From f9a0ca89dba53cd065309ea744198b5cdb7f725d Mon Sep 17 00:00:00 2001 From: David Anderson Date: Wed, 12 Aug 2020 17:55:34 -0500 Subject: [PATCH 1/2] Adding vars from common to main.yml --- .../roles/gitea/tasks/main.yml | 110 +----------------- 1 file changed, 6 insertions(+), 104 deletions(-) diff --git a/tisc_collection_gitea/roles/gitea/tasks/main.yml b/tisc_collection_gitea/roles/gitea/tasks/main.yml index d5e230c..7f758b3 100644 --- a/tisc_collection_gitea/roles/gitea/tasks/main.yml +++ b/tisc_collection_gitea/roles/gitea/tasks/main.yml @@ -1,109 +1,11 @@ --- -- name: Ensure namespace exists - k8s: - kubeconfig: '{{ kubeconfig }}' - definition: - apiVersion: v1 - kind: Namespace - metadata: - name: '{{ gitea_project_name }}' - annotations: - openshift.io/display-name: '{{ gitea_project_display }}' - spec: {} +gitea_project_name: devsecops +gitea_project_display: DevSecOps Common Resources -- name: Deploy resources for Gitea Operator - k8s: - kubeconfig: '{{ kubeconfig }}' - namespace: '{{ resource.namespace|default(omit) }}' - definition: '{{ lookup("url", resource.url, split_lines=False)|from_yaml|regex_replace("REPLACE_ME", gitea_project_name) }}' - loop: - - name: crd - url: https://raw.githubusercontent.com/{{ github_project }}/gitea-operator/master/deploy/crds/gpte_v1alpha1_gitea_crd.yaml - - name: cluster_role - url: https://raw.githubusercontent.com/{{ github_project }}/gitea-operator/master/deploy/cluster_role.yaml - - name: service_account - url: https://raw.githubusercontent.com/{{ github_project }}/gitea-operator/master/deploy/service_account.yaml - namespace: '{{ gitea_project_name }}' - - name: cluster_role_binding - url: https://raw.githubusercontent.com/{{ github_project }}/gitea-operator/master/deploy/cluster_role_binding.yaml - namespace: '{{ gitea_project_name }}' - - name: operator - url: https://raw.githubusercontent.com/{{ github_project }}/gitea-operator/master/deploy/operator.yaml - namespace: '{{ gitea_project_name }}' - loop_control: - loop_var: resource - label: '{{ resource.name }}' +# The github account from which to pull the openshift-tasks project +tasks_github_project: "{{ github_project }}" -- name: Create Gitea from a CR - k8s: - kubeconfig: '{{ kubeconfig }}' - namespace: '{{ gitea_project_name }}' - definition: - apiVersion: gpte.opentlc.com/v1alpha1 - kind: Gitea - metadata: - name: gitea-server - spec: - postgresqlVolumeSize: 4Gi - giteaVolumeSize: 4Gi - giteaSsl: True - giteaName: gitea - register: gitea_deployment - until: not gitea_deployment.failed - retries: 5 - delay: 10 +repos_to_load: + - openshift-tasks -- name: Wait for Gitea to finish being created - k8s_info: - kubeconfig: '{{ kubeconfig }}' - api_version: v1 - kind: Pod - namespace: '{{ gitea_project_name }}' - label_selectors: - - app=gitea-server - register: gitea_pod - until: gitea_pod.resources|length > 0 and (gitea_pod.resources|first).status.phase == "Running" - retries: 10 - delay: 30 -# This is super hacky, I know... but it works for now. Will need fixing. -# Intent is to eventually clean up the operator and add more levers to the CRD. -- name: Create users in Gitea - shell: | - export KUBECONFIG='{{ kubeconfig }}' - oc='{{ oc_cli }}' - admin_user='{{ workshop_admin.username }}' - admin_password='{{ workshop_admin.password }}' - if [ $($oc whoami) != "$admin_user" ]; then - $oc login --insecure-skip-tls-verify=true -u "$admin_user" -p "$admin_password" || exit 1 - fi - - {% for user in workshop_users %} - args=(--username {{ user.username }} --password '{{ user.password }}') - {% if user.admin is defined and user.admin %} - args+=(--admin) - {% endif %} - args+=(--email '{{ user.username }}@{{ full_cluster_name }}') - args+=(--access-token --must-change-password=false) - - pod=$($oc get pods -n {{ gitea_project_name }} -l app=gitea-server -o jsonpath='{.items[0].metadata.name}') - echo "running: $oc exec $pod -n {{ gitea_project_name }} -- /home/gitea/gitea --config=/home/gitea/conf/app.ini admin create-user ${args[@]}" - output=$($oc exec $pod -n {{ gitea_project_name }} -- /home/gitea/gitea --config=/home/gitea/conf/app.ini admin create-user "${args[@]}" 2>&1) - if echo "$output" | grep -qF 'created!'; then - echo "changed" - access_token=$(echo "$output" | awk '/^Access token was succ/ {print $NF}') - echo "token {{ user.username }} $access_token" - elif echo "$output" | grep -qF 'already exists'; then - echo ok - else - echo failed - echo "output: $output" - fi - echo "$output" >&2 - {% endfor %} - register: gitea_users - changed_when: '"changed" in gitea_users.stdout_lines' - failed_when: '"failed" in gitea_users.stdout_lines' - -- include_tasks: migrate_repo.yml - when: gitea_users.changed From f049bdffa5a8a85c9d97529c310f2f55ea5ea41f Mon Sep 17 00:00:00 2001 From: David Anderson Date: Wed, 12 Aug 2020 18:05:25 -0500 Subject: [PATCH 2/2] Add description of current usage --- tisc_collection_gitea/README.md | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/tisc_collection_gitea/README.md b/tisc_collection_gitea/README.md index dc828ba..ac2ac69 100644 --- a/tisc_collection_gitea/README.md +++ b/tisc_collection_gitea/README.md @@ -1,3 +1,24 @@ # Ansible Collection - rht_consulting.tisc_collection_gitea -Documentation for the collection. \ No newline at end of file +Documentation for the collection. + +The following example playbook will import and execute this collection + +``` +--- +- hosts: localhost + tasks: + - import_role: + name: rht_consulting.tisc_collection_gitea.gitea +``` + +To run this the following vars need to be defined + +p_cluster_name +p_base_domain +p_kube_config +p_oc_cli + +For example, if the playbook above is named play.yml and our ocp cluster domain is openshift.example.net the youcan un the following to launch the collection + +ansible-playbook -e 'p_cluster_name=openshift p_base_domain=openshift.example.net p_kube_config=/auth/kubeconfig p_oc_cli=/usr/local/bin/oc' play.yml