--- # Implement your Workload deployment tasks here - name: Setting up workload for user debug: msg: "Setting up workload for user ocp_username = {{ ocp_username }}" - name: Generate Quay Superuser Password set_fact: _quay_superuser_password: "{{ lookup('password', '/dev/null length=12 chars=ascii_letters') }}" when: - _quay_superuser_password is not defined or _quay_superuser_password|length == 0 - name: Check if key file exist on bastion VM become: yes become_user: root when: _quay_ssl_key | length == 0 block: - name: Check for Key file on Bastion stat: path: "/home/{{ ansible_user }}/certificates/privkey.pem" register: r_ssl_key - name: Read Key file from Bastion when: r_ssl_key.stat.exists slurp: src: "/home/{{ ansible_user }}/certificates/privkey.pem" register: _quay_ssl_key_file - name: Set _quay_ssl_key when: r_ssl_key.stat.exists set_fact: _quay_ssl_key: "{{ _quay_ssl_key_file['content'] }}" - name: Check if certificate file exist on bastion VM become: yes become_user: root when: _quay_ssl_certificate | length == 0 block: - name: Check for Certificate file on Bastion stat: path: "/home/{{ ansible_user }}/certificates/fullchain.pem" register: r_ssl_cert - name: Read Certificate file from Bastion when: r_ssl_cert.stat.exists slurp: src: "/home/{{ ansible_user }}/certificates/fullchain.pem" register: _quay_ssl_cert_file - name: Set _quay_ssl_certificate when: r_ssl_cert.stat.exists set_fact: _quay_ssl_certificate: "{{ _quay_ssl_cert_file['content'] }}" - name: Determine Cluster Base Domain for Quay Route k8s_facts: api_version: config.openshift.io/v1 kind: Ingress name: cluster register: r_ingress_config - name: Set the Base Domain for Quay set_fact: _quay_route: "quay-{{ guid }}.{{ r_ingress_config.resources[0].spec.domain }}" - name: Create Quay Operator Common Resources k8s: state: present definition: "{{ lookup('template', item ) | from_yaml }}" loop: - ./templates/project.j2 - ./templates/pull_secret.j2 - ./templates/quay_superuser_secret.j2 - ./templates/quay_config_secret.j2 - name: Create Quay Operator from Operator Hub when: _quay_operator_hub | bool block: - name: Create Operator Resources k8s: state: present definition: "{{ lookup('template', item ) | from_yaml }}" loop: - ./templates/catalogsourceconfig.j2 - ./templates/operatorgroup.j2 - ./templates/subscription.j2 - name: Wait for ClusterServiceVersion to appear k8s_facts: api_version: operators.coreos.com/v1alpha1 kind: ClusterServiceVersion namespace: "{{ _quay_project }}" name: "{{ _quay_operator_csv }}" # field_selectors: # - status.phase=Succeeded register: r_csv until: r_csv.resources | length > 0 # until: r_csv.resources[0] and r_csv.resources[0].get('status') and r_csv.resources[0].status.phase == 'Succeeded' # ignore_errors: true retries: 30 delay: 10 - name: Wait for operator to be installed k8s_facts: api_version: operators.coreos.com/v1alpha1 kind: ClusterServiceVersion namespace: "{{ _quay_project }}" name: "{{ _quay_operator_csv }}" field_selectors: - status.phase=Succeeded register: r_csv until: r_csv.resources[0] and r_csv.resources[0].get('status') and r_csv.resources[0].status.phase == 'Succeeded' retries: 30 delay: 10 - name: Create OpenShift Objects for Red Hat Quay Registry prerequisites when: not _quay_operator_hub | bool k8s: state: present definition: "{{ lookup('template', item ) | from_yaml }}" loop: - ./templates/crd.j2 - ./templates/service_account.j2 - ./templates/cluster_role.j2 - ./templates/cluster_role_binding.j2 - ./templates/role.j2 - ./templates/role_binding.j2 - ./templates/operator.j2 - name: Create OpenShift Objects for Red Hat Quay Registry Certificates when: - _quay_ssl_certificate | length > 0 - _quay_ssl_key | length > 0 k8s: state: present definition: "{{ lookup('template', item ) | from_yaml }}" loop: - ./templates/quay_ssl_certificate_secret.j2 - name: Create OpenShift Objects for Red Hat Quay Registry k8s: state: present definition: "{{ lookup('template', item ) | from_yaml }}" loop: - ./templates/quay.j2 - name: Verify successful rollout (and fix crash looping Quay pod if necessary) when: _quay_verify_deployment | bool block: - name: Wait for Quay App Pod to appear k8s_facts: api_version: v1 kind: Pod namespace: "{{ _quay_project }}" label_selectors: - app=quay-operator - quay-enterprise-component=app register: r_quay_pod until: r_quay_pod.resources | length > 0 retries: 30 delay: 10 - name: Wait for Quay App Pod Status to be Ready k8s_facts: api_version: v1 kind: Pod namespace: "{{ _quay_project }}" label_selectors: - app=quay-operator - quay-enterprise-component=app register: r_running_quay_pod until: >- r_running_quay_pod.resources[0].status.containerStatuses[0].ready | bool ignore_errors: true retries: 20 delay: 5 # - name: Restart crashing Pod to pick up SCC # when: # - not r_running_quay_pod.resources[0].status.containerStatuses[0].ready | bool # - r_running_quay_pod.resources[0].status.containerStatuses[0].state.waiting.reason is match("CrashLoopBackOff") # or r_running_quay_pod.resources[0].status.containerStatuses[0].state.waiting.reason is match("Error") # k8s: # state: absent # api_version: v1 # kind: Pod # name: "{{ r_running_quay_pod.resources[0].metadata.name }}" # namespace: "{{ _quay_project }}" - name: Delete Quay Deployment to pick up SCC when: - not r_running_quay_pod.resources[0].status.containerStatuses[0].ready | bool - r_running_quay_pod.resources[0].status.containerStatuses[0].state.waiting.reason is match("CrashLoopBackOff") or r_running_quay_pod.resources[0].status.containerStatuses[0].state.waiting.reason is match("Error") k8s: state: absent api_version: extensions/v1beta1 kind: Deployment name: "{{ _quay_name }}-quay" namespace: "{{ _quay_project }}" - name: Print Student as user.info debug: msg: "{{ item }}" with_items: - "user.info: Quay is available at https://{{ _quay_route }}. It may take 5 to 10 minutes for this route to respond." - "user.info: The Quay Super User is {{ _quay_superuser_username }} with password {{ _quay_superuser_password }}" # Leave this as the last task in the playbook. - name: workload tasks complete debug: msg: "Workload Tasks completed successfully." when: not silent|bool