diff --git a/ansible/configs/bu-workshop/files/cloud_providers/ec2_cloud_template.j2 b/ansible/configs/bu-workshop/files/cloud_providers/ec2_cloud_template.j2 index 2405d7c7f75..23a597b89d8 100644 --- a/ansible/configs/bu-workshop/files/cloud_providers/ec2_cloud_template.j2 +++ b/ansible/configs/bu-workshop/files/cloud_providers/ec2_cloud_template.j2 @@ -516,7 +516,7 @@ }, { "Key": "{{ project_tag }}", - "Value": "nfs" + "Value": "support" } ], "BlockDeviceMappings": [ diff --git a/ansible/configs/bu-workshop/files/hosts_template.j2 b/ansible/configs/bu-workshop/files/hosts_template.j2 index 473d06cfe19..8680a76f3eb 100644 --- a/ansible/configs/bu-workshop/files/hosts_template.j2 +++ b/ansible/configs/bu-workshop/files/hosts_template.j2 @@ -76,7 +76,7 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', openshift_hosted_metrics_deploy={{ install_metrics }} openshift_hosted_metrics_storage_kind=nfs openshift_hosted_metrics_storage_access_modes=['ReadWriteOnce'] -openshift_hosted_metrics_storage_host={{ hostvars[ groups[ ('tag_' + env_type + '-' + guid + '_nfs') | replace('-', '_') ].0 ]["ec2_private_dns_name"] }} +openshift_hosted_metrics_storage_host={{ hostvars[ groups[ ('tag_' + env_type + '-' + guid + '_support') | replace('-', '_') ].0 ]["ec2_private_dns_name"] }} openshift_hosted_metrics_storage_nfs_directory=/srv/nfs openshift_hosted_metrics_storage_nfs_options='*(rw,root_squash)' openshift_hosted_metrics_storage_volume_name=metrics @@ -125,7 +125,7 @@ openshift_hosted_registry_storage_kind=object openshift_hosted_registry_storage_provider=s3 openshift_hosted_registry_storage_s3_accesskey={{ aws_access_key_id }} openshift_hosted_registry_storage_s3_secretkey={{ aws_secret_access_key }} -openshift_hosted_registry_storage_s3_bucket={{ s3_bucket }} +openshift_hosted_registry_storage_s3_bucket={{ env_type }}-{{ guid }} openshift_hosted_registry_storage_s3_region={{ aws_region }} openshift_hosted_registry_storage_s3_chunksize=26214400 openshift_hosted_registry_storage_s3_rootdirectory=/registry @@ -163,6 +163,6 @@ nfs {% endfor %} [nfs] -{% for host in groups[('tag_' + env_type + '-' + guid + '_nfs') | replace('-', '_') ] %} +{% for host in groups[('tag_' + env_type + '-' + guid + '_support') | replace('-', '_') ] %} {{ hostvars[host]['ec2_private_dns_name'] }} ansible_ssh_user={{ ansible_ssh_user }} ansible_ssh_private_key_file=~/.ssh/{{ key_name }} {% endfor %} diff --git a/ansible/configs/bu-workshop/post_infra.yml b/ansible/configs/bu-workshop/post_infra.yml index 700d568e4a2..1e4c57ae1d3 100644 --- a/ansible/configs/bu-workshop/post_infra.yml +++ b/ansible/configs/bu-workshop/post_infra.yml @@ -7,4 +7,3 @@ gather_facts: false tasks: - meta: noop - diff --git a/ansible/configs/bu-workshop/post_software.yml b/ansible/configs/bu-workshop/post_software.yml index 8de7be48d70..fe86b1ef63e 100644 --- a/ansible/configs/bu-workshop/post_software.yml +++ b/ansible/configs/bu-workshop/post_software.yml @@ -14,10 +14,9 @@ # TODO: metrics nodeselector - - name: User volumes on NFS server hosts: - - "{{ ('tag_' ~ env_type ~ '_' ~ guid ~ '_nfs') | replace('-', '_') }}" + - "{{ ('tag_' ~ env_type ~ '_' ~ guid ~ '_support') | replace('-', '_') }}" gather_facts: False vars_files: - "env_vars.yml" @@ -32,6 +31,46 @@ - name: chmod the user vols shell: "chmod -R 777 /srv/nfs/user-vols" +- name: Create Workshop NFS shares + hosts: + - "{{ ('tag_' ~ env_type ~ '_' ~ guid ~ '_support') | replace('-', '_') }}" + vars_files: + - "env_vars.yml" + - "env_secret_vars.yml" + - "ssh_vars.yml" + tags: + - workshop + - workshop_nfs + tasks: + - name: Create workshop nfs directory + file: + name: '/srv/nfs/{{ item }}' + state: directory + mode: 0777 + owner: nfsnobody + group: nfsnobody + recurse: True + with_items: + - '{{ workshop_shares }}' + + - name: Create workshop exports file + file: + path: "/etc/exports.d/{{ env_type }}-{{ guid }}-workshop.exports" + state: touch + mode: 755 + + - name: Update workshop exports file + lineinfile: + dest: "/etc/exports.d/{{ env_type }}-{{ guid }}-workshop.exports" + line: "/srv/nfs/{{ item }} *(rw,root_squash,no_wdelay,sync)" + state: present + with_items: + - '{{ workshop_shares }}' + run_once: True + + - name: Reload NFS exports + shell: "exportfs -r" + - name: NFS volume configuration hosts: - "{{ ('tag_' ~ env_type ~ '_' ~ guid ~ '_master') | replace('-', '_') }}" @@ -45,7 +84,7 @@ tasks: - name: Set NFS related facts set_fact: - nfs_host: "{{ hostvars[ groups[ ('tag_' ~ env_type ~ '_' ~ guid ~ '_nfs') | replace('-', '_') ].0 ]['ec2_public_dns_name'] }}" + nfs_host: "{{ hostvars[ groups[ ('tag_' ~ env_type ~ '_' ~ guid ~ '_support') | replace('-', '_') ].0 ]['ec2_public_dns_name'] }}" pv_size: '10Gi' pv_list: "{{ nfs_shares }}" persistentVolumeReclaimPolicy: Retain @@ -96,46 +135,6 @@ - name: Give administrative user cluster-admin privileges command: "{{ oc_path }} adm policy add-cluster-role-to-user cluster-admin admin" -- name: Create Workshop NFS shares - hosts: - - "{{ ('tag_' ~ env_type ~ '_' ~ guid ~ '_nfs') | replace('-', '_') }}" - vars_files: - - "env_vars.yml" - - "env_secret_vars.yml" - - "ssh_vars.yml" - tags: - - workshop - - workshop_nfs - tasks: - - name: Create workshop nfs directory - file: - name: '/srv/nfs/{{ item }}' - state: directory - mode: 0777 - owner: nfsnobody - group: nfsnobody - recurse: True - with_items: - - '{{ workshop_shares }}' - - - name: Create workshop exports file - file: - path: "/etc/exports.d/{{ env_type }}-{{ guid }}-workshop.exports" - state: touch - mode: 755 - - - name: Update workshop exports file - lineinfile: - dest: "/etc/exports.d/{{ env_type }}-{{ guid }}-workshop.exports" - line: "/srv/nfs/{{ item }} *(rw,root_squash,no_wdelay,sync)" - state: present - with_items: - - '{{ workshop_shares }}' - run_once: True - - - name: Reload NFS exports - shell: "exportfs -r" - - name: Workshop PVs hosts: - "{{ ('tag_' ~ env_type ~ '_' ~ guid ~ '_master') | replace('-', '_') }}" @@ -151,7 +150,7 @@ pv_size: '10Gi' pv_list: "{{ workshop_shares }}" persistentVolumeReclaimPolicy: Retain - nfs_hostname: "{{ hostvars[ groups[ ('tag_' ~ env_type ~ '_' ~ guid ~ '_nfs') | replace('-', '_') ].0 ]['ansible_fqdn'] }}" + nfs_hostname: "{{ hostvars[ groups[ ('tag_' ~ env_type ~ '_' ~ guid ~ '_support') | replace('-', '_') ].0 ]['ansible_fqdn'] }}" - name: Generate workshop PV file template: @@ -159,7 +158,7 @@ dest: "/root/pvs-{{ env_type }}-{{ guid }}.yml" - name: Create workshop PVs - shell: 'oc create -f /root/pvs-{{ env_type }}-{{ guid }}.yml || oc update -f /root/pvs-{{ env_type }}-{{ guid }}.yml' + shell: '{{ oc_path }} create -f /root/pvs-{{ env_type }}-{{ guid }}.yml || {{ oc_path }} update -f /root/pvs-{{ env_type }}-{{ guid }}.yml' - name: Workshop prerequisites hosts: @@ -218,95 +217,6 @@ tags: - create-pipeline-template -- name: Nexus server - hosts: - - "{{ ('tag_' ~ env_type ~ '_' ~ guid ~ '_master') | replace('-', '_') }}" - vars_files: - - "env_vars.yml" - - "env_secret_vars.yml" - - "ssh_vars.yml" - tags: - - workshop - - workshop_nexus - tasks: - - - name: Copy nexus.yaml to master - copy: - src: "files/nexus.yaml" - dest: "/root/nexus.yaml" - - - name: Check if Nexus was already provisioned - command: "{{ oc_path }} get service nexus -n workshop-infra" - - register: install_nexus - ignore_errors: true - - - name: Instantiate nexus from template - command: "{{ oc_path }} create -f /root/nexus.yaml -n workshop-infra" - - when: install_nexus | failed - - # looks like we need a better check - it seems we're ready up to several - # seconds before the router finds out about us, so we might want another - # http check to make sure nexus is responding - - name: Wait for Nexus to be running - command: "{{ oc_path }} get dc/nexus -o yaml -n workshop-infra" - - register: result - until: '"availableReplicas: 1" in result.stdout' - retries: 5 - delay: 60 - - - name: Wait for Nexus to be happy - uri: - url: "http://nexus.workshop-infra.svc.cluster.local:8081/content/repositories/" - status_code: 200 - register: nexus_happy - until: nexus_happy | success - retries: 5 - delay: 60 - - - name: Install EPEL (for jq) - package: - name: "https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm" - state: installed - - - name: Disable EPEL - command: "yum-config-manager --disablerepo=epel" - - - name: Install jq - package: - name: jq - state: present - enablerepo: epel - - - name: Copy Nexus addrepo script - copy: - src: "files/addrepo.sh" - dest: "/root/addrepo.sh" - - - name: Check for redhat-ga repository in Nexus - uri: - url: "http://nexus.workshop-infra.svc.cluster.local:8081/content/repositories/redhat-ga" - status_code: 200 - register: redhat_ga_out - ignore_errors: true - - - name: Add redhat-ga repository for Nexus - shell: "NEXUS_BASE_URL=nexus.workshop-infra.svc.cluster.local:8081 bash /root/addrepo.sh redhat-ga https://maven.repository.redhat.com/ga/" - when: redhat_ga_out | failed - - - name: Check for JBoss repository in Nexus - uri: - url: "http://nexus.workshop-infra.svc.cluster.local:8081/content/repositories/jboss" - status_code: 200 - register: redhat_ga_out - ignore_errors: true - - - name: Add redhat-ga repository for Nexus - shell: "NEXUS_BASE_URL=nexus.workshop-infra.svc.cluster.local:8081 bash /root/addrepo.sh jboss https://repository.jboss.org/nexus/content/repositories/public" - when: redhat_ga_out | failed - - name: Gitlab hosts: - "{{ ('tag_' ~ env_type ~ '_' ~ guid ~ '_master') | replace('-', '_') }}" @@ -352,8 +262,6 @@ tags: - wait-for-gitlab -# This was added by "PR #21" -#https://github.com/sborenst/ansible_agnostic_deployer/pull/21 - name: Annotate gitlab service to group database shell: > {{ oc_path }} annotate service gitlab-ce @@ -361,27 +269,6 @@ --overwrite -n workshop-infra - #Commented out in PR #21 Merge - - name: Copy simple-java-s2i IS to server - copy: - src: "files/java-s2i-is.yaml" - dest: "/root/java-s2i-is.yaml" - tags: - - copy-java-s2i-is - - - name: Create simple-java-s2i IS in openshift namespace - shell: "{{ oc_path }} create -f /root/java-s2i-is.yaml -n openshift || {{ oc_path }} replace -f /root/java-s2i-is.yaml -n openshift" - - tags: - - create-java-s2i-is - - - name: Create Jenkins pipeline template in openshift namespace - shell: "{{ oc_path }} create -f https://raw.githubusercontent.com/openshift-roadshow/nationalparks/1.0.0/ose3/pipeline-template.yaml -n openshift || {{ oc_path }} replace -f https://raw.githubusercontent.com/openshift-roadshow/nationalparks/1.0.0/ose3/pipeline-template.yaml -n openshift" - - tags: - - create-pipeline-template - #Commented out in PR #21 Merge - - name: Lab guide hosts: - "{{ ('tag_' ~ env_type ~ '_' ~ guid ~ '_master') | replace('-', '_') }}" @@ -403,7 +290,6 @@ shell: > {{ oc_path }} new-app --name=labs jboss-eap70-openshift~{{ lab_url }}#{{ lab_tag }} - -e ROUTER_ADDRESS={{cloudapps_suffix}} -e CONSOLE_ADDRESS=master.{{subdomain_base}} -e DEFAULT_LAB=roadshow @@ -412,14 +298,13 @@ -e WORKSHOPS_URLS={{ lab_content }} -n workshop-infra; {{ oc_path }} expose service labs -n workshop-infra - when: labs_service_out | failed tags: - build-workshop-labs - name: GitLab nfs permissions hack hosts: - - "{{ ('tag_' ~ env_type ~ '_' ~ guid ~ '_nfs') | replace('-', '_') }}" + - "{{ ('tag_' ~ env_type ~ '_' ~ guid ~ '_support') | replace('-', '_') }}" vars_files: - "env_vars.yml" - "env_secret_vars.yml" @@ -595,58 +480,3 @@ # TODO: curl command to create default pad -- name: Cache Java dependencies - hosts: - - "{{ ('tag_' ~ env_type ~ '_' ~ guid ~ '_master') | replace('-', '_') }}" - vars_files: - - "env_vars.yml" - - "env_secret_vars.yml" - - "ssh_vars.yml" - vars: - workshop_repos: - - "nationalparks" - - "mlbparks" - - "parksmap-web" - tags: - - workshop - - workshop_java_dependencies - tasks: - - name: Install Maven and Java - yum: - name: '{{ item }}' - state: present - enablerepo: "rhel-7-server-optional-rpms" - with_items: - - "maven" - - "java-1.8.0-openjdk-devel" - - - name: Remove m2 folder - file: - path: "/home/ec2-user/.m2/repository" - state: absent - - - name: Make repos directory - file: - path: "/home/ec2-user/repos" - state: directory - - - name: Clone app repositories - git: - repo: 'https://github.com/openshift-roadshow/{{ item }}' - dest: "/home/ec2-user/repos/{{ item }}" - with_items: - - '{{ workshop_repos }}' - - - name: Deploy maven settings file - template: - src: "files/maven.xml.j2" - dest: "/home/ec2-user/maven.xml" - mode: 0755 - owner: ec2-user - - - name: Build and cache dependencies - shell: > - mvn -q -s /home/ec2-user/maven.xml -f /home/ec2-user/repos/{{ item }}/pom.xml install - with_items: - - '{{ workshop_repos }}' - diff --git a/ansible/configs/bu-workshop/pre_infra.yml b/ansible/configs/bu-workshop/pre_infra.yml new file mode 100644 index 00000000000..5b7df9d4a9c --- /dev/null +++ b/ansible/configs/bu-workshop/pre_infra.yml @@ -0,0 +1,9 @@ +# vim: set ft=ansible: +--- +- name: Pre infra deployment + hosts: localhost + connection: local + become: false + gather_facts: false + tasks: + - meta: noop diff --git a/ansible/configs/bu-workshop/ssh_vars.yml b/ansible/configs/bu-workshop/ssh_vars.yml index 0b4c1bd7df8..c48f125543d 100644 --- a/ansible/configs/bu-workshop/ssh_vars.yml +++ b/ansible/configs/bu-workshop/ssh_vars.yml @@ -1 +1,5 @@ -ansible_ssh_extra_args: "-F /tmp/{{ env_type }}_{{ guid }}_ssh_conf" +ansible_ssh_extra_args: > + -o User={{ ansible_ssh_user }} + -o StrictHostKeyChecking=no + -i ~/.ssh/{{ key_name }}.pem + -o ProxyCommand="ssh -o StrictHostKeyChecking=no -i ~/.ssh/'{{ key_name }}'.pem -o User='{{ ansible_ssh_user }}' -W %h:%p {{ hostvars[ groups[ ('tag_' ~ env_type ~ '_' ~ guid ~ '_bastion') | replace('-', '_') ].0 ]['ec2_public_dns_name'] }}" diff --git a/ansible/main.yml b/ansible/main.yml index efa2b78afcc..e955943e22e 100644 --- a/ansible/main.yml +++ b/ansible/main.yml @@ -1,4 +1,4 @@ -#vim: set ft=ansible: +# vim: set ft=ansible: --- ################################################################################ ################################################################################ @@ -33,7 +33,10 @@ include: "{{ playbook_dir }}/cloud_providers/{{ cloud_provider }}_infrastructure_deployment.yml" tags: - infrastructure_deployment - - shell: "sleep 60" + + - name: "Sleeping 60 seconds" + pause: + seconds: 60 - name: Refresh cloud_provider cache environment: @@ -75,8 +78,10 @@ host: '{{ inventory_hostname }}' port: 22 search_regex: OpenSSH + delegate_to: localhost + become: false + - name: Configure local .ssh/config for bastion proxy use - gather_facts: false include: "{{playbook_dir}}/cloud_providers/{{cloud_provider}}_ssh_config_setup.yml" when: 'deploy_local_ssh_config is defined and deploy_local_ssh_config == "true"' @@ -119,6 +124,7 @@ shell: ssh-keygen -b 2048 -t rsa -f ./workdir/{{env_authorized_key}} -q -N "" args: creates: ./workdir/{{env_authorized_key}} + when: set_env_authorized_key ################################################################################## @@ -142,7 +148,7 @@ - deploy_software - subscriptions roles: - - { role: subscriptions, when: "{{ use_subscriptions | default(false) }}" } + - { role: subscriptions, when: 'use_subscriptions | default(false)' } - name: Configure repositories hosts: "{{ ('tag_Project_' ~ env_type ~ '_' ~ guid) | replace('-', '_') }}" @@ -172,7 +178,7 @@ - step004 - common_tasks roles: - - { role: common, when: "{{ install_common }}" } + - { role: common, when: 'install_common' } - name: Step 004 Deploy Software hosts: "{{ ('tag_Project_' ~ env_type ~ '_' ~ guid) | replace('-', '_') }}" @@ -186,20 +192,19 @@ - step004 - set_env_authorized_key roles: - - { role: set_env_authorized_key, when: "{{ set_env_authorized_key }}" } + - { role: set_env_authorized_key, when: 'set_env_authorized_key' } - name: Configuring Bastion Hosts hosts: "{{ ('tag_' ~ env_type ~ '_' ~ guid ~ '_bastion') | replace('-', '_') }}" - become: true vars_files: - "{{ playbook_dir }}/configs/{{ env_type }}/env_vars.yml" - "{{ playbook_dir }}/configs/{{ env_type }}/env_secret_vars.yml" - "{{ playbook_dir }}/configs/{{ env_type }}/ssh_vars.yml" roles: - - { role: bastion, when: "{{ install_bastion }}" } + - { role: bastion, when: 'install_bastion' } tags: - step004 - bastion_tasks diff --git a/ansible/roles/bastion/tasks/main.yml b/ansible/roles/bastion/tasks/main.yml index d97272b7b1c..8d306de24f4 100644 --- a/ansible/roles/bastion/tasks/main.yml +++ b/ansible/roles/bastion/tasks/main.yml @@ -12,8 +12,7 @@ owner: root group: root mode: 0400 - when: "{{ use_own_key|bool }} == 'false'" - + when: 'use_own_key|bool == false' - name: copy the environment .pem key become: true @@ -23,22 +22,22 @@ owner: root group: root mode: 0400 - when: "{{ use_own_key|bool }} == 'true'" - + when: 'use_own_key|bool == true' tags: - copy_env_private_key + # TODO: Test splitting this into literal - name: Generate host .ssh/config Template become: no local_action: template src={{role_path}}/files/bastion_ssh_config.j2 dest={{playbook_dir}}/workdir/ssh-config-{{ env_type }}-{{ guid }} - when: "{{ use_own_key|bool }} == 'false'" + when: 'use_own_key|bool == false' tags: - gen_sshconfig_file - name: Generate host .ssh/config Template become: no local_action: template src={{role_path}}/files/bastion_ssh_config_ownkey.j2 dest={{playbook_dir}}/workdir/ssh-config-{{ env_type }}-{{ guid }} - when: "{{ use_own_key|bool }} == 'true'" + when: 'use_own_key|bool == true' tags: - gen_sshconfig_file diff --git a/ansible/software_playbooks/openshift.yml b/ansible/software_playbooks/openshift.yml index bfd5e9dafb7..01d71a6e721 100644 --- a/ansible/software_playbooks/openshift.yml +++ b/ansible/software_playbooks/openshift.yml @@ -89,7 +89,7 @@ - "../configs/{{ env_type }}/env_vars.yml" - "../configs/{{ env_type }}/ssh_vars.yml" roles: - - { role: "../roles/nfs", when: "{{ install_nfs }}" } + - { role: "../roles/nfs", when: 'install_nfs' } tags: - nfs_tasks @@ -105,7 +105,6 @@ tags: - installing_openshift tasks: - - name: Add log path to Ansible configuration lineinfile: regexp: "^#log_path"