-
Notifications
You must be signed in to change notification settings - Fork 3.5k
/
Copy pathmain.yml
317 lines (270 loc) · 11 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
---
- fail:
msg: "Only set one of kubernetes_context or openshift_host"
when: openshift_host is defined and kubernetes_context is defined
- include_tasks: "{{ tasks }}"
with_items:
- openshift_auth.yml
- openshift.yml
loop_control:
loop_var: tasks
when: openshift_host is defined
- include_tasks: "{{ tasks }}"
with_items:
- kubernetes_auth.yml
- kubernetes.yml
loop_control:
loop_var: tasks
when: kubernetes_context is defined
- name: Use kubectl or oc
set_fact:
kubectl_or_oc: "{{ openshift_oc_bin if openshift_oc_bin is defined else 'kubectl' }}"
- set_fact:
deployment_object: "sts"
- name: Record deployment size
shell: |
{{ kubectl_or_oc }} get {{ deployment_object }} \
{{ kubernetes_deployment_name }} \
-n {{ kubernetes_namespace }} -o=jsonpath='{.status.replicas}'
register: deployment_details
ignore_errors: true
- name: Set expected post-deployment Replicas value
set_fact:
kubernetes_deployment_replica_size: "{{ deployment_details.stdout | int }}"
when: deployment_details.rc == 0
- name: Delete existing Deployment
shell: |
{{ kubectl_or_oc }} delete {{ deployment_object }} \
{{ kubernetes_deployment_name }} -n {{ kubernetes_namespace }}
when: deployment_details.rc == 0
- name: Get Postgres Service Detail
shell: "{{ kubectl_or_oc }} describe svc {{ postgresql_service_name }} -n {{ kubernetes_namespace }}"
register: postgres_svc_details
ignore_errors: true
when: "pg_hostname is not defined or pg_hostname == ''"
- name: Deploy PostgreSQL (OpenShift)
block:
- name: Template PostgreSQL Deployment (OpenShift)
template:
src: postgresql-persistent.yml.j2
dest: "{{ kubernetes_base_path }}/postgresql-persistent.yml"
mode: '0600'
- name: Deploy and Activate Postgres (OpenShift)
shell: |
{{ openshift_oc_bin }} new-app --file={{ kubernetes_base_path }}/postgresql-persistent.yml \
-e MEMORY_LIMIT={{ pg_memory_limit|default('512') }}Mi \
-e DATABASE_SERVICE_NAME=postgresql \
-e POSTGRESQL_MAX_CONNECTIONS={{ pg_max_connections|default(1024) }} \
-e POSTGRESQL_USER={{ pg_username }} \
-e POSTGRESQL_PASSWORD={{ pg_password | quote }} \
-e POSTGRESQL_DATABASE={{ pg_database | quote }} \
-e POSTGRESQL_VERSION=10 \
-n {{ kubernetes_namespace }}
register: openshift_pg_activate
no_log: true
when:
- pg_hostname is not defined or pg_hostname == ''
- postgres_svc_details is defined and postgres_svc_details.rc != 0
- openshift_host is defined
- name: Deploy PostgreSQL (Kubernetes)
block:
- name: Template PostgreSQL Deployment (Kubernetes)
set_fact:
pg_values: "{{ lookup('template', 'postgresql-values.yml.j2') }}"
no_log: true
- name: Deploy and Activate Postgres (Kubernetes)
shell: |
helm repo update --tiller-namespace={{ tiller_namespace | default('kube-system') }}
echo {{ pg_values | quote }} | helm upgrade {{ postgresql_service_name }} --install \
--namespace {{ kubernetes_namespace }} \
--version="6.2.1" \
--tiller-namespace={{ tiller_namespace | default('kube-system') }} \
--values - \
stable/postgresql
register: kubernetes_pg_activate
no_log: true
when:
- pg_hostname is not defined or pg_hostname == ''
- postgres_svc_details is defined and postgres_svc_details.rc != 0
- kubernetes_context is defined
- name: Set postgresql hostname to helm package service (Kubernetes)
set_fact:
pg_hostname: "{{ postgresql_service_name }}"
when:
- pg_hostname is not defined or pg_hostname == ''
- kubernetes_context is defined
- name: Wait for Postgres to activate
pause:
seconds: "{{ postgress_activate_wait }}"
when: openshift_pg_activate.changed or kubernetes_pg_activate.changed
- name: Check postgres version and upgrade Postgres if necessary
block:
- name: Check if Postgres 9.6 is being used
shell: |
POD=$({{ kubectl_or_oc }} -n {{ kubernetes_namespace }} \
get pods -l=name=postgresql --field-selector status.phase=Running -o jsonpath="{.items[0].metadata.name}")
oc exec $POD -n {{ kubernetes_namespace }} -- bash -c "psql -tAc 'select version()'"
register: pg_version
- name: Upgrade postgres if necessary
block:
- name: Set new pg image
shell: |
IMAGE=registry.access.redhat.com/rhscl/postgresql-10-rhel7
{{ kubectl_or_oc }} -n {{ kubernetes_namespace }} set image dc/postgresql postgresql=$IMAGE
- name: Wait for change to take affect
pause:
seconds: 5
- name: Set env var for pg upgrade
shell: |
{{ kubectl_or_oc }} -n {{ kubernetes_namespace }} set env dc/postgresql POSTGRESQL_UPGRADE=copy
- name: Wait for change to take affect
pause:
seconds: 5
- name: Set env var for new pg version
shell: |
{{ kubectl_or_oc }} -n {{ kubernetes_namespace }} set env dc/postgresql POSTGRESQL_VERSION=10
- name: Wait for Postgres to redeploy
pause:
seconds: "{{ postgress_activate_wait }}"
- name: Wait for Postgres to finish upgrading
shell: |
POD=$({{ kubectl_or_oc }} -n {{ kubernetes_namespace }} \
get pods -l=name=postgresql -o jsonpath="{.items[0].metadata.name}")
{{ kubectl_or_oc }} -n {{ kubernetes_namespace }} logs $POD | grep 'Upgrade DONE'
register: pg_upgrade_logs
retries: 360
delay: 10
until: pg_upgrade_logs is success
- name: Unset upgrade env var
shell: |
{{ kubectl_or_oc }} -n {{ kubernetes_namespace }} set env dc/postgresql POSTGRESQL_UPGRADE-
- name: Wait for Postgres to redeploy
pause:
seconds: "{{ postgress_activate_wait }}"
when: "pg_version is success and '9.6' in pg_version.stdout"
when:
- pg_hostname is not defined or pg_hostname == ''
- name: Set image names if using custom registry
block:
- name: Set task image name
set_fact:
kubernetes_task_image: "{{ docker_registry }}/{{ docker_registry_repository }}/{{ task_image }}"
when: kubernetes_task_image is not defined
- name: Set web image name
set_fact:
kubernetes_web_image: "{{ docker_registry }}/{{ docker_registry_repository }}/{{ web_image }}"
when: kubernetes_web_image is not defined
when: docker_registry is defined
- name: Generate SSL certificates for RabbitMQ, if needed
include_tasks: ssl_cert_gen.yml
when: "rabbitmq_use_ssl|default(False)|bool"
- name: Get Kubernetes Config
command: |
{{ kubectl_or_oc }} config view -o json
register: kube_config_cmd
no_log: true
- name: Convert kube config to dictionary
set_fact:
kube_config: "{{ kube_config_cmd.stdout | from_json }}"
no_log: true
- name: Extract current context from kube config
set_fact:
current_kube_context: "{{ kube_config['current-context'] }}"
- name: Find cluster for current context
set_fact:
kube_cluster: |
{{ (kube_config.contexts |
selectattr("name", "equalto", current_kube_context) |
list)[0].context.cluster }}
- name: Find server for current context
set_fact:
kube_server: |
{{ (kube_config.clusters |
selectattr("name", "equalto", kube_cluster|trim) |
list)[0].cluster.server }}
- name: Get kube version from api server
uri:
url: "{{ kube_server | trim }}/version"
validate_certs: false
register: kube_version
- name: Extract server version from command output
set_fact:
kube_api_version: "{{ kube_version.json.gitVersion[1:] }}"
- name: Determine StatefulSet api version
set_fact:
kubernetes_statefulset_api_version: "{{ 'apps/v1' if kube_api_version is version('1.9', '>=') else 'apps/v1beta1' }}"
- name: Render deployment templates
set_fact:
"{{ item }}": "{{ lookup('template', item + '.yml.j2') }}"
with_items:
- 'configmap'
- 'deployment'
- 'secret'
no_log: true
- name: Apply Deployment
shell: |
echo {{ item | quote }} | {{ kubectl_or_oc }} apply -f -
with_items:
- "{{ configmap }}"
- "{{ deployment }}"
- "{{ secret }}"
no_log: true
- name: Delete any existing management pod
shell: |
{{ kubectl_or_oc }} -n {{ kubernetes_namespace }} \
delete pod ansible-tower-management --grace-period=0 --ignore-not-found
- name: Template management pod
set_fact:
management_pod: "{{ lookup('template', 'management-pod.yml.j2') }}"
- name: Create management pod
shell: |
echo {{ management_pod | quote }} | {{ kubectl_or_oc }} apply -f -
- name: Wait for management pod to start
shell: |
{{ kubectl_or_oc }} -n {{ kubernetes_namespace }} \
get pod ansible-tower-management -o jsonpath="{.status.phase}"
register: result
until: result.stdout == "Running"
retries: 60
delay: 10
- name: Migrate database
shell: |
{{ kubectl_or_oc }} -n {{ kubernetes_namespace }} exec ansible-tower-management -- \
bash -c "awx-manage migrate --noinput"
- name: Check for Tower Super users
shell: |
{{ kubectl_or_oc }} -n {{ kubernetes_namespace }} exec ansible-tower-management -- \
bash -c "echo 'from django.contrib.auth.models import User; nsu = User.objects.filter(is_superuser=True).count(); exit(0 if nsu > 0 else 1)' | awx-manage shell"
register: super_check
ignore_errors: true
changed_when: super_check.rc > 0
- name: create django super user if it does not exist
shell: |
{{ kubectl_or_oc }} -n {{ kubernetes_namespace }} exec ansible-tower-management -- \
bash -c "echo \"from django.contrib.auth.models import User; User.objects.create_superuser('{{ admin_user }}', '{{ admin_email }}', '{{ admin_password }}')\" | awx-manage shell"
no_log: true
when: super_check.rc > 0
- name: update django super user password
shell: |
{{ kubectl_or_oc }} -n {{ kubernetes_namespace }} exec ansible-tower-management -- \
bash -c "awx-manage update_password --username='{{ admin_user }}' --password='{{ admin_password }}'"
no_log: true
register: result
changed_when: "'Password updated' in result.stdout"
- name: Create the default organization if it is needed.
shell: |
{{ kubectl_or_oc }} -n {{ kubernetes_namespace }} exec ansible-tower-management -- \
bash -c "awx-manage create_preload_data"
register: cdo
changed_when: "'added' in cdo.stdout"
when: create_preload_data | bool
- name: Delete management pod
shell: |
{{ kubectl_or_oc }} -n {{ kubernetes_namespace }} \
delete pod ansible-tower-management --grace-period=0 --ignore-not-found
- name: Scale up deployment
shell: |
{{ kubectl_or_oc }} -n {{ kubernetes_namespace }} \
scale {{ deployment_object }} {{ kubernetes_deployment_name }} --replicas=0
{{ kubectl_or_oc }} -n {{ kubernetes_namespace }} \
scale {{ deployment_object }} {{ kubernetes_deployment_name }} --replicas={{ replicas | default(kubernetes_deployment_replica_size) }}