This repository contains a collection of RHEL Edge playbooks and demos. It is currently a work in progress.
A playbook that will pull down an image from a registry and create a container based on that image.
image_registry: String: the URL for the registry to use - can be set through passing in a value fortower_secret_image_registrythrough a Tower survey.image_registry_username: String: The username used to authenticate to the image registry - can be set through passing in a value fortower_secret_image_registry_usernamethrough a Tower Custom Credential.image_registry_password: String: The token used to authenticate to the image registry - can be set through passing in a value fortower_secret_image_registry_passwordthrough a Tower Custom Credential.
image_namespace: String: Namespace of the image in the registry- can be set through passing in a value fortower_input_image_namespacethrough a Tower survey.image_name: String: Name of the image in the registry- can be set through passing in a value fortower_input_image_namethrough a Tower survey.image_tag: String: Tag of the image in the registry- can be set through passing in a value fortower_input_image_tagthrough a Tower survey.
container_name: Name of the container to be created - can be set through passing in a value fortower_input_container_namethrough a Tower survey.container_privileged: weather to run the container in privileged mode - can be set through passing in a value fortower_input_container_privilegedthrough a Tower survey. defaults tofalse.container_restart_policy: String: the restart policy set to the container - can be set through passing in a value fortower_input_container_restart_policythrough a Tower survey. defaults toalways.
- local role:
podman-pull-and-run-image
- galaxy:
containers.podman
A playbook that will stop a running container based on its name, and remove the image from the system.
image_namespace: String: Namespace of the image in the registry- can be set through passing in a value fortower_input_image_namespacethrough a Tower survey.image_name: String: Name of the image in the registry- can be set through passing in a value fortower_input_image_namethrough a Tower survey.image_tag: String: Tag of the image in the registry- can be set through passing in a value fortower_input_image_tagthrough a Tower survey.
container_name: Name of the container to be removed - can be set through passing in a value fortower_input_container_namethrough a Tower survey.
- local role:
podman-stop-and-remove-image
- galaxy:
containers.podman
A playbook that will call a series of roles to configure a RHEL Edge system for this demo.
- role
hostnamewill configure a basic host file on each system. - role
rsyslogwill configure rsyslog to forward logs to an Elasticsearch instance. - role
pcpwill install and configure openmetrics support.
-
rsyslog_elasticsearch_error_file: The path for the error file to use -
rsyslog_elasticsearch_allow_unsigned_certs: Allow unsigned certificates -
elasticsearch_server: URL for the elastic search server - can be set through a Tower Custom Credential. -
elasticsearch_port: Port for the elastic search server - can be set through a Tower Custom Credential. -
elasticsearch_user: username for the elastic search server - can be set through a Tower Custom Credential. -
elasticsearch_password: password for the elastic search server - can be set through a Tower Custom Credential. -
elasticsearch_search_index: name of the search index for the elastic search server - can be set through a Tower Custom Credential.
- local role:
hostname - local role:
rsyslog - local role:
pcp
A playbook that will manage all the metrics resources (endpoints, services and service-monitors) in a given namespace on openshift for the nodes in the inventory it is run against. Playbook is able to handle both creating and deleting resources.
The playbook uses the kubeconfig custom credential in Tower for authentication.
-
ocp_namespace: Name of the OpenShift namespace to create or delete resources in - can be set through passing in a value fortower_input_ocp_namespacethrough a Tower survey. -
resource_name: Name of the service-monitor to create or delete - can be set through passing in a value fortower_input_resource_namethrough a Tower survey. -
resource_type: Type of resource to create or delete. options areservice,endpointorservice-monitor- can be set through passing in a value fortower_input_resource_typethrough a Tower survey. -
resource_state: weather to create or delete. options arepresentorabsent- can be set through passing in a value ofcreateordeletefortower_input_resource_statethrough a Tower survey. -
resource_port: port to use for services and endpoints - can be set through passing in a value fortower_input_resource_portthrough a Tower survey.
- local role:
openshift-remove-edge-endpoints
- galaxy:
community.kubernetes
A playbook that will create edge endpoints and corresponding services in a given namespace on openshift for the nodes in the inventory it is run against.
The playbook uses the kubeconfig custom credential in Tower for authentication.
ocp_rhel_edge_namespace: Name of the OpenShift namespace to create endpoints and services in - can be set through passing in a value fortower_input_ocp_rhel_edge_namespacethrough a Tower survey.
- local role:
openshift-create-edge-endpoints
- galaxy:
community.kubernetes
A playbook that will remove edge endpoints and corresponding services in a given namespace on openshift for the nodes in the inventory it is run against.
The playbook uses the kubeconfig custom credential in Tower for authentication.
ocp_rhel_edge_namespace: Name of the OpenShift namespace to remove endpoints and services from - can be set through passing in a value fortower_input_ocp_rhel_edge_namespacethrough a Tower survey.
- local role:
openshift-remove-edge-endpoints
- galaxy:
community.kubernetes
The application is a dotnet core 2.1 that only exposes 3 metrics so prometheus can scrape (prom_ok, prom_warning, prom_exception), it runs using the builder image based on ubi8. To deploy the application manually you can simply run:
$ oc new-app dotnet:2.1-ubi8~https://github.com/sa-ne/rhel-edge --context-dir=app -l app=demo --name=demoThen you can expose the service and get an external url:
$ oc expose svc/demoThis demo application is a very simple microservice which offers one REST endpoint that serves for determining whether a number is prime.
In order to build you need to install GraalVM and export the correct environment variables. You can download GraalVM here or if you running on OSX:
brew install --cask graalvm/tap/graalvm-ce-java11Then export the JAVA_HOME variable:
export JAVA_HOME=/Library/Java/JavaVirtualMachines/graalvm-ce-java11-20.3.0/Contents/HomeIf you are running on OSX you need to remove the quarantine attribute from the bits before you can use them:
xattr -r -d com.apple.quarantine /Library/Java/JavaVirtualMachines/graalvm-ce-java11-20.3.0NOTE
If you are running on OSX, you will need a Linux vm/machine configured to your podman client so you can generate the binary.
In order to build the native package, you first need to clone this repository and run withing the quarkus directory:
mvn package -Pnative -DskipTests -Dquarkus.native.container-runtime=podmanWe will have grafana showing some metric information from the edge nodes that are publishing using the user-workload prometheus instance on OpenShift. For our custom
Grafana instance we will need to grant the cluster-monitoring-view cluster role to the grafana-serviceaccount:
oc adm policy add-cluster-role-to-user cluster-monitoring-view -z grafana-serviceaccountWe need a bearer token from this service account to authenticate access to prometheus (configuration inside the prometheus-grafanadatasource.yaml file):
oc serviceaccounts get-token grafana-serviceaccount -n ${PROJECT_NAME}
