--- - name: Pre-flight checks only. hosts: workstation.lab.example.com gather_subset: min become: no tasks: # Deploy packages. - include_role: name: install-packages apply: tags: - install tags: - install # Get auth info, check cluster comms. - include_role: name: check-env apply: tags: - check tags: - check # THIS MUST BE APPLIED BEFORE FIX OPERATORS! - include_role: name: remove-operators apply: tags: - prep - remove loop: "{{ removed_operators }}" loop_control: loop_var: role tags: - prep - remove # Fix the operator catalog sources. - include_role: name: fix-operators apply: tags: - prep - fix tags: - prep - fix # Re-apply any operators that have had their catalog sources changed. - include_role: name: deploy-operators apply: tags: - prep - deploy loop: "{{ added_operators }}" loop_control: loop_var: role tags: - prep - deploy # Ensure RBAC resources (ClusterRoles and global Groups) are there. - include_role: name: setup-rbac apply: tags: - prep - setup tags: - prep - setup # Ensure a Keycloak is there (use rhbk_state=absent var to remove). - include_role: name: deploy-rhbk apply: tags: - prep - sso tags: - prep - sso # Ensure OpenShift OAuth is using the Keycloak. - include_role: name: setup-auth apply: tags: - prep - auth tags: - prep - auth # TODO: enable user workload monitoring # TODO: deploy grafana (?) # TODO: deploy logging (?) # TODO: logging requires minio # TODO: label infra projects with ichp_infra: "true" # TODO: label nodes with k8s.ovn.org/egress-assignable= # TODO: define egress IP range somewhere (?) # TODO: create a private network (nmstate + bridges?) # Some additional configuration for infra. - name: Ensure HAProxy on utility does not forward plaintext HTTP to OpenShift. hosts: utility.lab.example.com gather_subset: min become: yes tasks: - include_role: name: setup-ingress apply: tags: - prep - ingress tags: - prep - ingress ...