deploy microcks + customize the sso and 3scale install

allinone.yml

@@ -15,8 +15,11 @@
   - name: Customize the OpenShift installation
     hosts: allinone
     become: yes
+    vars:
+      sso_realm: '3scale'
     roles:
     - { name: 'openshift-postinstall', tags: 'openshift-postinstall' }
     - { name: 'hostpath-provisioner', tags: 'hostpath-provisioner' }
-    - { name: 'sso', tags: 'sso', sso_realm: '3scale' }
-    - { name: '3scale', tags: '3scale', sso_realm: '3scale' }
+    - { name: 'microcks', tags: 'microcks' }
+    - { name: 'sso', tags: 'sso' }
+    - { name: '3scale', tags: '3scale' }

roles/3scale/tasks/status.yml → common/status.yml

@@ -1,7 +1,7 @@
 ---
 
   - name: Retrieve current ReplicationController status
-    command: 'oc get rc -o json -n "{{ threescale_project }}"'
+    command: 'oc get rc -o json -n "{{ project }}"'
     register: rc_state
     changed_when: false
 
@@ -12,7 +12,7 @@
 
 
   - name: Retrieve current DeploymentConfig status
-    command: 'oc get dc -o json -n "{{ threescale_project }}"'
+    command: 'oc get dc -o json -n "{{ project }}"'
     register: dc_state
     changed_when: false
 

roles/sso/tasks/wait_for.yml → common/wait_for.yml

@@ -1,9 +1,9 @@
 ---
 
   - name: Wait for all pending deployments to become ready
-    command: 'oc get rc -o json -n "{{ sso_project }}"'
+    command: 'oc get rc -o json -n "{{ project }}"'
     register: rc_state
     changed_when: false
-    retries: "{{ sso_retries }}"
-    delay: "{{ sso_delay }}"
+    retries: "{{ retries }}"
+    delay: "{{ delay }}"
     until: 'rc_state.stdout |from_json |json_query(''items[?  status.replicas != `0` && (status.readyReplicas == ""|| status.readyReplicas == `0`) ].metadata.annotations."openshift.io/deployment-config.name"'') |intersect(pod_to_wait) |length == 0'

roles/3scale/tasks/3scale_status.yml

@@ -0,0 +1,20 @@
+---
+
+  - name: Get a list of available services
+    uri:
+      url: "https://{{ threescale_admin_hostname }}/admin/api/services.json?access_token={{ access_token }}"
+      validate_certs: no
+    register: response
+
+  - set_fact:
+      services: '{{ response.json|json_query(''services[*].service.system_name'') }}'
+      services_details: '{{ response.json|json_query(''services[].{"system_name": service.system_name, "id": service.id}'') }}'
+
+  - name: Get the list of existing applications
+    uri:
+      url: https://{{ threescale_admin_hostname }}/admin/api/applications.json?access_token={{ access_token|urlencode }}
+      validate_certs: no
+    register: response
+
+  - set_fact:
+      applications: '{{ response.json|json_query(''applications[*].application.name'') }}'

roles/3scale/tasks/create_api.yml

@@ -0,0 +1,70 @@
+---
+
+  - debug: msg="Working on service {{ item.service.name }}"
+
+  - set_fact:
+      body_create_svc: '{{ body_create_svc|default("access_token=" ~ access_token|urlencode) ~ "&" ~ (param.key|urlencode) ~ "=" ~ (param.value|urlencode) }}'
+    with_dict: '{{ item.service }}'
+    loop_control:
+      loop_var: param
+    when: 'item.service.system_name not in services'
+
+  - name: Create the service
+    uri:
+      url: https://{{ threescale_admin_hostname }}/admin/api/services.json
+      validate_certs: no
+      method: POST
+      body: '{{ body_create_svc }}'
+      status_code: 201
+    register: response
+    when: 'item.service.system_name not in services'
+
+  - set_fact:
+      services: '{{ services|union([ item.service.system_name ]) }}'
+      services_details: '{{ services_details|union([{ "system_name": item.service.system_name, "id": response.json.service.id }]) }}'
+    when: 'item.service.system_name not in services'
+
+  - set_fact:
+      service_id: '{{ (services_details|selectattr("system_name", "equalto", item.service.system_name)|first)["id"] }}'
+
+  - set_fact:
+      body_update_proxy: '{{ body_update_proxy|default("access_token=" ~ access_token|urlencode) ~ "&" ~ (param.key|urlencode) ~ "=" ~ (param.value|urlencode) }}'
+    with_dict: '{{ item.proxy }}'
+    loop_control:
+      loop_var: param
+
+  - name: Set Backend URL
+    set_fact:
+      body_update_proxy: '{{ body_update_proxy ~ "&api_backend" ~ "=" ~ (threescale_backend_map[item.backend]|urlencode) }}'
+    when: 'item.backend in threescale_backend_map'
+
+  - name: Update the proxy
+    uri:
+      url: https://{{ threescale_admin_hostname }}/admin/api/services/{{ service_id }}/proxy.json
+      validate_certs: no
+      method: PATCH
+      body: '{{ body_update_proxy }}'
+
+  - name: Get the list of existing application plans
+    uri:
+      url: https://{{ threescale_admin_hostname }}/admin/api/services/{{ service_id }}/application_plans.json?access_token={{ access_token|urlencode }}
+      validate_certs: no
+    register: response
+
+  - set_fact:
+      application_plans: '{{ response.json|json_query(''plans[*].application_plan.system_name'') }}'
+      application_plans_details: '{{ response.json|json_query(''plans[].{"system_name": application_plan.system_name, "id": application_plan.id}'') }}'
+
+  - name: Get the default account
+    uri:
+      url: https://{{ threescale_admin_hostname }}/admin/api/accounts.json?access_token={{ access_token|urlencode }}&state=approved&page=1&per_page=1
+      validate_certs: no
+    register: response
+
+  - set_fact:
+      account_id: '{{ response.json.accounts[0].account.id }}'
+
+  - include: create_application_plan.yml
+    with_items: '{{ item.application_plans }}'
+    loop_control:
+      loop_var: plan

roles/3scale/tasks/create_application_plan.yml

@@ -0,0 +1,35 @@
+---
+
+  - debug: msg="Working on plan {{ plan.system_name }} / service {{ item.service.name }}"
+
+  - set_fact:
+      body_create_plan: '{{ body_create_plan|default("access_token=" ~ access_token|urlencode) ~ "&" ~ (param.key|urlencode) ~ "=" ~ (param.value|urlencode) }}'
+    with_dict: '{{ plan }}'
+    loop_control:
+      loop_var: param
+    # applications is a nested hash that is used to create client applications later
+    when: 'param.key != ''applications'' and plan.system_name not in application_plans '
+
+  - name: Create the application plan
+    uri:
+      url: https://{{ threescale_admin_hostname }}/admin/api/services/{{ service_id }}/application_plans.json
+      validate_certs: no
+      method: POST
+      body: '{{ body_create_plan }}'
+      status_code: 201
+    register: response
+    when: 'plan.system_name not in application_plans'
+
+  - set_fact:
+      application_plans: '{{ application_plans|union([ plan.system_name ]) }}'
+      application_plans_details: '{{ application_plans_details|union([{ "system_name": plan.system_name, "id": response.json.application_plan.id }]) }}'
+    when: 'plan.system_name not in application_plans'
+
+  - set_fact:
+      plan_id: '{{ (application_plans_details|selectattr("system_name", "equalto", plan.system_name)|first)["id"] }}'
+
+  - include: create_applications.yml
+    with_items: '{{ plan.applications }}'
+    loop_control:
+      loop_var: app
+    when: 'app.name not in applications'

roles/3scale/tasks/create_applications.yml

@@ -0,0 +1,18 @@
+---
+
+  - debug: msg="Working on application {{ app.name }} / plan {{ plan.system_name }} / service {{ item.service.name }}"
+
+  - set_fact:
+      body_create_app: '{{ body_create_app|default("access_token=" ~ (access_token|urlencode) ~ "&plan_id=" ~ (plan_id)) ~ "&" ~ (param.key|urlencode) ~ "=" ~ (param.value|urlencode) }}'
+    with_dict: '{{ app }}'
+    loop_control:
+      loop_var: param
+
+  - name: Create the application
+    uri:
+      url: https://{{ threescale_admin_hostname }}/admin/api/accounts/{{ account_id }}/applications.json
+      validate_certs: no
+      method: POST
+      body: '{{ body_create_app }}'
+      status_code: 201
+    register: response

roles/3scale/tasks/main.yml

@@ -9,17 +9,33 @@
     command: oc new-project "{{ threescale_project }}"
     when: '"project/" ~ threescale_project not in oc_get_projects.stdout_lines'
 
+  - include: common/status.yml
+    vars:
+      project: "{{ threescale_project }}"
+    tags: status
+
+  - set_fact:
+      deploy_needed: '{{ deployment_configs|intersect(threescale_expected_deployment_configs)|length < threescale_expected_deployment_configs|length }}'
+
   - name: Process the OpenShift Template and create the OpenShift objects for the 3scale API Management Platform
     shell: oc process -f "{{ threescale_template }}" -p "TENANT_NAME={{ threescale_tenant_name }}" -p "WILDCARD_DOMAIN={{ threescale_wildcard_domain }}" -n "{{ threescale_project }}" | oc create -f - -n "{{ threescale_project }}"
     register: oc
     failed_when: oc.rc > 0 and 'Error from server (AlreadyExists):' not in oc.stderr
     changed_when: oc.rc == 0
+    when: deploy_needed
+
+  - name: Wait for OpenShift to create all objects
+    pause:
+      seconds: '{{ threescale_delay }}'
+    when: deploy_needed
 
   # Deploy the CORS Configuration for APICast
   # This is needed to make the "Try out" feature working in the Developer Portal
   - include: apicast_cors.yml
 
-  - include: status.yml
+  - include: common/status.yml
+    vars:
+      project: "{{ threescale_project }}"
     tags: status
 
   - name: Deploy the storage tier (MySQL, Redis and Memcache) without any replicas
@@ -42,7 +58,7 @@
     when: item not in replication_controllers
     tags: rollout
 
-  - include: wait_for.yml
+  - include: common/wait_for.yml
     static: no
     vars:
       pod_to_wait:
@@ -50,6 +66,9 @@
         - system-memcache
         - system-mysql
         - system-redis
+      delay: "{{ threescale_delay }}"
+      retries: "{{ threescale_retries }}"
+      project: "{{ threescale_project }}"
     tags: status
 
   - name: Deploy the backend-listener without any replicas
@@ -66,17 +85,19 @@
     when: item not in replication_controllers
     tags: rollout
 
-  - include: wait_for.yml
+  - include: common/wait_for.yml
     static: no
     vars:
       pod_to_wait:
         - backend-listener
+      delay: "{{ threescale_delay }}"
+      retries: "{{ threescale_retries }}"
+      project: "{{ threescale_project }}"
     tags: status
 
   - name: Deploy everything else without any replicas
     command: oc rollout latest "{{ item }}" -n "{{ threescale_project }}"
     with_items:
-      - backend-listener
       - backend-worker
       - system-app
       - system-resque
@@ -97,13 +118,16 @@
     when: item not in replication_controllers
     tags: rollout
 
-  - include: wait_for.yml
+  - include: common/wait_for.yml
     static: no
     vars:
       pod_to_wait:
         - system-app
         - system-resque
         - system-sidekiq
+      delay: "{{ threescale_delay }}"
+      retries: "{{ threescale_retries }}"
+      project: "{{ threescale_project }}"
     tags: status
 
   - name: Scale backend-cron, backend-worker and system-sphinx
@@ -115,13 +139,16 @@
     when: item not in replication_controllers
     tags: rollout
 
-  - include: wait_for.yml
+  - include: common/wait_for.yml
     static: no
     vars:
       pod_to_wait:
         - backend-worker
         - backend-cron
         - system-sphinx
+      delay: "{{ threescale_delay }}"
+      retries: "{{ threescale_retries }}"
+      project: "{{ threescale_project }}"
     tags: status
 
   - name: Deploy apicast-staging, apicast-production
@@ -132,12 +159,15 @@
     when: item not in replication_controllers
     tags: rollout
 
-  - include: wait_for.yml
+  - include: common/wait_for.yml
     static: no
     vars:
       pod_to_wait:
         - apicast-staging
         - apicast-production
+      delay: "{{ threescale_delay }}"
+      retries: "{{ threescale_retries }}"
+      project: "{{ threescale_project }}"
     tags: status
 
   - include: configure_apicast_for_oauth.yml
@@ -146,14 +176,34 @@
       - apicast-production
     tags: oauth
 
-  - include: wait_for.yml
+  - include: common/wait_for.yml
     static: no
     vars:
       pod_to_wait:
         - apicast-staging
         - apicast-production
+      delay: "{{ threescale_delay }}"
+      retries: "{{ threescale_retries }}"
+      project: "{{ threescale_project }}"
     tags: status
 
+  - name: Get Route URL
+    command: oc get route system-provider-admin-route -n "{{ threescale_project }}" -o 'jsonpath={.spec.host}'
+    register: route
+    changed_when: false
+    tags: status
+
+  - set_fact:
+      threescale_default_backend_map:
+        microcks: http://{{ microcks_hostname }}
+    tags: vars
+
+  - include: post-install.yml
+    tags: post-install
+    vars:
+      threescale_admin_hostname: '{{ route.stdout }}'
+      threescale_backend_map: '{{ threescale_default_backend_map |combine(threescale_additional_backend_map|default({})) }}'
+
   - name: Get Admin Username
     command: oc get dc system-app -n "{{ threescale_project }}" -o 'jsonpath={.spec.template.spec.containers[0].env[?(@.name=="USER_LOGIN")].value}'
     register: username
@@ -167,5 +217,5 @@
     tags: status
 
   - name: 3scale is ready !
-    debug: msg="Login on https://{{ threescale_tenant_name }}-admin.{{ threescale_wildcard_domain }} with username = '{{ username.stdout }}' and password = '{{ password.stdout }}'"
+    debug: msg="Login on https://{{ route.stdout }} with username = '{{ username.stdout }}' and password = '{{ password.stdout }}'"
     tags: status

roles/3scale/tasks/post-install.yml

@@ -0,0 +1,16 @@
+---
+
+  - name: Get the 3scale Administration Access Token
+    command: oc get dc system-app -n "{{ threescale_project }}" -o 'jsonpath={.spec.template.spec.containers[0].env[?(@.name=="ADMIN_ACCESS_TOKEN")].value}'
+    register: oc_get_dc
+    tags: vars
+    changed_when: false
+
+  - set_fact:
+      access_token: '{{ oc_get_dc.stdout }}'
+    tags: vars
+
+  - include: 3scale_status.yml
+    
+  - include: create_api.yml
+    with_items: '{{ threescale_apis_to_create }}'

roles/3scale/tasks/wait_for.yml

@@ -1,9 +0,0 @@
----
-
-  - name: Wait for all pending deployments to become ready
-    command: 'oc get rc -o json -n "{{ threescale_project }}"'
-    register: rc_state
-    changed_when: false
-    retries: "{{ threescale_retries }}"
-    delay: "{{ threescale_delay }}"
-    until: 'rc_state.stdout |from_json |json_query(''items[?  status.replicas != `0` && (status.readyReplicas == ""|| status.readyReplicas == `0`) ].metadata.annotations."openshift.io/deployment-config.name"'') |intersect(pod_to_wait) |length == 0'

roles/3scale/vars/main.yml

@@ -8,3 +8,51 @@
   threescale_retries: 30
   threescale_apicast_cors_lua: https://raw.githubusercontent.com/3scale/apicast/cors-example/examples/cors/apicast_cors.lua
   threescale_apicast_cors_conf: https://raw.githubusercontent.com/3scale/apicast/cors-example/examples/cors/cors.conf
+  threescale_expected_deployment_configs:
+    - apicast-staging
+    - apicast-production
+    - backend-redis
+    - system-memcache
+    - system-mysql
+    - system-redis
+    - backend-listener
+    - backend-worker
+    - system-app
+    - system-resque
+    - system-sidekiq
+    - backend-cron
+    - system-sphinx
+  threescale_apis_to_create:
+    - service:
+        name: "Hello API"
+        system_name: hello-api
+        backend_version: 1 # 1 means "API Key"
+      proxy:
+        credentials_location: headers
+        api_test_path: /rest/Hello%20API%20Mock/0.8/v1/hello?David
+      backend: microcks
+      application_plans:
+        - name: Default
+          system_name: default
+          default: true
+          state: published
+          applications:
+            - name: Hello App
+              description: "This is my very first application"
+    - service:
+        name: "Hello API OAuth"
+        system_name: hello-api-oauth
+        backend_version: oauth
+      proxy:
+        credentials_location: headers
+        api_test_path: /rest/Hello%20API%20Mock/0.8/v1/hello?Gavin
+      backend: microcks
+      application_plans:
+        - name: Default
+          system_name: default
+          default: true
+          state: published
+          applications:
+            - name: Hello App with OAuth
+              description: "This is my very first application using OAuth"
+              redirect_url: https://www.getpostman.com/oauth2/callback

roles/microcks/tasks/main.yml

@@ -0,0 +1,63 @@
+---
+
+  - name: Create the Microcks templates (globally)
+    command: oc create -n openshift -f {{ microcks_template_url }}
+    register: oc
+    failed_when: oc.rc > 0 and 'Error from server (AlreadyExists):' not in oc.stderr
+    changed_when: oc.rc == 0
+
+  - name: Get a list of existing projects
+    command: oc get projects -o name
+    register: oc_get_projects
+    changed_when: false
+
+  - name: Create a new project for Microcks
+    command: oc new-project "{{ microcks_project }}"
+    when: '"project/" ~ microcks_project not in oc_get_projects.stdout_lines'
+
+  - name: Query existing deploymentconfigs
+    command: oc get dc -n "{{ microcks_project }}" -o name -l "component={{ microcks_application_name }}"
+    register: oc_get_dc
+    changed_when: false
+
+  - name: Deploy app if needed
+    set_fact:
+      deploy_needed: "{{ 'deploymentconfig/' ~ microcks_application_name not in oc_get_dc.stdout_lines }}"
+
+  - name: Process the OpenShift Template and create the OpenShift objects
+    command: oc new-app -n {{ microcks_project }} --template={{ microcks_template_name }}
+    when: deploy_needed
+
+  - name: Wait for OpenShift to create all objects
+    pause:
+      seconds: '{{ microcks_delay }}'
+    when: deploy_needed
+
+  - include: common/wait_for.yml
+    static: no
+    vars:
+      pod_to_wait:
+        - microcks
+      delay: "{{ microcks_delay }}"
+      retries: "{{ microcks_retries }}"
+      project: "{{ microcks_project }}"
+    tags: status
+
+  - name: Get Route URL
+    command: oc get route {{ microcks_application_name }} -n "{{ microcks_project }}" -o 'jsonpath={.spec.host}'
+    register: route
+    changed_when: false
+    tags:
+      - status
+      - vars
+
+  - set_fact:
+      microcks_hostname: '{{ route.stdout }}'
+    tags: vars
+
+  - include: post-install.yml
+    tags: post-install
+
+  - name: Microcks is ready !
+    debug: msg="Go to http://{{ route.stdout }}/ to start using Microcks !"
+    tags: status

roles/microcks/tasks/post-install.yml

@@ -0,0 +1,5 @@
+---
+
+  - include: "register-service.yml"
+    static: no
+    with_items: "{{ microcks_sample_jobs }}"

roles/microcks/tasks/register-service.yml

@@ -0,0 +1,40 @@
+---
+
+  - debug: "msg='Working on service {{ item.name }}'"
+
+  - name: Check if service exists
+    uri:
+      url: "http://{{ microcks_hostname }}/api/jobs?name={{ item.name|urlencode }}"
+      method: GET
+      status_code: 200
+    register: services
+
+  - set_fact:
+      service_id: '{{ services.json[0].id }}'
+    when: services.json|length > 0
+
+  - name: Register sample service
+    uri:
+      url: http://{{ microcks_hostname }}/api/jobs
+      method: POST
+      body: "{{ item }}"
+      body_format: json
+      status_code: 201
+    register: service
+    when: services.json|length == 0
+
+  - set_fact:
+      service_id: '{{ service.json.id }}'
+    when: '"json" in service' # => service.json is defined
+
+  - name: Activate the service
+    uri:
+      url: http://{{ microcks_hostname }}/api/jobs/{{ service_id }}/activate
+      method: PUT
+      status_code: 200
+
+  - name: Start the service
+    uri:
+      url: http://{{ microcks_hostname }}/api/jobs/{{ service_id }}/start
+      method: PUT
+      status_code: 200

roles/microcks/vars/main.yml

@@ -0,0 +1,15 @@
+---
+
+  microcks_project: microcks
+  microcks_template_url: https://raw.githubusercontent.com/microcks/microcks/master/openshift-persistent-template.json
+  microcks_template_name: microcks-persistent
+  microcks_application_name: microcks
+  microcks_delay: 5
+  microcks_retries: 30
+  microcks_sample_jobs:
+  - name: Petstore
+    repositoryUrl: https://raw.githubusercontent.com/microcks/microcks/master/samples/PetstoreAPI-collection.json
+  - name: HelloREST
+    repositoryUrl: https://raw.githubusercontent.com/microcks/microcks/master/samples/HelloAPI-soapui-project.xml
+  - name: HelloSOAP
+    repositoryUrl: https://raw.githubusercontent.com/microcks/microcks/master/samples/HelloService-soapui-project.xml

roles/sso/tasks/main.yml

@@ -84,15 +84,23 @@
     command: oc new-app -n {{ sso_project }} {{ sso_template }} -p "HTTPS_PASSWORD={{ sso_keystore_password }}" -p "JGROUPS_ENCRYPT_PASSWORD={{ sso_keystore_password }}" -p "SSO_REALM={{ sso_realm }}" -p "SSO_ADMIN_USERNAME={{ sso_admin_username }}" -p "APPLICATION_NAME={{ sso_application_name }}" -p "SSO_SERVICE_PASSWORD={{ sso_service_password }}" -p "SSO_SERVICE_USERNAME={{ sso_service_username }}"
     when: deploy_needed
 
+  - name: Wait for OpenShift to create all objects
+    pause:
+      seconds: '{{ sso_delay }}'
+    when: deploy_needed
+
   # Update the secure route to use "Re-encrypt" instead of "Passthrough"
   - include: update-route.yml
     tags: update-route
 
-  - include: wait_for.yml
+  - include: common/wait_for.yml
     static: no
     vars:
       pod_to_wait:
         - sso
+      delay: "{{ sso_delay }}"
+      retries: "{{ sso_retries }}"
+      project: "{{ sso_project }}"
     tags: status
 
   - name: Get Admin Username

roles/sso/tasks/post-install.yml

@@ -82,7 +82,7 @@
 
   - set_fact:
       user_has_been_created: true
-      user_id: "{{ response.json.id }}"
+      user_url: "{{ response.location }}"
     when: response.status == 201
 
   - name: Retrieve the id of the Demo User
@@ -97,12 +97,12 @@
     when: user_has_been_created is not defined
 
   - set_fact:
-      user_id: "{{ response.json[0].id }}"
+      user_url: "https://{{ sso_route_name }}/auth/admin/realms/{{ sso_realm }}/users/{{ response.json[0].id }}"
     when: user_has_been_created is not defined
 
   - name: Set the password of the Demo User
     uri:
-      url: https://{{ sso_route_name }}/auth/admin/realms/{{ sso_realm }}/users/{{ user_id }}/reset-password
+      url: "{{ user_url }}/reset-password"
       validate_certs: no
       headers:
         Authorization: 'Bearer {{ access_token }}'