--- - name: Pre-flight checks only. hosts: workstation.lab.example.com gather_subset: min become: no tasks: # Deploy packages, get auth info, etc. - include_role: name: check-env apply: tags: - check tags: - check # THIS MUST BE BEFORE FIX OPERATORS! - include_role: name: remove-operators apply: tags: - prep - remove loop: "{{ removed_operators }}" loop_control: loop_var: role tags: - prep - remove # Fix the operator catalog sources. - include_role: name: fix-operators apply: tags: - prep - fix tags: - prep - fix # Re-apply any operators that have had their catalog sources changed. - include_role: name: deploy-operators apply: tags: - prep - deploy loop: "{{ added_operators }}" loop_control: loop_var: role tags: - prep - deploy # Ensure RBAC resources (ClusterRoles and Groups) are there. - include_role: name: setup-rbac apply: tags: - prep - setup tags: - prep - setup # Ensure a Keycloak is there. - include_role: name: deploy-rhbk apply: tags: - prep - sso tags: - prep - sso # Ensure OpenShift OAuth is using the Keycloak. - include_role: name: setup-auth apply: tags: - prep - auth tags: - prep - auth # Some additional configuration for infra. - name: Ensure HAProxy on utility does not forward plaintext HTTP to OpenShift. hosts: utility.lab.example.com gather_subset: min become: yes tasks: - include_role: name: setup-ingress apply: tags: - prep - ingress tags: - prep - ingress ...