commit | author | age
|
1d2130
|
1 |
--- |
S |
2 |
- name: Step 00xxxxx software |
3c6889
|
3 |
hosts: bastions |
GC |
4 |
gather_facts: false |
1d2130
|
5 |
become: false |
S |
6 |
tasks: |
3c6889
|
7 |
- when: install_ocp4 | bool |
50f3d5
|
8 |
tags: |
WK |
9 |
- install_openshift |
3c6889
|
10 |
block: |
1c8419
|
11 |
- name: Create deployinprogress file |
GC |
12 |
file: |
|
13 |
path: /tmp/deployinprogress |
|
14 |
state: touch |
|
15 |
|
3c6889
|
16 |
- name: Get awscli bundle |
GC |
17 |
get_url: |
|
18 |
url: https://s3.amazonaws.com/aws-cli/awscli-bundle.zip |
|
19 |
dest: /tmp/awscli-bundle.zip |
1d2130
|
20 |
|
3c6889
|
21 |
- name: Unzip awscli-bundle.zip |
GC |
22 |
unarchive: |
|
23 |
src: /tmp/awscli-bundle.zip |
|
24 |
dest: /tmp/ |
|
25 |
remote_src: yes |
|
26 |
|
|
27 |
- name: Install awscli |
|
28 |
command: /tmp/awscli-bundle/install -i /usr/local/aws -b /bin/aws |
|
29 |
args: |
|
30 |
creates: /usr/local/aws |
|
31 |
become: yes |
|
32 |
|
|
33 |
- name: cleanup archive and tmp files |
|
34 |
file: |
|
35 |
path: "{{ item }}" |
|
36 |
state: absent |
|
37 |
loop: |
|
38 |
- /tmp/awscli-bundle |
|
39 |
- /tmp/awscli-bundle.zip |
|
40 |
|
|
41 |
- name: Create .aws directory |
|
42 |
file: |
|
43 |
path: ~/.aws |
|
44 |
state: directory |
|
45 |
|
|
46 |
- name: Add aws credentials |
|
47 |
blockinfile: |
|
48 |
path: ~/.aws/credentials |
|
49 |
block: |- |
|
50 |
[default] |
53992b
|
51 |
aws_access_key_id = {{ hostvars.localhost.student_access_key_id }} |
GC |
52 |
aws_secret_access_key = {{ hostvars.localhost.student_secret_access_key }} |
3c6889
|
53 |
|
GC |
54 |
- name: Install Packages |
|
55 |
become: yes |
|
56 |
package: |
|
57 |
name: |
|
58 |
- golang |
|
59 |
- python2-boto3 |
|
60 |
- unzip |
|
61 |
|
4ecb91
|
62 |
- name: Get the OpenShift Installer (up to Beta3) |
fc06c7
|
63 |
when: ocp4_installer_version | regex_replace('^v', '') is version_compare('0.17', '<') |
3c6889
|
64 |
become: yes |
GC |
65 |
get_url: |
4ecb91
|
66 |
url: "https://github.com/openshift/installer/releases/download/{{ ocp4_installer_version }}/openshift-install-linux-amd64" |
ee1e92
|
67 |
dest: /usr/bin/openshift-install |
3c6889
|
68 |
mode: 0775 |
GC |
69 |
owner: root |
|
70 |
group: root |
|
71 |
|
4ecb91
|
72 |
- name: Get the OpenShift CLI (up to Beta3) |
fc06c7
|
73 |
when: ocp4_installer_version | regex_replace('^v', '') is version_compare('0.17', '<') |
3c6889
|
74 |
become: yes |
GC |
75 |
unarchive: |
|
76 |
src: "https://mirror.openshift.com/pub/openshift-v3/clients/{{ oc_client_version }}/linux/oc.tar.gz" |
|
77 |
remote_src: yes |
ee1e92
|
78 |
dest: /usr/bin |
3c6889
|
79 |
mode: 0775 |
GC |
80 |
owner: root |
|
81 |
group: root |
|
82 |
|
4ecb91
|
83 |
- name: Get the OpenShift Installer for Beta4 onwards |
fc06c7
|
84 |
when: ocp4_installer_version | regex_replace('^v', '') is version_compare('4.0', '>=') |
4ecb91
|
85 |
become: yes |
WK |
86 |
unarchive: |
|
87 |
src: "https://mirror.openshift.com/pub/openshift-v4/clients/ocp/{{ ocp4_installer_version }}/openshift-install-linux-{{ ocp4_installer_version }}.tar.gz" |
|
88 |
remote_src: yes |
|
89 |
dest: /usr/bin |
|
90 |
mode: 0755 |
|
91 |
owner: root |
|
92 |
group: root |
|
93 |
|
|
94 |
- name: Get the OpenShift CLI for Beta4 onwards |
fc06c7
|
95 |
when: ocp4_installer_version | regex_replace('^v', '') is version_compare('4.0', '>=') |
4ecb91
|
96 |
become: yes |
WK |
97 |
unarchive: |
|
98 |
src: "https://mirror.openshift.com/pub/openshift-v4/clients/ocp/{{ ocp4_installer_version }}/openshift-client-linux-{{ ocp4_installer_version }}.tar.gz" |
|
99 |
remote_src: yes |
|
100 |
dest: /usr/bin |
|
101 |
mode: 0775 |
|
102 |
owner: root |
|
103 |
group: root |
|
104 |
|
3c6889
|
105 |
- name: Generate SSH keys |
GC |
106 |
shell: ssh-keygen -b 2048 -t rsa -f ~/.ssh/id_rsa -q -N "" |
|
107 |
args: |
|
108 |
creates: ~/.ssh/id_rsa |
|
109 |
|
|
110 |
- name: Generate SSH pub key |
|
111 |
shell: ssh-keygen -y -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub |
|
112 |
args: |
|
113 |
creates: ~/.ssh/id_rsa.pub |
|
114 |
|
41fa25
|
115 |
- name: Slurp public key |
GC |
116 |
slurp: |
|
117 |
path: /home/{{ ansible_user }}/.ssh/id_rsa.pub |
|
118 |
register: idrsapub |
|
119 |
|
|
120 |
- name: Create cluster directory |
|
121 |
file: |
a8bf4e
|
122 |
path: /home/{{ ansible_user }}/{{ cluster_name }} |
41fa25
|
123 |
state: directory |
GC |
124 |
|
2fa6d3
|
125 |
- stat: |
GC |
126 |
path: files/install-config.yaml.{{ ocp4_installer_version }}.j2 |
|
127 |
register: rconfig |
|
128 |
delegate_to: localhost |
|
129 |
|
|
130 |
- name: Use version-specific template for install-config-yaml |
|
131 |
set_fact: |
|
132 |
install_config_template_path: files/install-config.yaml.{{ ocp4_installer_version }}.j2 |
|
133 |
when: rconfig.stat.exists |
|
134 |
|
|
135 |
- name: Use default template for install-config-yaml |
|
136 |
set_fact: |
|
137 |
install_config_template_path: files/install-config.yaml.j2 |
|
138 |
when: not rconfig.stat.exists |
|
139 |
|
ddb412
|
140 |
- name: Generate config install-config.yaml |
41fa25
|
141 |
template: |
2fa6d3
|
142 |
src: "{{ install_config_template_path }}" |
a8bf4e
|
143 |
dest: /home/{{ ansible_user }}/{{ cluster_name }}/install-config.yaml |
41fa25
|
144 |
|
GC |
145 |
- name: Run the installer |
6260e6
|
146 |
tags: |
WK |
147 |
- run_installer |
|
148 |
command: openshift-install create cluster --dir=/home/{{ ansible_user }}/{{ cluster_name }} |
6c3e38
|
149 |
|
GC |
150 |
- name: Fetch kube config |
|
151 |
fetch: |
|
152 |
flat: yes |
a8bf4e
|
153 |
src: /home/{{ ansible_user }}/{{ cluster_name }}/auth/{{ item }} |
6c3e38
|
154 |
dest: "{{ hostvars.localhost.output_dir }}/{{ env_type }}_{{ guid }}_{{ item }}" |
GC |
155 |
loop: |
|
156 |
- kubeconfig |
|
157 |
- kubeadmin-password |
|
158 |
|
b2ad60
|
159 |
- name: Make sure .kube directory exists in home directory |
WK |
160 |
file: |
|
161 |
state: directory |
|
162 |
path: "/home/{{ ansible_user }}/.kube" |
|
163 |
owner: "{{ ansible_user }}" |
|
164 |
mode: 0775 |
|
165 |
|
|
166 |
- name: Set up .kube/config |
|
167 |
copy: |
|
168 |
remote_src: yes |
|
169 |
src: "/home/{{ ansible_user }}/{{ cluster_name }}/auth/kubeconfig" |
|
170 |
dest: "/home/{{ ansible_user }}/.kube/config" |
|
171 |
|
6c3e38
|
172 |
- name: Get kubeadmin password |
GC |
173 |
slurp: |
a8bf4e
|
174 |
path: /home/{{ ansible_user }}/{{ cluster_name }}/auth/kubeadmin-password |
6c3e38
|
175 |
register: kubeadminr |
GC |
176 |
|
|
177 |
- name: Get console route |
|
178 |
environment: |
a8bf4e
|
179 |
KUBECONFIG: /home/{{ ansible_user }}/{{ cluster_name }}/auth/kubeconfig |
6c3e38
|
180 |
command: oc get route -n openshift-console console -o json |
GC |
181 |
register: routeconsole |
d0f742
|
182 |
retries: 10 |
6d23a2
|
183 |
delay: 30 |
GC |
184 |
until: routeconsole is succeeded |
|
185 |
ignore_errors: yes |
e27b5f
|
186 |
# tags: post_flight_check |
6d23a2
|
187 |
|
GC |
188 |
- name: Set webconsole address |
|
189 |
set_fact: |
|
190 |
webconsole: "http://{{ routeconsole.stdout | from_json | json_query('spec.host') }}" |
|
191 |
when: routeconsole is succeeded |
e27b5f
|
192 |
# tags: post_flight_check |
6d23a2
|
193 |
|
GC |
194 |
# sometimes the route is not ready, guess it |
|
195 |
- name: Guess webconsole address |
|
196 |
set_fact: |
a8bf4e
|
197 |
webconsole: "http://console-openshift-console.apps.{{ cluster_name }}.{{ guid }}.{{ subdomain_base }}" |
6d23a2
|
198 |
when: routeconsole is failed |
e27b5f
|
199 |
# tags: post_flight_check |
6c3e38
|
200 |
|
72d7f0
|
201 |
- name: Get API for command line |
GC |
202 |
environment: |
a8bf4e
|
203 |
KUBECONFIG: /home/{{ ansible_user }}/{{ cluster_name }}/auth/kubeconfig |
72d7f0
|
204 |
command: oc whoami --show-server |
GC |
205 |
register: showserver |
e27b5f
|
206 |
# tags: post_flight_check |
72d7f0
|
207 |
|
95a5c0
|
208 |
|
6c3e38
|
209 |
- name: Print Overview |
GC |
210 |
debug: |
|
211 |
msg: "{{ item }}" |
|
212 |
with_items: |
6d23a2
|
213 |
- "user.info: Openshift Master Console: {{ webconsole }}" |
72d7f0
|
214 |
- "user.info: Openshift API for command line 'oc' client: {{ showserver.stdout | trim }}" |
5de496
|
215 |
- "user.info: Download oc client from https://mirror.openshift.com/pub/openshift-v4/clients/ocp/{{ ocp4_installer_version }}/openshift-install-linux-{{ ocp4_installer_version }}.tar.gz" |
556e92
|
216 |
|
95a5c0
|
217 |
- name: Output htpasswd |
GC |
218 |
debug: |
ac3a4c
|
219 |
msg: "user.info: This cluster has authentication enabled. You can use '{{ admin_user }}' with password '{{ admin_password }}' to access your cluster" |
95a5c0
|
220 |
when: |
GC |
221 |
- admin_password is defined |
|
222 |
- install_idm == "htpasswd" |
|
223 |
|
19cd6d
|
224 |
- name: Output kubeadmin |
GC |
225 |
debug: |
|
226 |
msg: "user.info: Kubeadmin user / password: kubeadmin / {{ kubeadminr.content | b64decode }}" |
|
227 |
when: >- |
|
228 |
install_idm is not defined |
|
229 |
or install_idm != "htpasswd" |
|
230 |
|
556e92
|
231 |
- name: Print SSH warning |
GC |
232 |
debug: |
|
233 |
msg: "{{ item }}" |
|
234 |
with_items: |
e8326c
|
235 |
- "user.info: " |
GC |
236 |
- "user.info: You *CANNOT* SSH into this environment" |
556e92
|
237 |
when: not install_student_user | bool |
53992b
|
238 |
|
1c8419
|
239 |
always: |
bf6219
|
240 |
- name: Delete deployinprogress lock file |
1c8419
|
241 |
file: |
GC |
242 |
path: /tmp/deployinprogress |
|
243 |
state: absent |
|
244 |
|
c6f7e1
|
245 |
- name: Step 00xxxxx software |
GC |
246 |
hosts: localhost |
|
247 |
gather_facts: false |
|
248 |
become: false |
|
249 |
tasks: |
53992b
|
250 |
# NOT Pre-installed |
c6f7e1
|
251 |
- name: Print Student aws access as user.info |
GC |
252 |
debug: |
|
253 |
msg: "{{ item }}" |
|
254 |
with_items: |
970ca2
|
255 |
- "user.info: Top level domain: {{ subdomain_base_suffix }}" |
GC |
256 |
- "user.info: " |
396c66
|
257 |
- "user.info: WARNING: with great power comes great responsibility. We monitor usage." |
a5abcc
|
258 |
- "user.info: Your AWS programmatic access:" |
GC |
259 |
- "user.info: aws_access_key_id = {{ student_access_key_id }}" |
|
260 |
- "user.info: aws_secret_access_key = {{ student_secret_access_key }}" |
c6f7e1
|
261 |
when: |
GC |
262 |
- not install_ocp4 | bool |
|
263 |
- student_access_key_id is defined |
|
264 |
- student_secret_access_key is defined |
556e92
|
265 |
|
GC |
266 |
- name: Print Student SSH access as user.info |
|
267 |
debug: |
|
268 |
msg: "{{ item }}" |
|
269 |
with_items: |
|
270 |
- "user.info: " |
|
271 |
- "user.info: SSH Access: ssh {{ student_name }}@bastion.{{ guid }}{{ subdomain_base_suffix }}" |
f50dac
|
272 |
- "user.info: SSH password: {{ student_password | d(hostvars[groups.bastions.0].student_password) }}" |
556e92
|
273 |
when: |
GC |
274 |
- install_student_user | bool |
|
275 |
- student_name is defined |
f50dac
|
276 |
- student_password is defined or hostvars[groups.bastions.0].student_password is defined |