Add single user workload for Quarkus Workshop on a shared cluster (#2555

)

* Add single user workload for Quarkus Workshop on a shared cluster

* improve readability, portability and performance by following best practices

ansible/roles_ocp_workloads/ocp4_workload_quarkus_workshop_user/README.adoc

@@ -0,0 +1,65 @@
+= ocp4_workload_quarkus_workshop_user - Allow a user access to a shared GPTE cluster
+
+== Role overview
+
+* This role enables the Project Request Template on an OpenShift 4 Cluster. It consists of the following playbooks:
+** Playbook: link:./tasks/pre_workload.yml[pre_workload.yml] - Sets up an
+ environment for the workload deployment.
+*** Debug task will print out: `pre_workload Tasks completed successfully.`
+
+** Playbook: link:./tasks/workload.yml[workload.yml] - Used to enable the workshop items
+*** Debug task will print out: `workload Tasks completed successfully.`
+
+** Playbook: link:./tasks/post_workload.yml[post_workload.yml] - Used to
+ configure the workload after deployment
+*** This role doesn't do anything here
+*** Debug task will print out: `post_workload Tasks completed successfully.`
+
+** Playbook: link:./tasks/remove_workload.yml[remove_workload.yml] - Used to
+ delete the workload
+*** This role removes the service broker from OCP 4
+*** Debug task will print out: `remove_workload Tasks completed successfully.`
+
+== Review the defaults variable file
+
+* This file link:./defaults/main.yml[./defaults/main.yml] contains all the variables you need to define to control the deployment of your workload.
+* The variable *ocp_username* is mandatory to assign the workload to the correct OpenShift user.
+* A variable *silent=True* can be passed to suppress debug messages.
+* You can modify any of these default values by adding `-e "variable_name=variable_value"` to the command line
+
+=== Deploy a Workload with the `ocp-workload` playbook [Mostly for testing]
+
+----
+TARGET_HOST="bastion.na4.openshift.opentlc.com"
+OCP_USERNAME="jfalkner-redhat.com"
+WORKLOAD="ocp4_workload_quarkus_workshop_user"
+GUID=1001
+
+# a TARGET_HOST is specified in the command line, without using an inventory file
+ansible-playbook -i ${TARGET_HOST}, ./configs/ocp-workloads/ocp-workload.yml \
+    -e"ansible_ssh_private_key_file=~/.ssh/keytoyourhost.pem" \
+    -e"ansible_user=ec2-user" \
+    -e"ocp_username=${OCP_USERNAME}" \
+    -e"ocp_workload=${WORKLOAD}" \
+    -e"silent=False" \
+    -e"guid=${GUID}" \
+    -e"ACTION=create"
+----
+
+=== To Delete an environment
+
+----
+TARGET_HOST="bastion.na4.openshift.opentlc.com"
+OCP_USERNAME="wkulhane-redhat.com"
+WORKLOAD="ocp4_workload_quarkus_workshop_user"
+GUID=1002
+
+# a TARGET_HOST is specified in the command line, without using an inventory file
+ansible-playbook -i ${TARGET_HOST}, ./configs/ocp-workloads/ocp-workload.yml \
+    -e"ansible_ssh_private_key_file=~/.ssh/keytoyourhost.pem" \
+    -e"ansible_user=ec2-user" \
+    -e"ocp_username=${OCP_USERNAME}" \
+    -e"ocp_workload=${WORKLOAD}" \
+    -e"guid=${GUID}" \
+    -e"ACTION=remove"
+----

ansible/roles_ocp_workloads/ocp4_workload_quarkus_workshop_user/defaults/main.yml

@@ -0,0 +1,7 @@
+---
+become_override: False
+ocp_username: jfalkner-redhat.com
+silent: False
+
+ocp4_workshop_quarkus_workshop_user_che_user_password: 'openshift'
+

ansible/roles_ocp_workloads/ocp4_workload_quarkus_workshop_user/meta/main.yml

@@ -0,0 +1,18 @@
+---
+galaxy_info:
+  role_name: ocp4-workload-quarkus-workshop-user
+  author:
+    - Application Service BU Runtimes Team, James Falkner ([email protected])
+    - Application Service BU Runtimes Team, Daniel Oh ([email protected])
+  description: |
+    Create User for Quarkus Basic and Advanced workshop with CodeReady Workspaces, AMQ Streams, OpenShift 4.
+    This catalog entry is developed and maintained by the Application Services BU.
+  license: MIT
+  min_ansible_version: 2.9
+  platforms: []
+  galaxy_tags:
+  - quarkus
+  - workshop
+  - ocp
+  - openshift
+dependencies: []

ansible/roles_ocp_workloads/ocp4_workload_quarkus_workshop_user/tasks/add-codeready-user.yaml

@@ -0,0 +1,20 @@
+---
+- name: create codeready user
+  include_tasks: add_che_user.yaml
+  vars:
+    user: "{{ t_user }}"
+
+- name: Pre-create and warm user workspaces
+  include_tasks: create_che_workspace.yaml
+  vars:
+    user: "{{ t_user }}"
+
+- name: wait a minute and let the image download and be registered
+  pause:
+      minutes: 2
+
+- name: Attempt to warm workspaces which failed to start
+  include_tasks: verify_che_workspace.yaml
+  vars:
+    user: "{{ t_user }}"
+

ansible/roles_ocp_workloads/ocp4_workload_quarkus_workshop_user/tasks/add_che_user.yaml

@@ -0,0 +1,36 @@
+---
+- name: Get codeready SSO admin token
+  uri:
+    url: https://keycloak-codeready.{{ route_subdomain }}/auth/realms/master/protocol/openid-connect/token
+    validate_certs: false
+    method: POST
+    body:
+      username: "{{ codeready_sso_admin_username }}"
+      password: "{{ codeready_sso_admin_password }}"
+      grant_type: "password"
+      client_id: "admin-cli"
+    body_format: form-urlencoded
+    status_code: 200,201,204
+  register: codeready_sso_admin_token
+
+- name: Add user {{ user }} to Che
+  uri:
+    url: https://keycloak-codeready.{{ route_subdomain }}/auth/admin/realms/codeready/users
+    validate_certs: false
+    method: POST
+    headers:
+      Content-Type: application/json
+      Authorization: "Bearer {{ codeready_sso_admin_token.json.access_token }}"
+    body:
+      username: "{{ user }}"
+      enabled: true
+      emailVerified: true
+      firstName: "{{ user }}"
+      lastName: Developer
+      email: "{{ user }}@no-reply.com"
+      credentials:
+        - type: password
+          value: "{{ ocp4_workshop_quarkus_workshop_user_che_user_password }}"
+          temporary: false
+    body_format: json
+    status_code: 201,409

ansible/roles_ocp_workloads/ocp4_workload_quarkus_workshop_user/tasks/confirm_che_workspace.yaml

@@ -0,0 +1,32 @@
+---
+- name: "Get Che {{ user }} token"
+  uri:
+    url: https://keycloak-codeready.{{ route_subdomain }}/auth/realms/codeready/protocol/openid-connect/token
+    validate_certs: false
+    method: POST
+    body:
+      username: "{{ user }}"
+      password: "{{ ocp4_workshop_quarkus_workshop_user_che_user_password }}"
+      grant_type: "password"
+      client_id: "admin-cli"
+    body_format: form-urlencoded
+    status_code: 200
+  register: user_token
+
+- name: Confirm running status of workspace for {{ user }}
+  uri:
+    url: "https://codeready-codeready.{{ route_subdomain }}/api/workspace"
+    validate_certs: false
+    method: GET
+    headers:
+      Accept: application/json
+      Authorization: "Bearer {{ user_token.json.access_token }}"
+    status_code: 200
+  register: workspace_def
+
+- name: "Output warning for {{ user }}"
+  agnosticd_user_info:
+    msg: "WARNING: Workspace for {{ user }} failed to initialize - you may need to log in as that user and start it manually!"
+  when: >-
+    workspace_def.json[0].status == "STOPPED" or
+    workspace_def.json[0].status == "STOPPING"

ansible/roles_ocp_workloads/ocp4_workload_quarkus_workshop_user/tasks/create_che_workspace.yaml

@@ -0,0 +1,27 @@
+---
+- name: "Get Che {{ user }} token"
+  uri:
+    url: https://keycloak-codeready.{{ route_subdomain }}/auth/realms/codeready/protocol/openid-connect/token
+    validate_certs: false
+    method: POST
+    body:
+      username: "{{ user }}"
+      password: "{{ ocp4_workshop_quarkus_workshop_user_che_user_password }}"
+      grant_type: "password"
+      client_id: "admin-cli"
+    body_format: form-urlencoded
+    status_code: 200
+  register: user_token
+
+- name: Create workspace for {{ user }} from devfile
+  uri:
+    url: "https://codeready-codeready.{{ route_subdomain }}/api/workspace/devfile?start-after-create=true&namespace={{ user }}"
+    validate_certs: false
+    method: POST
+    headers:
+      Content-Type: application/json
+      Authorization: "Bearer {{ user_token.json.access_token }}"
+    body: "{{ lookup('template', './templates/devfile.json.j2') }}"
+    body_format: json
+    status_code: 201,409
+  register: workspace_def

ansible/roles_ocp_workloads/ocp4_workload_quarkus_workshop_user/tasks/create_project.yaml

@@ -0,0 +1,30 @@
+---
+- name: create project for {{ t_user }}
+  k8s:
+    state: present
+    kind: Project
+    api_version: project.openshift.io/v1
+    definition:
+      metadata:
+        name: "{{ t_project_name }}"
+        annotations:
+          openshift.io/description: ""
+          openshift.io/display-name: "{{ t_project_desc }}"
+
+- name: assign permissions for user {{ t_user }}
+  k8s:
+    state: present
+    kind: RoleBinding
+    api_version: rbac.authorization.k8s.io/v1
+    definition:
+      metadata:
+        name: admin
+        namespace: "{{ t_project_name }}"
+      roleRef:
+        apiGroup: rbac.authorization.k8s.io
+        kind: ClusterRole
+        name: admin
+      subjects:
+      - apiGroup: rbac.authorization.k8s.io
+        kind: User
+        name: "{{ t_user }}"

ansible/roles_ocp_workloads/ocp4_workload_quarkus_workshop_user/tasks/main.yml

@@ -0,0 +1,31 @@
+---
+
+# Do not modify this file
+
+- name: Running Pre Workload Tasks
+  include_tasks:
+    file: ./pre_workload.yml
+    apply:
+      become: "{{ become_override | bool }}"
+  when: ACTION == "create" or ACTION == "provision" or ACTION == "remove"
+
+- name: Running Workload Tasks
+  include_tasks:
+    file: ./workload.yml
+    apply:
+      become: "{{ become_override | bool }}"
+  when: ACTION == "create" or ACTION == "provision"
+
+- name: Running Post Workload Tasks
+  include_tasks:
+    file: ./post_workload.yml
+    apply:
+      become: "{{ become_override | bool }}"
+  when: ACTION == "create" or ACTION == "provision"
+
+- name: Running Workload removal Tasks
+  include_tasks:
+    file: ./remove_workload.yml
+    apply:
+      become: "{{ become_override | bool }}"
+  when: ACTION == "destroy" or ACTION == "remove"

ansible/roles_ocp_workloads/ocp4_workload_quarkus_workshop_user/tasks/post_workload.yml

@@ -0,0 +1,34 @@
+---
+- name: Verify everything is deployed correctly
+  include_tasks: verify-workload.yaml
+
+# Implement your Post Workload deployment tasks here
+
+- name: Print user info
+  agnosticd_user_info:
+    msg: "{{ item }}"
+  loop:
+  - "{{ ocp_username }} has been setup on the shared lab environment."
+  - "You have access to the following project: {{ guid }}-project"
+  - ""
+  - "OpenShift Console: https://{{ r_console_route.resources[0].spec.host }}"
+  - "CodeReady Console: https://codeready-codeready.{{ route_subdomain }}"
+  - ""
+
+- name: Print module info
+  agnosticd_user_info:
+    msg: "Module {{item}}: http://web-{{item}}-guides.{{ route_subdomain }}"
+  loop: "{{ modules }}"
+
+- name: Save user data
+  agnosticd_user_info:
+    data:
+      web_console_url: "https://{{ r_console_route.resources[0].spec.host }}"
+      api_url: "{{ r_console_route.resources[0].spec.host }}"
+      login_command: "oc login -u {{ ocp_username }} {{ r_api_url.resources[0].status.apiServerURL }}"
+
+# Leave this as the last task in the playbook.
+- name: post_workload tasks complete
+  debug:
+    msg: "Post-Workload Tasks completed successfully."
+  when: not silent|bool

ansible/roles_ocp_workloads/ocp4_workload_quarkus_workshop_user/tasks/pre_workload.yml

@@ -0,0 +1,74 @@
+---
+# Implement your Pre Workload deployment tasks here
+
+- name: Ensure variables are set
+  assert:
+    that:
+      - ocp_username is defined
+      - guid is defined
+    fail_msg: "Must define ocp_username and guid"
+
+- name: Get Web Console route
+  k8s_facts:
+    api_version: route.openshift.io/v1
+    kind: Route
+    namespace: openshift-console
+    name: console
+  register: r_console_route
+
+- name: Get API server URL
+  k8s_facts:
+    api_version: config.openshift.io/v1
+    kind: Infrastructure
+    name: cluster
+  register: r_api_url
+
+- name: extract route_subdomain
+  k8s_facts:
+    kind: Ingress
+  register: route_subdomain_r
+
+- name: set the route
+  set_fact:
+    route_subdomain: "{{ route_subdomain_r.resources[0].spec.domain | trim }}"
+
+- name: Get codeready keycloak deployment
+  k8s_facts:
+    kind: Deployment
+    namespace: codeready
+    name: keycloak
+  register: r_keycloak_deployment
+
+- name: show cr
+  debug:
+    msg: "existing keycloak deployment: {{ r_keycloak_deployment }}"
+
+- name: set codeready username fact
+  set_fact:
+    codeready_sso_admin_username: "{{ r_keycloak_deployment.resources[0].spec.template.spec.containers[0].env | selectattr('name','equalto','SSO_ADMIN_USERNAME') |map (attribute='value') | list | first }}"
+
+- name: set codeready password fact
+  set_fact:
+    codeready_sso_admin_password: "{{ r_keycloak_deployment.resources[0].spec.template.spec.containers[0].env | selectattr('name','equalto','SSO_ADMIN_PASSWORD') |map (attribute='value') | list | first }}"
+
+- name: show codeready keycloak admin username
+  debug:
+    msg: "codeready keycloak admin username: {{ codeready_sso_admin_username }}"
+
+- name: show codeready keycloak admin password
+  debug:
+    msg: "codeready keycloak admin password: {{ codeready_sso_admin_password }}"
+
+- name: debug values
+  debug:
+    msg:
+    - "master URL: {{ r_api_url.resources[0].status.apiServerURL }}"
+    - "console URL: https://{{ r_console_route.resources[0].spec.host }}"
+    - "route subdomain: {{ route_subdomain }}"
+    - "ocp_username: {{ ocp_username }}"
+
+# Leave this as the last task in the playbook.
+- name: pre_workload tasks complete
+  debug:
+    msg: "Pre-Workload tasks completed successfully."
+  when: not silent|bool

ansible/roles_ocp_workloads/ocp4_workload_quarkus_workshop_user/tasks/remove-codeready-user.yaml

@@ -0,0 +1,12 @@
+---
+
+- name: Remove user workspace
+  include_tasks: remove_che_workspace.yaml
+  vars:
+    user: "{{ t_user }}"
+
+- name: remove codeready user
+  include_tasks: remove_che_user.yaml
+  vars:
+    user: "{{ t_user }}"
+