ACCESS_KEY: "{{aws_secret_access_key}}" |
| | | # AWS_DEFAULT_REGION: "{{aws_region}}" |
| | | # shell: "aws route53 change-resource-record-sets --hosted-zone-id {{internal_zone_id}} --change-batch file://{{ ANSIBLE_REPO_PATH }}/workdir/internal_dns-{{ env_type }}-{{ guid }}_DELETE.json --region={{aws_region}}" |
| | | # ignore_errors: true |
| | | # tags: |
| | | # - internal_dns_delete |
| | | # when: internal_zone_id is defined |
| | | |
| | | |
| | | - name: Destroy cloudformation template |
| | | cloudformation: |
| | | stack_name: "{{project_tag}}" |
| | | state: "absent" |
| | | region: "{{aws_region}}" |
| | | disable_rollback: false |
| | | tags: |
| | | Stack: "project {{env_type}}-{{ guid }}" |
| | | tags: [ destroying, destroy_cf_deployment ] |
| | | register: cloudformation_result |
| | | until: cloudformation_result|succeeded |
| | | retries: 5 |
| | | delay: 60 |
| | | ignore_errors: yes |
| | | |
| | | - name: report Cloudformation error |
| | | fail: |
| | | msg: "FAIL {{ project_tag }} Destroy Cloudformation" |
| | | when: not cloudformation_result|succeeded |
| | | tags: [ destroying, destroy_cf_deployment ] |
| | | ## we need to add something to delete the env specific key. |
New file |
| | |
| | | ## TODO: What variables can we strip out of here to build complex variables? |
| | | ## i.e. what can we add into group_vars as opposed to config_vars? |
| | | ## Example: We don't really need "subdomain_base_short". If we want to use this, |
| | | ## should just toss in group_vars/all. |
| | | ### Also, we should probably just create a variable reference in the README.md |
| | | ### For now, just tagging comments in line with configuration file. |
| | | deploy_local_ssh_config_location: "{{ ANSIBLE_REPO_PATH }}/workdir" |
| | | |
| | | ###### VARIABLES YOU SHOULD CONFIGURE FOR YOUR DEPLOYEMNT |
| | | ###### OR PASS as "-e" args to ansible-playbook command |
| | | # # |
| | | # # env_groups: |
| | | # # limit: "tag_Project_opentlc_shared_{{guid}}" |
| | | # # bastions: "tag_AnsibleGroup_bastions" |
| | | # # masters: "tag_AnsibleGroup_masters" |
| | | # # nodes: "tag_AnsibleGroup_nodes" |
| | | # # infranodes: "tag_AnsibleGroup_infranodes" |
| | | # # nfs: "tag_AnsibleGroup_nfs" |
| | | # |
| | | # # This doesn't work |
| | | # all: "tag_Project_opentlc_shared_{{guid}}" |
| | | # |
| | | # # but maybe this is silly enough to work |
| | | # #all: "tag_Project_opentlc_shared_{{guid}}:&tag_Project_opentlc_shared_{{guid}}" |
| | | #rhn_pool_id_string: OpenShift Container Platform |
| | | # bastions: "{{env_groups['limit']}}:&{{env_groups['bastions']}}" |
| | | # masters: "{{env_groups['limit']}}:&{{env_groups['masters']}}" |
| | | # nodes: "{{env_groups['limit']}}:&{{env_groups['nodes']}}" |
| | | # infranodes: "{{env_groups['limit']}}:&{{env_groups['infranodes']}}" |
| | | # nfs: "{{env_groups['limit']}}:&{{env_groups['nfs']}}" |
| | | # |
| | | # ocp_pvs: |
| | | # - es-storage |
| | | # - nexus |
| | | # - nexus2 |
| | | # - nexus3 |
| | | config_nfs_uservols: "true" |
| | | user_vols: 200 |
| | | user_vols_size: 4Gi |
| | | # master_api_port: 443 |
| | | # osrelease: 3.4.1.10 |
| | | # openshift_master_overwrite_named_certificates: true |
| | | # deploy_openshift: true |
| | | # deploy_openshift_post: true |
| | | deploy_env_post: true |
| | | # install_metrics: true |
| | | # install_logging: true |
| | | # multi_tenant_setting: "os_sdn_network_plugin_name='redhat/openshift-ovs-multitenant'" |
| | | # master_lb_dns: "master.{{subdomain_base}}" |
| | | # cloudapps_suffix: 'cloudapps.{{subdomain_base}}' |
| | | # openshift_master_ldap_ca_file: 'openshift_master_ldap_ca_file=/root/ca.crt' |
| | | ################################################################################ |
| | | #### GENERIC EXAMPLE |
| | | ################################################################################ |
| | | |
| | | install_common: true |
| | | install_nfs: true |
| | | install_bastion: false |
| | | env_authorized_key: "{{guid}}key" |
| | | set_env_authorized_key: true |
| | | software_to_deploy: "none" |
| | | ################################################################################ |
| | | #### OCP IMPLEMENATATION LAB |
| | | ################################################################################ |
| | | |
| | | repo_version: '3.4' |
| | | cloudapps_dns: '*.apps.{{subdomain_base}}.' |
| | | master_public_dns: "master.{{subdomain_base}}." |
| | | |
| | | ################################################################################ |
| | | #### Common host variables |
| | | ################################################################################ |
| | | |
| | | update_packages: false |
| | | common_packages: |
| | | # - python |
| | | # - unzip |
| | | # - bash-completion |
| | | - tmux |
| | | # - bind-utils |
| | | # - wget |
| | | # - git |
| | | # - vim-enhanced |
| | | # - ansible |
| | | |
| | | rhel_repos: |
| | | - rhel-7-server-rpms |
| | | - rhel-7-server-extras-rpms |
| | | - rhel-7-server-ose-{{repo_version}}-rpms |
| | | |
| | | use_own_repos: true |
| | | |
| | | use_subscription_manager: false |
| | | |
| | | #rhn_pool_id_string: "Red Hat Enterprise Linux Server" |
| | | #rhn_pool_id_string: OpenShift Container Platform |
| | | |
| | | ################################################################################ |
| | | #### nfs host settings |
| | | ################################################################################ |
| | | |
| | | nfs_vg: nfsvg |
| | | nfs_pvs: /dev/xvdb |
| | | nfs_export_path: /srv/nfs |
| | | |
| | | nfs_shares: |
| | | - logging |
| | | - metrics |
| | | - jenkins |
| | | - nexus |
| | | - justanother |
| | | |
| | | ################################################################################ |
| | | #### CLOUD PROVIDER: AWS SPECIFIC VARIABLES |
| | | ################################################################################ |
| | | |
| | | #### Route 53 Zone ID (AWS) |
| | | HostedZoneId: '' |
| | | key_name: '' |
| | | aws_region: us-east-1 |
| | | |
| | | admin_user: '' |
| | | admin_user_password: '' |
| | | |
| | | #### Connection Settings |
| | | ansible_ssh_user: ec2-user |
| | | remote_user: ec2-user |
| | | |
| | | #### Networking (AWS) |
| | | guid: defaultguid |
| | | subdomain_base_short: "{{ guid }}" |
| | | subdomain_base_suffix: ".example.opentlc.com" |
| | | subdomain_base: "{{subdomain_base_short}}{{subdomain_base_suffix}}" |
| | | tower_run: false |
| | | |
| | | #### Environment Sizing |
| | | |
| | | #bastion_instance_type: "t2.micro" |
| | | bastion_instance_type: "t2.small" |
| | | |
| | | |
| | | support_instance_type: "m4.large" |
| | | support_instance_count: 1 |
| | | |
| | | node_instance_type: "t2.large" |
| | | node_instance_count: 2 |
| | | |
| | | infranode_instance_type: "t2.large" |
| | | infranode_instance_count: 1 |
| | | |
| | | |
| | | master_instance_type: "t2.large" |
| | | master_instance_count: 1 |
| | | |
| | | |
| | | loadbalancer_instance_count: 0 |
| | | #loadbalancer_instance_type: "t2.micro" |
| | | loadbalancer_instance_type: "t2.small" |
| | | |
| | | ansible_ssh_private_key_file: ~/.ssh/{{key_name}}.pem |
| | | |
| | | |
| | | #### VARIABLES YOU SHOULD ***NOT*** CONFIGURE FOR YOUR DEPLOYEMNT |
| | | #### You can, but you usually wouldn't need to. |
| | | |
| | | #### CLOUDFORMATIONS vars |
| | | |
| | | project_tag: "{{ env_type }}-{{ guid }}" |
| | | # |
| | | # docker_version: "1.12.6" |
| | | # docker_device: /dev/xvdb |
| | | |
| | | create_internal_dns_entries: true |
| | | zone_internal_dns: "{{guid}}.internal." |
| | | chomped_zone_internal_dns: "{{guid}}.internal" |
| | | zone_public_dns: "{{subdomain_base}}." |
| | | |
| | | bastion_public_dns: "bastion.{{subdomain_base}}." |
| | | bastion_public_dns_chomped: "bastion.{{subdomain_base}}" |
| | | |
| | | |
| | | |
| | | vpcid_cidr_block: "192.168.0.0/16" |
| | | vpcid_name_tag: "{{subdomain_base}}" |
| | | |
| | | az_1_name: "{{ aws_region }}a" |
| | | az_2_name: "{{ aws_region }}b" |
| | | |
| | | subnet_private_1_cidr_block: "192.168.2.0/24" |
| | | subnet_private_1_az: "{{ az_2_name }}" |
| | | subnet_private_1_name_tag: "{{subdomain_base}}-private" |
| | | |
| | | subnet_private_2_cidr_block: "192.168.1.0/24" |
| | | subnet_private_2_az: "{{ az_1_name }}" |
| | | subnet_private_2_name_tag: "{{subdomain_base}}-private" |
| | | |
| | | subnet_public_1_cidr_block: "192.168.10.0/24" |
| | | subnet_public_1_az: "{{ az_1_name }}" |
| | | subnet_public_1_name_tag: "{{subdomain_base}}-public" |
| | | |
| | | subnet_public_2_cidr_block: "192.168.20.0/24" |
| | | subnet_public_2_az: "{{ az_2_name }}" |
| | | subnet_public_2_name_tag: "{{subdomain_base}}-public" |
| | | |
| | | dopt_domain_name: "{{ aws_region }}.compute.internal" |
| | | |
| | | rtb_public_name_tag: "{{subdomain_base}}-public" |
| | | rtb_private_name_tag: "{{subdomain_base}}-private" |
| | | |
| | | cf_template_description: "{{ env_type }}-{{ guid }} template" |
New file |
| | |
| | | { |
| | | "AWSTemplateFormatVersion": "2010-09-09", |
| | | "Parameters": { }, |
| | | "Mappings": { |
| | | "RegionMapping": { |
| | | "us-east-1": { |
| | | "AMI": "ami-c998b6b2" |
| | | }, |
| | | "us-east-2": { |
| | | "AMI": "ami-cfdafaaa" |
| | | }, |
| | | "us-west-1": { |
| | | "AMI": "ami-66eec506" |
| | | }, |
| | | "us-west-2": { |
| | | "AMI": "ami-9fa343e7" |
| | | }, |
| | | "eu-west-1": { |
| | | "AMI": "ami-bb9a6bc2" |
| | | }, |
| | | "eu-central-1": { |
| | | "AMI": "ami-d74be5b8" |
| | | }, |
| | | "ap-northeast-1": { |
| | | "AMI": "ami-30ef0556" |
| | | }, |
| | | "ap-northeast-2": { |
| | | "AMI": "ami-0f5a8361" |
| | | }, |
| | | "ap-southeast-1": { |
| | | "AMI": "ami-10bb2373" |
| | | }, |
| | | "ap-southeast-2": { |
| | | "AMI": "ami-ccecf5af" |
| | | }, |
| | | "sa-east-1": { |
| | | "AMI": "ami-a789ffcb" |
| | | }, |
| | | "ap-south-1": { |
| | | "AMI": "ami-cdbdd7a2" |
| | | } |
| | | }, |
| | | "DNSMapping": { |
| | | "us-east-1": { |
| | | "domain": "us-east-1.compute.internal" |
| | | }, |
| | | "us-west-1": { |
| | | "domain": "us-west-1.compute.internal" |
| | | }, |
| | | "us-west-2": { |
| | | "domain": "us-west-2.compute.internal" |
| | | }, |
| | | "eu-west-1": { |
| | | "domain": "eu-west-1.compute.internal" |
| | | }, |
| | | "eu-central-1": { |
| | | "domain": "eu-central-1.compute.internal" |
| | | }, |
| | | "ap-northeast-1": { |
| | | "domain": "ap-northeast-1.compute.internal" |
| | | }, |
| | | "ap-northeast-2": { |
| | | "domain": "ap-northeast-2.compute.internal" |
| | | }, |
| | | "ap-southeast-1": { |
| | | "domain": "ap-southeast-1.compute.internal" |
| | | }, |
| | | "ap-southeast-2": { |
| | | "domain": "ap-southeast-2.compute.internal" |
| | | }, |
| | | "sa-east-1": { |
| | | "domain": "sa-east-1.compute.internal" |
| | | }, |
| | | "ap-south-1": { |
| | | "domain": "ap-south-1.compute.internal" |
| | | } |
| | | } |
| | | }, |
| | | "Resources": { |
| | | "Vpc": { |
| | | "Type": "AWS::EC2::VPC", |
| | | "Properties": { |
| | | "CidrBlock": "192.199.0.0/16", |
| | | "EnableDnsSupport": "true", |
| | | "EnableDnsHostnames": "true", |
| | | "Tags": [ |
| | | { |
| | | "Key": "Name", |
| | | "Value": "VPCID_NAME_TAG" |
| | | }, |
| | | { |
| | | "Key": "Hostlication", |
| | | "Value": { |
| | | "Ref": "AWS::StackId" |
| | | } |
| | | } |
| | | ] |
| | | } |
| | | }, |
| | | "VpcInternetGateway": { |
| | | "Type": "AWS::EC2::InternetGateway", |
| | | "Properties": {} |
| | | }, |
| | | "VpcGA": { |
| | | "Type": "AWS::EC2::VPCGatewayAttachment", |
| | | "Properties": { |
| | | "InternetGatewayId": { |
| | | "Ref": "VpcInternetGateway" |
| | | }, |
| | | "VpcId": { |
| | | "Ref": "Vpc" |
| | | } |
| | | } |
| | | }, |
| | | "VpcRouteTable": { |
| | | "Type": "AWS::EC2::RouteTable", |
| | | "Properties": { |
| | | "VpcId": { |
| | | "Ref": "Vpc" |
| | | } |
| | | } |
| | | }, |
| | | "VPCRouteInternetGateway": { |
| | | "DependsOn" : "VpcGA", |
| | | "Type": "AWS::EC2::Route", |
| | | "Properties": { |
| | | "GatewayId": { |
| | | "Ref": "VpcInternetGateway" |
| | | }, |
| | | "DestinationCidrBlock": "0.0.0.0/0", |
| | | "RouteTableId": { |
| | | "Ref": "VpcRouteTable" |
| | | } |
| | | } |
| | | }, |
| | | "PublicSubnet": { |
| | | "Type": "AWS::EC2::Subnet", |
| | | "DependsOn": [ |
| | | "Vpc" |
| | | ], |
| | | "Properties": { |
| | | "CidrBlock": "192.199.0.0/24", |
| | | "Tags": [ |
| | | { |
| | | "Key": "Name", |
| | | "Value": "{{project_tag}}" |
| | | }, |
| | | { |
| | | "Key": "Hostlication", |
| | | "Value": { |
| | | "Ref": "AWS::StackId" |
| | | } |
| | | } |
| | | ], |
| | | "MapPublicIpOnLaunch": "true", |
| | | "VpcId": { |
| | | "Ref": "Vpc" |
| | | } |
| | | } |
| | | }, |
| | | "PublicSubnetRTA": { |
| | | "Type": "AWS::EC2::SubnetRouteTableAssociation", |
| | | "Properties": { |
| | | "RouteTableId": { |
| | | "Ref": "VpcRouteTable" |
| | | }, |
| | | "SubnetId": { |
| | | "Ref": "PublicSubnet" |
| | | } |
| | | } |
| | | }, |
| | | "HostSG": { |
| | | "Type": "AWS::EC2::SecurityGroup", |
| | | "Properties": { |
| | | "GroupDescription": "Host", |
| | | "VpcId": { |
| | | "Ref": "Vpc" |
| | | }, |
| | | "Tags": [ |
| | | { |
| | | "Key": "Name", |
| | | "Value": "host_sg" |
| | | } |
| | | ] |
| | | } |
| | | }, |
| | | "HostUDPPorts": { |
| | | "Type": "AWS::EC2::SecurityGroupIngress", |
| | | "Properties": { |
| | | "GroupId": { |
| | | "Fn::GetAtt": [ |
| | | "HostSG", |
| | | "GroupId" |
| | | ] |
| | | }, |
| | | "IpProtocol": "udp", |
| | | "FromPort": "0", |
| | | "ToPort": "65535", |
| | | "CidrIp": "0.0.0.0/0" |
| | | } |
| | | }, |
| | | "HostTCPPorts": { |
| | | "Type": "AWS::EC2::SecurityGroupIngress", |
| | | "Properties": { |
| | | "GroupId": { |
| | | "Fn::GetAtt": [ |
| | | "HostSG", |
| | | "GroupId" |
| | | ] |
| | | }, |
| | | "IpProtocol": "tcp", |
| | | "FromPort": "0", |
| | | "ToPort": "65535", |
| | | "CidrIp": "0.0.0.0/0" |
| | | } |
| | | }, |
| | | "zoneinternalidns": { |
| | | "Type": "AWS::Route53::HostedZone", |
| | | "Properties": { |
| | | "Name": "{{ zone_internal_dns }}", |
| | | "VPCs" : [{ |
| | | "VPCId": { "Ref" : "Vpc" }, |
| | | "VPCRegion": { "Ref": "AWS::Region" } } ], |
| | | "HostedZoneConfig": { |
| | | "Comment": "Created By ansible agnostic deployer" |
| | | } |
| | | } |
| | | }, |
| | | "BastionDNS": { |
| | | "Type": "AWS::Route53::RecordSetGroup", |
| | | "Properties": { |
| | | "HostedZoneId": "{{HostedZoneId}}", |
| | | "RecordSets": [ |
| | | { |
| | | "Name": "{{bastion_public_dns}}", |
| | | "Type": "A", |
| | | "TTL": "10", |
| | | "ResourceRecords": [ |
| | | { |
| | | "Fn::GetAtt": [ |
| | | "Bastion", |
| | | "PublicIp" |
| | | ] |
| | | } |
| | | ] |
| | | } |
| | | ] |
| | | } |
| | | }, |
| | | "MasterDNS": { |
| | | "Type": "AWS::Route53::RecordSetGroup", |
| | | "Properties": { |
| | | "HostedZoneId": "{{HostedZoneId}}", |
| | | "RecordSets": [ |
| | | { |
| | | "Name": "{{master_public_dns}}", |
| | | "Type": "A", |
| | | "TTL": "10", |
| | | "ResourceRecords": [ |
| | | { |
| | | "Fn::GetAtt": [ |
| | | "master1", |
| | | "PublicIp" |
| | | ] |
| | | } |
| | | ] |
| | | } |
| | | ] |
| | | } |
| | | }, |
| | | "CloudDNS": { |
| | | "Type": "AWS::Route53::RecordSetGroup", |
| | | "DependsOn": "Bastion", |
| | | "Properties": { |
| | | "HostedZoneId": "{{HostedZoneId}}", |
| | | "RecordSets": [ |
| | | { |
| | | "Name": "{{cloudapps_dns}}", |
| | | "Type": "A", |
| | | "TTL": "10", |
| | | "ResourceRecords": [ |
| | | { |
| | | "Fn::GetAtt": [ |
| | | "Bastion", |
| | | "PublicIp" |
| | | ] |
| | | } |
| | | ] |
| | | } |
| | | ] |
| | | } |
| | | }, |
| | | "Bastion": { |
| | | "Type": "AWS::EC2::Instance", |
| | | "Properties": { |
| | | "ImageId": { |
| | | "Fn::FindInMap": [ |
| | | "RegionMapping", |
| | | { |
| | | "Ref": "AWS::Region" |
| | | }, |
| | | "AMI" |
| | | ] |
| | | }, |
| | | "InstanceType": "{{bastion_instance_type}}", |
| | | "KeyName": "{{key_name}}", |
| | | "SecurityGroupIds": [ |
| | | { |
| | | "Fn::GetAtt": [ |
| | | "HostSG", |
| | | "GroupId" |
| | | ] |
| | | } |
| | | ], |
| | | "SubnetId": { |
| | | "Ref": "PublicSubnet" |
| | | }, |
| | | "Tags": [ |
| | | { |
| | | "Key": "Name", |
| | | "Value": "bastion" |
| | | }, |
| | | { |
| | | "Key": "AnsibleGroup", |
| | | "Value": "bastions" |
| | | }, |
| | | { |
| | | "Key": "Project", |
| | | "Value": "{{project_tag}}" |
| | | }, |
| | | { |
| | | "Key": "{{ project_tag }}", |
| | | "Value": "bastion" |
| | | } |
| | | ] |
| | | } |
| | | |
| | | }, |
| | | "BastionInternalDNS": { |
| | | "Type": "AWS::Route53::RecordSetGroup", |
| | | "Properties": { |
| | | "HostedZoneId" : { "Ref" : "zoneinternalidns" }, |
| | | |
| | | "RecordSets": [ |
| | | { |
| | | "Name": "bastion.{{zone_internal_dns}}", |
| | | "Type": "A", |
| | | "TTL": "10", |
| | | "ResourceRecords": [ |
| | | { |
| | | "Fn::GetAtt": [ |
| | | "Bastion", |
| | | "PrivateIp" |
| | | ] |
| | | } |
| | | ] |
| | | } |
| | | ] |
| | | } |
| | | }, |
| | | {% for c in range(1,(master_instance_count|int)+1) %} |
| | | |
| | | "master{{c}}": { |
| | | "Type": "AWS::EC2::Instance", |
| | | "Properties": { |
| | | "ImageId": { |
| | | "Fn::FindInMap": [ |
| | | "RegionMapping", |
| | | { |
| | | "Ref": "AWS::Region" |
| | | }, |
| | | "AMI" |
| | | ] |
| | | }, |
| | | "InstanceType": "{{master_instance_type}}", |
| | | "KeyName": "{{key_name}}", |
| | | "SecurityGroupIds": [ |
| | | { |
| | | "Fn::GetAtt": [ |
| | | "HostSG", |
| | | "GroupId" |
| | | ] |
| | | } |
| | | ], |
| | | |
| | | "SubnetId": { |
| | | "Ref": "PublicSubnet" |
| | | }, |
| | | "Tags": [ |
| | | { |
| | | "Key": "Name", |
| | | "Value": "master" |
| | | }, |
| | | { |
| | | "Key": "AnsibleGroup", |
| | | "Value": "masters" |
| | | }, |
| | | { |
| | | "Key": "Project", |
| | | "Value": "{{project_tag}}" |
| | | }, |
| | | { |
| | | "Key": "{{ project_tag }}", |
| | | "Value": "master" |
| | | } |
| | | ], |
| | | "BlockDeviceMappings": [ |
| | | { |
| | | "DeviceName": "/dev/xvda", |
| | | "Ebs": { |
| | | "VolumeSize": 30 |
| | | } |
| | | }, |
| | | { |
| | | "DeviceName": "/dev/xvdb", |
| | | "Ebs": { |
| | | "VolumeType": "gp2", |
| | | "VolumeSize": 20 |
| | | } |
| | | } |
| | | ] |
| | | } |
| | | }, |
| | | "master{{loop.index}}DNS": { |
| | | "Type": "AWS::Route53::RecordSetGroup", |
| | | "Properties": { |
| | | "HostedZoneId" : { "Ref" : "zoneinternalidns" }, |
| | | |
| | | "RecordSets": [ |
| | | { |
| | | "Name": "master{{loop.index}}.{{zone_internal_dns}}", |
| | | "Type": "A", |
| | | "TTL": "10", |
| | | "ResourceRecords": [ |
| | | { |
| | | "Fn::GetAtt": [ |
| | | "master{{loop.index}}", |
| | | "PrivateIp" |
| | | ] |
| | | } |
| | | ] |
| | | } |
| | | ] |
| | | } |
| | | }, |
| | | {% endfor %} |
| | | |
| | | |
| | | {% for c in range(1,(node_instance_count|int)+1) %} |
| | | |
| | | "node{{loop.index}}": { |
| | | "Type": "AWS::EC2::Instance", |
| | | "Properties": { |
| | | "ImageId": { |
| | | "Fn::FindInMap": [ |
| | | "RegionMapping", |
| | | { |
| | | "Ref": "AWS::Region" |
| | | }, |
| | | "AMI" |
| | | ] |
| | | }, |
| | | "InstanceType": "{{node_instance_type}}", |
| | | "KeyName": "{{key_name}}", |
| | | "SecurityGroupIds": [ |
| | | { |
| | | "Fn::GetAtt": [ |
| | | "HostSG", |
| | | "GroupId" |
| | | ] |
| | | } |
| | | ], |
| | | "SubnetId": { |
| | | "Ref": "PublicSubnet" |
| | | }, |
| | | "Tags": [ |
| | | { |
| | | "Key": "Name", |
| | | "Value": "node" |
| | | }, |
| | | { |
| | | "Key": "AnsibleGroup", |
| | | "Value": "nodes" |
| | | }, |
| | | { |
| | | "Key": "Project", |
| | | "Value": "{{project_tag}}" |
| | | }, |
| | | { |
| | | "Key": "{{ project_tag }}", |
| | | "Value": "node" |
| | | } |
| | | ], |
| | | "BlockDeviceMappings": [ |
| | | { |
| | | "DeviceName": "/dev/xvda", |
| | | "Ebs": { |
| | | "VolumeSize": 30 |
| | | } |
| | | }, |
| | | { |
| | | "DeviceName": "/dev/xvdb", |
| | | "Ebs": { |
| | | "VolumeType": "gp2", |
| | | "VolumeSize": 100 |
| | | } |
| | | } |
| | | ] |
| | | } |
| | | |
| | | }, |
| | | |
| | | "node{{loop.index}}DNS": { |
| | | "Type": "AWS::Route53::RecordSetGroup", |
| | | "Properties": { |
| | | "HostedZoneId" : { "Ref" : "zoneinternalidns" }, |
| | | |
| | | "RecordSets": [ |
| | | { |
| | | "Name": "node{{loop.index}}.{{zone_internal_dns}}", |
| | | "Type": "A", |
| | | "TTL": "10", |
| | | "ResourceRecords": [ |
| | | { |
| | | "Fn::GetAtt": [ |
| | | "node{{loop.index}}", |
| | | "PrivateIp" |
| | | ] |
| | | } |
| | | ] |
| | | } |
| | | ] |
| | | } |
| | | }, |
| | | {% endfor %} |
| | | |
| | | |
| | | |
| | | {% for c in range(1,(infranode_instance_count|int)+1) %} |
| | | |
| | | |
| | | "infranode{{loop.index}}": { |
| | | "Type": "AWS::EC2::Instance", |
| | | "Properties": { |
| | | "ImageId": { |
| | | "Fn::FindInMap": [ |
| | | "RegionMapping", |
| | | { |
| | | "Ref": "AWS::Region" |
| | | }, |
| | | "AMI" |
| | | ] |
| | | }, |
| | | "InstanceType": "{{infranode_instance_type}}", |
| | | "KeyName": "{{key_name}}", |
| | | "SecurityGroupIds": [ |
| | | { |
| | | "Fn::GetAtt": [ |
| | | "HostSG", |
| | | "GroupId" |
| | | ] |
| | | } |
| | | ], |
| | | "SubnetId": { |
| | | "Ref": "PublicSubnet" |
| | | }, |
| | | "Tags": [ |
| | | { |
| | | "Key": "Name", |
| | | "Value": "infranode" |
| | | }, |
| | | { |
| | | "Key": "AnsibleGroup", |
| | | "Value": "infranodes" |
| | | }, |
| | | { |
| | | "Key": "Project", |
| | | "Value": "{{project_tag}}" |
| | | }, |
| | | { |
| | | "Key": "{{ project_tag }}", |
| | | "Value": "infranode" |
| | | } |
| | | ], |
| | | "BlockDeviceMappings": [ |
| | | { |
| | | "DeviceName": "/dev/xvda", |
| | | "Ebs": { |
| | | "VolumeSize": 30 |
| | | } |
| | | }, |
| | | { |
| | | "DeviceName": "/dev/xvdb", |
| | | "Ebs": { |
| | | "VolumeType": "gp2", |
| | | "VolumeSize": 50 |
| | | } |
| | | } |
| | | ] |
| | | } |
| | | |
| | | }, |
| | | "infranode{{loop.index}}DNS": { |
| | | "Type": "AWS::Route53::RecordSetGroup", |
| | | "Properties": { |
| | | "HostedZoneId" : { "Ref" : "zoneinternalidns" }, |
| | | |
| | | "RecordSets": [ |
| | | { |
| | | "Name": "infranode{{loop.index}}.{{zone_internal_dns}}", |
| | | "Type": "A", |
| | | "TTL": "10", |
| | | "ResourceRecords": [ |
| | | { |
| | | "Fn::GetAtt": [ |
| | | "infranode{{loop.index}}", |
| | | "PrivateIp" |
| | | ] |
| | | } |
| | | ] |
| | | } |
| | | ] |
| | | } |
| | | }, |
| | | |
| | | {% endfor %} |
| | | |
| | | |
| | | |
| | | {% for c in range(1,(support_instance_count|int)+1) %} |
| | | "support{{loop.index}}": { |
| | | "Type": "AWS::EC2::Instance", |
| | | "Properties": { |
| | | "ImageId": { |
| | | "Fn::FindInMap": [ |
| | | "RegionMapping", |
| | | { |
| | | "Ref": "AWS::Region" |
| | | }, |
| | | "AMI" |
| | | ] |
| | | }, |
| | | "InstanceType": "{{support_instance_type}}", |
| | | "KeyName": "{{key_name}}", |
| | | "SecurityGroupIds": [ |
| | | { |
| | | "Fn::GetAtt": [ |
| | | "HostSG", |
| | | "GroupId" |
| | | ] |
| | | } |
| | | ], |
| | | "SubnetId": { |
| | | "Ref": "PublicSubnet" |
| | | }, |
| | | "Tags": [ |
| | | { |
| | | "Key": "Name", |
| | | "Value": "support" |
| | | }, |
| | | { |
| | | "Key": "AnsibleGroup", |
| | | "Value": "support" |
| | | }, |
| | | { |
| | | "Key": "Project", |
| | | "Value": "{{project_tag}}" |
| | | }, |
| | | { |
| | | "Key": "{{ project_tag }}", |
| | | "Value": "support" |
| | | } |
| | | ], |
| | | "BlockDeviceMappings": [ |
| | | { |
| | | "DeviceName": "/dev/xvda", |
| | | "Ebs": { |
| | | "VolumeSize": 30 |
| | | } |
| | | }, |
| | | { |
| | | "DeviceName": "/dev/xvdb", |
| | | "Ebs": { |
| | | "VolumeType": "gp2", |
| | | "VolumeSize": 50 |
| | | } |
| | | } |
| | | ] |
| | | } |
| | | |
| | | }, |
| | | "support{{loop.index}}DNS": { |
| | | "Type": "AWS::Route53::RecordSetGroup", |
| | | "Properties": { |
| | | "HostedZoneId" : { "Ref" : "zoneinternalidns" }, |
| | | |
| | | "RecordSets": [ |
| | | { |
| | | "Name": "support{{loop.index}}.{{zone_internal_dns}}", |
| | | "Type": "A", |
| | | "TTL": "10", |
| | | "ResourceRecords": [ |
| | | { |
| | | "Fn::GetAtt": [ |
| | | "support{{loop.index}}", |
| | | "PrivateIp" |
| | | ] |
| | | } |
| | | ] |
| | | } |
| | | ] |
| | | } |
| | | }, |
| | | {% endfor %} |
| | | |
| | | |
| | | }, |
| | | "Outputs": { |
| | | "Route53internalzoneOutput": { |
| | | "Description": "The ID of the internal route 53 zone", |
| | | "Value": { |
| | | "Ref": "zoneinternalidns" |
| | | } |
| | | } |
| | | } |
| | | } |
New file |
| | |
| | | { |
| | | "Comment": "Create internal dns zone entries", |
| | | "Changes": [ |
| | | |
| | | |
| | | |
| | | |
| | | {% for host in groups['masters'] %} |
| | | { |
| | | "Action": "{{DNS_action}}", |
| | | "ResourceRecordSet": { |
| | | "Name": "master{{loop.index}}.{{zone_internal_dns}}", |
| | | "Type": "A", |
| | | "TTL": 20, |
| | | "ResourceRecords": [ { "Value": "{{hostvars[host]['ec2_private_ip_address']}}" } ] |
| | | } |
| | | }, |
| | | {% endfor %} |
| | | |
| | | |
| | | {% for host in groups['infranodes'] %} |
| | | { |
| | | "Action": "{{DNS_action}}", |
| | | "ResourceRecordSet": { |
| | | "Name": "infranode{{loop.index}}.{{zone_internal_dns}}", |
| | | "Type": "A", |
| | | "TTL": 20, |
| | | "ResourceRecords": [ { "Value": "{{hostvars[host]['ec2_private_ip_address']}}" } ] |
| | | } |
| | | }, |
| | | {% endfor %} |
| | | |
| | | |
| | | |
| | | {% for host in groups['nodes'] %} |
| | | { |
| | | "Action": "{{DNS_action}}", |
| | | "ResourceRecordSet": { |
| | | "Name": "node{{loop.index}}.{{zone_internal_dns}}", |
| | | "Type": "A", |
| | | "TTL": 20, |
| | | "ResourceRecords": [ { "Value": "{{hostvars[host]['ec2_private_ip_address']}}" } ] |
| | | } |
| | | }, |
| | | {% endfor %} |
| | | |
| | | {% for host in groups['support'] %} |
| | | { |
| | | "Action": "{{DNS_action}}", |
| | | "ResourceRecordSet": { |
| | | "Name": "nfs{{loop.index}}.{{zone_internal_dns}}", |
| | | "Type": "A", |
| | | "TTL": 20, |
| | | "ResourceRecords": [ { "Value": "{{hostvars[host]['ec2_private_ip_address']}}" } ] |
| | | } |
| | | }, |
| | | {% endfor %} |
| | | |
| | | {% for host in groups['bastions'] %} |
| | | { |
| | | "Action": "{{DNS_action}}", |
| | | "ResourceRecordSet": { |
| | | "Name": "bastion.{{zone_internal_dns}}", |
| | | "Type": "A", |
| | | "TTL": 20, |
| | | "ResourceRecords": [ { "Value": "{{hostvars[host]['ec2_private_ip_address']}}" } ] |
| | | } |
| | | } |
| | | {% endfor %} |
| | | |
| | | ] |
| | | } |
New file |
| | |
| | | [OSEv3:vars] |
| | | |
| | | ########################################################################### |
| | | ### Ansible Vars |
| | | ########################################################################### |
| | | timeout=60 |
| | | ansible_become=yes |
| | | ansible_ssh_user={{ansible_ssh_user}} |
| | | |
| | | |
| | | ########################################################################### |
| | | ### OpenShift Basic Vars |
| | | ########################################################################### |
| | | openshift_metrics_image_version=v{{ repo_version }} |
| | | #openshift_image_tag=v{{ repo_version }} |
| | | openshift_release={{ osrelease }} |
| | | #docker_version="{{docker_version}}" |
| | | deployment_type=openshift-enterprise |
| | | containerized=false |
| | | openshift_disable_check="disk_availability,memory_availability,docker_image_availability" |
| | | |
| | | # default project node selector |
| | | osm_default_node_selector='env=users' |
| | | |
| | | |
| | | ########################################################################### |
| | | ### OpenShift Optional Vars |
| | | ########################################################################### |
| | | |
| | | |
| | | # Enable cockpit |
| | | osm_use_cockpit=true |
| | | osm_cockpit_plugins=['cockpit-kubernetes'] |
| | | |
| | | ########################################################################### |
| | | ### OpenShift Master Vars |
| | | ########################################################################### |
| | | |
| | | openshift_master_api_port={{master_api_port}} |
| | | openshift_master_console_port={{master_api_port}} |
| | | |
| | | openshift_master_cluster_method=native |
| | | openshift_master_cluster_hostname={{master_lb_dns}} |
| | | openshift_master_cluster_public_hostname={{master_lb_dns}} |
| | | openshift_master_default_subdomain={{cloudapps_suffix}} |
| | | |
| | | ########################################################################### |
| | | ### OpenShift Network Vars |
| | | ########################################################################### |
| | | |
| | | osm_cluster_network_cidr=10.1.0.0/16 |
| | | openshift_portal_net=172.30.0.0/16 |
| | | |
| | | |
| | | #os_sdn_network_plugin_name='redhat/openshift-ovs-multitenant' |
| | | {{multi_tenant_setting}} |
| | | |
| | | |
| | | ########################################################################### |
| | | ### OpenShift Authentication Vars |
| | | ########################################################################### |
| | | |
| | | |
| | | |
| | | {% if install_idm == "ldap" %} |
| | | |
| | | openshift_master_identity_providers=[{'name': 'ldap', 'challenge': 'true', 'login': 'true', 'kind': 'LDAPPasswordIdentityProvider','attributes': {'id': ['dn'], 'email': ['mail'], 'name': ['cn'], 'preferredUsername': ['uid']}, 'bindDN': 'uid=ose-mwl-auth,cn=users,cn=accounts,dc=opentlc,dc=com', 'bindPassword': '{{bindPassword}}', 'ca': 'ipa-ca.crt','insecure': 'false', 'url': 'ldaps://ipa1.opentlc.com:636/cn=users,cn=accounts,dc=opentlc,dc=com?uid'}] |
| | | {{openshift_master_ldap_ca_file}} |
| | | |
| | | {% endif %} |
| | | |
| | | |
| | | {% if install_idm == "allow_all" %} |
| | | openshift_master_identity_providers=[{'name': 'allow_all', 'login': 'true', 'challenge': 'true', 'kind': 'AllowAllPasswordIdentityProvider'}] |
| | | {% endif %} |
| | | |
| | | {% if install_idm == "htpasswd" %} |
| | | |
| | | # htpasswd auth |
| | | openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', 'filename': '/etc/origin/master/htpasswd'}] |
| | | # Defining htpasswd users |
| | | #openshift_master_htpasswd_users={'user1': '<pre-hashed password>', 'user2': '<pre-hashed password>'} |
| | | # or |
| | | openshift_master_htpasswd_file=/root/htpasswd.openshift |
| | | |
| | | {% endif %} |
| | | |
| | | ########################################################################### |
| | | ### OpenShift Metrics and Logging Vars |
| | | ########################################################################### |
| | | |
| | | # Enable cluster metrics |
| | | openshift_hosted_metrics_deploy={{install_metrics}} |
| | | openshift_hosted_metrics_storage_kind=nfs |
| | | openshift_hosted_metrics_storage_access_modes=['ReadWriteOnce'] |
| | | openshift_hosted_metrics_storage_host=support1.{{guid}}.internal |
| | | openshift_hosted_metrics_storage_nfs_directory=/srv/nfs |
| | | openshift_hosted_metrics_storage_nfs_options='*(rw,root_squash)' |
| | | openshift_hosted_metrics_storage_volume_name=metrics |
| | | openshift_hosted_metrics_storage_volume_size=10Gi |
| | | |
| | | # Enable cluster logging |
| | | openshift_hosted_logging_deploy={{install_logging}} |
| | | openshift_hosted_logging_storage_kind=nfs |
| | | openshift_hosted_logging_storage_access_modes=['ReadWriteOnce'] |
| | | openshift_hosted_logging_storage_nfs_directory=/srv/nfs |
| | | openshift_hosted_logging_storage_nfs_options='*(rw,root_squash)' |
| | | openshift_hosted_logging_storage_volume_name=logging |
| | | openshift_hosted_logging_storage_volume_size=10Gi |
| | | openshift_hosted_logging_hostname=kibana.{{cloudapps_suffix}} |
| | | openshift_hosted_logging_elasticsearch_cluster_size=1 |
| | | |
| | | |
| | | openshift_hosted_logging_deployer_version=v{{repo_version}} |
| | | # This one is wrong (down arrow) |
| | | #openshift_hosted_logging_image_version=v{{repo_version}} |
| | | |
| | | ########################################################################### |
| | | ### OpenShift Project Management Vars |
| | | ########################################################################### |
| | | |
| | | # Configure additional projects |
| | | openshift_additional_projects={'my-infra-project-test': {'default_node_selector': 'env=infra'}} |
| | | |
| | | |
| | | |
| | | ########################################################################### |
| | | ### OpenShift Router and Registry Vars |
| | | ########################################################################### |
| | | |
| | | openshift_hosted_router_selector='env=infra' |
| | | openshift_hosted_router_replicas=1 |
| | | |
| | | openshift_hosted_registry_selector='env=infra' |
| | | openshift_hosted_registry_replicas=1 |
| | | |
| | | # Registry AWS S3 |
| | | # S3 bucket must already exist. |
| | | openshift_hosted_registry_storage_kind=object |
| | | openshift_hosted_registry_storage_provider=s3 |
| | | openshift_hosted_registry_storage_s3_accesskey={{ aws_access_key_id }} |
| | | openshift_hosted_registry_storage_s3_secretkey={{ aws_secret_access_key }} |
| | | openshift_hosted_registry_storage_s3_bucket={{ env_type }}-{{ guid }} |
| | | |
| | | openshift_hosted_registry_storage_s3_region={{ aws_region }} |
| | | openshift_hosted_registry_storage_s3_chunksize=26214400 |
| | | openshift_hosted_registry_storage_s3_rootdirectory=/registry |
| | | |
| | | |
| | | ########################################################################### |
| | | ### OpenShift Service Catalog Vars |
| | | ########################################################################### |
| | | |
| | | openshift_enable_service_catalog=true |
| | | template_service_broker_install=true |
| | | openshift_template_service_broker_namespaces=['openshift'] |
| | | |
| | | ansible_service_broker_install=false |
| | | |
| | | [OSEv3:children] |
| | | lb |
| | | masters |
| | | etcd |
| | | nodes |
| | | nfs |
| | | |
| | | [lb] |
| | | {% for host in groups['loadbalancers'] %} |
| | | {{ hostvars[host].internaldns }} host_zone={{hostvars[host].placement}} |
| | | {% endfor %} |
| | | |
| | | [masters] |
| | | {% for host in groups['masters'] %} |
| | | master{{loop.index}}.{{chomped_zone_internal_dns}} |
| | | {% endfor %} |
| | | |
| | | [etcd] |
| | | {% for host in groups['masters'] %} |
| | | master{{loop.index}}.{{chomped_zone_internal_dns}} |
| | | {% endfor %} |
| | | |
| | | |
| | | [nodes] |
| | | ## These are the masters |
| | | {% for host in groups['masters'] %} |
| | | master{{loop.index}}.{{chomped_zone_internal_dns}} openshift_hostname=master{{loop.index}}.{{chomped_zone_internal_dns}} ansible_ssh_user={{remote_user}} ansible_ssh_private_key_file=~/.ssh/{{key_name}}.pem openshift_node_labels="{'logging':'true','openshift_schedulable':'False','cluster': '{{guid}}'}" |
| | | {% endfor %} |
| | | |
| | | ## These are infranodes |
| | | {% for host in groups['infranodes'] %} |
| | | infranode{{loop.index}}.{{chomped_zone_internal_dns}} openshift_hostname=infranode{{loop.index}}.{{chomped_zone_internal_dns}} openshift_ip={{hostvars[host]['ec2_private_ip_address']}} ansible_ssh_user={{remote_user}} ansible_ssh_private_key_file=~/.ssh/{{key_name}}.pem openshift_node_labels="{'logging':'true','cluster': '{{guid}}', 'env':'infra''}" |
| | | {% endfor %} |
| | | |
| | | ## These are regular nodes |
| | | {% for host in groups['nodes'] %} |
| | | node{{loop.index}}.{{chomped_zone_internal_dns}} openshift_hostname=node{{loop.index}}.{{chomped_zone_internal_dns}} openshift_ip={{hostvars[host]['ec2_private_ip_address']}} ansible_ssh_user={{remote_user}} ansible_ssh_private_key_file=~/.ssh/{{key_name}}.pem openshift_node_labels="{'logging':'true','cluster': '{{guid}}', 'env':'users'}" |
| | | {% endfor %} |
| | | |
| | | [nfs] |
| | | {% for host in groups['support'] %} |
| | | support{{loop.index}}.{{chomped_zone_internal_dns}} openshift_hostname=support{{loop.index}}.{{chomped_zone_internal_dns}} openshift_ip={{hostvars[host]['ec2_private_ip_address']}} ansible_ssh_user={{remote_user}} ansible_ssh_private_key_file=~/.ssh/{{key_name}}.pem |
| | | {% endfor %} |
New file |
| | |
| | | andrew:$apr1$dZPb2ECf$ercevOFO5znrynUfUj4tb/ |
| | | karla:$apr1$FQx2mX4c$eJc21GuVZWNg1ULF8I2G31 |
| | | user1:$apr1$FmrTsuSa$yducoDpvYq0KEV0ErmwpA1 |
| | | user2:$apr1$JCcW2XQM$8takcyaYYrPT5I8M46TA01 |
| | | user3:$apr1$zPC/rXKY$2PGF7dRsGwC3i8YJ59aOk0 |
| | | user4:$apr1$e9/zT6dh$J18M.9zyn3DazrYreGV.B/ |
| | | user5:$apr1$Nu/XJFVP$DgybymePret.Prch9MyxP/ |
| | | user6:$apr1$VEbpwL9M$c1oFwS.emkt8fyR24zOzd0 |
| | | user7:$apr1$wZxsnY/A$PK0O7iofGJJsvOZ3ctoNo. |
| | | user8:$apr1$5YBAWpGg$YO4ACHZL.c31NbQZH9LlE. |
| | | user9:$apr1$CIxB1enN$Aghb7.S4U3SXPRt55hTWI. |
| | | user10:$apr1$dWTDSR23$UGGJtkVC1ERmAOikomI9K0 |
| | | user11:$apr1$j4fPyRZg$nNJk1nt1vAf54HAB/g/8g/ |
| | | user12:$apr1$dd6kysUI$ueu/9.gbL0LkjpCbSjFNI. |
| | | user13:$apr1$DeRaAbVq$ZI3HtBzQxWYHifjIuPJSM1 |
| | | user14:$apr1$dUuWDYgk$co6NQ4Dbcp3pQjVO5dR7Q. |
| | | user15:$apr1$4QmhSys7$wC.fKmKRqLNqoYqQ1dixJ/ |
| | | user16:$apr1$RHcOPHg7$p9LgYP6zE4nMDlA8ongVc/ |
| | | user17:$apr1$pji2xxHN$vvUHj/fbQRgLR.WBMblQH/ |
| | | user18:$apr1$Lm79l0Qr$KgZSAuPcrTo4.GIWTBLGa/ |
| | | user19:$apr1$KGxvneIX$.GJo7JB.N/c1FLW7vlblx/ |
| | | user20:$apr1$WfYdosg5$cU1BsAzkIhTzKBx8Rvd3o1 |
| | | user21:$apr1$cKRCbWLl$WCVjYUxD22GS5RRv1npwR1 |
| | | user22:$apr1$QhpgOkFU$Y6Nn7NEPbJk3D9ehFb4i50 |
| | | user23:$apr1$dVgQOh7j$L3JZlN8ZmdEwebXqD66Yl0 |
| | | user24:$apr1$z/U5MAQB$GvKG3i8ATXWHhoxN9e0HS/ |
| | | user25:$apr1$gFHGMQUV$w11pZbcBqVKOylr9TZ1EW. |
| | | user26:$apr1$5YG0dnOG$GzbnTQMBe0Dqc3f3pwvPL1 |
| | | user27:$apr1$Kt6VoxNS$nq1Kzd53DUL8h8gfu4fEq/ |
| | | user28:$apr1$aLAQHJ4d$qTRmUpw2eF9whEwDyIixG0 |
| | | user29:$apr1$3HH4pgpa$Uh84gx3UP8vyPRfAIMPRl1 |
| | | user30:$apr1$bbEEX3EF$ozw4jPcYHwVO7.MRzXtu0. |
| | | user31:$apr1$hD0kfz7i$SjNdGZbvto5EifBma5iA5. |
| | | user32:$apr1$fRMBUYu8$T5BQ8kI3pMgqXaRH7l8p.. |
| | | user33:$apr1$es9ruteO$jZsV5/H8GIzw.vCfPs5310 |
| | | user34:$apr1$OQ1I/gHn$.WA01EeXhDLE1K3vWD1wu. |
| | | user35:$apr1$KseEJXTS$kE/QO1XT0mZ44Iyw/ofnj/ |
| | | user36:$apr1$PglCzG.g$44QsoAyMhanH5A40P5jhY1 |
| | | user37:$apr1$2d5ggTIZ$xYsfdRBLOlEsnWRFVS9Yl0 |
| | | user38:$apr1$x/cdV95V$mKFZmSkoBjeEu.HZshO0n. |
| | | user39:$apr1$VC6.WQOS$fAOAR1mx/i7Pnt2oGsDmu/ |
| | | user40:$apr1$n36Hr3zC$lEVq4B7UWmdcnl01lUyR.. |
| | | user41:$apr1$/q6tJtXi$9mCB1YCqdhEE6VVVVkVKc/ |
| | | user42:$apr1$fTMTWEzw$X4MsyNlWketRjQgqonwxn. |
| | | user43:$apr1$.VwoJu38$D4v4NKL1KPuRZdNeprBXS/ |
| | | user44:$apr1$e0s48GLK$JMQ849MeckVX0wG2vE2s10 |
| | | user45:$apr1$a9ucQ1sC$HEMij.WGEa1xIQ01HpyKh1 |
| | | user46:$apr1$uwOs/4nv$TB2r3pOPJ2K0A./CimVUT1 |
| | | user47:$apr1$jfTmW1k5$Fd2ebTUtFFl3CLZWfFmRR. |
| | | user48:$apr1$4/apB/zd$IxoWJ5pTRNGgbxx3Ayl/i0 |
| | | user49:$apr1$nu75PZ0r$bPCMgDmlOAj.YbeFPHJHE. |
| | | user50:$apr1$c/R3wJ/g$GJ03siVj5tkNxrg4OaxhJ0 |
| | | user51:$apr1$EdEX6Pyt$IdPQHmhZi8FEbJjREVbe1/ |
| | | user52:$apr1$ZMfyTjjX$RFOrnKsSr5xXA7IXn7TkC/ |
| | | user53:$apr1$GY.rOkJM$uMCqJmmorP5I1v.YHHz1Z/ |
| | | user54:$apr1$1vuZq/U0$Aq0Kz3wk0YPleDz/rTCdK0 |
| | | user55:$apr1$KjULqmcD$XrhyYt2nWuiaQkbciDIcN/ |
| | | user56:$apr1$gTPaNeq0$sqWJDPZ5//ZDjLf0dSbUh1 |
| | | user57:$apr1$6PaKhdlY$dX2FkVJ0xV.4MAQeDUgRT0 |
| | | user58:$apr1$.8MSdEpY$MPIbUO2WnC0wsno8zUOjC. |
| | | user59:$apr1$TWpKuAvt$CFeTQxxSgeU3dFkL4qpXb. |
| | | user60:$apr1$fEYUgRVU$LO2qwXfpxwI9fDXPfQgQB0 |
| | | user61:$apr1$HHUBEn4G$.cAnwbh.ogNEzQSug3nqo/ |
| | | user62:$apr1$Agt4GmKT$4k3Ev3FSJiNsbht3vUbxQ/ |
| | | user63:$apr1$FsUKA7Hw$nkSgqSIFeqCY1mOyGje3O1 |
| | | user64:$apr1$vBlkQoG4$8L2mTo8gdr8wC68G2y2G91 |
| | | user65:$apr1$McEnEqn4$dZvjACdGp0HALVHBtHEu80 |
| | | user66:$apr1$zamuhlOG$Xch5pbO1ki2Dad1dzjS4j. |
| | | user67:$apr1$qC1rll4s$cN4DzsWnyFBTNi3Cdi6161 |
| | | user68:$apr1$txKPCx1k$WtrlrlP.UF.Rlzbnv6igE/ |
| | | user69:$apr1$EO2A25Sj$DO/1lCNJJXff4GOsTZmHL/ |
| | | user70:$apr1$pJu569Az$nHtF2ZkUrNXw9WN0Obb/T1 |
| | | user71:$apr1$YKpEtZka$c59Fmov1cssRdrO5VqBKz1 |
| | | user72:$apr1$CNkwam0s$b.QcPWytnhlOsaajMQx630 |
| | | user73:$apr1$m5kE07o0$7TC3K.I16YTaRyN8EZq7E/ |
| | | user74:$apr1$/5p0Qoyy$hjQ30Q8Ghb4zNrjjt2yLk/ |
| | | user75:$apr1$ZF3yRTqJ$TgLBllrvTQuuiIjSb53xR0 |
| | | user76:$apr1$711LL2Ai$59rBNmFprwZXtyFVBtRul0 |
| | | user77:$apr1$N4uJhPSq$A.rVfAsRXCQqxOenDHjqX1 |
| | | user78:$apr1$PHSpv5ty$WC8GlQpclQqH30eWPu.6e. |
| | | user79:$apr1$c/yk9dQ9$dvhh.P4F5zGnysBvwps4m/ |
| | | user80:$apr1$oTmftf8R$FYzQD77hYfh9Wq3SvwYU7/ |
| | | user81:$apr1$3YvQ/JPg$sDXhV8xpHNxQzFSvMMxAD1 |
| | | user82:$apr1$quKB2P2.$iq.ZzDa3/xoaoY3.F1Un90 |
| | | user83:$apr1$IVq8346H$lPQJZ7Thr/gJ2EmzDsktH0 |
| | | user84:$apr1$xfehskAD$NRMQJttylejHtNKQqBj.k. |
| | | user85:$apr1$/LYLXNbH$/COZBzkaU0pPOXR38ZFVX/ |
| | | user86:$apr1$a/xD3Jfw$rZXN4ykj0W6qadlh447n// |
| | | user87:$apr1$v01l1ljr$tGDKwdhKC05HEbntSxV5M0 |
| | | user88:$apr1$9RYtWl12$ck19ozvS.SWeAAaDZqE940 |
| | | user89:$apr1$EvSs2TA2$fRDg0hVOCf2jbhwXifzbs. |
| | | user90:$apr1$9ffAneiG$CAz5JWeIPGnamOQlVRGIk. |
| | | user91:$apr1$Z3XW5Yy4$Kibx7GmgdpC6CAM0IxhtC0 |
| | | user92:$apr1$6CfIrBqr$5nGNCGA5QOPq/h8hlOE4f. |
| | | user93:$apr1$iJ4AQyfu$fkXSVib.OzPCSBQlLhwwS. |
| | | user94:$apr1$jiPqi0uI$XyYDQt0kcawqFLX12VW3n/ |
| | | user95:$apr1$ULEkhfG2$/WHcoR9KJxAS3uw470Vkk. |
| | | user96:$apr1$56tQXa91$l0yaZgZHbDidgw95IP7yQ1 |
| | | user97:$apr1$SoGwK9hP$YbceEfwmsM3QCdNGAaE1b. |
| | | user98:$apr1$MVU1/8dh$UKzkRk1CQP00SvnoPIm1.. |
| | | user99:$apr1$v8vKZdHH$NC5xud.olhtdydHU9hav6. |
| | | user100:$apr1$glFN48wz$dR9w94PGiQL8qZXcXGd0L0 |
New file |
| | |
| | | [OCPlabs:vars] |
| | | |
| | | ########################################################################### |
| | | ### Ansible Vars |
| | | ########################################################################### |
| | | timeout=60 |
| | | ansible_become=yes |
| | | ansible_ssh_user={{ansible_ssh_user}} |
| | | |
| | | |
| | | |
| | | [OCPlabs:children] |
| | | lb |
| | | masters |
| | | etcd |
| | | nodes |
| | | nfs |
| | | |
| | | [lb] |
| | | {% for host in groups['loadbalancers'] %} |
| | | {{ hostvars[host].internaldns }} host_zone={{hostvars[host].placement}} |
| | | {% endfor %} |
| | | |
| | | |
| | | [masters] |
| | | {% for host in groups['masters'] %} |
| | | master{{loop.index}}.{{chomped_zone_internal_dns}} host_zone={{hostvars[host]['placement']}} |
| | | {% endfor %} |
| | | |
| | | |
| | | [etcd] |
| | | {% for host in groups['masters'] %} |
| | | master{{loop.index}}.{{chomped_zone_internal_dns}} host_zone={{hostvars[host]['placement']}} |
| | | {% endfor %} |
| | | |
| | | [nodes] |
| | | ## These are the masters |
| | | {% for host in groups['masters'] %} |
| | | master{{loop.index}}.{{chomped_zone_internal_dns}} host_zone={{hostvars[host]['placement']}} |
| | | {% endfor %} |
| | | |
| | | ## These are infranodes |
| | | |
| | | {% for host in groups['infranodes'] %} |
| | | infranode{{loop.index}}.{{chomped_zone_internal_dns}} host_zone={{hostvars[host]['placement']}} |
| | | {% endfor %} |
| | | |
| | | ## These are regular nodes |
| | | |
| | | {% for host in groups['nodes'] %} |
| | | node{{loop.index}}.{{chomped_zone_internal_dns}} host_zone={{hostvars[host]['placement']}} |
| | | {% endfor %} |
| | | |
| | | [nfs] |
| | | {% for host in groups['support'] %} |
| | | support{{loop.index}}.{{chomped_zone_internal_dns}} host_zone={{hostvars[host]['placement']}} |
| | | {% endfor %} |
New file |
| | |
| | | --- |
| | | {% for pv in pv_list %} |
| | | apiVersion: v1 |
| | | kind: PersistentVolume |
| | | metadata: |
| | | name: {{ pv }} |
| | | spec: |
| | | capacity: |
| | | storage: {{pv_size}} |
| | | accessModes: |
| | | - ReadWriteOnce |
| | | nfs: |
| | | path: {{ nfs_export_path }}/{{pv}} |
| | | server: nfs1.{{guid}}.internal |
| | | persistentVolumeReclaimPolicy: {{persistentVolumeReclaimPolicy}} |
| | | --- |
| | | {% endfor %} |
New file |
| | |
| | | [rhel-7-server-rpms] |
| | | name=Red Hat Enterprise Linux 7 |
| | | baseurl={{own_repo_path}}/rhel-7-server-rpms |
| | | enabled=1 |
| | | gpgcheck=0 |
| | | |
| | | [rhel-7-server-rh-common-rpms] |
| | | name=Red Hat Enterprise Linux 7 Common |
| | | baseurl={{own_repo_path}}/rhel-7-server-rh-common-rpms |
| | | enabled=1 |
| | | gpgcheck=0 |
| | | |
| | | [rhel-7-server-extras-rpms] |
| | | name=Red Hat Enterprise Linux 7 Extras |
| | | baseurl={{own_repo_path}}/rhel-7-server-extras-rpms |
| | | enabled=1 |
| | | gpgcheck=0 |
| | | |
| | | [rhel-7-server-optional-rpms] |
| | | name=Red Hat Enterprise Linux 7 Optional |
| | | baseurl={{own_repo_path}}/rhel-7-server-optional-rpms |
| | | enabled=1 |
| | | gpgcheck=0 |
| | | |
| | | [rhel-7-server-ose-{{repo_version}}-rpms] |
| | | name=Red Hat Enterprise Linux 7 OSE {{repo_version}} |
| | | baseurl={{own_repo_path}}/rhel-7-server-ose-{{repo_version}}-rpms |
| | | enabled=1 |
| | | gpgcheck=0 |
| | | |
| | | ## Required since OCP 3.5 |
| | | [rhel-7-fast-datapath-rpms] |
| | | name=Red Hat Enterprise Linux Fast Datapath (RHEL 7 Server) (RPMs) |
| | | baseurl={{own_repo_path}}/rhel-7-fast-datapath-rpms |
| | | enabled=1 |
| | | gpgcheck=0 |
New file |
| | |
| | | --- |
| | | {% for pv in range(1,user_vols) %} |
| | | apiVersion: v1 |
| | | kind: PersistentVolume |
| | | metadata: |
| | | name: vol{{ pv }} |
| | | spec: |
| | | capacity: |
| | | storage: {{ pv_size }} |
| | | accessModes: |
| | | - ReadWriteOnce |
| | | {% if pv % 2 == 0 %} |
| | | - ReadWriteMany |
| | | {% endif %} |
| | | nfs: |
| | | path: {{ nfs_export_path }}/user-vols/vol{{pv}} |
| | | server: nfs1.{{guid}}.internal |
| | | persistentVolumeReclaimPolicy: {{ persistentVolumeReclaimPolicy }} |
| | | --- |
| | | {% endfor %} |
New file |
| | |
| | | - name: Step 002 Post Infrastructure |
| | | hosts: localhost |
| | | connection: local |
| | | become: false |
| | | vars_files: |
| | | - "./env_vars.yml" |
| | | - "./env_secret_vars.yml" |
| | | tags: |
| | | - step002 |
| | | - post_infrastructure |
| | | tasks: |
| | | - debug: |
| | | msg: "Step 001 Post Infrastructure - There are no post_infrastructure tasks defined" |
| | | when: "not {{ tower_run | default(false) }}" |
| | | - name: Job Template to launch a Job Template with update on launch inventory set |
| | | uri: |
| | | url: "https://{{ ansible_tower_ip }}/api/v1/job_templates/{{ job_template_id }}/launch/" |
| | | method: POST |
| | | user: "{{tower_admin}}" |
| | | password: "{{tower_admin_password}}" |
| | | body: |
| | | extra_vars: |
| | | guid: "{{guid}}" |
| | | ipa_host_password: "{{ipa_host_password}}" |
| | | |
| | | body_format: json |
| | | validate_certs: False |
| | | HEADER_Content-Type: "application/json" |
| | | status_code: 200, 201 |
| | | when: "{{ tower_run | default(false) }}" |
| | | tags: |
| | | - tower_workaround |
New file |
| | |
| | | #vim: set ft=ansible: |
| | | --- |
| | | - name: Step 005 - Post Software deployment |
| | | hosts: localhost |
| | | connection: local |
| | | become: false |
| | | vars_files: |
| | | - "./env_vars.yml" |
| | | - "./env_secret_vars.yml" |
| | | tags: |
| | | - step005 |
| | | tasks: |
| | | - name: Overwrite ansible hosts file with lab hosts file |
| | | template: |
| | | src: "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/files/labs_hosts_template.j2" |
| | | dest: "{{ ANSIBLE_REPO_PATH }}/workdir/labs_hosts-{{ env_type }}-{{ guid }}" |
| | | |
| | | - name: Step lab post software deployment |
| | | hosts: bastions |
| | | gather_facts: False |
| | | become: yes |
| | | tags: |
| | | - opentlc_bastion_tasks |
| | | vars_files: |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml" |
| | | tasks: |
| | | - name: Ensures /etc/ansible dir exists |
| | | file: path=/etc/ansible state=directory |
| | | - name: Copy over ansible hosts file |
| | | copy: |
| | | backup: yes |
| | | src: "{{ ANSIBLE_REPO_PATH }}/workdir/labs_hosts-{{ env_type }}-{{ guid }}" |
| | | dest: /etc/ansible/hosts |
| | | tags: |
| | | - overwrite_hosts_with_lab_hosts |
| | | - name: install ipa client packages |
| | | yum: |
| | | name: "ipa-client" |
| | | state: present |
| | | - name: Register bastion with IPA |
| | | shell: "/usr/sbin/ipa-client-install --domain=OPENTLC.COM -w {{ipa_host_password}} -N -U --mkhomedir --no-dns-sshfp --hostname={{bastion_public_dns_chomped}}" |
New file |
| | |
| | | - name: Step 000 Pre Infrastructure |
| | | hosts: localhost |
| | | connection: local |
| | | become: false |
| | | vars_files: |
| | | - "./env_vars.yml" |
| | | - "./env_secret_vars.yml" |
| | | tags: |
| | | - step000 |
| | | - pre_infrastructure |
| | | tasks: |
| | | - debug: |
| | | msg: "Step 000 Pre Infrastructure - There are no pre_infrastructure tasks defined" |
New file |
| | |
| | | |
| | | - name: Step 003 - Create env key |
| | | hosts: localhost |
| | | connection: local |
| | | gather_facts: false |
| | | become: false |
| | | vars_files: |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml" |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_secret_vars.yml" |
| | | tags: |
| | | - step003 |
| | | - generate_env_keys |
| | | tasks: |
| | | - name: Generate SSH keys |
| | | shell: ssh-keygen -b 2048 -t rsa -f "{{ ANSIBLE_REPO_PATH }}/workdir/{{env_authorized_key}}" -q -N "" |
| | | args: |
| | | creates: "{{ ANSIBLE_REPO_PATH }}/workdir/{{env_authorized_key}}" |
| | | when: set_env_authorized_key |
| | | |
| | | |
| | | |
| | | # Cloudformation template or equivalent should tag all hosts with Project:{{ env_type }}-{{ guid }} |
| | | |
| | | - name: Configure all hosts with Repositories, Common Files and Set environment key |
| | | hosts: |
| | | - all:!windows |
| | | become: true |
| | | gather_facts: False |
| | | vars_files: |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml" |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_secret_vars.yml" |
| | | tags: |
| | | - step004 |
| | | - common_tasks |
| | | roles: |
| | | - { role: "{{ ANSIBLE_REPO_PATH }}/roles/set-repositories", when: 'repo_method is defined' } |
| | | - { role: "{{ ANSIBLE_REPO_PATH }}/roles/common", when: 'install_common' } |
| | | - { role: "{{ ANSIBLE_REPO_PATH }}/roles/set_env_authorized_key", when: 'set_env_authorized_key' } |
| | | |
| | | - name: Configuring Bastion Hosts |
| | | hosts: bastions |
| | | become: true |
| | | vars_files: |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml" |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_secret_vars.yml" |
| | | roles: |
| | | - { role: "{{ ANSIBLE_REPO_PATH }}/roles/bastion", when: 'install_bastion' } |
| | | tags: |
| | | - step004 |
| | | - bastion_tasks |
| | | |
| | | - name: Pre-software verification and ipa client |
| | | hosts: bastions |
| | | gather_facts: False |
| | | become: yes |
| | | tags: |
| | | - opentlc_bastion_tasks |
| | | vars_files: |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml" |
| | | tasks: |
| | | - name: install ipa client packages |
| | | yum: |
| | | name: "ipa-client" |
| | | state: present |
| | | when: "install_ipa_client" |
| | | - name: Register bastion with IPA |
| | | shell: "/usr/sbin/ipa-client-install --domain=OPENTLC.COM -w {{ipa_host_password}} -N -U --mkhomedir --no-dns-sshfp --hostname={{bastion_public_dns_chomped}}" |
| | | when: "install_ipa_client" |
| | | - name: Add opentlc-access ipa group to sudoers.d |
| | | lineinfile: |
| | | path: /etc/sudoers.d/opentlc-sudoers |
| | | state: present |
| | | create: yes |
| | | line: '%opentlc-access ALL=(ALL) NOPASSWD: ALL' |
| | | validate: '/usr/sbin/visudo -cf %s' |
| | | |
| | | - name: PreSoftware flight-check |
| | | hosts: localhost |
| | | connection: local |
| | | gather_facts: false |
| | | become: false |
| | | vars_files: |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml" |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_secret_vars.yml" |
| | | tags: |
| | | - flight_check |
| | | tasks: |
| | | - debug: |
| | | msg: "Pre-Software checks completed successfully" |
New file |
| | |
| | | --- |
| | | - name: Step 00xxxxx software |
| | | hosts: localhost |
| | | gather_facts: False |
| | | become: false |
| | | tasks: |
| | | - debug: |
| | | msg: "Software tasks Started" |
| | | |
| | | - name: Software flight-check |
| | | hosts: localhost |
| | | connection: local |
| | | gather_facts: false |
| | | become: false |
| | | tags: |
| | | - post_flight_check |
| | | tasks: |
| | | - debug: |
| | | msg: "Software checks completed successfully" |
New file |
| | |
| | | --- |
| | | - name: Step 00xxxxx software |
| | | hosts: localhost |
| | | gather_facts: False |
| | | become: false |
| | | tasks: |
| | | - debug: |
| | | msg: "Software tasks Started" |
| | | |
| | | - name: Software flight-check |
| | | hosts: localhost |
| | | connection: local |
| | | gather_facts: false |
| | | become: false |
| | | tags: |
| | | - post_flight_check |
| | | tasks: |
| | | - debug: |
| | | msg: "Software checks completed successfully" |
New file |
| | |
| | | --- |
| | | - name: Step 00xxxxx software |
| | | hosts: localhost |
| | | gather_facts: False |
| | | become: false |
| | | tasks: |
| | | - debug: |
| | | msg: "Software tasks Started" |
| | | |
| | | - name: Software flight-check |
| | | hosts: localhost |
| | | connection: local |
| | | gather_facts: false |
| | | become: false |
| | | tags: |
| | | - post_flight_check |
| | | tasks: |
| | | - debug: |
| | | msg: "Software checks completed successfully" |
| | |
| | | - name: Delete Infrastructure |
| | | hosts: localhost |
| | | connection: local |
| | | gather_facts: False |
| | | become: no |
| | | vars_files: |
| | | - "./env_vars.yml" |
| | | - "./env_secret_vars.yml" |
| | | |
| | | tasks: |
| | | - name: Destroy cloudformation template |
| | | cloudformation: |
| | | stack_name: "{{project_tag}}" |
| | | state: "absent" |
| | | region: "{{aws_region}}" |
| | | disable_rollback: false |
| | | tags: |
| | | Stack: "project {{env_type}}-{{ guid }}" |
| | | tags: [ destroying, destroy_cf_deployment ] |
| | | register: cloudformation_result |
| | | until: cloudformation_result|succeeded |
| | | retries: 5 |
| | | delay: 60 |
| | | ignore_errors: yes |
| | | |
| | | - name: report Cloudformation error |
| | | fail: |
| | | msg: "FAIL {{ project_tag }} Destroy Cloudformation" |
| | | when: not cloudformation_result|succeeded |
| | | tags: [ destroying, destroy_cf_deployment ] |
| | | --- |
| | | - name: Import default CloudFormation (aws) destroy playbook |
| | | import_playbook: "{{ANSIBLE_REPO_PATH}}/cloud_providers/{{cloud_provider}}_destroy_env.yml" |
| | |
| | | connection: local |
| | | become: false |
| | | vars_files: |
| | | - "./env_vars.yml" |
| | | - "./env_secret_vars.yml" |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml" |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_secret_vars.yml" |
| | | tags: |
| | | - step002 |
| | | - post_infrastructure |
| | |
| | | --- |
| | | - name: Step 00xxxxx post software |
| | | hosts: support |
| | | hosts: localhost |
| | | gather_facts: False |
| | | become: yes |
| | | become: false |
| | | vars_files: |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml" |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_secret_vars.yml" |
| | | tasks: |
| | | - debug: |
| | | msg: "Post-Software tasks Started" |
| | |
| | | connection: local |
| | | gather_facts: false |
| | | become: false |
| | | vars_files: |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml" |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_secret_vars.yml" |
| | | tags: |
| | | - post_flight_check |
| | | tasks: |
| | |
| | | --- |
| | | - name: Step 000 Pre Infrastructure |
| | | hosts: localhost |
| | | connection: local |
| | | become: false |
| | | vars_files: |
| | | - "./env_vars.yml" |
| | | - "./env_secret_vars.yml" |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml" |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_secret_vars.yml" |
| | | tags: |
| | | - step001 |
| | | - pre_infrastructure |
| | |
| | | |
| | | --- |
| | | - name: Step 003 - Create env key |
| | | hosts: localhost |
| | | connection: local |
New file |
| | |
| | | --- |
| | | - name: Step 00xxxxx software |
| | | hosts: localhost |
| | | gather_facts: False |
| | | become: false |
| | | tasks: |
| | | - debug: |
| | | msg: "Software tasks Started" |
| | | |
| | | - name: Software flight-check |
| | | hosts: localhost |
| | | connection: local |
| | | gather_facts: false |
| | | become: false |
| | | tags: |
| | | - post_flight_check |
| | | tasks: |
| | | - debug: |
| | | msg: "Software checks completed successfully" |
New file |
| | |
| | | --- |
| | | - name: Step 00xxxxx software |
| | | hosts: localhost |
| | | gather_facts: False |
| | | become: false |
| | | tasks: |
| | | - debug: |
| | | msg: "Software tasks Started" |
| | | |
| | | - name: Software flight-check |
| | | hosts: localhost |
| | | connection: local |
| | | gather_facts: false |
| | | become: false |
| | | tags: |
| | | - post_flight_check |
| | | tasks: |
| | | - debug: |
| | | msg: "Software checks completed successfully" |
New file |
| | |
| | | = How to create an Environment Type |
| | | |
| | | == Create a base for your new environment type |
| | | |
| | | * Duplicate the "generic-example" environemnt type directory or use another |
| | | environment type directory that is closer to your end goal. |
| | | |
| | | == Edit your cloud provider "blueprint" or "template" |
| | | |
| | | NOTE: At this point this is "aws" based, with time we will have other providers. |
| | | |
| | | * Edit the link:./files/cloud_providers/ec2_cloud_template.j2[./files/cloud_provides/ec2_cloud_template.j2] |
| | | |
| | | * Add Security Groups if you require any. |
| | | * Add LaunchConfigs and AutoScale Groups |
| | | |
| | | ---- |
| | | "HostLC": { |
| | | "Type": "AWS::AutoScaling::LaunchConfiguration", |
| | | "Properties": { |
| | | "AssociatePublicIpAddress": true, |
| | | "ImageId": { |
| | | "Fn::FindInMap": [ |
| | | "RegionMapping", |
| | | { |
| | | "Ref": "AWS::Region" |
| | | }, |
| | | "AMI" |
| | | ] |
| | | }, |
| | | "InstanceType": "{{host_instance_type}}", |
| | | "KeyName": "{{key_name}}", |
| | | "SecurityGroups": [ |
| | | { |
| | | "Ref": "HostSG" |
| | | } |
| | | ], |
| | | "BlockDeviceMappings": [ |
| | | { |
| | | "DeviceName": "/dev/xvda", |
| | | "Ebs": { |
| | | "VolumeSize": 30 |
| | | } |
| | | }, |
| | | { |
| | | "DeviceName": "/dev/xvdb", |
| | | "Ebs": { |
| | | "VolumeSize": 100 |
| | | } |
| | | } |
| | | ] |
| | | } |
| | | }, |
| | | "HostAsg": { |
| | | "Type": "AWS::AutoScaling::AutoScalingGroup", |
| | | "Properties": { |
| | | "DesiredCapacity": {{host_instance_count}}, |
| | | "LaunchConfigurationName": { |
| | | "Ref": "HostLC" |
| | | }, |
| | | "MaxSize": 100, |
| | | "MinSize": 1, |
| | | "Tags": [ |
| | | { |
| | | "Key": "Name", |
| | | "Value": "host", |
| | | "PropagateAtLaunch": true |
| | | }, |
| | | { |
| | | "Key": "AnsibleGroup", |
| | | "Value": "hosts", |
| | | "PropagateAtLaunch": true |
| | | }, |
| | | { |
| | | "Key": "Project", |
| | | "Value": "{{project_tag}}", |
| | | "PropagateAtLaunch": true |
| | | }, |
| | | { |
| | | "Key": "{{ project_tag }}", |
| | | "Value": "host", |
| | | "PropagateAtLaunch": true |
| | | } |
| | | ], |
| | | "VPCZoneIdentifier": [ |
| | | { |
| | | "Ref": "PublicSubnet" |
| | | } |
| | | ] |
| | | } |
| | | }, |
| | | ---- |
| | | |
| | | ** Pay attention to the Tags created for the different AS groups |
| | | |
| | | ---- |
| | | |
| | | { |
| | | "Key": "Project", |
| | | "Value": "{{project_tag}}", |
| | | "PropagateAtLaunch": true |
| | | }, |
| | | { |
| | | "Key": "{{ project_tag }}", |
| | | "Value": "host", |
| | | "PropagateAtLaunch": true |
| | | } |
| | | |
| | | ---- |
| | | |
| | | |
| | | * Add DNS Entries you need for your environment: |
| | | ---- |
| | | "MasterDNS": { |
| | | "Type": "AWS::Route53::RecordSetGroup", |
| | | "DependsOn": "Master", |
| | | "Properties": { |
| | | "HostedZoneId": "{{HostedZoneId}}", |
| | | "RecordSets": [ |
| | | { |
| | | "Name": "{{master_public_dns}}", |
| | | "Type": "A", |
| | | "TTL": "10", |
| | | "ResourceRecords": [ |
| | | { |
| | | "Fn::GetAtt": [ |
| | | "Master", |
| | | "PublicIp" |
| | | ] |
| | | } |
| | | ] |
| | | } |
| | | ] |
| | | } |
| | | }, |
| | | |
| | | ---- |
| | | |
| | | * Add S3 or other resources you require: |
| | | ---- |
| | | |
| | | "RegistryS3": { |
| | | "Type": "AWS::S3::Bucket", |
| | | "Properties": { |
| | | "BucketName": "{{ env_type }}-{{ guid }}", |
| | | "Tags": [ |
| | | { |
| | | "Key": "Name", |
| | | "Value": "s3-{{ env_type }}-{{ guid }}" |
| | | }, |
| | | { |
| | | "Key": "Project", |
| | | "Value": "{{project_tag}}" |
| | | } |
| | | ] |
| | | } |
| | | } |
| | | }, |
| | | ---- |
| | | |
| | | * Add any "outputs" you need from the cloud provider: |
| | | ---- |
| | | "RegistryS3Output": { |
| | | "Description": "The ID of the S3 Bucket", |
| | | "Value": { |
| | | "Ref": "RegistryS3" |
| | | }}, |
| | | |
| | | ---- |
| | | |
| | | |
| | | |
| | | == Internal DNS file |
| | | |
| | | |
| | | * Edit the internal dns template: link:./files/ec2_internal_dns.json.j2[./files/ec2_internal_dns.json.j2] |
| | | ** You can create nicely indexed internal hostname by creating a for loop in the file for each host group |
| | | ---- |
| | | {% for host in groups['support'] | ] %} |
| | | { |
| | | "Action": "{{DNS_action}}", |
| | | "ResourceRecordSet": { |
| | | "Name": "support{{loop.index}}.{{zone_internal_dns}}", |
| | | "Type": "A", |
| | | "TTL": 20, |
| | | "ResourceRecords": [ { "Value": "{{hostvars[host]['ec2_private_ip_address']}}" } ] |
| | | } |
| | | }, |
| | | |
| | | ---- |
New file |
| | |
| | | = OPENTLC OCP-HA-LAB Env_Type config |
| | | |
| | | For example, we will include things such as ec2 instance names, secret |
| | | variables such as private/public key pair information, passwords, etc. |
| | | |
| | | Eventually, all sensitive information will be encrypted via Ansible Vault. The |
| | | inclusion as well as instructions on doing this will be included in a later |
| | | release. |
| | | |
| | | == Set up your "Secret" variables |
| | | |
| | | * You need to provide some credentials for deployments to work |
| | | * Create a file called "env_secret_vars.yml" and put it in the |
| | | ./ansible/configs/CONFIGNAME/ directory. |
| | | ** At this point this file *has to be created* even if no vars from it are used. |
| | | * You can choose to provide these values as extra vars (-e "var=value") in the |
| | | command line if you prefer not to keep sensitive information in a file. |
| | | |
| | | .Example contents of "Secret" Vars file |
| | | ---- |
| | | # ## Logon credentials for Red Hat Network |
| | | # ## Required if using the subscription component |
| | | # ## of this playbook. |
| | | rhel_subscription_user: '' |
| | | rhel_subscription_pass: '' |
| | | # |
| | | # ## LDAP Bind Password |
| | | bindPassword: '' |
| | | # |
| | | # ## Desired openshift admin name and password |
| | | admin_user: "" |
| | | admin_user_password: "" |
| | | # |
| | | # ## AWS Credentials. This is required. |
| | | aws_access_key_id: "" |
| | | aws_secret_access_key: "" |
| | | |
| | | #If using repo_method: satellite, you must set these values as well. |
| | | # satellite_url: https://satellite.example.com |
| | | # satellite_org: Sat_org_name |
| | | # satellite_activationkey: "rhel7basic" |
| | | ---- |
| | | |
| | | |
| | | == Review the Env_Type variable file |
| | | |
| | | * This file link:./env_vars.yml[./env_vars.yml] contains all the variables you |
| | | need to define to control the deployment of your environment. |
| | | |
| | | == Running Ansible Playbook |
| | | |
| | | . You can run the playbook with the following arguments to overwrite the default variable values: |
| | | [source,bash] |
| | | ---- |
| | | # Set the your environment variables (this is optional, but makes life easy) |
| | | |
| | | REGION=ap-southeast-1 |
| | | KEYNAME=ocpkey |
| | | GUID=testnewec21 |
| | | ENVTYPE="ocp-ha-lab" |
| | | CLOUDPROVIDER=ec2 |
| | | HOSTZONEID='Z3IHLWJZOU9SRT' |
| | | REPO_PATH='https://admin.example.com/repos/ocp/3.6/' |
| | | |
| | | BASESUFFIX='.example.opentlc.com' |
| | | IPAPASS=aaaaaa |
| | | REPO_VERSION=3.6 |
| | | NODE_COUNT=2 |
| | | DEPLOYER_REPO_PATH=`pwd` |
| | | LOG_FILE=$(pwd)/${ENVTYPE}-${GUID}.log |
| | | |
| | | ## For a HA environment that is not installed with OpenShift |
| | | |
| | | |
| | | ansible-playbook ${DEPLOYER_REPO_PATH}/main.yml \ |
| | | -e "guid=${GUID}" -e "env_type=${ENVTYPE}" -e "key_name=${KEYNAME}" \ |
| | | -e "cloud_provider=${CLOUDPROVIDER}" -e "aws_region=${REGION}" -e "HostedZoneId=${HOSTZONEID}" \ |
| | | -e "subdomain_base_suffix=${BASESUFFIX}" \ |
| | | -e "bastion_instance_type=t2.medium" -e "master_instance_type=t2.large" \ |
| | | -e "infranode_instance_type=t2.large" -e "node_instance_type=t2.large" \ |
| | | -e "support_instance_type=t2.medium" -e "node_instance_count=${NODE_COUNT}" \ |
| | | -e "ipa_host_password=${IPAPASS}" -e "install_idm=htpasswd" \ |
| | | -e "email=name@example.com" \ |
| | | -e "repo_method=file" -e "own_repo_path=${REPO_PATH}" -e "repo_version=${REPO_VERSION}" \ |
| | | -e "software_to_deploy=openshift" -e "osrelease=3.6.173.0.21" -e "docker_version=1.12.6" \ |
| | | -e "ANSIBLE_REPO_PATH=${DEPLOYER_REPO_PATH}" \ |
| | | --skip-tags=installing_openshift,get_openshift_credentials 1>> $LOG_FILE 2>> $LOG_FILE |
| | | |
| | | . To Delete an environment |
| | | ---- |
| | | #To Destroy an Env |
| | | ansible-playbook \ |
| | | ${DEPLOYER_REPO_PATH}/configs/${ENVTYPE}/destroy_env.yml \ |
| | | -e "guid=${GUID}" -e "env_type=${ENVTYPE}" \ |
| | | -e "cloud_provider=${CLOUDPROVIDER}" -e "aws_region=${REGION}" -e "HostedZoneId=${HOSTZONEID}" \ |
| | | -e "ANSIBLE_REPO_PATH=${DEPLOYER_REPO_PATH}" \ |
| | | -e "key_name=${KEYNAME}" -e "subdomain_base_suffix=${BASESUFFIX}" |
| | | |
| | | ---- |
New file |
| | |
| | | - hosts: localhost |
| | | connection: local |
| | | gather_facts: false |
| | | become: false |
| | | vars_files: |
| | | - ./env_vars.yml |
| | | tasks: |
| | | - name: AWS Generate Cloudformation Template |
| | | template: |
| | | src: ./files/cloud_providers/ec2_cloud_template.j2 |
| | | dest: ./ec2_cloud_template.yml |
New file |
| | |
| | | - name: Starting environment deployment |
| | | hosts: localhost |
| | | connection: local |
| | | gather_facts: False |
| | | become: no |
| | | vars_files: |
| | | - "./env_vars.yml" |
| | | - "./env_secret_vars.yml" |
| | | |
| | | tasks: |
| | | - name: Destroy cloudformation template |
| | | cloudformation: |
| | | stack_name: "{{project_tag}}" |
| | | state: "absent" |
| | | region: "{{aws_region}}" |
| | | disable_rollback: false |
| | | tags: |
| | | Stack: "project {{env_type}}-{{ guid }}" |
| | | tags: [ destroying, destroy_cf_deployment ] |
| | | register: cloudformation_result |
| | | until: cloudformation_result|succeeded |
| | | retries: 5 |
| | | delay: 60 |
| | | ignore_errors: yes |
| | | |
| | | - name: report Cloudformation error |
| | | fail: |
| | | msg: "FAIL {{ project_tag }} Destroy Cloudformation" |
| | | when: not cloudformation_result|succeeded |
| | | tags: [ destroying, destroy_cf_deployment ] |
| | | ## we need to add something to delete the env specific key. |
New file |
| | |
| | | --- |
| | | AWSTemplateFormatVersion: "2010-09-09" |
| | | Mappings: |
| | | RegionMapping: |
| | | us-east-1: |
| | | RHELAMI: ami-c998b6b2 |
| | | us-east-2: |
| | | RHELAMI: ami-cfdafaaa |
| | | us-west-1: |
| | | RHELAMI: ami-66eec506d |
| | | us-west-2: |
| | | RHELAMI: ami-9fa343e7 |
| | | eu-west-1: |
| | | RHELAMI: ami-bb9a6bc2 |
| | | eu-central-1: |
| | | RHELAMI: ami-d74be5b8 |
| | | ap-northeast-1: |
| | | RHELAMI: ami-30ef0556 |
| | | ap-northeast-2: |
| | | RHELAMI: ami-0f5a8361 |
| | | ap-southeast-1: |
| | | RHELAMI: ami-10bb2373 |
| | | ap-southeast-2: |
| | | RHELAMI: ami-ccecf5af |
| | | sa-east-1: |
| | | RHELAMI: ami-a789ffcb |
| | | ap-south-1: |
| | | RHELAMI: ami-cdbdd7a2 |
| | | DNSMapping: |
| | | us-east-1: |
| | | domain: "us-east-1.compute.internal" |
| | | us-west-1: |
| | | domain: "us-west-1.compute.internal" |
| | | us-west-2: |
| | | domain: "us-west-2.compute.internal" |
| | | eu-west-1: |
| | | domain: "eu-west-1.compute.internal" |
| | | eu-central-1: |
| | | domain: "eu-central-1.compute.internal" |
| | | ap-northeast-1: |
| | | domain: "ap-northeast-1.compute.internal" |
| | | ap-northeast-2: |
| | | domain: "ap-northeast-2.compute.internal" |
| | | ap-southeast-1: |
| | | domain: "ap-southeast-1.compute.internal" |
| | | ap-southeast-2: |
| | | domain: "ap-southeast-2.compute.internal" |
| | | sa-east-1: |
| | | domain: "sa-east-1.compute.internal" |
| | | ap-south-1: |
| | | domain: "ap-south-1.compute.internal" |
| | | |
| | | Resources: |
| | | Vpc: |
| | | Type: "AWS::EC2::VPC" |
| | | Properties: |
| | | CidrBlock: "192.168.0.0/16" |
| | | EnableDnsSupport: true |
| | | EnableDnsHostnames: true |
| | | Tags: |
| | | - Key: Name |
| | | Value: "prakhar-test.example.opentlc.com" |
| | | - Key: Hostlication |
| | | Value: |
| | | Ref: "AWS::StackId" |
| | | |
| | | VpcInternetGateway: |
| | | Type: "AWS::EC2::InternetGateway" |
| | | |
| | | VpcGA: |
| | | Type: "AWS::EC2::VPCGatewayAttachment" |
| | | Properties: |
| | | InternetGatewayId: |
| | | Ref: VpcInternetGateway |
| | | VpcId: |
| | | Ref: Vpc |
| | | |
| | | VpcRouteTable: |
| | | Type: "AWS::EC2::RouteTable" |
| | | Properties: |
| | | VpcId: |
| | | Ref: Vpc |
| | | |
| | | VPCRouteInternetGateway: |
| | | DependsOn: VpcGA |
| | | Type: "AWS::EC2::Route" |
| | | Properties: |
| | | GatewayId: |
| | | Ref: VpcInternetGateway |
| | | DestinationCidrBlock: "0.0.0.0/0" |
| | | RouteTableId: |
| | | Ref: VpcRouteTable |
| | | |
| | | PublicSubnet: |
| | | Type: "AWS::EC2::Subnet" |
| | | DependsOn: |
| | | - Vpc |
| | | Properties: |
| | | CidrBlock: "192.168.2.0/24" |
| | | Tags: |
| | | - Key: Name |
| | | Value: "ocp-ha-lab-prakhar-test" |
| | | MapPublicIpOnLaunch: true |
| | | VpcId: |
| | | Ref: Vpc |
| | | PrivateSubnet: |
| | | Type: "AWS::EC2::Subnet" |
| | | DependsOn: |
| | | - Vpc |
| | | Properties: |
| | | CidrBlock: "192.168.1.0/24" |
| | | Tags: |
| | | - Key: Name |
| | | Value: "ocp-ha-lab-prakhar-test" |
| | | MapPublicIpOnLaunch: true |
| | | VpcId: |
| | | Ref: Vpc |
| | | |
| | | PublicSubnetRTA: |
| | | Type: "AWS::EC2::SubnetRouteTableAssociation" |
| | | Properties: |
| | | RouteTableId: |
| | | Ref: VpcRouteTable |
| | | SubnetId: |
| | | Ref: PublicSubnet |
| | | |
| | | MasterSG: |
| | | Type: "AWS::EC2::SecurityGroup" |
| | | Properties: |
| | | GroupDescription: Host |
| | | VpcId: |
| | | Ref: Vpc |
| | | Tags: |
| | | - Key: Name |
| | | Value: "MasterSG" |
| | | NodeSG: |
| | | Type: "AWS::EC2::SecurityGroup" |
| | | Properties: |
| | | GroupDescription: Host |
| | | VpcId: |
| | | Ref: Vpc |
| | | Tags: |
| | | - Key: Name |
| | | Value: "NodeSG" |
| | | |
| | | MasterSGDNS TCP: |
| | | Type: "AWS::EC2::SecurityGroupIngress" |
| | | Properties: |
| | | GroupId: |
| | | Fn::GetAtt: |
| | | - "MasterSG" |
| | | - GroupId |
| | | IpProtocol: "tcp" |
| | | FromPort: "53" |
| | | ToPort: "53" |
| | | CidrIp: "0.0.0.0/0" |
| | | MasterSGDNS UDP: |
| | | Type: "AWS::EC2::SecurityGroupIngress" |
| | | Properties: |
| | | GroupId: |
| | | Fn::GetAtt: |
| | | - "MasterSG" |
| | | - GroupId |
| | | IpProtocol: "udp" |
| | | FromPort: "53" |
| | | ToPort: "53" |
| | | CidrIp: "0.0.0.0/0" |
| | | MasterSGSDN: |
| | | Type: "AWS::EC2::SecurityGroupIngress" |
| | | Properties: |
| | | GroupId: |
| | | Fn::GetAtt: |
| | | - "MasterSG" |
| | | - GroupId |
| | | IpProtocol: "udp" |
| | | FromPort: "4789" |
| | | ToPort: "4789" |
| | | CidrIp: "0.0.0.0/0" |
| | | MasterSGHTTPS Access: |
| | | Type: "AWS::EC2::SecurityGroupIngress" |
| | | Properties: |
| | | GroupId: |
| | | Fn::GetAtt: |
| | | - "MasterSG" |
| | | - GroupId |
| | | IpProtocol: "tcp" |
| | | FromPort: "443" |
| | | ToPort: "443" |
| | | CidrIp: "0.0.0.0/0" |
| | | NodeSGKubelet: |
| | | Type: "AWS::EC2::SecurityGroupIngress" |
| | | Properties: |
| | | GroupId: |
| | | Fn::GetAtt: |
| | | - "NodeSG" |
| | | - GroupId |
| | | IpProtocol: "tcp" |
| | | FromPort: "10250" |
| | | ToPort: "10250" |
| | | CidrIp: "0.0.0.0/0" |
| | | NodeSGSDN: |
| | | Type: "AWS::EC2::SecurityGroupIngress" |
| | | Properties: |
| | | GroupId: |
| | | Fn::GetAtt: |
| | | - "NodeSG" |
| | | - GroupId |
| | | IpProtocol: "udp" |
| | | FromPort: "4789" |
| | | ToPort: "4789" |
| | | CidrIp: "0.0.0.0/0" |
| | | |
| | | |
| | | # PublicSG: |
| | | # Type: "AWS::EC2::SecurityGroup" |
| | | # Properties: |
| | | # GroupDescription: Host |
| | | # VpcId: |
| | | # Ref: Vpc |
| | | # Tags: |
| | | # - Key: Name |
| | | # Value: host_sg |
| | | # |
| | | # HostUDPPorts: |
| | | # Type: "AWS::EC2::SecurityGroupIngress" |
| | | # Properties: |
| | | # GroupId: |
| | | # Fn::GetAtt: |
| | | # - PublicSG |
| | | # - GroupId |
| | | # IpProtocol: udp |
| | | # FromPort: 0 |
| | | # ToPort: 65535 |
| | | # CidrIp: "0.0.0.0/0" |
| | | # |
| | | # HostTCPPorts: |
| | | # Type: "AWS::EC2::SecurityGroupIngress" |
| | | # Properties: |
| | | # GroupId: |
| | | # Fn::GetAtt: |
| | | # - PublicSG |
| | | # - GroupId |
| | | # IpProtocol: tcp |
| | | # FromPort: 0 |
| | | # ToPort: 65535 |
| | | # CidrIp: "0.0.0.0/0" |
| | | # |
| | | # zoneinternalidns: |
| | | # Type: "AWS::Route53::HostedZone" |
| | | # Properties: |
| | | # Name: "prakhar-test.internal." |
| | | # VPCs: |
| | | # - VPCId: |
| | | # Ref: Vpc |
| | | # VPCRegion: |
| | | # Ref: "AWS::Region" |
| | | # HostedZoneConfig: |
| | | # Comment: "Created By ansible agnostic deployer" |
| | | # |
| | | # CloudDNS: |
| | | # Type: AWS::Route53::RecordSetGroup |
| | | # DependsOn: |
| | | # # - "infranode1EIP" |
| | | # # Properties: |
| | | # HostedZoneId: "Z3IHLWJZOU9SRT" |
| | | # RecordSets: |
| | | # - Name: "*.apps.prakhar-test.example.opentlc.com." |
| | | # Type: A |
| | | # TTL: 900 |
| | | # ResourceRecords: |
| | | # # - Fn::GetAtt: |
| | | # - infranode1 |
| | | # - PublicIp |
| | | # # |
| | | # # # |
| | | # # bastion1: |
| | | # Type: "AWS::EC2::Instance" |
| | | # Properties: |
| | | # ImageId: |
| | | # Fn::FindInMap: |
| | | # - RegionMapping |
| | | # - Ref: AWS::Region |
| | | # - RHELAMI |
| | | # InstanceType: "t2.small" |
| | | # KeyName: "ocpkey" |
| | | # # SecurityGroupIds: |
| | | # - "Fn::GetAtt": |
| | | # - PublicSG |
| | | # - GroupId |
| | | # SubnetId: |
| | | # Ref: PublicSubnet |
| | | # Tags: |
| | | # # - Key: Name |
| | | # Value: bastion |
| | | # - Key: internaldns |
| | | # Value: bastion.prakhar-test.internal |
| | | # # - Key: "owner" |
| | | # Value: "unknownuser" |
| | | # - Key: "Project" |
| | | # Value: "ocp-ha-lab-prakhar-test" |
| | | # - Key: "ocp-ha-lab-prakhar-test" |
| | | # Value: "bastion" |
| | | # # - Key: AnsibleGroup |
| | | # Value: bastions |
| | | # # - Key: ostype |
| | | # Value: linux |
| | | # # BlockDeviceMappings: |
| | | # - DeviceName: "/dev/sda1" |
| | | # Ebs: |
| | | # VolumeSize: 20 |
| | | # # |
| | | # bastion1InternalDNS: |
| | | # Type: "AWS::Route53::RecordSetGroup" |
| | | # Properties: |
| | | # HostedZoneId: |
| | | # Ref: zoneinternalidns |
| | | # RecordSets: |
| | | # # - Name: "bastion.prakhar-test.internal." |
| | | # # Type: A |
| | | # TTL: 10 |
| | | # ResourceRecords: |
| | | # - "Fn::GetAtt": |
| | | # - bastion1 |
| | | # - PrivateIp |
| | | # |
| | | # # bastion1EIP: |
| | | # Type: "AWS::EC2::EIP" |
| | | # DependsOn: |
| | | # - VpcGA |
| | | # Properties: |
| | | # InstanceId: |
| | | # Ref: bastion1 |
| | | # |
| | | # bastion1PublicDNS: |
| | | # Type: "AWS::Route53::RecordSetGroup" |
| | | # DependsOn: |
| | | # - bastion1EIP |
| | | # Properties: |
| | | # HostedZoneId: Z3IHLWJZOU9SRT |
| | | # RecordSets: |
| | | # # - Name: "bastion.prakhar-test.example.opentlc.com." |
| | | # # Type: A |
| | | # TTL: 10 |
| | | # ResourceRecords: |
| | | # - "Fn::GetAtt": |
| | | # - bastion1 |
| | | # - PublicIp |
| | | # # # # # loadbalancerDNSLoadBalancer: |
| | | # Type: "AWS::Route53::RecordSetGroup" |
| | | # DependsOn: |
| | | # # - loadbalancer1EIP |
| | | # # Properties: |
| | | # HostedZoneId: Z3IHLWJZOU9SRT |
| | | # RecordSets: |
| | | # - Name: "loadbalancer.prakhar-test.example.opentlc.com." |
| | | # Type: A |
| | | # TTL: 900 |
| | | # ResourceRecords: |
| | | # # - "Fn::GetAtt": |
| | | # - loadbalancer1 |
| | | # - PublicIp |
| | | # # # |
| | | # # loadbalancer1: |
| | | # Type: "AWS::EC2::Instance" |
| | | # Properties: |
| | | # ImageId: |
| | | # Fn::FindInMap: |
| | | # - RegionMapping |
| | | # - Ref: AWS::Region |
| | | # - RHELAMI |
| | | # InstanceType: "t2.small" |
| | | # KeyName: "ocpkey" |
| | | # # SecurityGroupIds: |
| | | # - "Fn::GetAtt": |
| | | # - PublicSG |
| | | # - GroupId |
| | | # SubnetId: |
| | | # Ref: PublicSubnet |
| | | # Tags: |
| | | # # - Key: Name |
| | | # Value: loadbalancer1 |
| | | # - Key: internaldns |
| | | # Value: loadbalancer1.prakhar-test.internal |
| | | # # - Key: "owner" |
| | | # Value: "unknownuser" |
| | | # - Key: "Project" |
| | | # Value: "ocp-ha-lab-prakhar-test" |
| | | # - Key: "ocp-ha-lab-prakhar-test" |
| | | # Value: "loadbalancer" |
| | | # # - Key: AnsibleGroup |
| | | # Value: loadbalancers |
| | | # # - Key: ostype |
| | | # Value: linux |
| | | # # BlockDeviceMappings: |
| | | # - DeviceName: "/dev/sda1" |
| | | # Ebs: |
| | | # VolumeSize: 20 |
| | | # # |
| | | # loadbalancer1InternalDNS: |
| | | # Type: "AWS::Route53::RecordSetGroup" |
| | | # Properties: |
| | | # HostedZoneId: |
| | | # Ref: zoneinternalidns |
| | | # RecordSets: |
| | | # # - Name: "loadbalancer1.prakhar-test.internal." |
| | | # # Type: A |
| | | # TTL: 10 |
| | | # ResourceRecords: |
| | | # - "Fn::GetAtt": |
| | | # - loadbalancer1 |
| | | # - PrivateIp |
| | | # |
| | | # # loadbalancer1EIP: |
| | | # Type: "AWS::EC2::EIP" |
| | | # DependsOn: |
| | | # - VpcGA |
| | | # Properties: |
| | | # InstanceId: |
| | | # Ref: loadbalancer1 |
| | | # |
| | | # loadbalancer1PublicDNS: |
| | | # Type: "AWS::Route53::RecordSetGroup" |
| | | # DependsOn: |
| | | # - loadbalancer1EIP |
| | | # Properties: |
| | | # HostedZoneId: Z3IHLWJZOU9SRT |
| | | # RecordSets: |
| | | # # - Name: "loadbalancer1.prakhar-test.example.opentlc.com." |
| | | # # Type: A |
| | | # TTL: 10 |
| | | # ResourceRecords: |
| | | # - "Fn::GetAtt": |
| | | # - loadbalancer1 |
| | | # - PublicIp |
| | | # # # # # |
| | | # # master1: |
| | | # Type: "AWS::EC2::Instance" |
| | | # Properties: |
| | | # ImageId: |
| | | # Fn::FindInMap: |
| | | # - RegionMapping |
| | | # - Ref: AWS::Region |
| | | # - RHELAMI |
| | | # InstanceType: "t2.large" |
| | | # KeyName: "ocpkey" |
| | | # # SecurityGroupIds: |
| | | # - "Fn::GetAtt": |
| | | # - PublicSG |
| | | # - GroupId |
| | | # SubnetId: |
| | | # Ref: PublicSubnet |
| | | # Tags: |
| | | # # - Key: Name |
| | | # Value: master1 |
| | | # - Key: internaldns |
| | | # Value: master1.prakhar-test.internal |
| | | # # - Key: "owner" |
| | | # Value: "unknownuser" |
| | | # - Key: "Project" |
| | | # Value: "ocp-ha-lab-prakhar-test" |
| | | # - Key: "ocp-ha-lab-prakhar-test" |
| | | # Value: "master" |
| | | # # - Key: AnsibleGroup |
| | | # Value: masters |
| | | # # - Key: ostype |
| | | # Value: linux |
| | | # # BlockDeviceMappings: |
| | | # - DeviceName: "/dev/sda1" |
| | | # Ebs: |
| | | # VolumeSize: 50 |
| | | # # - DeviceName: "/dev/xvdb" |
| | | # Ebs: |
| | | # VolumeType: "gp2" |
| | | # VolumeSize: "20" |
| | | # # |
| | | # master1InternalDNS: |
| | | # Type: "AWS::Route53::RecordSetGroup" |
| | | # Properties: |
| | | # HostedZoneId: |
| | | # Ref: zoneinternalidns |
| | | # RecordSets: |
| | | # # - Name: "master1.prakhar-test.internal." |
| | | # # Type: A |
| | | # TTL: 10 |
| | | # ResourceRecords: |
| | | # - "Fn::GetAtt": |
| | | # - master1 |
| | | # - PrivateIp |
| | | # |
| | | # # # # # |
| | | # # node1: |
| | | # Type: "AWS::EC2::Instance" |
| | | # Properties: |
| | | # ImageId: |
| | | # Fn::FindInMap: |
| | | # - RegionMapping |
| | | # - Ref: AWS::Region |
| | | # - RHELAMI |
| | | # InstanceType: "t2.large" |
| | | # KeyName: "ocpkey" |
| | | # # SecurityGroupIds: |
| | | # - "Fn::GetAtt": |
| | | # - PublicSG |
| | | # - GroupId |
| | | # SubnetId: |
| | | # Ref: PublicSubnet |
| | | # Tags: |
| | | # # - Key: Name |
| | | # Value: node1 |
| | | # - Key: internaldns |
| | | # Value: node1.prakhar-test.internal |
| | | # # - Key: "owner" |
| | | # Value: "unknownuser" |
| | | # - Key: "Project" |
| | | # Value: "ocp-ha-lab-prakhar-test" |
| | | # - Key: "ocp-ha-lab-prakhar-test" |
| | | # Value: "node" |
| | | # # - Key: AnsibleGroup |
| | | # Value: nodes |
| | | # # - Key: ostype |
| | | # Value: linux |
| | | # # BlockDeviceMappings: |
| | | # - DeviceName: "/dev/sda1" |
| | | # Ebs: |
| | | # VolumeSize: 50 |
| | | # # - DeviceName: "/dev/xvdb" |
| | | # Ebs: |
| | | # VolumeType: "gp2" |
| | | # VolumeSize: "100" |
| | | # # |
| | | # node1InternalDNS: |
| | | # Type: "AWS::Route53::RecordSetGroup" |
| | | # Properties: |
| | | # HostedZoneId: |
| | | # Ref: zoneinternalidns |
| | | # RecordSets: |
| | | # # - Name: "node1.prakhar-test.internal." |
| | | # # Type: A |
| | | # TTL: 10 |
| | | # ResourceRecords: |
| | | # - "Fn::GetAtt": |
| | | # - node1 |
| | | # - PrivateIp |
| | | # |
| | | # # # node2: |
| | | # Type: "AWS::EC2::Instance" |
| | | # Properties: |
| | | # ImageId: |
| | | # Fn::FindInMap: |
| | | # - RegionMapping |
| | | # - Ref: AWS::Region |
| | | # - RHELAMI |
| | | # InstanceType: "t2.large" |
| | | # KeyName: "ocpkey" |
| | | # # SecurityGroupIds: |
| | | # - "Fn::GetAtt": |
| | | # - PublicSG |
| | | # - GroupId |
| | | # SubnetId: |
| | | # Ref: PublicSubnet |
| | | # Tags: |
| | | # # - Key: Name |
| | | # Value: node2 |
| | | # - Key: internaldns |
| | | # Value: node2.prakhar-test.internal |
| | | # # - Key: "owner" |
| | | # Value: "unknownuser" |
| | | # - Key: "Project" |
| | | # Value: "ocp-ha-lab-prakhar-test" |
| | | # - Key: "ocp-ha-lab-prakhar-test" |
| | | # Value: "node" |
| | | # # - Key: AnsibleGroup |
| | | # Value: nodes |
| | | # # - Key: ostype |
| | | # Value: linux |
| | | # # BlockDeviceMappings: |
| | | # - DeviceName: "/dev/sda1" |
| | | # Ebs: |
| | | # VolumeSize: 50 |
| | | # # - DeviceName: "/dev/xvdb" |
| | | # Ebs: |
| | | # VolumeType: "gp2" |
| | | # VolumeSize: "100" |
| | | # # |
| | | # node2InternalDNS: |
| | | # Type: "AWS::Route53::RecordSetGroup" |
| | | # Properties: |
| | | # HostedZoneId: |
| | | # Ref: zoneinternalidns |
| | | # RecordSets: |
| | | # # - Name: "node2.prakhar-test.internal." |
| | | # # Type: A |
| | | # TTL: 10 |
| | | # ResourceRecords: |
| | | # - "Fn::GetAtt": |
| | | # - node2 |
| | | # - PrivateIp |
| | | # |
| | | # # # # # infranodeDNSLoadBalancer: |
| | | # Type: "AWS::Route53::RecordSetGroup" |
| | | # DependsOn: |
| | | # # - infranode1EIP |
| | | # # Properties: |
| | | # HostedZoneId: Z3IHLWJZOU9SRT |
| | | # RecordSets: |
| | | # - Name: "infranode.prakhar-test.example.opentlc.com." |
| | | # Type: A |
| | | # TTL: 900 |
| | | # ResourceRecords: |
| | | # # - "Fn::GetAtt": |
| | | # - infranode1 |
| | | # - PublicIp |
| | | # # # |
| | | # # infranode1: |
| | | # Type: "AWS::EC2::Instance" |
| | | # Properties: |
| | | # ImageId: |
| | | # Fn::FindInMap: |
| | | # - RegionMapping |
| | | # - Ref: AWS::Region |
| | | # - RHELAMI |
| | | # InstanceType: "t2.large" |
| | | # KeyName: "ocpkey" |
| | | # # SecurityGroupIds: |
| | | # - "Fn::GetAtt": |
| | | # - PublicSG |
| | | # - GroupId |
| | | # SubnetId: |
| | | # Ref: PublicSubnet |
| | | # Tags: |
| | | # # - Key: Name |
| | | # Value: infranode1 |
| | | # - Key: internaldns |
| | | # Value: infranode1.prakhar-test.internal |
| | | # # - Key: "owner" |
| | | # Value: "unknownuser" |
| | | # - Key: "Project" |
| | | # Value: "ocp-ha-lab-prakhar-test" |
| | | # - Key: "ocp-ha-lab-prakhar-test" |
| | | # Value: "infranode" |
| | | # # - Key: AnsibleGroup |
| | | # Value: infranodes |
| | | # # - Key: ostype |
| | | # Value: linux |
| | | # # BlockDeviceMappings: |
| | | # - DeviceName: "/dev/sda1" |
| | | # Ebs: |
| | | # VolumeSize: 50 |
| | | # # - DeviceName: "/dev/xvdb" |
| | | # Ebs: |
| | | # VolumeType: "gp2" |
| | | # VolumeSize: "50" |
| | | # # |
| | | # infranode1InternalDNS: |
| | | # Type: "AWS::Route53::RecordSetGroup" |
| | | # Properties: |
| | | # HostedZoneId: |
| | | # Ref: zoneinternalidns |
| | | # RecordSets: |
| | | # # - Name: "infranode1.prakhar-test.internal." |
| | | # # Type: A |
| | | # TTL: 10 |
| | | # ResourceRecords: |
| | | # - "Fn::GetAtt": |
| | | # - infranode1 |
| | | # - PrivateIp |
| | | # |
| | | # # infranode1EIP: |
| | | # Type: "AWS::EC2::EIP" |
| | | # DependsOn: |
| | | # - VpcGA |
| | | # Properties: |
| | | # InstanceId: |
| | | # Ref: infranode1 |
| | | # |
| | | # infranode1PublicDNS: |
| | | # Type: "AWS::Route53::RecordSetGroup" |
| | | # DependsOn: |
| | | # - infranode1EIP |
| | | # Properties: |
| | | # HostedZoneId: Z3IHLWJZOU9SRT |
| | | # RecordSets: |
| | | # # - Name: "infranode1.prakhar-test.example.opentlc.com." |
| | | # # Type: A |
| | | # TTL: 10 |
| | | # ResourceRecords: |
| | | # - "Fn::GetAtt": |
| | | # - infranode1 |
| | | # - PublicIp |
| | | # # # # # |
| | | # # support1: |
| | | # Type: "AWS::EC2::Instance" |
| | | # Properties: |
| | | # ImageId: |
| | | # Fn::FindInMap: |
| | | # - RegionMapping |
| | | # - Ref: AWS::Region |
| | | # - RHELAMI |
| | | # InstanceType: "t2.medium" |
| | | # KeyName: "ocpkey" |
| | | # # SecurityGroupIds: |
| | | # - "Fn::GetAtt": |
| | | # - PublicSG |
| | | # - GroupId |
| | | # SubnetId: |
| | | # Ref: PublicSubnet |
| | | # Tags: |
| | | # # - Key: Name |
| | | # Value: support1 |
| | | # - Key: internaldns |
| | | # Value: support1.prakhar-test.internal |
| | | # # - Key: "owner" |
| | | # Value: "unknownuser" |
| | | # - Key: "Project" |
| | | # Value: "ocp-ha-lab-prakhar-test" |
| | | # - Key: "ocp-ha-lab-prakhar-test" |
| | | # Value: "support" |
| | | # # - Key: AnsibleGroup |
| | | # Value: support |
| | | # # - Key: ostype |
| | | # Value: linux |
| | | # # BlockDeviceMappings: |
| | | # - DeviceName: "/dev/sda1" |
| | | # Ebs: |
| | | # VolumeSize: 20 |
| | | # # - DeviceName: "/dev/xvdb" |
| | | # Ebs: |
| | | # VolumeType: "gp2" |
| | | # VolumeSize: "50" |
| | | # # |
| | | # support1InternalDNS: |
| | | # Type: "AWS::Route53::RecordSetGroup" |
| | | # Properties: |
| | | # HostedZoneId: |
| | | # Ref: zoneinternalidns |
| | | # RecordSets: |
| | | # # - Name: "support1.prakhar-test.internal." |
| | | # # Type: A |
| | | # TTL: 10 |
| | | # ResourceRecords: |
| | | # - "Fn::GetAtt": |
| | | # - support1 |
| | | # - PrivateIp |
| | | # |
| | | # # # # |
| | | # Outputs: |
| | | # Route53internalzoneOutput: |
| | | # Description: The ID of the internal route 53 zone |
| | | # Value: |
| | | # Ref: zoneinternalidns |
New file |
| | |
| | | ## TODO: What variables can we strip out of here to build complex variables? |
| | | ## i.e. what can we add into group_vars as opposed to config_vars? |
| | | ## Example: We don't really need "subdomain_base_short". If we want to use this, |
| | | ## should just toss in group_vars/all. |
| | | ### Also, we should probably just create a variable reference in the README.md |
| | | ### For now, just tagging comments in line with configuration file. |
| | | |
| | | ###### VARIABLES YOU SHOULD CONFIGURE FOR YOUR DEPLOYEMNT |
| | | ###### OR PASS as "-e" args to ansible-playbook command |
| | | # # |
| | | # # env_groups: |
| | | # # limit: "tag_Project_opentlc_shared_{{guid}}" |
| | | # # bastions: "tag_AnsibleGroup_bastions" |
| | | # # masters: "tag_AnsibleGroup_masters" |
| | | # # nodes: "tag_AnsibleGroup_nodes" |
| | | # # infranodes: "tag_AnsibleGroup_infranodes" |
| | | # # nfs: "tag_AnsibleGroup_nfs" |
| | | # |
| | | # # This doesn't work |
| | | # all: "tag_Project_opentlc_shared_{{guid}}" |
| | | # |
| | | # # but maybe this is silly enough to work |
| | | # #all: "tag_Project_opentlc_shared_{{guid}}:&tag_Project_opentlc_shared_{{guid}}" |
| | | #rhn_pool_id_string: OpenShift Container Platform |
| | | # bastions: "{{env_groups['limit']}}:&{{env_groups['bastions']}}" |
| | | # masters: "{{env_groups['limit']}}:&{{env_groups['masters']}}" |
| | | # nodes: "{{env_groups['limit']}}:&{{env_groups['nodes']}}" |
| | | # infranodes: "{{env_groups['limit']}}:&{{env_groups['infranodes']}}" |
| | | # nfs: "{{env_groups['limit']}}:&{{env_groups['nfs']}}" |
| | | install_ipa_client: false |
| | | repo_method: file |
| | | ocp_pvs: |
| | | # - es-storage |
| | | # - nexus |
| | | # - nexus2 |
| | | # - nexus3 |
| | | config_nfs_uservols: "true" |
| | | user_vols: 200 |
| | | user_vols_size: 4Gi |
| | | master_api_port: 443 |
| | | osrelease: 3.7.9 |
| | | openshift_master_overwrite_named_certificates: true |
| | | deploy_openshift: true |
| | | deploy_openshift_post: true |
| | | deploy_env_post: true |
| | | install_metrics: true |
| | | install_logging: true |
| | | ovs_plugin: "subnet" # This can also be set to: "multitenant" |
| | | multi_tenant_setting: "os_sdn_network_plugin_name='redhat/openshift-ovs-{{ovs_plugin}}'" |
| | | master_lb_dns: "loadbalancer1.{{subdomain_base}}" |
| | | cloudapps_suffix: 'apps.{{subdomain_base}}' |
| | | openshift_master_ldap_ca_file: 'openshift_master_ldap_ca_file=/root/ca.crt' |
| | | # htpasswd / ldap / allow_all |
| | | install_idm: htpasswd |
| | | |
| | | ## If you are not part of GPTE you don't need this. |
| | | opentlc_integration: true |
| | | |
| | | ################################################################################ |
| | | #### GENERIC EXAMPLE |
| | | ################################################################################ |
| | | |
| | | install_common: true |
| | | install_nfs: true |
| | | install_bastion: false |
| | | env_authorized_key: "{{guid}}key" |
| | | set_env_authorized_key: true |
| | | software_to_deploy: "openshift" |
| | | ################################################################################ |
| | | #### OCP IMPLEMENATATION LAB |
| | | ################################################################################ |
| | | |
| | | repo_version: '3.7' |
| | | cloudapps_dns: '*.apps.{{subdomain_base}}.' |
| | | master_public_dns: "loadbalancer.{{subdomain_base}}." |
| | | |
| | | ################################################################################ |
| | | #### Common host variables |
| | | ################################################################################ |
| | | |
| | | update_packages: false |
| | | common_packages: |
| | | - python |
| | | - unzip |
| | | - bash-completion |
| | | - tmux |
| | | - bind-utils |
| | | - wget |
| | | - git |
| | | - vim-enhanced |
| | | - ansible |
| | | |
| | | rhel_repos: |
| | | - rhel-7-server-rpms |
| | | - rhel-7-server-extras-rpms |
| | | - rhel-7-server-ose-{{repo_version}}-rpms |
| | | |
| | | use_subscription_manager: false |
| | | use_own_repos: true |
| | | #rhn_pool_id_string: "Red Hat Enterprise Linux Server" |
| | | rhn_pool_id_string: OpenShift Container Platform |
| | | |
| | | ################################################################################ |
| | | #### nfs host settings |
| | | ################################################################################ |
| | | |
| | | nfs_vg: nfsvg |
| | | nfs_pvs: /dev/xvdb |
| | | nfs_export_path: /srv/nfs |
| | | nfs_size: 50 |
| | | |
| | | nfs_shares: |
| | | # - jenkins |
| | | # - nexus |
| | | |
| | | ################################################################################ |
| | | #### CLOUD PROVIDER: AWS SPECIFIC VARIABLES |
| | | ################################################################################ |
| | | |
| | | #### Route 53 Zone ID (AWS) |
| | | HostedZoneId: '' |
| | | key_name: '' |
| | | aws_region: us-east-1 |
| | | |
| | | admin_user: '' |
| | | admin_user_password: '' |
| | | |
| | | #### Connection Settings |
| | | ansible_ssh_user: ec2-user |
| | | remote_user: ec2-user |
| | | |
| | | #### Networking (AWS) |
| | | guid: defaultguid |
| | | subdomain_base_short: "{{ guid }}" |
| | | subdomain_base_suffix: ".example.opentlc.com" |
| | | subdomain_base: "{{subdomain_base_short}}{{subdomain_base_suffix}}" |
| | | tower_run: false |
| | | |
| | | #### Environment Sizing |
| | | |
| | | #bastion_instance_type: "t2.micro" |
| | | bastion_instance_type: "t2.small" |
| | | |
| | | support_instance_type: "t2.medium" |
| | | support_instance_count: 1 |
| | | |
| | | node_instance_type: "t2.large" |
| | | node_instance_count: 2 |
| | | |
| | | infranode_instance_type: "t2.large" |
| | | infranode_instance_count: 1 |
| | | |
| | | master_instance_type: "t2.large" |
| | | master_instance_count: 1 |
| | | |
| | | loadbalancer_instance_count: 1 |
| | | loadbalancer_instance_type: "t2.small" |
| | | |
| | | # scaleup |
| | | new_node_instance_count: 0 |
| | | |
| | | ansible_ssh_private_key_file: ~/.ssh/{{key_name}}.pem |
| | | |
| | | |
| | | #### VARIABLES YOU SHOULD ***NOT*** CONFIGURE FOR YOUR DEPLOYEMNT |
| | | #### You can, but you usually wouldn't need to. |
| | | |
| | | #### CLOUDFORMATIONS vars |
| | | |
| | | project_tag: "{{ env_type }}-{{ guid }}" |
| | | |
| | | docker_version: "1.12.6" |
| | | docker_device: /dev/xvdb |
| | | |
| | | create_internal_dns_entries: true |
| | | zone_internal_dns: "{{guid}}.internal." |
| | | chomped_zone_internal_dns: "{{guid}}.internal" |
| | | zone_public_dns: "{{subdomain_base}}." |
| | | |
| | | bastion_public_dns: "bastion.{{subdomain_base}}." |
| | | bastion_public_dns_chomped: "bastion.{{subdomain_base}}" |
| | | |
| | | |
| | | vpcid_cidr_block: "192.168.0.0/16" |
| | | vpcid_name_tag: "{{subdomain_base}}" |
| | | |
| | | # az_1_name: "{{ aws_region }}a" |
| | | # az_2_name: "{{ aws_region }}b" |
| | | # |
| | | # subnet_private_1_cidr_block: "192.168.2.0/24" |
| | | # subnet_private_1_az: "{{ az_2_name }}" |
| | | # subnet_private_1_name_tag: "{{subdomain_base}}-private" |
| | | # |
| | | # subnet_private_2_cidr_block: "192.168.1.0/24" |
| | | # subnet_private_2_az: "{{ az_1_name }}" |
| | | # subnet_private_2_name_tag: "{{subdomain_base}}-private" |
| | | # |
| | | # subnet_public_1_cidr_block: "192.168.10.0/24" |
| | | # subnet_public_1_az: "{{ az_1_name }}" |
| | | # subnet_public_1_name_tag: "{{subdomain_base}}-public" |
| | | # |
| | | # subnet_public_2_cidr_block: "192.168.20.0/24" |
| | | # subnet_public_2_az: "{{ az_2_name }}" |
| | | # subnet_public_2_name_tag: "{{subdomain_base}}-public" |
| | | |
| | | # dopt_domain_name: "{{ aws_region }}.compute.internal" |
| | | # |
| | | # rtb_public_name_tag: "{{subdomain_base}}-public" |
| | | # rtb_private_name_tag: "{{subdomain_base}}-private" |
| | | # |
| | | # cf_template_description: "{{ env_type }}-{{ guid }} template" |
| | | |
| | | rootfs_size_node: 50 |
| | | rootfs_size_infranode: 50 |
| | | rootfs_size_master: 50 |
| | | rootfs_size_bastion: 20 |
| | | rootfs_size_support: 20 |
| | | rootfs_size_loadbalancer: 20 |
| | | |
| | | security_groups: |
| | | - name: MasterSG |
| | | rules: |
| | | - name: DNS TCP |
| | | description: "TCP Ports for DNS" |
| | | from_port: 53 |
| | | to_port: 53 |
| | | protocol: tcp |
| | | cidr: "0.0.0.0/0" |
| | | - name: DNS UDP |
| | | description: "UDP Ports for DNS" |
| | | protocol: udp |
| | | from_port: 53 |
| | | to_port: 53 |
| | | cidr: "0.0.0.0/0" |
| | | - name: SDN |
| | | description: "SDN Communication" |
| | | from_port: 4789 |
| | | to_port: 4789 |
| | | protocol: udp |
| | | cidr: "0.0.0.0/0" |
| | | - name: HTTPS Access |
| | | description: "HTTPS Access" |
| | | protocol: tcp |
| | | from_port: 443 |
| | | to_port: 443 |
| | | cidr: "0.0.0.0/0" |
| | | - name: NodeSG |
| | | rules: |
| | | - name: Kubelet |
| | | description: "Kubelet for OC" |
| | | from_port: 10250 |
| | | to_port: 10250 |
| | | protocol: tcp |
| | | cidr: "0.0.0.0/0" |
| | | - name: SDN |
| | | description: "SDN Communication" |
| | | from_port: 4789 |
| | | to_port: 4789 |
| | | cidr: "0.0.0.0/0" |
| | | protocol: udp |
| | | |
| | | subnets: |
| | | - name: PublicSubnet |
| | | cidr: "192.168.2.0/24" |
| | | routing_table: true |
| | | - name: PrivateSubnet |
| | | cidr: "192.168.1.0/24" |
| | | routing_table: false # this could be wrong [sborenst] |
| | | |
| | | |
| | | instances: |
| | | - name: "bastion" |
| | | count: 1 |
| | | unique: true |
| | | public_dns: true |
| | | dns_loadbalancer: true |
| | | flavor: |
| | | "ec2": "{{bastion_instance_type}}" |
| | | tags: |
| | | - key: "AnsibleGroup" |
| | | value: "bastions" |
| | | - key: "ostype" |
| | | value: "linux" |
| | | rootfs_size: "{{ rootfs_size_bastion }}" |
| | | security_group: "PublicSG" |
| | | subnet: "PublicSubnet" |
| | | |
| | | - name: "loadbalancer" |
| | | count: "{{loadbalancer_instance_count}}" |
| | | public_dns: true |
| | | dns_loadbalancer: true |
| | | flavor: |
| | | "ec2": "{{loadbalancer_instance_type}}" |
| | | tags: |
| | | - key: "AnsibleGroup" |
| | | value: "loadbalancers" |
| | | - key: "ostype" |
| | | value: "linux" |
| | | rootfs_size: "{{ rootfs_size_loadbalancer }}" |
| | | security_group: "PublicSG" |
| | | subnet: "PublicSubnet" |
| | | |
| | | - name: "master" |
| | | count: "{{master_instance_count}}" |
| | | public_dns: false |
| | | dns_loadbalancer: false |
| | | flavor: |
| | | "ec2": "{{master_instance_type}}" |
| | | tags: |
| | | - key: "AnsibleGroup" |
| | | value: "masters" |
| | | - key: "ostype" |
| | | value: "linux" |
| | | rootfs_size: "{{ rootfs_size_master }}" |
| | | volumes: |
| | | - device_name: "{{docker_device}}" |
| | | volume_size: 20 |
| | | volume_type: gp2 |
| | | security_group: "PublicSG" |
| | | subnet: "PublicSubnet" |
| | | |
| | | - name: "node" |
| | | count: "{{node_instance_count}}" |
| | | public_dns: false |
| | | dns_loadbalancer: false |
| | | flavor: |
| | | "ec2": "{{node_instance_type}}" |
| | | tags: |
| | | - key: "AnsibleGroup" |
| | | value: "nodes" |
| | | - key: "ostype" |
| | | value: "linux" |
| | | rootfs_size: "{{ rootfs_size_node }}" |
| | | volumes: |
| | | - device_name: "{{docker_device}}" |
| | | volume_size: 100 |
| | | volume_type: gp2 |
| | | security_group: "PublicSG" |
| | | subnet: "PublicSubnet" |
| | | |
| | | - name: "infranode" |
| | | count: "{{infranode_instance_count}}" |
| | | public_dns: true |
| | | dns_loadbalancer: true |
| | | flavor: |
| | | "ec2": "{{infranode_instance_type}}" |
| | | tags: |
| | | - key: "AnsibleGroup" |
| | | value: "infranodes" |
| | | - key: "ostype" |
| | | value: "linux" |
| | | rootfs_size: "{{ rootfs_size_infranode }}" |
| | | volumes: |
| | | - device_name: "{{docker_device}}" |
| | | volume_size: 50 |
| | | volume_type: gp2 |
| | | security_group: "PublicSG" |
| | | subnet: "PublicSubnet" |
| | | |
| | | - name: "support" |
| | | count: "{{support_instance_count}}" |
| | | public_dns: false |
| | | dns_loadbalancer: false |
| | | flavor: |
| | | "ec2": "{{support_instance_type}}" |
| | | tags: |
| | | - key: "AnsibleGroup" |
| | | value: "support" |
| | | - key: "ostype" |
| | | value: "linux" |
| | | rootfs_size: "{{ rootfs_size_support }}" |
| | | volumes: |
| | | - device_name: "{{nfs_pvs}}" |
| | | volume_size: "{{nfs_size}}" |
| | | volume_type: gp2 |
| | | security_group: "PublicSG" |
| | | subnet: "PublicSubnet" |
New file |
| | |
| | | { |
| | | "AWSTemplateFormatVersion": "2010-09-09", |
| | | "Parameters": { }, |
| | | "Mappings": { |
| | | "RegionMapping": { |
| | | "us-east-1": { |
| | | "AMI": "ami-c998b6b2" |
| | | }, |
| | | "us-east-2": { |
| | | "AMI": "ami-0932686c" |
| | | }, |
| | | "us-west-1": { |
| | | "AMI": "ami-2cade64c" |
| | | }, |
| | | "us-west-2": { |
| | | "AMI": "ami-6f68cf0f" |
| | | }, |
| | | "eu-west-1": { |
| | | "AMI": "ami-02ace471" |
| | | }, |
| | | "eu-central-1": { |
| | | "AMI": "ami-e4c63e8b" |
| | | }, |
| | | "ap-northeast-1": { |
| | | "AMI": "ami-5de0433c" |
| | | }, |
| | | "ap-northeast-2": { |
| | | "AMI": "ami-44db152a" |
| | | }, |
| | | "ap-southeast-1": { |
| | | "AMI": "ami-2c95344f" |
| | | }, |
| | | "ap-southeast-2": { |
| | | "AMI": "ami-39ac915a" |
| | | }, |
| | | "sa-east-1": { |
| | | "AMI": "ami-7de77b11" |
| | | }, |
| | | "ap-south-1": { |
| | | "AMI": "ami-cdbdd7a2" |
| | | } |
| | | }, |
| | | "DNSMapping": { |
| | | "us-east-1": { |
| | | "domain": "us-east-1.compute.internal" |
| | | }, |
| | | "us-west-1": { |
| | | "domain": "us-west-1.compute.internal" |
| | | }, |
| | | "us-west-2": { |
| | | "domain": "us-west-2.compute.internal" |
| | | }, |
| | | "eu-west-1": { |
| | | "domain": "eu-west-1.compute.internal" |
| | | }, |
| | | "eu-central-1": { |
| | | "domain": "eu-central-1.compute.internal" |
| | | }, |
| | | "ap-northeast-1": { |
| | | "domain": "ap-northeast-1.compute.internal" |
| | | }, |
| | | "ap-northeast-2": { |
| | | "domain": "ap-northeast-2.compute.internal" |
| | | }, |
| | | "ap-southeast-1": { |
| | | "domain": "ap-southeast-1.compute.internal" |
| | | }, |
| | | "ap-southeast-2": { |
| | | "domain": "ap-southeast-2.compute.internal" |
| | | }, |
| | | "sa-east-1": { |
| | | "domain": "sa-east-1.compute.internal" |
| | | }, |
| | | "ap-south-1": { |
| | | "domain": "ap-south-1.compute.internal" |
| | | } |
| | | } |
| | | }, |
| | | "Resources": { |
| | | "Vpc": { |
| | | "Type": "AWS::EC2::VPC", |
| | | "Properties": { |
| | | "CidrBlock": "192.199.0.0/16", |
| | | "EnableDnsSupport": "true", |
| | | "EnableDnsHostnames": "true", |
| | | "Tags": [ |
| | | { |
| | | "Key": "Name", |
| | | "Value": "{{vpcid_name_tag}}" |
| | | }, |
| | | { |
| | | "Key": "Hostlication", |
| | | "Value": { |
| | | "Ref": "AWS::StackId" |
| | | } |
| | | } |
| | | ] |
| | | } |
| | | }, |
| | | "VpcInternetGateway": { |
| | | "Type": "AWS::EC2::InternetGateway", |
| | | "Properties": {} |
| | | }, |
| | | "VpcGA": { |
| | | "Type": "AWS::EC2::VPCGatewayAttachment", |
| | | "Properties": { |
| | | "InternetGatewayId": { |
| | | "Ref": "VpcInternetGateway" |
| | | }, |
| | | "VpcId": { |
| | | "Ref": "Vpc" |
| | | } |
| | | } |
| | | }, |
| | | "VpcRouteTable": { |
| | | "Type": "AWS::EC2::RouteTable", |
| | | "Properties": { |
| | | "VpcId": { |
| | | "Ref": "Vpc" |
| | | } |
| | | } |
| | | }, |
| | | "VPCRouteInternetGateway": { |
| | | "DependsOn" : "VpcGA", |
| | | "Type": "AWS::EC2::Route", |
| | | "Properties": { |
| | | "GatewayId": { |
| | | "Ref": "VpcInternetGateway" |
| | | }, |
| | | "DestinationCidrBlock": "0.0.0.0/0", |
| | | "RouteTableId": { |
| | | "Ref": "VpcRouteTable" |
| | | } |
| | | } |
| | | }, |
| | | "PublicSubnet": { |
| | | "Type": "AWS::EC2::Subnet", |
| | | "DependsOn": [ |
| | | "Vpc" |
| | | ], |
| | | "Properties": { |
| | | "CidrBlock": "192.199.0.0/24", |
| | | "Tags": [ |
| | | { |
| | | "Key": "Name", |
| | | "Value": "{{project_tag}}" |
| | | }, |
| | | { |
| | | "Key": "Hostlication", |
| | | "Value": { |
| | | "Ref": "AWS::StackId" |
| | | } |
| | | } |
| | | ], |
| | | "MapPublicIpOnLaunch": "true", |
| | | "VpcId": { |
| | | "Ref": "Vpc" |
| | | } |
| | | } |
| | | }, |
| | | "PublicSubnetRTA": { |
| | | "Type": "AWS::EC2::SubnetRouteTableAssociation", |
| | | "Properties": { |
| | | "RouteTableId": { |
| | | "Ref": "VpcRouteTable" |
| | | }, |
| | | "SubnetId": { |
| | | "Ref": "PublicSubnet" |
| | | } |
| | | } |
| | | }, |
| | | "HostSG": { |
| | | "Type": "AWS::EC2::SecurityGroup", |
| | | "Properties": { |
| | | "GroupDescription": "Host", |
| | | "VpcId": { |
| | | "Ref": "Vpc" |
| | | }, |
| | | "Tags": [ |
| | | { |
| | | "Key": "Name", |
| | | "Value": "host_sg" |
| | | } |
| | | ] |
| | | } |
| | | }, |
| | | "HostUDPPorts": { |
| | | "Type": "AWS::EC2::SecurityGroupIngress", |
| | | "Properties": { |
| | | "GroupId": { |
| | | "Fn::GetAtt": [ |
| | | "HostSG", |
| | | "GroupId" |
| | | ] |
| | | }, |
| | | "IpProtocol": "udp", |
| | | "FromPort": "0", |
| | | "ToPort": "65535", |
| | | "CidrIp": "0.0.0.0/0" |
| | | } |
| | | }, |
| | | "HostTCPPorts": { |
| | | "Type": "AWS::EC2::SecurityGroupIngress", |
| | | "Properties": { |
| | | "GroupId": { |
| | | "Fn::GetAtt": [ |
| | | "HostSG", |
| | | "GroupId" |
| | | ] |
| | | }, |
| | | "IpProtocol": "tcp", |
| | | "FromPort": "0", |
| | | "ToPort": "65535", |
| | | "CidrIp": "0.0.0.0/0" |
| | | } |
| | | }, |
| | | "zoneinternalidns": { |
| | | "Type": "AWS::Route53::HostedZone", |
| | | "Properties": { |
| | | "Name": "{{ zone_internal_dns }}", |
| | | "VPCs" : [{ |
| | | "VPCId": { "Ref" : "Vpc" }, |
| | | "VPCRegion": { "Ref": "AWS::Region" } } ], |
| | | "HostedZoneConfig": { |
| | | "Comment": "Created By ansible agnostic deployer" |
| | | } |
| | | } |
| | | }, |
| | | "BastionDNS": { |
| | | "Type": "AWS::Route53::RecordSetGroup", |
| | | "DependsOn": [ "BastionEIP" ], |
| | | "Properties": { |
| | | "HostedZoneId": "{{HostedZoneId}}", |
| | | "RecordSets": [ |
| | | { |
| | | "Name": "{{bastion_public_dns}}", |
| | | "Type": "A", |
| | | "TTL": "10", |
| | | "ResourceRecords": [ |
| | | { |
| | | "Fn::GetAtt": [ |
| | | "Bastion", |
| | | "PublicIp" |
| | | ] |
| | | } |
| | | ] |
| | | } |
| | | ] |
| | | } |
| | | }, |
| | | "LoadBalancerDNS": { |
| | | "Type": "AWS::Route53::RecordSetGroup", |
| | | "DependsOn": [ "LoadBalancerEIP" ], |
| | | |
| | | "Properties": { |
| | | "HostedZoneId": "{{HostedZoneId}}", |
| | | "RecordSets": [ |
| | | { |
| | | "Name": "loadbalancer.{{subdomain_base}}", |
| | | "Type": "A", |
| | | "TTL": "10", |
| | | "ResourceRecords": [ |
| | | { |
| | | "Fn::GetAtt": [ |
| | | "LoadBalancer", |
| | | "PublicIp" |
| | | ] |
| | | } |
| | | ] |
| | | } |
| | | ] |
| | | } |
| | | }, |
| | | "CloudDNS": { |
| | | "Type": "AWS::Route53::RecordSetGroup", |
| | | "DependsOn": "infranode{{infranode_instance_count}}EIP", |
| | | "Properties": { |
| | | "HostedZoneId": "{{HostedZoneId}}", |
| | | "RecordSets": [ |
| | | { |
| | | "Name" : "{{cloudapps_dns}}", |
| | | "Type" : "A", |
| | | "TTL" : "900", |
| | | "ResourceRecords" : [ |
| | | {% for c in range(1,(infranode_instance_count|int)+1) %} |
| | | |
| | | { "Fn::GetAtt": [ "infranode{{loop.index}}", "PublicIp" ] }{% if loop.index < infranode_instance_count %},{% endif %} |
| | | |
| | | {% endfor %} |
| | | ]}] |
| | | }}, |
| | | "Bastion": { |
| | | "Type": "AWS::EC2::Instance", |
| | | "Properties": { |
| | | "ImageId": { |
| | | "Fn::FindInMap": [ |
| | | "RegionMapping", |
| | | { |
| | | "Ref": "AWS::Region" |
| | | }, |
| | | "AMI" |
| | | ] |
| | | }, |
| | | "InstanceType": "{{bastion_instance_type}}", |
| | | "KeyName": "{{key_name}}", |
| | | "SecurityGroupIds": [ |
| | | { |
| | | "Fn::GetAtt": [ |
| | | "HostSG", |
| | | "GroupId" |
| | | ] |
| | | } |
| | | ], |
| | | "SubnetId": { |
| | | "Ref": "PublicSubnet" |
| | | }, |
| | | "Tags": [ |
| | | { |
| | | "Key": "Name", |
| | | "Value": "bastion" |
| | | }, |
| | | { |
| | | "Key": "AnsibleGroup", |
| | | "Value": "bastions" |
| | | }, |
| | | { |
| | | "Key": "Project", |
| | | "Value": "{{project_tag}}" |
| | | }, |
| | | { |
| | | "Key": "{{ project_tag }}", |
| | | "Value": "bastion" |
| | | }, |
| | | { |
| | | "Key": "owner", |
| | | "Value": "{{ email | default('unknown')}}" |
| | | } |
| | | ], |
| | | "BlockDeviceMappings": [ |
| | | { |
| | | "DeviceName": "/dev/sda1", |
| | | "Ebs": { |
| | | "VolumeSize": {{ rootfs_size_bastion }} |
| | | } |
| | | } |
| | | ] |
| | | } |
| | | }, |
| | | "BastionEIP" : { |
| | | "Type" : "AWS::EC2::EIP", |
| | | "DependsOn": ["VpcGA"], |
| | | "Properties" : { |
| | | "InstanceId" : { |
| | | "Ref" : "Bastion" |
| | | } |
| | | } |
| | | }, |
| | | "BastionInternalDNS": { |
| | | "Type": "AWS::Route53::RecordSetGroup", |
| | | "Properties": { |
| | | "HostedZoneId" : { "Ref" : "zoneinternalidns" }, |
| | | |
| | | "RecordSets": [ |
| | | { |
| | | "Name": "bastion.{{zone_internal_dns}}", |
| | | "Type": "A", |
| | | "TTL": "10", |
| | | "ResourceRecords": [ |
| | | { |
| | | "Fn::GetAtt": [ |
| | | "Bastion", |
| | | "PrivateIp" |
| | | ] |
| | | } |
| | | ] |
| | | } |
| | | ] |
| | | } |
| | | }, |
| | | "LoadBalancer": { |
| | | "Type": "AWS::EC2::Instance", |
| | | "Properties": { |
| | | "ImageId": { |
| | | "Fn::FindInMap": [ |
| | | "RegionMapping", |
| | | { |
| | | "Ref": "AWS::Region" |
| | | }, |
| | | "AMI" |
| | | ] |
| | | }, |
| | | "InstanceType": "{{loadbalancer_instance_type}}", |
| | | "KeyName": "{{key_name}}", |
| | | "SecurityGroupIds": [ |
| | | { |
| | | "Fn::GetAtt": [ |
| | | "HostSG", |
| | | "GroupId" |
| | | ] |
| | | } |
| | | ], |
| | | "SubnetId": { |
| | | "Ref": "PublicSubnet" |
| | | }, |
| | | "Tags": [ |
| | | { |
| | | "Key": "Name", |
| | | "Value": "loadbalancer" |
| | | }, |
| | | { |
| | | "Key": "AnsibleGroup", |
| | | "Value": "loadbalancers" |
| | | }, |
| | | { |
| | | "Key": "Project", |
| | | "Value": "{{project_tag}}" |
| | | }, |
| | | { |
| | | "Key": "{{ project_tag }}", |
| | | "Value": "loadbalancer" |
| | | }, |
| | | { |
| | | "Key": "owner", |
| | | "Value": "{{ email | default('unknown')}}" |
| | | } |
| | | ] |
| | | } |
| | | }, |
| | | "LoadBalancerEIP" : { |
| | | "Type" : "AWS::EC2::EIP", |
| | | "DependsOn": [ "VpcGA" ], |
| | | "Properties" : { |
| | | "InstanceId" : { "Ref" : "LoadBalancer" } |
| | | } |
| | | }, |
| | | "LoadBalancerInternalDNS": { |
| | | "Type": "AWS::Route53::RecordSetGroup", |
| | | "Properties": { |
| | | "HostedZoneId" : { "Ref" : "zoneinternalidns" }, |
| | | |
| | | "RecordSets": [ |
| | | { |
| | | "Name": "loadbalancer1.{{zone_internal_dns}}", |
| | | "Type": "A", |
| | | "TTL": "10", |
| | | "ResourceRecords": [ |
| | | { |
| | | "Fn::GetAtt": [ |
| | | "LoadBalancer", |
| | | "PrivateIp" |
| | | ] |
| | | } |
| | | ] |
| | | } |
| | | ] |
| | | } |
| | | }, |
| | | {% for c in range(1,(master_instance_count|int)+1) %} |
| | | |
| | | "master{{c}}": { |
| | | "Type": "AWS::EC2::Instance", |
| | | "Properties": { |
| | | "ImageId": { |
| | | "Fn::FindInMap": [ |
| | | "RegionMapping", |
| | | { |
| | | "Ref": "AWS::Region" |
| | | }, |
| | | "AMI" |
| | | ] |
| | | }, |
| | | "InstanceType": "{{master_instance_type}}", |
| | | "KeyName": "{{key_name}}", |
| | | "SecurityGroupIds": [ |
| | | { |
| | | "Fn::GetAtt": [ |
| | | "HostSG", |
| | | "GroupId" |
| | | ] |
| | | } |
| | | ], |
| | | |
| | | "SubnetId": { |
| | | "Ref": "PublicSubnet" |
| | | }, |
| | | "Tags": [ |
| | | { |
| | | "Key": "Name", |
| | | "Value": "master{{loop.index}}" |
| | | }, |
| | | { |
| | | "Key": "AnsibleGroup", |
| | | "Value": "masters" |
| | | }, |
| | | { |
| | | "Key": "Project", |
| | | "Value": "{{project_tag}}" |
| | | }, |
| | | { |
| | | "Key": "{{ project_tag }}", |
| | | "Value": "master" |
| | | }, |
| | | { |
| | | "Key": "owner", |
| | | "Value": "{{ email | default('unknown')}}" |
| | | } |
| | | ], |
| | | "BlockDeviceMappings": [ |
| | | { |
| | | "DeviceName": "/dev/sda1", |
| | | "Ebs": { |
| | | "VolumeSize": {{ rootfs_size_master }} |
| | | } |
| | | }, |
| | | { |
| | | "DeviceName": "{{ docker_device }}", |
| | | "Ebs": { |
| | | "VolumeType": "gp2", |
| | | "VolumeSize": 20 |
| | | } |
| | | } |
| | | ] |
| | | } |
| | | }, |
| | | "master{{loop.index}}DNS": { |
| | | "Type": "AWS::Route53::RecordSetGroup", |
| | | "Properties": { |
| | | "HostedZoneId" : { "Ref" : "zoneinternalidns" }, |
| | | |
| | | "RecordSets": [ |
| | | { |
| | | "Name": "master{{loop.index}}.{{zone_internal_dns}}", |
| | | "Type": "A", |
| | | "TTL": "10", |
| | | "ResourceRecords": [ |
| | | { |
| | | "Fn::GetAtt": [ |
| | | "master{{loop.index}}", |
| | | "PrivateIp" |
| | | ] |
| | | } |
| | | ] |
| | | } |
| | | ] |
| | | } |
| | | }, |
| | | {% endfor %} |
| | | |
| | | |
| | | {% for c in range(1,(node_instance_count|int)+1) %} |
| | | |
| | | "node{{loop.index}}": { |
| | | "Type": "AWS::EC2::Instance", |
| | | "Properties": { |
| | | "ImageId": { |
| | | "Fn::FindInMap": [ |
| | | "RegionMapping", |
| | | { |
| | | "Ref": "AWS::Region" |
| | | }, |
| | | "AMI" |
| | | ] |
| | | }, |
| | | "InstanceType": "{{node_instance_type}}", |
| | | "KeyName": "{{key_name}}", |
| | | "SecurityGroupIds": [ |
| | | { |
| | | "Fn::GetAtt": [ |
| | | "HostSG", |
| | | "GroupId" |
| | | ] |
| | | } |
| | | ], |
| | | "SubnetId": { |
| | | "Ref": "PublicSubnet" |
| | | }, |
| | | "Tags": [ |
| | | { |
| | | "Key": "Name", |
| | | "Value": "node{{loop.index}}" |
| | | }, |
| | | { |
| | | "Key": "AnsibleGroup", |
| | | "Value": "nodes" |
| | | }, |
| | | { |
| | | "Key": "Project", |
| | | "Value": "{{project_tag}}" |
| | | }, |
| | | { |
| | | "Key": "{{ project_tag }}", |
| | | "Value": "node" |
| | | }, |
| | | { |
| | | "Key": "owner", |
| | | "Value": "{{ email | default('unknown')}}" |
| | | } |
| | | ], |
| | | "BlockDeviceMappings": [ |
| | | { |
| | | "DeviceName": "/dev/sda1", |
| | | "Ebs": { |
| | | "VolumeSize": {{ rootfs_size_node }} |
| | | } |
| | | }, |
| | | { |
| | | "DeviceName": "{{ docker_device }}", |
| | | "Ebs": { |
| | | "VolumeType": "gp2", |
| | | "VolumeSize": 100 |
| | | } |
| | | } |
| | | ] |
| | | } |
| | | |
| | | }, |
| | | |
| | | "node{{loop.index}}DNS": { |
| | | "Type": "AWS::Route53::RecordSetGroup", |
| | | "Properties": { |
| | | "HostedZoneId" : { "Ref" : "zoneinternalidns" }, |
| | | |
| | | "RecordSets": [ |
| | | { |
| | | "Name": "node{{loop.index}}.{{zone_internal_dns}}", |
| | | "Type": "A", |
| | | "TTL": "10", |
| | | "ResourceRecords": [ |
| | | { |
| | | "Fn::GetAtt": [ |
| | | "node{{loop.index}}", |
| | | "PrivateIp" |
| | | ] |
| | | } |
| | | ] |
| | | } |
| | | ] |
| | | } |
| | | }, |
| | | {% endfor %} |
| | | |
| | | |
| | | |
| | | {% for c in range(1,(infranode_instance_count|int)+1) %} |
| | | |
| | | |
| | | "infranode{{loop.index}}": { |
| | | "Type": "AWS::EC2::Instance", |
| | | "Properties": { |
| | | "ImageId": { |
| | | "Fn::FindInMap": [ |
| | | "RegionMapping", |
| | | { |
| | | "Ref": "AWS::Region" |
| | | }, |
| | | "AMI" |
| | | ] |
| | | }, |
| | | "InstanceType": "{{infranode_instance_type}}", |
| | | "KeyName": "{{key_name}}", |
| | | "SecurityGroupIds": [ |
| | | { |
| | | "Fn::GetAtt": [ |
| | | "HostSG", |
| | | "GroupId" |
| | | ] |
| | | } |
| | | ], |
| | | "SubnetId": { |
| | | "Ref": "PublicSubnet" |
| | | }, |
| | | "Tags": [ |
| | | { |
| | | "Key": "Name", |
| | | "Value": "infranode{{loop.index}}" |
| | | }, |
| | | { |
| | | "Key": "AnsibleGroup", |
| | | "Value": "infranodes" |
| | | }, |
| | | { |
| | | "Key": "Project", |
| | | "Value": "{{project_tag}}" |
| | | }, |
| | | { |
| | | "Key": "{{ project_tag }}", |
| | | "Value": "infranode" |
| | | }, |
| | | { |
| | | "Key": "owner", |
| | | "Value": "{{ email | default('unknown')}}" |
| | | } |
| | | ], |
| | | "BlockDeviceMappings": [ |
| | | { |
| | | "DeviceName": "/dev/sda1", |
| | | "Ebs": { |
| | | "VolumeSize": {{ rootfs_size_infranode }} |
| | | } |
| | | }, |
| | | { |
| | | "DeviceName": "{{ docker_device }}", |
| | | "Ebs": { |
| | | "VolumeType": "gp2", |
| | | "VolumeSize": 50 |
| | | } |
| | | } |
| | | ] |
| | | } |
| | | |
| | | }, |
| | | "infranode{{loop.index}}EIP" : { |
| | | "Type" : "AWS::EC2::EIP", |
| | | "DependsOn": [ "VpcGA" ], |
| | | "Properties" : { |
| | | "InstanceId" : { "Ref" : "infranode{{loop.index}}" } |
| | | } |
| | | }, |
| | | "infranode{{loop.index}}DNS": { |
| | | "Type": "AWS::Route53::RecordSetGroup", |
| | | "Properties": { |
| | | "HostedZoneId" : { "Ref" : "zoneinternalidns" }, |
| | | |
| | | "RecordSets": [ |
| | | { |
| | | "Name": "infranode{{loop.index}}.{{zone_internal_dns}}", |
| | | "Type": "A", |
| | | "TTL": "10", |
| | | "ResourceRecords": [ |
| | | { |
| | | "Fn::GetAtt": [ |
| | | "infranode{{loop.index}}", |
| | | "PrivateIp" |
| | | ] |
| | | } |
| | | ] |
| | | } |
| | | ] |
| | | } |
| | | }, |
| | | |
| | | {% endfor %} |
| | | |
| | | |
| | | |
| | | {% for c in range(1,(support_instance_count|int)+1) %} |
| | | "support{{loop.index}}": { |
| | | "Type": "AWS::EC2::Instance", |
| | | "Properties": { |
| | | "ImageId": { |
| | | "Fn::FindInMap": [ |
| | | "RegionMapping", |
| | | { |
| | | "Ref": "AWS::Region" |
| | | }, |
| | | "AMI" |
| | | ] |
| | | }, |
| | | "InstanceType": "{{support_instance_type}}", |
| | | "KeyName": "{{key_name}}", |
| | | "SecurityGroupIds": [ |
| | | { |
| | | "Fn::GetAtt": [ |
| | | "HostSG", |
| | | "GroupId" |
| | | ] |
| | | } |
| | | ], |
| | | "SubnetId": { |
| | | "Ref": "PublicSubnet" |
| | | }, |
| | | "Tags": [ |
| | | { |
| | | "Key": "Name", |
| | | "Value": "support{{loop.index}}" |
| | | }, |
| | | { |
| | | "Key": "AnsibleGroup", |
| | | "Value": "support" |
| | | }, |
| | | { |
| | | "Key": "Project", |
| | | "Value": "{{project_tag}}" |
| | | }, |
| | | { |
| | | "Key": "{{ project_tag }}", |
| | | "Value": "support" |
| | | }, |
| | | { |
| | | "Key": "owner", |
| | | "Value": "{{ email | default('unknown')}}" |
| | | } |
| | | ], |
| | | "BlockDeviceMappings": [ |
| | | { |
| | | "DeviceName": "/dev/sda1", |
| | | "Ebs": { |
| | | "VolumeSize": {{ rootfs_size_support }} |
| | | } |
| | | }, |
| | | { |
| | | "DeviceName": "{{ nfs_pvs }}", |
| | | "Ebs": { |
| | | "VolumeType": "gp2", |
| | | "VolumeSize": {{ nfs_size }} |
| | | } |
| | | } |
| | | ] |
| | | } |
| | | |
| | | }, |
| | | "support{{loop.index}}DNS": { |
| | | "Type": "AWS::Route53::RecordSetGroup", |
| | | "Properties": { |
| | | "HostedZoneId" : { "Ref" : "zoneinternalidns" }, |
| | | |
| | | "RecordSets": [ |
| | | { |
| | | "Name": "support{{loop.index}}.{{zone_internal_dns}}", |
| | | "Type": "A", |
| | | "TTL": "10", |
| | | "ResourceRecords": [ |
| | | { |
| | | "Fn::GetAtt": [ |
| | | "support{{loop.index}}", |
| | | "PrivateIp" |
| | | ] |
| | | } |
| | | ] |
| | | } |
| | | ] |
| | | } |
| | | }, |
| | | {% endfor %} |
| | | |
| | | }, |
| | | "Outputs": { |
| | | "Route53internalzoneOutput": { |
| | | "Description": "The ID of the internal route 53 zone", |
| | | "Value": { |
| | | "Ref": "zoneinternalidns" |
| | | } |
| | | } |
| | | }} |
New file |
| | |
| | | --- |
| | | AWSTemplateFormatVersion: "2010-09-09" |
| | | Mappings: |
| | | RegionMapping: |
| | | us-east-1: |
| | | RHELAMI: ami-c998b6b2 |
| | | us-east-2: |
| | | RHELAMI: ami-cfdafaaa |
| | | us-west-1: |
| | | RHELAMI: ami-66eec506d |
| | | us-west-2: |
| | | RHELAMI: ami-9fa343e7 |
| | | eu-west-1: |
| | | RHELAMI: ami-bb9a6bc2 |
| | | eu-central-1: |
| | | RHELAMI: ami-d74be5b8 |
| | | ap-northeast-1: |
| | | RHELAMI: ami-30ef0556 |
| | | ap-northeast-2: |
| | | RHELAMI: ami-0f5a8361 |
| | | ap-southeast-1: |
| | | RHELAMI: ami-10bb2373 |
| | | ap-southeast-2: |
| | | RHELAMI: ami-ccecf5af |
| | | sa-east-1: |
| | | RHELAMI: ami-a789ffcb |
| | | ap-south-1: |
| | | RHELAMI: ami-cdbdd7a2 |
| | | DNSMapping: |
| | | us-east-1: |
| | | domain: "us-east-1.compute.internal" |
| | | us-west-1: |
| | | domain: "us-west-1.compute.internal" |
| | | us-west-2: |
| | | domain: "us-west-2.compute.internal" |
| | | eu-west-1: |
| | | domain: "eu-west-1.compute.internal" |
| | | eu-central-1: |
| | | domain: "eu-central-1.compute.internal" |
| | | ap-northeast-1: |
| | | domain: "ap-northeast-1.compute.internal" |
| | | ap-northeast-2: |
| | | domain: "ap-northeast-2.compute.internal" |
| | | ap-southeast-1: |
| | | domain: "ap-southeast-1.compute.internal" |
| | | ap-southeast-2: |
| | | domain: "ap-southeast-2.compute.internal" |
| | | sa-east-1: |
| | | domain: "sa-east-1.compute.internal" |
| | | ap-south-1: |
| | | domain: "ap-south-1.compute.internal" |
| | | |
| | | Resources: |
| | | Vpc: |
| | | Type: "AWS::EC2::VPC" |
| | | Properties: |
| | | CidrBlock: "{{vpcid_cidr_block}}" |
| | | EnableDnsSupport: true |
| | | EnableDnsHostnames: true |
| | | Tags: |
| | | - Key: Name |
| | | Value: "{{vpcid_name_tag}}" |
| | | - Key: Hostlication |
| | | Value: |
| | | Ref: "AWS::StackId" |
| | | |
| | | VpcInternetGateway: |
| | | Type: "AWS::EC2::InternetGateway" |
| | | |
| | | VpcGA: |
| | | Type: "AWS::EC2::VPCGatewayAttachment" |
| | | Properties: |
| | | InternetGatewayId: |
| | | Ref: VpcInternetGateway |
| | | VpcId: |
| | | Ref: Vpc |
| | | |
| | | VpcRouteTable: |
| | | Type: "AWS::EC2::RouteTable" |
| | | Properties: |
| | | VpcId: |
| | | Ref: Vpc |
| | | |
| | | VPCRouteInternetGateway: |
| | | DependsOn: VpcGA |
| | | Type: "AWS::EC2::Route" |
| | | Properties: |
| | | GatewayId: |
| | | Ref: VpcInternetGateway |
| | | DestinationCidrBlock: "0.0.0.0/0" |
| | | RouteTableId: |
| | | Ref: VpcRouteTable |
| | | |
| | | {% for subnet in subnets %} |
| | | {{subnet['name']}}: |
| | | Type: "AWS::EC2::Subnet" |
| | | DependsOn: |
| | | - Vpc |
| | | Properties: |
| | | CidrBlock: "{{subnet['cidr']}}" |
| | | Tags: |
| | | - Key: Name |
| | | Value: "{{project_tag}}" |
| | | MapPublicIpOnLaunch: true |
| | | VpcId: |
| | | Ref: Vpc |
| | | {% endfor %} |
| | | |
| | | PublicSubnetRTA: |
| | | Type: "AWS::EC2::SubnetRouteTableAssociation" |
| | | Properties: |
| | | RouteTableId: |
| | | Ref: VpcRouteTable |
| | | SubnetId: |
| | | Ref: PublicSubnet |
| | | |
| | | {% for security_group in security_groups %} |
| | | {{security_group['name']}}: |
| | | Type: "AWS::EC2::SecurityGroup" |
| | | Properties: |
| | | GroupDescription: Host |
| | | VpcId: |
| | | Ref: Vpc |
| | | Tags: |
| | | - Key: Name |
| | | Value: "{{security_group['name']}}" |
| | | {% endfor %} |
| | | |
| | | {% for security_group in security_groups %} |
| | | {% for rule in security_group['rules'] %} |
| | | {{security_group['name']}}{{rule['name']}}: |
| | | Type: "AWS::EC2::SecurityGroupIngress" |
| | | Properties: |
| | | GroupId: |
| | | Fn::GetAtt: |
| | | - "{{security_group['name']}}" |
| | | - GroupId |
| | | IpProtocol: "{{rule['protocol']}}" |
| | | FromPort: "{{rule['from_port']}}" |
| | | ToPort: "{{rule['to_port']}}" |
| | | CidrIp: "{{rule['cidr']}}" |
| | | {% endfor %} |
| | | {% endfor %} |
| | | |
| | | |
| | | # PublicSG: |
| | | # Type: "AWS::EC2::SecurityGroup" |
| | | # Properties: |
| | | # GroupDescription: Host |
| | | # VpcId: |
| | | # Ref: Vpc |
| | | # Tags: |
| | | # - Key: Name |
| | | # Value: host_sg |
| | | # |
| | | # HostUDPPorts: |
| | | # Type: "AWS::EC2::SecurityGroupIngress" |
| | | # Properties: |
| | | # GroupId: |
| | | # Fn::GetAtt: |
| | | # - PublicSG |
| | | # - GroupId |
| | | # IpProtocol: udp |
| | | # FromPort: 0 |
| | | # ToPort: 65535 |
| | | # CidrIp: "0.0.0.0/0" |
| | | # |
| | | # HostTCPPorts: |
| | | # Type: "AWS::EC2::SecurityGroupIngress" |
| | | # Properties: |
| | | # GroupId: |
| | | # Fn::GetAtt: |
| | | # - PublicSG |
| | | # - GroupId |
| | | # IpProtocol: tcp |
| | | # FromPort: 0 |
| | | # ToPort: 65535 |
| | | # CidrIp: "0.0.0.0/0" |
| | | # |
| | | # zoneinternalidns: |
| | | # Type: "AWS::Route53::HostedZone" |
| | | # Properties: |
| | | # Name: "{{ zone_internal_dns }}" |
| | | # VPCs: |
| | | # - VPCId: |
| | | # Ref: Vpc |
| | | # VPCRegion: |
| | | # Ref: "AWS::Region" |
| | | # HostedZoneConfig: |
| | | # Comment: "Created By ansible agnostic deployer" |
| | | # |
| | | # CloudDNS: |
| | | # Type: AWS::Route53::RecordSetGroup |
| | | # DependsOn: |
| | | # {% for c in range(1,(infranode_instance_count|int)+1) %} |
| | | # - "infranode{{loop.index}}EIP" |
| | | # {% endfor %} |
| | | # Properties: |
| | | # HostedZoneId: "{{HostedZoneId}}" |
| | | # RecordSets: |
| | | # - Name: "{{cloudapps_dns}}" |
| | | # Type: A |
| | | # TTL: 900 |
| | | # ResourceRecords: |
| | | # {% for c in range(1,(infranode_instance_count|int)+1) %} |
| | | # - Fn::GetAtt: |
| | | # - infranode{{loop.index}} |
| | | # - PublicIp |
| | | # {% endfor %} |
| | | # |
| | | # {% for instance in instances %} |
| | | # {% if instance['dns_loadbalancer']|d(false)|bool and not instance['unique']|d(false)|bool %} |
| | | # {{instance['name']}}DNSLoadBalancer: |
| | | # Type: "AWS::Route53::RecordSetGroup" |
| | | # DependsOn: |
| | | # {% for c in range(1, (instance['count']|int)+1) %} |
| | | # - {{instance['name']}}{{c}}EIP |
| | | # {% endfor %} |
| | | # Properties: |
| | | # HostedZoneId: {{HostedZoneId}} |
| | | # RecordSets: |
| | | # - Name: "{{instance['name']}}.{{subdomain_base}}." |
| | | # Type: A |
| | | # TTL: 900 |
| | | # ResourceRecords: |
| | | # {% for c in range(1,(instance['count'] |int)+1) %} |
| | | # - "Fn::GetAtt": |
| | | # - {{instance['name']}}{{c}} |
| | | # - PublicIp |
| | | # {% endfor %} |
| | | # {% endif %} |
| | | # |
| | | # {% for c in range(1,(instance['count'] |int)+1) %} |
| | | # {{instance['name']}}{{loop.index}}: |
| | | # Type: "AWS::EC2::Instance" |
| | | # Properties: |
| | | # ImageId: |
| | | # Fn::FindInMap: |
| | | # - RegionMapping |
| | | # - Ref: AWS::Region |
| | | # - {{ instance['image_id'] | default('RHELAMI') }} |
| | | # InstanceType: "{{instance['flavor'][cloud_provider]}}" |
| | | # KeyName: "{{instance['key_name'] | default(key_name)}}" |
| | | # {% if instance['UserData'] is defined %} |
| | | # {{instance['UserData']}} |
| | | # {% endif %} |
| | | # SecurityGroupIds: |
| | | # - "Fn::GetAtt": |
| | | # - {{instance['security_group']}} |
| | | # - GroupId |
| | | # SubnetId: |
| | | # Ref: {{instance['subnet']}} |
| | | # Tags: |
| | | # {% if instance['unique'] | d(false) | bool %} |
| | | # - Key: Name |
| | | # Value: {{instance['name']}} |
| | | # - Key: internaldns |
| | | # Value: {{instance['name']}}.{{chomped_zone_internal_dns}} |
| | | # {% else %} |
| | | # - Key: Name |
| | | # Value: {{instance['name']}}{{loop.index}} |
| | | # - Key: internaldns |
| | | # Value: {{instance['name']}}{{loop.index}}.{{chomped_zone_internal_dns}} |
| | | # {% endif %} |
| | | # - Key: "owner" |
| | | # Value: "{{ email | default('unknownuser') }}" |
| | | # - Key: "Project" |
| | | # Value: "{{project_tag}}" |
| | | # - Key: "{{project_tag}}" |
| | | # Value: "{{ instance['name'] }}" |
| | | # {% for tag in instance['tags'] %} |
| | | # - Key: {{tag['key']}} |
| | | # Value: {{tag['value']}} |
| | | # {% endfor %} |
| | | # BlockDeviceMappings: |
| | | # - DeviceName: "/dev/sda1" |
| | | # Ebs: |
| | | # VolumeSize: {{ instance['rootfs_size'] | default('50') }} |
| | | # {% for vol in instance['volumes']|default([]) %} |
| | | # - DeviceName: "{{ vol['device_name'] }}" |
| | | # Ebs: |
| | | # VolumeType: "{{ vol['volume_type'] | d('gp2') }}" |
| | | # VolumeSize: "{{ vol['volume_size'] | d('20') }}" |
| | | # {% endfor %} |
| | | # |
| | | # {{instance['name']}}{{loop.index}}InternalDNS: |
| | | # Type: "AWS::Route53::RecordSetGroup" |
| | | # Properties: |
| | | # HostedZoneId: |
| | | # Ref: zoneinternalidns |
| | | # RecordSets: |
| | | # {% if instance['unique'] | d(false) | bool %} |
| | | # - Name: "{{instance['name']}}.{{zone_internal_dns}}" |
| | | # {% else %} |
| | | # - Name: "{{instance['name']}}{{loop.index}}.{{zone_internal_dns}}" |
| | | # {% endif %} |
| | | # Type: A |
| | | # TTL: 10 |
| | | # ResourceRecords: |
| | | # - "Fn::GetAtt": |
| | | # - {{instance['name']}}{{loop.index}} |
| | | # - PrivateIp |
| | | # |
| | | # {% if instance['public_dns'] %} |
| | | # {{instance['name']}}{{loop.index}}EIP: |
| | | # Type: "AWS::EC2::EIP" |
| | | # DependsOn: |
| | | # - VpcGA |
| | | # Properties: |
| | | # InstanceId: |
| | | # Ref: {{instance['name']}}{{loop.index}} |
| | | # |
| | | # {{instance['name']}}{{loop.index}}PublicDNS: |
| | | # Type: "AWS::Route53::RecordSetGroup" |
| | | # DependsOn: |
| | | # - {{instance['name']}}{{loop.index}}EIP |
| | | # Properties: |
| | | # HostedZoneId: {{HostedZoneId}} |
| | | # RecordSets: |
| | | # {% if instance['unique'] | d(false) | bool %} |
| | | # - Name: "{{instance['name']}}.{{subdomain_base}}." |
| | | # {% else %} |
| | | # - Name: "{{instance['name']}}{{loop.index}}.{{subdomain_base}}." |
| | | # {% endif %} |
| | | # Type: A |
| | | # TTL: 10 |
| | | # ResourceRecords: |
| | | # - "Fn::GetAtt": |
| | | # - {{instance['name']}}{{loop.index}} |
| | | # - PublicIp |
| | | # {% endif %} |
| | | # {% endfor %} |
| | | # {% endfor %} |
| | | # |
| | | # Outputs: |
| | | # Route53internalzoneOutput: |
| | | # Description: The ID of the internal route 53 zone |
| | | # Value: |
| | | # Ref: zoneinternalidns |
New file |
| | |
| | | { |
| | | "Comment": "Create internal dns zone entries", |
| | | "Changes": [ |
| | | |
| | | |
| | | |
| | | |
| | | {% for host in groups['masters'] | ] %} |
| | | { |
| | | "Action": "{{DNS_action}}", |
| | | "ResourceRecordSet": { |
| | | "Name": "master{{loop.index}}.{{zone_internal_dns}}", |
| | | "Type": "A", |
| | | "TTL": 20, |
| | | "ResourceRecords": [ { "Value": "{{hostvars[host]['ec2_private_ip_address']}}" } ] |
| | | } |
| | | }, |
| | | {% endfor %} |
| | | |
| | | |
| | | {% for host in groups['loadbalancers'] | ] %} |
| | | { |
| | | "Action": "{{DNS_action}}", |
| | | "ResourceRecordSet": { |
| | | "Name": "loadbalancer{{loop.index}}.{{zone_internal_dns}}", |
| | | "Type": "A", |
| | | "TTL": 20, |
| | | "ResourceRecords": [ { "Value": "{{hostvars[host]['ec2_private_ip_address']}}" } ] |
| | | } |
| | | }, |
| | | {% endfor %} |
| | | |
| | | {% for host in groups['infranodes'] | ] %} |
| | | { |
| | | "Action": "{{DNS_action}}", |
| | | "ResourceRecordSet": { |
| | | "Name": "infranode{{loop.index}}.{{zone_internal_dns}}", |
| | | "Type": "A", |
| | | "TTL": 20, |
| | | "ResourceRecords": [ { "Value": "{{hostvars[host]['ec2_private_ip_address']}}" } ] |
| | | } |
| | | }, |
| | | {% endfor %} |
| | | |
| | | |
| | | |
| | | {% for host in groups['nodes'] | ] %} |
| | | { |
| | | "Action": "{{DNS_action}}", |
| | | "ResourceRecordSet": { |
| | | "Name": "node{{loop.index}}.{{zone_internal_dns}}", |
| | | "Type": "A", |
| | | "TTL": 20, |
| | | "ResourceRecords": [ { "Value": "{{hostvars[host]['ec2_private_ip_address']}}" } ] |
| | | } |
| | | }, |
| | | {% endfor %} |
| | | |
| | | {% for host in groups['support'] | ] %} |
| | | { |
| | | "Action": "{{DNS_action}}", |
| | | "ResourceRecordSet": { |
| | | "Name": "nfs{{loop.index}}.{{zone_internal_dns}}", |
| | | "Type": "A", |
| | | "TTL": 20, |
| | | "ResourceRecords": [ { "Value": "{{hostvars[host]['ec2_private_ip_address']}}" } ] |
| | | } |
| | | }, |
| | | {% endfor %} |
| | | |
| | | {% for host in groups['bastions'] | ] %} |
| | | { |
| | | "Action": "{{DNS_action}}", |
| | | "ResourceRecordSet": { |
| | | "Name": "bastion.{{zone_internal_dns}}", |
| | | "Type": "A", |
| | | "TTL": 20, |
| | | "ResourceRecords": [ { "Value": "{{hostvars[host]['ec2_private_ip_address']}}" } ] |
| | | } |
| | | } |
| | | {% endfor %} |
| | | |
| | | ] |
| | | } |
New file |
| | |
| | | [OSEv3:vars] |
| | | |
| | | ########################################################################### |
| | | ### Ansible Vars |
| | | ########################################################################### |
| | | timeout=60 |
| | | ansible_become=yes |
| | | ansible_ssh_user={{ansible_ssh_user}} |
| | | |
| | | ########################################################################### |
| | | ### OpenShift Basic Vars |
| | | ########################################################################### |
| | | deployment_type=openshift-enterprise |
| | | containerized=false |
| | | openshift_disable_check="disk_availability,memory_availability,docker_image_availability" |
| | | |
| | | # default project node selector |
| | | osm_default_node_selector='env=app' |
| | | |
| | | # Configure node kubelet arguments. pods-per-core is valid in OpenShift Origin 1.3 or OpenShift Container Platform 3.3 and later. |
| | | openshift_node_kubelet_args={'pods-per-core': ['10'], 'max-pods': ['250'], 'image-gc-high-threshold': ['85'], 'image-gc-low-threshold': ['75']} |
| | | |
| | | # Configure logrotate scripts |
| | | # See: https://github.com/nickhammond/ansible-logrotate |
| | | logrotate_scripts=[{"name": "syslog", "path": "/var/log/cron\n/var/log/maillog\n/var/log/messages\n/var/log/secure\n/var/log/spooler\n", "options": ["daily", "rotate 7","size 500M", "compress", "sharedscripts", "missingok"], "scripts": {"postrotate": "/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true"}}] |
| | | |
| | | {% if osrelease | version_compare('3.7', '<') %} |
| | | # Anything before 3.7 |
| | | openshift_metrics_image_version=v{{ repo_version }} |
| | | #openshift_image_tag=v{{ repo_version }} |
| | | #openshift_release={{ osrelease }} |
| | | #docker_version="{{docker_version}}" |
| | | {% endif %} |
| | | |
| | | |
| | | ########################################################################### |
| | | ### OpenShift Optional Vars |
| | | ########################################################################### |
| | | |
| | | # Enable cockpit |
| | | osm_use_cockpit=true |
| | | osm_cockpit_plugins=['cockpit-kubernetes'] |
| | | |
| | | ########################################################################### |
| | | ### OpenShift Master Vars |
| | | ########################################################################### |
| | | |
| | | openshift_master_api_port={{master_api_port}} |
| | | openshift_master_console_port={{master_api_port}} |
| | | |
| | | openshift_master_cluster_method=native |
| | | openshift_master_cluster_hostname=loadbalancer1.{{guid}}.internal |
| | | openshift_master_cluster_public_hostname={{master_lb_dns}} |
| | | openshift_master_default_subdomain={{cloudapps_suffix}} |
| | | #openshift_master_ca_certificate={'certfile': '/root/intermediate_ca.crt', 'keyfile': '/root/intermediate_ca.key'} |
| | | openshift_master_overwrite_named_certificates={{openshift_master_overwrite_named_certificates}} |
| | | |
| | | ########################################################################### |
| | | ### OpenShift Network Vars |
| | | ########################################################################### |
| | | |
| | | osm_cluster_network_cidr=10.1.0.0/16 |
| | | openshift_portal_net=172.30.0.0/16 |
| | | |
| | | #os_sdn_network_plugin_name='redhat/openshift-ovs-multitenant' |
| | | {{multi_tenant_setting}} |
| | | |
| | | {% if osrelease | version_compare('3.7', '>=') %} |
| | | # This should be turned on once all dependent scripts use firewalld rather than iptables |
| | | # os_firewall_use_firewalld=True |
| | | {% endif %} |
| | | |
| | | ########################################################################### |
| | | ### OpenShift Authentication Vars |
| | | ########################################################################### |
| | | |
| | | {% if install_idm == "ldap" %} |
| | | openshift_master_identity_providers=[{'name': 'ldap', 'challenge': 'true', 'login': 'true', 'kind': 'LDAPPasswordIdentityProvider','attributes': {'id': ['dn'], 'email': ['mail'], 'name': ['cn'], 'preferredUsername': ['uid']}, 'bindDN': 'uid=ose-mwl-auth,cn=users,cn=accounts,dc=opentlc,dc=com', 'bindPassword': '{{bindPassword}}', 'ca': 'ipa-ca.crt','insecure': 'false', 'url': 'ldaps://ipa1.opentlc.com:636/cn=users,cn=accounts,dc=opentlc,dc=com?uid'}] |
| | | {{openshift_master_ldap_ca_file}} |
| | | {% endif %} |
| | | |
| | | {% if install_idm == "allow_all" %} |
| | | openshift_master_identity_providers=[{'name': 'allow_all', 'login': 'true', 'challenge': 'true', 'kind': 'AllowAllPasswordIdentityProvider'}] |
| | | {% endif %} |
| | | |
| | | {% if install_idm == "htpasswd" %} |
| | | # htpasswd auth |
| | | openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', 'filename': '/etc/origin/master/htpasswd'}] |
| | | # Defining htpasswd users |
| | | #openshift_master_htpasswd_users={'user1': '<pre-hashed password>', 'user2': '<pre-hashed password>'} |
| | | # or |
| | | openshift_master_htpasswd_file=/root/htpasswd.openshift |
| | | {% endif %} |
| | | |
| | | ########################################################################### |
| | | ### OpenShift Metrics and Logging Vars |
| | | ########################################################################### |
| | | |
| | | # Enable cluster metrics |
| | | {% if osrelease | version_compare('3.7', '>=') %} |
| | | |
| | | openshift_metrics_install_metrics={{install_metrics}} |
| | | |
| | | openshift_metrics_storage_kind=nfs |
| | | openshift_metrics_storage_access_modes=['ReadWriteOnce'] |
| | | openshift_metrics_storage_nfs_directory=/srv/nfs |
| | | openshift_metrics_storage_nfs_options='*(rw,root_squash)' |
| | | openshift_metrics_storage_volume_name=metrics |
| | | openshift_metrics_storage_volume_size=10Gi |
| | | openshift_metrics_storage_labels={'storage': 'metrics'} |
| | | |
| | | #openshift_master_metrics_public_url=https://hawkular-metrics.{{cloudapps_suffix}}/hawkular/metrics |
| | | |
| | | ## Add Prometheus Metrics: |
| | | openshift_hosted_prometheus_deploy=true |
| | | openshift_prometheus_node_selector={"env":"infra"} |
| | | openshift_prometheus_namespace=openshift-metrics |
| | | |
| | | # Prometheus |
| | | openshift_prometheus_storage_kind=nfs |
| | | openshift_prometheus_storage_access_modes=['ReadWriteOnce'] |
| | | openshift_prometheus_storage_nfs_directory=/srv/nfs |
| | | openshift_prometheus_storage_nfs_options='*(rw,root_squash)' |
| | | openshift_prometheus_storage_volume_name=prometheus |
| | | openshift_prometheus_storage_volume_size=10Gi |
| | | openshift_prometheus_storage_labels={'storage': 'prometheus'} |
| | | openshift_prometheus_storage_type='pvc' |
| | | # For prometheus-alertmanager |
| | | openshift_prometheus_alertmanager_storage_kind=nfs |
| | | openshift_prometheus_alertmanager_storage_access_modes=['ReadWriteOnce'] |
| | | openshift_prometheus_alertmanager_storage_nfs_directory=/srv/nfs |
| | | openshift_prometheus_alertmanager_storage_nfs_options='*(rw,root_squash)' |
| | | openshift_prometheus_alertmanager_storage_volume_name=prometheus-alertmanager |
| | | openshift_prometheus_alertmanager_storage_volume_size=10Gi |
| | | openshift_prometheus_alertmanager_storage_labels={'storage': 'prometheus-alertmanager'} |
| | | openshift_prometheus_alertmanager_storage_type='pvc' |
| | | # For prometheus-alertbuffer |
| | | openshift_prometheus_alertbuffer_storage_kind=nfs |
| | | openshift_prometheus_alertbuffer_storage_access_modes=['ReadWriteOnce'] |
| | | openshift_prometheus_alertbuffer_storage_nfs_directory=/srv/nfs |
| | | openshift_prometheus_alertbuffer_storage_nfs_options='*(rw,root_squash)' |
| | | openshift_prometheus_alertbuffer_storage_volume_name=prometheus-alertbuffer |
| | | openshift_prometheus_alertbuffer_storage_volume_size=10Gi |
| | | openshift_prometheus_alertbuffer_storage_labels={'storage': 'prometheus-alertbuffer'} |
| | | openshift_prometheus_alertbuffer_storage_type='pvc' |
| | | |
| | | {% else %} |
| | | |
| | | openshift_hosted_metrics_deploy={{install_metrics}} |
| | | |
| | | openshift_hosted_metrics_storage_kind=nfs |
| | | openshift_hosted_metrics_storage_access_modes=['ReadWriteOnce'] |
| | | openshift_hosted_metrics_storage_host=support1.{{guid}}.internal |
| | | openshift_hosted_metrics_storage_nfs_directory=/srv/nfs |
| | | openshift_hosted_metrics_storage_nfs_options='*(rw,root_squash)' |
| | | openshift_hosted_metrics_storage_volume_name=metrics |
| | | openshift_hosted_metrics_storage_volume_size=10Gi |
| | | |
| | | openshift_hosted_metrics_public_url=https://hawkular-metrics.{{cloudapps_suffix}}/hawkular/metrics |
| | | |
| | | {% endif %} |
| | | openshift_metrics_cassandra_nodeselector={"env":"infra"} |
| | | openshift_metrics_hawkular_nodeselector={"env":"infra"} |
| | | openshift_metrics_heapster_nodeselector={"env":"infra"} |
| | | |
| | | # Enable cluster logging |
| | | {% if osrelease | version_compare('3.7', '>=') %} |
| | | |
| | | openshift_logging_install_logging={{install_logging}} |
| | | |
| | | openshift_logging_storage_kind=nfs |
| | | openshift_logging_storage_access_modes=['ReadWriteOnce'] |
| | | openshift_logging_storage_nfs_directory=/srv/nfs |
| | | openshift_logging_storage_nfs_options='*(rw,root_squash)' |
| | | openshift_logging_storage_volume_name=logging |
| | | openshift_logging_storage_volume_size=10Gi |
| | | openshift_logging_storage_labels={'storage': 'logging'} |
| | | |
| | | # openshift_logging_kibana_hostname=kibana.{{cloudapps_suffix}} |
| | | openshift_logging_es_cluster_size=1 |
| | | |
| | | {% else %} |
| | | |
| | | openshift_hosted_logging_deploy={{install_logging}} |
| | | openshift_master_logging_public_url=https://kibana.{{cloudapps_suffix}} |
| | | |
| | | openshift_hosted_logging_storage_kind=nfs |
| | | openshift_hosted_logging_storage_access_modes=['ReadWriteOnce'] |
| | | openshift_hosted_logging_storage_nfs_directory=/srv/nfs |
| | | openshift_hosted_logging_storage_nfs_options='*(rw,root_squash)' |
| | | openshift_hosted_logging_storage_volume_name=logging |
| | | openshift_hosted_logging_storage_volume_size=10Gi |
| | | openshift_hosted_logging_hostname=kibana.{{cloudapps_suffix}} |
| | | openshift_hosted_logging_elasticsearch_cluster_size=1 |
| | | |
| | | openshift_hosted_logging_deployer_version=v{{repo_version}} |
| | | # This one is wrong (down arrow) |
| | | #openshift_hosted_logging_image_version=v{{repo_version}} |
| | | #openshift_logging_image_version=v{{repo_version}} |
| | | {% endif %} |
| | | |
| | | openshift_logging_es_nodeselector={"env":"infra"} |
| | | openshift_logging_kibana_nodeselector={"env":"infra"} |
| | | openshift_logging_curator_nodeselector={"env":"infra"} |
| | | |
| | | ########################################################################### |
| | | ### OpenShift Project Management Vars |
| | | ########################################################################### |
| | | |
| | | # Configure additional projects |
| | | openshift_additional_projects={'openshift-template-service-broker': {'default_node_selector': ''}} |
| | | |
| | | |
| | | ########################################################################### |
| | | ### OpenShift Router and Registry Vars |
| | | ########################################################################### |
| | | |
| | | openshift_hosted_router_selector='env=infra' |
| | | openshift_hosted_router_replicas={{infranode_instance_count}} |
| | | #openshift_hosted_router_certificate={"certfile": "/path/to/router.crt", "keyfile": "/path/to/router.key", "cafile": "/path/to/router-ca.crt"} |
| | | |
| | | openshift_hosted_registry_selector='env=infra' |
| | | openshift_hosted_registry_replicas=1 |
| | | |
| | | openshift_hosted_registry_storage_kind=nfs |
| | | openshift_hosted_registry_storage_access_modes=['ReadWriteMany'] |
| | | openshift_hosted_registry_storage_nfs_directory=/srv/nfs |
| | | openshift_hosted_registry_storage_nfs_options='*(rw,root_squash)' |
| | | openshift_hosted_registry_storage_volume_name=registry |
| | | openshift_hosted_registry_storage_volume_size=20Gi |
| | | openshift_hosted_registry_pullthrough=true |
| | | openshift_hosted_registry_acceptschema2=true |
| | | openshift_hosted_registry_enforcequota=true |
| | | |
| | | |
| | | ########################################################################### |
| | | ### OpenShift Service Catalog Vars |
| | | ########################################################################### |
| | | |
| | | {% if osrelease | version_compare('3.7', '>=') %} |
| | | openshift_enable_service_catalog=true |
| | | template_service_broker_install=true |
| | | openshift_template_service_broker_namespaces=['openshift'] |
| | | ansible_service_broker_install=false |
| | | {% endif %} |
| | | |
| | | ########################################################################### |
| | | ### OpenShift Hosts |
| | | ########################################################################### |
| | | [OSEv3:children] |
| | | lb |
| | | masters |
| | | etcd |
| | | nodes |
| | | nfs |
| | | {% if new_node_instance_count > 0 %} |
| | | new_nodes |
| | | {% endif %} |
| | | |
| | | [lb] |
| | | {% for host in groups['loadbalancers'] %} |
| | | {{ hostvars[host].internaldns }} host_zone={{hostvars[host].placement}} |
| | | {% endfor %} |
| | | |
| | | [masters] |
| | | {% for host in groups['masters'] %} |
| | | {{ hostvars[host].internaldns }} host_zone={{hostvars[host]['placement']}} |
| | | {% endfor %} |
| | | |
| | | [etcd] |
| | | {% for host in groups['masters'] %} |
| | | {{ hostvars[host].internaldns }} host_zone={{hostvars[host]['placement']}} |
| | | {% endfor %} |
| | | |
| | | |
| | | [nodes] |
| | | ## These are the masters |
| | | {% for host in groups['masters'] %} |
| | | {{ hostvars[host].internaldns }} openshift_hostname={{ hostvars[host].internaldns }} openshift_node_labels="{'logging':'true','openshift_schedulable':'False','cluster': '{{guid}}', 'zone': '{{hostvars[host]['placement']}}'}" |
| | | {% endfor %} |
| | | |
| | | ## These are infranodes |
| | | {% for host in groups['infranodes'] %} |
| | | {{ hostvars[host].internaldns }} openshift_hostname={{ hostvars[host].internaldns }} openshift_node_labels="{'logging':'true','cluster': '{{guid}}', 'env':'infra', 'zone': '{{hostvars[host]['placement']}}'}" |
| | | {% endfor %} |
| | | |
| | | ## These are regular nodes |
| | | {% for host in groups['nodes'] %} |
| | | {{ hostvars[host].internaldns }} openshift_hostname={{ hostvars[host].internaldns }} openshift_node_labels="{'logging':'true','cluster': '{{guid}}', 'env':'app', 'zone': '{{hostvars[host]['placement']}}'}" |
| | | {% endfor %} |
| | | |
| | | {% if new_node_instance_count > 0 %} |
| | | # scaleup performed, leave an empty group, see: |
| | | # https://docs.openshift.com/container-platform/3.5/install_config/adding_hosts_to_existing_cluster.html |
| | | [new_nodes] |
| | | {% endif %} |
| | | |
| | | [nfs] |
| | | {% for host in groups['support'] %} |
| | | {{ hostvars[host].internaldns }} openshift_hostname={{ hostvars[host].internaldns }} |
| | | {% endfor %} |
New file |
| | |
| | | andrew:$apr1$dZPb2ECf$ercevOFO5znrynUfUj4tb/ |
| | | karla:$apr1$FQx2mX4c$eJc21GuVZWNg1ULF8I2G31 |
| | | user1:$apr1$FmrTsuSa$yducoDpvYq0KEV0ErmwpA1 |
| | | user2:$apr1$JCcW2XQM$8takcyaYYrPT5I8M46TA01 |
| | | user3:$apr1$zPC/rXKY$2PGF7dRsGwC3i8YJ59aOk0 |
| | | user4:$apr1$e9/zT6dh$J18M.9zyn3DazrYreGV.B/ |
| | | user5:$apr1$Nu/XJFVP$DgybymePret.Prch9MyxP/ |
| | | user6:$apr1$VEbpwL9M$c1oFwS.emkt8fyR24zOzd0 |
| | | user7:$apr1$wZxsnY/A$PK0O7iofGJJsvOZ3ctoNo. |
| | | user8:$apr1$5YBAWpGg$YO4ACHZL.c31NbQZH9LlE. |
| | | user9:$apr1$CIxB1enN$Aghb7.S4U3SXPRt55hTWI. |
| | | user10:$apr1$dWTDSR23$UGGJtkVC1ERmAOikomI9K0 |
| | | user11:$apr1$j4fPyRZg$nNJk1nt1vAf54HAB/g/8g/ |
| | | user12:$apr1$dd6kysUI$ueu/9.gbL0LkjpCbSjFNI. |
| | | user13:$apr1$DeRaAbVq$ZI3HtBzQxWYHifjIuPJSM1 |
| | | user14:$apr1$dUuWDYgk$co6NQ4Dbcp3pQjVO5dR7Q. |
| | | user15:$apr1$4QmhSys7$wC.fKmKRqLNqoYqQ1dixJ/ |
| | | user16:$apr1$RHcOPHg7$p9LgYP6zE4nMDlA8ongVc/ |
| | | user17:$apr1$pji2xxHN$vvUHj/fbQRgLR.WBMblQH/ |
| | | user18:$apr1$Lm79l0Qr$KgZSAuPcrTo4.GIWTBLGa/ |
| | | user19:$apr1$KGxvneIX$.GJo7JB.N/c1FLW7vlblx/ |
| | | user20:$apr1$WfYdosg5$cU1BsAzkIhTzKBx8Rvd3o1 |
| | | user21:$apr1$cKRCbWLl$WCVjYUxD22GS5RRv1npwR1 |
| | | user22:$apr1$QhpgOkFU$Y6Nn7NEPbJk3D9ehFb4i50 |
| | | user23:$apr1$dVgQOh7j$L3JZlN8ZmdEwebXqD66Yl0 |
| | | user24:$apr1$z/U5MAQB$GvKG3i8ATXWHhoxN9e0HS/ |
| | | user25:$apr1$gFHGMQUV$w11pZbcBqVKOylr9TZ1EW. |
| | | user26:$apr1$5YG0dnOG$GzbnTQMBe0Dqc3f3pwvPL1 |
| | | user27:$apr1$Kt6VoxNS$nq1Kzd53DUL8h8gfu4fEq/ |
| | | user28:$apr1$aLAQHJ4d$qTRmUpw2eF9whEwDyIixG0 |
| | | user29:$apr1$3HH4pgpa$Uh84gx3UP8vyPRfAIMPRl1 |
| | | user30:$apr1$bbEEX3EF$ozw4jPcYHwVO7.MRzXtu0. |
| | | user31:$apr1$hD0kfz7i$SjNdGZbvto5EifBma5iA5. |
| | | user32:$apr1$fRMBUYu8$T5BQ8kI3pMgqXaRH7l8p.. |
| | | user33:$apr1$es9ruteO$jZsV5/H8GIzw.vCfPs5310 |
| | | user34:$apr1$OQ1I/gHn$.WA01EeXhDLE1K3vWD1wu. |
| | | user35:$apr1$KseEJXTS$kE/QO1XT0mZ44Iyw/ofnj/ |
| | | user36:$apr1$PglCzG.g$44QsoAyMhanH5A40P5jhY1 |
| | | user37:$apr1$2d5ggTIZ$xYsfdRBLOlEsnWRFVS9Yl0 |
| | | user38:$apr1$x/cdV95V$mKFZmSkoBjeEu.HZshO0n. |
| | | user39:$apr1$VC6.WQOS$fAOAR1mx/i7Pnt2oGsDmu/ |
| | | user40:$apr1$n36Hr3zC$lEVq4B7UWmdcnl01lUyR.. |
| | | user41:$apr1$/q6tJtXi$9mCB1YCqdhEE6VVVVkVKc/ |
| | | user42:$apr1$fTMTWEzw$X4MsyNlWketRjQgqonwxn. |
| | | user43:$apr1$.VwoJu38$D4v4NKL1KPuRZdNeprBXS/ |
| | | user44:$apr1$e0s48GLK$JMQ849MeckVX0wG2vE2s10 |
| | | user45:$apr1$a9ucQ1sC$HEMij.WGEa1xIQ01HpyKh1 |
| | | user46:$apr1$uwOs/4nv$TB2r3pOPJ2K0A./CimVUT1 |
| | | user47:$apr1$jfTmW1k5$Fd2ebTUtFFl3CLZWfFmRR. |
| | | user48:$apr1$4/apB/zd$IxoWJ5pTRNGgbxx3Ayl/i0 |
| | | user49:$apr1$nu75PZ0r$bPCMgDmlOAj.YbeFPHJHE. |
| | | user50:$apr1$c/R3wJ/g$GJ03siVj5tkNxrg4OaxhJ0 |
| | | user51:$apr1$EdEX6Pyt$IdPQHmhZi8FEbJjREVbe1/ |
| | | user52:$apr1$ZMfyTjjX$RFOrnKsSr5xXA7IXn7TkC/ |
| | | user53:$apr1$GY.rOkJM$uMCqJmmorP5I1v.YHHz1Z/ |
| | | user54:$apr1$1vuZq/U0$Aq0Kz3wk0YPleDz/rTCdK0 |
| | | user55:$apr1$KjULqmcD$XrhyYt2nWuiaQkbciDIcN/ |
| | | user56:$apr1$gTPaNeq0$sqWJDPZ5//ZDjLf0dSbUh1 |
| | | user57:$apr1$6PaKhdlY$dX2FkVJ0xV.4MAQeDUgRT0 |
| | | user58:$apr1$.8MSdEpY$MPIbUO2WnC0wsno8zUOjC. |
| | | user59:$apr1$TWpKuAvt$CFeTQxxSgeU3dFkL4qpXb. |
| | | user60:$apr1$fEYUgRVU$LO2qwXfpxwI9fDXPfQgQB0 |
| | | user61:$apr1$HHUBEn4G$.cAnwbh.ogNEzQSug3nqo/ |
| | | user62:$apr1$Agt4GmKT$4k3Ev3FSJiNsbht3vUbxQ/ |
| | | user63:$apr1$FsUKA7Hw$nkSgqSIFeqCY1mOyGje3O1 |
| | | user64:$apr1$vBlkQoG4$8L2mTo8gdr8wC68G2y2G91 |
| | | user65:$apr1$McEnEqn4$dZvjACdGp0HALVHBtHEu80 |
| | | user66:$apr1$zamuhlOG$Xch5pbO1ki2Dad1dzjS4j. |
| | | user67:$apr1$qC1rll4s$cN4DzsWnyFBTNi3Cdi6161 |
| | | user68:$apr1$txKPCx1k$WtrlrlP.UF.Rlzbnv6igE/ |
| | | user69:$apr1$EO2A25Sj$DO/1lCNJJXff4GOsTZmHL/ |
| | | user70:$apr1$pJu569Az$nHtF2ZkUrNXw9WN0Obb/T1 |
| | | user71:$apr1$YKpEtZka$c59Fmov1cssRdrO5VqBKz1 |
| | | user72:$apr1$CNkwam0s$b.QcPWytnhlOsaajMQx630 |
| | | user73:$apr1$m5kE07o0$7TC3K.I16YTaRyN8EZq7E/ |
| | | user74:$apr1$/5p0Qoyy$hjQ30Q8Ghb4zNrjjt2yLk/ |
| | | user75:$apr1$ZF3yRTqJ$TgLBllrvTQuuiIjSb53xR0 |
| | | user76:$apr1$711LL2Ai$59rBNmFprwZXtyFVBtRul0 |
| | | user77:$apr1$N4uJhPSq$A.rVfAsRXCQqxOenDHjqX1 |
| | | user78:$apr1$PHSpv5ty$WC8GlQpclQqH30eWPu.6e. |
| | | user79:$apr1$c/yk9dQ9$dvhh.P4F5zGnysBvwps4m/ |
| | | user80:$apr1$oTmftf8R$FYzQD77hYfh9Wq3SvwYU7/ |
| | | user81:$apr1$3YvQ/JPg$sDXhV8xpHNxQzFSvMMxAD1 |
| | | user82:$apr1$quKB2P2.$iq.ZzDa3/xoaoY3.F1Un90 |
| | | user83:$apr1$IVq8346H$lPQJZ7Thr/gJ2EmzDsktH0 |
| | | user84:$apr1$xfehskAD$NRMQJttylejHtNKQqBj.k. |
| | | user85:$apr1$/LYLXNbH$/COZBzkaU0pPOXR38ZFVX/ |
| | | user86:$apr1$a/xD3Jfw$rZXN4ykj0W6qadlh447n// |
| | | user87:$apr1$v01l1ljr$tGDKwdhKC05HEbntSxV5M0 |
| | | user88:$apr1$9RYtWl12$ck19ozvS.SWeAAaDZqE940 |
| | | user89:$apr1$EvSs2TA2$fRDg0hVOCf2jbhwXifzbs. |
| | | user90:$apr1$9ffAneiG$CAz5JWeIPGnamOQlVRGIk. |
| | | user91:$apr1$Z3XW5Yy4$Kibx7GmgdpC6CAM0IxhtC0 |
| | | user92:$apr1$6CfIrBqr$5nGNCGA5QOPq/h8hlOE4f. |
| | | user93:$apr1$iJ4AQyfu$fkXSVib.OzPCSBQlLhwwS. |
| | | user94:$apr1$jiPqi0uI$XyYDQt0kcawqFLX12VW3n/ |
| | | user95:$apr1$ULEkhfG2$/WHcoR9KJxAS3uw470Vkk. |
| | | user96:$apr1$56tQXa91$l0yaZgZHbDidgw95IP7yQ1 |
| | | user97:$apr1$SoGwK9hP$YbceEfwmsM3QCdNGAaE1b. |
| | | user98:$apr1$MVU1/8dh$UKzkRk1CQP00SvnoPIm1.. |
| | | user99:$apr1$v8vKZdHH$NC5xud.olhtdydHU9hav6. |
| | | user100:$apr1$glFN48wz$dR9w94PGiQL8qZXcXGd0L0 |
| | | marina:$apr1$ayR8gA9a$4bmozGlmBX6XQY1AbJfQk1 |
New file |
| | |
| | | [OSEv3:vars] |
| | | |
| | | ########################################################################### |
| | | ### Ansible Vars |
| | | ########################################################################### |
| | | timeout=60 |
| | | ansible_become=yes |
| | | ansible_ssh_user={{ansible_ssh_user}} |
| | | |
| | | |
| | | # disable memory check, as we are not a production environment |
| | | openshift_disable_check="memory_availability" |
| | | |
| | | [OSEv3:children] |
| | | lb |
| | | masters |
| | | etcd |
| | | nodes |
| | | nfs |
| | | |
| | | [lb] |
| | | {% for host in groups['loadbalancers'] %} |
| | | {{ hostvars[host].internaldns }} host_zone={{hostvars[host].placement}} |
| | | {% endfor %} |
| | | |
| | | [masters] |
| | | {% for host in groups['masters'] %} |
| | | {{ hostvars[host].internaldns }} host_zone={{hostvars[host].placement}} |
| | | {% endfor %} |
| | | |
| | | [etcd] |
| | | {% for host in groups['masters'] %} |
| | | {{ hostvars[host].internaldns }} host_zone={{hostvars[host].placement}} |
| | | {% endfor %} |
| | | |
| | | [nodes] |
| | | ## These are the masters |
| | | {% for host in groups['masters'] %} |
| | | {{ hostvars[host].internaldns }} openshift_hostname={{ hostvars[host].internaldns }} openshift_node_labels="{'logging':'true','openshift_schedulable':'False','cluster': '{{guid}}', 'zone': '{{hostvars[host]['placement']}}'}" |
| | | {% endfor %} |
| | | |
| | | ## These are infranodes |
| | | {% for host in groups['infranodes'] %} |
| | | {{ hostvars[host].internaldns }} openshift_hostname={{ hostvars[host].internaldns }} openshift_node_labels="{'logging':'true','cluster': '{{guid}}', 'env':'infra', 'zone': '{{hostvars[host]['placement']}}'}" |
| | | {% endfor %} |
| | | |
| | | ## These are regular nodes |
| | | {% for host in groups['nodes'] %} |
| | | {{ hostvars[host].internaldns }} openshift_hostname={{ hostvars[host].internaldns }} openshift_node_labels="{'logging':'true','cluster': '{{guid}}', 'env':'app', 'zone': '{{hostvars[host]['placement']}}'}" |
| | | {% endfor %} |
| | | |
| | | [nfs] |
| | | {% for host in groups['support'] %} |
| | | {{ hostvars[host].internaldns }} openshift_hostname={{ hostvars[host].internaldns }} |
| | | {% endfor %} |
New file |
| | |
| | | --- |
| | | {% for pv in pv_list %} |
| | | apiVersion: v1 |
| | | kind: PersistentVolume |
| | | metadata: |
| | | name: {{ pv }} |
| | | spec: |
| | | capacity: |
| | | storage: {{pv_size}} |
| | | accessModes: |
| | | {% if index % 2 == 0 %} |
| | | - ReadWriteOnce |
| | | <% else %> |
| | | - ReadWriteMany |
| | | {% endif %} |
| | | nfs: |
| | | path: {{ nfs_export_path }}/{{pv}} |
| | | server: support1.{{guid}}.internal |
| | | persistentVolumeReclaimPolicy: {{persistentVolumeReclaimPolicy}} |
| | | --- |
| | | {% endfor %} |
New file |
| | |
| | | --- |
| | | {% for pv in pv_list %} |
| | | apiVersion: v1 |
| | | kind: PersistentVolume |
| | | metadata: |
| | | name: {{ pv }}rwx |
| | | spec: |
| | | capacity: |
| | | storage: {{pv_size}} |
| | | accessModes: |
| | | - ReadWriteMany |
| | | nfs: |
| | | path: {{ nfs_export_path }}/{{pv}} |
| | | server: support1.{{guid}}.internal |
| | | persistentVolumeReclaimPolicy: {{persistentVolumeReclaimPolicy}} |
| | | --- |
| | | {% endfor %} |
New file |
| | |
| | | [rhel-7-server-rpms] |
| | | name=Red Hat Enterprise Linux 7 |
| | | baseurl={{own_repo_path}}/rhel-7-server-rpms |
| | | enabled=1 |
| | | gpgcheck=0 |
| | | |
| | | [rhel-7-server-rh-common-rpms] |
| | | name=Red Hat Enterprise Linux 7 Common |
| | | baseurl={{own_repo_path}}/rhel-7-server-rh-common-rpms |
| | | enabled=1 |
| | | gpgcheck=0 |
| | | |
| | | [rhel-7-server-extras-rpms] |
| | | name=Red Hat Enterprise Linux 7 Extras |
| | | baseurl={{own_repo_path}}/rhel-7-server-extras-rpms |
| | | enabled=1 |
| | | gpgcheck=0 |
| | | |
| | | [rhel-7-server-optional-rpms] |
| | | name=Red Hat Enterprise Linux 7 Optional |
| | | baseurl={{own_repo_path}}/rhel-7-server-optional-rpms |
| | | enabled=1 |
| | | gpgcheck=0 |
| | | |
| | | [rhel-7-server-ose-{{repo_version}}-rpms] |
| | | name=Red Hat Enterprise Linux 7 OSE {{repo_version}} |
| | | baseurl={{own_repo_path}}/rhel-7-server-ose-{{repo_version}}-rpms |
| | | enabled=1 |
| | | gpgcheck=0 |
| | | |
| | | [rhel-7-fast-datapath-rpms] |
| | | name=Red Hat Enterprise Linux 7 Fast Datapath |
| | | baseurl={{own_repo_path}}/rhel-7-fast-datapath-rpms |
| | | enabled=1 |
| | | gpgcheck=0 |
| | | |
| | | |
New file |
| | |
| | | --- |
| | | {% for pv in range(1,user_vols) %} |
| | | apiVersion: v1 |
| | | kind: PersistentVolume |
| | | metadata: |
| | | name: vol{{ pv }} |
| | | spec: |
| | | capacity: |
| | | storage: {{ pv_size }} |
| | | accessModes: |
| | | - ReadWriteOnce |
| | | {% if pv % 2 == 0 %} |
| | | - ReadWriteMany |
| | | {% endif %} |
| | | nfs: |
| | | path: {{ nfs_export_path }}/user-vols/vol{{pv}} |
| | | server: support1.{{guid}}.internal |
| | | persistentVolumeReclaimPolicy: {{ persistentVolumeReclaimPolicy }} |
| | | --- |
| | | {% endfor %} |
New file |
| | |
| | | - name: Step 002 Post Infrastructure |
| | | hosts: localhost |
| | | connection: local |
| | | become: false |
| | | vars_files: |
| | | - "./env_vars.yml" |
| | | - "./env_secret_vars.yml" |
| | | tags: |
| | | - step002 |
| | | - post_infrastructure |
| | | tasks: |
| | | - debug: |
| | | msg: "Step 001 Post Infrastructure - There are no post_infrastructure tasks defined" |
| | | when: "not {{ tower_run | default(false) }}" |
| | | - name: Job Template to launch a Job Template with update on launch inventory set |
| | | uri: |
| | | url: "https://{{ ansible_tower_ip }}/api/v1/job_templates/{{ job_template_id }}/launch/" |
| | | method: POST |
| | | user: "{{tower_admin}}" |
| | | password: "{{tower_admin_password}}" |
| | | body: |
| | | extra_vars: |
| | | guid: "{{guid}}" |
| | | ipa_host_password: "{{ipa_host_password}}" |
| | | |
| | | body_format: json |
| | | validate_certs: False |
| | | HEADER_Content-Type: "application/json" |
| | | status_code: 200, 201 |
| | | when: "{{ tower_run | default(false) }}" |
| | | tags: |
| | | - tower_workaround |
New file |
| | |
| | | - name: Step 00xxxxx post software |
| | | hosts: support |
| | | gather_facts: False |
| | | become: yes |
| | | vars_files: |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml" |
| | | tasks: |
| | | - name: Create user vols |
| | | shell: "mkdir -p /srv/nfs/user-vols/vol{1..{{user_vols}}}" |
| | | - name: chmod the user vols |
| | | shell: "chmod -R 777 /srv/nfs/user-vols" |
| | | |
| | | - name: Step 00xxxxx post software |
| | | hosts: bastions |
| | | gather_facts: False |
| | | become: yes |
| | | vars_files: |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml" |
| | | tasks: |
| | | - name: get nfs Hostname |
| | | set_fact: |
| | | nfs_host: "{{ groups['support']|sort|first }}" |
| | | |
| | | - set_fact: |
| | | pv_size: '10Gi' |
| | | pv_list: "{{ ocp_pvs }}" |
| | | persistentVolumeReclaimPolicy: Retain |
| | | |
| | | - name: Generate PV file |
| | | template: |
| | | src: "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/files/pvs.j2" |
| | | dest: "/root/pvs-{{ env_type }}-{{ guid }}.yml" |
| | | tags: [ gen_pv_file ] |
| | | when: pv_list.0 is defined |
| | | |
| | | - set_fact: |
| | | pv_size: "{{user_vols_size}}" |
| | | persistentVolumeReclaimPolicy: Recycle |
| | | |
| | | notify: restart nfs services |
| | | run_once: True |
| | | |
| | | - name: Generate user vol PV file |
| | | template: |
| | | src: "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/files/userpvs.j2" |
| | | dest: "/root/userpvs-{{ env_type }}-{{ guid }}.yml" |
| | | tags: |
| | | - gen_user_vol_pv |
| | | |
| | | |
| | | - shell: 'oc create -f /root/pvs-{{ env_type }}-{{ guid }}.yml || oc replace -f /root/pvs-{{ env_type }}-{{ guid }}.yml' |
| | | tags: |
| | | - create_user_pv |
| | | when: pv_list.0 is defined |
| | | |
| | | - shell: 'oc create -f /root/userpvs-{{ env_type }}-{{ guid }}.yml || oc replace -f /root/userpvs-{{ env_type }}-{{ guid }}.yml' |
| | | tags: |
| | | - create_user_pv |
New file |
| | |
| | | #vim: set ft=ansible: |
| | | --- |
| | | - name: Step 005 - Post Software deployment |
| | | hosts: localhost |
| | | connection: local |
| | | become: false |
| | | vars_files: |
| | | - "./env_vars.yml" |
| | | - "./env_secret_vars.yml" |
| | | tags: |
| | | - step005 |
| | | tasks: |
| | | - name: Generate /etc/ansible/hosts file with lab hosts template |
| | | template: |
| | | src: "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/files/labs_hosts_template.j2" |
| | | dest: "{{ ANSIBLE_REPO_PATH }}/workdir/labs_hosts-{{ env_type }}-{{ guid }}" |
| | | |
| | | - name: Configure NFS host for user-vols if required |
| | | hosts: support |
| | | gather_facts: False |
| | | become: yes |
| | | vars_files: |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml" |
| | | tasks: |
| | | - name: Create user vols |
| | | shell: "mkdir -p /srv/nfs/user-vols/vol{1..{{user_vols}}}" |
| | | tags: |
| | | - openshift_nfs_config |
| | | - name: chmod the user vols |
| | | shell: "chmod -R 777 /srv/nfs/user-vols" |
| | | tags: |
| | | - openshift_nfs_config |
| | | |
| | | - name: Step lab post software deployment |
| | | hosts: bastions |
| | | gather_facts: False |
| | | become: yes |
| | | tags: |
| | | - opentlc_bastion_tasks |
| | | vars_files: |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml" |
| | | tasks: |
| | | - name: Move complete inventory file to preserve directory. |
| | | shell: mv /etc/ansible/hosts /var/preserve/ |
| | | tags: preserve_complete_ansible_inventory |
| | | |
| | | - name: Copy over ansible hosts file, lab version |
| | | copy: |
| | | backup: no |
| | | src: "{{ ANSIBLE_REPO_PATH }}/workdir/labs_hosts-{{ env_type }}-{{ guid }}" |
| | | dest: /etc/ansible/hosts |
| | | tags: |
| | | - overwrite_hosts_with_lab_hosts |
| | | |
| | | # sssd bug, fixed by restart |
| | | - name: restart sssd |
| | | service: |
| | | name: sssd |
| | | state: restarted |
| | | when: install_ipa_client |
| | | ## Create PVs for uservols if required |
| | | - name: get nfs Hostname |
| | | set_fact: |
| | | nfs_host: "{{ groups['support']|sort|first }}" |
| | | tags: |
| | | - openshift_nfs_config |
| | | - set_fact: |
| | | pv_size: '10Gi' |
| | | pv_list: "{{ ocp_pvs }}" |
| | | persistentVolumeReclaimPolicy: Retain |
| | | tags: |
| | | - openshift_nfs_config |
| | | - name: Generate PV file |
| | | template: |
| | | src: "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/files/pvs.j2" |
| | | dest: "/root/pvs-{{ env_type }}-{{ guid }}.yml" |
| | | tags: [ gen_pv_file ] |
| | | when: pv_list.0 is defined |
| | | tags: |
| | | - openshift_nfs_config |
| | | - set_fact: |
| | | pv_size: "{{user_vols_size}}" |
| | | persistentVolumeReclaimPolicy: Recycle |
| | | tags: |
| | | - openshift_nfs_config |
| | | notify: restart nfs services |
| | | run_once: True |
| | | |
| | | - name: Generate user vol PV file |
| | | template: |
| | | src: "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/files/userpvs.j2" |
| | | dest: "/root/userpvs-{{ env_type }}-{{ guid }}.yml" |
| | | tags: |
| | | - gen_user_vol_pv |
| | | - openshift_nfs_config |
| | | |
| | | - shell: 'oc create -f /root/pvs-{{ env_type }}-{{ guid }}.yml || oc replace -f /root/pvs-{{ env_type }}-{{ guid }}.yml' |
| | | tags: |
| | | - create_user_pv |
| | | when: pv_list.0 is defined |
| | | tags: |
| | | - openshift_nfs_config |
| | | |
| | | - shell: 'oc create -f /root/userpvs-{{ env_type }}-{{ guid }}.yml || oc replace -f /root/userpvs-{{ env_type }}-{{ guid }}.yml' |
| | | tags: |
| | | - create_user_pv |
| | | - openshift_nfs_config |
| | | |
| | | # - name: include post nfs config |
| | | # include: "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/post_ocp_nfs_config.yml" |
| | | # tags: |
| | | # - openshift_nfs_config |
| | | |
| | | - name: PostSoftware flight-check |
| | | hosts: localhost |
| | | connection: local |
| | | gather_facts: false |
| | | become: false |
| | | vars_files: |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml" |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_secret_vars.yml" |
| | | tags: |
| | | - post_flight_check |
| | | tasks: |
| | | - debug: |
| | | msg: "Post-Software checks completed successfully" |
New file |
| | |
| | | - name: Step 000 Pre Infrastructure |
| | | hosts: localhost |
| | | connection: local |
| | | become: false |
| | | vars_files: |
| | | - "./env_vars.yml" |
| | | - "./env_secret_vars.yml" |
| | | tags: |
| | | - step000 |
| | | - pre_infrastructure |
| | | tasks: |
| | | - debug: |
| | | msg: "Step 000 Pre Infrastructure - There are no pre_infrastructure tasks defined" |
New file |
| | |
| | | |
| | | - name: Step 003 - Create env key |
| | | hosts: localhost |
| | | connection: local |
| | | gather_facts: false |
| | | become: false |
| | | vars_files: |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml" |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_secret_vars.yml" |
| | | tags: |
| | | - step003 |
| | | - generate_env_keys |
| | | tasks: |
| | | - name: Generate SSH keys |
| | | shell: ssh-keygen -b 2048 -t rsa -f "{{ ANSIBLE_REPO_PATH }}/workdir/{{env_authorized_key}}" -q -N "" |
| | | args: |
| | | creates: "{{ ANSIBLE_REPO_PATH }}/workdir/{{env_authorized_key}}" |
| | | when: set_env_authorized_key |
| | | |
| | | - name: fix permission |
| | | file: |
| | | path: "{{ ANSIBLE_REPO_PATH }}/workdir/{{env_authorized_key}}" |
| | | mode: 0400 |
| | | when: set_env_authorized_key |
| | | |
| | | - name: Generate SSH pub key |
| | | shell: ssh-keygen -y -f "{{ ANSIBLE_REPO_PATH }}/workdir/{{env_authorized_key}}" > "{{ ANSIBLE_REPO_PATH }}/workdir/{{env_authorized_key}}.pub" |
| | | args: |
| | | creates: "{{ ANSIBLE_REPO_PATH }}/workdir/{{env_authorized_key}}.pub" |
| | | when: set_env_authorized_key |
| | | |
| | | # Cloudformation template or equivalent should tag all hosts with Project:{{ env_type }}-{{ guid }} |
| | | |
| | | - name: Configure all hosts with Repositories, Common Files and Set environment key |
| | | hosts: all |
| | | become: true |
| | | gather_facts: False |
| | | vars_files: |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml" |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_secret_vars.yml" |
| | | tags: |
| | | - step004 |
| | | - common_tasks |
| | | roles: |
| | | - { role: "{{ ANSIBLE_REPO_PATH }}/roles/set-repositories", when: 'repo_method is defined' } |
| | | - { role: "{{ ANSIBLE_REPO_PATH }}/roles/common", when: 'install_common' } |
| | | - { role: "{{ ANSIBLE_REPO_PATH }}/roles/set_env_authorized_key", when: 'set_env_authorized_key' } |
| | | |
| | | - name: Configuring Bastion Hosts |
| | | hosts: bastions |
| | | become: true |
| | | vars_files: |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml" |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_secret_vars.yml" |
| | | roles: |
| | | - { role: "{{ ANSIBLE_REPO_PATH }}/roles/bastion", when: 'install_bastion' } |
| | | - { role: "{{ ANSIBLE_REPO_PATH }}/roles/bastion-opentlc-ipa", when: 'install_ipa_client' } |
| | | tags: |
| | | - step004 |
| | | - bastion_tasks |
| | | |
| | | |
| | | - name: PreSoftware flight-check |
| | | hosts: localhost |
| | | connection: local |
| | | gather_facts: false |
| | | become: false |
| | | vars_files: |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml" |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_secret_vars.yml" |
| | | tags: |
| | | - flight_check |
| | | tasks: |
| | | - debug: |
| | | msg: "Pre-Software checks completed successfully" |
New file |
| | |
| | | --- |
| | | - name: Step 00xxxxx software |
| | | hosts: localhost |
| | | gather_facts: False |
| | | become: false |
| | | tasks: |
| | | - debug: |
| | | msg: "Software tasks Started" |
| | | |
| | | - name: Software flight-check |
| | | hosts: localhost |
| | | connection: local |
| | | gather_facts: false |
| | | become: false |
| | | tags: |
| | | - post_flight_check |
| | | tasks: |
| | | - debug: |
| | | msg: "Software checks completed successfully" |
| | |
| | | install_logging: true |
| | | ovs_plugin: "subnet" # This can also be set to: "multitenant" |
| | | multi_tenant_setting: "os_sdn_network_plugin_name='redhat/openshift-ovs-{{ovs_plugin}}'" |
| | | master_lb_dns: "loadbalancer.{{subdomain_base}}" |
| | | master_lb_dns: "loadbalancer1.{{subdomain_base}}" |
| | | cloudapps_suffix: 'apps.{{subdomain_base}}' |
| | | openshift_master_ldap_ca_file: 'openshift_master_ldap_ca_file=/root/ca.crt' |
| | | # htpasswd / ldap / allow_all |
| | |
| | | openshift_master_console_port={{master_api_port}} |
| | | |
| | | openshift_master_cluster_method=native |
| | | openshift_master_cluster_hostname={{master_lb_dns}} |
| | | openshift_master_cluster_hostname=loadbalancer1.{{guid}}.internal |
| | | openshift_master_cluster_public_hostname={{master_lb_dns}} |
| | | openshift_master_default_subdomain={{cloudapps_suffix}} |
| | | #openshift_master_ca_certificate={'certfile': '/root/intermediate_ca.crt', 'keyfile': '/root/intermediate_ca.key'} |
| | |
| | | user98:$apr1$MVU1/8dh$UKzkRk1CQP00SvnoPIm1.. |
| | | user99:$apr1$v8vKZdHH$NC5xud.olhtdydHU9hav6. |
| | | user100:$apr1$glFN48wz$dR9w94PGiQL8qZXcXGd0L0 |
| | | marina:$apr1$ayR8gA9a$4bmozGlmBX6XQY1AbJfQk1 |
New file |
| | |
| | | --- |
| | | - name: Step 00xxxxx software |
| | | hosts: localhost |
| | | gather_facts: False |
| | | become: false |
| | | tasks: |
| | | - debug: |
| | | msg: "Software tasks Started" |
| | | |
| | | - name: Software flight-check |
| | | hosts: localhost |
| | | connection: local |
| | | gather_facts: false |
| | | become: false |
| | | tags: |
| | | - post_flight_check |
| | | tasks: |
| | | - debug: |
| | | msg: "Software checks completed successfully" |
New file |
| | |
| | | --- |
| | | - name: Step 00xxxxx software |
| | | hosts: localhost |
| | | gather_facts: False |
| | | become: false |
| | | tasks: |
| | | - debug: |
| | | msg: "Software tasks Started" |
| | | |
| | | - name: Software flight-check |
| | | hosts: localhost |
| | | connection: local |
| | | gather_facts: false |
| | | become: false |
| | | tags: |
| | | - post_flight_check |
| | | tasks: |
| | | - debug: |
| | | msg: "Software checks completed successfully" |
| | |
| | | --skip-tags=remove_self_provisioners,opentlc-integration |
| | | ---- |
| | | |
| | | === IPA registration |
| | | |
| | | You can either provide `ipa_host_password` or a couple `ipa_kerberos_user`/`ipa_kerberos_password` to register the host to the ipa server. See link:../../roles/bastion-opentlc-ipa[roles/bastion-opentlc-ipa]. |
| | | |
| | | === CNS/Glusterfs |
| | | |
| | | If you set this variable, 3 support nodes will be deployed and used for glusterfs: |
| | |
| | | ocp_report: false |
| | | install_ipa_client: false |
| | | remove_self_provisioners: false |
| | | install_lets_encrypt_certificates: true |
| | | # you can also use: allow_all, htpasswd, ldap |
| | | |
| | | install_idm: ldap |
| | | idm_ca_url: http://ipa.opentlc.com/ipa/config/ca.crt |
| | | install_metrics: true |
| | |
| | | {% endfor %} |
| | | {% endfor %} |
| | | |
| | | Route53User: |
| | | Type: AWS::IAM::User |
| | | Properties: |
| | | Policies: |
| | | - PolicyName: Route53Access |
| | | PolicyDocument: |
| | | Statement: |
| | | - Effect: Allow |
| | | Action: route53domains:* |
| | | Resource: "*" |
| | | - Effect: Allow |
| | | Action: route53:* |
| | | Resource: "*" |
| | | |
| | | Route53UserAccessKey: |
| | | Type: AWS::IAM::AccessKey |
| | | Properties: |
| | | UserName: |
| | | Ref: Route53User |
| | | |
| | | RegistryS3: |
| | | Type: "AWS::S3::Bucket" |
| | | Properties: |
| | |
| | | - S3UserAccessKey |
| | | - SecretAccessKey |
| | | Description: IAM User for RegistryS3 |
| | | Route53User: |
| | | Value: |
| | | Ref: Route53User |
| | | Description: IAM User for Route53 (Let's Encrypt) |
| | | Route53UserAccessKey: |
| | | Value: |
| | | Ref: Route53UserAccessKey |
| | | Description: IAM User for Route53 (Let's Encrypt) |
| | | Route53UserSecretAccessKey: |
| | | Value: |
| | | Fn::GetAtt: |
| | | - Route53UserAccessKey |
| | | - SecretAccessKey |
| | | Description: IAM User for Route53 (Let's Encrypt) |
| | |
| | | openshift_master_default_subdomain={{cloudapps_suffix}} |
| | | openshift_master_overwrite_named_certificates={{openshift_master_overwrite_named_certificates}} |
| | | |
| | | {% if install_lets_encrypt_certificates %} |
| | | openshift_master_named_certificates=[{"certfile": "/root/.acme.sh/{{ master_lb_dns }}/{{ master_lb_dns }}.cer", "keyfile": "/root/.acme.sh/{{ master_lb_dns }}/{{ master_lb_dns }}.key", "cafile": "/root/fakeleintermediatex1.pem"}] |
| | | {% endif %} |
| | | |
| | | openshift_set_hostname=True |
| | | |
| | | ########################################################################### |
| | |
| | | # This should be turned on once all dependent scripts use firewalld rather than iptables |
| | | # os_firewall_use_firewalld=True |
| | | {% endif %} |
| | | |
| | | |
| | | |
| | | {% if osrelease | version_compare('3.7', '>=') %} |
| | | ########################################################################### |
| | |
| | | openshift_metrics_cassanda_pvc_storage_class_name='' |
| | | openshift_hosted_metrics_storage_volume_name=metrics |
| | | {% endif %} |
| | | |
| | | #openshift_master_metrics_public_url=https://hawkular-metrics.{{cloudapps_suffix}}/hawkular/metrics |
| | | |
| | | ## Add Prometheus Metrics: |
| | | openshift_hosted_prometheus_deploy=true |
| | |
| | | openshift_hosted_logging_storage_volume_name=logging |
| | | {% endif %} |
| | | |
| | | # openshift_logging_kibana_hostname=kibana.{{cloudapps_suffix}} |
| | | openshift_logging_es_cluster_size=1 |
| | | |
| | | {% else %} |
| | |
| | | openshift_hosted_logging_hostname=kibana.{{cloudapps_suffix}} |
| | | openshift_hosted_logging_elasticsearch_cluster_size=1 |
| | | openshift_hosted_logging_deployer_version=v{{repo_version}} |
| | | # This one is wrong (down arrow) |
| | | #openshift_hosted_logging_image_version=v{{repo_version}} |
| | | #openshift_logging_image_version=v{{repo_version}} |
| | | {% endif %} |
| | | |
| | | openshift_logging_es_nodeselector={"env":"infra"} |
| | |
| | | |
| | | openshift_hosted_router_selector='env=infra' |
| | | openshift_hosted_router_replicas={{infranode_instance_count}} |
| | | #openshift_hosted_router_certificate={"certfile": "/path/to/router.crt", "keyfile": "/path/to/router.key", "cafile": "/path/to/router-ca.crt"} |
| | | |
| | | {% if install_lets_encrypt_certificates %} |
| | | openshift_hosted_router_certificate={"certfile": "/root/.acme.sh/{{ master_lb_dns }}/{{ master_lb_dns }}.cer", "keyfile": "/root/.acme.sh/{{ master_lb_dns }}/{{ master_lb_dns }}.key", "cafile": "/root/fakeleintermediatex1.pem"} |
| | | {% endif %} |
| | | |
| | | openshift_hosted_registry_selector='env=infra' |
| | | openshift_hosted_registry_replicas=1 |
| | |
| | | - env-specific |
| | | - env-specific_infra |
| | | tasks: |
| | | - name: Command to enable the wildcard routes in the OCP cluster for 3scale |
| | | shell: "oc set env dc/router ROUTER_ALLOW_WILDCARD_ROUTES=true -n default" |
| | | |
| | | - name: Give administrative user cluster-admin privileges |
| | | command: "oc adm policy add-cluster-role-to-user cluster-admin {{ admin_user }}" |
| | | |
| | |
| | | - name: Add capabilities within anyuid which is not really ideal |
| | | command: "oc patch scc/anyuid --patch '{\"requiredDropCapabilities\":[\"MKNOD\",\"SYS_CHROOT\"]}'" |
| | | |
| | | - name: Check for Node Selector (env=app) on project openshift-template-service-broker |
| | | shell: oc describe project openshift-template-service-broker|grep node-selector|grep app |
| | | register: node_selector_present |
| | | ignore_errors: true |
| | | when: osrelease | version_compare('3.7', '>=') |
| | | |
| | | - name: Remove Node Selector (env=app) from project openshift-template-service-broker if it is set |
| | | - name: Set Node Selector to empty for project openshift-template-service-broker |
| | | shell: oc annotate namespace openshift-template-service-broker openshift.io/node-selector="" --overwrite |
| | | ignore_errors: true |
| | | when: |
| | | - osrelease | version_compare('3.7', '>=') |
| | | - node_selector_present.rc == 0 |
| | | |
| | | - name: Remove all users from self-provisioners group |
| | | hosts: masters[0] |
| | |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml" |
| | | tags: [ env-specific, remove_self_provisioners ] |
| | | tasks: |
| | | - name: Set clusterRoleBinding auto-update to false |
| | | command: oc annotate -n default --overwrite clusterrolebinding.rbac self-provisioners rbac.authorization.kubernetes.io/autoupdate=false |
| | | when: remove_self_provisioners |
| | | |
| | | - name: Remove system:authenticated from self-provisioner role |
| | | shell: "oadm policy remove-cluster-role-from-group self-provisioner system:authenticated system:authenticated:oauth" |
| | | ignore_errors: true |
| | |
| | | tasks: |
| | | - name: Pull ose-recycler Image |
| | | command: docker pull registry.access.redhat.com/openshift3/ose-recycler:latest |
| | | when: osrelease | version_compare('3.7.9', 'eq') |
| | | when: osrelease | version_compare('3.7.9', '>=') |
| | | |
| | | - name: Tag ose-recycler Image |
| | | command: "docker tag registry.access.redhat.com/openshift3/ose-recycler:latest registry.access.redhat.com/openshift3/ose-recycler:v{{ osrelease }}" |
| | | when: osrelease | version_compare('3.7.9', 'eq') |
| | | when: osrelease | version_compare('3.7.9', '>=') |
| | | |
| | | # Set up Prometheus/Node Exporter/Alertmanager/Grafana |
| | | # on the OpenShift Cluster |
| | |
| | | - { role: "{{ ANSIBLE_REPO_PATH }}/roles/common", when: 'install_common' } |
| | | - { role: "{{ ANSIBLE_REPO_PATH }}/roles/set_env_authorized_key", when: 'set_env_authorized_key' } |
| | | |
| | | - name: Request Let's Encrypt Wildcard Certificates |
| | | hosts: bastions[0] |
| | | become: true |
| | | vars_files: |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml" |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_secret_vars.yml" |
| | | roles: |
| | | - { role: "{{ ANSIBLE_REPO_PATH }}/roles/lets-encrypt", when: 'install_lets_encrypt_certificates' } |
| | | |
| | | - name: Configuring Bastion Hosts |
| | | hosts: bastions |
| | | become: true |
New file |
| | |
| | | --- |
| | | - name: Step 00xxxxx software |
| | | hosts: localhost |
| | | gather_facts: False |
| | | become: false |
| | | tasks: |
| | | - debug: |
| | | msg: "Software tasks Started" |
| | | |
| | | - name: Software flight-check |
| | | hosts: localhost |
| | | connection: local |
| | | gather_facts: false |
| | | become: false |
| | | tags: |
| | | - post_flight_check |
| | | tasks: |
| | | - debug: |
| | | msg: "Software checks completed successfully" |
New file |
| | |
| | | This is imported from https://github.com/siamaksade/openshift-demos-ansible |
| | | |
| | | ## Requirements |
| | | |
| | | You can import roles needed for this configs by running the following: |
| | | ---- |
| | | cd ansible_agnostic_deployer/ansible |
| | | ansible-galaxy install -r requirements.yml -p roles/ |
| | | ansible-galaxy install -r requirements-prod.yml -p roles/ #for production |
| | | ---- |
| | | |
| | | Please refer to https://github.com/siamaksade/openshift-demos-ansible for documentation. |
New file |
| | |
| | | --- |
| | | env_type: openshift-demos |
| | | # oc_kube_config: |
| | | # oc_token: |
| | | # openshift_master: |
| | | |
| | | project_suffix: demo |
| | | |
| | | project_cicd: cicd-{{ project_suffix }} |
| | | project_cicd_name: "CI/CD" |
| | | project_cicd_desc: "CI/CD Components (Jenkins, Gogs, etc)" |
| | | |
| | | project_prod: coolstore-prod-{{ project_suffix }} |
| | | project_prod_name: "CoolStore PROD" |
| | | project_prod_desc: "CoolStore PROD Environment" |
| | | |
| | | project_stage: coolstore-test-{{ project_suffix }} |
| | | project_stage_name: "CoolStore TEST" |
| | | project_stage_desc: "CoolStore Test Environment" |
| | | |
| | | project_test: inventory-test-{{ project_suffix }} |
| | | project_test_name: "Inventory DEV" |
| | | project_test_desc: "Inventory DEV Environment" |
| | | |
| | | project_dev: developer-{{ project_suffix }} |
| | | project_dev_name: "Developer Project" |
| | | project_dev_desc: "Personal Developer Project" |
| | | |
| | | project_default: coolstore-{{ project_suffix }} |
| | | project_default_name: "CoolStore MSA" |
| | | project_default_desc: "CoolStore MSA" |
| | | |
| | | |
| | | github_account: jbossdemocentral |
| | | github_ref: master |
| | | |
| | | ephemeral: false |
| | | |
| | | maven_mirror_url: |
| | | |
| | | deploy_guides: true |
| | | |
| | | prebuilt_images_project_name: coolstore-image-builds |
| | | |
| | | set_hostname_suffix: true |
| | | |
| | | gogs_image_version: 0.11.29 |
| | | gogs_admin_user: team |
| | | gogs_admin_password: team |
| | | gogs_user: developer |
| | | gogs_password: developer |
| | | |
| | | nexus_volume_capacity: 10Gi |
| | | nexus_max_memory: 2Gi |
| | | nexus_image_version: 3.6.1 |
| | | |
| | | # project_admin: |
| | | |
| | | projects_join_with: "{{ project_cicd }}" |
| | | |
| | | workshopper_content_url_prefix: https://raw.githubusercontent.com/osevg/workshopper-content/master |
New file |
| | |
| | | --- |
| | | - name: Idle Coolstore Microservices Demo |
| | | hosts: all |
| | | gather_facts: false |
| | | run_once: true |
| | | vars_files: |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml" |
| | | tasks: |
| | | - include_role: |
| | | name: "{{ ANSIBLE_REPO_PATH }}/roles/openshift_commons_facts" |
| | | vars: |
| | | set_hostname_suffix: false |
| | | |
| | | - name: idling projects |
| | | shell: "{{ openshift_cli }} idle -n {{ item }} --all" |
| | | ignore_errors: true |
| | | with_items: |
| | | - "{{ project_default }}" |
| | | - "{{ project_cicd }}" |
| | | - "{{ project_prod }}" |
| | | - "{{ project_stage }}" |
| | | - "{{ project_test }}" |
| | | - "{{ project_dev }}" |
New file |
| | |
| | | --- |
| | | - name: Create CoolStore Image Build Pipeline to Pre-Build Images |
| | | hosts: all |
| | | gather_facts: false |
| | | run_once: true |
| | | vars: |
| | | project_name: coolstore-image-builds |
| | | github_account: jbossdemocentral |
| | | github_ref: ocp-3.7 |
| | | maven_mirror_url: https://mirror.openshift.com/nexus/content/groups/public/ |
| | | pipeline_template: https://raw.githubusercontent.com/{{ github_account }}/coolstore-microservice/{{ github_ref }}/openshift/templates/imagebuild-pipeline-template.yaml |
| | | tasks: |
| | | - include_role: |
| | | name: "{{ ANSIBLE_REPO_PATH }}/roles/openshift_commons_facts" |
| | | vars: |
| | | set_hostname_suffix: false |
| | | |
| | | - name: check if image builder project exists |
| | | shell: "{{ openshift_cli }} get project {{ project_name }}" |
| | | register: result |
| | | ignore_errors: true |
| | | changed_when: false |
| | | |
| | | - name: create image builder project {{ project_name }} |
| | | shell: "{{ openshift_cli }} new-project {{ project_name }} --description='DO NOT REMOVE THIS PROJECT. NEEDED FOR COOLSTORE DEMO'" |
| | | ignore_errors: true |
| | | when: result|failed |
| | | |
| | | - import_role: |
| | | name: openshift_jenkins |
| | | vars: |
| | | project_name: "{{ project_name }}" |
| | | jenkins_image_tag: "v3.7" |
| | | jenkins_image_force_import: "true" |
| | | jenkins_max_cpu: 2 |
| | | |
| | | - name: create coolstore image build pipeline |
| | | shell: "{{ openshift_cli }} process -f {{ pipeline_template }} --param=GITHUB_ACCOUNT={{ github_account }} --param=GITHUB_REF={{ github_ref }} --param=MAVEN_MIRROR_URL={{ maven_mirror_url }} -n {{ project_name }} | {{ openshift_cli }} create -f - -n {{ project_name }}" |
| | | ignore_errors: true |
New file |
| | |
| | | --- |
| | | - name: Deploy Coolstore Microservices Demo - CI/CD with JBoss EAP |
| | | hosts: all |
| | | gather_facts: false |
| | | run_once: true |
| | | vars_files: |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml" |
| | | tasks: |
| | | - include_role: |
| | | name: "{{ ANSIBLE_REPO_PATH }}/roles/openshift_commons_facts" |
| | | tags: |
| | | - cicd |
| | | - guides |
| | | - demo |
| | | |
| | | - import_role: |
| | | name: "{{ ANSIBLE_REPO_PATH }}/roles/openshift_gogs" |
| | | vars: |
| | | project_name: "{{ project_cicd }}" |
| | | project_display_name: "{{ project_cicd_name }}" |
| | | project_desc: "{{ project_cicd_desc }}" |
| | | project_annotations: "demo=demo-modern-arch-{{ project_suffix }}" |
| | | gogs_route: "gogs-{{ project_cicd }}.{{ apps_hostname_suffix }}" |
| | | tags: cicd |
| | | |
| | | - import_role: |
| | | name: "{{ ANSIBLE_REPO_PATH }}/roles/openshift_sonatype_nexus" |
| | | vars: |
| | | project_name: "{{ project_cicd }}" |
| | | when: > |
| | | maven_mirror_url is not defined or |
| | | maven_mirror_url is none or |
| | | maven_mirror_url|trim() == "" |
| | | tags: cicd |
| | | |
| | | - import_role: |
| | | name: "{{ ANSIBLE_REPO_PATH }}/roles/openshift_jenkins" |
| | | vars: |
| | | project_name: "{{ project_cicd }}" |
| | | jenkins_image_tag: "v3.7" |
| | | jenkins_image_force_import: "true" |
| | | tags: cicd |
| | | |
| | | - import_role: |
| | | name: "{{ ANSIBLE_REPO_PATH }}/roles/openshift_workshopper" |
| | | vars: |
| | | project_name: "{{ project_cicd }}" |
| | | workshopper_content_url_prefix: https://raw.githubusercontent.com/siamaksade/coolstore-demo-guides/openshift-3.7 |
| | | workshopper_workshop_urls: "{{ workshopper_content_url_prefix }}/demo-cicd-eap-full.yml" |
| | | workshopper_env_vars: |
| | | PROJECT_SUFFIX: "{{ project_suffix }}" |
| | | GOGS_URL: "http://gogs-{{ project_cicd }}.{{ apps_hostname_suffix }}" |
| | | GOGS_DEV_REPO_URL_PREFIX: "http://gogs-{{ project_cicd }}.{{ apps_hostname_suffix }}/{{ gogs_user }}/coolstore-microservice" |
| | | JENKINS_URL: "http://jenkins-{{ project_prod }}.{{ apps_hostname_suffix }}" |
| | | COOLSTORE_WEB_PROD_URL: "http://web-ui-{{ project_prod }}.{{ apps_hostname_suffix }}" |
| | | HYSTRIX_PROD_URL: "http://hystrix-dashboard-{{ project_prod }}.{{ apps_hostname_suffix }}" |
| | | GOGS_DEV_USER: "{{ gogs_user }}" |
| | | GOGS_DEV_PASSWORD: "{{ gogs_password }}" |
| | | GOGS_REVIEWER_USER: "{{ gogs_admin_user }}" |
| | | GOGS_REVIEWER_PASSWORD: "{{ gogs_admin_password }}" |
| | | when: deploy_guides |
| | | tags: guides |
| | | |
| | | - import_role: |
| | | name: "{{ ANSIBLE_REPO_PATH }}/roles/openshift_coolstore" |
| | | vars: |
| | | project_annotations: "demo=demo-msa-cicd-eap-{{ project_suffix }}" |
| | | hostname_suffix: "{{ apps_hostname_suffix }}" |
| | | gogs_hostname: "gogs-{{ project_cicd }}.{{ apps_hostname_suffix }}" |
| | | prune_deployments_selector_prod: "" |
| | | prune_deployments_selector_stage: "comp-required!=true,app!=inventory" |
| | | tags: demo |
| | | |
| | | # verify database deployments in cicd project |
| | | - name: wait for database deployments in project {{ project_cicd }} to complete (succeed or fail) |
| | | shell: "oc get pods -n {{ project_cicd }} -l comp-type=database | grep '\\-deploy\\s' | grep 'Running'" |
| | | register: deployment_running |
| | | until: deployment_running|failed |
| | | retries: 20 |
| | | delay: 30 |
| | | ignore_errors: true |
| | | tags: verify |
| | | |
| | | - include_tasks: verify_tasks.yml project_name={{ project_cicd }} selector="comp-type=database" |
| | | tags: verify |
| | | |
| | | # verify database deployments in prod project |
| | | - name: wait for database deployments in project {{ project_prod }} to complete (succeed or fail) |
| | | shell: "oc get pods -n {{ project_prod }} -l comp-type=database | grep '\\-deploy\\s' | grep 'Running'" |
| | | register: deployment_running |
| | | until: deployment_running|failed |
| | | retries: 20 |
| | | delay: 30 |
| | | ignore_errors: true |
| | | tags: verify |
| | | |
| | | - include_tasks: verify_tasks.yml project_name={{ project_prod }} selector="comp-type=database" |
| | | |
| | | # verify database deployments in test project |
| | | - name: wait for database deployments in project {{ project_test }} to complete (succeed or fail) |
| | | shell: "oc get pods -n {{ project_test }} -l comp-type=database | grep '\\-deploy\\s' | grep 'Running'" |
| | | register: deployment_running |
| | | until: deployment_running|failed |
| | | retries: 20 |
| | | delay: 30 |
| | | ignore_errors: true |
| | | tags: verify |
| | | |
| | | - include_tasks: verify_tasks.yml project_name={{ project_test }} selector="comp-type=database" |
| | | |
| | | # verify database deployments in dev project |
| | | - name: wait for database deployments in project {{ project_dev }} to complete (succeed or fail) |
| | | shell: "oc get pods -n {{ project_dev }} -l comp-type=database | grep '\\-deploy\\s' | grep 'Running'" |
| | | register: deployment_running |
| | | until: deployment_running|failed |
| | | retries: 20 |
| | | delay: 30 |
| | | ignore_errors: true |
| | | tags: verify |
| | | |
| | | - include_tasks: verify_tasks.yml project_name={{ project_dev }} selector="comp-type=database" |
| | | tags: verify |
| | | |
| | | # verify other deployments in cicd project |
| | | - name: wait for other deployments in project {{ project_cicd }} to complete (succeed or fail) |
| | | shell: "oc get pods -n {{ project_cicd }} -l comp-type!=database | grep '\\-deploy\\s' | grep 'Running'" |
| | | register: deployment_running |
| | | until: deployment_running|failed |
| | | retries: 20 |
| | | delay: 30 |
| | | ignore_errors: true |
| | | tags: verify |
| | | |
| | | - include_tasks: verify_tasks.yml project_name={{ project_cicd }} selector="comp-type!=database" |
| | | tags: verify |
| | | |
| | | |
| | | # verify other deployments in prod project |
| | | - name: wait for other deployments in project {{ project_prod }} to complete (succeed or fail) |
| | | shell: "oc get pods -n {{ project_prod }} -l comp-type!=database | grep '\\-deploy\\s' | grep 'Running'" |
| | | register: deployment_running |
| | | until: deployment_running|failed |
| | | retries: 20 |
| | | delay: 30 |
| | | ignore_errors: true |
| | | tags: verify |
| | | |
| | | - include_tasks: verify_tasks.yml project_name={{ project_prod }} selector="comp-type!=database" |
| | | tags: verify |
| | | |
| | | # verify other deployments in stage project |
| | | - name: wait for other deployments in project {{ project_stage }} to complete (succeed or fail) |
| | | shell: "oc get pods -n {{ project_stage }} -l comp-type!=database | grep '\\-deploy\\s' | grep 'Running'" |
| | | register: deployment_running |
| | | until: deployment_running|failed |
| | | retries: 20 |
| | | delay: 30 |
| | | ignore_errors: true |
| | | tags: verify |
| | | |
| | | - include_tasks: verify_tasks.yml project_name={{ project_stage }} selector="comp-type!=database" |
| | | tags: verify |
| | | |
| | | # verify other deployments in test project |
| | | - name: wait for other deployments in project {{ project_test }} to complete (succeed or fail) |
| | | shell: "oc get pods -n {{ project_test }} -l comp-type!=database | grep '\\-deploy\\s' | grep 'Running'" |
| | | register: deployment_running |
| | | until: deployment_running|failed |
| | | retries: 20 |
| | | delay: 30 |
| | | ignore_errors: true |
| | | tags: verify |
| | | |
| | | - include_tasks: verify_tasks.yml project_name={{ project_test }} selector="comp-type!=database" |
| | | tags: verify |
| | | |
| | | # verify other deployments in dev project |
| | | - name: wait for other deployments in project {{ project_dev }} to complete (succeed or fail) |
| | | shell: "oc get pods -n {{ project_dev }} -l comp-type!=database | grep '\\-deploy\\s' | grep 'Running'" |
| | | register: deployment_running |
| | | until: deployment_running|failed |
| | | retries: 20 |
| | | delay: 30 |
| | | ignore_errors: true |
| | | tags: verify |
| | | |
| | | - include_tasks: verify_tasks.yml project_name={{ project_dev }} selector="comp-type!=database" |
| | | tags: verify |
New file |
| | |
| | | --- |
| | | - name: Deploy Coolstore Microservices Demo - CI/CD with JBoss EAP |
| | | hosts: all |
| | | gather_facts: false |
| | | run_once: true |
| | | vars_files: |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml" |
| | | |
| | | tasks: |
| | | - include_role: |
| | | name: "{{ ANSIBLE_REPO_PATH }}/roles/openshift_commons_facts" |
| | | tags: |
| | | - cicd |
| | | - guides |
| | | - demo |
| | | |
| | | - import_role: |
| | | name: "{{ ANSIBLE_REPO_PATH }}/roles/openshift_gogs" |
| | | vars: |
| | | project_name: "{{ project_cicd }}" |
| | | project_display_name: "{{ project_cicd_name }}" |
| | | project_desc: "{{ project_cicd_desc }}" |
| | | project_annotations: "demo=demo-modern-arch-{{ project_suffix }}" |
| | | gogs_route: "gogs-{{ project_cicd }}.{{ apps_hostname_suffix }}" |
| | | tags: cicd |
| | | |
| | | - import_role: |
| | | name: "{{ ANSIBLE_REPO_PATH }}/roles/openshift_sonatype_nexus" |
| | | vars: |
| | | project_name: "{{ project_cicd }}" |
| | | when: > |
| | | maven_mirror_url is not defined or |
| | | maven_mirror_url is none or |
| | | maven_mirror_url|trim() == "" |
| | | tags: cicd |
| | | |
| | | - import_role: |
| | | name: "{{ ANSIBLE_REPO_PATH }}/roles/openshift_jenkins" |
| | | vars: |
| | | project_name: "{{ project_cicd }}" |
| | | jenkins_image_tag: "v3.7" |
| | | jenkins_image_force_import: "true" |
| | | tags: cicd |
| | | |
| | | - import_role: |
| | | name: "{{ ANSIBLE_REPO_PATH }}/roles/openshift_workshopper" |
| | | vars: |
| | | project_name: "{{ project_cicd }}" |
| | | workshopper_content_url_prefix: https://raw.githubusercontent.com/siamaksade/coolstore-demo-guides/openshift-3.7 |
| | | workshopper_workshop_urls: "{{ workshopper_content_url_prefix }}/demo-cicd-eap-min.yml" |
| | | workshopper_env_vars: |
| | | PROJECT_SUFFIX: "{{ project_suffix }}" |
| | | GOGS_URL: "http://gogs-{{ project_cicd }}.{{ apps_hostname_suffix }}" |
| | | GOGS_DEV_REPO_URL_PREFIX: "http://gogs-{{ project_cicd }}.{{ apps_hostname_suffix }}/{{ gogs_user }}/coolstore-microservice" |
| | | JENKINS_URL: "http://jenkins-{{ project_prod }}.{{ apps_hostname_suffix }}" |
| | | COOLSTORE_WEB_PROD_URL: "http://web-ui-{{ project_prod }}.{{ apps_hostname_suffix }}" |
| | | HYSTRIX_PROD_URL: "http://hystrix-dashboard-{{ project_prod }}.{{ apps_hostname_suffix }}" |
| | | GOGS_DEV_USER: "{{ gogs_user }}" |
| | | GOGS_DEV_PASSWORD: "{{ gogs_password }}" |
| | | GOGS_REVIEWER_USER: "{{ gogs_admin_user }}" |
| | | GOGS_REVIEWER_PASSWORD: "{{ gogs_admin_password }}" |
| | | when: deploy_guides |
| | | tags: guides |
| | | |
| | | - import_role: |
| | | name: "{{ ANSIBLE_REPO_PATH }}/roles/openshift_coolstore" |
| | | vars: |
| | | project_annotations: "demo=demo-msa-cicd-eap-{{ project_suffix }}" |
| | | hostname_suffix: "{{ apps_hostname_suffix }}" |
| | | gogs_hostname: "gogs-{{ project_cicd }}.{{ apps_hostname_suffix }}" |
| | | prune_deployments_selector: "comp-required!=true,app!=inventory" |
| | | prune_builds_selector: "comp-required!=true,app!=inventory" |
| | | disable_stage_project: true |
| | | tags: demo |
| | | |
| | | # verify database deployments in cicd project |
| | | - name: wait for database deployments in project {{ project_cicd }} to complete (succeed or fail) |
| | | shell: "oc get pods -n {{ project_cicd }} -l comp-type=database | grep '\\-deploy\\s' | grep 'Running'" |
| | | register: deployment_running |
| | | until: deployment_running|failed |
| | | retries: 20 |
| | | delay: 30 |
| | | ignore_errors: true |
| | | tags: verify |
| | | |
| | | - include_tasks: verify_tasks.yml project_name={{ project_cicd }} selector="comp-type=database" |
| | | tags: verify |
| | | |
| | | # verify database deployments in prod project |
| | | - name: wait for database deployments in project {{ project_prod }} to complete (succeed or fail) |
| | | shell: "oc get pods -n {{ project_prod }} -l comp-type=database | grep '\\-deploy\\s' | grep 'Running'" |
| | | register: deployment_running |
| | | until: deployment_running|failed |
| | | retries: 20 |
| | | delay: 30 |
| | | ignore_errors: true |
| | | tags: verify |
| | | |
| | | - include_tasks: verify_tasks.yml project_name={{ project_prod }} selector="comp-type=database" |
| | | |
| | | # verify database deployments in test project |
| | | - name: wait for database deployments in project {{ project_test }} to complete (succeed or fail) |
| | | shell: "oc get pods -n {{ project_test }} -l comp-type=database | grep '\\-deploy\\s' | grep 'Running'" |
| | | register: deployment_running |
| | | until: deployment_running|failed |
| | | retries: 20 |
| | | delay: 30 |
| | | ignore_errors: true |
| | | tags: verify |
| | | |
| | | - include_tasks: verify_tasks.yml project_name={{ project_test }} selector="comp-type=database" |
| | | |
| | | # verify database deployments in dev project |
| | | - name: wait for database deployments in project {{ project_dev }} to complete (succeed or fail) |
| | | shell: "oc get pods -n {{ project_dev }} -l comp-type=database | grep '\\-deploy\\s' | grep 'Running'" |
| | | register: deployment_running |
| | | until: deployment_running|failed |
| | | retries: 20 |
| | | delay: 30 |
| | | ignore_errors: true |
| | | tags: verify |
| | | |
| | | - include_tasks: verify_tasks.yml project_name={{ project_dev }} selector="comp-type=database" |
| | | tags: verify |
| | | |
| | | |
| | | # verify other deployments in cicd project |
| | | - name: wait for other deployments in project {{ project_cicd }} to complete (succeed or fail) |
| | | shell: "oc get pods -n {{ project_cicd }} -l comp-type!=database | grep '\\-deploy\\s' | grep 'Running'" |
| | | register: deployment_running |
| | | until: deployment_running|failed |
| | | retries: 20 |
| | | delay: 30 |
| | | ignore_errors: true |
| | | tags: verify |
| | | |
| | | - include_tasks: verify_tasks.yml project_name={{ project_cicd }} selector="comp-type!=database" |
| | | tags: verify |
| | | |
| | | |
| | | # verify other deployments in prod project |
| | | - name: wait for other deployments in project {{ project_prod }} to complete (succeed or fail) |
| | | shell: "oc get pods -n {{ project_prod }} -l comp-type!=database | grep '\\-deploy\\s' | grep 'Running'" |
| | | register: deployment_running |
| | | until: deployment_running|failed |
| | | retries: 20 |
| | | delay: 30 |
| | | ignore_errors: true |
| | | tags: verify |
| | | |
| | | - include_tasks: verify_tasks.yml project_name={{ project_prod }} selector="comp-type!=database" |
| | | tags: verify |
| | | |
| | | # verify other deployments in test project |
| | | - name: wait for other deployments in project {{ project_test }} to complete (succeed or fail) |
| | | shell: "oc get pods -n {{ project_test }} -l comp-type!=database | grep '\\-deploy\\s' | grep 'Running'" |
| | | register: deployment_running |
| | | until: deployment_running|failed |
| | | retries: 20 |
| | | delay: 30 |
| | | ignore_errors: true |
| | | tags: verify |
| | | |
| | | - include_tasks: verify_tasks.yml project_name={{ project_test }} selector="comp-type!=database" |
| | | tags: verify |
| | | |
| | | # verify other deployments in dev project |
| | | - name: wait for other deployments in project {{ project_dev }} to complete (succeed or fail) |
| | | shell: "oc get pods -n {{ project_dev }} -l comp-type!=database | grep '\\-deploy\\s' | grep 'Running'" |
| | | register: deployment_running |
| | | until: deployment_running|failed |
| | | retries: 20 |
| | | delay: 30 |
| | | ignore_errors: true |
| | | tags: verify |
| | | |
| | | - include_tasks: verify_tasks.yml project_name={{ project_dev }} selector="comp-type!=database" |
| | | tags: verify |
New file |
| | |
| | | --- |
| | | - name: Deploy Coolstore Microservices Demo |
| | | hosts: all |
| | | gather_facts: false |
| | | run_once: true |
| | | vars_files: |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml" |
| | | |
| | | tasks: |
| | | - include_role: |
| | | name: "{{ ANSIBLE_REPO_PATH }}/roles/openshift_commons_facts" |
| | | |
| | | - import_role: |
| | | name: "{{ ANSIBLE_REPO_PATH }}/roles/openshift_coolstore" |
| | | vars: |
| | | project_annotations: "demo=demo-msa-{{ project_suffix }}" |
| | | hostname_suffix: "{{ apps_hostname_suffix }}" |
| | | enable_cicd: false |
| | | |
| | | # verify database deployments |
| | | - name: wait for database deployments to complete (succeed or fail) |
| | | shell: "oc get pods -n {{ project_default }} -l comp-type=database | grep '\\-deploy\\s' | grep 'Running'" |
| | | register: deployment_running |
| | | until: deployment_running|failed |
| | | retries: 20 |
| | | delay: 30 |
| | | ignore_errors: true |
| | | tags: verify |
| | | |
| | | - include_tasks: verify_tasks.yml project_name={{ project_default }} selector="comp-type=database" |
| | | tags: verify |
| | | |
| | | # verify other deployments |
| | | - name: wait for other deployments to complete (succeed or fail) |
| | | shell: "oc get pods -n {{ project_default }} -l comp-type!=database | grep '\\-deploy\\s' | grep 'Running'" |
| | | register: deployment_running |
| | | until: deployment_running|failed |
| | | retries: 20 |
| | | delay: 30 |
| | | ignore_errors: true |
| | | tags: verify |
| | | |
| | | - include_tasks: verify_tasks.yml project_name={{ project_default }} selector="comp-type!=database" |
| | | tags: verify |
New file |
| | |
| | | --- |
| | | - name: Deploy Coolstore Microservices Demo |
| | | hosts: all |
| | | gather_facts: false |
| | | run_once: true |
| | | vars_files: |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml" |
| | | |
| | | tasks: |
| | | - include_role: |
| | | name: "{{ ANSIBLE_REPO_PATH }}/roles/openshift_commons_facts" |
| | | |
| | | - import_role: |
| | | name: "{{ ANSIBLE_REPO_PATH }}/roles/openshift_coolstore" |
| | | vars: |
| | | project_annotations: "demo=demo-msa-{{ project_suffix }}" |
| | | hostname_suffix: "{{ apps_hostname_suffix }}" |
| | | enable_cicd: false |
| | | prune_builds_selector: "comp-required!=true" |
| | | prune_deployments_selector: "comp-required!=true" |
| | | |
| | | |
| | | # verify database deployments |
| | | - name: wait for database deployments to complete (succeed or fail) |
| | | shell: "oc get pods -n {{ project_default }} -l comp-type=database | grep '\\-deploy\\s' | grep 'Running'" |
| | | register: deployment_running |
| | | until: deployment_running|failed |
| | | retries: 20 |
| | | delay: 30 |
| | | ignore_errors: true |
| | | tags: verify |
| | | |
| | | - include_tasks: verify_tasks.yml project_name={{ project_default }} selector="comp-type=database" |
| | | tags: verify |
| | | |
| | | # verify other deployments |
| | | - name: wait for other deployments to complete (succeed or fail) |
| | | shell: "oc get pods -n {{ project_default }} -l comp-type!=database | grep '\\-deploy\\s' | grep 'Running'" |
| | | register: deployment_running |
| | | until: deployment_running|failed |
| | | retries: 20 |
| | | delay: 30 |
| | | ignore_errors: true |
| | | tags: verify |
| | | |
| | | - include_tasks: verify_tasks.yml project_name={{ project_default }} selector="comp-type!=database" |
| | | tags: verify |
New file |
| | |
| | | --- |
| | | - src: siamaksade.openshift_common_facts |
| | | # src: https://github.com/siamaksade/ansible-openshift-common-facts.git |
| | | name: openshift_commons_facts |
| | | version: ocp-3.7 |
| | | |
| | | - src: siamaksade.openshift_sonatype_nexus |
| | | # src: https://github.com/siamaksade/ansible-openshift-nexus.git |
| | | name: openshift_sonatype_nexus |
| | | version: ocp-3.7 |
| | | |
| | | - src: siamaksade.openshift_gogs |
| | | # src: https://github.com/siamaksade/ansible-openshift-gogs.git |
| | | name: openshift_gogs |
| | | version: ocp-3.7 |
| | | |
| | | - src: siamaksade.openshift_jenkins |
| | | # src: https://github.com/siamaksade/ansible-openshift-jenkins.git |
| | | name: openshift_jenkins |
| | | version: ocp-3.7 |
| | | |
| | | - src: siamaksade.openshift_workshopper |
| | | # src: https://github.com/siamaksade/ansible-openshift-workshopper.git |
| | | name: openshift_workshopper |
| | | version: ocp-3.7 |
| | | |
| | | - src: siamaksade.openshift_coolstore |
| | | # src: https://github.com/siamaksade/ansible-openshift-coolstore.git |
| | | name: openshift_coolstore |
| | | version: ocp-3.7 |
New file |
| | |
| | | --- |
| | | - src: siamaksade.openshift_common_facts |
| | | # src: https://github.com/siamaksade/ansible-openshift-common-facts.git |
| | | name: openshift_commons_facts |
| | | |
| | | - src: siamaksade.openshift_sonatype_nexus |
| | | # src: https://github.com/siamaksade/ansible-openshift-nexus.git |
| | | name: openshift_sonatype_nexus |
| | | |
| | | - src: siamaksade.openshift_gogs |
| | | # src: https://github.com/siamaksade/ansible-openshift-gogs.git |
| | | name: openshift_gogs |
| | | |
| | | - src: siamaksade.openshift_jenkins |
| | | # src: https://github.com/siamaksade/ansible-openshift-jenkins.git |
| | | name: openshift_jenkins |
| | | |
| | | - src: siamaksade.openshift_workshopper |
| | | # src: https://github.com/siamaksade/ansible-openshift-workshopper.git |
| | | name: openshift_workshopper |
| | | |
| | | - src: siamaksade.openshift_coolstore |
| | | # src: https://github.com/siamaksade/ansible-openshift-coolstore.git |
| | | name: openshift_coolstore |
New file |
| | |
| | | --- |
| | | - name: Undeploy Coolstore Microservices Demo |
| | | hosts: all |
| | | gather_facts: false |
| | | run_once: true |
| | | vars_files: |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml" |
| | | tasks: |
| | | - include_role: |
| | | name: "{{ ANSIBLE_REPO_PATH }}/roles/openshift_commons_facts" |
| | | vars: |
| | | set_hostname_suffix: false |
| | | |
| | | - name: delete ci/cd projects |
| | | shell: "{{ openshift_cli }} delete project {{ project_cicd }} {{ project_prod }} {{ project_stage }} {{ project_test }} {{ project_dev }}" |
| | | ignore_errors: true |
| | | |
| | | - name: delete default project |
| | | shell: "{{ openshift_cli }} delete project {{ project_default }}" |
| | | ignore_errors: true |
New file |
| | |
| | | --- |
| | | - name: Idle Coolstore Microservices Demo |
| | | hosts: all |
| | | gather_facts: false |
| | | run_once: true |
| | | tasks: |
| | | - include_role: |
| | | name: "{{ ANSIBLE_REPO_PATH }}/roles/openshift_commons_facts" |
| | | |
| | | # default project |
| | | - name: check if {{ project_default }} exists |
| | | shell: "{{ openshift_cli }} get project {{ project_default }}" |
| | | register: result |
| | | ignore_errors: true |
| | | changed_when: false |
| | | |
| | | - name: list deployment configs in {{ project_default }} |
| | | shell: "{{ openshift_cli }} get dc -o json -n {{ project_default }}" |
| | | register: deploymentconfigs_list |
| | | when: result|success |
| | | changed_when: false |
| | | |
| | | - name: unidle all deployments in project {{ project_default }}" |
| | | shell: "{{ openshift_cli }} scale --replicas={{ item.metadata.annotations['idling.alpha.openshift.io/previous-scale'] }} dc {{ item.metadata.name }} -n {{ project_default }}" |
| | | with_items: "{{ deploymentconfigs_list.stdout|from_json|json_query('items') }}" |
| | | when: > |
| | | result|success and |
| | | item.metadata.annotations is defined and |
| | | item.metadata.annotations['idling.alpha.openshift.io/previous-scale'] is defined and |
| | | item.metadata.annotations['idling.alpha.openshift.io/previous-scale'] is not none and |
| | | item.metadata.annotations['idling.alpha.openshift.io/previous-scale']|trim() != "" |
| | | |
| | | # cicd project |
| | | - name: check if {{ project_cicd }} exists |
| | | shell: "{{ openshift_cli }} get project {{ project_cicd }}" |
| | | register: result |
| | | ignore_errors: true |
| | | changed_when: false |
| | | |
| | | - name: list deployment configs in {{ project_cicd }} |
| | | shell: "{{ openshift_cli }} get dc -o json -n {{ project_cicd }}" |
| | | register: deploymentconfigs_list |
| | | when: result|success |
| | | changed_when: false |
| | | |
| | | - name: unidle all deployments in project {{ project_cicd }}" |
| | | shell: "{{ openshift_cli }} scale --replicas={{ item.metadata.annotations['idling.alpha.openshift.io/previous-scale'] }} dc {{ item.metadata.name }} -n {{ project_cicd }}" |
| | | with_items: "{{ deploymentconfigs_list.stdout|from_json|json_query('items') }}" |
| | | when: > |
| | | result|success and |
| | | item.metadata.annotations is defined and |
| | | item.metadata.annotations['idling.alpha.openshift.io/previous-scale'] is defined and |
| | | item.metadata.annotations['idling.alpha.openshift.io/previous-scale'] is not none and |
| | | item.metadata.annotations['idling.alpha.openshift.io/previous-scale']|trim() != "" |
| | | |
| | | # prod project |
| | | - name: check if {{ project_prod }} exists |
| | | shell: "{{ openshift_cli }} get project {{ project_prod }}" |
| | | register: result |
| | | ignore_errors: true |
| | | changed_when: false |
| | | |
| | | - name: list deployment configs in {{ project_prod }} |
| | | shell: "{{ openshift_cli }} get dc -o json -n {{ project_prod }}" |
| | | register: deploymentconfigs_list |
| | | when: result|success |
| | | changed_when: false |
| | | |
| | | - name: unidle all deployments in project {{ project_prod }}" |
| | | shell: "{{ openshift_cli }} scale --replicas={{ item.metadata.annotations['idling.alpha.openshift.io/previous-scale'] }} dc {{ item.metadata.name }} -n {{ project_prod }}" |
| | | with_items: "{{ deploymentconfigs_list.stdout|from_json|json_query('items') }}" |
| | | when: > |
| | | result|success and |
| | | item.metadata.annotations is defined and |
| | | item.metadata.annotations['idling.alpha.openshift.io/previous-scale'] is defined and |
| | | item.metadata.annotations['idling.alpha.openshift.io/previous-scale'] is not none and |
| | | item.metadata.annotations['idling.alpha.openshift.io/previous-scale']|trim() != "" |
| | | |
| | | # stage project |
| | | - name: check if {{ project_stage }} exists |
| | | shell: "{{ openshift_cli }} get project {{ project_stage }}" |
| | | register: result |
| | | ignore_errors: true |
| | | changed_when: false |
| | | |
| | | - name: list deployment configs in {{ project_stage }} |
| | | shell: "{{ openshift_cli }} get dc -o json -n {{ project_stage }}" |
| | | register: deploymentconfigs_list |
| | | when: result|success |
| | | changed_when: false |
| | | |
| | | - name: unidle all deployments in project {{ project_stage }}" |
| | | shell: "{{ openshift_cli }} scale --replicas={{ item.metadata.annotations['idling.alpha.openshift.io/previous-scale'] }} dc {{ item.metadata.name }} -n {{ project_stage }}" |
| | | with_items: "{{ deploymentconfigs_list.stdout|from_json|json_query('items') }}" |
| | | when: > |
| | | result|success and |
| | | item.metadata.annotations is defined and |
| | | item.metadata.annotations['idling.alpha.openshift.io/previous-scale'] is defined and |
| | | item.metadata.annotations['idling.alpha.openshift.io/previous-scale'] is not none and |
| | | item.metadata.annotations['idling.alpha.openshift.io/previous-scale']|trim() != "" |
| | | |
| | | # test project |
| | | - name: check if {{ project_test }} exists |
| | | shell: "{{ openshift_cli }} get project {{ project_test }}" |
| | | register: result |
| | | ignore_errors: true |
| | | changed_when: false |
| | | |
| | | - name: list deployment configs in {{ project_test }} |
| | | shell: "{{ openshift_cli }} get dc -o json -n {{ project_test }}" |
| | | register: deploymentconfigs_list |
| | | when: result|success |
| | | changed_when: false |
| | | |
| | | - name: unidle all deployments in project {{ project_test }}" |
| | | shell: "{{ openshift_cli }} scale --replicas={{ item.metadata.annotations['idling.alpha.openshift.io/previous-scale'] }} dc {{ item.metadata.name }} -n {{ project_test }}" |
| | | with_items: "{{ deploymentconfigs_list.stdout|from_json|json_query('items') }}" |
| | | when: > |
| | | result|success and |
| | | item.metadata.annotations is defined and |
| | | item.metadata.annotations['idling.alpha.openshift.io/previous-scale'] is defined and |
| | | item.metadata.annotations['idling.alpha.openshift.io/previous-scale'] is not none and |
| | | item.metadata.annotations['idling.alpha.openshift.io/previous-scale']|trim() != "" |
| | | |
| | | # dev project |
| | | - name: check if {{ project_dev }} exists |
| | | shell: "{{ openshift_cli }} get project {{ project_dev }}" |
| | | register: result |
| | | ignore_errors: true |
| | | changed_when: false |
| | | |
| | | - name: list deployment configs in {{ project_dev }} |
| | | shell: "{{ openshift_cli }} get dc -o json -n {{ project_dev }}" |
| | | register: deploymentconfigs_list |
| | | when: result|success |
| | | changed_when: false |
| | | |
| | | - name: unidle all deployments in project {{ project_dev }}" |
| | | shell: "{{ openshift_cli }} scale --replicas={{ item.metadata.annotations['idling.alpha.openshift.io/previous-scale'] }} dc {{ item.metadata.name }} -n {{ project_dev }}" |
| | | with_items: "{{ deploymentconfigs_list.stdout|from_json|json_query('items') }}" |
| | | when: > |
| | | result|success and |
| | | item.metadata.annotations is defined and |
| | | item.metadata.annotations['idling.alpha.openshift.io/previous-scale'] is defined and |
| | | item.metadata.annotations['idling.alpha.openshift.io/previous-scale'] is not none and |
| | | item.metadata.annotations['idling.alpha.openshift.io/previous-scale']|trim() != "" |
New file |
| | |
| | | --- |
| | | - name: check if project {{ project_name }} exists |
| | | shell: "{{ openshift_cli }} get project {{ project_name }}" |
| | | register: result |
| | | ignore_errors: true |
| | | changed_when: false |
| | | |
| | | - name: get deploymentconfig names in {{ project_name }} |
| | | shell: "{{ openshift_cli }} get dc -l {{ selector }} -o jsonpath='{.items[*].metadata.name}' -n {{ project_name }}" |
| | | register: deploymentconfigs_list |
| | | when: result|succeeded |
| | | changed_when: false |
| | | |
| | | - name: get deployment config replica counts in {{ project_name }} |
| | | shell: "{{ openshift_cli }} get dc {{ deploymentconfigs_list.stdout }} -o json -n {{ project_name }}" |
| | | register: deploymentconfigs_list_json |
| | | when: result|succeeded |
| | | changed_when: false |
| | | |
| | | - name: redeploy if deployment has failed |
| | | shell: | |
| | | {{ openshift_cli }} rollout cancel dc/{{ dc.metadata.name }} -n {{ project_name }} | true |
| | | sleep 30 |
| | | {{ openshift_cli }} rollout latest dc/{{ dc.metadata.name }} -n {{ project_name }} |
| | | {{ openshift_cli }} rollout status dc/{{ dc.metadata.name }} -n {{ project_name }} |
| | | when: |
| | | - result|succeeded |
| | | - deploymentconfigs_list_json|succeeded |
| | | - dc.metadata is defined |
| | | - dc.status is defined |
| | | - dc.spec is defined |
| | | - dc.status.availableReplicas != dc.spec.replicas |
| | | loop_control: |
| | | loop_var: dc |
| | | label: "{{ dc.metadata.name if dc.metadata is defined else dc }}" |
| | | with_items: "{{ deploymentconfigs_list_json.stdout|default('[]')|from_json|json_query('items') }}" |
| | | ignore_errors: true |
New file |
| | |
| | | --- |
| | | - name: Step 00xxxxx software |
| | | hosts: localhost |
| | | gather_facts: False |
| | | become: false |
| | | tasks: |
| | | - debug: |
| | | msg: "Software tasks Started" |
| | | |
| | | - name: Software flight-check |
| | | hosts: localhost |
| | | connection: local |
| | | gather_facts: false |
| | | become: false |
| | | tags: |
| | | - post_flight_check |
| | | tasks: |
| | | - debug: |
| | | msg: "Software checks completed successfully" |
New file |
| | |
| | | --- |
| | | - name: Step 00xxxxx software |
| | | hosts: localhost |
| | | gather_facts: False |
| | | become: false |
| | | tasks: |
| | | - debug: |
| | | msg: "Software tasks Started" |
| | | |
| | | - name: Software flight-check |
| | | hosts: localhost |
| | | connection: local |
| | | gather_facts: false |
| | | become: false |
| | | tags: |
| | | - post_flight_check |
| | | tasks: |
| | | - debug: |
| | | msg: "Software checks completed successfully" |
| | |
| | | - step003 |
| | | - pre_software_tasks |
| | | |
| | | |
| | | |
| | | ################################################################################## |
| | | ################################################################################## |
| | | ############ Step 004 Software Deploy Tasks |
| | | ################################################################################## |
| | | ################################################################################## |
| | | |
| | | - name: Software |
| | | include: "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/software.yml" |
| | | tags: |
| | | - step004 |
| | | - deploy_software |
| | | |
| | | - include: "{{ ANSIBLE_REPO_PATH }}/software_playbooks/{{ software_to_deploy }}.yml" |
| | | tags: |
| | |
| | | tags: |
| | | - step005 |
| | | - post_software |
| | | - post_software_tasks |
| | | - post_software_tasks |
| | |
| | | state: present |
| | | |
| | | - name: Register bastion with IPA |
| | | shell: "/usr/sbin/ipa-client-install --domain=OPENTLC.COM -w {{ipa_host_password}} -N -U --mkhomedir --no-dns-sshfp --hostname={{bastion_public_dns_chomped}}" |
| | | shell: "/usr/sbin/ipa-client-install --domain=OPENTLC.COM -w '{{ipa_host_password}}' -N -U --mkhomedir --no-dns-sshfp --hostname={{bastion_public_dns_chomped}}" |
| | | when: ipa_host_password is defined |
| | | |
| | | - name: Add opentlc-access ipa group to sudoers.d |
| | | lineinfile: |
| | | path: /etc/sudoers.d/opentlc-sudoers |
| | | state: present |
| | | create: yes |
| | | line: '%opentlc-access ALL=(ALL) NOPASSWD: ALL' |
| | | validate: '/usr/sbin/visudo -cf %s' |
| | | register: result |
| | | retries: 5 |
| | | until: result | succeeded |
| | | ignore_errors: yes |
| | | |
| | | - name: report error |
| | | fail: |
| | | msg: Unable to update sudoers.d/opentlc-sudoers |
| | | when: not result|succeeded |
| | | - name: Register bastion with IPA |
| | | shell: "/usr/sbin/ipa-client-install --domain=OPENTLC.COM -p {{ipa_kerberos_user}} -w '{{ipa_kerberos_password}}' -N -U --mkhomedir --no-dns-sshfp --hostname={{bastion_public_dns_chomped}}" |
| | | when: |
| | | - ipa_host_password is not defined |
| | | - ipa_kerberos_user is defined |
| | | - ipa_kerberos_password is defined |
| | | |
| | | - name: copy over ipa_optimize.sh script |
| | | copy: |
| | |
| | | group: root |
| | | mode: 0700 |
| | | notify: Run ipa_optimize.sh |
| | | |
| | | - name: Add opentlc-access ipa group to sudoers.d |
| | | lineinfile: |
| | | path: /etc/sudoers.d/opentlc-sudoers |
| | | state: present |
| | | create: yes |
| | | line: '%opentlc-access ALL=(ALL) NOPASSWD: ALL' |
| | | validate: '/usr/sbin/visudo -cf %s' |
| | | register: result |
| | | retries: 20 |
| | | until: result | succeeded |
| | | ignore_errors: yes |
| | | |
| | | - name: report error |
| | | fail: |
| | | msg: Unable to update sudoers.d/opentlc-sudoers |
| | | when: not result|succeeded |
| | |
| | | mode: 0400 |
| | | tags: |
| | | - copy_sshconfig_file |
| | | |
| | | - name: Install python2-winrm and python-requests |
| | | ignore_errors: yes |
| | | become: true |
| | | yum: |
| | | name: "{{ item }}" |
| | | with_items: |
| | | - python2-winrm |
| | | - python-requests |
| | | when: install_win_ssh|bool |
New file |
| | |
| | | Role Name |
| | | ========= |
| | | |
| | | A brief description of the role goes here. |
| | | |
| | | Requirements |
| | | ------------ |
| | | |
| | | |
| | | Request Let's Encrypt Wildcard Certificates for the Cluster Make sure to import the intermediate |
| | | certificate ([letsencrypt.org/certs/fakeleintermediatex1.pem](https://letsencrypt.org/certs/fakeleintermediatex1.pem)) into your browser to accept all newly created certificates. |
| | | |
| | | Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. |
| | | |
| | | Role Variables |
| | | -------------- |
| | | |
| | | A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. |
| | | |
| | | Dependencies |
| | | ------------ |
| | | |
| | | A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. |
| | | |
| | | Example Playbook |
| | | ---------------- |
| | | |
| | | Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: |
| | | |
| | | - hosts: servers |
| | | roles: |
| | | - { role: username.rolename, x: 42 } |
| | | |
| | | License |
| | | ------- |
| | | |
| | | BSD |
| | | |
| | | Author Information |
| | | ------------------ |
| | | |
| | | An optional section for the role authors to include contact information, or a website (HTML is not allowed). |
New file |
| | |
| | | --- |
| | | # defaults file for bastion |
New file |
| | |
| | | --- |
| | | ## Request Let's Encrypt Wildcard Certificates for the Cluster |
| | | ## Make sure to import the intermediate |
| | | ## certificate (https://letsencrypt.org/certs/fakeleintermediatex1.pem) |
| | | ## Into your browser to accept all newly created certificates |
| | | - name: Get Temporary CA Certificate |
| | | get_url: |
| | | url: https://letsencrypt.org/certs/fakeleintermediatex1.pem |
| | | dest: /root/fakeleintermediatex1.pem |
| | | |
| | | - name: Remove Let's Encrypt directory if it's there |
| | | file: |
| | | path: /root/acme.sh |
| | | state: absent |
| | | |
| | | - name: Remove Let's Encrypt cache if it's there |
| | | file: |
| | | path: /root/.acme.sh |
| | | state: absent |
| | | |
| | | - name: Clone Let's Encrypt Repo |
| | | git: |
| | | repo: https://github.com/Neilpang/acme.sh.git |
| | | clone: yes |
| | | dest: /root/acme.sh |
| | | # version: 2 |
| | | |
| | | - name: Add AWS Access Key to Let's Encrypt configuration |
| | | lineinfile: |
| | | path: /root/acme.sh/dnsapi/dns_aws.sh |
| | | line: AWS_ACCESS_KEY_ID="{{ hostvars['localhost'].route53user_access_key }}" |
| | | state: present |
| | | insertbefore: '^#AWS_ACCESS_KEY_ID' |
| | | |
| | | - name: Add AWS Secret Access Key to Let's Encrypt configuration |
| | | lineinfile: |
| | | path: /root/acme.sh/dnsapi/dns_aws.sh |
| | | line: AWS_SECRET_ACCESS_KEY="{{ hostvars['localhost'].route53user_secret_access_key }}" |
| | | state: present |
| | | insertbefore: '^#AWS_SECRET_ACCESS_KEY' |
| | | |
| | | - name: Request Wildcard Certificates from Let's Encrypt |
| | | shell: "/root/acme.sh/acme.sh --server https://acme-staging-v02.api.letsencrypt.org/directory --test --issue -d {{ master_lb_dns }} -d *.{{ cloudapps_suffix }} --dns dns_aws" |
| | | args: |
| | | chdir: /root/acme.sh |
New file |
| | |
| | | --- |
| | | become_override: false |
| | | ocp_username: jbride-redhat.com |
| | | ocp_user_needs_quota: True |
| | | |
| | | ocp_user_groups: |
| | | - OPENTLC-PROJECT-PROVISIONERS |
| | | |
| | | quota_requests_cpu: 5 |
| | | quota_limits_cpu: 10 |
| | | |
| | | quota_requests_memory: '6Gi' |
| | | quota_limits_memory: '20Gi' |
| | | |
| | | quota_configmaps: 10 |
| | | quota_pods: 20 |
| | | quota_persistentvolumeclaims: 20 |
| | | quota_services: 30 |
| | | quota_secrets: 30 |
| | | quota_requests_storage: 50Gi |
| | | |
| | | build_status_retries: 20 |
| | | build_status_delay: 15 |
| | | |
| | | deploy_status_retries: 15 |
| | | deploy_status_delay: 15 |
New file |
| | |
| | | = ocp-workload-developer-environment - Sample Config |
| | | |
| | | == Role overview |
| | | |
| | | * This is a simple role that does the following: |
| | | ** Playbook: link:./tasks/pre_workload.yml[pre_workload.yml] - Sets up an |
| | | environment for the workload deployment |
| | | *** Adds a user to a list of groups defined in the |
| | | link:./defaults/main.yml[defaults file]. |
| | | *** Sets a cluster resource quota for the user based on the variables in the |
| | | link:./defaults/main.yml[defaults file] . |
| | | *** Debug task will print out: `pre_workload Tasks Complete` |
| | | |
| | | ** Playbook: link:./tasks/workload.yml[workload.yml] - Used to deploy the actual |
| | | workload, i.e, 3scale, Mobile or some Demo |
| | | *** This role doesn't do anything here |
| | | *** Debug task will print out: `workload Tasks Complete` |
| | | |
| | | ** Playbook: link:./tasks/post_workload.yml[post_workload.yml] - Used to |
| | | configure the workload after deployment |
| | | *** This role doesn't do anything here |
| | | *** Debug task will print out: `post_workload Tasks Complete` |
| | | |
| | | == Set up your Ansible inventory file |
| | | |
| | | * You will need to create an Ansible inventory file to define your connection |
| | | method to your host (Master/Bastion with OC command) |
| | | |
| | | * You can also use the command line to define the hosts directly if your `ssh` |
| | | configuration is set to connect to the host correctly |
| | | |
| | | * You can also use the command line to use localhost or if your cluster is |
| | | already authenticated and configured in your `oc` configuration |
| | | [source, ini] |
| | | |
| | | .example inventory file |
| | | ---- |
| | | [gptehosts:vars] |
| | | ansible_ssh_private_key_file=~/.ssh/keytoyourhost.pem |
| | | ansible_ssh_user=ec2-user |
| | | |
| | | [gptehosts:children] |
| | | openshift |
| | | |
| | | [openshift] |
| | | bastion.cluster1.openshift.opentlc.com |
| | | bastion.cluster2.openshift.opentlc.com |
| | | bastion.cluster3.openshift.opentlc.com ansible_ssh_host=ec2-11-111-111-11.us-west-2.compute.amazonaws.com |
| | | bastion.cluster4.openshift.opentlc.com |
| | | |
| | | |
| | | [dev] |
| | | bastion.cluster1.openshift.opentlc.com |
| | | bastion.cluster2.openshift.opentlc.com |
| | | |
| | | |
| | | [prod] |
| | | bastion.cluster3.openshift.opentlc.com |
| | | bastion.cluster4.openshift.opentlc.com |
| | | ---- |
| | | |
| | | |
| | | == Review the defaults variable file |
| | | |
| | | * This file link:./defaults/main.yml[./defaults/main.yml] contains all the variables you |
| | | need to define to control the deployment of your workload. |
| | | |
| | | * You can modify any of these default values by adding |
| | | `-e"variable_name=variable_value"` to the command line |
| | | |
| | | === Deploy Workload on OpenShift Cluster from an existing playbook: |
| | | |
| | | [source,yaml] |
| | | ---- |
| | | - name: Deploy a workload role on a master host |
| | | hosts: all |
| | | become: true |
| | | gather_facts: False |
| | | tags: |
| | | - step007 |
| | | roles: |
| | | - { role: "{{ ANSIBLE_REPO_PATH }}/roles/{{ocp_workload}}", when: 'ocp_workload is defined' } |
| | | |
| | | ---- |
| | | NOTE: You might want to change `hosts: all` to fit your requirements |
| | | |
| | | |
| | | === Deploy a Workload with the `ocp-workload` playbook [Mostly for testing] |
| | | ---- |
| | | GUID=jb45 |
| | | HOST_GUID=dev37 |
| | | TARGET_HOST="bastion.$HOST_GUID.openshift.opentlc.com" |
| | | OCP_USERNAME="jbride-redhat.com" |
| | | WORKLOAD="ocp-workload-bxms-ba" |
| | | SSH_USERNAME="jbride-redhat.com" |
| | | SSH_PRIVATE_KEY="id_ocp" |
| | | |
| | | # a TARGET_HOST is specified in the command line, without using an inventory file |
| | | ansible-playbook -i ${TARGET_HOST}, ./configs/ocp-workloads/ocp-workload.yml \ |
| | | -e"ansible_ssh_private_key_file=~/.ssh/${SSH_PRIVATE_KEY}" \ |
| | | -e"ansible_ssh_user=${SSH_USERNAME}" \ |
| | | -e"ANSIBLE_REPO_PATH=`pwd`" \ |
| | | -e"ocp_username=${OCP_USERNAME}" \ |
| | | -e"ocp_workload=${WORKLOAD}" \ |
| | | -e"guid=${GUID}" \ |
| | | -e"ocp_user_needs_quota=true" \ |
| | | -e"ocp_apps_domain=apps.${HOST_GUID}.openshift.opentlc.com" \ |
| | | -e"ACTION=create" |
| | | |
| | | ---- |
| | | |
| | | === To Delete an environment |
| | | ---- |
| | | GUID=jb45 |
| | | HOST_GUID=dev37 |
| | | TARGET_HOST="bastion.$HOST_GUID.openshift.opentlc.com" |
| | | OCP_USERNAME="jbride-redhat.com" |
| | | WORKLOAD="ocp-workload-bxms-ba" |
| | | SSH_USERNAME="jbride-redhat.com" |
| | | SSH_PRIVATE_KEY="id_ocp" |
| | | |
| | | # a TARGET_HOST is specified in the command line, without using an inventory file |
| | | ansible-playbook -i ${TARGET_HOST}, ./configs/ocp-workloads/ocp-workload.yml \ |
| | | -e"ansible_ssh_private_key_file=~/.ssh/${SSH_PRIVATE_KEY}" \ |
| | | -e"ansible_ssh_user=${SSH_USERNAME}" \ |
| | | -e"ANSIBLE_REPO_PATH=`pwd`" \ |
| | | -e"ocp_username=${OCP_USERNAME}" \ |
| | | -e"ocp_workload=${WORKLOAD}" \ |
| | | -e"guid=${GUID}" \ |
| | | -e"ACTION=remove" |
| | | ---- |
New file |
| | |
| | | --- |
| | | - name: Running Pre Workload Tasks |
| | | include: ./pre_workload.yml |
| | | become: "{{ become_override | bool }}" |
| | | when: ACTION == "create" or ACTION == "provision" |
| | | |
| | | - name: Running Workload Tasks |
| | | include: ./workload.yml |
| | | become: "{{ become_override | bool }}" |
| | | when: ACTION == "create" or ACTION == "provision" |
| | | |
| | | - name: Running Post Workload Tasks |
| | | include: ./post_workload.yml |
| | | become: "{{ become_override | bool }}" |
| | | when: ACTION == "create" or ACTION == "provision" |
| | | |
| | | - name: Running Workload removal Tasks |
| | | include: ./remove_workload.yml |
| | | become: "{{ become_override | bool }}" |
| | | when: ACTION == "destroy" or ACTION == "remove" |
New file |
| | |
| | | --- |
| | | |
| | | - name: post_workload Tasks Complete |
| | | debug: |
| | | msg: "Post-Software checks completed successfully" |
New file |
| | |
| | | --- |
| | | |
| | | # - name: Add user to developer group (allowed to create projects) |
| | | # shell: "oadm groups add-users {{item}} {{ocp_username}}" |
| | | # register: groupadd_register |
| | | # with_items: "{{ocp_user_groups}}" |
| | | # when: ocp_username is defined and ocp_user_groups is defined |
| | | # |
| | | # - name: test that command worked |
| | | # debug: |
| | | # var: groupadd_register |
| | | # verbosity: 2 |
| | | |
| | | - name: Create user Quota - clusterresourcequota |
| | | shell: | |
| | | oc create clusterquota clusterquota-"{{ocp_username}}-{{guid}}" \ |
| | | --project-annotation-selector=openshift.io/requester="{{ocp_username}}" \ |
| | | --hard requests.cpu="{{quota_requests_cpu}}" \ |
| | | --hard limits.cpu="{{quota_limits_cpu}}" \ |
| | | --hard requests.memory="{{quota_requests_memory}}" \ |
| | | --hard limits.memory="{{quota_limits_memory}}" \ |
| | | --hard configmaps="{{quota_configmaps}}" \ |
| | | --hard pods="{{quota_pods}}" \ |
| | | --hard persistentvolumeclaims="{{quota_persistentvolumeclaims}}" \ |
| | | --hard services="{{quota_services}}" \ |
| | | --hard secrets="{{quota_secrets}}" \ |
| | | --hard requests.storage="{{quota_requests_storage}}" |
| | | ignore_errors: true |
| | | |
| | | - name: pre_workload Tasks Complete |
| | | debug: |
| | | msg: "Pre-Software checks completed successfully" |
New file |
| | |
| | | --- |
| | | - name: post_workload Tasks Complete |
| | | debug: |
| | | msg: "Pre-Software checks completed successfully - Removed" |
| | | |
| | | - name: define ocp_project |
| | | set_fact: |
| | | ocp_project: "bxms-ba-{{guid}}" |
| | | |
| | | - name: Remove user Quota - oc delete clusterresourcequota "clusterquota-{{ocp_username}}-{{guid}}" |
| | | shell: oc delete clusterresourcequota clusterquota-{{ocp_username}}-{{guid}} |
| | | ignore_errors: true |
| | | |
| | | - name: Remove any lingering tmp files |
| | | shell: "rm -rf /tmp/{{guid}}" |
| | | |
| | | - name: Remove user Project |
| | | shell: "oc delete project {{ocp_project}}" |
| | | |
| | | |
| | | - name: post_workload Tasks Complete |
| | | debug: |
| | | msg: "Post-Software checks completed successfully - Removed" |
New file |
| | |
| | | --- |
| | | |
| | | # Purpose: |
| | | # This script queries OCP for builds that exist but are not yet ready. |
| | | # So long as there are unready builds, this script continues to loop |
| | | # |
| | | # Manual Test to determine list of unready builds : |
| | | # 1) install jp : https://github.com/jmespath/jp |
| | | # 2) oc get builds -o json | jp "items[? (status.phase != 'Complete') ].metadata.annotations.\"openshift.io/build-config.name\"" |
| | | # |
| | | # Documentation pertaining to jq syntax: |
| | | # - http://jmespath.org/tutorial.html |
| | | # - https://stackoverflow.com/questions/41261680/ansible-json-query-path-to-select-item-by-content |
| | | # |
| | | - name: "Wait for following builds to become ready: {{build_to_wait}}" |
| | | command: 'oc get build -o json -n "{{ ocp_project }}"' |
| | | register: build_state |
| | | changed_when: false |
| | | retries: "{{ build_status_retries }}" |
| | | delay: "{{ build_status_delay }}" |
| | | vars: |
| | | query: "items[? (status.phase != 'Complete') ].metadata.annotations.\"openshift.io/build-config.name\"" |
| | | until: "build_state.stdout |from_json |json_query(query) |intersect(build_to_wait) |length == 0" |
New file |
| | |
| | | --- |
| | | |
| | | # Purpose: |
| | | # This script queries OCP for replication controllers that exist but are not yet ready. |
| | | # So long as there are unready replication controllers, this script continues to loop |
| | | # |
| | | # Manual Test to determine list of unready replication controllers : |
| | | # 1) install jp : https://github.com/jmespath/jp |
| | | # 2) oc get rc -o json | jp 'items[? (status.readyReplicas == ""|| status.readyReplicas == `0`) ].metadata.annotations."openshift.io/deployment-config.name"' |
| | | # |
| | | - name: "Wait for following deployments to become ready: {{pod_to_wait}}" |
| | | command: 'oc get rc -o json -n "{{ ocp_project }}"' |
| | | register: rc_state |
| | | changed_when: false |
| | | retries: "{{ deploy_status_retries }}" |
| | | delay: "{{ deploy_status_delay }}" |
| | | until: 'rc_state.stdout |from_json |json_query(''items[? (status.readyReplicas == ""|| status.readyReplicas == `0`) ].metadata.annotations."openshift.io/deployment-config.name"'') |intersect(pod_to_wait) |length == 0' |
| | | |
| | | # Documentation pertaining to jq syntax: |
| | | # - http://jmespath.org/tutorial.html |
New file |
| | |
| | | --- |
| | | - name: define ocp_project |
| | | set_fact: |
| | | ocp_project: "bxms-ba-{{guid}}" |
| | | |
| | | - name: "Create project for workload {{ocp_project}}" |
| | | shell: "oc new-project {{ocp_project}}" |
| | | |
| | | - name: Give ocp_username access to ocp_project |
| | | shell: "oc policy add-role-to-user admin {{ocp_username}} -n {{ocp_project}}" |
| | | |
| | | - name: Make sure we go back to default project |
| | | shell: "oc project default" |
| | | |
| | | - name: Initialize the project template |
| | | shell: "oc create -f https://raw.githubusercontent.com/gpe-mw-training/bxms_decision_mgmt_foundations_lab/master/resources/ng-mortgage-bpmsuite70-full-mysql.yaml -n {{ocp_project}}" |
| | | |
| | | - name: Prep local filesystem for temp files |
| | | file: |
| | | path: "/tmp/{{guid}}" |
| | | state: directory |
| | | |
| | | - name: Create a keystore |
| | | shell: | |
| | | keytool -genkey \ |
| | | -keyalg RSA \ |
| | | -alias selfsigned \ |
| | | -keystore /tmp/{{guid}}/keystore.jks \ |
| | | -validity 360 \ |
| | | -keysize 2048 \ |
| | | -alias jboss \ |
| | | -storepass rhtgpte \ |
| | | -keypass rhtgpte \ |
| | | -dname CN={{ocp_username}},OU=gpte,O=redhat.com,L=Raleigh,S=NC,C=US |
| | | |
| | | |
| | | - name: Configure a service account that is loaded with the previously created secret |
| | | shell: oc create serviceaccount bpmsuite-service-account -n {{ocp_project}} |
| | | - shell: oc policy add-role-to-user view system:serviceaccount:{{ocp_project}}:bpmsuite-service-account |
| | | - shell: oc secrets new bpmsuite-app-secret /tmp/{{guid}}/keystore.jks -n {{ocp_project}} |
| | | - shell: oc secrets link bpmsuite-service-account bpmsuite-app-secret -n {{ocp_project}} |
| | | |
| | | - name: Pull down JBoss CLI commands that enable the undertow component of the execution server with CORS |
| | | get_url: |
| | | url: https://raw.githubusercontent.com/gpe-mw-training/bxms_decision_mgmt_foundations_lab/master/resources/undertow-cors.cli |
| | | dest: "/tmp/{{guid}}/undertow-cors.cli" |
| | | |
| | | - name: Create a configmap of JBoss CLI commands that enable the undertow component of the execution server with CORS. |
| | | shell: "oc create configmap undertow-cors --from-file=/tmp/{{guid}}/undertow-cors.cli -n {{ocp_project}}" |
| | | |
| | | - name: Initialize OCP resources from the project template |
| | | shell: | |
| | | oc new-app --name=ba-demo -n {{ocp_project}} --template=ng-mortgage-bpmsuite70-full-mysql \ |
| | | -p IMAGE_STREAM_NAMESPACE=openshift \ |
| | | -p HTTPS_PASSWORD=rhtgpte \ |
| | | -p KIE_ADMIN_PWD=admin \ |
| | | -p APPLICATION_NAME=gpte > /tmp/{{guid}}/gpte-ba-demo.txt |
| | | |
| | | - include: ./wait_for_build.yml |
| | | static: no |
| | | vars: |
| | | build_to_wait: |
| | | - gpte-custom-execserv |
| | | - gpte-ng-mortgages |
| | | |
| | | - name: resume mysql RDBMS |
| | | shell: oc rollout resume dc/gpte-mysql -n {{ocp_project}} |
| | | - include: ./wait_for_deploy.yml |
| | | static: no |
| | | vars: |
| | | pod_to_wait: |
| | | - gpte-mysql |
| | | |
| | | - name: resume gpte-execserv |
| | | shell: oc rollout resume dc/gpte-execserv -n {{ocp_project}} |
| | | - include: ./wait_for_deploy.yml |
| | | static: no |
| | | vars: |
| | | pod_to_wait: |
| | | - gpte-execserv |
| | | |
| | | - name: resume gpte-buscentr |
| | | shell: oc rollout resume dc/gpte-buscentr -n {{ocp_project}} |
| | | - include: ./wait_for_deploy.yml |
| | | static: no |
| | | vars: |
| | | pod_to_wait: |
| | | - gpte-buscentr |
| | | |
| | | - name: resume gpte-ng-mortgages |
| | | shell: oc rollout resume dc/gpte-ng-mortgages -n {{ocp_project}} |
| | | - include: ./wait_for_deploy.yml |
| | | static: no |
| | | vars: |
| | | pod_to_wait: |
| | | - gpte-ng-mortgages |
| | | |
| | | - name: workload Tasks Complete |
| | | debug: |
| | | msg: workload Tasks Complete |
New file |
| | |
| | | --- |
| | | become_override: false |
| | | ocp_username: jbride-redhat.com |
| | | ocp_user_needs_quota: True |
| | | |
| | | ocp_user_groups: |
| | | - OPENTLC-PROJECT-PROVISIONERS |
| | | |
| | | quota_requests_cpu: 5 |
| | | quota_limits_cpu: 10 |
| | | |
| | | quota_requests_memory: '6Gi' |
| | | quota_limits_memory: '20Gi' |
| | | |
| | | quota_configmaps: 10 |
| | | quota_pods: 20 |
| | | quota_persistentvolumeclaims: 20 |
| | | quota_services: 30 |
| | | quota_secrets: 30 |
| | | quota_requests_storage: 50Gi |
| | | |
| | | build_status_retries: 20 |
| | | build_status_delay: 20 |
| | | |
| | | deploy_status_retries: 15 |
| | | deploy_status_delay: 20 |
New file |
| | |
| | | = ocp-workload-bxms-dm |
| | | |
| | | === Deploy Workload on OpenShift Cluster from an existing playbook: |
| | | |
| | | [source,yaml] |
| | | ---- |
| | | - name: Deploy a workload role on a master host |
| | | hosts: all |
| | | become: true |
| | | gather_facts: False |
| | | tags: |
| | | - step007 |
| | | roles: |
| | | - { role: "{{ ANSIBLE_REPO_PATH }}/roles/{{ocp_workload}}", when: 'ocp_workload is defined' } |
| | | |
| | | ---- |
| | | NOTE: You might want to change `hosts: all` to fit your requirements |
| | | |
| | | |
| | | === Deploy a Workload with the `ocp-workload` playbook [Mostly for testing] |
| | | ---- |
| | | GUID=jb45 |
| | | HOST_GUID=dev37 |
| | | TARGET_HOST="bastion.$HOST_GUID.openshift.opentlc.com" |
| | | OCP_USERNAME="jbride-redhat.com" |
| | | WORKLOAD="ocp-workload-bxms-dm" |
| | | SSH_USERNAME="jbride-redhat.com" |
| | | SSH_PRIVATE_KEY="id_ocp" |
| | | |
| | | # a TARGET_HOST is specified in the command line, without using an inventory file |
| | | ansible-playbook -i ${TARGET_HOST}, ./configs/ocp-workloads/ocp-workload.yml \ |
| | | -e"ansible_ssh_private_key_file=~/.ssh/${SSH_PRIVATE_KEY}" \ |
| | | -e"ansible_ssh_user=${SSH_USERNAME}" \ |
| | | -e"ANSIBLE_REPO_PATH=`pwd`" \ |
| | | -e"ocp_username=${OCP_USERNAME}" \ |
| | | -e"ocp_workload=${WORKLOAD}" \ |
| | | -e"guid=${GUID}" \ |
| | | -e"ocp_user_needs_quota=true" \ |
| | | -e"ocp_apps_domain=apps.${HOST_GUID}.openshift.opentlc.com" \ |
| | | -e"ACTION=create" |
| | | |
| | | ---- |
| | | |
| | | === To Delete an environment |
| | | ---- |
| | | GUID=jb45 |
| | | HOST_GUID=dev37 |
| | | TARGET_HOST="bastion.$HOST_GUID.openshift.opentlc.com" |
| | | OCP_USERNAME="jbride-redhat.com" |
| | | WORKLOAD="ocp-workload-bxms-dm" |
| | | SSH_USERNAME="jbride-redhat.com" |
| | | SSH_PRIVATE_KEY="id_ocp" |
| | | |
| | | # a TARGET_HOST is specified in the command line, without using an inventory file |
| | | ansible-playbook -i ${TARGET_HOST}, ./configs/ocp-workloads/ocp-workload.yml \ |
| | | -e"ansible_ssh_private_key_file=~/.ssh/${SSH_PRIVATE_KEY}" \ |
| | | -e"ansible_ssh_user=${SSH_USERNAME}" \ |
| | | -e"ANSIBLE_REPO_PATH=`pwd`" \ |
| | | -e"ocp_username=${OCP_USERNAME}" \ |
| | | -e"ocp_workload=${WORKLOAD}" \ |
| | | -e"guid=${GUID}" \ |
| | | -e"ACTION=remove" |
| | | ---- |
New file |
| | |
| | | --- |
| | | - name: Running Pre Workload Tasks |
| | | include: ./pre_workload.yml |
| | | become: "{{ become_override | bool }}" |
| | | when: ACTION == "create" or ACTION == "provision" |
| | | |
| | | - name: Running Workload Tasks |
| | | include: ./workload.yml |
| | | become: "{{ become_override | bool }}" |
| | | when: ACTION == "create" or ACTION == "provision" |
| | | |
| | | - name: Running Post Workload Tasks |
| | | include: ./post_workload.yml |
| | | become: "{{ become_override | bool }}" |
| | | when: ACTION == "create" or ACTION == "provision" |
| | | |
| | | - name: Running Workload removal Tasks |
| | | include: ./remove_workload.yml |
| | | become: "{{ become_override | bool }}" |
| | | when: ACTION == "destroy" or ACTION == "remove" |
New file |
| | |
| | | --- |
| | | |
| | | - name: post_workload Tasks Complete |
| | | debug: |
| | | msg: "Post-Software checks completed successfully" |
New file |
| | |
| | | --- |
| | | |
| | | # - name: Add user to developer group (allowed to create projects) |
| | | # shell: "oadm groups add-users {{item}} {{ocp_username}}" |
| | | # register: groupadd_register |
| | | # with_items: "{{ocp_user_groups}}" |
| | | # when: ocp_username is defined and ocp_user_groups is defined |
| | | # |
| | | # - name: test that command worked |
| | | # debug: |
| | | # var: groupadd_register |
| | | # verbosity: 2 |
| | | |
| | | - name: Create user Quota - clusterresourcequota |
| | | shell: | |
| | | oc create clusterquota clusterquota-"{{ocp_username}}-{{guid}}" \ |
| | | --project-annotation-selector=openshift.io/requester="{{ocp_username}}" \ |
| | | --hard requests.cpu="{{quota_requests_cpu}}" \ |
| | | --hard limits.cpu="{{quota_limits_cpu}}" \ |
| | | --hard requests.memory="{{quota_requests_memory}}" \ |
| | | --hard limits.memory="{{quota_limits_memory}}" \ |
| | | --hard configmaps="{{quota_configmaps}}" \ |
| | | --hard pods="{{quota_pods}}" \ |
| | | --hard persistentvolumeclaims="{{quota_persistentvolumeclaims}}" \ |
| | | --hard services="{{quota_services}}" \ |
| | | --hard secrets="{{quota_secrets}}" \ |
| | | --hard requests.storage="{{quota_requests_storage}}" |
| | | ignore_errors: true |
| | | |
| | | - name: pre_workload Tasks Complete |
| | | debug: |
| | | msg: "Pre-Software checks completed successfully" |
New file |
| | |
| | | --- |
| | | - name: post_workload Tasks Complete |
| | | debug: |
| | | msg: "Pre-Software checks completed successfully - Removed" |
| | | |
| | | - name: define ocp_project |
| | | set_fact: |
| | | ocp_project: "bxms-dm-{{guid}}" |
| | | |
| | | - name: Remove user Quota - oc delete clusterresourcequota "clusterquota-{{ocp_username}}-{{guid}}" |
| | | shell: oc delete clusterresourcequota clusterquota-{{ocp_username}}-{{guid}} |
| | | ignore_errors: true |
| | | |
| | | - name: Remove any lingering tmp files |
| | | shell: "rm -rf /tmp/{{guid}}" |
| | | |
| | | - name: Remove user Project |
| | | shell: "oc delete project {{ocp_project}}" |
| | | |
| | | |
| | | - name: post_workload Tasks Complete |
| | | debug: |
| | | msg: "Post-Software checks completed successfully - Removed" |
New file |
| | |
| | | --- |
| | | |
| | | # Purpose: |
| | | # This script queries OCP for builds that exist but are not yet ready. |
| | | # So long as there are unready builds, this script continues to loop |
| | | # |
| | | # Manual Test to determine list of unready builds : |
| | | # 1) install jp : https://github.com/jmespath/jp |
| | | # 2) oc get builds -o json | jp "items[? (status.phase != 'Complete') ].metadata.annotations.\"openshift.io/build-config.name\"" |
| | | # |
| | | # Documentation pertaining to jq syntax: |
| | | # - http://jmespath.org/tutorial.html |
| | | # - https://stackoverflow.com/questions/41261680/ansible-json-query-path-to-select-item-by-content |
| | | # |
| | | - name: "Wait for following builds to become ready: {{build_to_wait}}" |
| | | command: 'oc get build -o json -n "{{ ocp_project }}"' |
| | | register: build_state |
| | | changed_when: false |
| | | retries: "{{ build_status_retries }}" |
| | | delay: "{{ build_status_delay }}" |
| | | vars: |
| | | query: "items[? (status.phase != 'Complete') ].metadata.annotations.\"openshift.io/build-config.name\"" |
| | | until: "build_state.stdout |from_json |json_query(query) |intersect(build_to_wait) |length == 0" |
New file |
| | |
| | | --- |
| | | |
| | | # Purpose: |
| | | # This script queries OCP for replication controllers that exist but are not yet ready. |
| | | # So long as there are unready replication controllers, this script continues to loop |
| | | # |
| | | # Manual Test to determine list of unready replication controllers : |
| | | # 1) install jp : https://github.com/jmespath/jp |
| | | # 2) oc get rc -o json | jp 'items[? (status.readyReplicas == ""|| status.readyReplicas == `0`) ].metadata.annotations."openshift.io/deployment-config.name"' |
| | | # |
| | | - name: "Wait for following deployments to become ready: {{pod_to_wait}}" |
| | | command: 'oc get rc -o json -n "{{ ocp_project }}"' |
| | | register: rc_state |
| | | changed_when: false |
| | | retries: "{{ deploy_status_retries }}" |
| | | delay: "{{ deploy_status_delay }}" |
| | | until: 'rc_state.stdout |from_json |json_query(''items[? (status.readyReplicas == ""|| status.readyReplicas == `0`) ].metadata.annotations."openshift.io/deployment-config.name"'') |intersect(pod_to_wait) |length == 0' |
| | | |
| | | # Documentation pertaining to jq syntax: |
| | | # - http://jmespath.org/tutorial.html |
New file |
| | |
| | | --- |
| | | - name: define ocp_project |
| | | set_fact: |
| | | ocp_project: "bxms-dm-{{guid}}" |
| | | |
| | | - name: "Create project for workload {{ocp_project}}" |
| | | shell: "oc new-project {{ocp_project}}" |
| | | |
| | | - name: Give ocp_username access to ocp_project |
| | | shell: "oc policy add-role-to-user admin {{ocp_username}} -n {{ocp_project}}" |
| | | |
| | | - name: Make sure we go back to default project |
| | | shell: "oc project default" |
| | | |
| | | - name: Initialize the project template |
| | | shell: "oc create -f https://raw.githubusercontent.com/gpe-mw-training/bxms_decision_mgmt_foundations_lab/master/resources/rhdm7-full-ng.yaml -n {{ocp_project}}" |
| | | |
| | | - name: Prep local filesystem for temp files |
| | | file: |
| | | path: "/tmp/{{guid}}" |
| | | state: directory |
| | | |
| | | - name: Initialize OCP resources from the project template using CLUSTER {{ ocp_apps_domain }} |
| | | shell: | |
| | | oc new-app --name=dm-demo -n {{ocp_project}} --template=rhdm7-full-ng \ |
| | | -p RHT_IMAGE_STREAM_NAMESPACE=openshift \ |
| | | -p KIE_ADMIN_PWD=test1234! \ |
| | | -p MAVEN_REPO_PASSWORD=test1234! \ |
| | | -p CLUSTER={{ocp_apps_domain}} \ |
| | | -p APPLICATION_NAME=gpte > /tmp/{{guid}}/gpte-dm-demo.txt |
| | | |
| | | - include: ./wait_for_build.yml |
| | | static: no |
| | | vars: |
| | | build_to_wait: |
| | | - gpte-custom-kieserver |
| | | - gpte-ng-dmf |
| | | |
| | | - name: resume gpte-rhdmcentr |
| | | shell: oc rollout resume dc/gpte-rhdmcentr -n {{ocp_project}} |
| | | - include: ./wait_for_deploy.yml |
| | | static: no |
| | | vars: |
| | | pod_to_wait: |
| | | - gpte-rhdmcentr |
| | | |
| | | - name: resume gpte-kieserver |
| | | shell: oc rollout resume dc/gpte-kieserver -n {{ocp_project}} |
| | | - include: ./wait_for_deploy.yml |
| | | static: no |
| | | vars: |
| | | pod_to_wait: |
| | | - gpte-kieserver |
| | | |
| | | - name: resume gpte-ng-dmf |
| | | shell: oc rollout resume dc/gpte-ng-dmf -n {{ocp_project}} |
| | | - include: ./wait_for_deploy.yml |
| | | static: no |
| | | vars: |
| | | pod_to_wait: |
| | | - gpte-ng-dmf |
| | | |
| | | - name: workload Tasks Complete |
| | | debug: |
| | | msg: workload Tasks Complete |
| | |
| | | --- |
| | | become_override: true |
| | | become_override: false |
| | | ocp_username: shachar-redhat.com |
| | | ocp_user_needs_quota: True |
| | | |
| | |
| | | quota_services: 30 |
| | | quota_secrets: 30 |
| | | quota_requests_storage: 50Gi |
| | | silent: false |
| | |
| | | *** This role doesn't do anything here |
| | | *** Debug task will print out: `post_workload Tasks Complete` |
| | | |
| | | == Set up your Ansible inventory file |
| | | |
| | | * You will need to create an Ansible inventory file to define your connection |
| | | method to your host (Master/Bastion with OC command) |
| | | |
| | | * You can also use the command line to define the hosts directly if your `ssh` |
| | | configuration is set to connect to the host correctly |
| | | |
| | | * You can also use the command line to use localhost or if your cluster is |
| | | already authenticated and configured in your `oc` configuration |
| | | [source, ini] |
| | | |
| | | .example inventory file |
| | | ---- |
| | | [gptehosts:vars] |
| | | ansible_ssh_private_key_file=~/.ssh/keytoyourhost.pem |
| | | ansible_ssh_user=ec2-user |
| | | |
| | | [gptehosts:children] |
| | | openshift |
| | | |
| | | [openshift] |
| | | bastion.cluster1.openshift.opentlc.com |
| | | bastion.cluster2.openshift.opentlc.com |
| | | bastion.cluster3.openshift.opentlc.com ansible_ssh_host=ec2-11-111-111-11.us-west-2.compute.amazonaws.com |
| | | bastion.cluster4.openshift.opentlc.com |
| | | |
| | | |
| | | [dev] |
| | | bastion.cluster1.openshift.opentlc.com |
| | | bastion.cluster2.openshift.opentlc.com |
| | | |
| | | |
| | | [prod] |
| | | bastion.cluster3.openshift.opentlc.com |
| | | bastion.cluster4.openshift.opentlc.com |
| | | ---- |
| | | |
| | | |
| | | == Review the defaults variable file |
| | | |
| | | * This file link:./defaults/main.yml[./defaults/main.yml] contains all the variables you |
| | |
| | | |
| | | * You can modify any of these default values by adding |
| | | `-e"variable_name=variable_value"` to the command line |
| | | |
| | | === Deploy Workload on OpenShift Cluster from an existing playbook: |
| | | |
| | | [source,yaml] |
| | | ---- |
| | | - name: Deploy a workload role on a master host |
| | | hosts: all |
| | | become: true |
| | | gather_facts: False |
| | | tags: |
| | | - step007 |
| | | roles: |
| | | - { role: "{{ ANSIBLE_REPO_PATH }}/roles/{{ocp_workload}}", when: 'ocp_workload is defined' } |
| | | |
| | | ---- |
| | | NOTE: You might want to change `hosts: all` to fit your requirements |
| | | |
| | | |
| | | === Deploy a Workload with the `ocp-workload` playbook [Mostly for testing] |
| | | ---- |
| | |
| | | -e"guid=${GUID}" \ |
| | | -e"ACTION=remove" |
| | | ---- |
| | | |
| | | |
| | | == Other related information: |
| | | === Deploy Workload on OpenShift Cluster from an existing playbook: |
| | | |
| | | [source,yaml] |
| | | ---- |
| | | - name: Deploy a workload role on a master host |
| | | hosts: all |
| | | become: true |
| | | gather_facts: False |
| | | tags: |
| | | - step007 |
| | | roles: |
| | | - { role: "{{ ANSIBLE_REPO_PATH }}/roles/{{ocp_workload}}", when: 'ocp_workload is defined' } |
| | | |
| | | ---- |
| | | NOTE: You might want to change `hosts: all` to fit your requirements |
| | | |
| | | |
| | | === Set up your Ansible inventory file |
| | | |
| | | * You can create an Ansible inventory file to define your connection |
| | | method to your host (Master/Bastion with OC command) |
| | | |
| | | * You can also use the command line to define the hosts directly if your `ssh` |
| | | configuration is set to connect to the host correctly |
| | | |
| | | * You can also use the command line to use localhost or if your cluster is |
| | | already authenticated and configured in your `oc` configuration |
| | | [source, ini] |
| | | |
| | | .example inventory file |
| | | ---- |
| | | [gptehosts:vars] |
| | | ansible_ssh_private_key_file=~/.ssh/keytoyourhost.pem |
| | | ansible_ssh_user=ec2-user |
| | | |
| | | [gptehosts:children] |
| | | openshift |
| | | |
| | | [openshift] |
| | | bastion.cluster1.openshift.opentlc.com |
| | | bastion.cluster2.openshift.opentlc.com |
| | | bastion.cluster3.openshift.opentlc.com ansible_ssh_host=ec2-11-111-111-11.us-west-2.compute.amazonaws.com |
| | | bastion.cluster4.openshift.opentlc.com |
| | | |
| | | |
| | | [dev] |
| | | bastion.cluster1.openshift.opentlc.com |
| | | bastion.cluster2.openshift.opentlc.com |
| | | |
| | | |
| | | [prod] |
| | | bastion.cluster3.openshift.opentlc.com |
| | | bastion.cluster4.openshift.opentlc.com |
| | | ---- |
| | |
| | | - name: post_workload Tasks Complete |
| | | debug: |
| | | msg: "Post-Software checks completed successfully" |
| | | when: not silent|bool |
| | |
| | | --- |
| | | |
| | | - name: Add user to developer group (allowed to create projects) |
| | | shell: "oadm groups add-users {{item}} {{ocp_username}}" |
| | | command: "oadm groups add-users {{item}} {{ocp_username}}" |
| | | register: groupadd_register |
| | | with_items: "{{ocp_user_groups}}" |
| | | when: ocp_username is defined and ocp_user_groups is defined |
| | | when: |
| | | - ocp_username is defined |
| | | - ocp_user_groups | default([]) | length > 0 |
| | | |
| | | - name: test that command worked |
| | | debug: |
| | |
| | | verbosity: 2 |
| | | |
| | | - name: Create user Quota - clusterresourcequota |
| | | shell: | |
| | | command: | |
| | | oc create clusterquota clusterquota-"{{ocp_username}}-{{guid}}" \ |
| | | --project-annotation-selector=openshift.io/requester="{{ocp_username}}" \ |
| | | --hard requests.cpu="{{quota_requests_cpu}}" \ |
| | |
| | | msg: "Pre-Software checks completed successfully - Removed" |
| | | |
| | | - name: Remove user from developer group - (remove ability to create projects) |
| | | shell: "oadm groups remove-users {{item}} {{ocp_username}}" |
| | | command: "oadm groups remove-users {{item}} {{ocp_username}}" |
| | | register: groupadd_register |
| | | with_items: "{{ocp_user_groups}}" |
| | | when: ocp_username is defined and ocp_user_groups is defined |
| | | when: |
| | | - ocp_username is defined |
| | | - ocp_user_groups | default([]) | length > 0 |
| | | |
| | | - name: Remove user Quota - oc delete clusterresourcequota "clusterquota-{{ocp_username}}-{{guid}}" |
| | | shell: oc delete clusterresourcequota clusterquota-{{ocp_username}}-{{guid}} |
| | | command: oc delete clusterresourcequota clusterquota-{{ocp_username}}-{{guid}} |
| | | ignore_errors: true |
| | | |
| | | - name: Remove user Quota - oc delete clusterresourcequota "clusterquota-{{ocp_username}}" |
| | | shell: oc delete clusterresourcequota clusterquota-{{ocp_username}} |
| | | command: oc delete clusterresourcequota clusterquota-{{ocp_username}} |
| | | ignore_errors: true |
| | | |
| | | - name: Remove user Projects - oc get projects |
| | | shell: "oc get projects -o json" |
| | | command: "oc get projects -o json" |
| | | |
| | | register: all_projects |
| | | - name: Remove user Projects - Convert output to json |
| | |
| | | debug: |
| | | msg: "found user project: {{item.metadata.name}}" |
| | | verbosity: 1 |
| | | when: item.metadata.annotations['openshift.io/requester'] is defined and item.metadata.annotations['openshift.io/requester'] == "{{ocp_username}}" |
| | | when: |
| | | - item.metadata.annotations['openshift.io/requester'] is defined |
| | | - item.metadata.annotations['openshift.io/requester'] == "{{ocp_username}}" |
| | | with_items: "{{projects['items']}}" |
| | | |
| | | - name: Remove user Projects - "oc delete project {{item.metadata.name}}" |
| | | shell: "oc delete project {{item.metadata.name}}" |
| | | command: "oc delete project {{item.metadata.name}}" |
| | | when: |
| | | - (item.metadata.annotations['openshift.io/requester'] is defined and item.metadata.annotations['openshift.io/requester'] == "{{ocp_username}}") |
| | | - (item.status.phase is defined and item.status.phase != "Terminating") |
| | | - item.metadata.annotations['openshift.io/requester'] is defined |
| | | - item.metadata.annotations['openshift.io/requester'] == "{{ocp_username}}" |
| | | - item.status.phase is defined |
| | | - item.status.phase != "Terminating" |
| | | with_items: "{{projects['items']}}" |
| | | |
| | | - name: post_workload Tasks Complete |
| | |
| | | --- |
| | | |
| | | |
| | | - name: workload Tasks Complete |
| | | debug: |
| | | msg: workload Tasks Complete |
| | |
| | | --- |
| | | become_override: true |
| | | ocp_username: shachar-redhat.com |
| | | ocp_user_needs_quota: True |
| | | |
New file |
| | |
| | | # Plagarized from configs/ocp-workloads/ocp-workload.yml |
| | | |
| | | - name: Prep enamsse |
| | | hosts: all |
| | | become: false |
| | | gather_facts: False |
| | | vars_files: |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml" |
| | | tags: |
| | | - step007 |
| | | |
| | | roles: |
| | | - role: "{{ ANSIBLE_REPO_PATH }}/roles/{{ocp_workload}}" |
| | | |
| | | # invoke out-of-the-box playbook from enmasse project |
| | | - name: Deploy enmasse |
| | | import_playbook: "{{enmasse_path}}/ansible/playbooks/openshift/multitenant.yml" |
| | | when: ACTION == "create" or ACTION == "provision" |
| | |
| | | = ocp-workload-developer-environment - Sample Config |
| | | = ocp-workload-bxms-dm |
| | | |
| | | == Role overview |
| | | |
| | | * This is a simple role that does the following: |
| | | ** Playbook: link:./tasks/pre_workload.yml[pre_workload.yml] - Sets up an |
| | | environment for the workload deployment |
| | | *** Adds a user to a list of groups defined in the |
| | | link:./defaults/main.yml[defaults file]. |
| | | *** Sets a cluster resource quota for the user based on the variables in the |
| | | link:./defaults/main.yml[defaults file] . |
| | | *** Debug task will print out: `pre_workload Tasks Complete` |
| | | |
| | | ** Playbook: link:./tasks/workload.yml[workload.yml] - Used to deploy the actual |
| | | workload, i.e, 3scale, Mobile or some Demo |
| | | *** This role doesn't do anything here |
| | | *** Debug task will print out: `workload Tasks Complete` |
| | | |
| | | ** Playbook: link:./tasks/post_workload.yml[post_workload.yml] - Used to |
| | | configure the workload after deployment |
| | | *** This role doesn't do anything here |
| | | *** Debug task will print out: `post_workload Tasks Complete` |
| | | |
| | | == Review the defaults variable file |
| | | |
| | | * This file link:./defaults/main.yml[./defaults/main.yml] contains all the variables you |
| | | need to define to control the deployment of your workload. |
| | | |
| | | * You can modify any of these default values by adding |
| | | `-e"variable_name=variable_value"` to the command line |
| | | |
| | | === Deploy Workload on OpenShift Cluster from an existing playbook: |
| | | |
| | | [source,yaml] |
| | | === Deploy a Workload with the `ocp-workload` playbook |
| | | ---- |
| | | - name: Deploy a workload role on a master host |
| | | hosts: all |
| | | become: true |
| | | gather_facts: False |
| | | tags: |
| | | - step007 |
| | | roles: |
| | | - { role: "{{ ANSIBLE_REPO_PATH }}/roles/{{ocp_workload}}", when: 'ocp_workload is defined' } |
| | | |
| | | ---- |
| | | NOTE: You might want to change `hosts: all` to fit your requirements |
| | | |
| | | |
| | | === Deploy a Workload with the `ocp-workload` playbook [Mostly for testing] |
| | | ---- |
| | | TARGET_HOST="bastion.dev37.openshift.opentlc.com" |
| | | OCP_USERNAME="njoshi-redhat.com" |
| | | GUID=jb45 |
| | | HOST_GUID=dev37 |
| | | TARGET_HOST="bastion.$HOST_GUID.openshift.opentlc.com" |
| | | OCP_USERNAME="jbride-redhat.com" |
| | | WORKLOAD="ocp-workload-fuse-enmasse" |
| | | GUID=4444 |
| | | SSH_USERNAME="jbride-redhat.com" |
| | | SSH_PRIVATE_KEY="id_ocp" |
| | | |
| | | # a TARGET_HOST is specified in the command line, without using an inventory file |
| | | ansible-playbook -i ${TARGET_HOST}, ./configs/ocp-workloads/ocp-workload.yml \ |
| | | -e"ansible_ssh_private_key_file=~/.ssh/forge" \ |
| | | -e"ansible_ssh_user=ec2-user" \ |
| | | # The following command specifies a custom playbook that imports the out-of-the-box enmasse playbook |
| | | ansible-playbook -i ${TARGET_HOST}, ./roles/ocp-workload-fuse-enmasse/enmasse-provision.yml \ |
| | | -e"ansible_ssh_private_key_file=~/.ssh/${SSH_PRIVATE_KEY}" \ |
| | | -e"ansible_ssh_user=${SSH_USERNAME}" \ |
| | | -e"ANSIBLE_REPO_PATH=`pwd`" \ |
| | | -e"ocp_username=${OCP_USERNAME}" \ |
| | | -e"ocp_workload=${WORKLOAD}" \ |
| | | -e"guid=${GUID}" \ |
| | | -e"ocp_user_needs_quota=true" \ |
| | | -e"ocp_apps_domain=apps.dev37.openshift.opentlc.com" \ |
| | | -e"ocp_apps_domain=apps.${HOST_GUID}.openshift.opentlc.com" \ |
| | | -e"enmasse_tag=0.17.0" \ |
| | | -e"enmasse_path=/tmp/enmasse-{{enmasse_tag}}" \ |
| | | -e"namespace=amq-enmasse-${GUID}" \ |
| | | -e"ACTION=create" |
| | | |
| | | ---- |
| | | |
| | | === To Delete an environment |
| | | ---- |
| | | TARGET_HOST="bastion.dev37.openshift.opentlc.com" |
| | | OCP_USERNAME="shacharb-redhat.com" |
| | | WORKLOAD="ocp-workload-fuse-ignite" |
| | | GUID=3005 |
| | | GUID=jb45 |
| | | HOST_GUID=dev37 |
| | | TARGET_HOST="bastion.$HOST_GUID.openshift.opentlc.com" |
| | | OCP_USERNAME="jbride-redhat.com" |
| | | WORKLOAD="ocp-workload-fuse-enmasse" |
| | | SSH_USERNAME="jbride-redhat.com" |
| | | SSH_PRIVATE_KEY="id_ocp" |
| | | |
| | | # a TARGET_HOST is specified in the command line, without using an inventory file |
| | | ansible-playbook -i ${TARGET_HOST}, ./configs/ocp-workloads/ocp-workload.yml \ |
| | | -e"ansible_ssh_private_key_file=~/.ssh/keytoyourhost.pem" \ |
| | | -e"ansible_ssh_user=ec2-user" \ |
| | | -e"ansible_ssh_private_key_file=~/.ssh/${SSH_PRIVATE_KEY}" \ |
| | | -e"ansible_ssh_user=${SSH_USERNAME}" \ |
| | | -e"ANSIBLE_REPO_PATH=`pwd`" \ |
| | | -e"ocp_username=${OCP_USERNAME}" \ |
| | | -e"ocp_workload=${WORKLOAD}" \ |
| | | -e"guid=${GUID}" \ |
| | | -e"namespace="amq-enmasse-${GUID} \ |
| | | -e"ACTION=remove" |
| | | ---- |
| | | |
| | | |
| | | |
| | | |
| | | == Set up your Ansible inventory file |
| | | |
| | | * You can create an Ansible inventory file to define your connection |
| | | method to your host (Master/Bastion with OC command) |
| | | |
| | | * You can also use the command line to define the hosts directly if your `ssh` |
| | | configuration is set to connect to the host correctly |
| | | |
| | | * You can also use the command line to use localhost or if your cluster is |
| | | already authenticated and configured in your `oc` configuration |
| | | [source, ini] |
| | | |
| | | .example inventory file |
| | | ---- |
| | | [gptehosts:vars] |
| | | ansible_ssh_private_key_file=~/.ssh/keytoyourhost.pem |
| | | ansible_ssh_user=ec2-user |
| | | |
| | | [gptehosts:children] |
| | | openshift |
| | | |
| | | [openshift] |
| | | bastion.cluster1.openshift.opentlc.com |
| | | bastion.cluster2.openshift.opentlc.com |
| | | bastion.cluster3.openshift.opentlc.com ansible_ssh_host=ec2-11-111-111-11.us-west-2.compute.amazonaws.com |
| | | bastion.cluster4.openshift.opentlc.com |
| | | |
| | | |
| | | [dev] |
| | | bastion.cluster1.openshift.opentlc.com |
| | | bastion.cluster2.openshift.opentlc.com |
| | | |
| | | |
| | | [prod] |
| | | bastion.cluster3.openshift.opentlc.com |
| | | bastion.cluster4.openshift.opentlc.com |
| | | ---- |
| | |
| | | --- |
| | | |
| | | - name: Running Pre Workload Tasks |
| | | include: ./pre_workload.yml |
| | | become: true |
| | | become: "{{ become_override | bool }}" |
| | | when: ACTION == "create" or ACTION == "provision" |
| | | |
| | | - name: Running Workload Tasks |
| | | include: ./workload.yml |
| | | become: true |
| | | become: "{{ become_override | bool }}" |
| | | when: ACTION == "create" or ACTION == "provision" |
| | | |
| | | |
| | | - name: Running Post Workload Tasks |
| | | include: ./post_workload.yml |
| | | become: true |
| | | become: "{{ become_override | bool }}" |
| | | when: ACTION == "create" or ACTION == "provision" |
| | | |
| | | - name: Running Workload removal Tasks |
| | | include: ./remove_workload.yml |
| | | become: true |
| | | become: "{{ become_override | bool }}" |
| | | when: ACTION == "destroy" or ACTION == "remove" |
| | |
| | | # var: groupadd_register |
| | | # verbosity: 2 |
| | | |
| | | - name: Create user Quota - clusterresourcequota |
| | | shell: | |
| | | oc create clusterquota clusterquota-"{{ocp_username}}-{{guid}}" \ |
| | | --project-annotation-selector=openshift.io/requester="{{ocp_username}}" \ |
| | | --hard requests.cpu="{{quota_requests_cpu}}" \ |
| | | --hard limits.cpu="{{quota_limits_cpu}}" \ |
| | | --hard requests.memory="{{quota_requests_memory}}" \ |
| | | --hard limits.memory="{{quota_limits_memory}}" \ |
| | | --hard configmaps="{{quota_configmaps}}" \ |
| | | --hard pods="{{quota_pods}}" \ |
| | | --hard persistentvolumeclaims="{{quota_persistentvolumeclaims}}" \ |
| | | --hard services="{{quota_services}}" \ |
| | | --hard secrets="{{quota_secrets}}" \ |
| | | --hard requests.storage="{{quota_requests_storage}}" |
| | | ignore_errors: true |
| | | #- name: Create user Quota - clusterresourcequota |
| | | # shell: | |
| | | # oc create clusterquota clusterquota-"{{ocp_username}}-{{guid}}" \ |
| | | # --project-annotation-selector=openshift.io/requester="{{ocp_username}}" \ |
| | | # --hard requests.cpu="{{quota_requests_cpu}}" \ |
| | | # --hard limits.cpu="{{quota_limits_cpu}}" \ |
| | | # --hard requests.memory="{{quota_requests_memory}}" \ |
| | | # --hard limits.memory="{{quota_limits_memory}}" \ |
| | | # --hard configmaps="{{quota_configmaps}}" \ |
| | | # --hard pods="{{quota_pods}}" \ |
| | | # --hard persistentvolumeclaims="{{quota_persistentvolumeclaims}}" \ |
| | | # --hard services="{{quota_services}}" \ |
| | | # --hard secrets="{{quota_secrets}}" \ |
| | | # --hard requests.storage="{{quota_requests_storage}}" |
| | | # ignore_errors: true |
| | | |
| | | - name: pre_workload Tasks Complete |
| | | debug: |
| | |
| | | debug: |
| | | msg: "Pre-Software checks completed successfully - Removed" |
| | | |
| | | - name: define ocp_project |
| | | set_fact: |
| | | ocp_project: "enmasse-{{guid}}" |
| | | |
| | | - name: Remove user Quota - oc delete clusterresourcequota "clusterquota-{{ocp_username}}-{{guid}}" |
| | | shell: oc delete clusterresourcequota clusterquota-{{ocp_username}}-{{guid}} |
| | | ignore_errors: true |
| | | |
| | | # - name: Remove user Quota - oc delete clusterresourcequota "clusterquota-{{ocp_username}}" |
| | | # shell: oc delete clusterresourcequota clusterquota-{{ocp_username}} |
| | | # ignore_errors: true |
| | | |
| | | - name: Remove user Project |
| | | shell: "oc delete project {{ocp_project}}" |
| | | shell: "oc delete project {{namespace}}" |
| | | ignore_errors: true |
| | | |
| | | - name: post_workload Tasks Complete |
| | |
| | | --- |
| | | - name: define ocp_project |
| | | set_fact: |
| | | ocp_project: "enmasse-{{guid}}" |
| | | |
| | | - name: Download enmasse software deployer |
| | | shell: "wget https://github.com/EnMasseProject/enmasse/releases/download/0.15.3/enmasse-0.15.3.tgz -O /tmp/enmasse-0.15.3.tgz" |
| | | # The enmasse project now includes ansible playbooks. |
| | | # We'll download the enmasse source code to the local filesystem so as to be available to the ansible invoking this task |
| | | - stat: path=/tmp/enmasse-{{enmasse_tag}}.tgz |
| | | register: enmasse_zip |
| | | delegate_to: 127.0.0.1 |
| | | |
| | | - name: Untar enmasse software deployer |
| | | shell: "tar zxvf /tmp/enmasse-0.15.3.tgz -C /tmp" |
| | | - name: Download enmasse project |
| | | get_url: |
| | | url: https://github.com/EnMasseProject/enmasse/releases/download/{{enmasse_tag}}/enmasse-{{enmasse_tag}}.tgz |
| | | dest: /tmp/enmasse-{{enmasse_tag}}.tgz |
| | | mode: 0755 |
| | | when: enmasse_zip.stat.exists == False |
| | | delegate_to: 127.0.0.1 |
| | | |
| | | - name: Comment oc login commands in script to avoid interactive password request |
| | | - name: unzip enmasse project |
| | | command: tar -zxvf /tmp/enmasse-{{enmasse_tag}}.tgz -C /tmp |
| | | when: enmasse_zip.stat.exists == False |
| | | delegate_to: 127.0.0.1 |
| | | |
| | | - name: modify hosts in enmasse playbook |
| | | replace: |
| | | dest: /tmp/enmasse-0.15.3/deploy-openshift.sh |
| | | regexp: 'runcmd .oc login' |
| | | replace: '#runcmd .oc login' |
| | | path: "{{enmasse_path}}/ansible/playbooks/openshift/multitenant.yml" |
| | | regexp: '^- hosts: localhost' |
| | | replace: '- hosts: all' |
| | | delegate_to: 127.0.0.1 |
| | | |
| | | - name: Run enmasse software deployer |
| | | shell: "/tmp/enmasse-0.15.3/deploy-openshift.sh -m https://master.dev37.openshift.opentlc.com:443 -n {{ocp_project}} -y" |
| | | |
| | | - name: delete enmasse software deployer |
| | | shell: "rm -rf /tmp/enmasse-0.15.3/ /tmp/enmasse-0.15.3.tgz" |
| | | |
| | | - name: annotate the project as requested by user |
| | | shell: "oc annotate namespace {{ocp_project}} openshift.io/requester={{ocp_username}} --overwrite" |
| | | |
| | | # Project and user administration |
| | | |
| | | - name: "Create project for workload {{namespace}}" |
| | | shell: "oc new-project {{namespace}}" |
| | | |
| | | - name: Give ocp_username access to ocp_project |
| | | shell: "oc policy add-role-to-user admin {{ocp_username}} -n {{ocp_project}}" |
| | | shell: "oc policy add-role-to-user admin {{ocp_username}} -n {{namespace}}" |
| | | |
| | | - name: Make sure we go back to default project |
| | | shell: "oc project default" |
| | | |
| | | - name: annotate the project as requested by user |
| | | shell: "oc annotate namespace {{namespace}} openshift.io/requester={{ocp_username}} --overwrite" |
| | | |
| | | - name: Give ocp_username access to namespace |
| | | shell: "oc policy add-role-to-user admin {{ocp_username}} -n {{namespace}}" |
| | | |
| | | - name: workload Tasks Complete |
| | | debug: |
| | | msg: workload Tasks Complete |
| | | |
| | | |
| | | ## This was our attempt to manually build this deployment based on the deploy-openshift.sh, it failed |
| | | ## Everything was created, but for some reason the RS were not created. |
| | | |
| | | |
| | | # |
| | | # - name: Create project for workload |
| | | # shell: "oc new-project {{ocp_project}}" |
| | | # ignore_errors: true |
| | | # - name: Make sure we go back do default project |
| | | # shell: "oc project default" |
| | | # |
| | | # - name: Create service account for address controller |
| | | # shell: "oc create sa enmasse-admin -n {{ocp_project}}" |
| | | # |
| | | # - name: Add permissions for viewing OpenShift resources to default user |
| | | # shell: "oc policy add-role-to-user view system:serviceaccount:{{ocp_project}}:default -n {{ocp_project}}" |
| | | # |
| | | # - name: Add permissions for editing OpenShift resources to admin SA |
| | | # shell: "oc policy add-role-to-user edit system:serviceaccount:{{ocp_project}}:enmasse-admin -n {{ocp_project}}" |
| | | # |
| | | # ########## create_self_signed_cert "oc" "address-controller.${NAMESPACE}.svc.cluster.local" "address-controller-cert" |
| | | # |
| | | # - name: Create self-signed certificate for address-controller.{{ocp_project}}.svc.cluster.local |
| | | # shell: "openssl req -new -x509 -batch -nodes -days 11000 -out /tmp/{{guid}}-cert.crt -keyout /tmp/{{guid}}-key.orig -subj \"/O=io.enmasse/CN=address-controller.{{ocp_project}}.svc.cluster.local\"" |
| | | # |
| | | # - name: "Convert from PKCS#1 to PKCS#8" |
| | | # shell: "openssl pkcs8 -topk8 -inform pem -in /tmp/{{guid}}-key.orig -outform pem -nocrypt -out /tmp/{{guid}}-key" |
| | | # |
| | | # - name: save tlskey as fact |
| | | # shell: "base64 -w 0 /tmp/{{guid}}-key" |
| | | # register: tlskey |
| | | # - name: save tlscert as fact |
| | | # shell: "base64 -w 0 /tmp/{{guid}}-cert.crt" |
| | | # register: tlscrt |
| | | # |
| | | # - name: create tls secret file |
| | | # copy: |
| | | # dest: "/tmp/{{guid}}-tls-secret" |
| | | # content: | |
| | | # { |
| | | # "apiVersion": "v1", |
| | | # "kind": "Secret", |
| | | # "metadata": { |
| | | # "name": "address-controller-cert" |
| | | # }, |
| | | # "type": "kubernetes.io/tls", |
| | | # "data": { |
| | | # "tls.key": "{{tlskey.stdout}}", |
| | | # "tls.crt": "{{tlscrt.stdout}}" |
| | | # } |
| | | # } |
| | | # |
| | | # - name: create tls secret object |
| | | # shell: "oc create -f /tmp/{{guid}}-tls-secret -n {{ocp_project}}" |
| | | # |
| | | # ####### create_self_signed_cert "oc" "none-authservice.${NAMESPACE}.svc.cluster.local" "none-authservice-cert" |
| | | # - name: Create self-signed certificate for none-authservice.{{ocp_project}}.svc.cluster.local |
| | | # shell: "openssl req -new -x509 -batch -nodes -days 11000 -out /tmp/{{guid}}auth-cert.crt -keyout /tmp/{{guid}}auth-key.orig -subj \"/O=io.enmasse/CN=none-authservice.{{ocp_project}}.svc.cluster.local\"" |
| | | # |
| | | # - name: "Convert from PKCS#1 to PKCS#8" |
| | | # shell: "openssl pkcs8 -topk8 -inform pem -in /tmp/{{guid}}auth-key.orig -outform pem -nocrypt -out /tmp/{{guid}}auth-key" |
| | | # |
| | | # - name: save tlskey as fact |
| | | # shell: "base64 -w 0 /tmp/{{guid}}auth-key" |
| | | # register: tlskeyauth |
| | | # - name: save tlscert as fact |
| | | # shell: "base64 -w 0 /tmp/{{guid}}auth-cert.crt" |
| | | # register: tlscrtauth |
| | | # |
| | | # - name: create tls secret file |
| | | # copy: |
| | | # dest: "/tmp/{{guid}}auth-tls-secret" |
| | | # content: | |
| | | # { |
| | | # "apiVersion": "v1", |
| | | # "kind": "Secret", |
| | | # "metadata": { |
| | | # "name": "none-authservice-cert" |
| | | # }, |
| | | # "type": "kubernetes.io/tls", |
| | | # "data": { |
| | | # "tls.key": "{{tlskeyauth.stdout}}", |
| | | # "tls.crt": "{{tlscrtauth.stdout}}" |
| | | # } |
| | | # } |
| | | # |
| | | # - name: create tls secret object |
| | | # shell: "oc create -f /tmp/{{guid}}auth-tls-secret -n {{ocp_project}}" |
| | | # |
| | | # |
| | | # - name: Copy non autheservice file |
| | | # template: |
| | | # src: "noauth.json.j2" |
| | | # dest: /tmp/{{guid}}-noauth-template.json |
| | | # - name: Create none authservice |
| | | # shell: "oc create -f /tmp/{{guid}}-noauth-template.json -n {{ocp_project}} " |
| | | # |
| | | # - name: Copy enmasse template |
| | | # template: |
| | | # src: "enmasse.yaml.j2" |
| | | # dest: /tmp/{{guid}}-enmasse-template.yaml |
| | | # |
| | | # |
| | | # |
| | | # - name: create payload fact |
| | | # set_fact: |
| | | # payload: "{ kind: AddressSpace , apiVersion: 'enmasse.io/v1', metadata: { name: default, namespace: {{ocp_project}} }, spec: { type: standard } }" |
| | | # |
| | | # |
| | | # - name: Create configmap |
| | | # copy: |
| | | # dest: "/tmp/{{guid}}-configmap.json" |
| | | # content: | |
| | | # { |
| | | # "apiVersion": "v1", |
| | | # "kind": "ConfigMap", |
| | | # "metadata": { |
| | | # "name": "address-space-default", |
| | | # "labels": { |
| | | # "type": "address-space" |
| | | # } |
| | | # }, |
| | | # "data": { |
| | | # "config.json": "{{payload}}" |
| | | # } |
| | | # } |
| | | # |
| | | # - name: Create enmasse template |
| | | # shell: "oc create -f /tmp/{{guid}}-configmap.json -n {{ocp_project}} " |
| | | # |
| | | # - name: Create enmasse template |
| | | # shell: "oc process /tmp/{{guid}}-enmasse-template.yaml | oc create -n {{ocp_project}} -f -" |
| | | # |
| | |
| | | --- |
| | | become_override: false |
| | | ocp_username: shachar-redhat.com |
| | | ocp_user_needs_quota: True |
| | | |
| | |
| | | --- |
| | | - name: Running Pre Workload Tasks |
| | | include: ./pre_workload.yml |
| | | become: true |
| | | become: "{{ become_override | bool }}" |
| | | when: ACTION == "create" or ACTION == "provision" |
| | | |
| | | - name: Running Workload Tasks |
| | | include: ./workload.yml |
| | | become: true |
| | | become: "{{ become_override | bool }}" |
| | | when: ACTION == "create" or ACTION == "provision" |
| | | |
| | | - name: Running Post Workload Tasks |
| | | include: ./post_workload.yml |
| | | become: true |
| | | become: "{{ become_override | bool }}" |
| | | when: ACTION == "create" or ACTION == "provision" |
| | | |
| | | - name: Running Workload removal Tasks |
| | | include: ./remove_workload.yml |
| | | become: true |
| | | become: "{{ become_override | bool }}" |
| | | when: ACTION == "destroy" or ACTION == "remove" |
New file |
| | |
| | | --- |
| | | ocp_username: jmorales-redhat.com |
| | | ocp_user_needs_quota: True |
| | | |
| | | ocp_user_groups: |
| | | - OPENTLC-PROJECT-PROVISIONERS |
| | | |
| | | quota_requests_cpu: 5 |
| | | quota_limits_cpu: 10 |
| | | |
| | | quota_requests_memory: '6Gi' |
| | | quota_limits_memory: '20Gi' |
| | | |
| | | quota_configmaps: 4 |
| | | quota_pods: 20 |
| | | quota_persistentvolumeclaims: 5 |
| | | quota_services: 15 |
| | | quota_secrets: 30 |
| | | quota_requests_storage: 5Gi |
New file |
| | |
| | | <h1>Parksmap</h1> |
| | | <p><i>Parksmap demo</i> showing the app used in the RoadShow FY 17 labs. It's a microservices application using SpringBoot and JBoss EAP. |
| | | |
| | | This demo walks the audience through the process and concepts of developing an application on OpenShift.</p> |
| | | |
| | | <p>Products and Projects:</p> |
| | | <ul> |
| | | <li>OpenShift Container Platform</li> |
| | | <li>OpenShift Application Runtimes <br/>(Spring Boot)</li> |
| | | <li>JBoss EAP</li> |
| | | </ul> |
| | | |
| | | <p> |
| | | This demo will create 2 projects. One with the completed demo and the guides to learn how to deliver the demo, and an empty project to exercise/show the demo in real time.</p> |
| | | |
| | | <b>Provisioning Time:</b> ~5 min <br> |
| | | <br> |
| | | <p><b>Need support?</b><br>Contact <a href="mailto:rhpds-admins@redhat.com">rhpds-admins@redhat.com</a></p> |
New file |
| | |
| | | kind: List |
| | | apiVersion: v1 |
| | | metadata: {} |
| | | items: |
| | | - kind: ImageStream |
| | | apiVersion: v1 |
| | | metadata: |
| | | name: mlbparks |
| | | labels: |
| | | app: workshop |
| | | component: mlbparks |
| | | role: frontend |
| | | spec: |
| | | lookupPolicy: |
| | | local: false |
| | | tags: |
| | | - name: latest |
| | | importPolicy: {} |
| | | referencePolicy: |
| | | type: Source |
| | | - kind: BuildConfig |
| | | apiVersion: v1 |
| | | metadata: |
| | | name: mlbparks |
| | | labels: |
| | | app: workshop |
| | | build: mlbparks |
| | | component: mlbparks |
| | | spec: |
| | | failedBuildsHistoryLimit: 5 |
| | | output: |
| | | to: |
| | | kind: ImageStreamTag |
| | | name: mlbparks:latest |
| | | postCommit: {} |
| | | resources: {} |
| | | runPolicy: Serial |
| | | source: |
| | | git: |
| | | ref: 1.0.0 |
| | | uri: https://github.com/openshift-roadshow/mlbparks-py |
| | | type: Git |
| | | strategy: |
| | | sourceStrategy: |
| | | from: |
| | | kind: ImageStreamTag |
| | | name: python:3.5 |
| | | namespace: openshift |
| | | incremental: false |
| | | type: Source |
| | | successfulBuildsHistoryLimit: 5 |
| | | triggers: |
| | | - github: |
| | | secret: ri2F3RF6 |
| | | type: GitHub |
| | | - generic: |
| | | secret: L4fu58wx |
| | | type: Generic |
| | | - type: ConfigChange |
| | | - imageChange: {} |
| | | type: ImageChange |
| | | - kind: DeploymentConfig |
| | | apiVersion: v1 |
| | | metadata: |
| | | name: mlbparks |
| | | labels: |
| | | app: workshop |
| | | component: mlbparks |
| | | role: frontend |
| | | spec: |
| | | replicas: 1 |
| | | revisionHistoryLimit: 10 |
| | | selector: |
| | | app: workshop |
| | | component: mlbparks |
| | | deploymentconfig: mlbparks |
| | | role: frontend |
| | | strategy: |
| | | activeDeadlineSeconds: 21600 |
| | | resources: {} |
| | | rollingParams: |
| | | intervalSeconds: 1 |
| | | maxSurge: 25% |
| | | maxUnavailable: 25% |
| | | post: |
| | | execNewPod: |
| | | command: |
| | | - curl |
| | | - -s |
| | | - http://mlbparks:8080/ws/data/load |
| | | containerName: mlbparks |
| | | failurePolicy: Ignore |
| | | timeoutSeconds: 600 |
| | | updatePeriodSeconds: 1 |
| | | type: Rolling |
| | | template: |
| | | metadata: |
| | | labels: |
| | | app: workshop |
| | | component: mlbparks |
| | | deploymentconfig: mlbparks |
| | | role: frontend |
| | | spec: |
| | | containers: |
| | | - env: |
| | | - name: KUBERNETES_NAMESPACE |
| | | valueFrom: |
| | | fieldRef: |
| | | apiVersion: v1 |
| | | fieldPath: metadata.namespace |
| | | - name: DB_HOST |
| | | value: mongodb-mlbparks |
| | | - name: DB_USERNAME |
| | | valueFrom: |
| | | configMapKeyRef: |
| | | key: db.user |
| | | name: mlbparks |
| | | - name: DB_PASSWORD |
| | | valueFrom: |
| | | configMapKeyRef: |
| | | key: db.password |
| | | name: mlbparks |
| | | - name: DB_NAME |
| | | valueFrom: |
| | | configMapKeyRef: |
| | | key: db.name |
| | | name: mlbparks |
| | | image: mlbparks |
| | | imagePullPolicy: IfNotPresent |
| | | livenessProbe: |
| | | failureThreshold: 3 |
| | | httpGet: |
| | | path: /ws/healthz/ |
| | | port: 8080 |
| | | scheme: HTTP |
| | | initialDelaySeconds: 120 |
| | | periodSeconds: 10 |
| | | successThreshold: 1 |
| | | timeoutSeconds: 1 |
| | | name: mlbparks |
| | | ports: |
| | | - containerPort: 8080 |
| | | protocol: TCP |
| | | readinessProbe: |
| | | failureThreshold: 3 |
| | | httpGet: |
| | | path: /ws/healthz/ |
| | | port: 8080 |
| | | scheme: HTTP |
| | | initialDelaySeconds: 20 |
| | | periodSeconds: 10 |
| | | successThreshold: 1 |
| | | timeoutSeconds: 1 |
| | | resources: {} |
| | | terminationMessagePath: /dev/termination-log |
| | | terminationMessagePolicy: File |
| | | dnsPolicy: ClusterFirst |
| | | restartPolicy: Always |
| | | schedulerName: default-scheduler |
| | | securityContext: {} |
| | | terminationGracePeriodSeconds: 30 |
| | | test: false |
| | | triggers: |
| | | - type: ConfigChange |
| | | - imageChangeParams: |
| | | automatic: true |
| | | containerNames: |
| | | - mlbparks |
| | | from: |
| | | kind: ImageStreamTag |
| | | name: mlbparks:latest |
| | | type: ImageChange |
| | | - apiVersion: v1 |
| | | kind: DeploymentConfig |
| | | metadata: |
| | | labels: |
| | | app: workshop |
| | | component: mlbparks |
| | | role: frontend |
| | | name: mongodb-mlbparks |
| | | spec: |
| | | replicas: 1 |
| | | revisionHistoryLimit: 10 |
| | | selector: |
| | | app: workshop |
| | | component: mlbparks |
| | | role: frontend |
| | | deploymentconfig: mongodb-mlbparks |
| | | strategy: |
| | | activeDeadlineSeconds: 21600 |
| | | recreateParams: |
| | | timeoutSeconds: 600 |
| | | resources: {} |
| | | type: Recreate |
| | | template: |
| | | metadata: |
| | | labels: |
| | | app: workshop |
| | | component: mlbparks |
| | | role: frontend |
| | | deploymentconfig: mongodb-mlbparks |
| | | spec: |
| | | containers: |
| | | - env: |
| | | - name: KUBERNETES_NAMESPACE |
| | | valueFrom: |
| | | fieldRef: |
| | | apiVersion: v1 |
| | | fieldPath: metadata.namespace |
| | | - name: MONGODB_USER |
| | | valueFrom: |
| | | configMapKeyRef: |
| | | key: db.user |
| | | name: mlbparks |
| | | - name: MONGODB_PASSWORD |
| | | valueFrom: |
| | | configMapKeyRef: |
| | | key: db.password |
| | | name: mlbparks |
| | | - name: MONGODB_DATABASE |
| | | valueFrom: |
| | | configMapKeyRef: |
| | | key: db.name |
| | | name: mlbparks |
| | | - name: MONGODB_ADMIN_PASSWORD |
| | | value: axPDHoCG |
| | | image: centos/mongodb-32-centos7@sha256:bf746d7851d334a3a6afb0842e50081abd9c1d2c2c28123bc5c55c0e2fd2b3bb |
| | | imagePullPolicy: IfNotPresent |
| | | livenessProbe: |
| | | failureThreshold: 3 |
| | | initialDelaySeconds: 30 |
| | | periodSeconds: 10 |
| | | successThreshold: 1 |
| | | tcpSocket: |
| | | port: 27017 |
| | | timeoutSeconds: 1 |
| | | name: mongodb-mlbparks |
| | | ports: |
| | | - containerPort: 27017 |
| | | protocol: TCP |
| | | readinessProbe: |
| | | exec: |
| | | command: |
| | | - /bin/sh |
| | | - -i |
| | | - -c |
| | | - mongo 127.0.0.1:27017/$MONGODB_DATABASE -u $MONGODB_USER -p $MONGODB_PASSWORD |
| | | --eval="quit()" |
| | | failureThreshold: 3 |
| | | initialDelaySeconds: 3 |
| | | periodSeconds: 10 |
| | | successThreshold: 1 |
| | | timeoutSeconds: 1 |
| | | resources: |
| | | limits: |
| | | memory: 512Mi |
| | | securityContext: |
| | | capabilities: {} |
| | | privileged: false |
| | | terminationMessagePath: /dev/termination-log |
| | | terminationMessagePolicy: File |
| | | volumeMounts: |
| | | - mountPath: /var/lib/mongodb/data |
| | | name: mongodb-data |
| | | dnsPolicy: ClusterFirst |
| | | restartPolicy: Always |
| | | schedulerName: default-scheduler |
| | | securityContext: {} |
| | | terminationGracePeriodSeconds: 30 |
| | | volumes: |
| | | - emptyDir: {} |
| | | name: mongodb-data |
| | | test: false |
| | | triggers: |
| | | - imageChangeParams: |
| | | automatic: true |
| | | containerNames: |
| | | - mongodb-mlbparks |
| | | from: |
| | | kind: ImageStreamTag |
| | | name: mongodb:3.2 |
| | | namespace: openshift |
| | | type: ImageChange |
| | | - type: ConfigChange |
| | | - apiVersion: v1 |
| | | kind: Service |
| | | metadata: |
| | | labels: |
| | | app: workshop |
| | | component: mlbparks |
| | | role: frontend |
| | | type: parksmap-backend |
| | | name: mlbparks |
| | | spec: |
| | | ports: |
| | | - name: 8080-tcp |
| | | port: 8080 |
| | | protocol: TCP |
| | | targetPort: 8080 |
| | | selector: |
| | | deploymentconfig: mlbparks |
| | | sessionAffinity: None |
| | | type: ClusterIP |
| | | - apiVersion: v1 |
| | | kind: Service |
| | | metadata: |
| | | labels: |
| | | app: workshop |
| | | component: mlbparks |
| | | role: database |
| | | name: mongodb-mlbparks |
| | | spec: |
| | | ports: |
| | | - name: mongo |
| | | port: 27017 |
| | | protocol: TCP |
| | | targetPort: 27017 |
| | | selector: |
| | | deploymentconfig: mongodb-mlbparks |
| | | sessionAffinity: None |
| | | type: ClusterIP |
| | | - kind: ConfigMap |
| | | apiVersion: v1 |
| | | metadata: |
| | | name: mlbparks |
| | | labels: |
| | | app: workshop |
| | | component: mlbparks |
| | | role: config |
| | | data: |
| | | application.properties: spring.data.mongodb.uri=mongodb://uservIw:YWSRuDpR@mongodb-mlbparks:27017/mongodb |
| | | db.name: mongodb |
| | | db.password: YWSRuDpR |
| | | db.properties: |- |
| | | db.user=uservIw |
| | | db.password=YWSRuDpR |
| | | db.name=mongodb |
| | | db.user: uservIw |
New file |
| | |
| | | kind: List |
| | | apiVersion: v1 |
| | | metadata: {} |
| | | items: |
| | | - apiVersion: v1 |
| | | kind: ImageStream |
| | | metadata: |
| | | labels: |
| | | app: workshop |
| | | component: nationalparks |
| | | role: frontend |
| | | name: nationalparks |
| | | spec: |
| | | lookupPolicy: |
| | | local: false |
| | | tags: |
| | | - name: latest |
| | | importPolicy: {} |
| | | referencePolicy: |
| | | type: "" |
| | | - kind: BuildConfig |
| | | apiVersion: v1 |
| | | metadata: |
| | | labels: |
| | | app: workshop |
| | | component: nationalparks |
| | | role: frontend |
| | | name: nationalparks |
| | | spec: |
| | | output: |
| | | to: |
| | | kind: ImageStreamTag |
| | | name: nationalparks:latest |
| | | postCommit: {} |
| | | resources: {} |
| | | runPolicy: Serial |
| | | source: |
| | | git: |
| | | ref: master |
| | | uri: https://github.com/openshift-roadshow/nationalparks-py |
| | | type: Git |
| | | strategy: |
| | | sourceStrategy: |
| | | from: |
| | | kind: ImageStreamTag |
| | | name: python:3.5 |
| | | namespace: openshift |
| | | type: Source |
| | | triggers: |
| | | - generic: |
| | | secret: 3ce175ca0406c24d |
| | | type: Generic |
| | | - github: |
| | | secret: "0739955342648413" |
| | | type: GitHub |
| | | - imageChange: {} |
| | | type: ImageChange |
| | | - type: ConfigChange |
| | | - kind: DeploymentConfig |
| | | apiVersion: v1 |
| | | metadata: |
| | | name: nationalparks |
| | | labels: |
| | | app: workshop |
| | | component: nationalparks |
| | | role: frontend |
| | | spec: |
| | | replicas: 1 |
| | | selector: |
| | | deploymentconfig: nationalparks |
| | | strategy: |
| | | activeDeadlineSeconds: 21600 |
| | | resources: {} |
| | | rollingParams: |
| | | intervalSeconds: 1 |
| | | maxSurge: 25% |
| | | maxUnavailable: 25% |
| | | post: |
| | | execNewPod: |
| | | command: |
| | | - curl |
| | | - -s |
| | | - http://nationalparks:8080/ws/data/load |
| | | containerName: nationalparks |
| | | failurePolicy: Ignore |
| | | timeoutSeconds: 600 |
| | | updatePeriodSeconds: 1 |
| | | type: Rolling |
| | | template: |
| | | metadata: |
| | | labels: |
| | | app: workshop |
| | | component: nationalparks |
| | | deploymentconfig: nationalparks |
| | | role: frontend |
| | | spec: |
| | | containers: |
| | | - env: |
| | | - name: DB_USERNAME |
| | | valueFrom: |
| | | secretKeyRef: |
| | | key: database-user |
| | | name: mongodb-nationalparks |
| | | - name: DB_PASSWORD |
| | | valueFrom: |
| | | secretKeyRef: |
| | | key: database-password |
| | | name: mongodb-nationalparks |
| | | - name: DB_NAME |
| | | valueFrom: |
| | | secretKeyRef: |
| | | key: database-name |
| | | name: mongodb-nationalparks |
| | | - name: DB_HOST |
| | | value: mongodb-nationalparks |
| | | image: nationalparks |
| | | imagePullPolicy: Always |
| | | livenessProbe: |
| | | failureThreshold: 3 |
| | | httpGet: |
| | | path: /ws/healthz/ |
| | | port: 8080 |
| | | scheme: HTTP |
| | | initialDelaySeconds: 20 |
| | | periodSeconds: 10 |
| | | successThreshold: 1 |
| | | timeoutSeconds: 1 |
| | | name: nationalparks |
| | | ports: |
| | | - containerPort: 8080 |
| | | protocol: TCP |
| | | readinessProbe: |
| | | failureThreshold: 3 |
| | | httpGet: |
| | | path: /ws/healthz/ |
| | | port: 8080 |
| | | scheme: HTTP |
| | | initialDelaySeconds: 5 |
| | | periodSeconds: 10 |
| | | successThreshold: 1 |
| | | timeoutSeconds: 1 |
| | | resources: {} |
| | | terminationMessagePath: /dev/termination-log |
| | | terminationMessagePolicy: File |
| | | dnsPolicy: ClusterFirst |
| | | restartPolicy: Always |
| | | schedulerName: default-scheduler |
| | | securityContext: {} |
| | | terminationGracePeriodSeconds: 30 |
| | | test: false |
| | | triggers: |
| | | - imageChangeParams: |
| | | automatic: true |
| | | containerNames: |
| | | - nationalparks |
| | | from: |
| | | kind: ImageStreamTag |
| | | name: nationalparks:latest |
| | | type: ImageChange |
| | | - type: ConfigChange |
| | | - kind: Service |
| | | apiVersion: v1 |
| | | metadata: |
| | | name: nationalparks |
| | | labels: |
| | | app: workshop |
| | | component: nationalparks |
| | | role: frontend |
| | | type: parksmap-backend |
| | | spec: |
| | | ports: |
| | | - name: 8080-tcp |
| | | port: 8080 |
| | | protocol: TCP |
| | | targetPort: 8080 |
| | | selector: |
| | | deploymentconfig: nationalparks |
| | | sessionAffinity: None |
| | | type: ClusterIP |
| | | - kind: DeploymentConfig |
| | | apiVersion: v1 |
| | | metadata: |
| | | name: mongodb-nationalparks |
| | | labels: |
| | | app: workshop |
| | | component: nationalparks |
| | | role: database |
| | | spec: |
| | | replicas: 1 |
| | | selector: |
| | | deploymentconfig: mongodb-nationalparks |
| | | app: workshop |
| | | component: nationalparks |
| | | role: database |
| | | strategy: |
| | | activeDeadlineSeconds: 21600 |
| | | recreateParams: |
| | | timeoutSeconds: 600 |
| | | resources: {} |
| | | type: Recreate |
| | | template: |
| | | metadata: |
| | | labels: |
| | | deploymentconfig: mongodb-nationalparks |
| | | app: workshop |
| | | component: nationalparks |
| | | role: database |
| | | spec: |
| | | containers: |
| | | - env: |
| | | - name: MONGODB_USER |
| | | valueFrom: |
| | | secretKeyRef: |
| | | key: database-user |
| | | name: mongodb-nationalparks |
| | | - name: MONGODB_PASSWORD |
| | | valueFrom: |
| | | secretKeyRef: |
| | | key: database-password |
| | | name: mongodb-nationalparks |
| | | - name: MONGODB_ADMIN_PASSWORD |
| | | valueFrom: |
| | | secretKeyRef: |
| | | key: database-admin-password |
| | | name: mongodb-nationalparks |
| | | - name: MONGODB_DATABASE |
| | | valueFrom: |
| | | secretKeyRef: |
| | | key: database-name |
| | | name: mongodb-nationalparks |
| | | image: mongodb |
| | | imagePullPolicy: IfNotPresent |
| | | livenessProbe: |
| | | failureThreshold: 3 |
| | | initialDelaySeconds: 30 |
| | | periodSeconds: 10 |
| | | successThreshold: 1 |
| | | tcpSocket: |
| | | port: 27017 |
| | | timeoutSeconds: 1 |
| | | name: mongodb |
| | | ports: |
| | | - containerPort: 27017 |
| | | protocol: TCP |
| | | readinessProbe: |
| | | exec: |
| | | command: |
| | | - /bin/sh |
| | | - -i |
| | | - -c |
| | | - mongo 127.0.0.1:27017/$MONGODB_DATABASE -u $MONGODB_USER -p $MONGODB_PASSWORD |
| | | --eval="quit()" |
| | | failureThreshold: 3 |
| | | initialDelaySeconds: 3 |
| | | periodSeconds: 10 |
| | | successThreshold: 1 |
| | | timeoutSeconds: 1 |
| | | resources: |
| | | limits: |
| | | memory: 512Mi |
| | | securityContext: |
| | | capabilities: {} |
| | | privileged: false |
| | | terminationMessagePath: /dev/termination-log |
| | | terminationMessagePolicy: File |
| | | volumeMounts: |
| | | - mountPath: /var/lib/mongodb/data |
| | | name: mongodb-data |
| | | dnsPolicy: ClusterFirst |
| | | restartPolicy: Always |
| | | schedulerName: default-scheduler |
| | | securityContext: {} |
| | | terminationGracePeriodSeconds: 30 |
| | | volumes: |
| | | - name: mongodb-data |
| | | persistentVolumeClaim: |
| | | claimName: mongodb-nationalparks |
| | | test: false |
| | | triggers: |
| | | - imageChangeParams: |
| | | automatic: true |
| | | containerNames: |
| | | - mongodb |
| | | from: |
| | | kind: ImageStreamTag |
| | | name: mongodb:3.2 |
| | | namespace: openshift |
| | | type: ImageChange |
| | | - type: ConfigChange |
| | | - kind: Service |
| | | apiVersion: v1 |
| | | metadata: |
| | | labels: |
| | | app: workshop |
| | | component: nationalparks |
| | | role: database |
| | | name: mongodb-nationalparks |
| | | spec: |
| | | ports: |
| | | - name: mongo |
| | | port: 27017 |
| | | protocol: TCP |
| | | targetPort: 27017 |
| | | selector: |
| | | deploymentconfig: mongodb-nationalparks |
| | | sessionAffinity: None |
| | | type: ClusterIP |
| | | - kind: Secret |
| | | apiVersion: v1 |
| | | metadata: |
| | | name: mongodb-nationalparks |
| | | labels: |
| | | app: workshop |
| | | component: nationalparks |
| | | role: database |
| | | type: Opaque |
| | | data: |
| | | database-admin-password: bW9uZ29kYg== |
| | | database-name: bW9uZ29kYg== |
| | | database-password: bW9uZ29kYg== |
| | | database-user: bW9uZ29kYg== |
| | | - kind: PersistentVolumeClaim |
| | | apiVersion: v1 |
| | | metadata: |
| | | name: mongodb-nationalparks |
| | | labels: |
| | | app: workshop |
| | | component: nationalparks |
| | | role: database |
| | | spec: |
| | | accessModes: |
| | | - ReadWriteOnce |
| | | resources: |
| | | requests: |
| | | storage: 1Gi |
New file |
| | |
| | | kind: List |
| | | apiVersion: v1 |
| | | metadata: {} |
| | | items: |
| | | - kind: RoleBinding |
| | | apiVersion: v1 |
| | | groupNames: null |
| | | metadata: |
| | | name: view |
| | | roleRef: |
| | | name: view |
| | | subjects: |
| | | - kind: ServiceAccount |
| | | name: default |
| | | - kind: ImageStream |
| | | apiVersion: v1 |
| | | metadata: |
| | | name: parksmap |
| | | labels: |
| | | app: workshop |
| | | component: parksmap |
| | | role: ui |
| | | spec: |
| | | lookupPolicy: |
| | | local: false |
| | | tags: |
| | | - name: 1.2.0 |
| | | from: |
| | | kind: DockerImage |
| | | name: docker.io/openshiftroadshow/parksmap:1.2.0 |
| | | importPolicy: {} |
| | | referencePolicy: |
| | | type: Source |
| | | - apiVersion: v1 |
| | | kind: DeploymentConfig |
| | | metadata: |
| | | name: parksmap |
| | | labels: |
| | | app: workshop |
| | | component: parksmap |
| | | role: ui |
| | | spec: |
| | | replicas: 1 |
| | | selector: |
| | | app: workshop |
| | | component: parksmap |
| | | role: ui |
| | | deploymentconfig: parksmap |
| | | strategy: |
| | | activeDeadlineSeconds: 21600 |
| | | resources: {} |
| | | rollingParams: |
| | | intervalSeconds: 1 |
| | | maxSurge: 25% |
| | | maxUnavailable: 25% |
| | | timeoutSeconds: 600 |
| | | updatePeriodSeconds: 1 |
| | | type: Rolling |
| | | template: |
| | | metadata: |
| | | labels: |
| | | app: workshop |
| | | component: parksmap |
| | | role: ui |
| | | deploymentconfig: parksmap |
| | | spec: |
| | | containers: |
| | | - name: parksmap |
| | | image: parksmap |
| | | imagePullPolicy: IfNotPresent |
| | | ports: |
| | | - containerPort: 8080 |
| | | protocol: TCP |
| | | resources: {} |
| | | terminationMessagePath: /dev/termination-log |
| | | terminationMessagePolicy: File |
| | | dnsPolicy: ClusterFirst |
| | | restartPolicy: Always |
| | | schedulerName: default-scheduler |
| | | securityContext: {} |
| | | terminationGracePeriodSeconds: 30 |
| | | test: false |
| | | triggers: |
| | | - type: ConfigChange |
| | | - imageChangeParams: |
| | | automatic: true |
| | | containerNames: |
| | | - parksmap |
| | | from: |
| | | kind: ImageStreamTag |
| | | name: parksmap:1.2.0 |
| | | type: ImageChange |
| | | - apiVersion: v1 |
| | | kind: Service |
| | | metadata: |
| | | name: parksmap |
| | | labels: |
| | | app: workshop |
| | | component: parksmap |
| | | role: ui |
| | | spec: |
| | | ports: |
| | | - name: 8080-tcp |
| | | port: 8080 |
| | | protocol: TCP |
| | | targetPort: 8080 |
| | | selector: |
| | | deploymentconfig: parksmap |
| | | sessionAffinity: None |
| | | type: ClusterIP |
| | | - apiVersion: v1 |
| | | kind: Route |
| | | metadata: |
| | | name: parksmap |
| | | labels: |
| | | app: workshop |
| | | component: parksmap |
| | | role: ui |
| | | spec: |
| | | host: |
| | | port: |
| | | targetPort: 8080-tcp |
| | | to: |
| | | kind: Service |
| | | name: parksmap |
| | | weight: 100 |
| | | wildcardPolicy: None |
New file |
| | |
| | | kind: Template |
| | | apiVersion: v1 |
| | | metadata: |
| | | name: guide |
| | | annotations: |
| | | description: Template to deploy a workshop guide with workshopper. Look into any of the workshops for the used variables that can be defined in the configMap. |
| | | parameters: |
| | | - name: CONTENT_URL_PREFIX |
| | | description: Console url (e.g. https://raw.githubusercontent.com/osevg/workshopper-content/36) |
| | | value: |
| | | displayName: Content URL prefix |
| | | required: true |
| | | - name: WORKSHOPS_URLS |
| | | description: Workshop definition url (e.g. https://raw.githubusercontent.com/osevg/workshopper-content/36/_workshops/training.yml) |
| | | value: |
| | | displayName: Workshop Url |
| | | required: true |
| | | - name: CONSOLE_ADDRESS |
| | | description: Console url (e.g. master.mycluster.openshiftworkshop.com or console.mycluster.gce.pixy.io:8443) |
| | | value: |
| | | displayName: Console url |
| | | required: true |
| | | - name: ROUTER_ADDRESS |
| | | description: Application subdomain (e.g. apps.mycluster.openshiftworkshop.com or apps.mycluster.gce.pixy.io) |
| | | value: |
| | | displayName: Application subdomain |
| | | required: true |
| | | objects: |
| | | - kind: ImageStream |
| | | apiVersion: v1 |
| | | metadata: |
| | | name: workshopper |
| | | labels: |
| | | app: guides |
| | | spec: |
| | | lookupPolicy: |
| | | local: false |
| | | tags: |
| | | - name: latest |
| | | from: |
| | | kind: DockerImage |
| | | name: osevg/workshopper:latest |
| | | importPolicy: {} |
| | | referencePolicy: |
| | | type: Source |
| | | - kind: DeploymentConfig |
| | | apiVersion: v1 |
| | | metadata: |
| | | name: guides |
| | | labels: |
| | | app: guides |
| | | spec: |
| | | replicas: 1 |
| | | selector: |
| | | app: guides |
| | | deploymentconfig: guides |
| | | strategy: |
| | | activeDeadlineSeconds: 21600 |
| | | resources: {} |
| | | rollingParams: |
| | | intervalSeconds: 1 |
| | | maxSurge: 25% |
| | | maxUnavailable: 25% |
| | | timeoutSeconds: 600 |
| | | updatePeriodSeconds: 1 |
| | | type: Rolling |
| | | template: |
| | | metadata: |
| | | labels: |
| | | app: guides |
| | | deploymentconfig: guides |
| | | spec: |
| | | containers: |
| | | - image: workshopper |
| | | envFrom: |
| | | - configMapRef: |
| | | name: guides |
| | | imagePullPolicy: IfNotPresent |
| | | livenessProbe: |
| | | failureThreshold: 5 |
| | | httpGet: |
| | | path: / |
| | | port: 8080 |
| | | scheme: HTTP |
| | | initialDelaySeconds: 15 |
| | | periodSeconds: 10 |
| | | successThreshold: 1 |
| | | timeoutSeconds: 1 |
| | | name: guides |
| | | ports: |
| | | - containerPort: 8080 |
| | | protocol: TCP |
| | | readinessProbe: |
| | | failureThreshold: 5 |
| | | httpGet: |
| | | path: / |
| | | port: 8080 |
| | | scheme: HTTP |
| | | initialDelaySeconds: 15 |
| | | periodSeconds: 10 |
| | | successThreshold: 1 |
| | | timeoutSeconds: 1 |
| | | resources: {} |
| | | terminationMessagePath: /dev/termination-log |
| | | terminationMessagePolicy: File |
| | | dnsPolicy: ClusterFirst |
| | | restartPolicy: Always |
| | | schedulerName: default-scheduler |
| | | securityContext: {} |
| | | terminationGracePeriodSeconds: 30 |
| | | test: false |
| | | triggers: |
| | | - type: ConfigChange |
| | | - imageChangeParams: |
| | | automatic: true |
| | | containerNames: |
| | | - guides |
| | | from: |
| | | kind: ImageStreamTag |
| | | name: workshopper:latest |
| | | type: ImageChange |
| | | - kind: Service |
| | | apiVersion: v1 |
| | | metadata: |
| | | name: guides |
| | | labels: |
| | | app: guides |
| | | spec: |
| | | ports: |
| | | - name: 8080-tcp |
| | | port: 8080 |
| | | protocol: TCP |
| | | targetPort: 8080 |
| | | selector: |
| | | app: guides |
| | | deploymentconfig: guides |
| | | sessionAffinity: None |
| | | type: ClusterIP |
| | | - kind: Route |
| | | apiVersion: v1 |
| | | metadata: |
| | | name: guides |
| | | labels: |
| | | app: guides |
| | | spec: |
| | | host: |
| | | port: |
| | | targetPort: 8080-tcp |
| | | to: |
| | | kind: Service |
| | | name: guides |
| | | weight: 100 |
| | | wildcardPolicy: None |
| | | - kind: ConfigMap |
| | | apiVersion: v1 |
| | | metadata: |
| | | name: guides |
| | | labels: |
| | | app: guides |
| | | role: config |
| | | data: |
| | | CONTENT_URL_PREFIX: ${CONTENT_URL_PREFIX} |
| | | WORKSHOPS_URLS: ${WORKSHOPS_URLS} |
| | | CONSOLE_ADDRESS: ${CONSOLE_ADDRESS} |
| | | ROUTER_ADDRESS: ${ROUTER_ADDRESS} |
New file |
| | |
| | | = ocp-workload-developer-environment - Sample Config |
| | | |
| | | == Role overview |
| | | |
| | | * This is a simple role that does the following: |
| | | ** Playbook: link:./tasks/pre_workload.yml[pre_workload.yml] - Sets up an |
| | | environment for the workload deployment |
| | | *** Adds a user to a list of groups defined in the |
| | | link:./defaults/main.yml[defaults file]. |
| | | *** Sets a cluster resource quota for the user based on the variables in the |
| | | link:./defaults/main.yml[defaults file] . |
| | | *** Debug task will print out: `pre_workload Tasks Complete` |
| | | |
| | | ** Playbook: link:./tasks/workload.yml[workload.yml] - Used to deploy the actual |
| | | workload, i.e, 3scale, Mobile or some Demo |
| | | *** This role doesn't do anything here |
| | | *** Debug task will print out: `workload Tasks Complete` |
| | | |
| | | ** Playbook: link:./tasks/post_workload.yml[post_workload.yml] - Used to |
| | | configure the workload after deployment |
| | | *** This role doesn't do anything here |
| | | *** Debug task will print out: `post_workload Tasks Complete` |
| | | |
| | | == Review the defaults variable file |
| | | |
| | | * This file link:./defaults/main.yml[./defaults/main.yml] contains all the variables you |
| | | need to define to control the deployment of your workload. |
| | | |
| | | * You can modify any of these default values by adding |
| | | `-e"variable_name=variable_value"` to the command line |
| | | |
| | | === Deploy Workload on OpenShift Cluster from an existing playbook: |
| | | |
| | | [source,yaml] |
| | | ---- |
| | | - name: Deploy a workload role on a master host |
| | | hosts: all |
| | | become: true |
| | | gather_facts: False |
| | | tags: |
| | | - step007 |
| | | roles: |
| | | - { role: "{{ ANSIBLE_REPO_PATH }}/roles/{{ocp_workload}}", when: 'ocp_workload is defined' } |
| | | |
| | | ---- |
| | | NOTE: You might want to change `hosts: all` to fit your requirements |
| | | |
| | | |
| | | === Common configuration to run these playbooks |
| | | You should have these environment variables defined/exported in your system in order |
| | | to run these playbooks. |
| | | |
| | | ---- |
| | | HOST_GUID=dev37 |
| | | TARGET_HOST="bastion.$HOST_GUID.openshift.opentlc.com" |
| | | OCP_USERNAME="jmorales-redhat.com" |
| | | SSH_USER="opentlc-mgr" |
| | | SSH_PRIVATE_KEY="id_rsa" |
| | | GUID=unpoucode |
| | | ---- |
| | | |
| | | === Deploy a Workload with the `ocp-workload` playbook [Mostly for testing] |
| | | ---- |
| | | WORKLOAD="ocp-workload-parksmap-demo" |
| | | |
| | | # a TARGET_HOST is specified in the command line, without using an inventory file |
| | | ansible-playbook -i ${TARGET_HOST}, ./configs/ocp-workloads/ocp-workload.yml \ |
| | | -e"ansible_ssh_private_key_file=~/.ssh/${SSH_PRIVATE_KEY}" \ |
| | | -e"ansible_ssh_user=${SSH_USER}" \ |
| | | -e"ANSIBLE_REPO_PATH=`pwd`" \ |
| | | -e"ocp_username=${OCP_USERNAME}" \ |
| | | -e"ocp_workload=${WORKLOAD}" \ |
| | | -e"guid=${GUID}" \ |
| | | -e"ocp_user_needs_quota=true" \ |
| | | -e"ocp_master=master.${HOST_GUID}.openshift.opentlc.com" \ |
| | | -e"ocp_apps_domain=apps.${HOST_GUID}.openshift.opentlc.com" \ |
| | | -e"ACTION=create" |
| | | ---- |
| | | |
| | | === To Delete an environment |
| | | Use the common configuration first. Then run this. |
| | | |
| | | ---- |
| | | WORKLOAD="ocp-workload-parksmap-demo" |
| | | |
| | | # a TARGET_HOST is specified in the command line, without using an inventory file |
| | | ansible-playbook -i ${TARGET_HOST}, ./configs/ocp-workloads/ocp-workload.yml \ |
| | | -e"ansible_ssh_private_key_file=~/.ssh/${SSH_PRIVATE_KEY}" \ |
| | | -e"ansible_ssh_user=${SSH_USER}" \ |
| | | -e"ANSIBLE_REPO_PATH=`pwd`" \ |
| | | -e"ocp_username=${OCP_USERNAME}" \ |
| | | -e"ocp_workload=${WORKLOAD}" \ |
| | | -e"guid=${GUID}" \ |
| | | -e"ACTION=remove" |
| | | ---- |
| | | |
| | | == Set up your Ansible inventory file |
| | | |
| | | * You can create an Ansible inventory file to define your connection |
| | | method to your host (Master/Bastion with OC command) |
| | | |
| | | * You can also use the command line to define the hosts directly if your `ssh` |
| | | configuration is set to connect to the host correctly |
| | | |
| | | * You can also use the command line to use localhost or if your cluster is |
| | | already authenticated and configured in your `oc` configuration |
| | | [source, ini] |
| | | |
| | | .example inventory file |
| | | ---- |
| | | [gptehosts:vars] |
| | | ansible_ssh_private_key_file=~/.ssh/keytoyourhost.pem |
| | | ansible_ssh_user=ec2-user |
| | | |
| | | [gptehosts:children] |
| | | openshift |
| | | |
| | | [openshift] |
| | | bastion.cluster1.openshift.opentlc.com |
| | | bastion.cluster2.openshift.opentlc.com |
| | | bastion.cluster3.openshift.opentlc.com ansible_ssh_host=ec2-11-111-111-11.us-west-2.compute.amazonaws.com |
| | | bastion.cluster4.openshift.opentlc.com |
| | | |
| | | |
| | | [dev] |
| | | bastion.cluster1.openshift.opentlc.com |
| | | bastion.cluster2.openshift.opentlc.com |
| | | |
| | | |
| | | [prod] |
| | | bastion.cluster3.openshift.opentlc.com |
| | | bastion.cluster4.openshift.opentlc.com |
| | | ---- |
New file |
| | |
| | | --- |
| | | - name: Running Pre Workload Tasks |
| | | include: ./pre_workload.yml |
| | | become: false |
| | | when: ACTION == "create" or ACTION == "provision" |
| | | |
| | | - name: Running Workload Tasks |
| | | include: ./workload.yml |
| | | become: false |
| | | when: ACTION == "create" or ACTION == "provision" |
| | | |
| | | - name: Running Post Workload Tasks |
| | | include: ./post_workload.yml |
| | | become: false |
| | | when: ACTION == "create" or ACTION == "provision" |
| | | |
| | | - name: Running Workload removal Tasks |
| | | include: ./remove_workload.yml |
| | | become: false |
| | | when: ACTION == "destroy" or ACTION == "remove" |
New file |
| | |
| | | --- |
| | | - name: Delete the remote files used in this role |
| | | file: |
| | | path: /tmp/{{guid}} |
| | | state: absent |
| | | |
| | | - name: post_workload Tasks Complete |
| | | debug: |
| | | msg: "Post-Software checks completed successfully" |
New file |
| | |
| | | --- |
| | | |
| | | # - name: Add user to developer group (allowed to create projects) |
| | | # shell: "oadm groups add-users {{item}} {{ocp_username}}" |
| | | # register: groupadd_register |
| | | # with_items: "{{ocp_user_groups}}" |
| | | # when: ocp_username is defined and ocp_user_groups is defined |
| | | # |
| | | # - name: test that command worked |
| | | # debug: |
| | | # var: groupadd_register |
| | | # verbosity: 2 |
| | | |
| | | - name: Create user Quota - clusterresourcequota |
| | | shell: | |
| | | oc create clusterquota clusterquota-"{{ocp_username}}-{{guid}}" \ |
| | | --project-annotation-selector=openshift.io/requester="{{ocp_username}}" \ |
| | | --hard requests.cpu="{{quota_requests_cpu}}" \ |
| | | --hard limits.cpu="{{quota_limits_cpu}}" \ |
| | | --hard requests.memory="{{quota_requests_memory}}" \ |
| | | --hard limits.memory="{{quota_limits_memory}}" \ |
| | | --hard configmaps="{{quota_configmaps}}" \ |
| | | --hard pods="{{quota_pods}}" \ |
| | | --hard persistentvolumeclaims="{{quota_persistentvolumeclaims}}" \ |
| | | --hard services="{{quota_services}}" \ |
| | | --hard secrets="{{quota_secrets}}" \ |
| | | --hard requests.storage="{{quota_requests_storage}}" |
| | | ignore_errors: true |
| | | |
| | | - name: Copy the files used in this role |
| | | synchronize: |
| | | src: "files/" |
| | | dest: "/tmp/{{guid}}/" |
| | | rsync_opts: |
| | | - "--no-motd" |
| | | - "--exclude=.git,*.qcow2" |
| | | |
| | | - name: pre_workload Tasks Complete |
| | | debug: |
| | | msg: "Pre-Software checks completed successfully" |
New file |
| | |
| | | --- |
| | | - name: post_workload Tasks Complete |
| | | debug: |
| | | msg: "Pre-Software checks completed successfully - Removed" |
| | | |
| | | - name: define ocp_project |
| | | set_fact: |
| | | ocp_project: "parksmap-{{guid}}" |
| | | ocp_project_completed: "parksmap-{{guid}}-completed" |
| | | |
| | | - name: Remove user Project |
| | | shell: "oc delete project {{ocp_project}}" |
| | | ignore_errors: true |
| | | |
| | | - name: Remove user Project |
| | | shell: "oc delete project {{ocp_project_completed}}" |
| | | ignore_errors: true |
| | | |
| | | - name: Remove user Quota - oc delete clusterresourcequota "clusterquota-{{ocp_username}}-{{guid}}" |
| | | shell: oc delete clusterresourcequota clusterquota-{{ocp_username}}-{{guid}} |
| | | ignore_errors: true |
| | | |
| | | - name: post_workload Tasks Complete |
| | | debug: |
| | | msg: "Post-Software checks completed successfully - Removed" |
New file |
| | |
| | | --- |
| | | - name: define ocp_project |
| | | set_fact: |
| | | ocp_project: "parksmap-{{guid}}" |
| | | ocp_project_completed: "parksmap-{{guid}}-completed" |
| | | |
| | | # Templates come from here: https://raw.githubusercontent.com/jorgemoralespou/ose-sample-apps-layouts |
| | | |
| | | - name: Create project for completed parksmap example |
| | | shell: | |
| | | oc new-project {{ocp_project_completed}} \ |
| | | --display-name="Parksmap (completed)" \ |
| | | --description="Project with the Parksmap demo completed (and guides)" |
| | | ignore_errors: true |
| | | |
| | | - name: Deploy Parksmap |
| | | shell: "oc apply -f /tmp/{{guid}}/workshop-parksmap.yaml -n {{ocp_project_completed}}" |
| | | |
| | | - name: Deploy Nationalparks |
| | | shell: "oc apply -f /tmp/{{guid}}/workshop-nationalparks.yaml -n {{ocp_project_completed}}" |
| | | |
| | | - name: Deploy MLBParks |
| | | shell: "oc apply -f /tmp/{{guid}}/workshop-mlbparks.yaml -n {{ocp_project_completed}}" |
| | | |
| | | - name: Add the template guide |
| | | shell: "oc apply -f /tmp/{{guid}}/workshopper-template.yaml -n {{ocp_project_completed}}" |
| | | |
| | | - name: Deploy the guide to follow |
| | | shell: | |
| | | oc new-app guide \ |
| | | -p CONTENT_URL_PREFIX=https://raw.githubusercontent.com/osevg/workshopper-content/master \ |
| | | -p WORKSHOPS_URLS=https://raw.githubusercontent.com/jorgemoralespou/workshopper-content/GPE/_workshops/gpe-parksmap-demo.yml \ |
| | | -p CONSOLE_ADDRESS={{ocp_master}} \ |
| | | -p ROUTER_ADDRESS={{ocp_apps_domain}} \ |
| | | -n "{{ocp_project_completed}}" |
| | | |
| | | - name: Print where's the guide |
| | | debug: |
| | | msg: "Guide has been installed in http://guides-{{ocp_project_completed}}.{{ocp_apps_domain}}" |
| | | |
| | | - name: Annotate the completed project as requested by user |
| | | shell: "oc annotate namespace {{ocp_project_completed}} openshift.io/requester={{ocp_username}} --overwrite" |
| | | |
| | | - name: Give user access to the completed project |
| | | shell: "oc policy add-role-to-user admin {{ocp_username}} -n {{ocp_project_completed}}" |
| | | |
| | | # |
| | | # Now create an empty project for the user to execute the demo themselves |
| | | # |
| | | |
| | | - name: Create project for empty parksmap |
| | | shell: | |
| | | oc new-project {{ocp_project}} \ |
| | | --display-name="Parksmap" \ |
| | | --description="Project to exercise the Parksmap demo" |
| | | ignore_errors: true |
| | | |
| | | - name: Annotate the empty project as requested by user |
| | | shell: "oc annotate namespace {{ocp_project}} openshift.io/requester={{ocp_username}} --overwrite" |
| | | |
| | | - name: Give user access to the empty project |
| | | shell: "oc policy add-role-to-user admin {{ocp_username}} -n {{ocp_project}}" |
| | | |
| | | - name: workload Tasks Complete |
| | | debug: |
| | | msg: workload Tasks Complete |
| | |
| | | group: "{{ item.name }}" |
| | | recurse: yes |
| | | with_items: "{{ mgr_users }}" |
| | | |
| | | - name: Set .ssh permissions |
| | | file: |
| | | path: "{{ item.home }}/.ssh" |
| | | owner: "{{ item.name }}" |
| | | mode: 0700 |
| | | recurse: yes |
| | | with_items: "{{ mgr_users }}" |
| | |
| | | - name: Configuring Nfs Host |
| | | gather_facts: False |
| | | become: yes |
| | | hosts: "{{ ('tag_' ~ env_type ~ '_' ~ guid ~ '_support') | replace('-', '_') }}" |
| | | order: sorted |
| | | hosts: |
| | | - support |
| | | - "{{ ('tag_' ~ env_type ~ '_' ~ guid ~ '_support') | replace('-', '_') }}" |
| | | vars_files: |
| | | - "../configs/{{ env_type }}/env_vars.yml" |
| | | roles: |
| | |
| | | ENVTYPE_ARGS=( |
| | | -e osrelease=3.5.5.31 |
| | | -e "bastion_instance_type=t2.large" |
| | | -e "master_instance_type=c4.xlarge" |
| | | -e "master_instance_type=c4.xlarge" |
| | | -e "infranode_instance_type=c4.4xlarge" |
| | | -e "node_instance_type=c4.4xlarge" |
| | | -e "nfs_instance_type=m3.large" |