rht
/
acs-playbooks


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241
							---
- name: is there already a subscription?
  k8s_info:
    kubeconfig: "{{ ansible_facts['user_dir'] }}/kubeconfig-ocp4"
    validate_certs: no
    api_version: operators.coreos.com/v1alpha1
    kind: subscription
    namespace: rhacs
    name: rhacs
  register: sub

- name: oi - is there already an operator?
  k8s_info:
    kubeconfig: "{{ ansible_facts['user_dir'] }}/kubeconfig-ocp4"
    validate_certs: no
    api_version: operators.coreos.com/v1alpha1
    kind: clusterserviceversion
    name: "{{ sub.resources[0].status.installedCSV }}"
    namespace: rhacs
  register: csv
  when:
    - sub.resources is defined
    - (sub.resources | length) > 0
    - sub.resources[0].spec.name == "rhacs-operator"
    - sub.resources[0].status.installedCSV is defined

- name: assert csv is there
  set_fact:
    csv_is_there: true

- name: reset the above fact if not the case
  set_fact:
    csv_is_there: false
  when: (csv is not defined) or (csv.resources is not defined) or (csv.resources | length == 0) or (csv.resources[0].status.phase != "Succeeded")

- name: is there a central pod?
  k8s_info:
    kubeconfig: "{{ ansible_facts['user_dir'] }}/kubeconfig-ocp4"
    validate_certs: no
    api_version: v1
    kind: pod
    namespace: rhacs
    label_selectors:
      - app=central
  register: central

- name: assert central is there
  set_fact:
    central_is_there: true

- name: reset the above fact if not the case
  set_fact:
    central_is_there: false
  when: (central is not defined) or (central.resources is not defined) or (central.resources | length == 0) or (central.resources[0].status.phase != "Running")

- name: create ns, og, and sub
  kubernetes.core.k8s:
    kubeconfig: "{{ ansible_facts['user_dir'] }}/kubeconfig-ocp4"
    validate_certs: no
    template: templates/central-ns-and-sub.yml
  when: not csv_is_there

- name: wait until csv is there and ready
  k8s_info:
    kubeconfig: "{{ ansible_facts['user_dir'] }}/kubeconfig-ocp4"
    validate_certs: no
    api_version: operators.coreos.com/v1alpha1
    kind: clusterserviceversion
    name: rhacs-operator.v{{ acs_z }}
    namespace: rhacs
  when: not csv_is_there
  register: csv
  until: (csv.resources | length) > 0 and csv.resources[0].status.phase == "Succeeded"
  retries: 30
  delay: 5

- name: deploy cr
  kubernetes.core.k8s:
    kubeconfig: "{{ ansible_facts['user_dir'] }}/kubeconfig-ocp4"
    validate_certs: no
    src: files/central-cr.yml
  when: not central_is_there

- name: wait for central pod to be up
  k8s_info:
    kubeconfig: "{{ ansible_facts['user_dir'] }}/kubeconfig-ocp4"
    validate_certs: no
    api_version: v1
    kind: pod
    namespace: rhacs
    label_selectors:
      - app=central
  when: not central_is_there
  register: central
  until: (central.resources | length) > 0 and central.resources[0].status.phase == "Running"
  retries: 30
  delay: 5

- name: look up route
  k8s_info:
    kubeconfig: "{{ ansible_facts['user_dir'] }}/kubeconfig-ocp4"
    validate_certs: no
    api_version: route.openshift.io/v1
    kind: route
    namespace: rhacs
    name: central
  register: central_route

- assert:
    that: central_route.resources | length > 0
    fail_msg: "ERROR: Central seems to be there, but route is not present."
    success_msg: "OK, got route to Central."

- name: store route hostname as fact
  set_fact:
    central_ep: "{{ central_route.resources[0].spec.host }}"

- name: store the api endpoint in a file
  copy:
    dest: "{{ ansible_facts['user_dir'] }}/api-endpoint"
    content: "{{ central_ep }}:443"

- name: look up secret
  k8s_info:
    kubeconfig: "{{ ansible_facts['user_dir'] }}/kubeconfig-ocp4"
    validate_certs: no
    api_version: v1
    kind: secret
    namespace: rhacs
    name: central-htpasswd
  register: central_secret

- assert:
    that: central_secret.resources | length > 0
    fail_msg: "ERROR: Central seems to be there, but auth secret is not present."
    success_msg: "OK, got secret to Central."

- name: store central pass as fact
  set_fact:
    central_pass: "{{ central_secret.resources[0].data.password }}"

- name: store the password in a file
  copy:
    dest: "{{ ansible_facts['user_dir'] }}/api-password"
    content: "{{ central_pass | string | b64decode }}"

- name: wait for central to be up
  uri:
    method: GET
    force_basic_auth: true
    return_content: true
    validate_certs: false
    url: "https://{{ central_ep }}/v1/centralhealth/upgradestatus"
    url_username: admin
    url_password: "{{ central_pass | string | b64decode }}"
    headers:
      Accept: application/json
      Content-Type: application/json
  register: central_status
  until: central_status.status == 200
  retries: 30
  delay: 5

- name: does a token exist?
  uri:
    method: GET
    force_basic_auth: true
    return_content: true
    validate_certs: false
    url: "https://{{ central_ep }}/v1/apitokens?revoked=false"
    url_username: admin
    url_password: "{{ central_pass | string | b64decode }}"
    headers:
      Accept: application/json
      Content-Type: application/json
  register: token_list

- name: generate an api token
  uri:
    method: POST
    force_basic_auth: true
    return_content: true
    validate_certs: false
    url: "https://{{ central_ep }}/v1/apitokens/generate"
    url_username: admin
    url_password: "{{ central_pass | string | b64decode }}"
    body_format: json
    body: '{"name":"automation","role":null,"roles":["Admin"]}'
    headers:
      Accept: application/json
      Content-Type: application/json
  register: api_token
  when: (token_list.json.tokens | items2dict(key_name='name', value_name='revoked'))["automation"] is not defined

- name: store api token in a file
  copy:
    dest: "{{ ansible_facts['user_dir'] }}/api-token"
    content: "{{ api_token.json.token }}"
    owner: "{{ ansible_user }}"
    group: "{{ ansible_user }}"
    mode: 0600
  when: (api_token.skipped is not defined) or (not api_token.skipped)

- name: check if policies have been stored
  stat:
    path: "{{ ansible_facts['user_dir'] }}/api-policies"
  register: default_policy_file

- name: read token if not defined
  set_fact:
    api_token:
      json:
        token: "{{ lookup('file', ansible_facts['user_dir'] + '/api-token') }}"
  when:
    - ((api_token.json is not defined) or (api_token.json.token is not defined))
    - default_policy_file.stat is defined
    - not default_policy_file.stat.exists

- name: get a list of default policies for later reference
  uri:
    method: GET
    return_content: true
    validate_certs: false
    url: "https://{{ central_ep }}/v1/policies"
    headers:
      Accept: application/json
      Authorization: Bearer {{ api_token.json.token }}
  register: default_policies
  when:
    - default_policy_file.stat is defined
    - not default_policy_file.stat.exists

- name: store default policies in a file
  copy:
    dest: "{{ ansible_facts['user_dir'] }}/api-policies"
    content: "{{ default_policies.json }}"
    owner: "{{ ansible_user }}"
    group: "{{ ansible_user }}"
    mode: 0600
  when: (default_policies.skipped is not defined) or (not default_policies.skipped)
...