forked from redhat-cop/agnosticd
-
Notifications
You must be signed in to change notification settings - Fork 0
/
workload.yml
255 lines (208 loc) · 8.07 KB
/
workload.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
---
- name: define ocp_sso_project
set_fact:
sso_project: "sso-{{guid}}"
- name: define ocp_threescale_project
set_fact:
threescale_project: "threescale-{{guid}}"
- name: define ocp_service_project
set_fact:
service_project: "service-{{guid}}"
- name: define ocp_www_project
set_fact:
www_project: "www-{{guid}}"
- name: define ocp_solex_project
set_fact:
solex_project: "solex-{{guid}}"
- name: Create project for Red Hat Single Sign On
shell: "oc new-project {{sso_project}} --display-name='Red Hat Single Sign On'"
ignore_errors: true
- name: "Label namespace"
command: "oc label namespace {{sso_project}} AAD='{{guid}}'"
- name: Make sure we go back do default project
shell: "oc project default"
- name: Evaluate SSO OperatorGroup
k8s:
state: present
definition:
apiVersion: operators.coreos.com/v1
kind: OperatorGroup
metadata:
namespace: '{{sso_project}}'
name: '{{ sso_project }}-operatorgroup'
spec:
targetNamespaces:
- '{{ sso_project }}'
- name: Evaluate SSO Operator
k8s:
state: present
definition:
apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
name: sso-subscription
namespace: '{{sso_project}}'
spec:
channel: alpha
installPlanApproval: Automatic
name: rhsso-operator
source: redhat-operators
sourceNamespace: openshift-marketplace
- name: Wait for SSO operator to install
k8s_info:
api_version: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
name: keycloaks.keycloak.org
register: crd_sso
until: crd_sso.resources | list | length == 1
retries: 30
delay: 10
- name: Provision Keycloak CR
k8s:
state: present
definition:
apiVersion: keycloak.org/v1alpha1
kind: Keycloak
metadata:
name: sso
labels:
app: sso
namespace: '{{sso_project}}'
spec:
externalAccess:
enabled: true
instances: 1
- name: Create project for API Implementation
shell: "oc new-project {{service_project}} --display-name='Alert Center Backend Service'"
ignore_errors: true
- name: "Label namespace"
command: "oc label namespace {{service_project}} AAD='{{guid}}'"
- name: Make sure we go back do default project
shell: "oc project default"
- name: Create service messaging broker
shell: "oc process -f https://raw.githubusercontent.com/jbossdemocentral/3scale-security-oidc-demo/master/support/templates/amq63-basic-template.json \
-p MQ_USERNAME=admin -p MQ_PASSWORD=admin | oc create -n {{service_project}} -f -"
- name: Create image stream for Fuse
shell: "oc create -f https://raw.githubusercontent.com/jboss-fuse/application-templates/{{fuse_version}}/fis-image-streams.json -n {{service_project}}"
- name: Create service backend API implementation
shell: "oc process -f https://raw.githubusercontent.com/jbossdemocentral/3scale-security-oidc-demo/master/support/templates/accidentalert-backend-template.json \
-p APP_NAME=accidentalert-backend -p GIT_REPO=https://github.com/jbossdemocentral/3scale-security-oidc-demo.git -p GIT_REF=master \
-p CONTEXT_DIR=/projects/myaccidentalert -p ACTIVEMQ_BROKER_USERNAME=admin -p ACTIVEMQ_BROKER_PASSWORD=admin \
-p IMAGE_STREAM_NAMESPACE={{service_project}} \
-p CPU_REQUEST=1 -p MEMORY_REQUEST=512Mi -p MEMORY_LIMIT=1024Mi | oc create -n {{service_project}} -f -"
- name: Create project for ui app
shell: "oc new-project {{www_project}} --display-name='Alert Center Web Application'"
ignore_errors: true
- name: "Label namespace"
command: "oc label namespace {{www_project}} AAD='{{guid}}'"
- name: Make sure we go back do default project
shell: "oc project default"
- name: Create UI app
shell: "oc process -f https://raw.githubusercontent.com/jbossdemocentral/3scale-security-oidc-demo/master/support/templates/accidentalert-ui-template.json \
-p SSO_URL='https://keycloak-{{sso_project}}.{{ocp_apps_domain}}' -p BACKEND_URL='http://accidentalert-backend-{{service_project}}.{{ocp_apps_domain}}' \
-p APPLICATION_HOSTNAME='www-accidentalert-{{guid}}.{{ocp_apps_domain}}' | oc -n {{www_project}} create -f -"
- name: Create project for 3scale
shell: "oc new-project {{threescale_project}} --display-name='3scale API Management'"
ignore_errors: true
- name: "Label namespace"
command: "oc label namespace {{threescale_project}} AAD='{{guid}}'"
- name: Make sure we go back do default project
shell: "oc project default"
- name: Evaluate 3scale Operator Group
k8s:
state: present
resource_definition: "{{ lookup('template', 'threescale-operatorgroup.yaml.j2') }}"
- name: Evaluate 3scale Subscription
k8s:
state: present
resource_definition: "{{ lookup('template', 'threescale-subscription.yaml.j2') }}"
- name: Wait for 3scale operator to install
k8s_info:
api_version: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
name: apimanagers.apps.3scale.net
register: crd_threescale
until: crd_threescale.resources | list | length == 1
retries: 10
delay: 30
- name: Deploy 3scale API Manager
k8s:
state: present
resource_definition: "{{ lookup('template', 'threescale-apimanager.yaml.j2') }}"
- name: Create project for Solution explorer
k8s:
state: present
definition:
apiVersion: v1
kind: Namespace
metadata:
name: '{{ solex_project }}'
labels:
AAD: '{{guid}}'
- name: Set temp dir
set_fact:
webapp_operator_tmp: "/tmp/webapp-operator"
- name: Ensure example directory exists
file:
path: '{{ webapp_operator_tmp }}'
state: directory
- name: Download example files
unarchive:
src: '{{ ocp4_workload_3scale_demo_webapp_operator_resources }}'
dest: '{{ webapp_operator_tmp }}'
remote_src: yes
- name: Create WebApp Operator Resources
k8s:
state: present
namespace: '{{ solex_project }}'
src: '{{ webapp_operator_tmp }}/tutorial-web-app-operator-{{ ocp4_workload_3scale_demo_webapp_operator_release_tag }}/deploy/{{ item }}'
loop: "{{ ocp4_workload_3scale_demo_webapp_operator_resource_items|flatten(levels=1) }}"
- name: Add additional walkthrough locations in the default list
set_fact:
webapp_walkthrough_locations: "{{ ocp4_workload_3scale_demo_webapp_walkthrough_locations }}"
- name: Retrieve additional services
set_fact:
solex_services: "{{ lookup('template', 'solex-services.json.j2') }}"
- name: Create WebApp custom resource
k8s:
state: present
resource_definition: "{{ lookup('template', 'solex-webapp.yaml.j2') }}"
- name: Get webapp secure route
k8s_info:
kind: Route
name: '{{ ocp4_workload_3scale_demo_webapp_client_id }}'
namespace: '{{ solex_project }}'
api_version: route.openshift.io/v1
register: webapp_secure_route
until:
- webapp_secure_route.resources is defined
- webapp_secure_route.resources | length > 0
retries: 10
delay: 30
- name: Retrieve Route
set_fact:
webapp_secure_route: "{{ webapp_secure_route.resources[0].spec.host }}"
- name: Create OpenShift OAuth client
k8s:
state: present
resource_definition: "{{ lookup('template', 'solex-oauthclient.yaml.j2') }}"
- name: Create OpenShift Group
k8s:
state: present
resource_definition: "{{ lookup('template', 'solex-group.yaml.j2') }}"
- name: Give {{ocp_username}} access to sso_project
shell: "oc policy add-role-to-user admin {{ocp_username}} -n {{sso_project}}"
- name: Give {{ocp_username}} access to threescale_project
shell: "oc policy add-role-to-user admin {{ocp_username}} -n {{threescale_project}}"
- name: Give {{ocp_username}} access to service_project
shell: "oc policy add-role-to-user admin {{ocp_username}} -n {{service_project}}"
- name: Give {{ocp_username}} access to www_project
shell: "oc policy add-role-to-user admin {{ocp_username}} -n {{www_project}}"
- name: Give {{ocp_username}} access to solex_project
shell: "oc policy add-role-to-user admin {{ocp_username}} -n {{solex_project}}"
- name: Running Post config tasks
import_tasks: ./config.yml
become: false
- name: workload Tasks Complete
debug:
msg: workload Tasks Complete