AgnosticV, vars for AgnosticD
This repo contains the variables needed for catalog items present in RHPDS and labs.opentlc.com.
-
Separate code and data
-
Deploy the same way we develop, using a yaml file.
-
Easy onboarding of lab and demo creators
-
-
Contain catalog information (description, …)
-
Automatically generate catalog
-
-
Lab creators and Administrator will easily contribute to agnosticV
-
Easy maintenance (YAML files in a git repo)
-
Introduce good processes for contributing
-
Pull request
-
Peer review
-
Automatic tests
-
Syntax checking, Linters
-
Enforce policies (ex: "catalog item must have a description")
-
Detect non-documented variables
-
-
-
Risk mitigation: no more manual operations on the deployment servers
common.yaml
ACCOUNT/
common.yaml
CATALOGITEM1/
common.yaml
dev.yaml
test.yaml
prod.yaml
CATALOGITEM2/
common.yaml
dev.yaml
test.yaml
prod.yaml
When deploying, you provide 3 things to the deployer (scripts or tower).
-
ACCOUNT (for example
gpte,openshift,sandboxes-gpte, …) -
CATALOGITEM (for example
OCP_CLIENTVM) -
STAGE (
dev|test|prod)
The variable of the yaml files are then merged in this order:
-
common.yaml -
ACCOUNT/common.yaml -
ACCOUNT/CATALOGITEM/common.yaml -
ACCOUNT/CATALOGITEM/STAGE*.yaml(STAGE =dev|test|prod)
If a variable is defined in several YAML files, the definition in the last file has precedence over the others.
When a variable is present in more than one file:
-
if it’s a string, last definition will override previous
-
if it’s a list, last definition will override previous
-
if it’s a dictionary , all dictionaries will be merged
Regarding merging strategies for meta variables, see next section.
Variables are merged and then passed directly to ansible-playbook command.
If you want to change things happening before that, for example "specify what secrets to use", you have to configure your catalog item (or account) using variables from the agnosticv_meta dictionary.
| Variable name | type | default | Purpose | Merging strategy |
|---|---|---|---|---|
|
Boolean |
|
Set to true to deploy in a sandbox (AWS only). |
Overwrite |
|
Boolean |
|
Set to true to run aws-nuke on the sandbox when the service retires (AWS only). If set to If set to |
Overwrite |
|
Dictionary |
see |
This is the dictionary used to map BASH argument names passed by Cloudforms into ansible variable. |
Merge |
|
List |
|
This list defines the secret files to load. |
Append |
|
Number |
|
Number of hours after start/deploy to stop the environment. |
Overwrite |
|
Number |
|
Number of hours after deploy to stop the environment. |
Overwrite |
|
Number |
|
Number of hours after start to stop the environment. |
Overwrite |
|
String |
|
Repo URL for agnosticd |
Overwrite |
|
String |
|
git tag prefix to check out. The tags are sorted using Version sort and the latest tag is picked. |
Overwrite |
|
String |
|
git ref (branch, commit id, tag, …) to checkout |
Overwrite |
agnosticv_meta:
secrets:
- gpte
- ocp4_special_token
params_to_variables:
user: student_name-
Ensure a jenkins pipeline is present for the catalog item
-
If not, ideally create the pipeline. See jenkins.adoc in OPEN_Admin.
-
-
Run jenkins pipeline: should work.
-
Translate variables present in the deployment script (
OPEN_Admin/OPEN-Deployer/deploy_scripts/) into YAMLagnosticv -
Go into CloudForms and change the remote script
-
automation / automate / explorer / OPEN-Ansible-Deployer / State Machines / … / remoteScript
/home/opentlc-mgr/OPEN_Admin/OPENTLC-Deployer/deploy_scripts/${#className}.sh to /home/opentlc-mgr/OPEN_Admin/OPENTLC-Deployer/deploy_scripts/ALL_agnosticv.sh
-
-
Order service
-
test stop action from Clouforms
-
test start action from Clouforms
-
test status action from Clouforms
-
-
Run jenkins pipeline: should work.
-
Add comment in the old script to point to the new script and to agnosticv definition files.
Warning example######################################################################## # # # /!\ THIS FILE IS NOT USED ANYMORE /!\ # # # The DEV CLIENT VM catalog item vars are now defined here: # https://github.com/redhat-gpe/agnosticv/blob/master/common.yaml # https://github.com/redhat-gpe/agnosticv/blob/master/gpte/common.yaml # https://github.com/redhat-gpe/agnosticv/blob/master/gpte/OCP_CLIENTVM/dev.yaml # # # The deployment script used now is ALL_agnosticv.sh # # ########################################################################
-
After a month, grep the logs to ensure the old script was not called.
-
If it was, it means there is another catalog item that is using the script. Investigate.
-
If not, delete the old script.
-
######################################################################## # RHTE: for shared clusters, use account: RHTE # RHTE: for cluster per studnet, use sandboxes-GPTE # RHTE: Secrets: ssh to bastion to find rhte-ocp4 ########################################################################
-
First, use
merge.shto get a YAML file of your config. Indicate ACCOUNT CONFIG ENVExamplemerge.shcd agnosticv ./merge.sh sandboxes-gpte RHTE_A0007 dev > $HOME/config.yaml
-
Then run your agnosticD deployer
Exampleansible-playbookagnosticD#!/bin/bash ansible-playbook ./ansible/main.yml -e @./config.yaml -e @./secret.yaml -e guid=<a GUID>