ansible/configs/ocp4-workshop/destroy_env.yml | ●●●●● patch | view | raw | blame | history | |
ansible/configs/ocp4-workshop/files/requirements_k8s.txt | ●●●●● patch | view | raw | blame | history | |
ansible/configs/ocp4-workshop/lifecycle.yml | ●●●●● patch | view | raw | blame | history | |
ansible/roles/host-lets-encrypt-certs-certbot/tasks/main.yml | ●●●●● patch | view | raw | blame | history | |
ansible/roles/idm-server/tasks/prep.yml | ●●●●● patch | view | raw | blame | history | |
ansible/roles/mysql/tasks/main.yml | ●●●●● patch | view | raw | blame | history | |
ansible/roles/ocp4-workload-idm/tasks/remove_workload.yml | ●●●●● patch | view | raw | blame | history | |
ansible/roles/ocp4-workload-idm/tasks/workload.yml | ●●●●● patch | view | raw | blame | history |
ansible/configs/ocp4-workshop/destroy_env.yml
@@ -145,6 +145,9 @@ run_once: true become: false tasks: - name: Set Ansible Python interpreter to k8s virtualenv set_fact: ansible_python_interpreter: /opt/virtualenvs/k8s/bin/python - name: Remove ocp workloads when: - remove_workloads | d("") | length > 0 @@ -348,10 +351,11 @@ aws route53 list-hosted-zones-by-name --dns-name {{ aws_public_zone }} --max-items 4 --output json register: awsroute53zone changed_when: false retries: 5 delay: "{{ 60|random(start=3, step=1) }}" delay: "{{ 60|random(start=10, step=1) }}" until: awsroute53zone is succeeded - name: delete zones ansible/configs/ocp4-workshop/files/requirements_k8s.txt
@@ -2,6 +2,9 @@ ansible==2.8.8 asn1crypto==1.3.0 bcrypt==3.1.7 botocore==1.15.15 boto3==1.12.15 boto==2.49.0 cachetools==4.0.0 certifi==2019.11.28 cffi==1.13.2 ansible/configs/ocp4-workshop/lifecycle.yml
@@ -64,7 +64,7 @@ when: ACTION == 'stop' ec2_instance: state: stopped wait: {{ aws_instance_wait_for_stop }} wait: "{{ aws_instance_wait_for_stop | default(false) }}" filters: "tag:guid": "{{ guid }}" "tag:env_type": "{{ env_type }}" @@ -142,4 +142,4 @@ - name: Approve all additional Pending CSRs when: r_new_csrs.resources | length > 0 command: "oc adm certificate approve {{ item.metadata.name }}" loop: "{{ r_new_csrs.resources }}" loop: "{{ r_new_csrs.resources }}" ansible/roles/host-lets-encrypt-certs-certbot/tasks/main.yml
@@ -11,7 +11,7 @@ stat: path: "/home/{{ ansible_user }}/.aws/credentials" register: aws_credentials_result - name: Fail if AWS Credentials are not on the host fail: msg: AWS Credentials are required when requesting certificates for a wildcard domain @@ -21,7 +21,7 @@ when: _certbot_dns_provider is match('rfc2136') block: - name: Verify credential are present on host when: _certbot_dns_provider is match('rfc2136') when: _certbot_dns_provider is match('rfc2136') stat: path: /home/{{ _certbot_user }}/.rfc2136.ini register: ddns_credentials_result @@ -80,6 +80,18 @@ delegate_to: localhost register: cache_archive_file - name: Ensure Certbot Directories are present file: name: "{{ item }}" state: directory owner: "{{ _certbot_remote_dir_owner }}" mode: 0775 loop: - "{{ _certbot_dir }}" - "{{ _certbot_dir }}/config" - "{{ _certbot_dir }}/work" - "{{ _certbot_dir }}/logs" - name: Restore entire certificate archive when: - _certbot_use_cache|bool @@ -95,20 +107,6 @@ - name: Set _certbot_setup_complete=true set_fact: _certbot_setup_complete: true - name: Ensure Certbot Directories are present file: name: "{{ item }}" state: directory owner: "{{ _certbot_remote_dir_owner }}" mode: 0775 loop: - "{{ _certbot_dir }}" - "{{ _certbot_dir }}/config" - "{{ _certbot_dir }}/work" - "{{ _certbot_dir }}/logs" - "{{ _certbot_dir }}/renewal-hooks" - "{{ _certbot_dir }}/renewal-hooks/deploy" - name: Request Certificates from Let's Encrypt (force or no cache) when: ansible/roles/idm-server/tasks/prep.yml
@@ -1,14 +1,23 @@ --- - name: Install required packages package: name: "{{ idm_rpms }}" state: installed # FIXME: # Using the 'package' module fails when installing # Unable to find yum & rpm python package on RHEL 7.5 # # Error: # The Python 32 bindings for rpm are needed for this module. If you require # Python 3 support use the `dnf` Ansible module instead.. The Python 2 yum # module is needed for this module. If you require Python 3 support use the # `dnf` Ansible module instead. # package # # To fix that error, we can install the bastion using a RHEL 8 image command: yum -y install {{ idm_rpms | join(" ") }} - name: Upgrade NSS package package: name: nss state: latest command: yum -y update nss # Cannot use a handler here - name: Ensure firewalld is running @@ -17,12 +26,12 @@ state: started enabled: yes # The 'firewalld' module is not compatible with Python 3 on RHEL 7 # This has to do with missing python 3 bindings for firewalld - name: Open Firewall for IdM use firewalld: service: "{{ item }}" permanent: yes state: enabled immediate: yes shell: | firewall-cmd --permanent --zone=public --add-service={{ item }} firewall-cmd --reload with_items: - ntp - http ansible/roles/mysql/tasks/main.yml
@@ -1,11 +1,8 @@ --- - block: # Python 3 bindings for Yum are not present on RHEL 7.X images - name: Install MySQL packages yum: state: present name: - mariadb-server - firewalld command: yum -y install mariadb-server firewalld - name: Ensure firewalld is running service: @@ -13,14 +10,11 @@ state: started enabled: yes # Python 3 bindings for firewalld are not present on RHEL 7.X images - name: Open Firewall for MySQL use firewalld: service: "{{ item }}" permanent: yes state: enabled immediate: yes with_items: - mysql shell: | firewall-cmd --permanent --zone=public --add-service=mysql firewall-cmd --reload - name: Ensure MySQL is running at boot service: ansible/roles/ocp4-workload-idm/tasks/remove_workload.yml
@@ -1,5 +1,13 @@ --- # Implement your Workload removal tasks here - name: Install AWS python prerequisites become: True pip: state: present name: - boto - botocore - boto3 # Find IP of bastion - name: Gather VPC facts ansible/roles/ocp4-workload-idm/tasks/workload.yml
@@ -25,7 +25,7 @@ - _certbot_cache_archive_file: "{{ output_dir|d('/tmp') }}/{{ guid }}-idm-certs.tar.gz" - _certbot_renew_automatically: True - _certbot_use_cache: True - _certbot_force_issue: False - _certbot_force_issue: True - _certbot_production: True - _certbot_cron_job_name: LETS_ENCRYPT_RENEW_IDM