--- - name: Pre-flight checks only. hosts: workstation.lab.example.com gather_subset: min become: no tasks: # Deploy packages. - include_role: name: install-packages apply: tags: - install tags: - install # Get auth info, check cluster comms. - include_role: name: check-env apply: tags: - check tags: - check # THIS MUST BE APPLIED BEFORE FIX OPERATORS! - include_role: name: remove-operators apply: tags: - prep - remove loop: "{{ removed_operators }}" loop_control: loop_var: role tags: - prep - remove # Fix the operator catalog sources. - include_role: name: fix-operators apply: tags: - prep - fix tags: - prep - fix # Re-apply any operators that have had their catalog sources changed and install new ones. - include_role: name: deploy-operators apply: tags: - prep - deploy loop: "{{ added_operators }}" loop_control: loop_var: role tags: - prep - deploy # Apply some labels to nodes. - include_role: name: apply-node-labels apply: tags: - prep - setup - labels tags: - prep - setup - labels # Ensure RBAC resources (ClusterRoles and global Groups) are there. - include_role: name: setup-rbac apply: tags: - prep - setup - rbac tags: - prep - setup - rbac # Ensure a Keycloak is there (use rhbk_state=absent var to remove). - include_role: name: deploy-rhbk apply: tags: - prep - setup - sso tags: - prep - setup - sso # Ensure OpenShift OAuth is using the Keycloak. - include_role: name: setup-auth apply: tags: - prep - setup - auth tags: - prep - setup - auth # TODO: enable user workload monitoring # TODO: deploy grafana (?) # TODO: deploy logging (?) # TODO: logging requires minio # TODO: create a private network (nmstate + bridges?) # TODO: apply ichp_infra: true labels to projects # Some additional configuration for infra. - name: Ensure HAProxy on utility does not forward plaintext HTTP to OpenShift. hosts: utility.lab.example.com gather_subset: min become: yes tasks: - include_role: name: setup-ingress apply: tags: - prep - ingress tags: - prep - ingress ...