Merge pull request #5682 from tbielawa/openshift_management

Rename openshift_cfme role to openshift_management

8 files changed, 487 insertions, 0 deletions

diff --git a/roles/openshift_management/tasks/accounts.yml b/roles/openshift_management/tasks/accounts.yml
new file mode 100644
index 000000000..e45ea8d43
--- /dev/null
+++ b/roles/openshift_management/tasks/accounts.yml
@@ -0,0 +1,28 @@
+---
+# This role task file is responsible for user/system account creation,
+# and ensuring correct access is provided as required.
+- name: Ensure the CFME system accounts exist
+  oc_serviceaccount:
+    namespace: "{{ openshift_management_project }}"
+    state: present
+    name: "{{ openshift_management_flavor_short }}{{ item.name }}"
+  with_items:
+    - "{{ __openshift_system_account_sccs }}"
+
+- name: Ensure the CFME system accounts have all the required SCCs
+  oc_adm_policy_user:
+    namespace: "{{ openshift_management_project }}"
+    user: "system:serviceaccount:{{ openshift_management_project }}:{{ openshift_management_flavor_short }}{{ item.name }}"
+    resource_kind: scc
+    resource_name: "{{ item.resource_name }}"
+  with_items:
+    - "{{ __openshift_system_account_sccs }}"
+
+- name: Ensure the CFME system accounts have the required roles
+  oc_adm_policy_user:
+    namespace: "{{ openshift_management_project }}"
+    user: "system:serviceaccount:{{ openshift_management_project }}:{{ openshift_management_flavor_short }}{{ item.name }}"
+    resource_kind: role
+    resource_name: "{{ item.resource_name }}"
+  with_items:
+    - "{{ __openshift_management_system_account_roles }}"
diff --git a/roles/openshift_management/tasks/main.yml b/roles/openshift_management/tasks/main.yml
new file mode 100644
index 000000000..86c4d0010
--- /dev/null
+++ b/roles/openshift_management/tasks/main.yml
@@ -0,0 +1,79 @@
+---
+######################################################################)
+# Users, projects, and privileges
+
+- name: Run pre-install CFME validation checks
+  include: validate.yml
+
+- name: "Ensure the CFME '{{ openshift_management_project }}' namespace exists"
+  oc_project:
+    state: present
+    name: "{{ openshift_management_project }}"
+    display_name: "{{ openshift_management_project_description }}"
+
+- name: Create and Authorize CFME Accounts
+  include: accounts.yml
+
+######################################################################
+# STORAGE - Initialize basic storage class
+#---------------------------------------------------------------------
+# * nfs - set up NFS shares on the first master for a proof of concept
+- name: Create required NFS exports for CFME app storage
+  include: storage/nfs.yml
+  when: openshift_management_storage_class == 'nfs'
+
+#---------------------------------------------------------------------
+# * external - NFS again, but pointing to a pre-configured NFS server
+- name: Note Storage Type -  External NFS
+  debug:
+    msg: "Setting up external NFS storage, openshift_management_storage_class is {{ openshift_management_storage_class }}"
+  when: openshift_management_storage_class == 'nfs_external'
+
+#---------------------------------------------------------------------
+# * cloudprovider - use an existing cloudprovider based storage
+- name: Note Storage Type - Cloud Provider
+  debug:
+    msg: Validating cloud provider storage type, openshift_management_storage_class is 'cloudprovider'
+  when: openshift_management_storage_class == 'cloudprovider'
+
+#---------------------------------------------------------------------
+# * preconfigured - don't do anything, assume it's all there ready to go
+- name: Note Storage Type - Preconfigured
+  debug:
+    msg: Skipping storage configuration, openshift_management_storage_class is 'preconfigured'
+  when: openshift_management_storage_class == 'preconfigured'
+
+######################################################################
+# APPLICATION TEMPLATE
+- name: Install the CFME app and PV templates
+  include: template.yml
+
+######################################################################
+# APP & DB Storage
+
+# For local/external NFS backed installations
+- name: "Create the required App and DB PVs using {{ openshift_management_storage_class }}"
+  include: storage/create_nfs_pvs.yml
+  when:
+    - openshift_management_storage_class in ['nfs', 'nfs_external']
+
+######################################################################
+# CREATE APP
+- name: Note the correct ext-db template name
+  set_fact:
+    openshift_management_template_name: "{{ openshift_management_flavor }}-ext-db"
+  when:
+    - openshift_management_app_template in ['miq-template-ext-db', 'cfme-template-ext-db']
+
+- name: Note the correct podified db template name
+  set_fact:
+    openshift_management_template_name: "{{ openshift_management_flavor }}"
+  when:
+    - openshift_management_app_template in ['miq-template', 'cfme-template']
+
+- name: Ensure the CFME App is created
+  oc_process:
+    namespace: "{{ openshift_management_project }}"
+    template_name: "{{ openshift_management_template_name }}"
+    create: True
+    params: "{{ openshift_management_template_parameters }}"
diff --git a/roles/openshift_management/tasks/storage/create_nfs_pvs.yml b/roles/openshift_management/tasks/storage/create_nfs_pvs.yml
new file mode 100644
index 000000000..31c845725
--- /dev/null
+++ b/roles/openshift_management/tasks/storage/create_nfs_pvs.yml
@@ -0,0 +1,69 @@
+---
+# Create the required PVs for the App and the DB
+- name: Note the App PV Size from Template Parameters
+  set_fact:
+    openshift_management_app_pv_size: "{{ openshift_management_template_parameters.APPLICATION_VOLUME_CAPACITY }}"
+  when:
+    - openshift_management_template_parameters.APPLICATION_VOLUME_CAPACITY is defined
+
+- name: Note the App PV Size from defaults
+  set_fact:
+    openshift_management_app_pv_size: "{{ __openshift_management_app_pv_size }}"
+  when:
+    - openshift_management_template_parameters.APPLICATION_VOLUME_CAPACITY is not defined
+
+- when: openshift_management_app_template in ['miq-template', 'cfme-template']
+  block:
+    - name: Note the DB PV Size from Template Parameters
+      set_fact:
+        openshift_management_db_pv_size: "{{ openshift_management_template_parameters.DATABASE_VOLUME_CAPACITY }}"
+      when:
+        - openshift_management_template_parameters.DATABASE_VOLUME_CAPACITY is defined
+
+    - name: Note the DB PV Size from defaults
+      set_fact:
+        openshift_management_db_pv_size: "{{ __openshift_management_db_pv_size }}"
+      when:
+        - openshift_management_template_parameters.DATABASE_VOLUME_CAPACITY is not defined
+
+- name: Check if the CFME App PV has been created
+  oc_obj:
+    namespace: "{{ openshift_management_project }}"
+    state: list
+    kind: pv
+    name: "{{ openshift_management_flavor_short }}-app"
+  register: miq_app_pv_check
+
+- name: Check if the CFME DB PV has been created
+  oc_obj:
+    namespace: "{{ openshift_management_project }}"
+    state: list
+    kind: pv
+    name: "{{ openshift_management_flavor_short }}-db"
+  register: miq_db_pv_check
+  when:
+    - openshift_management_app_template in ['miq-template', 'cfme-template']
+
+- name: Ensure the CFME App PV is created
+  oc_process:
+    namespace: "{{ openshift_management_project }}"
+    template_name: "{{ openshift_management_flavor }}-app-pv"
+    create: True
+    params:
+      PV_SIZE: "{{ openshift_management_app_pv_size }}"
+      BASE_PATH: "{{ openshift_management_storage_nfs_base_dir }}"
+      NFS_HOST: "{{ openshift_management_nfs_server }}"
+  when: miq_app_pv_check.results.results == [{}]
+
+- name: Ensure the CFME DB PV is created
+  oc_process:
+    namespace: "{{ openshift_management_project }}"
+    template_name: "{{ openshift_management_flavor }}-db-pv"
+    create: True
+    params:
+      PV_SIZE: "{{ openshift_management_db_pv_size }}"
+      BASE_PATH: "{{ openshift_management_storage_nfs_base_dir }}"
+      NFS_HOST: "{{ openshift_management_nfs_server }}"
+  when:
+    - openshift_management_app_template in ['miq-template', 'cfme-template']
+    - miq_db_pv_check.results.results == [{}]
diff --git a/roles/openshift_management/tasks/storage/nfs.yml b/roles/openshift_management/tasks/storage/nfs.yml
new file mode 100644
index 000000000..696808328
--- /dev/null
+++ b/roles/openshift_management/tasks/storage/nfs.yml
@@ -0,0 +1,67 @@
+---
+# Tasks to statically provision NFS volumes
+# Include if not using dynamic volume provisioning
+
+- name: Ensure we save the local NFS server if one is provided
+  set_fact:
+    openshift_management_nfs_server: "{{ openshift_management_storage_nfs_local_hostname }}"
+  when:
+    - openshift_management_storage_nfs_local_hostname is defined
+    - openshift_management_storage_nfs_local_hostname != False
+    - openshift_management_storage_class == "nfs"
+
+- name: Ensure we save the local NFS server
+  set_fact:
+    openshift_management_nfs_server: "{{ groups['oo_nfs_to_config'].0 }}"
+  when:
+    - openshift_management_nfs_server is not defined
+    - openshift_management_storage_class == "nfs"
+
+- name: Ensure we save the external NFS server
+  set_fact:
+    openshift_management_nfs_server: "{{ openshift_management_storage_nfs_external_hostname }}"
+  when:
+    - openshift_management_storage_class == "nfs_external"
+
+- name: Failed NFS server detection
+  assert:
+    that:
+      - openshift_management_nfs_server is defined
+    msg: |
+      "Unable to detect an NFS server. The 'nfs_external'
+      openshift_management_storage_class option requires that you set
+      openshift_management_storage_nfs_external_hostname. NFS hosts detected
+      for local nfs services: {{ groups['oo_nfs_to_config'] | join(', ') }}"
+
+- name: Setting up NFS storage
+  block:
+    - name: Include the NFS Setup role tasks
+      include_role:
+        role: openshift_nfs
+        tasks_from: setup
+      vars:
+        l_nfs_base_dir: "{{ openshift_management_storage_nfs_base_dir }}"
+
+    - name: Create the App export
+      include_role:
+        role: openshift_nfs
+        tasks_from: create_export
+      vars:
+        l_nfs_base_dir: "{{ openshift_management_storage_nfs_base_dir }}"
+        l_nfs_export_config: "{{ openshift_management_flavor_short }}"
+        l_nfs_export_name: "{{ openshift_management_flavor_short }}-app"
+        l_nfs_options: "*(rw,no_root_squash,no_wdelay)"
+
+    - name: Create the DB export
+      include_role:
+        role: openshift_nfs
+        tasks_from: create_export
+      vars:
+        l_nfs_base_dir: "{{ openshift_management_storage_nfs_base_dir }}"
+        l_nfs_export_config: "{{ openshift_management_flavor_short }}"
+        l_nfs_export_name: "{{ openshift_management_flavor_short }}-db"
+        l_nfs_options: "*(rw,no_root_squash,no_wdelay)"
+      when:
+        - openshift_management_app_template in ['miq-template', 'cfme-template']
+
+  delegate_to: "{{ openshift_management_nfs_server }}"
diff --git a/roles/openshift_management/tasks/storage/storage.yml b/roles/openshift_management/tasks/storage/storage.yml
new file mode 100644
index 000000000..d8bf7aa3e
--- /dev/null
+++ b/roles/openshift_management/tasks/storage/storage.yml
@@ -0,0 +1,3 @@
+---
+- include: nfs.yml
+  when: not (openshift_cloudprovider_kind is defined and (openshift_cloudprovider_kind == 'aws' or openshift_cloudprovider_kind == 'gce'))
diff --git a/roles/openshift_management/tasks/template.yml b/roles/openshift_management/tasks/template.yml
new file mode 100644
index 000000000..299158ac4
--- /dev/null
+++ b/roles/openshift_management/tasks/template.yml
@@ -0,0 +1,128 @@
+---
+# Tasks for ensuring the correct CFME templates are landed on the remote system
+
+######################################################################
+# CFME App Template
+#
+# Note, this is different from the create_nfs_pvs.yml tasks in that
+# the application template does not require any jinja2 evaluation.
+#
+# TODO: Handle the case where the server or PV templates are updated
+# in openshift-ansible and the change needs to be landed on the
+# managed cluster.
+
+######################################################################
+# STANDARD PODIFIED DATABASE TEMPLATE
+- when: openshift_management_app_template in ['miq-template', 'cfme-template']
+  block:
+  - name: Check if the CFME Server template has been created already
+    oc_obj:
+      namespace: "{{ openshift_management_project }}"
+      state: list
+      kind: template
+      name: "{{ openshift_management_flavor }}"
+    register: miq_server_check
+
+  - when: miq_server_check.results.results == [{}]
+    block:
+    - name: Copy over CFME Server template
+      copy:
+        src: "templates/{{ openshift_management_flavor }}/{{ openshift_management_flavor_short }}-template.yaml"
+        dest: "{{ template_dir }}/"
+
+    - name: Ensure CFME Server Template is created
+      oc_obj:
+        namespace: "{{ openshift_management_project }}"
+        name: "{{ openshift_management_flavor }}"
+        state: present
+        kind: template
+        files:
+        - "{{ template_dir }}/{{ openshift_management_flavor_short }}-template.yaml"
+
+######################################################################
+# EXTERNAL DATABASE TEMPLATE
+- when: openshift_management_app_template in ['miq-template-ext-db', 'cfme-template']
+  block:
+  - name: Check if the CFME Ext-DB Server template has been created already
+    oc_obj:
+      namespace: "{{ openshift_management_project }}"
+      state: list
+      kind: template
+      name: "{{ openshift_management_flavor }}-ext-db"
+    register: miq_ext_db_server_check
+
+  - when: miq_ext_db_server_check.results.results == [{}]
+    block:
+    - name: Copy over CFME Ext-DB Server template
+      copy:
+        src: "templates/{{ openshift_management_flavor }}/{{openshift_management_flavor_short}}-template-ext-db.yaml"
+        dest: "{{ template_dir }}/"
+
+    - name: Ensure CFME Ext-DB Server Template is created
+      oc_obj:
+        namespace: "{{ openshift_management_project }}"
+        name: "{{ openshift_management_flavor }}-ext-db"
+        state: present
+        kind: template
+        files:
+        - "{{ template_dir }}/{{ openshift_management_flavor_short }}-template-ext-db.yaml"
+
+# End app template creation.
+######################################################################
+
+######################################################################
+# Begin conditional PV template creations
+
+# Required for the application server
+- name: Check if the CFME App PV template has been created already
+  oc_obj:
+    namespace: "{{ openshift_management_project }}"
+    state: list
+    kind: template
+    name: "{{ openshift_management_flavor }}-app-pv"
+  register: miq_app_pv_check
+
+- when: miq_app_pv_check.results.results == [{}]
+  block:
+  - name: Copy over CFME App PV template
+    copy:
+      src: "templates/{{ openshift_management_flavor }}/{{ openshift_management_flavor_short }}-pv-server-example.yaml"
+      dest: "{{ template_dir }}/"
+
+  - name: Ensure CFME App PV Template is created
+    oc_obj:
+      namespace: "{{ openshift_management_project }}"
+      name: "{{ openshift_management_flavor }}-app-pv"
+      state: present
+      kind: template
+      files:
+      - "{{ template_dir }}/{{ openshift_management_flavor_short }}-pv-server-example.yaml"
+
+#---------------------------------------------------------------------
+
+# Required for database if the installation is fully podified
+- when: openshift_management_app_template in ['miq-template', 'cfme-template']
+  block:
+  - name: Check if the CFME DB PV template has been created already
+    oc_obj:
+      namespace: "{{ openshift_management_project }}"
+      state: list
+      kind: template
+      name: "{{ openshift_management_flavor }}-db-pv"
+    register: miq_db_pv_check
+
+  - when: miq_db_pv_check.results.results == [{}]
+    block:
+    - name: Copy over CFME DB PV template
+      copy:
+        src: "templates/{{ openshift_management_flavor }}/{{ openshift_management_flavor_short }}-pv-db-example.yaml"
+        dest: "{{ template_dir }}/"
+
+    - name: Ensure CFME DB PV Template is created
+      oc_obj:
+        namespace: "{{ openshift_management_project }}"
+        name: "{{ openshift_management_flavor }}-db-pv"
+        state: present
+        kind: template
+        files:
+        - "{{ template_dir }}/{{ openshift_management_flavor_short }}-pv-db-example.yaml"
diff --git a/roles/openshift_management/tasks/uninstall.yml b/roles/openshift_management/tasks/uninstall.yml
new file mode 100644
index 000000000..09fbc609f
--- /dev/null
+++ b/roles/openshift_management/tasks/uninstall.yml
@@ -0,0 +1,23 @@
+---
+- name: Start removing all the objects
+  command: "oc delete -n {{ openshift_management_project }} {{ item }} --all"
+  with_items:
+    - rc
+    - dc
+    - po
+    - svc
+    - pv
+    - pvc
+    - statefulsets
+    - routes
+
+- name: Remove the project
+  command: "oc delete -n {{ openshift_management_project }} project {{ openshift_management_project }}"
+
+- name: Verify project has been destroyed
+  command: "oc get project {{ openshift_management_project }}"
+  ignore_errors: True
+  register: project_terminated
+  until: project_terminated.stderr.find("NotFound") != -1
+  delay: 5
+  retries: 30
diff --git a/roles/openshift_management/tasks/validate.yml b/roles/openshift_management/tasks/validate.yml
new file mode 100644
index 000000000..8b20bdc5e
--- /dev/null
+++ b/roles/openshift_management/tasks/validate.yml
@@ -0,0 +1,90 @@
+---
+# Validate configuration parameters passed to the openshift_management role
+
+######################################################################
+# CORE PARAMETERS
+- name: Ensure openshift_management_app_template is valid
+  assert:
+    that:
+      - openshift_management_app_template in __openshift_management_app_templates
+
+    msg: |
+      "openshift_management_app_template must be one of {{
+      __openshift_management_app_templates | join(', ') }}"
+
+- name: Ensure openshift_management_storage_class is a valid type
+  assert:
+    that:
+      - openshift_management_storage_class in __openshift_management_storage_classes
+    msg: |
+      "openshift_management_storage_class must be one of {{
+      __openshift_management_storage_classes | join(', ') }}"
+
+######################################################################
+# STORAGE PARAMS - NFS
+- name: Ensure external NFS storage has a valid NFS server hostname defined
+  assert:
+    that:
+      - openshift_management_storage_nfs_external_hostname | default(False)
+    msg: |
+      The selected storage class 'nfs_external' requires a valid
+      hostname for the openshift_management_storage_nfs_hostname parameter
+  when:
+    - openshift_management_storage_class == 'nfs_external'
+
+- name: Ensure local NFS storage has a valid NFS server to use
+  fail:
+    msg: |
+      No NFS hosts detected or defined but storage class is set to
+      'nfs'. Add hosts to your [nfs] group or define one manually with
+      the 'openshift_management_storage_nfs_local_hostname' parameter
+  when:
+    - openshift_management_storage_class == 'nfs'
+    # You haven't created any NFS groups
+    - (groups.nfs is defined and groups.nfs | length == 0) or (groups.nfs is not defined)
+    # You did not manually specify a host to use
+    - (openshift_management_storage_nfs_local_hostname is not defined) or (openshift_management_storage_nfs_local_hostname == false)
+
+######################################################################
+# STORAGE PARAMS  -CLOUD PROVIDER
+- name: Validate Cloud Provider storage class
+  assert:
+    that:
+      - openshift_cloudprovider_kind == 'aws' or openshift_cloudprovider_kind == 'gce'
+    msg: |
+      openshift_management_storage_class is 'cloudprovider' but you have an
+      invalid kind defined, '{{ openshift_cloudprovider_kind }}'. See
+      'openshift_cloudprovider_kind' in the example inventories for
+      the required parameters for your selected cloud
+      provider. Working providers: 'aws' and 'gce'.
+  when:
+    - openshift_management_storage_class == 'cloudprovider'
+    - openshift_cloudprovider_kind is defined
+
+- name: Validate 'cloudprovider' Storage Class has required parameters defined
+  assert:
+    that:
+      - openshift_cloudprovider_kind is defined
+    msg: |
+      openshift_management_storage_class is 'cloudprovider' but you do not
+      have 'openshift_cloudprovider_kind' defined, this is
+      required. Search the example inventories for
+      'openshift_cloudprovider_kind'. The required parameters for your
+      selected cloud provider must be defined in your inventory as
+      well. Working providers: 'aws' and 'gce'.
+  when:
+    - openshift_management_storage_class == 'cloudprovider'
+
+######################################################################
+# DATABASE CONNECTION VALIDATION
+- name: Validate all required database parameters were provided for ext-db template
+  assert:
+    that:
+      - item in openshift_management_template_parameters
+    msg: |
+      "You are using external database services but a required
+      database parameter {{ item }} was not found in
+      'openshift_management_template_parameters'"
+  with_items: "{{ __openshift_management_required_db_conn_params }}"
+  when:
+    - openshift_management_app_template in ['miq-template-ext-db', 'cfme-template-ext-db']