---
# Copyright kubeinit contributors
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Gather hosts facts and stop the deployment if required
block:
- name: Gather hypervisor facts if needed
ansible.builtin.include_tasks: prepare_hypervisors.yml
vars:
hypervisors_prepared: "{{ 'kubeinit_facts' in groups }}"
when: not hypervisors_prepared
- name: Add task-prepare-hypervisors to tasks_completed
ansible.builtin.add_host:
name: "kubeinit-facts"
tasks_completed: "{{ hostvars['kubeinit-facts'].tasks_completed | union(['task-prepare-hypervisors']) }}"
- name: Stop the deployment if required
block:
- name: Stop after 'task-prepare-hypervisors' when requested
ansible.builtin.add_host:
name: "kubeinit-facts"
playbook_terminated: true
- name: End play
ansible.builtin.meta: end_play
when: kubeinit_stop_after_task is defined and kubeinit_stop_after_task in hostvars['kubeinit-facts'].tasks_completed
- name: Stop the deployment if required
block:
- name: "Stop before 'task-prepare-environment' when requested"
ansible.builtin.add_host:
name: "kubeinit-facts"
playbook_terminated: true
- name: End play
ansible.builtin.meta: end_play
when: kubeinit_stop_before_task is defined and kubeinit_stop_before_task == 'task-prepare-environment'
tags: omit_from_grapher
- name: Define kubeinit_facts_hostvars
ansible.builtin.set_fact:
kubeinit_facts_hostvars: "{{ hostvars['kubeinit-facts'] }}"
#
# Setup bastion_host group
#
- name: Parse bastion_host_spec into a dictionary if defined
ansible.builtin.set_fact:
bastion_host_map: "{{ bastion_host_spec | from_yaml }}"
when: bastion_host_spec is defined
- name: Assert bastion_host group and bastion_host_spec have same name when both defined
ansible.builtin.assert:
msg: "Cluster bastion host from inventory and command-line specification must match."
that: bastion_host_map['host'] == groups['bastion_host'][0]
when: bastion_host_map['host'] | default('') | length > 0 and groups['bastion_host'][0] | default('') | length > 0
- name: Define kubeinit_bastion_host_name
ansible.builtin.set_fact:
kubeinit_bastion_host_name: "{{ groups['bastion_host'][0] | default(bastion_host_map['host']) | default('bastion') }}"
- name: Assert bastion_host group does not have both target and ansible_host keys
ansible.builtin.assert:
msg: "The bastion_host group cannot have both target and ansible_host keys."
that: hostvars[kubeinit_bastion_host_name]['target'] is not defined or hostvars[kubeinit_bastion_host_name]['ansible_host'] is not defined
when: hostvars[kubeinit_bastion_host_name] is defined
- name: Define default bastion target and ansible_host from group target
ansible.builtin.set_fact:
default_bastion_target: "{{ hostvars[kubeinit_bastion_host_name].target }}"
default_ansible_host: "{{ hostvars[hostvars[kubeinit_bastion_host_name].target].ansible_host }}"
when: hostvars[kubeinit_bastion_host_name].target | default('') | length > 0
- name: Define default bastion target and ansible_host from group ansible_host
ansible.builtin.set_fact:
default_bastion_target: "{{ kubeinit_bastion_host_name }}"
default_ansible_host: "{{ hostvars[kubeinit_bastion_host_name].ansible_host }}"
when: hostvars[kubeinit_bastion_host_name].ansible_host | default('') | length > 0
- name: Assert bastion_host_spec does not have both target and ansible_host keys
ansible.builtin.assert:
msg: "The bastion_host_spec cannot have both target and ansible_host keys."
that: bastion_host_map['target'] is not defined or bastion_host_map['ansible_host'] is not defined
when: bastion_host_map is defined
- name: Define default bastion target and ansible_host from spec target
ansible.builtin.set_fact:
default_bastion_target: "{{ bastion_host_map['target'] }}"
default_ansible_host: "{{ hostvars[bastion_host_map['target']].ansible_host }}"
when: bastion_host_map['target'] | default('') | length > 0
- name: Define default bastion target and ansible_host from spec ansible_host
ansible.builtin.set_fact:
default_bastion_target: "{{ kubeinit_bastion_host_name }}"
default_ansible_host: "{{ bastion_host_map['ansible_host'] }}"
when: bastion_host_map['ansible_host'] | default('') | length > 0
- name: Use the first hypervisor if neither bastion host spec or group defines a target or ansible_host
ansible.builtin.add_host:
name: "{{ kubeinit_bastion_host_name }}"
group: 'bastion_host'
target: "{{ default_bastion_target | default(groups['kubeinit_hypervisors'] | first) }}"
ansible_host: "{{ default_ansible_host | default(hostvars[groups['kubeinit_hypervisors'] | first].ansible_host) }}"
#
# Setup ovn_central_host group
#
- name: Parse ovn_central_host_spec into a dictionary if defined
ansible.builtin.set_fact:
ovn_central_host_map: "{{ ovn_central_host_spec | from_yaml }}"
when: ovn_central_host_spec is defined
- name: Assert ovn_central_host group and ovn_central_host_spec have same name when both defined
ansible.builtin.assert:
msg: "Cluster ovn-central host from inventory and command-line specification must match."
that: ovn_central_host_map['host'] == groups['ovn_central_host'][0]
when: ovn_central_host_map['host'] | default('') | length > 0 and groups['ovn_central_host'][0] | default('') | length > 0
- name: Define kubeinit_ovn_central_host_name
ansible.builtin.set_fact:
kubeinit_ovn_central_host_name: "{{ groups['ovn_central_host'][0] | default(ovn_central_host_map['host']) | default('ovn-central') }}"
- name: Define default ovn-central target and ansible_host from group target
ansible.builtin.set_fact:
default_ovn_central_target: "{{ hostvars[kubeinit_ovn_central_host_name].target }}"
when: hostvars[kubeinit_ovn_central_host_name].target | default('') | length > 0
- name: Define default ovn-central target and ansible_host from spec target
ansible.builtin.set_fact:
default_ovn_central_target: "{{ ovn_central_host_map['target'] }}"
when: ovn_central_host_map['target'] | default('') | length > 0
- name: Use the first hypervisor if neither ovn-central host spec or group defines a target
ansible.builtin.add_host:
name: "{{ kubeinit_ovn_central_host_name }}"
group: 'ovn_central_host'
target: "{{ default_ovn_central_target | default(groups['kubeinit_hypervisors'] | first) }}"
- name: Add ansible_host for ovn_central_host
ansible.builtin.add_host:
name: "{{ kubeinit_ovn_central_host_name }}"
group: 'ovn_central_host'
ansible_host: "{{ hostvars[hostvars[kubeinit_ovn_central_host_name].target].ansible_host }}"
- name: Prepare groups
ansible.builtin.include_tasks: prepare_groups.yml
- name: Define group facts
ansible.builtin.set_fact:
kubeinit_cluster_hostvars: "{{ hostvars[kubeinit_cluster_name] }}"
kubeinit_bastion_host: "{{ hostvars[kubeinit_bastion_host_name].target }}"
kubeinit_ovn_central_host: "{{ hostvars[kubeinit_ovn_central_host_name].target }}"
kubeinit_first_controller_node: "{{ groups['all_controller_nodes'][0] }}"
kubeinit_hypervisor_count: "{{ groups['kubeinit_hypervisors'] | length }}"
kubeinit_controller_count: "{{ groups['all_controller_nodes'] | length }}"
kubeinit_compute_count: "{{ groups['all_compute_nodes'] | default([]) | length }}"
kubeinit_cluster_node_count: "{{ groups['all_cluster_nodes'] | default([]) | length }}"
loop: "{{ ['localhost'] | union(groups['kubeinit_hypervisors']) }}"
delegate_to: "{{ item }}"
- name: Install podman if required
ansible.builtin.package:
state: present
name: "podman"
when: not hostvars['localhost'].podman_is_installed
- name: Define service node facts
ansible.builtin.set_fact:
kubeinit_apache_service_name: "{{ kubeinit_cluster_name }}-apache"
kubeinit_bind_service_name: "{{ kubeinit_cluster_name }}-bind"
kubeinit_dnsmasq_service_name: "{{ kubeinit_cluster_name }}-dnsmasq"
kubeinit_haproxy_service_name: "{{ kubeinit_cluster_name }}-haproxy"
kubeinit_nexus_service_name: "{{ kubeinit_cluster_name }}-nexus"
kubeinit_provision_service_name: "{{ kubeinit_cluster_name }}-provision"
kubeinit_registry_service_name: "{{ kubeinit_cluster_name }}-registry"
kubeinit_apache_service_node: "{{ kubeinit_cluster_hostvars.services['apache'] | default(None) }}"
kubeinit_bind_service_node: "{{ kubeinit_cluster_hostvars.services['bind'] | default(None) }}"
kubeinit_dnsmasq_service_node: "{{ kubeinit_cluster_hostvars.services['dnsmasq'] | default(None) }}"
kubeinit_haproxy_service_node: "{{ kubeinit_cluster_hostvars.services['haproxy'] | default(None) }}"
kubeinit_nexus_service_node: "{{ kubeinit_cluster_hostvars.services['nexus'] | default(None) }}"
kubeinit_provision_service_node: "{{ kubeinit_cluster_hostvars.services['provision'] }}"
kubeinit_registry_service_node: "{{ kubeinit_cluster_hostvars.services['registry'] | default(None) }}"
loop: "{{ ['localhost'] | union(groups['kubeinit_hypervisors']) }}"
delegate_to: "{{ item }}"
- name: Gather facts from bastion host if it is not a hypervisor host
block:
- name: Gather hosts facts and omit from the documentation grapher
block:
- name: Gather facts from bastion_host if needed
ansible.builtin.include_role:
name: kubeinit.kubeinit.kubeinit_libvirt
tasks_from: gather_host_facts.yml
public: true
vars:
_param_gather_host: "{{ kubeinit_bastion_host }}"
tags: omit_from_grapher
- name: Generate an OpenSSH keypair bastion host
community.crypto.openssh_keypair:
path: "~/.ssh/{{ kubeinit_cluster_name }}_id_{{ kubeinit_ssh_keytype }}"
type: "{{ kubeinit_ssh_keytype }}"
comment: "{{ kubeinit_cluster_name }} {{ kubeinit_bastion_host }}"
regenerate: 'never'
register: _result_bastion_keypair
delegate_to: "{{ kubeinit_bastion_host }}"
- name: Set authorized_key hostvar for bastion host
ansible.builtin.add_host:
name: "{{ kubeinit_bastion_host }}"
authorized_key: "{{ _result_bastion_keypair.public_key + ' ' + _result_bastion_keypair.comment }}"
- name: Add bastion host authorized key to cluster authorized_keys
ansible.builtin.set_fact:
authorized_keys_with_bastion: "{{ kubeinit_cluster_hostvars.authorized_keys | union([hostvars[kubeinit_bastion_host].authorized_key]) }}"
- name: Set all cluster hypervisors fact
ansible.builtin.add_host:
name: "{{ kubeinit_cluster_name }}"
authorized_keys: "{{ authorized_keys_with_bastion }}"
- name: Update kubeinit_cluster_hostvars
ansible.builtin.set_fact:
kubeinit_cluster_hostvars: "{{ hostvars[kubeinit_cluster_name] }}"
when: kubeinit_bastion_host not in groups['all_hosts']
- name: Add all cluster authorized keys to all hypervisors
ansible.posix.authorized_key:
user: root
key: "{{ _key }}"
state: present
loop: "{{ groups['all_hosts'] | product(kubeinit_cluster_hostvars.authorized_keys) | list }}"
vars:
_host: "{{ item[0] }}"
_key: "{{ item[1] }}"
delegate_to: "{{ _host }}"
- name: Define additional host, node and services facts
ansible.builtin.set_fact:
kubeinit_bastion_host_address: "{{ hostvars[kubeinit_bastion_host].ssh_connection_address }}"
kubeinit_apache_service_address: "{{ hostvars[kubeinit_apache_service_node].ansible_host | default(None) }}"
kubeinit_bind_service_address: "{{ hostvars[kubeinit_bind_service_node].ansible_host | default(None) }}"
kubeinit_dnsmasq_service_address: "{{ hostvars[kubeinit_dnsmasq_service_node].ansible_host | default(None) }}"
kubeinit_haproxy_service_address: "{{ hostvars[kubeinit_haproxy_service_node].ansible_host | default(None) }}"
kubeinit_nexus_service_address: "{{ hostvars[kubeinit_nexus_service_node].ansible_host | default(None) }}"
kubeinit_provision_service_address: "{{ hostvars[kubeinit_provision_service_node].ansible_host }}"
kubeinit_registry_service_address: "{{ hostvars[kubeinit_registry_service_node].ansible_host | default(None) }}"
kubeinit_service_user: "root"
kubeinit_service_user_dir: "/root"
kubeinit_ingress_hostname: "ingress"
kubeinit_bind_volume_name: "{{ kubeinit_bind_service_name }}-config"
kubeinit_nexus_port: "5001"
kubeinit_nexus_fqdn: "{{ kubeinit_nexus_service_node }}.{{ kubeinit_cluster_fqdn }}"
kubeinit_nexus_fqdn_alt: "nexus.{{ kubeinit_cluster_fqdn }}"
kubeinit_nexus_uri: "{{ kubeinit_nexus_service_node }}.{{ kubeinit_cluster_fqdn }}:5001"
kubeinit_registry_port: "5000"
kubeinit_registry_fqdn: "{{ kubeinit_registry_service_node }}.{{ kubeinit_cluster_fqdn }}"
kubeinit_registry_fqdn_alt: "registry.{{ kubeinit_cluster_fqdn }}"
kubeinit_registry_uri: "{{ kubeinit_registry_service_node }}.{{ kubeinit_cluster_fqdn }}:5000"
kubeinit_services_data_volume: "{{ kubeinit_cluster_name }}-data"
loop: "{{ ['localhost'] | union(groups['kubeinit_hypervisors']) }}"
delegate_to: "{{ item }}"
- name: Add ssh ProxyCommand option for all nodes
ansible.builtin.add_host:
name: "{{ item }}"
ansible_ssh_common_args: >-
{{ ansible_ssh_common_args }} -i ~/.ssh/{{ kubeinit_cluster_name }}_id_{{ kubeinit_ssh_keytype }} -o ProxyCommand="ssh {{ ansible_ssh_common_args }} -i ~/.ssh/{{ kubeinit_cluster_name }}_id_{{ kubeinit_ssh_keytype }} -W %h:%p -q root@{{ hostvars[kubeinit_ovn_central_host].ssh_connection_address }}"
loop: "{{ groups['all_nodes'] }}"
- name: Gather hosts facts and stop the deployment if required
block:
- name: Add task-prepare-environment to tasks_completed
ansible.builtin.add_host:
name: "kubeinit-facts"
tasks_completed: "{{ kubeinit_facts_hostvars.tasks_completed | union(['task-prepare-environment']) }}"
- name: Update kubeinit_facts_hostvars
ansible.builtin.set_fact:
kubeinit_facts_hostvars: "{{ hostvars['kubeinit-facts'] }}"
- name: Stop the deployment if required
block:
- name: Stop after 'task-prepare-environment' when requested
ansible.builtin.add_host:
name: "kubeinit-facts"
playbook_terminated: true
- name: End play
ansible.builtin.meta: end_play
when: kubeinit_stop_after_task is defined and kubeinit_stop_after_task in kubeinit_facts_hostvars.tasks_completed
tags: omit_from_grapher