| commit | author | age | ||
| cd95e7 | 1 | --- |
| WK | 2 | # Start / Stop Logic for OCP 4 Clusters |
| 3 | ||
| 5b08e0 | 4 | - import_playbook: ../../setup_runtime.yml |
| GC | 5 | |
| f2b8ac | 6 | - name: Build inventory |
| GC | 7 | hosts: localhost |
| 8 | connection: local | |
| 9 | gather_facts: false | |
| 10 | become: false | |
| 11 | tasks: | |
| 12 | - when: cloud_provider == 'ec2' | |
| 13 | block: | |
| 14 | - name: Run infra-ec2-create-inventory Role | |
| 15 | include_role: | |
| 16 | name: infra-ec2-create-inventory | |
| 17 | ||
| 18 | - name: Run Common SSH Config Generator Role | |
| 19 | include_role: | |
| 20 | name: infra-common-ssh-config-generate | |
| 21 | when: "'bastions' in groups" | |
| cd95e7 | 22 | |
| 681ab7 | 23 | - name: Set ansible_ssh_extra_args |
| GC | 24 | hosts: |
| 25 | - all:!windows:!network | |
| 26 | gather_facts: false | |
| 27 | any_errors_fatal: true | |
| 28 | ignore_errors: false | |
| 29 | tasks: | |
| 30 | - name: Set facts for remote access | |
| 31 | set_fact: | |
| 32 | ansible_ssh_extra_args: >- | |
| 33 | {{ ansible_ssh_extra_args|d() }} | |
| 34 | -F {{hostvars.localhost.output_dir}}/{{ env_type }}_{{ guid }}_ssh_conf | |
| 35 | ||
| cd95e7 | 36 | - name: Run stop/start/status/... actions |
| WK | 37 | hosts: localhost |
| 38 | connection: local | |
| 39 | gather_facts: False | |
| 40 | become: no | |
| 41 | tasks: | |
| 42 | - name: Check for project_tag | |
| 43 | when: project_tag is not defined or project_tag == '' | |
| 44 | fail: | |
| 45 | msg: "project_tag is not defined" | |
| 46 | ||
| 47 | - name: Check for ACTION | |
| 48 | when: ACTION is not defined | |
| 49 | fail: | |
| 50 | msg: "ACTION is not defined" | |
| 51 | ||
| 52 | - name: Start / Stop VMs on AWS | |
| 7b4d8b | 53 | when: |
| GC | 54 | - cloud_provider == 'ec2' |
| 55 | - guid is defined | |
| 56 | - guid != '' | |
| 57 | - guid != '*' | |
| cd95e7 | 58 | environment: |
| WK | 59 | AWS_ACCESS_KEY_ID: "{{aws_access_key_id}}" |
| 60 | AWS_SECRET_ACCESS_KEY: "{{aws_secret_access_key}}" | |
| 61 | AWS_DEFAULT_REGION: "{{aws_region_final|d(aws_region)}}" | |
| 62 | block: | |
| 63 | - name: Stop instances by (guid,env_type) tags | |
| 64 | when: ACTION == 'stop' | |
| 65 | ec2_instance: | |
| 66 | state: stopped | |
| b85c91 | 67 | wait: "{{ aws_instance_wait_for_stop | default(false) }}" |
| cd95e7 | 68 | filters: |
| WK | 69 | "tag:guid": "{{ guid }}" |
| c9cdd1 | 70 | "tag:env_type": "{{ env_type }}" |
| 5da812 | 71 | instance-state-name: running |
| cd95e7 | 72 | |
| WK | 73 | - name: Start instances by (guid, env_type) tags |
| 74 | when: ACTION == 'start' | |
| 75 | ec2_instance: | |
| 76 | state: started | |
| f2b8ac | 77 | wait: true |
| cd95e7 | 78 | filters: |
| WK | 79 | "tag:guid": "{{ guid }}" |
| c9cdd1 | 80 | "tag:env_type": "{{ env_type }}" |
| 5da812 | 81 | instance-state-name: stopped |
| ea9797 | 82 | - when: ACTION == 'status' |
| GC | 83 | block: |
| 84 | - name: Get EC2 facts using (guid, env_type) tag | |
| 85 | ec2_instance_facts: | |
| 86 | filters: | |
| 87 | "tag:guid": "{{ guid }}" | |
| c9cdd1 | 88 | "tag:env_type": "{{ env_type }}" |
| ea9797 | 89 | register: r_instances |
| GC | 90 | |
| 91 | - name: Print status information to a file | |
| 92 | template: | |
| 93 | dest: "{{ output_dir }}/status.txt" | |
| 94 | src: files/status.j2 | |
| 27c349 | 95 | |
| cd95e7 | 96 | - name: Run recover cluster actions |
| 27c349 | 97 | hosts: bastions |
| ea9797 | 98 | run_once: true |
| GC | 99 | become: false |
| 100 | gather_facts: false | |
| cd95e7 | 101 | tasks: |
| a3769b | 102 | - name: Set Ansible Python interpreter to k8s virtualenv |
| WK | 103 | set_fact: |
| 104 | ansible_python_interpreter: /opt/virtualenvs/k8s/bin/python | |
| 27c349 | 105 | |
| cd95e7 | 106 | - name: Recover cluster if it missed cert rotation |
| WK | 107 | when: ACTION == 'start' |
| 108 | block: | |
| 4f3ebc | 109 | - name: Wait (default 3m) for Nodes to settle and pods to start |
| cd95e7 | 110 | pause: |
| 4f3ebc | 111 | seconds: "{{ lifecycle_start_pause | default(180) }}" |
| fb4dac | 112 | |
| 219dac | 113 | - name: Get CSRs that need to be approved |
| WK | 114 | k8s_facts: |
| 115 | api_version: certificates.k8s.io/v1beta1 | |
| 116 | kind: CertificateSigningRequest | |
| 27c349 | 117 | # Field selectors don't seem to work |
| WK | 118 | # field_selectors: |
| 119 | # - status.conditions[0].type="Pending" | |
| fb4dac | 120 | register: r_csrs |
| GC | 121 | |
| 27c349 | 122 | - name: Approve all Pending CSRs |
| WK | 123 | when: r_csrs.resources | length > 0 |
| 219dac | 124 | command: "oc adm certificate approve {{ item.metadata.name }}" |
| WK | 125 | loop: "{{ r_csrs.resources }}" |
| 99fd5f | 126 | |
| WK | 127 | # TODO: Implement proper loop to watch for incoming CSRS while we are |
| 128 | # approving them. For now, this is a workaround, just wait and re-approve. | |
| 129 | - name: Wait 10s for additional CSRs to appear | |
| 130 | pause: | |
| 131 | seconds: 10 | |
| 132 | ||
| 219dac | 133 | - name: Get additional CSRs that need to be approved |
| WK | 134 | k8s_facts: |
| 135 | api_version: certificates.k8s.io/v1beta1 | |
| 136 | kind: CertificateSigningRequest | |
| 27c349 | 137 | # Field selectors don't seem to work |
| WK | 138 | # field_selectors: |
| 139 | # - status.conditions[0].type = "Pending" | |
| 99fd5f | 140 | register: r_new_csrs |
| WK | 141 | |
| 27c349 | 142 | - name: Approve all additional Pending CSRs |
| WK | 143 | when: r_new_csrs.resources | length > 0 |
| 219dac | 144 | command: "oc adm certificate approve {{ item.metadata.name }}" |
| b85c91 | 145 | loop: "{{ r_new_csrs.resources }}" |
