rht
/
ocp-ing-ichp-materials


			
				
					
						
						
							12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576
							---
# Creates an ICHP-like project in the cluster.
#
# Pass variables to this playbook on the command line (-e):
#
#   user:         the user requesting the project (role.requester)
#   project:      the name of the project (role.name)
#   rbac:         last token of "ichp-project-${foo}"
#                 (admin, editor, viewer, debugger)
#                 (becomes role.rbac_level, defaults to "editor")
#
# For anything more complex, create a vars file and load it (-e @file.yml).
# See the structure of the vars below. Generally do not set egress_ip.
#
# TODO: establish egress IP? (openshift.egress_range)
# TODO: remove egress IPs without their corresponding projects
#
- name: Create an ICHP-lookalike project.
  hosts: workstation.lab.example.com
  gather_subset: min
  become: no
  tasks:
    - name: Ensure that the parameters are specified.
      ansible.builtin.assert:
        that:
          - project is defined
          - user is defined
        success_msg: "OK, got all parameters, continuing."
        fail_msg: "FATAL: You must specify the \"user\" and \"project\" variables at minimum."

    - name: Check that rbac parameter is an acceptable value.
      ansible.builtin.assert:
        that:
          - (rbac | default('editor')) in ['admin', 'editor', 'viewer']
        success_msg: "OK, rbac role is fine."
        fail_msg: "FATAL: \"rbac\" role can only be one of ['admin', 'editor', 'viewer']."

    # Get auth info, and test comms.
    - include_role:
        name: check-env

    - include_role:
        name: create-ichp-project
      vars:
        role:
          requester: "{{ user }}"
          name: "{{ project }}"
          displayname: "{{ displayname | default(project) }}"
          rbac_level: "ichp-project-{{ rbac | default('editor') }}"
          egress_ip: "192.168.50.38"
          #egress_ip:      an available egress IP to allocate to the project
          #quota:          compute resourcequotas
          #  requests:       compute reservation
          #    cpu:            max cpu reserved (1500m, 1.5 CPU)
          #    memory:         max memory reserved (2048Mi, 2Gi)
          #  limits:         compute limits
          #    cpu:            max cpu consumed (4000m, 4 CPUs)
          #    memory:         max memory consumed (4096Mi, 4Gi)
          #lrange:         compute limitranges, for both container and pod
          #  default:        default limits and requests (no defaults)
          #    limit:
          #      cpu:
          #      memory:
          #    request:
          #      cpu:
          #      memory:
          #  max:            maximum limits
          #    cpu:            maximum cpu limit (4000m, 4 cpus)
          #    memory:         maximum memory limit (4096Mi, 4Gi)
          #  min:            minimum requests
          #    cpu:            minimum requested cpu (50m, 5%)
          #    memory:         minimum requested memory (64Mi)
          #  ratio:          max limit-to-request ratio (x-to-1)
          #    cpu:            cpu lrr (4)
          #    memory:         memory lrr (4)
...