├── .circleci └── config.yml ├── .editorconfig ├── .gitignore ├── Dockerfile ├── LICENSE ├── README.adoc ├── deprovision.sh ├── documentation ├── .nojekyll ├── antora.yml └── modules │ └── ROOT │ ├── _attributes.adoc │ ├── nav.adoc │ └── pages │ ├── _attributes.adoc │ ├── aws.adoc │ ├── azure.adoc │ ├── cloud_resources.adoc │ ├── gcp.adoc │ ├── index.adoc │ ├── openshift_vars.adoc │ ├── prepare_env.adoc │ └── setup.adoc ├── env ├── cmdline ├── extravars.example └── settings ├── inventory └── hosts ├── project ├── ansible.cfg ├── deprovision-cloud-resources.yaml ├── keys │ └── README.md ├── out │ └── .gitkeep └── provision-cloud-resources.yaml ├── provision.sh ├── roles ├── azure_network_reconfig │ └── tasks │ │ └── main.yaml ├── cloud-resources-rollback │ └── tasks │ │ ├── aws_rollback.yaml │ │ ├── azure_rollback.yaml │ │ ├── gcp_rollback.yaml │ │ └── main.yaml ├── cloud-resources │ ├── defaults │ │ └── main.yaml │ ├── files │ │ ├── add_openshift_users.yaml │ │ ├── ansible.cfg │ │ └── openshift_users.yaml │ ├── tasks │ │ ├── aws.yaml │ │ ├── azure.yaml │ │ ├── cloud_inventory.yaml │ │ ├── gcp.yaml │ │ └── main.yaml │ └── templates │ │ ├── add-openshift-users.sh.j2 │ │ ├── azure.conf.j2 │ │ ├── connect.sh.j2 │ │ ├── deploy.sh.j2 │ │ ├── docker-storage-setup.j2 │ │ ├── host_vars.yaml.j2 │ │ ├── hosts_prepare.yaml.j2 │ │ ├── localhost.yaml.j2 │ │ └── openshift_hosts.j2 └── openshift-users │ ├── defaults │ └── main.yaml │ └── tasks │ └── main.yaml ├── site-gh-pages.yml ├── site.yml └── supplemental-ui ├── img └── favicon.ico └── partials ├── head-meta.hbs └── header-content.hbs /.circleci/config.yml: -------------------------------------------------------------------------------- 1 | version: 2 2 | jobs: 3 | site: 4 | docker: 5 | - image: quay.io/workspace7/antora 6 | working_directory: ~/repo 7 | steps: 8 | - checkout 9 | - run: 10 | name: Generate Documentation 11 | command: | 12 | git config credential.helper 'cache --timeout=120' 13 | git config user.name "$GH_USERNAME" 14 | git config user.email "$GH_EMAIL" 15 | git checkout -b gh-pages 16 | antora generate --pull --stacktrace site-gh-pages.yml 17 | shopt -s extglob 18 | rm -vrf !("site") 19 | mv site/* . && rm -rf site 20 | touch .nojekyll 21 | git add . 22 | git commit -m "generated documentation" 23 | git push --force -q https://${GH_TOKEN}@github.com/kameshsampath/openshift-hybridizer.git gh-pages 24 | workflows: 25 | version: 2 26 | generate_site: 27 | jobs: 28 | - site: 29 | filters: 30 | branches: 31 | ignore: 32 | - "gh-pages" 33 | -------------------------------------------------------------------------------- /.editorconfig: -------------------------------------------------------------------------------- 1 | root = true 2 | 3 | [*{.yaml,.yml,.json}] 4 | indent_style = space 5 | indent_size = 2 6 | end_of_line = lf 7 | charset = utf-8 8 | trim_trailing_whitespace = false 9 | insert_final_newline = false -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | env/envvars 2 | env/extravars 3 | env/extravars.* 4 | !env/env/extravars.example 5 | project/keys 6 | !project/keys/README.md 7 | project/.ansible 8 | out/** 9 | !out/.gitkeep 10 | artifacts/** 11 | !artifacts/.gitkeep 12 | inventory/** 13 | !inventory/hostsdocs.old 14 | .cache 15 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ansible/ansible-runner:latest 2 | 3 | RUN pip install --upgrade pip \ 4 | && pip install 'cryptography>=2.2.1' 'boto' 'boto3' 'apache-libcloud' 'ansible[azure]' 5 | 6 | VOLUME /runner/env 7 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright [yyyy] [name of copyright owner] 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /README.adoc: -------------------------------------------------------------------------------- 1 | = OpenShift Hybridizer 2 | This content is brought to you by http://developers.redhat.com - Register today! 3 | 4 | image:https://circleci.com/gh/kameshsampath/openshift-hybridizer.svg?style=svg["CircleCI", link="https://circleci.com/gh/kameshsampath/openshift-hybridizer"] 5 | 6 | - An HTML version of the documentation is available at https://redhat-developer-demos.github.io/openshift-hybridizer/ 7 | 8 | - The source code is available at https://github.com/redhat-developer-demos/openshift-hybridizer -------------------------------------------------------------------------------- /deprovision.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -e 4 | 5 | _CURR_DIR="$( cd "$(dirname "$0")" ; pwd -P )" 6 | 7 | docker run -t -u `id -u` -v ${_CURR_DIR}/artifacts:/runner/artifacts:Z \ 8 | -v ${_CURR_DIR}/out:/runner/out:Z \ 9 | -v ${_CURR_DIR}/env:/runner/env:Z \ 10 | -v ${_CURR_DIR}/inventory:/runner/inventory:Z \ 11 | -v ${_CURR_DIR}/project:/runner/project:Z \ 12 | -v ${_CURR_DIR}/roles:/runner/roles:Z \ 13 | -e PROJECT_DIR=${_CURR_DIR}/project \ 14 | -e RUNNER_PLAYBOOK=deprovision-cloud-resources.yaml \ 15 | quay.io/workspace7/ansible-runner:latest 16 | 17 | -------------------------------------------------------------------------------- /documentation/.nojekyll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-developer-demos/openshift-hybridizer/dd82fc81f41bbf5c582c575c8001fd9bac416d62/documentation/.nojekyll -------------------------------------------------------------------------------- /documentation/antora.yml: -------------------------------------------------------------------------------- 1 | name: openshift-hybridizer 2 | title: OpenShift Hybridizer 3 | version: "0.0.1" 4 | nav: 5 | - modules/ROOT/nav.adoc 6 | 7 | start_page: ROOT:index.adoc 8 | -------------------------------------------------------------------------------- /documentation/modules/ROOT/_attributes.adoc: -------------------------------------------------------------------------------- 1 | :imagesdir: {moduledir}/assets/images 2 | :source-highlighter: highlightjs -------------------------------------------------------------------------------- /documentation/modules/ROOT/nav.adoc: -------------------------------------------------------------------------------- 1 | * xref:index.adoc[Overview] 2 | * Setup 3 | ** xref:prepare_env.adoc[Prepare Environment] 4 | ** xref:cloud_resources.adoc[Prepare Cloud Resources] 5 | ** xref:setup.adoc#prov-cloud-resource[Provision Cloud Resources] 6 | ** xref:setup.adoc#deploy-openshift[Deploy OpenShift] 7 | ** xref:setup.adoc#node-connect[Connect to Node] 8 | ** xref:setup.adoc#add-users-to-openshift[Add users to OpenShift] 9 | ** xref:setup.adoc#add-admin-user-to-openshift[Add Admin User to OpenShift] 10 | ** xref:setup.adoc#deprov-cloud-resource[DeProvision Cloud Resources] 11 | 12 | * xref:openshift_vars.adoc[OpenShift Variables] 13 | * Clouds 14 | ** xref:gcp.adoc[Google Cloud] 15 | *** xref:gcp.adoc#create-gce-creds[Create Credentials] 16 | *** xref:gcp.adoc#gce-variables[Variables] 17 | *** xref:gcp.adoc#gce-references[References] 18 | ** xref:aws.adoc[Amazon Web Services] 19 | *** xref:aws.adoc#aws-variables[Variables] 20 | *** xref:aws.adoc#aws-amis[AMIs] 21 | *** xref:aws.adoc#aws-references[References] 22 | ** xref:azure.adoc[Azure] 23 | *** xref:azure.adoc#create-azr-sa[Create Service Account] 24 | *** xref:azure.adoc#azr-variables[Variables] 25 | *** xref:azure.adoc#azr-references[References] -------------------------------------------------------------------------------- /documentation/modules/ROOT/pages/_attributes.adoc: -------------------------------------------------------------------------------- 1 | :moduledir: .. 2 | include::{moduledir}/_attributes.adoc[] 3 | 4 | //URIs 5 | :uri-docker-myrepo-hca: workspace7/ansible-runner 6 | :uri-docker-hca: quay.io/workspace7/ansible-runner 7 | :uri-ansible: https://github.com/ansible/ansible-runner 8 | :uri-repo: https://github.com/redhat-developer-demos/openshift-hybridizer 9 | :uri-repo-file-prefix: {uri-repo}/blob/master/ 10 | :uri-repo-tree-prefix: {uri-repo}/tree/master/ -------------------------------------------------------------------------------- /documentation/modules/ROOT/pages/aws.adoc: -------------------------------------------------------------------------------- 1 | = Amazon Web Services 2 | include::_attributes.adoc[] 3 | 4 | IMPORTANT: When using Centos 7 images, you may need to subscribe to the images at https://aws.amazon.com/marketplace/pp/B00O7WM7QW, if you run without subscription the installer will fail with th error and provides the details on how to subscribe. 5 | 6 | [[aws-variables]] 7 | == Variables 8 | 9 | |=== 10 | |Variable Name |Description | Default value 11 | 12 | |access_key | Your AWS Account Access Key | 13 | 14 | |secret_key | Your AWS Account Access Secret Key | 15 | 16 | |key_pair_name | The SSH Key pair that will be created, this key will be added to `~/.ssh/authorized_keys` of the `cloud_user` in the ec2 instances| openshift 17 | 18 | | cloud_user | The user to SSH into the instances | centos 19 | 20 | | private_key_file | The SSH private key file that gets saved after keypair creation | aws_openshift.pem 21 | 22 | | instance_type | The https://aws.amazon.com/ec2/instance-types/[ec2 compute instances] size | m5.xlarge 23 | 24 | | image | The AMI ID of the imagem defaults to CentOS 7 of `ap-south-1`, refer to https://wiki.centos.org/Cloud/AWS for more details of AMI for other regions / CentOS 6 is AMI is not supported as it doesn't provide support for Elastic Network Adapter (ENA). Valid combinations of region/AMIs can be found in https://github.com/redhat-developer-demos/openshift-hybridizer/blob/master/docs/_includes/aws-amis.adoc[this document] | ami-1780a878 25 | 26 | | region | The https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html/[ec2 compute region] | ap-south-1 27 | 28 | | security_group | The firewall Security Group by deault allows Port 22, 80,443 and 8443 | all-ssh-http-https 29 | 30 | | is_rhel | Whether the AMI used is RHEL, this reserved for future use | False 31 | 32 | |=== 33 | 34 | [[aws-amis]] 35 | == Valid region / AMI combinations 36 | 37 | |=== 38 | |Region | AMI 39 | |us-west-1 | ami-4826c22b 40 | |us-east-2 | ami-9c0638f9 41 | |=== 42 | 43 | [[aws-references]] 44 | == References 45 | https://docs.ansible.com/ansible/2.6/scenario_guides/guide_aws.html[Ansible AWS Guide] 46 | 47 | https://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html[Managing AWS Account Keys] -------------------------------------------------------------------------------- /documentation/modules/ROOT/pages/azure.adoc: -------------------------------------------------------------------------------- 1 | = Azure 2 | include::_attributes.adoc[] 3 | 4 | [[create-azr-sa]] 5 | == Create Azure Service Principal 6 | 7 | To know how to create your Azure Service Principal, refer to https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal[Creating Azure Service Principal]. This helps in setting the variables `client_id`, `tenant` and `secret`. 8 | 9 | [NOTE] 10 | ==== 11 | To know your subscription id check out 12 | https://blogs.msdn.microsoft.com/mschray/2016/03/18/getting-your-azure-subscription-guid-new-portal/ 13 | ==== 14 | 15 | [IMPORTANT] 16 | ==== 17 | The application should have `Contributor` role to allow provisioning of resources correctly. 18 | Ref: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal#assign-application-to-role 19 | ==== 20 | 21 | [[azr-variables]] 22 | == Variables 23 | 24 | |=== 25 | |Variable Name | Description | Default value 26 | 27 | |client_id | Azure Client ID or Application Id | 28 | 29 | |secret | Azure Client Secret Key| 30 | 31 | |subscription_id | Your Azure Subscription ID . More info https://blogs.msdn.microsoft.com/mschray/2016/03/18/getting-your-azure-subscription-guid-new-portal/[here] | 32 | 33 | |tenant | Azure Tenant ID | 34 | 35 | | location | The https://azure.microsoft.com/en-in/global-infrastructure/regions/[Azure Regions]. Examples: southindia, eastus, northeurope | 36 | 37 | | cloud_user | The user to SSH into the instances, this will be created during instance creation. For Linux instances this user will have `sudo` rights | centos 38 | 39 | | private_key_file | The SSH private key file will be required to SSH into the instances, if the file does not exists it will created | $PROJECT_HOME/keys/azure_id_rsa 40 | 41 | |public_key_file | The SSH Public Key of the `private_key_file` that will be added to `~/.ssh/authorized_keys` of the `cloud_user` in the Azure VM instances| $PROJECT_HOME/keys/azure_id_rsa.pub 42 | 43 | | resource_group | The resource group a.k.a logical group name under which all the resources of the `location` will be grouped. https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-overview | OpenShift 44 | 45 | | cloud | The Azure Cloud Environment to use, possible values are **AzurePublicCloud** or **AzureChinaCloud** or **AzureUSGovernment** | AzurePublicCloud 46 | 47 | | vm_size | The Azure https://docs.microsoft.com/en-us/azure/cloud-services/cloud-services-sizes-specs[VM sizes] | Standard_D4_v3 48 | 49 | | image | The Azure VM OS Image, defaults to CentOS offered by Rogue Wave (OpenLogic) a| 50 | [source,yaml] 51 | ---- 52 | image: 53 | offer: CentOS 54 | publisher: OpenLogic 55 | sku: '7.5' 56 | version: latest 57 | ---- 58 | 59 | | security_group| Azure Network Security Group that will be by default attached to the network, by default allows Port 22, 80,443 and 8443 | openshift-nsg 60 | 61 | | vm_net_name | The virtual private connection (VPC) name | openshift-net 62 | 63 | |=== 64 | 65 | [[azr-references]] 66 | == References 67 | https://docs.ansible.com/ansible/2.6/scenario_guides/guide_azure.html[Ansible Azure Guide] 68 | 69 | video::WygwzN9FfMQ[youtube] -------------------------------------------------------------------------------- /documentation/modules/ROOT/pages/cloud_resources.adoc: -------------------------------------------------------------------------------- 1 | = Cloud Resources 2 | include::_attributes.adoc[] 3 | 4 | == Preparation 5 | 6 | Rename `$PROJECT_HOME/env/extravars.example` to `$PROJECT_HOME/env/extravars`, this file will be used to configure your cloud keys and other ansible facts. 7 | 8 | The following Cloud Provider specific sections will detail more on the variables that can defined in `extravars`. 9 | 10 | NOTE: The `$PROJECT_HOME/env/extravars` follows YAML convention. 11 | 12 | == Variables 13 | 14 | |=== 15 | | Name |Description | Default value | Example 16 | 17 | | clouds | The public cloud(s)where to provision| Currently supported values are azr, aws and gcp. 18 | a| 19 | [source,yaml] 20 | ---- 21 | clouds: 22 | - gcp 23 | - azr 24 | - aws 25 | ---- 26 | 27 | The example configures provisioning of three clouds: AWS, Azure and Google Cloud Platform 28 | 29 | |instance_name | The compute instance name that will be assigned | openshift-all-in-one | 30 | 31 | |gcp_rollback | Delete all Google Cloud Platform resources that were provisioned | False | 32 | 33 | |azure_rollback | Delete all Azure resources that were provisioned | False | 34 | 35 | |aws_rollback | Delete all Amazon Web Services resources that were provisioned | False | 36 | 37 | |=== 38 | 39 | Checkout the respective cloud guides below for more details on how to prepare and configure each cloud for OpenShift installation: 40 | 41 | * xref:gcp.adoc[Google Cloud] 42 | 43 | * xref:aws.adoc[Amazon Web Services] 44 | 45 | * xref:azure.adoc[Azure] 46 | -------------------------------------------------------------------------------- /documentation/modules/ROOT/pages/gcp.adoc: -------------------------------------------------------------------------------- 1 | = Google Cloud 2 | include::_attributes.adoc[] 3 | 4 | [[create-gce-creds]] 5 | == Creating GCE Credentials 6 | 7 | You can Download 'gcloud' from https://cloud.google.com/sdk/ 8 | 9 | [source,sh,subs=attributes+] 10 | ---- 11 | #!/bin/bash 12 | 13 | # Select the project 14 | $ gcloud projects list 15 | 16 | # GCP project where resources will be created assign the PROJECT_NAME to variable called IAM_PROJECT 17 | $ IAM_PROJECT="" 18 | # The Google Service Account Name 19 | $ IAM_SA_NAME="vm-instance-admin" 20 | 21 | # Step 1: Create a Service Account 22 | $ gcloud iam service-accounts create $IAM_SA_NAME \ 23 | --display-name "Projects VM Instance Admin" 24 | 25 | # Step 2: Create the Service Account Key 26 | 27 | $ IAM_ACCOUNT="${IAM_SA_NAME}@${IAM_PROJECT}.iam.gserviceaccount.com" 28 | 29 | $ gcloud iam service-accounts keys create \ 30 | --iam-account $IAM_ACCOUNT \ gce-key.json 31 | 32 | # Step 3: Grant VM instance Admin role 33 | 34 | $ gcloud projects add-iam-policy-binding $IAM_PROJECT \ 35 | --member serviceAccount:$IAM_ACCOUNT --role roles/compute.instanceAdmin.v1 36 | 37 | $ gcloud projects add-iam-policy-binding $IAM_PROJECT \ 38 | --member serviceAccount:$IAM_ACCOUNT --role roles/compute.networkAdmin 39 | 40 | $ gcloud projects add-iam-policy-binding $IAM_PROJECT \ 41 | --member serviceAccount:$IAM_ACCOUNT --role roles/compute.securityAdmin 42 | 43 | $ gcloud projects add-iam-policy-binding $IAM_PROJECT \ 44 | --member serviceAccount:$IAM_ACCOUNT --role roles/iam.serviceAccountUser 45 | 46 | ---- 47 | 48 | [[gce-variables]] 49 | == Variables 50 | 51 | |=== 52 | |Variable Name | Description | Default value 53 | 54 | |service_account_email| The Google Cloud https://cloud.google.com/compute/docs/access/service-accounts/[Service Accounts] | 55 | 56 | |project_id | The Google Cloud Project where the resources will be created | 57 | 58 | |credentials_file| The Google Cloud credentials JSON file corresponding to the `service_account_email` . Refer to <> on how to create one for your project| 59 | 60 | |region| The Google compute https://cloud.google.com/compute/docs/regions-zones/[regions and zones] | asia-south1 61 | 62 | |zone| The Google compute https://cloud.google.com/compute/docs/regions-zones/[regions and zones] | asia-south1-a 63 | 64 | | cloud_user | The user to SSH into the instances| centos 65 | 66 | | private_key_file | The SSH private key file will be required to SSH into the instances, if the file does not exists it will created | $PROJECT_HOME/keys/gce_idrsa 67 | 68 | |public_key_file | The SSH Public Key of the `private_key_file` that will be added to `~/.ssh/authorized_keys` of the `cloud_user` in the GCP VM instances| $PROJECT_HOME/keys/gce_idrsa.pub 69 | 70 | |machine_type | The type of Google Compute https://cloud.google.com/compute/docs/machine-types[machine types] to provision | n1-standard-4 71 | 72 | |image| The Google compute OS https://cloud.google.com/compute/docs/images#os-compute-support[public images] | centos-7 73 | 74 | |os_source_image| The Google compute OS https://cloud.google.com/compute/docs/images#os-compute-support[public images], this option allows to use any customized images if needed. Reserved for future |/projects/centos-cloud/global/images/family/centos-7 75 | 76 | | docker_disk_size | Size of the the Docker Disk in GB, the Google Persistence Disk that will be attached to act as Docker Storage | 100 77 | 78 | | is_rhel | Whether the image used is RHEL, this reserved for future use | False 79 | 80 | |=== 81 | 82 | 83 | [[gce-references]] 84 | == References 85 | 86 | https://docs.ansible.com/ansible/2.6/scenario_guides/guide_gce.html[Ansible GCP Guide] 87 | 88 | https://cloud.google.com/sdk/docs/quickstart-macos 89 | 90 | video::tSnzoW4RlaQ[youtube] -------------------------------------------------------------------------------- /documentation/modules/ROOT/pages/index.adoc: -------------------------------------------------------------------------------- 1 | = OpenShift Hybridizer 2 | include::_attributes.adoc[] 3 | 4 | The https://www.ansible.com[Ansible] scripts that can be used to provision an **Hybrid Cloud Environment** and generate the required https://www.ansible.com[Ansible] scripts to deploy **All In One** OpenShift cluster on to it. 5 | 6 | 7 | Currently supported **Cloud Providers**: 8 | 9 | * Azure(**azr**) 10 | * Amazon(**aws**) 11 | * Google Cloud Platform (**gcp**) 12 | 13 | IMPORTANT: Supports only OpenShift 3.10 or above -------------------------------------------------------------------------------- /documentation/modules/ROOT/pages/openshift_vars.adoc: -------------------------------------------------------------------------------- 1 | = OpenShift Variables 2 | include::_attributes.adoc[] 3 | 4 | This section of document details on the variables that are used for OpenShift installation as well host files generation: 5 | 6 | |=== 7 | | Name |Description | Default value | Example 8 | 9 | |openshift_release | The OpenShift release to be installed | v3.10 | 10 | |openshift_deployment_type | The OpenShift deployment type either _origin_ or _enterprise_ | origin | 11 | 12 | |v_origin_installer_image | The OpenShift Ansible installer image version | v3.10.0 | 13 | 14 | |=== 15 | 16 | For an example if you want to setup OpenShift 3.11, then your extravars will look like: 17 | 18 | [source,yaml] 19 | ---- 20 | 21 | ansible_become: no 22 | ansible_connection: local 23 | 24 | openshift_release: "v3.11" <1> 25 | v_origin_installer_image: v3.11.0 <2> 26 | 27 | instance_name: "openshift-all-in-one" 28 | 29 | clouds: 30 | - aws 31 | - azr 32 | - gcp 33 | 34 | gcp_rollback: True 35 | azure_rollback: True 36 | aws_rollback: True 37 | 38 | gcp: 39 | ... 40 | 41 | aws: 42 | ... 43 | 44 | azr: 45 | ... 46 | 47 | ---- 48 | 49 | <1> making OpenShift version to be 3.11 50 | <2> making Hybridizer to use v3.11.0 of OpenShift Ansible installer -------------------------------------------------------------------------------- /documentation/modules/ROOT/pages/prepare_env.adoc: -------------------------------------------------------------------------------- 1 | = Prepare Environment 2 | include::_attributes.adoc[] 3 | 4 | == Sources 5 | 6 | The sources of these scripts can be downloaded from {uri-repo}#[GitHub]. 7 | 8 | Lets clone the sources `git clone {uri-repo}` to a directory on local file system. For convenience we shall refer to the sources clone directory as `$PROJECT_HOME`. 9 | 10 | == Pre Requisites 11 | 12 | * `Docker` installed and available locally, based on your environment have native docker for linux or https://docs.docker.com/docker-for-mac/[Docker for Mac] or https://docs.docker.com/docker-for-windows/[Docker for Windows] installed 13 | 14 | * Refer to the following documentation on what are the pre-requisites for each Cloud Provider that are currently supported: 15 | 16 | ** AWS - https://docs.ansible.com/ansible/2.5/scenario_guides/guide_aws.html 17 | 18 | ** Azure - https://docs.ansible.com/ansible/2.5/scenario_guides/guide_azure.html 19 | 20 | ** Google Cloud Platform - 21 | https://docs.ansible.com/ansible/2.5/scenario_guides/guide_gce.html 22 | 23 | [[container-installer]] 24 | == Installer Image 25 | 26 | The installer image is built from {uri-ansible}[Ansible Runner] with need Ansible Cloud modules which are required to provision the cloud resources. The provisioned Cloud resources can then be used to deploy **All In One** OpenShift cluster. 27 | 28 | The installer image is available at `{uri-docker-hca}`, to pull it run the command: 29 | 30 | [source,sh,subs=attributes+] 31 | ---- 32 | $ docker pull {uri-docker-hca} 33 | ---- -------------------------------------------------------------------------------- /documentation/modules/ROOT/pages/setup.adoc: -------------------------------------------------------------------------------- 1 | = Setup 2 | include::_attributes.adoc[] 3 | 4 | [[prov-cloud-resource]] 5 | == Provisioning 6 | 7 | The provisioning consists of two parts: 8 | 9 | - Provision Cloud Resources 10 | - Deploying OpenShift 11 | 12 | === Cloud Resources 13 | 14 | [source,sh,subs=attributes+] 15 | ---- 16 | $ ./provision.sh 17 | ---- 18 | 19 | [NOTE] 20 | ==== 21 | For easier explanation, further sections in the document assumes you have provisioned for one cloud say `gcp` 22 | ==== 23 | 24 | [[node-connect]] 25 | == Connecting to OpenShift Node 26 | 27 | The following commands shows how you can connect to the provisioned instance via ssh: 28 | 29 | [source,sh] 30 | ---- 31 | $ cd $PROJECT_HOME/out/gcp 32 | $ ./connect.sh 33 | ---- 34 | 35 | The `connect.sh` script also holds information about the public IP, the ssh user and the private key to be used. 36 | 37 | [[deploy-openshift]] 38 | == Deploy OpenShift 39 | 40 | After successful provisioning of <>, there should be one directory per cloud created under `$PROJECT_HOME/out`. 41 | 42 | e.g. The following shows the directory tree for Azure and GCP 43 | [source,sh,subs=attributes+] 44 | ---- 45 | out 46 | |-azr 47 | |---inventory <1> 48 | |-----host_vars <2> 49 | |- connect.sh <3> 50 | |- host_prepare.yaml <4> 51 | |- deploy.sh <5> 52 | |- docker-storage-setup <6> 53 | |- add_openshift_users.yaml <7> 54 | |- add-openshift-users.sh <8> 55 | |- openshift_users.yaml <9> 56 | |-gcp 57 | |---inventory 58 | |-----host_vars 59 | |- connect.sh 60 | |- host_prepare.yaml 61 | |- deploy.sh 62 | |- docker-storage-setup 63 | |- add_openshift_users.yaml <7> 64 | |- add-openshift-users.sh <8> 65 | |- openshift_users.yaml <9> 66 | ---- 67 | 68 | <1> The cloud specific Ansible Inventory directory 69 | <2> host_vars, the Ansible host variables for the cloud provider 70 | <3> The SSH connect utility, this has the IP address of the OpenShift 71 | <4> The Cloud Host OpenShift Deployment preparation tasks 72 | <5> The OpenShift Deploy script 73 | <6> The Docker storage setup file 74 | <7> The Ansible playbook to add users who will have access to the OpenShift Web Console 75 | <8> The utility script to run the `add_openshift_users` play 76 | <9> openshift_users.yaml the users that need to be added/modified/deleted from OpenShift users file 77 | 78 | e.g. Lets say you want to deploy OpenShift to your Google Cloud Platform(gcp), run the following commands: 79 | 80 | [source,sh,subs=attributes+] 81 | ---- 82 | $ cd $PROJECT_HOME/out/gcp 83 | $ ./deploy.sh 84 | ---- 85 | 86 | [[add-users-to-openshift]] 87 | === Add Users to OpenShift 88 | 89 | There are no users created by default with OpenShift installation, this section details on how to add new users. 90 | 91 | The OpenShift installed is by default configured to use https://docs.openshift.org/3.9/install_config/configuring_authentication.html#HTPasswdPasswordIdentityProvider[HTPasswd] as the identity provider, with HTPasswd identity provider, the default htpasswd file is `/etc/origin/master/htpasswd`. 92 | 93 | The following section details on how to add/update/remove users from the htpasswd file to allow users access to the OpenShift Web Console. 94 | 95 | The `out//openshift_users.yaml` has two variables defined: 96 | 97 | **openshift_users** - a list of dict/hash with keys **username** and an optional **password**, if **password** is omitted a random 8 letter password will be generated 98 | 99 | e.g. 100 | [source,yaml,subs=attributes+] 101 | ---- 102 | openshift_users: 103 | - {username: "developer",password: "supers3cret"} 104 | - {username: "demo"} <1> 105 | ---- 106 | <1> in this case the password for the user `demo` in this case will be generated 107 | 108 | **openshift_delete_users** - a list of usernames that needs to be removed or deleted from OpenShift users htpasswd file 109 | e.g. 110 | [source,yaml,subs=attributes+] 111 | ---- 112 | openshift_delete_users: 113 | - developer <1> 114 | ---- 115 | <1> the user `developer` will be deleted from the OpenShift users htpasswd file 116 | 117 | After you have defined the users, run the following command: 118 | 119 | [source,sh,subs=attributes+] 120 | ---- 121 | $ cd $PROJECT_HOME/out/gcp 122 | $ ./add-openshift-users.sh 123 | ---- 124 | 125 | [[add-admin-user-to-openshift]] 126 | === Adding Admin User to OpenShift 127 | 128 | Follow the steps defined above to add a new user called `admin` with the password of your choice, to provide the user `admin` with **Cluster Admin Privileges** you might need to login to the node and execute the following commands: 129 | 130 | [source,sh,subs=attributes+] 131 | ---- 132 | $ cd $PROJECT_HOME/out/gcp 133 | $ ./connect.sh 134 | $ sudo -i 135 | $ oc login -u system:admin 136 | $ oc adm policy add-cluster-role-to-user cluster-admin admin 137 | ---- 138 | 139 | [[deprov-cloud-resource]] 140 | == DeProvisioning 141 | 142 | The undeploying of Cloud Resources are controlled by three main variables that are defined in `env/extravars` 143 | 144 | [source,yaml,subs=attributes+] 145 | ---- 146 | gcp_rollback: False <1> 147 | azure_rollback: False <2> 148 | aws_rollback: False <3> 149 | ---- 150 | 151 | <1> Set to `True` to undeploy GCP resources 152 | <2> Set to `True` to undeploy Azure resources 153 | <3> Set to `True` to undeploy AWS resources 154 | 155 | [source,sh] 156 | ---- 157 | $ ./deprovision.sh 158 | ---- 159 | 160 | NOTE: Sometime the Cloud resources might take time to get terminated or deleted, please verify via the respective cloud console to make sure the resources are deleted. -------------------------------------------------------------------------------- /env/cmdline: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-developer-demos/openshift-hybridizer/dd82fc81f41bbf5c582c575c8001fd9bac416d62/env/cmdline -------------------------------------------------------------------------------- /env/extravars.example: -------------------------------------------------------------------------------- 1 | --- 2 | ansible_become: no 3 | ansible_connection: local 4 | 5 | # Using different openshift version, default is v3.11 6 | #openshift_release: "v3.11" 7 | #v_origin_installer_image: v3.11.0 8 | 9 | # Recommended to put this file inside vault 10 | # https://docs.ansible.com/ansible/latest/user_guide/playbooks_vault.html 11 | 12 | # PROJECT_HOME is the directory where the sources are cloned 13 | 14 | # the name of the all in one instance that will be created 15 | instance_name: "openshift-all-in-one" 16 | 17 | # Hybrid Clouds where the resources will be provisioned 18 | # Currently only Google Cloud(gcp), Amazon(aws), and Azure(azr) are supported 19 | clouds: 20 | - gcp 21 | - aws 22 | - azr 23 | #################################################################################### 24 | # Rollback Variables 25 | # Rollback all Google Cloud Platform resources 26 | gcp_rollback: False 27 | # Rollback all Azure resources 28 | azure_rollback: False 29 | # Rollback all AWS resources 30 | aws_rollback: False 31 | #################################################################################### 32 | 33 | #################################################################################### 34 | # 35 | # Google Cloud Variables 36 | # https://docs.ansible.com/ansible/latest/scenario_guides/guide_gce.html 37 | #################################################################################### 38 | gcp: 39 | # https://cloud.google.com/compute/docs/access/service-accounts 40 | service_account_email: "" 41 | # Download the GCE credentials file JSON 42 | # save it under name gce-key.json inside $PROJECT_HOME/project/keys 43 | # IMPORTANT: If you change this path then you might need to alter the scripts 44 | project_id: "" 45 | credentials_file: keys/gce-key.json 46 | # https://cloud.google.com/compute/docs/regions-zones/ 47 | region: "asia-south1" 48 | zone: "asia-south1-a" 49 | # This user will have sudo right and the public key (public_key_file) of private_key_file 50 | # will be added to the users .ssh/authorized_keys 51 | cloud_user: centos 52 | # The Private key that will be used to SSH into instances 53 | # If these files are not present the will be generated 54 | private_key_file: keys/gce_idrsa 55 | public_key_file: keys/gce_idrsa.pub 56 | # https://cloud.google.com/compute/docs/machine-types 57 | machine_type: "n1-standard-4" # 4 cpu 15 GB 58 | image: "centos-7" 59 | os_source_image: '/projects/centos-cloud/global/images/family/centos-7' 60 | #Size in GB 61 | docker_disk_size: 100 62 | is_rhel: False 63 | 64 | #################################################################################### 65 | # 66 | # Amazon Variables 67 | # https://docs.ansible.com/ansible/latest/scenario_guides/guide_aws.html 68 | # 69 | #################################################################################### 70 | aws: 71 | access_key: "" 72 | secret_key: "" 73 | # This user will have passwordless sudo rights and the public key of private_key_file 74 | # will be added to the users .ssh/authorized_keys 75 | cloud_user: centos 76 | # the SSH Key Pair Name that will provide access to instances 77 | key_pair_name: "openshift" 78 | # keys directory corresponds to $PROJECT_HOME/project/keys 79 | private_key_file: keys/aws_openshift.pem 80 | # https://aws.amazon.com/ec2/instance-types/ 81 | instance_type: "m5.xlarge" 82 | # CentOS 7, Please check with https://wiki.centos.org/Cloud/AWS to find AMI ids for your region. 83 | image: "ami-1780a878" 84 | #https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html 85 | region: "ap-south-1" 86 | security_group: all-ssh-http-https 87 | is_rhel: False 88 | 89 | ########################################################################################################## 90 | # 91 | # Azure 92 | # https://docs.ansible.com/ansible/latest/scenario_guides/guide_azure.html 93 | # https://azure.microsoft.com/en-us/documentation/articles/resource-group-create-service-principal-portal/ 94 | ########################################################################################################### 95 | azr: 96 | client_id: "" 97 | secret: "" 98 | subscription_id: "" 99 | tenant: "" 100 | # https://azure.microsoft.com/en-in/global-infrastructure/regions/ 101 | location: "" 102 | # This user will have sudo right and the public key (public_key_file) of private_key_file 103 | # will be added to the users .ssh/authorized_keys 104 | cloud_user: centos 105 | # The Private Key to connect to VM and its public key which will be added to authorized keys 106 | # keys == $PROJECT_HOME/project/keys 107 | # The Private key that will be used to SSH into instances 108 | # If these files are not present the will be generated 109 | private_key_file: keys/azure_id_rsa 110 | public_key_file: keys/azure_id_rsa.pub 111 | resource_group: OpenShift 112 | cloud: AzurePublicCloud 113 | # https://docs.microsoft.com/en-us/azure/cloud-services/cloud-services-sizes-specs 114 | vm_size: "Standard_D4_v3" 115 | image: 116 | offer: CentOS 117 | publisher: OpenLogic 118 | sku: '7.5' 119 | version: latest 120 | security_group: openshift-nsg 121 | vm_net_name: openshift-net 122 | 123 | # # Only for RHEL Images 124 | # rhn_username: '' 125 | # rhn_password: '' 126 | # rhn_pool_ids: 127 | # image: 128 | # offer: RHEL 129 | # publisher: RedHat 130 | # sku: '7.5' 131 | # version: latest 132 | -------------------------------------------------------------------------------- /env/settings: -------------------------------------------------------------------------------- 1 | --- 2 | # If no output is detected from ansible in this number of seconds the execution will be terminated. 3 | idle_timeout: 600 4 | # The maximum amount of time to allow the job to run for (in seconds), exceeding this and the execution will be terminated. 5 | job_timeout: 600 6 | # Number of seconds for the internal pexpect command to wait to block on input before continuuing 7 | pexpect_timeout: 10 8 | # Use poll() function for communication with child processes instead of select(). select() is used when 9 | # the value is set to ``False``. select() has a known limitation of using only up to 1024 file descriptors. 10 | pexpect_use_poll: True 11 | # Allow output from ansible to not be printed to the screen 12 | suppress_ansible_output: False -------------------------------------------------------------------------------- /inventory/hosts: -------------------------------------------------------------------------------- 1 | localhost -------------------------------------------------------------------------------- /project/ansible.cfg: -------------------------------------------------------------------------------- 1 | # config file for ansible -- http://ansible.com/ 2 | # ============================================== 3 | [defaults] 4 | forks = 50 5 | host_key_checking = false 6 | gathering = smart 7 | retry_files_enabled = false 8 | fact_caching = jsonfile 9 | fact_caching_connection = .ansible/cached_facts 10 | fact_caching_timeout = 900 11 | roles_path = /runner/roles 12 | local_tmp = /runner/.ansible/tmp 13 | 14 | [ssh_connection] 15 | ssh_args = -o ControlMaster=auto -o ControlPersist=900s -o GSSAPIAuthentication=no 16 | control_path = /var/tmp/%%h-%%r -------------------------------------------------------------------------------- /project/deprovision-cloud-resources.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Delete instance(s) 3 | hosts: localhost 4 | connection: local 5 | gather_facts: no 6 | 7 | roles: 8 | - cloud-resources-rollback 9 | -------------------------------------------------------------------------------- /project/keys/README.md: -------------------------------------------------------------------------------- 1 | # README 2 | 3 | Put all your Cloud credentials here. This directory will be mounted inside the Ansible Runner container and will be used by the Ansible Cloud Modules 4 | 5 | e.g azure_id_rsa - the Azure Private Key or gce-credentials.json 6 | -------------------------------------------------------------------------------- /project/out/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-developer-demos/openshift-hybridizer/dd82fc81f41bbf5c582c575c8001fd9bac416d62/project/out/.gitkeep -------------------------------------------------------------------------------- /project/provision-cloud-resources.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Create instance(s) 3 | hosts: localhost 4 | connection: local 5 | gather_facts: no 6 | 7 | roles: 8 | - cloud-resources -------------------------------------------------------------------------------- /provision.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -e 4 | 5 | _CURR_DIR="$( cd "$(dirname "$0")" ; pwd -P )" 6 | 7 | docker run -t -u `id -u` -v ${_CURR_DIR}/artifacts:/runner/artifacts:Z \ 8 | -v ${_CURR_DIR}/out:/runner/out:Z \ 9 | -v ${_CURR_DIR}/env:/runner/env:Z \ 10 | -v ${_CURR_DIR}/inventory:/runner/inventory:Z \ 11 | -v ${_CURR_DIR}/project:/runner/project:Z \ 12 | -v ${_CURR_DIR}/roles:/runner/roles:Z \ 13 | -e PROJECT_DIR=${_CURR_DIR}/project \ 14 | -e RUNNER_PLAYBOOK=provision-cloud-resources.yaml \ 15 | quay.io/workspace7/ansible-runner:latest 16 | -------------------------------------------------------------------------------- /roles/azure_network_reconfig/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | - name: Enable NM_CONTROLLED 2 | lineinfile: 3 | regexp: '^(NM_CONTROLLED=)(no)$' 4 | backrefs: yes 5 | path: /etc/sysconfig/network-scripts/ifcfg-eth0 6 | line: '\1yes' 7 | become: yes 8 | register: nmcontolled_changed 9 | 10 | - name: restart azure vm 11 | azure_rm_virtualmachine: 12 | name: "{{instance_name}}" 13 | client_id: "{{azr.client_id}}" 14 | secret: "{{azr.secret}}" 15 | subscription_id: "{{azr.subscription_id}}" 16 | tenant: "{{azr.tenant}}" 17 | location: "{{azr.location}}" 18 | resource_group: "{{azr.resource_group}}" 19 | restarted: yes 20 | when: nmcontolled_changed is changed 21 | delegate_to: localhost 22 | 23 | - name: wait for azure restart 24 | local_action: shell ansible -u {{ ansible_user_id }} -m ping {{ inventory_hostname }} 25 | register: result 26 | until: result.rc == 0 27 | retries: 30 28 | delay: 10 29 | when: nmcontolled_changed is changed 30 | 31 | - name: check eth0 is available 32 | shell: nmcli c s 33 | register: nmcli_out 34 | when: nmcontolled_changed is changed 35 | 36 | # TODO to evaluate change or failure 37 | - debug: msg="{{nmcli_out}}" 38 | 39 | -------------------------------------------------------------------------------- /roles/cloud-resources-rollback/tasks/aws_rollback.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | - debug: 3 | msg: "DeProvision AWS Env" 4 | 5 | - name: Get All OpenShift all-in-one instances 6 | ec2_instance_facts: 7 | region: "{{aws.region}}" 8 | aws_access_key: "{{aws.access_key}}" 9 | aws_secret_key: "{{aws.secret_key}}" 10 | filters: 11 | "tag:Name": "{{instance_name}}" 12 | register: instances 13 | 14 | - name: AWS Delete All in one OpenShift Node 15 | ec2: 16 | region: "{{aws.region}}" 17 | aws_access_key: "{{aws.access_key}}" 18 | aws_secret_key: "{{aws.secret_key}}" 19 | instance_ids: "{{item.instance_id}}" 20 | state: absent 21 | with_items: "{{instances.instances}}" 22 | tags: 23 | - rollback 24 | - cloud-aws 25 | 26 | # Query and delete VPC Resources 27 | 28 | - name: AWS Query OpenShift VPC 29 | ec2_vpc_net_facts: 30 | region: "{{aws.region}}" 31 | aws_access_key: "{{aws.access_key}}" 32 | aws_secret_key: "{{aws.secret_key}}" 33 | filters: 34 | "tag:Name": 'openshift-vpc' 35 | tags: 36 | - rollback 37 | - cloud-aws 38 | register: ec2vpc 39 | 40 | - name: AWS Set VPC ID to Local Variable 41 | set_fact: 42 | vpc_id: "{{ec2vpc.vpcs[0].id}}" 43 | tags: 44 | - rollback 45 | - cloud-aws 46 | when: ( ec2vpc.vpcs | list | length > 0) 47 | 48 | # TODO How to delete VPC with Depndencies ?? 49 | - name: Delete VPC 50 | ec2_vpc_net: 51 | name: openshift-vpc 52 | region: "{{aws.region}}" 53 | aws_access_key: "{{aws.access_key}}" 54 | aws_secret_key: "{{aws.secret_key}}" 55 | cidr_block: '10.10.0.0/16' 56 | state: absent 57 | ignore_errors: True 58 | when: vpc_id is defined 59 | tags: 60 | - rollback 61 | - cloud-aws 62 | 63 | - name: "EC2 Delete ec2 key pair {{aws.key_pair_name}}" 64 | ec2_key: 65 | name: "{{aws.key_pair_name}}" 66 | region: "{{aws.region}}" 67 | aws_access_key: "{{aws.access_key}}" 68 | aws_secret_key: "{{aws.secret_key}}" 69 | state: absent 70 | tags: 71 | - rollback 72 | - cloud-aws -------------------------------------------------------------------------------- /roles/cloud-resources-rollback/tasks/azure_rollback.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | - debug: 3 | msg: "DeProvision Azure Env" 4 | 5 | - name: Azure Delete OpenShift resource group 6 | azure_rm_resourcegroup: 7 | name: OpenShift 8 | client_id: "{{azr.client_id}}" 9 | secret: "{{azr.secret}}" 10 | subscription_id: "{{azr.subscription_id}}" 11 | tenant: "{{azr.tenant}}" 12 | location: "{{azr.location}}" 13 | force: yes 14 | state: absent 15 | tags: 16 | - cloud-azr 17 | - rollback -------------------------------------------------------------------------------- /roles/cloud-resources-rollback/tasks/gcp_rollback.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: GCE Delete All In One OpenShift Node 3 | gce: 4 | instance_names: "{{instance_name}}" 5 | service_account_email: "{{ gcp.service_account_email }}" 6 | credentials_file: "{{ gcp.credentials_file }}" 7 | project_id: "{{ gcp.project_id }}" 8 | zone: "{{gcp.zone}}" 9 | state: absent 10 | ignore_errors: True 11 | 12 | - name: GCE Delete Static IP 13 | gce_eip: 14 | service_account_email: "{{ gcp.service_account_email }}" 15 | credentials_file: "{{ gcp.credentials_file }}" 16 | project_id: "{{ gcp.project_id }}" 17 | name: openshift-ip 18 | region: "{{gcp.region}}" 19 | state: absent 20 | ignore_errors: True 21 | 22 | -------------------------------------------------------------------------------- /roles/cloud-resources-rollback/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | - name: Deprovision Node in GCP 2 | include_tasks: "gcp_rollback.yaml" 3 | when: gcp_rollback 4 | 5 | - name: Deprovision Node in AWS 6 | include_tasks: "aws_rollback.yaml" 7 | when: aws_rollback 8 | 9 | - name: Deprovision Node in Azure 10 | include_tasks: "azure_rollback.yaml" 11 | when: azure_rollback 12 | 13 | - name: Delete all the existing Cloud Providers Hosts folder 14 | file: 15 | path: out/ 16 | state: absent 17 | 18 | - name: Create out folder 19 | file: 20 | path: out/ 21 | state: directory 22 | 23 | - name: Create a gitkeep file insite the out folder 24 | copy: 25 | content: "" 26 | dest: out/.gitkeep 27 | 28 | -------------------------------------------------------------------------------- /roles/cloud-resources/defaults/main.yaml: -------------------------------------------------------------------------------- 1 | openshift_release: "v3.11" 2 | openshift_deployment_type: origin 3 | v_origin_installer_image: v3.11.0 4 | v_ocp_installer_image: v3.10.21-4 5 | hybridizer_cluster_id: allinone 6 | openshift_firewall_ports: 7 | udp: 8 | - 53 9 | - 8053 10 | - 4789 11 | - 2049 12 | tcp: 13 | - 22 14 | - 443 15 | - 80 16 | - 8443 17 | - 10250 18 | - 2379 19 | - 2380 20 | - 8444 21 | - 2049 22 | - 53 23 | - 8053 24 | -------------------------------------------------------------------------------- /roles/cloud-resources/files/add_openshift_users.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Create OpenShift Users 3 | hosts: masters 4 | vars_files: 5 | - openshift_users.yaml 6 | tasks: 7 | - name: Factize OpenShift Users 8 | set_fact: 9 | openshift_user: { 'username': "{{item.username}}", 'password': "{{ item.password | default(lookup('password', '/dev/null length=8 chars=ascii_letters')) }}" } 10 | with_items: "{{openshift_users}}" 11 | register: openshift_users_result 12 | 13 | - name: make a list 14 | set_fact: _openshift_users="{{ openshift_users_result.results | map(attribute='ansible_facts.openshift_user') | list }}" 15 | 16 | - name: OpenShift Users List 17 | debug: msg="{{item.username}}/{{item.password}}" 18 | with_items: "{{_openshift_users}}" 19 | 20 | - name: "Install packages needed to run htpasswd module on {{inventory_hostname}}" 21 | package: 22 | name: "{{item}}" 23 | state: present 24 | with_items: 25 | - python2-passlib 26 | 27 | - name: Add OpenShift Users to htpasswd file 28 | htpasswd: 29 | path: /etc/origin/master/htpasswd 30 | name: "{{item.username}}" 31 | password: "{{item.password}}" 32 | mode: 0640 33 | loop: "{{_openshift_users}}" 34 | 35 | - name: Delete Users from OpenShift htpasswd file 36 | htpasswd: 37 | path: /etc/origin/master/htpasswd 38 | name: "{{item}}" 39 | state: absent 40 | with_items: "{{ openshift_delete_users | default([]) }}" -------------------------------------------------------------------------------- /roles/cloud-resources/files/ansible.cfg: -------------------------------------------------------------------------------- 1 | # config file for ansible -- http://ansible.com/ 2 | # ============================================== 3 | [defaults] 4 | forks = 50 5 | host_key_checking = false 6 | gathering = smart 7 | inventory_path = ./ 8 | roles_path = ./roles:./openshift-ansible/roles 9 | library = ./openshift-ansible/roles/openshift_facts/library:./openshift-ansible/library 10 | retry_files_enabled = false 11 | fact_caching = jsonfile 12 | fact_caching_connection = .ansible/cached_facts 13 | fact_caching_timeout = 900 14 | log_path = ./deploy.log 15 | 16 | [privilege_escalation] 17 | become = True 18 | 19 | [ssh_connection] 20 | ssh_args = -o ControlMaster=auto -o ControlPersist=900s -o GSSAPIAuthentication=no 21 | control_path = /var/tmp/%%h-%%r -------------------------------------------------------------------------------- /roles/cloud-resources/files/openshift_users.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | # Add or modify the users in this list and rerun the add-openshift-users.sh 4 | # to have the users add/updated in OpenShift htpasswd file 5 | openshift_users: 6 | - {username: "developer",password: "supers3cret"} 7 | - {username: "admin",password: "supers3cretAdmin"} 8 | # Add the List of users to be deleted from OpenShift 9 | openshift_delete_users: 10 | # - developer -------------------------------------------------------------------------------- /roles/cloud-resources/tasks/aws.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # - name: Provisioning AWS 3 | # debug: 4 | # msg: "{{aws}}" 5 | 6 | ############################################################################# 7 | ## Security KeyPair 8 | ############################################################################# 9 | - name: "AWS ec2 key pair {{aws.key_pair_name}}" 10 | ec2_key: 11 | name: "{{aws.key_pair_name}}" 12 | region: "{{aws.region}}" 13 | aws_access_key: "{{aws.access_key}}" 14 | aws_secret_key: "{{aws.secret_key}}" 15 | register: ec2key 16 | tags: 17 | - cloud-aws 18 | 19 | - name: AWS Save the Key Locally 20 | copy: 21 | content: "{{ec2key.key.private_key}}" 22 | dest: "{{aws.private_key_file}}" 23 | mode: 0700 24 | when: ec2key.key.private_key is defined 25 | tags: 26 | - cloud-aws 27 | 28 | ############################################################################# 29 | ## VPC Network 30 | ############################################################################# 31 | - name: AWS VPC OpenShift 32 | ec2_vpc_net: 33 | name: openshift-vpc 34 | region: "{{aws.region}}" 35 | aws_access_key: "{{aws.access_key}}" 36 | aws_secret_key: "{{aws.secret_key}}" 37 | cidr_block: 192.168.0.0/16 38 | tags: 39 | Name: "{{instance_name}}" 40 | OpenShift_Type: 'Origin' 41 | register: ec2vpc 42 | tags: 43 | - cloud-aws 44 | 45 | - name: AWS VPC OpenShift VPC Subnet 46 | ec2_vpc_subnet: 47 | region: "{{aws.region}}" 48 | aws_access_key: "{{aws.access_key}}" 49 | aws_secret_key: "{{aws.secret_key}}" 50 | vpc_id: "{{ec2vpc.vpc.id}}" 51 | cidr: 192.168.1.0/24 52 | resource_tags: 53 | Name: "{{instance_name}}" 54 | OpenShift_Type: 'Origin' 55 | register: openshift_subnet 56 | tags: 57 | - cloud-aws 58 | 59 | - name: AWS VPC OpenShift Internet Gateway 60 | ec2_vpc_igw: 61 | region: "{{aws.region}}" 62 | aws_access_key: "{{aws.access_key}}" 63 | aws_secret_key: "{{aws.secret_key}}" 64 | vpc_id: "{{ec2vpc.vpc.id}}" 65 | tags: 66 | Name: "{{instance_name}}" 67 | OpenShift_Type: 'Origin' 68 | register: ec2igw 69 | tags: 70 | - cloud-aws 71 | 72 | - name: AWS VPC OpenShift Public Subnet Route Table 73 | ec2_vpc_route_table: 74 | region: "{{aws.region}}" 75 | aws_access_key: "{{aws.access_key}}" 76 | aws_secret_key: "{{aws.secret_key}}" 77 | vpc_id: "{{ec2vpc.vpc.id}}" 78 | subnets: 79 | - "{{ openshift_subnet.subnet.id }}" 80 | routes: 81 | - dest: 0.0.0.0/0 82 | gateway_id: "{{ ec2igw.gateway_id }}" 83 | tags: 84 | Name: "{{instance_name}}" 85 | OpenShift_Type: 'Origin' 86 | register: public_route_table 87 | tags: 88 | - cloud-aws 89 | 90 | - name: AWS VPC OpenShift Security Group 91 | ec2_group: 92 | name: "{{aws.security_group}}" 93 | description: "OpenShift Rules" 94 | vpc_id: "{{ec2vpc.vpc.id}}" 95 | region: "{{aws.region}}" 96 | aws_access_key: "{{aws.access_key}}" 97 | aws_secret_key: "{{aws.secret_key}}" 98 | rules: 99 | - proto: tcp 100 | ports: 101 | - 22 102 | cidr_ip: 0.0.0.0/0 103 | - proto: tcp 104 | ports: 105 | - 22 106 | cidr_ip: 0.0.0.0/0 107 | - proto: tcp 108 | ports: 109 | - 80 110 | cidr_ip: 0.0.0.0/0 111 | - proto: tcp 112 | ports: 113 | - 443 114 | cidr_ip: 0.0.0.0/0 115 | - proto: tcp 116 | ports: 117 | - 8443 118 | cidr_ip: 0.0.0.0/0 119 | register: securitygroup 120 | tags: 121 | - cloud-aws 122 | 123 | ############################################################################# 124 | ## Compute Network 125 | ############################################################################# 126 | 127 | - name: AWS Create All in one OpenShift Node 128 | ec2: 129 | region: "{{aws.region}}" 130 | aws_access_key: "{{aws.access_key}}" 131 | aws_secret_key: "{{aws.secret_key}}" 132 | image: "{{aws.image}}" 133 | instance_type: "{{aws.instance_type}}" 134 | key_name: "{{aws.key_pair_name}}" 135 | group: 136 | - "{{aws.security_group}}" 137 | vpc_subnet_id: "{{ openshift_subnet.subnet.id }}" 138 | instance_tags: 139 | "{ 'Name' : '{{instance_name}}', 'OpenShift_Type' : 'Origin', 'kubernetes.io/cluster/{{hybridizer_cluster_id}}': '{{hybridizer_cluster_id}}' }" 140 | register: ec2instance 141 | tags: 142 | - cloud-aws 143 | 144 | # - debug: msg="{{ec2instance}}" 145 | 146 | # Docker Disk 147 | - name: "AWS Add Docker Volume to instance {{ec2instance.instance_ids[0]}}" 148 | ec2_vol: 149 | region: "{{aws.region}}" 150 | aws_access_key: "{{aws.access_key}}" 151 | aws_secret_key: "{{aws.secret_key}}" 152 | delete_on_termination: yes 153 | instance: "{{ec2instance.instance_ids[0]}}" 154 | volume_size: 100 155 | volume_type: 'gp2' 156 | tags: 157 | OpenShift_Type: "Origin" 158 | register: ec2vol 159 | tags: 160 | - cloud-aws 161 | 162 | # - debug: msg="{{ec2instance}}" 163 | 164 | - name: AWS Attach Elastic IP 165 | ec2_eip: 166 | region: "{{aws.region}}" 167 | aws_access_key: "{{aws.access_key}}" 168 | aws_secret_key: "{{aws.secret_key}}" 169 | device_id: "{{ item }}" 170 | in_vpc: True 171 | release_on_disassociation: yes 172 | register: ec2ip 173 | with_items: "{{ ec2instance.instance_ids}}" 174 | tags: 175 | - cloud-aws 176 | 177 | - name: Get Public IP 178 | set_fact: 179 | public_ip: "{{ec2ip.results[0].public_ip}}" 180 | dns_name: "{{ec2instance.instances[0].public_dns_name}}" 181 | tags: 182 | - cloud-aws 183 | 184 | - name: AWS Wait for SSH for instances 185 | wait_for: 186 | delay: "1" 187 | host: "{{ public_ip }}" 188 | port: "22" 189 | state: started 190 | timeout: "30" 191 | tags: 192 | - cloud-aws 193 | 194 | - debug: 195 | msg: "AWS OpenShift Node Details DNS {{dns_name}} IP {{public_ip}}" 196 | tags: 197 | - cloud-aws 198 | 199 | ############################################################################# 200 | ## Write to inventory 201 | ############################################################################## 202 | - name: Setup Cloud Inventory Tasks 203 | include_tasks: cloud_inventory.yaml 204 | vars: 205 | cloud_host: "{{ public_ip }}" 206 | cloud_user: "{{ aws.cloud_user}}" 207 | private_key_file: "{{aws.private_key_file}}" 208 | cloud_host_alias: "aws-openshift" 209 | cloud_provider: "aws" 210 | is_rhel: "{{aws.is_rhel}}" 211 | hybricloud_inventory_dir: "{{hybridcloud_distro_base_dir}}/aws/inventory" 212 | hybridcloud_distro_dir: "{{hybridcloud_distro_base_dir}}/aws" 213 | tags: 214 | - cloud-aws -------------------------------------------------------------------------------- /roles/cloud-resources/tasks/azure.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Its Azure Env 3 | debug: 4 | msg: "Provision Azure Env" 5 | 6 | ############################################################################# 7 | ## Security KeyPair 8 | ############################################################################# 9 | - name: "Check that the {{azr.private_key_file}} exists" 10 | stat: 11 | path: "{{azr.private_key_file}}" 12 | register: azrsshfile 13 | tags: 14 | - cloud-azr 15 | 16 | - name: Create Azure SSH Key Pair 17 | shell: | 18 | ssh-keygen -t rsa -N '' -f "{{azr.private_key_file}}" 19 | when: azrsshfile.stat.exists == False 20 | register: azr_sshkey 21 | tags: 22 | - cloud-azr 23 | 24 | ############################################################################# 25 | ## Resource Group 26 | ############################################################################# 27 | 28 | - name: Azure Create a resource group 29 | azure_rm_resourcegroup: 30 | name: "{{azr.resource_group}}" 31 | client_id: "{{azr.client_id}}" 32 | secret: "{{azr.secret}}" 33 | subscription_id: "{{azr.subscription_id}}" 34 | tenant: "{{azr.tenant}}" 35 | location: "{{azr.location}}" 36 | tags: 37 | name: openshift-all-in-one 38 | register: 39 | azr_rm_resource_group 40 | tags: 41 | - cloud-azr 42 | 43 | ############################################################################# 44 | ## Security Group 45 | ############################################################################# 46 | 47 | - name: Azure Create OpenShift Network Security Group 48 | azure_rm_securitygroup: 49 | name: "{{azr.security_group}}" 50 | client_id: "{{azr.client_id}}" 51 | secret: "{{azr.secret}}" 52 | subscription_id: "{{azr.subscription_id}}" 53 | tenant: "{{azr.tenant}}" 54 | location: "{{azr.location}}" 55 | resource_group: "{{azr.resource_group}}" 56 | rules: 57 | - name: 'allow-ssh' 58 | description: "Allowing SSH" 59 | priority: 100 60 | destination_port_range: 22 61 | access: Allow 62 | - name: 'allow-http' 63 | description: "Allowing HTTP" 64 | priority: 101 65 | destination_port_range: 80 66 | access: Allow 67 | - name: 'allow-https' 68 | description: "Allowing HTTPS" 69 | priority: 102 70 | destination_port_range: 443 71 | access: Allow 72 | - name: 'allow-openshift-master-console' 73 | description: "Allowing OpenShift Master Console" 74 | priority: 103 75 | destination_port_range: 8443 76 | access: Allow 77 | tags: 78 | name: openshift-all-in-one 79 | register: 80 | azr_rm_nsg 81 | tags: 82 | - cloud-azr 83 | 84 | ############################################################################# 85 | ## VPC Network 86 | ############################################################################# 87 | - name: Azure Create OpenShift Network 88 | azure_rm_virtualnetwork: 89 | name: "{{azr.vm_net_name}}" 90 | client_id: "{{azr.client_id}}" 91 | secret: "{{azr.secret}}" 92 | subscription_id: "{{azr.subscription_id}}" 93 | tenant: "{{azr.tenant}}" 94 | location: "{{azr.location}}" 95 | resource_group: "{{azr.resource_group}}" 96 | address_prefixes_cidr: 97 | - 192.168.0.0/16 98 | tags: 99 | name: openshift-all-in-one 100 | register: 101 | azr_rm_vnet 102 | tags: 103 | - cloud-azr 104 | 105 | - name: Azure Create OpenShift Network Subnet 106 | azure_rm_subnet: 107 | name: openshift-subnet-01 108 | virtual_network_name: "{{azr.vm_net_name}}" 109 | client_id: "{{azr.client_id}}" 110 | secret: "{{azr.secret}}" 111 | subscription_id: "{{azr.subscription_id}}" 112 | tenant: "{{azr.tenant}}" 113 | resource_group: "{{azr.resource_group}}" 114 | address_prefix_cidr: "192.168.1.0/24" 115 | security_group: "{{azr.security_group}}" 116 | tags: 117 | name: openshift-all-in-one 118 | register: 119 | azr_rm_vnet_subnet 120 | tags: 121 | - cloud-azr 122 | 123 | - name: Azure Create OpenShift Default NIC 124 | azure_rm_networkinterface: 125 | name: openshift-nic01 126 | client_id: "{{azr.client_id}}" 127 | secret: "{{azr.secret}}" 128 | subscription_id: "{{azr.subscription_id}}" 129 | tenant: "{{azr.tenant}}" 130 | resource_group: "{{azr.resource_group}}" 131 | ip_configurations: 132 | - name: "openshift-ip" 133 | public_ip_address_name: "openshift-ip" 134 | public_ip_allocation_method: "Static" 135 | primary: True 136 | security_group: "{{azr.security_group}}" 137 | subnet_name: openshift-subnet-01 138 | virtual_network: "{{azr.vm_net_name}}" 139 | tags: 140 | name: openshift-all-in-one 141 | register: 142 | azr_rm_nic01 143 | tags: 144 | - cloud-azr 145 | 146 | ############################################################################# 147 | ## Compute 148 | ############################################################################# 149 | 150 | - name: Azure Create All In One OpenShift Node 151 | azure_rm_virtualmachine: 152 | name: "{{instance_name}}" 153 | client_id: "{{azr.client_id}}" 154 | secret: "{{azr.secret}}" 155 | subscription_id: "{{azr.subscription_id}}" 156 | tenant: "{{azr.tenant}}" 157 | location: "{{azr.location}}" 158 | resource_group: "{{azr.resource_group}}" 159 | ssh_password_enabled: False 160 | managed_disk_type: Standard_LRS 161 | data_disks: 162 | - lun: 0 163 | managed_disk_type: "Standard_LRS" 164 | disk_size_gb: 128 165 | storage_blob_name: "{{instance_name}}-docker" 166 | ssh_public_keys: 167 | - key_data: "{{lookup('file',azr.public_key_file)}}" 168 | path: "/home/{{azr.cloud_user}}/.ssh/authorized_keys" 169 | vm_size: "{{azr.vm_size}}" 170 | admin_username: "{{azr.cloud_user}}" 171 | image: "{{azr.image}}" 172 | network_interface_names: 173 | - openshift-nic01 174 | tags: 175 | name: openshift-all-in-one 176 | register: 177 | azr_rm_vm 178 | 179 | - name: Azure Public IP Query Fact 180 | set_fact: 181 | public_ip_query: "networkProfile.networkInterfaces[?name == 'openshift-nic01'].properties.ipConfigurations[0].properties.publicIPAddress.properties.ipAddress" 182 | 183 | - name: Azure Set VM Facts 184 | set_fact: 185 | public_ip: "{{azr_rm_vm.ansible_facts.azure_vm.properties|json_query(public_ip_query)|first}}" 186 | 187 | - debug: 188 | msg: "Azure OpenShift Node Details IP {{public_ip}}" 189 | tags: 190 | - cloud-azr 191 | 192 | - name: azure wait for ssh 193 | wait_for: 194 | delay: "1" 195 | host: "{{ public_ip }}" 196 | port: "22" 197 | state: started 198 | timeout: "120" 199 | tags: 200 | - cloud-azr 201 | 202 | ############################################################################# 203 | ## Write to inventory 204 | ############################################################################## 205 | 206 | - name: Azure Build VM Hosts 207 | add_host: 208 | name: "azr-openshift" 209 | ansible_ssh_host: "{{public_ip}}" 210 | ansible_ssh_user: "{{azr.cloud_user}}" 211 | ansible_ssh_private_key_file: "{{azr.private_key_file}}" 212 | tags: 213 | - cloud-azr 214 | 215 | - name: Setup Cloud Inventory Tasks 216 | include_tasks: cloud_inventory.yaml 217 | vars: 218 | cloud_host: "{{ public_ip }}" 219 | cloud_user: "{{ azr.cloud_user}}" 220 | private_key_file: "{{azr.private_key_file}}" 221 | cloud_host_alias: "azr-openshift" 222 | cloud_provider: "azr" 223 | is_rhel: "{{azr.image.offer == 'RHEL'}}" 224 | hybricloud_inventory_dir: "{{hybridcloud_distro_base_dir}}/azr/inventory" 225 | hybridcloud_distro_dir: "{{hybridcloud_distro_base_dir}}/azr" 226 | tags: 227 | - cloud-azr 228 | 229 | - name: Azure Cloud Provider Configuration 230 | template: 231 | src: azure.conf.j2 232 | dest: "{{hybridcloud_distro_base_dir}}/azr/azure.conf" 233 | tags: 234 | - cloud-azr -------------------------------------------------------------------------------- /roles/cloud-resources/tasks/cloud_inventory.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | ########################################### 4 | # Ansible Inventory Setup 5 | ############################################ 6 | 7 | - name: "{{cloud_provider|upper}} Ensure Hosts Directory is present" 8 | file: 9 | dest: "{{hybricloud_inventory_dir}}" 10 | state: directory 11 | tags: 12 | -"cloud-{{cloud_host_alias}}" 13 | 14 | - name: "{{cloud_provider|upper}} Setup Host Variables" 15 | template: 16 | src: host_vars.yaml.j2 17 | dest: "{{hybricloud_inventory_dir}}/host_vars/{{cloud_host_alias}}.yaml" 18 | tags: 19 | -" cloud-{{cloud_host_alias}}" 20 | 21 | - name: "{{cloud_provider|upper}} Setup OpenShift Inventory" 22 | template: 23 | src: openshift_hosts.j2 24 | dest: "{{hybricloud_inventory_dir}}/hosts" 25 | tags: 26 | - "cloud-{{cloud_host_alias}}" 27 | 28 | - name: "{{cloud_provider|upper}} Setup localhost Host Variables" 29 | template: 30 | src: localhost.yaml.j2 31 | dest: "{{hybricloud_inventory_dir}}/host_vars/localhost.yaml" 32 | tags: 33 | - "cloud-{{cloud_host_alias}}" 34 | 35 | ########################################### 36 | # Cloud Provider Extras 37 | ############################################ 38 | - name: "{{cloud_provider|upper}} Docker Storage Setup Config File" 39 | template: 40 | src: docker-storage-setup.j2 41 | dest: "{{hybridcloud_distro_dir}}/docker-storage-setup" 42 | 43 | - name: "{{cloud_provider|upper}} Setup OpenShift Node Prepare tasks" 44 | template: 45 | src: hosts_prepare.yaml.j2 46 | dest: "{{hybridcloud_distro_dir}}/hosts_prepare.yaml" 47 | 48 | - name: "{{cloud_provider|upper}} Copy OpenShift Deploy Script" 49 | template: 50 | src: deploy.sh.j2 51 | mode: 0755 52 | dest: "{{hybridcloud_distro_dir}}/deploy.sh" 53 | 54 | - name: "{{cloud_provider|upper}} Utility SSH Script to Connect to Cloud VM" 55 | template: 56 | src: connect.sh.j2 57 | mode: 0755 58 | dest: "{{hybridcloud_distro_dir}}/connect.sh" 59 | 60 | ########################################### 61 | # OpenShift Add Users Playbook and Script 62 | ############################################ 63 | 64 | - name: Copy OpenShift Add Users Playbook 65 | copy: 66 | src: "{{item}}" 67 | dest: "{{hybridcloud_distro_dir}}/{{item}}" 68 | with_items: 69 | - add_openshift_users.yaml 70 | - openshift_users.yaml 71 | 72 | - name: Utility script to add Users to OpenShift 73 | template: 74 | src: add-openshift-users.sh.j2 75 | mode: 0755 76 | dest: "{{hybridcloud_distro_dir}}/add-openshift-users.sh" 77 | -------------------------------------------------------------------------------- /roles/cloud-resources/tasks/gcp.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Provisioning GCE 4 | debug: 5 | msg: "Provisioning GCE Instances" 6 | 7 | ############################################################################# 8 | ## Security KeyPair 9 | ############################################################################# 10 | - name: "Check that the {{gcp.private_key_file}} exists" 11 | stat: 12 | path: "{{gcp.private_key_file}}" 13 | register: gcpsshfile 14 | 15 | - name: "GCP SSH Key Pair" 16 | shell: | 17 | ssh-keygen -t rsa -N '' -f "{{gcp.private_key_file}}" 18 | when: gcpsshfile.stat.exists == False 19 | register: gcp_sshkey 20 | tags: 21 | - cloud-gcp 22 | 23 | - name: GCP SSH Public Key Metadata 24 | set_fact: 25 | ssh_public_key_metadata: "{{ lookup('file',gcp.public_key_file) + ' ' + gcp.cloud_user | trim }}" 26 | 27 | # - debug: 28 | # msg: "{{ssh_public_key_metadata}}" 29 | # when: gcp_sshkey is changed 30 | 31 | ############################################################################# 32 | ## Network 33 | ############################################################################# 34 | 35 | - name: GCE Create Static IP 36 | gce_eip: 37 | service_account_email: "{{ gcp.service_account_email }}" 38 | credentials_file: "{{ gcp.credentials_file }}" 39 | project_id: "{{ gcp.project_id }}" 40 | name: openshift-ip 41 | region: "{{gcp.region}}" 42 | state: present 43 | tags: 44 | - cloud-gcp 45 | 46 | - name: GCE Create Firewall Rule to allow OpenShift Console Access 47 | gce_net: 48 | service_account_email: "{{ gcp.service_account_email }}" 49 | credentials_file: "{{ gcp.credentials_file }}" 50 | project_id: "{{ gcp.project_id }}" 51 | name: default 52 | fwname: "openshift-master-console" 53 | allowed: tcp:8443 54 | state: "present" 55 | target_tags: "openshift-master" 56 | tags: 57 | - cloud-gcp 58 | 59 | - name: GCE Create All In One OpenShift Node 60 | gce: 61 | instance_names: "{{instance_name}}" 62 | machine_type: "{{gcp.machine_type}}" 63 | image: "{{gcp.image}}" 64 | external_ip: "openshift-ip" 65 | service_account_email: "{{ gcp.service_account_email }}" 66 | credentials_file: "{{ gcp.credentials_file }}" 67 | project_id: "{{ gcp.project_id }}" 68 | zone: "{{gcp.zone}}" 69 | disk_size: "20" 70 | persistent_boot_disk: "True" 71 | metadata: 72 | ssh-keys: 73 | - "{{gcp.cloud_user}}:{{ssh_public_key_metadata}}" 74 | service_account_permissions: 75 | - logging-write 76 | - monitoring 77 | - compute-rw 78 | - storage-rw 79 | - 'https://www.googleapis.com/auth/pubsub' 80 | - 'https://www.googleapis.com/auth/trace.append' 81 | tags: http-server,https-server,openshift-master 82 | register: gce_master 83 | tags: 84 | - cloud-gcp 85 | 86 | - name: GCE Create Docker Disk 87 | gce_pd: 88 | name: "{{instance_name}}-docker-disk" 89 | size_gb: "{{gcp.docker_disk_size}}" 90 | delete_on_termination: "yes" 91 | disk_type: pd-ssd 92 | instance_name: "{{instance_name}}" 93 | mode: READ_WRITE 94 | service_account_email: "{{ gcp.service_account_email }}" 95 | credentials_file: "{{ gcp.credentials_file }}" 96 | project_id: "{{ gcp.project_id }}" 97 | zone: "{{gcp.zone}}" 98 | tags: 99 | - cloud-gcp 100 | 101 | - name: GCP Set VM Facts 102 | set_fact: 103 | public_ip: "{{ gce_master.instance_data[0].public_ip }}" 104 | ############################################################################# 105 | ## Write to inventory 106 | ############################################################################## 107 | - name: Setup Cloud Inventory Tasks 108 | include_tasks: "cloud_inventory.yaml" 109 | vars: 110 | cloud_host: "{{ public_ip }}" 111 | cloud_user: "{{ gcp.cloud_user}}" 112 | private_key_file: "{{gcp.private_key_file}}" 113 | cloud_host_alias: "gcp-openshift" 114 | cloud_provider: "gcp" 115 | is_rhel: "{{gcp.is_rhel}}" 116 | hybricloud_inventory_dir: "{{hybridcloud_distro_base_dir}}/gcp/inventory" 117 | hybridcloud_distro_dir: "{{hybridcloud_distro_base_dir}}/gcp" 118 | tags: 119 | - cloud-gcp -------------------------------------------------------------------------------- /roles/cloud-resources/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Set Extra facts 3 | set_fact: 4 | hybridcloud_distro_base_dir: "/runner/out" 5 | 6 | - name: Setup Distribution Directories 7 | file: 8 | path: "{{hybridcloud_distro_base_dir}}/{{item}}/inventory/host_vars" 9 | state: directory 10 | with_items: "{{ clouds }}" 11 | tags: 12 | - prepare 13 | 14 | - name: Provision Node in GCP 15 | include_tasks: "gcp.yaml" 16 | when: ('gcp' in clouds) 17 | 18 | - name: Provision Node in AWS 19 | include_tasks: "aws.yaml" 20 | when: ('aws' in clouds) 21 | 22 | - name: Provision Node in Azure 23 | include_tasks: "azure.yaml" 24 | when: ('azr' in clouds) 25 | -------------------------------------------------------------------------------- /roles/cloud-resources/templates/add-openshift-users.sh.j2: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # {{cloud_provider}} VM {{instance_name}} 3 | # Public IP: {{public_ip}} 4 | set - e 5 | 6 | _CURR_DIR="$( cd "$(dirname "$0")" ; pwd -P )" 7 | 8 | docker run -u `id -u` \ 9 | -v ${_CURR_DIR}/inventory:/tmp/inventory:Z \ 10 | -v ${_CURR_DIR}/openshift_users.yaml:/tmp/openshift_users.yaml:Z \ 11 | -v ${_CURR_DIR}/add_openshift_users.yaml:/tmp/add_openshift_users.yaml:Z \ 12 | -v {{lookup('env','PROJECT_DIR')}}/{{private_key_file}}:/opt/app-root/src/.ssh/id_rsa:Z \ 13 | -e INVENTORY_DIR=/tmp/inventory \ 14 | -e OPTS="--become -v" \ 15 | -e PLAYBOOK_FILE=/tmp/add_openshift_users.yaml \ 16 | {% if is_rhel -%} 17 | registry.access.redhat.com/openshift3/ose-ansible:{{v_ocp_installer_image}} 18 | {% else -%} 19 | docker.io/openshift/origin-ansible:{{v_origin_installer_image}} 20 | {% endif %} -------------------------------------------------------------------------------- /roles/cloud-resources/templates/azure.conf.j2: -------------------------------------------------------------------------------- 1 | tenantId: {{azr.tenant}} 2 | subscriptionId: {{azr.subscription_id}} 3 | aadClientId: {{azr.client_id}} 4 | aadClientSecret: {{azr.secret}} 5 | aadTenantId: {{azr.tenant}} 6 | resourceGroup: {{azr.resource_group}} 7 | cloud: {{azr.cloud}} 8 | location: {{azr.location}} 9 | vnetName: {{azr.vm_net_name}} 10 | securityGroupName: {{azr.security_group}} 11 | primaryAvailabilitySetName: all-in-one-openshift -------------------------------------------------------------------------------- /roles/cloud-resources/templates/connect.sh.j2: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # {{cloud_provider}} VM {{instance_name}} 3 | # Public IP: {{public_ip}} 4 | # Private Key to use : {{private_key_file}} 5 | # Sudo user : {{cloud_user}} 6 | set - e 7 | ssh -i {{lookup('env','PROJECT_DIR')}}/{{private_key_file}} {{cloud_user}}@{{public_ip}} -------------------------------------------------------------------------------- /roles/cloud-resources/templates/deploy.sh.j2: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -e 4 | 5 | _CURR_DIR="$( cd "$(dirname "$0")" ; pwd -P )" 6 | 7 | ############################# 8 | ### Prepare for openshift 9 | ############################ 10 | docker run -u `id -u` \ 11 | -v ${_CURR_DIR}/inventory:/tmp/inventory:Z \ 12 | -v ${_CURR_DIR}/docker-storage-setup:/tmp/docker-storage-setup:Z \ 13 | -v ${_CURR_DIR}/hosts_prepare.yaml:/tmp/hosts_prepare.yaml:Z \ 14 | {% if cloud_provider == 'azr' %} 15 | -v ${_CURR_DIR}/azure.conf:/tmp/azure.conf:Z \ 16 | {% endif %} 17 | -v {{lookup('env','PROJECT_DIR')}}/{{private_key_file}}:/opt/app-root/src/.ssh/id_rsa:Z \ 18 | -e INVENTORY_DIR=/tmp/inventory \ 19 | -e OPTS="--become -v" \ 20 | -e PLAYBOOK_FILE=/tmp/hosts_prepare.yaml \ 21 | {% if is_rhel -%} 22 | registry.access.redhat.com/openshift3/ose-ansible:{{v_ocp_installer_image}} 23 | {% else -%} 24 | docker.io/openshift/origin-ansible:{{v_origin_installer_image}} 25 | {% endif %} 26 | 27 | ############################# 28 | ### openshift pre-req 29 | ############################ 30 | docker run -u `id -u` \ 31 | -v ${_CURR_DIR}/inventory:/tmp/inventory:Z \ 32 | -v {{lookup('env','PROJECT_DIR')}}/{{private_key_file}}:/opt/app-root/src/.ssh/id_rsa:Z \ 33 | -e INVENTORY_DIR=/tmp/inventory \ 34 | -e OPTS="--become -v" \ 35 | -e PLAYBOOK_FILE=playbooks/prerequisites.yml \ 36 | {% if is_rhel -%} 37 | registry.access.redhat.com/openshift3/ose-ansible:{{v_ocp_installer_image}} 38 | {% else -%} 39 | docker.io/openshift/origin-ansible:{{v_origin_installer_image}} 40 | {% endif %} 41 | 42 | ############################# 43 | ### openshift deployment 44 | ############################ 45 | docker run -u `id -u` \ 46 | -v ${_CURR_DIR}/inventory:/tmp/inventory:Z \ 47 | -v {{lookup('env','PROJECT_DIR')}}/{{private_key_file}}:/opt/app-root/src/.ssh/id_rsa:Z \ 48 | -e INVENTORY_DIR=/tmp/inventory \ 49 | -e OPTS="--become -v" \ 50 | -e PLAYBOOK_FILE=playbooks/deploy_cluster.yml \ 51 | {% if is_rhel -%} 52 | registry.access.redhat.com/openshift3/ose-ansible:{{v_ocp_installer_image}} 53 | {% else -%} 54 | docker.io/openshift/origin-ansible:{{v_origin_installer_image}} 55 | {% endif %} -------------------------------------------------------------------------------- /roles/cloud-resources/templates/docker-storage-setup.j2: -------------------------------------------------------------------------------- 1 | VG=docker-vg 2 | {% if cloud_provider == 'aws' %} 3 | DEVS=/dev/nvme1n1 4 | {% elif cloud_provider == 'azr' %} 5 | DEVS=/dev/sdc 6 | {% else %} 7 | DEVS=/dev/sdb 8 | {% endif %} -------------------------------------------------------------------------------- /roles/cloud-resources/templates/host_vars.yaml.j2: -------------------------------------------------------------------------------- 1 | ansible_host: {{cloud_host}} 2 | ansible_user: {{cloud_user}} 3 | 4 | {% if is_rhel -%} 5 | deployment_type: openshift-enterprise 6 | networkPluginName: redhat/ovs-networkpolicy 7 | {% else -%} 8 | deployment_type: origin 9 | {% endif %} 10 | 11 | {% if cloud_provider == 'gcp' %} 12 | openshift_cloudprovider_kind: gce 13 | openshift_gcp_project: {{gcp.project_id}} 14 | openshift_gcp_prefix: {{hybridizer_cluster_id}} 15 | {% elif cloud_provider == 'aws' %} 16 | openshift_cloudprovider_kind: aws 17 | openshift_cloudprovider_aws_access_key: "{{ aws.access_key }}" 18 | openshift_cloudprovider_aws_secret_key: "{{ aws.secret_key }}" 19 | openshift_clusterid: {{hybridizer_cluster_id}} 20 | {% elif cloud_provider == 'azr' -%} 21 | openshift_cloudprovider_kind: azure 22 | openshift_cloudprovider_azure_client_id: "{{azr.client_id}}" 23 | openshift_cloudprovider_azure_client_secret: "{{azr.secret}}" 24 | openshift_cloudprovider_azure_tenant_id: "{{azr.tenant}}" 25 | openshift_cloudprovider_azure_subscription_id: "{{azr.subscription_id}}" 26 | openshift_cloudprovider_azure_resource_group: "{{azr.resource_group}}" 27 | openshift_cloudprovider_azure_location: "{{azr.location}}" 28 | openshift_cloudprovider_azure_cloud: "{{azr.cloud}}" 29 | openshift_cloudprovider_azure_vnet_name: "{{azr.vm_net_name}}" 30 | openshift_cloudprovider_azure_security_group_name: "{{azr.security_group}}" 31 | openshift_cloudprovider_azure_availability_set_name: "all-in-one-openshift" 32 | {% endif %} 33 | 34 | # the default domain suffixes to the app 35 | openshift_master_default_subdomain: "{{cloud_host}}.nip.io" 36 | # accessing the master API from outside world 37 | openshift_public_hostname: "{{cloud_host}}" -------------------------------------------------------------------------------- /roles/cloud-resources/templates/hosts_prepare.yaml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - hosts: 4 | - {{cloud_host_alias}} 5 | 6 | tasks: 7 | 8 | {% if cloud_provider == 'azr' and azr.image.offer == 'CentOS' -%} 9 | # enable the default eth0 network to be NM Controlled 10 | - name: Enable NM_CONTROLLED 11 | lineinfile: 12 | regexp: '^(NM_CONTROLLED=)(no)$' 13 | backrefs: yes 14 | path: /etc/sysconfig/network-scripts/ifcfg-eth0 15 | line: '\1yes' 16 | become: yes 17 | register: nmcontolled_changed 18 | 19 | - name: restart azure vm 20 | azure_rm_virtualmachine: 21 | name: "{{instance_name}}" 22 | client_id: "{{azr.client_id}}" 23 | secret: "{{azr.secret}}" 24 | subscription_id: "{{azr.subscription_id}}" 25 | tenant: "{{azr.tenant}}" 26 | location: "{{azr.location}}" 27 | resource_group: "{{azr.resource_group}}" 28 | restarted: yes 29 | when: nmcontolled_changed is changed 30 | delegate_to: localhost 31 | 32 | - name: wait for azure restart 33 | local_action: shell ansible -u {{ azr.cloud_user }} -m ping {{'{{'}} inventory_hostname {{'}}'}} 34 | register: result 35 | until: result.rc == 0 36 | retries: 30 37 | delay: 10 38 | when: nmcontolled_changed is changed 39 | 40 | - name: check eth0 is available 41 | shell: nmcli c s 42 | register: nmcli_out 43 | when: nmcontolled_changed is changed 44 | 45 | # TODO to evaluate change or failure 46 | - debug: msg={%- raw %} "{{nmcli_out}}"{% endraw %} 47 | {% endif %} 48 | 49 | {% if is_rhel -%} 50 | - name: Subscribe to RedHat 51 | redhat_subscription: 52 | state: present 53 | username: {{azr.rhn_username}} 54 | password: {{azr.rhn_password}} 55 | force_register: True 56 | pool_ids: {{azr.rhn_pool_ids}} 57 | - name: Subscribe to needed OpenShift RedHat Repositories 58 | shell: | 59 | subscription-manager repos --disable="*" \ 60 | --enable="rhel-7-server-rpms" \ 61 | --enable="rhel-7-server-extras-rpms" \ 62 | --enable="rhel-7-server-ose-3.9-rpms" \ 63 | --enable="rhel-7-fast-datapath-rpms" \ 64 | --enable="rhel-7-server-ansible-2.4-rpms" 65 | {% endif %} 66 | 67 | - name: Install essential and utility packages 68 | package: 69 | {%- raw %} 70 | name: "{{item}}" 71 | state: latest 72 | {% endraw -%} 73 | with_items: 74 | - wget 75 | - git 76 | - net-tools 77 | - bind-utils 78 | - yum-utils 79 | - iptables-services 80 | - bridge-utils 81 | - bash-completion 82 | - kexec-tools 83 | - sos 84 | - psacct 85 | - httpd-tools 86 | - docker 87 | - system-storage-manager 88 | - NetworkManager 89 | - centos-release-openshift-origin311 90 | - centos-release-ansible26 91 | 92 | {% if cloud_provider == 'azr' -%} 93 | - name: Create Azure Cloud Provider Config Directory 94 | file: 95 | dest: /etc/azure 96 | mode: 0600 97 | state: directory 98 | 99 | - name: Copy Azure Cloud Provider Configuration 100 | copy: 101 | src: "/tmp/azure.conf" 102 | mode: 0600 103 | dest: /etc/azure/azure.conf 104 | {% endif %} 105 | 106 | {% if is_rhel -%} 107 | # This is required only for centos machines 108 | - name: Add RedHat Registry Certificates 109 | shell: | 110 | cd /tmp 111 | sudo mkdir -p /etc/rhsm/ca 112 | sudo wget http://mirror.centos.org/centos/7/os/x86_64/Packages/python-rhsm-certificates-1.19.10-1.el7_4.x86_64.rpm 113 | sudo rpm2cpio python-rhsm-certificates-1.19.10-1.el7_4.x86_64.rpm | cpio -iv --to-stdout ./etc/rhsm/ca/redhat-uep.pem | tee /etc/rhsm/ca/redhat-uep.pem 114 | args: 115 | executable: /bin/bash 116 | 117 | - name: Check Red Hat Registry Certificates are Present 118 | file: 119 | name: /etc/rhsm/ca/redhat-uep.pem 120 | state: file 121 | register: proceed 122 | {% endif %} 123 | 124 | - set_fact: 125 | proceed: {{ proceed | default(True) }} 126 | 127 | - name: Stop Docker 128 | service: 129 | name: docker 130 | enabled: true 131 | state: stopped 132 | when: proceed 133 | 134 | - name: Delete /var/lib/docker 135 | file: 136 | name: /var/lib/docker 137 | state: absent 138 | run_once: true 139 | when: proceed 140 | 141 | - name: Reconfigure Docker Storage Setup 142 | copy: 143 | src: "/tmp/docker-storage-setup" 144 | dest: /etc/sysconfig/docker-storage-setup 145 | run_once: true 146 | when: proceed 147 | 148 | - name: Enable and Start Docker Service 149 | service: 150 | name: docker 151 | enabled: true 152 | state: started 153 | when: proceed 154 | 155 | - name: Enable and Start NetworkManager 156 | service: 157 | name: NetworkManager 158 | enabled: true 159 | state: started 160 | when: proceed 161 | -------------------------------------------------------------------------------- /roles/cloud-resources/templates/localhost.yaml.j2: -------------------------------------------------------------------------------- 1 | ansible_become: no -------------------------------------------------------------------------------- /roles/cloud-resources/templates/openshift_hosts.j2: -------------------------------------------------------------------------------- 1 | [OSEv3:children] 2 | masters 3 | nodes 4 | etcd 5 | 6 | [OSEv3:vars] 7 | # localhost likely doesn't meet the minimum requirements 8 | openshift_disable_check=disk_availability,memory_availability,docker_image_availability,docker_storage 9 | openshift_portal_net=172.30.0.0/16 10 | 11 | # Type of installation 12 | openshift_release={{openshift_release}} 13 | 14 | # User management 15 | openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider'}] 16 | openshift_master_manage_htpasswd=false 17 | 18 | openshift_enable_service_catalog=false 19 | 20 | [masters] 21 | {{cloud_host_alias}} 22 | 23 | [etcd] 24 | {{cloud_host_alias}} 25 | 26 | [nodes] 27 | {{cloud_host_alias}} openshift_node_group_name="node-config-all-in-one" -------------------------------------------------------------------------------- /roles/openshift-users/defaults/main.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | # Add or modify the users in this list and rerun the add-openshift-users.sh 4 | # to have the users add/updated in OpenShift htpasswd file 5 | openshift_users: 6 | - {username: "developer",password: "supers3cret"} 7 | # Add the List of users to be deleted from OpenShift 8 | openshift_delete_users: 9 | # - developer -------------------------------------------------------------------------------- /roles/openshift-users/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Factize OpenShift Users 4 | set_fact: 5 | openshift_user: { 'username': "{{item.username}}", 'password': "{{ item.password | default(lookup('password', '/dev/null length=8 chars=ascii_letters')) }}" } 6 | with_items: "{{openshift_users}}" 7 | register: openshift_users_result 8 | 9 | - name: make a list 10 | set_fact: _openshift_users="{{ openshift_users_result.results | map(attribute='ansible_facts.openshift_user') | list }}" 11 | 12 | - name: OpenShift Users List 13 | debug: msg="{{item.username}}/{{item.password}}" 14 | with_items: "{{_openshift_users}}" 15 | 16 | - name: "Install packages needed to run htpasswd module on {{inventory_hostname}}" 17 | package: 18 | name: "{{item}}" 19 | state: present 20 | with_items: 21 | - python2-pip 22 | - python2-passlib 23 | 24 | - name: Add OpenShift Users to htpasswd file 25 | htpasswd: 26 | path: /etc/origin/master/htpasswd 27 | name: "{{item.username}}" 28 | password: "{{item.password}}" 29 | mode: 0640 30 | loop: "{{_openshift_users}}" 31 | 32 | - name: Delete Users from OpenShift htpasswd file 33 | htpasswd: 34 | path: /etc/origin/master/htpasswd 35 | name: "{{item}}" 36 | state: absent 37 | with_items: "{{ openshift_delete_users | default([]) }}" -------------------------------------------------------------------------------- /site-gh-pages.yml: -------------------------------------------------------------------------------- 1 | runtime: 2 | cache_dir: ./.cache/antora 3 | site: 4 | title: OpenShift Hybridizer Docs 5 | url: https://redhat-developer-demos.github.io/openshift-hybridizer/ 6 | start_page: openshift-hybridizer::index.adoc 7 | 8 | content: 9 | sources: 10 | - url: . 11 | branches: master 12 | start_path: documentation 13 | ui: 14 | bundle: 15 | url: https://gitlab.com/antora/antora-ui-default/-/jobs/artifacts/master/raw/build/ui-bundle.zip?job=bundle-stable 16 | snapshot: true 17 | supplemental_files: ./supplemental-ui 18 | output: 19 | dir: ./site 20 | -------------------------------------------------------------------------------- /site.yml: -------------------------------------------------------------------------------- 1 | runtime: 2 | cache_dir: ./.cache/antora 3 | site: 4 | title: openshift-hybridizer Docs 5 | url: http://localhost:9090 6 | start_page: openshift-hybridizer::index.adoc 7 | 8 | content: 9 | sources: 10 | - url: file:///Users/kameshs/git/kameshsampath/openshift-hybridizer 11 | branches: master 12 | start_path: docs 13 | ui: 14 | bundle: 15 | url: https://gitlab.com/antora/antora-ui-default/-/jobs/artifacts/master/raw/build/ui-bundle.zip?job=bundle-stable 16 | snapshot: true 17 | supplemental_files: ./supplemental-ui 18 | output: 19 | dir: ./docs -------------------------------------------------------------------------------- /supplemental-ui/img/favicon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-developer-demos/openshift-hybridizer/dd82fc81f41bbf5c582c575c8001fd9bac416d62/supplemental-ui/img/favicon.ico -------------------------------------------------------------------------------- /supplemental-ui/partials/head-meta.hbs: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /supplemental-ui/partials/header-content.hbs: -------------------------------------------------------------------------------- 1 | --------------------------------------------------------------------------------