summaryrefslogtreecommitdiffstats
path: root/roles/openshift_cfme/tasks
diff options
context:
space:
mode:
Diffstat (limited to 'roles/openshift_cfme/tasks')
-rw-r--r--roles/openshift_cfme/tasks/accounts.yml65
-rw-r--r--roles/openshift_cfme/tasks/main.yml176
-rw-r--r--roles/openshift_cfme/tasks/nfs.yml51
-rw-r--r--roles/openshift_cfme/tasks/storage/create_pvs.yml (renamed from roles/openshift_cfme/tasks/create_pvs.yml)0
-rw-r--r--roles/openshift_cfme/tasks/storage/nfs.yml103
-rw-r--r--roles/openshift_cfme/tasks/storage/storage.yml3
-rw-r--r--roles/openshift_cfme/tasks/template.yml72
-rw-r--r--roles/openshift_cfme/tasks/tune_masters.yml12
-rw-r--r--roles/openshift_cfme/tasks/validate.yml34
9 files changed, 356 insertions, 160 deletions
diff --git a/roles/openshift_cfme/tasks/accounts.yml b/roles/openshift_cfme/tasks/accounts.yml
new file mode 100644
index 000000000..261e7858b
--- /dev/null
+++ b/roles/openshift_cfme/tasks/accounts.yml
@@ -0,0 +1,65 @@
+---
+# This role task file is responsible for user/system account creation,
+# and ensuring correct access is provided as required.
+
+# TODO: This is currently not idempotent, bug report will be filed
+# after this. Currently this task will return 'changed' if it just
+# created a user, updated a user, or doesn't modify a user at
+# all. Seems to be failing some kind of 'does it need updating' test
+# condition and running the replace command regardless.
+- name: Check if the miq-httpd scc exists
+ oc_obj:
+ namespace: "{{ openshift_cfme_project }}"
+ state: list
+ kind: scc
+ name: miq-httpd
+ register: miq_httpd_scc_exists
+
+# TODO: Cleanup when conditions
+- name: Copy the miq-httpd SCC to the cluster
+ copy:
+ src: miq-scc-httpd.yaml
+ dest: "{{ template_dir }}"
+ when:
+ - miq_httpd_scc_exists.results.results | length == 1
+ - miq_httpd_scc_exists.results.results[0] == {}
+
+- name: Ensure the CFME miq-httpd SCC exists
+ oc_obj:
+ state: present
+ name: miq-httpd
+ namespace: "{{ openshift_cfme_project }}"
+ kind: scc
+ files:
+ - "{{ template_dir }}/miq-scc-httpd.yaml"
+ delete_after: True
+ run_once: True
+ when:
+ - miq_httpd_scc_exists.results.results | length == 1
+ - miq_httpd_scc_exists.results.results[0] == {}
+
+- name: Ensure the CFME system users exist
+ oc_serviceaccount:
+ namespace: "{{ openshift_cfme_project }}"
+ state: present
+ name: "{{ item.name }}"
+ with_items:
+ - "{{ openshift_system_account_sccs }}"
+
+- name: Ensure the CFME system accounts have all the required SCCs
+ oc_adm_policy_user:
+ namespace: "{{ openshift_cfme_project }}"
+ user: "system:serviceaccount:{{ openshift_cfme_project }}:{{ item.name }}"
+ resource_kind: scc
+ resource_name: "{{ item.resource_name }}"
+ with_items:
+ - "{{ openshift_system_account_sccs }}"
+
+- name: Ensure the CFME system accounts have the required roles
+ oc_adm_policy_user:
+ namespace: "{{ openshift_cfme_project }}"
+ user: "system:serviceaccount:{{ openshift_cfme_project }}:{{ item.name }}"
+ resource_kind: role
+ resource_name: "{{ item.resource_name }}"
+ with_items:
+ - "{{ openshift_cfme_system_account_roles }}"
diff --git a/roles/openshift_cfme/tasks/main.yml b/roles/openshift_cfme/tasks/main.yml
index 74ae16d91..cf5a7fdeb 100644
--- a/roles/openshift_cfme/tasks/main.yml
+++ b/roles/openshift_cfme/tasks/main.yml
@@ -1,117 +1,99 @@
---
-######################################################################
+######################################################################)
# Users, projects, and privileges
-- name: Ensure the CFME user exists
- oc_user:
- state: present
- username: "{{ openshift_cfme_user }}"
+- name: Run pre-install CFME validation checks
+ include: validate.yml
-- name: Ensure the CFME namespace exists with CFME user as admin
+- name: "Ensure the CFME '{{ openshift_cfme_project }}' namespace exists"
oc_project:
state: present
name: "{{ openshift_cfme_project }}"
display_name: "{{ openshift_cfme_project_description }}"
- admin: "{{ openshift_cfme_user }}"
-
-- name: Ensure the CFME namespace service account is privileged
- oc_adm_policy_user:
- namespace: "{{ openshift_cfme_project }}"
- user: "{{ openshift_cfme_service_account }}"
- resource_kind: scc
- resource_name: privileged
- state: present
-######################################################################
-# NFS
-# In the case that we are not running on a cloud provider, volumes must be statically provisioned
-
-- include: nfs.yml
- when: not (openshift_cloudprovider_kind is defined and (openshift_cloudprovider_kind == 'aws' or openshift_cloudprovider_kind == 'gce'))
+- name: Create and Authorize CFME Accounts
+ include: accounts.yml
######################################################################
-# CFME App Template
-#
-# Note, this is different from the create_pvs.yml tasks in that the
-# application template does not require any jinja2 evaluation.
-#
-# TODO: Handle the case where the server template is updated in
-# openshift-ansible and the change needs to be landed on the managed
-# cluster.
-
-- name: Check if the CFME Server template has been created already
- oc_obj:
- namespace: "{{ openshift_cfme_project }}"
- state: list
- kind: template
- name: manageiq
- register: miq_server_check
-
-- name: Copy over CFME Server template
- copy:
- src: miq-template.yaml
- dest: "{{ template_dir }}/miq-template.yaml"
-
-- name: Ensure the server template was read from disk
+# STORAGE - Initialize basic storage classes
+#---------------------------------------------------------------------
+# * nfs - set up NFS shares on the first master for a proof of concept
+- name: Create required NFS exports for CFME app storage
+ include: storage/nfs.yml
+ when: openshift_cfme_storage_class == 'nfs'
+
+#---------------------------------------------------------------------
+# * external - NFS again, but pointing to a pre-configured NFS server
+- name: Note Storage Type - External NFS
debug:
- var=r_openshift_cfme_miq_template_content
+ msg: Setting up external NFS storage, openshift_cfme_storage_class is 'external'
+ when: openshift_cfme_storage_class == 'external'
-- name: Ensure CFME Server Template exists
- oc_obj:
- namespace: "{{ openshift_cfme_project }}"
- kind: template
- name: "manageiq"
- state: present
- content: "{{ r_openshift_cfme_miq_template_content }}"
+#---------------------------------------------------------------------
+# * cloudprovider - use an existing cloudprovider based storage
+- name: Note Storage Type - Cloud Provider
+ debug:
+ msg: Validating cloud provider storage type, openshift_cfme_storage_class is 'cloudprovider'
+ when: openshift_cfme_storage_class == 'cloudprovider'
+
+#---------------------------------------------------------------------
+# * preconfigured - don't do anything, assume it's all there ready to go
+- name: Note Storage Type - Preconfigured
+ debug:
+ msg: Skipping storage configuration, openshift_cfme_storage_class is 'preconfigured'
+ when: openshift_cfme_storage_class == 'preconfigured'
######################################################################
-# Let's do this
-
-- name: Ensure the CFME Server is created
- oc_process:
- namespace: "{{ openshift_cfme_project }}"
- template_name: manageiq
- create: True
- params:
- APPLICATION_IMG_NAME: "{{ openshift_cfme_application_img_name }}"
- POSTGRESQL_IMG_NAME: "{{ openshift_cfme_postgresql_img_name }}"
- MEMCACHED_IMG_NAME: "{{ openshift_cfme_memcached_img_name }}"
- APPLICATION_IMG_TAG: "{{ openshift_cfme_application_img_tag }}"
- POSTGRESQL_IMG_TAG: "{{ openshift_cfme_postgresql_img_tag }}"
- MEMCACHED_IMG_TAG: "{{ openshift_cfme_memcached_img_tag }}"
- register: cfme_new_app_process
- run_once: True
- when:
- # User said to install CFME in their inventory
- - openshift_cfme_install_app | bool
- # # The server app doesn't exist already
- # - not miq_server_check.results.results.0
-
-- debug:
- var: cfme_new_app_process
+# APPLICATION TEMPLATE
+- name: Install the correct CFME app template
+ include: template.yml
######################################################################
-# Various cleanup steps
-
-# TODO: Not sure what to do about this right now. Might be able to
-# just delete it? This currently warns about "Unable to find
-# '<TEMP_DIR>' in expected paths."
-- name: Ensure the temporary PV/App templates are erased
- file:
- path: "{{ item }}"
- state: absent
- with_fileglob:
- - "{{ template_dir }}/*.yaml"
-
-- name: Ensure the temporary PV/app template directory is erased
- file:
- path: "{{ template_dir }}"
- state: absent
+# APP & DB Storage
+
######################################################################
-- name: Status update
- debug:
- msg: >
- CFME has been deployed. Note that there will be a delay before
- it is fully initialized.
+# ######################################################################
+# # Let's do this
+
+# - name: Ensure the CFME Server is created
+# oc_process:
+# namespace: "{{ openshift_cfme_project }}"
+# template_name: manageiq
+# create: True
+# params:
+# APPLICATION_IMG_NAME: "{{ openshift_cfme_application_img_name }}"
+# POSTGRESQL_IMG_NAME: "{{ openshift_cfme_postgresql_img_name }}"
+# MEMCACHED_IMG_NAME: "{{ openshift_cfme_memcached_img_name }}"
+# APPLICATION_IMG_TAG: "{{ openshift_cfme_application_img_tag }}"
+# POSTGRESQL_IMG_TAG: "{{ openshift_cfme_postgresql_img_tag }}"
+# MEMCACHED_IMG_TAG: "{{ openshift_cfme_memcached_img_tag }}"
+# register: cfme_new_app_process
+# run_once: True
+# when:
+# # User said to install CFME in their inventory
+# - openshift_cfme_install_app | bool
+# # # The server app doesn't exist already
+# # - not miq_server_check.results.results.0
+
+# - debug:
+# var: cfme_new_app_process
+
+# ######################################################################
+# # Various cleanup steps
+
+# # TODO: Not sure what to do about this right now. Might be able to
+# # just delete it? This currently warns about "Unable to find
+# # '<TEMP_DIR>' in expected paths."
+# - name: Ensure the temporary PV/App templates are erased
+# file:
+# path: "{{ item }}"
+# state: absent
+# with_fileglob:
+# - "{{ template_dir }}/*.yaml"
+
+# - name: Ensure the temporary PV/app template directory is erased
+# file:
+# path: "{{ template_dir }}"
+# state: absent
diff --git a/roles/openshift_cfme/tasks/nfs.yml b/roles/openshift_cfme/tasks/nfs.yml
deleted file mode 100644
index ca04628a8..000000000
--- a/roles/openshift_cfme/tasks/nfs.yml
+++ /dev/null
@@ -1,51 +0,0 @@
----
-# Tasks to statically provision NFS volumes
-# Include if not using dynamic volume provisioning
-
-- name: Set openshift_cfme_nfs_server fact
- when: openshift_cfme_nfs_server is not defined
- set_fact:
- # Hostname/IP of the NFS server. Currently defaults to first master
- openshift_cfme_nfs_server: "{{ oo_nfs_to_config.0 }}"
-
-- name: Ensure the /exports/ directory exists
- file:
- path: /exports/
- state: directory
- mode: 0755
- owner: root
- group: root
-
-- name: Ensure the miq-pv0X export directories exist
- file:
- path: "/exports/{{ item }}"
- state: directory
- mode: 0775
- owner: root
- group: root
- with_items: "{{ openshift_cfme_pv_exports }}"
-
-- name: Ensure the NFS exports for CFME PVs exist
- copy:
- src: openshift_cfme.exports
- dest: /etc/exports.d/openshift_cfme.exports
- register: nfs_exports_updated
-
-- name: Ensure the NFS export table is refreshed if exports were added
- command: exportfs -ar
- when:
- - nfs_exports_updated.changed
-
-
-######################################################################
-# Create the required CFME PVs. Check out these online docs if you
-# need a refresher on includes looping with items:
-# * http://docs.ansible.com/ansible/playbooks_loops.html#loops-and-includes-in-2-0
-# * http://stackoverflow.com/a/35128533
-#
-# TODO: Handle the case where a PV template is updated in
-# openshift-ansible and the change needs to be landed on the managed
-# cluster.
-
-- include: create_pvs.yml
- with_items: "{{ openshift_cfme_pv_data }}"
diff --git a/roles/openshift_cfme/tasks/create_pvs.yml b/roles/openshift_cfme/tasks/storage/create_pvs.yml
index 7fa7d3997..7fa7d3997 100644
--- a/roles/openshift_cfme/tasks/create_pvs.yml
+++ b/roles/openshift_cfme/tasks/storage/create_pvs.yml
diff --git a/roles/openshift_cfme/tasks/storage/nfs.yml b/roles/openshift_cfme/tasks/storage/nfs.yml
new file mode 100644
index 000000000..8151f9fbb
--- /dev/null
+++ b/roles/openshift_cfme/tasks/storage/nfs.yml
@@ -0,0 +1,103 @@
+---
+# Tasks to statically provision NFS volumes
+# Include if not using dynamic volume provisioning
+
+- name: Note Storage Type - NFS
+ debug:
+ msg: Setting up NFS storage, openshift_cfme_storage_class is 'nfs'
+
+- name: TODO
+ debug:
+ msg: TODO - replace hard-coded hostname below with oo_nfs_to_config.0
+
+- name: Set openshift_cfme_nfs_server fact
+ when: openshift_cfme_nfs_server is not defined
+ set_fact:
+ # Hostname/IP of the NFS server. Currently defaults to first master
+ openshift_cfme_nfs_server: m01.example.com
+
+# TODO: I was going to try to apply the openshift_storage_nfs role to
+# handle this, however, that role is not written to be used by
+# itself. Attempting to use it to create CFME exports would just add
+# more hard-coded values to the role. That said, we're doing this here
+# manually for now until some one comes up with a better solution, or
+# the role is made to accept parameters in a more functional way.
+#
+# I can't really even include the openshift_storage_nfs role in here
+# to do basic setup stuff because it would just result in a lot of
+# unwanted exports getting set up for the users.
+
+- name: Ensure the /exports/ directory exists
+ file:
+ path: /exports/
+ state: directory
+ mode: 0755
+ owner: root
+ group: root
+
+- name: Ensure exports directory exists
+ file:
+ path: /etc/exports.d/
+ state: directory
+
+# # TODO - with_items should be passed a list of storage configs for the
+# # desired CFME setup. This might mean a local or remote nfs server, as
+# # well as fully qualified filesystem paths.
+# - name: Ensure export directories exist
+# file:
+# path: "{{ item.storage.nfs.directory }}/{{ item.storage.volume.name }}"
+# state: directory
+# mode: 0777
+# owner: nfsnobody
+# group: nfsnobody
+# with_items:
+
+- name: Enable and start services
+ systemd:
+ name: nfs-server
+ state: started
+ enabled: yes
+ register: start_result
+
+- set_fact:
+ nfs_service_status_changed: "{{ start_result | changed }}"
+
+- name: restart nfs-server
+ systemd:
+ name: nfs-server
+ state: restarted
+ when: nfs_service_status_changed | default(false)
+ notify:
+ - "OpenShift-CFME - Reload NFS Exports"
+
+######################################################################
+# TODO: Move the export directory and PV creation into individual
+# tasks under the respective server/database task files.
+
+# # - name: Ensure the miq-pv0X export directories exist
+# # file:
+# # path: "/exports/{{ item }}"
+# # state: directory
+# # mode: 0775
+# # owner: nfsnobody
+# # group: nfsnobody
+# # with_items: "{{ openshift_cfme_pv_exports }}"
+
+# # - name: Ensure the NFS exports for CFME PVs exist
+# # copy:
+# # src: openshift_cfme.exports
+# # dest: /etc/exports.d/openshift_cfme.exports
+# # register: nfs_exports_updated
+
+
+# # Create the required CFME PVs. Check out these online docs if you
+# # need a refresher on includes looping with items:
+# # * http://docs.ansible.com/ansible/playbooks_loops.html#loops-and-includes-in-2-0
+# # * http://stackoverflow.com/a/35128533
+
+# # TODO: Handle the case where a PV template is updated in
+# # openshift-ansible and the change needs to be landed on the managed
+# # cluster.
+
+# # - include: create_pvs.yml
+# # with_items: "{{ openshift_cfme_pv_data }}"
diff --git a/roles/openshift_cfme/tasks/storage/storage.yml b/roles/openshift_cfme/tasks/storage/storage.yml
new file mode 100644
index 000000000..d8bf7aa3e
--- /dev/null
+++ b/roles/openshift_cfme/tasks/storage/storage.yml
@@ -0,0 +1,3 @@
+---
+- include: nfs.yml
+ when: not (openshift_cloudprovider_kind is defined and (openshift_cloudprovider_kind == 'aws' or openshift_cloudprovider_kind == 'gce'))
diff --git a/roles/openshift_cfme/tasks/template.yml b/roles/openshift_cfme/tasks/template.yml
new file mode 100644
index 000000000..11ccae3e6
--- /dev/null
+++ b/roles/openshift_cfme/tasks/template.yml
@@ -0,0 +1,72 @@
+---
+# Tasks for ensuring the correct CFME templates are landed on the remote system
+
+######################################################################
+# CFME App Template
+#
+# Note, this is different from the create_pvs.yml tasks in that the
+# application template does not require any jinja2 evaluation.
+#
+# TODO: Handle the case where the server template is updated in
+# openshift-ansible and the change needs to be landed on the managed
+# cluster.
+
+######################################################################
+# STANDARD PODIFIED DATABASE TEMPLATE
+- when: openshift_cfme_app_template == 'miq-template'
+ block:
+ - name: Check if the CFME Server template has been created already
+ oc_obj:
+ namespace: "{{ openshift_cfme_project }}"
+ state: list
+ kind: template
+ name: manageiq
+ register: miq_server_check
+
+ - name: Copy over CFME Server template
+ copy:
+ src: miq-template.yaml
+ dest: "{{ template_dir }}/"
+ when:
+ - miq_server_check.results.results == [{}]
+
+ - name: Ensure CFME Server Template is created
+ oc_obj:
+ namespace: "{{ openshift_cfme_project }}"
+ name: manageiq
+ state: present
+ kind: template
+ files:
+ - "{{ template_dir }}/miq-template.yaml"
+ when:
+ - miq_server_check.results.results == [{}]
+
+######################################################################
+# EXTERNAL DATABASE TEMPLATE
+- when: openshift_cfme_app_template == 'miq-template-ext-db'
+ block:
+ - name: Check if the CFME Ext-DB Server template has been created already
+ oc_obj:
+ namespace: "{{ openshift_cfme_project }}"
+ state: list
+ kind: template
+ name: manageiq-ext-db
+ register: miq_ext_db_server_check
+
+ - name: Copy over CFME Ext-DB Server template
+ copy:
+ src: miq-template-ext-db.yaml
+ dest: "{{ template_dir }}/"
+ when:
+ - miq_ext_db_server_check.results.results == [{}]
+
+ - name: Ensure CFME Ext-DB Server Template is created
+ oc_obj:
+ namespace: "{{ openshift_cfme_project }}"
+ name: manageiq-ext-db
+ state: present
+ kind: template
+ files:
+ - "{{ template_dir }}/miq-template-ext-db.yaml"
+ when:
+ - miq_ext_db_server_check.results.results == [{}]
diff --git a/roles/openshift_cfme/tasks/tune_masters.yml b/roles/openshift_cfme/tasks/tune_masters.yml
deleted file mode 100644
index 02b0f10bf..000000000
--- a/roles/openshift_cfme/tasks/tune_masters.yml
+++ /dev/null
@@ -1,12 +0,0 @@
----
-- name: Ensure bulk image import limit is tuned
- yedit:
- src: /etc/origin/master/master-config.yaml
- key: 'imagePolicyConfig.maxImagesBulkImportedPerRepository'
- value: "{{ openshift_cfme_maxImagesBulkImportedPerRepository | int() }}"
- state: present
- backup: True
- notify:
- - restart master
-
-- meta: flush_handlers
diff --git a/roles/openshift_cfme/tasks/validate.yml b/roles/openshift_cfme/tasks/validate.yml
new file mode 100644
index 000000000..61448aa3b
--- /dev/null
+++ b/roles/openshift_cfme/tasks/validate.yml
@@ -0,0 +1,34 @@
+---
+# Validate configuration parameters passed to the openshift_cfme role
+
+- name: Ensure openshift_cfme_app_template is valid
+ assert:
+ that:
+ - openshift_cfme_app_template in openshift_cfme_app_templates
+ msg: "openshift_cfme_app_template must be one of {{ openshift_cfme_app_templates | join(', ') }}"
+
+- name: Ensure openshift_cfme_storage_class is a valid type
+ assert:
+ that:
+ - openshift_cfme_storage_class in openshift_cfme_storage_classes
+ msg: "openshift_cfme_storage_class must be one of {{ openshift_cfme_storage_classes | join(', ') }}"
+
+- name: Ensure external NFS storage has a valid NFS server hostname defined
+ assert:
+ that:
+ - openshift_cfme_storage_external_nfs_hostname is not False
+ msg: The selected storage class 'external' requires a valid hostname for the openshift_cfme_storage_external_nfs_hostname parameter
+ when:
+ - openshift_cfme_storage_class == 'external'
+
+- name: Validate Cloud Provider storage class
+ assert:
+ that:
+ - openshift_cloudprovider_kind == 'aws' or openshift_cloudprovider_kind == 'gce'
+ msg: |
+ openshift_cfme_storage_class is 'cloudprovider' but you have an
+ invalid kind defined. See 'openshift_cloudprovider_kind' in the
+ example inventories for the required parameters for your
+ selected cloud provider. Working providers: 'aws' and 'gce'.
+ when:
+ - openshift_cloudprovider_kind is defined