diff --git a/ansible/configs/zero-touch-base-rhel/post_software.yml b/ansible/configs/zero-touch-base-rhel/post_software.yml index 7c1518970b3..17094ac48fc 100644 --- a/ansible/configs/zero-touch-base-rhel/post_software.yml +++ b/ansible/configs/zero-touch-base-rhel/post_software.yml @@ -66,7 +66,7 @@ wait_condition: type: Ready status: "True" - wait_timeout: 300 + wait_timeout: "{{ ocp4_workload_showroom_namespace_wait_ready | default(600) }}" - name: Deploy user setup hosts: localhost diff --git a/ansible/configs/zero-touch-base-rhel/pre_software.yml b/ansible/configs/zero-touch-base-rhel/pre_software.yml index 213482a96b0..066a37d9dfe 100644 --- a/ansible/configs/zero-touch-base-rhel/pre_software.yml +++ b/ansible/configs/zero-touch-base-rhel/pre_software.yml @@ -38,7 +38,10 @@ tasks: - name: Setup Repositories - when: repo_method is defined + when: + - repo_method is defined + - instances | selectattr('name', 'equalto', ansible_host ) | selectattr('register_satellite', 'defined') | map(attribute='register_satellite') | first | default(true) | bool + ansible.builtin.import_role: name: set-repositories @@ -52,8 +55,8 @@ ansible.builtin.import_role: name: set_env_authorized_key -- name: Configuring Bastion Hosts - hosts: bastions +- name: Configuring Hosts + hosts: bastions:nodes become: true tags: - step004 @@ -165,7 +168,8 @@ - name: copy the environment .pem key ansible.builtin.copy: - src: "{{ hostvars.localhost.env_authorized_key_path }}" + src: "{{ hostvars.localhost.ssh_provision_key_path + | default(hostvars.localhost.env_authorized_key_path) }}" dest: "/root/.ssh/{{ env_authorized_key }}.pem" owner: "root" group: "root" @@ -173,7 +177,8 @@ - name: copy the environment .pub key ansible.builtin.copy: - content: "{{ hostvars.localhost.env_authorized_key_content_pub }}" + content: "{{ hostvars.localhost.ssh_provision_pubkey_content + | default(hostvars.localhost.env_authorized_key_content_pub) }}" dest: "/root/.ssh/{{ env_authorized_key }}.pub" owner: "root" group: "root" diff --git a/ansible/configs/zero-touch-base-rhel/software.yml b/ansible/configs/zero-touch-base-rhel/software.yml index d968e99b4cf..7c01cad0f2c 100644 --- a/ansible/configs/zero-touch-base-rhel/software.yml +++ b/ansible/configs/zero-touch-base-rhel/software.yml @@ -15,6 +15,22 @@ ansible.builtin.debug: msg: "Software tasks Started" +- name: Install packages defined in the instances + hosts: all:!isolated + gather_facts: false + become: true + tasks: + - name: Setup Red Hat packages for each host + when: instances | selectattr('name', 'equalto', ansible_host ) | selectattr('packages', 'defined') | map(attribute='packages') | default([]) | list | length > 0 + ansible.builtin.dnf: + state: present + name: "{{ instances | selectattr('name', 'equalto', ansible_host ) | map(attribute='packages') | from_yaml | flatten }}" + register: r_dnf_packages + until: r_dnf_packages is succeeded + retries: 5 + delay: 10 + + # ---------------------------------------------------------------------- # Software Workloads as role # ---------------------------------------------------------------------- diff --git a/ansible/roles/showroom/tasks/40-showroom-render.yml b/ansible/roles/showroom/tasks/40-showroom-render.yml index 82a5fbba6dd..e354e392631 100644 --- a/ansible/roles/showroom/tasks/40-showroom-render.yml +++ b/ansible/roles/showroom/tasks/40-showroom-render.yml @@ -5,41 +5,6 @@ path: "{{ showroom_user_content_dir }}/default-site.yml" register: default_site_stat -- name: Ensure output.dir is set to ./www/www for zero-touch - when: - - default_site_stat.stat.exists - - showroom_ui == "zero-touch" - block: - - - name: Read default-site.yml - ansible.builtin.slurp: - path: "{{ showroom_user_content_dir }}/default-site.yml" - register: default_site_raw - - - name: Decode YAML content - ansible.builtin.set_fact: - default_site_data: "{{ default_site_raw.content | b64decode | from_yaml }}" - - - name: Update output.dir to ./www/www - ansible.builtin.set_fact: - default_site_data: >- - {{ - default_site_data | combine({ - 'output': (default_site_data.output | default({})) | combine({ - 'dir': './www/www' - }) - }, recursive=True) - }} - - - name: Write updated default-site.yml - ansible.builtin.copy: - content: "{{ default_site_data | to_nice_yaml(indent=2) }}" - dest: "{{ showroom_user_content_dir }}/default-site.yml" - backup: yes - owner: "{{ showroom_user }}" - group: "{{ showroom_user_group }}" - mode: "u=rw,g=r,o=r" - - name: Render asciidoc via antora container using the default-site.yml containers.podman.podman_container: name: container @@ -128,7 +93,7 @@ register: zero_touch_config_stat - name: Create a symbolic link for zero-touch-config.yml if it exists - ansible.builtin.copy: + ansible.builtin.file: src: "{{ showroom_user_content_dir }}/zero-touch-config.yml" dest: "{{ showroom_user_content_dir }}/www/zero-touch-config.yml" mode: "u=rw,g=r,o=r" @@ -139,7 +104,7 @@ when: zero_touch_config_stat.stat.exists - name: Create a symbolic link to ui-config.yml as fallback - ansible.builtin.copy: + ansible.builtin.file: src: "{{ showroom_user_content_dir }}/ui-config.yml" dest: "{{ showroom_user_content_dir }}/www/ui-config.yml" mode: "u=rw,g=r,o=r" @@ -168,3 +133,5 @@ line: | [network] default_rootless_network_cmd = "slirp4netns" + [engine] + network_cmd_options = ["cidr=10.0.3.0/24"] diff --git a/ansible/roles_ocp_workloads/ocp4_workload_showroom/README.adoc b/ansible/roles_ocp_workloads/ocp4_workload_showroom/README.adoc index 6aa6f15dcd6..22b545cb45c 100644 --- a/ansible/roles_ocp_workloads/ocp4_workload_showroom/README.adoc +++ b/ansible/roles_ocp_workloads/ocp4_workload_showroom/README.adoc @@ -7,7 +7,7 @@ ** Deploying to our OCP 410 shared OCP Cluster: <> * One or multiple OpenShift users, autodetected. * Deploy the showroom helm chart https://github.com/rhpds/showroom-deployer/charts/showroom-single-pod -* Supports deployment via helm cli (will be installed if not there). +* Supports deployment via OpenShift GitOps (ArgoCD) or a locally installed helm cli (will be installed if not there). * Supports multiple deployment options ** Just lab content ** Lab content and a Wetty terminal that can be configured to automatically ssh to a bastion @@ -79,12 +79,21 @@ ocp4_workload_showroom_deployer_chart_version: "1.0.0" == Picking Deployment Type If you don't pick a deployment type the default is `helm` cli locally (on the bastion) If `helm` is not available it will be installed first. + +To use `ArgoCD` you need to give the right permissions to the system ArgoCd by using the workload and workload options as specified. + .Example [source,yaml] ---- -# How to deploy Showroom. Options are `helm` -ocp4_workload_showroom_deployment_type: helm +# How to deploy Showroom. Options are `helm` and `argocd` +# For `argocd' ocop4_workload_openshift_gitops must have been deployed first with the following options: +# (OpenShift GitOps 1.10 or newer is preferred but it should work just as well with older versions) +# ocp4_workload_openshift_gitops_channel: gitops-1.10 +# ocp4_workload_openshift_gitops_setup_cluster_admin: true +# ocp4_workload_openshift_gitops_update_route_tls: true +# ocp4_workload_openshift_gitops_rbac_update: true +# Deploying using `argocd` without these options will fail +ocp4_workload_showroom_deployment_type: argocd ---- == Show just lab instructions (whole window) diff --git a/ansible/roles_ocp_workloads/ocp4_workload_showroom/defaults/main.yaml b/ansible/roles_ocp_workloads/ocp4_workload_showroom/defaults/main.yaml index 8f6e0e35a39..5a0e643d3bf 100644 --- a/ansible/roles_ocp_workloads/ocp4_workload_showroom/defaults/main.yaml +++ b/ansible/roles_ocp_workloads/ocp4_workload_showroom/defaults/main.yaml @@ -48,7 +48,7 @@ ocp4_workload_showroom_terminal_requests_memory: 256Mi ocp4_workload_showroom_terminal_limits_cpu: 500m ocp4_workload_showroom_terminal_limits_memory: 1Gi -ocp4_workload_showroom_content_image: ghcr.io/rhpds/showroom-content:prod +ocp4_workload_showroom_content_image: ghcr.io/agonzalezrh/showroom-content:latest # Showroom Terminal Image. Options include: # - quay.io/rhpds/openshift-showroom-terminal-ocp:latest @@ -77,7 +77,14 @@ ocp4_workload_showroom_novnc_limits_memory: 256Mi # Usually `showroom-proxy` for multi-pod deployment and `showroom` for single pod deployment ocp4_workload_showroom_service_name: "{{ ocp4_workload_showroom_name }}" -# How to deploy Showroom. Options are `helm` +# How to deploy Showroom. Options are `helm` and `argocd` +# For `argocd' ocop4_workload_openshift_gitops must have been deployed first with the following options: +# (OpenShift GitOps 1.10 or newer is preferred but it should work just as well with older versions) +# ocp4_workload_openshift_gitops_channel: gitops-1.10 +# ocp4_workload_openshift_gitops_setup_cluster_admin: true +# ocp4_workload_openshift_gitops_update_route_tls: true +# ocp4_workload_openshift_gitops_rbac_update: true +# Deploying using `argocd` without these options will fail ocp4_workload_showroom_deployment_type: helm # Helm Chart to use for Showroom. This needs to be a packaged chart in a registry. @@ -96,8 +103,12 @@ ocp4_workload_showroom_test_self_provisioner: false ocp4_workload_showroom_zero_touch_bundle: "" ocp4_workload_showroom_zero_touch_ui_enabled: false -ocp4_workload_showroom_use_sandbox_domain: false +ocp4_workload_showroom_cloud_image: quay.io/agonzalezrh/showroom-cloud:v0.0.6 +ocp4_workload_showroom_ironrdp_enable: false +ocp4_workload_showroom_ironrdp_image: quay.io/agonzalezrh/ironrdp:v0.0.2 + +ocp4_workload_showroom_automation_disable: false # defaults for _showroom_user_data so env destroys don't fail _showroom_user_data: diff --git a/ansible/roles_ocp_workloads/ocp4_workload_showroom/tasks/deploy-showroom-helm.yaml b/ansible/roles_ocp_workloads/ocp4_workload_showroom/tasks/deploy-showroom-helm.yaml index 34f045c950c..44b9c61dfc1 100644 --- a/ansible/roles_ocp_workloads/ocp4_workload_showroom/tasks/deploy-showroom-helm.yaml +++ b/ansible/roles_ocp_workloads/ocp4_workload_showroom/tasks/deploy-showroom-helm.yaml @@ -28,8 +28,13 @@ zero_touch_ui_enabled: "{{ ocp4_workload_showroom_zero_touch_ui_enabled | string | lower }}" guid: "{{ guid }}" + satellite: + url: "{{ satellite_url | default('') }}" + org: "{{ satellite_org | default('') }}" + activationkey: "{{ satellite_activationkey | default('') }}" deployer: - domain: "{{ _deployer_domain }}" + domain: "{{ sandbox_openshift_apps_domain | default(_deployer_domain) }}" + registry_pull_token: "{{ registry_pull_token | default('') }}" stacked_terminals: setup: "{{ ocp4_workload_showroom_stacked_terminals_enable | bool | string | lower }}" display_name: "{{ ocp4_workload_showroom_stacked_terminals_display_name }}" @@ -41,7 +46,7 @@ else false) | bool | string | lower }}" display_name: "{{ ocp4_workload_showroom_second_terminal_tab_display_name }}" terminal: - setup: "{{ (true if ocp4_workload_showroom_terminal_type == 'showroom' else false) | bool | string | lower }}" + setup: "true" image: "{{ ocp4_workload_showroom_terminal_image }}" resources: requests: @@ -67,6 +72,8 @@ sshUser: "{{ _showroom_user_data['users'][_showroom_user].bastion_ssh_user_name | default(_showroom_user_data.bastion_ssh_user_name) }}" sshPass: "{{ _showroom_user_data['users'][_showroom_user].bastion_ssh_password | default(_showroom_user_data.bastion_ssh_password) }}" sshPort: "{{ _showroom_user_data.bastion_ssh_port | default(22) }}" + sshOtherHosts: "{{ instances | selectattr('name') | map(attribute='name') | list | default([]) }}" + terminals: "{{ instances | selectattr('terminals', 'defined') | community.general.json_query('[].{name: name, terminals: terminals}') }}" novnc: setup: "{{ (true if ocp4_workload_showroom_novnc_enable | bool else false) | bool | string | lower }}" image: "{{ ocp4_workload_showroom_novnc_image }}" @@ -79,6 +86,36 @@ limits: cpu: "{{ ocp4_workload_showroom_novnc_limits_cpu }}" memory: "{{ ocp4_workload_showroom_novnc_limits_memory }}" + cloud: + setup: "{{ ('false' if auth_cloud_provider | default('none') == 'none' else 'true') | string | lower }}" + image: "{{ ocp4_workload_showroom_cloud_image }}" + auth_cloud_provider: "{{ auth_cloud_provider | default('none') }}" + aws_access_key_id: "{{ aws_sandbox_provision_data.aws_access_key_id | default('') }}" + aws_secret_access_key: "{{ aws_sandbox_provision_data.aws_secret_access_key | default('') }}" + aws_web_console_url: "{{ aws_sandbox_provision_data.aws_web_console_url | default('') }}" + aws_web_console_user_name: "{{ aws_sandbox_provision_data.aws_web_console_user_name | default('') }}" + aws_web_console_password: "{{ aws_sandbox_provision_data.aws_web_console_password | default('') }}" + aws_sandbox_account_id: "{{ aws_sandbox_provision_data.aws_sandbox_account_id | default('') }}" + aws_route53_domain: "{{ aws_sandbox_provision_data.aws_route53_domain | default('') }}" + aws_default_region: "{{ aws_sandbox_provision_data.aws_default_region | default('') }}" + azure_subscription: "{{ azure_sandbox_provision_data.azure_subscription | default('') }}" + azure_tenant: "{{ azure_sandbox_provision_data.azure_tenant_id | default('') }}" + azure_client_id: "{{ azure_sandbox_provision_data.azure_service_principal_id | default('') }}" + azure_password: "{{ azure_sandbox_provision_data.azure_service_principal_password | default('') }}" + azure_resourcegroup: "{{ azure_sandbox_provision_data.azure_resource_group | default('') }}" + + ironrdp: + setup: "{{ ('true' if ocp4_workload_showroom_ironrdp_enable | bool else 'false') | string | lower }}" + image: "{{ ocp4_workload_showroom_ironrdp_image }}" + server: "windows" + user: "Administrator" + password: "{{ _showroom_user_data.windows_password | default('') }}" + jetserver: "localhost:7171" + tokengenserver: "localhost:8081" + automation: + setup: "{{ ('false' if ocp4_workload_showroom_automation_disable | bool else 'true') | string | lower }}" + vault_password: "{{ _showroom_user_data.vault_password | default('') }}" + register: r_helm_templates diff --git a/ansible/roles_ocp_workloads/ocp4_workload_showroom/tasks/prepare-variables.yaml b/ansible/roles_ocp_workloads/ocp4_workload_showroom/tasks/prepare-variables.yaml index 003f824cb84..e407b30c723 100644 --- a/ansible/roles_ocp_workloads/ocp4_workload_showroom/tasks/prepare-variables.yaml +++ b/ansible/roles_ocp_workloads/ocp4_workload_showroom/tasks/prepare-variables.yaml @@ -55,36 +55,31 @@ loop_var: _services_item label: "{{ _services_item.name }}" -- name: Retrieve OpenShift Ingress - when: not ocp4_workload_showroom_use_sandbox_domain | default(false) +- name: Retrieve Ingress config + when: sandbox_openshift_apps_domain | default("") | length == 0 kubernetes.core.k8s_info: kubeconfig: "{{ _showroom_kubeconfig | default(omit) }}" - api_version: config.openshift.io/v1 + api_version: 'config.openshift.io/v1' kind: Ingress name: cluster register: r_ingress_config - until: - - r_ingress_config.resources.0 is defined - - r_ingress_config.resources | length > 0 - delay: 15 - retries: 60 - name: Get OpenShift Apps Domain (Non Equinix) when: - r_ingress_config.resources[0].spec.appsDomain is not defined - - not ocp4_workload_showroom_use_sandbox_domain | default(false) + - sandbox_openshift_apps_domain | default("") | length == 0 ansible.builtin.set_fact: _deployer_domain: "{{ r_ingress_config.resources[0].spec.domain }}" - name: Get OpenShift Apps Domain (Equinix) when: - r_ingress_config.resources[0].spec.appsDomain is defined - - not ocp4_workload_showroom_use_sandbox_domain | default(false) + - sandbox_openshift_apps_domain | default("") | length == 0 ansible.builtin.set_fact: _deployer_domain: "{{ r_ingress_config.resources[0].spec.appsDomain }}" - name: Set _deployer_domain when environment is CNV when: - - ocp4_workload_showroom_use_sandbox_domain | default(false) + - sandbox_openshift_apps_domain | default("") | length > 0 ansible.builtin.set_fact: _deployer_domain: "{{ sandbox_openshift_apps_domain }}" diff --git a/ansible/roles_ocp_workloads/ocp4_workload_showroom/tasks/remove_workload.yml b/ansible/roles_ocp_workloads/ocp4_workload_showroom/tasks/remove_workload.yml index 30be5e29371..127b26da9e8 100644 --- a/ansible/roles_ocp_workloads/ocp4_workload_showroom/tasks/remove_workload.yml +++ b/ansible/roles_ocp_workloads/ocp4_workload_showroom/tasks/remove_workload.yml @@ -11,6 +11,32 @@ - name: Prepare Variables ansible.builtin.include_tasks: prepare-variables.yaml +- name: Remove via Argo when present + when: ocp4_workload_showroom_deployment_type == "argocd" + block: + + - name: Remove showroom Application (single user) + when: + - _showroom_user_data.users is undefined + - _showroom_user_data.bastion_public_hostname is defined + - _showroom_user_data.bastion_ssh_password is defined + - _showroom_user_data.bastion_ssh_user_name is defined + kubernetes.core.k8s: + kubeconfig: "{{ _showroom_kubeconfig | default(omit) }}" + state: absent + definition: "{{ lookup('template', 'application.yaml.j2') }}" + + - name: Remove showroom ApplicationSet (multi user) + when: + - _showroom_user_data.users is defined + - _showroom_user_data.bastion_public_hostname is defined + - _showroom_user_data.bastion_ssh_password is defined + - _showroom_user_data.bastion_ssh_user_name is defined + kubernetes.core.k8s: + kubeconfig: "{{ _showroom_kubeconfig | default(omit) }}" + state: absent + definition: "{{ lookup('template', 'applicationset.yaml.j2') }}" + - name: Remove Projects (single user) when: not _showroom_user_data.users is defined kubernetes.core.k8s: diff --git a/ansible/roles_ocp_workloads/ocp4_workload_showroom/tasks/workload.yml b/ansible/roles_ocp_workloads/ocp4_workload_showroom/tasks/workload.yml index 6f7d72459ea..7babd779e76 100644 --- a/ansible/roles_ocp_workloads/ocp4_workload_showroom/tasks/workload.yml +++ b/ansible/roles_ocp_workloads/ocp4_workload_showroom/tasks/workload.yml @@ -18,6 +18,51 @@ - name: Prepare Variables ansible.builtin.include_tasks: prepare-variables.yaml +- name: Deploy via ArgoCD + when: ocp4_workload_showroom_deployment_type == "argocd" + block: + + - name: Check if ArgoCD has been installed + kubernetes.core.k8s_info: + kubeconfig: "{{ _showroom_kubeconfig | default(omit) }}" + api_version: argoproj.io/v1beta1 + kind: ArgoCD + name: openshift-gitops + namespace: openshift-gitops + register: r_argocd_present + + - name: Check if an older ArgoCD has been installed + kubernetes.core.k8s_info: + kubeconfig: "{{ _showroom_kubeconfig | default(omit) }}" + api_version: argoproj.io/v1alpha1 + kind: ArgoCD + name: openshift-gitops + namespace: openshift-gitops + register: r_old_argocd_present + + - name: Fail if no ArgoCD detected + when: not (r_argocd_present.resources | default([]) | length == 1 or r_old_argocd_present.resources | default([]) | length == 1) + ansible.builtin.fail: + msg: "ArgoCD Deployment requested yet no default ArgoCD installation found." + + - name: Debug showroom_user data + ansible.builtin.debug: + var: _showroom_user_data + + - name: Install showroom Application (single user) + when: not _showroom_user_data.users is defined + kubernetes.core.k8s: + kubeconfig: "{{ _showroom_kubeconfig | default(omit) }}" + state: present + definition: "{{ lookup('template', 'application.yaml.j2') }}" + + - name: Install showroom ApplicationSet (multi user) + when: _showroom_user_data.users is defined + kubernetes.core.k8s: + kubeconfig: "{{ _showroom_kubeconfig | default(omit) }}" + state: present + definition: "{{ lookup('template', 'applicationset.yaml.j2') }}" + - name: Deploy using Helm when: ocp4_workload_showroom_deployment_type == "helm" block: diff --git a/ansible/roles_ocp_workloads/ocp4_workload_showroom/templates/application.yaml.j2 b/ansible/roles_ocp_workloads/ocp4_workload_showroom/templates/application.yaml.j2 new file mode 100644 index 00000000000..4e097543b8b --- /dev/null +++ b/ansible/roles_ocp_workloads/ocp4_workload_showroom/templates/application.yaml.j2 @@ -0,0 +1,78 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: {{ ocp4_workload_showroom_namespace }} + namespace: openshift-gitops + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + destination: + name: '' + namespace: {{ ocp4_workload_showroom_namespace }} + server: https://kubernetes.default.svc + project: default + syncPolicy: + syncOptions: + - CreateNamespace=true + automated: + prune: true + selfHeal: true + source: + repoURL: {{ ocp4_workload_showroom_chart_package_url }} + chart: {{ ocp4_workload_showroom_deployer_chart_name }} + targetRevision: {{ ocp4_workload_showroom_deployer_chart_version }} + helm: + releaseName: {{ ocp4_workload_showroom_name }} + values: | + guid: {{ guid }} + deployer: + domain: {{ _deployer_domain }} + terminal: + setup: "{{ ('true' if ocp4_workload_showroom_terminal_type == 'showroom' else 'false') | string | lower }}" + image: {{ ocp4_workload_showroom_terminal_image }} + resources: + requests: + cpu: "{{ ocp4_workload_showroom_terminal_requests_cpu }}" + memory: "{{ ocp4_workload_showroom_terminal_requests_memory }}" + limits: + cpu: "{{ ocp4_workload_showroom_terminal_limits_cpu }}" + memory: "{{ ocp4_workload_showroom_terminal_limits_memory }}" + wetty: + setup: "{{ ('true' if ocp4_workload_showroom_terminal_type == 'wetty' else 'false') | string | lower }}" + image: {{ ocp4_workload_showroom_wetty_image }} + resources: + requests: + cpu: "{{ ocp4_workload_showroom_terminal_requests_cpu }}" + memory: "{{ ocp4_workload_showroom_terminal_requests_memory }}" + limits: + cpu: "{{ ocp4_workload_showroom_terminal_limits_cpu }}" + memory: "{{ ocp4_workload_showroom_terminal_limits_memory }}" + ssh: + sshHost: {{ _showroom_user_data.bastion_public_hostname }} + autoSshToBastion: "{{ ('true' if ocp4_workload_showroom_wetty_ssh_bastion_login | bool else 'false') | string | lower }}" + sshAuth: password + sshUser: {{ _showroom_user_data.bastion_ssh_user_name }} + sshPass: {{ _showroom_user_data.bastion_ssh_password }} + sshPort: "{{ _showroom_user_data.bastion_ssh_port | default(22) }}" + content: + repoUrl: {{ ocp4_workload_showroom_content_git_repo }} + repoRef: {{ ocp4_workload_showroom_content_git_repo_ref }} + antoraPlaybook: {{ ocp4_workload_showroom_content_antora_playbook }} + contentOnly: "{{ ocp4_workload_showroom_content_only | string | lower }}" + user_data: |- + {{ _showroom_user_data | to_nice_yaml | indent(12) }} + zero_touch_bundle: "{{ ocp4_workload_showroom_zero_touch_bundle }}" + zero_touch_ui_enabled: "{{ ocp4_workload_showroom_zero_touch_ui_enabled | string | lower }}" + cloud: + setup: "{{ ('false' if auth_cloud_provider | default('none') == 'none' else 'true') | string | lower }}" + image: {{ ocp4_workload_showroom_cloud_image }} + auth_cloud_provider: "{{ auth_cloud_provider | default('none') }}" + aws_access_key_id: "{{ aws_sandbox_provision_data.aws_access_key_id | default('') }}" + aws_secret_access_key: "{{ aws_sandbox_provision_data.aws_secret_access_key | default('') }}" + azure_subscription: "{{ azure_sandbox_provision_data.azure_subscription | default('') }}" + azure_tenant: "{{ azure_sandbox_provision_data.azure_tenant_id | default('') }}" + azure_client_id: "{{ azure_sandbox_provision_data.azure_service_principal_id | default('') }}" + azure_password: "{{ azure_sandbox_provision_data.azure_service_principal_password | default('') }}" + azure_resourcegroup: "{{ azure_sandbox_provision_data.azure_resource_group | default('') }}" + diff --git a/ansible/roles_ocp_workloads/ocp4_workload_showroom/templates/applicationset.yaml.j2 b/ansible/roles_ocp_workloads/ocp4_workload_showroom/templates/applicationset.yaml.j2 new file mode 100644 index 00000000000..e190bb502ef --- /dev/null +++ b/ansible/roles_ocp_workloads/ocp4_workload_showroom/templates/applicationset.yaml.j2 @@ -0,0 +1,80 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: ApplicationSet +metadata: + name: "{{ ocp4_workload_showroom_namespace }}-multiuser" + namespace: openshift-gitops +spec: + goTemplate: true + generators: + - list: + elements: +{% for n in range(1, _user_count | int + 1 ) %} + - user: user{{ n }} + userData: | + {{ _showroom_user_data['users']['user'~n] | to_nice_yaml | indent(10)}} +{% endfor %} + template: + metadata: + name: "{{ ocp4_workload_showroom_namespace }}-{% raw %}{{.user}}{% endraw %}" + namespace: openshift-gitops + finalizers: + - resources-finalizer.argocd.argoproj.io + spec: + destination: + name: '' + namespace: "{{ ocp4_workload_showroom_namespace }}-{% raw %}{{.user}}{% endraw %}" + server: https://kubernetes.default.svc + project: default + syncPolicy: + syncOptions: + - CreateNamespace=true + automated: + prune: true + selfHeal: true + source: + repoURL: {{ ocp4_workload_showroom_chart_package_url }} + chart: {{ ocp4_workload_showroom_deployer_chart_name }} + targetRevision: {{ ocp4_workload_showroom_deployer_chart_version }} + helm: + releaseName: {{ ocp4_workload_showroom_name }} + values: | + guid: {{ guid }} + deployer: + domain: {{ _deployer_domain }} + terminal: + setup: "{{ ('true' if ocp4_workload_showroom_terminal_type == 'showroom' else 'false') | string | lower }}" + image: {{ ocp4_workload_showroom_terminal_image }} + resources: + requests: + cpu: "{{ ocp4_workload_showroom_terminal_requests_cpu }}" + memory: "{{ ocp4_workload_showroom_terminal_requests_memory }}" + limits: + cpu: "{{ ocp4_workload_showroom_terminal_limits_cpu }}" + memory: "{{ ocp4_workload_showroom_terminal_limits_memory }}" + wetty: + setup: "{{ ('true' if ocp4_workload_showroom_terminal_type == 'wetty' else 'false') | string | lower }}" + image: {{ ocp4_workload_showroom_wetty_image }} + resources: + requests: + cpu: "{{ ocp4_workload_showroom_terminal_requests_cpu }}" + memory: "{{ ocp4_workload_showroom_terminal_requests_memory }}" + limits: + cpu: "{{ ocp4_workload_showroom_terminal_limits_cpu }}" + memory: "{{ ocp4_workload_showroom_terminal_limits_memory }}" + ssh: + sshHost: {{ _showroom_user_data.bastion_public_hostname }} + autoSshToBastion: "{{ ('true' if ocp4_workload_showroom_wetty_ssh_bastion_login | bool else 'false') | string | lower }}" + sshAuth: password + sshUser: {{ _showroom_user_data.bastion_ssh_user_name }} + sshPass: {{ _showroom_user_data.bastion_ssh_password }} + sshPort: "{{ _showroom_user_data.bastion_ssh_port | default(22) }}" + content: + repoUrl: {{ ocp4_workload_showroom_content_git_repo }} + repoRef: {{ ocp4_workload_showroom_content_git_repo_ref }} + antoraPlaybook: {{ ocp4_workload_showroom_content_antora_playbook }} + contentOnly: "{{ ocp4_workload_showroom_content_only | string | lower }}" + user_data: |- + {{ _showroom_user_data | to_nice_yaml | indent(16) }} + zero_touch_bundle: "{{ ocp4_workload_showroom_zero_touch_bundle }}" + zero_touch_ui_enabled: "{{ ocp4_workload_showroom_zero_touch_ui_enabled | string | lower }}"