commit | author | age
|
cd95e7
|
1 |
--- |
WK |
2 |
# Start / Stop Logic for OCP 4 Clusters |
|
3 |
|
5b08e0
|
4 |
- import_playbook: ../../setup_runtime.yml |
GC |
5 |
|
f2b8ac
|
6 |
- name: Build inventory |
GC |
7 |
hosts: localhost |
|
8 |
connection: local |
|
9 |
gather_facts: false |
|
10 |
become: false |
|
11 |
tasks: |
|
12 |
- when: cloud_provider == 'ec2' |
|
13 |
block: |
|
14 |
- name: Run infra-ec2-create-inventory Role |
|
15 |
include_role: |
|
16 |
name: infra-ec2-create-inventory |
|
17 |
|
|
18 |
- name: Run Common SSH Config Generator Role |
|
19 |
include_role: |
|
20 |
name: infra-common-ssh-config-generate |
|
21 |
when: "'bastions' in groups" |
cd95e7
|
22 |
|
681ab7
|
23 |
- name: Set ansible_ssh_extra_args |
GC |
24 |
hosts: |
|
25 |
- all:!windows:!network |
|
26 |
gather_facts: false |
|
27 |
any_errors_fatal: true |
|
28 |
ignore_errors: false |
|
29 |
tasks: |
|
30 |
- name: Set facts for remote access |
|
31 |
set_fact: |
|
32 |
ansible_ssh_extra_args: >- |
|
33 |
{{ ansible_ssh_extra_args|d() }} |
|
34 |
-F {{hostvars.localhost.output_dir}}/{{ env_type }}_{{ guid }}_ssh_conf |
|
35 |
|
cd95e7
|
36 |
- name: Run stop/start/status/... actions |
WK |
37 |
hosts: localhost |
|
38 |
connection: local |
|
39 |
gather_facts: False |
|
40 |
become: no |
|
41 |
tasks: |
|
42 |
- name: Check for project_tag |
|
43 |
when: project_tag is not defined or project_tag == '' |
|
44 |
fail: |
|
45 |
msg: "project_tag is not defined" |
|
46 |
|
|
47 |
- name: Check for ACTION |
|
48 |
when: ACTION is not defined |
|
49 |
fail: |
|
50 |
msg: "ACTION is not defined" |
|
51 |
|
|
52 |
- name: Start / Stop VMs on AWS |
7b4d8b
|
53 |
when: |
GC |
54 |
- cloud_provider == 'ec2' |
|
55 |
- guid is defined |
|
56 |
- guid != '' |
|
57 |
- guid != '*' |
cd95e7
|
58 |
environment: |
WK |
59 |
AWS_ACCESS_KEY_ID: "{{aws_access_key_id}}" |
|
60 |
AWS_SECRET_ACCESS_KEY: "{{aws_secret_access_key}}" |
|
61 |
AWS_DEFAULT_REGION: "{{aws_region_final|d(aws_region)}}" |
|
62 |
block: |
|
63 |
- name: Stop instances by (guid,env_type) tags |
|
64 |
when: ACTION == 'stop' |
|
65 |
ec2_instance: |
|
66 |
state: stopped |
b85c91
|
67 |
wait: "{{ aws_instance_wait_for_stop | default(false) }}" |
cd95e7
|
68 |
filters: |
WK |
69 |
"tag:guid": "{{ guid }}" |
c9cdd1
|
70 |
"tag:env_type": "{{ env_type }}" |
5da812
|
71 |
instance-state-name: running |
cd95e7
|
72 |
|
WK |
73 |
- name: Start instances by (guid, env_type) tags |
|
74 |
when: ACTION == 'start' |
|
75 |
ec2_instance: |
|
76 |
state: started |
f2b8ac
|
77 |
wait: true |
cd95e7
|
78 |
filters: |
WK |
79 |
"tag:guid": "{{ guid }}" |
c9cdd1
|
80 |
"tag:env_type": "{{ env_type }}" |
5da812
|
81 |
instance-state-name: stopped |
ea9797
|
82 |
- when: ACTION == 'status' |
GC |
83 |
block: |
|
84 |
- name: Get EC2 facts using (guid, env_type) tag |
|
85 |
ec2_instance_facts: |
|
86 |
filters: |
|
87 |
"tag:guid": "{{ guid }}" |
c9cdd1
|
88 |
"tag:env_type": "{{ env_type }}" |
ea9797
|
89 |
register: r_instances |
GC |
90 |
|
|
91 |
- name: Print status information to a file |
|
92 |
template: |
|
93 |
dest: "{{ output_dir }}/status.txt" |
|
94 |
src: files/status.j2 |
27c349
|
95 |
|
cd95e7
|
96 |
- name: Run recover cluster actions |
27c349
|
97 |
hosts: bastions |
ea9797
|
98 |
run_once: true |
GC |
99 |
become: false |
|
100 |
gather_facts: false |
cd95e7
|
101 |
tasks: |
a3769b
|
102 |
- name: Set Ansible Python interpreter to k8s virtualenv |
WK |
103 |
set_fact: |
|
104 |
ansible_python_interpreter: /opt/virtualenvs/k8s/bin/python |
27c349
|
105 |
|
cd95e7
|
106 |
- name: Recover cluster if it missed cert rotation |
WK |
107 |
when: ACTION == 'start' |
|
108 |
block: |
4f3ebc
|
109 |
- name: Wait (default 3m) for Nodes to settle and pods to start |
cd95e7
|
110 |
pause: |
4f3ebc
|
111 |
seconds: "{{ lifecycle_start_pause | default(180) }}" |
fb4dac
|
112 |
|
219dac
|
113 |
- name: Get CSRs that need to be approved |
WK |
114 |
k8s_facts: |
|
115 |
api_version: certificates.k8s.io/v1beta1 |
|
116 |
kind: CertificateSigningRequest |
27c349
|
117 |
# Field selectors don't seem to work |
WK |
118 |
# field_selectors: |
|
119 |
# - status.conditions[0].type="Pending" |
fb4dac
|
120 |
register: r_csrs |
GC |
121 |
|
27c349
|
122 |
- name: Approve all Pending CSRs |
WK |
123 |
when: r_csrs.resources | length > 0 |
219dac
|
124 |
command: "oc adm certificate approve {{ item.metadata.name }}" |
WK |
125 |
loop: "{{ r_csrs.resources }}" |
99fd5f
|
126 |
|
WK |
127 |
# TODO: Implement proper loop to watch for incoming CSRS while we are |
|
128 |
# approving them. For now, this is a workaround, just wait and re-approve. |
|
129 |
- name: Wait 10s for additional CSRs to appear |
|
130 |
pause: |
|
131 |
seconds: 10 |
|
132 |
|
219dac
|
133 |
- name: Get additional CSRs that need to be approved |
WK |
134 |
k8s_facts: |
|
135 |
api_version: certificates.k8s.io/v1beta1 |
|
136 |
kind: CertificateSigningRequest |
27c349
|
137 |
# Field selectors don't seem to work |
WK |
138 |
# field_selectors: |
|
139 |
# - status.conditions[0].type = "Pending" |
99fd5f
|
140 |
register: r_new_csrs |
WK |
141 |
|
27c349
|
142 |
- name: Approve all additional Pending CSRs |
WK |
143 |
when: r_new_csrs.resources | length > 0 |
219dac
|
144 |
command: "oc adm certificate approve {{ item.metadata.name }}" |
b85c91
|
145 |
loop: "{{ r_new_csrs.resources }}" |