rht
/
ocp-ing-ichp-materials


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778
							---
# Creates an ICHP-like project in the cluster.
#
# Pass variables to this playbook on the command line (-e):
#
#   user:         the user requesting the project (role.requester)
#   project:      the name of the project (role.name)
#   rbac:         last token of "ichp-project-${foo}"
#                 (admin, editor, viewer, debugger)
#                 (becomes role.rbac_level, defaults to "editor")
#
# For anything more complex, create a vars file and load it (-e @file.yml).
# See the structure of the vars below. Generally do not set egress_ip.
#
# TODO: establish egress IP? (openshift.egress_range)
# TODO: remove egress IPs without their corresponding projects
#
- name: Create an ICHP-lookalike project.
  hosts: workstation.lab.example.com
  gather_subset: min
  become: no
  tasks:
    - name: Ensure that the parameters are specified.
      ansible.builtin.assert:
        that:
          - project is defined
          - user is defined
        success_msg: "OK, got all parameters, continuing."
        fail_msg: "FATAL: You must specify the \"user\" and \"project\" variables at minimum."

    - name: Check that rbac parameter is an acceptable value.
      ansible.builtin.assert:
        that:
          - (rbac | default('editor')) in ['admin', 'editor', 'viewer']
        success_msg: "OK, rbac role is fine."
        fail_msg: "FATAL: \"rbac\" role can only be one of ['admin', 'editor', 'viewer']."

    # Get auth info, and test comms.
    - include_role:
        name: check-env

    - include_role:
        name: create-ichp-project
      vars:
        role:
          requester: "{{ user }}"
          name: "{{ project }}"
          displayname: "{{ displayname | default(project) }}"
          rbac_level: "ichp-project-{{ rbac | default('editor') }}"
          #
          # NOTE: Other options that should be specified via vars files:
          #
          #egress_ip:      an available egress IP to allocate to the project
          #quota:          compute resourcequotas
          #  requests:       compute reservation
          #    cpu:            max cpu reserved (1500m, 1.5 CPU)
          #    memory:         max memory reserved (2048Mi, 2Gi)
          #  limits:         compute limits
          #    cpu:            max cpu consumed (4000m, 4 CPUs)
          #    memory:         max memory consumed (4096Mi, 4Gi)
          #  lrange:         compute limitranges, for both container and pod
          #    default:        default limits and requests
          #      limit:
          #        cpu:          role.lrange.min.cpu * role.lrange.ratio.cpu
          #        memory:       role.lrange.min.memory * role.lrange.ratio.memory
          #      request:
          #        cpu:          defaults to whatever role.lrange.min.cpu is
          #        memory:       defaults to whatever role.lrange.min.memory is
          #  max:            maximum limits
          #    cpu:            maximum cpu limit (4000m, 4 cpus)
          #    memory:         maximum memory limit (4096Mi, 4Gi)
          #  min:            minimum requests
          #    cpu:            minimum requested cpu (50m, 5%)
          #    memory:         minimum requested memory (64Mi)
          #  ratio:          max limit-to-request ratio (x-to-1)
          #    cpu:            cpu lrr (4)
          #    memory:         memory lrr (4)
...