From 998e0c84399eb45b6a99b445929b06e84363512f Mon Sep 17 00:00:00 2001 From: Wolfgang Kulhanek <wkulhanek@users.noreply.github.com> Date: Fri, 13 Mar 2020 18:38:16 +0100 Subject: [PATCH] Update Quay Operator to new variable structure. Removed non-marketplace deployment logic. (#1326) --- ansible/roles/ocp4-workload-quay-operator/tasks/workload.yml | 178 ++++++++++++++++++++++++++++++++--------------------------- 1 files changed, 97 insertions(+), 81 deletions(-) diff --git a/ansible/roles/ocp4-workload-quay-operator/tasks/workload.yml b/ansible/roles/ocp4-workload-quay-operator/tasks/workload.yml index 661b6a1..7c771fa 100644 --- a/ansible/roles/ocp4-workload-quay-operator/tasks/workload.yml +++ b/ansible/roles/ocp4-workload-quay-operator/tasks/workload.yml @@ -1,20 +1,42 @@ --- -# Implement your Workload deployment tasks here +- name: Set up combined ocp4_workload_quay_operator dictionary + set_fact: + ocp4_workload_quay_operator: >- + {{ ocp4_workload_quay_operator_defaults + | combine(ocp4_workload_quay_operator_input | default( {} ), + ocp4_workload_quay_operator_secret | default( {} ), recursive=true) + }} +- name: Print combined role variables + debug: + var: ocp4_workload_quay_operator + verbosity: 2 - name: Setting up workload for user debug: msg: "Setting up workload for user ocp_username = {{ ocp_username }}" - name: Generate Quay Superuser Password - set_fact: - _quay_superuser_password: "{{ lookup('password', '/dev/null length=12 chars=ascii_letters') }}" when: - - _quay_superuser_password is not defined or _quay_superuser_password|length == 0 + - ocp4_workload_quay_operator.superuser_password is not defined or ocp4_workload_quay_operator.superuser_password|length == 0 + set_fact: + ocp4_workload_quay_operator_superuser_password: "{{ lookup('password', '/dev/null length=12 chars=ascii_letters') }}" -- name: Check if key file exist on bastion VM +- name: Use provided Quay Superuser Password + when: + - ocp4_workload_quay_operator.superuser_password is defined + - ocp4_workload_quay_operator.superuser_password|length > 0 + set_fact: + ocp4_workload_quay_operator_superuser_password: "{{ ocp4_workload_quay_operator.superuser_password }}" + +- name: Use provided key file + when: ocp4_workload_quay_operator.ssl_key | length > 0 + set_fact: + ocp4_workload_quay_operator_ssl_key: ocp4_workload_quay_operator.ssl_key + +- name: Otherwise check if key file exist on bastion VM become: yes become_user: root - when: _quay_ssl_key | length == 0 + when: ocp4_workload_quay_operator.ssl_key | length == 0 block: - name: Check for Key file on Bastion stat: @@ -25,15 +47,20 @@ slurp: src: "/home/{{ ansible_user }}/certificates/privkey.pem" register: _quay_ssl_key_file - - name: Set _quay_ssl_key + - name: Set ocp4_workload_quay_operator_ssl_key when: r_ssl_key.stat.exists set_fact: - _quay_ssl_key: "{{ _quay_ssl_key_file['content'] }}" + ocp4_workload_quay_operator_ssl_key: "{{ _quay_ssl_key_file['content'] }}" -- name: Check if certificate file exist on bastion VM +- name: Use provided certificate file + when: ocp4_workload_quay_operator.ssl_certificate | length > 0 + set_fact: + ocp4_workload_quay_operator_ssl_certificate: ocp4_workload_quay_operator.ssl_certificate + +- name: Otherwise check if certificate file exist on bastion VM become: yes become_user: root - when: _quay_ssl_certificate | length == 0 + when: ocp4_workload_quay_operator.ssl_certificate | length == 0 block: - name: Check for Certificate file on Bastion stat: @@ -44,10 +71,10 @@ slurp: src: "/home/{{ ansible_user }}/certificates/fullchain.pem" register: _quay_ssl_cert_file - - name: Set _quay_ssl_certificate + - name: Set ocp4_workload_quay_operator_ssl_certificate when: r_ssl_cert.stat.exists set_fact: - _quay_ssl_certificate: "{{ _quay_ssl_cert_file['content'] }}" + ocp4_workload_quay_operator_ssl_certificate: "{{ _quay_ssl_cert_file['content'] }}" - name: Determine Cluster Base Domain for Quay Route k8s_facts: @@ -56,11 +83,19 @@ name: cluster register: r_ingress_config -- name: Set the Base Domain for Quay +- name: Use Provided Quay route + when: + - ocp4_workload_quay_operator.route is defined + - ocp4_workload_quay_operator.route | length > 0 set_fact: - _quay_route: "quay-{{ guid }}.{{ r_ingress_config.resources[0].spec.domain }}" + ocp4_workload_quay_operator_quay_route: "{{ ocp4_workload_quay_operator.route }}" -- name: Create Quay Operator Common Resources +- name: Otherwise use quay-{{guid}}.basedomain for the Quay route + when: ocp4_workload_quay_operator.route is not defined or ocp4_workload_quay_operator.route | length == 0 + set_fact: + ocp4_workload_quay_operator_quay_route: "quay-{{ guid }}.{{ r_ingress_config.resources[0].spec.domain }}" + +- name: Create Quay Operator Resources k8s: state: present definition: "{{ lookup('template', item ) | from_yaml }}" @@ -69,65 +104,38 @@ - ./templates/pull_secret.j2 - ./templates/quay_superuser_secret.j2 - ./templates/quay_config_secret.j2 + - ./templates/catalogsourceconfig.j2 + - ./templates/operatorgroup.j2 + - ./templates/subscription.j2 -- name: Create Quay Operator from Operator Hub - when: _quay_operator_hub | bool - block: - - name: Create Operator Resources - k8s: - state: present - definition: "{{ lookup('template', item ) | from_yaml }}" - loop: - - ./templates/catalogsourceconfig.j2 - - ./templates/operatorgroup.j2 - - ./templates/subscription.j2 +- name: Wait for ClusterServiceVersion to appear + k8s_facts: + api_version: operators.coreos.com/v1alpha1 + kind: ClusterServiceVersion + namespace: "{{ ocp4_workload_quay_operator.project }}" + name: "{{ ocp4_workload_quay_operator.starting_csv }}" + register: r_csv + until: r_csv.resources | length > 0 + retries: 30 + delay: 10 - - name: Wait for ClusterServiceVersion to appear - k8s_facts: - api_version: operators.coreos.com/v1alpha1 - kind: ClusterServiceVersion - namespace: "{{ _quay_project }}" - name: "{{ _quay_operator_csv }}" - # field_selectors: - # - status.phase=Succeeded - register: r_csv - until: r_csv.resources | length > 0 - # until: r_csv.resources[0] and r_csv.resources[0].get('status') and r_csv.resources[0].status.phase == 'Succeeded' - # ignore_errors: true - retries: 30 - delay: 10 - - - name: Wait for operator to be installed - k8s_facts: - api_version: operators.coreos.com/v1alpha1 - kind: ClusterServiceVersion - namespace: "{{ _quay_project }}" - name: "{{ _quay_operator_csv }}" - field_selectors: - - status.phase=Succeeded - register: r_csv - until: r_csv.resources[0] and r_csv.resources[0].get('status') and r_csv.resources[0].status.phase == 'Succeeded' - retries: 30 - delay: 10 +- name: Wait for operator to be installed + k8s_facts: + api_version: operators.coreos.com/v1alpha1 + kind: ClusterServiceVersion + namespace: "{{ ocp4_workload_quay_operator.project }}" + name: "{{ ocp4_workload_quay_operator.starting_csv }}" + field_selectors: + - status.phase=Succeeded + register: r_csv + until: r_csv.resources[0] and r_csv.resources[0].get('status') and r_csv.resources[0].status.phase == 'Succeeded' + retries: 30 + delay: 10 -- name: Create OpenShift Objects for Red Hat Quay Registry prerequisites - when: not _quay_operator_hub | bool - k8s: - state: present - definition: "{{ lookup('template', item ) | from_yaml }}" - loop: - - ./templates/crd.j2 - - ./templates/service_account.j2 - - ./templates/cluster_role.j2 - - ./templates/cluster_role_binding.j2 - - ./templates/role.j2 - - ./templates/role_binding.j2 - - ./templates/operator.j2 - - name: Create OpenShift Objects for Red Hat Quay Registry Certificates when: - - _quay_ssl_certificate | length > 0 - - _quay_ssl_key | length > 0 + - ocp4_workload_quay_operator_ssl_certificate | length > 0 + - ocp4_workload_quay_operator_ssl_key | length > 0 k8s: state: present definition: "{{ lookup('template', item ) | from_yaml }}" @@ -142,13 +150,13 @@ - ./templates/quay.j2 - name: Verify successful rollout (and fix crash looping Quay pod if necessary) - when: _quay_verify_deployment | bool + when: ocp4_workload_quay_operator.verify_deployment | bool block: - name: Wait for Quay App Pod to appear k8s_facts: api_version: v1 kind: Pod - namespace: "{{ _quay_project }}" + namespace: "{{ ocp4_workload_quay_operator.project }}" label_selectors: - app=quay-operator - quay-enterprise-component=app @@ -161,7 +169,7 @@ k8s_facts: api_version: v1 kind: Pod - namespace: "{{ _quay_project }}" + namespace: "{{ ocp4_workload_quay_operator.project }}" label_selectors: - app=quay-operator - quay-enterprise-component=app @@ -172,12 +180,12 @@ retries: 15 delay: 5 - - name: Delete crashing Pod to pick up SCC - when: - - not r_running_quay_pod.resources[0].status.containerStatuses[0].ready | bool - - r_running_quay_pod.resources[0].status.containerStatuses[0].state.waiting.reason is match("CrashLoopBackOff") - or r_running_quay_pod.resources[0].status.containerStatuses[0].state.waiting.reason is match("Error") - shell: "oc delete pod {{ r_running_quay_pod.resources[0].metadata.name }} -n {{ _quay_project }}" + # - name: Delete crashing Pod to pick up SCC + # when: + # - not r_running_quay_pod.resources[0].status.containerStatuses[0].ready | bool + # - r_running_quay_pod.resources[0].status.containerStatuses[0].state.waiting.reason is match("CrashLoopBackOff") + # or r_running_quay_pod.resources[0].status.containerStatuses[0].state.waiting.reason is match("Error") + # shell: "oc delete pod {{ r_running_quay_pod.resources[0].metadata.name }} -n {{ ocp4_workload_quay_operator.project }}" # - name: Restart crashing Pod to pick up SCC # when: @@ -189,14 +197,22 @@ # api_version: v1 # kind: Pod # name: "{{ r_running_quay_pod.resources[0].metadata.name }}" - # namespace: "{{ _quay_project }}" + # namespace: "{{ ocp4_workload_quay_operator.project }}" + +- name: Get Quay Hostname + k8s_facts: + api_version: redhatcop.redhat.io/v1alpha1 + kind: QuayEcosystem + name: "{{ ocp4_workload_quay_operator.name }}" + namespace: "{{ ocp4_workload_quay_operator.project }}" + register: r_quay - name: Print Student as user.info debug: msg: "{{ item }}" with_items: - - "user.info: Quay is available at https://{{ _quay_route }}. It may take 5 to 10 minutes for this route to respond." - - "user.info: The Quay Super User is {{ _quay_superuser_username }} with password {{ _quay_superuser_password }}" + - "user.info: Quay is available at https://{{r_quay.resources[0].status.hostname }}. It may take 5 to 10 minutes for this route to respond." + - "user.info: The Quay Super User is {{ ocp4_workload_quay_operator.superuser_username }} with password {{ ocp4_workload_quay_operator_superuser_password }}" # Leave this as the last task in the playbook. - name: workload tasks complete -- Gitblit v1.9.3