---
# some data sanity checks
- assert:
that: cluster is defined
fail_msg: "ERROR: Variable cluster is not defined, but is required."
success_msg: "OK, cluster is defined - federating {{ cluster }}"
- assert:
that: clusters is defined and (clusters.keys() | length) > 0 and clusters[cluster] is defined
fail_msg: "ERROR: Variable clusters is not defined or is missing cluster {{ cluster }}, but is required."
success_msg: "OK, clusters are defined and cluster is found."
- assert:
that: api_ep is defined
fail_msg: "ERROR: Variable api_ep is not defined, but is required."
success_msg: "OK, api_ep is defined."
- assert:
that: api_token is defined
fail_msg: "ERROR: Variable api_token is not defined, but is required."
success_msg: "OK, api_token is defined."
# is there anything to do?
- name: check for cluster definitions in central
uri:
method: GET
return_content: true
validate_certs: false
url: "https://{{ api_ep }}/v1/clusters"
headers:
Authorization: Bearer {{ api_token }}
Accept: application/json
register: cluster_query
- name: assume cluster isn't found in the result
set_fact:
cluster_found: false
- name: unless found
set_fact:
cluster_found: true
when:
- cluster_query.json.clusters | length > 0
- (cluster_query.json.clusters | items2dict(key_name='name', value_name='status'))[clusters[cluster].name] is defined
- ((cluster_query.json.clusters | items2dict(key_name='name', value_name='status'))[clusters[cluster].name]).sensorVersion is defined
# (this last one is because roxctl creates a cluster record but leaves its status at null until services check in)
# step 1: we could have lots of fun (authentication in place)
- include_tasks:
file: init-bundles.yml
when:
- clusters[cluster].method in ['operator', 'helm']
- not cluster_found
# no init bundles for method 'roxctl'
# step 2: there's so much we can do (not really, just make sure artifacts are either present or created)
- include_tasks:
file: "{{ clusters[cluster].method }}.yml"
when:
- not cluster_found
# step 3: there is just you and me (wait for pods to pop up)
- name: wait for sensor to show up
k8s_info:
kubeconfig: "{{ ansible_facts['user_dir'] }}/kubeconfig-{{ cluster }}"
validate_certs: no
api_version: v1
kind: pod
namespace: "{{ clusters[cluster].namespace }}"
label_selectors:
- app=sensor
register: sensor_pod
until:
- sensor_pod.resources is defined
- (sensor_pod.resources | length) > 0
retries: 30
delay: 5
- name: wait for admission-control to show up
k8s_info:
kubeconfig: "{{ ansible_facts['user_dir'] }}/kubeconfig-{{ cluster }}"
validate_certs: no
api_version: v1
kind: pod
namespace: "{{ clusters[cluster].namespace }}"
label_selectors:
- app=admission-control
register: admctl_pod
until:
- admctl_pod.resources is defined
- (admctl_pod.resources | length) > 0
retries: 30
delay: 5
- name: wait for collector to show up
k8s_info:
kubeconfig: "{{ ansible_facts['user_dir'] }}/kubeconfig-{{ cluster }}"
validate_certs: no
api_version: v1
kind: pod
namespace: "{{ clusters[cluster].namespace }}"
label_selectors:
- app=collector
register: collect_pod
until:
- collect_pod.resources is defined
- (collect_pod.resources | length) > 0
retries: 30
delay: 5
# step 4: i can give you more (any sort of corrections needed? pending pods?)
- name: any pending pods?
k8s_info:
kubeconfig: "{{ ansible_facts['user_dir'] }}/kubeconfig-{{ cluster }}"
validate_certs: no
api_version: v1
kind: pod
namespace: "{{ clusters[cluster].namespace }}"
field_selectors:
- status.phase=Pending
register: pending_pods
- name: fix pending sensor by decreasing requests
kubernetes.core.k8s_json_patch:
kubeconfig: "{{ ansible_facts['user_dir'] }}/kubeconfig-{{ cluster }}"
validate_certs: no
api_version: apps/v1
kind: deployment
name: sensor
namespace: "{{ clusters[cluster].namespace }}"
patch:
- op: replace
path: /spec/template/spec/containers/0/resources/requests/cpu
value: 750m
when:
- (pending_pods.resources | length) > 0
- pending_pods.resources[0].metadata.labels.app == 'sensor'
- name: fix pending collectors by deleting random operators
kubernetes.core.k8s:
kubeconfig: "{{ ansible_facts['user_dir'] }}/kubeconfig-{{ cluster }}"
validate_certs: no
api_version: apps/v1
kind: deployment
name: "{{ item.name }}"
namespace: "{{ item.namespace }}"
state: absent
loop:
- name: cluster-autoscaler-operator
namespace: openshift-machine-api
- name: cluster-baremetal-operator
namespace: openshift-machine-api
- name: csi-snapshot-controller-operator
namespace: openshift-cluster-storage-operator
- name: csi-snapshot-controller
namespace: openshift-cluster-storage-operator
when:
- (pending_pods.resources | length) > 0
- pending_pods.resources[0].metadata.labels.app == 'collector'
# step 5: don't you know the time has arrived (just recheck the cluster in central - it should be healthy)
- name: check that the cluster is marked as discovered
uri:
method: GET
return_content: true
validate_certs: false
url: "https://{{ api_ep }}/v1/clusters"
headers:
Authorization: Bearer {{ api_token }}
Accept: application/json
register: cluster_query_fin
until:
- cluster_query_fin.json.clusters | length > 0
- (cluster_query_fin.json.clusters | items2dict(key_name='name', value_name='status'))[clusters[cluster].name] is defined
- ((cluster_query_fin.json.clusters | items2dict(key_name='name', value_name='status'))[clusters[cluster].name]).sensorVersion is defined
retries: 30
delay: 5
...