OpenShift Resources Role

create-openshift-resources.yml

@@ -0,0 +1,7 @@
+---
+- name: "Create OpenShift Resources"
+  hosts: localhost
+
+  roles:
+  - openshift-defaults
+  - create-openshift-resources

files/default-vars-tower.json

@@ -0,0 +1,99 @@
+{
+  "docker": {
+    "common": {
+      "client_binary": "docker"
+    },
+    "registry": {
+      "host": "registry.apps.env2-1.innovation.labs.redhat.com"
+    },
+    "user": {
+      "email": "Rhc-open-innovation-labs@redhat.com"
+    }
+  },
+  "openshift": {
+    "common": {
+      "client_binary": "oc"
+    }
+  },
+  "openshift_host_env": "master1.env2-1.innovation.labs.redhat.com",
+  "openshift_resources_to_create": {
+    "projects": [
+      {
+        "apps": [
+          {
+            "base_image": "openshift/php",
+            "context_dir": "website",
+            "git_url": "https://github.com/sherl0cks/infographic.git",
+            "name": "web"
+          },
+          {
+            "base_image": "openshift/nodejs",
+            "git_url": "https://github.com/sherl0cks/infographic-node-app.git",
+            "name": "node-app"
+          }
+        ],
+        "display_name": "Infographic - Holmes",
+        "name": "infographic-holmes"
+      },
+      {
+        "apps": [
+          {
+            "base_image": "openshift/nodejs",
+            "git_url": "https://github.com/mcanoy/infographic-node-app.git",
+            "name": "node-app"
+          }
+        ],
+        "display_name": "Infographic - McAnoy",
+        "name": "infographic-mcanoy"
+      },
+      {
+        "apps": [
+          {
+            "base_image": "openshift/php",
+            "context_dir": "website",
+            "git_url": "https://github.com/rht-labs/infographic.git",
+            "name": "web"
+          },
+          {
+            "base_image": "openshift/nodejs",
+            "git_url": "https://github.com/rht-labs/infographic-node-app.git",
+            "name": "node-app"
+          }
+        ],
+        "build_environment": true,
+        "display_name": "Infographic - Dev",
+        "name": "infographic-dev"
+      },
+      {
+        "apps": [
+          {
+            "base_image": "web",
+            "name": "web"
+          },
+          {
+            "base_image": "node-app",
+            "name": "node-app"
+          }
+        ],
+        "display_name": "Infographic - Stage",
+        "name": "infographic-stage",
+        "promotion_environment": true
+      },
+      {
+        "apps": [
+          {
+            "base_image": "web",
+            "name": "web"
+          },
+          {
+            "base_image": "node-app",
+            "name": "node-app"
+          }
+        ],
+        "display_name": "Infographic - Prod",
+        "name": "infographic-prod",
+        "promotion_environment": true
+      }
+    ]
+  }
+}

roles/create-openshift-resources/tasks/create_app.yml

@@ -0,0 +1,96 @@
+---
+- name: Fail for Missing git url and base image
+  fail: msg="This role requires app.git_url or app.base_image to be set and non empty"
+  when: app.git_url is not defined and app.base_image is not defined
+
+- name: Fail for Missing app name
+  fail: msg="This role requires app.name to be set and non empty"
+  when: app.name is not defined and app.name == ''
+
+- name: Fail for Missing project name
+  fail: msg="This role requires project.name to be set and non empty"
+  when: project.name is not defined and project.name == ''  
+
+- name: "Set App Basic Facts"
+  set_fact:
+    app_options: ''
+    app_source: ''
+
+- name: "Set App Source with Git Url and Base Image" 
+  set_fact:
+    app_source: "{{ app.base_image }}~{{ app.git_url }}"
+  when: app.git_url is defined and app.git_url != '' and app.base_image is defined and app.base_image != ''
+
+- name: "Set App Source with only Base Image"
+  set_fact:
+    app_options: "{{ app_options }} --image-stream={{ app.base_image }}"
+  when: (app.base_image is defined and app.base_image != '') and (app.git_url is not defined or app.git_url == '')
+
+- name: "Set App Source with only Git Url"
+  set_fact:
+    app_source: "{{ app.git_url }}"
+  when: (app.git_url is defined and app.git_url != '') and (app.base_image is not defined or app.base_image == '')   
+
+- name: "Add context-dir Option"
+  set_fact: 
+    app_options: "{{ app_options }} --context-dir={{ app.context_dir }}"
+  when: app.context_dir is defined and app.context_dir != ''  
+
+- name: "Add name Option"
+  set_fact: 
+    app_options: "{{ app_options }} --name={{ app.name }}"
+  when: app.name is defined and app.name != ''  
+
+- name: "Determine if {{ app.name }} App Exists"
+  command: >
+     {{ openshift.common.client_binary }} get dc {{ app.name }} -n {{ project.name }} -o json
+  register: get_app_name_result
+  failed_when: false
+  changed_when: false
+
+# This covers the corner case where we are making an app from an imagestream in the same workspace 
+# Was useful in testing, not sure if really needed
+- name: "Determine if {{ app.base_image }} Imagestream Exists"
+  command: >
+     {{ openshift.common.client_binary }} get istag {{ app.base_image }}:latest -n {{ project.name }} -o json
+  register: get_imagestream_result
+  when: ( not ('/' in app.base_image) ) and build_project_name == project.name
+  failed_when: false
+  changed_when: false
+  until: get_imagestream_result.rc == 0
+  retries: 12
+  delay: 5
+  ignore_errors: yes
+
+## This is confusing to me. Dunno why the app_item is not passed to the includes context...
+- name: Set Facts Not Sure Why
+  set_fact:
+    app_name: "{{ app.name }}"
+    project_name: "{{ project.name }}"
+  when: get_app_name_result.rc == 1 and project.promotion_environment is defined and project.promotion_environment == true  
+
+- include: promote_image.yml 
+  when: get_app_name_result.rc == 1 and project.promotion_environment is defined and project.promotion_environment == true
+
+- name: "Create App: {{ app.name }}"
+  command: >
+    {{ openshift.common.client_binary }} new-app {{ app_source }} -n {{ project.name }} {{ app_options }} 
+  when: get_app_name_result.rc == 1
+  register: create_app_result
+
+- name: "Expose App: {{ app.name }}"
+  command: >
+    {{ openshift.common.client_binary }} expose service {{ app.name }} -n {{ project.name }} 
+  when: get_app_name_result.rc == 1 and create_app_result.rc == 0   
+
+  # TODO Add a check here to make sure build passed
+
+- name: "Wait For Image To Be Published if Build Environment"
+  command: >
+     {{ openshift.common.client_binary }} get istag {{ app.name }}:latest -n {{ project.name }} -o json
+  register: get_build_imagestream_result
+  when: build_project_name == project.name and app.git_url is defined and app.git_url != ''
+  changed_when: false
+  until: get_build_imagestream_result.rc == 0
+  retries: 60
+  delay: 5 # this is 5 min

roles/create-openshift-resources/tasks/create_project.yml

@@ -0,0 +1,36 @@
+---
+- name: Fail for Missing Project Name
+  fail: msg="This role requires project.name to be set and non empty"
+  when: project.name is not defined or project.name == ''
+
+- name: "Set Basic Project Facts"
+  set_fact:
+    project_options: ''
+
+- name: "Create Imagestream Fact For Build Environment"    
+  set_fact:  
+    imagestream_names: []
+    build_project_name: "{{ project.name }}"
+  when: project.build_environment is defined and project.build_environment == true  
+
+- name: "Add display-name Option"
+  set_fact: 
+    project_options: "{{ project_options }} --display-name='{{ project.display_name }}'"
+  when: project.display_name is defined and project.display_name != ''  
+
+- name: "Determine If {{ project.name }} Project Exists"
+  command: >
+     {{ openshift.common.client_binary }} get project {{ project.name }} -o json
+  register: project_name_taken
+  failed_when: false
+  changed_when: false
+
+- name: "Create Project {{ project.name }}"
+  when: project_name_taken.rc == 1
+  command: >
+    {{ openshift.common.client_binary }} new-project {{ project.name }} {{ project_options }}
+
+- include: create_app.yml app={{ app_item }}
+  with_items: '{{ project.apps }}' 
+  loop_control:
+    loop_var: app_item 

roles/create-openshift-resources/tasks/main.yml

@@ -0,0 +1,35 @@
+---
+#### Defensive Programming
+# https://github.com/openshift/openshift-ansible/blob/master/docs/best_practices_guide.adoc
+
+- name: Fail for Missing User Name
+  fail: msg="This role requires openshift_user to be set and non empty"
+  when: openshift_user is not defined or openshift_user == ''
+
+- name: Fail for Missing Password
+  fail: msg="This role requires openshift_password to be set and non empty"
+  when: openshift_password is not defined or openshift_password == ''
+
+- name: Fail for Missing OpenShift Host Env
+  fail: msg="This role requires openshift_host_env to be set and non empty"
+  when: openshift_host_env is not defined or openshift_host_env == ""
+
+- name: Fail for Missing OpenShift Resources
+  fail: msg="This role requires openshift_resources_to_create to be set and non empty"
+  when: openshift_resources_to_create is not defined or openshift_resources_to_create == ""
+
+- name: Fail for Missing OpenShift Projects
+  fail: msg="This role requires openshift_resources_to_create.projects to be set and non empty"
+  when: openshift_resources_to_create.projects is not defined or openshift_resources_to_create.projects == ""
+
+
+- name: "Log in to OpenShift Client"
+  command: >
+    {{ openshift.common.client_binary }} login {{ openshift_host_env }} 
+    --insecure-skip-tls-verify=true --username={{ openshift_user }} --password={{ openshift_password }}
+  changed_when: False
+
+- include: create_project.yml project={{ project_item }}
+  with_items: '{{ openshift_resources_to_create.projects }}'
+  loop_control:
+    loop_var: project_item 

roles/create-openshift-resources/tasks/promote_image.yml

@@ -0,0 +1,39 @@
+---
+# TODO: we could push the docker login up to main so that it is done few times. 
+# the problem is that requires every run to have a docker registry defined.
+# some users may only want to create "build" environment and not "promotion" environments,
+# so this may get in the way if we login into the registry when its not needed
+- name: Get User Token
+  command: >
+    {{ openshift.common.client_binary }} whoami -t 
+  register: user_token_results
+
+- name: Login To OpenShift Docker Registry
+  command: >
+    {{ docker.common.client_binary }} login -u={{ openshift_user }} -e={{ docker.user.email }} -p={{ user_token_results.stdout }} {{ docker.registry.host }}
+
+- name: Set Docker Image Names
+  set_fact:
+    build_image_name: "{{ docker.registry.host }}/{{ build_project_name }}/{{ app_name}}" 
+    promotion_image_name: "{{ docker.registry.host }}/{{ project_name }}/{{ app_name }}"
+
+- name: Pull Build Environment Image
+  docker_image:
+    name: "{{ build_image_name }}"
+
+# Docker push doesn't work right until ansible 2.2, so we need to do the below in commands
+# This is docker 1.10 syntax. We don't support docker 1.9 right now
+# crappy syntax here between go templates and jenga templates
+
+- name: Retrieve Build Image ID
+  command: >
+    {{ docker.common.client_binary }} images --format '{{ '{{' }} .ID {{ '}}' }}' {{ build_image_name }}:latest
+  register: docker_tag_image_result
+
+- name: Tag Build Image With Promotion Image
+  command: >
+    {{ docker.common.client_binary }} tag {{ docker_tag_image_result.stdout }} {{ promotion_image_name }}:latest
+
+- name: Push Image to Promotion Environment
+  command: >
+    {{ docker.common.client_binary }} push {{ promotion_image_name }}