Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

new devspace role #7671

Open
wants to merge 9 commits into
base: development
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
Role Name
=========

A brief description of the role goes here.

Requirements
------------

Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.

Role Variables
--------------

A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.

Dependencies
------------

A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.

Example Playbook
----------------

Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:

- hosts: servers
roles:
- { role: username.rolename, x: 42 }

License
-------

BSD

Author Information
------------------

An optional section for the role authors to include contact information, or a website (HTML is not allowed).
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
---
ocp4_username: system:admin
become_override: false
silent: false

ocp4_workload_redhat_developer_hub_gitlab_namespace: gitlab
ocp4_workload_redhat_developer_hub_backstage_namespace: backstage
ocp4_workload_redhat_developer_hub_backstage_helm_repo: https://janus-idp.github.io/helm-backstage
ocp4_workload_redhat_developer_hub_backstage_helm_chart: backstage
ocp4_workload_redhat_developer_hub_backstage_helm_chart_version: 2.10.3

ocp4_workload_redhat_developer_hub_backstage_gitlab_group: janus-idp

ocp4_workload_redhat_developer_hub_postgresql_password: postgres

ocp4_workload_redhat_developer_hub_gitlab_root_user: root
ocp4_workload_redhat_developer_hub_gitlab_root_password: openshift

ocp4_workload_redhat_developer_hub_janus_bootstrap_repo: https://github.com/treddy08/janus-idp-bootstrap.git
ocp4_workload_redhat_developer_hub_janus_bootstrap_repo_target_revision: main

ocp4_workload_redhat_developer_hub_admin_user: admin
ocp4_workload_redhat_developer_hub_admin_password: "{{ common_password }}"

ocp4_workload_redhat_developer_hub_users_count: "{{ num_users | default(1) }}"
ocp4_workload_redhat_developer_hub_users_password: "{{ common_password }}"

ocp4_workload_redhat_developer_hub_vault_namespace: vault

ocp4_workload_redhat_developer_hub_gitlab_template_locations:
- group: janus-idp
project: software-templates
branch: main
file: showcase-templates.yaml
rules:
allow: Template
templates:
- scaffolder-templates/quarkus-web-template/template.yaml
- group: janus-idp
project: software-templates
branch: main
file: org.yaml
rules:
allow: Group, User
- group: summit-lab
project: backstage-workshop
branch: master
file: showcase-templates.yaml
rules:
allow: Template
templates:
- scaffolder-templates/poi-map/template.yaml
- scaffolder-templates/poi-gateway/template.yaml
- scaffolder-templates/poi-backend/template.yaml

ocp4_workload_redhat_developer_hub_backstage_image_registry: quay.io
ocp4_workload_redhat_developer_hub_backstage_image_repository: rhdh/rhdh-hub-rhel9
ocp4_workload_redhat_developer_hub_backstage_image_tag: "1.0"

redhat_gpte_devhub_pull_secret: ""

ocp4_workload_redhat_developer_hub_username_base: user
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
---
- name: Create devspace resources
kubernetes.core.k8s:
state: present
definition: "{{ lookup('template', item ) | from_yaml }}"
loop:
- namespace-devspaces-user.yml.j2
- secret-devspaces-gitcreds.yml.j2
- config-devspaces-gitconfig.yml.j2
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
---
- name: Fetch {{ folder }}/{{ template_file }} template from remote host
run_once: true
fetch:
src: "{{ folder }}/{{ template_file }}"
dest: /tmp/{{ template_file }}
flat: yes
fail_on_missing: yes

- name: Apply template {{ folder }}/{{ template_file }}
ansible.builtin.template:
src: /tmp/{{ template_file }}
dest: "{{ folder }}/{{ template_file }}"
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
---
# Do not modify this file

- name: Running Pre Workload Tasks
include_tasks:
file: ./pre_workload.yml
apply:
become: "{{ become_override | bool }}"
when: ACTION == "create" or ACTION == "provision"

- name: Running Workload Tasks
include_tasks:
file: ./workload.yml
apply:
become: "{{ become_override | bool }}"
when: ACTION == "create" or ACTION == "provision"

- name: Running Post Workload Tasks
include_tasks:
file: ./post_workload.yml
apply:
become: "{{ become_override | bool }}"
when: ACTION == "create" or ACTION == "provision"

- name: Running Workload removal Tasks
include_tasks:
file: ./remove_workload.yml
apply:
become: "{{ become_override | bool }}"
when: ACTION == "destroy" or ACTION == "remove"
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
---

# For deployment onto a dedicated cluster (as part of the
# cluster deployment) set workload_shared_deployment to False
# This is the default so it does not have to be set explicitely
- name: post_workload tasks complete
debug:
msg: "Post-Workload tasks completed successfully."
when:
- not silent|bool
- not workload_shared_deployment|default(False)

# For RHPDS deployment (onto a shared cluster) set
# workload_shared_deployment to True
# (in the deploy script or AgnosticV configuration)
- name: post_workload tasks complete
debug:
msg: "Post-Software checks completed successfully"
when:
- not silent|bool
- workload_shared_deployment|default(False)
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
---

# For deployment onto a dedicated cluster (as part of the
# cluster deployment) set workload_shared_deployment to False
# This is the default so it does not have to be set explicitely
- name: pre_workload tasks complete
debug:
msg: "Pre-Workload tasks completed successfully."
when:
- not silent|bool
- not workload_shared_deployment|default(False)

# For RHPDS deployment (onto a shared cluster) set
# workload_shared_deployment to True
# (in the deploy script or AgnosticV configuration)
- name: pre_workload tasks complete
debug:
msg: "Pre-Software checks completed successfully"
when:
- not silent|bool
- workload_shared_deployment|default(False)
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
---
# Implement your workload removal tasks here
# ------------------------------------------

- name: Update default storage class
when: ocp4_workload_gitops_amqstreams_update_default_storage_class | bool
block:
- name: Remove annotation from current default storage class
command:
cmd: >-
oc annotate sc {{ ocp4_workload_gitops_amqstreams_new_default_storage_class_name }}
storageclass.kubernetes.io/is-default-class-
ignore_errors: true

- name: Set previous default storage class
command:
cmd: >-
oc annotate sc {{ ocp4_workload_gitops_amqstreams_old_default_storage_class_name }}
storageclass.kubernetes.io/is-default-class="true"
ignore_errors: true

- name: Remove Operator
include_role:
name: install_operator
vars:
install_operator_action: remove
install_operator_name: "{{ ocp4_workload_gitops_amqstreams_operator_name }}"
install_operator_namespace: "{{ ocp4_workload_gitops_amqstreams_namespace }}"
install_operator_catalog: redhat-operators
install_operator_csv_nameprefix: "{{ ocp4_workload_gitops_amqstreams_operator_csv_prefix }}"
install_operator_channel: "{{ ocp4_workload_gitops_amqstreams_channel }}"
install_operator_automatic_install_plan_approval: "{{ ocp4_workload_gitops_amqstreams_automatic_install_plan_approval | default(true) }}"
install_operator_manage_namespaces:
- "{{ ocp4_workload_gitops_amqstreams_namespace }}"
install_operator_catalogsource_setup: "{{ ocp4_workload_gitops_amqstreams_catalogsource_setup | default(false)}}"
install_operator_catalogsource_name: "{{ ocp4_workload_gitops_amqstreams_catalogsource_name | default('') }}"
install_operator_catalogsource_image: "{{ ocp4_workload_gitops_amqstreams_catalogsource_image | default('') }}"
install_operator_catalogsource_image_tag: "{{ ocp4_workload_gitops_amqstreams_catalogsource_image_tag | default('') }}"

# Leave this as the last task in the playbook.
# --------------------------------------------

- name: remove_workload tasks complete
debug:
msg: "Remove Workload tasks completed successfully."
when: not silent|bool
Original file line number Diff line number Diff line change
@@ -0,0 +1,120 @@
---
- name: Retrieve ArgoCD credentials
kubernetes.core.k8s_info:
api_version: v1
kind: Secret
name: argocd-cluster
namespace: janus-argocd
register: r_argo_creds
until:
- r_argo_creds is defined
- r_argo_creds.resources is defined
- r_argo_creds.resources | length > 0

- name: Decode argo credentials
set_fact:
ocp4_workload_redhat_developer_hub_argocd_password: "{{ r_argo_creds.resources[0].data['admin.password'] | b64decode }}"

- name: Retrieve openshift gitops route
kubernetes.core.k8s_info:
api_version: route.openshift.io/v1
kind: Route
name: argocd-server
namespace: janus-argocd
register: r_argocd_route
until:
- r_argocd_route is defined
- r_argocd_route.resources is defined
- r_argocd_route.resources | length > 0

- name: Retrieve openshift gitops hostname
set_fact:
ocp4_workload_redhat_developer_hub_argocd_host: "{{ r_argocd_route.resources[0].spec.host }}"

- name: Create backstage pre-requisite resources
kubernetes.core.k8s:
state: present
definition: "{{ lookup('template', item ) | from_yaml }}"
loop:
- cluster-role-binding-default-sa-admin.yml.j2
- object-bucket-claim.yml.j2

- name: Get default token
shell: oc get secret $(oc get secret -n default | grep default-token | awk '{print $1}') -n default -o json | jq -r '.data.token'
register: r_default_token

- name: Get Openshift REST API
shell: oc config view -o jsonpath='{.clusters[0].cluster.server}'
register: r_ocp_api

- name: Decode default token
set_fact:
ocp4_workload_redhat_developer_hub_ocp_default_sa_token: "{{ r_default_token.stdout | b64decode }}"
ocp4_workload_redhat_developer_hub_ocp_api: "{{ r_ocp_api.stdout }}"

- name: Retrieve quay admin token
kubernetes.core.k8s_info:
api_version: v1
kind: Secret
name: quay-admin-token
namespace: quay-enterprise
register: r_quay_token
retries: 120
delay: 10
until:
- r_quay_token is defined
- r_quay_token.resources is defined
- r_quay_token.resources | length > 0
- r_quay_token.resources[0] is defined

- name: Decode quay admin token
set_fact:
ocp4_workload_redhat_developer_hub_quay_admin_token: "{{ r_quay_token.resources[0].data.token | b64decode }}"

- name: Retrieve s3 bucket details
kubernetes.core.k8s_info:
api_version: objectbucket.io/v1alpha1
kind: ObjectBucketClaim
name: backstage-bucket-claim
namespace: backstage
register: r_bucket_claim
until:
- r_bucket_claim is defined
- r_bucket_claim.resources is defined
- r_bucket_claim.resources | length > 0

- name: Retrieve bucket secret
kubernetes.core.k8s_info:
api_version: v1
kind: Secret
name: backstage-bucket-claim
namespace: "{{ ocp4_workload_redhat_developer_hub_backstage_namespace }}"
register: r_bucket_secret
retries: 120
delay: 10
until:
- r_bucket_secret is defined
- r_bucket_secret.resources is defined
- r_bucket_secret.resources | length > 0

- name: Extract S3 Details
set_fact:
ocp4_workload_redhat_developer_hub_s3_bucket_name: "{{ r_bucket_claim.resources[0].spec.bucketName }}"
ocp4_workload_redhat_developer_hub_s3_bucket_region: "{{ aws_region }}"
ocp4_workload_redhat_developer_hub_s3_bucket_endpoint: "https://s3-openshift-storage.{{ ocp4_workload_redhat_developer_hub_apps_domain }}"
ocp4_workload_redhat_developer_hub_s3_bucket_aws_access_key_id: "{{ r_bucket_secret.resources[0].data.AWS_ACCESS_KEY_ID | b64decode}}"
ocp4_workload_redhat_developer_hub_s3_bucket_aws_secret_access_key: "{{ r_bucket_secret.resources[0].data.AWS_SECRET_ACCESS_KEY | b64decode}}"

- name: Setup Backstage Repo
include_tasks:
file: ./setup_backstage_repo.yml

- name: Create Backstage Gitops application
kubernetes.core.k8s:
state: present
definition: "{{ lookup('template', 'application-backstage-gitops.yml.j2' ) | from_yaml }}"

- name: Create vault secret for common password
shell: |
oc exec vault-0 -n {{ ocp4_workload_redhat_developer_hub_vault_namespace
}} -- vault kv put kv/secrets/janusidp/common_password password={{ common_password }}
Loading
Loading