--- - name: Step 00xxxxx software hosts: bastions gather_facts: false become: false tasks: - when: install_ocp4 | bool tags: - install_openshift block: - name: Create deployinprogress file file: path: /tmp/deployinprogress state: touch - name: Get awscli bundle get_url: url: https://s3.amazonaws.com/aws-cli/awscli-bundle.zip dest: /tmp/awscli-bundle.zip - name: Unzip awscli-bundle.zip unarchive: src: /tmp/awscli-bundle.zip dest: /tmp/ remote_src: yes - name: Install awscli become: yes command: /tmp/awscli-bundle/install -i /usr/local/aws -b /bin/aws args: creates: /usr/local/aws - name: cleanup archive and tmp files file: path: "{{ item }}" state: absent loop: - /tmp/awscli-bundle - /tmp/awscli-bundle.zip - name: Create .aws directory file: path: ~/.aws state: directory - name: Add aws credentials blockinfile: path: ~/.aws/credentials block: |- [default] aws_access_key_id = {{ hostvars.localhost.student_access_key_id }} aws_secret_access_key = {{ hostvars.localhost.student_secret_access_key }} # For GA Releases - name: Set URLs for OpenShift GA releases when: not ocp4_installer_use_dev_preview | d(False) | bool set_fact: ocp4_installer_url: "https://mirror.openshift.com/pub/openshift-v4/clients/ocp/{{ ocp4_installer_version }}/openshift-install-linux-{{ ocp4_installer_version }}.tar.gz" ocp4_client_url: "https://mirror.openshift.com/pub/openshift-v4/clients/ocp/{{ ocp4_installer_version }}/openshift-client-linux-{{ ocp4_installer_version }}.tar.gz" - name: Get the OpenShift Installer become: yes unarchive: src: "{{ ocp4_installer_url}} " remote_src: yes dest: /usr/bin mode: 0755 owner: root group: root - name: Get the OpenShift CLI become: yes unarchive: src: "{{ ocp4_client_url }}" remote_src: yes dest: /usr/bin mode: 0775 owner: root group: root - name: Generate SSH keys shell: ssh-keygen -b 2048 -t rsa -f ~/.ssh/id_rsa -q -N "" args: creates: ~/.ssh/id_rsa - name: Generate SSH pub key shell: ssh-keygen -y -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub args: creates: ~/.ssh/id_rsa.pub - name: Slurp public key slurp: path: /home/{{ ansible_user }}/.ssh/id_rsa.pub register: idrsapub - name: Create cluster directory file: path: /home/{{ ansible_user }}/{{ cluster_name }} state: directory - name: Check if version specific install-config.j2 exists stat: path: files/install-config.yaml.{{ ocp4_installer_version }}.j2 register: rconfig delegate_to: localhost - name: Use version-specific template for install-config-yaml set_fact: install_config_template_path: files/install-config.yaml.{{ ocp4_installer_version }}.j2 when: rconfig.stat.exists - name: Use default template for install-config-yaml set_fact: install_config_template_path: files/install-config.yaml.j2 when: not rconfig.stat.exists - name: Generate config install-config.yaml template: src: "{{ install_config_template_path }}" dest: /home/{{ ansible_user }}/{{ cluster_name }}/install-config.yaml - name: Run the installer tags: - run_installer command: openshift-install create cluster --dir=/home/{{ ansible_user }}/{{ cluster_name }} async: "{{ 2 * 60 * 60 }}" - name: Fetch kube config fetch: flat: yes src: /home/{{ ansible_user }}/{{ cluster_name }}/auth/{{ item }} dest: "{{ hostvars.localhost.output_dir }}/{{ env_type }}_{{ guid }}_{{ item }}" loop: - kubeconfig - kubeadmin-password - name: Make sure .kube directory exists in home directory file: state: directory path: "/home/{{ ansible_user }}/.kube" owner: "{{ ansible_user }}" mode: 0775 - name: Set up .kube/config copy: remote_src: yes src: "/home/{{ ansible_user }}/{{ cluster_name }}/auth/kubeconfig" dest: "/home/{{ ansible_user }}/.kube/config" - name: Make sure .kube directory exists in /root file: state: directory path: /root/.kube owner: root mode: 0700 become: yes - name: Set up .kube/config for root copy: remote_src: yes src: "/home/{{ ansible_user }}/{{ cluster_name }}/auth/kubeconfig" dest: /root/.kube/config become: yes - name: Get kubeadmin password slurp: path: /home/{{ ansible_user }}/{{ cluster_name }}/auth/kubeadmin-password register: kubeadminr - name: Get console route environment: KUBECONFIG: /home/{{ ansible_user }}/{{ cluster_name }}/auth/kubeconfig command: oc get route -n openshift-console console -o json register: routeconsole retries: 10 delay: 30 until: routeconsole is succeeded ignore_errors: yes # Adjust for clusters with just one worker. Default is two routers with antiAffinity rules. # Which means that one router is pending. This doesn't work with Certificates - name: Set number of Ingress Controller replicas to 1 if only one worker node deployed when: worker_instance_count == 1 environment: KUBECONFIG: /home/{{ ansible_user }}/{{ cluster_name }}/auth/kubeconfig shell: "oc patch ingresscontroller default --type=merge --patch='{\"spec\": { \"replicas\": 1 }}' -n openshift-ingress-operator" ignore_errors: yes - name: Set webconsole address set_fact: webconsole: "http://{{ routeconsole.stdout | from_json | json_query('spec.host') }}" when: routeconsole is succeeded # sometimes the route is not ready, guess it - name: Guess webconsole address set_fact: webconsole: "http://console-openshift-console.apps.{{ cluster_name }}.{{ guid }}.{{ subdomain_base }}" when: routeconsole is failed - name: Get API for command line environment: KUBECONFIG: /home/{{ ansible_user }}/{{ cluster_name }}/auth/kubeconfig command: oc whoami --show-server register: r_showserver - name: Print Overview agnosticd_user_info: msg: "{{ item }}" loop: - "Openshift Master Console: {{ webconsole }}" - "Openshift API for command line 'oc' client: {{ r_showserver.stdout | trim }}" - "Download oc client from {{ ocp4_client_url }}" - name: Print Overview agnosticd_user_info: data: openshift_console_url: "{{ webconsole }}" openshift_api_url: "{{ r_showserver.stdout | trim }}" openshift_client_download_url: "{{ ocp4_client_url }}" - name: Output htpasswd agnosticd_user_info: msg: "This cluster has authentication enabled. You can use '{{ admin_user }}' with password '{{ admin_password }}' to access your cluster" data: openshift_admin_user: "{{ admin_user }}" openshift_admin_password: "{{ admin_password }}" when: - admin_password is defined - install_idm == "htpasswd" - name: Output kubeadmin agnosticd_user_info: msg: "Kubeadmin user / password: kubeadmin / {{ kubeadminr.content | b64decode }}" data: openshift_kubeadmin_password: "{{ kubeadminr.content | b64decode }}" when: >- install_idm is not defined or install_idm != "htpasswd" - name: Print SSH warning agnosticd_user_info: msg: "{{ item }}" loop: - "" - "You *CANNOT* SSH into this environment" when: not install_student_user | bool always: - name: Delete deployinprogress lock file file: path: /tmp/deployinprogress state: absent - name: Step 00xxxxx software hosts: localhost gather_facts: false become: false tasks: # NOT Pre-installed - when: - not install_ocp4 | bool - student_access_key_id is defined - student_secret_access_key is defined block: - name: Print Student aws access as user.info agnosticd_user_info: msg: "{{ item }}" loop: - "Top level domain: {{ subdomain_base_suffix }}" - "" - "WARNING: with great power comes great responsibility. We monitor usage." - "Your AWS programmatic access:" - "aws_access_key_id = {{ student_access_key_id }}" - "aws_secret_access_key = {{ student_secret_access_key }}" - name: Set aws access user data agnosticd_user_info: data: subdomain_base_suffix: "{{ subdomain_base_suffix }}" aws_access_key_id: "{{ student_access_key_id }}" aws_secret_access_key: "{{ student_secret_access_key }}" - when: - install_student_user | bool - student_name is defined - student_password is defined or hostvars[groups.bastions.0].student_password is defined block: - name: Print Student SSH access as user.info agnosticd_user_info: msg: "{{ item }}" data: student_ssh_command: >- ssh {{ student_name }}@bastion.{{ guid }}{{ subdomain_base_suffix }} loop: - "" - "SSH Access: ssh {{ student_name }}@bastion.{{ guid }}{{ subdomain_base_suffix }}" - name: Print Student SSH password as user.info agnosticd_user_info: msg: "SSH password: {{ student_ssh_password }}" data: student_ssh_password: "{{ student_ssh_password }}" vars: student_ssh_password: >- {{ student_password | default(hostvars[groups.bastions.0].student_password) }} when: print_student_password | default(true) | bool