Merge branch 'redhat-cop:development' into development

migtools · Sep 6, 2023 · 98c5457 · 98c5457
2 parents 3444966 + 874c3d5
commit 98c5457
Show file tree

Hide file tree

Showing 550 changed files with 11,923 additions and 3,890 deletions.
diff --git a/.github/workflows/build-ee-pr.yml b/.github/workflows/build-ee-pr.yml
@@ -19,7 +19,7 @@ jobs:
     with:
       tag: pr-${{ github.event.number }}
       labels: |-
-        quay.expires-after=1d
+        quay.expires-after=7d
         org.opencontainers.image.source=${{ github.event.repository.html_url }}
         org.opencontainers.image.revision=${{ github.sha }}
 

diff --git a/.gitlab-ci.yaml b/.gitlab-ci.yaml
@@ -0,0 +1,46 @@
+---
+stages:
+  - static-analysis
+
+.static-analysis:
+  stage: static-analysis
+  interruptible: true
+  needs: []
+
+sonarqube-check:
+  extends: .static-analysis
+  image: images.paas.redhat.com/alm/sonar-scanner-alpine:latest
+  variables:
+    LANG: "en_US.UTF-8"
+    GIT_DEPTH: "0" # Tells git to fetch all the branches of the project, required by the analysis task
+    SONAR_HOST_URL: https://sonarqube.corp.redhat.com
+    SONAR_SCM_PROVIDER: git
+    SONAR_SCANNER_OPTS: "-Xmx512m"
+    SONAR_USER_HOME: /tmp/.sonar
+    KUBERNETES_MEMORY_REQUEST: "512Mi"
+    KUBERNETES_MEMORY_LIMIT: "4Gi"
+    KUBERNETES_EPHEMERAL_STORAGE_REQUEST: "512Mi"
+    KUBERNETES_EPHEMERAL_STORAGE_LIMIT: "1Gi"
+  cache:
+    key: "${CI_JOB_NAME}"
+    paths:
+      - "${SONAR_USER_HOME}/cache"
+  script:
+    - >
+      set -x; sonar-scanner -Dsonar.python.version="3.7, 3.8, 3.9"
+      ${SONAR_SETTINGS:+-Dproject.settings="$SONAR_SETTINGS"}
+      ${SONAR_QUALITY_GATE_WAIT:+-Dsonar.qualitygate.wait="$SONAR_QUALITY_GATE_WAIT"}
+      ${SONAR_SOURCE_ENCODING:+-Dsonar.sourceEncoding="$SONAR_SOURCE_ENCODING"}
+      ${SONAR_PROJECT_KEY:+-Dsonar.projectKey="$SONAR_PROJECT_KEY"}
+      ${SONAR_PROJECT_NAME:+-Dsonar.projectName="$SONAR_PROJECT_NAME"}
+      ${SONAR_PROJECT_VERSION:+-Dsonar.projectVersion="$SONAR_PROJECT_VERSION"}
+      ${SONAR_SOURCES:+-Dsonar.sources="$SONAR_SOURCES"}
+      ${SONAR_EXCLUSIONS:+-Dsonar.exclusions="$SONAR_EXCLUSIONS"}
+      ${SONAR_SCM_PROVIDER:+-Dsonar.scm.provider="$SONAR_SCM_PROVIDER"}
+      ${CI_MERGE_REQUEST_IID:+-Dsonar.pullrequest.key="$CI_MERGE_REQUEST_IID"}
+      ${CI_MERGE_REQUEST_SOURCE_BRANCH_NAME:+-Dsonar.pullrequest.branch="$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME"}
+      ${CI_MERGE_REQUEST_TARGET_BRANCH_NAME:+-Dsonar.pullrequest.base="$CI_MERGE_REQUEST_TARGET_BRANCH_NAME"}
+  timeout: 15 minutes
+  allow_failure: true
+  tags:
+    - shared
diff --git a/ansible/cloud_providers/osp_infrastructure_deployment.yml b/ansible/cloud_providers/osp_infrastructure_deployment.yml
@@ -49,17 +49,20 @@
     OS_USER_DOMAIN_NAME: "{{ osp_auth_user_domain }}"
   tasks:
     - name: Gather instance facts
-      os_server_info:
+      environment:
+        OS_PROJECT_NAME: "{{ osp_project_name }}"
+      openstack.cloud.server_info:
+        all_projects: false
         server: "*"
         filters:
           metadata:
             guid: "{{ guid }}"
             env_type: "{{ env_type }}"
-      register: r_osp_facts
+      register: r_osp_server_facts
 
     - name: debug osp_facts
       debug:
-        var: r_osp_facts
+        var: r_osp_server_facts
         verbosity: 2
 
     - name: Run infra-osp-dns Role

diff --git a/ansible/configs/ansible-bu-workshop/README.adoc b/ansible/configs/ansible-bu-workshop/README.adoc
@@ -0,0 +1,3 @@
+== Overview
+
+*ansible-bu-workshop*
diff --git a/ansible/configs/ansible-bu-workshop/default_vars.yml b/ansible/configs/ansible-bu-workshop/default_vars.yml
@@ -0,0 +1,79 @@
+---
+# -------------------------------------------------
+# Infra variables
+# -------------------------------------------------
+env_type: ansible-rhel-workshop
+output_dir: /tmp/workdir# Writable working scratch directory
+email: "{{ env_type }}@opentlc.com"
+guid: "{{ env_type }}"
+uuid: "{{ guid }}"
+cloud_provider: ec2
+#[ Login Settings ]
+install_ipa_client: false
+#[ Run a full yum update ]
+update_packages: false
+#[ This var is used to identify stack (cloudformation, azure resourcegroup, ...) ]
+project_tag: "{{ env_type }}-{{ guid }}"
+#[ Variables you should ***NOT*** Configure for you deployment ]
+#[ You can, but you usually wouldn't need to. ]
+admin_user: opentlc-mgr
+ansible_user: ec2-user
+remote_user: ec2-user
+#[ Is this running from Red Hat Ansible Tower ]
+tower_run: false
+software_to_deploy: none
+
+# -------------------------------------------------
+# FTL Settings
+# -------------------------------------------------
+install_ftl: false
+ftl_use_python3: true
+
+# -------------------------------------------------
+# Role: set_env_authorized_key
+# -------------------------------------------------
+set_env_authorized_key: true
+key_name: opentlc_admin_backdoor.pem
+deploy_local_ssh_config_location: "{{output_dir}}/"
+env_authorized_key: "{{guid}}key"
+ansible_ssh_private_key_file: ~/.ssh/{{key_name}}.pem
+
+# -------------------------------------------------
+# Role: control-user
+# -------------------------------------------------
+install_control_user: true
+student_name: student1
+student_password: "{{ common_password }}"
+control_user_name: "{{ student_name }}"
+control_user_password: "{{ common_password }}"
+control_user_private_group: "{{ omit }}"
+control_user_ssh_config: ./files/ssh_config.j2
+
+# -------------------------------------------------
+# Role: bastion-lite
+# -------------------------------------------------
+install_bastion_lite: true
+
+# -------------------------------------------------
+# Role: set-repositories
+# -------------------------------------------------
+repo_method: satellite
+use_content_view: true
+
+# -------------------------------------------------
+# Role: common
+# -------------------------------------------------
+install_common: true
+common_packages_el8:
+  - python3
+  - unzip
+  - bash-completion
+  - tmux
+  - bind-utils
+  - wget
+  - nano
+  - git
+  - vim-enhanced
+  - httpd-tools
+  - python3-pip
+  - tree
diff --git a/ansible/configs/ansible-bu-workshop/default_vars_ec2.yml b/ansible/configs/ansible-bu-workshop/default_vars_ec2.yml
@@ -0,0 +1,130 @@
+---
+# -------------------------------------------------
+# AWS Network settings
+# -------------------------------------------------
+subdomain_base_short: "{{ guid }}"
+subdomain_base_suffix: ".example.opentlc.com"
+subdomain_base: "{{ subdomain_base_short }}{{ subdomain_base_suffix }}"
+aws_dns_zone_private: "example.com."
+aws_dns_zone_private_chomped: "example.com"
+
+# -------------------------------------------------
+# AWS EC2 Environment Sizing
+# -------------------------------------------------
+default_instance_image: "RHEL87GOLD-latest"
+default_rootfs_size: 50
+#[ Instance type ]
+default_instance_type: "t3a.medium"
+
+# -------------------------------------------------
+# AWS EC2 Security Groups
+# -------------------------------------------------
+security_groups:
+  - name: BastionSG
+    rules:
+      - name: BastionHTTPSPorts
+        description: "HTTPS Public"
+        from_port: 443
+        to_port: 443
+        protocol: tcp
+        cidr: "0.0.0.0/0"
+        rule_type: Ingress
+
+      - name: BastionHTTPPorts
+        description: "HTTP Public"
+        from_port: 80
+        to_port: 80
+        protocol: tcp
+        cidr: "0.0.0.0/0"
+        rule_type: Ingress
+
+      - name: BastionSSHPorts
+        description: "Bastion ssh"
+        from_port: 22
+        to_port: 22
+        protocol: tcp
+        cidr: "0.0.0.0/0"
+        rule_type: Ingress
+
+  - name: NodeSG
+    rules:
+      - name: FromNodeSGtcp
+        description: "Allow everything from HostSG nodes"
+        from_port: 0
+        to_port: 65535
+        protocol: tcp
+        from_group: NodeSG
+        rule_type: Ingress
+
+      - name: FromNodeSGudp
+        description: "Allow everything from HostSG nodes"
+        from_port: 0
+        to_port: 65535
+        protocol: udp
+        from_group: NodeSG
+        rule_type: Ingress
+
+      - name: FromBastionTCP
+        description: "Allow everything from Bastion"
+        from_port: 0
+        to_port: 65535
+        protocol: tcp
+        from_group: BastionSG
+        rule_type: Ingress
+
+      - name: FromBastionUDP
+        description: "Allow everything from Bastion"
+        from_port: 0
+        to_port: 65535
+        protocol: udp
+        from_group: BastionSG
+        rule_type: Ingress
+
+# -------------------------------------------------
+# AWS EC2 Instances
+# -------------------------------------------------
+instances:
+  - name: "{{ bastion_instance_name | default('ansible-1') }}"
+    count: 1
+    unique: true
+    public_dns: true
+    dns_loadbalancer: true
+    floating_ip: true
+    image: "{{ bastion_instance_image | default(default_instance_image) }}"
+    flavor:
+      ec2: "{{bastion_instance_type | default(default_instance_type) }}"
+    tags:
+      - key: "AnsibleGroup"
+        value: "bastions"
+      - key: "ostype"
+        value: "linux"
+      - key: "instance_filter"
+        value: "{{ env_type }}-{{ email }}"
+    rootfs_size: "{{ default_rootfs_size }}"
+    security_groups:
+      - BastionSG
+      - DefaultSG
+
+  - name: "node"
+    count: 3
+    public_dns: false
+    image: "{{ node_instance_image | default(default_instance_image) }}"
+    flavor:
+      ec2: "{{node_instance_type | default(default_instance_type) }}"
+    tags:
+      - key: "AnsibleGroup"
+        value: "nodes"
+      - key: "ostype"
+        value: "rhel"
+      - key: "instance_filter"
+        value: "{{ env_type }}-{{ email }}"
+    rootfs_size: "{{ default_rootfs_size }}"
+    security_groups:
+      - DefaultSG
+      - NodeSG
+
+# -------------------------------------------------
+# Ansible hosts_template.j2 inventory groups
+# -------------------------------------------------
+inventory_groups:
+  - nodes
diff --git a/ansible/configs/ansible-bu-workshop/destroy_env.yml b/ansible/configs/ansible-bu-workshop/destroy_env.yml
@@ -0,0 +1,18 @@
+---
+- name: Import default destroy playbook
+  import_playbook: ../../cloud_providers/{{cloud_provider}}_destroy_env.yml
+
+- name: Destroy Bookbag
+  hosts: localhost
+  connection: local
+  gather_facts: false
+  become: false
+  tasks:
+
+  - name: Include role to destroy Bookbag
+    when:
+    - bookbag_git_repo is defined
+    include_role:
+      name: bookbag
+    vars:
+      ACTION: destroy
diff --git a/ansible/configs/ansible-bu-workshop/files/hosts_template.j2 b/ansible/configs/ansible-bu-workshop/files/hosts_template.j2
@@ -0,0 +1,18 @@
+
+{% if groups.nodes is defined %}
+[web]
+{% for host in groups['nodes'] %}
+{{ host.split('.')[0] }} ansible_host={{ host }}
+{% endfor %}
+{% endif %}
+
+
+[control]
+ansible-1 ansible_host={{ groups['bastions'][0] }}
+
+[all:vars]
+timeout=60
+ansible_user={{ remote_user }}
+ansible_ssh_private_key_file="~/.ssh/{{ guid }}key.pem"
+ansible_ssh_common_args="-o StrictHostKeyChecking=no"
+ansible_become=true
diff --git a/ansible/configs/ansible-bu-workshop/files/ssh_config.j2 b/ansible/configs/ansible-bu-workshop/files/ssh_config.j2
@@ -0,0 +1,10 @@
+Host * 
+  User ec2-user
+  IdentityFile ~/.ssh/{{ guid }}key.pem
+  ForwardAgent yes
+  StrictHostKeyChecking no
+  ConnectTimeout 600
+  ConnectionAttempts 10
+  ControlMaster auto
+  ControlPath /tmp/%h-%r
+  ControlPersist 5m
diff --git a/ansible/configs/ansible-bu-workshop/post_infra.yml b/ansible/configs/ansible-bu-workshop/post_infra.yml
@@ -0,0 +1,13 @@
+- name: Step 002 Post Infrastructure
+  hosts: localhost
+  connection: local
+  become: false
+  gather_facts: false
+  tags:
+    - step002
+    - post_infrastructure
+  tasks:
+    - debug:
+        msg: "Step 002 Post Infrastructure"
+
+