How To Guide - create a new workload and test it against a bastion

[cmoulliard]

Feature request

Add a How To Guide to:

• create a new workload,
• import the ssh key
• test the ansible playbook against a bastion

Example

• Have an account/pwd: https://account.opentlc.com/account/activateAccountForm.php

  account: cmoulliard-redhat.com pwd: xxxxxxxxxx

• Login in here : https://rhpds.redhat.com/ Order ocp workshop

• When the ocp4 cluster is created, you will get an email including such infos:

Your environment for RHPDS-RH-cmoulliard-redhat.com-PROD_OCP4_WORKSHOP-namur-dfb4_COMPLETED has been provisioned.
Your unique identifier, GUID, is: `xxxxx`
Here is some important information about your environment:

Openshift Master Console: `http://console-openshift-console.apps.cluster-namur-dfb4.namur-dfb4.openshiftworkshop.com`

Openshift API for command line 'oc' client: `https://api.cluster-namur-dfb4.namur-dfb4.openshiftworkshop.com:6443`

Download oc client from https://mirror.openshift.com/pub/openshift-v4/clients/ocp/4.1.8/openshift-client-linux-4.1.8.tar.gz

This cluster has authentication enabled. You can use `opentlc-mgr` with password `r3dh4t1!` to access your cluster

SSH Access: `ssh cmoulliard-redhat.com@bastion.namur-dfb4.openshiftworkshop.com`

SSH password: `xxxxxx`

Post Flight Check
DNS Web Console ............... OK
DNS API ....................... OK
Web console ................... OK
API ........................... OK
Create Project with PV ........ OK
App deployed .................. OK
Route ......................... OK
Nexus password is admin123

OpenShift Terminal is configured for users opentlc-mgr with password xxxxx

OpenShift OAuthClient digest set to `xxxxxx`

• Copy your user's ssh key to the bastion in order to allow ansible to execute remotely commands against the bastion

ssh-copy-id -i ~/.ssh/id_rsa.pub -n cmoulliard-redhat.com@bastion.namur-dfb4.openshiftworkshop.com

• Git clone the agnosticd project

  git clone https://github.com/redhat-cop/agnosticd.git
  cd agnosticd

• Create a new folder roles/ocp-workload-MY_WORKLOAD and import the files from an existing project such as ansible/roles/ocp-workshop-example

  mkdir -p roles/ocp-workload-MY_WORKLOAD

• Create a bash script under the MY_WORKLOAD folder

  
  cat <<EOF > execute_ansible.sh
  #!/bin/sh

ACTION=${1:-create}

HOST_GUID="namur-dfb4" TARGET_HOST="bastion.$HOST_GUID.openshiftworkshop.com"

OCP_USERNAME="cmoulliard-redhat.com" WORKLOAD="ocp-workload-MY_WORKLOAD" GUID=$HOST_GUID

SSH_USER=$OCP_USERNAME SSH_PRIVATE_KEY="id_rsa"

ansible-playbook -i $TARGET_HOST, ./config/ocp-workload.yml \ -e "ansible_ssh_private_key_file=~/.ssh/${SSH_PRIVATE_KEY}" \ -e "ansible_user=${SSH_USER}" \ -e "ocp_username=${OCP_USERNAME}" \ -e "ocp_workload=${WORKLOAD}" \ -e "silent=False" \ -e "guid=${GUID}" \ -e "ACTION=$ACTION" \ -v EOF

- Change the `HOST_GUID` var like `OCP_USERNAME`

- Next, modify the `tasks/workload.yml` file to perform the needed steps to install the `MY_WORKLOAD Operator`

- To create or remove the `workload` then execute the bash script and pass as parameter `remove` to delete the oc project

./execute_ansible.sh remove

- To access the cluster, get first its kubeconfig file and save it under a local file `snowdrop/kube_cfg.yaml`
  Set the `KUBECONFIG` env var

export KUBECONFIG=./snowdrop/kube_cfg.yml oc projects

[rut31337]

+1

[wkulhanek]

-1 The guide really needs to point to the dev cluster. We should not be spinning up OCP4 Workshops to test workloads. We have a dev cluster that is running all the time exactly for this reason.

Although for workloads that require system:admin a workshop is the only way of doing it.