automatización de despliegues en openshift con ansible tower
TRANSCRIPT
![Page 1: Automatización de despliegues en Openshift con Ansible Tower](https://reader034.vdocuments.site/reader034/viewer/2022051318/58b87eea1a28ab44078b5773/html5/thumbnails/1.jpg)
AUTOMATIZACIÓN DE DESPLIEGUES EN
OPENSHIFT CON ANSIBLE TOWER
![Page 2: Automatización de despliegues en Openshift con Ansible Tower](https://reader034.vdocuments.site/reader034/viewer/2022051318/58b87eea1a28ab44078b5773/html5/thumbnails/2.jpg)
Ramón Román NissenSenior Middleware [email protected]@rromannissen
![Page 3: Automatización de despliegues en Openshift con Ansible Tower](https://reader034.vdocuments.site/reader034/viewer/2022051318/58b87eea1a28ab44078b5773/html5/thumbnails/3.jpg)
Ramón Román NissenSenior Middleware [email protected]@rromannissen
![Page 4: Automatización de despliegues en Openshift con Ansible Tower](https://reader034.vdocuments.site/reader034/viewer/2022051318/58b87eea1a28ab44078b5773/html5/thumbnails/4.jpg)
OJOCUIDAOEsta no es una charla oficial de Red Hat. Las
opiniones y enfoques técnicos son propios y no necesariamente están alineados con los de Red Hat
![Page 5: Automatización de despliegues en Openshift con Ansible Tower](https://reader034.vdocuments.site/reader034/viewer/2022051318/58b87eea1a28ab44078b5773/html5/thumbnails/5.jpg)
JENKINS PIPELINE
CREATE PROJECTS
BUILD IMAGECONFIGURE PROJECTS
TAG IMAGESCREATE
OBJECTS
![Page 6: Automatización de despliegues en Openshift con Ansible Tower](https://reader034.vdocuments.site/reader034/viewer/2022051318/58b87eea1a28ab44078b5773/html5/thumbnails/6.jpg)
ACTORES
![Page 7: Automatización de despliegues en Openshift con Ansible Tower](https://reader034.vdocuments.site/reader034/viewer/2022051318/58b87eea1a28ab44078b5773/html5/thumbnails/7.jpg)
![Page 8: Automatización de despliegues en Openshift con Ansible Tower](https://reader034.vdocuments.site/reader034/viewer/2022051318/58b87eea1a28ab44078b5773/html5/thumbnails/8.jpg)
![Page 9: Automatización de despliegues en Openshift con Ansible Tower](https://reader034.vdocuments.site/reader034/viewer/2022051318/58b87eea1a28ab44078b5773/html5/thumbnails/9.jpg)
![Page 10: Automatización de despliegues en Openshift con Ansible Tower](https://reader034.vdocuments.site/reader034/viewer/2022051318/58b87eea1a28ab44078b5773/html5/thumbnails/10.jpg)
![Page 11: Automatización de despliegues en Openshift con Ansible Tower](https://reader034.vdocuments.site/reader034/viewer/2022051318/58b87eea1a28ab44078b5773/html5/thumbnails/11.jpg)
![Page 12: Automatización de despliegues en Openshift con Ansible Tower](https://reader034.vdocuments.site/reader034/viewer/2022051318/58b87eea1a28ab44078b5773/html5/thumbnails/12.jpg)
![Page 13: Automatización de despliegues en Openshift con Ansible Tower](https://reader034.vdocuments.site/reader034/viewer/2022051318/58b87eea1a28ab44078b5773/html5/thumbnails/13.jpg)
![Page 14: Automatización de despliegues en Openshift con Ansible Tower](https://reader034.vdocuments.site/reader034/viewer/2022051318/58b87eea1a28ab44078b5773/html5/thumbnails/14.jpg)
ORGANIZATION
PROJECT 1 INVENTORY 1
INVENTORY N
INVENTORY SCRIPT 1
INVENTORY SCRIPT N
NOTIFICATION 1
NOTIFICATION N
CREDENTIAL 1
CREDENTIAL N
JOB TEMPLATE 1
JOB TEMPLATE N
![Page 15: Automatización de despliegues en Openshift con Ansible Tower](https://reader034.vdocuments.site/reader034/viewer/2022051318/58b87eea1a28ab44078b5773/html5/thumbnails/15.jpg)
JOB TEMPLATE
PLAYBOOK
INVENTORY
VARIABLE 1
VARIABLE N
VARIABLE N+1
VARIABLE M
SURVEY PROMPT 1
SURVEY PROMPT N
![Page 16: Automatización de despliegues en Openshift con Ansible Tower](https://reader034.vdocuments.site/reader034/viewer/2022051318/58b87eea1a28ab44078b5773/html5/thumbnails/16.jpg)
PROJECT
Repo \_ roles \_ check_availability \_ tasks \_ templates \_ download_artifacts \_ copy_modules \_ deploy_aftifacts \_ check_deployment \_ notify_mail\_ eap_deployment.yml
roles: - check_availability - download_artifacts - copy_modules - deploy_artifacts - check_deployment - notify_mail
JOB N
Version: 3.0.4JOB 2
Version: 3.0.4JOB 1
Version: 3.0.4
JOB TEMPLATE NInventory: Inventory 1Playbook: eap_deploymentVariables: - artifact_group: com.ins - artifact_id: webportal - nexus_url: ins.com/nexus - admin_mail: [email protected]: - version
JOB TEMPLATE 2Inventory: Inventory 1Playbook: eap_deploymentVariables: - artifact_group: com.ins - artifact_id: webportal - nexus_url: ins.com/nexus - admin_mail: [email protected]: - version
JOB TEMPLATE 1Inventory: Inventory 1Playbook: eap_deploymentVariables: - artifact_group: com.ins - artifact_id: webportal - nexus_url: ins.com/nexusSurveys: - version
INVENTORY N
[appserver]eap1.ins.comeap2.ins.com[webserver]httpd1.ins.com[db]posgres.ins.com
INVENTORY 2
[appserver]eap1.ins.comeap2.ins.com[webserver]httpd1.ins.com[db]posgres.ins.com
INVENTORY 1
[appserver]eap1.ins.comeap2.ins.com[webserver]httpd1.ins.com[db]posgres.ins.com
![Page 17: Automatización de despliegues en Openshift con Ansible Tower](https://reader034.vdocuments.site/reader034/viewer/2022051318/58b87eea1a28ab44078b5773/html5/thumbnails/17.jpg)
![Page 18: Automatización de despliegues en Openshift con Ansible Tower](https://reader034.vdocuments.site/reader034/viewer/2022051318/58b87eea1a28ab44078b5773/html5/thumbnails/18.jpg)
![Page 19: Automatización de despliegues en Openshift con Ansible Tower](https://reader034.vdocuments.site/reader034/viewer/2022051318/58b87eea1a28ab44078b5773/html5/thumbnails/19.jpg)
![Page 20: Automatización de despliegues en Openshift con Ansible Tower](https://reader034.vdocuments.site/reader034/viewer/2022051318/58b87eea1a28ab44078b5773/html5/thumbnails/20.jpg)
ARQUITECTURA
![Page 21: Automatización de despliegues en Openshift con Ansible Tower](https://reader034.vdocuments.site/reader034/viewer/2022051318/58b87eea1a28ab44078b5773/html5/thumbnails/21.jpg)
INTERNAL DOCKER REGISTRYDOCKER DAEMON
TOWER CLI
OPENSHIFT CLI OPENSHIFT API
![Page 22: Automatización de despliegues en Openshift con Ansible Tower](https://reader034.vdocuments.site/reader034/viewer/2022051318/58b87eea1a28ab44078b5773/html5/thumbnails/22.jpg)
INTERNAL DOCKER REGISTRYDOCKER DAEMON
TOWER CLI
OPENSHIFT CLI OPENSHIFT API
HOST
![Page 23: Automatización de despliegues en Openshift con Ansible Tower](https://reader034.vdocuments.site/reader034/viewer/2022051318/58b87eea1a28ab44078b5773/html5/thumbnails/23.jpg)
APLICACIÓN
![Page 24: Automatización de despliegues en Openshift con Ansible Tower](https://reader034.vdocuments.site/reader034/viewer/2022051318/58b87eea1a28ab44078b5773/html5/thumbnails/24.jpg)
https://github.com/gshipley/openshift3mlbparks
![Page 25: Automatización de despliegues en Openshift con Ansible Tower](https://reader034.vdocuments.site/reader034/viewer/2022051318/58b87eea1a28ab44078b5773/html5/thumbnails/25.jpg)
https://github.com/gshipley/openshift3mlbparks
![Page 26: Automatización de despliegues en Openshift con Ansible Tower](https://reader034.vdocuments.site/reader034/viewer/2022051318/58b87eea1a28ab44078b5773/html5/thumbnails/26.jpg)
https://www.openshift.com/promotions/for-developers.html
![Page 27: Automatización de despliegues en Openshift con Ansible Tower](https://reader034.vdocuments.site/reader034/viewer/2022051318/58b87eea1a28ab44078b5773/html5/thumbnails/27.jpg)
POD
POD
![Page 28: Automatización de despliegues en Openshift con Ansible Tower](https://reader034.vdocuments.site/reader034/viewer/2022051318/58b87eea1a28ab44078b5773/html5/thumbnails/28.jpg)
POD
SECRET VOLUME
USERNAME PASSWORD
/tmp/secret
![Page 29: Automatización de despliegues en Openshift con Ansible Tower](https://reader034.vdocuments.site/reader034/viewer/2022051318/58b87eea1a28ab44078b5773/html5/thumbnails/29.jpg)
STAGES
![Page 30: Automatización de despliegues en Openshift con Ansible Tower](https://reader034.vdocuments.site/reader034/viewer/2022051318/58b87eea1a28ab44078b5773/html5/thumbnails/30.jpg)
JENKINS PIPELINE
CREATE PROJECTS
BUILD IMAGE
CONFIGURE PROJECTS
TAG IMAGES
CREATE OBJECTS
![Page 31: Automatización de despliegues en Openshift con Ansible Tower](https://reader034.vdocuments.site/reader034/viewer/2022051318/58b87eea1a28ab44078b5773/html5/thumbnails/31.jpg)
JENKINS PIPELINE
CREATE PROJECTS
BUILD IMAGE
CONFIGURE PROJECTS
TAG IMAGES
CREATE OBJECTS
![Page 32: Automatización de despliegues en Openshift con Ansible Tower](https://reader034.vdocuments.site/reader034/viewer/2022051318/58b87eea1a28ab44078b5773/html5/thumbnails/32.jpg)
---- name: '[Global] Create projects' hosts: bastion become: false roles:
- role: ocp_login- role: create_projects
![Page 33: Automatización de despliegues en Openshift con Ansible Tower](https://reader034.vdocuments.site/reader034/viewer/2022051318/58b87eea1a28ab44078b5773/html5/thumbnails/33.jpg)
- name: '[Create Projects] Create DEV project' command: "{{ OC_CLIENT_PATH }}/oc new-project {{ SERVICE_NAME }}-dev" register: result ignore_errors: True
...
![Page 34: Automatización de despliegues en Openshift con Ansible Tower](https://reader034.vdocuments.site/reader034/viewer/2022051318/58b87eea1a28ab44078b5773/html5/thumbnails/34.jpg)
JENKINS PIPELINE
CREATE PROJECTS
BUILD IMAGE
CONFIGURE PROJECTS
TAG IMAGES
CREATE OBJECTS
![Page 35: Automatización de despliegues en Openshift con Ansible Tower](https://reader034.vdocuments.site/reader034/viewer/2022051318/58b87eea1a28ab44078b5773/html5/thumbnails/35.jpg)
---- name: '[Global] Build Image' hosts: bastion become: false roles:
- role: ocp_login- role: create-clean-workspace- role: build_image
![Page 36: Automatización de despliegues en Openshift con Ansible Tower](https://reader034.vdocuments.site/reader034/viewer/2022051318/58b87eea1a28ab44078b5773/html5/thumbnails/36.jpg)
- name: '[Build Image] Get user token' command: "{{ OC_CLIENT_PATH }}/oc whoami -t" register: whoami_result
- name: '[Build Image] Login to OCP registry' command: "docker login -u {{ OCP_USER }} -p {{ whoami_result.stdout }} {{ OC_REGISTRY_URL }}" register: login_result until: login_result.stderr == "" retries: 10 delay: 3
![Page 37: Automatización de despliegues en Openshift con Ansible Tower](https://reader034.vdocuments.site/reader034/viewer/2022051318/58b87eea1a28ab44078b5773/html5/thumbnails/37.jpg)
- name: '[Build Image] Build image from Dockerfile' command: "docker build -t {{ OC_REGISTRY_URL }}/ {{ SERVICE_NAME }}-dev/{{ SERVICE_NAME }} {{ DOWNLOAD_PATH }} /{{ SERVICE_NAME }}"
- name: '[Build Image] Push image to the OCP registry' command: "docker push {{ OC_REGISTRY_URL }}/{{ SERVICE_NAME}} -dev/{{ SERVICE_NAME }}" register: push_result until: push_result.stderr == "" retries: 10 delay: 3
![Page 38: Automatización de despliegues en Openshift con Ansible Tower](https://reader034.vdocuments.site/reader034/viewer/2022051318/58b87eea1a28ab44078b5773/html5/thumbnails/38.jpg)
JENKINS PIPELINE
CREATE PROJECTS
BUILD IMAGE
CONFIGURE PROJECTS
TAG IMAGES
CREATE OBJECTS
![Page 39: Automatización de despliegues en Openshift con Ansible Tower](https://reader034.vdocuments.site/reader034/viewer/2022051318/58b87eea1a28ab44078b5773/html5/thumbnails/39.jpg)
---- name: '[Global] Configure projects' hosts: bastion become: false roles:
- role: ocp_login- role: create-clean-workspace- role: config_project
![Page 40: Automatización de despliegues en Openshift con Ansible Tower](https://reader034.vdocuments.site/reader034/viewer/2022051318/58b87eea1a28ab44078b5773/html5/thumbnails/40.jpg)
SECRET VOLUME
USERNAME PASSWORD
POD
![Page 41: Automatización de despliegues en Openshift con Ansible Tower](https://reader034.vdocuments.site/reader034/viewer/2022051318/58b87eea1a28ab44078b5773/html5/thumbnails/41.jpg)
SECRET VOLUME
USERNAME PASSWORD
POD
/tmp/secret
![Page 42: Automatización de despliegues en Openshift con Ansible Tower](https://reader034.vdocuments.site/reader034/viewer/2022051318/58b87eea1a28ab44078b5773/html5/thumbnails/42.jpg)
{ "apiVersion": "v1", "kind": "Secret", "metadata": { "name": "db-secret" }, "namespace": "{{ SERVICE_NAME }}", "data": { "username": "{{ item.user| b64encode }}", "password": "{{ item.pass | b64encode }}" }}
![Page 43: Automatización de despliegues en Openshift con Ansible Tower](https://reader034.vdocuments.site/reader034/viewer/2022051318/58b87eea1a28ab44078b5773/html5/thumbnails/43.jpg)
- name: '[Configure Projects] Create secret file from template' template:
src: db-secret.json.j2dest: "{{ DOWNLOAD_PATH }}/{{ SERVICE_NAME
}}/db-secret-{{item.env}}.json" with_items: - { env: "dev", user: "{{ DB_USER_DEV }}", pass: "{{ DB_PASS_DEV }}"} - { env: "pre", user: "{{ DB_USER_PRE }}", pass: "{{ DB_PASS_PRE }}"} - { env: "pro", user: "{{ DB_USER_PRO }}", pass: "{{ DB_PASS_PRO }}"}
![Page 44: Automatización de despliegues en Openshift con Ansible Tower](https://reader034.vdocuments.site/reader034/viewer/2022051318/58b87eea1a28ab44078b5773/html5/thumbnails/44.jpg)
- name: '[Configure Projects] Create DEV secret' command: "{{ OC_CLIENT_PATH }}/oc create -f {{ DOWNLOAD_PATH }}/{{ SERVICE_NAME }}/db-secret-dev.json"
![Page 45: Automatización de despliegues en Openshift con Ansible Tower](https://reader034.vdocuments.site/reader034/viewer/2022051318/58b87eea1a28ab44078b5773/html5/thumbnails/45.jpg)
- name: '[Configure Projects] Create DEV template' command: "{{ OC_CLIENT_PATH }}/oc create -f {{ DOWNLOAD_PATH }}/{{ SERVICE_NAME }}/template.json"
![Page 46: Automatización de despliegues en Openshift con Ansible Tower](https://reader034.vdocuments.site/reader034/viewer/2022051318/58b87eea1a28ab44078b5773/html5/thumbnails/46.jpg)
- name: '[Configure Projects] Enable image pulling from DEV' command: "{{ OC_CLIENT_PATH }}/oc policy add-role-to-group system:image-puller system:serviceaccounts:{{ SERVICE_NAME }}-{{ item.env }} --namespace={{ SERVICE_NAME }}-dev" with_items:
- { env: "pre"}- { env: "pro"}
when: result|succeeded
![Page 47: Automatización de despliegues en Openshift con Ansible Tower](https://reader034.vdocuments.site/reader034/viewer/2022051318/58b87eea1a28ab44078b5773/html5/thumbnails/47.jpg)
JENKINS PIPELINE
CREATE PROJECTS
BUILD IMAGE
CONFIGURE PROJECTS
TAG IMAGES
CREATE OBJECTS
![Page 48: Automatización de despliegues en Openshift con Ansible Tower](https://reader034.vdocuments.site/reader034/viewer/2022051318/58b87eea1a28ab44078b5773/html5/thumbnails/48.jpg)
---- name: '[Global] Tag Images' hosts: bastion become: false roles:
- role: ocp_login- role: tag_images
![Page 49: Automatización de despliegues en Openshift con Ansible Tower](https://reader034.vdocuments.site/reader034/viewer/2022051318/58b87eea1a28ab44078b5773/html5/thumbnails/49.jpg)
- name: '[Tag Images] Tag DEV image' command: "{{ OC_CLIENT_PATH }}/oc tag {{ SERVICE_NAME }} :latest {{ SERVICE_NAME }}:{{ SERVICE_NAME }}-dev"
- name: '[Tag Images] Tag PRE image' command: "{{ OC_CLIENT_PATH }}/oc tag {{ SERVICE_NAME }} :latest {{ SERVICE_NAME }}:{{ SERVICE_NAME }}-pre" when: (TARGET_ENVIRONMENT == "PRE") or (TARGET_ENVIRONMENT == "PRO")
- name: '[Tag Images] Tag PRO image' command: "{{ OC_CLIENT_PATH }}/oc tag {{ SERVICE_NAME }} :latest {{ SERVICE_NAME }}:{{ SERVICE_NAME }}-pro" when: (TARGET_ENVIRONMENT == "PRO")
![Page 50: Automatización de despliegues en Openshift con Ansible Tower](https://reader034.vdocuments.site/reader034/viewer/2022051318/58b87eea1a28ab44078b5773/html5/thumbnails/50.jpg)
JENKINS PIPELINE
CREATE PROJECTS
BUILD IMAGE
CONFIGURE PROJECTS
TAG IMAGES
CREATE OBJECTS
![Page 51: Automatización de despliegues en Openshift con Ansible Tower](https://reader034.vdocuments.site/reader034/viewer/2022051318/58b87eea1a28ab44078b5773/html5/thumbnails/51.jpg)
- name: '[Create Objects] Process template' command: "{{ OC_CLIENT_PATH }}/oc process {{ TEMPLATE_NAME }} -v APPLICATION_NAME={{ SERVICE_NAME }} ,ENV={{ ENV }},MONGODB_USER={{ MONGODB_USER }} ,MONGODB_PASSWORD={{ MONGODB_PASSWORD }} ,MONGODB_DATABASE={{ MONGODB_DATABASE }} ,MONGODB_ADMIN_PASSWORD={{ MONGODB_ADMIN_PASSWORD }} ,CONTEXT={{ ARTIFACT_ID }}-{{ ARTIFACT_VERSION }}" register: output
![Page 52: Automatización de despliegues en Openshift con Ansible Tower](https://reader034.vdocuments.site/reader034/viewer/2022051318/58b87eea1a28ab44078b5773/html5/thumbnails/52.jpg)
- name: '[Create Objects] Create objects file' copy:
content: "{{ output.stdout }}"dest: "{{ DOWNLOAD_PATH }}/{{ SERVICE_NAME }}
/objects.json"
- name: '[Create Objects] Create objects from file' command: "{{ OC_CLIENT_PATH }}/oc create -f {{ DOWNLOAD_PATH }}/{{ SERVICE_NAME }}/objects.json" ignore_errors: True
![Page 53: Automatización de despliegues en Openshift con Ansible Tower](https://reader034.vdocuments.site/reader034/viewer/2022051318/58b87eea1a28ab44078b5773/html5/thumbnails/53.jpg)
DEMO
![Page 54: Automatización de despliegues en Openshift con Ansible Tower](https://reader034.vdocuments.site/reader034/viewer/2022051318/58b87eea1a28ab44078b5773/html5/thumbnails/54.jpg)
GRACIAS!!