---
- name: is there already a subscription?
k8s_info:
kubeconfig: "{{ ansible_facts['user_dir'] }}/kubeconfig-ocp4"
validate_certs: no
api_version: operators.coreos.com/v1alpha1
kind: subscription
namespace: rhacs
name: rhacs
register: sub
- name: oi - is there already an operator?
k8s_info:
kubeconfig: "{{ ansible_facts['user_dir'] }}/kubeconfig-ocp4"
validate_certs: no
api_version: operators.coreos.com/v1alpha1
kind: clusterserviceversion
name: "{{ sub.resources[0].status.installedCSV }}"
namespace: rhacs
register: csv
when:
- sub.resources is defined
- (sub.resources | length) > 0
- sub.resources[0].spec.name == "rhacs-operator"
- sub.resources[0].status.installedCSV is defined
- name: assert csv is there
set_fact:
csv_is_there: true
- name: reset the above fact if not the case
set_fact:
csv_is_there: false
when: (csv is not defined) or (csv.resources is not defined) or (csv.resources | length == 0) or (csv.resources[0].status.phase != "Succeeded")
- name: is there a central pod?
k8s_info:
kubeconfig: "{{ ansible_facts['user_dir'] }}/kubeconfig-ocp4"
validate_certs: no
api_version: v1
kind: pod
namespace: rhacs
label_selectors:
- app=central
register: central
- name: assert central is there
set_fact:
central_is_there: true
- name: reset the above fact if not the case
set_fact:
central_is_there: false
when: (central is not defined) or (central.resources is not defined) or (central.resources | length == 0) or (central.resources[0].status.phase != "Running")
- name: create ns, og, and sub
kubernetes.core.k8s:
kubeconfig: "{{ ansible_facts['user_dir'] }}/kubeconfig-ocp4"
validate_certs: no
template: templates/central-ns-and-sub.yml
when: not csv_is_there
- name: wait until csv is there and ready
k8s_info:
kubeconfig: "{{ ansible_facts['user_dir'] }}/kubeconfig-ocp4"
validate_certs: no
api_version: operators.coreos.com/v1alpha1
kind: clusterserviceversion
name: rhacs-operator.v{{ acs_z }}
namespace: rhacs
when: not csv_is_there
register: csv
until: (csv.resources | length) > 0 and csv.resources[0].status.phase == "Succeeded"
retries: 30
delay: 5
- name: deploy cr
kubernetes.core.k8s:
kubeconfig: "{{ ansible_facts['user_dir'] }}/kubeconfig-ocp4"
validate_certs: no
src: files/central-cr.yml
when: not central_is_there
- name: wait for central pod to be up
k8s_info:
kubeconfig: "{{ ansible_facts['user_dir'] }}/kubeconfig-ocp4"
validate_certs: no
api_version: v1
kind: pod
namespace: rhacs
label_selectors:
- app=central
when: not central_is_there
register: central
until: (central.resources | length) > 0 and central.resources[0].status.phase == "Running"
retries: 30
delay: 5
- name: look up route
k8s_info:
kubeconfig: "{{ ansible_facts['user_dir'] }}/kubeconfig-ocp4"
validate_certs: no
api_version: route.openshift.io/v1
kind: route
namespace: rhacs
name: central
register: central_route
- assert:
that: central_route.resources | length > 0
fail_msg: "ERROR: Central seems to be there, but route is not present."
success_msg: "OK, got route to Central."
- name: store route hostname as fact
set_fact:
central_ep: "{{ central_route.resources[0].spec.host }}"
- name: store the api endpoint in a file
copy:
dest: "{{ ansible_facts['user_dir'] }}/api-endpoint"
content: "{{ central_ep }}:443"
- name: look up secret
k8s_info:
kubeconfig: "{{ ansible_facts['user_dir'] }}/kubeconfig-ocp4"
validate_certs: no
api_version: v1
kind: secret
namespace: rhacs
name: central-htpasswd
register: central_secret
- assert:
that: central_secret.resources | length > 0
fail_msg: "ERROR: Central seems to be there, but auth secret is not present."
success_msg: "OK, got secret to Central."
- name: store central pass as fact
set_fact:
central_pass: "{{ central_secret.resources[0].data.password }}"
- name: store the password in a file
copy:
dest: "{{ ansible_facts['user_dir'] }}/api-password"
content: "{{ central_pass | string | b64decode }}"
- name: wait for central to be up
uri:
method: GET
force_basic_auth: true
return_content: true
validate_certs: false
url: "https://{{ central_ep }}/v1/centralhealth/upgradestatus"
url_username: admin
url_password: "{{ central_pass | string | b64decode }}"
headers:
Accept: application/json
Content-Type: application/json
register: central_status
until: central_status.status == 200
retries: 30
delay: 5
- name: does a token exist?
uri:
method: GET
force_basic_auth: true
return_content: true
validate_certs: false
url: "https://{{ central_ep }}/v1/apitokens?revoked=false"
url_username: admin
url_password: "{{ central_pass | string | b64decode }}"
headers:
Accept: application/json
Content-Type: application/json
register: token_list
- name: generate an api token
uri:
method: POST
force_basic_auth: true
return_content: true
validate_certs: false
url: "https://{{ central_ep }}/v1/apitokens/generate"
url_username: admin
url_password: "{{ central_pass | string | b64decode }}"
body_format: json
body: '{"name":"automation","role":null,"roles":["Admin"]}'
headers:
Accept: application/json
Content-Type: application/json
register: api_token
when: (token_list.json.tokens | items2dict(key_name='name', value_name='revoked'))["automation"] is not defined
- name: store api token in a file
copy:
dest: "{{ ansible_facts['user_dir'] }}/api-token"
content: "{{ api_token.json.token }}"
owner: "{{ ansible_user }}"
group: "{{ ansible_user }}"
mode: 0600
when: (api_token.skipped is not defined) or (not api_token.skipped)
- name: check if policies have been stored
stat:
path: "{{ ansible_facts['user_dir'] }}/api-policies"
register: default_policy_file
- name: get a list of default policies for later reference
uri:
method: GET
return_content: true
validate_certs: false
url: "https://{{ central_ep }}/v1/policies"
headers:
Accept: application/json
Authorization: Bearer {{ api_token.json.token }}
register: default_policies
when:
- default_policy_file.stat is defined
- not default_policy_file.stat.exists
- name: store default policies in a file
copy:
dest: "{{ ansible_facts['user_dir'] }}/api-policies"
content: "{{ default_policies.json }}"
owner: "{{ ansible_user }}"
group: "{{ ansible_user }}"
mode: 0600
when: (default_policies.skipped is not defined) or (not default_policies.skipped)
...