diff --git a/ansible/roles/wordpress-openshift-namespace/tasks/main.yml b/ansible/roles/wordpress-openshift-namespace/tasks/main.yml index 0b5b19c9b..cbbbde7d1 100644 --- a/ansible/roles/wordpress-openshift-namespace/tasks/main.yml +++ b/ansible/roles/wordpress-openshift-namespace/tasks/main.yml @@ -38,11 +38,5 @@ - ci.jenkinsfile - name: "Management container (ssh server, PHP CLI)" - when: not openshift_namespace == "wwp-int" import_tasks: mgmt.yml tags: mgmt - -- name: wwp-int-mgmt-deployment - when: openshift_namespace == "wwp-int" - include_tasks: - file: wwp-int-mgmt.yml diff --git a/ansible/roles/wordpress-openshift-namespace/tasks/mgmt.yml b/ansible/roles/wordpress-openshift-namespace/tasks/mgmt.yml index d1cdf14ce..71b4df00e 100644 --- a/ansible/roles/wordpress-openshift-namespace/tasks/mgmt.yml +++ b/ansible/roles/wordpress-openshift-namespace/tasks/mgmt.yml @@ -1,3 +1,5 @@ +--- + - include_vars: mgmt-vars.yml tags: always - include_vars: ../../../vars/ssh-keys.yml # Required by mgmt-vars.yml @@ -7,6 +9,7 @@ - include_vars: ../../../vars/persistent-ressources.yml tags: always + - name: "PersistentVolumeClaim" connection: local openshift: @@ -38,69 +41,89 @@ name: "{{ mgmt_secret_name }}" namespace: "{{ openshift_namespace }}" labels: - app: mgmt + app: "{{mgmt_app_name}}" data: {{ mgmt_secret_contents | to_yaml | indent(width=2) }} -- name: mgmt DeploymentConfig +- name: DeploymentConfigs + connection: local openshift: state: latest content: | apiVersion: v1 kind: DeploymentConfig metadata: - name: mgmt + name: "{{mgmt_app_name}}" namespace: "{{ openshift_namespace }}" labels: - app: mgmt + app: "{{mgmt_app_name}}" spec: replicas: 1 selector: - app: mgmt - deploymentconfig: mgmt + app: "{{mgmt_app_name}}" + deploymentconfig: "{{mgmt_app_name}}" template: metadata: labels: - app: mgmt - deploymentconfig: mgmt - spec: + app: "{{mgmt_app_name}}" + deploymentconfig: "{{mgmt_app_name}}" + spec: containers: - - name: mgmt - imagePullPolicy: Always - ports: - - containerPort: 22 - protocol: TCP - volumeMounts: + - name: "{{mgmt_app_name}}" + imagePullPolicy: Always + ports: + - containerPort: 22 + protocol: TCP + {% if openshift_is_wp_int %} + env: + - name: DB_HOST + valueFrom: + secretKeyRef: + key: host + name: database-access + - name: DB_USER + valueFrom: + secretKeyRef: + key: username + name: database-access + - name: DB_PASS + valueFrom: + secretKeyRef: + key: password + name: database-access + {% endif %} + volumeMounts: + - name: srv + mountPath: /srv + - name: ssh + mountPath: /var/lib/secrets/ssh + {% if (openshift_is_production or openshift_is_wp_int) %} + - name: backups + mountPath: /backups + {% endif %} + serviceAccount: "{{ mgmt_service_account }}" + serviceAccountName: "{{ mgmt_service_account }}" + volumes: - name: srv - mountPath: /srv + persistentVolumeClaim: + claimName: '{{openshift_pvc_name}}' - name: ssh - mountPath: /var/lib/secrets/ssh - {% if openshift_is_production %} + secret: + secretName: "{{ mgmt_secret_name }}" + {% if (openshift_is_production or openshift_is_wp_int) %} - name: backups - mountPath: /backups - {% endif %} - serviceAccount: {{ mgmt_service_account }} - serviceAccountName: {{ mgmt_service_account }} - volumes: - - name: srv - persistentVolumeClaim: - claimName: wordpress-0 - - name: ssh - secret: - secretName: "{{ mgmt_secret_name }}" - {% if openshift_is_production %} - - name: backups - persistentVolumeClaim: - claimName: backups-0 + persistentVolumeClaim: + claimName: "{{ openshift_backup_volume_name }}" {% endif %} triggers: - - type: ConfigChange - - type: ImageChange - imageChangeParams: - automatic: true - containerNames: - - mgmt - from: - kind: ImageStreamTag - name: "{{ mgmt_image_name }}:{{ openshift_registry_tag }}" - namespace: "{{ openshift_namespace }}" + - type: ConfigChange + - type: ImageChange + imageChangeParams: + automatic: true + containerNames: + - "{{mgmt_app_name}}" + from: + kind: ImageStreamTag + name: "{{ mgmt_image_name }}:{{ openshift_registry_tag }}" + namespace: "{{ openshift_namespace }}" + \ No newline at end of file diff --git a/ansible/roles/wordpress-openshift-namespace/tasks/wwp-int-mgmt.yml b/ansible/roles/wordpress-openshift-namespace/tasks/wwp-int-mgmt.yml deleted file mode 100644 index c203f9d22..000000000 --- a/ansible/roles/wordpress-openshift-namespace/tasks/wwp-int-mgmt.yml +++ /dev/null @@ -1,136 +0,0 @@ ---- - -- include_vars: mgmt-vars.yml - tags: always -- include_vars: ../../../vars/ssh-keys.yml # Required by mgmt-vars.yml - tags: always -- include_vars: image-vars.yml # For mgmt_image_name - tags: always -- include_vars: ../../../vars/persistent-ressources.yml - tags: always - - -- name: "PersistentVolumeClaim" - connection: local - openshift: - state: latest - kind: PersistentVolumeClaim - name: "nfs-pvc-mgmt" - namespace: "{{openshift_namespace}}" - apiVersion: v1 - metadata: - name: 'nfs-pvc-mgmt' - annotations: - volume.beta.kubernetes.io/storage-class: wwp-int-wordpress-sites - spec: - accessModes: - - ReadWriteMany - resources: - requests: - storage: 250Gi - - tags: pvc - -- name: "{{ mgmt_secret_name }} secret (ssh host and user keys)" - openshift: - state: latest - content: | - apiVersion: v1 - kind: Secret - metadata: - name: "{{ mgmt_secret_name }}" - namespace: "{{ openshift_namespace }}" - labels: - app: mgmt-test - data: - {{ mgmt_secret_contents | to_yaml | indent(width=2) }} - -- name: DeploymentConfigs - connection: local - openshift: - state: latest - content: | - apiVersion: v1 - kind: DeploymentConfig - metadata: - name: "mgmt-test" - namespace: "{{ openshift_namespace }}" - labels: - app: "mgmt-test" - spec: - replicas: 1 - selector: - app: "mgmt-test" - deploymentconfig: "mgmt-test" - template: - metadata: - labels: - app: "mgmt-test" - deploymentconfig: "mgmt-test" - spec: - containers: - - name: "mgmt-test" - imagePullPolicy: Always - ports: - - containerPort: 22 - protocol: TCP - {% if openshift_is_wp_int %} - env: - - name: DB_HOST - valueFrom: - secretKeyRef: - key: host - name: database-access - - name: DB_USER - valueFrom: - secretKeyRef: - key: username - name: database-access - - name: DB_PASS - valueFrom: - secretKeyRef: - key: password - name: database-access - {% endif %} - volumeMounts: - - mountPath: /srv - name: "nfsvol-mgmt" - {% if (openshift_is_production or openshift_is_wp_int) %} - - mountPath: /backups - name: "backups" - {% endif %} - - name: ssh - mountPath: /var/lib/secrets/ssh - serviceAccount: wwp-int - serviceAccountName: wwp-int - volumes: - - name: "nfsvol-mgmt" - persistentVolumeClaim: - claimName: '{{openshift_pvc_name}}' - - name: ssh - secret: - secretName: "{{ mgmt_secret_name }}" - {% if (openshift_is_production or openshift_is_wp_int) %} - - name: backups - persistentVolumeClaim: - claimName: backups-readonly - {% endif %} - triggers: - - type: ConfigChange - - type: ImageChange - imageChangeParams: - containerNames: - - "mgmt-test" - from: - kind: ImageStreamTag - name: "mgmt:prod" - namespace: "{{ openshift_namespace }}" - - tags: dc - - -- name: "Deployment rollout" - connection: local - shell: - cmd: oc rollout latest dc/mgmt-test - tags: rollout diff --git a/ansible/roles/wordpress-openshift-namespace/vars/main.yml b/ansible/roles/wordpress-openshift-namespace/vars/main.yml index 45a3e608b..f33969384 100644 --- a/ansible/roles/wordpress-openshift-namespace/vars/main.yml +++ b/ansible/roles/wordpress-openshift-namespace/vars/main.yml @@ -3,7 +3,8 @@ openshift_is_production: "{{ openshift_namespace == 'wwp' }}" openshift_is_wp_int: "{{ openshift_namespace == 'wwp-int' }}" -openshift_registry_tag: "{{ 'prod' if openshift_is_production else 'latest' }}" +openshift_registry_tag: "{{ 'prod' if openshift_is_production or openshift_is_wp_int else 'latest' }}" +openshift_backup_volume_name: "{{ 'backups-readonly' if openshift_is_wp_int else 'backup-0' }}" # for imageStream authentification #TODO: remove the need for authentification diff --git a/ansible/roles/wordpress-openshift-namespace/vars/mgmt-vars.yml b/ansible/roles/wordpress-openshift-namespace/vars/mgmt-vars.yml index 5e1e69978..28409ec8d 100644 --- a/ansible/roles/wordpress-openshift-namespace/vars/mgmt-vars.yml +++ b/ansible/roles/wordpress-openshift-namespace/vars/mgmt-vars.yml @@ -1,6 +1,8 @@ # See also ssh keys and more in # ../../../hosts-{dev,prod}/group_vars/openshift-namespaces-* +mgmt_app_name: mgmt-test + mgmt_service_account: "{{ openshift_namespace }}" mgmt_access_list: