Upload
rromannissen
View
354
Download
0
Embed Size (px)
Citation preview
AUTOMATIZACIÓN DE DESPLIEGUES EN
OPENSHIFT CON ANSIBLE TOWER
Ramón Román NissenSenior Middleware [email protected]@rromannissen
Ramón Román NissenSenior Middleware [email protected]@rromannissen
OJOCUIDAOEsta no es una charla oficial de Red Hat. Las
opiniones y enfoques técnicos son propios y no necesariamente están alineados con los de Red Hat
JENKINS PIPELINE
CREATE PROJECTS
BUILD IMAGECONFIGURE PROJECTS
TAG IMAGESCREATE
OBJECTS
ACTORES
ORGANIZATION
PROJECT 1 INVENTORY 1
INVENTORY N
INVENTORY SCRIPT 1
INVENTORY SCRIPT N
NOTIFICATION 1
NOTIFICATION N
CREDENTIAL 1
CREDENTIAL N
JOB TEMPLATE 1
JOB TEMPLATE N
JOB TEMPLATE
PLAYBOOK
INVENTORY
VARIABLE 1
VARIABLE N
VARIABLE N+1
VARIABLE M
SURVEY PROMPT 1
SURVEY PROMPT N
PROJECT
Repo \_ roles \_ check_availability \_ tasks \_ templates \_ download_artifacts \_ copy_modules \_ deploy_aftifacts \_ check_deployment \_ notify_mail\_ eap_deployment.yml
roles: - check_availability - download_artifacts - copy_modules - deploy_artifacts - check_deployment - notify_mail
JOB N
Version: 3.0.4JOB 2
Version: 3.0.4JOB 1
Version: 3.0.4
JOB TEMPLATE NInventory: Inventory 1Playbook: eap_deploymentVariables: - artifact_group: com.ins - artifact_id: webportal - nexus_url: ins.com/nexus - admin_mail: [email protected]: - version
JOB TEMPLATE 2Inventory: Inventory 1Playbook: eap_deploymentVariables: - artifact_group: com.ins - artifact_id: webportal - nexus_url: ins.com/nexus - admin_mail: [email protected]: - version
JOB TEMPLATE 1Inventory: Inventory 1Playbook: eap_deploymentVariables: - artifact_group: com.ins - artifact_id: webportal - nexus_url: ins.com/nexusSurveys: - version
INVENTORY N
[appserver]eap1.ins.comeap2.ins.com[webserver]httpd1.ins.com[db]posgres.ins.com
INVENTORY 2
[appserver]eap1.ins.comeap2.ins.com[webserver]httpd1.ins.com[db]posgres.ins.com
INVENTORY 1
[appserver]eap1.ins.comeap2.ins.com[webserver]httpd1.ins.com[db]posgres.ins.com
ARQUITECTURA
INTERNAL DOCKER REGISTRYDOCKER DAEMON
TOWER CLI
OPENSHIFT CLI OPENSHIFT API
INTERNAL DOCKER REGISTRYDOCKER DAEMON
TOWER CLI
OPENSHIFT CLI OPENSHIFT API
HOST
APLICACIÓN
https://github.com/gshipley/openshift3mlbparks
https://github.com/gshipley/openshift3mlbparks
https://www.openshift.com/promotions/for-developers.html
POD
POD
POD
SECRET VOLUME
USERNAME PASSWORD
/tmp/secret
STAGES
JENKINS PIPELINE
CREATE PROJECTS
BUILD IMAGE
CONFIGURE PROJECTS
TAG IMAGES
CREATE OBJECTS
JENKINS PIPELINE
CREATE PROJECTS
BUILD IMAGE
CONFIGURE PROJECTS
TAG IMAGES
CREATE OBJECTS
---- name: '[Global] Create projects' hosts: bastion become: false roles:
- role: ocp_login- role: create_projects
- name: '[Create Projects] Create DEV project' command: "{{ OC_CLIENT_PATH }}/oc new-project {{ SERVICE_NAME }}-dev" register: result ignore_errors: True
...
JENKINS PIPELINE
CREATE PROJECTS
BUILD IMAGE
CONFIGURE PROJECTS
TAG IMAGES
CREATE OBJECTS
---- name: '[Global] Build Image' hosts: bastion become: false roles:
- role: ocp_login- role: create-clean-workspace- role: build_image
- name: '[Build Image] Get user token' command: "{{ OC_CLIENT_PATH }}/oc whoami -t" register: whoami_result
- name: '[Build Image] Login to OCP registry' command: "docker login -u {{ OCP_USER }} -p {{ whoami_result.stdout }} {{ OC_REGISTRY_URL }}" register: login_result until: login_result.stderr == "" retries: 10 delay: 3
- name: '[Build Image] Build image from Dockerfile' command: "docker build -t {{ OC_REGISTRY_URL }}/ {{ SERVICE_NAME }}-dev/{{ SERVICE_NAME }} {{ DOWNLOAD_PATH }} /{{ SERVICE_NAME }}"
- name: '[Build Image] Push image to the OCP registry' command: "docker push {{ OC_REGISTRY_URL }}/{{ SERVICE_NAME}} -dev/{{ SERVICE_NAME }}" register: push_result until: push_result.stderr == "" retries: 10 delay: 3
JENKINS PIPELINE
CREATE PROJECTS
BUILD IMAGE
CONFIGURE PROJECTS
TAG IMAGES
CREATE OBJECTS
---- name: '[Global] Configure projects' hosts: bastion become: false roles:
- role: ocp_login- role: create-clean-workspace- role: config_project
SECRET VOLUME
USERNAME PASSWORD
POD
SECRET VOLUME
USERNAME PASSWORD
POD
/tmp/secret
{ "apiVersion": "v1", "kind": "Secret", "metadata": { "name": "db-secret" }, "namespace": "{{ SERVICE_NAME }}", "data": { "username": "{{ item.user| b64encode }}", "password": "{{ item.pass | b64encode }}" }}
- name: '[Configure Projects] Create secret file from template' template:
src: db-secret.json.j2dest: "{{ DOWNLOAD_PATH }}/{{ SERVICE_NAME
}}/db-secret-{{item.env}}.json" with_items: - { env: "dev", user: "{{ DB_USER_DEV }}", pass: "{{ DB_PASS_DEV }}"} - { env: "pre", user: "{{ DB_USER_PRE }}", pass: "{{ DB_PASS_PRE }}"} - { env: "pro", user: "{{ DB_USER_PRO }}", pass: "{{ DB_PASS_PRO }}"}
- name: '[Configure Projects] Create DEV secret' command: "{{ OC_CLIENT_PATH }}/oc create -f {{ DOWNLOAD_PATH }}/{{ SERVICE_NAME }}/db-secret-dev.json"
- name: '[Configure Projects] Create DEV template' command: "{{ OC_CLIENT_PATH }}/oc create -f {{ DOWNLOAD_PATH }}/{{ SERVICE_NAME }}/template.json"
- name: '[Configure Projects] Enable image pulling from DEV' command: "{{ OC_CLIENT_PATH }}/oc policy add-role-to-group system:image-puller system:serviceaccounts:{{ SERVICE_NAME }}-{{ item.env }} --namespace={{ SERVICE_NAME }}-dev" with_items:
- { env: "pre"}- { env: "pro"}
when: result|succeeded
JENKINS PIPELINE
CREATE PROJECTS
BUILD IMAGE
CONFIGURE PROJECTS
TAG IMAGES
CREATE OBJECTS
---- name: '[Global] Tag Images' hosts: bastion become: false roles:
- role: ocp_login- role: tag_images
- name: '[Tag Images] Tag DEV image' command: "{{ OC_CLIENT_PATH }}/oc tag {{ SERVICE_NAME }} :latest {{ SERVICE_NAME }}:{{ SERVICE_NAME }}-dev"
- name: '[Tag Images] Tag PRE image' command: "{{ OC_CLIENT_PATH }}/oc tag {{ SERVICE_NAME }} :latest {{ SERVICE_NAME }}:{{ SERVICE_NAME }}-pre" when: (TARGET_ENVIRONMENT == "PRE") or (TARGET_ENVIRONMENT == "PRO")
- name: '[Tag Images] Tag PRO image' command: "{{ OC_CLIENT_PATH }}/oc tag {{ SERVICE_NAME }} :latest {{ SERVICE_NAME }}:{{ SERVICE_NAME }}-pro" when: (TARGET_ENVIRONMENT == "PRO")
JENKINS PIPELINE
CREATE PROJECTS
BUILD IMAGE
CONFIGURE PROJECTS
TAG IMAGES
CREATE OBJECTS
- name: '[Create Objects] Process template' command: "{{ OC_CLIENT_PATH }}/oc process {{ TEMPLATE_NAME }} -v APPLICATION_NAME={{ SERVICE_NAME }} ,ENV={{ ENV }},MONGODB_USER={{ MONGODB_USER }} ,MONGODB_PASSWORD={{ MONGODB_PASSWORD }} ,MONGODB_DATABASE={{ MONGODB_DATABASE }} ,MONGODB_ADMIN_PASSWORD={{ MONGODB_ADMIN_PASSWORD }} ,CONTEXT={{ ARTIFACT_ID }}-{{ ARTIFACT_VERSION }}" register: output
- name: '[Create Objects] Create objects file' copy:
content: "{{ output.stdout }}"dest: "{{ DOWNLOAD_PATH }}/{{ SERVICE_NAME }}
/objects.json"
- name: '[Create Objects] Create objects from file' command: "{{ OC_CLIENT_PATH }}/oc create -f {{ DOWNLOAD_PATH }}/{{ SERVICE_NAME }}/objects.json" ignore_errors: True
DEMO
GRACIAS!!