diff --git a/ansible/configs/ocp4-cluster/implementation/acc_new_app_dev/vars.yml b/ansible/configs/ocp4-cluster/implementation/acc_new_app_dev/vars.yml new file mode 100644 index 00000000000..3360bc1b358 --- /dev/null +++ b/ansible/configs/ocp4-cluster/implementation/acc_new_app_dev/vars.yml @@ -0,0 +1,288 @@ +--- +# Default num_users +num_users: 1 + +# Must be defined: +#common_admin_password: ... +#common_user_password: ... + +# ------------------------------------------------------------------- +# VM configuration +# ------------------------------------------------------------------- +master_instance_type: >- + {{ 'c6in.2xlarge' if num_users | int < 10 else 'c6in.4xlarge' }} +master_instance_count: >- + {{ 3 if num_users | int > 1 else 1 }} +master_storage_type: io1 +master_storage_size: 250 +worker_instance_type: m6a.4xlarge +worker_instance_count: "{{ [(num_users | int / 5) | round(0, 'ceil') | int, 2] | max }}" +worker_storage_type: gp3 +worker_storage_size: 250 +bastion_instance_type: t3a.medium +bastion_instance_image: RHEL84GOLD-latest + +# ------------------------------------------------------------------- +# Repos +# ------------------------------------------------------------------- +repo_method: satellite +update_packages: true + +# ------------------------------------------------------------------- +# OpenShift Installer Version +# ------------------------------------------------------------------- +ocp4_installer_version: "4.13.4" +ocp4_installer_root_url: http://mirror.openshift.com/pub/openshift-v4/clients + +# ------------------------------------------------------------------- +# OpenShift Base Domain (use cluster-{{ guid }}.sandboxXXX.opentlc.com +# instead of cluster-{{ guid }}.{{ guid }}.sandboxXXX.opentlc.com +# ------------------------------------------------------------------- +ocp4_base_domain: "{{ sandbox_zone }}" + +# ------------------------------------------------------------------- +# Student User on Bastion +# ------------------------------------------------------------------- +install_student_user: false + +# ------------------------------------------------------------------- +# Workloads +# ------------------------------------------------------------------- +# --- Infra Workloads (YAML List) +infra_workloads: +- ocp4_workload_le_certificates +- ocp4_workload_authentication +- ocp4_workload_pipelines +- ocp4_workload_openshift_gitops +- ocp4_workload_gitea_operator +- ocp4_workload_codeserver +- ocp4_workload_acc_new_app_dev +- ocp4_workload_openshift_gitops_fix_argocd + +# ------------------------------------------------------------------- +# Workload variables +# ------------------------------------------------------------------- +ocp4_workload_user_base: user +ocp4_workload_user_count: "{{ num_users }}" +ocp4_workload_multi_user: "{{ true if num_users | int > 1 else false }}" + +ocp4_workload_catalogsource_image: quay.io/gpte-devops-automation/olm_snapshot_redhat_catalog +ocp4_workload_catalogsource_tag: v4.13_2023_06_26 + +# ------------------------------------------------------------------- +# Workload: ocp4_workload_le_certificates +# ------------------------------------------------------------------- +ocp4_workload_le_certificates_install_api: true + +# ------------------------------------------------------------------- +# Workload: ocp4_workload_authentication +# ------------------------------------------------------------------- +ocp4_workload_authentication_idm_type: htpasswd +ocp4_workload_authentication_admin_user: admin +ocp4_workload_authentication_htpasswd_admin_password: "{{ common_admin_password }}" +ocp4_workload_authentication_htpasswd_user_base: "{{ ocp4_workload_user_base }}" +ocp4_workload_authentication_htpasswd_user_password: "{{ common_user_password }}" +ocp4_workload_authentication_htpasswd_user_count: "{{ ocp4_workload_user_count }}" +ocp4_workload_authentication_remove_kubeadmin: true +ocp4_workload_authentication_enable_user_info_data: true + +# --------------------------------------------------------- +# Workload: ocp4_workload_pipelines +# --------------------------------------------------------- +ocp4_workload_pipelines_channel: pipelines-1.11 + +ocp4_workload_pipelines_use_catalog_snapshot: true +ocp4_workload_pipelines_catalog_snapshot_image: "{{ ocp4_workload_catalogsource_image }}" +ocp4_workload_pipelines_catalog_snapshot_image_tag: "{{ ocp4_workload_catalogsource_tag }}" + +# ------------------------------------------------------------------- +# Workload: ocp4_workload_openshift_gitops +# ------------------------------------------------------------------- +ocp4_workload_openshift_gitops_channel: gitops-1.9 + +ocp4_workload_openshift_gitops_use_catalog_snapshot: true +ocp4_workload_openshift_gitops_catalog_snapshot_image: "{{ ocp4_workload_catalogsource_image }}" +ocp4_workload_openshift_gitops_catalog_snapshot_image_tag: "{{ ocp4_workload_catalogsource_tag }}" + +ocp4_workload_openshift_gitops_setup_cluster_admin: true +ocp4_workload_openshift_gitops_update_resources: true +ocp4_workload_openshift_gitops_update_route_tls: true + +ocp4_workload_openshift_gitops_controller_update: true +ocp4_workload_openshift_gitops_controller_requests_cpu: "2" +ocp4_workload_openshift_gitops_controller_requests_memory: 4Gi +ocp4_workload_openshift_gitops_controller_limits_cpu: "4" +ocp4_workload_openshift_gitops_controller_limits_memory: 4Gi + +ocp4_workload_openshift_gitops_repo_update: true +ocp4_workload_openshift_gitops_repo_requests_cpu: 500m +ocp4_workload_openshift_gitops_repo_requests_memory: 512Mi +ocp4_workload_openshift_gitops_repo_limits_cpu: "2" +ocp4_workload_openshift_gitops_repo_limits_memory: 2Gi + +ocp4_workload_openshift_gitops_rbac_update: true +ocp4_workload_openshift_gitops_rbac_policy: | + g, {{ ocp4_workload_authentication_admin_user }}, role:admin +ocp4_workload_openshift_gitops_rbac_scopes: '[name,groups]' + +ocp4_workload_openshift_gitops_ignore_differences: | + resourceIdentifiers: + - group: jaegertracing.io + kind: Jaeger + customization: + jsonPointers: + - /spec/strategy + - group: apps + kind: Deployment + customization: + jqPathExpressions: + - .spec.template.spec.containers[] | select(.name == "redis") + +# ------------------------------------------------------------------- +# Workload: ocp4_workload_gitea_operator +# ------------------------------------------------------------------- +ocp4_workload_gitea_operator_project: gitea +ocp4_workload_gitea_operator_catalog_image: quay.io/rhpds/gitea-catalog +ocp4_workload_gitea_operator_catalog_image_tag: v2.0.1 + +ocp4_workload_gitea_operator_deploy_gitea_instance: true +ocp4_workload_gitea_operator_gitea_image: quay.io/rhpds/gitea +ocp4_workload_gitea_operator_gitea_image_tag: "1.20.1" +ocp4_workload_gitea_operator_name: gitea +ocp4_workload_gitea_operator_gitea_hostname: gitea +ocp4_workload_gitea_operator_gitea_volume_size: 2Gi +ocp4_workload_gitea_operator_postgresql_volume_size: 2Gi +ocp4_workload_gitea_operator_ssl_route: true + +ocp4_workload_gitea_operator_disable_registration: false +ocp4_workload_gitea_operator_enable_captcha: false +ocp4_workload_gitea_operator_allow_create_organization: true +ocp4_workload_gitea_operator_register_email_confirm: false +ocp4_workload_gitea_operator_enable_notify_email: false +ocp4_workload_gitea_operator_mailer_enabled: false + +ocp4_workload_gitea_operator_create_admin: true +ocp4_workload_gitea_operator_create_users: true +ocp4_workload_gitea_operator_user_number: "{{ ocp4_workload_user_count }}" +ocp4_workload_gitea_operator_generate_user_format: >- + {{ ocp4_workload_user_base + '%d' if ocp4_workload_multi_user else ocp4_workload_user_base + '1' }} +ocp4_workload_gitea_operator_user_password: "{{ common_user_password }}" +ocp4_workload_gitea_operator_migrate_repositories: true +ocp4_workload_gitea_operator_repositories_list: +- repo: https://github.com/redhat-gpte-devopsautomation/acc-new-app-dev + name: acc-new-app-dev + private: false +- repo: https://github.com/redhat-gpte-devopsautomation/quarkus-super-heroes-rhbq213 + name: quarkus-super-heroes + private: false +- repo: https://github.com/redhat-gpte-devopsautomation/quarkus-super-heroes-deploy + name: quarkus-super-heroes-deploy + private: false + +# ------------------------------------------------------------------- +# Workload: ocp4_workload_codeserver +# ------------------------------------------------------------------- +ocp4_workload_codeserver_image: quay.io/gpte-devops-automation/codeserver +ocp4_workload_codeserver_image_tag: v4.14.0-java11 +ocp4_workload_codeserver_init_image: quay.io/gpte-devops-automation/codeserver-init +ocp4_workload_codeserver_init_image_tag: v4.14.0 + +ocp4_workload_codeserver_gitea_name: "{{ ocp4_workload_gitea_operator_gitea_hostname }}" +ocp4_workload_codeserver_gitea_namespace: "{{ ocp4_workload_gitea_operator_project }}" + +ocp4_workload_codeserver_multi_user_install: "{{ ocp4_workload_multi_user }}" +ocp4_workload_codeserver_multi_user_num_users: "{{ ocp4_workload_user_count }}" +ocp4_workload_codeserver_multi_user_username_base: "{{ ocp4_workload_user_base }}" + +ocp4_workload_codeserver_repos_user: "{{ ocp4_workload_user_base + '1' }}" + +ocp4_workload_codeserver_password: "{{ common_user_password }}" + +ocp4_workload_codeserver_init_request_memory: "512Mi" +ocp4_workload_codeserver_init_limits_memory: "512Mi" +ocp4_workload_codeserver_request_memory: "2Gi" +ocp4_workload_codeserver_limits_memory: "2Gi" + +# Repositories to set up in codeserver +ocp4_workload_codeserver_repos_password: "{{ common_user_password }}" +ocp4_workload_codeserver_repos: +- name: quarkus-super-heroes + account: "{{ '' if ocp4_workload_multi_user else ocp4_workload_user_base + '1' }}" + branch: rhbq-2.13 + +# ------------------------------------------------------------------- +# Workload: ocp4_workload_acc_new_app_dev +# ------------------------------------------------------------------- +ocp4_workload_acc_new_app_dev_user_count: "{{ ocp4_workload_user_count }}" +ocp4_workload_acc_new_app_dev_user_prefix: "{{ ocp4_workload_user_base }}" + +ocp4_workload_acc_new_app_dev_gitea_svc: http://gitea.gitea.svc:3000 +ocp4_workload_acc_new_app_dev_gitea_user_password: "{{ ocp4_workload_gitea_operator_user_password }}" + +# repo details from gitea containing the devops code for this lab +ocp4_workload_acc_new_app_dev_repo: acc-new-app-dev +ocp4_workload_acc_new_app_dev_revision: main + +ocp4_workload_acc_new_app_dev_demo_namespace_prefix: quarkus-superheroes- +ocp4_workload_acc_new_app_dev_demo_app_name: rest-fights +# repo details from gitea containing the source code of the demo application. +ocp4_workload_acc_new_app_dev_demo_app_source: quarkus-super-heroes +ocp4_workload_acc_new_app_dev_demo_app_source_revision: rhbq-2.13 +# repo details from gitea containing the gitops/deploy code of the demo application. +ocp4_workload_acc_new_app_dev_demo_app_deploy: quarkus-super-heroes-deploy +ocp4_workload_acc_new_app_dev_demo_app_deploy_revision: rhbq-2.13 +ocp4_workload_acc_new_app_dev_demo_app_deploy_path: kustomize + +ocp4_workload_acc_new_app_dev_amqstreams_channel: stable +ocp4_workload_acc_new_app_dev_amqstreams_startingcsv: amqstreams.v2.4.0-0 +ocp4_workload_acc_new_app_dev_amqstreams_catalogsource_image: "{{ ocp4_workload_catalogsource_image }}" +ocp4_workload_acc_new_app_dev_amqstreams_catalogsource_tag: "{{ ocp4_workload_catalogsource_tag }}" +ocp4_workload_acc_new_app_dev_amqstreams_memory: 1Gi + +ocp4_workload_acc_new_app_dev_kafka_name: fights-kafka +ocp4_workload_acc_new_app_dev_kafka_topic: fights + +ocp4_workload_acc_new_app_dev_jaeger_channel: stable +ocp4_workload_acc_new_app_dev_jaeger_startingcsv: jaeger-operator.v1.42.0-5-0.1687199951.p +ocp4_workload_acc_new_app_dev_jaeger_catalogsource_image: "{{ ocp4_workload_catalogsource_image }}" +ocp4_workload_acc_new_app_dev_jaeger_catalogsource_tag: "{{ ocp4_workload_catalogsource_tag }}" + +ocp4_workload_acc_new_app_dev_opentelemetry_channel: stable +ocp4_workload_acc_new_app_dev_opentelemetry_startingcsv: opentelemetry-operator.v0.74.0-5-0.1687199949.p +ocp4_workload_acc_new_app_dev_opentelemetry_catalogsource_image: "{{ ocp4_workload_catalogsource_image }}" +ocp4_workload_acc_new_app_dev_opentelemetry_catalogsource_tag: "{{ ocp4_workload_catalogsource_tag }}" + +ocp4_workload_acc_new_app_dev_guides: "{{ ocp4_workload_multi_user }}" +ocp4_workload_acc_new_app_dev_guides_namespace: guides +ocp4_workload_acc_new_app_dev_guides_image: ghcr.io/redhat-gpte-devopsautomation/acc-new-app-dev-guides:latest +ocp4_workload_acc_new_app_dev_guides_repo_url: https://github.com/redhat-gpte-devopsautomation/acc-new-app-dev-guides +ocp4_workload_acc_new_app_dev_guides_repo_revision: main +ocp4_workload_acc_new_app_dev_guides_repo_path: chart +ocp4_workload_acc_new_app_dev_guides_module_titles: +- title: "Enabling Immediate Productivity" + path: "/acc-new-app-dev-guides/main/m1/intro.html" +- title: "Automating Guardrails for Consistent Security and Operation Control" + path: "/acc-new-app-dev-guides/main/m2/intro.html" +- title: "Building a Flexible Architecture" + path: "/acc-new-app-dev-guides/main/m3/intro.html" +ocp4_workload_acc_new_app_dev_guides_user_password: "{{ common_user_password }}" + +ocp4_workload_acc_new_app_dev_usertool_namespace: usertool +ocp4_workload_acc_new_app_dev_usertool_repo_url: https://github.com/redhat-gpte-devopsautomation/user-distribution +ocp4_workload_acc_new_app_dev_usertool_repo_revision: main +ocp4_workload_acc_new_app_dev_usertool_repo_path: chart +ocp4_workload_acc_new_app_dev_usertool_image: quay.io/openshiftlabs/username-distribution:1.4 +ocp4_workload_acc_new_app_dev_usertool_lab_admin_password: "{{ common_admin_password }}" +ocp4_workload_acc_new_app_dev_usertool_lab_user_password: "{{ common_user_password }}" +ocp4_workload_acc_new_app_dev_usertool_lab_access_token: "{{ common_user_password }}" +ocp4_workload_acc_new_app_dev_usertool_redis_image: registry.redhat.io/rhel8/redis-6:1-118 + +ocp4_workload_acc_new_app_dev_maven_job: true +ocp4_workload_acc_new_app_dev_maven_job_path: /home/codeserver/quarkus-super-heroes/rest-villains/pom.xml + +# ------------------------------------------------------------------- +# ocp4_workload_openshift_gitops_fix_argocd +# ------------------------------------------------------------------- +# Sleep 10 minutes before attempting to fix argocd dex pods +ocp4_workload_openshift_gitops_fix_argocd_delay: "10" +ocp4_workload_openshift_gitops_fix_argocd_create_namespace: false diff --git a/ansible/configs/test-empty-config/implementation/example/vars.yml b/ansible/configs/test-empty-config/implementation/example/vars.yml new file mode 100644 index 00000000000..0b39af11a83 --- /dev/null +++ b/ansible/configs/test-empty-config/implementation/example/vars.yml @@ -0,0 +1,4 @@ +--- +agnosticd_passthrough_user_data: + used_example_implementation: true +... diff --git a/ansible/include_vars.yml b/ansible/include_vars.yml index 465a69ef665..5f091dc2008 100644 --- a/ansible/include_vars.yml +++ b/ansible/include_vars.yml @@ -1,13 +1,19 @@ --- -- name: Step 0000 Find Include Vars files - hosts: localhost - connection: local +- name: Step 0000 Include Vars + hosts: + - localhost + - all gather_facts: no tags: include_vars tasks: - - name: Stat default variables files (both yaml/yml extensions) + - name: Set output_dir for all hosts + set_fact: + output_dir: "{{ hostvars.localhost.output_dir }}" + when: hostvars.localhost.output_dir is defined + + - name: Include variables files vars: - find_me: + __vars_file_base: # Global default vars related to the cloud provider - cloud_providers/{{ cloud_provider }}_default_vars # Legacy env_vars.yml (replaced by default_vars.yml) @@ -15,51 +21,27 @@ # Default vars of the config - configs/{{ env_type }}/default_vars # Default vars of the config, specific to a cloud provider - - configs/{{ env_type }}/default_vars.{{ cloud_provider }} - configs/{{ env_type }}/default_vars_{{ cloud_provider }} + # Implementation vars of the config + - configs/{{ env_type }}/implementation/{{ implementation | default(omit) }}/vars # Lecacy secret vars file. - configs/{{ env_type }}/env_secret_vars - extensions: + __vars_file_extension: - yaml - yml - stat: - path: "{{ item[0] ~ '.' ~ item[1] }}" - loop: "{{ find_me | product(extensions) | list }}" - register: rstat_varfiles - - - name: Stat variables files - vars: - find_me: - # secret file path passed as extra-var - - "{{ secret_file | d('/secret/file/not/passed') }}" - stat: - path: "{{ item }}" - loop: "{{ find_me }}" - register: rstat2_varfiles - -- name: Step 0000 Include vars - hosts: - - localhost - - all - connection: local - gather_facts: no - tags: include_vars - tasks: - - name: Set output_dir for all hosts - set_fact: - output_dir: "{{ hostvars.localhost.output_dir }}" - when: hostvars.localhost.output_dir is defined - - - name: Include variables files + __vars_file: "{{ playbook_dir }}/{{ __vars_file_parts[0] }}.{{ __vars_file_parts[1] }}" + loop: "{{ __vars_file_base | product(__vars_file_extension) | list }}" + loop_control: + loop_var: __vars_file_parts + label: "{{ __vars_file }}" + when: + - __vars_file is file include_vars: - file: "{{ item.stat.path }}" + file: "{{ __vars_file }}" + + - name: Set passthrough user data when: - - item is not skipped - - item.stat.exists - loop: "{{ hostvars.localhost.rstat_varfiles.results + hostvars.localhost.rstat2_varfiles.results }}" - loop_control: - label: >- - {{ ( - item.stat.path - | default('skipped') - ) if 'stat' in item else item }} + - agnosticd_passthrough_user_data is defined + - agnosticd_passthrough_user_data | length > 0 + agnosticd_user_info: + data: "{{ agnosticd_passthrough_user_data }}" diff --git a/ansible/setup_runtime.yml b/ansible/setup_runtime.yml index ff1e2b70e19..6f595be2759 100644 --- a/ansible/setup_runtime.yml +++ b/ansible/setup_runtime.yml @@ -57,13 +57,6 @@ - user-info.yaml - user-data.yaml - - name: Set passthrough user data - when: - - agnosticd_passthrough_user_data is defined - - agnosticd_passthrough_user_data | length > 0 - agnosticd_user_info: - data: "{{ agnosticd_passthrough_user_data }}" - # include global vars from the config - import_playbook: include_vars.yml