Modernized Hello-World APB

[djzager]

No description provided.

[djzager]

I'm playing around/investigating with a "modernized" APB example. The end goal is to have something showing off openshift_raw and k8s_raw as well as a functioning test playbook. Right now though I've restructured this APB into a single role and wanted to get feedback before moving any further.

[fabianvf]

I think you won't need this anymore, right?

[fabianvf]

any reason you aren't inlining these?

[fabianvf]

Seems a little overkill to have a whole vars directory for these two 1-line files.

[djzager]

I agree. I really just wanted to pull vars out of the playbook but I don't think this improves on that.

[djzager]

Example runthrough with multiple provisions in same namespace:

Provision apb with apb_id=2

(apb) ➜  hello-world-apb git:(apb-ref-example) ✗ docker run --rm --net=host -v $HOME/.kube:/opt/apb/.kube:z -u $UID hello-world-apb provision --extra-vars 'apb_id=2'
+ [[ provision --extra-vars apb_id=2 == *\s\2\i\/\a\s\s\e\m\b\l\e* ]]
+ ACTION=provision
+ shift
+ playbooks=/opt/apb/actions
+ CREDS=/var/tmp/bind-creds
+ TEST_RESULT=/var/tmp/test-result
+ whoami
+ '[' -w /etc/passwd ']'
++ id -u
+ echo 'apb:x:1000:0:apb user:/opt/apb:/sbin/nologin'
+ set +x
+ [[ -e /opt/apb/actions/provision.yaml ]]
+ [[ -e /opt/apb/actions/provision.yml ]]
+ ANSIBLE_ROLES_PATH=/etc/ansible/roles:/opt/ansible/roles
+ ansible-playbook /opt/apb/actions/provision.yml --extra-vars apb_id=2

PLAY [hello-world-apb provision] ***********************************************

TASK [hello-world-apb : deployment config] *************************************
changed: [localhost]

TASK [hello-world-apb : hello-world service] ***********************************
changed: [localhost]

TASK [hello-world-apb : create hello-world route] ******************************
changed: [localhost]

PLAY RECAP *********************************************************************
localhost                  : ok=3    changed=3    unreachable=0    failed=0

+ EXIT_CODE=0
+ set +ex
+ '[' -f /var/tmp/test-result ']'
+ exit 0

Provision apb with apb_id=1

$  hello-world-apb git:(apb-ref-example) ✗ docker run --rm --net=host -v $HOME/.kube:/opt/apb/.kube:z -u $UID hello-world-apb provision --extra-vars 'apb_id=1'
+ [[ provision --extra-vars apb_id=1 == *\s\2\i\/\a\s\s\e\m\b\l\e* ]]
+ ACTION=provision
+ shift
+ playbooks=/opt/apb/actions
+ CREDS=/var/tmp/bind-creds
+ TEST_RESULT=/var/tmp/test-result
+ whoami
+ '[' -w /etc/passwd ']'
++ id -u
+ echo 'apb:x:1000:0:apb user:/opt/apb:/sbin/nologin'
+ set +x
+ [[ -e /opt/apb/actions/provision.yaml ]]
+ [[ -e /opt/apb/actions/provision.yml ]]
+ ANSIBLE_ROLES_PATH=/etc/ansible/roles:/opt/ansible/roles
+ ansible-playbook /opt/apb/actions/provision.yml --extra-vars apb_id=1

PLAY [hello-world-apb provision] ***********************************************

TASK [hello-world-apb : deployment config] *************************************
changed: [localhost]

TASK [hello-world-apb : hello-world service] ***********************************
changed: [localhost]

TASK [hello-world-apb : create hello-world route] ******************************
changed: [localhost]

PLAY RECAP *********************************************************************
localhost                  : ok=3    changed=3    unreachable=0    failed=0

+ EXIT_CODE=0
+ set +ex
+ '[' -f /var/tmp/test-result ']'
+ exit 0

See all in the namespace

$ oc get all -n hello-world
NAME                                                                 REVISION   DESIRED   CURRENT   TRIGGERED BY
deploymentconfigs/hello-world-5acebd43-ef18-5da4-9d08-543ae781fcab   1          1         0         config
deploymentconfigs/hello-world-dae097b5-4296-5d3f-8cc4-4acee86b3676   1          1         0         config

NAME                                                      HOST/PORT                                                                        PATH      SERVICES                                           PORT      TERMINATION   WILDCARD
routes/hello-world-5acebd43-ef18-5da4-9d08-543ae781fcab   hello-world-5acebd43-ef18-5da4-9d08-543ae781fcab-hello-world.172.17.0.1.nip.io             hello-world-5acebd43-ef18-5da4-9d08-543ae781fcab   web                     None
routes/hello-world-dae097b5-4296-5d3f-8cc4-4acee86b3676   hello-world-dae097b5-4296-5d3f-8cc4-4acee86b3676-hello-world.172.17.0.1.nip.io             hello-world-dae097b5-4296-5d3f-8cc4-4acee86b3676   web                     None

NAME                                                           READY     STATUS    RESTARTS   AGE
po/hello-world-5acebd43-ef18-5da4-9d08-543ae781fcab-1-deploy   0/1       Error     0          14s
po/hello-world-dae097b5-4296-5d3f-8cc4-4acee86b3676-1-deploy   0/1       Error     0          8s

NAME                                                    DESIRED   CURRENT   READY     AGE
rc/hello-world-5acebd43-ef18-5da4-9d08-543ae781fcab-1   0         0         0         14s
rc/hello-world-dae097b5-4296-5d3f-8cc4-4acee86b3676-1   0         0         0         8s

NAME                                                   TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)    AGE
svc/hello-world-5acebd43-ef18-5da4-9d08-543ae781fcab   ClusterIP   172.30.237.56    <none>        8080/TCP   13s
svc/hello-world-dae097b5-4296-5d3f-8cc4-4acee86b3676   ClusterIP   172.30.221.152   <none>        8080/TCP   7s

Deprovision apb_id=2

$ docker run --rm --net=host -v $HOME/.kube:/opt/apb/.kube:z -u $UID hello-world-apb deprovision --extra-vars 'apb_id=2'
+ [[ deprovision --extra-vars apb_id=2 == *\s\2\i\/\a\s\s\e\m\b\l\e* ]]
+ ACTION=deprovision
+ shift
+ playbooks=/opt/apb/actions
+ CREDS=/var/tmp/bind-creds
+ TEST_RESULT=/var/tmp/test-result
+ whoami
+ '[' -w /etc/passwd ']'
++ id -u
+ echo 'apb:x:1000:0:apb user:/opt/apb:/sbin/nologin'
+ set +x
+ [[ -e /opt/apb/actions/deprovision.yaml ]]
+ [[ -e /opt/apb/actions/deprovision.yml ]]
+ ANSIBLE_ROLES_PATH=/etc/ansible/roles:/opt/ansible/roles
+ ansible-playbook /opt/apb/actions/deprovision.yml --extra-vars apb_id=2

PLAY [hello-world-apb deprovision] *********************************************

TASK [hello-world-apb : deployment config] *************************************
changed: [localhost]

TASK [hello-world-apb : hello-world service] ***********************************
changed: [localhost]

TASK [hello-world-apb : create hello-world route] ******************************
changed: [localhost]

PLAY RECAP *********************************************************************
localhost                  : ok=3    changed=3    unreachable=0    failed=0

+ EXIT_CODE=0
+ set +ex
+ '[' -f /var/tmp/test-result ']'
+ exit 0

See if apb_id=1 survived

$ oc get all -n hello-world
NAME                                                                 REVISION   DESIRED   CURRENT   TRIGGERED BY
deploymentconfigs/hello-world-dae097b5-4296-5d3f-8cc4-4acee86b3676   1          1         0         config

NAME                                                      HOST/PORT                                                                        PATH      SERVICES                                           PORT      TERMINATION   WILDCARD
routes/hello-world-dae097b5-4296-5d3f-8cc4-4acee86b3676   hello-world-dae097b5-4296-5d3f-8cc4-4acee86b3676-hello-world.172.17.0.1.nip.io             hello-world-dae097b5-4296-5d3f-8cc4-4acee86b3676   web                     None

NAME                                                           READY     STATUS    RESTARTS   AGE
po/hello-world-dae097b5-4296-5d3f-8cc4-4acee86b3676-1-deploy   0/1       Error     0          6m

NAME                                                    DESIRED   CURRENT   READY     AGE
rc/hello-world-dae097b5-4296-5d3f-8cc4-4acee86b3676-1   0         0         0         6m

NAME                                                   TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)    AGE
svc/hello-world-dae097b5-4296-5d3f-8cc4-4acee86b3676   ClusterIP   172.30.221.152   <none>        8080/TCP   6m

[LorbusChris]

@djzager I'm liking the simplified structure!

Here's an idea of what it could look like to add per-container config-roles (aka container-enabled) to the APB:
https://github.com/djzager/Hello-World-APB/pull/1

[dymurray]

+1 I like this approach a lot

[dymurray]

I like _apb_service_instance_id better :)

[fabianvf]

We should just make a filter for this, so you could do something like {{ 'hello-world' | apb_uuid }} or something. Would let us control how the names are generated as well, if we could do it deterministically based on the service instance id then idempotence would be easy as well.

[djzager]

How do we make a filter for this? I like this idea a lot...service instance id is a uuid, so it is unique and preserves idempotence. My concern is making it so that when you run the apb without a broker it still works (with sane defaults or you providing the value).

[djzager]

I would also really like it if we were able to untie the APB variables from the broker. By this I mean that _apb_service_instance_id limits that variable to being used only when the APB is associated with a service instance. If we could go to more generics like apb_id or having a filter apb_uuid, I would really be on board.

[LorbusChris]

Maybe the container name shouldn't be the same as the pod's name, in case there's multiple containers deployed to the pod and we want to easily differentiate them?

[djzager]

My hope is to have the broker provide the service instance id as apb_id instead of _apb_service_instance_id (and have apb_id passed on all APB actions) to make this work with and w/o a broker. If _apb_service_instance_id stays, then I'll change this.

[fabianvf]

any reason these need to be strings and not bools?

[djzager]

https://travis-ci.org/djzager/Hello-World-APB/jobs/339544060

apb.yml
  1:1       warning  missing document start "---"  (document-start)
  4:11      warning  truthy value is not quoted  (truthy)
  8:81      error    line too long (89 > 80 characters)  (line-length)
  14:11     warning  truthy value is not quoted  (truthy)
  17:81     error    line too long (88 > 80 characters)  (line-length)

[fabianvf]

^^

[djzager]

same as above

[fabianvf]

seems like state should be set by apb_action inside the role

[fabianvf]

^^

[fabianvf]

I think chouseknecht has added a lookup module for this, probably a good place to showcase it: https://docs.ansible.com/ansible/devel/plugins/lookup/openshift.html

[dymurray]

smart, good idea

[dymurray]

+1 to how you organized this. Good idea including defaults for what the broker provides

[dymurray]

Any ideas why deprovision is failing?

[djzager]

@fabianvf @dymurray I scrapped the use of lookups for verification because they don't work as you would expect and I think this is cleaner and makes more sense. I'll consider writing an issue against Ansible, but for now, I think this is the most correct way to do this.

[jwmatthews]

@djzager what are next steps with this PR?

[djzager]

@jwmatthews The next steps are:

1. Figure out what to do with the test playbook. If you look at the mariadb-apb HA PR, specifically the test playbook there are some good things going on there that we should investigate. It goes beyond the typical "verifications" that I've seen in other test playbooks and actually interacts with the database as a test. It's also a little complex. I want to be sure that test playbooks are supported by any apb-test-shim we develop. There may be nothing more to do here as the apb-test-shim already runs the test playbook if it exists in the project.
2. Talk with @dymurray and make sure that what I'm doing here lines up with the ansible-galaxy integration.
3. Move the apb-test-shim project under one of our organizations.

[djzager]

I'm using this PR to test the changes in --> ansibleplaybookbundle/apb-test-shim#4 In the end this will rely on that PR being merged.

[djzager]

@fabianvf + @dymurray I think this is ready to go

[fabianvf]

I think chouseknecht has added a lookup module for this, probably a good place to showcase it: https://docs.ansible.com/ansible/devel/plugins/lookup/openshift.html

I think ansible also has a jsonquery/path filter built in to it, probably should add the dependency to apb-base since it's pretty useful.

[djzager]

@jmontleon
I did a cursory look to see if jmespath was available in the EPEL repo for centos in order to update the apb-base image and it wasn't there. I see a few bugs related to this https://bugzilla.redhat.com/show_bug.cgi?id=1484910 but I don't see how we could update the apb-base with jmespath. If we can't easily add it then I think we should push off the lookup stuff.

[djzager]

Updated the example to use lookups based on @fabianvf request. Now this is blocked by ansible/ansible#37533 ... once that is merged I'll make sure everything is good to go and get 👍 again.

[fabianvf]

The spacing here and in provision.yml looks weird to me, does this work?

[djzager]

It does work. Not sure what I would do to improve it.

[fabianvf]

Ah, seeing it in the email cleared it up. Thought the var was attached to the role include and not the play.

[dymurray]

Looks good to me, I really like the asb_last_operation calls to give us some status reporting. ACK Pending Travis.

[djzager]

Putting this here for when I forget. The kubernetes latest is going to fail because of kubernetes/minikube#2629

[fabianvf]

/lgtm