view | history | commit | commitdiff
Wolfgang Kulhanek
2020-03-14 c37a78f35516ddd06f3430fcb2ea545175a83269
commit | author | age
a637ad 1 ---
998e0c 2 - name: Set up combined ocp4_workload_quay_operator dictionary
WK 3   set_fact:
4     ocp4_workload_quay_operator: >-
5       {{ ocp4_workload_quay_operator_defaults
1d687a 6        | combine(ocp4_workload_quay_operator_vars    | default( {} ),
WK 7                  ocp4_workload_quay_operator_secrets | default( {} ), recursive=true)
998e0c 8       }}
WK 9 - name: Print combined role variables
10   debug:
11     var: ocp4_workload_quay_operator
12     verbosity: 2
a637ad 13
WK 14 - name: Setting up workload for user
15   debug:
16     msg: "Setting up workload for user ocp_username = {{ ocp_username }}"
17
c37a78 18 - name: Get ClusterVersion
WK 19   k8s_facts:
20     api_version: config.openshift.io/v1
21     kind: ClusterVersion
22     name: version
23   register: r_cluster_version
24 - name: Set ocp4_workload_quay_operator_cluster_version fact
25   set_fact:
26     ocp4_workload_quay_operator_cluster_version: "{{ r_cluster_version.resources[0].status.history[0].version }}"
27 - name: Print OpenShift version
28   debug:
29     msg: "Installing Quay Operator for OpenShift Version: {{ ocp4_workload_quay_operator_cluster_version }}"
30
e7cfe3 31 - name: Generate Quay Superuser Password
WK 32   when:
998e0c 33   - ocp4_workload_quay_operator.superuser_password is not defined or ocp4_workload_quay_operator.superuser_password|length == 0
WK 34   set_fact:
35     ocp4_workload_quay_operator_superuser_password: "{{ lookup('password', '/dev/null length=12 chars=ascii_letters') }}"
e7cfe3 36
998e0c 37 - name: Use provided Quay Superuser Password
WK 38   when:
39   - ocp4_workload_quay_operator.superuser_password is defined
40   - ocp4_workload_quay_operator.superuser_password|length > 0
41   set_fact:
42     ocp4_workload_quay_operator_superuser_password: "{{ ocp4_workload_quay_operator.superuser_password }}"
43
44 - name: Use provided key file
45   when: ocp4_workload_quay_operator.ssl_key | length > 0
46   set_fact:
47     ocp4_workload_quay_operator_ssl_key: ocp4_workload_quay_operator.ssl_key
48
49 - name: Otherwise check if key file exist on bastion VM
5b4936 50   become: yes
2ab8a8 51   become_user: root
998e0c 52   when: ocp4_workload_quay_operator.ssl_key | length == 0
19fdb3 53   block:
WK 54   - name: Check for Key file on Bastion
55     stat:
d111f6 56       path: "/home/{{ ansible_user }}/certificates/privkey.pem"
19fdb3 57     register: r_ssl_key
WK 58   - name: Read Key file from Bastion
59     when: r_ssl_key.stat.exists
60     slurp:
d111f6 61       src: "/home/{{ ansible_user }}/certificates/privkey.pem"
19fdb3 62     register: _quay_ssl_key_file
998e0c 63   - name: Set ocp4_workload_quay_operator_ssl_key
47577f 64     when: r_ssl_key.stat.exists
WK 65     set_fact:
998e0c 66       ocp4_workload_quay_operator_ssl_key: "{{ _quay_ssl_key_file['content'] }}"
47577f 67
998e0c 68 - name: Use provided certificate file
WK 69   when: ocp4_workload_quay_operator.ssl_certificate | length > 0
70   set_fact:
71     ocp4_workload_quay_operator_ssl_certificate: ocp4_workload_quay_operator.ssl_certificate
72
73 - name: Otherwise check if certificate file exist on bastion VM
47577f 74   become: yes
WK 75   become_user: root
998e0c 76   when: ocp4_workload_quay_operator.ssl_certificate | length == 0
47577f 77   block:
19fdb3 78   - name: Check for Certificate file on Bastion
WK 79     stat:
d111f6 80       path: "/home/{{ ansible_user }}/certificates/fullchain.pem"
19fdb3 81     register: r_ssl_cert
WK 82   - name: Read Certificate file from Bastion
83     when: r_ssl_cert.stat.exists
84     slurp:
d111f6 85       src: "/home/{{ ansible_user }}/certificates/fullchain.pem"
19fdb3 86     register: _quay_ssl_cert_file
998e0c 87   - name: Set ocp4_workload_quay_operator_ssl_certificate
47577f 88     when: r_ssl_cert.stat.exists
WK 89     set_fact:
998e0c 90       ocp4_workload_quay_operator_ssl_certificate: "{{ _quay_ssl_cert_file['content'] }}"
19fdb3 91
5b4936 92 - name: Determine Cluster Base Domain for Quay Route
WK 93   k8s_facts:
94     api_version: config.openshift.io/v1
95     kind: Ingress
96     name: cluster
97   register: r_ingress_config
98
998e0c 99 - name: Use Provided Quay route
WK 100   when:
101   - ocp4_workload_quay_operator.route is defined
102   - ocp4_workload_quay_operator.route | length > 0
5b4936 103   set_fact:
998e0c 104     ocp4_workload_quay_operator_quay_route: "{{ ocp4_workload_quay_operator.route }}"
5b4936 105
998e0c 106 - name: Otherwise use quay-{{guid}}.basedomain for the Quay route
WK 107   when: ocp4_workload_quay_operator.route is not defined or ocp4_workload_quay_operator.route | length == 0
108   set_fact:
109     ocp4_workload_quay_operator_quay_route: "quay-{{ guid }}.{{ r_ingress_config.resources[0].spec.domain }}"
110
111 - name: Create Quay Operator Resources
ec18aa 112   k8s:
WK 113     state: present
114     definition:  "{{ lookup('template', item ) | from_yaml }}"
115   loop:
116   - ./templates/project.j2
998e0c 117   - ./templates/catalogsourceconfig.j2
WK 118   - ./templates/operatorgroup.j2
119   - ./templates/subscription.j2
c37a78 120   - ./templates/pull_secret.j2
WK 121   - ./templates/quay_superuser_secret.j2
122   - ./templates/quay_config_secret.j2
123
124 - name: Create OpenShift Objects for Red Hat Quay Registry Certificates
125   when:
126   - ocp4_workload_quay_operator_ssl_certificate | length > 0
127   - ocp4_workload_quay_operator_ssl_key | length > 0
128   k8s:
129     state: present
130     definition: "{{ lookup('template', item ) | from_yaml }}"
131   loop:
132   - ./templates/quay_ssl_certificate_secret.j2
ec18aa 133
998e0c 134 - name: Wait for ClusterServiceVersion to appear
WK 135   k8s_facts:
136     api_version: operators.coreos.com/v1alpha1
137     kind: ClusterServiceVersion
138     namespace: "{{ ocp4_workload_quay_operator.project }}"
139     name: "{{ ocp4_workload_quay_operator.starting_csv }}"
140   register: r_csv
141   until: r_csv.resources | length > 0
142   retries: 30
143   delay: 10
ec18aa 144
c37a78 145 - name: Wait for Quay operator to be ready
998e0c 146   k8s_facts:
c37a78 147     api_version: v1
WK 148     kind: Deployment
998e0c 149     namespace: "{{ ocp4_workload_quay_operator.project }}"
c37a78 150     name: "quay-operator"
WK 151   register: r_qo_deployment
998e0c 152   retries: 30
WK 153   delay: 10
c37a78 154   until:
WK 155   - r_qo_deployment.resources | length | int > 0
156   - r_qo_deployment.resources[0].status.availableReplicas is defined
157   - r_qo_deployment.resources[0].status.availableReplicas | int == r_qo_deployment.resources[0].spec.replicas | int
d111f6 158  
c37a78 159 - name: Create Red Hat Quay Registry
19fdb3 160   k8s:
WK 161     state: present
162     definition: "{{ lookup('template', item ) | from_yaml }}"
163   loop:
a637ad 164   - ./templates/quay.j2
WK 165
c37a78 166 - name: Verify successful rollout
998e0c 167   when: ocp4_workload_quay_operator.verify_deployment | bool
5fac23 168   block:
WK 169   - name: Wait for Quay App Pod to appear
170     k8s_facts:
171       api_version: v1
172       kind: Pod
998e0c 173       namespace: "{{ ocp4_workload_quay_operator.project }}"
5fac23 174       label_selectors:
WK 175       - app=quay-operator
176       - quay-enterprise-component=app
177     register: r_quay_pod
178     until: r_quay_pod.resources | length > 0
179     retries: 30
180     delay: 10
e41a2b 181
ab26e8 182   - name: Pause 10 seconds to give containers a chance to initialize
WK 183     pause:
184       seconds: 10
185
5fac23 186   - name: Wait for Quay App Pod Status to be Ready
WK 187     k8s_facts:
188       api_version: v1
189       kind: Pod
998e0c 190       namespace: "{{ ocp4_workload_quay_operator.project }}"
5fac23 191       label_selectors:
WK 192       - app=quay-operator
193       - quay-enterprise-component=app
194     register: r_running_quay_pod
195     until: >-
196       r_running_quay_pod.resources[0].status.containerStatuses[0].ready | bool
e41a2b 197     ignore_errors: true
6ebc87 198     retries: 15
5fac23 199     delay: 5
6ebc87 200
06a100 201   # - name: Restart crashing Pod to pick up SCC
WK 202   #   when:
203   #   - not r_running_quay_pod.resources[0].status.containerStatuses[0].ready | bool
204   #   - r_running_quay_pod.resources[0].status.containerStatuses[0].state.waiting.reason is match("CrashLoopBackOff")
205   #     or r_running_quay_pod.resources[0].status.containerStatuses[0].state.waiting.reason is match("Error")
206   #   k8s:
207   #     state: absent
208   #     api_version: v1
209   #     kind: Pod
210   #     name: "{{ r_running_quay_pod.resources[0].metadata.name }}"
998e0c 211   #     namespace: "{{ ocp4_workload_quay_operator.project }}"
WK 212
213 - name: Get Quay Hostname
214   k8s_facts:
215     api_version: redhatcop.redhat.io/v1alpha1
216     kind: QuayEcosystem
217     name: "{{ ocp4_workload_quay_operator.name }}"
218     namespace: "{{ ocp4_workload_quay_operator.project }}"
219   register: r_quay
5fac23 220
e7cfe3 221 - name: Print Student as user.info
WK 222   debug:
223     msg: "{{ item }}"
224   with_items:
c37a78 225   - "user.info: Red Hat Quay is available at https://{{r_quay.resources[0].status.hostname }}."
WK 226   - "user.info: The Red Hat Quay Super User is {{ ocp4_workload_quay_operator.superuser_username }} with password {{ ocp4_workload_quay_operator_superuser_password }}"
e7cfe3 227
a637ad 228 # Leave this as the last task in the playbook.
WK 229 - name: workload tasks complete
230   debug:
231     msg: "Workload Tasks completed successfully."
232   when: not silent|bool