commit | author | age
|
1874b6
|
1 |
--- |
GC |
2 |
- name: Step 00xxxxx software |
|
3 |
hosts: bastions |
|
4 |
gather_facts: false |
|
5 |
become: false |
|
6 |
tasks: |
|
7 |
- when: install_ocp4 | bool |
|
8 |
tags: |
|
9 |
- install_openshift |
|
10 |
block: |
|
11 |
- name: Create deployinprogress file |
|
12 |
file: |
|
13 |
path: /tmp/deployinprogress |
|
14 |
state: touch |
|
15 |
|
|
16 |
- name: Get awscli bundle |
|
17 |
get_url: |
|
18 |
url: https://s3.amazonaws.com/aws-cli/awscli-bundle.zip |
|
19 |
dest: /tmp/awscli-bundle.zip |
|
20 |
|
|
21 |
- name: Unzip awscli-bundle.zip |
|
22 |
unarchive: |
|
23 |
src: /tmp/awscli-bundle.zip |
|
24 |
dest: /tmp/ |
|
25 |
remote_src: yes |
|
26 |
|
|
27 |
- name: Install awscli |
5b4c35
|
28 |
become: yes |
1874b6
|
29 |
command: /tmp/awscli-bundle/install -i /usr/local/aws -b /bin/aws |
GC |
30 |
args: |
|
31 |
creates: /usr/local/aws |
|
32 |
|
|
33 |
- name: cleanup archive and tmp files |
|
34 |
file: |
|
35 |
path: "{{ item }}" |
|
36 |
state: absent |
|
37 |
loop: |
|
38 |
- /tmp/awscli-bundle |
|
39 |
- /tmp/awscli-bundle.zip |
|
40 |
|
|
41 |
- name: Create .aws directory |
|
42 |
file: |
|
43 |
path: ~/.aws |
|
44 |
state: directory |
|
45 |
|
|
46 |
- name: Add aws credentials |
|
47 |
blockinfile: |
|
48 |
path: ~/.aws/credentials |
|
49 |
block: |- |
|
50 |
[default] |
|
51 |
aws_access_key_id = {{ hostvars.localhost.student_access_key_id }} |
|
52 |
aws_secret_access_key = {{ hostvars.localhost.student_secret_access_key }} |
|
53 |
|
0b5cc4
|
54 |
# For GA Releases |
WK |
55 |
- name: Set URLs for OpenShift GA releases |
|
56 |
when: not ocp4_installer_use_dev_preview | d(False) | bool |
|
57 |
set_fact: |
|
58 |
ocp4_installer_url: "https://mirror.openshift.com/pub/openshift-v4/clients/ocp/{{ ocp4_installer_version }}/openshift-install-linux-{{ ocp4_installer_version }}.tar.gz" |
|
59 |
ocp4_client_url: "https://mirror.openshift.com/pub/openshift-v4/clients/ocp/{{ ocp4_installer_version }}/openshift-client-linux-{{ ocp4_installer_version }}.tar.gz" |
|
60 |
|
8df23a
|
61 |
- name: Get the OpenShift Installer |
1874b6
|
62 |
become: yes |
db9adc
|
63 |
unarchive: |
0b5cc4
|
64 |
src: "{{ ocp4_installer_url}} " |
db9adc
|
65 |
remote_src: yes |
WK |
66 |
dest: /usr/bin |
|
67 |
mode: 0755 |
1874b6
|
68 |
owner: root |
GC |
69 |
group: root |
|
70 |
|
8df23a
|
71 |
- name: Get the OpenShift CLI |
1874b6
|
72 |
become: yes |
GC |
73 |
unarchive: |
0b5cc4
|
74 |
src: "{{ ocp4_client_url }}" |
1874b6
|
75 |
remote_src: yes |
GC |
76 |
dest: /usr/bin |
|
77 |
mode: 0775 |
|
78 |
owner: root |
|
79 |
group: root |
|
80 |
|
|
81 |
- name: Generate SSH keys |
|
82 |
shell: ssh-keygen -b 2048 -t rsa -f ~/.ssh/id_rsa -q -N "" |
|
83 |
args: |
|
84 |
creates: ~/.ssh/id_rsa |
|
85 |
|
|
86 |
- name: Generate SSH pub key |
|
87 |
shell: ssh-keygen -y -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub |
|
88 |
args: |
|
89 |
creates: ~/.ssh/id_rsa.pub |
|
90 |
|
|
91 |
- name: Slurp public key |
|
92 |
slurp: |
|
93 |
path: /home/{{ ansible_user }}/.ssh/id_rsa.pub |
|
94 |
register: idrsapub |
|
95 |
|
|
96 |
- name: Create cluster directory |
|
97 |
file: |
|
98 |
path: /home/{{ ansible_user }}/{{ cluster_name }} |
|
99 |
state: directory |
|
100 |
|
8df23a
|
101 |
- name: Check if version specific install-config.j2 exists |
WK |
102 |
stat: |
1874b6
|
103 |
path: files/install-config.yaml.{{ ocp4_installer_version }}.j2 |
GC |
104 |
register: rconfig |
|
105 |
delegate_to: localhost |
|
106 |
|
|
107 |
- name: Use version-specific template for install-config-yaml |
|
108 |
set_fact: |
|
109 |
install_config_template_path: files/install-config.yaml.{{ ocp4_installer_version }}.j2 |
|
110 |
when: rconfig.stat.exists |
|
111 |
|
|
112 |
- name: Use default template for install-config-yaml |
|
113 |
set_fact: |
|
114 |
install_config_template_path: files/install-config.yaml.j2 |
|
115 |
when: not rconfig.stat.exists |
|
116 |
|
|
117 |
- name: Generate config install-config.yaml |
|
118 |
template: |
|
119 |
src: "{{ install_config_template_path }}" |
|
120 |
dest: /home/{{ ansible_user }}/{{ cluster_name }}/install-config.yaml |
|
121 |
|
|
122 |
- name: Run the installer |
|
123 |
tags: |
|
124 |
- run_installer |
|
125 |
command: openshift-install create cluster --dir=/home/{{ ansible_user }}/{{ cluster_name }} |
982ecd
|
126 |
async: "{{ 2 * 60 * 60 }}" |
1874b6
|
127 |
|
GC |
128 |
- name: Fetch kube config |
|
129 |
fetch: |
|
130 |
flat: yes |
|
131 |
src: /home/{{ ansible_user }}/{{ cluster_name }}/auth/{{ item }} |
|
132 |
dest: "{{ hostvars.localhost.output_dir }}/{{ env_type }}_{{ guid }}_{{ item }}" |
|
133 |
loop: |
|
134 |
- kubeconfig |
|
135 |
- kubeadmin-password |
|
136 |
|
|
137 |
- name: Make sure .kube directory exists in home directory |
|
138 |
file: |
|
139 |
state: directory |
|
140 |
path: "/home/{{ ansible_user }}/.kube" |
|
141 |
owner: "{{ ansible_user }}" |
|
142 |
mode: 0775 |
|
143 |
|
|
144 |
- name: Set up .kube/config |
|
145 |
copy: |
|
146 |
remote_src: yes |
|
147 |
src: "/home/{{ ansible_user }}/{{ cluster_name }}/auth/kubeconfig" |
|
148 |
dest: "/home/{{ ansible_user }}/.kube/config" |
|
149 |
|
ae9072
|
150 |
- name: Make sure .kube directory exists in /root |
GC |
151 |
file: |
|
152 |
state: directory |
|
153 |
path: /root/.kube |
|
154 |
owner: root |
|
155 |
mode: 0700 |
|
156 |
become: yes |
|
157 |
|
|
158 |
- name: Set up .kube/config for root |
|
159 |
copy: |
|
160 |
remote_src: yes |
|
161 |
src: "/home/{{ ansible_user }}/{{ cluster_name }}/auth/kubeconfig" |
|
162 |
dest: /root/.kube/config |
|
163 |
become: yes |
|
164 |
|
1874b6
|
165 |
- name: Get kubeadmin password |
GC |
166 |
slurp: |
|
167 |
path: /home/{{ ansible_user }}/{{ cluster_name }}/auth/kubeadmin-password |
|
168 |
register: kubeadminr |
|
169 |
|
|
170 |
- name: Get console route |
|
171 |
environment: |
|
172 |
KUBECONFIG: /home/{{ ansible_user }}/{{ cluster_name }}/auth/kubeconfig |
|
173 |
command: oc get route -n openshift-console console -o json |
|
174 |
register: routeconsole |
|
175 |
retries: 10 |
|
176 |
delay: 30 |
|
177 |
until: routeconsole is succeeded |
|
178 |
ignore_errors: yes |
|
179 |
|
dea0a9
|
180 |
# Adjust for clusters with just one worker. Default is two routers with antiAffinity rules. |
WK |
181 |
# Which means that one router is pending. This doesn't work with Certificates |
|
182 |
- name: Set number of Ingress Controller replicas to 1 if only one worker node deployed |
|
183 |
when: worker_instance_count == 1 |
|
184 |
environment: |
|
185 |
KUBECONFIG: /home/{{ ansible_user }}/{{ cluster_name }}/auth/kubeconfig |
|
186 |
shell: "oc patch ingresscontroller default --type=merge --patch='{\"spec\": { \"replicas\": 1 }}' -n openshift-ingress-operator" |
|
187 |
ignore_errors: yes |
|
188 |
|
1874b6
|
189 |
- name: Set webconsole address |
GC |
190 |
set_fact: |
|
191 |
webconsole: "http://{{ routeconsole.stdout | from_json | json_query('spec.host') }}" |
|
192 |
when: routeconsole is succeeded |
|
193 |
|
|
194 |
# sometimes the route is not ready, guess it |
|
195 |
- name: Guess webconsole address |
|
196 |
set_fact: |
|
197 |
webconsole: "http://console-openshift-console.apps.{{ cluster_name }}.{{ guid }}.{{ subdomain_base }}" |
|
198 |
when: routeconsole is failed |
|
199 |
|
|
200 |
- name: Get API for command line |
|
201 |
environment: |
|
202 |
KUBECONFIG: /home/{{ ansible_user }}/{{ cluster_name }}/auth/kubeconfig |
|
203 |
command: oc whoami --show-server |
4663a0
|
204 |
register: r_showserver |
1874b6
|
205 |
|
GC |
206 |
- name: Print Overview |
4663a0
|
207 |
agnosticd_user_info: |
1874b6
|
208 |
msg: "{{ item }}" |
4663a0
|
209 |
loop: |
JK |
210 |
- "Openshift Master Console: {{ webconsole }}" |
|
211 |
- "Openshift API for command line 'oc' client: {{ r_showserver.stdout | trim }}" |
|
212 |
- "Download oc client from {{ ocp4_client_url }}" |
|
213 |
|
|
214 |
- name: Print Overview |
|
215 |
agnosticd_user_info: |
|
216 |
data: |
|
217 |
openshift_console_url: "{{ webconsole }}" |
|
218 |
openshift_api_url: "{{ r_showserver.stdout | trim }}" |
|
219 |
openshift_client_download_url: "{{ ocp4_client_url }}" |
1874b6
|
220 |
|
GC |
221 |
- name: Output htpasswd |
4663a0
|
222 |
agnosticd_user_info: |
JK |
223 |
msg: "This cluster has authentication enabled. You can use '{{ admin_user }}' with password '{{ admin_password }}' to access your cluster" |
|
224 |
data: |
|
225 |
openshift_admin_user: "{{ admin_user }}" |
|
226 |
openshift_admin_password: "{{ admin_password }}" |
1874b6
|
227 |
when: |
GC |
228 |
- admin_password is defined |
|
229 |
- install_idm == "htpasswd" |
|
230 |
|
|
231 |
- name: Output kubeadmin |
4663a0
|
232 |
agnosticd_user_info: |
JK |
233 |
msg: "Kubeadmin user / password: kubeadmin / {{ kubeadminr.content | b64decode }}" |
|
234 |
data: |
|
235 |
openshift_kubeadmin_password: "{{ kubeadminr.content | b64decode }}" |
1874b6
|
236 |
when: >- |
GC |
237 |
install_idm is not defined |
|
238 |
or install_idm != "htpasswd" |
|
239 |
|
|
240 |
- name: Print SSH warning |
4663a0
|
241 |
agnosticd_user_info: |
1874b6
|
242 |
msg: "{{ item }}" |
4663a0
|
243 |
loop: |
JK |
244 |
- "" |
|
245 |
- "You *CANNOT* SSH into this environment" |
1874b6
|
246 |
when: not install_student_user | bool |
GC |
247 |
|
|
248 |
always: |
|
249 |
- name: Delete deployinprogress lock file |
|
250 |
file: |
|
251 |
path: /tmp/deployinprogress |
|
252 |
state: absent |
|
253 |
|
|
254 |
- name: Step 00xxxxx software |
|
255 |
hosts: localhost |
|
256 |
gather_facts: false |
|
257 |
become: false |
|
258 |
tasks: |
bf4161
|
259 |
# NOT Pre-installed |
4663a0
|
260 |
- when: |
1874b6
|
261 |
- not install_ocp4 | bool |
GC |
262 |
- student_access_key_id is defined |
|
263 |
- student_secret_access_key is defined |
4663a0
|
264 |
block: |
JK |
265 |
- name: Print Student aws access as user.info |
|
266 |
agnosticd_user_info: |
|
267 |
msg: "{{ item }}" |
|
268 |
loop: |
|
269 |
- "Top level domain: {{ subdomain_base_suffix }}" |
|
270 |
- "" |
|
271 |
- "WARNING: with great power comes great responsibility. We monitor usage." |
|
272 |
- "Your AWS programmatic access:" |
|
273 |
- "aws_access_key_id = {{ student_access_key_id }}" |
|
274 |
- "aws_secret_access_key = {{ student_secret_access_key }}" |
|
275 |
|
|
276 |
- name: Set aws access user data |
|
277 |
agnosticd_user_info: |
|
278 |
data: |
|
279 |
subdomain_base_suffix: "{{ subdomain_base_suffix }}" |
|
280 |
aws_access_key_id: "{{ student_access_key_id }}" |
|
281 |
aws_secret_access_key: "{{ student_secret_access_key }}" |
1874b6
|
282 |
|
21532b
|
283 |
- when: |
1874b6
|
284 |
- install_student_user | bool |
GC |
285 |
- student_name is defined |
b348a4
|
286 |
- student_password is defined or hostvars[groups.bastions.0].student_password is defined |
21532b
|
287 |
block: |
GC |
288 |
- name: Print Student SSH access as user.info |
4663a0
|
289 |
agnosticd_user_info: |
21532b
|
290 |
msg: "{{ item }}" |
4663a0
|
291 |
data: |
JK |
292 |
student_ssh_command: >- |
|
293 |
ssh {{ student_name }}@bastion.{{ guid }}{{ subdomain_base_suffix }} |
|
294 |
loop: |
|
295 |
- "" |
|
296 |
- "SSH Access: ssh {{ student_name }}@bastion.{{ guid }}{{ subdomain_base_suffix }}" |
21532b
|
297 |
|
GC |
298 |
- name: Print Student SSH password as user.info |
4663a0
|
299 |
agnosticd_user_info: |
JK |
300 |
msg: "SSH password: {{ student_ssh_password }}" |
|
301 |
data: |
|
302 |
student_ssh_password: "{{ student_ssh_password }}" |
|
303 |
vars: |
|
304 |
student_ssh_password: >- |
|
305 |
{{ student_password | default(hostvars[groups.bastions.0].student_password) }} |
21532b
|
306 |
when: print_student_password | default(true) | bool |