---
|
# Start / Stop Logic for OCP 4 Clusters
|
|
- import_playbook: ../../setup_runtime.yml
|
|
- name: Build inventory
|
hosts: localhost
|
connection: local
|
gather_facts: false
|
become: false
|
tasks:
|
- when: cloud_provider == 'ec2'
|
block:
|
- name: Run infra-ec2-create-inventory Role
|
include_role:
|
name: infra-ec2-create-inventory
|
|
- name: Run Common SSH Config Generator Role
|
include_role:
|
name: infra-common-ssh-config-generate
|
when: "'bastions' in groups"
|
|
- name: Set ansible_ssh_extra_args
|
hosts:
|
- all:!windows:!network
|
gather_facts: false
|
any_errors_fatal: true
|
ignore_errors: false
|
tasks:
|
- name: Set facts for remote access
|
set_fact:
|
ansible_ssh_extra_args: >-
|
{{ ansible_ssh_extra_args|d() }}
|
-F {{hostvars.localhost.output_dir}}/{{ env_type }}_{{ guid }}_ssh_conf
|
|
- name: Run stop/start/status/... actions
|
hosts: localhost
|
connection: local
|
gather_facts: False
|
become: no
|
tasks:
|
- name: Check for project_tag
|
when: project_tag is not defined or project_tag == ''
|
fail:
|
msg: "project_tag is not defined"
|
|
- name: Check for ACTION
|
when: ACTION is not defined
|
fail:
|
msg: "ACTION is not defined"
|
|
- name: Start / Stop VMs on AWS
|
when:
|
- cloud_provider == 'ec2'
|
- guid is defined
|
- guid != ''
|
- guid != '*'
|
environment:
|
AWS_ACCESS_KEY_ID: "{{aws_access_key_id}}"
|
AWS_SECRET_ACCESS_KEY: "{{aws_secret_access_key}}"
|
AWS_DEFAULT_REGION: "{{aws_region_final|d(aws_region)}}"
|
block:
|
- name: Stop instances by (guid,env_type) tags
|
when: ACTION == 'stop'
|
ec2_instance:
|
state: stopped
|
wait: "{{ aws_instance_wait_for_stop | default(false) }}"
|
filters:
|
"tag:guid": "{{ guid }}"
|
"tag:env_type": "{{ env_type }}"
|
instance-state-name: running
|
|
- name: Start instances by (guid, env_type) tags
|
when: ACTION == 'start'
|
ec2_instance:
|
state: started
|
wait: true
|
filters:
|
"tag:guid": "{{ guid }}"
|
"tag:env_type": "{{ env_type }}"
|
instance-state-name: stopped
|
- when: ACTION == 'status'
|
block:
|
- name: Get EC2 facts using (guid, env_type) tag
|
ec2_instance_facts:
|
filters:
|
"tag:guid": "{{ guid }}"
|
"tag:env_type": "{{ env_type }}"
|
register: r_instances
|
|
- name: Print status information to a file
|
template:
|
dest: "{{ output_dir }}/status.txt"
|
src: files/status.j2
|
|
- name: Run recover cluster actions
|
hosts: bastions
|
run_once: true
|
become: false
|
gather_facts: false
|
tasks:
|
- name: Set Ansible Python interpreter to k8s virtualenv
|
set_fact:
|
ansible_python_interpreter: /opt/virtualenvs/k8s/bin/python
|
|
- name: Recover cluster if it missed cert rotation
|
when: ACTION == 'start'
|
block:
|
- name: Wait (default 3m) for Nodes to settle and pods to start
|
pause:
|
seconds: "{{ lifecycle_start_pause | default(180) }}"
|
|
- name: Get CSRs that need to be approved
|
k8s_facts:
|
api_version: certificates.k8s.io/v1beta1
|
kind: CertificateSigningRequest
|
# Field selectors don't seem to work
|
# field_selectors:
|
# - status.conditions[0].type="Pending"
|
register: r_csrs
|
|
- name: Approve all Pending CSRs
|
when: r_csrs.resources | length > 0
|
command: "oc adm certificate approve {{ item.metadata.name }}"
|
loop: "{{ r_csrs.resources }}"
|
|
# TODO: Implement proper loop to watch for incoming CSRS while we are
|
# approving them. For now, this is a workaround, just wait and re-approve.
|
- name: Wait 10s for additional CSRs to appear
|
pause:
|
seconds: 10
|
|
- name: Get additional CSRs that need to be approved
|
k8s_facts:
|
api_version: certificates.k8s.io/v1beta1
|
kind: CertificateSigningRequest
|
# Field selectors don't seem to work
|
# field_selectors:
|
# - status.conditions[0].type = "Pending"
|
register: r_new_csrs
|
|
- name: Approve all additional Pending CSRs
|
when: r_new_csrs.resources | length > 0
|
command: "oc adm certificate approve {{ item.metadata.name }}"
|
loop: "{{ r_new_csrs.resources }}"
|