Automatización de despliegues en Openshift con Ansible Tower

Post on 12-Apr-2017

351 views 0 download

Preview:

Click to see full reader
Report this document
SHARE

Transcript of Automatización de despliegues en Openshift con Ansible Tower

AUTOMATIZACIÓN DE DESPLIEGUES EN

OPENSHIFT CON ANSIBLE TOWER

Ramón Román NissenSenior Middleware Consultantrroman@redhat.com@rromannissen

Ramón Román NissenSenior Middleware Consultantrroman@redhat.com@rromannissen

OJOCUIDAOEsta no es una charla oficial de Red Hat. Las

opiniones y enfoques técnicos son propios y no necesariamente están alineados con los de Red Hat

JENKINS PIPELINE

CREATE PROJECTS

BUILD IMAGECONFIGURE PROJECTS

TAG IMAGESCREATE

OBJECTS

ACTORES

ORGANIZATION

PROJECT 1 INVENTORY 1

INVENTORY N

INVENTORY SCRIPT 1

INVENTORY SCRIPT N

NOTIFICATION 1

NOTIFICATION N

CREDENTIAL 1

CREDENTIAL N

JOB TEMPLATE 1

JOB TEMPLATE N

JOB TEMPLATE

PLAYBOOK

INVENTORY

VARIABLE 1

VARIABLE N

VARIABLE N+1

VARIABLE M

SURVEY PROMPT 1

SURVEY PROMPT N

PROJECT

Repo \_ roles \_ check_availability \_ tasks \_ templates \_ download_artifacts \_ copy_modules \_ deploy_aftifacts \_ check_deployment \_ notify_mail\_ eap_deployment.yml

roles: - check_availability - download_artifacts - copy_modules - deploy_artifacts - check_deployment - notify_mail

JOB N

Version: 3.0.4JOB 2

Version: 3.0.4JOB 1

Version: 3.0.4

JOB TEMPLATE NInventory: Inventory 1Playbook: eap_deploymentVariables: - artifact_group: com.ins - artifact_id: webportal - nexus_url: ins.com/nexus - admin_mail: sys@ins.comSurveys: - version

JOB TEMPLATE 2Inventory: Inventory 1Playbook: eap_deploymentVariables: - artifact_group: com.ins - artifact_id: webportal - nexus_url: ins.com/nexus - admin_mail: sys@ins.comSurveys: - version

JOB TEMPLATE 1Inventory: Inventory 1Playbook: eap_deploymentVariables: - artifact_group: com.ins - artifact_id: webportal - nexus_url: ins.com/nexusSurveys: - version

INVENTORY N

[appserver]eap1.ins.comeap2.ins.com[webserver]httpd1.ins.com[db]posgres.ins.com

INVENTORY 2

[appserver]eap1.ins.comeap2.ins.com[webserver]httpd1.ins.com[db]posgres.ins.com

INVENTORY 1

[appserver]eap1.ins.comeap2.ins.com[webserver]httpd1.ins.com[db]posgres.ins.com

ARQUITECTURA

INTERNAL DOCKER REGISTRYDOCKER DAEMON

TOWER CLI

OPENSHIFT CLI OPENSHIFT API

INTERNAL DOCKER REGISTRYDOCKER DAEMON

TOWER CLI

OPENSHIFT CLI OPENSHIFT API

HOST

APLICACIÓN

https://github.com/gshipley/openshift3mlbparks

https://github.com/gshipley/openshift3mlbparks

https://www.openshift.com/promotions/for-developers.html

POD

POD

POD

SECRET VOLUME

USERNAME PASSWORD

/tmp/secret

STAGES

JENKINS PIPELINE

CREATE PROJECTS

BUILD IMAGE

CONFIGURE PROJECTS

TAG IMAGES

CREATE OBJECTS

JENKINS PIPELINE

CREATE PROJECTS

BUILD IMAGE

CONFIGURE PROJECTS

TAG IMAGES

CREATE OBJECTS

---- name: '[Global] Create projects' hosts: bastion become: false roles:

- role: ocp_login- role: create_projects

- name: '[Create Projects] Create DEV project' command: "{{ OC_CLIENT_PATH }}/oc new-project {{ SERVICE_NAME }}-dev" register: result ignore_errors: True

...

JENKINS PIPELINE

CREATE PROJECTS

BUILD IMAGE

CONFIGURE PROJECTS

TAG IMAGES

CREATE OBJECTS

---- name: '[Global] Build Image' hosts: bastion become: false roles:

- role: ocp_login- role: create-clean-workspace- role: build_image

- name: '[Build Image] Get user token' command: "{{ OC_CLIENT_PATH }}/oc whoami -t" register: whoami_result

- name: '[Build Image] Login to OCP registry' command: "docker login -u {{ OCP_USER }} -p {{ whoami_result.stdout }} {{ OC_REGISTRY_URL }}" register: login_result until: login_result.stderr == "" retries: 10 delay: 3

- name: '[Build Image] Build image from Dockerfile' command: "docker build -t {{ OC_REGISTRY_URL }}/ {{ SERVICE_NAME }}-dev/{{ SERVICE_NAME }} {{ DOWNLOAD_PATH }} /{{ SERVICE_NAME }}"

- name: '[Build Image] Push image to the OCP registry' command: "docker push {{ OC_REGISTRY_URL }}/{{ SERVICE_NAME}} -dev/{{ SERVICE_NAME }}" register: push_result until: push_result.stderr == "" retries: 10 delay: 3

JENKINS PIPELINE

CREATE PROJECTS

BUILD IMAGE

CONFIGURE PROJECTS

TAG IMAGES

CREATE OBJECTS

---- name: '[Global] Configure projects' hosts: bastion become: false roles:

- role: ocp_login- role: create-clean-workspace- role: config_project

SECRET VOLUME

USERNAME PASSWORD

POD

SECRET VOLUME

USERNAME PASSWORD

POD

/tmp/secret

{ "apiVersion": "v1", "kind": "Secret", "metadata": { "name": "db-secret" }, "namespace": "{{ SERVICE_NAME }}", "data": { "username": "{{ item.user| b64encode }}", "password": "{{ item.pass | b64encode }}" }}

- name: '[Configure Projects] Create secret file from template' template:

src: db-secret.json.j2dest: "{{ DOWNLOAD_PATH }}/{{ SERVICE_NAME

}}/db-secret-{{item.env}}.json" with_items: - { env: "dev", user: "{{ DB_USER_DEV }}", pass: "{{ DB_PASS_DEV }}"} - { env: "pre", user: "{{ DB_USER_PRE }}", pass: "{{ DB_PASS_PRE }}"} - { env: "pro", user: "{{ DB_USER_PRO }}", pass: "{{ DB_PASS_PRO }}"}

- name: '[Configure Projects] Create DEV secret' command: "{{ OC_CLIENT_PATH }}/oc create -f {{ DOWNLOAD_PATH }}/{{ SERVICE_NAME }}/db-secret-dev.json"

- name: '[Configure Projects] Create DEV template' command: "{{ OC_CLIENT_PATH }}/oc create -f {{ DOWNLOAD_PATH }}/{{ SERVICE_NAME }}/template.json"

- name: '[Configure Projects] Enable image pulling from DEV' command: "{{ OC_CLIENT_PATH }}/oc policy add-role-to-group system:image-puller system:serviceaccounts:{{ SERVICE_NAME }}-{{ item.env }} --namespace={{ SERVICE_NAME }}-dev" with_items:

- { env: "pre"}- { env: "pro"}

when: result|succeeded

JENKINS PIPELINE

CREATE PROJECTS

BUILD IMAGE

CONFIGURE PROJECTS

TAG IMAGES

CREATE OBJECTS

---- name: '[Global] Tag Images' hosts: bastion become: false roles:

- role: ocp_login- role: tag_images

- name: '[Tag Images] Tag DEV image' command: "{{ OC_CLIENT_PATH }}/oc tag {{ SERVICE_NAME }} :latest {{ SERVICE_NAME }}:{{ SERVICE_NAME }}-dev"

- name: '[Tag Images] Tag PRE image' command: "{{ OC_CLIENT_PATH }}/oc tag {{ SERVICE_NAME }} :latest {{ SERVICE_NAME }}:{{ SERVICE_NAME }}-pre" when: (TARGET_ENVIRONMENT == "PRE") or (TARGET_ENVIRONMENT == "PRO")

- name: '[Tag Images] Tag PRO image' command: "{{ OC_CLIENT_PATH }}/oc tag {{ SERVICE_NAME }} :latest {{ SERVICE_NAME }}:{{ SERVICE_NAME }}-pro" when: (TARGET_ENVIRONMENT == "PRO")

JENKINS PIPELINE

CREATE PROJECTS

BUILD IMAGE

CONFIGURE PROJECTS

TAG IMAGES

CREATE OBJECTS

- name: '[Create Objects] Process template' command: "{{ OC_CLIENT_PATH }}/oc process {{ TEMPLATE_NAME }} -v APPLICATION_NAME={{ SERVICE_NAME }} ,ENV={{ ENV }},MONGODB_USER={{ MONGODB_USER }} ,MONGODB_PASSWORD={{ MONGODB_PASSWORD }} ,MONGODB_DATABASE={{ MONGODB_DATABASE }} ,MONGODB_ADMIN_PASSWORD={{ MONGODB_ADMIN_PASSWORD }} ,CONTEXT={{ ARTIFACT_ID }}-{{ ARTIFACT_VERSION }}" register: output

- name: '[Create Objects] Create objects file' copy:

content: "{{ output.stdout }}"dest: "{{ DOWNLOAD_PATH }}/{{ SERVICE_NAME }}

/objects.json"

- name: '[Create Objects] Create objects from file' command: "{{ OC_CLIENT_PATH }}/oc create -f {{ DOWNLOAD_PATH }}/{{ SERVICE_NAME }}/objects.json" ignore_errors: True

DEMO

GRACIAS!!

Top related

Técnico Superior en PROGRAMACIÓN PROGRAMÁ, CREÁ, DISEÑÁ … · (Docker, VMWare, Openstack, Openshift), DevOps (ansible, Jenkins). También se ha desempeñado como Desarrollador
 Documents
Soluciones para nuevas redes FTTH, y despliegues en ...
 Documents
Introduccion a Ansible
 Internet
Automatización de despliegues mediante VMware, Jenkins y ...
 Documents
Creacion de un cartridge para Openshift
 Software
Gestionando tu infraestructura con Ansible
 Documents
Despliegues de Las FFAA Estadounidenses en El Exterior
 Documents
people.redhat.compeople.redhat.com/mlessard/mtl/presentations/june2017/MAD_MS.pdf · (WildFly Swarm) OPENSHIFT / XPAAS REACTIVE (vert.x) NODE.JS APACHE TOMCAT Certified Frameworks
 Documents
Guía de instalación de Ansible paso a paso · INSTALAR ANSIBLE HTTP:// Escenario de partida: Como os comentamos en el artículo de Hi-TechIp contamos de un escenario base para
 Documents
Introducción a Ansible
 Engineering
Ecosistema de desarrollo en PHP con Docker y Ansible
 Technology
automatizar aplicações no Utilizando Operator-Framework ... · INTRODUÇÃO K8S/OPENSHIFT API'S RECURSOS CUSTOMIZADOS (CR/CRD) OPERATOR-FRAMEWORK DISPONIBIZANDO O SEU OPERATOR POR
 Documents
Openshift presentation
 Software
Presentación Openshift
 Documents
2015 Motorhome. Índice Motorhome : dimensiones, pesos y despliegues. Motorhome : necesidades eléctricas y hidráulicas. Otros requisitos. Descripción del.
 Documents
Ansible presentation
 Technology
Emisiones Electromagnéticas No Ionizantes y los despliegues de Redes Inalámbricas
 Documents
Cloud Computing. Gestión de configuraciones. Ansible
 Education
Ansible Driver - GitHub Pages · 2020. 10. 5. · Ansible DriverはITAが一元管理するシステムパラメータと IaC(Playbook等)の変数を紐づけて、Ansibleに連携実行させることが可能です
 Documents
Ansible introduction - XX Betabeers Galicia
 Technology

Copyright © 2022 FDOCUMENTS