From 37d997d9cfe54655ab91ae4ba738c7a405481e83 Mon Sep 17 00:00:00 2001 From: Jiří Locker <jiri.locker@gmail.com> Date: Mon, 06 Jan 2020 22:55:15 +0100 Subject: [PATCH] Add OptaWeb Employee Rostering Demo (#963) --- ansible/roles/ocp-workload-optaweb-employee-rostering/tasks/post_workload.yml | 9 + ansible/roles/ocp-workload-optaweb-employee-rostering/tasks/wait_for_deploy.yml | 30 +++++ ansible/roles/ocp-workload-optaweb-employee-rostering/tasks/pre_workload.yml | 36 ++++++ ansible/roles/ocp-workload-optaweb-employee-rostering/tasks/wait_for_build.yml | 23 +++ ansible/roles/ocp-workload-optaweb-employee-rostering/readme.adoc | 131 +++++++++++++++++++++ ansible/roles/ocp-workload-optaweb-employee-rostering/defaults/main.yml | 28 ++++ ansible/roles/ocp-workload-optaweb-employee-rostering/tasks/workload.yml | 55 +++++++++ ansible/roles/ocp-workload-optaweb-employee-rostering/tasks/main.yml | 20 +++ ansible/roles/ocp-workload-optaweb-employee-rostering/tasks/remove_workload.yml | 20 +++ 9 files changed, 352 insertions(+), 0 deletions(-) diff --git a/ansible/roles/ocp-workload-optaweb-employee-rostering/defaults/main.yml b/ansible/roles/ocp-workload-optaweb-employee-rostering/defaults/main.yml new file mode 100644 index 0000000..2676664 --- /dev/null +++ b/ansible/roles/ocp-workload-optaweb-employee-rostering/defaults/main.yml @@ -0,0 +1,28 @@ +--- +ocp_username: jlocker-redhat.com +ocp_user_needs_quota: True + +ocp_user_groups: + - OPENTLC-PROJECT-PROVISIONERS + +quota_requests_cpu: 4 +quota_limits_cpu: 4 + +quota_requests_memory: '4Gi' +quota_limits_memory: '8Gi' + +quota_configmaps: 4 +quota_pods: 6 +quota_persistentvolumeclaims: 1 +quota_services: 3 +quota_secrets: 1 +quota_requests_storage: 1Gi + +build_status_retries: 45 +build_status_delay: 30 + +deploy_status_retries: 15 +deploy_status_delay: 20 + +optaweb_git_repository: https://github.com/kiegroup/optaweb-employee-rostering +optaweb_git_branch: RHPDS diff --git a/ansible/roles/ocp-workload-optaweb-employee-rostering/readme.adoc b/ansible/roles/ocp-workload-optaweb-employee-rostering/readme.adoc new file mode 100644 index 0000000..06942ea --- /dev/null +++ b/ansible/roles/ocp-workload-optaweb-employee-rostering/readme.adoc @@ -0,0 +1,131 @@ += ocp-workload-developer-environment - Sample Config + +== Role overview + +* This is a simple role that does the following: +** Playbook: link:./tasks/pre_workload.yml[pre_workload.yml] - Sets up an + environment for the workload deployment +*** Adds a user to a list of groups defined in the + link:./defaults/main.yml[defaults file]. +*** Sets a cluster resource quota for the user based on the variables in the + link:./defaults/main.yml[defaults file] . +*** Debug task will print out: `pre_workload Tasks Complete` + +** Playbook: link:./tasks/workload.yml[workload.yml] - Used to deploy the actual + workload, i.e, 3scale, Mobile or some Demo +*** This role doesn't do anything here +*** Debug task will print out: `workload Tasks Complete` + +** Playbook: link:./tasks/post_workload.yml[post_workload.yml] - Used to + configure the workload after deployment +*** This role doesn't do anything here +*** Debug task will print out: `post_workload Tasks Complete` + +== Review the defaults variable file + +* This file link:./defaults/main.yml[./defaults/main.yml] contains all the variables you + need to define to control the deployment of your workload. + +* You can modify any of these default values by adding +`-e"variable_name=variable_value"` to the command line + +=== Deploy Workload on OpenShift Cluster from an existing playbook: + +[source,yaml] +---- +- name: Deploy a workload role on a master host + hosts: all + become: true + gather_facts: False + tags: + - step007 + roles: + - { role: "{{ocp_workload}}", when: 'ocp_workload is defined' } + +---- +NOTE: You might want to change `hosts: all` to fit your requirements + + +=== Common configuration to run these playbooks +You should have these environment variables defined/exported in your system in order +to run these playbooks. + +---- +HOST_GUID=dev37 +TARGET_HOST="bastion.$HOST_GUID.openshift.opentlc.com" +OCP_USERNAME="ddoyle-redhat.com" +SSH_USER="opentlc-mgr" +SSH_PRIVATE_KEY="id_rsa" +GUID=duncandoyle +---- + +=== Deploy a Workload with the `ocp-workload` playbook [Mostly for testing] +---- +WORKLOAD="ocp-workload-optaweb-employee-rostering" + +# a TARGET_HOST is specified in the command line, without using an inventory file +ansible-playbook -i ${TARGET_HOST}, ./configs/ocp-workloads/ocp-workload.yml \ + -e"ansible_ssh_private_key_file=~/.ssh/${SSH_PRIVATE_KEY}" \ + -e"ansible_user=${SSH_USER}" \ + -e"ocp_username=${OCP_USERNAME}" \ + -e"ocp_workload=${WORKLOAD}" \ + -e"guid=${GUID}" \ + -e"ocp_user_needs_quota=true" \ + -e"ocp_master=master.${HOST_GUID}.openshift.opentlc.com" \ + -e"ocp_apps_domain=apps.${HOST_GUID}.openshift.opentlc.com" \ + -e"ACTION=create" +---- + +=== To Delete an environment +Use the common configuration first. Then run this. + +---- +WORKLOAD="ocp-workload-optaweb-employee-rostering" + +# a TARGET_HOST is specified in the command line, without using an inventory file +ansible-playbook -i ${TARGET_HOST}, ./configs/ocp-workloads/ocp-workload.yml \ + -e"ansible_ssh_private_key_file=~/.ssh/${SSH_PRIVATE_KEY}" \ + -e"ansible_user=${SSH_USER}" \ + -e"ocp_username=${OCP_USERNAME}" \ + -e"ocp_workload=${WORKLOAD}" \ + -e"guid=${GUID}" \ + -e"ACTION=remove" +---- + +== Set up your Ansible inventory file + +* You can create an Ansible inventory file to define your connection + method to your host (Master/Bastion with OC command) + +* You can also use the command line to define the hosts directly if your `ssh` + configuration is set to connect to the host correctly + +* You can also use the command line to use localhost or if your cluster is + already authenticated and configured in your `oc` configuration +[source, ini] + +.example inventory file +---- +[gptehosts:vars] +ansible_ssh_private_key_file=~/.ssh/keytoyourhost.pem +ansible_user=ec2-user + +[gptehosts:children] +openshift + +[openshift] +bastion.cluster1.openshift.opentlc.com +bastion.cluster2.openshift.opentlc.com +bastion.cluster3.openshift.opentlc.com ansible_ssh_host=ec2-11-111-111-11.us-west-2.compute.amazonaws.com +bastion.cluster4.openshift.opentlc.com + + +[dev] +bastion.cluster1.openshift.opentlc.com +bastion.cluster2.openshift.opentlc.com + + +[prod] +bastion.cluster3.openshift.opentlc.com +bastion.cluster4.openshift.opentlc.com +---- diff --git a/ansible/roles/ocp-workload-optaweb-employee-rostering/tasks/main.yml b/ansible/roles/ocp-workload-optaweb-employee-rostering/tasks/main.yml new file mode 100644 index 0000000..c2bea43 --- /dev/null +++ b/ansible/roles/ocp-workload-optaweb-employee-rostering/tasks/main.yml @@ -0,0 +1,20 @@ +--- +- name: Running Pre Workload Tasks + import_tasks: ./pre_workload.yml + become: false + when: ACTION == "create" or ACTION == "provision" + +- name: Running Workload Tasks + import_tasks: ./workload.yml + become: false + when: ACTION == "create" or ACTION == "provision" + +- name: Running Post Workload Tasks + import_tasks: ./post_workload.yml + become: false + when: ACTION == "create" or ACTION == "provision" + +- name: Running Workload removal Tasks + import_tasks: ./remove_workload.yml + become: false + when: ACTION == "destroy" or ACTION == "remove" diff --git a/ansible/roles/ocp-workload-optaweb-employee-rostering/tasks/post_workload.yml b/ansible/roles/ocp-workload-optaweb-employee-rostering/tasks/post_workload.yml new file mode 100644 index 0000000..a6af045 --- /dev/null +++ b/ansible/roles/ocp-workload-optaweb-employee-rostering/tasks/post_workload.yml @@ -0,0 +1,9 @@ +--- +- name: Delete the remote files used in this role + file: + path: /tmp/{{guid}} + state: absent + +- name: post_workload Tasks Complete + debug: + msg: "Post-Software checks completed successfully" diff --git a/ansible/roles/ocp-workload-optaweb-employee-rostering/tasks/pre_workload.yml b/ansible/roles/ocp-workload-optaweb-employee-rostering/tasks/pre_workload.yml new file mode 100644 index 0000000..7796fa3 --- /dev/null +++ b/ansible/roles/ocp-workload-optaweb-employee-rostering/tasks/pre_workload.yml @@ -0,0 +1,36 @@ +--- + +# - name: Add user to developer group (allowed to create projects) +# shell: "oadm groups add-users {{item}} {{ocp_username}}" +# register: groupadd_register +# with_items: "{{ocp_user_groups}}" +# when: ocp_username is defined and ocp_user_groups is defined +# +# - name: test that command worked +# debug: +# var: groupadd_register +# verbosity: 2 + +- name: Show path + shell: "echo $PATH" + + +- name: Create user Quota - clusterresourcequota + shell: | + oc create clusterquota clusterquota-"{{ocp_username}}-{{guid}}" \ + --project-annotation-selector=openshift.io/requester="{{ocp_username}}" \ + --hard requests.cpu="{{quota_requests_cpu}}" \ + --hard limits.cpu="{{quota_limits_cpu}}" \ + --hard requests.memory="{{quota_requests_memory}}" \ + --hard limits.memory="{{quota_limits_memory}}" \ + --hard configmaps="{{quota_configmaps}}" \ + --hard pods="{{quota_pods}}" \ + --hard persistentvolumeclaims="{{quota_persistentvolumeclaims}}" \ + --hard services="{{quota_services}}" \ + --hard secrets="{{quota_secrets}}" \ + --hard requests.storage="{{quota_requests_storage}}" + ignore_errors: true + +- name: pre_workload Tasks Complete + debug: + msg: "Pre-Software checks completed successfully" diff --git a/ansible/roles/ocp-workload-optaweb-employee-rostering/tasks/remove_workload.yml b/ansible/roles/ocp-workload-optaweb-employee-rostering/tasks/remove_workload.yml new file mode 100644 index 0000000..16fde37 --- /dev/null +++ b/ansible/roles/ocp-workload-optaweb-employee-rostering/tasks/remove_workload.yml @@ -0,0 +1,20 @@ +--- +- name: post_workload Tasks Complete + debug: + msg: "Pre-Software checks completed successfully - Removed" + +- name: define ocp_project + set_fact: + ocp_project: "optaweb-employee-rostering-{{guid}}" + +- name: Remove user Project + shell: "oc delete project {{ocp_project}}" + ignore_errors: true + +- name: Remove user Quota - oc delete clusterresourcequota "clusterquota-{{ocp_username}}-{{guid}}" + shell: oc delete clusterresourcequota clusterquota-{{ocp_username}}-{{guid}} + ignore_errors: true + +- name: post_workload Tasks Complete + debug: + msg: "Post-Software checks completed successfully - Removed" diff --git a/ansible/roles/ocp-workload-optaweb-employee-rostering/tasks/wait_for_build.yml b/ansible/roles/ocp-workload-optaweb-employee-rostering/tasks/wait_for_build.yml new file mode 100644 index 0000000..7975fb2 --- /dev/null +++ b/ansible/roles/ocp-workload-optaweb-employee-rostering/tasks/wait_for_build.yml @@ -0,0 +1,23 @@ +--- + +# Purpose: +# This script queries OCP for builds that exist but are not yet ready. +# So long as there are unready builds, this script continues to loop +# +# Manual Test to determine list of unready builds : +# 1) install jp : https://github.com/jmespath/jp +# 2) oc get builds -o json | jp "items[? (status.phase != 'Complete') ].metadata.annotations.\"openshift.io/build-config.name\"" +# +# Documentation pertaining to jq syntax: +# - http://jmespath.org/tutorial.html +# - https://stackoverflow.com/questions/41261680/ansible-json-query-path-to-select-item-by-content +# +- name: "Wait for following builds to become ready: {{build_to_wait}}" + command: 'oc get build -o json -n "{{ ocp_project }}"' + register: build_state + changed_when: false + retries: "{{ build_status_retries }}" + delay: "{{ build_status_delay }}" + vars: + query: "items[? (status.phase != 'Complete') ].metadata.annotations.\"openshift.io/build-config.name\"" + until: "build_state.stdout |from_json |json_query(query) |intersect(build_to_wait) |length == 0" diff --git a/ansible/roles/ocp-workload-optaweb-employee-rostering/tasks/wait_for_deploy.yml b/ansible/roles/ocp-workload-optaweb-employee-rostering/tasks/wait_for_deploy.yml new file mode 100644 index 0000000..c2f878d --- /dev/null +++ b/ansible/roles/ocp-workload-optaweb-employee-rostering/tasks/wait_for_deploy.yml @@ -0,0 +1,30 @@ +--- + +# Purpose: +# This script queries OCP for replication controllers that exist but are not yet ready. +# So long as there are unready replication controllers, this script continues to loop +# +# Manual Test to determine list of unready replication controllers : +# 1) install jp : https://github.com/jmespath/jp +# 2) oc get rc -o json | jp 'items[? (status.readyReplicas == ""|| status.readyReplicas == `0`) ].metadata.annotations."openshift.io/deployment-config.name"' +# + +- name: "Wait for following replication controllers to be created: {{ item }}" + command: 'oc get rc -o json -n "{{ ocp_project }}"' + register: rc_state + changed_when: false + retries: "{{ deploy_status_retries }}" + delay: "{{ deploy_status_delay }}" + until: 'rc_state.stdout |from_json | json_query("items[? (kind == ''ReplicationController'')].metadata.annotations.\"openshift.io/deployment-config.name\"") |intersect(item) |length >= 1' + loop: "{{pod_to_wait}}" + +- name: "Wait for following deployments to become ready: {{pod_to_wait}}" + command: 'oc get rc -o json -n "{{ ocp_project }}"' + register: rc_state + changed_when: false + retries: "{{ deploy_status_retries }}" + delay: "{{ deploy_status_delay }}" + until: 'rc_state.stdout |from_json |json_query("items[? ((status.readyReplicas == \"\" || status.readyReplicas == ''`0`'') && (metadata.annotations.\"openshift.io/deployment.cancelled\" != ''true''))].metadata.annotations.\"openshift.io/deployment-config.name\"") |intersect(pod_to_wait) |length == 0' + +# Documentation pertaining to jq syntax: +# - http://jmespath.org/tutorial.html diff --git a/ansible/roles/ocp-workload-optaweb-employee-rostering/tasks/workload.yml b/ansible/roles/ocp-workload-optaweb-employee-rostering/tasks/workload.yml new file mode 100644 index 0000000..39f913f --- /dev/null +++ b/ansible/roles/ocp-workload-optaweb-employee-rostering/tasks/workload.yml @@ -0,0 +1,55 @@ +--- +- name: define ocp_project + set_fact: + ocp_project: "optaweb-employee-rostering-{{guid}}" + +- name: Create project for OptaPlanner Employee Rostering Demo + shell: | + oc new-project {{ocp_project}} \ + --display-name="OptaPlanner Employee Rostering Demo" \ + --description="OptaPlanner Employee Rostering Demo" + ignore_errors: true + +- name: "Label namespace" + command: "oc label namespace {{ocp_project}} AAD='{{guid}}'" + +- name: "Create PostgreSQL database" + shell: "oc new-app postgresql-persistent -n {{ocp_project}}" + +- name: "Create OptaWeb app" + shell: "oc new-app --name employee-rostering \ + --strategy=docker \ + java:8~{{optaweb_git_repository}}#{{optaweb_git_branch}} \ + -n {{ocp_project}}" + +- name: "Share PostgreSQL secret with OptaWeb app" + shell: "oc set env dc/employee-rostering --from=secret/postgresql -n {{ocp_project}}" + +- name: "Expose the service" + shell: "oc expose svc/employee-rostering -n {{ocp_project}}" + +- name: Wait 10 seconds for the builds to be defined + pause: + seconds: 10 + +#### Wait for the build to complete before slapping on the quota .... +- include_tasks: ./wait_for_build.yml + vars: + build_to_wait: + - employee-rostering + +#### Wait for the deployment to complete before slapping on the quota ... +- include_tasks: ./wait_for_deploy.yml + vars: + pod_to_wait: + - employee-rostering + +- name: Annotate the completed project as requested by user + shell: "oc annotate namespace {{ocp_project}} openshift.io/requester={{ocp_username}} --overwrite" + +- name: Give user access to the completed project + shell: "oc policy add-role-to-user admin {{ocp_username}} -n {{ocp_project}}" + +- name: workload Tasks Complete + debug: + msg: workload Tasks Complete -- Gitblit v1.9.3