Adding ad-hoc ansible task to deploy jenkins pod for ci tenants #570

Signed-off-by: Fabian Arrotin <arrfab@centos.org>
CentOS · Dec 21, 2021 · cac3934 · cac3934
1 parent f21c6d8
commit cac3934
Show file tree

Hide file tree

Showing 3 changed files with 437 additions and 5 deletions.
diff --git a/adhoc-ocp-deploy-jenkins-for-ci-tenant.yml b/adhoc-ocp-deploy-jenkins-for-ci-tenant.yml
@@ -0,0 +1,127 @@
+---
+# This playbook is to create a persistent volume for openshift CI namespace
+# The node on which we'll run this should have the exported NFS volume mounted locally
+# using variables from inventory:
+#   ocp_nfs_server: (like node.domain)
+#   ocp_nfs_export: ocp-staging
+
+
+- hosts: "ocp-ci-management"
+  become: true
+  become_user: "{{ ocp_service_account }}"
+  vars_prompt:
+    - name: "ocp_project"
+      prompt: "Existing project/namespace in ocp we'll deploy jenkins to/for (has to exist before !) "
+      private: no
+    - name: "pv_size"
+      prompt: "Persistent Volume size (example 10Gi) "
+      private: no
+    - name: "duffy_api_key"
+      prompt: "Existing Duffy API key "
+      private: no
+    #- name: "duffy_ssh_key"
+    #  prompt: "Existing ssh private key this project to be injected as secret "
+
+
+  tasks:
+    - name: Generate a UUID
+      set_fact:
+        pv_uuid: "{{ (ocp_project + pv_claimref|default('noclaimref', true)) | to_uuid }}"
+      tags:
+        - pv
+        - nfs
+
+    - name: UUID Generated
+      debug:
+        var: pv_uuid
+      tags:
+        - pv
+        - nfs
+
+    - name: Make a pv name
+      set_fact:
+        pv_name: "pv-{{ pv_size | lower }}-{{ pv_uuid }}"
+      tags:
+        - pv
+        - nfs
+
+    - name: UUID Generated
+      debug:
+        var: pv_name
+      tags:
+        - pv
+        - nfs
+
+    - name: See if the PV already exists
+      command: 
+        cmd: "bin/oc get pv/{{ pv_name }}"
+        chdir: "/home/{{ ocp_service_account }}"
+      register: results
+      changed_when: false
+      failed_when:
+        - results.rc == 0
+      tags:
+        - pv
+
+    - block:
+        - name: Ensuring we have local mount point
+          file:
+            path: /mnt/ocp_store
+            state: directory
+
+        - name: Ensuring nfs export is mounted on mgmt station
+          mount:
+            fstype: nfs
+            src: "{{ ocp_nfs_server }}:{{ ocp_nfs_export }}"
+            path: /mnt/ocp_store
+            state: mounted
+
+        - name: make directories for each PV
+          file:
+            path: "/mnt/ocp_store/{{ pv_name }}"
+            owner: nobody
+            group: nobody
+            mode: 0777
+            state: directory
+      become_user: root  
+      tags:
+        - pv
+        - nfs
+
+    - name: create json files for PV
+      template:
+        src: "templates/openshift-pv-storage/persistent-volume.json.j2"
+        dest: "/home/{{ ocp_service_account }}/pv_configs/{{ pv_name }}.json"
+      register: pv_init  
+      tags:
+        - pv
+
+    - name: apply the transformation
+      command: 
+        cmd: "bin/oc create -f pv_configs/{{ pv_name }}.json"
+        chdir: "/home/{{ ocp_service_account }}"
+      when: pv_init is changed
+      tags:
+        - pv
+
+    - name: Finding project ssh key to inject as secret
+      set_fact:
+        duffy_ssh_key: "{{ lookup('file', '{{ pkistore }}/ocp/ssh/{{ ocp_project }}') }}"
+      tags:
+        - template
+
+    - name: Importing basic jenkins-ci-workspace template
+      template:
+        src: openshift/jenkins-ci-workspace.yml
+        dest: "/home/{{ ocp_service_account }}/ocp_configs/{{ ocp_project }}-jenkins-ci-workspace.yml"  
+      tags:
+        - template
+
+    - name: "Deploy jenkins under namespace {{ ocp_project }}"   
+      shell: 
+        cmd: "bin/oc process -f ocp_configs/{{ ocp_project }}-jenkins-ci-workspace.yml | bin/oc create -n {{ ocp_project }} -f -"
+        chdir: "/home/{{ ocp_service_account }}"
+      tags:
+        - deploy
+
+
diff --git a/templates/kickstarts/centos-9-stream-ks.cfg.j2 b/templates/kickstarts/centos-9-stream-ks.cfg.j2
@@ -106,9 +106,4 @@ chrony
 
 %end
 
-%anaconda
-pwpolicy root --minlen=6 --minquality=1 --notstrict --nochanges --notempty
-pwpolicy user --minlen=6 --minquality=1 --notstrict --nochanges --emptyok
-pwpolicy luks --minlen=6 --minquality=1 --notstrict --nochanges --notempty
-%end