From 6c662cdef0c6213d5d00b823fcb46067f7ddafe5 Mon Sep 17 00:00:00 2001 From: William Belle Date: Wed, 27 Nov 2024 15:01:21 +0100 Subject: [PATCH] Migrate to OpenShift 4 (#208) --- CONTRIBUTING.md | 26 +- ansible/inventory/dev.yml | 13 + ansible/inventory/prod.yml | 28 +- ansible/inventory/staging.yml | 13 + ansible/inventory/test.yml | 15 - ansible/playbook.yml | 2 +- ansible/requirements.yml | 2 - ansible/roles/search-api-k8s/meta/main.yml | 2 - ansible/roles/search-api-k8s/tasks/app.yml | 265 +++++++++--------- ansible/roles/search-api-k8s/tasks/image.yml | 14 - ansible/roles/search-api-k8s/tasks/images.yml | 11 + ansible/roles/search-api-k8s/tasks/main.yml | 37 ++- ansible/roles/search-api-k8s/tasks/route.yml | 27 -- ansible/roles/search-api-k8s/tasks/routes.yml | 27 ++ .../roles/search-api-k8s/tasks/secrets.yml | 88 +++--- ansible/roles/search-api-k8s/vars/main.yml | 3 + ansible/searchapisible | 51 +++- 17 files changed, 335 insertions(+), 289 deletions(-) create mode 100644 ansible/inventory/dev.yml create mode 100644 ansible/inventory/staging.yml delete mode 100644 ansible/inventory/test.yml delete mode 100644 ansible/roles/search-api-k8s/meta/main.yml delete mode 100644 ansible/roles/search-api-k8s/tasks/image.yml create mode 100644 ansible/roles/search-api-k8s/tasks/images.yml delete mode 100644 ansible/roles/search-api-k8s/tasks/route.yml create mode 100644 ansible/roles/search-api-k8s/tasks/routes.yml diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 30f25e4..2230d44 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -2,8 +2,9 @@ ## Prerequisites -- Access to our Keybase `/keybase/team/epfl_search` directory. -- Access to `wwp-test` and `wwp` namespaces on our OpenShift cluster. +- Groups `vra_p_svc0012`. +- Keybase `epfl_search`. +- Access to ghcr.io via a personal access tokens (PATs). ## Setup @@ -74,21 +75,10 @@ git push origin main --tags ## Deploy -Log into `ghcr.io`, `os-docker-registry.epfl.ch` and OpenShift, then - -```text -Usage: ./ansible/searchapisible [options] - -Options: - -h, --help Show help message and exit - --list-tags List all available tags - --prod Deploy in production - -t, --tags Run tasks tagged with these values [string] - -v, --verbose Causes Ansible to print more debug messages - --version Show version number +```bash +# Help +./ansible/searchapisible --help -Examples: - ./ansible/searchapisible - ./ansible/searchapisible --prod - ./ansible/searchapisible --prod -t app.restart +# Production +./ansible/searchapisible --prod ``` diff --git a/ansible/inventory/dev.yml b/ansible/inventory/dev.yml new file mode 100644 index 0000000..64fb23a --- /dev/null +++ b/ansible/inventory/dev.yml @@ -0,0 +1,13 @@ +all: + hosts: + search-dev-openshift: + ansible_connection: local + ansible_host: localhost + openshift_namespace: svc0012d-search-engine + ansible_python_interpreter: '{{searchapisible_suitcase_dir}}/bin/python3' + vars: + hostnames: + - dev-search-api.epfl.ch + routes_availability: private + secrets: '{{ lookup("file", "/keybase/team/epfl_search/api/dev/secrets.yml") | from_yaml }}' + tag: 0.9.4 diff --git a/ansible/inventory/prod.yml b/ansible/inventory/prod.yml index 2ef60b5..cd257e7 100644 --- a/ansible/inventory/prod.yml +++ b/ansible/inventory/prod.yml @@ -1,15 +1,15 @@ all: - children: - openshift_namespaces: - hosts: - wwp: {} - vars: - ansible_connection: local - openshift_namespace: 'wwp' - - hostnames: - - search-backend.epfl.ch - - search-2012.epfl.ch - - search-api.epfl.ch - tag: latest - searchapi_secrets: "{{ lookup('file', '/keybase/team/epfl_search/api/prod/secrets.yml') | from_yaml }}" + hosts: + search-staging-openshift: + ansible_connection: local + ansible_host: localhost + openshift_namespace: svc0012p-search-engine + ansible_python_interpreter: '{{searchapisible_suitcase_dir}}/bin/python3' + vars: + hostnames: + - search-backend.epfl.ch + - search-2012.epfl.ch + - search-api.epfl.ch + routes_availability: public + secrets: '{{ lookup("file", "/keybase/team/epfl_search/api/prod/secrets.yml") | from_yaml }}' + tag: 0.9.4 diff --git a/ansible/inventory/staging.yml b/ansible/inventory/staging.yml new file mode 100644 index 0000000..44d93c6 --- /dev/null +++ b/ansible/inventory/staging.yml @@ -0,0 +1,13 @@ +all: + hosts: + search-staging-openshift: + ansible_connection: local + ansible_host: localhost + openshift_namespace: svc0012t-search-engine + ansible_python_interpreter: '{{searchapisible_suitcase_dir}}/bin/python3' + vars: + hostnames: + - staging-search-api.epfl.ch + routes_availability: private + secrets: '{{ lookup("file", "/keybase/team/epfl_search/api/staging/secrets.yml") | from_yaml }}' + tag: 0.9.4 diff --git a/ansible/inventory/test.yml b/ansible/inventory/test.yml deleted file mode 100644 index c1efc1b..0000000 --- a/ansible/inventory/test.yml +++ /dev/null @@ -1,15 +0,0 @@ -all: - children: - openshift_namespaces: - hosts: - wwp-test: {} - vars: - ansible_connection: local - openshift_namespace: 'wwp-test' - - hostnames: - - staging-search-backend.epfl.ch - - test-search-2012.epfl.ch - - test-search-api.epfl.ch - tag: latest - searchapi_secrets: "{{ lookup('file', '/keybase/team/epfl_search/api/staging/secrets.yml') | from_yaml }}" diff --git a/ansible/playbook.yml b/ansible/playbook.yml index 47a593d..d3e6f9e 100644 --- a/ansible/playbook.yml +++ b/ansible/playbook.yml @@ -1,5 +1,5 @@ - name: Search API Kubernetes objects - hosts: openshift_namespaces + hosts: all gather_facts: yes roles: - role: roles/search-api-k8s diff --git a/ansible/requirements.yml b/ansible/requirements.yml index 3a88ffd..e69de29 100644 --- a/ansible/requirements.yml +++ b/ansible/requirements.yml @@ -1,2 +0,0 @@ -roles: - - src: epfl_si.ansible_module_openshift diff --git a/ansible/roles/search-api-k8s/meta/main.yml b/ansible/roles/search-api-k8s/meta/main.yml deleted file mode 100644 index 18701e3..0000000 --- a/ansible/roles/search-api-k8s/meta/main.yml +++ /dev/null @@ -1,2 +0,0 @@ -dependencies: - - name: epfl_si.ansible_module_openshift diff --git a/ansible/roles/search-api-k8s/tasks/app.yml b/ansible/roles/search-api-k8s/tasks/app.yml index 8f35e60..1331000 100644 --- a/ansible/roles/search-api-k8s/tasks/app.yml +++ b/ansible/roles/search-api-k8s/tasks/app.yml @@ -1,128 +1,141 @@ -- name: SearchAPI - Deployment - openshift: - apiVersion: extensions/v1beta1 - kind: Deployment - metadata: - name: '{{ app_name }}' - namespace: '{{ openshift_namespace }}' - labels: - app: '{{ app_name }}' - team: '{{ team }}' - spec: - replicas: 2 - selector: - matchLabels: - app: '{{ app_name }}' - template: - metadata: - labels: - app: '{{ app_name }}' - team: '{{ team }}' - role: webserver - spec: - containers: - - env: - - name: SEARCH_API_ENABLE_CSE - value: '{{ searchapi_secrets.SEARCH_API_ENABLE_CSE |string }}' - - name: SEARCH_API_ENABLE_LDAP - value: '{{ searchapi_secrets.SEARCH_API_ENABLE_LDAP |string }}' - - name: SEARCH_API_ENABLE_ADDRESS - value: '{{ searchapi_secrets.SEARCH_API_ENABLE_ADDRESS |string }}' - - name: SEARCH_API_ENABLE_UNIT - value: '{{ searchapi_secrets.SEARCH_API_ENABLE_UNIT |string }}' - - name: SEARCH_API_ENABLE_GRAPHSEARCH - value: '{{ searchapi_secrets.SEARCH_API_ENABLE_GRAPHSEARCH |string }}' - - name: SEARCH_API_CSE_API_KEY - valueFrom: - secretKeyRef: - name: search-api-cse-secrets - key: SEARCH_API_CSE_API_KEY - - name: SEARCH_API_CSE_CX - value: '{{ searchapi_secrets.SEARCH_API_CSE_CX }}' - - name: SEARCH_API_CADIDB_HOST - value: '{{ searchapi_secrets.SEARCH_API_CADIDB_HOST }}' - - name: SEARCH_API_CADIDB_PORT - value: '{{ searchapi_secrets.SEARCH_API_CADIDB_PORT }}' - - name: SEARCH_API_CADIDB_DATABASE - value: '{{ searchapi_secrets.SEARCH_API_CADIDB_DATABASE }}' - - name: SEARCH_API_CADIDB_USER - valueFrom: - secretKeyRef: - name: search-api-cadidb-secrets - key: SEARCH_API_CADIDB_USER - - name: SEARCH_API_CADIDB_PASSWORD - valueFrom: - secretKeyRef: - name: search-api-cadidb-secrets - key: SEARCH_API_CADIDB_PASSWORD - - name: SEARCH_API_LDAP_URL - value: '{{ searchapi_secrets.SEARCH_API_LDAP_URL }}' - - name: SEARCH_API_LDAP_ROOTS_FILTER - value: '{{ searchapi_secrets.SEARCH_API_LDAP_ROOTS_FILTER }}' - - name: SEARCH_API_MD_BASE_URL - value: '{{ searchapi_secrets.SEARCH_API_MD_BASE_URL }}' - - name: SEARCH_API_MD_USER - valueFrom: - secretKeyRef: - name: search-api-md-secrets - key: SEARCH_API_MD_USER - - name: SEARCH_API_MD_PASSWORD - valueFrom: - secretKeyRef: - name: search-api-md-secrets - key: SEARCH_API_MD_PASSWORD - livenessProbe: - httpGet: - path: /healthz - port: 5555 - initialDelaySeconds: 2 - periodSeconds: 15 - timeoutSeconds: 5 - readinessProbe: - httpGet: - path: /healthz - port: 5555 - initialDelaySeconds: 2 - periodSeconds: 15 - timeoutSeconds: 5 - name: '{{ app_name }}' - image: 'docker-registry.default.svc:5000/{{ openshift_namespace }}/search-api:latest' - imagePullPolicy: Always - dnsPolicy: ClusterFirst - restartPolicy: Always - schedulerName: default-scheduler - terminationGracePeriodSeconds: 30 +- name: Search API - ServiceAccount + kubernetes.core.k8s: + definition: + apiVersion: v1 + kind: ServiceAccount + metadata: + name: '{{ app_name }}-service-account' + namespace: '{{ openshift_namespace }}' + imagePullSecrets: + - name: '{{ app_name }}-pull-secret' -- name: SearchAPI - Service - openshift: - state: latest - apiVersion: v1 - kind: Service - metadata: - name: '{{ app_name }}' - namespace: '{{ openshift_namespace }}' - labels: - app: '{{ app_name }}' - team: '{{ team }}' - spec: - type: ClusterIP - ports: - - name: '80' - port: 80 - protocol: TCP - targetPort: 5555 - selector: - app: '{{ app_name }}' - role: webserver +- name: Search API - Service + kubernetes.core.k8s: + definition: + apiVersion: v1 + kind: Service + metadata: + name: '{{ app_name }}' + namespace: '{{ openshift_namespace }}' + labels: + app: '{{ app_name }}' + team: '{{ team }}' + spec: + type: ClusterIP + ports: + - name: '80' + port: 80 + targetPort: 5555 + selector: + app: '{{ app_name }}' -- name: SearchAPI - Restart - when: >- - ('app.restart' in ansible_run_tags) - or - (_searchapi_push is changed) - local_action: - module: shell - cmd: >- - oc patch deployment/{{ app_name }} --namespace {{ openshift_namespace }} --patch \ - '{"spec": {"template": {"metadata": {"annotations": {"last-restart": "{{ ansible_date_time.iso8601 }}"}}}}}' - tags: app.restart +- name: Search API - Deployment + kubernetes.core.k8s: + definition: + apiVersion: apps/v1 + kind: Deployment + metadata: + name: '{{ app_name }}' + namespace: '{{ openshift_namespace }}' + labels: + app: '{{ app_name }}' + team: '{{ team }}' + version: '{{ tag }}' + spec: + replicas: 2 + strategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 1 + selector: + matchLabels: + app: '{{ app_name }}' + template: + metadata: + labels: + app: '{{ app_name }}' + team: '{{ team }}' + version: '{{ tag }}' + spec: + serviceAccountName: '{{ app_name }}-service-account' + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app: '{{ app_name }}' + topologyKey: kubernetes.io/hostname + containers: + - name: '{{ app_name }}' + image: '{{ quay_registry }}/{{ app_name }}:{{ tag }}' + env: + - name: SEARCH_API_ENABLE_CSE + value: '{{ secrets.SEARCH_API_ENABLE_CSE | string }}' + - name: SEARCH_API_ENABLE_LDAP + value: '{{ secrets.SEARCH_API_ENABLE_LDAP | string }}' + - name: SEARCH_API_ENABLE_ADDRESS + value: '{{ secrets.SEARCH_API_ENABLE_ADDRESS | string }}' + - name: SEARCH_API_ENABLE_UNIT + value: '{{ secrets.SEARCH_API_ENABLE_UNIT | string }}' + - name: SEARCH_API_ENABLE_GRAPHSEARCH + value: '{{ secrets.SEARCH_API_ENABLE_GRAPHSEARCH | string }}' + - name: SEARCH_API_CSE_API_KEY + valueFrom: + secretKeyRef: + name: search-api-cse-secrets + key: SEARCH_API_CSE_API_KEY + - name: SEARCH_API_CSE_CX + value: '{{ secrets.SEARCH_API_CSE_CX }}' + - name: SEARCH_API_CADIDB_HOST + value: '{{ secrets.SEARCH_API_CADIDB_HOST }}' + - name: SEARCH_API_CADIDB_PORT + value: '{{ secrets.SEARCH_API_CADIDB_PORT }}' + - name: SEARCH_API_CADIDB_DATABASE + value: '{{ secrets.SEARCH_API_CADIDB_DATABASE }}' + - name: SEARCH_API_CADIDB_USER + valueFrom: + secretKeyRef: + name: search-api-cadidb-secrets + key: SEARCH_API_CADIDB_USER + - name: SEARCH_API_CADIDB_PASSWORD + valueFrom: + secretKeyRef: + name: search-api-cadidb-secrets + key: SEARCH_API_CADIDB_PASSWORD + - name: SEARCH_API_LDAP_URL + value: '{{ secrets.SEARCH_API_LDAP_URL }}' + - name: SEARCH_API_LDAP_ROOTS_FILTER + value: '{{ secrets.SEARCH_API_LDAP_ROOTS_FILTER }}' + - name: SEARCH_API_MD_BASE_URL + value: '{{ secrets.SEARCH_API_MD_BASE_URL }}' + - name: SEARCH_API_MD_USER + valueFrom: + secretKeyRef: + name: search-api-md-secrets + key: SEARCH_API_MD_USER + - name: SEARCH_API_MD_PASSWORD + valueFrom: + secretKeyRef: + name: search-api-md-secrets + key: SEARCH_API_MD_PASSWORD + resources: + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 100m + memory: 128Mi + livenessProbe: + httpGet: + path: /healthz + port: 5555 + initialDelaySeconds: 2 + periodSeconds: 15 + timeoutSeconds: 5 + readinessProbe: + httpGet: + path: /healthz + port: 5555 + initialDelaySeconds: 2 + periodSeconds: 15 + timeoutSeconds: 5 diff --git a/ansible/roles/search-api-k8s/tasks/image.yml b/ansible/roles/search-api-k8s/tasks/image.yml deleted file mode 100644 index 765a99b..0000000 --- a/ansible/roles/search-api-k8s/tasks/image.yml +++ /dev/null @@ -1,14 +0,0 @@ -- name: SearchAPI - Pull image - community.docker.docker_image: - name: 'ghcr.io/epfl-si/{{ app_name }}:{{ tag }}' - force_source: yes - source: pull - -- name: SearchAPI - Push image - community.docker.docker_image: - name: 'ghcr.io/epfl-si/{{ app_name }}:{{ tag }}' - repository: 'os-docker-registry.epfl.ch/{{ openshift_namespace }}/{{ app_name }}:latest' - push: yes - force_tag: yes - source: local - register: _searchapi_push diff --git a/ansible/roles/search-api-k8s/tasks/images.yml b/ansible/roles/search-api-k8s/tasks/images.yml new file mode 100644 index 0000000..4223460 --- /dev/null +++ b/ansible/roles/search-api-k8s/tasks/images.yml @@ -0,0 +1,11 @@ +- name: Search API - Pull image + community.docker.docker_image: + name: '{{ ghcr_registry }}/{{ app_name }}:v{{ tag }}' + source: pull + +- name: Search API - Push image + community.docker.docker_image: + name: '{{ ghcr_registry }}/{{ app_name }}:v{{ tag }}' + repository: '{{ quay_registry }}/{{ app_name }}:{{ tag }}' + push: true + source: local diff --git a/ansible/roles/search-api-k8s/tasks/main.yml b/ansible/roles/search-api-k8s/tasks/main.yml index e07d384..e7f8f1d 100644 --- a/ansible/roles/search-api-k8s/tasks/main.yml +++ b/ansible/roles/search-api-k8s/tasks/main.yml @@ -1,29 +1,28 @@ -- name: Secrets tasks - include_tasks: - file: 'secrets.yml' +- name: Images tasks + ansible.builtin.include_tasks: + file: 'images.yml' apply: - tags: Secrets - tags: Secrets + tags: searchapi.images + tags: searchapi.images -- name: Image tasks - include_tasks: - file: 'image.yml' +- name: Secrets tasks + ansible.builtin.include_tasks: + file: 'secrets.yml' apply: - tags: image - tags: image + tags: searchapi.secrets + tags: searchapi.secrets -- name: Route tasks - include_tasks: - file: 'route.yml' +- name: Routes tasks + ansible.builtin.include_tasks: + file: 'routes.yml' apply: - tags: route - tags: route + tags: searchapi.routes + tags: searchapi.routes - name: App tasks - include_tasks: + ansible.builtin.include_tasks: file: 'app.yml' apply: - tags: app + tags: searchapi.app tags: - - app - - app.restart + - searchapi.app diff --git a/ansible/roles/search-api-k8s/tasks/route.yml b/ansible/roles/search-api-k8s/tasks/route.yml deleted file mode 100644 index f95a972..0000000 --- a/ansible/roles/search-api-k8s/tasks/route.yml +++ /dev/null @@ -1,27 +0,0 @@ -- name: SearchAPI - Route - with_items: '{{ hostnames }}' - openshift: - state: latest - apiVersion: route.openshift.io/v1 - kind: Route - metadata: - name: '{{ item }}' - namespace: '{{ openshift_namespace }}' - labels: - app: '{{ app_name }}' - team: '{{ team }}' - epfl.ch/visibility: public - annotations: - router.openshift.io/cookie-same-site: Strict - haproxy.router.openshift.io/hsts_header: max-age=15552001 - spec: - host: '{{ item }}' - wildcardPolicy: None - port: - targetPort: '80' - tls: - termination: edge - to: - kind: Service - name: '{{ app_name }}' - weight: 100 diff --git a/ansible/roles/search-api-k8s/tasks/routes.yml b/ansible/roles/search-api-k8s/tasks/routes.yml new file mode 100644 index 0000000..e05a612 --- /dev/null +++ b/ansible/roles/search-api-k8s/tasks/routes.yml @@ -0,0 +1,27 @@ +- name: Search API - Routes + with_items: '{{ hostnames }}' + kubernetes.core.k8s: + definition: + apiVersion: route.openshift.io/v1 + kind: Route + metadata: + name: '{{ item }}' + namespace: '{{ openshift_namespace }}' + labels: + app: '{{ app_name }}' + team: '{{ team }}' + route: '{{ routes_availability }}' + annotations: + router.openshift.io/cookie-same-site: Strict + haproxy.router.openshift.io/hsts_header: max-age=15552001 + spec: + host: '{{ item }}' + wildcardPolicy: None + port: + targetPort: '80' + tls: + termination: edge + insecureEdgeTerminationPolicy: Redirect + to: + kind: Service + name: '{{ app_name }}' diff --git a/ansible/roles/search-api-k8s/tasks/secrets.yml b/ansible/roles/search-api-k8s/tasks/secrets.yml index bd85627..44b9878 100644 --- a/ansible/roles/search-api-k8s/tasks/secrets.yml +++ b/ansible/roles/search-api-k8s/tasks/secrets.yml @@ -1,43 +1,49 @@ -- name: SearchAPI - CSE Secrets - openshift: - apiVersion: v1 - kind: Secret - metadata: - name: search-api-cse-secrets - namespace: '{{ openshift_namespace }}' - type: Opaque - data: >- - {{ _data | from_yaml }} - vars: - _data: | - SEARCH_API_CSE_API_KEY: "{{ searchapi_secrets.SEARCH_API_CSE_API_KEY | b64encode }}" +- name: Search API - Robot pull secret + kubernetes.core.k8s: + definition: + apiVersion: v1 + kind: Secret + type: kubernetes.io/dockerconfigjson + metadata: + name: '{{ app_name }}-pull-secret' + namespace: '{{ openshift_namespace }}' + data: + .dockerconfigjson: '{{ secrets.SEARCH_API_ROBOT_PULL }}' -- name: SearchAPI - CadiDB Secrets - openshift: - apiVersion: v1 - kind: Secret - metadata: - name: search-api-cadidb-secrets - namespace: '{{ openshift_namespace }}' - type: Opaque - data: >- - {{ _data | from_yaml }} - vars: - _data: | - SEARCH_API_CADIDB_USER: "{{ searchapi_secrets.SEARCH_API_CADIDB_USER | b64encode }}" - SEARCH_API_CADIDB_PASSWORD: "{{ searchapi_secrets.SEARCH_API_CADIDB_PASSWORD | b64encode }}" +- name: Search API - CSE Secrets + kubernetes.core.k8s: + definition: + apiVersion: v1 + kind: Secret + metadata: + name: '{{ app_name }}-cse-secrets' + namespace: '{{ openshift_namespace }}' + type: Opaque + data: + SEARCH_API_CSE_API_KEY: '{{ secrets.SEARCH_API_CSE_API_KEY | b64encode }}' -- name: SearchAPI - API MD Secrets (api.epfl.ch) - openshift: - apiVersion: v1 - kind: Secret - metadata: - name: search-api-md-secrets - namespace: '{{ openshift_namespace }}' - type: Opaque - data: >- - {{ _data | from_yaml }} - vars: - _data: | - SEARCH_API_MD_USER: "{{ searchapi_secrets.SEARCH_API_MD_USER | b64encode }}" - SEARCH_API_MD_PASSWORD: "{{ searchapi_secrets.SEARCH_API_MD_PASSWORD | b64encode }}" +- name: Search API - CadiDB Secrets + kubernetes.core.k8s: + definition: + apiVersion: v1 + kind: Secret + metadata: + name: '{{ app_name }}-cadidb-secrets' + namespace: '{{ openshift_namespace }}' + type: Opaque + data: + SEARCH_API_CADIDB_USER: '{{ secrets.SEARCH_API_CADIDB_USER | b64encode }}' + SEARCH_API_CADIDB_PASSWORD: '{{ secrets.SEARCH_API_CADIDB_PASSWORD | b64encode }}' + +- name: Search API - API MD Secrets (api.epfl.ch) + kubernetes.core.k8s: + definition: + apiVersion: v1 + kind: Secret + metadata: + name: '{{ app_name }}-md-secrets' + namespace: '{{ openshift_namespace }}' + type: Opaque + data: + SEARCH_API_MD_USER: '{{ secrets.SEARCH_API_MD_USER | b64encode }}' + SEARCH_API_MD_PASSWORD: '{{ secrets.SEARCH_API_MD_PASSWORD | b64encode }}' diff --git a/ansible/roles/search-api-k8s/vars/main.yml b/ansible/roles/search-api-k8s/vars/main.yml index a3c58a9..c627efb 100644 --- a/ansible/roles/search-api-k8s/vars/main.yml +++ b/ansible/roles/search-api-k8s/vars/main.yml @@ -1,2 +1,5 @@ app_name: 'search-api' team: 'isas-fsd' + +ghcr_registry: 'ghcr.io/epfl-si' +quay_registry: 'quay-its.epfl.ch/svc0012' diff --git a/ansible/searchapisible b/ansible/searchapisible index 001d922..e9de0ed 100755 --- a/ansible/searchapisible +++ b/ansible/searchapisible @@ -15,9 +15,20 @@ cd "$(cd "$(dirname "$0")"; pwd)" help () { fatal </dev/null; then curl https://raw.githubusercontent.com/epfl-si/ansible.suitcase/master/install.sh | \ SUITCASE_DIR=$PWD/ansible-deps-cache \ - SUITCASE_ANSIBLE_VERSION=6.3.0 \ + SUITCASE_ANSIBLE_VERSION=10.6.0 \ SUITCASE_ANSIBLE_REQUIREMENTS=requirements.yml \ - SUITCASE_PIP_EXTRA=docker \ + SUITCASE_PIP_EXTRA="kubernetes" \ bash -x fi - export PATH="$PWD/ansible-deps-cache/bin:$PATH" - export ANSIBLE_ROLES_PATH="$PWD/ansible-deps-cache/roles" - export ANSIBLE_COLLECTIONS_PATHS="$PWD/ansible-deps-cache" . ansible-deps-cache/lib.sh + ensure_ansible_runtime +} + +ensure_oc4_login () { + local clustername="$1"; shift + + if ! oc whoami > /dev/null 2>&1 || ! oc whoami --show-server | grep -q "$cluster_url"; then + echo "Logging into OpenShift cluster at $cluster_url..." + oc login "$cluster_url" --web; + else + echo "Already logged into $cluster_url." + fi } ensure_ansible -ensure_oc_login declare -a ansible_args -inventory_mode="test" +ansible_args=(-e "searchapisible_suitcase_dir=$PWD/ansible-deps-cache") +inventory_mode="dev" +cluster_url="https://api.ocpitsd0001.xaas.epfl.ch:6443" while [ "$#" -gt 0 ]; do case "$1" in --help) help ;; + --dev) + shift ;; + --staging) + inventory_mode="staging" + cluster_url="https://api.ocpitst0001.xaas.epfl.ch:6443" + shift ;; --prod) + cluster_url="https://api.ocpitsp0001.xaas.epfl.ch:6443" inventory_mode="prod" shift ;; *) @@ -55,9 +83,12 @@ while [ "$#" -gt 0 ]; do esac done +ensure_oc4_login "$cluster_url" + inventories () { case "$inventory_mode" in - test) echo "-i inventory/test.yml" ;; + dev) echo "-i inventory/dev.yml" ;; + staging) echo "-i inventory/staging.yml" ;; prod) echo "-i inventory/prod.yml" ;; esac }