rht
/
ocp-ing-ichp-materials


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114
							---
- name: Pre-flight checks only.
  hosts: workstation.lab.example.com
  gather_subset: min
  become: no
  tasks:
    # Deploy packages.
    - include_role:
        name: install-packages
        apply:
          tags:
            - install
      tags:
        - install
    # Get auth info, check cluster comms.
    - include_role:
        name: check-env
        apply:
          tags:
            - check
      tags:
        - check
    # THIS MUST BE APPLIED BEFORE FIX OPERATORS!
    - include_role:
        name: remove-operators
        apply:
          tags:
            - prep
            - remove
      loop: "{{ removed_operators }}"
      loop_control:
        loop_var: role
      tags:
        - prep
        - remove
    # Fix the operator catalog sources.
    - include_role:
        name: fix-operators
        apply:
          tags:
            - prep
            - fix
      tags:
        - prep
        - fix
    # Re-apply any operators that have had their catalog sources changed.
    - include_role:
        name: deploy-operators
        apply:
          tags:
            - prep
            - deploy
      loop: "{{ added_operators }}"
      loop_control:
        loop_var: role
      tags:
        - prep
        - deploy
    # Ensure RBAC resources (ClusterRoles and global Groups) are there.
    - include_role:
        name: setup-rbac
        apply:
          tags:
            - prep
            - setup
      tags:
        - prep
        - setup
    # Ensure a Keycloak is there (use rhbk_state=absent var to remove).
    - include_role:
        name: deploy-rhbk
        apply:
          tags:
            - prep
            - sso
      tags:
        - prep
        - sso
    # Ensure OpenShift OAuth is using the Keycloak.
    - include_role:
        name: setup-auth
        apply:
          tags:
            - prep
            - auth
      tags:
        - prep
        - auth

# TODO: enable user workload monitoring
# TODO: deploy grafana (?)
# TODO: deploy logging (?)
# TODO: logging requires minio
# TODO: label infra projects with ichp_infra: "true"
# TODO: label nodes with k8s.ovn.org/egress-assignable=
# TODO: define egress IP range somewhere (?)
# TODO: create a private network (nmstate + bridges?)

# Some additional configuration for infra.
- name: Ensure HAProxy on utility does not forward plaintext HTTP to OpenShift.
  hosts: utility.lab.example.com
  gather_subset: min
  become: yes
  tasks:
    - include_role:
        name: setup-ingress
        apply:
          tags:
            - prep
            - ingress
      tags:
        - prep
        - ingress
...