commit | author | age
|
a637ad
|
1 |
--- |
998e0c
|
2 |
- name: Set up combined ocp4_workload_quay_operator dictionary |
WK |
3 |
set_fact: |
|
4 |
ocp4_workload_quay_operator: >- |
|
5 |
{{ ocp4_workload_quay_operator_defaults |
1d687a
|
6 |
| combine(ocp4_workload_quay_operator_vars | default( {} ), |
WK |
7 |
ocp4_workload_quay_operator_secrets | default( {} ), recursive=true) |
998e0c
|
8 |
}} |
WK |
9 |
- name: Print combined role variables |
|
10 |
debug: |
|
11 |
var: ocp4_workload_quay_operator |
|
12 |
verbosity: 2 |
a637ad
|
13 |
|
WK |
14 |
- name: Setting up workload for user |
|
15 |
debug: |
|
16 |
msg: "Setting up workload for user ocp_username = {{ ocp_username }}" |
|
17 |
|
c37a78
|
18 |
- name: Get ClusterVersion |
WK |
19 |
k8s_facts: |
|
20 |
api_version: config.openshift.io/v1 |
|
21 |
kind: ClusterVersion |
|
22 |
name: version |
|
23 |
register: r_cluster_version |
|
24 |
- name: Set ocp4_workload_quay_operator_cluster_version fact |
|
25 |
set_fact: |
|
26 |
ocp4_workload_quay_operator_cluster_version: "{{ r_cluster_version.resources[0].status.history[0].version }}" |
|
27 |
- name: Print OpenShift version |
|
28 |
debug: |
|
29 |
msg: "Installing Quay Operator for OpenShift Version: {{ ocp4_workload_quay_operator_cluster_version }}" |
|
30 |
|
e7cfe3
|
31 |
- name: Generate Quay Superuser Password |
WK |
32 |
when: |
998e0c
|
33 |
- ocp4_workload_quay_operator.superuser_password is not defined or ocp4_workload_quay_operator.superuser_password|length == 0 |
WK |
34 |
set_fact: |
|
35 |
ocp4_workload_quay_operator_superuser_password: "{{ lookup('password', '/dev/null length=12 chars=ascii_letters') }}" |
e7cfe3
|
36 |
|
998e0c
|
37 |
- name: Use provided Quay Superuser Password |
WK |
38 |
when: |
|
39 |
- ocp4_workload_quay_operator.superuser_password is defined |
|
40 |
- ocp4_workload_quay_operator.superuser_password|length > 0 |
|
41 |
set_fact: |
|
42 |
ocp4_workload_quay_operator_superuser_password: "{{ ocp4_workload_quay_operator.superuser_password }}" |
|
43 |
|
|
44 |
- name: Use provided key file |
|
45 |
when: ocp4_workload_quay_operator.ssl_key | length > 0 |
|
46 |
set_fact: |
|
47 |
ocp4_workload_quay_operator_ssl_key: ocp4_workload_quay_operator.ssl_key |
|
48 |
|
|
49 |
- name: Otherwise check if key file exist on bastion VM |
5b4936
|
50 |
become: yes |
2ab8a8
|
51 |
become_user: root |
998e0c
|
52 |
when: ocp4_workload_quay_operator.ssl_key | length == 0 |
19fdb3
|
53 |
block: |
WK |
54 |
- name: Check for Key file on Bastion |
|
55 |
stat: |
d111f6
|
56 |
path: "/home/{{ ansible_user }}/certificates/privkey.pem" |
19fdb3
|
57 |
register: r_ssl_key |
WK |
58 |
- name: Read Key file from Bastion |
|
59 |
when: r_ssl_key.stat.exists |
|
60 |
slurp: |
d111f6
|
61 |
src: "/home/{{ ansible_user }}/certificates/privkey.pem" |
19fdb3
|
62 |
register: _quay_ssl_key_file |
998e0c
|
63 |
- name: Set ocp4_workload_quay_operator_ssl_key |
47577f
|
64 |
when: r_ssl_key.stat.exists |
WK |
65 |
set_fact: |
998e0c
|
66 |
ocp4_workload_quay_operator_ssl_key: "{{ _quay_ssl_key_file['content'] }}" |
47577f
|
67 |
|
998e0c
|
68 |
- name: Use provided certificate file |
WK |
69 |
when: ocp4_workload_quay_operator.ssl_certificate | length > 0 |
|
70 |
set_fact: |
|
71 |
ocp4_workload_quay_operator_ssl_certificate: ocp4_workload_quay_operator.ssl_certificate |
|
72 |
|
|
73 |
- name: Otherwise check if certificate file exist on bastion VM |
47577f
|
74 |
become: yes |
WK |
75 |
become_user: root |
998e0c
|
76 |
when: ocp4_workload_quay_operator.ssl_certificate | length == 0 |
47577f
|
77 |
block: |
19fdb3
|
78 |
- name: Check for Certificate file on Bastion |
WK |
79 |
stat: |
d111f6
|
80 |
path: "/home/{{ ansible_user }}/certificates/fullchain.pem" |
19fdb3
|
81 |
register: r_ssl_cert |
WK |
82 |
- name: Read Certificate file from Bastion |
|
83 |
when: r_ssl_cert.stat.exists |
|
84 |
slurp: |
d111f6
|
85 |
src: "/home/{{ ansible_user }}/certificates/fullchain.pem" |
19fdb3
|
86 |
register: _quay_ssl_cert_file |
998e0c
|
87 |
- name: Set ocp4_workload_quay_operator_ssl_certificate |
47577f
|
88 |
when: r_ssl_cert.stat.exists |
WK |
89 |
set_fact: |
998e0c
|
90 |
ocp4_workload_quay_operator_ssl_certificate: "{{ _quay_ssl_cert_file['content'] }}" |
19fdb3
|
91 |
|
5b4936
|
92 |
- name: Determine Cluster Base Domain for Quay Route |
WK |
93 |
k8s_facts: |
|
94 |
api_version: config.openshift.io/v1 |
|
95 |
kind: Ingress |
|
96 |
name: cluster |
|
97 |
register: r_ingress_config |
|
98 |
|
998e0c
|
99 |
- name: Use Provided Quay route |
WK |
100 |
when: |
|
101 |
- ocp4_workload_quay_operator.route is defined |
|
102 |
- ocp4_workload_quay_operator.route | length > 0 |
5b4936
|
103 |
set_fact: |
998e0c
|
104 |
ocp4_workload_quay_operator_quay_route: "{{ ocp4_workload_quay_operator.route }}" |
5b4936
|
105 |
|
998e0c
|
106 |
- name: Otherwise use quay-{{guid}}.basedomain for the Quay route |
WK |
107 |
when: ocp4_workload_quay_operator.route is not defined or ocp4_workload_quay_operator.route | length == 0 |
|
108 |
set_fact: |
|
109 |
ocp4_workload_quay_operator_quay_route: "quay-{{ guid }}.{{ r_ingress_config.resources[0].spec.domain }}" |
|
110 |
|
|
111 |
- name: Create Quay Operator Resources |
ec18aa
|
112 |
k8s: |
WK |
113 |
state: present |
|
114 |
definition: "{{ lookup('template', item ) | from_yaml }}" |
|
115 |
loop: |
|
116 |
- ./templates/project.j2 |
998e0c
|
117 |
- ./templates/catalogsourceconfig.j2 |
WK |
118 |
- ./templates/operatorgroup.j2 |
|
119 |
- ./templates/subscription.j2 |
c37a78
|
120 |
- ./templates/pull_secret.j2 |
WK |
121 |
- ./templates/quay_superuser_secret.j2 |
|
122 |
- ./templates/quay_config_secret.j2 |
|
123 |
|
|
124 |
- name: Create OpenShift Objects for Red Hat Quay Registry Certificates |
|
125 |
when: |
|
126 |
- ocp4_workload_quay_operator_ssl_certificate | length > 0 |
|
127 |
- ocp4_workload_quay_operator_ssl_key | length > 0 |
|
128 |
k8s: |
|
129 |
state: present |
|
130 |
definition: "{{ lookup('template', item ) | from_yaml }}" |
|
131 |
loop: |
|
132 |
- ./templates/quay_ssl_certificate_secret.j2 |
ec18aa
|
133 |
|
998e0c
|
134 |
- name: Wait for ClusterServiceVersion to appear |
WK |
135 |
k8s_facts: |
|
136 |
api_version: operators.coreos.com/v1alpha1 |
|
137 |
kind: ClusterServiceVersion |
|
138 |
namespace: "{{ ocp4_workload_quay_operator.project }}" |
|
139 |
name: "{{ ocp4_workload_quay_operator.starting_csv }}" |
|
140 |
register: r_csv |
|
141 |
until: r_csv.resources | length > 0 |
|
142 |
retries: 30 |
|
143 |
delay: 10 |
ec18aa
|
144 |
|
c37a78
|
145 |
- name: Wait for Quay operator to be ready |
998e0c
|
146 |
k8s_facts: |
c37a78
|
147 |
api_version: v1 |
WK |
148 |
kind: Deployment |
998e0c
|
149 |
namespace: "{{ ocp4_workload_quay_operator.project }}" |
c37a78
|
150 |
name: "quay-operator" |
WK |
151 |
register: r_qo_deployment |
998e0c
|
152 |
retries: 30 |
WK |
153 |
delay: 10 |
c37a78
|
154 |
until: |
WK |
155 |
- r_qo_deployment.resources | length | int > 0 |
|
156 |
- r_qo_deployment.resources[0].status.availableReplicas is defined |
|
157 |
- r_qo_deployment.resources[0].status.availableReplicas | int == r_qo_deployment.resources[0].spec.replicas | int |
d111f6
|
158 |
|
c37a78
|
159 |
- name: Create Red Hat Quay Registry |
19fdb3
|
160 |
k8s: |
WK |
161 |
state: present |
|
162 |
definition: "{{ lookup('template', item ) | from_yaml }}" |
|
163 |
loop: |
a637ad
|
164 |
- ./templates/quay.j2 |
WK |
165 |
|
c37a78
|
166 |
- name: Verify successful rollout |
998e0c
|
167 |
when: ocp4_workload_quay_operator.verify_deployment | bool |
5fac23
|
168 |
block: |
WK |
169 |
- name: Wait for Quay App Pod to appear |
|
170 |
k8s_facts: |
|
171 |
api_version: v1 |
|
172 |
kind: Pod |
998e0c
|
173 |
namespace: "{{ ocp4_workload_quay_operator.project }}" |
5fac23
|
174 |
label_selectors: |
WK |
175 |
- app=quay-operator |
|
176 |
- quay-enterprise-component=app |
|
177 |
register: r_quay_pod |
|
178 |
until: r_quay_pod.resources | length > 0 |
|
179 |
retries: 30 |
|
180 |
delay: 10 |
e41a2b
|
181 |
|
ab26e8
|
182 |
- name: Pause 10 seconds to give containers a chance to initialize |
WK |
183 |
pause: |
|
184 |
seconds: 10 |
|
185 |
|
5fac23
|
186 |
- name: Wait for Quay App Pod Status to be Ready |
WK |
187 |
k8s_facts: |
|
188 |
api_version: v1 |
|
189 |
kind: Pod |
998e0c
|
190 |
namespace: "{{ ocp4_workload_quay_operator.project }}" |
5fac23
|
191 |
label_selectors: |
WK |
192 |
- app=quay-operator |
|
193 |
- quay-enterprise-component=app |
|
194 |
register: r_running_quay_pod |
|
195 |
until: >- |
|
196 |
r_running_quay_pod.resources[0].status.containerStatuses[0].ready | bool |
e41a2b
|
197 |
ignore_errors: true |
6ebc87
|
198 |
retries: 15 |
5fac23
|
199 |
delay: 5 |
6ebc87
|
200 |
|
06a100
|
201 |
# - name: Restart crashing Pod to pick up SCC |
WK |
202 |
# when: |
|
203 |
# - not r_running_quay_pod.resources[0].status.containerStatuses[0].ready | bool |
|
204 |
# - r_running_quay_pod.resources[0].status.containerStatuses[0].state.waiting.reason is match("CrashLoopBackOff") |
|
205 |
# or r_running_quay_pod.resources[0].status.containerStatuses[0].state.waiting.reason is match("Error") |
|
206 |
# k8s: |
|
207 |
# state: absent |
|
208 |
# api_version: v1 |
|
209 |
# kind: Pod |
|
210 |
# name: "{{ r_running_quay_pod.resources[0].metadata.name }}" |
998e0c
|
211 |
# namespace: "{{ ocp4_workload_quay_operator.project }}" |
WK |
212 |
|
|
213 |
- name: Get Quay Hostname |
|
214 |
k8s_facts: |
|
215 |
api_version: redhatcop.redhat.io/v1alpha1 |
|
216 |
kind: QuayEcosystem |
|
217 |
name: "{{ ocp4_workload_quay_operator.name }}" |
|
218 |
namespace: "{{ ocp4_workload_quay_operator.project }}" |
|
219 |
register: r_quay |
5fac23
|
220 |
|
e7cfe3
|
221 |
- name: Print Student as user.info |
WK |
222 |
debug: |
|
223 |
msg: "{{ item }}" |
|
224 |
with_items: |
c37a78
|
225 |
- "user.info: Red Hat Quay is available at https://{{r_quay.resources[0].status.hostname }}." |
WK |
226 |
- "user.info: The Red Hat Quay Super User is {{ ocp4_workload_quay_operator.superuser_username }} with password {{ ocp4_workload_quay_operator_superuser_password }}" |
e7cfe3
|
227 |
|
a637ad
|
228 |
# Leave this as the last task in the playbook. |
WK |
229 |
- name: workload tasks complete |
|
230 |
debug: |
|
231 |
msg: "Workload Tasks completed successfully." |
|
232 |
when: not silent|bool |