From b0acd9adc76f8742bacaa19b3a382283ddb0d1eb Mon Sep 17 00:00:00 2001 From: Fabian von Feilitzsch Date: Fri, 29 Jun 2018 12:51:58 -0400 Subject: [PATCH] Update to use newly released Ansible 2.6 k8s module (#767) * workaround https://github.com/ansible/ansible/issues/40185 * Create rolebinding with Ansible module * remove unnecessary oc command * explicitly define project with annotations * _exec -> exec * {openshift|k8s}_raw -> k8s * Update required ansible version * use oc command until https://github.com/ansible/ansible/issues/42116 is fixed --- containers/README.md | 2 +- containers/deploy/candlepin/tasks/main.yml | 4 +- .../deploy/foreman-proxy/tasks/main.yml | 4 +- containers/deploy/foreman/tasks/main.yml | 12 ++--- .../foreman/templates/httpd.deployment.yaml | 2 +- containers/deploy/mongodb/tasks/main.yml | 6 +-- containers/deploy/postgres/tasks/main.yml | 6 +-- containers/deploy/project/tasks/main.yml | 19 ++++--- containers/deploy/pulp/tasks/main.yml | 53 +++++++++++++++++-- .../templates/pulp-worker.deployment.yaml | 42 --------------- containers/deploy/puppet/tasks/main.yml | 4 +- containers/deploy/qpid/tasks/main.yml | 4 +- .../deploy/service-accounts/tasks/main.yml | 21 ++++++-- 13 files changed, 99 insertions(+), 80 deletions(-) delete mode 100644 containers/deploy/pulp/templates/pulp-worker.deployment.yaml diff --git a/containers/README.md b/containers/README.md index 4903b9d9cb8..7c95b6a1f4e 100644 --- a/containers/README.md +++ b/containers/README.md @@ -20,7 +20,7 @@ This guide assumes that you are in the `containers/` folder for all operations. This quickstart guide requires that the following are installed already: - * [Ansible 2.5+](http://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html) + * [Ansible 2.6+](http://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html) * [Minishift](https://docs.openshift.org/latest/minishift/getting-started/installing.html) * Alternatively, minishift can be installed with our playbook: `ansible-playbook tools/install-minishift.yml` * [Openshift Rest Client 6.0+](https://github.com/openshift/openshift-restclient-python) diff --git a/containers/deploy/candlepin/tasks/main.yml b/containers/deploy/candlepin/tasks/main.yml index b514c52afd1..c893afcafef 100644 --- a/containers/deploy/candlepin/tasks/main.yml +++ b/containers/deploy/candlepin/tasks/main.yml @@ -1,13 +1,13 @@ --- - name: candlepin service - k8s_raw: + k8s: state: "{{ deployment_state }}" definition: "{{ lookup('template', 'templates/' + item + '.service.yaml') | from_yaml }}" with_items: - candlepin - name: candlepin deployment - openshift_raw: + k8s: state: "{{ deployment_state }}" definition: "{{ lookup('template', 'templates/' + item + '.deployment.yaml') | from_yaml }}" with_items: diff --git a/containers/deploy/foreman-proxy/tasks/main.yml b/containers/deploy/foreman-proxy/tasks/main.yml index ed90123409f..f4c2395c41d 100644 --- a/containers/deploy/foreman-proxy/tasks/main.yml +++ b/containers/deploy/foreman-proxy/tasks/main.yml @@ -1,13 +1,13 @@ --- - name: foreman proxy service - k8s_raw: + k8s: state: "{{ deployment_state }}" definition: "{{ lookup('template', 'templates/' + item + '.service.yaml') | from_yaml }}" with_items: - foreman-proxy - name: foreman proxy deployment - openshift_raw: + k8s: state: "{{ deployment_state }}" definition: "{{ lookup('template', 'templates/' + item + '.deployment.yaml') | from_yaml }}" with_items: diff --git a/containers/deploy/foreman/tasks/main.yml b/containers/deploy/foreman/tasks/main.yml index 81820336dde..be75bea2733 100644 --- a/containers/deploy/foreman/tasks/main.yml +++ b/containers/deploy/foreman/tasks/main.yml @@ -1,27 +1,27 @@ --- - name: foreman persistent volume claim - k8s_raw: + k8s: state: "{{ deployment_state }}" definition: "{{ lookup('template', 'templates/' + item + '.pvc.yaml') | from_yaml }}" with_items: - pub-data - name: foreman config maps - k8s_raw: + k8s: state: "{{ deployment_state }}" definition: "{{ lookup('template', 'templates/' + item + '.config-map.yaml') | from_yaml }}" with_items: - httpd - name: foreman jobs - k8s_raw: + k8s: state: "{{ deployment_state }}" definition: "{{ lookup('template', 'templates/' + item + '.job.yaml') | from_yaml }}" with_items: - certificates - name: foreman service - k8s_raw: + k8s: state: "{{ deployment_state }}" definition: "{{ lookup('template', 'templates/' + item + '.service.yaml') | from_yaml }}" with_items: @@ -30,7 +30,7 @@ - memcached - name: foreman deployment - openshift_raw: + k8s: state: "{{ deployment_state }}" definition: "{{ lookup('template', 'templates/' + item + '.deployment.yaml') | from_yaml }}" with_items: @@ -40,7 +40,7 @@ - httpd - name: foreman routes - openshift_raw: + k8s: state: "{{ deployment_state }}" definition: "{{ lookup('template', 'templates/' + item + '.route.yaml') | from_yaml }}" with_items: diff --git a/containers/deploy/foreman/templates/httpd.deployment.yaml b/containers/deploy/foreman/templates/httpd.deployment.yaml index e89627c86b7..cff985335ef 100644 --- a/containers/deploy/foreman/templates/httpd.deployment.yaml +++ b/containers/deploy/foreman/templates/httpd.deployment.yaml @@ -64,6 +64,6 @@ spec: name: certs lifecycle: postStart: - _exec: + exec: command: - "/usr/bin/save-container-environment" diff --git a/containers/deploy/mongodb/tasks/main.yml b/containers/deploy/mongodb/tasks/main.yml index 6e7860a81a4..bb43eb19051 100644 --- a/containers/deploy/mongodb/tasks/main.yml +++ b/containers/deploy/mongodb/tasks/main.yml @@ -1,20 +1,20 @@ --- - name: mongodb persistent volume claim - k8s_raw: + k8s: state: "{{ deployment_state }}" definition: "{{ lookup('template', 'templates/' + item + '.pvc.yaml') | from_yaml }}" with_items: - mongodb - name: mongodb service - k8s_raw: + k8s: state: "{{ deployment_state }}" definition: "{{ lookup('template', 'templates/' + item + '.service.yaml') | from_yaml }}" with_items: - mongodb - name: mongodb deployment - openshift_raw: + k8s: state: "{{ deployment_state }}" definition: "{{ lookup('template', 'templates/' + item + '.deployment.yaml') | from_yaml }}" with_items: diff --git a/containers/deploy/postgres/tasks/main.yml b/containers/deploy/postgres/tasks/main.yml index ad95bb1f53b..bf32c8a252f 100644 --- a/containers/deploy/postgres/tasks/main.yml +++ b/containers/deploy/postgres/tasks/main.yml @@ -1,20 +1,20 @@ --- - name: postgres persistent volume claim - k8s_raw: + k8s: state: "{{ deployment_state }}" definition: "{{ lookup('template', 'templates/' + item + '.pvc.yaml') | from_yaml }}" with_items: - postgres - name: postgres service - k8s_raw: + k8s: state: "{{ deployment_state }}" definition: "{{ lookup('template', 'templates/' + item + '.service.yaml') | from_yaml }}" with_items: - postgres - name: postges deployment - openshift_raw: + k8s: state: "{{ deployment_state }}" definition: "{{ lookup('template', 'templates/' + item + '.deployment.yaml') | from_yaml }}" with_items: diff --git a/containers/deploy/project/tasks/main.yml b/containers/deploy/project/tasks/main.yml index 838aaa9f18a..154b49d92d8 100644 --- a/containers/deploy/project/tasks/main.yml +++ b/containers/deploy/project/tasks/main.yml @@ -1,8 +1,13 @@ --- -- name: project foreman - openshift_raw: - name: "{{ project_name }}" - display_name: Foreman - description: Foreman stack - state: present - kind: Project +- name: project foreman (workaround for https://github.com/ansible/ansible/issues/42116) + shell: oc new-project '{{ project_name }}' --description="Foreman Stack" --display-name="Foreman" || oc get project '{{ project_name }}' +# k8s: +# state: present +# definition: +# apiVersion: project.openshift.io/v1 +# kind: Project +# metadata: +# name: "{{ project_name }}" +# annotations: +# openshift.io/display-name: Foreman +# openshift.io/description: Foreman stack diff --git a/containers/deploy/pulp/tasks/main.yml b/containers/deploy/pulp/tasks/main.yml index b9872256321..ed50b8650ee 100644 --- a/containers/deploy/pulp/tasks/main.yml +++ b/containers/deploy/pulp/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: pulp persistent volume claim - k8s_raw: + k8s: state: "{{ deployment_state }}" definition: "{{ lookup('template', 'templates/' + item + '.pvc.yaml') | from_yaml }}" with_items: @@ -8,7 +8,7 @@ - puppet-data - name: pulp service - k8s_raw: + k8s: state: "{{ deployment_state }}" definition: "{{ lookup('template', 'templates/' + item + '.service.yaml') | from_yaml }}" with_items: @@ -16,14 +16,59 @@ - content-server - name: pulp deployment - openshift_raw: + k8s: state: "{{ deployment_state }}" definition: "{{ lookup('template', 'templates/' + item + '.deployment.yaml') | from_yaml }}" with_items: - pulp - - pulp-worker - pulp-celerybeat - pulp-resource-manager - pulp-streamer - squid - content-server + +- name: Create pulp deployment (workaround for https://github.com/ansible/ansible/issues/40185) + k8s: + state: "{{ deployment_state }}" + definition: + apiVersion: v1 + kind: DeploymentConfig + metadata: + name: pulp-worker + namespace: "{{ project_name }}" + labels: + app: foreman + service: pulp-worker + spec: + template: + metadata: + labels: + app: foreman + service: pulp-worker + spec: + serviceAccount: anyuid + serviceAccountName: anyuid + containers: + - name: pulp-worker + securityContext: {} + state: present + volumeMounts: + - readOnly: false + mountPath: /var/lib/pulp + name: pulp-data + - readOnly: false + mountPath: /etc/puppet + name: puppet-data + image: "{{ registry }}/pulp-worker:latest" + volumes: + - name: pulp-data + persistentVolumeClaim: + claimName: pulp-data + - name: puppet-data + persistentVolumeClaim: + claimName: puppet-data + replicas: "{{ pulp_worker_count }}" + strategy: + type: Rolling + rollingParams: + timeoutSeconds: 900 diff --git a/containers/deploy/pulp/templates/pulp-worker.deployment.yaml b/containers/deploy/pulp/templates/pulp-worker.deployment.yaml deleted file mode 100644 index 4fcbe5c88fc..00000000000 --- a/containers/deploy/pulp/templates/pulp-worker.deployment.yaml +++ /dev/null @@ -1,42 +0,0 @@ ---- -apiVersion: v1 -kind: DeploymentConfig -metadata: - name: pulp-worker - namespace: "{{ project_name }}" - labels: - app: foreman - service: pulp-worker -spec: - template: - metadata: - labels: - app: foreman - service: pulp-worker - spec: - serviceAccount: anyuid - serviceAccountName: anyuid - containers: - - name: pulp-worker - securityContext: {} - state: present - volumeMounts: - - readOnly: false - mountPath: /var/lib/pulp - name: pulp-data - - readOnly: false - mountPath: /etc/puppet - name: puppet-data - image: "{{ registry }}/pulp-worker:latest" - volumes: - - name: pulp-data - persistentVolumeClaim: - claimName: pulp-data - - name: puppet-data - persistentVolumeClaim: - claimName: puppet-data - replicas: "{{ pulp_worker_count }}" - strategy: - type: Rolling - rollingParams: - timeoutSeconds: 900 diff --git a/containers/deploy/puppet/tasks/main.yml b/containers/deploy/puppet/tasks/main.yml index 72f39e809ec..5c7d0931341 100644 --- a/containers/deploy/puppet/tasks/main.yml +++ b/containers/deploy/puppet/tasks/main.yml @@ -1,13 +1,13 @@ --- - name: puppet service - k8s_raw: + k8s: state: "{{ deployment_state }}" definition: "{{ lookup('template', 'templates/' + item + '.service.yaml') | from_yaml }}" with_items: - puppet - name: puppet deployment - openshift_raw: + k8s: state: "{{ deployment_state }}" definition: "{{ lookup('template', 'templates/' + item + '.deployment.yaml') | from_yaml }}" with_items: diff --git a/containers/deploy/qpid/tasks/main.yml b/containers/deploy/qpid/tasks/main.yml index cc44ab2b06b..ef41e890d6a 100644 --- a/containers/deploy/qpid/tasks/main.yml +++ b/containers/deploy/qpid/tasks/main.yml @@ -1,13 +1,13 @@ --- - name: qpid service - k8s_raw: + k8s: state: "{{ deployment_state }}" definition: "{{ lookup('template', 'templates/' + item + '.service.yaml') | from_yaml }}" with_items: - qpid - name: qpid deployment - openshift_raw: + k8s: state: "{{ deployment_state }}" definition: "{{ lookup('template', 'templates/' + item + '.deployment.yaml') | from_yaml }}" with_items: diff --git a/containers/deploy/service-accounts/tasks/main.yml b/containers/deploy/service-accounts/tasks/main.yml index ce380aef08d..e5de9eee6c3 100644 --- a/containers/deploy/service-accounts/tasks/main.yml +++ b/containers/deploy/service-accounts/tasks/main.yml @@ -10,11 +10,8 @@ command: oc login -u developer -p a when: minishift or cluster_up -- name: Ensure on project - command: "oc project {{ project_name }}" - - name: anyuid service account - k8s_raw: + k8s: state: present force: false resource_definition: @@ -25,4 +22,18 @@ namespace: "{{ project_name }}" - name: Allow anyuid service account to create secrets - command: oc adm policy add-role-to-user edit -z anyuid + k8s: + definition: + apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: anyuid-edit + namespace: "{{ project_name }}" + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: edit + subjects: + - kind: ServiceAccount + name: anyuid + namespace: "{{ project_name }}"