|
@@ -13,19 +13,17 @@
|
|
|
# limitations under the License.
|
|
# limitations under the License.
|
|
|
---
|
|
---
|
|
|
|
|
|
|
|
-- name: Include base variable file base_vars.yml
|
|
|
|
|
- include_vars: "{{ base_vars_filename }}"
|
|
|
|
|
- no_log: true
|
|
|
|
|
-
|
|
|
|
|
- name: Check if omnia_vault_key exists
|
|
- name: Check if omnia_vault_key exists
|
|
|
stat:
|
|
stat:
|
|
|
path: "{{ role_path }}/../../../{{ config_vaultname }}"
|
|
path: "{{ role_path }}/../../../{{ config_vaultname }}"
|
|
|
register: vault_key_result
|
|
register: vault_key_result
|
|
|
|
|
+ tags: init
|
|
|
|
|
|
|
|
- name: Create ansible vault key if it does not exist
|
|
- name: Create ansible vault key if it does not exist
|
|
|
set_fact:
|
|
set_fact:
|
|
|
vault_key: "{{ lookup('password', '/dev/null chars=ascii_letters') }}"
|
|
vault_key: "{{ lookup('password', '/dev/null chars=ascii_letters') }}"
|
|
|
when: not vault_key_result.stat.exists
|
|
when: not vault_key_result.stat.exists
|
|
|
|
|
+ tags: init
|
|
|
|
|
|
|
|
- name: Save vault key
|
|
- name: Save vault key
|
|
|
copy:
|
|
copy:
|
|
@@ -36,27 +34,32 @@
|
|
|
force: yes
|
|
force: yes
|
|
|
mode: "{{ vault_file_perm }}"
|
|
mode: "{{ vault_file_perm }}"
|
|
|
when: not vault_key_result.stat.exists
|
|
when: not vault_key_result.stat.exists
|
|
|
|
|
+ tags: init
|
|
|
|
|
|
|
|
- name: Check if omnia config file is encrypted
|
|
- name: Check if omnia config file is encrypted
|
|
|
command: cat {{ role_path }}/../../../{{ config_filename }}
|
|
command: cat {{ role_path }}/../../../{{ config_filename }}
|
|
|
changed_when: false
|
|
changed_when: false
|
|
|
register: config_content
|
|
register: config_content
|
|
|
no_log: True
|
|
no_log: True
|
|
|
|
|
+ tags: init
|
|
|
|
|
|
|
|
- name: Decrpyt omnia_config.yml
|
|
- name: Decrpyt omnia_config.yml
|
|
|
command: >-
|
|
command: >-
|
|
|
ansible-vault decrypt {{ role_path }}/../../../{{ config_filename }}
|
|
ansible-vault decrypt {{ role_path }}/../../../{{ config_filename }}
|
|
|
--vault-password-file {{ role_path }}/../../../{{ config_vaultname }}
|
|
--vault-password-file {{ role_path }}/../../../{{ config_vaultname }}
|
|
|
when: "'$ANSIBLE_VAULT;' in config_content.stdout"
|
|
when: "'$ANSIBLE_VAULT;' in config_content.stdout"
|
|
|
|
|
+ tags: init
|
|
|
|
|
|
|
|
- name: Include variable file omnia_config.yml
|
|
- name: Include variable file omnia_config.yml
|
|
|
include_vars: "{{ role_path }}/../../../{{ config_filename }}"
|
|
include_vars: "{{ role_path }}/../../../{{ config_filename }}"
|
|
|
no_log: True
|
|
no_log: True
|
|
|
|
|
+ tags: init
|
|
|
|
|
|
|
|
- name: Validate input parameters are not empty
|
|
- name: Validate input parameters are not empty
|
|
|
fail:
|
|
fail:
|
|
|
msg: "{{ input_omnia_failure_msg }}"
|
|
msg: "{{ input_omnia_failure_msg }}"
|
|
|
register: input_config_check
|
|
register: input_config_check
|
|
|
|
|
+ tags: [ validate, templates ]
|
|
|
when:
|
|
when:
|
|
|
- mariadb_password | length < 1 or
|
|
- mariadb_password | length < 1 or
|
|
|
k8s_version | length < 1 or
|
|
k8s_version | length < 1 or
|
|
@@ -66,6 +69,7 @@
|
|
|
- name: Validate login node parameters when login_node_reqd is set to true
|
|
- name: Validate login node parameters when login_node_reqd is set to true
|
|
|
fail:
|
|
fail:
|
|
|
msg: "{{ omnia_input_config_failure_msg }}"
|
|
msg: "{{ omnia_input_config_failure_msg }}"
|
|
|
|
|
+ tags: [ validate, templates ]
|
|
|
when:
|
|
when:
|
|
|
- ( domain_name | length < 1 or
|
|
- ( domain_name | length < 1 or
|
|
|
realm_name | length < 1 or
|
|
realm_name | length < 1 or
|
|
@@ -86,18 +90,21 @@
|
|
|
- " \"'\" not in mariadb_password "
|
|
- " \"'\" not in mariadb_password "
|
|
|
success_msg: "{{ success_msg_mariadb_password }}"
|
|
success_msg: "{{ success_msg_mariadb_password }}"
|
|
|
fail_msg: "{{ fail_msg_mariadb_password }}"
|
|
fail_msg: "{{ fail_msg_mariadb_password }}"
|
|
|
|
|
+ tags: [ validate, templates ]
|
|
|
|
|
|
|
|
- name: Assert kubernetes version
|
|
- name: Assert kubernetes version
|
|
|
assert:
|
|
assert:
|
|
|
that: "('1.16.7' in k8s_version) or ('1.19.3' in k8s_version)"
|
|
that: "('1.16.7' in k8s_version) or ('1.19.3' in k8s_version)"
|
|
|
success_msg: "{{ success_msg_k8s_version }}"
|
|
success_msg: "{{ success_msg_k8s_version }}"
|
|
|
fail_msg: "{{ fail_msg_k8s_version }}"
|
|
fail_msg: "{{ fail_msg_k8s_version }}"
|
|
|
|
|
+ tags: [ validate, templates ]
|
|
|
|
|
|
|
|
- name: Assert kubernetes cni
|
|
- name: Assert kubernetes cni
|
|
|
assert:
|
|
assert:
|
|
|
that: "('calico' in k8s_cni) or ('flannel' in k8s_cni)"
|
|
that: "('calico' in k8s_cni) or ('flannel' in k8s_cni)"
|
|
|
success_msg: "{{ success_msg_k8s_cni }}"
|
|
success_msg: "{{ success_msg_k8s_cni }}"
|
|
|
fail_msg: "{{ fail_msg_k8s_cni }}"
|
|
fail_msg: "{{ fail_msg_k8s_cni }}"
|
|
|
|
|
+ tags: [ validate, templates ]
|
|
|
|
|
|
|
|
- name: Save input variables from file
|
|
- name: Save input variables from file
|
|
|
set_fact:
|
|
set_fact:
|
|
@@ -107,6 +114,7 @@
|
|
|
docker_username: "{{ docker_username }}"
|
|
docker_username: "{{ docker_username }}"
|
|
|
docker_password: "{{ docker_password }}"
|
|
docker_password: "{{ docker_password }}"
|
|
|
no_log: True
|
|
no_log: True
|
|
|
|
|
+ tags: init
|
|
|
|
|
|
|
|
- name: Verify the value of login_node_required
|
|
- name: Verify the value of login_node_required
|
|
|
assert:
|
|
assert:
|
|
@@ -114,6 +122,7 @@
|
|
|
- login_node_required == true or login_node_required == false
|
|
- login_node_required == true or login_node_required == false
|
|
|
success_msg: "{{ login_node_required_success_msg }}"
|
|
success_msg: "{{ login_node_required_success_msg }}"
|
|
|
fail_msg: "{{ login_node_required_fail_msg }}"
|
|
fail_msg: "{{ login_node_required_fail_msg }}"
|
|
|
|
|
+ tags: [ validate, templates ]
|
|
|
|
|
|
|
|
- name: Validate the domain name
|
|
- name: Validate the domain name
|
|
|
assert:
|
|
assert:
|
|
@@ -121,6 +130,7 @@
|
|
|
- domain_name is regex("^(?!-)[A-Za-z0-9-]+([\\-\\.]{1}[a-z0-9]+)*\\.[A-Za-z]{2,}$")
|
|
- domain_name is regex("^(?!-)[A-Za-z0-9-]+([\\-\\.]{1}[a-z0-9]+)*\\.[A-Za-z]{2,}$")
|
|
|
success_msg: "{{ domain_name_success_msg }}"
|
|
success_msg: "{{ domain_name_success_msg }}"
|
|
|
fail_msg: "{{ domain_name_fail_msg }}"
|
|
fail_msg: "{{ domain_name_fail_msg }}"
|
|
|
|
|
+ tags: [ validate, templates ]
|
|
|
when:
|
|
when:
|
|
|
- host_mapping_file
|
|
- host_mapping_file
|
|
|
- login_node_required
|
|
- login_node_required
|
|
@@ -133,6 +143,7 @@
|
|
|
- '"." in realm_name'
|
|
- '"." in realm_name'
|
|
|
success_msg: "{{ realm_name_success_msg }}"
|
|
success_msg: "{{ realm_name_success_msg }}"
|
|
|
fail_msg: "{{ realm_name_fail_msg }}"
|
|
fail_msg: "{{ realm_name_fail_msg }}"
|
|
|
|
|
+ tags: [ validate, templates ]
|
|
|
when:
|
|
when:
|
|
|
- host_mapping_file
|
|
- host_mapping_file
|
|
|
- login_node_required
|
|
- login_node_required
|
|
@@ -149,6 +160,7 @@
|
|
|
- " \"'\" not in directory_manager_password "
|
|
- " \"'\" not in directory_manager_password "
|
|
|
success_msg: "{{ success_msg_directory_manager_password }}"
|
|
success_msg: "{{ success_msg_directory_manager_password }}"
|
|
|
fail_msg: "{{ fail_msg_directory_manager_password }}"
|
|
fail_msg: "{{ fail_msg_directory_manager_password }}"
|
|
|
|
|
+ tags: [ validate, templates ]
|
|
|
when:
|
|
when:
|
|
|
- host_mapping_file
|
|
- host_mapping_file
|
|
|
- login_node_required
|
|
- login_node_required
|
|
@@ -165,6 +177,7 @@
|
|
|
- " \"'\" not in ipa_admin_password "
|
|
- " \"'\" not in ipa_admin_password "
|
|
|
success_msg: "{{ success_msg_ipa_admin_password }}"
|
|
success_msg: "{{ success_msg_ipa_admin_password }}"
|
|
|
fail_msg: "{{ fail_msg_ipa_admin_password }}"
|
|
fail_msg: "{{ fail_msg_ipa_admin_password }}"
|
|
|
|
|
+ tags: [ validate, templates ]
|
|
|
when:
|
|
when:
|
|
|
- host_mapping_file
|
|
- host_mapping_file
|
|
|
- login_node_required
|
|
- login_node_required
|
|
@@ -175,8 +188,10 @@
|
|
|
ansible-vault encrypt {{ role_path }}/../../../{{ config_filename }}
|
|
ansible-vault encrypt {{ role_path }}/../../../{{ config_filename }}
|
|
|
--vault-password-file {{ role_path }}/../../../{{ config_vaultname }}
|
|
--vault-password-file {{ role_path }}/../../../{{ config_vaultname }}
|
|
|
changed_when: false
|
|
changed_when: false
|
|
|
|
|
+ tags: init
|
|
|
|
|
|
|
|
- name: Update omnia_config.yml permission
|
|
- name: Update omnia_config.yml permission
|
|
|
file:
|
|
file:
|
|
|
path: "{{ role_path }}/../../../{{ config_filename }}"
|
|
path: "{{ role_path }}/../../../{{ config_filename }}"
|
|
|
mode: "{{ vault_file_perm }}"
|
|
mode: "{{ vault_file_perm }}"
|
|
|
|
|
+ tags: init
|
abhishek-sa1