blob: 607ace7f9aee7f2b365668773e1514664ef057cc (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
|
---
- name: Retrieve list of openshift nodes matching router selector
oc_obj:
state: list
kind: node
namespace: "{{ openshift.hosted.router.namespace | default('default') }}"
selector: "{{ openshift.hosted.router.selector | default(omit) }}"
register: router_nodes
when: openshift.hosted.router.replicas | default(none) is none
- name: set_fact replicas
set_fact:
replicas: "{{ openshift.hosted.router.replicas|default(None) | get_router_replicas(router_nodes) }}"
- block:
- name: Assert that 'certfile', 'keyfile' and 'cafile' keys provided in openshift_hosted_router_certificate
assert:
that:
- "'certfile' in openshift_hosted_router_certificate"
- "'keyfile' in openshift_hosted_router_certificate"
- "'cafile' in openshift_hosted_router_certificate"
msg: "'certfile', 'keyfile' and 'cafile' keys must be specified when supplying the openshift_hosted_router_certificate variable."
- name: Read router certificate and key
become: no
local_action:
module: slurp
src: "{{ item }}"
register: openshift_router_certificate_output
# Defaulting dictionary keys to none to avoid deprecation warnings
# (future fatal errors) during template evaluation. Dictionary keys
# won't be accessed unless openshift_hosted_router_certificate is
# defined and has all keys (certfile, keyfile, cafile) which we
# check above.
with_items:
- "{{ (openshift_hosted_router_certificate | default({'certfile':none})).certfile }}"
- "{{ (openshift_hosted_router_certificate | default({'keyfile':none})).keyfile }}"
- "{{ (openshift_hosted_router_certificate | default({'cafile':none})).cafile }}"
- name: Persist certificate contents
openshift_facts:
role: hosted
openshift_env:
openshift_hosted_router_certificate_contents: "{% for certificate in openshift_router_certificate_output.results -%}{{ certificate.content | b64decode }}{% endfor -%}"
- name: Create PEM certificate
copy:
content: "{{ openshift.hosted.router.certificate.contents }}"
dest: "{{ openshift_master_config_dir }}/openshift-router.pem"
mode: 0600
when: openshift_hosted_router_certificate is defined
- name: Create OpenShift router
oc_adm_router:
name: "{{ openshift.hosted.router.name | default('router') }}"
replicas: "{{ replicas }}"
namespace: "{{ openshift.hosted.router.namespace | default('default') }}"
# This option is not yet implemented
# force_subdomain: "{{ openshift.hosted.router.force_subdomain | default(none) }}"
service_account: router
selector: "{{ openshift.hosted.router.selector | default(none) }}"
images: "{{ openshift.hosted.router.registryurl | default(none) }}"
default_cert: "{{ openshift_hosted_router_certificate is defined | default(false) | ternary(openshift_master_config_dir + '/openshift-router.pem', omit) }}"
# These edits are being specified only to prevent 'changed' on rerun
edits:
- key: spec.strategy.rollingParams.intervalSeconds
value: 1
action: put
- key: spec.strategy.rollingParams.updatePeriodSeconds
value: 1
action: put
- key: spec.strategy.activeDeadlineSeconds
value: 21600
action: put
register: routerout
# This should probably move to module
- name: wait for deploy
pause:
seconds: 30
when: routerout.changed
- name: Ensure router replica count matches desired
oc_scale:
kind: dc
name: "{{ openshift.hosted.router.name | default('router') }}"
namespace: "{{ openshift.hosted.router.namespace | default('default') }}"
replicas: "{{ replicas }}"
when: replicas | int > 0
|