--- # Start / Stop Logic for OCP 4 Clusters - import_playbook: ../../setup_runtime.yml - name: Build inventory hosts: localhost connection: local gather_facts: false become: false tasks: - when: cloud_provider == 'ec2' block: - name: Run infra-ec2-create-inventory Role include_role: name: infra-ec2-create-inventory - name: Run Common SSH Config Generator Role include_role: name: infra-common-ssh-config-generate when: "'bastions' in groups" - name: Set ansible_ssh_extra_args hosts: - all:!windows:!network gather_facts: false any_errors_fatal: true ignore_errors: false tasks: - name: Set facts for remote access set_fact: ansible_ssh_extra_args: >- {{ ansible_ssh_extra_args|d() }} -F {{hostvars.localhost.output_dir}}/{{ env_type }}_{{ guid }}_ssh_conf - name: Run stop/start/status/... actions hosts: localhost connection: local gather_facts: False become: no tasks: - name: Check for project_tag when: project_tag is not defined or project_tag == '' fail: msg: "project_tag is not defined" - name: Check for ACTION when: ACTION is not defined fail: msg: "ACTION is not defined" - name: Start / Stop VMs on AWS when: - cloud_provider == 'ec2' - guid is defined - guid != '' - guid != '*' environment: AWS_ACCESS_KEY_ID: "{{aws_access_key_id}}" AWS_SECRET_ACCESS_KEY: "{{aws_secret_access_key}}" AWS_DEFAULT_REGION: "{{aws_region_final|d(aws_region)}}" block: - name: Stop instances by (guid,env_type) tags when: ACTION == 'stop' ec2_instance: state: stopped wait: "{{ aws_instance_wait_for_stop | default(false) }}" filters: "tag:guid": "{{ guid }}" "tag:env_type": "{{ env_type }}" instance-state-name: running - name: Start instances by (guid, env_type) tags when: ACTION == 'start' ec2_instance: state: started wait: true filters: "tag:guid": "{{ guid }}" "tag:env_type": "{{ env_type }}" instance-state-name: stopped - when: ACTION == 'status' block: - name: Get EC2 facts using (guid, env_type) tag ec2_instance_facts: filters: "tag:guid": "{{ guid }}" "tag:env_type": "{{ env_type }}" register: r_instances - name: Print status information to a file template: dest: "{{ output_dir }}/status.txt" src: files/status.j2 - name: Run recover cluster actions hosts: bastions run_once: true become: false gather_facts: false tasks: - name: Set Ansible Python interpreter to k8s virtualenv set_fact: ansible_python_interpreter: /opt/virtualenvs/k8s/bin/python - name: Recover cluster if it missed cert rotation when: ACTION == 'start' block: - name: Wait (default 3m) for Nodes to settle and pods to start pause: seconds: "{{ lifecycle_start_pause | default(180) }}" - name: Get CSRs that need to be approved k8s_facts: api_version: certificates.k8s.io/v1beta1 kind: CertificateSigningRequest # Field selectors don't seem to work # field_selectors: # - status.conditions[0].type="Pending" register: r_csrs - name: Approve all Pending CSRs when: r_csrs.resources | length > 0 command: "oc adm certificate approve {{ item.metadata.name }}" loop: "{{ r_csrs.resources }}" # TODO: Implement proper loop to watch for incoming CSRS while we are # approving them. For now, this is a workaround, just wait and re-approve. - name: Wait 10s for additional CSRs to appear pause: seconds: 10 - name: Get additional CSRs that need to be approved k8s_facts: api_version: certificates.k8s.io/v1beta1 kind: CertificateSigningRequest # Field selectors don't seem to work # field_selectors: # - status.conditions[0].type = "Pending" register: r_new_csrs - name: Approve all additional Pending CSRs when: r_new_csrs.resources | length > 0 command: "oc adm certificate approve {{ item.metadata.name }}" loop: "{{ r_new_csrs.resources }}"