-
Notifications
You must be signed in to change notification settings - Fork 52
/
provision.yaml
119 lines (109 loc) · 2.95 KB
/
provision.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
---
- name: Configure DNS via IdM
gather_facts: false
hosts: localhost
vars_files:
vault.yaml
roles:
- role: ipa
tags:
- ipa
- name: Configure Load Balancer Host
become: true
gather_facts: false
hosts: helper
roles:
- role: firewalld
tags:
- firewalld
- role: haproxy
tags:
- haproxy
- role: httpd
tags:
- httpd
- name: Initialize VMware and Deploy Cluster Nodes
gather_facts: false
hosts: localhost
vars_files:
vault.yaml
roles:
- role: vmware_init
tasks:
- name: Deploy Bootstrap/Control Plane Nodes
vars:
- _node_scope:
- bootstrap
- control-plane
block:
- name: Create Bootstrap/Control Plane VMs
ansible.builtin.import_role:
name: vmware
- name: Start Bootstrap/Control Plane VMs
ansible.builtin.import_role:
name: boot_instances
- name: Deploy Compute Nodes
vars:
- _node_scope:
- compute
block:
- name: Create Compute VMs
ansible.builtin.import_role:
name: vmware
- name: Start Compute VMs
ansible.builtin.import_role:
name: boot_instances
- name: Destroy Bootstrap Node and Remove from HAProxy
become: true
gather_facts: false
hosts: helper
vars_files:
vault.yaml
roles:
- name: bootstrap_cleanup
tags:
- bootstrap-cleanup
- name: Post Cluster Configuration
gather_facts: false
hosts: localhost
vars_files:
vault.yaml
tasks:
- name: Wait 10 Minutes for API
ansible.builtin.uri:
method: GET
url: "https://api.{{ base_domain }}:6443/readyz"
validate_certs: false
delay: 10
register: api_results
retries: 60
until:
- api_results.status == 200
- name: Deploy Sealed Secrets Controller
ansible.builtin.include_role:
name: sealed_secrets
tags:
- sealed-secrets
- name: Stop CSR Auto Approver
ansible.builtin.include_role:
name: csr_auto_approve_cleanup
tags:
- csr-auto-approve-cleanup
- name: Wait for Cluster Operators
kubernetes.core.k8s_info:
api_version: config.openshift.io/v1
kind: ClusterVersion
kubeconfig: "{{ installation_directory }}/auth/kubeconfig"
name: version
delay: 15
register: cluster_version_results
retries: 120
tags:
- wait_for_cluster_operators
until:
- cluster_version_results.resources is defined
- (cluster_version_results.resources[0] | community.general.json_query(_query_available) | first | bool) is true
- (cluster_version_results.resources[0] | community.general.json_query(_query_progressing) | first | bool) is false
vars:
_query_available: "status.conditions[?type=='Available'].status"
_query_progressing: "status.conditions[?type=='Progressing'].status"