-
Notifications
You must be signed in to change notification settings - Fork 50
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #9 from crenwick93/tower_install_ocp
Tower install ocp
- Loading branch information
Showing
10 changed files
with
361 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,121 @@ | ||
# redhat_cop.tower_utilities.install_ocp | ||
|
||
Ansible role to install Ansible Tower on OCP. | ||
|
||
## Requirements | ||
|
||
python >= 2.7 | ||
|
||
---PYTHON MODULES--- | ||
* openshift | ||
* kubernetes | ||
* PyYAML >= 3.11 | ||
* requests-oauthlib | ||
|
||
# OCP Requirements | ||
OpenShift 3.11+ | ||
|
||
Per pod default resource requirements: | ||
* 6GB RAM, | ||
* 3CPU cores | ||
|
||
A setup and running Openshift cluster | ||
|
||
Admin privileges for the account running the openshift installer (cluster-admin role is required) | ||
|
||
## Role Variables | ||
|
||
```yaml | ||
|
||
# The following parameters must be set to ensure a successful deployment | ||
|
||
# Directory from which Tower installation will launch | ||
tower_working_location: "/var/tmp" | ||
|
||
# Location of tower version to install | ||
tower_ocp_releases_url: https://releases.ansible.com/ansible-tower/setup_openshift/ | ||
tower_ocp_setup_file: ansible-tower-openshift-setup-{{ tower_release_version }}.tar.gz | ||
|
||
# This will create or update a default admin (superuser) account in Tower | ||
admin_user: 'admin' | ||
admin_password: 'mypassword' | ||
|
||
# Tower Secret key | ||
# It's *very* important that this stay the same between upgrades or you will lose | ||
# the ability to decrypt your credentials | ||
secret_key: 'mysecretkey' | ||
|
||
# Database Settings | ||
# ================= | ||
|
||
# Set pg_hostname if you have an external postgres server, otherwise | ||
# a new postgres service will be created | ||
# pg_hostname=postgresql | ||
|
||
# If using an external database, provide your existing credentials. | ||
# If you choose to use the provided containerized Postgres depolyment, these | ||
# values will be used when provisioning the database. | ||
pg_username: 'awx' | ||
pg_password: 'awx' | ||
pg_database: 'tower' | ||
pg_port: 5432 | ||
pg_sslmode: 'prefer' # set to 'verify-full' for client-side enforced SSL | ||
|
||
# Note: The user running this installer will need cluster-admin privileges. | ||
# Tower's job execution container requires running in privileged mode, | ||
# and a service account must be created for auto peer-discovery to work. | ||
|
||
# Deploy into Openshift | ||
# ===================== | ||
|
||
openshift_host: https://openshift.example.com | ||
openshift_skip_tls_verify: false | ||
openshift_project: tower | ||
openshift_user: admin | ||
|
||
# Optional containerised Postgres DB settings | ||
# ============================= | ||
# Skip this section if you BYO database. This is only used when you want the | ||
# installer to deploy a containerized Postgres deployment inside of your | ||
# OpenShift cluster. This is only recommended if you have experience storing and | ||
# managing persistent data in containerized environments. | ||
# | ||
# Choose a name for the pg persistant volume claim to be created: | ||
openshift_pg_pvc_name: postgresql | ||
# Openshift Persistant Volume Claim Size | ||
pvc_claim_size: 10Gi | ||
|
||
``` | ||
## Example Playbook | ||
The following playbook and accompanying vars file containing the defined seed objects above, can be invoked in the following manner. It is best practice to give the password at runtime to ensure the password is not saved in the inventory. | ||
The playbook should be run in one of the following ways, dependant upon if you are using a token or password to access the openshift cluster | ||
```sh | ||
$ ansible-playbook playbook.yml -e @tower_vars.yml -e openshift_password=password | ||
``` | ||
```sh | ||
$ ansible-playbook playbook.yml -e @tower_vars.yml -e openshift_token=example-token | ||
``` | ||
|
||
```yaml | ||
--- | ||
# Playbook to install Ansible Tower as a single node | ||
|
||
- name: Install Ansible Tower on OCP | ||
hosts: localhost | ||
become: true | ||
vars: | ||
tower_release_version: 3.7.2-1 | ||
roles: | ||
- install_ocp | ||
``` | ||
## License | ||
MIT | ||
## Author Information | ||
Chris Renwick |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,46 @@ | ||
--- | ||
# defaults file for ansible-tower-manage | ||
|
||
############################################################ | ||
# Tower Installation Vars # | ||
############################################################ | ||
|
||
# Working location for installation files | ||
tower_working_location: "/var/tmp" | ||
|
||
# vars file for install_ocp | ||
tower_ocp_releases_url: https://releases.ansible.com/ansible-tower/setup_openshift/ | ||
tower_ocp_setup_file: ansible-tower-openshift-setup-{{ tower_release_version }}.tar.gz | ||
|
||
# Tower variables | ||
tower_admin_user: "admin" | ||
tower_admin_password: "password" | ||
|
||
# Tower secret key | ||
tower_secret_key: "mysecret" | ||
|
||
# Postgresql variables | ||
|
||
# pg_hostname: pg.tower.example.com | ||
tower_pg_database: "awx" | ||
tower_pg_username: "awx" | ||
tower_pg_password: "password" | ||
tower_pg_port: 5432 | ||
tower_pg_sslmode: "prefer" | ||
|
||
############################################################ | ||
# Openshift vars. # | ||
############################################################ | ||
|
||
# Note: The user running this installer will need cluster-admin privileges. | ||
# Tower's job execution container requires running in privileged mode, | ||
# and a service account must be created for auto peer-discovery to work. | ||
|
||
openshift_host: https://openshift.example.com | ||
openshift_skip_tls_verify: true | ||
openshift_project: tower | ||
openshift_user: kubeadmin | ||
|
||
# persistant volume for pg database details | ||
openshift_pg_pvc_name: postgresql | ||
pvc_claim_size: 10Gi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
--- | ||
galaxy_info: | ||
role_name: redhat_cop.tower_utilities.ocp_install | ||
author: Chris Renwick | ||
description: Role to install Ansible Tower on Openshift | ||
company: Red Hat | ||
|
||
license: license (MIT) | ||
|
||
min_ansible_version: 2.7 | ||
|
||
platforms: | ||
- name: EL | ||
versions: | ||
- 7 | ||
|
||
galaxy_tags: | ||
- linux | ||
- system | ||
- ansible | ||
|
||
dependencies: | ||
- role: redhat_cop.tower_utilities.pre_tasks | ||
vars: | ||
tower_releases_url: "{{ tower_ocp_releases_url }}" | ||
tower_setup_file: "{{ tower_ocp_setup_file }}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,86 @@ | ||
--- | ||
# Configure Tower on OCP | ||
- block: | ||
- name: "[Openshift] Log in (obtain access token)" | ||
k8s_auth: | ||
host: '{{ openshift_host }}' | ||
username: '{{ openshift_user }}' | ||
password: "{{ openshift_password }}" | ||
validate_certs: '{{ not openshift_skip_tls_verify }}' | ||
register: k8s_auth_results | ||
when: openshift_password is defined | ||
|
||
- name: "[Openshift] Set API token fact" | ||
set_fact: | ||
openshift_token: "{{ k8s_auth_results.k8s_auth.api_key }}" | ||
when: openshift_password is defined | ||
|
||
|
||
# Create tower project | ||
- name: "[Openshift] Create a k8s namespace" | ||
k8s: | ||
name: '{{ openshift_project }}' | ||
api_version: v1 | ||
api_key: "{{ openshift_token }}" | ||
kind: Namespace | ||
state: present | ||
|
||
# Template out Persistant Volume Claim | ||
- name: "Template out Persistant Volume Claim" | ||
template: | ||
src: postgres-pvc.j2 | ||
dest: "{{ tower_setup_dir }}/postgres-pvc.yml" | ||
when: openshift_pg_pvc_name is defined | ||
|
||
# Create Persistant Volume Claim | ||
- name: "[Openshift] Create a Persistant Volume Claim" | ||
k8s: | ||
namespace: '{{ openshift_project }}' | ||
state: present | ||
src: "{{ tower_setup_dir }}/postgres-pvc.yml" | ||
api_key: "{{ openshift_token }}" | ||
when: openshift_pg_pvc_name is defined | ||
|
||
# Create Inventory | ||
- name: "[Tower] Populate Tower Setup Inventory from Template" | ||
template: | ||
src: inventory.j2 | ||
dest: "{{ tower_setup_dir }}/inventory" | ||
|
||
# Run the Setup | ||
- name: "[Tower] Run the Ansible Tower Setup Program" | ||
become: true | ||
command: ./setup_openshift.sh -e "openshift_token={{ openshift_token }}" | ||
args: | ||
chdir: "{{ tower_setup_dir }}" | ||
async: 10000 | ||
poll: 20 | ||
changed_when: false # these will always run and will always report “changed” otherwise | ||
|
||
# Get route for Ansibe Tower | ||
- name: "[Openshift] Get route for Ansible Tower" | ||
k8s_info: | ||
kind: Route | ||
namespace: '{{ openshift_project }}' | ||
api_key: "{{ openshift_token }}" | ||
register: route_details | ||
|
||
- name: "[Tower] Wait for Ansible tower to be running." | ||
uri: | ||
url: "https://{{ route_details.resources.0.spec.host }}" | ||
status_code: 200 | ||
validate_certs: false | ||
register: result | ||
until: result.status == 200 | ||
retries: 90 | ||
delay: 10 | ||
|
||
always: | ||
- name: If login succeeded, try to log out (revoke access token) | ||
when: openshift_password is defined | ||
k8s_auth: | ||
host: '{{ openshift_host }}' | ||
state: absent | ||
api_key: "{{ openshift_token }}" | ||
validate_certs: '{{ not openshift_skip_tls_verify }}' | ||
... |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
--- | ||
# tasks file for ansible-tower-manage | ||
|
||
# | ||
# ----------------------------------------------------------------------------- | ||
# Install Tasks | ||
# ----------------------------------------------------------------------------- | ||
# | ||
|
||
- include: install_ocp.yml | ||
tags: | ||
- install-ocp |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,53 @@ | ||
localhost ansible_connection=local ansible_python_interpreter="/usr/bin/env python" | ||
|
||
[all:vars] | ||
|
||
# This will create or update a default admin (superuser) account in Tower | ||
admin_user='{{ tower_admin_user }}' | ||
admin_password='{{ tower_admin_password }}' | ||
|
||
# Tower Secret key | ||
# It's *very* important that this stay the same between upgrades or you will lose | ||
# the ability to decrypt your credentials | ||
secret_key='{{ tower_secret_key }}' | ||
|
||
# Database Settings | ||
# ================= | ||
|
||
# Set pg_hostname if you have an external postgres server, otherwise | ||
# a new postgres service will be created | ||
# pg_hostname=postgresql | ||
{% if pg_hostname is defined %} | ||
pg_hostname='{{ pg_hostname }}' | ||
{% endif %} | ||
|
||
# If using an external database, provide your existing credentials. | ||
# If you choose to use the provided containerized Postgres depolyment, these | ||
# values will be used when provisioning the database. | ||
pg_database='{{ tower_pg_database }}' | ||
pg_username='{{ tower_pg_username }}' | ||
pg_password='{{ tower_pg_password }}' | ||
pg_port='{{ tower_pg_port }}' | ||
pg_sslmode='{{ tower_pg_sslmode }}' # set to 'verify-full' for client-side enforced SSL | ||
|
||
# Note: The user running this installer will need cluster-admin privileges. | ||
# Tower's job execution container requires running in privileged mode, | ||
# and a service account must be created for auto peer-discovery to work. | ||
|
||
# Deploy into Openshift | ||
# ===================== | ||
|
||
openshift_host='{{ openshift_host }}' | ||
openshift_user='{{ openshift_user }}' | ||
openshift_project='{{ openshift_project }}' | ||
openshift_skip_tls_verify='{{ openshift_skip_tls_verify }}' | ||
|
||
# Skip this section if you BYO database. This is only used when you want the | ||
# installer to deploy a containerized Postgres deployment inside of your | ||
# OpenShift cluster. This is only recommended if you have experience storing and | ||
# managing persistent data in containerized environments. | ||
# | ||
# Name of a PVC you want to provision (If not using an external db) | ||
{% if openshift_pg_pvc_name is defined %} | ||
openshift_pg_pvc_name='{{ openshift_pg_pvc_name }}' | ||
{% endif %} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
apiVersion: "v1" | ||
kind: "PersistentVolumeClaim" | ||
metadata: | ||
name: "{{ openshift_pg_pvc_name }}" | ||
spec: | ||
accessModes: | ||
- "ReadWriteOnce" | ||
resources: | ||
requests: | ||
storage: "{{ pvc_claim_size }}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
--- | ||
# Use the default tower installation template | ||
pre_tasks_process_template: false |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -29,3 +29,4 @@ | |
template: | ||
src: inventory.j2 | ||
dest: "{{ tower_setup_dir }}/inventory" | ||
when: pre_tasks_process_template |