forked from redhat-cop/agnosticd
-
Notifications
You must be signed in to change notification settings - Fork 0
/
post_software.yml
276 lines (250 loc) · 8.74 KB
/
post_software.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
---
- name: Step 00xxxxx post software
hosts: bastions
become: no
gather_facts: False
environment:
KUBECONFIG: /home/{{ remote_user }}/{{ cluster_name }}/auth/kubeconfig
tasks:
- debug:
msg: "Post-Software Steps starting"
- name: Step 003.1 Switch Registry to use NFS storage and create NFS PVs
hosts: bastions
gather_facts: false
become: true
environment:
KUBECONFIG: /home/{{ remote_user }}/{{ cluster_name }}/auth/kubeconfig
tasks:
- name: Set Ansible Python interpreter to k8s virtualenv
set_fact:
ansible_python_interpreter: /opt/virtualenvs/k8s/bin/python
- name: Configure Bastion VM Files for NFS
when: nfs_install_server | d(False) | bool
block:
- name: Create OCP Registry PV
k8s:
state: present
merge_type:
- strategic-merge
- merge
definition: "{{ lookup('template', './files/pv-registry.j2' ) | from_yaml }}"
- name: Create PVC for OCP registry
k8s:
state: present
merge_type:
- strategic-merge
- merge
definition: "{{ lookup('file', './files/pvc-registry.yaml' ) | from_yaml }}"
- name: Update OCP registry to use NFS storage instead of SWIFT
shell: "oc patch configs.imageregistry.operator.openshift.io cluster --type=json --patch '[{\"op\": \"replace\", \"path\": \"/spec/storage\", \"value\": {\"pvc\": {\"claim\": \"image-registry-storage\"}}}]'"
- name: Create PVs for user vols
k8s:
state: present
merge_type:
- strategic-merge
- merge
definition: "{{ lookup('template', './files/pv-user.j2' ) | from_yaml }}"
loop: "{{ range(1, nfs_user_vols_count)|list }}"
loop_control:
loop_var: index
- name: Step 003.2 PostSoftware flight-check
hosts: bastions
run_once: yes
gather_facts: false
become: false
tags:
- post_flight_check
tasks:
- when:
- install_ocp4 | d(False) | bool
- run_smoke_tests | d(False) | bool
environment:
KUBECONFIG: "{{ cluster_name }}/auth/kubeconfig"
ignore_errors: yes
block:
- name: Get API for command line
command: oc whoami --show-server
register: showserver
- name: Ensure web console is known
when: webconsole is not defined
block:
- name: Get console route
command: oc get route -n openshift-console console -o json
register: routeconsole
retries: 10
delay: 30
until: routeconsole is succeeded
ignore_errors: yes
- name: Set webconsole address
set_fact:
webconsole: "http://{{ routeconsole.stdout | from_json | json_query('spec.host') }}"
when: routeconsole is succeeded
- name: Check DNS webconsole
command: nslookup "{{ webconsole | urlsplit('hostname') }}"
register: checkdnswebconsole
changed_when: false
retries: 15
until: checkdnswebconsole is succeeded
delay: 30
- name: Check DNS API
command: nslookup "{{ showserver.stdout | trim | urlsplit('hostname') }}"
register: checkdnsapi
changed_when: false
- name: Webconsole
uri:
url: "{{ webconsole }}"
validate_certs: no
register: testwebconsole
retries: 5
until: testwebconsole is succeeded
delay: 60
- name: Cluster-info
command: oc cluster-info
register: clusterinfor
changed_when: false
- name: Create project
command: oc new-project postflightcheck
register: newproject
- name: New-app
command: oc new-app cakephp-mysql-persistent -n postflightcheck
register: newapp
- name: Wait for mysql
command: timeout 300 oc rollout status dc/mysql -w -n postflightcheck
register: mysqlw
changed_when: false
- name: Wait for php
command: timeout 300 oc rollout status dc/cakephp-mysql-persistent -w -n postflightcheck
register: phpw
changed_when: false
retries: 2
delay: 60
until: phpw is succeeded
- name: Get route
command: >-
oc get route
-l template=cakephp-mysql-persistent
--no-headers
-o json
-n postflightcheck
register: getroute
changed_when: false
retries: 10
delay: 5
until: getroute is succeeded
- name: Test that route is reachable
uri:
url: "http://{{ getroute.stdout|from_json|json_query('items[0].spec.host') }}"
register: testroute
retries: 15
delay: 5
until: testroute is succeeded
- name: Delete project
command: oc delete project postflightcheck
- name: Switch back to default project
command: oc project default
- debug:
msg: "{{ item }}"
loop:
- "user.info: "
- "user.info: Post Flight Check"
- "user.info: DNS Web Console ............... {{ 'OK' if checkdnswebconsole.rc == 0 else 'FAIL' }}"
- "user.info: DNS API ....................... {{ 'OK' if checkdnsapi.rc == 0 else 'FAIL' }}"
- "user.info: Web console ................... {{ 'OK' if testwebconsole is succeeded else 'FAIL' }}"
- "user.info: API ........................... {{ 'OK' if clusterinfor.rc == 0 else 'FAIL' }}"
- "user.info: Create Project with PV ........ {{ 'OK' if newproject.rc == 0 else 'FAIL' }}"
- "user.info: App deployed .................. {{ 'OK' if phpw.rc == 0 and mysqlw.rc == 0 else 'FAIL' }}"
- "user.info: Route ......................... {{ 'OK' if testroute is succeeded else 'FAIL' }}"
- name: Fail smoke tests
when:
- run_smoke_tests | d(False) | bool
- >-
checkdnswebconsole.rc != 0
or checkdnsapi.rc != 0
or testwebconsole is failed
or clusterinfor.rc != 0
or newproject.rc != 0
or phpw.rc != 0
or mysqlw.rc != 0
or testroute is failed
fail:
msg: "FAIL Smoke tests"
ignore_errors: no
# Deploy Workloads
- name: Step 003.3 Deploy Default, Infra and Student Workloads
import_playbook: workloads.yml
# Workarounds to enable cluster shutdown before 24h are over
- name: Step 003.4 Enable Cluster Shutdown and Resume
hosts: bastions
run_once: yes
gather_facts: false
become: false
environment:
KUBECONFIG: /home/{{ remote_user }}/{{ cluster_name }}/auth/kubeconfig
tasks:
- when:
- install_ocp4 | d(False) | bool
- ocp4_enable_cluster_shutdown | d(True) | bool
block:
- name: Set Ansible Python interpreter to k8s virtualenv
set_fact:
ansible_python_interpreter: /opt/virtualenvs/k8s/bin/python
- name: Create Daemon Set to renew Bootstrap Credentials
k8s:
state: present
merge_type:
- strategic-merge
- merge
definition: "{{ lookup('file', './files/kubelet-bootstrap-cred-manager-ds.yaml' ) | from_yaml }}"
- name: Delete initial Bootstrap Secrets to force regeneration
k8s:
state: absent
api_version: v1
kind: Secret
name: "{{ item }}"
namespace: openshift-kube-controller-manager-operator
loop:
- "csr-signer-signer"
- "csr-signer"
# The next tasks are to fix the bug fixed in https://github.com/openshift/cluster-kube-controller-manager-operator/pull/305
# Also the operator dealing with prometheus adapters doesn't watch the certificates.
# Need to force it to reconcile
# Next bit doesn't seem to work on OCP 4.3. Disable for now and investigate...
# - name: Wait 15 seconds before next command
# pause:
# seconds: 15
# - name: Get Config Map Definition
# shell: oc get configmap extension-apiserver-authentication -n kube-system -o yaml >/tmp/extension-apiserver-authentication.yaml
# - name: Add an empty line to config map file
# lineinfile:
# path: /tmp/extension-apiserver-authentication.yaml
# firstmatch: true
# insertafter: '-----END CERTIFICATE-----'
# line: ''
# - name: Update Config Map with new file
# k8s:
# state: present
# src: /tmp/extension-apiserver-authentication.yaml
- name: Step 003.5 Print Student Info
hosts: localhost
gather_facts: false
become: false
tasks:
- name: Store bastion hostname as a fact
set_fact:
bastion_hostname: "{{groups['bastions'].0 }}"
- name: print out user.info
debug:
msg: "{{ item }}"
loop:
- "user.info: You can access your bastion via SSH:"
- "user.info: ssh {{ student_name }}@bastion.{{ guid }}.{{ cluster_dns_zone }}"
- "user.info: "
- "user.info: Make sure you use the username '{{ student_name }}' and the password '{{ hostvars[bastion_hostname]['student_password'] }}' when prompted."
- name: Step 003.6 Tell CloudForms we are done
hosts: localhost
run_once: yes
gather_facts: false
become: false
tasks:
- debug:
msg: "Post-Software checks completed successfully"