ansible/roles/ocp-workload-codeready-workspaces/defaults/main.yml
New file @@ -0,0 +1,35 @@ --- become_override: False ocp_username: mcouliba-redhat.com ocp_user_needs_quota: True ocp_user_groups: - OPENTLC-PROJECT-PROVISIONERS quota_requests_cpu: 5 quota_limits_cpu: 10 quota_requests_memory: '6Gi' quota_limits_memory: '20Gi' quota_configmaps: 10 quota_pods: 20 quota_persistentvolumeclaims: 20 quota_services: 30 quota_secrets: 30 quota_requests_storage: 50Gi silent: false project_name: codeready-workspaces project_display_name: CodeReady Workspaces IDE project_desc: CodeReady Workspaces IDE based on Eclipse Che operator_service_account_name: codeready-workspaces-operator operator_pod_name: codeready-workspaces-operator operator_image_name: registry.access.redhat.com/codeready-workspaces/server-operator operator_image_tag: 1.0 codeready_image_name: registry.access.redhat.com/codeready-workspaces/server codeready_image_tag: 1.0 codeready_plugin_registry_url: https://che-plugin-registry.openshift.io ansible/roles/ocp-workload-codeready-workspaces/readme.adoc
New file @@ -0,0 +1,125 @@ = ocp-workload-codeready-workspaces - Sample Config == Role overview * This is a simple role that does the following: ** Playbook: link:./tasks/pre_workload.yml[pre_workload.yml] - Sets up an environment for the workload deployment *** Adds a user to a list of groups defined in the link:./defaults/main.yml[defaults file]. *** Sets a cluster resource quota for the user based on the variables in the link:./defaults/main.yml[defaults file] . *** Debug task will print out: `pre_workload Tasks Complete` ** Playbook: link:./tasks/workload.yml[workload.yml] - Used to deploy the actual workload, i.e, 3scale, Mobile or some Demo *** This role doesn't do anything here *** Debug task will print out: `workload Tasks Complete` ** Playbook: link:./tasks/post_workload.yml[post_workload.yml] - Used to configure the workload after deployment *** This role doesn't do anything here *** Debug task will print out: `post_workload Tasks Complete` == Set up your Ansible inventory file * You will need to create an Ansible inventory file to define your connection method to your host (Master/Bastion with OC command) * You can also use the command line to define the hosts directly if your `ssh` configuration is set to connect to the host correctly * You can also use the command line to use localhost or if your cluster is already authenticated and configured in your `oc` configuration [source, ini] .example inventory file ---- [gptehosts:vars] ansible_ssh_private_key_file=~/.ssh/keytoyourhost.pem ansible_user=ec2-user [gptehosts:children] openshift [openshift] bastion.cluster1.openshift.opentlc.com bastion.cluster2.openshift.opentlc.com bastion.cluster3.openshift.opentlc.com ansible_ssh_host=ec2-11-111-111-11.us-west-2.compute.amazonaws.com bastion.cluster4.openshift.opentlc.com [dev] bastion.cluster1.openshift.opentlc.com bastion.cluster2.openshift.opentlc.com [prod] bastion.cluster3.openshift.opentlc.com bastion.cluster4.openshift.opentlc.com ---- == Review the defaults variable file * This file link:./defaults/main.yml[./defaults/main.yml] contains all the variables you need to define to control the deployment of your workload. * You can modify any of these default values by adding `-e"variable_name=variable_value"` to the command line === Deploy Workload on OpenShift Cluster from an existing playbook: [source,yaml] ---- - name: Deploy a workload role on a master host hosts: all become: true gather_facts: False tags: - step007 roles: - { role: "{{ocp_workload}}", when: 'ocp_workload is defined' } ---- NOTE: You might want to change `hosts: all` to fit your requirements === Deploy a Workload with the `ocp-workload` playbook [Mostly for testing] ---- HOST_GUID=dev311 TARGET_HOST="bastion.dev311.openshift.opentlc.com" OCP_USERNAME="mcouliba-redhat.com" WORKLOAD="ocp-workload-codeready-workspaces" GUID=1907 # a TARGET_HOST is specified in the command line, without using an inventory file ansible-playbook -i ${TARGET_HOST}, ./configs/ocp-workloads/ocp-workload.yml \ -e"ansible_ssh_private_key_file=~/.ssh/id_rsa" \ -e"ansible_user=opentlc-mgr" \ -e"ocp_username=${OCP_USERNAME}" \ -e"ocp_workload=${WORKLOAD}" \ -e"guid=${GUID}" \ -e"ocp_apps_domain=apps.${HOST_GUID}.openshift.opentlc.com" \ -e"ACTION=create" ---- === To Delete an environment ---- HOST_GUID=dev311 TARGET_HOST="bastion.dev311.openshift.opentlc.com" OCP_USERNAME="mcouliba-redhat.com" WORKLOAD="ocp-workload-codeready-workspaces" GUID=1907 # a TARGET_HOST is specified in the command line, without using an inventory file ansible-playbook -i ${TARGET_HOST}, ./configs/ocp-workloads/ocp-workload.yml \ -e"ansible_ssh_private_key_file=~/.ssh/id_rsa" \ -e"ansible_user=opentlc-mgr" \ -e"ocp_username=${OCP_USERNAME}" \ -e"ocp_workload=${WORKLOAD}" \ -e"guid=${GUID}" \ -e"ACTION=remove" ---- ansible/roles/ocp-workload-codeready-workspaces/tasks/description.html
New file @@ -0,0 +1,14 @@ <h1>CodeReady Workspaces</h1> <p><i>CodeReady Workspaces Demo</i> guides you how to run a demo using CodeReady Workspaces. This demo walks the audience through the process and concepts of using CodeReady Workspaces on OpenShift.</p> <p>Products and Projects:</p> <ul> <li>OpenShift Container Platform</li> <li>CodeReady Workspaces</li> </ul> <b>Provisioning Time:</b> ~15 min <br> <br> <p><b>Need support?</b><br>Contact <a href="mailto:rhpds-admins@redhat.com">rhpds-admins@redhat.com</a></p> ansible/roles/ocp-workload-codeready-workspaces/tasks/main.yml
New file @@ -0,0 +1,23 @@ --- # Do not modify this file - name: Running Pre Workload Tasks import_tasks: ./pre_workload.yml become: "{{ become_override | bool }}" when: ACTION == "create" or ACTION == "provision" - name: Running Workload Tasks import_tasks: ./workload.yml become: "{{ become_override | bool }}" when: ACTION == "create" or ACTION == "provision" - name: Running Post Workload Tasks import_tasks: ./post_workload.yml become: "{{ become_override | bool }}" when: ACTION == "create" or ACTION == "provision" - name: Running Workload removal Tasks import_tasks: ./remove_workload.yml become: "{{ become_override | bool }}" when: ACTION == "destroy" or ACTION == "remove" ansible/roles/ocp-workload-codeready-workspaces/tasks/post_workload.yml
New file @@ -0,0 +1,9 @@ --- # Implement your Post Workload deployment tasks here # Leave this as the last task in the playbook. - name: post_workload tasks complete debug: msg: "Post-Workload Tasks completed successfully." when: not silent|bool ansible/roles/ocp-workload-codeready-workspaces/tasks/pre_workload.yml
New file @@ -0,0 +1,36 @@ --- # Implement your Pre Workload deployment tasks here - name: Add user to developer group (allowed to create projects) command: "oadm groups add-users {{item}} {{ocp_username}}" register: groupadd_register with_items: "{{ocp_user_groups}}" when: - ocp_username is defined - ocp_user_groups | default([]) | length > 0 - name: test that command worked debug: var: groupadd_register verbosity: 2 - name: Create user Quota - clusterresourcequota command: | oc create clusterquota clusterquota-"{{ocp_username}}-{{guid}}" \ --project-annotation-selector=openshift.io/requester="{{ocp_username}}" \ --hard requests.cpu="{{quota_requests_cpu}}" \ --hard limits.cpu="{{quota_limits_cpu}}" \ --hard requests.memory="{{quota_requests_memory}}" \ --hard limits.memory="{{quota_limits_memory}}" \ --hard configmaps="{{quota_configmaps}}" \ --hard pods="{{quota_pods}}" \ --hard persistentvolumeclaims="{{quota_persistentvolumeclaims}}" \ --hard services="{{quota_services}}" \ --hard secrets="{{quota_secrets}}" \ --hard requests.storage="{{quota_requests_storage}}" ignore_errors: true # Leave this as the last task in the playbook. - name: pre_workload tasks complete debug: msg: "Pre-Workload tasks completed successfully." when: not silent|bool ansible/roles/ocp-workload-codeready-workspaces/tasks/remove_workload.yml
New file @@ -0,0 +1,30 @@ --- - name: define codeready_project set_fact: codeready_project: "{{ project_name }}-{{ guid }}" - name: Remove user from developer group - (remove ability to create projects) command: "oadm groups remove-users {{item}} {{ocp_username}}" register: groupadd_register with_items: "{{ocp_user_groups}}" when: - ocp_username is defined - ocp_user_groups | default([]) | length > 0 - name: Remove user Quota - oc delete clusterresourcequota "clusterquota-{{ocp_username}}-{{guid}}" command: oc delete clusterresourcequota clusterquota-{{ocp_username}}-{{guid}} ignore_errors: true - name: Remove user Quota - oc delete clusterresourcequota "clusterquota-{{ocp_username}}" command: oc delete clusterresourcequota clusterquota-{{ocp_username}} ignore_errors: true - name: Remove user Project 'codeready_project' shell: "oc delete project {{codeready_project}}" ignore_errors: true # Leave this as the last task in the playbook. - name: remove_workload tasks complete debug: msg: "Remove Workload tasks completed successfully." when: not silent|bool ansible/roles/ocp-workload-codeready-workspaces/tasks/workload.yml
New file @@ -0,0 +1,75 @@ --- - name: define codeready_project set_fact: codeready_project: "{{ project_name }}-{{ guid }}" - name: create {{ codeready_project }} project command: > oc new-project {{ codeready_project }} --display-name='{{ project_display_name }}' --description='{{ project_desc }}' - name: check if {{ operator_service_account_name }} service account exists command: "oc get sa {{ operator_service_account_name }} -n {{ codeready_project }}" register: service_account_result ignore_errors: true - name: create service acccount for the operator command: "oc create sa {{ operator_service_account_name }} -n {{ codeready_project }}" when: service_account_result is failed - name: grant admin role to the service acccount command: > oc create rolebinding {{ operator_service_account_name }} --clusterrole=admin --serviceaccount={{ codeready_project }}:{{ operator_service_account_name }} -n {{ codeready_project }} - name: Initialize the configuration template: src: "{{ role_path }}/templates/crw-config.yaml.j2" dest: /tmp/crw-config.yaml force: true - name: create ConfigMap shell: "oc create -f /tmp/crw-config.yaml -n {{ codeready_project }}" - name: check if {{ operator_pod_name }} pod exists command: "oc get pod {{ operator_pod_name }} -n {{ codeready_project }}" register: cmd_result ignore_errors: true - name: delete {{ operator_pod_name }} pod command: "oc delete pod {{ operator_pod_name }} -n {{ codeready_project }}" when: cmd_result is success - name: Deploy CodeReady Workspaces command: > oc run "{{ operator_pod_name }}" -n {{ codeready_project }} -i --restart=Never --serviceaccount={{ operator_service_account_name }} --image "{{ operator_image_name }}:{{ operator_image_tag }}" --overrides='{ "spec": { "containers": [ { "image": "{{ operator_image_name }}:{{ operator_image_tag }}" , "name": "che-operator" , "imagePullPolicy":"IfNotPresent" ,"envFrom":[ { "configMapRef": { "name": "che-operator" } }] }] } }' # Leave this as the last task in the playbook. - name: workload tasks complete debug: msg: "Workload Tasks completed successfully." when: not silent|bool ansible/roles/ocp-workload-codeready-workspaces/templates/crw-config.yaml.j2
New file @@ -0,0 +1,118 @@ # # Copyright (c) 2012-2018 Red Hat, Inc. # This program and the accompanying materials are made # available under the terms of the Eclipse Public License 2.0 # which is available at https://www.eclipse.org/legal/epl-2.0/ # # SPDX-License-Identifier: EPL-2.0 # # Contributors: # Red Hat, Inc. - initial API and implementation --- apiVersion: v1 kind: ConfigMap metadata: name: che-operator data: ############################ ## General Che Settings #### ############################ # CHE flavor. Upstream `che` or Red Hat `codeready`. Defaults to `che` CHE_FLAVOR: "codeready" # Docker image for Che server. Defaults to eclipse/che-server:latest. Keep blank unless you need to deploy your custom image CHE_IMAGE: "{{ codeready_image_name }}:{{ codeready_image_tag }}" # TLS support in Che. Defaults to false CHE_TLS_SUPPORT: "" # PVC strategy for Che workspaces. Defaults to 'common' where all workspaces use one shared PVC # A 'unique' strategy implies that each workspaces gets own PVCs CHE_INFRA_KUBERNETES_PVC_STRATEGY: "unique" # Workspace PVC claim. Defaults to 1Gi. It is recommended to increase it when using shared PVC CHE_INFRA_KUBERNETES_PVC_QUANTITY: "" # Content of your self signed cert as string, e.g: # cat root ca.crt | base64 -w 0 CHE_SELF__SIGNED__CERT: "" # enable Login with OpenShift in Codeready Workspaces. OpenShift only. Defaults to false CHE_OPENSHIFT_OAUTH: "" # OpenShift API endpoint URL. Required only when OPENSHIFT_OAUTH is true. Auto detected CHE_OPENSHIFT_API_URL: "" # Plugin registry URL. Defaults to https://che-plugin-registry.openshift.io CHE_WORKSPACE_PLUGIN__REGISTRY__URL: "{{ codeready_plugin_registry_url }}" # Ask for password update at first login as Che admin user. Defaults to true, i.e. you will be asked to update password CHE_UPDATE_CHE_ADMIN_PASSWORD: "false" ############################ ## Che Proxy settings ## ############################ # proxy settings for workspace master, for example: # -Dhttp.proxyHost=host -Dhttp.proxyPort=8080 -Dhttps.proxyHost=host -Dhttps.proxyPort=8080 -Dhttp.nonProxyHosts='localhost^|127.0.0.1^|*.foo.com' CHE_WORKSPACE_MASTER_PROXY_JAVA_OPTS: "" # proxy settings for workspace JVM, Maven and workspace agent: # -Dhttp.proxyHost=host -Dhttp.proxyPort=8080 -Dhttps.proxyHost=host -Dhttps.proxyPort=8080 -Dhttp.nonProxyHosts='localhost^|127.0.0.1^|*.foo.com' CHE_WORKSPACE_PROXY_JAVA_OPTS: "" # http proxy for workspaces, e.g. 'http://myproxy:8051' CHE_WORKSPACE_HTTP__PROXY: "" # https proxy for workspaces, e.g. 'http://myproxy:8051' CHE_WORKSPACE_HTTPS__PROXY: "" # no_proxy for workspaces, e.g. 'localhost,10.2.34.54' CHE_WORKSPACE_NO__PROXY: "" ############################ ## Database settings ## ############################ # use external existing Postgres DB. Defaults to false which means a new instance of Postgres will be started # when set to true, provide connection details and make sure DB user is a SUPERUSER CHE_EXTERNAL_DB: "" # DB hostname CHE_DB_HOSTNAME: "" # DB port CHE_DB_PORT: "5432" # DB database CHE_DB_DATABASE: "" # DB username CHE_JDBC_USERNAME: "" # DB password CHE_JDBC_PASSWORD: "" # Your DB admin password CHE_DB_ADMIN_PASSWORD: "" ############################ ## Keycloak settings ####### ############################ # Connect to an existing external Keycloak # and skip deploying a dedicated Keycloak instance. Defaults to false CHE_EXTERNAL_KEYCLOAK: "" # Keycloak/Red Hat SSO CHE_KEYCLOAK_AUTH__SERVER__URL: "" # Keyloak Admin Username. # Not required when connecting to an existing realm CHE_KEYCLOAK_ADMIN_USERNAME: "" # Keycloak admin password. Auto-generated if empty CHE_KEYCLOAK_ADMIN_PASSWORD: "admin" # Red Hat SSO realm CHE_KEYCLOAK_REALM: "" # Red Hat SSO client ID CHE_KEYCLOAK_CLIENT__ID: "" ############################ ## k8s only settings ####### ############################ # k8s ingress domain CHE_INFRA_KUBERNETES_INGRESS_DOMAIN: "" # ingress strategy. Defaults to multi-host CHE_INFRA_KUBERNETES_SERVER__STRATEGY: "" # defaults to nginx CHE_INGRESS_CLASS: "" CHE_INFRA_KUBERNETES_TLS__SECRET: "" ############################ ## Operator settings ####### ############################ # wait timeout for an Operator to watch deployments # defaults to 420 seconds WAIT_DEPLOYMENT_TIMEOUT: ""