173 lines
4.8 KiB
YAML
173 lines
4.8 KiB
YAML
- include: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=osbs-stg"
|
|
|
|
# Once the instance exists, configure it.
|
|
|
|
- name: make osbs server system
|
|
hosts: osbs-stg
|
|
user: root
|
|
gather_facts: True
|
|
|
|
vars_files:
|
|
- /srv/web/infra/ansible/vars/global.yml
|
|
- "/srv/private/ansible/vars.yml"
|
|
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
|
|
|
|
roles:
|
|
- base
|
|
- rkhunter
|
|
- nagios_client
|
|
- hosts
|
|
- fas_client
|
|
- collectd/base
|
|
- sudo
|
|
|
|
tasks:
|
|
- include: "{{ tasks }}/yumrepos.yml"
|
|
- include: "{{ tasks }}/2fa_client.yml"
|
|
- include: "{{ tasks }}/motd.yml"
|
|
|
|
handlers:
|
|
- include: "{{ handlers }}/restart_services.yml"
|
|
|
|
- include: ../openshift_common/openshift-cluster/config.yml
|
|
vars:
|
|
g_etcd_group: "{{ 'etcd' }}"
|
|
g_masters_group: "{{ 'openshift_masters' }}"
|
|
g_nodes_group: "{{ 'openshift_nodes' }}"
|
|
openshift_cluster_id: "{{ cluster_id | default('default') }}"
|
|
openshift_debug_level: 0
|
|
openshift_deployment_type: "{{ deployment_type }}"
|
|
tags:
|
|
- osbs-openshift
|
|
|
|
- name: OpenShift post-install config
|
|
hosts: openshift_masters
|
|
user: root
|
|
gather_facts: True
|
|
|
|
tasks:
|
|
# This is technically idempotent via the 'oc create' command, it will just
|
|
# exit 1 if the service account already exists
|
|
- name: add OpenShift router service account
|
|
shell: echo '{"kind":"ServiceAccount","apiVersion":"v1","metadata":{"name":"router"}}' | /usr/bin/oc create -f -
|
|
ignore_errors: true
|
|
|
|
- name: add OpenShift router
|
|
shell: /usr/bin/oadm router --create=true --credentials=/etc/openshift/master/openshift-router.kubeconfig --service-account=router
|
|
|
|
- name: Create storage location for OpenShift internal registry
|
|
file:
|
|
path: /var/lib/openshift/docker-registry
|
|
state: directory
|
|
|
|
# This is technically idempotent via the 'oc create' command, it will just
|
|
# exit 1 if the service account already exists
|
|
- name: add OpenShift internal registry
|
|
shell: echo '{"kind":"ServiceAccount","apiVersion":"v1","metadata":{"name":"registry"}}' | /usr/bin/oc create -f -
|
|
ignore_errors: true
|
|
|
|
- name: add OpenShift internal registry
|
|
shell: /usr/bin/oadm registry --create=true --credentials=/etc/openshift/master/openshift-registry.kubeconfig --mount-host=/var/lib/openshift/docker-registry --service-account=registry
|
|
|
|
tags:
|
|
- osbs-openshift
|
|
- osbs-openshift-postinstall
|
|
|
|
- name: docker-registry
|
|
hosts: openshift_masters
|
|
user: root
|
|
gather_facts: True
|
|
|
|
tasks:
|
|
- name: Install docker-registry
|
|
yum: pkg=docker-registry state=installed
|
|
- name: Start/enable docker-registry service
|
|
service:
|
|
name: docker-registry
|
|
state: started
|
|
enabled: yes
|
|
|
|
tags:
|
|
- osbs-openshift
|
|
- osbs-openshift-postinstall
|
|
|
|
- name: atomic-reactor install and config
|
|
hosts: openshift_masters
|
|
user: root
|
|
gather_facts: False
|
|
|
|
vars_files:
|
|
- /srv/web/infra/ansible/vars/global.yml
|
|
|
|
tasks:
|
|
- name: Configure the atomic-reactor COPR
|
|
copy:
|
|
src: "{{ files }}/osbs/atomic-reactor.repo"
|
|
dest: /etc/yum.repos.d/atomic-reactor.repo
|
|
|
|
- name: Install atomic-reactor
|
|
yum: pkg=atomic-reactor state=present
|
|
|
|
- name: Build atomic-reactor base image
|
|
shell: atomic-reactor create-build-image --reactor-tarball-path /usr/share/atomic-reactor/atomic-reactor.tar.gz /usr/share/atomic-reactor/images/dockerhost-builder buildroot
|
|
|
|
tags:
|
|
- osbs-openshift
|
|
- osbs-openshift-postinstall
|
|
|
|
- name: atomic-reactor install and config
|
|
hosts: openshift_masters
|
|
user: root
|
|
gather_facts: False
|
|
|
|
tasks:
|
|
- name: Tag the buildroot for builder local registry
|
|
shell: docker tag buildroot localhost:5000/buildroot
|
|
|
|
- name: Push the buildroot to builder local registry
|
|
shell: docker push localhost:5000/buildroot
|
|
|
|
- name: Pull fedora docker image
|
|
shell: docker pull fedora
|
|
|
|
- name: Tag fedora for builder local registry
|
|
shell: docker tag fedora localhost:5000/fedora
|
|
|
|
- name: Push the fedora image to builder local registry
|
|
shell: docker push localhost:5000/fedora
|
|
|
|
tags:
|
|
- osbs-openshift
|
|
- osbs-openshift-postinstall
|
|
|
|
- name: OSBS Configuration - OpenShift Auth
|
|
hosts: openshift_masters
|
|
user: root
|
|
gather_facts: False
|
|
|
|
tasks:
|
|
- name: Set role-to-group for OSBS system:unauthenticated
|
|
shell: oadm policy add-role-to-group edit system:unauthenticated system:authenticated
|
|
- name: Set role-to-group for OSBS system:authenticated
|
|
shell: oadm policy add-role-to-group edit system:authenticated
|
|
|
|
tags:
|
|
- osbs-openshift
|
|
- osbs-openshift-postinstall
|
|
|
|
- name: OSBS Client tools config
|
|
hosts: openshift_masters:openshift_nodes
|
|
user: root
|
|
gather_facts: False
|
|
|
|
vars_files:
|
|
- /srv/web/infra/ansible/vars/global.yml
|
|
|
|
tasks:
|
|
- copy:
|
|
src: "{{ files }}/osbs/osbs.conf"
|
|
dest: /etc/osbs.conf
|
|
tags:
|
|
- osbs-openshift
|
|
- osbs-openshift-postinstall
|
|
|