Skip to content

Commit

Permalink
Merge pull request #9 from crenwick93/tower_install_ocp
Browse files Browse the repository at this point in the history
Tower install ocp
  • Loading branch information
Tompage1994 authored Sep 14, 2020
2 parents c5e8cc9 + 9ed6595 commit 111be22
Show file tree
Hide file tree
Showing 10 changed files with 361 additions and 0 deletions.
121 changes: 121 additions & 0 deletions roles/install_ocp/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,121 @@
# redhat_cop.tower_utilities.install_ocp

Ansible role to install Ansible Tower on OCP.

## Requirements

python >= 2.7

---PYTHON MODULES---
* openshift
* kubernetes
* PyYAML >= 3.11
* requests-oauthlib

# OCP Requirements
OpenShift 3.11+

Per pod default resource requirements:
* 6GB RAM,
* 3CPU cores

A setup and running Openshift cluster

Admin privileges for the account running the openshift installer (cluster-admin role is required)

## Role Variables

```yaml

# The following parameters must be set to ensure a successful deployment

# Directory from which Tower installation will launch
tower_working_location: "/var/tmp"

# Location of tower version to install
tower_ocp_releases_url: https://releases.ansible.com/ansible-tower/setup_openshift/
tower_ocp_setup_file: ansible-tower-openshift-setup-{{ tower_release_version }}.tar.gz

# This will create or update a default admin (superuser) account in Tower
admin_user: 'admin'
admin_password: 'mypassword'

# Tower Secret key
# It's *very* important that this stay the same between upgrades or you will lose
# the ability to decrypt your credentials
secret_key: 'mysecretkey'

# Database Settings
# =================

# Set pg_hostname if you have an external postgres server, otherwise
# a new postgres service will be created
# pg_hostname=postgresql

# If using an external database, provide your existing credentials.
# If you choose to use the provided containerized Postgres depolyment, these
# values will be used when provisioning the database.
pg_username: 'awx'
pg_password: 'awx'
pg_database: 'tower'
pg_port: 5432
pg_sslmode: 'prefer' # set to 'verify-full' for client-side enforced SSL

# Note: The user running this installer will need cluster-admin privileges.
# Tower's job execution container requires running in privileged mode,
# and a service account must be created for auto peer-discovery to work.

# Deploy into Openshift
# =====================

openshift_host: https://openshift.example.com
openshift_skip_tls_verify: false
openshift_project: tower
openshift_user: admin

# Optional containerised Postgres DB settings
# =============================
# Skip this section if you BYO database. This is only used when you want the
# installer to deploy a containerized Postgres deployment inside of your
# OpenShift cluster. This is only recommended if you have experience storing and
# managing persistent data in containerized environments.
#
# Choose a name for the pg persistant volume claim to be created:
openshift_pg_pvc_name: postgresql
# Openshift Persistant Volume Claim Size
pvc_claim_size: 10Gi

```
## Example Playbook
The following playbook and accompanying vars file containing the defined seed objects above, can be invoked in the following manner. It is best practice to give the password at runtime to ensure the password is not saved in the inventory.
The playbook should be run in one of the following ways, dependant upon if you are using a token or password to access the openshift cluster
```sh
$ ansible-playbook playbook.yml -e @tower_vars.yml -e openshift_password=password
```
```sh
$ ansible-playbook playbook.yml -e @tower_vars.yml -e openshift_token=example-token
```

```yaml
---
# Playbook to install Ansible Tower as a single node

- name: Install Ansible Tower on OCP
hosts: localhost
become: true
vars:
tower_release_version: 3.7.2-1
roles:
- install_ocp
```
## License
MIT
## Author Information
Chris Renwick
46 changes: 46 additions & 0 deletions roles/install_ocp/defaults/main.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
---
# defaults file for ansible-tower-manage

############################################################
# Tower Installation Vars #
############################################################

# Working location for installation files
tower_working_location: "/var/tmp"

# vars file for install_ocp
tower_ocp_releases_url: https://releases.ansible.com/ansible-tower/setup_openshift/
tower_ocp_setup_file: ansible-tower-openshift-setup-{{ tower_release_version }}.tar.gz

# Tower variables
tower_admin_user: "admin"
tower_admin_password: "password"

# Tower secret key
tower_secret_key: "mysecret"

# Postgresql variables

# pg_hostname: pg.tower.example.com
tower_pg_database: "awx"
tower_pg_username: "awx"
tower_pg_password: "password"
tower_pg_port: 5432
tower_pg_sslmode: "prefer"

############################################################
# Openshift vars. #
############################################################

# Note: The user running this installer will need cluster-admin privileges.
# Tower's job execution container requires running in privileged mode,
# and a service account must be created for auto peer-discovery to work.

openshift_host: https://openshift.example.com
openshift_skip_tls_verify: true
openshift_project: tower
openshift_user: kubeadmin

# persistant volume for pg database details
openshift_pg_pvc_name: postgresql
pvc_claim_size: 10Gi
26 changes: 26 additions & 0 deletions roles/install_ocp/meta/main.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
---
galaxy_info:
role_name: redhat_cop.tower_utilities.ocp_install
author: Chris Renwick
description: Role to install Ansible Tower on Openshift
company: Red Hat

license: license (MIT)

min_ansible_version: 2.7

platforms:
- name: EL
versions:
- 7

galaxy_tags:
- linux
- system
- ansible

dependencies:
- role: redhat_cop.tower_utilities.pre_tasks
vars:
tower_releases_url: "{{ tower_ocp_releases_url }}"
tower_setup_file: "{{ tower_ocp_setup_file }}"
86 changes: 86 additions & 0 deletions roles/install_ocp/tasks/install_ocp.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,86 @@
---
# Configure Tower on OCP
- block:
- name: "[Openshift] Log in (obtain access token)"
k8s_auth:
host: '{{ openshift_host }}'
username: '{{ openshift_user }}'
password: "{{ openshift_password }}"
validate_certs: '{{ not openshift_skip_tls_verify }}'
register: k8s_auth_results
when: openshift_password is defined

- name: "[Openshift] Set API token fact"
set_fact:
openshift_token: "{{ k8s_auth_results.k8s_auth.api_key }}"
when: openshift_password is defined


# Create tower project
- name: "[Openshift] Create a k8s namespace"
k8s:
name: '{{ openshift_project }}'
api_version: v1
api_key: "{{ openshift_token }}"
kind: Namespace
state: present

# Template out Persistant Volume Claim
- name: "Template out Persistant Volume Claim"
template:
src: postgres-pvc.j2
dest: "{{ tower_setup_dir }}/postgres-pvc.yml"
when: openshift_pg_pvc_name is defined

# Create Persistant Volume Claim
- name: "[Openshift] Create a Persistant Volume Claim"
k8s:
namespace: '{{ openshift_project }}'
state: present
src: "{{ tower_setup_dir }}/postgres-pvc.yml"
api_key: "{{ openshift_token }}"
when: openshift_pg_pvc_name is defined

# Create Inventory
- name: "[Tower] Populate Tower Setup Inventory from Template"
template:
src: inventory.j2
dest: "{{ tower_setup_dir }}/inventory"

# Run the Setup
- name: "[Tower] Run the Ansible Tower Setup Program"
become: true
command: ./setup_openshift.sh -e "openshift_token={{ openshift_token }}"
args:
chdir: "{{ tower_setup_dir }}"
async: 10000
poll: 20
changed_when: false # these will always run and will always report “changed” otherwise

# Get route for Ansibe Tower
- name: "[Openshift] Get route for Ansible Tower"
k8s_info:
kind: Route
namespace: '{{ openshift_project }}'
api_key: "{{ openshift_token }}"
register: route_details

- name: "[Tower] Wait for Ansible tower to be running."
uri:
url: "https://{{ route_details.resources.0.spec.host }}"
status_code: 200
validate_certs: false
register: result
until: result.status == 200
retries: 90
delay: 10

always:
- name: If login succeeded, try to log out (revoke access token)
when: openshift_password is defined
k8s_auth:
host: '{{ openshift_host }}'
state: absent
api_key: "{{ openshift_token }}"
validate_certs: '{{ not openshift_skip_tls_verify }}'
...
12 changes: 12 additions & 0 deletions roles/install_ocp/tasks/main.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
---
# tasks file for ansible-tower-manage

#
# -----------------------------------------------------------------------------
# Install Tasks
# -----------------------------------------------------------------------------
#

- include: install_ocp.yml
tags:
- install-ocp
53 changes: 53 additions & 0 deletions roles/install_ocp/templates/inventory.j2
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
localhost ansible_connection=local ansible_python_interpreter="/usr/bin/env python"

[all:vars]

# This will create or update a default admin (superuser) account in Tower
admin_user='{{ tower_admin_user }}'
admin_password='{{ tower_admin_password }}'

# Tower Secret key
# It's *very* important that this stay the same between upgrades or you will lose
# the ability to decrypt your credentials
secret_key='{{ tower_secret_key }}'

# Database Settings
# =================

# Set pg_hostname if you have an external postgres server, otherwise
# a new postgres service will be created
# pg_hostname=postgresql
{% if pg_hostname is defined %}
pg_hostname='{{ pg_hostname }}'
{% endif %}

# If using an external database, provide your existing credentials.
# If you choose to use the provided containerized Postgres depolyment, these
# values will be used when provisioning the database.
pg_database='{{ tower_pg_database }}'
pg_username='{{ tower_pg_username }}'
pg_password='{{ tower_pg_password }}'
pg_port='{{ tower_pg_port }}'
pg_sslmode='{{ tower_pg_sslmode }}' # set to 'verify-full' for client-side enforced SSL

# Note: The user running this installer will need cluster-admin privileges.
# Tower's job execution container requires running in privileged mode,
# and a service account must be created for auto peer-discovery to work.

# Deploy into Openshift
# =====================

openshift_host='{{ openshift_host }}'
openshift_user='{{ openshift_user }}'
openshift_project='{{ openshift_project }}'
openshift_skip_tls_verify='{{ openshift_skip_tls_verify }}'

# Skip this section if you BYO database. This is only used when you want the
# installer to deploy a containerized Postgres deployment inside of your
# OpenShift cluster. This is only recommended if you have experience storing and
# managing persistent data in containerized environments.
#
# Name of a PVC you want to provision (If not using an external db)
{% if openshift_pg_pvc_name is defined %}
openshift_pg_pvc_name='{{ openshift_pg_pvc_name }}'
{% endif %}
10 changes: 10 additions & 0 deletions roles/install_ocp/templates/postgres-pvc.j2
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
apiVersion: "v1"
kind: "PersistentVolumeClaim"
metadata:
name: "{{ openshift_pg_pvc_name }}"
spec:
accessModes:
- "ReadWriteOnce"
resources:
requests:
storage: "{{ pvc_claim_size }}"
3 changes: 3 additions & 0 deletions roles/install_ocp/vars/main.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
---
# Use the default tower installation template
pre_tasks_process_template: false
3 changes: 3 additions & 0 deletions roles/pre_tasks/defaults/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,9 @@ tower_working_location: "/var/tmp"
# Tower variables
tower_admin_password: "password"

# Use the default tower installation template
pre_tasks_process_template: True

# Postgresql variables
tower_pg_database: "awx"
tower_pg_username: "awx"
Expand Down
1 change: 1 addition & 0 deletions roles/pre_tasks/tasks/pre_tasks.yml
Original file line number Diff line number Diff line change
Expand Up @@ -29,3 +29,4 @@
template:
src: inventory.j2
dest: "{{ tower_setup_dir }}/inventory"
when: pre_tasks_process_template

0 comments on commit 111be22

Please sign in to comment.