eriknelson · December 12, 2017 23:08
diff --git a/openshift-ansible-dev.yml b/openshift-ansible-dev.yml
 ---
 - hosts: localhost
  roles:
    - ansible.kubernetes-modules
  vars:
    interface: eth1
    ip: "{{ hostvars[inventory_hostname]['ansible_' + interface]['ipv4']['address'] }}"
    hostname: "{{ ip }}.nip.io"
  tasks:

  - name: Configure Repos
    yum_repository:
      name: "{{ item.name }}"
      description: "{{ item.name }}"
      baseurl: "http://pulp.dist.prod.ext.phx2.redhat.com{{ item.urlpath }}"
      enabled: yes
      gpgcheck: no
    with_items:
      - { name: 'rhel-server-rhscl-7-rpms', urlpath: '/content/dist/rhel/server/7/7Server/x86_64/rhscl/1/os/'}
      - { name: 'rhel-7-server-rpms', urlpath: '/content/dist/rhel/server/7/7Server/x86_64/os/'}
      - { name: 'rhel-7-server-extras-rpms', urlpath: '/content/dist/rhel/server/7/7Server/x86_64/extras/os/'}
      - { name: 'rhel-7-fast-datapath-rpms', urlpath: '/content/dist/rhel/server/7/7Server/x86_64/fast-datapath/os/'}
      - { name: 'rhel-7-server-optional-rpms', urlpath: '/content/dist/rhel/server/7/7Server/x86_64/optional/os/'}
      - { name: 'rhel-7-server-rh-common-rpms', urlpath: '/content/dist/rhel/server/7/7Server/x86_64/rh-common/os/'}

  - name: Update installed packages
    yum:
      name: '*'
      state: latest

  - name: Install a newer version of python-six to prevent shlex_quote import errors from ansible
    yum:
      name: rh-python35-python-six
      state: latest

  - name: Configure docker storage
    copy:
      content: |
               STORAGE_DRIVER=""
      dest: /etc/sysconfig/docker-storage-setup

  - name: Create pv exports
    copy:
      content: |
               /var/lib/exports/pv *(rw,root_squash,sync,no_wdelay)
      dest: /etc/exports.d/pv.exports

  - name: Create pv directories
    file:
      dest: /var/lib/exports/pv/{{ item }}
      state: directory
      mode: 0777
    with_sequence: count=20

  - name: Workaround NetworkManager insisting on adding nip.io to search
    copy:
      content: |
               #!/bin/bash
               sed -i 's/search.*.nip\.io/search cluster.local/g' /etc/resolv.conf
      dest: /etc/NetworkManager/dispatcher.d/98-nip.io.sh
      mode: 0755

  - add_host:
      name: "{{ ip }}.nip.io"
      groups:
        - masters
        - nodes
        - nfs
        - OSEv3
        - etcd
      ansible_connection: local
      ansible_service_broker_log_level: debug
      ansible_service_broker_output_request: true
      #ansible_service_broker_registry_url: "http://registry.access.stage.redhat.com"
      #ansible_service_broker_image_prefix: "asb-registry.usersys.redhat.com:5000/openshift3/ose-"
      # Comment the above and uncomment these to use the upstream broker
      # ansible_service_broker_registry_type: dockerhub
      # ansible_service_broker_registry_name: dh
      # ansible_service_broker_registry_organization: ansibleplaybookbundle
      # ansible_service_broker_registry_user: changeme
      # ansible_service_broker_registry_password: changeme
      # ansible_service_broker_image_prefix: "docker.io/ansibleplaybookbundle/origin-"
      # ansible_service_broker_image_tag: "latest"
      # ansible_service_broker_etcd_image_prefix: quay.io/coreos/
      # ansible_service_broker_etcd_image_tag: latest
      # ansible_service_broker_etcd_image_etcd_path: /usr/local/bin/etcd
      ansible_service_broker_install: true
      openshift_deployment_type: openshift-enterprise
      openshift_disable_check: 'disk_availability,memory_availability,docker_storage'
      openshift_docker_additional_registries:
        - 'asb-registry.usersys.redhat.com:5000'
        #- registry.ops.openshift.com
        #- registry.access.stage.redhat.com
      openshift_docker_insecure_registries:
        - 'asb-registry.usersys.redhat.com:5000'
        #- registry.ops.openshift.com
        #- registry.access.stage.redhat.com
      #oreg_url: 'registry.ops.openshift.com/openshift3/ose-${component}:${version}'
      openshift_enable_service_catalog: true
      openshift_hosted_etcd_storage_kind: nfs
      openshift_hosted_etcd_storage_nfs_options: "*(rw,root_squash,sync,no_wdelay)"
      openshift_hosted_etcd_storage_nfs_directory: /var/lib/exports
      openshift_hosted_etcd_storage_volume_name: etcd
      openshift_hosted_etcd_storage_access_modes:
        - ReadWriteOnce
      openshift_hosted_etcd_storage_volume_size: 10G
      openshift_hosted_etcd_storage_labels:
        storage: etcd
      openshift_hostname: "{{ hostname }}"
      openshift_ip: "{{ ip }}"
      openshift_master_default_subdomain: "apps.{{ ip }}.nip.io"
      openshift_master_identity_providers:
        - name: allow_all
          login: true
          challenge: true
          kind: AllowAllPasswordIdentityProvider
      openshift_node_labels:
        region: infra
        zone: default
      openshift_public_hostname: "{{ hostname }}"
      openshift_schedulable: true
      #openshift_service_catalog_image_prefix: "registry.ops.openshift.com/openshift3/ose-"
      # Comment the above and uncomment these to use the upstream catalog
      # openshift_service_catalog_image_prefix: "docker.io/openshift/origin-"
      # openshift_service_catalog_image_version: "latest"
      openshift_set_hostname: true
      os_update: true
      ##########################################################################
      openshift_http_proxy: 192.168.120.1:8888
      openshift_https_proxy: 192.168.120.1:8888
      openshift_no_proxy: ".cluster.local,.svc,172.30.0.0/16"
      oreg_url: 'asb-registry.usersys.redhat.com:5000/openshift3/ose-${component}:${version}'
      openshift_image_tag: "v3.7.0"
      openshift_release: "v3.7"
      ##########################################################################

 - include: /usr/share/ansible/openshift-ansible/playbooks/byo/config.yml

 - hosts: localhost
  tasks:
  - name: set admin permissions
    command: oc adm policy add-cluster-role-to-user cluster-admin admin

  - name: log in as admin
    command: oc login -u admin -p admin

  - name: 'TODO temporary patch to work around https://bugzilla.redhat.com/show_bug.cgi?id=1496694'
    command: oadm policy add-cluster-role-to-user cluster-admin -z service-catalog-controller -n kube-service-catalog

  - name: switch to openshift-ansible-service-broker project
    command: oc project openshift-ansible-service-broker

  - name:  get route name for broker
    shell: oc get routes --no-headers | awk '{print $2}'
    register: asb_route

  - name: get token for bearer auth
    command: oc whoami -t
    register: token

  - name: wait for broker to come up
    uri:
      url: https://{{ asb_route.stdout }}/ansible-service-broker/v2/catalog
      method: GET
      headers:
        Authorization: Bearer {{ token.stdout }}
    register: services_response
    until: '{{ services_response.status|int == 200 }}'
    retries: 100

  - name: get hostname
    command: hostname -f
    register: hostname

  - name: Install python-openshift
    yum:
      name: 'python-openshift'
      state: latest

  - name: Create pv objects
    k8s_v1_persistent_volume:
      name: "{{ item }}"
      state: present
      capacity:
        storage: '100Gi'
      access_modes:
        - ReadWriteOnce
      persistent_volume_reclaim_policy: Recycle
      nfs_path: /var/lib/exports/pv/{{ item }}
      nfs_server: "{{ hostname.stdout }}"
    async: 120
    poll: 0
    with_sequence: count=20

  - debug:
      msg: "{{ msg | to_nice_yaml }}"
    vars:
      msg:
        - "########################################################################"
        - "Your openshift env is at https://{{ hostname.stdout }}:8443"
        - "To login run:"
        - "    oc login https://{{ hostname.stdout }}:8443 -u admin -p admin"
        - "The broker is at {{ asb_route.stdout }}"
        - ""
        - "Discovered Ansible Playbook Bundles:"
        - "    {{ services_response.json.services | map(attribute='name') | list | join(', ') }}"
        - "########################################################################"
	---
	- hosts: localhost
	roles:
	- ansible.kubernetes-modules
	vars:
	interface: eth1
	ip: "{{ hostvars[inventory_hostname]['ansible_' + interface]['ipv4']['address'] }}"
	hostname: "{{ ip }}.nip.io"
	tasks:

	- name: Configure Repos
	yum_repository:
	name: "{{ item.name }}"
	description: "{{ item.name }}"
	baseurl: "http://pulp.dist.prod.ext.phx2.redhat.com{{ item.urlpath }}"
	enabled: yes
	gpgcheck: no
	with_items:
	- { name: 'rhel-server-rhscl-7-rpms', urlpath: '/content/dist/rhel/server/7/7Server/x86_64/rhscl/1/os/'}
	- { name: 'rhel-7-server-rpms', urlpath: '/content/dist/rhel/server/7/7Server/x86_64/os/'}
	- { name: 'rhel-7-server-extras-rpms', urlpath: '/content/dist/rhel/server/7/7Server/x86_64/extras/os/'}
	- { name: 'rhel-7-fast-datapath-rpms', urlpath: '/content/dist/rhel/server/7/7Server/x86_64/fast-datapath/os/'}
	- { name: 'rhel-7-server-optional-rpms', urlpath: '/content/dist/rhel/server/7/7Server/x86_64/optional/os/'}
	- { name: 'rhel-7-server-rh-common-rpms', urlpath: '/content/dist/rhel/server/7/7Server/x86_64/rh-common/os/'}

	- name: Update installed packages
	yum:
	name: '*'
	state: latest

	- name: Install a newer version of python-six to prevent shlex_quote import errors from ansible
	yum:
	name: rh-python35-python-six
	state: latest

	- name: Configure docker storage
	copy:
	content: \|
	STORAGE_DRIVER=""
	dest: /etc/sysconfig/docker-storage-setup

	- name: Create pv exports
	copy:
	content: \|
	/var/lib/exports/pv *(rw,root_squash,sync,no_wdelay)
	dest: /etc/exports.d/pv.exports

	- name: Create pv directories
	file:
	dest: /var/lib/exports/pv/{{ item }}
	state: directory
	mode: 0777
	with_sequence: count=20

	- name: Workaround NetworkManager insisting on adding nip.io to search
	copy:
	content: \|
	#!/bin/bash
	sed -i 's/search.*.nip\.io/search cluster.local/g' /etc/resolv.conf
	dest: /etc/NetworkManager/dispatcher.d/98-nip.io.sh
	mode: 0755

	- add_host:
	name: "{{ ip }}.nip.io"
	groups:
	- masters
	- nodes
	- nfs
	- OSEv3
	- etcd
	ansible_connection: local
	ansible_service_broker_log_level: debug
	ansible_service_broker_output_request: true
	#ansible_service_broker_registry_url: "http://registry.access.stage.redhat.com"
	#ansible_service_broker_image_prefix: "asb-registry.usersys.redhat.com:5000/openshift3/ose-"
	# Comment the above and uncomment these to use the upstream broker
	# ansible_service_broker_registry_type: dockerhub
	# ansible_service_broker_registry_name: dh
	# ansible_service_broker_registry_organization: ansibleplaybookbundle
	# ansible_service_broker_registry_user: changeme
	# ansible_service_broker_registry_password: changeme
	# ansible_service_broker_image_prefix: "docker.io/ansibleplaybookbundle/origin-"
	# ansible_service_broker_image_tag: "latest"
	# ansible_service_broker_etcd_image_prefix: quay.io/coreos/
	# ansible_service_broker_etcd_image_tag: latest
	# ansible_service_broker_etcd_image_etcd_path: /usr/local/bin/etcd
	ansible_service_broker_install: true
	openshift_deployment_type: openshift-enterprise
	openshift_disable_check: 'disk_availability,memory_availability,docker_storage'
	openshift_docker_additional_registries:
	- 'asb-registry.usersys.redhat.com:5000'
	#- registry.ops.openshift.com
	#- registry.access.stage.redhat.com
	openshift_docker_insecure_registries:
	- 'asb-registry.usersys.redhat.com:5000'
	#- registry.ops.openshift.com
	#- registry.access.stage.redhat.com
	#oreg_url: 'registry.ops.openshift.com/openshift3/ose-${component}:${version}'
	openshift_enable_service_catalog: true
	openshift_hosted_etcd_storage_kind: nfs
	openshift_hosted_etcd_storage_nfs_options: "*(rw,root_squash,sync,no_wdelay)"
	openshift_hosted_etcd_storage_nfs_directory: /var/lib/exports
	openshift_hosted_etcd_storage_volume_name: etcd
	openshift_hosted_etcd_storage_access_modes:
	- ReadWriteOnce
	openshift_hosted_etcd_storage_volume_size: 10G
	openshift_hosted_etcd_storage_labels:
	storage: etcd
	openshift_hostname: "{{ hostname }}"
	openshift_ip: "{{ ip }}"
	openshift_master_default_subdomain: "apps.{{ ip }}.nip.io"
	openshift_master_identity_providers:
	- name: allow_all
	login: true
	challenge: true
	kind: AllowAllPasswordIdentityProvider
	openshift_node_labels:
	region: infra
	zone: default
	openshift_public_hostname: "{{ hostname }}"
	openshift_schedulable: true
	#openshift_service_catalog_image_prefix: "registry.ops.openshift.com/openshift3/ose-"
	# Comment the above and uncomment these to use the upstream catalog
	# openshift_service_catalog_image_prefix: "docker.io/openshift/origin-"
	# openshift_service_catalog_image_version: "latest"
	openshift_set_hostname: true
	os_update: true
	##########################################################################
	openshift_http_proxy: 192.168.120.1:8888
	openshift_https_proxy: 192.168.120.1:8888
	openshift_no_proxy: ".cluster.local,.svc,172.30.0.0/16"
	oreg_url: 'asb-registry.usersys.redhat.com:5000/openshift3/ose-${component}:${version}'
	openshift_image_tag: "v3.7.0"
	openshift_release: "v3.7"
	##########################################################################

	- include: /usr/share/ansible/openshift-ansible/playbooks/byo/config.yml

	- hosts: localhost
	tasks:
	- name: set admin permissions
	command: oc adm policy add-cluster-role-to-user cluster-admin admin

	- name: log in as admin
	command: oc login -u admin -p admin

	- name: 'TODO temporary patch to work around https://bugzilla.redhat.com/show_bug.cgi?id=1496694'
	command: oadm policy add-cluster-role-to-user cluster-admin -z service-catalog-controller -n kube-service-catalog

	- name: switch to openshift-ansible-service-broker project
	command: oc project openshift-ansible-service-broker

	- name: get route name for broker
	shell: oc get routes --no-headers \| awk '{print $2}'
	register: asb_route

	- name: get token for bearer auth
	command: oc whoami -t
	register: token

	- name: wait for broker to come up
	uri:
	url: https://{{ asb_route.stdout }}/ansible-service-broker/v2/catalog
	method: GET
	headers:
	Authorization: Bearer {{ token.stdout }}
	register: services_response
	until: '{{ services_response.status\|int == 200 }}'
	retries: 100

	- name: get hostname
	command: hostname -f
	register: hostname

	- name: Install python-openshift
	yum:
	name: 'python-openshift'
	state: latest

	- name: Create pv objects
	k8s_v1_persistent_volume:
	name: "{{ item }}"
	state: present
	capacity:
	storage: '100Gi'
	access_modes:
	- ReadWriteOnce
	persistent_volume_reclaim_policy: Recycle
	nfs_path: /var/lib/exports/pv/{{ item }}
	nfs_server: "{{ hostname.stdout }}"
	async: 120
	poll: 0
	with_sequence: count=20

	- debug:
	msg: "{{ msg \| to_nice_yaml }}"
	vars:
	msg:
	- "########################################################################"
	- "Your openshift env is at https://{{ hostname.stdout }}:8443"
	- "To login run:"
	- " oc login https://{{ hostname.stdout }}:8443 -u admin -p admin"
	- "The broker is at {{ asb_route.stdout }}"
	- ""
	- "Discovered Ansible Playbook Bundles:"
	- " {{ services_response.json.services \| map(attribute='name') \| list \| join(', ') }}"
	- "########################################################################"