From 69ae8ce78addc8a926b505c56b3e25be9a11343f Mon Sep 17 00:00:00 2001 From: almahmoud Date: Thu, 22 Apr 2021 13:05:22 -0400 Subject: [PATCH] First attempt at tagging everything --- roles/cloudman-boot/tasks/auth.yaml | 152 +++++++++++++-------- roles/cloudman-boot/tasks/certmanager.yaml | 56 ++++---- roles/cloudman-boot/tasks/cloudman.yaml | 53 +++---- roles/cloudman-boot/tasks/finish.yaml | 3 + roles/cloudman-boot/tasks/helm_repos.yaml | 21 +-- roles/cloudman-boot/tasks/ingress.yaml | 47 ++++--- roles/cloudman-boot/tasks/postgres.yaml | 8 +- roles/cloudman-boot/tasks/rancher.yaml | 43 +++--- roles/cloudman-boot/tasks/storage.yaml | 88 +++++++----- roles/rke/tasks/main.yaml | 8 ++ 10 files changed, 291 insertions(+), 188 deletions(-) diff --git a/roles/cloudman-boot/tasks/auth.yaml b/roles/cloudman-boot/tasks/auth.yaml index d4c7470..4b4be14 100644 --- a/roles/cloudman-boot/tasks/auth.yaml +++ b/roles/cloudman-boot/tasks/auth.yaml @@ -1,4 +1,7 @@ - name: Create namespace for keycloak + tags: + - keycloak_setup + - cloudman_setup command: /usr/local/bin/kubectl create namespace keycloak ignore_errors: True @@ -9,6 +12,9 @@ - name: Download and operator when: not (kc_dir.stat.exists and kc_dir.stat.isdir) + tags: + - keycloak_setup + - cloudman_setup block: - name: Download and unarchive keycloak-operator release ansible.builtin.unarchive: @@ -29,27 +35,31 @@ - name: Deploy the operator command: "/usr/local/bin/kubectl apply -f {{ cm_keycloak_operator_path }}/deploy/operator.yaml -n {{ cm_keycloak_namespace }}" -- name: Render Keycloak instance CRD - template: - src: keycloakcrd.yml.j2 - dest: "{{ cm_keycloak_operator_path }}/deploy/cloudman-keycloak.yaml" - -- name: Apply the rendered Keycloak instance - command: /usr/local/bin/kubectl apply -f {{ cm_keycloak_operator_path }}/deploy/cloudman-keycloak.yaml -n {{ cm_keycloak_namespace }} - -- name: Render GVL Keycloak realm CRD - template: - src: keycloak_gvl_realm.yml.j2 - dest: "{{ cm_keycloak_operator_path }}/deploy/gvl-keycloakrealm.yaml" - -- name: Apply the rendered GVL realm - command: /usr/local/bin/kubectl apply -f {{ cm_keycloak_operator_path }}/deploy/gvl-keycloakrealm.yaml -n {{ cm_keycloak_namespace }} +- name: Render and apply Keycloak instance + tags: + - keycloak_setup + - cloudman_setup + block: + - name: Render Keycloak instance CRD + template: + src: keycloakcrd.yml.j2 + dest: "{{ cm_keycloak_operator_path }}/deploy/cloudman-keycloak.yaml" + + - name: Apply the rendered Keycloak instance + command: /usr/local/bin/kubectl apply -f {{ cm_keycloak_operator_path }}/deploy/cloudman-keycloak.yaml -n {{ cm_keycloak_namespace }} + +- name: Render and apply GVL Realm + tags: + - gvl_setup + - gvl_realm_update + block: + - name: Render GVL Keycloak realm CRD + template: + src: keycloak_gvl_realm.yml.j2 + dest: "{{ cm_keycloak_operator_path }}/deploy/gvl-keycloakrealm.yaml" -- name: Render Keycloak ingress cert patch - template: - src: keycloak_ingress_patch.yml.j2 - dest: "{{ cm_keycloak_operator_path }}/deploy/cloudman-keycloak-ingress-patch.yaml" - tags: auth + - name: Apply the rendered GVL realm + command: /usr/local/bin/kubectl apply -f {{ cm_keycloak_operator_path }}/deploy/gvl-keycloakrealm.yaml -n {{ cm_keycloak_namespace }} - name: Check if Rancher SAML Client Certificate is already created stat: @@ -57,6 +67,10 @@ register: rancher_crt - name: Generate certs, Rancher SAML Client CRD, and change default rancher local password + tags: + - rancher_setup + - cloudman_setup + - rancher_keycloak_login when: not rancher_crt.stat.exists block: - name: Generate a key @@ -77,35 +91,61 @@ csr_path: "{{ cm_keycloak_operator_path }}/deploy/ansible-rancher.csr" provider: selfsigned -- name: Slurp Rancher Cert - ansible.builtin.slurp: - src: "{{ cm_keycloak_operator_path }}/deploy/ansible-rancher.crt" - register: rancher_cert - tags: auth - -- name: Slurp Rancher Key - ansible.builtin.slurp: - src: "{{ cm_keycloak_operator_path }}/deploy/ansible-rancher.pem" - register: rancher_key - tags: auth - -- name: Render Rancher SAML Client CRD - template: - src: keycloak_rancher_client.yml.j2 - dest: "{{ cm_keycloak_operator_path }}/deploy/rancher-saml-keycloakclient.yaml" - -- name: Patch in the rendered Keycloak ingress cert patch - command: /usr/local/bin/kubectl patch ingress keycloak -n {{ cm_keycloak_namespace }} --patch-file {{ cm_keycloak_operator_path }}/deploy/cloudman-keycloak-ingress-patch.yaml - tags: auth - retries: 10 - delay: 10 - register: result - until: result.rc == 0 - -- name: Apply the rendered Rancher SAML Client - command: /usr/local/bin/kubectl apply -f {{ cm_keycloak_operator_path }}/deploy/rancher-saml-keycloakclient.yaml -n {{ cm_keycloak_namespace }} +- name: Slurp Cert and key + tags: + - rancher_setup + - cloudman_setup + - rancher_keycloak_login + block: + - name: Slurp Rancher Cert + ansible.builtin.slurp: + src: "{{ cm_keycloak_operator_path }}/deploy/ansible-rancher.crt" + register: rancher_cert + tags: auth + + - name: Slurp Rancher Key + ansible.builtin.slurp: + src: "{{ cm_keycloak_operator_path }}/deploy/ansible-rancher.pem" + register: rancher_key + tags: auth + +- name: Render and apply Keycloak ingress + tags: + - keycloak_setup + - cloudman_setup + - kecyloak_cert_manager + block: + - name: Render Keycloak ingress cert patch + template: + src: keycloak_ingress_patch.yml.j2 + dest: "{{ cm_keycloak_operator_path }}/deploy/cloudman-keycloak-ingress-patch.yaml" + + - name: Patch in the rendered Keycloak ingress cert patch + command: /usr/local/bin/kubectl patch ingress keycloak -n {{ cm_keycloak_namespace }} --patch-file {{ cm_keycloak_operator_path }}/deploy/cloudman-keycloak-ingress-patch.yaml + tags: auth + retries: 10 + delay: 10 + register: result + until: result.rc == 0 + +- name: Rancher SAML Client + tags: + - keycloak_setup + - cloudman_setup + - rancher_keycloak_login + block: + - name: Render Rancher SAML Client CRD + template: + src: keycloak_rancher_client.yml.j2 + dest: "{{ cm_keycloak_operator_path }}/deploy/rancher-saml-keycloakclient.yaml" + + - name: Apply the rendered Rancher SAML Client + command: /usr/local/bin/kubectl apply -f {{ cm_keycloak_operator_path }}/deploy/rancher-saml-keycloakclient.yaml -n {{ cm_keycloak_namespace }} - name: Login to Rancher + tags: + - rancher_setup + - cloudman_setup uri: url: "https://{{ rancher_hostname }}/v3-public/localProviders/local?action=login" method: POST @@ -120,16 +160,17 @@ retries: 80 delay: 5 until: rancher_login['status']|default(0) in [200, 201, 401] - tags: auth -- name: Change default password and setup external auth first time only +- name: Change default password + tags: + - rancher_setup + - cloudman_setup when: rancher_login['status']|default(0) in [200, 201] block: - name: Set Rancher admin Token and user id set_fact: ra_token: "{{ rancher_login.json.token }}" ra_admin_user_id: "{{ rancher_login.json.userId }}" - tags: auth - name: Change password for admin user uri: @@ -142,8 +183,14 @@ newPassword: "{{ cluster_password }}" headers: Authorization: Bearer {{ ra_token }} - tags: auth +- name: Change default password and setup external auth first time only + tags: + - rancher_setup + - cloudman_setup + - rancher_keycloak_login + when: rancher_login['status']|default(0) in [200, 201] + block: #https://rancher.com/docs/rancher/v2.x/en/admin-settings/authentication/keycloak/#keycloak-6-0-0-idpssodescriptor-missing-from-options - name: Get SAML Metadata IDPSSODescriptor uri: @@ -155,7 +202,6 @@ retries: 80 delay: 5 until: idp_metadata['status']|default(0) == 200 - tags: auth - name: Setup Rancher External Auth uri: @@ -186,7 +232,6 @@ Authorization: Bearer {{ ra_token }} retries: 5 delay: 10 - tags: auth - name: Set default Rancher user role to admin uri: @@ -200,6 +245,5 @@ Authorization: Bearer {{ ra_token }} retries: 5 delay: 10 - tags: auth diff --git a/roles/cloudman-boot/tasks/certmanager.yaml b/roles/cloudman-boot/tasks/certmanager.yaml index 4fd1ddc..e3ec04f 100644 --- a/roles/cloudman-boot/tasks/certmanager.yaml +++ b/roles/cloudman-boot/tasks/certmanager.yaml @@ -1,32 +1,36 @@ -- name: Create cert-manager namespace - command: > - /usr/local/bin/kubectl create namespace cert-manager - ignore_errors: true +- name: Setup cert-manager + tags: + - cert_manager_setup + block: + - name: Create cert-manager namespace + command: > + /usr/local/bin/kubectl create namespace cert-manager + ignore_errors: true -- name: Create cert manager CRDs - shell: /usr/local/bin/kubectl apply --validate=false -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.11/deploy/manifests/00-crds.yaml + - name: Create cert manager CRDs + shell: /usr/local/bin/kubectl apply --validate=false -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.11/deploy/manifests/00-crds.yaml -- name: Add cert manager helm repo - shell: /usr/local/bin/helm repo add jetstack https://charts.jetstack.io - ignore_errors: true + - name: Add cert manager helm repo + shell: /usr/local/bin/helm repo add jetstack https://charts.jetstack.io + ignore_errors: true -- name: Update Helm repos - shell: /usr/local/bin/helm repo update + - name: Update Helm repos + shell: /usr/local/bin/helm repo update -- name: Render cluster issuer template - template: - src: clusterissuer.yaml.j2 - dest: /tmp/clusterissuer.yaml + - name: Render cluster issuer template + template: + src: clusterissuer.yaml.j2 + dest: /tmp/clusterissuer.yaml -- name: Create cert manager cluster issuer - shell: /usr/local/bin/kubectl apply -f /tmp/clusterissuer.yaml + - name: Create cert manager cluster issuer + shell: /usr/local/bin/kubectl apply -f /tmp/clusterissuer.yaml -- name: Helm install cert-manager - command: > - /usr/local/bin/helm upgrade --install cert-manager jetstack/cert-manager - --namespace "cert-manager" - --version "0.11.0" - --set ingressShim.defaultIssuerName="letsencrypt-prod" - --set ingressShim.defaultIssuerKind="ClusterIssuer" - --set webhook.enabled=false - ignore_errors: true + - name: Helm install cert-manager + command: > + /usr/local/bin/helm upgrade --install cert-manager jetstack/cert-manager + --namespace "cert-manager" + --version "0.11.0" + --set ingressShim.defaultIssuerName="letsencrypt-prod" + --set ingressShim.defaultIssuerKind="ClusterIssuer" + --set webhook.enabled=false + ignore_errors: true diff --git a/roles/cloudman-boot/tasks/cloudman.yaml b/roles/cloudman-boot/tasks/cloudman.yaml index 8fd51a7..ba1543b 100644 --- a/roles/cloudman-boot/tasks/cloudman.yaml +++ b/roles/cloudman-boot/tasks/cloudman.yaml @@ -8,30 +8,35 @@ when: cm_force_pull_images ignore_errors: true -- name: Create temp file for cloudman helm values - tempfile: - state: file - suffix: helmvals - register: temp_helmvals +- name: Update Cloudman + tags: + - cloudman_setup + - cloudman_update + block: + - name: Create temp file for cloudman helm values + tempfile: + state: file + suffix: helmvals + register: temp_helmvals -- name: Render CloudMan chart custom values file - template: - src: cm_chart_values.yml.j2 - dest: "{{ temp_helmvals.path }}" + - name: Render CloudMan chart custom values file + template: + src: cm_chart_values.yml.j2 + dest: "{{ temp_helmvals.path }}" -- name: Helm install CloudMan - command: > - /usr/local/bin/helm upgrade --reset-values --install cloudman galaxyproject/cloudman - --create-namespace - --namespace "{{ cm_namespace_name }}" - {% if cm_chart_version %} - --version "{{ cm_chart_version }}" - {% endif %} - -f "{{ temp_helmvals.path }}" - ignore_errors: true + - name: Helm install CloudMan + command: > + /usr/local/bin/helm upgrade --reset-values --install cloudman galaxyproject/cloudman + --create-namespace + --namespace "{{ cm_namespace_name }}" + {% if cm_chart_version %} + --version "{{ cm_chart_version }}" + {% endif %} + -f "{{ temp_helmvals.path }}" + ignore_errors: true -- name: Remove temporary values file - file: - path: "{{ temp_helmvals.path }}" - state: absent - when: temp_helmvals.path is defined + - name: Remove temporary values file + file: + path: "{{ temp_helmvals.path }}" + state: absent + when: temp_helmvals.path is defined diff --git a/roles/cloudman-boot/tasks/finish.yaml b/roles/cloudman-boot/tasks/finish.yaml index 76baf4f..5b5d61f 100644 --- a/roles/cloudman-boot/tasks/finish.yaml +++ b/roles/cloudman-boot/tasks/finish.yaml @@ -1,4 +1,6 @@ - name: Wait for CloudMan login to become accessible + tags: + - cloudman_setup uri: url: "https://{{ cluster_hostname }}/cloudman/openid/openid/KeyCloak" method: GET @@ -11,6 +13,7 @@ - name: System help info debug: + - cloudman_setup msg: | "The system has now been setup. Access CloudMan at https://{{ cluster_hostname }}/" "" diff --git a/roles/cloudman-boot/tasks/helm_repos.yaml b/roles/cloudman-boot/tasks/helm_repos.yaml index b5110d5..8a2cfe1 100644 --- a/roles/cloudman-boot/tasks/helm_repos.yaml +++ b/roles/cloudman-boot/tasks/helm_repos.yaml @@ -1,10 +1,13 @@ -- name: Add wunderio Helm repo for RClone - shell: /usr/local/bin/helm repo add wunderio https://storage.googleapis.com/charts.wdr.io/ - ignore_errors: True +- name: Add helm repositories + tags: + - cloudman_setup + - galaxy_setup + - cloudman_update + - galaxy_update + block: + - name: "Add CloudVE Helm repo: {{ cm_charts_repo }}" + shell: /usr/local/bin/helm repo add galaxyproject {{ cm_charts_repo }} + ignore_errors: True -- name: "Add CloudVE Helm repo: {{ cm_charts_repo }}" - shell: /usr/local/bin/helm repo add galaxyproject {{ cm_charts_repo }} - ignore_errors: True - -- name: Update Helm repos - shell: /usr/local/bin/helm repo update + - name: Update Helm repos + shell: /usr/local/bin/helm repo update diff --git a/roles/cloudman-boot/tasks/ingress.yaml b/roles/cloudman-boot/tasks/ingress.yaml index 445281f..c9a3842 100644 --- a/roles/cloudman-boot/tasks/ingress.yaml +++ b/roles/cloudman-boot/tasks/ingress.yaml @@ -1,25 +1,30 @@ -- name: Create namespace for nginx ingress - command: /usr/local/bin/kubectl create namespace ingress-nginx - ignore_errors: True +- name: Install nginx ingress + tags: + - cloudman_setup + - nignx_controller_setup + block: + - name: Create namespace for nginx ingress + command: /usr/local/bin/kubectl create namespace ingress-nginx + ignore_errors: True -- name: Add helm repo for nginx ingress - shell: /usr/local/bin/helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx - ignore_errors: True + - name: Add helm repo for nginx ingress + shell: /usr/local/bin/helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx + ignore_errors: True -- name: Update helm repo - shell: /usr/local/bin/helm repo update - ignore_errors: True + - name: Update helm repo + shell: /usr/local/bin/helm repo update + ignore_errors: True -- name: Helm install nginx ingress controller - command: > - /usr/local/bin/helm upgrade --install ingress-nginx ingress-nginx/ingress-nginx - --namespace ingress-nginx - --set controller.kind="DaemonSet" - --set controller.hostNetwork=true - --set controller.daemonset.useHostPort=true - ignore_errors: true + - name: Helm install nginx ingress controller + command: > + /usr/local/bin/helm upgrade --install ingress-nginx ingress-nginx/ingress-nginx + --namespace ingress-nginx + --set controller.kind="DaemonSet" + --set controller.hostNetwork=true + --set controller.daemonset.useHostPort=true + ignore_errors: true -- name: Fix for issue https://github.com/kubernetes/ingress-nginx/issues/5401 - command: > - kubectl delete -n ingress-nginx -A ValidatingWebhookConfiguration ingress-nginx-admission - ignore_errors: true + - name: Fix for issue https://github.com/kubernetes/ingress-nginx/issues/5401 + command: > + kubectl delete -n ingress-nginx -A ValidatingWebhookConfiguration ingress-nginx-admission + ignore_errors: true diff --git a/roles/cloudman-boot/tasks/postgres.yaml b/roles/cloudman-boot/tasks/postgres.yaml index c9d405c..e023281 100644 --- a/roles/cloudman-boot/tasks/postgres.yaml +++ b/roles/cloudman-boot/tasks/postgres.yaml @@ -1,5 +1,7 @@ - name: Add postgres operator Helm repo - tags: postgres + tags: + - postgres_operator_setup + - cloudman_setup block: - name: Add zalando repo shell: /usr/local/bin/helm repo add zalando https://raw.githubusercontent.com/zalando/postgres-operator/v{{ cm_postgres_operator_version }}/charts/postgres-operator/ @@ -9,7 +11,9 @@ shell: /usr/local/bin/helm repo update - name: Helm install postgres-operator - tags: postgres + tags: + - postgres_operator_setup + - cloudman_setup command: > /usr/local/bin/helm upgrade --install psql-operator zalando/postgres-operator --create-namespace diff --git a/roles/cloudman-boot/tasks/rancher.yaml b/roles/cloudman-boot/tasks/rancher.yaml index 0fb702e..2c56ae5 100644 --- a/roles/cloudman-boot/tasks/rancher.yaml +++ b/roles/cloudman-boot/tasks/rancher.yaml @@ -1,22 +1,27 @@ -- name: Create cattle-system namespace - command: > - /usr/local/bin/kubectl create namespace cattle-system - ignore_errors: true +- name: Rancher install + tags: + - cloudman_setup + - rancher_setup + block: + - name: Create cattle-system namespace + command: > + /usr/local/bin/kubectl create namespace cattle-system + ignore_errors: true -- name: Add rancher Helm repo - shell: /usr/local/bin/helm repo add rancher https://releases.rancher.com/server-charts/stable - ignore_errors: True + - name: Add rancher Helm repo + shell: /usr/local/bin/helm repo add rancher https://releases.rancher.com/server-charts/stable + ignore_errors: True -- name: Update Helm repos - shell: /usr/local/bin/helm repo update + - name: Update Helm repos + shell: /usr/local/bin/helm repo update -- name: Helm install rancher - command: > - /usr/local/bin/helm upgrade --install cloudman-rancher rancher/rancher - -n cattle-system - --set hostname={{ rancher_hostname }} - --set ingress.tls.source=letsEncrypt - --set letsEncrypt.email="admin@cloudve.org" - --set letsEncrypt.environment="production" - --set letsEncrypt.ingress.class=nginx - ignore_errors: true + - name: Helm install rancher + command: > + /usr/local/bin/helm upgrade --install cloudman-rancher rancher/rancher + -n cattle-system + --set hostname={{ rancher_hostname }} + --set ingress.tls.source=letsEncrypt + --set letsEncrypt.email="admin@cloudve.org" + --set letsEncrypt.environment="production" + --set letsEncrypt.ingress.class=nginx + ignore_errors: true diff --git a/roles/cloudman-boot/tasks/storage.yaml b/roles/cloudman-boot/tasks/storage.yaml index e04712b..7f0c727 100644 --- a/roles/cloudman-boot/tasks/storage.yaml +++ b/roles/cloudman-boot/tasks/storage.yaml @@ -1,9 +1,22 @@ -- name: Create CSI driver namespace - command: > - /usr/local/bin/kubectl create namespace csi-drivers - ignore_errors: true +- name: Storage setup + tags: + - storage_setup + - cloudman_setup + block: + - name: Add wunderio Helm repo for RClone + shell: /usr/local/bin/helm repo add wunderio https://storage.googleapis.com/charts.wdr.io/ + ignore_errors: True + + - name: Create CSI driver namespace + command: > + /usr/local/bin/kubectl create namespace csi-drivers + ignore_errors: true - name: Helm install nfs-provisioner + tags: + - storage_setup + - cloudman_setup + - nfs_setup command: > /usr/local/bin/helm upgrade --install nfs-provisioner stable/nfs-server-provisioner --namespace csi-drivers @@ -14,38 +27,47 @@ --set storageClass.reclaimPolicy="Delete" --set storageClass.allowVolumeExpansion=true -- name: Helm install RClone for AWS S3 - command: > - /usr/local/bin/helm upgrade --install rclone-csi galaxyproject/csi-rclone - --namespace csi-drivers - --set storageClass.name="rclone" - --set params.remote="s3" - --set params.remotePath="{{ cluster_hostname | replace('.', '-') }}-gvl-data" - --set params.s3-provider="aws" - --set params.s3-endpoint="https://s3.{{ cm_initial_cluster_data.cloud_config.target.target_zone.region.region_id }}.amazonaws.com" - --set params.s3-access-key-id="{{ cm_initial_cluster_data.cloud_config.credentials.aws_access_key }}" - --set params.s3-secret-access-key="{{ cm_initial_cluster_data.cloud_config.credentials.aws_secret_key }}" - when: kube_cloud_provider == "aws" - ignore_errors: true +- name: Rclone setup + tags: + - storage_setup + - gvl_setup + block: + - name: Helm install RClone for AWS S3 + command: > + /usr/local/bin/helm upgrade --install rclone-csi galaxyproject/csi-rclone + --namespace csi-drivers + --set storageClass.name="rclone" + --set params.remote="s3" + --set params.remotePath="{{ cluster_hostname | replace('.', '-') }}-gvl-data" + --set params.s3-provider="aws" + --set params.s3-endpoint="https://s3.{{ cm_initial_cluster_data.cloud_config.target.target_zone.region.region_id }}.amazonaws.com" + --set params.s3-access-key-id="{{ cm_initial_cluster_data.cloud_config.credentials.aws_access_key }}" + --set params.s3-secret-access-key="{{ cm_initial_cluster_data.cloud_config.credentials.aws_secret_key }}" + when: kube_cloud_provider == "aws" + ignore_errors: true -- name: Helm install RClone for OpenStack Swift - command: > - /usr/local/bin/helm upgrade --install rclone-csi galaxyproject/csi-rclone - --namespace csi-drivers - --set storageClass.name="rclone" - --set params.remote="swift" - --set params.remotePath="{{ cluster_hostname | replace('.', '-') }}-gvl-data" - --set params.swift-user="{{ cm_initial_cluster_data.cloud_config.credentials.os_username }}" - --set params.swift-key="{{ cm_initial_cluster_data.cloud_config.credentials.os_password }}" - --set params.swift-auth="{{ cm_initial_cluster_data.cloud_config.target.target_zone.cloud.auth_url }}" - --set params.swift-domain="{{ cm_initial_cluster_data.cloud_config.credentials.os_user_domain_name }}" - --set params.swift-tenant="{{ cm_initial_cluster_data.cloud_config.credentials.os_project_name }}" - --set params.swift-region="{{ cm_initial_cluster_data.cloud_config.target.target_zone.region.name }}" - --set params.swift-tenant-domain="{{ cm_initial_cluster_data.cloud_config.credentials.os_project_domain_name }}" - when: kube_cloud_provider == "openstack" - ignore_errors: true + - name: Helm install RClone for OpenStack Swift + command: > + /usr/local/bin/helm upgrade --install rclone-csi galaxyproject/csi-rclone + --namespace csi-drivers + --set storageClass.name="rclone" + --set params.remote="swift" + --set params.remotePath="{{ cluster_hostname | replace('.', '-') }}-gvl-data" + --set params.swift-user="{{ cm_initial_cluster_data.cloud_config.credentials.os_username }}" + --set params.swift-key="{{ cm_initial_cluster_data.cloud_config.credentials.os_password }}" + --set params.swift-auth="{{ cm_initial_cluster_data.cloud_config.target.target_zone.cloud.auth_url }}" + --set params.swift-domain="{{ cm_initial_cluster_data.cloud_config.credentials.os_user_domain_name }}" + --set params.swift-tenant="{{ cm_initial_cluster_data.cloud_config.credentials.os_project_name }}" + --set params.swift-region="{{ cm_initial_cluster_data.cloud_config.target.target_zone.region.name }}" + --set params.swift-tenant-domain="{{ cm_initial_cluster_data.cloud_config.credentials.os_project_domain_name }}" + when: kube_cloud_provider == "openstack" + ignore_errors: true - name: Helm install galaxy-cvmfs-csi + tags: + - storage_setup + - gvl_setup + - cvmfs_setup command: > /usr/local/bin/helm upgrade --install gxy-cvmfs galaxyproject/galaxy-cvmfs-csi --namespace csi-drivers diff --git a/roles/rke/tasks/main.yaml b/roles/rke/tasks/main.yaml index a4bf1b7..8abec81 100644 --- a/roles/rke/tasks/main.yaml +++ b/roles/rke/tasks/main.yaml @@ -1,13 +1,21 @@ - name: Setup system include_tasks: system.yaml + tags: + - rke_setup - name: Run rke common tasks include_tasks: common.yaml + tags: + - rke_setup - name: Setup controller include_tasks: controller.yaml when: "'controllers' in group_names" + tags: + - rke_setup - name: Additional setup for registration server include_tasks: registration.yaml when: is_rke_registration_server + tags: + - rke_setup