--- - name: Step 00xxxxx post software hosts: bastions become: no gather_facts: False environment: KUBECONFIG: /home/{{ remote_user }}/{{ cluster_name }}/auth/kubeconfig tasks: - debug: msg: "Post-Software Steps starting" - name: Step 003.1 Switch Registry to use NFS storage and create NFS PVs hosts: bastions gather_facts: false become: true environment: KUBECONFIG: /home/{{ remote_user }}/{{ cluster_name }}/auth/kubeconfig tasks: - name: Set Ansible Python interpreter to k8s virtualenv set_fact: ansible_python_interpreter: /opt/virtualenvs/k8s/bin/python - name: Configure Bastion VM Files for NFS when: nfs_install_server | d(False) | bool block: - name: Create OCP Registry PV k8s: state: present merge_type: - strategic-merge - merge definition: "{{ lookup('template', './files/pv-registry.j2' ) | from_yaml }}" - name: Create PVC for OCP registry k8s: state: present merge_type: - strategic-merge - merge definition: "{{ lookup('file', './files/pvc-registry.yaml' ) | from_yaml }}" - name: Update OCP registry to use NFS storage instead of SWIFT shell: "oc patch configs.imageregistry.operator.openshift.io cluster --type=json --patch '[{\"op\": \"replace\", \"path\": \"/spec/storage\", \"value\": {\"pvc\": {\"claim\": \"image-registry-storage\"}}}]'" - name: Create PVs for user vols k8s: state: present merge_type: - strategic-merge - merge definition: "{{ lookup('template', './files/pv-user.j2' ) | from_yaml }}" loop: "{{ range(1, nfs_user_vols_count)|list }}" loop_control: loop_var: index - name: Step 003.2 PostSoftware flight-check hosts: bastions run_once: yes gather_facts: false become: false tags: - post_flight_check tasks: - when: - install_ocp4 | d(False) | bool - run_smoke_tests | d(False) | bool environment: KUBECONFIG: "{{ cluster_name }}/auth/kubeconfig" ignore_errors: yes block: - name: Get API for command line command: oc whoami --show-server register: showserver - name: Ensure web console is known when: webconsole is not defined block: - name: Get console route command: oc get route -n openshift-console console -o json register: routeconsole retries: 10 delay: 30 until: routeconsole is succeeded ignore_errors: yes - name: Set webconsole address set_fact: webconsole: "http://{{ routeconsole.stdout | from_json | json_query('spec.host') }}" when: routeconsole is succeeded - name: Check DNS webconsole command: nslookup "{{ webconsole | urlsplit('hostname') }}" register: checkdnswebconsole changed_when: false retries: 15 until: checkdnswebconsole is succeeded delay: 30 - name: Check DNS API command: nslookup "{{ showserver.stdout | trim | urlsplit('hostname') }}" register: checkdnsapi changed_when: false - name: Webconsole uri: url: "{{ webconsole }}" validate_certs: no register: testwebconsole retries: 5 until: testwebconsole is succeeded delay: 60 - name: Cluster-info command: oc cluster-info register: clusterinfor changed_when: false - name: Create project command: oc new-project postflightcheck register: newproject - name: New-app command: oc new-app cakephp-mysql-persistent -n postflightcheck register: newapp - name: Wait for mysql command: timeout 300 oc rollout status dc/mysql -w -n postflightcheck register: mysqlw changed_when: false - name: Wait for php command: timeout 300 oc rollout status dc/cakephp-mysql-persistent -w -n postflightcheck register: phpw changed_when: false retries: 2 delay: 60 until: phpw is succeeded - name: Get route command: >- oc get route -l template=cakephp-mysql-persistent --no-headers -o json -n postflightcheck register: getroute changed_when: false retries: 10 delay: 5 until: getroute is succeeded - name: Test that route is reachable uri: url: "http://{{ getroute.stdout|from_json|json_query('items[0].spec.host') }}" register: testroute retries: 15 delay: 5 until: testroute is succeeded - name: Delete project command: oc delete project postflightcheck - name: Switch back to default project command: oc project default - debug: msg: "{{ item }}" loop: - "user.info: " - "user.info: Post Flight Check" - "user.info: DNS Web Console ............... {{ 'OK' if checkdnswebconsole.rc == 0 else 'FAIL' }}" - "user.info: DNS API ....................... {{ 'OK' if checkdnsapi.rc == 0 else 'FAIL' }}" - "user.info: Web console ................... {{ 'OK' if testwebconsole is succeeded else 'FAIL' }}" - "user.info: API ........................... {{ 'OK' if clusterinfor.rc == 0 else 'FAIL' }}" - "user.info: Create Project with PV ........ {{ 'OK' if newproject.rc == 0 else 'FAIL' }}" - "user.info: App deployed .................. {{ 'OK' if phpw.rc == 0 and mysqlw.rc == 0 else 'FAIL' }}" - "user.info: Route ......................... {{ 'OK' if testroute is succeeded else 'FAIL' }}" - name: Fail smoke tests when: - run_smoke_tests | d(False) | bool - >- checkdnswebconsole.rc != 0 or checkdnsapi.rc != 0 or testwebconsole is failed or clusterinfor.rc != 0 or newproject.rc != 0 or phpw.rc != 0 or mysqlw.rc != 0 or testroute is failed fail: msg: "FAIL Smoke tests" ignore_errors: no # Deploy Workloads - name: Step 003.3 Deploy Default, Infra and Student Workloads import_playbook: workloads.yml # Workarounds to enable cluster shutdown before 24h are over - name: Step 003.4 Enable Cluster Shutdown and Resume hosts: bastions run_once: yes gather_facts: false become: false environment: KUBECONFIG: /home/{{ remote_user }}/{{ cluster_name }}/auth/kubeconfig tasks: - when: - install_ocp4 | d(False) | bool - ocp4_enable_cluster_shutdown | d(True) | bool block: - name: Set Ansible Python interpreter to k8s virtualenv set_fact: ansible_python_interpreter: /opt/virtualenvs/k8s/bin/python - name: Create Daemon Set to renew Bootstrap Credentials k8s: state: present merge_type: - strategic-merge - merge definition: "{{ lookup('file', './files/kubelet-bootstrap-cred-manager-ds.yaml' ) | from_yaml }}" - name: Delete initial Bootstrap Secrets to force regeneration k8s: state: absent api_version: v1 kind: Secret name: "{{ item }}" namespace: openshift-kube-controller-manager-operator loop: - "csr-signer-signer" - "csr-signer" # The next tasks are to fix the bug fixed in https://github.com/openshift/cluster-kube-controller-manager-operator/pull/305 # Also the operator dealing with prometheus adapters doesn't watch the certificates. # Need to force it to reconcile # Next bit doesn't seem to work on OCP 4.3. Disable for now and investigate... # - name: Wait 15 seconds before next command # pause: # seconds: 15 # - name: Get Config Map Definition # shell: oc get configmap extension-apiserver-authentication -n kube-system -o yaml >/tmp/extension-apiserver-authentication.yaml # - name: Add an empty line to config map file # lineinfile: # path: /tmp/extension-apiserver-authentication.yaml # firstmatch: true # insertafter: '-----END CERTIFICATE-----' # line: '' # - name: Update Config Map with new file # k8s: # state: present # src: /tmp/extension-apiserver-authentication.yaml - name: Step 003.5 Print Student Info hosts: localhost gather_facts: false become: false tasks: - name: Store bastion hostname as a fact set_fact: bastion_hostname: "{{groups['bastions'].0 }}" - name: print out user.info debug: msg: "{{ item }}" loop: - "user.info: You can access your bastion via SSH:" - "user.info: ssh {{ student_name }}@bastion.{{ guid }}.{{ cluster_dns_zone }}" - "user.info: " - "user.info: Make sure you use the username '{{ student_name }}' and the password '{{ hostvars[bastion_hostname]['student_password'] }}' when prompted." - name: Step 003.6 Tell CloudForms we are done hosts: localhost run_once: yes gather_facts: false become: false tasks: - debug: msg: "Post-Software checks completed successfully"