├── .github ├── CODEOWNERS ├── ISSUE_TEMPLATE │ ├── bug_report.yml │ ├── config.yml │ └── enhancement.yml ├── pull_request_template.md └── workflows │ ├── ansible-publish.yml │ ├── ansible.yml │ └── docs.yml ├── .gitignore ├── .prettierignore ├── CONTRIBUTING.md ├── LICENSE ├── Makefile ├── README.md ├── build ├── README.md ├── bin │ ├── .env.sh │ ├── .functions.sh │ ├── artifactory-release.sh │ ├── build-collection.sh │ ├── build-execution-environment.sh │ ├── copy-role-docs.sh │ ├── initbuild.sh │ └── semver └── ee │ ├── bindep.txt │ ├── execution-environment.yml │ ├── install │ ├── install-aws.sh │ ├── install-ibmcloud.sh │ ├── install-ibmpak.sh │ ├── install-mongo-tools.sh │ ├── install-oc.sh │ ├── install-rclone.sh │ ├── install-rosa.sh │ └── install-yq.sh │ └── requirements.yml ├── docs ├── execution-environment.md ├── images │ ├── Project.png │ ├── credentials-2.png │ ├── credentials.png │ ├── execution-env.png │ ├── files.png │ ├── inventory-2.png │ ├── inventory.png │ ├── job-1.png │ ├── job-2.png │ ├── job-3.png │ ├── logs-1.png │ ├── logs-2.png │ ├── organization.png │ ├── relaunch.png │ ├── survey-2.png │ ├── survey-3.png │ ├── survey.png │ ├── sync.png │ └── template-1.png ├── index.md └── playbooks │ ├── backup-restore.md │ ├── cp4d.md │ ├── ocp.md │ ├── oneclick-aibroker.md │ ├── oneclick-core.md │ ├── oneclick-facilities.md │ ├── oneclick-iot.md │ ├── oneclick-manage.md │ ├── oneclick-monitor.md │ ├── oneclick-optimizer.md │ ├── oneclick-predict.md │ ├── oneclick-update.md │ ├── oneclick-upgrade.md │ ├── oneclick-visualinspection.md │ └── uninstall-core.md ├── ibm └── mas_devops │ ├── .ansible-lint │ ├── README.md │ ├── common_tasks │ ├── backup_restore │ │ ├── after_run_tasks.yml │ │ ├── before_run_tasks.yml │ │ ├── check_backup_vars.yml │ │ ├── check_common_vars.yml │ │ ├── check_restore_vars.yml │ │ ├── confirm_cluster_info.yml │ │ ├── copy_local_files_to_storage.yml │ │ ├── copy_pod_files_to_storage.yml │ │ ├── copy_storage_files_to_local.yml │ │ ├── copy_storage_files_to_pod.yml │ │ ├── create_cleanup_job.yml │ │ ├── create_local_job_folder.yml │ │ ├── delete_storage_job_folder.yml │ │ ├── list_storage_job_folders.yml │ │ ├── rename_storage_job_folder.yml │ │ ├── restart_and_reconsiled.yml │ │ └── update_job_status.yml │ ├── default_storage_classes.yml │ ├── detect_airgap.yml │ ├── detect_cert_manager.yml │ ├── detect_sno.yml │ ├── get_ingress_cert.yml │ ├── get_signed_ingress_cert.yml │ ├── get_version_from_channel.yml │ ├── pod_templates │ │ ├── get_pod_templates.yml │ │ └── main.yml │ ├── templates │ │ ├── backup_restore │ │ │ ├── backup-namespace-resources.sh.j2 │ │ │ ├── backup.yml.j2 │ │ │ ├── cleanup_job.sh.j2 │ │ │ ├── cleanup_job.yml.j2 │ │ │ ├── copy_cloud_files_job.yml.j2 │ │ │ └── restore.yml.j2 │ │ └── subscription.yml.j2 │ ├── wait-machine-config-update.yml │ └── wait_for_crd.yml │ ├── common_vars │ ├── application_info.yml │ ├── backup_restore.yml │ ├── compatibility_matrix.yml │ └── cp4d_supported_versions.yml │ ├── galaxy.yml │ ├── meta │ └── runtime.yml │ ├── playbooks │ ├── br_core.yml │ ├── br_db2.yml │ ├── br_health.yml │ ├── br_iot.yml │ ├── br_manage.yml │ ├── br_mongodb.yml │ ├── br_monitor.yml │ ├── br_optimizer.yml │ ├── br_visualinspection.yml │ ├── cp4d.yml │ ├── deploy_private_registry.yml │ ├── mirror_add_assist.yml │ ├── mirror_add_facilities.yml │ ├── mirror_add_iot.yml │ ├── mirror_add_manage.yml │ ├── mirror_add_monitor.yml │ ├── mirror_add_optimizer.yml │ ├── mirror_add_predict.yml │ ├── mirror_add_visualinspection.yml │ ├── mirror_core.yml │ ├── mirror_dependencies.yml │ ├── mirror_openshift.yml │ ├── ocp_aws_deprovision.yml │ ├── ocp_aws_provision.yml │ ├── ocp_convert_to_disconnected.yml │ ├── ocp_fyre_deprovision.yml │ ├── ocp_fyre_provision.yml │ ├── ocp_roks_deprovision.yml │ ├── ocp_roks_provision.yml │ ├── ocp_rosa_deprovision.yml │ ├── ocp_rosa_provision.yml │ ├── oneclick_add_aibroker.yml │ ├── oneclick_add_assist.yml │ ├── oneclick_add_facilities.yml │ ├── oneclick_add_iot.yml │ ├── oneclick_add_manage.yml │ ├── oneclick_add_monitor.yml │ ├── oneclick_add_optimizer.yml │ ├── oneclick_add_predict.yml │ ├── oneclick_add_visualinspection.yml │ ├── oneclick_core.yml │ ├── oneclick_update.yml │ ├── oneclick_upgrade.yml │ ├── run_role.yml │ └── uninstall_core.yml │ ├── plugins │ ├── README.md │ ├── action │ │ ├── apply_subscription.py │ │ ├── get_catalog_info.py │ │ ├── get_default_storage_classes.py │ │ ├── get_newest_catalog_tag.py │ │ ├── update_ibm_entitlement.py │ │ ├── verify_app_version.py │ │ ├── verify_catalogsources.py │ │ ├── verify_core_version.py │ │ ├── verify_subscriptions.py │ │ └── verify_workloads.py │ ├── filter │ │ └── filters.py │ └── modules │ │ ├── __pycache__ │ │ └── cis_dns_entries.cpython-37.pyc │ │ ├── cis_dns_entries.py │ │ ├── cis_edge_cert_entries.py │ │ └── wipe_mongo.py │ ├── requirements.txt │ └── roles │ ├── aibroker │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── files │ │ ├── access_wx.py │ │ ├── create_apikey.sh │ │ ├── create_dro_token.sh │ │ ├── create_wx.sh │ │ ├── delete_s3.py │ │ └── generate_api_key.py │ ├── meta │ │ └── main.yml │ ├── tasks │ │ ├── aibroker │ │ │ └── main.yml │ │ ├── apikey │ │ │ ├── install │ │ │ │ └── main.yml │ │ │ ├── main.yml │ │ │ ├── remove │ │ │ │ └── main.yml │ │ │ └── update │ │ │ │ └── main.yml │ │ ├── config_db2 │ │ │ └── main.yml │ │ ├── config_dro │ │ │ └── main.yml │ │ ├── config_sls │ │ │ └── main.yml │ │ ├── main.yml │ │ ├── mariadb │ │ │ └── main.yml │ │ ├── minio │ │ │ └── main.yml │ │ ├── tenant │ │ │ ├── install │ │ │ │ └── main.yml │ │ │ └── main.yml │ │ └── watsonx │ │ │ ├── install │ │ │ └── main.yml │ │ │ ├── main.yml │ │ │ └── remove │ │ │ └── main.yml │ ├── templates │ │ ├── aibroker │ │ │ ├── aibrokerapp.yml.j2 │ │ │ ├── operator-group.yml.j2 │ │ │ └── subscription.yml.j2 │ │ ├── dro │ │ │ ├── dro-ca-cert.yml.j2 │ │ │ └── dro-token.yml.j2 │ │ ├── jdbc │ │ │ └── jdbc-admin-credentials.yml.j2 │ │ ├── mariadb │ │ │ └── mariadb-credentials.yml.j2 │ │ ├── minio │ │ │ └── minio-credentials.yml.j2 │ │ ├── sls │ │ │ └── sls-tenant-details.yml.j2 │ │ └── tenant │ │ │ ├── connector-configmap.yml.j2 │ │ │ ├── km-s3-sa.yml.j2 │ │ │ ├── kserve-huggingfaceserver.yml.j2 │ │ │ ├── kserve-lgbserver.yml.j2 │ │ │ ├── kserve-sklearnserver.yml.j2 │ │ │ ├── kserve-xgbserver.yml.j2 │ │ │ └── rbac.yml.j2 │ └── vars │ │ └── main.yml │ ├── aibroker_tenant │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── files │ │ └── delete_s3.py │ ├── meta │ │ └── main.yml │ ├── tasks │ │ ├── config_dro │ │ │ └── main.yml │ │ ├── config_rsl │ │ │ └── main.yml │ │ ├── config_sls │ │ │ └── main.yml │ │ ├── main.yml │ │ ├── namespace │ │ │ ├── install │ │ │ │ └── main.yml │ │ │ ├── main.yml │ │ │ └── remove │ │ │ │ └── main.yml │ │ ├── s3 │ │ │ ├── install │ │ │ │ └── main.yml │ │ │ ├── main.yml │ │ │ └── remove │ │ │ │ └── main.yml │ │ ├── tenant │ │ │ ├── install │ │ │ │ └── main.yml │ │ │ ├── main.yml │ │ │ └── remove │ │ │ │ └── main.yml │ │ └── watsonx │ │ │ ├── install │ │ │ └── main.yml │ │ │ ├── main.yml │ │ │ └── remove │ │ │ └── main.yml │ └── templates │ │ ├── aibroker │ │ └── aibrokerworkspace.yml.j2 │ │ ├── dro │ │ └── dro-secret.yml.j2 │ │ ├── rsl │ │ └── rsl-secret.yml.j2 │ │ ├── s3 │ │ └── secret.yml.j2 │ │ ├── sls │ │ └── sls-secret.yml.j2 │ │ ├── tenant │ │ └── ingress-allow-isvc.yml.j2 │ │ └── watsonx │ │ └── secret.yml.j2 │ ├── ansible_version_check │ ├── README.md │ ├── defaults │ │ └── main.yaml │ ├── meta │ │ └── main.yml │ └── tasks │ │ └── main.yml │ ├── appconnect │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ ├── tasks │ │ ├── appconnectcfg.yml │ │ ├── determine-storage-classes.yml │ │ └── main.yml │ └── templates │ │ ├── appconnectcfg.yml.j2 │ │ ├── dashboard.yml.j2 │ │ ├── operator-group.yml.j2 │ │ └── subscription.yml.j2 │ ├── arcgis │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ ├── tasks │ │ ├── lookup_trusted_certs.yml │ │ └── main.yml │ └── templates │ │ ├── arcgisapp.yml.j2 │ │ ├── arcgisws.yml.j2 │ │ ├── ingress-cluster-rbac.yml.j2 │ │ ├── namespace.yml.j2 │ │ └── ws-cluster-rbac.yml.j2 │ ├── aws_bucket_access_point │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── files │ │ └── ap-policy.json.j2 │ ├── meta │ │ └── main.yml │ └── tasks │ │ └── main.yml │ ├── aws_documentdb_user │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── tasks │ │ └── main.yml │ ├── templates │ │ ├── change_user_password.js.j2 │ │ ├── create_user.js.j2 │ │ ├── docdb_instance_user_credentials_secret.yaml.j2 │ │ └── drop_user.js.j2 │ └── vars │ │ └── main.yml │ ├── aws_policy │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── files │ │ └── policy-template-sample.json │ ├── meta │ │ └── main.yml │ └── tasks │ │ ├── create-policy-from-json-file.yml │ │ ├── create-policy-from-variable.yml │ │ └── main.yml │ ├── aws_route53 │ ├── README.md │ ├── defaults │ │ └── main.yaml │ ├── meta │ │ └── main.yml │ └── tasks │ │ └── main.yml │ ├── aws_user_creation │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ └── tasks │ │ └── main.yml │ ├── aws_vpc │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ ├── tasks │ │ ├── deprovision.yml │ │ ├── main.yml │ │ └── provision.yml │ └── templates │ │ └── vpc_configmap.yml.j2 │ ├── cert_manager │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ ├── tasks │ │ ├── main.yml │ │ ├── prereqs-migration.yml │ │ └── provider │ │ │ ├── ibm │ │ │ ├── install.yml │ │ │ └── uninstall.yml │ │ │ └── redhat │ │ │ ├── install.yml │ │ │ └── uninstall.yml │ └── templates │ │ ├── ibm │ │ ├── ibm-cert-manager-common-service.yml │ │ └── ibm-cert-manager.yml │ │ └── redhat │ │ ├── cert-manager-cluster.yml.j2 │ │ ├── cert-manager-webhook-ibm-cis-crb.yml.j2 │ │ └── ibm-cpp-configmap.yml.j2 │ ├── cis │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ ├── tasks │ │ ├── main.yml │ │ └── provider │ │ │ └── ibm │ │ │ ├── deprovision.yml │ │ │ └── provision.yml │ └── templates │ │ └── cis_output.yml.j2 │ ├── common_services │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ ├── tasks │ │ ├── actions │ │ │ ├── install.yml │ │ │ ├── uninstall.yml │ │ │ └── upgrade.yml │ │ └── main.yml │ └── templates │ │ ├── namespace.yml.j2 │ │ └── subscription.yml.j2 │ ├── configure_manage_eventstreams │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ ├── tasks │ │ ├── main.yml │ │ └── retrieve-es-certs.yml │ └── templates │ │ ├── configcrontask.j2 │ │ ├── configes.sh.j2 │ │ ├── configmsgprovider.j2 │ │ └── system_properties.yaml.j2 │ ├── cos │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ ├── tasks │ │ ├── main.yml │ │ └── providers │ │ │ ├── ibm │ │ │ ├── deprovision.yml │ │ │ └── provision.yml │ │ │ └── ocs │ │ │ └── provision.yml │ └── templates │ │ ├── ibm │ │ └── objectstoragecfg.yml.j2 │ │ └── ocs │ │ ├── object.yaml │ │ ├── objectstoragecfg.yml.j2 │ │ ├── objectuser.yaml │ │ ├── ocs-certs.yml.j2 │ │ └── rgw.yaml │ ├── cos_bucket │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ └── tasks │ │ ├── main.yml │ │ └── providers │ │ ├── aws │ │ ├── create.yml │ │ └── delete.yml │ │ └── ibm │ │ ├── create.yml │ │ ├── create_cross_region_location_bucket.yml │ │ ├── create_region_location_bucket.yml │ │ ├── create_service_credentials.yml │ │ └── delete.yml │ ├── cp4d │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ ├── tasks │ │ ├── authorize-user-cpd-admin.yml │ │ ├── create-catalog-sources.yml │ │ ├── create-cpd-core-service-accounts.yml │ │ ├── create-olm-utils.yml │ │ ├── create-subscriptions.yml │ │ ├── determine-ibmcatalog-tag.yml │ │ ├── determine-storage-classes.yml │ │ ├── entitlement.yml │ │ ├── install-cp4d.yml │ │ ├── load-catalog-source-definitions.yml │ │ ├── lookup-admin-credentials.yml │ │ ├── main.yml │ │ ├── prereq-check │ │ │ ├── check-cpfs-odlm-installed.yml │ │ │ ├── check-cpfs-version.yml │ │ │ └── main.yml │ │ ├── prereqs │ │ │ ├── disable-cpfs-v3.yml │ │ │ ├── install-cpfs.yml │ │ │ ├── install-ibm-licensing.yml │ │ │ ├── install-ibm-namespace-scope.yml │ │ │ └── uninstall-operator.yml │ │ └── wait │ │ │ └── wait-zenmetastore-edb.yml │ └── templates │ │ ├── catalog_sources │ │ ├── 4.8.0.yml │ │ ├── 5.0.0.yml │ │ ├── 5.1.3.yml │ │ └── definition.yml.j2 │ │ ├── config_maps │ │ ├── olm-utils-cm-4.8.0.yml.j2 │ │ ├── olm-utils-cm-5.0.0.yml.j2 │ │ └── olm-utils-cm-5.1.3.yml.j2 │ │ ├── cpd_platform │ │ ├── ibmcpd.yml.j2 │ │ ├── namespaces.yml.j2 │ │ ├── rbac.yml.j2 │ │ └── subscription.yml.j2 │ │ ├── cpfs │ │ ├── common-service-maps-cm-blank.yml.j2 │ │ ├── common-service-maps-cm.yml.j2 │ │ ├── cr.yml.j2 │ │ └── subscription.yml.j2 │ │ ├── licensing │ │ ├── cr.yml.j2 │ │ └── subscription.yml.j2 │ │ └── namespacescope │ │ ├── cr.yml.j2 │ │ └── subscription.yml.j2 │ ├── cp4d_admin_pwd_update │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ ├── tasks │ │ ├── cp4d-access-control.yml │ │ ├── get-cp4d-bearer-token.yml │ │ ├── get-cp4d-route.yml │ │ └── main.yml │ └── templates │ │ └── cp4d_admin_credentials_secret.yaml.j2 │ ├── cp4d_service │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ ├── tasks │ │ ├── create-cpd-service-accounts.yml │ │ ├── determine-storage-classes.yml │ │ ├── gencfg │ │ │ ├── gencfg-wd.yml │ │ │ └── gencfg-wsl.yml │ │ ├── install.yml │ │ ├── main.yml │ │ ├── postinstall │ │ │ └── postinstall-wd-gateway-workaround.yml │ │ ├── prereqs │ │ │ ├── odf │ │ │ │ ├── main.yml │ │ │ │ └── storage.yml │ │ │ ├── prereqs-spss.yml │ │ │ ├── prereqs-wd-edb.yml │ │ │ ├── prereqs-wd-gateway-workaround.yml │ │ │ ├── prereqs-wd-mcg.yml │ │ │ └── prereqs-wd.yml │ │ └── wait │ │ │ ├── wait-aiopenscale.yml │ │ │ ├── wait-ca.yml │ │ │ ├── wait-ccs.yml │ │ │ ├── wait-couchdb.yml │ │ │ ├── wait-elasticsearch.yml │ │ │ ├── wait-spark-control-plane.yml │ │ │ ├── wait-spark.yml │ │ │ ├── wait-spss.yml │ │ │ ├── wait-wd-detectimagepullbackoff.yml │ │ │ ├── wait-wd-etcd.yml │ │ │ ├── wait-wd.yml │ │ │ ├── wait-wml-etcd.yml │ │ │ ├── wait-wml.yml │ │ │ └── wait-wsl.yml │ └── templates │ │ ├── operand_config │ │ └── cpd_dependencies.yml.j2 │ │ ├── serviceAccounts.yml.j2 │ │ ├── services │ │ ├── aiopenscale.yml.j2 │ │ ├── ca.yml.j2 │ │ ├── spark.yml.j2 │ │ ├── spss.yml.j2 │ │ ├── wd.yml.j2 │ │ ├── wml.yml.j2 │ │ └── wsl.yml.j2 │ │ ├── subscription.yml.j2 │ │ ├── wd │ │ ├── operandRequest-edb.yml.j2 │ │ ├── storage │ │ │ ├── namespace.yaml │ │ │ ├── storagecluster.yaml │ │ │ └── subscription.yml.j2 │ │ ├── wds.json.j2 │ │ └── wdscfg.yml.j2 │ │ └── wsl │ │ ├── create_wsl_project.json.j2 │ │ ├── runtimes-py310.yml.j2 │ │ ├── runtimes-py39.yml.j2 │ │ └── watsonstudiocfg.yml.j2 │ ├── db2 │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ ├── tasks │ │ ├── after-backup-restore.yml │ │ ├── backup │ │ │ ├── backup-database.yml │ │ │ └── main.yml │ │ ├── before-backup-restore.yml │ │ ├── delete_db2_operand_request.yml │ │ ├── install │ │ │ ├── create_ldap_user.yml │ │ │ ├── determine-storage-classes.yml │ │ │ ├── main.yml │ │ │ ├── rotate_ldap_user_password.yml │ │ │ ├── setup_norootsquash.yml │ │ │ ├── setup_timezone.yml │ │ │ └── suite_jdbccfg.yml │ │ ├── main.yml │ │ ├── restore │ │ │ ├── copy-db2-backup-file.yml │ │ │ ├── main.yml │ │ │ └── restore-database.yml │ │ └── upgrade │ │ │ ├── main.yml │ │ │ ├── prepare-db2-upgrade.yml │ │ │ ├── run-db2-instances-upgrade.yml │ │ │ └── run-db2-subscription-upgrade.yml │ ├── templates │ │ ├── certs │ │ │ ├── ca_certificate.yml.j2 │ │ │ ├── ca_issuer.yml.j2 │ │ │ ├── certificate.yml.j2 │ │ │ └── issuer.yml.j2 │ │ ├── db2u_namespace.yaml │ │ ├── db2u_operandrequest.yml.j2 │ │ ├── db2ucluster.yml.j2 │ │ ├── norootsquash_daemonset.yml.j2 │ │ ├── suite_jdbccfg.yml.j2 │ │ └── tlsroute.yml.j2 │ └── vars │ │ └── jdbccfg │ │ ├── app.yml.j2 │ │ ├── system.yml.j2 │ │ ├── ws.yml.j2 │ │ └── wsapp.yml.j2 │ ├── dro │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ ├── tasks │ │ ├── gencfg │ │ │ ├── main.yml │ │ │ └── migrate.yml │ │ ├── install-dro │ │ │ ├── determine-storage-classes.yml │ │ │ └── main.yml │ │ ├── main.yml │ │ └── uninstall │ │ │ └── main.yml │ └── templates │ │ ├── MarketplaceConfig-cr.yml.j2 │ │ ├── bascfg.yml.j2 │ │ ├── dro-certs.yml.j2 │ │ ├── dro-pvc.yml.j2 │ │ ├── operatorgroup.yml.j2 │ │ ├── rhm-pull-secret.yml.j2 │ │ ├── role_binding.yml.j2 │ │ └── subscription │ │ ├── dro_subscription.yml │ │ └── imo_subscription.yml │ ├── eck │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ ├── tasks │ │ ├── install.yml │ │ └── main.yml │ └── templates │ │ ├── elastic │ │ ├── cert-elasticsearch.yml.j2 │ │ ├── cert-kibana.yml.j2 │ │ ├── elasticsearch.yml.j2 │ │ ├── filebeat.yml.j2 │ │ ├── issuer-letsencrypt.yml.j2 │ │ ├── kibana.yml.j2 │ │ ├── logstash.yml.j2 │ │ ├── namespace.yml.j2 │ │ ├── route-elasticsearch.yml.j2 │ │ ├── route-kibana.yml.j2 │ │ ├── sa-filebeat.yml.j2 │ │ ├── sa-logstash.yml.j2 │ │ └── secret-elasticsearch-roles.yml.j2 │ │ └── subscription.yml.j2 │ ├── entitlement_key_rotation │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ ├── tasks │ │ ├── main.yml │ │ ├── rotate-clusters.yml │ │ ├── rotate-ibm-entitlement.yml │ │ └── rotate-wiotp-docker-local.yml │ └── templates │ │ └── ibm-entitlement-with-artifactory.json.j2 │ ├── gencfg_jdbc │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ ├── tasks │ │ └── main.yml │ ├── templates │ │ ├── jdbc-certs.yml.j2 │ │ └── jdbccfg.yml.j2 │ └── vars │ │ └── jdbccfg │ │ ├── app.yml.j2 │ │ ├── system.yml.j2 │ │ ├── ws.yml.j2 │ │ └── wsapp.yml.j2 │ ├── gencfg_mongo │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ ├── tasks │ │ └── main.yml │ └── templates │ │ ├── mongo-certs.yml.j2 │ │ ├── mongo-hosts.yml.j2 │ │ └── suite_mongocfg.yml.j2 │ ├── gencfg_watsonstudio │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ ├── tasks │ │ └── main.yml │ ├── templates │ │ └── wscfg.yml.j2 │ └── vars │ │ └── wscfg │ │ ├── app.yml │ │ ├── system.yml │ │ ├── ws.yml │ │ └── wsapp.yml │ ├── gencfg_workspace │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ ├── tasks │ │ └── main.yml │ └── templates │ │ └── workspace.yml.j2 │ ├── grafana │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ ├── tasks │ │ ├── install │ │ │ ├── determine-storage-classes.yml │ │ │ └── main.yml │ │ ├── main.yml │ │ ├── uninstall │ │ │ ├── main.yml │ │ │ └── uninstall.yml │ │ ├── uninstall_grafanav4 │ │ │ └── main.yml │ │ └── update │ │ │ ├── determine-storage-config.yml │ │ │ └── main.yml │ └── templates │ │ ├── cluster-monitoring-config.yml.j2 │ │ └── grafana │ │ ├── v4 │ │ ├── grafana-datasource.yml.j2 │ │ ├── grafana-prometheus-serviceaccount.yml.j2 │ │ ├── grafana-rbac.yml.j2 │ │ └── grafana.yml.j2 │ │ └── v5 │ │ ├── grafana-dashboard-v5-update.yml.j2 │ │ ├── grafana-datasource.yml.j2 │ │ ├── grafana-prometheus-serviceaccount.yml.j2 │ │ ├── grafana-rbac.yml.j2 │ │ └── grafana.yml.j2 │ ├── ibm_catalogs │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ ├── tasks │ │ ├── install │ │ │ ├── development-catalog.yml │ │ │ └── main.yml │ │ ├── main.yml │ │ └── uninstall │ │ │ └── main.yml │ └── templates │ │ ├── development-catalog-with-digest.yml.j2 │ │ ├── development-catalog.yml.j2 │ │ ├── offline-catalog.yml.j2 │ │ └── online-catalog.yml.j2 │ ├── ibmcloud_resource_key │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ └── tasks │ │ ├── main.yml │ │ ├── service_key_create.yml │ │ └── service_key_delete.yml │ ├── kafka │ ├── README.md │ ├── defaults │ │ └── main.yaml │ ├── files │ │ └── aws │ │ │ └── configuration.txt │ ├── meta │ │ └── main.yml │ ├── tasks │ │ ├── determine-storage-classes.yml │ │ ├── main.yaml │ │ └── provider │ │ │ ├── aws │ │ │ ├── install.yml │ │ │ ├── uninstall.yml │ │ │ └── utils │ │ │ │ ├── create-msk-key.yml │ │ │ │ ├── create-security-group.yml │ │ │ │ ├── create-subnet.yml │ │ │ │ └── validate.yml │ │ │ ├── ibm │ │ │ ├── create-eventstreams-service-credentials.yml │ │ │ ├── install.yml │ │ │ ├── retrieve-eventstreams-certs.yml │ │ │ └── uninstall.yml │ │ │ ├── redhat │ │ │ ├── check-kafka-exists.yml │ │ │ ├── check-kafka-instances-upgrade.yml │ │ │ ├── install-kafka.yml │ │ │ ├── install.yml │ │ │ ├── lookup-supported-kafka-versions.yml │ │ │ ├── prepare-kafka-upgrade.yml │ │ │ ├── run-kafka-instances-upgrade.yml │ │ │ ├── run-kafka-subscription-upgrade.yml │ │ │ └── upgrade.yml │ │ │ └── strimzi │ │ │ ├── install.yml │ │ │ └── upgrade.yml │ └── templates │ │ ├── aws │ │ ├── clusterinfo.json.j2 │ │ ├── mskcfg.yml.j2 │ │ └── secretvalues.json.j2 │ │ ├── ibm │ │ ├── eventstreams_kafkacfg.yml.j2 │ │ └── kafka-hosts.yml.j2 │ │ └── redhat │ │ ├── clusters │ │ ├── large.yml.j2 │ │ └── small.yml.j2 │ │ ├── dashboards-v5 │ │ ├── kafka-exporter.yml.j2 │ │ ├── kafka-zookeeper.yml.j2 │ │ └── kafka.yml.j2 │ │ ├── dashboards │ │ ├── kafka-exporter.yml.j2 │ │ ├── kafka-zookeeper.yml.j2 │ │ └── kafka.yml.j2 │ │ ├── grafana-json │ │ ├── kafka-exporter.json │ │ ├── kafka-zookeeper.json │ │ └── kafka.json │ │ ├── kafkacfg.yml.j2 │ │ ├── logging-configmap.yml.j2 │ │ ├── masuser.yml.j2 │ │ ├── metrics-configmap.yml.j2 │ │ ├── podmonitor.yml.j2 │ │ └── subscription.yml.j2 │ ├── key_rotation │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ ├── tasks │ │ ├── main.yml │ │ └── providers │ │ │ ├── aws.yml │ │ │ └── roks.yml │ └── templates │ │ ├── config.j2 │ │ └── credentials.j2 │ ├── kmodels │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ ├── tasks │ │ ├── controller.yml │ │ ├── determine-storage-classes.yml │ │ ├── istio.yml │ │ ├── main.yml │ │ ├── networkpolicies.yml │ │ ├── store.yml │ │ └── watcher.yml │ ├── templates │ │ ├── istio │ │ │ └── istio.yml.j2 │ │ ├── kmodels-controller │ │ │ ├── configmap.yml.j2 │ │ │ ├── deployment.yml.j2 │ │ │ ├── network.yml.j2 │ │ │ ├── pvc.yml.j2 │ │ │ └── serviceaccount.yml.j2 │ │ ├── kmodels-store │ │ │ ├── configmap.yml.j2 │ │ │ ├── deployment.yml.j2 │ │ │ └── network.yml.j2 │ │ ├── kmodels-watcher │ │ │ ├── configmap.yml.j2 │ │ │ ├── deployment.yml.j2 │ │ │ ├── network.yml.j2 │ │ │ ├── rbac.yml.j2 │ │ │ └── serviceaccount.yml.j2 │ │ ├── namespace.yml.j2 │ │ ├── networkpolicies │ │ │ ├── ds-pipelines-km-instance.j2 │ │ │ └── km-instance.yml.j2 │ │ └── regcred-secret.json.j2 │ └── vars │ │ └── main.yml │ ├── mariadb │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ ├── tasks │ │ ├── determine-storage-classes.yml │ │ └── main.yml │ ├── templates │ │ └── mariadb │ │ │ ├── mariadb-deployment.yml.j2 │ │ │ ├── mariadb-np.yml.j2 │ │ │ ├── mariadb-ns.yml.j2 │ │ │ ├── mariadb-pvc.yml.j2 │ │ │ ├── mariadb-sa.yml.j2 │ │ │ ├── mariadb-secret.yml.j2 │ │ │ └── mariadb-service.yml.j2 │ └── vars │ │ └── main.yml │ ├── minio │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ ├── tasks │ │ ├── determine-storage-classes.yml │ │ └── main.yml │ ├── templates │ │ └── minio │ │ │ ├── minio-deployment.yml.j2 │ │ │ ├── minio-ns.yml.j2 │ │ │ ├── minio-pvc.yml.j2 │ │ │ ├── minio-route.yml.j2 │ │ │ └── minio-service.yml.j2 │ └── vars │ │ └── main.yml │ ├── mirror_case_prepare │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ ├── tasks │ │ ├── iot-860-fix.yml │ │ ├── iot-867-fix.yml │ │ ├── main.yml │ │ └── sls-350-fix.yml │ └── templates │ │ ├── iot860fix │ │ ├── direct.txt.j2 │ │ ├── from-filesystem.txt.j2 │ │ └── to-filesystem.txt.j2 │ │ ├── iot867fix │ │ ├── direct.txt.j2 │ │ ├── from-filesystem.txt.j2 │ │ └── to-filesystem.txt.j2 │ │ └── sls350fix │ │ ├── direct.txt.j2 │ │ ├── from-filesystem.txt.j2 │ │ └── to-filesystem.txt.j2 │ ├── mirror_extras_prepare │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ ├── tasks │ │ ├── catalog.yml │ │ ├── extras.yml │ │ └── main.yml │ ├── templates │ │ ├── direct.txt.j2 │ │ ├── from-filesystem.txt.j2 │ │ └── to-filesystem.txt.j2 │ └── vars │ │ ├── amlen_1.0.1.yml │ │ ├── amlen_1.0.2.yml │ │ ├── amlen_1.0.3.yml │ │ ├── amlen_1.1.1.yml │ │ ├── amlen_1.1.2.yml │ │ ├── catalog.yml │ │ ├── cp4d_4.8.0.yml │ │ ├── db2u_1.0.0.yml │ │ ├── db2u_1.0.1.yml │ │ ├── db2u_1.0.2.yml │ │ ├── db2u_1.0.3.yml │ │ ├── db2u_1.0.4.yml │ │ ├── db2u_1.0.5.yml │ │ ├── db2u_1.0.6.yml │ │ ├── mongoce_4.2.23.yml │ │ ├── mongoce_4.2.6.yml │ │ ├── mongoce_4.4.21.yml │ │ ├── mongoce_5.0.21.yml │ │ ├── mongoce_5.0.23.yml │ │ ├── mongoce_6.0.10.yml │ │ ├── mongoce_6.0.12.yml │ │ ├── mongoce_7.0.12.yml │ │ ├── odf_4.15.yml │ │ ├── spark_3.3.4.yml │ │ ├── spark_3.4.2.yml │ │ ├── wd_1.0.0.yml │ │ ├── wd_1.0.1.yml │ │ ├── wd_1.0.2.yml │ │ ├── wd_1.0.3.yml │ │ └── wd_1.0.4.yml │ ├── mirror_images │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── tasks │ │ └── main.yml │ └── templates │ │ └── auth-secret.json.j2 │ ├── mirror_ocp │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ ├── tasks │ │ ├── actions │ │ │ ├── direct.yml │ │ │ ├── from-filesystem.yml │ │ │ └── to-filesystem.yml │ │ └── main.yml │ └── templates │ │ └── imagesetconfiguration.yml.j2 │ ├── mongodb │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── files │ │ └── providers │ │ │ └── aws │ │ │ └── ca │ │ │ ├── root-ca-rsa2048-ap-east-1.pem │ │ │ ├── root-ca-rsa2048-ap-northeast-1.pem │ │ │ ├── root-ca-rsa2048-ap-northeast-2.pem │ │ │ ├── root-ca-rsa2048-ap-south-1.pem │ │ │ ├── root-ca-rsa2048-ap-south-2.pem │ │ │ ├── root-ca-rsa2048-ap-southeast-1.pem │ │ │ ├── root-ca-rsa2048-ap-southeast-2.pem │ │ │ ├── root-ca-rsa2048-ca-central-1.pem │ │ │ ├── root-ca-rsa2048-eu-central-1.pem │ │ │ ├── root-ca-rsa2048-eu-south-1.pem │ │ │ ├── root-ca-rsa2048-eu-west-1.pem │ │ │ ├── root-ca-rsa2048-eu-west-2.pem │ │ │ ├── root-ca-rsa2048-eu-west-3.pem │ │ │ ├── root-ca-rsa2048-sa-east-1.pem │ │ │ ├── root-ca-rsa2048-us-east-1.pem │ │ │ ├── root-ca-rsa2048-us-east-2.pem │ │ │ └── root-ca-rsa2048-us-west-2.pem │ ├── meta │ │ └── main.yml │ ├── tasks │ │ ├── determine-ibmcatalog-tag.yml │ │ ├── main.yml │ │ └── providers │ │ │ ├── aws │ │ │ ├── destroy-data.yml │ │ │ ├── docdb_secret_rotate.yml │ │ │ ├── install.yml │ │ │ ├── uninstall.yml │ │ │ └── utils │ │ │ │ ├── create-docdb-instance.yml │ │ │ │ └── create-subnet.yml │ │ │ ├── community │ │ │ ├── backup-restore │ │ │ │ ├── after-backup-restore.yml │ │ │ │ ├── backup-database.yml │ │ │ │ ├── before-backup-restore.yml │ │ │ │ ├── create-role-user.yml │ │ │ │ ├── get-mongo-info.yml │ │ │ │ ├── restore-database-patch.yml │ │ │ │ ├── restore-database-perform.yml │ │ │ │ └── restore-database.yml │ │ │ ├── backup.yml │ │ │ ├── check-mongo-exists.yml │ │ │ ├── controlled-upgrade.yml │ │ │ ├── determine-storage-classes.yml │ │ │ ├── install-mongo.yml │ │ │ ├── install.yml │ │ │ ├── restore.yml │ │ │ ├── uninstall.yml │ │ │ └── validate-upgrade.yml │ │ │ └── ibm │ │ │ ├── backup.yml │ │ │ ├── create-mongo-service-credentials.yml │ │ │ ├── install.yml │ │ │ ├── restore.yml │ │ │ ├── save-mongo-info.yml │ │ │ └── uninstall.yml │ ├── templates │ │ ├── aws │ │ │ ├── change_password.js.j2 │ │ │ ├── docdb-hosts.yml.j2 │ │ │ ├── docdb_instance_user_credentials_secret.yaml.j2 │ │ │ └── suite_mongocfg.yml.j2 │ │ ├── community │ │ │ ├── 0.7.0 │ │ │ │ ├── cr.yml.j2 │ │ │ │ ├── crd.yml.j2 │ │ │ │ ├── manager.yml.j2 │ │ │ │ └── rbac.yml.j2 │ │ │ ├── 0.7.8 │ │ │ │ ├── cr.yml.j2 │ │ │ │ ├── crd.yml.j2 │ │ │ │ ├── manager.yml.j2 │ │ │ │ └── rbac.yml.j2 │ │ │ ├── 0.7.9 │ │ │ │ ├── cr.yml.j2 │ │ │ │ ├── crd.yml.j2 │ │ │ │ ├── manager.yml.j2 │ │ │ │ └── rbac.yml.j2 │ │ │ ├── 0.8.3 │ │ │ │ ├── cr.yml.j2 │ │ │ │ ├── crd.yml.j2 │ │ │ │ ├── manager.yml.j2 │ │ │ │ └── rbac.yml.j2 │ │ │ ├── 0.9.0 │ │ │ │ ├── cr.yml.j2 │ │ │ │ ├── crd.yml.j2 │ │ │ │ ├── manager.yml.j2 │ │ │ │ └── rbac.yml.j2 │ │ │ ├── admin-password.yml │ │ │ ├── ca-cert.yml │ │ │ ├── dashboards │ │ │ │ ├── json │ │ │ │ │ └── mongodb-overview-grafana.json │ │ │ │ ├── mongodb-overview-v5.yml.j2 │ │ │ │ └── mongodb-overview.yml.j2 │ │ │ ├── issuer.yml │ │ │ ├── metrics-endpoint-secret.yml.j2 │ │ │ ├── mongo-hosts.yml.j2 │ │ │ ├── mongo-query.yml.j2 │ │ │ ├── server-cert-issuer.yml │ │ │ ├── server-cert.yml │ │ │ ├── servicemonitor.yml.j2 │ │ │ ├── suite_mongocfg.yml.j2 │ │ │ └── tls.yml │ │ └── ibm │ │ │ ├── backupid-template.yml.j2 │ │ │ ├── mongo_service_credentials_secret.yml.j2 │ │ │ └── suite_mongocfg.yml.j2 │ └── vars │ │ ├── aws │ │ └── main.yml │ │ └── ibm │ │ └── main.yml │ ├── nvidia_gpu │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ ├── tasks │ │ ├── main.yml │ │ └── nfd_setup.yml │ └── templates │ │ ├── clusterpolicy-customversion.yml.j2 │ │ ├── clusterpolicy-v2.yml.j2 │ │ ├── gpu-operatorgroup.yml.j2 │ │ ├── gpu-subscription.yml.j2 │ │ ├── nfd-instance.yml.j2 │ │ ├── nfd-operatorgroup.yml.j2 │ │ └── nfd-subscription.yml.j2 │ ├── ocp_cluster_monitoring │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ ├── tasks │ │ ├── determine-storage-classes.yml │ │ ├── install.yml │ │ ├── main.yml │ │ └── uninstall.yml │ └── templates │ │ └── cluster-monitoring.yml.j2 │ ├── ocp_config │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ ├── tasks │ │ ├── main.yml │ │ ├── update-ciphers-for-semeru.yml │ │ ├── update-ingress-controller.yml │ │ └── update-operatorhub.yml │ └── templates │ │ ├── ingress.yml.j2 │ │ └── operatorhub.yml.j2 │ ├── ocp_deprovision │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ └── tasks │ │ ├── main.yml │ │ └── providers │ │ ├── fyre.yml │ │ ├── ipi.yml │ │ ├── main.yml │ │ ├── roks.yml │ │ └── rosa.yml │ ├── ocp_efs │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ ├── tasks │ │ ├── efs-setup.yml │ │ └── main.yml │ └── templates │ │ ├── aws-secret.yml.j2 │ │ ├── efs-csi-driver.yml.j2 │ │ ├── efs-csi-storage-class.yml.j2 │ │ ├── efs-csi-subscription.yml.j2 │ │ └── operator-group.yml.j2 │ ├── ocp_github_oauth │ ├── README.md │ ├── meta │ │ └── main.yml │ ├── tasks │ │ ├── groups.yml │ │ └── main.yml │ └── templates │ │ ├── clusterrolebinding.yaml │ │ ├── group.yaml │ │ ├── oauth.yaml │ │ └── secret.yaml │ ├── ocp_idms │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ ├── tasks │ │ ├── main.yml │ │ ├── trust.yml │ │ ├── update-pull-secret-dev.yml │ │ └── update-pull-secret.yml │ └── templates │ │ ├── configmap.yml.j2 │ │ └── idms │ │ ├── mas-ibm-catalog.yml.j2 │ │ ├── mas-redhat-catalogs.yml.j2 │ │ └── mas-redhat-release.yml.j2 │ ├── ocp_login │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ └── tasks │ │ ├── login-aws.yml │ │ ├── login-fyre.yml │ │ ├── login-roks.yml │ │ ├── login-rosa.yml │ │ ├── login.yml │ │ └── main.yml │ ├── ocp_node_config │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ └── tasks │ │ └── main.yml │ ├── ocp_provision │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ ├── tasks │ │ ├── main.yml │ │ └── providers │ │ │ ├── fyre │ │ │ ├── nfs │ │ │ │ ├── configure_nfs.yml │ │ │ │ ├── create_image_registry.yml │ │ │ │ ├── delete_image_registry.yml │ │ │ │ ├── get_private_ip.yml │ │ │ │ └── install_nfs.yml │ │ │ └── provision_fyre.yml │ │ │ ├── ipi │ │ │ └── provision_ipi.yml │ │ │ ├── roks │ │ │ └── provision_roks.yml │ │ │ └── rosa │ │ │ └── provision_rosa.yml │ └── templates │ │ ├── fyre │ │ ├── nfs │ │ │ ├── class.yml.j2 │ │ │ ├── deployment.yml.j2 │ │ │ ├── image_registry_storage.yml.j2 │ │ │ └── rbac.yml.j2 │ │ ├── product_group.json.j2 │ │ └── quick_burn.json.j2 │ │ ├── ipi │ │ └── install-config.yaml.j2 │ │ └── rosa │ │ └── rosa-details.yml.j2 │ ├── ocp_roks_upgrade_registry_storage │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── files │ │ └── configImgRegStorage.sh │ ├── meta │ │ └── main.yml │ └── tasks │ │ └── main.yml │ ├── ocp_simulate_disconnected_network │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── tasks │ │ └── main.yml │ └── templates │ │ ├── mc.yml.j2 │ │ └── mc2.yml.j2 │ ├── ocp_upgrade │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ └── tasks │ │ ├── main.yml │ │ ├── ocp_upgrade.yml │ │ └── wait_workers_upgrade.yml │ ├── ocp_verify │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ └── tasks │ │ └── main.yml │ ├── ocs │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ ├── tasks │ │ ├── install │ │ │ ├── localstorage.yml │ │ │ ├── main.yml │ │ │ └── storage.yml │ │ ├── main.yml │ │ └── upgrade │ │ │ └── main.yml │ └── templates │ │ ├── localstorage │ │ ├── localvolume.yaml │ │ ├── namespace.yaml │ │ ├── operatorgroup.yaml │ │ └── subscription.yaml │ │ └── storage │ │ ├── namespace.yaml │ │ ├── operatorgroup.yaml │ │ ├── storagecluster.yaml │ │ └── subscription.yaml │ ├── odh │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ ├── tasks │ │ ├── authorino-operator.yml │ │ ├── determine-storage-classes.yml │ │ ├── main.yml │ │ ├── odh-operator.yml │ │ ├── pipeline-operator.yml │ │ ├── serverless-operator.yml │ │ └── servicemesh-operator.yml │ ├── templates │ │ ├── aibroker │ │ │ └── namespace.yml.j2 │ │ ├── odh │ │ │ ├── data-science-cluster.yml.j2 │ │ │ ├── default-dsci.yml.j2 │ │ │ ├── dspa-aws.yml.j2 │ │ │ ├── dspa-local-dev.yml.j2 │ │ │ ├── dspa-minio.yml.j2 │ │ │ └── subscription.yml.j2 │ │ ├── serverless │ │ │ └── subscription.yml.j2 │ │ └── servicemesh │ │ │ └── service-account.yml.j2 │ └── vars │ │ └── main.yml │ ├── opentelemetry │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ └── tasks │ │ ├── install.yml │ │ ├── main.yml │ │ └── uninstall.yml │ ├── registry │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ ├── tasks │ │ ├── main.yml │ │ ├── setup │ │ │ ├── determine-storage-classes.yml │ │ │ └── main.yml │ │ └── tear-down │ │ │ └── main.yml │ └── templates │ │ ├── auth-secret.yml.j2 │ │ ├── certs │ │ ├── ca_certificate.yml.j2 │ │ ├── ca_issuer.yml.j2 │ │ ├── certificate.yml.j2 │ │ └── issuer.yml.j2 │ │ ├── deployment.yml.j2 │ │ ├── namespace.yml.j2 │ │ ├── pvc.yml.j2 │ │ ├── service-clusterip.yml.j2 │ │ └── service-loadbalancer.yml.j2 │ ├── sls │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ ├── tasks │ │ ├── gencfg │ │ │ └── main.yml │ │ ├── install │ │ │ ├── main.yml │ │ │ └── sls-verify.yml │ │ ├── main.yml │ │ └── uninstall │ │ │ └── main.yml │ └── templates │ │ ├── licenseservice.yml.j2 │ │ ├── mongo-certificates.yml.j2 │ │ ├── mongo-secret.yml.j2 │ │ └── slscfg.yml.j2 │ ├── smtp │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ ├── tasks │ │ ├── main.yml │ │ └── providers │ │ │ └── sendgrid.yml │ └── templates │ │ └── sendgrid │ │ └── smtpcfg.yml.j2 │ ├── suite_app_backup_restore │ ├── README.md │ ├── defaults │ │ └── main.yml │ └── tasks │ │ ├── backup-namespace.yml │ │ ├── backup-pv.yml │ │ ├── get-app-info.yml │ │ ├── health │ │ ├── backup-vars.yml │ │ ├── backup-wsl.yml │ │ ├── get-app-info.yml │ │ ├── get-wsl-info.yml │ │ ├── restore-vars.yml │ │ └── restore-wsl.yml │ │ ├── iot │ │ ├── backup-vars.yml │ │ ├── restore-namespace.yml │ │ └── restore-vars.yml │ │ ├── main.yml │ │ ├── manage │ │ ├── backup-vars.yml │ │ ├── pv-info.yml │ │ ├── restore-namespace.yml │ │ └── restore-vars.yml │ │ ├── monitor │ │ ├── backup-vars.yml │ │ ├── restore-namespace.yml │ │ └── restore-vars.yml │ │ ├── optimizer │ │ ├── backup-vars.yml │ │ └── restore-vars.yml │ │ ├── restore-namespace.yml │ │ ├── restore-pv.yml │ │ └── visualinspection │ │ ├── backup-vars.yml │ │ ├── pv-info.yml │ │ └── restore-vars.yml │ ├── suite_app_config │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── files │ │ └── manage │ │ │ ├── manage-additional-server-config-no-activation.xml.j2 │ │ │ ├── manage-additional-server-config.xml.j2 │ │ │ └── manage-jms-additional-server-config.xml.j2 │ ├── meta │ │ └── main.yml │ ├── tasks │ │ ├── determine-storage-classes-facilities.yml │ │ ├── determine-storage-classes.yml │ │ ├── determine-watson-studio-id.yml │ │ ├── main.yml │ │ └── manage │ │ │ ├── post-config │ │ │ └── main.yml │ │ │ └── pre-config │ │ │ ├── main.yml │ │ │ ├── setup-custom-archive.yml │ │ │ ├── setup-encryption-secret.yml │ │ │ ├── setup-jms.yml │ │ │ └── setup-pod-templates.yml │ ├── templates │ │ ├── manage │ │ │ ├── custom-archive-credentials.yml.j2 │ │ │ ├── encryption-secrets-blank.yml.j2 │ │ │ ├── encryption-secrets.yml.j2 │ │ │ ├── jms-manage-additional-server-config-secrets.yml.j2 │ │ │ └── snojms-manage-additional-server-config-secrets.yml.j2 │ │ └── workspace.yml.j2 │ └── vars │ │ ├── assist.yml │ │ ├── customspecs │ │ └── manage_components.yml.j2 │ │ ├── defaultspecs │ │ ├── assist.yml │ │ ├── facilities.yml.j2 │ │ ├── health.yml │ │ ├── hputilities.yml │ │ ├── iot.yml │ │ ├── manage.yml │ │ ├── monitor.yml │ │ ├── mso.yml │ │ ├── optimizer.yml │ │ ├── predict.yml │ │ ├── safety.yml │ │ └── visualinspection.yml │ │ ├── facilities.yml │ │ ├── health.yml │ │ ├── hputilities.yml │ │ ├── iot.yml │ │ ├── manage.yml │ │ ├── monitor.yml │ │ ├── mso.yml │ │ ├── optimizer.yml │ │ ├── predict.yml │ │ ├── safety.yml │ │ └── visualinspection.yml │ ├── suite_app_install │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ ├── tasks │ │ ├── iot.yml │ │ ├── main.yml │ │ ├── manage.yml │ │ └── visualinspection.yml │ ├── templates │ │ ├── application.yml.j2 │ │ ├── customscc.yml.j2 │ │ └── customsccinit.yml.j2 │ └── vars │ │ ├── aibroker.yml │ │ ├── assist.yml │ │ ├── customspecs │ │ ├── iot_components.yml.j2 │ │ └── visualinspection.yml.j2 │ │ ├── defaultspecs │ │ ├── aibroker.yml │ │ ├── assist.yml │ │ ├── facilities.yml │ │ ├── health.yml │ │ ├── hputilities.yml │ │ ├── iot.yml │ │ ├── manage.yml │ │ ├── monitor.yml │ │ ├── mso.yml │ │ ├── optimizer.yml │ │ ├── predict.yml │ │ ├── safety.yml │ │ └── visualinspection.yml │ │ ├── facilities.yml │ │ ├── health.yml │ │ ├── hputilities.yml │ │ ├── iot.yml │ │ ├── manage.yml │ │ ├── monitor.yml │ │ ├── mso.yml │ │ ├── optimizer.yml │ │ ├── predict.yml │ │ ├── safety.yml │ │ └── visualinspection.yml │ ├── suite_app_rollback │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ └── tasks │ │ ├── main.yml │ │ ├── rollback_mas_iot.yml │ │ └── rollback_mas_manage.yml │ ├── suite_app_uninstall │ ├── README.md │ ├── app_specific │ │ └── tasks │ │ │ ├── post │ │ │ └── placeholder.yml │ │ │ └── pre │ │ │ └── placeholder.yml │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ └── tasks │ │ └── main.yml │ ├── suite_app_upgrade │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ └── tasks │ │ ├── check_app_compatibility.yml │ │ ├── check_core_compatibility.yml │ │ ├── main.yml │ │ └── upgrade.yml │ ├── suite_app_verify │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ └── tasks │ │ └── main.yml │ ├── suite_backup_restore │ ├── README.md │ ├── defaults │ │ └── main.yml │ └── tasks │ │ ├── backup-namespace.yml │ │ ├── backup-vars.yml │ │ ├── get-suite-info.yml │ │ ├── main.yml │ │ ├── restore-namespace.yml │ │ └── restore-vars.yml │ ├── suite_certs │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ ├── tasks │ │ ├── cert_management.yml │ │ ├── cis.yml │ │ ├── main.yml │ │ └── run.yml │ └── templates │ │ ├── dnsentries.yml.j2 │ │ ├── public-cert-ca.yml.j2 │ │ ├── public-cert-secret.yml.j2 │ │ ├── public-cert-tls.yml.j2 │ │ └── public-tls-key.yml.j2 │ ├── suite_config │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ └── tasks │ │ └── main.yml │ ├── suite_db2_setup_for_facilities │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ ├── tasks │ │ ├── apply-db2-config-settings.yml │ │ ├── apply-db2-config-version.yml │ │ ├── apply-db2-dbconfig.yml │ │ ├── db2 │ │ │ └── preparedb.yml │ │ └── main.yml │ ├── templates │ │ ├── db2 │ │ │ └── scripts │ │ │ │ ├── create-schema.sql.j2 │ │ │ │ ├── create-tablespaces.sql.j2 │ │ │ │ └── db2configdb.sh.j2 │ │ └── db2_enforce_config.yaml.j2 │ └── vars │ │ └── main.yml │ ├── suite_db2_setup_for_manage │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ ├── tasks │ │ ├── apply-db2-config-settings.yml │ │ ├── apply-db2-config-version.yml │ │ ├── db2_dbconfig.yml │ │ └── main.yml │ ├── templates │ │ ├── db2_enforce_config.yaml.j2 │ │ └── setupdb.sh.j2 │ └── vars │ │ └── main.yml │ ├── suite_dns │ ├── README.md │ ├── defaults │ │ └── main.yaml │ ├── meta │ │ └── main.yml │ ├── tasks │ │ ├── cp4d.yml │ │ ├── main.yml │ │ ├── providers │ │ │ ├── cis │ │ │ │ ├── cis_dns_mgmt.yml │ │ │ │ ├── cis_domain_setting.yml │ │ │ │ ├── cis_edge_certificate.yml │ │ │ │ ├── cis_suitedns_basic.yml │ │ │ │ ├── cis_suitedns_enhanced.yml │ │ │ │ ├── cis_waf_rule.yml │ │ │ │ ├── cis_webhook.yml │ │ │ │ └── main.yml │ │ │ ├── cloudflare │ │ │ │ └── main.yml │ │ │ └── route53 │ │ │ │ ├── create-cnames.yml │ │ │ │ └── main.yml │ │ └── run.yml │ ├── templates │ │ ├── cis │ │ │ ├── clusterissuer-prod.yml.j2 │ │ │ ├── clusterissuer-staging.yml.j2 │ │ │ └── webhook │ │ │ │ ├── apiservice.yml.j2 │ │ │ │ ├── cis-apikey-secret.yml.j2 │ │ │ │ ├── cis-proxy-route.yml.j2 │ │ │ │ ├── deployment.yml.j2 │ │ │ │ ├── pki.yml.j2 │ │ │ │ ├── rbac.yml.j2 │ │ │ │ └── service.yml.j2 │ │ ├── cloudflare │ │ │ ├── clusterissuer-prod.yml.j2 │ │ │ ├── clusterissuer-staging.yml.j2 │ │ │ ├── secret.yml.j2 │ │ │ └── test-certificate.yml.j2 │ │ ├── cp4d │ │ │ ├── cp4d-certificate.yml.j2 │ │ │ └── cp4d-route.yml.j2 │ │ ├── dnsentries.yml.j2 │ │ ├── edge_certificate_routes.yml.j2 │ │ ├── route53 │ │ │ ├── clusterissuer.yml.j2 │ │ │ └── create-cnames.json.j2 │ │ └── routes_edge_certificates.txt.j2 │ └── vars │ │ └── waf_rules_to_disable.yml │ ├── suite_install │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ ├── tasks │ │ └── main.yml │ └── templates │ │ ├── consolelink.yml.j2 │ │ ├── core_v1_suite.yml.j2 │ │ ├── secret-filebeat-output.yml.j2 │ │ └── secret-superuser.yml.j2 │ ├── suite_manage_attachments_config │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ ├── tasks │ │ ├── common │ │ │ ├── aws-setup-bucket-permissions.yml │ │ │ ├── configure-bucket.yml │ │ │ ├── restart-manage-server.yml │ │ │ ├── retrieve-cos-certs.yml │ │ │ └── wait-bundle-pods.yml │ │ ├── configure-bundles.yml │ │ ├── configure-database.yml │ │ ├── configure.yml │ │ └── main.yml │ └── templates │ │ ├── configmap.yml.j2 │ │ └── db │ │ ├── cos.sh.j2 │ │ └── filestorage.sh.j2 │ ├── suite_manage_bim_config │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ ├── tasks │ │ └── main.yml │ └── templates │ │ └── updatebimconfig.sh.j2 │ ├── suite_manage_birt_report_config │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ └── tasks │ │ ├── main.yml │ │ └── setup-manage-birt-report.yml │ ├── suite_manage_customer_files_config │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ └── tasks │ │ ├── main.yml │ │ ├── providers │ │ └── aws │ │ │ └── setup_bucket_permissions.yml │ │ ├── retrieve-cos-certs.yml │ │ ├── setup-manage-custfiles.yml │ │ └── wait_bundle_pods.yml │ ├── suite_manage_imagestitching_config │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ ├── tasks │ │ ├── configure-stitching.yml │ │ ├── main.yml │ │ ├── manage-set-system-property.yml │ │ └── set-imagestitching-properties.yml │ └── templates │ │ └── imagestitching-pvc.yml.j2 │ ├── suite_manage_import_certs_config │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── files │ │ └── manage-certs-sample.yml │ ├── meta │ │ └── main.yml │ ├── tasks │ │ ├── main.yml │ │ ├── manage-certs-from-file.yml │ │ └── manage-certs-from-variable.yml │ └── templates │ │ └── imported-certs.yml.j2 │ ├── suite_manage_load_dbc_scripts │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ └── tasks │ │ └── main.yaml │ ├── suite_manage_logging_config │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── files │ │ └── db2.sql │ ├── meta │ │ └── main.yml │ ├── tasks │ │ ├── main.yml │ │ ├── providers │ │ │ └── aws │ │ │ │ └── setup_bucket_permissions.yml │ │ ├── retrieve-cos-certs.yml │ │ └── setup-manage-logging.yml │ └── templates │ │ └── logging-bucket-creds.yml.j2 │ ├── suite_manage_pvc_config │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── files │ │ └── manage-persistent-volumes-sample.yml │ ├── meta │ │ └── main.yml │ ├── tasks │ │ ├── configure-manage-pvcs.yml │ │ ├── determine-storage-classes.yml │ │ └── main.yml │ └── vars │ │ └── manage-persistent-volumes.yml.j2 │ ├── suite_rollback │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ └── tasks │ │ ├── main.yml │ │ └── rollback_mas_core.yml │ ├── suite_uninstall │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ ├── tasks │ │ └── main.yml │ └── templates │ │ └── wipe-mongo-data.sh.j2 │ ├── suite_upgrade │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ └── tasks │ │ ├── check_app_compatibility.yml │ │ ├── check_core_compatibility.yml │ │ ├── main.yml │ │ └── upgrade.yml │ ├── suite_verify │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ └── tasks │ │ └── main.yml │ ├── turbonomic │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ ├── tasks │ │ └── main.yml │ └── templates │ │ ├── kubeturbo-cr.yml.j2 │ │ ├── kubeturbo-operator-group.yml.j2 │ │ ├── kubeturbo-subscription.yml.j2 │ │ └── turbonomic-secret.yml.j2 │ └── uds │ ├── README.md │ ├── defaults │ └── main.yml │ ├── meta │ └── main.yml │ ├── tasks │ ├── gencfg │ │ └── main.yml │ ├── install-suds │ │ └── main.yml │ ├── install │ │ ├── determine-storage-classes.yml │ │ ├── main.yml │ │ └── udscfg.yml │ ├── main.yml │ ├── uninstall-suds │ │ └── main.yml │ └── uninstall │ │ └── main.yml │ └── templates │ ├── bas-certs.yml.j2 │ ├── bascfg-suds.yml.j2 │ ├── bascfg.yml.j2 │ ├── crunchy-postgres │ └── subscription.yml │ └── foundation-services │ ├── analyticsproxy.yaml │ ├── generateKey.yaml │ └── ibm-user-data-services.yml ├── mkdocs.yml ├── prettierrc.yaml └── yamllint.yaml /.github/CODEOWNERS: -------------------------------------------------------------------------------- 1 | * @durera @andrercm @sanjayprab @terenceq @whitfiea @alequint @leo-miran 2 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/config.yml: -------------------------------------------------------------------------------- 1 | blank_issues_enabled: true 2 | contact_links: 3 | - name: Maximo Application Suite Product Support 4 | url: https://www.ibm.com/mysupport/s/createrecord/NewCase 5 | about: GitHub issues should only be raised for support related to this Ansible collection, for product support please open a case in the IBM support portal 6 | - name: Maximo Application Suite Product Documentation 7 | url: https://www.ibm.com/docs/en/mas-cd/continuous-delivery 8 | about: If you have questions about Maximo Application suite, you may find the answers in here 9 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | 2 | *.DS_Store* 3 | .env 4 | .venv 5 | .vscode 6 | site 7 | context 8 | target 9 | ibm/mas_devops/dev-*.yml 10 | ibm/mas_devops/playbooks/dev-*.yml 11 | ibm/mas_devops/playbooks/cpd-cli-workspace/* 12 | ibm/mas_devops/edge-routes-*.txt 13 | ibm/mas_devops/service-key_*.json 14 | ibm-mas_devops-*.tar.gz 15 | ibm-mas_devops.tar.gz 16 | ibm/mas_devops/runAnsibl*.sh 17 | build/bin/downloads/*.tgz 18 | .pyenv 19 | cpd-cli-workspace/* 20 | /tmp 21 | /node_modules 22 | package-lock.json 23 | package.json 24 | -------------------------------------------------------------------------------- /build/ee/bindep.txt: -------------------------------------------------------------------------------- 1 | nano 2 | jq 3 | wget 4 | skopeo 5 | hostname 6 | httpd-tools -------------------------------------------------------------------------------- /build/ee/install/install-aws.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Install AWS CLI 4 | set -e 5 | 6 | curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" 7 | unzip -q awscliv2.zip 8 | ./aws/install 9 | 10 | rm -rf aws 11 | rm awscliv2.zip 12 | 13 | aws --version 14 | -------------------------------------------------------------------------------- /build/ee/install/install-ibmpak.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Install IBM Pak oc addon 4 | set -e 5 | 6 | curl -L https://github.com/IBM/ibm-pak-plugin/releases/download/v1.3.1/oc-ibm_pak-linux-amd64.tar.gz -o oc-ibm_pak-linux-amd64.tar.gz 7 | tar --no-same-owner -xf oc-ibm_pak-linux-amd64.tar.gz 8 | mv oc-ibm_pak-linux-amd64 /usr/local/bin/oc-ibm_pak 9 | rm oc-ibm_pak-linux-amd64.tar.gz 10 | 11 | oc ibm-pak --version 12 | rm -rf /home/runner/.ibm-pak 13 | -------------------------------------------------------------------------------- /build/ee/install/install-rclone.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Install Rclone CLI 4 | set -e 5 | 6 | curl -O https://downloads.rclone.org/rclone-current-linux-amd64.zip 7 | unzip rclone-current-linux-amd64.zip 8 | 9 | cp ./rclone-*-linux-amd64/rclone /usr/local/bin/ 10 | 11 | rclone version 12 | 13 | rm -rf rclone-* 14 | -------------------------------------------------------------------------------- /build/ee/install/install-rosa.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Install ROSA Cli 3 | set -e 4 | 5 | wget -q https://mirror.openshift.com/pub/openshift-v4/clients/rosa/latest/rosa-linux.tar.gz 6 | tar --no-same-owner -xzf rosa-linux.tar.gz 7 | mv rosa /usr/local/bin/ 8 | chmod +x /usr/local/bin/rosa 9 | rosa version 10 | rm -rf rosa-linux.tar.gz -------------------------------------------------------------------------------- /build/ee/install/install-yq.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Install yq CLI 4 | set -e 5 | 6 | curl -L "https://github.com/mikefarah/yq/releases/download/v4.35.1/yq_linux_amd64" > /usr/bin/yq 7 | chmod 755 /usr/bin/yq 8 | 9 | yq --version || exit 1 10 | -------------------------------------------------------------------------------- /build/ee/requirements.yml: -------------------------------------------------------------------------------- 1 | --- 2 | collections: 3 | - name: ibm.mas_devops 4 | version: "100.0.0" 5 | -------------------------------------------------------------------------------- /docs/images/Project.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ibm-mas/ansible-devops/bf7b5b353ec9d1c777cc16146497079ccdcef356/docs/images/Project.png -------------------------------------------------------------------------------- /docs/images/credentials-2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ibm-mas/ansible-devops/bf7b5b353ec9d1c777cc16146497079ccdcef356/docs/images/credentials-2.png -------------------------------------------------------------------------------- /docs/images/credentials.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ibm-mas/ansible-devops/bf7b5b353ec9d1c777cc16146497079ccdcef356/docs/images/credentials.png -------------------------------------------------------------------------------- /docs/images/execution-env.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ibm-mas/ansible-devops/bf7b5b353ec9d1c777cc16146497079ccdcef356/docs/images/execution-env.png -------------------------------------------------------------------------------- /docs/images/files.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ibm-mas/ansible-devops/bf7b5b353ec9d1c777cc16146497079ccdcef356/docs/images/files.png -------------------------------------------------------------------------------- /docs/images/inventory-2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ibm-mas/ansible-devops/bf7b5b353ec9d1c777cc16146497079ccdcef356/docs/images/inventory-2.png -------------------------------------------------------------------------------- /docs/images/inventory.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ibm-mas/ansible-devops/bf7b5b353ec9d1c777cc16146497079ccdcef356/docs/images/inventory.png -------------------------------------------------------------------------------- /docs/images/job-1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ibm-mas/ansible-devops/bf7b5b353ec9d1c777cc16146497079ccdcef356/docs/images/job-1.png -------------------------------------------------------------------------------- /docs/images/job-2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ibm-mas/ansible-devops/bf7b5b353ec9d1c777cc16146497079ccdcef356/docs/images/job-2.png -------------------------------------------------------------------------------- /docs/images/job-3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ibm-mas/ansible-devops/bf7b5b353ec9d1c777cc16146497079ccdcef356/docs/images/job-3.png -------------------------------------------------------------------------------- /docs/images/logs-1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ibm-mas/ansible-devops/bf7b5b353ec9d1c777cc16146497079ccdcef356/docs/images/logs-1.png -------------------------------------------------------------------------------- /docs/images/logs-2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ibm-mas/ansible-devops/bf7b5b353ec9d1c777cc16146497079ccdcef356/docs/images/logs-2.png -------------------------------------------------------------------------------- /docs/images/organization.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ibm-mas/ansible-devops/bf7b5b353ec9d1c777cc16146497079ccdcef356/docs/images/organization.png -------------------------------------------------------------------------------- /docs/images/relaunch.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ibm-mas/ansible-devops/bf7b5b353ec9d1c777cc16146497079ccdcef356/docs/images/relaunch.png -------------------------------------------------------------------------------- /docs/images/survey-2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ibm-mas/ansible-devops/bf7b5b353ec9d1c777cc16146497079ccdcef356/docs/images/survey-2.png -------------------------------------------------------------------------------- /docs/images/survey-3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ibm-mas/ansible-devops/bf7b5b353ec9d1c777cc16146497079ccdcef356/docs/images/survey-3.png -------------------------------------------------------------------------------- /docs/images/survey.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ibm-mas/ansible-devops/bf7b5b353ec9d1c777cc16146497079ccdcef356/docs/images/survey.png -------------------------------------------------------------------------------- /docs/images/sync.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ibm-mas/ansible-devops/bf7b5b353ec9d1c777cc16146497079ccdcef356/docs/images/sync.png -------------------------------------------------------------------------------- /docs/images/template-1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ibm-mas/ansible-devops/bf7b5b353ec9d1c777cc16146497079ccdcef356/docs/images/template-1.png -------------------------------------------------------------------------------- /ibm/mas_devops/.ansible-lint: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | skip_list: 4 | # See: https://github.com/ansible-community/ansible-lint/issues/457 5 | - '602' 6 | -------------------------------------------------------------------------------- /ibm/mas_devops/README.md: -------------------------------------------------------------------------------- 1 | # Ansible DevOps Collection for IBM Maximo Application Suite 2 | 3 | ## Documentation 4 | [https://ibm-mas.github.io/ansible-devops/](https://ibm-mas.github.io/ansible-devops/) 5 | 6 | ## Releases 7 | [https://github.com/ibm-mas/ansible-devops/releases](https://github.com/ibm-mas/ansible-devops/releases) 8 | -------------------------------------------------------------------------------- /ibm/mas_devops/common_tasks/detect_sno.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # 1. Verify if the cluster is single node 3 | 4 | - name: "detect-sno : Get the number of nodes" 5 | shell: oc get nodes --no-headers | wc -l 6 | register: nodes_count 7 | 8 | - debug: 9 | var: nodes_count 10 | 11 | - name: "detect-sno : Set sno_mode Environment variable" 12 | set_fact: 13 | sno_mode: true 14 | when: nodes_count is defined and nodes_count.stdout|int == 1 15 | 16 | - name: "detect-sno : Debug sno detection" 17 | debug: 18 | msg: "Sno environment .................... {{ sno_mode }}" 19 | -------------------------------------------------------------------------------- /ibm/mas_devops/meta/runtime.yml: -------------------------------------------------------------------------------- 1 | --- 2 | requires_ansible: ">=2.10.3" 3 | 4 | action_groups: 5 | k8s: 6 | - apply_subscription 7 | - get_default_storage_classes 8 | - update_ibm_entitlement 9 | - verify_app_version 10 | - verify_catalogsources 11 | - verify_core_version 12 | - verify_subscriptions 13 | - verify_workloads 14 | -------------------------------------------------------------------------------- /ibm/mas_devops/playbooks/mirror_openshift.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: localhost 3 | any_errors_fatal: true 4 | 5 | pre_tasks: 6 | - name: Check for required environment variables 7 | assert: 8 | that: 9 | - lookup('env', 'MIRROR_MODE') != "" 10 | fail_msg: "One or more required environment variables are not defined" 11 | 12 | roles: 13 | - ibm.mas_devops.mirror_ocp 14 | -------------------------------------------------------------------------------- /ibm/mas_devops/playbooks/ocp_roks_deprovision.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: localhost 3 | vars: 4 | cluster_type: roks 5 | 6 | pre_tasks: 7 | # For the full set of supported environment variables refer to the playbook documentation 8 | - name: Check for required environment variables 9 | assert: 10 | that: 11 | - lookup('env', 'IBMCLOUD_APIKEY') != "" 12 | - lookup('env', 'CLUSTER_NAME') != "" 13 | fail_msg: "One or more required environment variables are not defined" 14 | 15 | roles: 16 | - ibm.mas_devops.ocp_deprovision 17 | -------------------------------------------------------------------------------- /ibm/mas_devops/playbooks/ocp_rosa_deprovision.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: localhost 3 | vars: 4 | cluster_type: rosa 5 | 6 | pre_tasks: 7 | # For the full set of supported environment variables refer to the playbook documentation 8 | - name: Check for required environment variables 9 | assert: 10 | that: 11 | - lookup('env', 'ROSA_TOKEN') != "" 12 | - lookup('env', 'CLUSTER_NAME') != "" 13 | fail_msg: "One or more required environment variables are not defined" 14 | 15 | roles: 16 | - ibm.mas_devops.ocp_deprovision 17 | -------------------------------------------------------------------------------- /ibm/mas_devops/playbooks/oneclick_update.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: localhost 3 | any_errors_fatal: true 4 | pre_tasks: 5 | - name: Check for required environment variables 6 | assert: 7 | that: lookup('env', 'MAS_CATALOG_VERSION') != "" 8 | fail_msg: "You must provide the catalog version to update to (e.g. '@@MAS_PREVIOUS_CATALOG@@', '@@MAS_LATEST_CATALOG@@')" 9 | 10 | roles: 11 | - ibm.mas_devops.ibm_catalogs 12 | -------------------------------------------------------------------------------- /ibm/mas_devops/plugins/modules/__pycache__/cis_dns_entries.cpython-37.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ibm-mas/ansible-devops/bf7b5b353ec9d1c777cc16146497079ccdcef356/ibm/mas_devops/plugins/modules/__pycache__/cis_dns_entries.cpython-37.pyc -------------------------------------------------------------------------------- /ibm/mas_devops/requirements.txt: -------------------------------------------------------------------------------- 1 | mas-devops >= 3.8.0, < 4 2 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/aibroker/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: Karol Czarnecki (@karol-czarnecki) 3 | description: Deploy IBM AiBroker 4 | company: IBM 5 | 6 | license: EPL-2.0 7 | 8 | min_ansible_version: 2.10 9 | 10 | platforms: 11 | - name: GenericLinux 12 | versions: 13 | - all 14 | 15 | galaxy_tags: 16 | - ibm 17 | - mas 18 | - devops 19 | 20 | dependencies: 21 | - role: ibm.mas_devops.ansible_version_check 22 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/aibroker/tasks/apikey/install/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "Check if API key secret exists in namespace: {{ aibroker_namespace }}" 3 | kubernetes.core.k8s_info: 4 | api_version: v1 5 | kind: Secret 6 | name: "{{ tenantNamespace }}----apikey-secret" 7 | namespace: "{{ aibroker_namespace }}" 8 | register: apikey_secret_info 9 | 10 | - name: Create API Key 11 | script: "{{ role_path }}/files/create_apikey.sh {{ tenantNamespace }} {{ aibroker_namespace }}" 12 | when: 13 | - apikey_secret_info.resources | length == 0 14 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/aibroker/tasks/apikey/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "API Key: Debug properties" 3 | debug: 4 | msg: 5 | - "Api Key action ........................ {{ mas_aibroker_apikey_action }}" 6 | 7 | # 1. Perform the selected action 8 | # ----------------------------------------------------------------------------- 9 | # Two actions are supported: 10 | # - install 11 | # - remove 12 | # - update 13 | - include_tasks: "apikey/{{ mas_aibroker_apikey_action }}/main.yml" 14 | when: 15 | - mas_aibroker_apikey_action != "none" 16 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/aibroker/tasks/apikey/remove/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Delete API key secret 3 | command: oc delete secret "{{ tenantNamespace }}----apikey-secret" -n {{ aibroker_namespace }} 4 | register: delete_result 5 | ignore_errors: yes 6 | failed_when: delete_result.rc != 0 and "NotFound" not in delete_result.stderr 7 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/aibroker/tasks/mariadb/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "Create secret for mariadb credentials" 3 | kubernetes.core.k8s: 4 | apply: yes 5 | template: "templates/mariadb/mariadb-credentials.yml.j2" 6 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/aibroker/tasks/minio/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "Create secret for minio credentials" 3 | kubernetes.core.k8s: 4 | apply: yes 5 | template: "templates/minio/minio-credentials.yml.j2" 6 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/aibroker/tasks/tenant/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "Tenant: Debug properties" 3 | debug: 4 | msg: 5 | - "Tenant action ........................ {{ tenant_action }}" 6 | 7 | # 1. Perform the selected action 8 | # ----------------------------------------------------------------------------- 9 | # Two actions are supported: 10 | # - install 11 | 12 | - include_tasks: "tenant/{{ tenant_action }}/main.yml" 13 | when: 14 | - tenant_action != "none" 15 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/aibroker/tasks/watsonx/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "Watsonx: Debug properties" 3 | debug: 4 | msg: 5 | - "Watsonx action ........................ {{ mas_aibroker_watsonx_action }}" 6 | 7 | # 1. Perform the selected action 8 | # ----------------------------------------------------------------------------- 9 | # Two actions are supported: 10 | # - install 11 | # - remove 12 | - include_tasks: "watsonx/{{ mas_aibroker_watsonx_action }}/main.yml" 13 | when: 14 | - mas_aibroker_watsonx_action != "none" 15 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/aibroker/tasks/watsonx/remove/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Delete WatsonX.AI secret 3 | command: oc delete secret "{{ tenantNamespace }}----wx-secret" -n {{ aibroker_namespace }} 4 | register: delete_result 5 | ignore_errors: yes 6 | failed_when: delete_result.rc != 0 and "NotFound" not in delete_result.stderr 7 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/aibroker/templates/aibroker/operator-group.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: operators.coreos.com/v1 3 | kind: OperatorGroup 4 | metadata: 5 | name: mas-{{ mas_instance_id }}-aibroker 6 | namespace: "{{ aibroker_namespace }}" 7 | spec: 8 | targetNamespaces: 9 | - "{{ aibroker_namespace }}" 10 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/aibroker/templates/aibroker/subscription.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: operators.coreos.com/v1alpha1 3 | kind: Subscription 4 | metadata: 5 | name: ibm-mas-aibroker 6 | namespace: "{{ aibroker_namespace }}" 7 | spec: 8 | channel: "{{ mas_app_channel }}" 9 | installPlanApproval: Automatic 10 | name: ibm-mas-aibroker 11 | source: "{{ mas_catalog_source }}" 12 | sourceNamespace: openshift-marketplace 13 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/aibroker/templates/dro/dro-ca-cert.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | kind: Secret 3 | apiVersion: v1 4 | metadata: 5 | name: {{ mas_aibroker_dro_cacert_secret }} 6 | namespace: mas-{{ mas_instance_id }}-aibroker 7 | data: 8 | ca.crt: "{{ drocfg.ca | b64encode }}" 9 | type: Opaque -------------------------------------------------------------------------------- /ibm/mas_devops/roles/aibroker/templates/dro/dro-token.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | kind: Secret 3 | apiVersion: v1 4 | metadata: 5 | name: {{ mas_aibroker_dro_token_secret }} 6 | namespace: mas-{{ mas_instance_id }}-aibroker 7 | data: 8 | DRO_TOKEN: "{{ drocfg.registration_key | b64encode }}" 9 | type: Opaque -------------------------------------------------------------------------------- /ibm/mas_devops/roles/aibroker/templates/jdbc/jdbc-admin-credentials.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | kind: Secret 3 | apiVersion: v1 4 | metadata: 5 | name: "{{ mas_aibroker_jdbc_secret }}" 6 | namespace: mas-{{ mas_instance_id }}-aibroker 7 | data: 8 | username: "{{ jdbccfg.username }}" 9 | password: "{{ jdbccfg.password }}" 10 | url: "{{ jdbccfg.url }}" 11 | sslenabled: "{{ jdbccfg.sslenabled }}" 12 | certificate: "{{ jdbccfg.ca }}" 13 | type: Opaque -------------------------------------------------------------------------------- /ibm/mas_devops/roles/aibroker/templates/mariadb/mariadb-credentials.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | kind: Secret 3 | apiVersion: v1 4 | metadata: 5 | name: "{{ mas_aibroker_mariadb_secret }}" 6 | namespace: mas-{{ mas_instance_id }}-aibroker 7 | data: 8 | username: "{{ mas_aibroker_db_user | b64encode }}" 9 | password: "{{ mas_aibroker_db_secret_value | b64encode }}" 10 | type: Opaque -------------------------------------------------------------------------------- /ibm/mas_devops/roles/aibroker/templates/minio/minio-credentials.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | kind: Secret 3 | apiVersion: v1 4 | metadata: 5 | name: "{{ mas_aibroker_minio_secret }}" 6 | namespace: mas-{{ mas_instance_id }}-aibroker 7 | data: 8 | username: "{{ mas_aibroker_storage_accesskey | b64encode }}" 9 | password: "{{ mas_aibroker_storage_secretkey | b64encode }}" 10 | type: Opaque -------------------------------------------------------------------------------- /ibm/mas_devops/roles/aibroker/templates/sls/sls-tenant-details.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | kind: Secret 3 | apiVersion: v1 4 | metadata: 5 | name: {{ mas_aibroker_sls_registration_key_secret }} 6 | namespace: mas-{{ mas_instance_id }}-aibroker 7 | data: 8 | SLS_REGISTRATION_KEY: "{{ slscfg.registration_key | b64encode }}" 9 | type: Opaque 10 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/aibroker/templates/tenant/connector-configmap.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: connector-config 6 | namespace: mas-{{ mas_instance_id }}-aibroker 7 | data: {} 8 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/aibroker/templates/tenant/km-s3-sa.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: km-s3-sa 6 | namespace: "{{ tenantNamespace }}" 7 | secrets: 8 | - name: km-s3-secret 9 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/aibroker/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/aibroker_tenant/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: Karol Czarnecki (@karol-czarnecki) 3 | description: Deploy IBM AiBroker 4 | company: IBM 5 | 6 | license: EPL-2.0 7 | 8 | min_ansible_version: 2.10 9 | 10 | platforms: 11 | - name: GenericLinux 12 | versions: 13 | - all 14 | 15 | galaxy_tags: 16 | - ibm 17 | - mas 18 | - devops 19 | - rhocp 20 | 21 | dependencies: 22 | - role: ibm.mas_devops.ansible_version_check 23 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/aibroker_tenant/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - include_tasks: tasks/namespace/main.yml 3 | 4 | # Create config for SLS 5 | - include_tasks: tasks/config_sls/main.yml 6 | 7 | # Create config for RSL 8 | - include_tasks: tasks/config_rsl/main.yml 9 | 10 | # Create config for DRO 11 | - include_tasks: tasks/config_dro/main.yml 12 | 13 | # create s3 secret 14 | - include_tasks: tasks/s3/main.yml 15 | 16 | # create wx secret 17 | - include_tasks: tasks/watsonx/main.yml 18 | 19 | # create AI Broker tenant 20 | - include_tasks: tasks/tenant/main.yml 21 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/aibroker_tenant/tasks/namespace/install/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "Check if namespace exists: {{ tenantNamespace }}" 3 | kubernetes.core.k8s_info: 4 | api_version: v1 5 | kind: Namespace 6 | name: "{{ tenantNamespace }}" 7 | register: namespace_info 8 | 9 | - name: "Create namespace: {{ tenantNamespace }}" 10 | kubernetes.core.k8s: 11 | name: "{{ tenantNamespace }}" 12 | api_version: v1 13 | kind: Namespace 14 | when: 15 | - namespace_info.resources | length == 0 16 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/aibroker_tenant/tasks/namespace/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Namespace task config 3 | debug: 4 | msg: 5 | - "Namespace action ........................ {{ mas_aibroker_tenant_namespace_action }}" 6 | 7 | - include_tasks: "namespace/{{ mas_aibroker_tenant_namespace_action }}/main.yml" 8 | when: 9 | - mas_aibroker_tenant_namespace_action != "none" 10 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/aibroker_tenant/tasks/namespace/remove/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "Delete namespace: {{ tenantNamespace }}" 3 | kubernetes.core.k8s: 4 | name: "{{ tenantNamespace }}" 5 | api_version: v1 6 | kind: Namespace 7 | state: absent 8 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/aibroker_tenant/tasks/s3/install/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "Create S3 secret" 3 | kubernetes.core.k8s: 4 | state: present 5 | namespace: "{{ aibroker_namespace }}" 6 | template: templates/s3/secret.yml.j2 7 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/aibroker_tenant/tasks/s3/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "S3: Debug properties" 3 | debug: 4 | msg: 5 | - "S3 action ........................ {{ mas_aibroker_s3_action }}" 6 | 7 | # 1. Perform the selected action 8 | # ----------------------------------------------------------------------------- 9 | # Two actions are supported: 10 | # - install 11 | # - remove 12 | - include_tasks: "s3/{{ mas_aibroker_s3_action }}/main.yml" 13 | when: 14 | - mas_aibroker_s3_action != "none" 15 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/aibroker_tenant/tasks/tenant/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "Tenant: Debug properties" 3 | debug: 4 | msg: 5 | - "Tenant action ........................ {{ tenant_action }}" 6 | 7 | # 1. Perform the selected action 8 | # ----------------------------------------------------------------------------- 9 | # Two actions are supported: 10 | # - install 11 | 12 | - include_tasks: "tenant/{{ tenant_action }}/main.yml" 13 | when: 14 | - tenant_action != "none" 15 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/aibroker_tenant/tasks/watsonx/install/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Create WatsonX secret 3 | kubernetes.core.k8s: 4 | state: present 5 | template: "templates/watsonx/secret.yml.j2" 6 | loop: 7 | - "{{ aibroker_namespace }}" 8 | - "{{ tenantNamespace }}" 9 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/aibroker_tenant/tasks/watsonx/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "Watsonx: Debug properties" 3 | debug: 4 | msg: 5 | - "Watsonx action ........................ {{ mas_aibroker_watsonx_action }}" 6 | 7 | # 1. Perform the selected action 8 | # ----------------------------------------------------------------------------- 9 | # Two actions are supported: 10 | # - install 11 | # - remove 12 | - include_tasks: "watsonx/{{ mas_aibroker_watsonx_action }}/main.yml" 13 | when: 14 | - mas_aibroker_watsonx_action != "none" 15 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/aibroker_tenant/tasks/watsonx/remove/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Delete WatsonX secret 3 | kubernetes.core.k8s: 4 | api_version: v1 5 | kind: Secret 6 | name: "{{ mas_aibroker_watsonxai_secret }}" 7 | state: absent 8 | namespace: "{{ item }}" 9 | loop: 10 | - "{{ aibroker_namespace }}" 11 | - "{{ tenantNamespace }}" 12 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/aibroker_tenant/templates/tenant/ingress-allow-isvc.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | kind: NetworkPolicy 3 | apiVersion: networking.k8s.io/v1 4 | metadata: 5 | name: allow-to-isvc 6 | namespace: "{{ tenantNamespace }}" 7 | spec: 8 | podSelector: 9 | matchLabels: 10 | component: predictor 11 | ingress: 12 | - {} 13 | policyTypes: 14 | - Ingress 15 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/ansible_version_check/README.md: -------------------------------------------------------------------------------- 1 | ansible_version_check 2 | ====================== 3 | 4 | Internal-use role that all other roles in the collection declare a dependency upon to ensure that the minimum supported level of Ansible is used. 5 | 6 | License 7 | ------- 8 | 9 | EPL-2.0 10 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/ansible_version_check/defaults/main.yaml: -------------------------------------------------------------------------------- 1 | required_ansible_version: 2.10.3 2 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/ansible_version_check/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: Andre Marcelino (@andrercm) 3 | description: Internal-use role that all other roles in the collection declare a dependency upon to ensure that the minimum supported level of Ansible is used. 4 | 5 | license: EPL-2.0 6 | 7 | min_ansible_version: 2.10 8 | 9 | platforms: 10 | - name: GenericLinux 11 | versions: 12 | - all 13 | 14 | galaxy_tags: 15 | - ibm 16 | - mas 17 | - devops 18 | 19 | dependencies: [] 20 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/ansible_version_check/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: Verify minimum Ansible version is {{ required_ansible_version }} 2 | assert: 3 | that: "ansible_version.full is version_compare(required_ansible_version, '>=')" 4 | fail_msg: "This collection is only supported on Ansible version {{ required_ansible_version }} or greater, your current Ansible version is {{ ansible_version.full }}" 5 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/appconnect/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: Andre Marcelino (@andrercm) 3 | description: Deploy IBM AppConnect configured for IBM Maximo Application Suite 4 | 5 | license: EPL-2.0 6 | 7 | min_ansible_version: 2.10 8 | 9 | platforms: 10 | - name: GenericLinux 11 | versions: 12 | - all 13 | 14 | galaxy_tags: 15 | - ibm 16 | - mas 17 | - devops 18 | - appconnect 19 | 20 | dependencies: 21 | - role: ibm.mas_devops.ansible_version_check 22 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/appconnect/tasks/appconnectcfg.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Write out the config to the local filesystem 3 | # ----------------------------------------------------------------------------- 4 | - name: Copy MAS AppConnect configuration to filesytem 5 | ansible.builtin.template: 6 | src: appconnectcfg.yml.j2 7 | dest: "{{ mas_config_dir }}/appconnect-{{mas_instance_id}}-addons.yml" 8 | mode: "664" 9 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/appconnect/templates/operator-group.yml.j2: -------------------------------------------------------------------------------- 1 | apiVersion: operators.coreos.com/v1 2 | kind: OperatorGroup 3 | metadata: 4 | name: app-connect-operator-group 5 | namespace: "{{ appconnect_namespace }}" 6 | {% if custom_labels is defined and custom_labels.items() %} 7 | labels: 8 | {% for key, value in custom_labels.items() %} 9 | "{{ key }}": "{{ value }}" 10 | {% endfor %} 11 | {% endif %} 12 | spec: 13 | targetNamespaces: 14 | - "{{ appconnect_namespace }}" 15 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/arcgis/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: Andre Marcelino (@andrercm) 3 | description: Deploy IBM Maximo Location Services for Esri for IBM Maximo Application Suite 4 | 5 | license: EPL-2.0 6 | 7 | min_ansible_version: 2.10 8 | 9 | platforms: 10 | - name: GenericLinux 11 | versions: 12 | - all 13 | 14 | galaxy_tags: 15 | - ibm 16 | - mas 17 | - devops 18 | - arcgis 19 | 20 | dependencies: 21 | - role: ibm.mas_devops.ansible_version_check 22 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/arcgis/templates/arcgisapp.yml.j2: -------------------------------------------------------------------------------- 1 | # ArcGISApp configuration 2 | 3 | apiVersion: apps.mas.ibm.com/v1 4 | kind: ArcGISApp 5 | metadata: 6 | name: "{{ mas_instance_id }}" 7 | namespace: "{{ mas_arcgis_namespace }}" 8 | labels: 9 | mas.ibm.com/applicationId: arcgis 10 | mas.ibm.com/instanceId: "{{ mas_instance_id }}" 11 | spec: {} 12 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/arcgis/templates/arcgisws.yml.j2: -------------------------------------------------------------------------------- 1 | # ArcGISWorkspace configuration 2 | --- 3 | apiVersion: apps.mas.ibm.com/v1 4 | kind: ArcGISWorkspace 5 | metadata: 6 | name: "{{ mas_instance_id }}" 7 | namespace: "{{ mas_arcgis_namespace }}" 8 | labels: 9 | mas.ibm.com/applicationId: arcgis 10 | mas.ibm.com/instanceId: "{{ mas_instance_id }}" 11 | spec: {} 12 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/arcgis/templates/namespace.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: "{{ mas_arcgis_namespace }}" 6 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/aws_bucket_access_point/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | aws_access_point_region: "{{ lookup('env', 'AWS_REGION') | default('us-east-2', True) }}" 3 | aws_access_point_bucket_name: "{{ lookup('env', 'COS_BUCKET_NAME') }}" 4 | aws_access_point_name: "{{ lookup('env', 'AWS_ACCESS_POINT_NAME') | default('access-point-c1', True) }}" 5 | aws_access_point_username: "{{ lookup('env', 'AWS_ACCESS_POINT_USERNAME') }}" 6 | aws_access_point_policy_actions: 7 | - "s3:GetObject" 8 | - "s3:ListBucket" 9 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/aws_bucket_access_point/files/ap-policy.json.j2: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Principal": { 7 | "AWS": "{{ aws_access_point_username_arn }}" 8 | }, 9 | "Action": {{ aws_access_point_policy_actions | to_json }}, 10 | "Resource": [ 11 | "{{ aws_access_point_arn }}/object/*", 12 | "{{ aws_access_point_arn }}" 13 | ] 14 | } 15 | ] 16 | } 17 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/aws_bucket_access_point/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: André Marcelino (@andrercm) 3 | description: Creates an AWS access point and associates it with the specified S3 bucket in the targeted AWS account. 4 | 5 | company: IBM 6 | 7 | license: EPL-2.0 8 | 9 | min_ansible_version: 2.10 10 | 11 | platforms: 12 | - name: GenericLinux 13 | versions: 14 | - all 15 | 16 | galaxy_tags: 17 | - ibm 18 | - mas 19 | - devops 20 | - rhocp 21 | 22 | dependencies: 23 | - role: ibm.mas_devops.ansible_version_check 24 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/aws_documentdb_user/templates/change_user_password.js.j2: -------------------------------------------------------------------------------- 1 | db.changeUserPassword("{{docdb_instance_username}}", "{{docdb_instance_password}}") 2 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/aws_documentdb_user/templates/docdb_instance_user_credentials_secret.yaml.j2: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | type: Opaque 4 | metadata: 5 | name: "{{ docdb_instance_credentials_secret_name }}" 6 | data: 7 | docdb_username: "{{ docdb_instance_username | b64encode }}" 8 | docdb_password: "{{ docdb_instance_password | b64encode }}" 9 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/aws_documentdb_user/templates/drop_user.js.j2: -------------------------------------------------------------------------------- 1 | db.dropUser("{{docdb_instance_username}}") -------------------------------------------------------------------------------- /ibm/mas_devops/roles/aws_documentdb_user/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # vars file for docdb 3 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/aws_policy/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | aws_policy_name: "{{ lookup('env', 'AWS_POLICY_NAME') }}" 3 | aws_policy_json_file_path_local: "{{ lookup('env', 'AWS_POLICY_JSON_FILE_PATH_LOCAL') }}" 4 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/aws_policy/files/policy-template-sample.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": ["s3:GetObject", "s3:ListBucket"], 7 | "Resource": [ 8 | "arn:aws:s3:us-east-2:435377327995:accesspoint/access-point-c1/object/*", 9 | "arn:aws:s3:us-east-2:435377327995:accesspoint/access-point-c1" 10 | ] 11 | } 12 | ] 13 | } 14 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/aws_policy/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: André Marcelino (@andrercm) 3 | description: Creates AWS policy 4 | company: IBM 5 | 6 | license: EPL-2.0 7 | 8 | min_ansible_version: 2.10 9 | 10 | platforms: 11 | - name: GenericLinux 12 | versions: 13 | - all 14 | 15 | galaxy_tags: 16 | - ibm 17 | - mas 18 | - devops 19 | - rhocp 20 | 21 | dependencies: 22 | - role: ibm.mas_devops.ansible_version_check 23 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/aws_route53/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: André Marcelino (@andrercm) 3 | description: Create a new public Hosted Zone in AWS Route53 for domain management. 4 | company: IBM 5 | 6 | license: EPL-2.0 7 | 8 | min_ansible_version: 2.10 9 | 10 | platforms: 11 | - name: GenericLinux 12 | versions: 13 | - all 14 | 15 | galaxy_tags: 16 | - ibm 17 | - mas 18 | - devops 19 | - dns 20 | 21 | dependencies: 22 | - role: ibm.mas_devops.ansible_version_check 23 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/aws_user_creation/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | aws_username: "{{ lookup('env', 'AWS_USERNAME') }}" 3 | aws_username_access_key_id: "{{ lookup('env', 'AWS_USERNAME_ACCESS_KEY_ID') }}" 4 | aws_username_secret_access_key: "{{ lookup('env', 'AWS_USERNAME_SECRET_ACCESS_KEY') }}" 5 | aws_username_create_access_key_flag: "{{ lookup('env', 'AWS_USERNAME_CREATE_ACCESS_KEY_FLAG') | default(True, True) | bool }}" 6 | aws_policy_arn: "{{ lookup('env', 'AWS_POLICY_ARN') }}" 7 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/aws_user_creation/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: André Marcelino (@andrercm) 3 | description: Creates AWS username 4 | company: IBM 5 | 6 | license: EPL-2.0 7 | 8 | min_ansible_version: 2.10 9 | 10 | platforms: 11 | - name: GenericLinux 12 | versions: 13 | - all 14 | 15 | galaxy_tags: 16 | - ibm 17 | - mas 18 | - devops 19 | - rhocp 20 | 21 | dependencies: 22 | - role: ibm.mas_devops.ansible_version_check 23 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/aws_vpc/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | mas_config_dir: "{{ lookup('env', 'MAS_CONFIG_DIR') }}" 3 | #vars for aws 4 | aws_access_key_id: "{{ lookup('env', 'AWS_ACCESS_KEY_ID') }}" 5 | aws_secret_access_key: "{{ lookup('env', 'AWS_SECRET_ACCESS_KEY') }}" 6 | aws_region: "{{ lookup('env', 'AWS_REGION') | default('us-east-1', True) }}" 7 | #vars for vpc 8 | vpc_action: "{{ lookup('env', 'VPC_ACTION') | default('provision', True) }}" #value: provision/deprovision 9 | vpc_cidr: "{{ lookup('env','VPC_CIDR') }}" 10 | vpc_name: "{{ lookup('env','VPC_NAME') }}" 11 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/aws_vpc/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: Ashish Mahawal (@ashish-mahawal1) 3 | description: Creates AWS VPC 4 | company: IBM 5 | 6 | license: EPL-2.0 7 | 8 | min_ansible_version: 2.10 9 | 10 | platforms: 11 | - name: GenericLinux 12 | versions: 13 | - all 14 | 15 | galaxy_tags: 16 | - ibm 17 | - mas 18 | - devops 19 | - rhocp 20 | 21 | dependencies: 22 | - role: ibm.mas_devops.ansible_version_check 23 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/aws_vpc/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Fail if vpc_action is not defined 3 | assert: 4 | that: 5 | - vpc_action is defined and vpc_action != '' 6 | fail_msg: "property vpc_action is required" 7 | 8 | # 1. Create or Destroy VPC 9 | # --------------------------------------------------------- 10 | - name: "{{ vpc_action }} VPC on AWS Cloud in Region {{ aws_region }}" 11 | include_tasks: "{{vpc_action}}.yml" 12 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/aws_vpc/templates/vpc_configmap.yml.j2: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: vpc-{{ vpc_name }} 5 | finalizers: 6 | - kubernetes 7 | data: 8 | id: {{ vpc_id }} 9 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/cert_manager/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: David Parker (@durera) & André Marcelino (@andrercm) 3 | description: Deploy cert-manager operator 4 | company: IBM 5 | 6 | license: EPL-2.0 7 | 8 | min_ansible_version: 2.10 9 | 10 | platforms: 11 | - name: GenericLinux 12 | versions: 13 | - all 14 | 15 | galaxy_tags: 16 | - ibm 17 | - mas 18 | - devops 19 | - rhocp 20 | 21 | dependencies: 22 | - role: ibm.mas_devops.ansible_version_check 23 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/cert_manager/templates/ibm/ibm-cert-manager.yml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: operator.ibm.com/v1alpha1 3 | kind: OperandRequest 4 | metadata: 5 | name: common-service 6 | namespace: ibm-common-services 7 | spec: 8 | requests: 9 | - operands: 10 | - name: ibm-cert-manager-operator 11 | registry: common-service 12 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/cert_manager/templates/redhat/ibm-cpp-configmap.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | kind: ConfigMap 3 | apiVersion: v1 4 | metadata: 5 | name: ibm-cpp-config 6 | namespace: ibm-common-services 7 | data: 8 | deployCSCertManagerOperands: "false" 9 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/cis/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: Ashish Mahawal 3 | description: Provision or deprovision cloud internet services (cis) on ibmcloud 4 | company: IBM 5 | 6 | license: EPL-2.0 7 | 8 | min_ansible_version: 2.10 9 | 10 | platforms: 11 | - name: GenericLinux 12 | versions: 13 | - all 14 | 15 | galaxy_tags: 16 | - ibm 17 | - mas 18 | - devops 19 | - rhocp 20 | 21 | dependencies: 22 | - role: ibm.mas_devops.ansible_version_check 23 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/cis/templates/cis_output.yml.j2: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: "{{ cluster_name }}-cis-{{mas_instance_id}}" 5 | data: 6 | customer_cis_crn: "{{ cis_info.resource.id }}" 7 | customer_cis_domain: "{{ domain_info.resource.id }}" 8 | customer_cis_nameservers: "{{ domain_info.resource.name_servers }}" -------------------------------------------------------------------------------- /ibm/mas_devops/roles/common_services/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | common_services_action: "{{ lookup('env', 'COMMON_SERVICES_ACTION') | default('install', true) }}" 3 | 4 | common_services_catalog_source: "{{ lookup('env', 'COMMON_SERVICES_CATALOG_SOURCE') | default('ibm-operator-catalog', true) }}" 5 | common_services_channel: "{{ lookup('env', 'COMMON_SERVICES_CHANNEL') | default('', true) }}" 6 | is_v4_installed: false 7 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/common_services/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: David Parker (@durera) 3 | description: Setup IBM Common Services in the target OCP cluster 4 | company: IBM 5 | 6 | license: EPL-2.0 7 | 8 | min_ansible_version: 2.10 9 | 10 | platforms: 11 | - name: GenericLinux 12 | versions: 13 | - all 14 | 15 | galaxy_tags: 16 | - ibm 17 | - mas 18 | - devops 19 | - rhocp 20 | 21 | dependencies: 22 | - role: ibm.mas_devops.ansible_version_check 23 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/common_services/templates/namespace.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: ibm-common-services 6 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/configure_manage_eventstreams/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: Ashish Mahawal (@ashish-mahawal1) 3 | description: Configures MAS Manage with IBM Cloud Eventstreams 4 | company: IBM 5 | 6 | license: EPL-2.0 7 | 8 | min_ansible_version: 2.10 9 | 10 | platforms: 11 | - name: GenericLinux 12 | versions: 13 | - all 14 | 15 | galaxy_tags: 16 | - ibm 17 | - mas 18 | - devops 19 | - rhocp 20 | 21 | dependencies: 22 | - role: ibm.mas_devops.ansible_version_check 23 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/configure_manage_eventstreams/templates/system_properties.yaml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: "{{ mas_app_ws_apiversion }}" 3 | kind: "{{ mas_app_ws_kind }}" 4 | metadata: 5 | name: "{{ mas_instance_id }}-{{ mas_workspace_id }}" 6 | namespace: "{{ mas_app_namespace }}" 7 | spec: 8 | settings: 9 | deployment: 10 | serverBundles: 11 | {{systemServerBundles}} -------------------------------------------------------------------------------- /ibm/mas_devops/roles/cos/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: Yong Chao Li 3 | description: Configure ceph object storage or ibm cloud object storage for MAS Assist 4 | company: IBM 5 | 6 | license: EPL-2.0 7 | 8 | min_ansible_version: 2.10 9 | 10 | platforms: 11 | - name: GenericLinux 12 | versions: 13 | - all 14 | 15 | galaxy_tags: 16 | - ibm 17 | - mas 18 | - devops 19 | - rhocp 20 | 21 | dependencies: 22 | - role: ibm.mas_devops.ansible_version_check 23 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/cos/templates/ocs/objectuser.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: ceph.rook.io/v1 2 | kind: CephObjectStoreUser 3 | metadata: 4 | name: object 5 | namespace: openshift-storage 6 | spec: 7 | store: object 8 | displayName: s3-user3 9 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/cos/templates/ocs/ocs-certs.yml.j2: -------------------------------------------------------------------------------- 1 | {% for crt in ocscos_tls_crt %} 2 | - alias: "part{{ loop.index }}" 3 | crt: | 4 | {{ crt | indent(width=4, first=False) }} 5 | {% endfor %} 6 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/cos/templates/ocs/rgw.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: route.openshift.io/v1 2 | kind: Route 3 | metadata: 4 | labels: 5 | app: rook-ceph-rgw 6 | ceph_daemon_id: object 7 | rgw: object 8 | rook_cluster: openshift-storage 9 | rook_object_store: object 10 | name: rgw 11 | namespace: openshift-storage 12 | spec: 13 | host: "{{ cos_domain }}" 14 | port: 15 | targetPort: http 16 | tls: 17 | termination: edge 18 | to: 19 | kind: Service 20 | name: rook-ceph-rgw-object 21 | weight: 100 22 | wildcardPolicy: None 23 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/cos_bucket/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: André Marcelino (@andrercm) 3 | description: Configure cloud object storage buckets 4 | company: IBM 5 | 6 | license: EPL-2.0 7 | 8 | min_ansible_version: 2.10 9 | 10 | platforms: 11 | - name: GenericLinux 12 | versions: 13 | - all 14 | 15 | galaxy_tags: 16 | - ibm 17 | - mas 18 | - devops 19 | - rhocp 20 | 21 | dependencies: 22 | - role: ibm.mas_devops.ansible_version_check 23 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/cp4d/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: David Parker (@durera) 3 | description: Deploy IBM CloudPak for Data v4 in support of IBM Maximo Application Suite 4 | company: IBM 5 | 6 | license: EPL-2.0 7 | 8 | min_ansible_version: 2.10 9 | 10 | platforms: 11 | - name: GenericLinux 12 | versions: 13 | - all 14 | 15 | galaxy_tags: 16 | - ibm 17 | - mas 18 | - devops 19 | - cp4d 20 | 21 | dependencies: 22 | - role: ibm.mas_devops.ansible_version_check 23 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/cp4d/templates/catalog_sources/definition.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: operators.coreos.com/v1alpha1 3 | kind: CatalogSource 4 | metadata: 5 | name: "{{ cpd_catalog_name }}" 6 | namespace: "{{ cpd_operators_namespace }}" 7 | spec: 8 | displayName: "{{ cpd_catalog_display_name }}" 9 | image: "{{ cpd_catalog_registry }}/{{ cpd_catalog_operator_name }}@{{ cpd_catalog_digest }}" 10 | publisher: IBM 11 | sourceType: grpc 12 | updateStrategy: 13 | registryPoll: 14 | interval: 30m0s 15 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/cp4d/templates/cpd_platform/namespaces.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: "{{ cpd_operators_namespace }}" 6 | --- 7 | apiVersion: v1 8 | kind: Namespace 9 | metadata: 10 | name: "{{ cpd_instance_namespace }}" 11 | {% if cpd_minor_version is version('4.6','>') %} # only need cs-control namespace if installing CPD 4.8.x and above 12 | --- 13 | apiVersion: v1 14 | kind: Namespace 15 | metadata: 16 | name: "{{ cpd_cs_control_namespace }}" 17 | {% endif %} 18 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/cp4d/templates/cpd_platform/subscription.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: operators.coreos.com/v1alpha1 3 | kind: Subscription 4 | metadata: 5 | name: cpd-operator 6 | namespace: "{{ cpd_operators_namespace }}" 7 | spec: 8 | channel: "{{ cpd_channel }}" 9 | installPlanApproval: Automatic 10 | name: cpd-platform-operator 11 | source: "{{ cpd_catalog_source_name }}" 12 | sourceNamespace: "{{ cpd_catalog_source_namespace }}" 13 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/cp4d/templates/cpfs/common-service-maps-cm.yml.j2: -------------------------------------------------------------------------------- 1 | kind: ConfigMap 2 | apiVersion: v1 3 | metadata: 4 | name: common-service-maps 5 | namespace: kube-public 6 | labels: 7 | operator.ibm.com/managedByCsOperator: 'true' 8 | data: 9 | common-service-maps.yaml: | 10 | controlNamespace: {{ cpd_cs_control_namespace }} 11 | namespaceMapping: 12 | - map-to-common-service-namespace: {{ cpd_instance_namespace }} 13 | requested-from-namespace: 14 | - {{ cpd_instance_namespace }} 15 | - {{ cpd_operators_namespace }} 16 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/cp4d/templates/cpfs/subscription.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: operators.coreos.com/v1alpha1 3 | kind: Subscription 4 | metadata: 5 | name: ibm-common-service-operator 6 | namespace: "{{ cpd_operators_namespace }}" 7 | labels: 8 | operators.coreos.com/ibm-common-service-operator.{{ cpd_operators_namespace }}: '' 9 | spec: 10 | channel: "{{ cpfs_channel }}" 11 | installPlanApproval: Automatic 12 | name: ibm-common-service-operator 13 | source: "{{ cpfs_catalog_source_name }}" 14 | sourceNamespace: "{{ cpfs_catalog_source_namespace }}" 15 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/cp4d/templates/licensing/cr.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: operator.ibm.com/v1alpha1 3 | kind: IBMLicensing 4 | metadata: 5 | name: instance 6 | spec: 7 | datasource: datacollector 8 | httpsEnable: true 9 | license: 10 | accept: true 11 | resources: {} 12 | usageContainer: 13 | resources: {} 14 | version: "{{ cpd_ibm_licensing_version }}" 15 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/cp4d_admin_pwd_update/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: Jonah Luckett (@jonah) 3 | description: Update the password on an existing cp4d instance 4 | company: IBM 5 | 6 | license: EPL-2.0 7 | 8 | min_ansible_version: 2.10 9 | 10 | platforms: 11 | - name: GenericLinux 12 | versions: 13 | - all 14 | 15 | galaxy_tags: 16 | - ibm 17 | - mas 18 | - devops 19 | - cp4d 20 | 21 | dependencies: 22 | - role: ibm.mas_devops.ansible_version_check 23 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/cp4d_admin_pwd_update/tasks/get-cp4d-route.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Get the CP4D Route info from OpenShift 3 | kubernetes.core.k8s_info: 4 | api_version: route.openshift.io/v1 5 | kind: Route 6 | name: "{{ cpd_version is match('3.*') | ternary('mas-cpd-cpd', 'cpd') }}" 7 | namespace: "{{ cp4d_namespace }}" 8 | register: cp4d_route_info 9 | 10 | - debug: var=cp4d_route_info 11 | 12 | - name: Get the CP4D host from Route info and set as cp4d_host 13 | set_fact: 14 | cp4d_host: "{{ cp4d_route_info.resources[0].spec.host }}" 15 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/cp4d_admin_pwd_update/templates/cp4d_admin_credentials_secret.yaml.j2: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | type: Opaque 4 | metadata: 5 | name: "{{ cp4d_admin_credentials_secret_name }}" 6 | data: 7 | cp4d_admin_username: "{{ cp4d_admin_username | b64encode }}" 8 | cp4d_admin_password: "{{ cp4d_admin_password | b64encode }}" 9 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/cp4d_service/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: David Parker (@durera) 3 | description: Install one or more services for IBM CloudPak for Data in support of IBM Maximo Application Suite 4 | company: IBM 5 | 6 | license: EPL-2.0 7 | 8 | min_ansible_version: 2.10 9 | 10 | platforms: 11 | - name: GenericLinux 12 | versions: 13 | - all 14 | 15 | galaxy_tags: 16 | - ibm 17 | - mas 18 | - devops 19 | - cp4d 20 | 21 | dependencies: 22 | - role: ibm.mas_devops.ansible_version_check 23 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/cp4d_service/templates/wd/operandRequest-edb.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | # Cloud Native PostgreSQL operator 3 | apiVersion: operator.ibm.com/v1alpha1 4 | kind: OperandRequest 5 | metadata: 6 | name: common-service-edb 7 | namespace: "ibm-common-services" 8 | spec: 9 | requests: 10 | - operands: 11 | - name: cloud-native-postgresql 12 | registry: common-service 13 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/cp4d_service/templates/wd/storage/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: openshift-storage 6 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/cp4d_service/templates/wsl/create_wsl_project.json.j2: -------------------------------------------------------------------------------- 1 | { 2 | "name": "{{ cpd_wsl_project_name }}", 3 | "description": "{{ cpd_wsl_project_description }}", 4 | "generator": "cp4d-{{ cpd_admin_username }}", 5 | "public": false, 6 | "storage": { 7 | "type": "assetfiles", 8 | "guid": "{{ cpd_wsl_project_storage_guid }}" 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/cp4d_service/templates/wsl/runtimes-py310.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | # For CPD 5.0, we also need to include ibm-cpd-ws-runtime-231-py Notebook Runtimes, based on Python 3.10. 3 | apiVersion: ws.cpd.ibm.com/v1beta1 4 | kind: NotebookRuntime 5 | metadata: 6 | name: "{{ cpd_instance_namespace }}-ws-runtime-231-py" 7 | namespace: "{{ cpd_instance_namespace }}" 8 | spec: 9 | kind: ibm-cpd-ws-runtime-231-py 10 | license: 11 | accept: true 12 | version: "{{ cpd_components_meta.ws_runtimes.cr_version }}" 13 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/cp4d_service/templates/wsl/runtimes-py39.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | # For WSL 4.6, we also need to include Notebook Runtimes for Python 3.9 (This comes by default in WSL 4.5) 3 | apiVersion: ws.cpd.ibm.com/v1beta1 4 | kind: NotebookRuntime 5 | metadata: 6 | name: "{{ cpd_instance_namespace }}-ws-runtime-py39" 7 | namespace: "{{ cpd_instance_namespace }}" 8 | spec: 9 | kind: ibm-cpd-ws-runtime-py39 10 | license: 11 | accept: true 12 | version: "{{ cpd_components_meta.ws_runtimes.cr_version }}" 13 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/db2/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: David Parker (@durera) 3 | description: Deploy IBM Db2 instance configured for IBM Maximo Application Suite 4 | company: IBM 5 | 6 | license: EPL-2.0 7 | 8 | min_ansible_version: 2.10 9 | 10 | platforms: 11 | - name: GenericLinux 12 | versions: 13 | - all 14 | 15 | galaxy_tags: 16 | - ibm 17 | - mas 18 | - devops 19 | - db2 20 | 21 | dependencies: [] 22 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/db2/tasks/after-backup-restore.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Clean up 3 | # ------------------------------------------------------------------------- 4 | - name: "Delete temporary folders" 5 | changed_when: true 6 | shell: > 7 | {{ exec_in_pod_begin }} 8 | rm -f {{ masbr_pod_lock_file }}; 9 | rm -rf {{ db2_pod_temp_folder }}; 10 | rm -rf {{ db2_pvc_temp_folder }} 11 | {{ exec_in_pod_end }} 12 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/db2/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "Run the selected action" 3 | include_tasks: "tasks/{{ db2_action }}/main.yml" 4 | when: 5 | - db2_action != "none" 6 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/db2/templates/certs/ca_issuer.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: cert-manager.io/v1 3 | kind: Issuer 4 | metadata: 5 | name: "db2u-ca-issuer" 6 | namespace: "{{ db2_namespace }}" 7 | spec: 8 | selfSigned: {} 9 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/db2/templates/certs/issuer.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: cert-manager.io/v1 3 | kind: Issuer 4 | metadata: 5 | name: "db2u-issuer" 6 | namespace: "{{ db2_namespace }}" 7 | spec: 8 | ca: 9 | secretName: "db2u-ca" 10 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/db2/templates/db2u_namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: "{{ db2_namespace }}" 6 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/db2/templates/db2u_operandrequest.yml.j2: -------------------------------------------------------------------------------- 1 | apiVersion: operator.ibm.com/v1alpha1 2 | kind: OperandRequest 3 | metadata: 4 | name: db2u-request 5 | namespace: "{{ db2_namespace }}" 6 | spec: 7 | requests: 8 | - operands: 9 | - name: ibm-db2u-operator 10 | registry: common-service 11 | registryNamespace: "{{ ibm_common_services_namespace }}" 12 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/db2/vars/jdbccfg/app.yml.j2: -------------------------------------------------------------------------------- 1 | suite_jdbccfg_name: "{{ mas_instance_id }}-jdbc-app-{{mas_application_id}}" 2 | suite_jdbccfg_labels: 3 | mas.ibm.com/applicationId: "{{ mas_application_id }}" 4 | mas.ibm.com/configScope: application 5 | mas.ibm.com/instanceId: "{{ mas_instance_id }}" 6 | {% if custom_labels is defined and custom_labels.items() %} 7 | {% for key, value in custom_labels.items() %} 8 | "{{ key }}": "{{ value }}" 9 | {% endfor %} 10 | {% endif %} 11 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/db2/vars/jdbccfg/system.yml.j2: -------------------------------------------------------------------------------- 1 | suite_jdbccfg_name: "{{ mas_instance_id }}-jdbc-system" 2 | suite_jdbccfg_labels: 3 | mas.ibm.com/configScope: system 4 | mas.ibm.com/instanceId: "{{ mas_instance_id }}" 5 | {% if custom_labels is defined and custom_labels.items() %} 6 | {% for key, value in custom_labels.items() %} 7 | "{{ key }}": "{{ value }}" 8 | {% endfor %} 9 | {% endif %} 10 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/db2/vars/jdbccfg/ws.yml.j2: -------------------------------------------------------------------------------- 1 | suite_jdbccfg_name: "{{ mas_instance_id }}-jdbc-ws-{{mas_workspace_id}}" 2 | suite_jdbccfg_labels: 3 | mas.ibm.com/configScope: workspace-application 4 | mas.ibm.com/instanceId: "{{ mas_instance_id }}" 5 | mas.ibm.com/workspaceId: "{{ mas_workspace_id }}" 6 | {% if custom_labels is defined and custom_labels.items() %} 7 | {% for key, value in custom_labels.items() %} 8 | "{{ key }}": "{{ value }}" 9 | {% endfor %} 10 | {% endif %} 11 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/db2/vars/jdbccfg/wsapp.yml.j2: -------------------------------------------------------------------------------- 1 | suite_jdbccfg_name: "{{ mas_instance_id }}-jdbc-wsapp-{{mas_workspace_id}}-{{mas_application_id}}" 2 | suite_jdbccfg_labels: 3 | mas.ibm.com/applicationId: "{{ mas_application_id }}" 4 | mas.ibm.com/configScope: workspace-application 5 | mas.ibm.com/instanceId: "{{ mas_instance_id }}" 6 | mas.ibm.com/workspaceId: "{{ mas_workspace_id }}" 7 | {% if custom_labels is defined and custom_labels.items() %} 8 | {% for key, value in custom_labels.items() %} 9 | "{{ key }}": "{{ value }}" 10 | {% endfor %} 11 | {% endif %} 12 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/dro/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: Yuvraj Vansure 3 | description: Deploy User Data Services configured for IBM Maximo Application Suite 4 | 5 | license: EPL-2.0 6 | 7 | min_ansible_version: 2.10 8 | 9 | platforms: 10 | - name: GenericLinux 11 | versions: 12 | - all 13 | 14 | galaxy_tags: 15 | - ibm 16 | - mas 17 | - devops 18 | - dro 19 | 20 | dependencies: 21 | - role: ibm.mas_devops.ansible_version_check 22 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/dro/templates/MarketplaceConfig-cr.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | # Create MarketplaceConfig CR - Set Accept License to True and installIBMCatalogSource to False 3 | apiVersion: marketplace.redhat.com/v1alpha1 4 | kind: MarketplaceConfig 5 | metadata: 6 | name: marketplaceconfig 7 | namespace: "{{ dro_namespace }}" 8 | spec: 9 | installIBMCatalogSource: false 10 | isDisconnected: {{ airgap_install }} 11 | license: 12 | accept: true 13 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/dro/templates/dro-certs.yml.j2: -------------------------------------------------------------------------------- 1 | {% for crt in dro_tls_crt %} 2 | - alias: "part{{ loop.index }}" 3 | crt: | 4 | {{ crt | indent(width=4, first=False) }} 5 | {% endfor %} 6 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/dro/templates/operatorgroup.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: "{{ dro_namespace }}" 6 | {% if og_info.resources |length ==0 %} 7 | --- 8 | apiVersion: operators.coreos.com/v1alpha2 9 | kind: OperatorGroup 10 | metadata: 11 | name: operatorgroup 12 | namespace: "{{ dro_namespace }}" 13 | spec: 14 | targetNamespaces: 15 | - "{{ dro_namespace }}" 16 | {% endif %} 17 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/dro/templates/rhm-pull-secret.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | # Create Marketplace pull secret 3 | kind: Secret 4 | apiVersion: v1 5 | metadata: 6 | name: "redhat-marketplace-pull-secret" 7 | namespace: "{{ dro_namespace }}" 8 | data: 9 | PULL_SECRET: "{{ibm_entitlement_key | b64encode}}" 10 | type: Opaque 11 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/dro/templates/subscription/dro_subscription.yml: -------------------------------------------------------------------------------- 1 | apiVersion: operators.coreos.com/v1alpha1 2 | kind: Subscription 3 | metadata: 4 | name: ibm-data-reporter-operator 5 | namespace: "{{ dro_namespace }}" 6 | labels: 7 | app.kubernetes.io/name: dro 8 | spec: 9 | channel: stable 10 | installPlanApproval: Automatic 11 | name: ibm-data-reporter-operator 12 | source: "{{ dro_source }}" 13 | sourceNamespace: "{{ dro_source_namespace }}" 14 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/dro/templates/subscription/imo_subscription.yml: -------------------------------------------------------------------------------- 1 | apiVersion: operators.coreos.com/v1alpha1 2 | kind: Subscription 3 | metadata: 4 | name: ibm-metrics-operator 5 | namespace: "{{ dro_namespace }}" 6 | labels: 7 | app.kubernetes.io/name: imo 8 | spec: 9 | channel: stable 10 | installPlanApproval: Automatic 11 | name: ibm-metrics-operator 12 | source: "{{ imo_source }}" 13 | sourceNamespace: "{{ imo_source_namespace }}" 14 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/eck/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: David Parker (@durera) 3 | description: Deploy Elastic Cloud on Kubernetes 4 | company: IBM 5 | 6 | license: EPL-2.0 7 | 8 | min_ansible_version: 2.10 9 | 10 | platforms: 11 | - name: GenericLinux 12 | versions: 13 | - all 14 | 15 | galaxy_tags: 16 | - ibm 17 | - mas 18 | - devops 19 | - elastic 20 | - elasticsearch 21 | - kibana 22 | - eck 23 | 24 | dependencies: 25 | - role: ibm.mas_devops.ansible_version_check 26 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/eck/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # TODO: Support uninstall & update actions 3 | - name: "Run desired action" 4 | when: eck_action in ['install'] 5 | include_tasks: "{{ eck_action }}.yml" 6 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/eck/templates/elastic/cert-elasticsearch.yml.j2: -------------------------------------------------------------------------------- 1 | apiVersion: cert-manager.io/v1 2 | kind: Certificate 3 | metadata: 4 | name: elasticsearch-le-prod 5 | namespace: "{{ es_namespace }}" 6 | spec: 7 | commonName: "{{ es_domain }}" 8 | dnsNames: 9 | - "{{ es_domain }}" 10 | issuerRef: 11 | kind: Issuer 12 | name: letsencrypt-prod 13 | privateKey: 14 | rotationPolicy: Always 15 | secretName: elasticsearch-le-prod-tls 16 | usages: 17 | - digital signature 18 | - key encipherment 19 | - server auth 20 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/eck/templates/elastic/cert-kibana.yml.j2: -------------------------------------------------------------------------------- 1 | apiVersion: cert-manager.io/v1 2 | kind: Certificate 3 | metadata: 4 | name: kibana-le-prod 5 | namespace: "{{ es_namespace }}" 6 | spec: 7 | commonName: "{{ kibana_domain }}" 8 | dnsNames: 9 | - "{{ kibana_domain }}" 10 | issuerRef: 11 | kind: Issuer 12 | name: letsencrypt-prod 13 | privateKey: 14 | rotationPolicy: Always 15 | secretName: kibana-le-prod-tls 16 | usages: 17 | - digital signature 18 | - key encipherment 19 | - server auth 20 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/eck/templates/elastic/issuer-letsencrypt.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: cert-manager.io/v1 3 | kind: Issuer 4 | metadata: 5 | name: letsencrypt-prod 6 | namespace: "{{ es_namespace }}" 7 | spec: 8 | acme: 9 | email: "{{ letsencrypt_email }}" 10 | preferredChain: "" 11 | privateKeySecretRef: 12 | name: letsencrypt-prod 13 | server: https://acme-v02.api.letsencrypt.org/directory 14 | solvers: 15 | - http01: 16 | ingress: 17 | ingressClassName: openshift-default -------------------------------------------------------------------------------- /ibm/mas_devops/roles/eck/templates/elastic/namespace.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: "{{ es_namespace }}" 6 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/eck/templates/elastic/route-elasticsearch.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | kind: Route 3 | apiVersion: route.openshift.io/v1 4 | metadata: 5 | name: "es-{{ es_name | lower }}" 6 | namespace: "{{ es_namespace }}" 7 | spec: 8 | host: "{{ es_domain }}" 9 | to: 10 | kind: Service 11 | name: mas-es-http 12 | weight: 100 13 | port: 14 | targetPort: 9200 15 | tls: 16 | termination: passthrough 17 | wildcardPolicy: None 18 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/eck/templates/elastic/route-kibana.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | kind: Route 3 | apiVersion: route.openshift.io/v1 4 | metadata: 5 | name: "kb-{{ kibana_name | lower }}" 6 | namespace: "{{ es_namespace }}" 7 | spec: 8 | host: "{{ kibana_domain }}" 9 | to: 10 | kind: Service 11 | name: mas-kb-http 12 | weight: 100 13 | port: 14 | targetPort: 5601 15 | tls: 16 | termination: passthrough 17 | wildcardPolicy: None 18 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/eck/templates/elastic/sa-filebeat.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: filebeat 6 | namespace: "{{ es_namespace }}" 7 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/eck/templates/elastic/sa-logstash.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: logstash 6 | namespace: "{{ logstash_namespace }}" 7 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/eck/templates/elastic/secret-elasticsearch-roles.yml.j2: -------------------------------------------------------------------------------- 1 | kind: Secret 2 | apiVersion: v1 3 | metadata: 4 | name: elasticsearch-roles 5 | namespace: {{ es_namespace }} 6 | stringData: 7 | roles.yml: |- 8 | eck_logstash_user_role: 9 | cluster: [ "monitor", "manage_ilm", "read_ilm", "manage_logstash_pipelines", "manage_index_templates", "cluster:admin/ingest/pipeline/get"] 10 | indices: 11 | - names: [ "mas-*" ] 12 | privileges: [ "manage", "write", "create_index", "read", "view_index_metadata" ] 13 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/eck/templates/subscription.yml.j2: -------------------------------------------------------------------------------- 1 | apiVersion: operators.coreos.com/v1alpha1 2 | kind: Subscription 3 | metadata: 4 | name: "{{ eck_package }}" 5 | namespace: openshift-operators 6 | spec: 7 | channel: "{{ eck_default_channel }}" 8 | installPlanApproval: Automatic 9 | name: "{{ eck_package }}" 10 | source: "{{ eck_source }}" 11 | sourceNamespace: "{{ eck_source_namespace }}" 12 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/entitlement_key_rotation/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: André Marcelino (@andrercm) 3 | description: Rotate Entitlement Key across MAS related namespaces. 4 | company: IBM 5 | 6 | license: EPL-2.0 7 | 8 | min_ansible_version: 2.10 9 | 10 | platforms: 11 | - name: GenericLinux 12 | versions: 13 | - all 14 | 15 | galaxy_tags: 16 | - ibm 17 | - mas 18 | - devops 19 | - entitlement_key 20 | 21 | dependencies: 22 | - role: ibm.mas_devops.ansible_version_check 23 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/gencfg_jdbc/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: David Parker (@durera) 3 | description: Apply one or more configurations to a running MAS system 4 | company: IBM 5 | 6 | license: EPL-2.0 7 | 8 | min_ansible_version: 2.10 9 | 10 | platforms: 11 | - name: GenericLinux 12 | versions: 13 | - all 14 | 15 | galaxy_tags: 16 | - ibm 17 | - mas 18 | - devops 19 | - rhocp 20 | 21 | dependencies: 22 | - role: ibm.mas_devops.ansible_version_check 23 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/gencfg_jdbc/templates/jdbc-certs.yml.j2: -------------------------------------------------------------------------------- 1 | {% for crt in jdbc_tls_crt %} 2 | - alias: "part{{ loop.index }}" 3 | crt: | 4 | {{ crt | indent(width=4, first=False) }} 5 | {% endfor %} 6 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/gencfg_jdbc/vars/jdbccfg/app.yml.j2: -------------------------------------------------------------------------------- 1 | suite_jdbccfg_name: "{{ mas_instance_id }}-jdbc-app-{{mas_application_id}}" 2 | suite_jdbccfg_labels: 3 | mas.ibm.com/applicationId: "{{ mas_application_id }}" 4 | mas.ibm.com/configScope: application 5 | mas.ibm.com/instanceId: "{{ mas_instance_id }}" 6 | {% if custom_labels is defined and custom_labels.items() %} 7 | {% for key, value in custom_labels.items() %} 8 | "{{ key }}": "{{ value }}" 9 | {% endfor %} 10 | {% endif %} 11 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/gencfg_jdbc/vars/jdbccfg/system.yml.j2: -------------------------------------------------------------------------------- 1 | suite_jdbccfg_name: "{{ mas_instance_id }}-jdbc-system" 2 | suite_jdbccfg_labels: 3 | mas.ibm.com/configScope: system 4 | mas.ibm.com/instanceId: "{{ mas_instance_id }}" 5 | {% if custom_labels is defined and custom_labels.items() %} 6 | {% for key, value in custom_labels.items() %} 7 | "{{ key }}": "{{ value }}" 8 | {% endfor %} 9 | {% endif %} 10 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/gencfg_jdbc/vars/jdbccfg/ws.yml.j2: -------------------------------------------------------------------------------- 1 | suite_jdbccfg_name: "{{ mas_instance_id }}-jdbc-ws-{{mas_workspace_id}}" 2 | suite_jdbccfg_labels: 3 | mas.ibm.com/configScope: workspace-application 4 | mas.ibm.com/instanceId: "{{ mas_instance_id }}" 5 | mas.ibm.com/workspaceId: "{{ mas_workspace_id }}" 6 | {% if custom_labels is defined and custom_labels.items() %} 7 | {% for key, value in custom_labels.items() %} 8 | "{{ key }}": "{{ value }}" 9 | {% endfor %} 10 | {% endif %} 11 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/gencfg_jdbc/vars/jdbccfg/wsapp.yml.j2: -------------------------------------------------------------------------------- 1 | suite_jdbccfg_name: "{{ mas_instance_id }}-jdbc-wsapp-{{mas_workspace_id}}-{{mas_application_id}}" 2 | suite_jdbccfg_labels: 3 | mas.ibm.com/applicationId: "{{ mas_application_id }}" 4 | mas.ibm.com/configScope: workspace-application 5 | mas.ibm.com/instanceId: "{{ mas_instance_id }}" 6 | mas.ibm.com/workspaceId: "{{ mas_workspace_id }}" 7 | {% if custom_labels is defined and custom_labels.items() %} 8 | {% for key, value in custom_labels.items() %} 9 | "{{ key }}": "{{ value }}" 10 | {% endfor %} 11 | {% endif %} 12 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/gencfg_mongo/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: Padmanabhan Kosalaram (@pakosal1) 3 | description: Configure an existing Mongo DB instance with a running MAS system. 4 | company: IBM 5 | 6 | license: EPL-2.0 7 | 8 | min_ansible_version: 2.10 9 | 10 | platforms: 11 | - name: GenericLinux 12 | versions: 13 | - all 14 | 15 | galaxy_tags: 16 | - ibm 17 | - mas 18 | - devops 19 | - rhocp 20 | 21 | dependencies: 22 | - role: ibm.mas_devops.ansible_version_check 23 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/gencfg_mongo/templates/mongo-certs.yml.j2: -------------------------------------------------------------------------------- 1 | {% for crt in mongo_tls_crt %} 2 | - alias: "part{{ loop.index }}" 3 | crt: | 4 | {{ crt | indent(width=4, first=False) }} 5 | {% endfor %} 6 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/gencfg_mongo/templates/mongo-hosts.yml.j2: -------------------------------------------------------------------------------- 1 | {% if mongo_hosts_dict is defined and mongo_hosts_dict.items() %} 2 | {% for key, value in mongo_hosts_dict.items() %} 3 | - host: {{ key }} 4 | port: {{ value }} 5 | {% endfor %} 6 | {% endif %} -------------------------------------------------------------------------------- /ibm/mas_devops/roles/gencfg_watsonstudio/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: Rafael Teixeira (ctrafael) 3 | description: Apply one or more configurations to a running MAS system 4 | company: IBM 5 | 6 | license: EPL-2.0 7 | 8 | min_ansible_version: 2.10 9 | 10 | platforms: 11 | - name: GenericLinux 12 | versions: 13 | - all 14 | 15 | galaxy_tags: 16 | - ibm 17 | - mas 18 | - devops 19 | - rhocp 20 | 21 | dependencies: 22 | - role: ibm.mas_devops.ansible_version_check 23 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/gencfg_watsonstudio/vars/wscfg/app.yml: -------------------------------------------------------------------------------- 1 | suite_wscfg_name: "{{ mas_instance_id }}-watsonsudio-app-{{ mas_application_id }}" 2 | suite_wscfg_labels: 3 | mas.ibm.com/configScope: system 4 | mas.ibm.com/instanceId: "{{ mas_instance_id }}" 5 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/gencfg_watsonstudio/vars/wscfg/system.yml: -------------------------------------------------------------------------------- 1 | suite_wscfg_name: "{{ mas_instance_id }}-watsonsudio-system" 2 | suite_wscfg_labels: 3 | mas.ibm.com/configScope: system 4 | mas.ibm.com/instanceId: "{{ mas_instance_id }}" 5 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/gencfg_watsonstudio/vars/wscfg/ws.yml: -------------------------------------------------------------------------------- 1 | suite_wscfg_name: "{{ mas_instance_id }}-watsonsudio-ws-{{ mas_workspace_id }}" 2 | suite_wscfg_labels: 3 | mas.ibm.com/configScope: workspace-application 4 | mas.ibm.com/instanceId: "{{ mas_instance_id }}" 5 | mas.ibm.com/workspaceId: "{{ mas_workspace_id }}" 6 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/gencfg_watsonstudio/vars/wscfg/wsapp.yml: -------------------------------------------------------------------------------- 1 | suite_wscfg_name: "{{ mas_instance_id }}-watsonsudio-wsapp-{{ mas_workspace_id }}-{{ mas_application_id }}" 2 | suite_wscfg_labels: 3 | mas.ibm.com/applicationId: "{{ mas_application_id }}" 4 | mas.ibm.com/configScope: workspace-application 5 | mas.ibm.com/instanceId: "{{ mas_instance_id }}" 6 | mas.ibm.com/workspaceId: "{{ mas_workspace_id }}" 7 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/gencfg_workspace/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | mas_instance_id: "{{ lookup('env', 'MAS_INSTANCE_ID') }}" 3 | mas_workspace_id: "{{ lookup('env', 'MAS_WORKSPACE_ID') }}" 4 | mas_workspace_name: "{{ lookup('env', 'MAS_WORKSPACE_NAME') }}" 5 | 6 | mas_config_dir: "{{ lookup('env', 'MAS_CONFIG_DIR') }}" 7 | 8 | custom_labels: "{{ lookup('env', 'CUSTOM_LABELS') | default(None, true) | string | ibm.mas_devops.string2dict() }}" 9 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/gencfg_workspace/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: David Parker (@durera) 3 | description: Generate a MAS Workspace.core.mas.ibm.com custom resource defintition 4 | company: IBM 5 | 6 | license: EPL-2.0 7 | 8 | min_ansible_version: 2.10 9 | 10 | platforms: 11 | - name: GenericLinux 12 | versions: 13 | - all 14 | 15 | galaxy_tags: 16 | - ibm 17 | - mas 18 | - devops 19 | - rhocp 20 | 21 | dependencies: 22 | - role: ibm.mas_devops.ansible_version_check 23 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/grafana/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: 3 | - David Parker (@durera) 4 | description: Install and Configure Grafana for IBM Maximo Application Suite 5 | company: IBM 6 | 7 | license: EPL-2.0 8 | 9 | min_ansible_version: 2.10 10 | 11 | platforms: 12 | - name: GenericLinux 13 | versions: 14 | - all 15 | 16 | galaxy_tags: 17 | - ibm 18 | - mas 19 | - devops 20 | - rhocp 21 | - grafana 22 | 23 | dependencies: 24 | - { role: ibm.mas_devops.ansible_version_check } 25 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/grafana/templates/cluster-monitoring-config.yml.j2: -------------------------------------------------------------------------------- 1 | # We use to_yaml and trim to ensure formatting, booleans and numbers are represented correctly 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: cluster-monitoring-config 6 | namespace: openshift-monitoring 7 | data: 8 | config.yaml: | 9 | {{ cluster_monitoring_data | to_nice_yaml | indent(4) }} -------------------------------------------------------------------------------- /ibm/mas_devops/roles/ibm_catalogs/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: David Parker (@durera) 3 | description: Install IBM operator catalogs in the target OCP cluster. 4 | company: IBM 5 | 6 | license: EPL-2.0 7 | 8 | min_ansible_version: 2.10 9 | 10 | platforms: 11 | - name: GenericLinux 12 | versions: 13 | - all 14 | 15 | galaxy_tags: 16 | - ibm 17 | - mas 18 | - devops 19 | - rhocp 20 | 21 | dependencies: 22 | - role: ibm.mas_devops.ansible_version_check 23 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/ibm_catalogs/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "Run the selected action" 3 | include_tasks: "tasks/{{ ibm_catalogs_action }}/main.yml" 4 | when: 5 | - ibm_catalogs_action != "none" 6 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/ibm_catalogs/tasks/uninstall/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # 1. Delete the ibm-operator-catalog CatalogSource 3 | # ----------------------------------------------------------------------------- 4 | - name: "Remove the ibm-operator-catalog CatalogSource" 5 | kubernetes.core.k8s: 6 | state: absent 7 | api_version: operators.coreos.com/v1alpha1 8 | kind: CatalogSource 9 | name: ibm-operator-catalog 10 | namespace: openshift-marketplace 11 | wait: true 12 | wait_timeout: 600 # 10 minutes 13 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/ibm_catalogs/templates/offline-catalog.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: operators.coreos.com/v1alpha1 3 | kind: CatalogSource 4 | metadata: 5 | name: ibm-operator-catalog 6 | namespace: openshift-marketplace 7 | spec: 8 | displayName: IBM Maximo Operators ({{ mas_catalog_version }}) 9 | publisher: IBM 10 | description: Offline Catalog Source for IBM Maximo Application Suite 11 | sourceType: grpc 12 | image: icr.io/cpopen/ibm-maximo-operator-catalog@{{ mas_catalog_metadata.catalog_digest }} 13 | priority: 90 14 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/ibmcloud_resource_key/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: Jonah Luckett (@JonahLuckett) 3 | description: Create IBM Cloud resource keys (apikeys for specific services associated to the account) 4 | company: IBM 5 | 6 | license: EPL-2.0 7 | 8 | min_ansible_version: 2.10 9 | 10 | platforms: 11 | - name: GenericLinux 12 | versions: 13 | - all 14 | 15 | galaxy_tags: 16 | - ibm 17 | - mas 18 | - devops 19 | - ibmcloud 20 | 21 | dependencies: 22 | - role: ibm.mas_devops.ansible_version_check 23 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/kafka/files/aws/configuration.txt: -------------------------------------------------------------------------------- 1 | auto.create.topics.enable=false 2 | default.replication.factor=3 3 | min.insync.replicas=2 4 | num.io.threads=8 5 | num.network.threads=5 6 | num.partitions=1 7 | num.replica.fetchers=2 8 | replica.lag.time.max.ms=30000 9 | socket.receive.buffer.bytes=102400 10 | socket.request.max.bytes=104857600 11 | socket.send.buffer.bytes=102400 12 | unclean.leader.election.enable=true 13 | zookeeper.session.timeout.ms=18000 14 | allow.everyone.if.no.acl.found=true -------------------------------------------------------------------------------- /ibm/mas_devops/roles/kafka/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: David Parker (@durera) 3 | description: Deploy Kafka cluster configured for IBM Maximo Application Suite (Using Red Hat AMQStreams operator) 4 | company: IBM 5 | 6 | license: EPL-2.0 7 | 8 | min_ansible_version: 2.10 9 | 10 | platforms: 11 | - name: GenericLinux 12 | versions: 13 | - all 14 | 15 | galaxy_tags: 16 | - ibm 17 | - mas 18 | - devops 19 | - amqstreams 20 | - kafka 21 | 22 | dependencies: 23 | - role: ibm.mas_devops.ansible_version_check 24 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/kafka/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | # 1. Configure Kafka 2 | # --------------------------------------------------------------------------------------------------------------------- 3 | - debug: 4 | msg: 5 | - "Kafka Provider .................. {{ kafka_provider }}" 6 | - "Kafka Action .................... {{ kafka_action }}" 7 | 8 | - name: Provision or Deprovision Kafka Instance 9 | include_tasks: "{{ role_path }}/tasks/provider/{{ kafka_provider }}/{{ kafka_action }}.yml" 10 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/kafka/tasks/provider/redhat/install.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Check if there are any cluster scope kafka already installed 3 | # ------------------------------------------------------------------- 4 | - include_tasks: tasks/provider/redhat/check-kafka-exists.yml 5 | 6 | # Run the install if there's no previous cluster scope kafka installed 7 | - include_tasks: tasks/provider/redhat/install-kafka.yml 8 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/kafka/tasks/provider/strimzi/install.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # To install Strimzi, we'll reuse AMQ Streams install code as essentially both use the same resources 3 | - include_tasks: tasks/provider/redhat/install.yml 4 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/kafka/tasks/provider/strimzi/upgrade.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # To upgrade Strimzi, we'll reuse AMQ Streams upgrade code as essentially both use the same resources 3 | - include_tasks: tasks/provider/redhat/upgrade.yml 4 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/kafka/templates/aws/secretvalues.json.j2: -------------------------------------------------------------------------------- 1 | { 2 | "username": "{{aws_kafka_user_name}}", 3 | "password": "{{aws_kafka_user_password}}" 4 | } -------------------------------------------------------------------------------- /ibm/mas_devops/roles/kafka/templates/ibm/kafka-hosts.yml.j2: -------------------------------------------------------------------------------- 1 | {% for hostport in hostports %} 2 | - host: {{ hostport[0] }} 3 | port: {{ hostport[1] }} 4 | {% endfor %} -------------------------------------------------------------------------------- /ibm/mas_devops/roles/kafka/templates/redhat/dashboards-v5/kafka-exporter.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: grafana.integreatly.org/v1beta1 3 | kind: GrafanaDashboard 4 | metadata: 5 | name: "kafka-jmxexported-metrics" 6 | namespace: "{{ kafka_namespace }}" 7 | spec: 8 | name: "{{ kafka_namespace }}-kafka-jmxexported-metrics" 9 | allowCrossNamespaceImport: true 10 | instanceSelector: 11 | matchLabels: 12 | dashboards: "grafanav5" 13 | json: |- 14 | {{ lookup('file', 'templates/redhat/grafana-json/kafka-exporter.json') | indent(4) }} 15 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/kafka/templates/redhat/dashboards-v5/kafka-zookeeper.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: grafana.integreatly.org/v1beta1 3 | kind: GrafanaDashboard 4 | metadata: 5 | name: "zookeeper-metrics" 6 | namespace: "{{ kafka_namespace }}" 7 | spec: 8 | name: "{{ kafka_namespace }}-zookeeper-metrics" 9 | allowCrossNamespaceImport: true 10 | instanceSelector: 11 | matchLabels: 12 | dashboards: "grafanav5" 13 | json: |- 14 | {{ lookup('file', 'templates/redhat/grafana-json/kafka-zookeeper.json') | indent(4) }} 15 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/kafka/templates/redhat/dashboards-v5/kafka.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: grafana.integreatly.org/v1beta1 3 | kind: GrafanaDashboard 4 | metadata: 5 | name: "kafka-metrics" 6 | namespace: "{{ kafka_namespace }}" 7 | spec: 8 | name: "{{ kafka_namespace }}-kafka-metrics" 9 | allowCrossNamespaceImport: true 10 | instanceSelector: 11 | matchLabels: 12 | dashboards: "grafanav5" 13 | json: |- 14 | {{ lookup('file', 'templates/redhat/grafana-json/kafka.json') | indent(4) }} 15 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/key_rotation/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: Rick Acree (@racree) 3 | description: Create new apikey for user in cloud account. 4 | company: IBM 5 | 6 | license: EPL-2.0 7 | 8 | min_ansible_version: 2.10 9 | 10 | platforms: 11 | - name: GenericLinux 12 | versions: 13 | - all 14 | 15 | galaxy_tags: 16 | - ibm 17 | - mas 18 | - devops 19 | - key_rotation 20 | 21 | dependencies: 22 | - role: ibm.mas_devops.ansible_version_check 23 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/key_rotation/templates/config.j2: -------------------------------------------------------------------------------- 1 | [default] 2 | region = {{ aws_region }} -------------------------------------------------------------------------------- /ibm/mas_devops/roles/key_rotation/templates/credentials.j2: -------------------------------------------------------------------------------- 1 | [default] 2 | aws_access_key_id = {{ keyid_old }} 3 | aws_secret_access_key = {{ secretkey_old }} -------------------------------------------------------------------------------- /ibm/mas_devops/roles/kmodels/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: Karol Czarnecki (@karol-czarnecki) 3 | description: Deploy Kmodels (controller, store, watcher) instances configured for IBM AiBroker 4 | company: IBM 5 | 6 | license: EPL-2.0 7 | 8 | min_ansible_version: 2.10 9 | 10 | platforms: 11 | - name: GenericLinux 12 | versions: 13 | - all 14 | 15 | galaxy_tags: 16 | - ibm 17 | - mas 18 | - devops 19 | 20 | dependencies: 21 | - role: ibm.mas_devops.ansible_version_check 22 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/kmodels/tasks/istio.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "Install istio" 3 | kubernetes.core.k8s: 4 | apply: yes 5 | definition: "{{ lookup('template', 'templates/istio/istio.yml.j2') }}" 6 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/kmodels/tasks/networkpolicies.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "Install network policy: km-instance" 3 | kubernetes.core.k8s: 4 | apply: yes 5 | definition: "{{ lookup('template', 'templates/networkpolicies/km-instance.yml.j2') }}" 6 | 7 | - name: "Install network policy: ds-pipelines-km-instance" 8 | kubernetes.core.k8s: 9 | apply: yes 10 | definition: "{{ lookup('template', 'templates/networkpolicies/ds-pipelines-km-instance.j2') }}" 11 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/kmodels/tasks/store.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "Install store config map" 3 | kubernetes.core.k8s: 4 | apply: yes 5 | definition: "{{ lookup('template', 'templates/kmodels-store/configmap.yml.j2') }}" 6 | 7 | - name: "Install store network" 8 | kubernetes.core.k8s: 9 | apply: yes 10 | definition: "{{ lookup('template', 'templates/kmodels-store/network.yml.j2') }}" 11 | 12 | - name: "Install store deployment" 13 | kubernetes.core.k8s: 14 | apply: yes 15 | definition: "{{ lookup('template', 'templates/kmodels-store/deployment.yml.j2') }}" 16 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/kmodels/templates/kmodels-controller/network.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: km-controller 6 | namespace: mas-{{ mas_instance_id }}-aibroker 7 | spec: 8 | ports: 9 | - name: http 10 | port: 3000 11 | targetPort: http 12 | - name: https 13 | port: 8443 14 | targetPort: https 15 | selector: 16 | app: km-controller 17 | type: ClusterIP 18 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/kmodels/templates/kmodels-controller/pvc.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: km-controller-pvc 6 | namespace: mas-{{ mas_instance_id }}-aibroker 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | volumeMode: Filesystem 11 | resources: 12 | requests: 13 | storage: 1Gi 14 | storageClassName: "{{ primary_storage_class }}" 15 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/kmodels/templates/kmodels-controller/serviceaccount.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: km-controller 6 | namespace: mas-{{ mas_instance_id }}-aibroker 7 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/kmodels/templates/kmodels-store/network.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: km-store 6 | namespace: mas-{{ mas_instance_id }}-aibroker 7 | spec: 8 | ports: 9 | - name: https 10 | port: 8443 11 | targetPort: https 12 | selector: 13 | app: km-store 14 | type: ClusterIP 15 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/kmodels/templates/kmodels-watcher/network.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: km-watcher 6 | namespace: mas-{{ mas_instance_id }}-aibroker 7 | spec: 8 | ports: 9 | - name: http 10 | port: 3000 11 | targetPort: http 12 | selector: 13 | app: km-watcher 14 | type: ClusterIP 15 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/kmodels/templates/kmodels-watcher/serviceaccount.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: km-watcher 6 | namespace: mas-{{ mas_instance_id }}-aibroker 7 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/kmodels/templates/namespace.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: mas-{{ mas_instance_id }}-aibroker 6 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/kmodels/templates/networkpolicies/km-instance.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: networking.k8s.io/v1 3 | kind: NetworkPolicy 4 | metadata: 5 | name: km-instance 6 | namespace: mas-{{ mas_instance_id }}-aibroker 7 | spec: 8 | podSelector: 9 | matchLabels: 10 | kmodels: instance 11 | part-of: kmodels 12 | policyTypes: 13 | - Ingress 14 | ingress: 15 | - ports: 16 | - port: 3000 17 | - port: 8443 18 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/kmodels/templates/regcred-secret.json.j2: -------------------------------------------------------------------------------- 1 | { 2 | "auths": { 3 | "icr.io": { 4 | "username": "{{ mas_entitlement_username }}", 5 | "password": "{{ mas_entitlement_key }}", 6 | "auth": "{{ (mas_entitlement_username ~ ':' ~ mas_entitlement_key) | b64encode }}" 7 | } 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/kmodels/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/mariadb/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: Karol Czarnecki (@karol-czarnecki) 3 | description: Deploy Minio storage 4 | company: IBM 5 | 6 | license: EPL-2.0 7 | 8 | min_ansible_version: 2.10 9 | 10 | platforms: 11 | - name: GenericLinux 12 | versions: 13 | - all 14 | 15 | galaxy_tags: 16 | - ibm 17 | - mas 18 | - devops 19 | 20 | dependencies: 21 | - role: ibm.mas_devops.ansible_version_check 22 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/mariadb/templates/mariadb/mariadb-ns.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: "{{ mariadb_namespace }}" 6 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/mariadb/templates/mariadb/mariadb-pvc.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: mariadb-pvc 6 | namespace: "{{ mariadb_namespace }}" 7 | labels: 8 | app: "{{ mariadb_instance_name }}" 9 | component: data-science-pipelines 10 | spec: 11 | accessModes: 12 | - ReadWriteOnce 13 | storageClassName: "{{ primary_storage_class }}" 14 | resources: 15 | requests: 16 | storage: 20Gi 17 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/mariadb/templates/mariadb/mariadb-sa.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: ds-pipelines-mariadb-sa-instance 6 | namespace: "{{ mariadb_namespace }}" 7 | labels: 8 | app: "{{ mariadb_instance_name }}" 9 | component: data-science-pipelines -------------------------------------------------------------------------------- /ibm/mas_devops/roles/mariadb/templates/mariadb/mariadb-secret.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | kind: Secret 3 | apiVersion: v1 4 | metadata: 5 | name: "{{ mariadb_instance_name }}" 6 | namespace: "{{ mariadb_namespace }}" 7 | data: 8 | password: "{{ mariadb_password | b64encode }}" 9 | type: Opaque 10 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/mariadb/templates/mariadb/mariadb-service.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: "{{ mariadb_instance_name }}" 6 | namespace: "{{ mariadb_namespace }}" 7 | labels: 8 | app: "{{ mariadb_instance_name }}" 9 | component: data-science-pipelines 10 | spec: 11 | ports: 12 | - name: http 13 | port: 3306 14 | protocol: TCP 15 | targetPort: 3306 16 | selector: 17 | app: "{{ mariadb_instance_name }}" 18 | component: data-science-pipelines -------------------------------------------------------------------------------- /ibm/mas_devops/roles/mariadb/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/minio/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: Karol Czarnecki (@karol-czarnecki) 3 | description: Deploy Minio storage 4 | company: IBM 5 | 6 | license: EPL-2.0 7 | 8 | min_ansible_version: 2.10 9 | 10 | platforms: 11 | - name: GenericLinux 12 | versions: 13 | - all 14 | 15 | galaxy_tags: 16 | - ibm 17 | - mas 18 | - devops 19 | 20 | dependencies: 21 | - role: ibm.mas_devops.ansible_version_check 22 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/minio/templates/minio/minio-ns.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: "{{ minio_namespace }}" 6 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/minio/templates/minio/minio-pvc.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: minio-pvc 6 | namespace: "{{ minio_namespace }}" 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | volumeMode: Filesystem 11 | storageClassName: "{{ primary_storage_class }}" 12 | resources: 13 | requests: 14 | storage: 40Gi 15 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/minio/templates/minio/minio-route.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | kind: Route 3 | apiVersion: route.openshift.io/v1 4 | metadata: 5 | name: minio-route 6 | namespace: {{ minio_namespace }} 7 | spec: 8 | to: 9 | kind: Service 10 | name: minio-service 11 | weight: 100 12 | port: 13 | targetPort: 9090 14 | tls: 15 | termination: edge 16 | insecureEdgeTerminationPolicy: None 17 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/minio/templates/minio/minio-service.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: minio-service 6 | namespace: {{ minio_namespace }} 7 | spec: 8 | type: ClusterIP 9 | ports: 10 | - name: api 11 | port: 9000 12 | targetPort: 9000 13 | protocol: TCP 14 | - name: console 15 | port: 9090 16 | targetPort: 9090 17 | protocol: TCP 18 | selector: 19 | app: {{ minio_instance_name }} 20 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/minio/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/mirror_case_prepare/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: 3 | - Paul Stone 4 | - David Parker 5 | description: Mirror images to a local registry for AirGap installation 6 | company: IBM 7 | 8 | license: EPL-2.0 9 | 10 | min_ansible_version: 2.10 11 | 12 | platforms: 13 | - name: GenericLinux 14 | versions: 15 | - all 16 | 17 | galaxy_tags: 18 | - ibm 19 | - mas 20 | - devops 21 | - rhocp 22 | 23 | dependencies: [] 24 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/mirror_case_prepare/templates/sls350fix/direct.txt.j2: -------------------------------------------------------------------------------- 1 | cp.icr.io/cp/sls/api-licensing@sha256:680474c128cd7d95d6bad5c348d059afe56454923b935f955d75669259c55a6c={{ registry_public_url_with_path }}/cp/sls/api-licensing:5.8.1 2 | cp.icr.io/cpopen/ibm-sls-operator-bundle@sha256:8ca4f5a4165a99aa6a82d72d9b6917bacf5959fb0851ab4c2447cba630e57f1e={{ registry_public_url_with_path }}/cpopen/ibm-sls-operator-bundle:3.5.0 3 | cp.icr.io/cpopen/ibm-sls@sha256:e66b36217c1cf34d6f83931fb9f55f57aa2032573db58ea767516879438e552f={{ registry_public_url_with_path }}/cpopen/ibm-sls:3.5.0 4 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/mirror_case_prepare/templates/sls350fix/from-filesystem.txt.j2: -------------------------------------------------------------------------------- 1 | file:///cp/sls/api-licensing@sha256:680474c128cd7d95d6bad5c348d059afe56454923b935f955d75669259c55a6c={{ registry_public_url_with_path }}/cp/sls/api-licensing:5.8.1 2 | file://cpopen/ibm-sls-operator-bundle@sha256:8ca4f5a4165a99aa6a82d72d9b6917bacf5959fb0851ab4c2447cba630e57f1e={{ registry_public_url_with_path }}/cpopen/ibm-sls-operator-bundle:3.5.0 3 | file://cpopen/ibm-sls@sha256:e66b36217c1cf34d6f83931fb9f55f57aa2032573db58ea767516879438e552f={{ registry_public_url_with_path }}/cpopen/ibm-sls:3.5.0 4 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/mirror_case_prepare/templates/sls350fix/to-filesystem.txt.j2: -------------------------------------------------------------------------------- 1 | cp.icr.io/cp/sls/api-licensing@sha256:680474c128cd7d95d6bad5c348d059afe56454923b935f955d75669259c55a6c=file:///cp/sls/api-licensing:5.8.1 2 | cp.icr.io/cpopen/ibm-sls-operator-bundle@sha256:8ca4f5a4165a99aa6a82d72d9b6917bacf5959fb0851ab4c2447cba630e57f1e=file://cpopen/ibm-sls-operator-bundle:3.5.0 3 | cp.icr.io/cpopen/ibm-sls@sha256:e66b36217c1cf34d6f83931fb9f55f57aa2032573db58ea767516879438e552f=file://cpopen/ibm-sls:3.5.0 4 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/mirror_extras_prepare/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: 3 | - Paul Stone 4 | - David Parker 5 | description: Mirror images to a local registry for AirGap installation 6 | company: IBM 7 | 8 | license: EPL-2.0 9 | 10 | min_ansible_version: 2.10 11 | 12 | platforms: 13 | - name: GenericLinux 14 | versions: 15 | - all 16 | 17 | galaxy_tags: 18 | - ibm 19 | - mas 20 | - devops 21 | - rhocp 22 | 23 | dependencies: [] 24 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/mirror_extras_prepare/templates/direct.txt.j2: -------------------------------------------------------------------------------- 1 | {%- for image in extra_images %} 2 | {{ image.registry }}/{{ image.name }}@{{ image.digest }}={{ registry_public_url_with_path }}/{{ image.name }}{{ ':' ~ image.tag if image.tag is defined else '' }} 3 | {% endfor %} 4 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/mirror_extras_prepare/templates/from-filesystem.txt.j2: -------------------------------------------------------------------------------- 1 | {%- for image in extra_images %} 2 | file:///{{ image.name }}@{{ image.digest }}={{ registry_public_url_with_path }}/{{ image.name }}{{ ':' ~ image.tag if image.tag is defined else '' }} 3 | {% endfor %} 4 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/mirror_extras_prepare/templates/to-filesystem.txt.j2: -------------------------------------------------------------------------------- 1 | {%- for image in extra_images %} 2 | {{ image.registry }}/{{ image.name }}@{{ image.digest }}=file:///{{ image.name }}{{ ':' ~ image.tag if image.tag is defined else '' }} 3 | {% endfor %} 4 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/mirror_extras_prepare/vars/amlen_1.0.1.yml: -------------------------------------------------------------------------------- 1 | --- 2 | extra_images: 3 | - name: amlen/operator-bundle 4 | registry: quay.io 5 | digest: sha256:f098ccdab9413bd1ee773731b2306870d48bab25ec658123942a191b35ba8d58 6 | tag: 1.0.1 7 | 8 | - name: amlen/operator 9 | registry: quay.io 10 | digest: sha256:f89c5cf95a630aa986f3a212c0b1c6bd100ec00ff22649f282a6c8781a06f36d 11 | tag: 1.0.1 12 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/mirror_extras_prepare/vars/amlen_1.0.2.yml: -------------------------------------------------------------------------------- 1 | --- 2 | extra_images: 3 | - name: amlen/operator-bundle 4 | registry: quay.io 5 | digest: sha256:5b850a46f4c00458efae2dafdad292fcd20312279324110aef65aec92bb9807e 6 | tag: 1.0.2 7 | 8 | - name: amlen/operator 9 | registry: quay.io 10 | digest: sha256:1c65cc6211019f35364552f4ed331cbec45425e4f21e737eda7dfc88d453057e 11 | tag: 1.0.2 12 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/mirror_extras_prepare/vars/catalog.yml: -------------------------------------------------------------------------------- 1 | --- 2 | extra_images: 3 | - name: cpopen/ibm-maximo-operator-catalog 4 | registry: "{{ (artifactory_username is defined and artifactory_username != '' and artifactory_token is defined and artifactory_token != '') | ternary( artifactory_image_repo, 'icr.io') }}" 5 | tag: "{{ catalog_tag }}" 6 | digest: "{{ catalog_digest }}" 7 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/mirror_extras_prepare/vars/cp4d_4.8.0.yml: -------------------------------------------------------------------------------- 1 | --- 2 | extra_images: 3 | - name: cp/cpd/edb-postgres-license-provider 4 | registry: cp.icr.io 5 | tag: 1.18.x 6 | digest: sha256:c1670e7dd93c1e65a6659ece644e44aa5c2150809ac1089e2fd6be37dceae4ce 7 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/mirror_extras_prepare/vars/odf_4.15.yml: -------------------------------------------------------------------------------- 1 | --- 2 | extra_images: 3 | - name: postgresql-15:15.6 4 | registry: registry.redhat.io/rhel9 5 | tag: 4.9.0 6 | digest: sha256:5c4cad6de1b8e2537c845ef43b588a11347a3297bfab5ea611c032f866a1cb4e 7 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/mirror_images/README.md: -------------------------------------------------------------------------------- 1 | mirror_images 2 | ================= 3 | 4 | Supports mirroring specific images to the target mirror registry -------------------------------------------------------------------------------- /ibm/mas_devops/roles/mirror_ocp/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: 3 | - David Parker 4 | description: Mirror images to a local registry for AirGap installation 5 | company: IBM 6 | 7 | license: EPL-2.0 8 | 9 | min_ansible_version: 2.10 10 | 11 | platforms: 12 | - name: GenericLinux 13 | versions: 14 | - all 15 | 16 | galaxy_tags: 17 | - ibm 18 | - mas 19 | - devops 20 | - rhocp 21 | 22 | dependencies: [] 23 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/mongodb/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: David Parker (@durera) 3 | description: Deploy MongoDb instance configured for IBM Maximo Application Suite (using Mongo Community Edition operator) 4 | company: IBM 5 | 6 | license: EPL-2.0 7 | 8 | min_ansible_version: 2.10 9 | 10 | platforms: 11 | - name: GenericLinux 12 | versions: 13 | - all 14 | 15 | galaxy_tags: 16 | - ibm 17 | - mas 18 | - devops 19 | - mongodb 20 | 21 | dependencies: 22 | - role: ibm.mas_devops.ansible_version_check 23 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/mongodb/tasks/providers/community/backup-restore/after-backup-restore.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Clean up 3 | # ------------------------------------------------------------------------- 4 | - name: "Delete temporary folders" 5 | changed_when: true 6 | shell: > 7 | {{ exec_in_pod_begin }} 8 | rm -f {{ masbr_pod_lock_file }}; 9 | rm -rf {{ mongodb_pod_temp_folder }}; 10 | rm -rf {{ mongodb_pvc_temp_folder }} 11 | {{ exec_in_pod_end }} 12 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/mongodb/templates/aws/change_password.js.j2: -------------------------------------------------------------------------------- 1 | db.changeUserPassword("{{ docdb_instance_username }}","{{ docdb_final_instance_password }}") 2 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/mongodb/templates/aws/docdb-hosts.yml.j2: -------------------------------------------------------------------------------- 1 | {% for host in docdb_replicas %} 2 | - host: "{{ host }}" 3 | port: 27017 4 | {% endfor %} 5 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/mongodb/templates/aws/docdb_instance_user_credentials_secret.yaml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | # Mongo credentials for MAS 3 | apiVersion: v1 4 | kind: Secret 5 | type: Opaque 6 | metadata: 7 | annotations: 8 | avp.kubernetes.io/path: "project/mmas/data/automation/{{cluster_name}}/{{mas_instance_id}}/mongocfg" 9 | name: "mongodb-{{docdb_mongo_instance_name}}-credentials" 10 | namespace: "mas-{{mas_instance_id}}-core" 11 | data: 12 | username: {{ docdb_instance_username | b64encode }} 13 | password: {{ docdb_final_instance_password | b64encode }} 14 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/mongodb/templates/community/admin-password.yml: -------------------------------------------------------------------------------- 1 | # the user credentials will be generated from this secret 2 | # once the credentials are generated, this secret is no longer required 3 | --- 4 | apiVersion: v1 5 | kind: Secret 6 | metadata: 7 | name: mas-mongo-ce-admin-password 8 | namespace: "{{ mongodb_namespace }}" 9 | type: Opaque 10 | stringData: 11 | password: "{{ lookup('password', '/tmp/mongoce-password.txt chars=ascii_letters,digits length=16') }}" 12 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/mongodb/templates/community/dashboards/mongodb-overview-v5.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: grafana.integreatly.org/v1beta1 3 | kind: GrafanaDashboard 4 | metadata: 5 | name: "mongodb-overview" 6 | namespace: "{{ mongodb_namespace }}" 7 | spec: 8 | name: "{{ mongodb_namespace }}-mongodb-overview" 9 | allowCrossNamespaceImport: true 10 | instanceSelector: 11 | matchLabels: 12 | dashboards: "grafanav5" 13 | json: |- 14 | {{ lookup('file', 'templates/community/dashboards/json/mongodb-overview-grafana.json') | indent(4) }} -------------------------------------------------------------------------------- /ibm/mas_devops/roles/mongodb/templates/community/dashboards/mongodb-overview.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: integreatly.org/v1alpha1 3 | kind: GrafanaDashboard 4 | metadata: 5 | name: "mongodb-overview" 6 | namespace: "{{ mongodb_namespace }}" 7 | labels: 8 | app: grafana 9 | spec: 10 | name: "{{ mongodb_namespace }}-mongodb-overview" 11 | json: |- 12 | {{ lookup('file', 'templates/community/dashboards/json/mongodb-overview-grafana.json') | indent(4) }} -------------------------------------------------------------------------------- /ibm/mas_devops/roles/mongodb/templates/community/issuer.yml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: cert-manager.io/v1 3 | kind: Issuer 4 | metadata: 5 | name: mongo-issuer 6 | namespace: "{{mongodb_namespace}}" 7 | spec: 8 | selfSigned: {} 9 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/mongodb/templates/community/metrics-endpoint-secret.yml.j2: -------------------------------------------------------------------------------- 1 | # the user credentials will be generated from this secret 2 | # once the credentials are generated, this secret is no longer required 3 | --- 4 | apiVersion: v1 5 | kind: Secret 6 | metadata: 7 | name: mas-mongo-ce-metrics-endpoint-secret 8 | namespace: "{{ mongodb_namespace }}" 9 | type: Opaque 10 | stringData: 11 | username: metrics-endpoint-user 12 | password: "{{ lookup('password', '/tmp/mongoce-password.txt chars=ascii_letters,digits length=16') }}" 13 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/mongodb/templates/community/mongo-hosts.yml.j2: -------------------------------------------------------------------------------- 1 | {% for host in mongo_replicas %} 2 | - host: "{{ host }}.mas-mongo-ce-svc.{{ mongodb_namespace }}.svc.cluster.local" 3 | port: 27017 4 | {% endfor %} 5 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/mongodb/templates/community/mongo-query.yml.j2: -------------------------------------------------------------------------------- 1 | ts: 2 | $gt: 3 | $timestamp: 4 | t: {{ mongodb_backup_ts }} 5 | i: 1 6 | ns: 7 | $regex: "{{ mongodb_db_filter }}" 8 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/mongodb/templates/community/server-cert-issuer.yml: -------------------------------------------------------------------------------- 1 | apiVersion: cert-manager.io/v1 2 | kind: Issuer 3 | metadata: 4 | name: mongo-server-cert-issuer 5 | namespace: "{{mongodb_namespace}}" 6 | spec: 7 | ca: 8 | secretName: mongo-ca-secret 9 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/mongodb/templates/community/server-cert.yml: -------------------------------------------------------------------------------- 1 | apiVersion: cert-manager.io/v1 2 | kind: Certificate 3 | metadata: 4 | name: mongo-server 5 | namespace: "{{mongodb_namespace}}" 6 | spec: 7 | duration: 8760h # 365d 8 | renewBefore: 360h # 15d 9 | dnsNames: 10 | - "*.mas-mongo-ce-svc.{{mongodb_namespace}}.svc.cluster.local" 11 | - "127.0.0.1" 12 | - "localhost" 13 | 14 | issuerRef: 15 | name: mongo-server-cert-issuer 16 | secretName: mongo-server-cert 17 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/mongodb/templates/community/tls.yml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: mas-mongo-ce-cert-map 6 | namespace: "{{ mongodb_namespace }}" 7 | type: Opaque 8 | data: 9 | ca.crt: | 10 | {{ mongodb_ca_crt | indent(4) }} 11 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/mongodb/templates/ibm/backupid-template.yml.j2: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: ibmcloud-mongodb-backup-id 5 | namespace: "mas-{{ mas_instance_id }}-core" 6 | data: 7 | backup_id: {{ backup_id }} -------------------------------------------------------------------------------- /ibm/mas_devops/roles/mongodb/vars/aws/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # vars file for docdb 3 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/mongodb/vars/ibm/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # vars 3 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/nvidia_gpu/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: Caroline Azadze (@caroazad) 3 | description: Deploy NVIDIA GPU and Node Feature Discoveries Operators needed for Maximo Visual Inspection App 4 | company: IBM 5 | 6 | license: EPL-2.0 7 | 8 | min_ansible_version: 2.10 9 | 10 | platforms: 11 | - name: GenericLinux 12 | versions: 13 | - all 14 | 15 | galaxy_tags: 16 | - ibm 17 | - mas 18 | - devops 19 | - gpu 20 | 21 | dependencies: 22 | - role: ibm.mas_devops.ansible_version_check 23 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/nvidia_gpu/templates/gpu-operatorgroup.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: operators.coreos.com/v1 3 | kind: OperatorGroup 4 | metadata: 5 | name: "{{ gpu_namespace }}-group" 6 | namespace: "{{ gpu_namespace }}" 7 | spec: 8 | targetNamespaces: 9 | - "{{ gpu_namespace }}" 10 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/nvidia_gpu/templates/gpu-subscription.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: operators.coreos.com/v1alpha1 3 | kind: Subscription 4 | metadata: 5 | name: gpu-operator-certified 6 | namespace: "{{ gpu_namespace }}" 7 | spec: 8 | channel: "{{ gpu_channel }}" 9 | installPlanApproval: Automatic 10 | name: gpu-operator-certified 11 | source: "{{ gpu_source }}" 12 | sourceNamespace: "{{ gpu_source_namespace }}" 13 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/nvidia_gpu/templates/nfd-operatorgroup.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: operators.coreos.com/v1 3 | kind: OperatorGroup 4 | metadata: 5 | name: "{{ nfd_namespace }}-group" 6 | namespace: "{{ nfd_namespace }}" 7 | spec: 8 | targetNamespaces: 9 | - "{{ nfd_namespace }}" 10 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/nvidia_gpu/templates/nfd-subscription.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: operators.coreos.com/v1alpha1 3 | kind: Subscription 4 | metadata: 5 | name: nfd-operator 6 | namespace: "{{ nfd_namespace }}" 7 | spec: 8 | channel: "{{ nfd_channel }}" 9 | installPlanApproval: Automatic 10 | name: nfd 11 | source: "{{ nfd_source }}" 12 | sourceNamespace: "{{ nfd_source_namespace }}" 13 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/ocp_cluster_monitoring/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: 3 | - David Parker (@durera) 4 | - Xiao Wei Gao (@xwgao) 5 | description: Configure cluster monitoring in the target OCP cluster. 6 | company: IBM 7 | 8 | license: EPL-2.0 9 | 10 | min_ansible_version: 2.10 11 | 12 | platforms: 13 | - name: GenericLinux 14 | versions: 15 | - all 16 | 17 | galaxy_tags: 18 | - ibm 19 | - mas 20 | - devops 21 | - rhocp 22 | 23 | dependencies: 24 | - { role: ibm.mas_devops.ansible_version_check } 25 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/ocp_cluster_monitoring/tasks/uninstall.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # 1. Remove openshift monitoring configuration 3 | # ------------------------------------------------------------------------------------- 4 | - name: "uninstall : Disable user workload monitoring" 5 | kubernetes.core.k8s: 6 | state: absent 7 | definition: "{{ lookup('template', 'templates/cluster-monitoring.yml.j2') }}" 8 | wait: yes 9 | wait_timeout: 120 10 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/ocp_config/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: Eric Klingelberger (@cuddlyporcupine) 3 | description: Tune the Ingress operator in the target OCP cluster. 4 | company: IBM 5 | 6 | license: EPL-2.0 7 | 8 | min_ansible_version: 2.10 9 | 10 | platforms: 11 | - name: GenericLinux 12 | versions: 13 | - all 14 | 15 | galaxy_tags: 16 | - ibm 17 | - mas 18 | - devops 19 | - rhocp 20 | 21 | dependencies: 22 | - role: ibm.mas_devops.ansible_version_check 23 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/ocp_config/tasks/update-ingress-controller.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: "Apply ingress operator tuning parameters" 4 | kubernetes.core.k8s: 5 | merge_type: merge 6 | template: templates/ingress.yml.j2 7 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/ocp_config/tasks/update-operatorhub.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # See: https://access.redhat.com/solutions/5611481 3 | 4 | - name: "Disable OperatorHub default catalogs" 5 | kubernetes.core.k8s: 6 | merge_type: merge 7 | template: templates/operatorhub.yml.j2 8 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/ocp_config/templates/ingress.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: operator.openshift.io/v1 3 | kind: IngressController 4 | metadata: 5 | name: default 6 | namespace: openshift-ingress-operator 7 | spec: 8 | tuningOptions: 9 | clientTimeout: "{{ ocp_ingress_client_timeout }}" 10 | serverTimeout: "{{ ocp_ingress_server_timeout }}" 11 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/ocp_config/templates/operatorhub.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: config.openshift.io/v1 3 | kind: OperatorHub 4 | metadata: 5 | name: cluster 6 | spec: 7 | sources: 8 | - name: community-operators 9 | disabled: true 10 | - name: certified-operators 11 | disabled: true 12 | - name: redhat-operators 13 | disabled: true 14 | - name: redhat-marketplace 15 | disabled: true 16 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/ocp_deprovision/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: David Parker (@durera) 3 | description: Deprovision a Red Hat OCP cluster, supports cluster management on IBMCloud & DevIT Fyre 4 | company: IBM 5 | 6 | license: EPL-2.0 7 | 8 | min_ansible_version: 2.10 9 | 10 | platforms: 11 | - name: GenericLinux 12 | versions: 13 | - all 14 | 15 | galaxy_tags: 16 | - ibm 17 | - mas 18 | - devops 19 | - rhocp 20 | 21 | dependencies: 22 | - role: ibm.mas_devops.ansible_version_check 23 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/ocp_efs/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: Prasanth Gelli (prasanth.gelli1@ibm.com) 3 | description: AWS EFS Configure 4 | company: IBM 5 | 6 | license: EPL-2.0 7 | 8 | min_ansible_version: 2.10 9 | 10 | platforms: 11 | - name: GenericLinux 12 | versions: 13 | - all 14 | 15 | galaxy_tags: 16 | - ibm 17 | - mas 18 | - devops 19 | - rhocp 20 | 21 | dependencies: 22 | - role: ibm.mas_devops.ansible_version_check 23 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/ocp_efs/templates/aws-secret.yml.j2: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: aws-efs-cloud-credentials 5 | namespace: openshift-cluster-csi-drivers 6 | type: Opaque 7 | stringData: 8 | aws_access_key_id: "{{ aws_access_key_id }}" 9 | aws_secret_access_key: "{{ aws_secret_access_key }}" 10 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/ocp_efs/templates/efs-csi-driver.yml.j2: -------------------------------------------------------------------------------- 1 | apiVersion: operator.openshift.io/v1 2 | kind: ClusterCSIDriver 3 | metadata: 4 | name: efs.csi.aws.com 5 | spec: 6 | managementState: Managed 7 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/ocp_efs/templates/efs-csi-storage-class.yml.j2: -------------------------------------------------------------------------------- 1 | kind: StorageClass 2 | apiVersion: storage.k8s.io/v1 3 | metadata: 4 | name: efs{{ efs_unique_id }} 5 | provisioner: efs.csi.aws.com 6 | parameters: 7 | basePath: /rosa-{{ efs_unique_id }} 8 | directoryPerms: '777' 9 | fileSystemId: "{{ efs_id }}" 10 | uid: "0" 11 | gid: "0" 12 | provisioningMode: efs-ap 13 | reclaimPolicy: Delete 14 | volumeBindingMode: Immediate 15 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/ocp_efs/templates/efs-csi-subscription.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: operators.coreos.com/v1alpha1 3 | kind: Subscription 4 | metadata: 5 | labels: 6 | operators.coreos.com/aws-efs-csi-driver-operator.openshift-cluster-csi-drivers: "" 7 | name: aws-efs-csi-driver-operator 8 | namespace: openshift-cluster-csi-drivers 9 | spec: 10 | channel: "{{ aws_efs_default_channel }}" 11 | installPlanApproval: Automatic 12 | name: aws-efs-csi-driver-operator 13 | source: "{{ aws_efs_source }}" 14 | sourceNamespace: "{{ aws_efs_source_namespace }}" 15 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/ocp_efs/templates/operator-group.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: operators.coreos.com/v1 3 | kind: OperatorGroup 4 | metadata: 5 | name: openshift-cluster-csi-drivers-operator-group 6 | namespace: openshift-cluster-csi-drivers 7 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/ocp_github_oauth/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: Caio Pereira 3 | description: Configure GitHub Oauth access in the target OCP cluster 4 | company: IBM 5 | 6 | license: EPL-2.0 7 | 8 | min_ansible_version: 2.10 9 | 10 | platforms: 11 | - name: GenericLinux 12 | versions: 13 | - all 14 | 15 | galaxy_tags: 16 | - ibm 17 | - mas 18 | - devops 19 | - rhocp 20 | 21 | dependencies: 22 | - { role: ibm.mas_devops.ansible_version_check } 23 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/ocp_github_oauth/tasks/groups.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: "groups : Create OAuth Groups" 4 | kubernetes.core.k8s: 5 | apply: yes 6 | definition: "{{ lookup('template', 'templates/group.yaml') }}" 7 | 8 | - debug: var=groups_cluster_rolebindings 9 | 10 | - name: "groups : Create OAuth Groups" 11 | kubernetes.core.k8s: 12 | state: present 13 | definition: "{{ lookup('template', 'templates/clusterrolebinding.yaml') }}" 14 | loop: "{{groups_cluster_rolebindings}}" 15 | loop_control: 16 | loop_var: cluster_role 17 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/ocp_github_oauth/templates/clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | kind: ClusterRoleBinding 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | metadata: 5 | name: "{{group_name}}-clusterrolebinding" 6 | subjects: 7 | - kind: Group 8 | apiGroup: rbac.authorization.k8s.io 9 | name: "{{group_name}}" 10 | roleRef: 11 | apiGroup: rbac.authorization.k8s.io 12 | kind: ClusterRole 13 | name: "{{cluster_role}}" 14 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/ocp_github_oauth/templates/group.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | kind: Group 3 | apiVersion: user.openshift.io/v1 4 | metadata: 5 | name: "{{group_name}}" 6 | users: 7 | {{group_users}} 8 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/ocp_github_oauth/templates/secret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: "github-client-secret-{{cluster_name}}" 6 | namespace: openshift-config 7 | type: Opaque 8 | stringData: 9 | clientSecret: "{{oauth.github_client_secret_value}}" 10 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/ocp_idms/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: 3 | - Paul Stone 4 | - David Parker 5 | description: Used to drive an AirGap installation in your Red Hat OCP cluster 6 | company: IBM 7 | 8 | license: EPL-2.0 9 | 10 | min_ansible_version: 2.10 11 | 12 | platforms: 13 | - name: GenericLinux 14 | versions: 15 | - all 16 | 17 | galaxy_tags: 18 | - ibm 19 | - mas 20 | - devops 21 | - rhocp 22 | - airgap 23 | 24 | dependencies: [] 25 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/ocp_idms/templates/configmap.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: registry-config 6 | namespace: openshift-config 7 | data: 8 | {%- if registry_private_port == "" %} 9 | 10 | {{ registry_private_host }}: | 11 | {{ registry_private_ca_crt | indent(4, False) }} 12 | {%- else %} 13 | 14 | {{ registry_private_host }}..{{ registry_private_port }}: | 15 | {{ registry_private_ca_crt | indent(4, False) }} 16 | {%- endif %} 17 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/ocp_login/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: David Parker (@durera) 3 | description: Login to the target Red Hat OCP cluster 4 | company: IBM 5 | 6 | license: EPL-2.0 7 | 8 | min_ansible_version: 2.10 9 | 10 | platforms: 11 | - name: GenericLinux 12 | versions: 13 | - all 14 | 15 | galaxy_tags: 16 | - ibm 17 | - mas 18 | - devops 19 | - rhocp 20 | 21 | dependencies: 22 | - role: ibm.mas_devops.ansible_version_check 23 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/ocp_node_config/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ocp_node_name: "{{ lookup('env', 'OCP_NODE_NAME') }}" 3 | ocp_node_index: "{{ lookup('env', 'OCP_NODE_INDEX') }}" 4 | 5 | ocp_node_label_keys: "{{ lookup('env', 'OCP_NODE_LABEL_KEYS') }}" 6 | ocp_node_label_values: "{{ lookup('env', 'OCP_NODE_LABEL_VALUES') }}" 7 | 8 | ocp_node_taint_keys: "{{ lookup('env', 'OCP_NODE_TAINT_KEYS') }}" 9 | ocp_node_taint_values: "{{ lookup('env', 'OCP_NODE_TAINT_VALUES') }}" 10 | ocp_node_taint_effects: "{{ lookup('env', 'OCP_NODE_TAINT_EFFECTS') }}" 11 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/ocp_node_config/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: David Parker (@durera) 3 | description: Add labels and taints to a specified node. 4 | company: IBM 5 | 6 | license: EPL-2.0 7 | 8 | min_ansible_version: 2.10 9 | 10 | platforms: 11 | - name: GenericLinux 12 | versions: 13 | - all 14 | 15 | galaxy_tags: 16 | - ibm 17 | - mas 18 | - devops 19 | - ocp 20 | 21 | dependencies: [] 22 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/ocp_provision/tasks/providers/fyre/nfs/delete_image_registry.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # 1. Delete Image Registry 3 | # ----------------------------------------------------------------------------- 4 | - name: Delete image registry 5 | shell: | 6 | oc -n openshift-image-registry scale deploy cluster-image-registry-operator --replicas=0 7 | oc -n openshift-image-registry scale deploy image-registry --replicas=0 8 | oc -n openshift-image-registry delete pvc image-registry-storage 9 | oc delete pv registry-storage 10 | sleep 15 11 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/ocp_provision/templates/fyre/nfs/class.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | kind: StorageClass 3 | metadata: 4 | name: "{{ fyre_nfs_sc_name }}" 5 | provisioner: k8s-sigs.io/nfs-subdir-external-provisioner # or choose another name, must match deployment's env PROVISIONER_NAME' 6 | parameters: 7 | archiveOnDelete: "false" 8 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/ocp_provision/templates/fyre/nfs/image_registry_storage.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: image-registry-storage 6 | namespace: openshift-image-registry 7 | spec: 8 | accessModes: 9 | - ReadWriteMany 10 | resources: 11 | requests: 12 | storage: "{{ fyre_nfs_image_registry_size }}" 13 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/ocp_provision/templates/rosa/rosa-details.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | metadata: 4 | name: "{{ cluster_name }}" 5 | data: 6 | admin_password: "{{ rosa_cluster_admin_password }}" 7 | api_url: "{{ rosa_admin_create.stdout | from_json | json_query('api_url') }}" 8 | username: "{{ rosa_admin_create.stdout | from_json | json_query('username') }}" 9 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/ocp_roks_upgrade_registry_storage/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ibmcloud_apikey: "{{ lookup('env', 'IBMCLOUD_APIKEY') }}" 3 | image_registry_size: "400" 4 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/ocp_simulate_disconnected_network/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | airgap_network_exclusions: "quay.io registry.redhat.io registry.connect.redhat.com gcr.io nvcr.io icr.io cp.icr.io docker-na-public.artifactory.swg-devops.com docker-na-proxy-svl.artifactory.swg-devops.com docker-na-proxy-rtp.artifactory.swg-devops.com" 3 | 4 | registry_private_ca_file: "{{ lookup('env', 'REGISTRY_PRIVATE_CA_FILE') }}" 5 | registry_private_ca_crt: "{{ lookup('file', registry_private_ca_file) }}" 6 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/ocp_simulate_disconnected_network/templates/mc2.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: machineconfiguration.openshift.io/v1 3 | kind: MachineConfig 4 | metadata: 5 | labels: 6 | machineconfiguration.openshift.io/role: worker 7 | name: 50-registry-ca-crt 8 | spec: 9 | config: 10 | ignition: 11 | version: 3.1.0 12 | storage: 13 | files: 14 | - contents: 15 | source: data:text/plain;charset=utf-8;base64,{{ registry_ca_crt_b64 }} 16 | mode: 0644 17 | overwrite: true 18 | path: /etc/ssl/certs/registry-ca.crt 19 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/ocp_upgrade/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # We will use the IBM Cloud CLI to upgrade OCP version 3 | cluster_type: "{{ lookup('env', 'CLUSTER_TYPE') }}" 4 | cluster_name: "{{ lookup('env', 'CLUSTER_NAME') }}" 5 | ocp_version_upgrade: "{{ lookup('env', 'OCP_VERSION_UPGRADE') }}" 6 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/ocp_upgrade/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: André Marcelino 3 | description: Upgrade an existing ROKS cluster openshift version 4.6 to 4.8 4 | company: IBM 5 | 6 | license: EPL-2.0 7 | 8 | min_ansible_version: 2.10 9 | 10 | platforms: 11 | - name: GenericLinux 12 | versions: 13 | - all 14 | 15 | galaxy_tags: 16 | - ibm 17 | - mas 18 | - devops 19 | - rhocp 20 | - upgrade 21 | 22 | dependencies: 23 | - role: ibm.mas_devops.ansible_version_check 24 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/ocp_upgrade/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # 1. Upgrade OCP version 3 | # ----------------------------------------------------------------------------- 4 | 5 | # https://cloud.ibm.com/docs/openshift?topic=openshift-update#master 6 | 7 | # 1.1 Upgrade to OCP 4.7 8 | - name: "Upgrade cluster {{ cluster_name }} {{ ocp_version_upgrade }}" 9 | include_tasks: tasks/ocp_upgrade.yml 10 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/ocp_verify/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: David Parker (@durera) 3 | description: Verify the target OCP cluster is ready 4 | company: IBM 5 | 6 | license: EPL-2.0 7 | 8 | min_ansible_version: 2.10 9 | 10 | platforms: 11 | - name: GenericLinux 12 | versions: 13 | - all 14 | 15 | galaxy_tags: 16 | - ibm 17 | - mas 18 | - devops 19 | - rhocp 20 | 21 | dependencies: 22 | - role: ibm.mas_devops.ansible_version_check 23 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/ocs/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # The device path needed for the local volume used by the local storage operator 3 | lso_device_path: "{{ lookup('env', 'LSO_DEVICE_PATH') | default('/dev/vdb', True) }}" 4 | 5 | # ocs action 6 | ocs_action: "{{ lookup('env', 'OCS_ACTION') | default('install', True) }}" 7 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/ocs/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: Caio Pereira 3 | description: Configure OpenShift Data Foundation in the target OCP cluster 4 | company: IBM 5 | 6 | license: EPL-2.0 7 | 8 | min_ansible_version: 2.10 9 | 10 | platforms: 11 | - name: GenericLinux 12 | versions: 13 | - all 14 | 15 | galaxy_tags: 16 | - ibm 17 | - mas 18 | - devops 19 | - rhocp 20 | 21 | dependencies: 22 | - { role: ibm.mas_devops.ansible_version_check } 23 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/ocs/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "Run the selected action" 3 | include_tasks: "tasks/{{ ocs_action }}/main.yml" 4 | when: 5 | - ocs_action != "none" 6 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/ocs/templates/localstorage/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: openshift-local-storage 6 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/ocs/templates/localstorage/operatorgroup.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: operators.coreos.com/v1 3 | kind: OperatorGroup 4 | metadata: 5 | annotations: 6 | olm.providedAPIs: LocalVolume.v1.local.storage.openshift.io 7 | name: local-storage 8 | namespace: openshift-local-storage 9 | spec: 10 | targetNamespaces: 11 | - openshift-local-storage 12 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/ocs/templates/localstorage/subscription.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: operators.coreos.com/v1alpha1 3 | kind: Subscription 4 | metadata: 5 | name: local-storage-operator 6 | namespace: openshift-local-storage 7 | spec: 8 | channel: "{{ local_storage_operator_channel }}" 9 | installPlanApproval: Automatic 10 | name: local-storage-operator 11 | source: "{{ local_storage_operator_source }}" 12 | sourceNamespace: "{{ local_storage_operator_source_namespace }}" 13 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/ocs/templates/storage/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: openshift-storage 6 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/ocs/templates/storage/operatorgroup.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: operators.coreos.com/v1 3 | kind: OperatorGroup 4 | metadata: 5 | name: openshift-storage-operatorgroup 6 | namespace: openshift-storage 7 | spec: 8 | targetNamespaces: 9 | - openshift-storage 10 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/ocs/templates/storage/subscription.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: operators.coreos.com/v1alpha1 3 | kind: Subscription 4 | metadata: 5 | name: "{{ storage_operator }}-operator" 6 | namespace: openshift-storage 7 | spec: 8 | channel: "{{ storage_operator_channel }}" 9 | installPlanApproval: Automatic 10 | name: "{{ storage_operator }}-operator" 11 | source: "{{ storage_operator_source }}" 12 | sourceNamespace: "{{ storage_operator_source_namespace }}" 13 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/odh/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: Karol Czarnecki (@karol-czarnecki) 3 | description: Deploy Opendatahub instance configured for IBM AiBroker 4 | company: IBM 5 | 6 | license: EPL-2.0 7 | 8 | min_ansible_version: 2.10 9 | 10 | platforms: 11 | - name: GenericLinux 12 | versions: 13 | - all 14 | 15 | galaxy_tags: 16 | - ibm 17 | - mas 18 | - devops 19 | 20 | dependencies: 21 | - role: ibm.mas_devops.ansible_version_check 22 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/odh/tasks/serverless-operator.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "Create namespace openshift-serverless" 3 | kubernetes.core.k8s: 4 | api_version: v1 5 | kind: Namespace 6 | name: openshift-serverless 7 | state: present 8 | 9 | # enable following role temporary until find a way to use openshift-serverless and switch to apply_subscription role 10 | - name: "Install Openshift Serverless Operator" 11 | kubernetes.core.k8s: 12 | apply: yes 13 | definition: "{{ lookup('template', 'templates/serverless/subscription.yml.j2') }}" 14 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/odh/templates/aibroker/namespace.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: "mas-{{ mas_instance_id }}-aibroker" 6 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/odh/templates/odh/dspa-local-dev.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: datasciencepipelinesapplications.opendatahub.io/v1alpha1 3 | kind: DataSciencePipelinesApplication 4 | metadata: 5 | name: instance 6 | namespace: mas-{{ mas_instance_id }}-aibroker 7 | spec: 8 | database: 9 | disableHealthCheck: true 10 | objectStorage: 11 | disableHealthCheck: true 12 | minio: 13 | deploy: true 14 | image: 'quay.io/minio/minio' 15 | pvcSize: 40Gi 16 | storageClassName: "{{ primary_storage_class }}" 17 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/odh/templates/odh/subscription.yml.j2: -------------------------------------------------------------------------------- 1 | apiVersion: operators.coreos.com/v1alpha1 2 | kind: Subscription 3 | metadata: 4 | name: opendatahub-operator 5 | namespace: openshift-operators 6 | spec: 7 | channel: "{{ odh_channel }}" 8 | installPlanApproval: Manual 9 | name: opendatahub-operator 10 | source: "{{ odh_catalog_source }}" 11 | sourceNamespace: openshift-marketplace 12 | startingCSV: "{{ odh_operator_version }}" 13 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/odh/templates/serverless/subscription.yml.j2: -------------------------------------------------------------------------------- 1 | apiVersion: operators.coreos.com/v1 2 | kind: OperatorGroup 3 | metadata: 4 | name: operatorgroup 5 | namespace: openshift-serverless 6 | --- 7 | apiVersion: operators.coreos.com/v1alpha1 8 | kind: Subscription 9 | metadata: 10 | name: serverless-operator 11 | namespace: openshift-serverless 12 | spec: 13 | channel: stable 14 | installPlanApproval: Automatic 15 | name: serverless-operator 16 | source: redhat-operators 17 | sourceNamespace: openshift-marketplace 18 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/odh/templates/servicemesh/service-account.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | kind: ServiceAccount 3 | apiVersion: v1 4 | metadata: 5 | name: istio-operator 6 | namespace: "{{ service_mesh_namespace }}" 7 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/odh/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/opentelemetry/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Whether to perform an install or an uninstall 3 | opentelemetry_action: "{{ lookup('env', 'OPENTELEMETRY_ACTION') | default('install', true) }}" 4 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/opentelemetry/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: 3 | - David Parker (@durera) 4 | - Xiao Wei Gao (@xwgao) 5 | description: Configure Open Telemetry in the target OCP cluster 6 | company: IBM 7 | 8 | license: EPL-2.0 9 | 10 | min_ansible_version: 2.10 11 | 12 | platforms: 13 | - name: GenericLinux 14 | versions: 15 | - all 16 | 17 | galaxy_tags: 18 | - ibm 19 | - mas 20 | - devops 21 | - rhocp 22 | - opentelemetry 23 | 24 | dependencies: 25 | - { role: ibm.mas_devops.ansible_version_check } 26 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/opentelemetry/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "Open Telemetry: Debug properties" 3 | debug: 4 | msg: 5 | - "Open Telemetry Action .................. {{ opentelemetry_action }}" 6 | 7 | # 1. Perform the selected action 8 | # ----------------------------------------------------------------------------- 9 | # Three actions are supported: 10 | # - install 11 | # - uninstall 12 | - include_tasks: "{{ opentelemetry_action }}.yml" 13 | when: opentelemetry_action in ['install', 'uninstall'] 14 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/registry/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: 3 | - David Parker 4 | description: Used to drive an AirGap installation in your Red Hat OCP cluster 5 | company: IBM 6 | 7 | license: EPL-2.0 8 | 9 | min_ansible_version: 2.10 10 | 11 | platforms: 12 | - name: GenericLinux 13 | versions: 14 | - all 15 | 16 | galaxy_tags: 17 | - ibm 18 | - mas 19 | - devops 20 | - rhocp 21 | - airgap 22 | 23 | dependencies: [] 24 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/registry/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "Run the selected action for the registry" 3 | include_tasks: "tasks/{{ registry_action }}/main.yml" 4 | when: 5 | - registry_action != "none" 6 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/registry/templates/auth-secret.yml.j2: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | type: Opaque 4 | metadata: 5 | name: airgap-registry-auth 6 | namespace: "{{ registry_namespace }}" 7 | labels: 8 | app: airgap-registry 9 | stringData: 10 | htpasswd: "{{ registry_htpasswd }}" 11 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/registry/templates/certs/ca_issuer.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: cert-manager.io/v1 3 | kind: Issuer 4 | metadata: 5 | name: "airgap-registry-ca-issuer" 6 | namespace: "{{ registry_namespace }}" 7 | spec: 8 | selfSigned: {} 9 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/registry/templates/certs/issuer.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: cert-manager.io/v1 3 | kind: Issuer 4 | metadata: 5 | name: "airgap-registry-issuer" 6 | namespace: "{{ registry_namespace }}" 7 | spec: 8 | ca: 9 | secretName: "airgap-registry-ca" 10 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/registry/templates/namespace.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: "{{ registry_namespace }}" 6 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/registry/templates/pvc.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: airgap-registry-storage 6 | namespace: "{{ registry_namespace }}" 7 | spec: 8 | resources: 9 | requests: 10 | storage: "{{ registry_storage_capacity }}" 11 | volumeMode: Filesystem 12 | storageClassName: "{{ registry_storage_class }}" 13 | accessModes: 14 | - ReadWriteOnce 15 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/registry/templates/service-clusterip.yml.j2: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: airgap-registry 5 | namespace: "{{ registry_namespace }}" 6 | labels: 7 | app: airgap-registry 8 | spec: 9 | type: ClusterIP 10 | ports: 11 | - port: 5000 12 | protocol: TCP 13 | targetPort: 5000 14 | selector: 15 | app: airgap-registry 16 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/registry/templates/service-loadbalancer.yml.j2: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: airgap-registry-lb 5 | namespace: "{{ registry_namespace }}" 6 | labels: 7 | app: airgap-registry 8 | spec: 9 | type: LoadBalancer 10 | externalTrafficPolicy: Cluster 11 | ipFamilies: 12 | - IPv4 13 | ipFamilyPolicy: SingleStack 14 | ports: 15 | - nodePort: 32500 16 | port: 5000 17 | protocol: TCP 18 | targetPort: 5000 19 | selector: 20 | app: airgap-registry 21 | sessionAffinity: None 22 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/sls/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: Caio Pereira 3 | description: Deploy IBM Suite License Service and generate configuration file for MAS 4 | company: IBM 5 | 6 | license: EPL-2.0 7 | 8 | min_ansible_version: 2.10 9 | 10 | platforms: 11 | - name: GenericLinux 12 | versions: 13 | - all 14 | 15 | galaxy_tags: 16 | - ibm 17 | - mas 18 | - devops 19 | - rhocp 20 | 21 | dependencies: 22 | - role: ibm.mas_devops.ansible_version_check 23 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/sls/templates/mongo-certificates.yml.j2: -------------------------------------------------------------------------------- 1 | {% for certs in mongocfg[1].spec.certificates %} 2 | - alias: {{ certs.alias }} 3 | crt: | 4 | {{ certs.crt | indent(4)}} 5 | {% endfor %} 6 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/sls/templates/mongo-secret.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Secret 4 | type: Opaque 5 | metadata: 6 | name: "ibm-sls-mongo-credentials" 7 | {% if custom_labels is defined and custom_labels.items() %} 8 | labels: 9 | {% for key, value in custom_labels.items() %} 10 | "{{ key }}": "{{ value }}" 11 | {% endfor %} 12 | {% endif %} 13 | data: 14 | username: "{{ mongodb.username | b64encode }}" 15 | password: "{{ mongodb.password | b64encode }}" 16 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/smtp/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: Rick Acree (@racree) 3 | description: Generate smtp configuration file for IBM Maximo Application Suite 4 | company: IBM 5 | 6 | license: EPL-2.0 7 | 8 | min_ansible_version: 2.10 9 | 10 | platforms: 11 | - name: GenericLinux 12 | versions: 13 | - all 14 | 15 | galaxy_tags: 16 | - ibm 17 | - mas 18 | - devops 19 | - smtp 20 | 21 | dependencies: 22 | - role: ibm.mas_devops.ansible_version_check 23 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_app_backup_restore/tasks/health/restore-vars.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "Set fact: default restore job data list" 3 | set_fact: 4 | masbr_job_data_list: 5 | - seq: "1" 6 | type: "namespace" 7 | - seq: "2" 8 | type: "wsl" 9 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_app_backup_restore/tasks/iot/restore-vars.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "Set fact: default restore job data list" 3 | set_fact: 4 | masbr_job_data_list: 5 | - seq: "1" 6 | type: "namespace" 7 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_app_backup_restore/tasks/manage/restore-vars.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "Set fact: default restore job data list" 3 | set_fact: 4 | masbr_job_data_list: 5 | - seq: "1" 6 | type: "namespace" 7 | - seq: "2" 8 | type: "pv" 9 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_app_backup_restore/tasks/monitor/restore-vars.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "Set fact: default restore job data list" 3 | set_fact: 4 | masbr_job_data_list: 5 | - seq: "1" 6 | type: "namespace" 7 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_app_backup_restore/tasks/optimizer/restore-vars.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "Set fact: default restore job data list" 3 | set_fact: 4 | masbr_job_data_list: 5 | - seq: "1" 6 | type: "namespace" 7 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_app_backup_restore/tasks/visualinspection/restore-vars.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "Set fact: default restore job data list" 3 | set_fact: 4 | masbr_job_data_list: 5 | - seq: "1" 6 | type: "namespace" 7 | - seq: "2" 8 | type: "pv" 9 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_app_config/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: David Parker (@durera) 3 | description: Configure a MAS application in a workspace 4 | company: IBM 5 | 6 | license: EPL-2.0 7 | 8 | min_ansible_version: 2.10 9 | 10 | platforms: 11 | - name: GenericLinux 12 | versions: 13 | - all 14 | 15 | galaxy_tags: 16 | - ibm 17 | - mas 18 | - devops 19 | - rhocp 20 | 21 | dependencies: 22 | - role: ibm.mas_devops.ansible_version_check 23 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_app_config/templates/manage/custom-archive-credentials.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | # secret to be linked to customizationList in Manage Workspace CR when authentication is required to download file from archive url 3 | kind: Secret 4 | apiVersion: v1 5 | metadata: 6 | name: "{{ mas_app_settings_customization_credentials_secret_name }}" 7 | namespace: "mas-{{ mas_instance_id }}-manage" 8 | stringData: 9 | credentials: | 10 | user={{ mas_app_settings_customization_archive_username }} 11 | password={{ mas_app_settings_customization_archive_password }} 12 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_app_config/vars/assist.yml: -------------------------------------------------------------------------------- 1 | --- 2 | mas_app_ws_fqn: assistworkspaces.apps.mas.ibm.com 3 | mas_app_ws_apiversion: apps.mas.ibm.com/v1 4 | mas_app_ws_kind: AssistWorkspace 5 | mas_app_cfg_delay: "{{ lookup('env', 'MAS_APP_CFG_DELAY') | default(120, true)}}" 6 | mas_app_cfg_retries: "{{ lookup('env', 'MAS_APP_CFG_RETRIES') | default(30, true)}}" 7 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_app_config/vars/defaultspecs/assist.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Default application spec for Assist 3 | mas_appws_spec: 4 | bindings: 5 | watsondiscovery: application 6 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_app_config/vars/defaultspecs/hputilities.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Note about Analytics Project Id (cpd_wsl_project_id): 3 | # - It may come from environment variable CPD_WSL_PROJECT_ID OR 4 | # - It may come from MAS Config Directory (written by cp4d_service role) 5 | # - If not available, fail 6 | 7 | # Default application spec for HPUtilities 8 | mas_appws_spec: 9 | bindings: 10 | watsonstudio: system 11 | components: '{{ mas_appws_components | default({}, true) }}' 12 | settings: 13 | watsonstudio: 14 | projectid: "{{ cpd_wsl_project_id }}" 15 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_app_config/vars/defaultspecs/iot.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Default application spec for IoT 3 | mas_appws_spec: {} 4 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_app_config/vars/defaultspecs/monitor.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Default application spec for Monitor 3 | mas_appws_spec: 4 | bindings: 5 | iot: workspace 6 | jdbc: "{{ mas_appws_bindings_jdbc | default( 'system' , true) }}" 7 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_app_config/vars/defaultspecs/mso.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Default application spec for MSO 3 | mas_appws_spec: 4 | bindings: 5 | manage: workspace 6 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_app_config/vars/defaultspecs/optimizer.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Default application spec for Optimizer 3 | mas_appws_spec: {} 4 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_app_config/vars/defaultspecs/safety.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Default application spec for Safety 3 | mas_appws_spec: {} 4 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_app_config/vars/defaultspecs/visualinspection.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Default application spec for Visual Inspection 3 | mas_appws_spec: {} 4 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_app_config/vars/facilities.yml: -------------------------------------------------------------------------------- 1 | --- 2 | mas_app_ws_fqn: facilitiesworkspaces.apps.mas.ibm.com 3 | mas_app_ws_apiversion: apps.mas.ibm.com/v1 4 | mas_app_ws_kind: FacilitiesWorkspace 5 | 6 | # MREF would take 3 - 5 hours. 7 | mas_app_cfg_delay: "{{ lookup('env', 'MAS_APP_CFG_DELAY') | default(300, true)}}" # ~5 minutes 8 | mas_app_cfg_retries: "{{ lookup('env', 'MAS_APP_CFG_RETRIES') | default(60, true)}}" # ~5 hours 9 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_app_config/vars/hputilities.yml: -------------------------------------------------------------------------------- 1 | --- 2 | mas_app_ws_fqn: hputilitiesworkspaces.apps.mas.ibm.com 3 | mas_app_ws_apiversion: apps.mas.ibm.com/v1 4 | mas_app_ws_kind: HPUtilitiesWorkspace 5 | mas_app_cfg_delay: "{{ lookup('env', 'MAS_APP_CFG_DELAY') | default(120, true)}}" 6 | mas_app_cfg_retries: "{{ lookup('env', 'MAS_APP_CFG_RETRIES') | default(30, true)}}" 7 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_app_config/vars/iot.yml: -------------------------------------------------------------------------------- 1 | --- 2 | mas_app_ws_fqn: iotworkspaces.iot.ibm.com 3 | mas_app_ws_apiversion: iot.ibm.com/v1 4 | mas_app_ws_kind: IoTWorkspace 5 | mas_app_cfg_delay: "{{ lookup('env', 'MAS_APP_CFG_DELAY') | default(120, true)}}" 6 | mas_app_cfg_retries: "{{ lookup('env', 'MAS_APP_CFG_RETRIES') | default(30, true)}}" 7 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_app_config/vars/monitor.yml: -------------------------------------------------------------------------------- 1 | --- 2 | mas_app_ws_fqn: monitorworkspaces.apps.mas.ibm.com 3 | mas_app_ws_apiversion: apps.mas.ibm.com/v1 4 | mas_app_ws_kind: MonitorWorkspace 5 | 6 | mas_app_cfg_delay: "{{ lookup('env', 'MAS_APP_CFG_DELAY') | default(120, true)}}" 7 | mas_app_cfg_retries: "{{ lookup('env', 'MAS_APP_CFG_RETRIES') | default(30, true)}}" 8 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_app_config/vars/mso.yml: -------------------------------------------------------------------------------- 1 | --- 2 | mas_app_ws_fqn: msoworkspaces.apps.mas.ibm.com 3 | mas_app_ws_apiversion: apps.mas.ibm.com/v1 4 | mas_app_ws_kind: MSOWorkspace 5 | 6 | mas_app_cfg_delay: "{{ lookup('env', 'MAS_APP_CFG_DELAY') | default(120, true)}}" 7 | mas_app_cfg_retries: "{{ lookup('env', 'MAS_APP_CFG_RETRIES') | default(30, true)}}" 8 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_app_config/vars/optimizer.yml: -------------------------------------------------------------------------------- 1 | --- 2 | mas_app_ws_fqn: optimizerworkspaces.apps.mas.ibm.com 3 | mas_app_ws_apiversion: apps.mas.ibm.com/v1 4 | mas_app_ws_kind: OptimizerWorkspace 5 | 6 | mas_app_cfg_delay: "{{ lookup('env', 'MAS_APP_CFG_DELAY') | default(120, true)}}" 7 | mas_app_cfg_retries: "{{ lookup('env', 'MAS_APP_CFG_RETRIES') | default(30, true)}}" 8 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_app_config/vars/predict.yml: -------------------------------------------------------------------------------- 1 | --- 2 | mas_app_ws_fqn: predictworkspaces.apps.mas.ibm.com 3 | mas_app_ws_apiversion: apps.mas.ibm.com/v1 4 | mas_app_ws_kind: PredictWorkspace 5 | 6 | mas_app_cfg_delay: "{{ lookup('env', 'MAS_APP_CFG_DELAY') | default(120, true)}}" 7 | mas_app_cfg_retries: "{{ lookup('env', 'MAS_APP_CFG_RETRIES') | default(30, true)}}" 8 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_app_config/vars/safety.yml: -------------------------------------------------------------------------------- 1 | --- 2 | mas_app_ws_fqn: safetyworkspaces.apps.mas.ibm.com 3 | mas_app_ws_apiversion: apps.mas.ibm.com/v1 4 | mas_app_ws_kind: SafetyWorkspace 5 | 6 | mas_app_cfg_delay: "{{ lookup('env', 'MAS_APP_CFG_DELAY') | default(120, true)}}" 7 | mas_app_cfg_retries: "{{ lookup('env', 'MAS_APP_CFG_RETRIES') | default(30, true)}}" 8 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_app_config/vars/visualinspection.yml: -------------------------------------------------------------------------------- 1 | --- 2 | mas_app_ws_fqn: visualinspectionappworkspaces.apps.mas.ibm.com 3 | mas_app_ws_apiversion: apps.mas.ibm.com/v1 4 | mas_app_ws_kind: VisualInspectionAppWorkspace 5 | 6 | mas_app_cfg_delay: "{{ lookup('env', 'MAS_APP_CFG_DELAY') | default(120, true)}}" 7 | mas_app_cfg_retries: "{{ lookup('env', 'MAS_APP_CFG_RETRIES') | default(30, true)}}" 8 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_app_install/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: David Parker (@durera) 3 | description: Install a MAS application 4 | company: IBM 5 | 6 | license: EPL-2.0 7 | 8 | min_ansible_version: 2.10 9 | 10 | platforms: 11 | - name: GenericLinux 12 | versions: 13 | - all 14 | 15 | galaxy_tags: 16 | - ibm 17 | - mas 18 | - devops 19 | - rhocp 20 | 21 | dependencies: 22 | - role: ibm.mas_devops.ansible_version_check 23 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_app_install/tasks/manage.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | # ----------------------------------------------------------------------------- 4 | - name: "Load podTemplates configuration" 5 | include_tasks: "{{ role_path }}/../../common_tasks/pod_templates/main.yml" 6 | vars: 7 | config_files: 8 | - "ibm-mas-manage-manageapp.yml" 9 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_app_install/templates/application.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: {{ mas_app_api_version }} 3 | kind: {{ mas_app_kind }} 4 | metadata: 5 | name: {{ mas_instance_id }} 6 | namespace: {{ mas_app_namespace }} 7 | labels: 8 | mas.ibm.com/instanceId: {{ mas_instance_id }} 9 | mas.ibm.com/applicationId: {{ mas_app_id }} 10 | {% if custom_labels is defined and custom_labels.items() %} 11 | {% for key, value in custom_labels.items() %} 12 | "{{ key }}": "{{ value }}" 13 | {% endfor %} 14 | {% endif %} 15 | spec: {{ mas_app_spec }} 16 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_app_install/vars/aibroker.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Application specific variables for Aibroker 3 | mas_app_fqn: aibrokerapps.apps.mas.ibm.com 4 | mas_app_api_version: apps.mas.ibm.com/v1 5 | mas_app_kind: AiBrokerApp 6 | mas_app_install_delay: 120 7 | mas_app_install_retries: 20 8 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_app_install/vars/assist.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Application specific variables for Assist 3 | mas_app_fqn: assistapps.apps.mas.ibm.com 4 | mas_app_api_version: apps.mas.ibm.com/v1 5 | mas_app_kind: AssistApp 6 | mas_app_install_delay: 120 7 | mas_app_install_retries: 20 8 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_app_install/vars/defaultspecs/aibroker.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Default application specs for Aibroker 3 | mas_app_spec: 4 | bindings: {} 5 | # jdbc: "{{ mas_app_bindings_jdbc }}" 6 | components: {} 7 | settings: {} 8 | displayName: AI Broker 9 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_app_install/vars/defaultspecs/assist.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Default application spec for Assist 3 | mas_app_spec: 4 | bindings: 5 | objectstorage: system 6 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_app_install/vars/defaultspecs/facilities.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Default application spec for Real estate and facilities 3 | mas_app_spec: 4 | settings: {} 5 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_app_install/vars/defaultspecs/health.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Default application spec for Health 3 | mas_app_spec: {} 4 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_app_install/vars/defaultspecs/hputilities.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Default application spec for HPUtilities 3 | mas_app_spec: 4 | bindings: 5 | appconnect: system 6 | health: workspace 7 | components: {} 8 | settings: {} 9 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_app_install/vars/defaultspecs/manage.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Default application spec for Manage 3 | mas_app_spec: 4 | podTemplates: "{{ ((ibm_mas_manage_manageapp_pod_templates is defined) and (ibm_mas_manage_manageapp_pod_templates | length != 0)) | ternary(ibm_mas_manage_manageapp_pod_templates, []) }}" 5 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_app_install/vars/defaultspecs/monitor.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Default application spec for Monitor 3 | mas_app_spec: 4 | bindings: 5 | mongo: system 6 | settings: 7 | deployment: 8 | size: "{{ mas_app_settings_monitor_deployment_size }}" 9 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_app_install/vars/defaultspecs/mso.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Default application spec for MSO 3 | mas_app_spec: 4 | bindings: 5 | mongo: system 6 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_app_install/vars/defaultspecs/optimizer.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Default application spec for Optimizer 3 | mas_app_spec: 4 | bindings: 5 | mongo: system 6 | plan: "{{ mas_app_plan | default('full', true) }}" 7 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_app_install/vars/defaultspecs/predict.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Default application specs for Predict 3 | mas_app_spec: 4 | bindings: 5 | jdbc: "{{ mas_app_bindings_jdbc }}" 6 | components: {} 7 | settings: 8 | deployment: 9 | size: "{{ mas_app_settings_predict_deployment_size}}" 10 | displayName: Predict Workspace 11 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_app_install/vars/defaultspecs/safety.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Default application spec for Safety 3 | mas_app_spec: 4 | bindings: 5 | jdbc: "{{ mas_app_bindings_jdbc }}" 6 | components: {} 7 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_app_install/vars/defaultspecs/visualinspection.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Default application spec for Visual Inspection 3 | mas_app_spec: 4 | settings: 5 | storage: 6 | size: "{{ mas_app_settings_visualinspection_storage_size }}" 7 | storageClassName: "{{ mas_app_settings_visualinspection_storage_class }}" 8 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_app_install/vars/facilities.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Application specific variables for Real estate and facilities 3 | mas_app_fqn: facilitiesapps.apps.mas.ibm.com 4 | mas_app_api_version: apps.mas.ibm.com/v1 5 | mas_app_kind: FacilitiesApp 6 | mas_app_install_delay: 120 7 | mas_app_install_retries: 30 8 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_app_install/vars/health.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Application specific variables for Health 3 | mas_app_fqn: healthapps.apps.mas.ibm.com 4 | mas_app_api_version: apps.mas.ibm.com/v1 5 | mas_app_kind: HealthApp 6 | mas_app_install_delay: 120 7 | mas_app_install_retries: 30 8 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_app_install/vars/hputilities.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Application specific variables for HPUtilities 3 | mas_app_fqn: hputilitiesapps.apps.mas.ibm.com 4 | mas_app_api_version: apps.mas.ibm.com/v1 5 | mas_app_kind: HPUtilitiesApp 6 | 7 | mas_app_install_delay: 120 8 | mas_app_install_retries: 10 9 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_app_install/vars/iot.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Application specific variables for IoT 3 | mas_app_fqn: iots.iot.ibm.com 4 | mas_app_api_version: iot.ibm.com/v1 5 | mas_app_kind: IoT 6 | mas_app_install_delay: 120 7 | mas_app_install_retries: 45 8 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_app_install/vars/manage.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Application specific variables for Manage 3 | mas_app_fqn: manageapps.apps.mas.ibm.com 4 | mas_app_api_version: apps.mas.ibm.com/v1 5 | mas_app_kind: ManageApp 6 | mas_app_install_delay: 120 7 | mas_app_install_retries: 30 8 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_app_install/vars/monitor.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Application specific variables for Monitor 3 | mas_app_fqn: monitorapps.apps.mas.ibm.com 4 | mas_app_api_version: apps.mas.ibm.com/v1 5 | mas_app_kind: MonitorApp 6 | mas_app_install_delay: 120 7 | mas_app_install_retries: 30 8 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_app_install/vars/mso.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Application specific variables for Maximo Scheduler Optimization (MSO) 3 | mas_app_fqn: msoapps.apps.mas.ibm.com 4 | mas_app_api_version: apps.mas.ibm.com/v1 5 | mas_app_kind: MSOApp 6 | mas_app_install_delay: 120 7 | mas_app_install_retries: 30 8 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_app_install/vars/optimizer.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Application specific variables for Optimizer 3 | mas_app_fqn: optimizerapps.apps.mas.ibm.com 4 | mas_app_api_version: apps.mas.ibm.com/v1 5 | mas_app_kind: OptimizerApp 6 | mas_app_install_delay: 120 7 | mas_app_install_retries: 30 8 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_app_install/vars/predict.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Application specific variables for Predict 3 | mas_app_fqn: predictapps.apps.mas.ibm.com 4 | mas_app_api_version: apps.mas.ibm.com/v1 5 | mas_app_kind: PredictApp 6 | mas_app_install_delay: 120 7 | mas_app_install_retries: 30 8 | 9 | mas_app_settings_predict_deployment_size: "{{ lookup('env', 'PREDICT_DEPLOYMENT_SIZE') | default('small', true) }}" 10 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_app_install/vars/safety.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Application specific variables for Safety 3 | mas_app_fqn: safetys.apps.mas.ibm.com 4 | mas_app_api_version: apps.mas.ibm.com/v1 5 | mas_app_kind: Safety 6 | mas_app_install_delay: 120 7 | mas_app_install_retries: 30 8 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_app_install/vars/visualinspection.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Application specific variables for Visual Inspection 3 | mas_app_fqn: visualinspectionapps.apps.mas.ibm.com 4 | mas_app_api_version: apps.mas.ibm.com/v1 5 | mas_app_kind: VisualInspectionApp 6 | 7 | mas_app_install_delay: 120 8 | mas_app_install_retries: 30 9 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_app_rollback/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: David Parker (@durera) 3 | description: Check an existing IBM Maximo Application App is ready to rollback 4 | company: IBM 5 | 6 | license: EPL-2.0 7 | 8 | min_ansible_version: 2.10 9 | 10 | platforms: 11 | - name: GenericLinux 12 | versions: 13 | - all 14 | 15 | galaxy_tags: 16 | - ibm 17 | - mas 18 | - devops 19 | - rhocp 20 | - upgrade 21 | - rollback 22 | 23 | dependencies: 24 | - role: ibm.mas_devops.ansible_version_check 25 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_app_uninstall/app_specific/tasks/post/placeholder.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Run {{ placeholder }} Specific Post-Uninstall Tasks 3 | # ----------------------------------------------------------------------------- 4 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_app_uninstall/app_specific/tasks/pre/placeholder.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Run {{ placeholder }} Specific Pre-Uninstall Tasks 3 | # ----------------------------------------------------------------------------- 4 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_app_uninstall/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # MAS configuration 3 | mas_instance_id: "{{ lookup('env', 'MAS_INSTANCE_ID') }}" 4 | 5 | # MAS application configuration 6 | mas_app_id: "{{ lookup('env', 'MAS_APP_ID') }}" 7 | 8 | supported_app_ids: 9 | - "assist" 10 | - "health" 11 | - "hputilities" 12 | - "iot" 13 | - "manage" 14 | - "monitor" 15 | - "mso" 16 | - "optimizer" 17 | - "predict" 18 | - "safety" 19 | - "visualinspection" 20 | - "facilities" 21 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_app_uninstall/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: Paul Stone (@stonepd) 3 | description: Uninstall a MAS application 4 | company: IBM 5 | 6 | license: EPL-2.0 7 | 8 | min_ansible_version: 2.10 9 | 10 | platforms: 11 | - name: GenericLinux 12 | versions: 13 | - all 14 | 15 | galaxy_tags: 16 | - ibm 17 | - mas 18 | - devops 19 | - rhocp 20 | 21 | dependencies: 22 | - role: ibm.mas_devops.ansible_version_check 23 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_app_upgrade/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: David Parker (@durera) 3 | description: Upgrade an existing IBM Maximo Application Suite v8.6 installation to v8.7 4 | company: IBM 5 | 6 | license: EPL-2.0 7 | 8 | min_ansible_version: 2.10 9 | 10 | platforms: 11 | - name: GenericLinux 12 | versions: 13 | - all 14 | 15 | galaxy_tags: 16 | - ibm 17 | - mas 18 | - devops 19 | - rhocp 20 | - upgrade 21 | 22 | dependencies: 23 | - role: ibm.mas_devops.ansible_version_check 24 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_app_verify/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: Alexandre Quinteiro (@alequint) 3 | description: Verify an installation of IBM Maximo Application Suite application in the target RHOCP cluster 4 | company: IBM 5 | 6 | license: EPL-2.0 7 | 8 | min_ansible_version: 2.10 9 | 10 | platforms: 11 | - name: GenericLinux 12 | versions: 13 | - all 14 | 15 | galaxy_tags: 16 | - ibm 17 | - mas 18 | - devops 19 | - rhocp 20 | 21 | dependencies: 22 | - role: ibm.mas_devops.ansible_version_check 23 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_backup_restore/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | masbr_action: "{{ lookup('env', 'MASBR_ACTION') }}" 3 | mas_instance_id: "{{ lookup('env', 'MAS_INSTANCE_ID') }}" 4 | 5 | # Backup/Restore - Supported job types 6 | supported_job_data_item_types: ["namespace"] 7 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_backup_restore/tasks/restore-vars.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "Set fact: default restore job data list" 3 | set_fact: 4 | masbr_job_data_list: 5 | - seq: "1" 6 | type: "namespace" 7 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_certs/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: 3 | - Sanjay Prabhakar 4 | - Alexandre Quinteiro 5 | description: Installs public tls secret in core namespace in Manual certificate management mode 6 | company: IBM 7 | 8 | license: EPL-2.0 9 | 10 | min_ansible_version: 2.10 11 | 12 | platforms: 13 | - name: GenericLinux 14 | versions: 15 | - all 16 | 17 | galaxy_tags: 18 | - ibm 19 | - mas 20 | - devops 21 | 22 | dependencies: 23 | - role: ibm.mas_devops.ansible_version_check 24 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_certs/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: "Debug mas_manual_cert_mgmt" 4 | when: not mas_manual_cert_mgmt 5 | debug: 6 | msg: "mas_manual_cert_mgmt is not True, indicating the installation is using cert-manager to create certificates. This role will not take any action" 7 | 8 | - name: "Proceed with suite_certs role execution" 9 | when: mas_manual_cert_mgmt 10 | include_tasks: tasks/run.yml 11 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_certs/templates/public-cert-ca.yml.j2: -------------------------------------------------------------------------------- 1 | {% if ca_crt_size | int > 0 %} 2 | {{ lookup('file', '{{ cert_path }}/ca.crt') | b64encode }} 3 | {% endif %} 4 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_certs/templates/public-cert-tls.yml.j2: -------------------------------------------------------------------------------- 1 | {% if tls_crt_size | int > 0 %} 2 | {{ lookup('file', '{{ cert_path }}/tls.crt') | b64encode }} 3 | {% endif %} 4 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_certs/templates/public-tls-key.yml.j2: -------------------------------------------------------------------------------- 1 | {% if tls_key_size | int > 0 %} 2 | {{ lookup('file', '{{ cert_path }}/tls.key') | b64encode }} 3 | {% endif %} 4 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_config/README.md: -------------------------------------------------------------------------------- 1 | suite_config 2 | ============ 3 | 4 | TODO: Summarize role 5 | 6 | Role Variables 7 | -------------- 8 | 9 | TODO: Finish documentation 10 | 11 | 12 | Example Playbook 13 | ---------------- 14 | 15 | ```yaml 16 | TODO: Add example 17 | ``` 18 | 19 | License 20 | ------- 21 | 22 | EPL-2.0 23 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_config/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | mas_instance_id: "{{ lookup('env', 'MAS_INSTANCE_ID') }}" 4 | mas_config_dir: "{{ lookup('env', 'MAS_CONFIG_DIR') }}" 5 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_config/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: David Parker (@durera) 3 | description: Apply one or more configurations to a running MAS system 4 | company: IBM 5 | 6 | license: EPL-2.0 7 | 8 | min_ansible_version: 2.10 9 | 10 | platforms: 11 | - name: GenericLinux 12 | versions: 13 | - all 14 | 15 | galaxy_tags: 16 | - ibm 17 | - mas 18 | - devops 19 | - rhocp 20 | 21 | dependencies: 22 | - role: ibm.mas_devops.ansible_version_check 23 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_db2_setup_for_facilities/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: Sanjay Prabhakar (@sanjayprab) 3 | description: Modify Db2 configuration for compatability with Maximo Real estate and facilities 4 | company: IBM 5 | 6 | license: EPL-2.0 7 | 8 | min_ansible_version: 2.10 9 | 10 | platforms: 11 | - name: GenericLinux 12 | versions: 13 | - all 14 | 15 | galaxy_tags: 16 | - ibm 17 | - mas 18 | - devops 19 | - db2 20 | 21 | dependencies: 22 | - role: ibm.mas_devops.ansible_version_check 23 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_db2_setup_for_facilities/templates/db2/scripts/create-schema.sql.j2: -------------------------------------------------------------------------------- 1 | CONNECT TO {{ db2_dbname }}; 2 | COMMIT WORK; 3 | 4 | ------------------------------------ 5 | -- CREATE SCHEMA -- 6 | ------------------------------------ 7 | 8 | CREATE SCHEMA {{ db2_schema }} AUTHORIZATION {{ db2_username }}; 9 | 10 | COMMIT WORK; 11 | 12 | CONNECT RESET; 13 | 14 | TERMINATE; -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_db2_setup_for_facilities/templates/db2_enforce_config.yaml.j2: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: "{{db2_instance_name | lower}}-enforce-mref-config" 5 | data: 6 | version: "{{ db2_config_version }}" 7 | 8 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_db2_setup_for_manage/defaults/main.yml: -------------------------------------------------------------------------------- 1 | db2_instance_name: "{{ lookup('env', 'DB2_INSTANCE_NAME') }}" 2 | db2_namespace: "{{ lookup('env', 'DB2_NAMESPACE') | default('db2u', true) }}" 3 | db2_dbname: "{{ lookup('env', 'DB2_DBNAME') | default('BLUDB', true) }}" 4 | 5 | # Variables for db2_dbconfig 6 | db2_config_version: "{{ lookup('env', 'DB2_CONFIG_VERSION') | default('1.0.0', true) }}" 7 | enforce_db2_config: "{{ lookup('env', 'ENFORCE_DB2_CONFIG') | default(True, true) | bool }}" 8 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_db2_setup_for_manage/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: David Parker (@durera) 3 | description: Modify Db2 configuration for compatability with Maximo Manage 4 | company: IBM 5 | 6 | license: EPL-2.0 7 | 8 | min_ansible_version: 2.10 9 | 10 | platforms: 11 | - name: GenericLinux 12 | versions: 13 | - all 14 | 15 | galaxy_tags: 16 | - ibm 17 | - mas 18 | - devops 19 | - db2 20 | 21 | dependencies: 22 | - role: ibm.mas_devops.ansible_version_check 23 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_db2_setup_for_manage/templates/db2_enforce_config.yaml.j2: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: "{{db2_instance_name | lower}}-enforce-config" 5 | data: 6 | version: "{{ db2_config_version }}" 7 | 8 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_dns/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: David Parker (@durera) 3 | description: Configure DNS entries for IBM Maximo Application Suite (only supports IBM Cloud Internet Services as the DNS provider currently) 4 | company: IBM 5 | 6 | license: EPL-2.0 7 | 8 | min_ansible_version: 2.10 9 | 10 | platforms: 11 | - name: GenericLinux 12 | versions: 13 | - all 14 | 15 | galaxy_tags: 16 | - ibm 17 | - mas 18 | - devops 19 | - dns 20 | 21 | dependencies: 22 | - role: ibm.mas_devops.ansible_version_check 23 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_dns/tasks/providers/cis/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "cis : running standard cis suite dns" 3 | include_tasks: tasks/providers/cis/cis_suitedns_basic.yml 4 | when: 5 | - not cis_enhanced_security 6 | 7 | - name: "cis : running cis suite dns with enhanced security" 8 | include_tasks: tasks/providers/cis/cis_suitedns_enhanced.yml 9 | when: 10 | - cis_enhanced_security 11 | 12 | - include_tasks: tasks/providers/cis/cis_webhook.yml 13 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_dns/templates/cis/webhook/cis-apikey-secret.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: cis-api-key 6 | {% if custom_labels is defined and custom_labels.items() %} 7 | labels: 8 | {% for key, value in custom_labels.items() %} 9 | "{{ key }}": "{{ value }}" 10 | {% endfor %} 11 | {% endif %} 12 | type: Opaque 13 | data: 14 | key: "{{ cis_apikey | b64encode }}" 15 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_dns/templates/cis/webhook/cis-proxy-route.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | kind: Route 3 | apiVersion: route.openshift.io/v1 4 | metadata: 5 | name: cis-proxy-route 6 | namespace: "{{ cert_manager_namespace }}" 7 | spec: 8 | host: "{{ ocp_ingress }}" 9 | to: 10 | kind: Service 11 | name: cert-manager-webhook-ibm-cis 12 | weight: 100 13 | port: 14 | targetPort: https 15 | tls: 16 | termination: passthrough 17 | insecureEdgeTerminationPolicy: Redirect 18 | wildcardPolicy: None 19 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_dns/templates/cis/webhook/service.yml.j2: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: "cert-manager-webhook-ibm-cis" 5 | labels: 6 | app: "cert-manager-webhook-ibm-cis" 7 | spec: 8 | type: "{{ cis_webhook.service.type }}" 9 | ports: 10 | - port: {{ cis_webhook.service.port }} 11 | targetPort: https 12 | protocol: TCP 13 | name: https 14 | selector: 15 | app: "cert-manager-webhook-ibm-cis" 16 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_dns/templates/cloudflare/secret.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: cloudflare-api-token-secret 6 | namespace: {{ cert_manager_namespace }} 7 | type: Opaque 8 | stringData: 9 | api-token: {{ cloudflare_apitoken }} 10 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_dns/templates/routes_edge_certificates.txt.j2: -------------------------------------------------------------------------------- 1 | {{edge_cert_routes|join(',')| replace(',','\n') | replace('"','') }} -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_install/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: David Parker (@durera) 3 | description: Install IBM Maximo Application Suite in the target RHOCP cluster 4 | company: IBM 5 | 6 | license: EPL-2.0 7 | 8 | min_ansible_version: 2.10 9 | 10 | platforms: 11 | - name: GenericLinux 12 | versions: 13 | - all 14 | 15 | galaxy_tags: 16 | - ibm 17 | - mas 18 | - devops 19 | - rhocp 20 | 21 | dependencies: 22 | - role: ibm.mas_devops.ansible_version_check 23 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_install/templates/consolelink.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: console.openshift.io/v1 3 | kind: ConsoleLink 4 | metadata: 5 | labels: 6 | addonmanager.kubernetes.io/mode: Reconcile 7 | name: "mas-{{ mas_instance_id }}" 8 | spec: 9 | location: ApplicationMenu 10 | applicationMenu: 11 | section: Maximo Application Suite 12 | href: "https://admin.{{ mas_domain }}" 13 | text: "Admin Dashboard ({{ mas_instance_id }})" 14 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_install/templates/secret-superuser.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Secret 4 | type: opaque 5 | metadata: 6 | name: {{ mas_instance_id }}-credentials-superuser 7 | namespace: "{{ mas_namespace }}" 8 | data: 9 | username: {{ mas_superuser_username | b64encode }} 10 | password: {{ mas_superuser_password | b64encode }} 11 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_manage_attachments_config/templates/configmap.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: "{{ mas_instance_id }}-{{ mas_workspace_id }}-manage-attachments-configmap" 6 | namespace: "mas-{{ mas_instance_id }}-{{ mas_app_id }}" 7 | {% if custom_labels is defined and custom_labels.items() %} 8 | {% for key, value in custom_labels.items() %} 9 | "{{ key }}": "{{ value }}" 10 | {% endfor %} 11 | {% endif %} 12 | data: 13 | mas_manage_attachments_provider: "{{ mas_manage_attachments_provider }}" 14 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_manage_bim_config/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: André Marcelino (@andrercm) 3 | description: Configure file storage pvc's as persistent storage for Manage application BIM (Building Information Models). 4 | company: IBM 5 | 6 | license: EPL-2.0 7 | 8 | min_ansible_version: 2.10 9 | 10 | platforms: 11 | - name: GenericLinux 12 | versions: 13 | - all 14 | 15 | galaxy_tags: 16 | - ibm 17 | - mas 18 | - devops 19 | - rhocp 20 | 21 | dependencies: 22 | - role: ibm.mas_devops.ansible_version_check 23 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_manage_bim_config/templates/updatebimconfig.sh.j2: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | db2 connect to {{ db2_dbname }} 4 | 5 | db2 "UPDATE MAXIMO.MAXPROPVALUE SET PROPVALUE = '{{ mas_app_settings_bim_mount_path }}/import' WHERE PROPNAME = 'bim.import.dir';" 6 | db2 "UPDATE MAXIMO.MAXPROPVALUE SET PROPVALUE = '{{ mas_app_settings_bim_mount_path }}/docs' WHERE PROPNAME = 'bim.import.docdir';" 7 | db2 "UPDATE MAXIMO.MAXPROPVALUE SET PROPVALUE = '{{ mas_app_settings_bim_mount_path }}/models' WHERE PROPNAME = 'bim.model.dir';" 8 | exit 0 9 | 10 | # 11 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_manage_birt_report_config/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: André Marcelino (@andrercm) 3 | description: Configure BIRT report server bundle for Manage application. 4 | company: IBM 5 | 6 | license: EPL-2.0 7 | 8 | min_ansible_version: 2.10 9 | 10 | platforms: 11 | - name: GenericLinux 12 | versions: 13 | - all 14 | 15 | galaxy_tags: 16 | - ibm 17 | - mas 18 | - devops 19 | - rhocp 20 | 21 | dependencies: 22 | - role: ibm.mas_devops.ansible_version_check 23 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_manage_customer_files_config/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: André Marcelino (@andrercm) 3 | description: Configure IBM/S3 buckets to store customer files for Manage. 4 | company: IBM 5 | 6 | license: EPL-2.0 7 | 8 | min_ansible_version: 2.10 9 | 10 | platforms: 11 | - name: GenericLinux 12 | versions: 13 | - all 14 | 15 | galaxy_tags: 16 | - ibm 17 | - mas 18 | - devops 19 | - rhocp 20 | 21 | dependencies: 22 | - role: ibm.mas_devops.ansible_version_check 23 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_manage_imagestitching_config/templates/imagestitching-pvc.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: "{{ mas_instance_id }}-{{ mas_workspace_id }}-{{ stitching_pvcname }}" 6 | namespace: "{{ manage_namespace }}" 7 | spec: 8 | resources: 9 | requests: 10 | storage: "{{ stitching_storage_size }}" 11 | volumeMode: Filesystem 12 | storageClassName: "{{ stitching_storage_class }}" 13 | accessModes: 14 | - "{{ stitching_storage_mode }}" 15 | 16 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_manage_import_certs_config/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: André Marcelino (@andrercm) 3 | description: Import certificates into Manage application's workspace. 4 | company: IBM 5 | 6 | license: EPL-2.0 7 | 8 | min_ansible_version: 2.10 9 | 10 | platforms: 11 | - name: GenericLinux 12 | versions: 13 | - all 14 | 15 | galaxy_tags: 16 | - ibm 17 | - mas 18 | - devops 19 | - rhocp 20 | 21 | dependencies: 22 | - role: ibm.mas_devops.ansible_version_check 23 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_manage_import_certs_config/templates/imported-certs.yml.j2: -------------------------------------------------------------------------------- 1 | {% for cert in manage_certificates %} 2 | - alias: "{{ manage_certificates_aliases[loop.index0] | default(manage_certificates_alias_prefix+(loop.index - existing_manage_imported_certs_aliases | length)|string) }}" 3 | crt: |- 4 | {{ cert | indent(4) }} 5 | {% else %} 6 | [] 7 | {% endfor %} 8 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_manage_load_dbc_scripts/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: 3 | - André Marcelino 4 | description: Allow to load dbc script files into manage server. It is an workaround for a gap in Manage operator that should be allowing us to perform this kind of activity. 5 | company: IBM 6 | 7 | license: EPL-2.0 8 | 9 | min_ansible_version: 2.10 10 | 11 | platforms: 12 | - name: GenericLinux 13 | versions: 14 | - all 15 | 16 | galaxy_tags: 17 | - ibm 18 | - mas 19 | - devops 20 | - rhocp 21 | 22 | dependencies: [] 23 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_manage_logging_config/files/db2.sql: -------------------------------------------------------------------------------- 1 | delete from maximo.APIROUTE where ROUTE IN ('toolslog','icheckerrepair','managestart','icheckerreport','managestop'); 2 | 3 | COMMIT; 4 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_manage_logging_config/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: André Marcelino (@andrercm) 3 | description: Configure S3 buckets for Manage logging 4 | company: IBM 5 | 6 | license: EPL-2.0 7 | 8 | min_ansible_version: 2.10 9 | 10 | platforms: 11 | - name: GenericLinux 12 | versions: 13 | - all 14 | 15 | galaxy_tags: 16 | - ibm 17 | - mas 18 | - devops 19 | - rhocp 20 | 21 | dependencies: 22 | - role: ibm.mas_devops.ansible_version_check 23 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_manage_logging_config/templates/logging-bucket-creds.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Secret 4 | type: Opaque 5 | metadata: 6 | name: s3secretkey 7 | namespace: "mas-{{mas_instance_id}}-manage" 8 | stringData: 9 | accessSecretKey: "{{ cos_secret_access_key }}" 10 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_manage_pvc_config/files/manage-persistent-volumes-sample.yml: -------------------------------------------------------------------------------- 1 | persistentVolumes: 2 | - accessModes: 3 | - ReadWriteMany 4 | mountPath: /MyMountPath 5 | pvcName: my-pvc-name-from-file 6 | size: 20Gi 7 | storageClassName: ibmc-file-gold-gid 8 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_manage_pvc_config/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: André Marcelino (@andrercm) 3 | description: Configure custom persistent volume claims for Manage application 4 | company: IBM 5 | 6 | license: EPL-2.0 7 | 8 | min_ansible_version: 2.10 9 | 10 | platforms: 11 | - name: GenericLinux 12 | versions: 13 | - all 14 | 15 | galaxy_tags: 16 | - ibm 17 | - mas 18 | - devops 19 | - rhocp 20 | 21 | dependencies: 22 | - role: ibm.mas_devops.ansible_version_check 23 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_manage_pvc_config/vars/manage-persistent-volumes.yml.j2: -------------------------------------------------------------------------------- 1 | persistentVolumes: 2 | - mountPath: "{{ mas_app_settings_custom_persistent_volume_mount_path }}" 3 | pvcName: "{{ mas_app_settings_custom_persistent_volume_pvc_name }}" 4 | volumeName: "{{ mas_app_settings_custom_persistent_volume_pv_name }}" 5 | size: "{{ mas_app_settings_custom_persistent_volume_pvc_size }}" 6 | storageClassName: "{{ mas_app_settings_custom_persistent_volume_sc_name }}" 7 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_rollback/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: André Marcelino (@andrercm) 3 | description: Check an existing IBM Maximo Application Suite installation is ready to rollback 4 | company: IBM 5 | 6 | license: EPL-2.0 7 | 8 | min_ansible_version: 2.10 9 | 10 | platforms: 11 | - name: GenericLinux 12 | versions: 13 | - all 14 | 15 | galaxy_tags: 16 | - ibm 17 | - mas 18 | - devops 19 | - rhocp 20 | - rollback 21 | 22 | dependencies: 23 | - role: ibm.mas_devops.ansible_version_check 24 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_uninstall/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | mas_instance_id: "{{ lookup('env', 'MAS_INSTANCE_ID') }}" 3 | mas_wipe_mongo_data: "{{ lookup('env', 'MAS_WIPE_MONGO_DATA') | default('false', True) | bool }}" 4 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_uninstall/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: David Parker (@durera) 3 | description: Uninstall IBM Maximo Application Suite Core Platform in the target RHOCP cluster 4 | company: IBM 5 | 6 | license: EPL-2.0 7 | 8 | min_ansible_version: 2.10 9 | 10 | platforms: 11 | - name: GenericLinux 12 | versions: 13 | - all 14 | 15 | galaxy_tags: 16 | - ibm 17 | - mas 18 | - devops 19 | - rhocp 20 | 21 | dependencies: 22 | - role: ibm.mas_devops.ansible_version_check 23 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_upgrade/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | mas_upgrade_dryrun: "{{ lookup('env', 'MAS_UPGRADE_DRYRUN') | default('False', True) | bool }}" 3 | 4 | mas_channel: "{{ lookup('env', 'MAS_CHANNEL') }}" 5 | 6 | mas_instance_id: "{{ lookup('env', 'MAS_INSTANCE_ID') }}" 7 | mas_namespace: "mas-{{ mas_instance_id }}-core" 8 | 9 | skip_compatibility_check: "{{ lookup('env', 'SKIP_COMPATIBILITY_CHECK') | default('False', True) | bool }}" 10 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_upgrade/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: André Marcelino (@andrercm) 3 | description: Check an existing IBM Maximo Application Suite v8.6 installation is ready to upgrade to v8.7 4 | company: IBM 5 | 6 | license: EPL-2.0 7 | 8 | min_ansible_version: 2.10 9 | 10 | platforms: 11 | - name: GenericLinux 12 | versions: 13 | - all 14 | 15 | galaxy_tags: 16 | - ibm 17 | - mas 18 | - devops 19 | - rhocp 20 | - upgrade 21 | 22 | dependencies: 23 | - role: ibm.mas_devops.ansible_version_check 24 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_verify/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | mas_instance_id: "{{ lookup('env', 'MAS_INSTANCE_ID') }}" 3 | mas_hide_superuser_credentials: "{{ lookup('env', 'MAS_HIDE_SUPERUSER_CREDENTIALS') | default('False', True) }}" 4 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/suite_verify/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: David Parker (@durera) 3 | description: Verify an installation of IBM Maximo Application Suite in the target RHOCP cluster 4 | company: IBM 5 | 6 | license: EPL-2.0 7 | 8 | min_ansible_version: 2.10 9 | 10 | platforms: 11 | - name: GenericLinux 12 | versions: 13 | - all 14 | 15 | galaxy_tags: 16 | - ibm 17 | - mas 18 | - devops 19 | - rhocp 20 | 21 | dependencies: 22 | - role: ibm.mas_devops.ansible_version_check 23 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/turbonomic/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: Ben Bakowski (@bakowski) 3 | description: Deploy Kubeturbo 4 | 5 | license: EPL-2.0 6 | 7 | min_ansible_version: 2.10 8 | 9 | platforms: 10 | - name: GenericLinux 11 | versions: 12 | - all 13 | 14 | galaxy_tags: 15 | - ibm 16 | - kubeturbo 17 | 18 | dependencies: 19 | - role: ibm.mas_devops.ansible_version_check 20 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/turbonomic/templates/kubeturbo-operator-group.yml.j2: -------------------------------------------------------------------------------- 1 | apiVersion: operators.coreos.com/v1 2 | kind: OperatorGroup 3 | metadata: 4 | name: kubeturbo 5 | namespace: "{{ kubeturbo_namespace }}" 6 | spec: 7 | targetNamespaces: 8 | - "{{ kubeturbo_namespace }}" 9 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/turbonomic/templates/kubeturbo-subscription.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: operators.coreos.com/v1alpha1 3 | kind: Subscription 4 | metadata: 5 | name: kubeturbo 6 | namespace: "{{ kubeturbo_namespace }}" 7 | spec: 8 | channel: "{{ kubeturbo_default_channel }}" 9 | installPlanApproval: Automatic 10 | name: "{{ kubeturbo_package_name }}" 11 | source: "{{ kubeturbo_source }}" 12 | sourceNamespace: "{{ kubeturbo_source_namespace }}" 13 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/turbonomic/templates/turbonomic-secret.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Secret 4 | type: Opaque 5 | metadata: 6 | name: "turbonomic-credentials" 7 | {% if custom_labels is defined and custom_labels.items() %} 8 | labels: 9 | {% for key, value in custom_labels.items() %} 10 | "{{ key }}": "{{ value }}" 11 | {% endfor %} 12 | {% endif %} 13 | data: 14 | password: "{{ turbonomic_password | b64encode }}" 15 | username: "{{ turbonomic_username | b64encode }}" 16 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/uds/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: David Parker (@durera) 3 | description: Deploy User Data Services configured for IBM Maximo Application Suite 4 | 5 | license: EPL-2.0 6 | 7 | min_ansible_version: 2.10 8 | 9 | platforms: 10 | - name: GenericLinux 11 | versions: 12 | - all 13 | 14 | galaxy_tags: 15 | - ibm 16 | - mas 17 | - devops 18 | - uds 19 | 20 | dependencies: 21 | - role: ibm.mas_devops.ansible_version_check 22 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/uds/templates/bas-certs.yml.j2: -------------------------------------------------------------------------------- 1 | {% for crt in uds_tls_crt %} 2 | - alias: "part{{ loop.index }}" 3 | crt: | 4 | {{ crt | indent(width=4, first=False) }} 5 | {% endfor %} 6 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/uds/templates/bascfg-suds.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: config.mas.ibm.com/v1 3 | kind: BasCfg 4 | metadata: 5 | name: "{{ mas_instance_id }}-bas-system" 6 | namespace: "mas-{{ mas_instance_id }}-core" 7 | labels: 8 | mas.ibm.com/configScope: system 9 | mas.ibm.com/instanceId: "{{ mas_instance_id }}" 10 | spec: 11 | displayName: SUDS {{ mas_instance_id }} 12 | suds: true 13 | {% if ibm_mas_bascfg_pod_templates is defined %} 14 | podTemplates: {{ ibm_mas_bascfg_pod_templates }} 15 | {% endif %} 16 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/uds/templates/crunchy-postgres/subscription.yml: -------------------------------------------------------------------------------- 1 | apiVersion: operators.coreos.com/v1alpha1 2 | kind: Subscription 3 | metadata: 4 | name: crunchy-postgres-operator 5 | namespace: ibm-common-services 6 | spec: 7 | channel: v5 8 | installPlanApproval: Automatic 9 | name: crunchy-postgres-operator 10 | source: "{{ postgres_source }}" 11 | sourceNamespace: "{{ postgres_source_namespace }}" 12 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/uds/templates/foundation-services/generateKey.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: uds.ibm.com/v1 2 | kind: GenerateKey 3 | metadata: 4 | name: uds-api-key 5 | namespace: ibm-common-services 6 | spec: 7 | image_pull_secret: uds-images-pull-secret 8 | -------------------------------------------------------------------------------- /ibm/mas_devops/roles/uds/templates/foundation-services/ibm-user-data-services.yml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: operator.ibm.com/v1alpha1 3 | kind: OperandRequest 4 | metadata: 5 | name: user-data-services 6 | namespace: ibm-common-services 7 | spec: 8 | requests: 9 | - operands: 10 | - name: ibm-user-data-services-operator 11 | registry: common-service 12 | -------------------------------------------------------------------------------- /prettierrc.yaml: -------------------------------------------------------------------------------- 1 | printWidth: 160 2 | tabWidth: 2 3 | bracketSameLine: false 4 | -------------------------------------------------------------------------------- /yamllint.yaml: -------------------------------------------------------------------------------- 1 | extends: relaxed 2 | rules: 3 | line-length: disable 4 | --------------------------------------------------------------------------------