| | |
| | | remote_src: yes |
| | | |
| | | - name: Install awscli |
| | | become: yes |
| | | command: /tmp/awscli-bundle/install -i /usr/local/aws -b /bin/aws |
| | | args: |
| | | creates: /usr/local/aws |
| | | become: yes |
| | | |
| | | - name: cleanup archive and tmp files |
| | | file: |
| | |
| | | aws_access_key_id = {{ hostvars.localhost.student_access_key_id }} |
| | | aws_secret_access_key = {{ hostvars.localhost.student_secret_access_key }} |
| | | |
| | | - name: Install Packages |
| | | become: yes |
| | | package: |
| | | name: |
| | | - golang |
| | | - python2-boto3 |
| | | - unzip |
| | | |
| | | - name: Get OS (var) |
| | | shell: "/usr/bin/go env GOOS" |
| | | register: GOOS_VAR |
| | | |
| | | - name: Get Arch (var) |
| | | shell: "/usr/bin/go env GOARCH" |
| | | register: GOARCH_VAR |
| | | # For GA Releases |
| | | - name: Set URLs for OpenShift GA releases |
| | | when: not ocp4_installer_use_dev_preview | d(False) | bool |
| | | set_fact: |
| | | ocp4_installer_url: "https://mirror.openshift.com/pub/openshift-v4/clients/ocp/{{ ocp4_installer_version }}/openshift-install-linux-{{ ocp4_installer_version }}.tar.gz" |
| | | ocp4_client_url: "https://mirror.openshift.com/pub/openshift-v4/clients/ocp/{{ ocp4_installer_version }}/openshift-client-linux-{{ ocp4_installer_version }}.tar.gz" |
| | | |
| | | - name: Get the OpenShift Installer |
| | | become: yes |
| | | get_url: |
| | | url: "https://github.com/openshift/installer/releases/download/{{ ocp4_installer_version }}/openshift-install-{{ GOOS_VAR.stdout }}-{{ GOARCH_VAR.stdout }}" |
| | | dest: /usr/bin/openshift-install |
| | | mode: 0775 |
| | | unarchive: |
| | | src: "{{ ocp4_installer_url}} " |
| | | remote_src: yes |
| | | dest: /usr/bin |
| | | mode: 0755 |
| | | owner: root |
| | | group: root |
| | | |
| | | - name: Get the OpenShift CLI |
| | | become: yes |
| | | unarchive: |
| | | src: "https://mirror.openshift.com/pub/openshift-v3/clients/{{ oc_client_version }}/linux/oc.tar.gz" |
| | | src: "{{ ocp4_client_url }}" |
| | | remote_src: yes |
| | | dest: /usr/bin |
| | | mode: 0775 |
| | |
| | | path: /home/{{ ansible_user }}/{{ cluster_name }} |
| | | state: directory |
| | | |
| | | - stat: |
| | | - name: Check if version specific install-config.j2 exists |
| | | stat: |
| | | path: files/install-config.yaml.{{ ocp4_installer_version }}.j2 |
| | | register: rconfig |
| | | delegate_to: localhost |
| | |
| | | tags: |
| | | - run_installer |
| | | command: openshift-install create cluster --dir=/home/{{ ansible_user }}/{{ cluster_name }} |
| | | async: "{{ 2 * 60 * 60 }}" |
| | | |
| | | - name: Fetch kube config |
| | | fetch: |
| | |
| | | delay: 30 |
| | | until: routeconsole is succeeded |
| | | ignore_errors: yes |
| | | # tags: post_flight_check |
| | | |
| | | # Adjust for clusters with just one worker. Default is two routers with antiAffinity rules. |
| | | # Which means that one router is pending. This doesn't work with Certificates |
| | | - name: Set number of Ingress Controller replicas to 1 if only one worker node deployed |
| | | when: worker_instance_count == 1 |
| | | environment: |
| | | KUBECONFIG: /home/{{ ansible_user }}/{{ cluster_name }}/auth/kubeconfig |
| | | shell: "oc patch ingresscontroller default --type=merge --patch='{\"spec\": { \"replicas\": 1 }}' -n openshift-ingress-operator" |
| | | ignore_errors: yes |
| | | |
| | | - name: Set webconsole address |
| | | set_fact: |
| | | webconsole: "http://{{ routeconsole.stdout | from_json | json_query('spec.host') }}" |
| | | when: routeconsole is succeeded |
| | | # tags: post_flight_check |
| | | |
| | | # sometimes the route is not ready, guess it |
| | | - name: Guess webconsole address |
| | | set_fact: |
| | | webconsole: "http://console-openshift-console.apps.{{ cluster_name }}.{{ guid }}.{{ subdomain_base }}" |
| | | when: routeconsole is failed |
| | | # tags: post_flight_check |
| | | |
| | | - name: Get API for command line |
| | | environment: |
| | | KUBECONFIG: /home/{{ ansible_user }}/{{ cluster_name }}/auth/kubeconfig |
| | | command: oc whoami --show-server |
| | | register: showserver |
| | | # tags: post_flight_check |
| | | |
| | | register: r_showserver |
| | | |
| | | - name: Print Overview |
| | | debug: |
| | | agnosticd_user_info: |
| | | msg: "{{ item }}" |
| | | with_items: |
| | | - "user.info: Openshift Master Console: {{ webconsole }}" |
| | | - "user.info: Openshift API for command line 'oc' client: {{ showserver.stdout | trim }}" |
| | | - "user.info: Download oc client from https://mirror.openshift.com/pub/openshift-v3/clients/{{ oc_client_version }}" |
| | | loop: |
| | | - "Openshift Master Console: {{ webconsole }}" |
| | | - "Openshift API for command line 'oc' client: {{ r_showserver.stdout | trim }}" |
| | | - "Download oc client from {{ ocp4_client_url }}" |
| | | |
| | | - name: Print Overview |
| | | agnosticd_user_info: |
| | | data: |
| | | openshift_console_url: "{{ webconsole }}" |
| | | openshift_api_url: "{{ r_showserver.stdout | trim }}" |
| | | openshift_client_download_url: "{{ ocp4_client_url }}" |
| | | |
| | | - name: Output htpasswd |
| | | debug: |
| | | msg: "user.info: This cluster has authentication enabled. You can use '{{ admin_user }}' with password '{{ admin_password }}' to access your cluster" |
| | | agnosticd_user_info: |
| | | msg: "This cluster has authentication enabled. You can use '{{ admin_user }}' with password '{{ admin_password }}' to access your cluster" |
| | | data: |
| | | openshift_admin_user: "{{ admin_user }}" |
| | | openshift_admin_password: "{{ admin_password }}" |
| | | when: |
| | | - admin_password is defined |
| | | - install_idm == "htpasswd" |
| | | |
| | | - name: Output kubeadmin |
| | | debug: |
| | | msg: "user.info: Kubeadmin user / password: kubeadmin / {{ kubeadminr.content | b64decode }}" |
| | | agnosticd_user_info: |
| | | msg: "Kubeadmin user / password: kubeadmin / {{ kubeadminr.content | b64decode }}" |
| | | data: |
| | | openshift_kubeadmin_password: "{{ kubeadminr.content | b64decode }}" |
| | | when: >- |
| | | install_idm is not defined |
| | | or install_idm != "htpasswd" |
| | | |
| | | - name: Print SSH warning |
| | | debug: |
| | | agnosticd_user_info: |
| | | msg: "{{ item }}" |
| | | with_items: |
| | | - "user.info: " |
| | | - "user.info: You *CANNOT* SSH into this environment" |
| | | loop: |
| | | - "" |
| | | - "You *CANNOT* SSH into this environment" |
| | | when: not install_student_user | bool |
| | | |
| | | always: |
| | |
| | | gather_facts: false |
| | | become: false |
| | | tasks: |
| | | # NOT Pre-installed |
| | | - name: Print Student aws access as user.info |
| | | debug: |
| | | msg: "{{ item }}" |
| | | with_items: |
| | | - "user.info: Top level domain: {{ subdomain_base_suffix }}" |
| | | - "user.info: " |
| | | - "user.info: WARNING: with great power comes great responsibility. We monitor usage." |
| | | - "user.info: Your AWS programmatic access:" |
| | | - "user.info: aws_access_key_id = {{ student_access_key_id }}" |
| | | - "user.info: aws_secret_access_key = {{ student_secret_access_key }}" |
| | | when: |
| | | # NOT Pre-installed |
| | | - when: |
| | | - not install_ocp4 | bool |
| | | - student_access_key_id is defined |
| | | - student_secret_access_key is defined |
| | | block: |
| | | - name: Print Student aws access as user.info |
| | | agnosticd_user_info: |
| | | msg: "{{ item }}" |
| | | loop: |
| | | - "Top level domain: {{ subdomain_base_suffix }}" |
| | | - "" |
| | | - "WARNING: with great power comes great responsibility. We monitor usage." |
| | | - "Your AWS programmatic access:" |
| | | - "aws_access_key_id = {{ student_access_key_id }}" |
| | | - "aws_secret_access_key = {{ student_secret_access_key }}" |
| | | |
| | | - name: Set aws access user data |
| | | agnosticd_user_info: |
| | | data: |
| | | subdomain_base_suffix: "{{ subdomain_base_suffix }}" |
| | | aws_access_key_id: "{{ student_access_key_id }}" |
| | | aws_secret_access_key: "{{ student_secret_access_key }}" |
| | | |
| | | - when: |
| | | - install_student_user | bool |
| | | - student_name is defined |
| | | - student_password is defined |
| | | - student_password is defined or hostvars[groups.bastions.0].student_password is defined |
| | | block: |
| | | - name: Print Student SSH access as user.info |
| | | debug: |
| | | agnosticd_user_info: |
| | | msg: "{{ item }}" |
| | | with_items: |
| | | - "user.info: " |
| | | - "user.info: SSH Access: ssh {{ student_name }}@bastion.{{ guid }}{{ subdomain_base_suffix }}" |
| | | data: |
| | | student_ssh_command: >- |
| | | ssh {{ student_name }}@bastion.{{ guid }}{{ subdomain_base_suffix }} |
| | | loop: |
| | | - "" |
| | | - "SSH Access: ssh {{ student_name }}@bastion.{{ guid }}{{ subdomain_base_suffix }}" |
| | | |
| | | - name: Print Student SSH password as user.info |
| | | debug: |
| | | msg: "user.info: SSH password: {{ student_password }}" |
| | | agnosticd_user_info: |
| | | msg: "SSH password: {{ student_ssh_password }}" |
| | | data: |
| | | student_ssh_password: "{{ student_ssh_password }}" |
| | | vars: |
| | | student_ssh_password: >- |
| | | {{ student_password | default(hostvars[groups.bastions.0].student_password) }} |
| | | when: print_student_password | default(true) | bool |