| | |
| | | --- |
| | | # Implement your Workload deployment tasks here |
| | | - name: Set up combined ocp4_workload_quay_operator dictionary |
| | | set_fact: |
| | | ocp4_workload_quay_operator: >- |
| | | {{ ocp4_workload_quay_operator_defaults |
| | | | combine(ocp4_workload_quay_operator_vars | default( {} ), |
| | | ocp4_workload_quay_operator_secrets | default( {} ), recursive=true) |
| | | }} |
| | | - name: Print combined role variables |
| | | debug: |
| | | var: ocp4_workload_quay_operator |
| | | verbosity: 2 |
| | | |
| | | - name: Setting up workload for user |
| | | debug: |
| | | msg: "Setting up workload for user ocp_username = {{ ocp_username }}" |
| | | |
| | | - name: Generate Quay Superuser Password |
| | | - name: Get ClusterVersion |
| | | k8s_facts: |
| | | api_version: config.openshift.io/v1 |
| | | kind: ClusterVersion |
| | | name: version |
| | | register: r_cluster_version |
| | | - name: Set ocp4_workload_quay_operator_cluster_version fact |
| | | set_fact: |
| | | _quay_superuser_password: "{{ lookup('password', '/dev/null length=12 chars=ascii_letters') }}" |
| | | when: |
| | | - _quay_superuser_password is not defined or _quay_superuser_password|length == 0 |
| | | ocp4_workload_quay_operator_cluster_version: "{{ r_cluster_version.resources[0].status.history[0].version }}" |
| | | - name: Print OpenShift version |
| | | debug: |
| | | msg: "Installing Quay Operator for OpenShift Version: {{ ocp4_workload_quay_operator_cluster_version }}" |
| | | |
| | | - name: Check if key file exist on bastion VM |
| | | - name: Generate Quay Superuser Password |
| | | when: |
| | | - ocp4_workload_quay_operator.superuser_password is not defined or ocp4_workload_quay_operator.superuser_password|length == 0 |
| | | set_fact: |
| | | ocp4_workload_quay_operator_superuser_password: "{{ lookup('password', '/dev/null length=12 chars=ascii_letters') }}" |
| | | |
| | | - name: Use provided Quay Superuser Password |
| | | when: |
| | | - ocp4_workload_quay_operator.superuser_password is defined |
| | | - ocp4_workload_quay_operator.superuser_password|length > 0 |
| | | set_fact: |
| | | ocp4_workload_quay_operator_superuser_password: "{{ ocp4_workload_quay_operator.superuser_password }}" |
| | | |
| | | - name: Use provided key file |
| | | when: ocp4_workload_quay_operator.ssl_key | length > 0 |
| | | set_fact: |
| | | ocp4_workload_quay_operator_ssl_key: ocp4_workload_quay_operator.ssl_key |
| | | |
| | | - name: Otherwise check if key file exist on bastion VM |
| | | become: yes |
| | | become_user: root |
| | | when: _quay_ssl_key | length == 0 |
| | | when: ocp4_workload_quay_operator.ssl_key | length == 0 |
| | | block: |
| | | - name: Check for Key file on Bastion |
| | | stat: |
| | |
| | | slurp: |
| | | src: "/home/{{ ansible_user }}/certificates/privkey.pem" |
| | | register: _quay_ssl_key_file |
| | | - name: Set _quay_ssl_key |
| | | - name: Set ocp4_workload_quay_operator_ssl_key |
| | | when: r_ssl_key.stat.exists |
| | | set_fact: |
| | | _quay_ssl_key: "{{ _quay_ssl_key_file['content'] }}" |
| | | ocp4_workload_quay_operator_ssl_key: "{{ _quay_ssl_key_file['content'] }}" |
| | | |
| | | - name: Check if certificate file exist on bastion VM |
| | | - name: Use provided certificate file |
| | | when: ocp4_workload_quay_operator.ssl_certificate | length > 0 |
| | | set_fact: |
| | | ocp4_workload_quay_operator_ssl_certificate: ocp4_workload_quay_operator.ssl_certificate |
| | | |
| | | - name: Otherwise check if certificate file exist on bastion VM |
| | | become: yes |
| | | become_user: root |
| | | when: _quay_ssl_certificate | length == 0 |
| | | when: ocp4_workload_quay_operator.ssl_certificate | length == 0 |
| | | block: |
| | | - name: Check for Certificate file on Bastion |
| | | stat: |
| | |
| | | slurp: |
| | | src: "/home/{{ ansible_user }}/certificates/fullchain.pem" |
| | | register: _quay_ssl_cert_file |
| | | - name: Set _quay_ssl_certificate |
| | | - name: Set ocp4_workload_quay_operator_ssl_certificate |
| | | when: r_ssl_cert.stat.exists |
| | | set_fact: |
| | | _quay_ssl_certificate: "{{ _quay_ssl_cert_file['content'] }}" |
| | | ocp4_workload_quay_operator_ssl_certificate: "{{ _quay_ssl_cert_file['content'] }}" |
| | | |
| | | - name: Determine Cluster Base Domain for Quay Route |
| | | k8s_facts: |
| | |
| | | name: cluster |
| | | register: r_ingress_config |
| | | |
| | | - name: Set the Base Domain for Quay |
| | | - name: Use Provided Quay route |
| | | when: |
| | | - ocp4_workload_quay_operator.route is defined |
| | | - ocp4_workload_quay_operator.route | length > 0 |
| | | set_fact: |
| | | _quay_route: "quay-{{ guid }}.{{ r_ingress_config.resources[0].spec.domain }}" |
| | | ocp4_workload_quay_operator_quay_route: "{{ ocp4_workload_quay_operator.route }}" |
| | | |
| | | - name: Create Quay Operator Common Resources |
| | | - name: Otherwise use quay-{{guid}}.basedomain for the Quay route |
| | | when: ocp4_workload_quay_operator.route is not defined or ocp4_workload_quay_operator.route | length == 0 |
| | | set_fact: |
| | | ocp4_workload_quay_operator_quay_route: "quay-{{ guid }}.{{ r_ingress_config.resources[0].spec.domain }}" |
| | | |
| | | - name: Create Quay Operator Resources |
| | | k8s: |
| | | state: present |
| | | definition: "{{ lookup('template', item ) | from_yaml }}" |
| | | loop: |
| | | - ./templates/project.j2 |
| | | - ./templates/catalogsourceconfig.j2 |
| | | - ./templates/operatorgroup.j2 |
| | | - ./templates/subscription.j2 |
| | | - ./templates/pull_secret.j2 |
| | | - ./templates/quay_superuser_secret.j2 |
| | | - ./templates/quay_config_secret.j2 |
| | | |
| | | - name: Create Quay Operator from Operator Hub |
| | | when: _quay_operator_hub | bool |
| | | block: |
| | | - name: Create Operator Resources |
| | | k8s: |
| | | state: present |
| | | definition: "{{ lookup('template', item ) | from_yaml }}" |
| | | loop: |
| | | - ./templates/catalogsourceconfig.j2 |
| | | - ./templates/operatorgroup.j2 |
| | | - ./templates/subscription.j2 |
| | | |
| | | - name: Wait for ClusterServiceVersion to appear |
| | | k8s_facts: |
| | | api_version: operators.coreos.com/v1alpha1 |
| | | kind: ClusterServiceVersion |
| | | namespace: "{{ _quay_project }}" |
| | | name: "{{ _quay_operator_csv }}" |
| | | # field_selectors: |
| | | # - status.phase=Succeeded |
| | | register: r_csv |
| | | until: r_csv.resources | length > 0 |
| | | # until: r_csv.resources[0] and r_csv.resources[0].get('status') and r_csv.resources[0].status.phase == 'Succeeded' |
| | | # ignore_errors: true |
| | | retries: 30 |
| | | delay: 10 |
| | | |
| | | - name: Wait for operator to be installed |
| | | k8s_facts: |
| | | api_version: operators.coreos.com/v1alpha1 |
| | | kind: ClusterServiceVersion |
| | | namespace: "{{ _quay_project }}" |
| | | name: "{{ _quay_operator_csv }}" |
| | | field_selectors: |
| | | - status.phase=Succeeded |
| | | register: r_csv |
| | | until: r_csv.resources[0] and r_csv.resources[0].get('status') and r_csv.resources[0].status.phase == 'Succeeded' |
| | | retries: 30 |
| | | delay: 10 |
| | | |
| | | - name: Create OpenShift Objects for Red Hat Quay Registry prerequisites |
| | | when: not _quay_operator_hub | bool |
| | | k8s: |
| | | state: present |
| | | definition: "{{ lookup('template', item ) | from_yaml }}" |
| | | loop: |
| | | - ./templates/crd.j2 |
| | | - ./templates/service_account.j2 |
| | | - ./templates/cluster_role.j2 |
| | | - ./templates/cluster_role_binding.j2 |
| | | - ./templates/role.j2 |
| | | - ./templates/role_binding.j2 |
| | | - ./templates/operator.j2 |
| | | |
| | | - name: Create OpenShift Objects for Red Hat Quay Registry Certificates |
| | | when: |
| | | - _quay_ssl_certificate | length > 0 |
| | | - _quay_ssl_key | length > 0 |
| | | - ocp4_workload_quay_operator_ssl_certificate | length > 0 |
| | | - ocp4_workload_quay_operator_ssl_key | length > 0 |
| | | k8s: |
| | | state: present |
| | | definition: "{{ lookup('template', item ) | from_yaml }}" |
| | | loop: |
| | | - ./templates/quay_ssl_certificate_secret.j2 |
| | | |
| | | - name: Create OpenShift Objects for Red Hat Quay Registry |
| | | - name: Wait for ClusterServiceVersion to appear |
| | | k8s_facts: |
| | | api_version: operators.coreos.com/v1alpha1 |
| | | kind: ClusterServiceVersion |
| | | namespace: "{{ ocp4_workload_quay_operator.project }}" |
| | | name: "{{ ocp4_workload_quay_operator.starting_csv }}" |
| | | register: r_csv |
| | | until: r_csv.resources | length > 0 |
| | | retries: 30 |
| | | delay: 10 |
| | | |
| | | - name: Wait for Quay operator to be ready |
| | | k8s_facts: |
| | | api_version: v1 |
| | | kind: Deployment |
| | | namespace: "{{ ocp4_workload_quay_operator.project }}" |
| | | name: "quay-operator" |
| | | register: r_qo_deployment |
| | | retries: 30 |
| | | delay: 10 |
| | | until: |
| | | - r_qo_deployment.resources | length | int > 0 |
| | | - r_qo_deployment.resources[0].status.availableReplicas is defined |
| | | - r_qo_deployment.resources[0].status.availableReplicas | int == r_qo_deployment.resources[0].spec.replicas | int |
| | | |
| | | - name: Create Red Hat Quay Registry |
| | | k8s: |
| | | state: present |
| | | definition: "{{ lookup('template', item ) | from_yaml }}" |
| | | loop: |
| | | - ./templates/quay.j2 |
| | | |
| | | - name: Verify successful rollout (and fix crash looping Quay pod if necessary) |
| | | when: _quay_verify_deployment | bool |
| | | - name: Verify successful rollout |
| | | when: ocp4_workload_quay_operator.verify_deployment | bool |
| | | block: |
| | | - name: Wait for Quay App Pod to appear |
| | | k8s_facts: |
| | | api_version: v1 |
| | | kind: Pod |
| | | namespace: "{{ _quay_project }}" |
| | | namespace: "{{ ocp4_workload_quay_operator.project }}" |
| | | label_selectors: |
| | | - app=quay-operator |
| | | - quay-enterprise-component=app |
| | |
| | | retries: 30 |
| | | delay: 10 |
| | | |
| | | - name: Pause 10 seconds to give containers a chance to initialize |
| | | pause: |
| | | seconds: 10 |
| | | |
| | | - name: Wait for Quay App Pod Status to be Ready |
| | | k8s_facts: |
| | | api_version: v1 |
| | | kind: Pod |
| | | namespace: "{{ _quay_project }}" |
| | | namespace: "{{ ocp4_workload_quay_operator.project }}" |
| | | label_selectors: |
| | | - app=quay-operator |
| | | - quay-enterprise-component=app |
| | |
| | | until: >- |
| | | r_running_quay_pod.resources[0].status.containerStatuses[0].ready | bool |
| | | ignore_errors: true |
| | | retries: 20 |
| | | retries: 15 |
| | | delay: 5 |
| | | |
| | | # - name: Restart crashing Pod to pick up SCC |
| | |
| | | # api_version: v1 |
| | | # kind: Pod |
| | | # name: "{{ r_running_quay_pod.resources[0].metadata.name }}" |
| | | # namespace: "{{ _quay_project }}" |
| | | # namespace: "{{ ocp4_workload_quay_operator.project }}" |
| | | |
| | | - name: Delete Quay Deployment to pick up SCC |
| | | when: |
| | | - not r_running_quay_pod.resources[0].status.containerStatuses[0].ready | bool |
| | | - r_running_quay_pod.resources[0].status.containerStatuses[0].state.waiting.reason is match("CrashLoopBackOff") |
| | | or r_running_quay_pod.resources[0].status.containerStatuses[0].state.waiting.reason is match("Error") |
| | | k8s: |
| | | state: absent |
| | | api_version: extensions/v1beta1 |
| | | kind: Deployment |
| | | name: "{{ _quay_name }}-quay" |
| | | namespace: "{{ _quay_project }}" |
| | | - name: Get Quay Hostname |
| | | k8s_facts: |
| | | api_version: redhatcop.redhat.io/v1alpha1 |
| | | kind: QuayEcosystem |
| | | name: "{{ ocp4_workload_quay_operator.name }}" |
| | | namespace: "{{ ocp4_workload_quay_operator.project }}" |
| | | register: r_quay |
| | | |
| | | - name: Print Student as user.info |
| | | debug: |
| | | msg: "{{ item }}" |
| | | with_items: |
| | | - "user.info: Quay is available at https://{{ _quay_route }}. It may take 5 to 10 minutes for this route to respond." |
| | | - "user.info: The Quay Super User is {{ _quay_superuser_username }} with password {{ _quay_superuser_password }}" |
| | | - "user.info: Red Hat Quay is available at https://{{r_quay.resources[0].status.hostname }}." |
| | | - "user.info: The Red Hat Quay Super User is {{ ocp4_workload_quay_operator.superuser_username }} with password {{ ocp4_workload_quay_operator_superuser_password }}" |
| | | |
| | | # Leave this as the last task in the playbook. |
| | | - name: workload tasks complete |