-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathsetup.yaml
94 lines (94 loc) · 3.76 KB
/
setup.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
- hosts: openshift
gather_facts: false
tasks:
- name: Set number of apps
set_fact:
num_apps: "{{ (num_dc | int) / 5 }}"
- name: Login
when: oc_username is defined and oc_password is defined
command: "oc login --username={{ oc_username }} --password={{ oc_password }}"
- name: Check namespace presence
command: "oc get project {{ namespace }}"
register: ns_exists
failed_when: false
- name: Create namespace
when: ns_exists.rc != 0
command: "oc new-project {{ namespace }}"
# - name: Add policy allowing privileged containers
# when: use_istio | bool
# command: "oc adm policy add-scc-to-user privileged -z default -n {{ namespace }}"
- name: Switch namespace
command: "oc project {{ namespace }}"
failed_when: false
- name: Clean leftovers from previous test
include_tasks: delete-resources.yaml
when: ns_exists.rc == 0
- name: Get temporary services files
tempfile:
prefix: services-
suffix: .yaml
register: services
- name: Generate services CRs
template:
src: services.yaml.j2
dest: "{{ services.path }}"
- name: Apply services
command: "oc apply -f {{ services.path }}"
- name: Drop temporary services file
file:
path: "{{ services.path }}"
state: absent
- name: Setup Istio routing
when: use_istio | bool
block:
- name: Generate gateway certificates
command: openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /tmp/app.key -out /tmp/app.crt -subj "/CN=*.{{ wildcard_domain }}/O=app"
- name: Drop old certificates
command: "oc delete secret istio-ingressgateway-certs -n {{ control_plane }}"
failed_when: false
- name: Apply certificates to ingressgateway
command: "oc create -n {{ control_plane }} secret tls istio-ingressgateway-certs --key /tmp/app.key --cert /tmp/app.crt"
# For some reason the update on gateway requires resourceVersion
- name: Delete old gateway
command: "oc delete gateway app-gateway -n {{ namespace }}"
failed_when: false
- name: Get temporary routing files
tempfile:
prefix: routing-
suffix: .yaml
register: routing
- name: Generate routing CRs
template:
src: routing.yaml.j2
dest: "{{ routing.path }}"
- name: Apply routing
command: "oc apply -f {{ routing.path }}"
- name: Drop temporary routing file
file:
path: "{{ routing.path }}"
state: absent
- name: Create passthrough routes
when: control_plane == 'istio-system' and target == 'routers'
block:
- name: Drop existing routes
command: "oc delete route --all -n {{ control_plane }}"
failed_when: false
- name: Expose route
command: "oc create route passthrough app-{{ item }} -n {{ control_plane }} --service=istio-ingressgateway --port=8443 --hostname=app-{{ item }}.{{ wildcard_domain }}"
loop: "{{ range(1, (num_apps | int) + 1, 1) | list }}"
- name: Setup native Openshift routing
when: not (use_istio | bool)
block:
- name: Drop existing routes
command: "oc delete route --all -n {{ namespace }}"
failed_when: false
- name: Expose route
command: "oc create route reencrypt app-{{ item }} --cert=/home/rvansa/workspace/mannequin/src/main/resources/domain.crt --key=/home/rvansa/workspace/mannequin/src/main/resources/domain.key --service=app-{{ item }} --port=8443 --hostname=app-{{ item }}.{{ wildcard_domain }}"
loop: "{{ range(1, (num_apps | int) + 1, 1) | list }}"
- name: Generate deployment configs
include_tasks: generate-dc.yaml
- name: Wait for pods to come up
shell: "{{ playbook_dir }}/wait-for-pods.sh {{ namespace }} \"{{ pod_pattern }}\" {{ num_dc }}"
- hosts: hyperfoil_controller
roles:
- hyperfoil.hyperfoil_setup