blob: 4aca4daf482390f6fd0008915198d2099fb0f440 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
|
---
- name: Create persistent volumes
hosts: oo_first_master
tags:
- hosted
vars:
persistent_volumes: "{{ hostvars[groups.oo_first_master.0] | oo_persistent_volumes(groups) }}"
persistent_volume_claims: "{{ hostvars[groups.oo_first_master.0] | oo_persistent_volume_claims }}"
roles:
- role: openshift_persistent_volumes
when: persistent_volumes | length > 0 or persistent_volume_claims | length > 0
- name: Create Hosted Resources
hosts: oo_first_master
tags:
- hosted
pre_tasks:
- set_fact:
openshift_hosted_router_registryurl: "{{ hostvars[groups.oo_first_master.0].openshift.master.registry_url }}"
openshift_hosted_registry_registryurl: "{{ hostvars[groups.oo_first_master.0].openshift.master.registry_url }}"
when: "'master' in hostvars[groups.oo_first_master.0].openshift and 'registry_url' in hostvars[groups.oo_first_master.0].openshift.master"
roles:
- role: openshift_cli
- role: openshift_hosted_facts
- role: openshift_projects
# TODO: Move standard project definitions to openshift_hosted/vars/main.yml
# Vars are not accessible in meta/main.yml in ansible-1.9.x
openshift_projects: "{{ openshift_additional_projects | default({}) | oo_merge_dicts({'default':{'default_node_selector':''},'openshift-infra':{'default_node_selector':''},'logging':{'default_node_selector':''}}) }}"
- role: openshift_serviceaccounts
openshift_serviceaccounts_names:
- router
openshift_serviceaccounts_namespace: default
openshift_serviceaccounts_sccs:
- hostnetwork
when: openshift.common.version_gte_3_2_or_1_2
- role: openshift_serviceaccounts
openshift_serviceaccounts_names:
- router
- registry
openshift_serviceaccounts_namespace: default
openshift_serviceaccounts_sccs:
- privileged
when: not openshift.common.version_gte_3_2_or_1_2
- role: openshift_hosted
- role: openshift_metrics
when: openshift.hosted.metrics.deploy | bool
- role: cockpit-ui
when: openshift.common.deployment_subtype == 'registry'
- name: Configure CA certificate for secure registry
hosts: oo_nodes_to_config
tags:
- hosted
tasks:
- name: Create temp directory for kubeconfig
command: mktemp -d /tmp/openshift-ansible-XXXXXX
register: mktemp
when: openshift.common.deployment_subtype == 'registry'
changed_when: false
delegate_to: "{{ groups.oo_first_master.0 }}"
run_once: true
- set_fact:
openshift_hosted_kubeconfig: "{{ mktemp.stdout }}/admin.kubeconfig"
when: openshift.common.deployment_subtype == 'registry'
delegate_to: "{{ groups.oo_first_master.0 }}"
run_once: true
- name: Copy the admin client config(s)
command: >
cp {{ openshift.common.config_base }}/master/admin.kubeconfig {{ openshift_hosted_kubeconfig }}
when: openshift.common.deployment_subtype == 'registry'
changed_when: false
delegate_to: "{{ groups.oo_first_master.0 }}"
run_once: true
- name: Retrieve docker-registry route
command: >
{{ openshift.common.client_binary }} get route docker-registry
--template='{{ '{{' }} .spec.host {{ '}}' }}'
--config={{ openshift_hosted_kubeconfig }}
-n default
register: docker_registry_route
when: openshift.common.deployment_subtype == 'registry'
changed_when: false
delegate_to: "{{ groups.oo_first_master.0 }}"
run_once: true
- name: Retrieve registry service IP
command: >
{{ openshift.common.client_binary }} get service docker-registry
--template='{{ '{{' }} .spec.clusterIP {{ '}}' }}'
--config={{ openshift_hosted_kubeconfig }}
-n default
register: docker_registry_service_ip
when: openshift.common.deployment_subtype == 'registry'
changed_when: false
delegate_to: "{{ groups.oo_first_master.0 }}"
run_once: true
- name: Create registry CA directories
file:
path: "/etc/docker/certs.d/{{ item }}"
state: directory
with_items:
- "{{ docker_registry_service_ip.stdout }}:5000"
- "{{ docker_registry_route.stdout }}"
- "docker-registry.default.svc.cluster.local:5000"
when: openshift.common.deployment_subtype == 'registry'
- name: Copy CA to registry CA directories
copy:
src: "{{ openshift.common.config_base }}/node/ca.crt"
dest: "/etc/docker/certs.d/{{ item }}"
remote_src: yes
force: yes
with_items:
- "{{ docker_registry_service_ip.stdout }}:5000"
- "{{ docker_registry_route.stdout }}"
- "docker-registry.default.svc.cluster.local:5000"
when: openshift.common.deployment_subtype == 'registry'
notify:
- Restart docker
- name: Delete temp directory
file:
name: "{{ mktemp.stdout }}"
state: absent
when: openshift.common.deployment_subtype == 'registry'
changed_when: False
delegate_to: "{{ groups.oo_first_master.0 }}"
run_once: true
handlers:
- name: Restart docker
service:
name: docker
state: restarted
|