How To Guide - create a new workload and test it against a bastion

[cmoulliard]

Feature request

Add a How To Guide to:

• create a new workload,
• import the ssh key
• test the ansible playbook against a bastion

Example

• Have an account/pwd: https://account.opentlc.com/account/activateAccountForm.php

  account: cmoulliard-redhat.com pwd: xxxxxxxxxx

• Login in here : https://rhpds.redhat.com/ Order ocp workshop

• When the ocp4 cluster is created, you will get an email including such infos:

Your environment for RHPDS-RH-cmoulliard-redhat.com-PROD_OCP4_WORKSHOP-namur-dfb4_COMPLETED has been provisioned.
Your unique identifier, GUID, is: `xxxxx`
Here is some important information about your environment:

Openshift Master Console: `http://console-openshift-console.apps.cluster-namur-dfb4.namur-dfb4.openshiftworkshop.com`

Openshift API for command line 'oc' client: `https://api.cluster-namur-dfb4.namur-dfb4.openshiftworkshop.com:6443`

Download oc client from https://mirror.openshift.com/pub/openshift-v4/clients/ocp/4.1.8/openshift-client-linux-4.1.8.tar.gz

This cluster has authentication enabled. You can use `opentlc-mgr` with password `r3dh4t1!` to access your cluster

SSH Access: `ssh [email protected]`

SSH password: `xxxxxx`

Post Flight Check
DNS Web Console ............... OK
DNS API ....................... OK
Web console ................... OK
API ........................... OK
Create Project with PV ........ OK
App deployed .................. OK
Route ......................... OK
Nexus password is admin123

OpenShift Terminal is configured for users opentlc-mgr with password xxxxx

OpenShift OAuthClient digest set to `xxxxxx`

• Copy your user's ssh key to the bastion in order to allow ansible to execute remotely commands against the bastion

ssh-copy-id -i ~/.ssh/id_rsa.pub -n [email protected]

• Git clone the agnosticd project

git clone https://github.com/redhat-cop/agnosticd.git
cd agnosticd

• Create a new folder roles/ocp-workload-MY_WORKLOAD and import the files from an existing project such as ansible/roles/ocp-workshop-example

mkdir -p roles/ocp-workload-MY_WORKLOAD

• Create a bash script under the MY_WORKLOAD folder

cat <<EOF > execute_ansible.sh
#!/bin/sh

ACTION=${1:-create}

HOST_GUID="namur-dfb4"
TARGET_HOST="bastion.$HOST_GUID.openshiftworkshop.com"

OCP_USERNAME="cmoulliard-redhat.com"
WORKLOAD="ocp-workload-MY_WORKLOAD"
GUID=$HOST_GUID

SSH_USER=$OCP_USERNAME
SSH_PRIVATE_KEY="id_rsa"

ansible-playbook -i $TARGET_HOST, ./config/ocp-workload.yml \
    -e "ansible_ssh_private_key_file=~/.ssh/${SSH_PRIVATE_KEY}" \
    -e "ansible_user=${SSH_USER}" \
    -e "ocp_username=${OCP_USERNAME}" \
    -e "ocp_workload=${WORKLOAD}" \
    -e "silent=False" \
    -e "guid=${GUID}" \
    -e "ACTION=$ACTION" \
    -v
EOF

• Change the HOST_GUID var like OCP_USERNAME

• Next, modify the tasks/workload.yml file to perform the needed steps to install the MY_WORKLOAD Operator

• To create or remove the workload then execute the bash script and pass as parameter remove to delete the oc project

./execute_ansible.sh remove

• To access the cluster, get first its kubeconfig file and save it under a local file snowdrop/kube_cfg.yaml Set the KUBECONFIG env var

export KUBECONFIG=./snowdrop/kube_cfg.yml
oc projects

[rut31337]

+1

[wkulhanek]

-1 The guide really needs to point to the dev cluster. We should not be spinning up OCP4 Workshops to test workloads. We have a dev cluster that is running all the time exactly for this reason.

Although for workloads that require system:admin a workshop is the only way of doing it.