rht
/
acs-playbooks


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188
							---
- name: is there already a subscription?
  k8s_info:
    kubeconfig: "{{ ansible_facts['user_dir'] }}/kubeconfig-ocp4"
    validate_certs: no
    api_version: operators.coreos.com/v1alpha1
    kind: subscription
    namespace: rhacs
    name: rhacs
  register: sub

- name: oi - is there already an operator?
  k8s_info:
    kubeconfig: "{{ ansible_facts['user_dir'] }}/kubeconfig-ocp4"
    validate_certs: no
    api_version: operators.coreos.com/v1alpha1
    kind: clusterserviceversion
    name: "{{ sub.resources[0].status.installedCSV }}"
    namespace: rhacs
  register: csv
  when:
    - sub.resources is defined
    - (sub.resources | length) > 0
    - sub.resources[0].spec.name == "rhacs-operator"
    - sub.resources[0].status.installedCSV is defined

- name: assert csv is there
  set_fact:
    csv_is_there: true

- name: reset the above fact if not the case
  set_fact:
    csv_is_there: false
  when: (csv is not defined) or (csv.resources | length == 0) or (csv.resources[0].status.phase != "Succeeded")

- name: is there a central pod?
  k8s_info:
    kubeconfig: "{{ ansible_facts['user_dir'] }}/kubeconfig-ocp4"
    validate_certs: no
    api_version: v1
    kind: pod
    namespace: rhacs
    label_selectors:
      - app = central
  register: central

- name: assert central is there
  set_fact:
    central_is_there: true

- name: reset the above fact if not the case
  set_fact:
    central_is_there: false
  when: (central is not defined) or (central.resources | length == 0) or (central.resources[0].status.phase != "Running")

#- name: is there anyone home at the api endpoint?

- name: create ns, og, and sub
  kubernetes.core.k8s:
    kubeconfig: "{{ ansible_facts['user_dir'] }}/kubeconfig-ocp4"
    validate_certs: no
    template: templates/central-ns-and-sub.yml
  when: not csv_is_there

- name: wait until csv is there and ready
  k8s_info:
    kubeconfig: "{{ ansible_facts['user_dir'] }}/kubeconfig-ocp4"
    validate_certs: no
    api_version: operators.coreos.com/v1alpha1
    kind: clusterserviceversion
    name: rhacs-operator.v{{ acs_z }}
    namespace: rhacs
  when: not csv_is_there
  register: csv
  until: (csv.resources | length) > 0 and csv.resources[0].status.phase == "Succeeded"
  retries: 30
  delay: 5

- name: deploy cr
  kubernetes.core.k8s:
    kubeconfig: "{{ ansible_facts['user_dir'] }}/kubeconfig-ocp4"
    validate_certs: no
    src: files/central-cr.yml
  when: not central_is_there

- name: wait for central pod to be up
  k8s_info:
    kubeconfig: "{{ ansible_facts['user_dir'] }}/kubeconfig-ocp4"
    validate_certs: no
    api_version: v1
    kind: pod
    namespace: rhacs
    label_selectors:
      - app = central
  when: not central_is_there
  register: central
  until: (central.resources | length) > 0 and central.resources[0].status.phase == "Running"
  retries: 30
  delay: 5

- name: look up route
  k8s_info:
    kubeconfig: "{{ ansible_facts['user_dir'] }}/kubeconfig-ocp4"
    validate_certs: no
    api_version: route.openshift.io/v1
    kind: route
    namespace: rhacs
    name: central
  register: central_route

- assert:
    that: central_route.resources | length > 0
    fail_msg: "ERROR: Central seems to be there, but route is not present."
    success_msg: "OK, got route to Central."

- name: store route hostname as fact
  set_fact:
    central_ep: "{{ central_route.resources[0].spec.host }}"

- name: store the api endpoint in a file
  copy:
    dest: "{{ ansible_facts['user_dir'] }}/api-endpoint"
    content: "{{ central_ep }}:443"

- name: look up secret
  k8s_info:
    kubeconfig: "{{ ansible_facts['user_dir'] }}/kubeconfig-ocp4"
    validate_certs: no
    api_version: v1
    kind: secret
    namespace: rhacs
    name: central-htpasswd
  register: central_secret

- assert:
    that: central_secret.resources | length > 0
    fail_msg: "ERROR: Central seems to be there, but auth secret is not present."
    success_msg: "OK, got secret to Central."

- name: store central pass as fact
  set_fact:
    central_pass: "{{ central_secret.resources[0].data.password }}"

- name: store the password in a file
  copy:
    dest: "{{ ansible_facts['user_dir'] }}/api-password"
    content: "{{ central_pass | string | b64decode }}"

- name: does a token exist?
  uri:
    method: GET
    force_basic_auth: true
    return_content: true
    validate_certs: false
    url: "https://{{ central_ep }}/v1/apitokens"
    url_username: admin
    url_password: "{{ central_pass | string | b64decode }}"
    headers:
      Accept: application/json
      Content-Type: application/json
  register: token_list

- name: generate an api token
  uri:
    method: POST
    force_basic_auth: true
    return_content: true
    validate_certs: false
    url: "https://{{ central_ep }}/v1/apitokens/generate"
    url_username: admin
    url_password: "{{ central_pass | string | b64decode }}"
    body: '{"name":"automation","role":null,"roles":["Admin"]}'
    headers:
      Accept: application/json
      Content-Type: application/json
  register: api_token
  when: (token_list.json.tokens | items2dict(key_name='name', value_name='revoked'))["automation"] is not defined

- name: store api token in a file
  copy:
    dest: "{{ ansible_facts['user_dir'] }}/api-token"
    content: "{{ api_token.json.token }}"
  when: not api_token.skipped

#- name: take a policy backup (for later)
## XXX can't delete system policies XXX
#
...