reset ocp-workload-migration to engineerins work (#997)

Judd Maltin

2020-01-16 b8738e426b8b5f54e792bea0d2cb7d1bba34633c

reset ocp-workload-migration to engineerins work (#997)

 ansible/roles/ocp-workload-migration/defaults/main.yml

@@ -1,8 +1,13 @@
mig_operator_repo: https://github.com/fusor/mig-operator
mig_operator_repo_branch: master
mig_operator_version: latest
mig_ocp_version: 3
mig_ocp_version: 4

# workload vars
migration_workload_destroy: "{{ False if (ACTION=='create' or ACTION=='provision') else True }}"
migration_workload_title: "{{ 'Creating' if not migration_workload_destroy else 'Removing' }}"
migration_workload_state: "{{ 'present' if not migration_workload_destroy else 'absent' }}"     # state of k8s resources
silent: false

# undefined variables 
# mig_operator_ui_cluster_api_endpoint:

 ansible/roles/ocp-workload-migration/files/cors.yaml

File was deleted

 ansible/roles/ocp-workload-migration/files/lab8/deploy.sh

File was deleted

 ansible/roles/ocp-workload-migration/files/lab8/destroy.sh

File was deleted

 ansible/roles/ocp-workload-migration/files/lab8/probe.sh

File was deleted

 ansible/roles/ocp-workload-migration/tasks/post_workload.yml

@@ -1,24 +1,43 @@
---
# Implement your Post Workload deployment tasks here
- name: "Checking if NooBaa system exists..."
  shell: "oc get project {{ noobaa_namespace|d('noobaa') }}"
  register: noobaa_status
  ignore_errors: true

# Leave these as the last tasks in the playbook
- block:
    - name: "Getting NooBaa endpoint"
      shell: "oc get route s3 -n {{ noobaa_namespace|d('noobaa') }} -o go-template='{{ '{{' }} .spec.host {{ '}}' }}{{ '{{' }} println {{ '}}' }}'"
      register: noobaa_endpoint
    - name: "Creating temp directory"
      tempfile:
        state: directory
      register: tmp_dir
    - name: "Getting AWS key"
      shell: "oc get secret noobaa-admin -n noobaa -o go-template='{{ '{{' }} .data.AWS_ACCESS_KEY_ID {{ '}}' }}{{ '{{' }} println {{ '}}' }}'|base64 --decode"
      register: noobaa_aws_key
    - name: "Getting AWS key"
      shell: "oc get secret noobaa-admin -n noobaa -o go-template='{{ '{{' }} .data.AWS_SECRET_ACCESS_KEY {{ '}}' }}{{ '{{' }} println {{ '}}' }}'|base64 --decode"
      register: noobaa_aws_secret
    - name: "Generating migstorage definition"
      template:
        src: "migstorage.yaml.j2"
        dest: "{{ tmp_dir.path }}/migstorage.yaml"
      vars: 
        - noobaa_s3_url: "http://{{ noobaa_endpoint.stdout }}"
        - noobaa_key: "{{ noobaa_aws_key.stdout }}"
        - noobaa_secret: "{{ noobaa_aws_secret.stdout }}"
        - noobaa_region: "{{ region|d('us-east-1') }}"
    - name: "Creating migstorage"
      shell: "oc apply -f {{ tmp_dir.path }}/migstorage.yaml"
  when: noobaa_status.rc == 0 and not migration_workload_destroy|bool

# For deployment onto a dedicated cluster (as part of the
# cluster deployment) set workload_shared_deployment to False
# This is the default so it does not have to be set explicitely
- name: pre_workload tasks complete
- name: "Cleaning up temp directory"
  file: 
    path: "{{ repodir.path }}"
    state: absent

# Leave this as the last task in the playbook.
- name: post_workload tasks complete
  debug:
    msg: "Post-Workload tasks completed successfully."
  when:
  - not silent|bool
  - not workload_shared_deployment|d(False)

# For RHPDS deployment (onto a shared cluster) set
# workload_shared_deployment to True
# (in the deploy script or AgnosticV configuration)
- name: pre_workload tasks complete
  debug:
    msg: "Post-Software checks completed successfully"
  when:
  - not silent|bool
  - workload_shared_deployment|d(False)
    msg: "Post-Workload Tasks completed successfully."
  when: not silent|bool

 ansible/roles/ocp-workload-migration/tasks/pre_workload.yml

@@ -1,7 +1,4 @@
---
# Implement your Pre Workload deployment tasks here


- wait_for:
    port: 22
    host: "bastion.{{ guid }}.internal"
@@ -9,39 +6,96 @@
  register: status
  ignore_errors: true

- name: copy lab scripts to bastion
  delegate_to: "{{ bastion_host | d( groups.bastions | first ) }}"
  become: true
  copy:
    src: "{{ role_path }}/files/"
    dest: "/root/"
- block:
  - name: "Ensuring SSH directory"
    file:
      path: "/home/{{ student_name }}/.ssh"
      state: directory
      owner: "{{ student_name }}"

- name: "Downloading CPMA binary to bastion"
  delegate_to: "{{ bastion_host | d( groups.bastions | first ) }}"
  become: true
  get_url:
    url: "https://cpma.s3.us-east-2.amazonaws.com/cpma"
    dest: "/root/cpma"
    mode: "u+rwx"
  - name: "Checking if SSH keys exist on bastion"
    stat: 
      path: /home/{{ student_name }}/.ssh/openshift_key
    register: ssh_key

# Leave these as the last tasks in the playbook
  - name: "Creating SSH keys on bastion"
    shell: "ssh-keygen -q -t rsa -f /home/{{ student_name }}/.ssh/openshift_key -C '' -N ''"
    when: not ssh_key.stat.exists|d('false')

# For deployment onto a dedicated cluster (as part of the
# cluster deployment) set workload_shared_deployment to False
# This is the default so it does not have to be set explicitely
  - name: "Fixing permissions of SSH key"
    file:
      path: "/home/{{ student_name }}/.ssh/{{ item }}"
      owner: "{{ student_name }}"
      mode: "0600"
    loop:
      - "openshift_key"
      - "openshift_key.pub"
    when: ssh_key.stat.exists|d('false')

  - name: "Finding SSH key"
    stat: 
      path: /home/{{ student_name }}/.ssh/openshift_key.pub
    register: public_key

  - name: "Reading public key"
    shell: "cat /home/{{ student_name }}/.ssh/openshift_key.pub"
    register: pub_key_contents
    when: public_key.stat.exists|d('false')
  
  - name: "Downloading lab scripts [1]"
    tempfile: 
      state: directory
    register: scripts_dir

  - name: "Downloading lab scripts [2]"
    git:
      repo: "https://github.com/fusor/mig-agnosticd"
      dest: "{{ scripts_dir.path }}"

  - name: "Downloading lab scripts [3]"
    copy:
      src: "{{ scripts_dir.path }}/demos/2019_RHTE/labs/{{ item }}"
      dest: "/home/{{ student_name }}"
      remote_src: true
      owner: "{{ student_name }}"
      mode: "u+rwx"
    loop:
      - 'scripts'
      - 'files'

  - name: "Downloading CPMA binary to bastion"
    get_url:
      url: "{{ item.src }}"
      dest: "{{ item.dest }}"
      owner: "{{ student_name }}"
      mode: "u+rwx"
    loop:
      - { dest: "/home/{{ student_name }}/cpma", src: "https://cpma.s3.us-east-2.amazonaws.com/cpma" }
  when: student_name is defined and not status.failed
  delegate_to: "{{ groups.bastions | first }}"
  become: yes

- name: "Adding public key to authorized_keys"
  authorized_key:
    user: "{{ migration_master_user_name | d('ec2-user') }}"
    state: present
    key: "{{ pub_key_contents.stdout }}"
  when: pub_key_contents.stdout is defined and student_name is defined

- name: "Creating temp directory for operator repo"
  tempfile: 
    state: directory
    suffix: mig-operator
  register: repodir

- name: "Checking out operator repo"
  git:
    repo: "{{ mig_operator_repo }}"
    dest: "{{ repodir.path }}"
    version: "{{ mig_operator_repo_branch }}"

# Leave this as the last task in the playbook.
- name: pre_workload tasks complete
  debug:
    msg: "Pre-Workload tasks completed successfully."
  when:
  - not silent|bool
  - not workload_shared_deployment|d(False)

# For RHPDS deployment (onto a shared cluster) set
# workload_shared_deployment to True
# (in the deploy script or AgnosticV configuration)
- name: pre_workload tasks complete
  debug:
    msg: "Pre-Software checks completed successfully"
  when:
  - not silent|bool
  - workload_shared_deployment|d(False)
  when: not silent|bool

 ansible/roles/ocp-workload-migration/tasks/remove_workload.yml

@@ -1,9 +1,15 @@
---
- name: "Removing controller and operator"
  debug: msg="Not Implemented"
- name: "Removing workload"
  include_tasks: "{{ item }}"
  with_items:
    - './pre_workload.yml'
    - './workload.yml'
    - './post_workload.yml'
  vars:
    migration_workload_destroy: yes

# Leave this as the last task in the playbook.
- name: remove_workload tasks complete
  debug:
    msg: "Remove Workload tasks completed successfully."
  when: not silent|bool
  when: not silent|bool

 ansible/roles/ocp-workload-migration/tasks/workload.yml

@@ -1,12 +1,16 @@
---
# Implement your Workload deployment tasks here

- name: Setting up workload for user
  debug:
    msg: "Setting up workload for user ocp_username = {{ ocp_username }}"

- name: "Creating controller and operator"
  debug: msg="Student creates the workload"
  shell: "oc apply -f {{ repodir.path }}/deploy/non-olm/{{ mig_operator_version }}/{{ item }}"
  loop:
    - "operator.yml"
    - "controller-{{ mig_ocp_version }}.yml"
  when: not migration_workload_destroy|bool

- name: "Removing controller and operator"
  shell: "oc delete --ignore-not-found -f {{ repodir.path }}/deploy/non-olm/{{ mig_operator_version }}/{{ item }}"
  loop:
    - "operator.yml"
  when: migration_workload_destroy|bool

# Leave this as the last task in the playbook.
- name: workload tasks complete

 ansible/roles/ocp-workload-migration/templates/migstorage.yaml.j2

New file
@@ -0,0 +1,35 @@
---
apiVersion: v1
kind: Secret
metadata:
  namespace: mig
  name: migstorage-creds
type: Opaque
data:
  aws-access-key-id: {{ noobaa_key|b64encode }}
  aws-secret-access-key: {{ noobaa_secret|b64encode }}
---
apiVersion: migration.openshift.io/v1alpha1
kind: MigStorage
metadata:
  labels:
    controller-tools.k8s.io: "1.0"
  name: migstorage-sample
  namespace: mig
spec:
  backupStorageProvider: aws
  volumeSnapshotProvider: aws
  
  backupStorageConfig:
    awsBucketName: first.bucket
    awsS3ForcePathStyle: true
    awsS3Url: {{ noobaa_s3_url }}
    credsSecretRef:
      namespace: mig
      name: migstorage-creds

  volumeSnapshotConfig:
    awsRegion: {{ noobaa_region }}
    credsSecretRef:
      namespace: mig
      name: migstorage-creds