| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152 |
- ---
- - name: Pre-flight checks only.
- hosts: workstation.lab.example.com
- gather_subset: min
- become: no
- tasks:
- # Deploy packages.
- - include_role:
- name: install-packages
- apply:
- tags:
- - install
- tags:
- - install
- # Get auth info, check cluster comms.
- - include_role:
- name: check-env
- apply:
- tags:
- - check
- tags:
- - check
- # THIS MUST BE APPLIED BEFORE FIX OPERATORS!
- - include_role:
- name: remove-operators
- apply:
- tags:
- - prep
- - remove
- loop: "{{ removed_operators }}"
- loop_control:
- loop_var: role
- tags:
- - prep
- - remove
- # Fix the operator catalog sources.
- - include_role:
- name: fix-operators
- apply:
- tags:
- - prep
- - fix
- tags:
- - prep
- - fix
- # Re-apply any operators that have had their catalog sources changed and install new ones.
- - include_role:
- name: deploy-operators
- apply:
- tags:
- - prep
- - deploy
- loop: "{{ added_operators }}"
- loop_control:
- loop_var: role
- tags:
- - prep
- - deploy
- # Apply some labels to nodes.
- - include_role:
- name: apply-node-labels
- apply:
- tags:
- - prep
- - setup
- - labels
- tags:
- - prep
- - setup
- - labels
- # Ensure RBAC resources (ClusterRoles and global Groups) are there.
- - include_role:
- name: setup-rbac
- apply:
- tags:
- - prep
- - setup
- - rbac
- tags:
- - prep
- - setup
- - rbac
- # Ensure a Keycloak is there (use rhbk_state=absent var to remove).
- - include_role:
- name: deploy-rhbk
- apply:
- tags:
- - prep
- - setup
- - sso
- tags:
- - prep
- - setup
- - sso
- # Ensure OpenShift OAuth is using the Keycloak.
- - include_role:
- name: setup-auth
- apply:
- tags:
- - prep
- - setup
- - auth
- tags:
- - prep
- - setup
- - auth
- # Enable user workload monitoring.
- - include_role:
- name: user-workload-monitoring
- apply:
- tags:
- - prep
- - setup
- - monitor
- tags:
- - prep
- - setup
- - monitor
- # Apply some labels to projects.
- - include_role:
- name: apply-infra-labels
- apply:
- tags:
- - prep
- - setup
- - labels
- tags:
- - prep
- - setup
- - labels
- # TODO: deploy grafana (?)
- # TODO: deploy logging (?)
- # TODO: logging requires minio
- # TODO: create a private network (nmstate + bridges?)
- # Some additional configuration for infra.
- - name: Ensure HAProxy on utility does not forward plaintext HTTP to OpenShift.
- hosts: utility.lab.example.com
- gather_subset: min
- become: yes
- tasks:
- - include_role:
- name: setup-ingress
- apply:
- tags:
- - prep
- - ingress
- tags:
- - prep
- - ingress
- ...
|
