Merge branch 'redhat-cop:development' into development

migtools · Sep 7, 2023 · 33ed7ee · 33ed7ee
2 parents 0f66d2e + adf5b29
commit 33ed7ee
Show file tree

Hide file tree

Showing 24 changed files with 316 additions and 87 deletions.
diff --git a/ansible/cloud_providers/azure_infrastructure_deployment.yml b/ansible/cloud_providers/azure_infrastructure_deployment.yml
@@ -111,6 +111,30 @@
         - dns_delegation is defined
         - dns_delegation == true
 
+    - name: Provide installed bastion data as soon as we have it
+      when:
+        - azure_bastion_enable | bool
+      agnosticd_user_info:
+        msg:
+          - "bastion_ssh_command: ssh {{ remote_user }}@bastion.{{ guid }}.{{ cluster_dns_zone }}"
+          - "bastion_password: {{ generated_password }}"
+        data:
+          bastion_ssh_command: "ssh {{ remote_user }}@bastion.{{ guid }}.{{ cluster_dns_zone }}"
+          bastion_password: "{{ generated_password }}"
+          common_password: "{{ generated_password }}"
+          ssh_password: "{{ generated_password }}"
+          ssh_username: "{{ remote_user }}"
+          targethost: "bastion.{{ guid }}.{{ cluster_dns_zone }}"
+
+    - name: Set facts for Showroom
+      ansible.builtin.set_fact:
+        bastion_ssh_command: "ssh {{ remote_user }}@bastion.{{ guid }}.{{ cluster_dns_zone }}"
+        bastion_password: "{{ generated_password }}"
+        common_password: "{{ generated_password }}"
+        ssh_password: "{{ generated_password }}"
+        ssh_username: "{{ remote_user }}"
+        targethost: "bastion.{{ guid }}.{{ cluster_dns_zone }}"
+
     - name: Add CNAME for bastion to the main DNSZone
       azure.azcollection.azure_rm_dnsrecordset:
         resource_group: "{{az_dnszone_resource_group|default('dns')}}"

diff --git a/ansible/configs/open-environment-azure/default_vars.yml b/ansible/configs/open-environment-azure/default_vars.yml
@@ -62,3 +62,12 @@ deploy_bookbag: false
 
 # Version (tag, branch) of bookbag repo (optional)
 # bookbag_git_version: ""
+
+# ------------------------------------------------------
+# Showroom
+# ------------------------------------------------------
+# showroom var remaps
+ssh_username: "{{ ansible_user }}"
+ssh_password: ""  # must be set in the code, because it's generated_password
+subdomain_base_suffix: "{{ cluster_dns_zone }}"
+common_password: ""  # updated in code
diff --git a/ansible/configs/open-environment-azure/files/cloud_providers/azure_cloud_template.j2 b/ansible/configs/open-environment-azure/files/cloud_providers/azure_cloud_template.j2
@@ -120,22 +120,61 @@
         "Project": "{{project_tag}}"
       },
       "properties": {
-        "securityRules": [
-          {
-            "name":  "default-allow-22",
-            "properties": {
-              "priority":  1000,
-              "access":  "Allow",
-              "direction":  "Inbound",
-              "destinationPortRange":  "22",
-              "protocol":  "Tcp",
-              "sourcePortRange":  "*",
-              "sourceAddressPrefix":  "*",
-              "destinationAddressPrefix":  "*"
+                "securityRules" : [
+                    {
+                        "name" : "default-allow-showroom",
+                        "properties" : {
+                            "protocol" : "Tcp",
+                            "sourcePortRange" : "*",
+                            "destinationPortRange" : "8000-8010",
+                            "sourceAddressPrefix" : "*",
+                            "destinationAddressPrefix" : "*",
+                            "access" : "Allow",
+                            "priority" : 2000,
+                            "direction" : "Inbound"
+                        }
+                    },
+                    {
+                        "name" : "default-allow-mosh",
+                        "properties" : {
+                            "protocol" : "Udp",
+                            "sourcePortRange" : "*",
+                            "destinationPortRange" : "60001-61000",
+                            "sourceAddressPrefix" : "*",
+                            "destinationAddressPrefix" : "*",
+                            "access" : "Allow",
+                            "priority" : 2001,
+                            "direction" : "Inbound"
+                        }
+                    },
+                    {
+                        "name" : "default-allow-openshift-master",
+                        "properties" : {
+                            "protocol" : "Tcp",
+                            "sourcePortRange" : "*",
+                            "destinationPortRange" : "8443",
+                            "sourceAddressPrefix" : "*",
+                            "destinationAddressPrefix" : "*",
+                            "access" : "Allow",
+                            "priority" : 2002,
+                            "direction" : "Inbound"
+                        }
+                    },
+                    {
+                        "name" : "default-allow-ssh",
+                        "properties" : {
+                            "protocol" : "Tcp",
+                            "sourcePortRange" : "*",
+                            "destinationPortRange" : "22",
+                            "sourceAddressPrefix" : "*",
+                            "destinationAddressPrefix" : "*",
+                            "access" : "Allow",
+                            "priority" : 2003,
+                            "direction" : "Inbound"
+                        }
+                    }
+                ]
             }
-          }
-        ]
-      }
     },
     {
       "type": "Microsoft.Network/virtualNetworks",

diff --git a/ansible/configs/open-environment-azure/infra.yml b/ansible/configs/open-environment-azure/infra.yml
@@ -8,7 +8,8 @@
         msg: "Infra tasks Started"
 
 - name: Run infra playbook when ARO to get bastion
-  when: install_aro | default(false) | bool
+  when: ( install_aro | default(false) | bool )
+    or ( azure_bastion_enable | default(false) | bool )
   import_playbook: "../../cloud_providers/azure_infrastructure_deployment.yml"
 
 - name: Infra Tasks

diff --git a/ansible/configs/open-environment-azure/post_software.yml b/ansible/configs/open-environment-azure/post_software.yml
@@ -74,15 +74,16 @@
           - "az aro create --resource-group openenv-{{ guid }} --name aro-cluster-{{ guid }} --vnet aro-vnet-{{ guid }} --master-subnet master-subnet --worker-subnet worker-subnet --client-id {{ azaroappsp.service_principals[0].app_id }} --client-secret '{{ az_aro_pass }}' --pull-secret @/path/to/pull-secret.txt"
 
         data:
-          guid: "{{ guid }}"
+          aro_clientid: "{{ azaroappsp.service_principals[0].app_id }}"
+          az_aro_pass: "{{ az_aro_pass }}"
           azappid: "{{ azappsp.service_principals[0].app_id }}"
           azpass: "{{ azpass }}"
-          azure_tenant: "{{ azure_tenant }}"
           azure_subscription_id: "{{ azure_subscription_id }}"
-          aro_clientid: "{{ azaroappsp.service_principals[0].app_id }}"
-          az_aro_pass: "{{ az_aro_pass }}"
-          openenv_admin_upn: "{{ openenv_admin_upn }}"
+          azure_tenant: "{{ azure_tenant }}"
           generated_password: "{{ generated_password }}"
+          guid: "{{ guid }}"
+          openenv_admin_upn: "{{ openenv_admin_upn }}"
+          preconfigure_aad: "false"
 
     - name: Provide Pre-Installed ARO Information with AAD
       when:
@@ -114,35 +115,56 @@
         - install_aro | bool
       agnosticd_user_info:
         data:
-          guid: "{{ guid }}"
+          aro_api: "{{ az_aro4_public_api_url }}"
+          aro_console: "{{ az_aro4_console_url }}"
+          aro_kube_password: "{{ az_aro4_kubeadmin_password.stdout }}"
           azappid: "{{ azappsp.service_principals[0].app_id }}"
           azpass: "{{ azpass }}"
-          azure_tenant: "{{ azure_tenant }}"
           azure_subscription_id: "{{ azure_subscription_id }}"
-          aro_console: "{{ az_aro4_console_url }}"
-          aro_api: "{{ az_aro4_public_api_url }}"
-          aro_kube_password: "{{ az_aro4_kubeadmin_password.stdout }}"
-          openenv_user_upn: "{{ openenv_user_upn }}"
-          openenv_admin_upn: "{{ openenv_admin_upn }}"
+          azure_tenant: "{{ azure_tenant }}"
+          bastion_password: "{{ generated_password }}"
+          bastion_ssh_command: "ssh {{ remote_user }}@bastion.{{ guid }}.{{ cluster_dns_zone }}"
           generated_password: "{{ generated_password }}"
+          guid: "{{ guid }}"
+          openenv_admin_upn: "{{ openenv_admin_upn }}"
+          openenv_user_upn: "{{ openenv_user_upn }}"
+          preconfigure_aad: "{{ preconfigure_aad }}"
+
+    - name: Provide installed bastion data
+      when:
+        - azure_bastion_enable | bool
+      agnosticd_user_info:
+        data:
           bastion_ssh_command: "ssh {{ remote_user }}@bastion.{{ guid }}.{{ cluster_dns_zone }}"
           bastion_password: "{{ generated_password }}"
-          preconfigure_aad: "{{ preconfigure_aad }}"
 
-- name: Bookbag
-  hosts: localhost
-  connection: local
+            # - name: Bookbag
+            #   hosts: localhost
+            #   connection: local
+            #   gather_facts: false
+            #   become: false
+            #   environment:
+            #     KUBECONFIG: "{{ output_dir }}/.kube/config"
+            #   tasks:
+            #     - name: Deploy Bookbag
+            #       when: deploy_bookbag | bool
+            #       include_role:
+            #         name: bookbag
+            #       vars:
+            #         ACTION: create
+
+- name: Showroom Install
+  hosts: bastions
   gather_facts: false
-  become: false
-  environment:
-    KUBECONFIG: "{{ output_dir }}/.kube/config"
+  become: true
+  vars:
+    showroom_host: "bastion.{{ guid }}.{{ cluster_dns_zone }}"
+    showroom_component_name: "aro-ilt"
   tasks:
-  - name: Deploy Bookbag
-    when: deploy_bookbag | bool
-    include_role:
-      name: bookbag
-    vars:
-      ACTION: create
+    - name: Deploy Showroom
+      when: showroom_deploy | default(false) | bool
+      include_role:
+        name: showroom
 
 - name: Step 002 Post Software
   hosts: localhost

diff --git a/ansible/configs/open-environment-azure/pre_software.yml b/ansible/configs/open-environment-azure/pre_software.yml
@@ -20,6 +20,40 @@
   - role: common
     when: install_common | bool
 
+- name: Some ILT bastion settings - mosh, ports
+  hosts: bastions
+  become: true
+  gather_facts: true
+  tasks:
+
+    - name: Debug RHEL version
+      debug:
+        msg: "RHEL Version: {{ ansible_facts['distribution_major_version']}}"
+      ignore_errors: true
+
+    - name: Install mosh on RHEL
+      ansible.builtin.dnf:
+        name: "https://infrastructure-binaries.s3.us-east-2.amazonaws.com/mosh-1.4.0-1.el{{ ansible_facts['distribution_major_version'] }}.x86_64.rpm"
+        disable_gpg_check: true
+      ignore_errors: true
+
+    - name: Open UDP Ports 60001 - 61000 for Mosh
+      ansible.posix.firewalld:
+        port: "60001-61000/udp"
+        permanent: true
+        state: enabled
+        immediate: true
+      ignore_errors: true
+
+    - name: Open TCP ports for Showroom (if enabled)
+      when: showroom_deploy | bool
+      ansible.posix.firewalld:
+        port: "8000-8010/tcp"
+        permanent: true
+        state: enabled
+        immediate: true
+      ignore_errors: true
+
 - name: Install Azure CLI
   hosts: bastions
   gather_facts: false

diff --git a/ansible/roles/set-repositories/tasks/file-repos.yml b/ansible/roles/set-repositories/tasks/file-repos.yml
@@ -35,8 +35,6 @@
 
 - name: file | clean repositories
   command: "yum clean all"
-  args:
-    warn: false
   tags:
     - configure_repos
     - run_yum_repolist
diff --git a/ansible/roles/showroom/defaults/main.yml b/ansible/roles/showroom/defaults/main.yml
@@ -35,3 +35,5 @@ showroom_npm_packages:
 showroom_work_dirs:
   - "{{ showroom_home_dir }}/content"               # The showroom repo itself, asciidoc source e.g. Antora
   - "{{ showroom_home_dir }}/orchestration"         # compose, kube files etc
+
+showroom_component_name: template-tutorial
diff --git a/ansible/roles/showroom/tasks/40-showroom-render.yml b/ansible/roles/showroom/tasks/40-showroom-render.yml
@@ -20,15 +20,18 @@
       # TODO: Insert index.html and css injection
       #   clunky and hardcoded for now, make dynamic
 
+- name: Set showroom_host if empty string
+  when: not showroom_host
+  ansible.builtin.set_fact:
+    showroom_host: "{{ groups['bastions'][0] | regex_replace('\\..*$') }}.{{ guid }}{{ subdomain_base_suffix }}"
+
 - name: Insert showroom index.html
   ansible.builtin.template:
     src: "{{ __html.src }}"
     dest: "{{ showroom_home_dir }}/content/gh-pages/{{ __html.dest }}"
     owner: "{{ showroom_user }}"
     group: "{{ showroom_user }}"
     mode: "u=rw,g=r,o=r"
-  vars:
-    showroom_host: "{{ groups['bastions'][0] | regex_replace('\\..*$') }}.{{ guid }}{{ subdomain_base_suffix }}"
   loop:
     - src: index.html.j2
       dest: index.html

diff --git a/ansible/roles/showroom/tasks/60-showroom-verify.yml b/ansible/roles/showroom/tasks/60-showroom-verify.yml
@@ -12,6 +12,10 @@
 
 - name: Output showroom view(s) URLs as userinfo and userdata
   agnosticd_user_info:
+    msg:
+      - "showroom_host: http://{{ showroom_host }}:8000"
     data:
       lab_ui_url: "{{ f_lab_ui_url }}"
       showroom_primary_view_url: "{{ f_lab_ui_url }}"
+      showroom_host: "http://{{ showroom_host }}:8000"
+      bookbag_url: "http://{{ showroom_host }}:8000"
diff --git a/ansible/roles/showroom/templates/index.html.j2 b/ansible/roles/showroom/templates/index.html.j2
@@ -8,7 +8,7 @@
     <body>
     <div class="content">
 			<div class="split left">
-                <iframe id="doc"  src="./template-tutorial/index.html" width="100%" style="border:none;"></iframe>
+                <iframe id="doc"  src="./{{ showroom_component_name }}/index.html" width="100%" style="border:none;"></iframe>
 			</div>
 			<div class="split right">
 				<div class="tab">

diff --git a/ansible/roles/showroom/templates/service_docs_aro/tab_docs_aro.j2 b/ansible/roles/showroom/templates/service_docs_aro/tab_docs_aro.j2
@@ -0,0 +1,4 @@
+					<div id="docs_tab" class="tabcontent">
+						<iframe id="mobb_docs" src="https://mobb.ninja/#aro" width="100%" style="border:none;"></iframe>
+						<iframe id="aro_docs" src="https://learn.microsoft.com/en-us/azure/openshift/https://docs.openshift.com/aro/4/welcome/index.html" width="100%" style="border:none;"></iframe>
+					</div>
diff --git a/ansible/roles/showroom/templates/service_docs_aro/tablink_docs_aro.j2 b/ansible/roles/showroom/templates/service_docs_aro/tablink_docs_aro.j2
@@ -0,0 +1 @@
+					<button class="tablinks" onclick="openTerminal(event, 'docs_tab')">ARO Docs</button>
diff --git a/ansible/roles/showroom/templates/service_double_terminal/tabs_double_terminal.j2 b/ansible/roles/showroom/templates/service_double_terminal/tabs_double_terminal.j2
@@ -8,14 +8,14 @@
     <body>
     <div class="content">
 			<div class="split left">
-                <iframe id="doc"  src="./template-tutorial/index.html" width="100%" style="border:none;"></iframe>
+                <iframe id="doc"  src="./{{ showroom_component_name }}/index.html" width="100%" style="border:none;"></iframe>
 			</div>
 			<div class="split right">
 				<div class="tab">
 
-        					<button class="tablinks" onclick="openTerminal(event, 'terminal_tab')" id="defaultOpen" tabindex="0">Terminal</button>  
-        					<button class="tablinks" onclick="openTerminal(event, 'codeserver_tab')">VS Code</button>  
-        					<button class="tablinks" onclick="openTerminal(event, 'docs_tab')">Ansible Docs</button>  
+        					<button class="tablinks" onclick="openTerminal(event, 'terminal_tab')" id="defaultOpen" tabindex="0">Terminal</button>
+        					<button class="tablinks" onclick="openTerminal(event, 'codeserver_tab')">VS Code</button>
+        					<button class="tablinks" onclick="openTerminal(event, 'docs_tab')">Ansible Docs</button>
 				</div>
 					<div id="terminal_tab" class="tabcontent">
 						<div class="split top">

diff --git a/ansible/roles_ocp_workloads/ocp4_workload_argocd_quay_todo_app/README.md b/ansible/roles_ocp_workloads/ocp4_workload_argocd_quay_todo_app/README.md
@@ -1,7 +1,7 @@
 TODO Application with Quarkus HELM Chart repo
 =========
 
-This role will deploy the TODO Application with Quarkus HELM Chart repo. This is an example application based on a Todo list where the different tasks are created, read, updated, or deleted from the database. 
+This is a simple TODO application that allows users to create, read, update, and delete tasks from a database. The application is built using the Quarkus framework, which is a Kubernetes-native Java framework. The application is also packaged as a Helm chart, which makes it easy to deploy and manage on Kubernetes.
 
 See The [TODO Application with Quarkus HELM Chart repo](https://github.com/tosin2013/todo-demo-app-helmrepo/blob/main/openshift-pipelines/README.md) for use of this demo.
 

diff --git a/ansible/roles_ocp_workloads/ocp4_workload_argocd_quay_todo_app/defaults/main.yml b/ansible/roles_ocp_workloads/ocp4_workload_argocd_quay_todo_app/defaults/main.yml
@@ -12,7 +12,7 @@ ocp4_workload_gitea_user: user1
 ocp4_workload_gitea_operator_create_admin: true
 ocp4_workload_gitea_operator_create_users: true
 ocp4_workload_gitea_operator_migrate_repositories: true
-ocp4_workload_gitea_operator_gitea_image_tag: 1.19.3
+ocp4_workload_gitea_operator_gitea_image_tag: 1.20.0
 ocp4_workload_gitea_operator_repositories_list:
 - repo: "https://github.com/tosin2013/todo-demo-app-helmrepo.git"
   name: "todo-demo-app-helmrepo"

diff --git a/ansible/roles_ocp_workloads/ocp4_workload_argocd_quay_todo_app/files/description.html b/ansible/roles_ocp_workloads/ocp4_workload_argocd_quay_todo_app/files/description.html
@@ -0,0 +1,27 @@
+<p>Deploying Todo App with OpenShift pipelines and ArgoCD.</p>
+
+<p>
+    This is a simple TODO application that allows users to create, read, update, and delete tasks from a database. The application is built using the Quarkus framework, which is a Kubernetes-native Java framework. The application is also packaged as a Helm chart, which makes it easy to deploy and manage on Kubernetes.
+
+    The application uses Quay, ArgoCD, and OpenShift Pipelines to automate the deployment and management of the application. Quay is a container registry that is used to store the application's Docker images. ArgoCD is a continuous delivery tool that is used to deploy the application to Kubernetes. OpenShift Pipelines is a CI/CD platform that is used to automate the build, test, and deploy of the application.</a>. The demo covers the following topics:
+  </p><ul>
+    <li>Quarkus is a modern, lightweight Java framework that is well-suited for Kubernetes.</li>
+    <li>Helm is a popular package manager for Kubernetes that makes it easy to deploy and manage applications.</li>
+    <li>Quay is a secure and reliable container registry.</li>
+    <li>ArgoCD is a powerful continuous delivery tool that can automate the deployment of applications to Kubernetes.</li>
+    <li>OpenShift Pipelines is a comprehensive CI/CD platform that can automate the build, test, and deploy of applications.</li>
+  </ul>
+
+<p><b>Lab Format:</b> Self-paced Labs</p> 
+<p><b>Audience:</b> Developers and operations</p> 
+<p><b>Products:</b> Red Hat OpenShift Container Platform</p> 
+
+<p><b>Lab Guide:</b></p>
+<ul>
+	<li><a href="https://github.com/tosin2013/todo-demo-app-helmrepo/blob/main/openshift-pipelines/README.md">Deploying Todo App with OpenShift pipelines</a></li>
+</ul>
+
+<p><b>Provisioning time:</b> Typically 40-60 minutes. If the RHPD deployment fails, please try again. If you make more than 3 failed attempts, create a service ticket by emailing support.</p>
+<p>
+  <b>IMPORTANT: This instance is shutdown and deleted after 48 hours. Lifetime extensions are not allowed for this item.</b>
+</p>