| | |
| | | - name: Create LDAP Bind Password Secret |
| | | shell: "oc create secret generic opentlc-ldap-secret --from-literal=bindPassword=\"{{ bindPassword }}\" -n openshift-config" |
| | | ignore_errors: true |
| | | - name: Upload OAuth Configuration File |
| | | - name: Upload OAuth Configuration File |
| | | copy: |
| | | src: "./files/oauth-opentlc-ldap.yaml" |
| | | dest: "/home/{{ ansible_user }}/oauth-opentlc-ldap.yaml" |
| | |
| | | when: |
| | | - admin_user is defined |
| | | - install_idm != "none" |
| | | - auth_remove_kubeadmin |
| | | command: oc delete secret kubeadmin -n kube-system |
| | | ignore_errors: true |
| | | |
| | |
| | | KUBECONFIG: "{{ cluster_name }}/auth/kubeconfig" |
| | | ignore_errors: yes |
| | | block: |
| | | - name: Get API for command line |
| | | command: oc whoami --show-server |
| | | register: showserver |
| | | |
| | | - when: webconsole is not defined |
| | | block: |
| | | - name: Get console route |
| | | command: oc get route -n openshift-console console -o json |
| | | register: routeconsole |
| | | retries: 10 |
| | | delay: 30 |
| | | until: routeconsole is succeeded |
| | | ignore_errors: yes |
| | | |
| | | - name: Set webconsole address |
| | | set_fact: |
| | | webconsole: "http://{{ routeconsole.stdout | from_json | json_query('spec.host') }}" |
| | | when: routeconsole is succeeded |
| | | |
| | | - name: Check DNS webconsole |
| | | command: nslookup "{{ webconsole | urlsplit('hostname') }}" |
| | | register: checkdnswebconsole |
| | |
| | | - name: Delete project |
| | | command: oc delete project postflightcheck |
| | | |
| | | - debug: |
| | | - name: Switch back to default project |
| | | command: oc project default |
| | | |
| | | - agnosticd_user_info: |
| | | msg: "{{ item }}" |
| | | loop: |
| | | - "user.info: " |
| | | - "user.info: Post Flight Check" |
| | | - "user.info: DNS Web Console ............... {{ 'OK' if checkdnswebconsole.rc == 0 else 'FAIL' }}" |
| | | - "user.info: DNS API ....................... {{ 'OK' if checkdnsapi.rc == 0 else 'FAIL' }}" |
| | | - "user.info: Web console ................... {{ 'OK' if testwebconsole is succeeded else 'FAIL' }}" |
| | | - "user.info: API ........................... {{ 'OK' if clusterinfor.rc == 0 else 'FAIL' }}" |
| | | - "user.info: Create Project with PV ........ {{ 'OK' if newproject.rc == 0 else 'FAIL' }}" |
| | | - "user.info: App deployed .................. {{ 'OK' if phpw.rc == 0 and mysqlw.rc == 0 else 'FAIL' }}" |
| | | - "user.info: Route ......................... {{ 'OK' if testroute is succeeded else 'FAIL' }}" |
| | | - "" |
| | | - "Post Flight Check" |
| | | - "DNS Web Console ............... {{ 'OK' if checkdnswebconsole.rc == 0 else 'FAIL' }}" |
| | | - "DNS API ....................... {{ 'OK' if checkdnsapi.rc == 0 else 'FAIL' }}" |
| | | - "Web console ................... {{ 'OK' if testwebconsole is succeeded else 'FAIL' }}" |
| | | - "API ........................... {{ 'OK' if clusterinfor.rc == 0 else 'FAIL' }}" |
| | | - "Create Project with PV ........ {{ 'OK' if newproject.rc == 0 else 'FAIL' }}" |
| | | - "App deployed .................. {{ 'OK' if phpw.rc == 0 and mysqlw.rc == 0 else 'FAIL' }}" |
| | | - "Route ......................... {{ 'OK' if testroute is succeeded else 'FAIL' }}" |
| | | |
| | | - when: |
| | | - smoke_tests | bool |
| | |
| | | msg: "FAIL Smoke tests" |
| | | ignore_errors: no |
| | | |
| | | |
| | | - name: Deploy Default, Infra and Student Workloads |
| | | import_playbook: ocp_workloads.yml |
| | | |
| | | - name: Enable Cluster Shutdown and Resume |
| | | hosts: bastions |
| | | run_once: yes |
| | | gather_facts: false |
| | | become: false |
| | | tasks: |
| | | - when: |
| | | - install_ocp4 | d(False) | bool |
| | | - ocp4_enable_cluster_shutdown | d(True) | bool |
| | | environment: |
| | | KUBECONFIG: "{{ cluster_name }}/auth/kubeconfig" |
| | | ignore_errors: yes |
| | | block: |
| | | - name: Create Daemon Set to renew Bootstrap Credentials |
| | | k8s: |
| | | state: present |
| | | merge_type: |
| | | - strategic-merge |
| | | - merge |
| | | definition: "{{ lookup('file', './files/kubelet-bootstrap-cred-manager-ds.yaml' ) | from_yaml }}" |
| | | - name: Delete initial Bootstrap Secrets to force regeneration |
| | | k8s: |
| | | state: absent |
| | | api_version: v1 |
| | | kind: Secret |
| | | name: "{{ item }}" |
| | | namespace: openshift-kube-controller-manager-operator |
| | | loop: |
| | | - "csr-signer-signer" |
| | | - "csr-signer" |
| | | # The next tasks are to fix the bug fixed in https://github.com/openshift/cluster-kube-controller-manager-operator/pull/305 |
| | | # Also the operator dealing with prometheus adapters doesn't watch the certificates. |
| | | # Need to force it to reconcile |
| | | - name: Wait 15 seconds before next command |
| | | pause: |
| | | seconds: 15 |
| | | - name: Get Config Map Definition |
| | | shell: oc get configmap extension-apiserver-authentication -n kube-system -o yaml >/tmp/extension-apiserver-authentication.yaml |
| | | - name: Add an empty line to config map file |
| | | lineinfile: |
| | | path: /tmp/extension-apiserver-authentication.yaml |
| | | firstmatch: true |
| | | insertafter: '-----END CERTIFICATE-----' |
| | | line: '' |
| | | - name: Update Config Map with new file |
| | | k8s: |
| | | state: present |
| | | src: /tmp/extension-apiserver-authentication.yaml |
| | | - name: Tell CloudForms we are done |
| | | hosts: bastions |
| | | run_once: yes |