forked from redhat-cop/agnosticd
-
Notifications
You must be signed in to change notification settings - Fork 0
/
post_software.yml
224 lines (203 loc) · 7 KB
/
post_software.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
---
- name: Step 005 - Post software
hosts: bastions
become: false
gather_facts: false
environment:
KUBECONFIG: /home/{{ ansible_user }}/{{ cluster_name }}/auth/kubeconfig
tasks:
- debug:
msg: "Post-Software Steps starting"
- name: Set Ansible Python interpreter to k8s virtualenv
set_fact:
ansible_python_interpreter: /opt/virtualenvs/k8s/bin/python
- name: Setup cluster-admin service account
when: openshift_cluster_admin_service_account_enable | bool
include_role:
name: openshift_cluster_admin_service_account
# Deploy Workloads
- name: Step 005.2 - Deploy Infra and Student Workloads
import_playbook: workloads.yml
# Workarounds to enable cluster shutdown before 24h are over
- name: Step 005.3 - Enable Cluster Shutdown and Resume
hosts: bastions
run_once: true
gather_facts: false
become: false
environment:
KUBECONFIG: /home/{{ ansible_user }}/{{ cluster_name }}/auth/kubeconfig
tasks:
- when:
- install_ocp4 | default( false ) | bool
- ocp4_enable_cluster_shutdown | default( false ) | bool
block:
- name: Create Daemon Set to renew Bootstrap Credentials
k8s:
state: present
definition: "{{ lookup('file', './files/kubelet-bootstrap-cred-manager-ds.yaml' ) | from_yaml }}"
- name: Delete initial Bootstrap Secrets to force regeneration
k8s:
state: absent
api_version: v1
kind: Secret
name: "{{ item }}"
namespace: openshift-kube-controller-manager-operator
loop:
- "csr-signer-signer"
- "csr-signer"
- name: Step 005.4 Run performance test (optional)
hosts: bastions
gather_facts: false
become: false
environment:
KUBECONFIG: /home/{{ ansible_user }}/{{ cluster_name }}/auth/kubeconfig
tasks:
- name: Run fio tests for etcd performance
when: test_deploy_results | default( false ) | bool
block:
- name: Get metadata.json
stat:
path: /home/{{ ansible_user }}/{{ cluster_name }}/metadata.json
register: r_metadata
- name: Get the infra ID
shell: jq -r .infraID /home/{{ ansible_user }}/{{ cluster_name }}/metadata.json
register: r_infra_id
when: r_metadata.stat.exists
- name: create fio testing project
k8s:
name: fio-test
api_version: v1
kind: Namespace
state: present
- name: give default sa privileged scc
shell: oc adm policy add-scc-to-user privileged system:serviceaccount:fio-test:default
- name: run job pod with fio-etcd-osp container
k8s:
state: present
definition: "{{ lookup('template', './files/fio-test-job.yaml.j2') }}"
vars:
INFRA_ID: "{{ r_infra_id.stdout }}"
- name: Wait for job if defined (1h max)
when: test_deploy_runs is defined
block:
- name: Check on status of job
k8s_info:
api_version: batch/v1
kind: Job
name: fio-test
namespace: fio-test
register: r_fio_test_job
retries: 60
delay: 60
until: r_fio_test_job.resources[0].status.conditions | json_query(fio_query) | bool
vars:
fio_query: >-
[?type=='Complete'].status[] | [0]
INFRA_ID: "{{ r_infra_id.stdout }}"
- name: Remove job
k8s:
name: fio-test
kind: Job
api_version: batch/v1
namespace: fio-test
state: absent
- name: Remove fio testing project
k8s:
name: fio-test
kind: Namespace
api_version: v1
state: absent
- name: Step 005.5 Remove credentials from bastion
hosts: bastions
gather_facts: false
become: false
tasks:
- name: Remove AWS Credentials from bastion
when: cloud_provider == 'ec2'
block:
- name: Remove AWS credentials file
file:
path: "/home/{{ ansible_user }}/.aws/credentials"
state: absent
- name: Create AWS credentials file with Route53 credentials for certificate renewals
when: '"ocp4_workload_le_certificates" in infra_workloads'
blockinfile:
dest: "~/.aws/credentials"
create: true
content: |
[default]
# {{ hostvars.localhost.route53user }}
# Route53 credentials for Certbot Let's Encrypt renewal
aws_access_key_id = {{ hostvars.localhost.route53user_access_key }}
aws_secret_access_key = {{ hostvars.localhost.route53user_secret_access_key }}
- name: Remove Azure Credentials directory from bastion
when: cloud_provider == 'azure'
file:
path: "/home/{{ ansible_user }}/.azure"
state: absent
- name: Remove the openshift-installer GCP Credentials directory from bastion
when: cloud_provider == 'gcp'
file:
path: "/home/{{ ansible_user }}/.gcp"
state: absent
- name: Remove gcloud CLI Credentials directory from bastion
when: cloud_provider == 'gcp'
file:
path: "/home/{{ ansible_user }}/.config/gcloud"
state: absent
- name: Step 005.6 Print Student Info
hosts: localhost
gather_facts: false
become: false
tasks:
- name: Report Access Information
when:
- install_student_user | bool
- ocp4_cluster_show_access_user_info | bool
vars:
_bastion_inventory_name: "{{ groups['bastions'][0] }}"
_bastion_ssh_password: "{{ hostvars[bastion_hostname]['student_password'] }}"
_kubeadmin_password: "{{ hostvars[bastion_hostname]['kubeadmin_password']['content'] | b64decode }}"
block:
- name: Set Bastion Hostname (EC2)
when:
- cloud_provider == 'ec2'
set_fact:
_bastion_public_hostname: "{{ hostvars[_bastion_inventory_name].shortname }}.{{ guid }}{{ subdomain_base_suffix }}"
- name: Set Bastion Hostname (GCP)
when: cloud_provider == "azure" or cloud_provider == "gcp"
set_fact:
_bastion_public_hostname: "bastion.{{ guid }}.{{ ocp4_base_domain }}."
- name: Set Bastion Hostname (Other)
when:
- _bastion_public_hostname is not defined
set_fact:
_bastion_public_hostname: "{{ hostvars[_bastion_inventory_name].shortname }}.{{ guid }}.{{ ocp4_base_domain }}"
- name: Print access user info
agnosticd_user_info:
data:
bastion_public_hostname: "{{ _bastion_public_hostname }}"
bastion_ssh_password: "{{ _bastion_ssh_password }}"
bastion_ssh_user_name: "{{ student_name }}"
msg: |
You can access your bastion via SSH:
ssh {{ student_name }}@{{ _bastion_public_hostname }}
Make sure you use the username '{{ student_name }}' and the password '{{ _bastion_ssh_password }}' when prompted.
- name: Step 005.7 Clean up
hosts: localhost
gather_facts: false
become: false
tasks:
- name: Remove Google Cloud SDK
when: cloud_provider == "gcp"
file:
path: "{{ output_dir }}/google-cloud-sdk"
state: absent
- name: Step 005.7 Tell CloudForms we are done
hosts: localhost
run_once: true
gather_facts: false
become: false
tasks:
- debug:
msg: "Post-Software checks completed successfully"