This config is used to run OpenShift workloads on a single cluster or a list of clusters.
It is a config like any other agnosticd config and allows integration of this particular kind of deployment into our eco-system.
It can access a single cluster via a bastion or multiple clusters by direct connection the the cluster apis.
using-bastion.ymlcloud_provider: none
env_type: ocp-workloads
ocp_workloads:
- ocp4-workload-fuse-ignite
target_host: bastion.dev.mycluster.mydomain.com
#become_override: false
# If the ocp-workload supports it, you should specify the OCP user:
# ocp_username: myuser
# Usually the ocp-workloads want a GUID also:
# guid: changememulticluster-bastion.ymlcloud_provider: none guid: changeme env_type: ocp-workloads cluster_workloads: - name: ocp4_workload_authentication clusters: - openshift_app - openshift_db - name: ocp4_workload_mitzi_app clusters: - openshift_app - name: ocp4_workload_mitzi_db clusters: - openshift_db openshift_app: api_ca_cert: ... api_key: ... api_url: ... ocp4_workload_authentication_htpasswd_user_name: app-user openshift_db: api_ca_cert: ... api_key: ... api_url: ... ocp4_workload_authentication_htpasswd_user_name: db-user ocp4_workload_authentication_idm_type: htpasswd ocp4_workload_authentication_htpasswd_user_count: 1
cd agnosticd/ansible
ansible-playbook main.yml -e @vars.ymlJust run the following:
cd agnosticd/ansible
ansible-playbook destroy.yml -e @vars.ymlIt will run the ocp-workload role with ACTION=destroy.
The lifecycle_entry_point.yml playbook can be used as well.
It will just run the workload passing the ACTION variable. Just make sure to implement the action stop, start, status in the ocp-workloads.
This variable allows configuration to run workloads across multiple clusters. This feature is currently only supported with direct connection from localhost.
The cluster_workloads array must specify target clusters whose names correspond to variables than hold connection configuration for the cluster as shown in the example above.
Cluster specific workload variables may be passed within the cluster variables.
Variables must follow the convention of beginning with the workload name
followed by an underscore and not be set at the top-level as the set_fact call
used to pass the variable to the workload cannot override a variable passed with
Ansible extra vars.
This variable correspond to run workloads on a single cluster using a bastion host to run oc commands or k8s type ansible tasks.
You can specify the target host in three different ways.
target_host: localhostThis will execute the workload from localhost. It requires that whatever host the playbook is run from is authenticated to the OpenShift cluster.
If you want to just specify:
target_host: bastion.dev.mycluster.mydomain.comThen you need to configure ssh properly to be able to connect to that host.
Just make sure the command ssh bastion.dev.mycluster.mydomain.com works.
You can specify the bastion host using a dictionary. This is useful is you need to specify the user, port, ssh_key to use, etc.
target_host:
ansible_host: bastion.babydev.babylon.open.redhat.com
ansible_port: 22
ansible_user: ec2-user
#ansible_ssh_private_key_content: "{{ ssh_private_key_content }}"
ansible_ssh_private_key_file: ~/.ssh/admin_key.pem
#ansible_ssh_extra_args: ...|
Note
|
you can add the ansible_ssh_private_key_content to a secret file or a vault. The config will create the key using that content in the directory output_dir/ and use it to connect to the bastion. The key will then be deleted when the playbook ends, see cleanup.yml.
|
-
But i want to run my workload as root on the bastion!
Just use the var become_override. Set it to true in your var file. Most ocp-workloads implement that variable.
main.yml in ocp-workload- name: Running Workload Tasks
import_tasks: ./workload.yml
become: "{{ become_override | bool }}"
when: ACTION == "create" or ACTION == "provision"