roles/magnum/tasks/main.yml

# Copyright (c) 2022 VEXXHOST, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.

# NOTE(mnaser): We should get rid of this task eventually as it is suspending
#               the old HelmRelease and removing it to avoid uninstalling the
#               Helm chart.
- name: Uninstall the legacy HelmRelease
  run_once: true
  block:
    - name: Suspend the existing HelmRelease
      kubernetes.core.k8s:
        state: patched
        api_version: helm.toolkit.fluxcd.io/v2beta1
        kind: HelmRelease
        name: "{{ magnum_helm_release_name }}"
        namespace: "{{ magnum_helm_release_namespace }}"
        definition:
          spec:
            suspend: true

    - name: Remove the existing HelmRelease
      kubernetes.core.k8s:
        state: absent
        api_version: helm.toolkit.fluxcd.io/v2beta1
        kind: HelmRelease
        name: "{{ magnum_helm_release_name }}"
        namespace: "{{ magnum_helm_release_namespace }}"

- name: Install "clusterctl"
  ansible.builtin.get_url:
    url: "{{ magnum_clusterctl_url }}"
    dest: /usr/local/bin/clusterctl
    mode: "0755"
    owner: root
    group: root

- name: Create a configuration file
  ansible.builtin.copy:
    content: "{{ magnum_clusterctl_config | to_nice_yaml }}"
    dest: "{{ magnum_clusterctl_config_file }}"
    mode: "0644"
    owner: root
    group: root

- name: Initialize the management cluster
  run_once: true
  changed_when: false
  ansible.builtin.command: |
    clusterctl init \
      --config {{ magnum_clusterctl_config_file }} \
      --core cluster-api:v1.3.3 \
      --bootstrap kubeadm:v1.3.3 \
      --control-plane kubeadm:v1.3.3 \
      --infrastructure openstack:v0.7.1
  environment:
    CLUSTER_TOPOLOGY: "true"
    EXP_CLUSTER_RESOURCE_SET: "true"

- name: Deploy Cluster API for Magnum RBAC
  kubernetes.core.k8s:
    state: present
    definition:
      - apiVersion: v1
        kind: Namespace
        metadata:
          name: magnum-system

      # TODO(mnaser): This should be removed once we have a proper Helm chart
      #               for Cluster API for Magnum.
      - apiVersion: rbac.authorization.k8s.io/v1
        kind: ClusterRoleBinding
        metadata:
          name: magnum-cluster-api
        roleRef:
          apiGroup: rbac.authorization.k8s.io
          kind: ClusterRole
          name: cluster-admin
        subjects:
          - kind: ServiceAccount
            name: magnum-conductor
            namespace: "{{ magnum_helm_release_namespace }}"

- name: Deploy Helm chart
  run_once: true
  kubernetes.core.helm:
    name: "{{ magnum_helm_release_name }}"
    chart_ref: "{{ magnum_helm_chart_ref }}"
    release_namespace: "{{ magnum_helm_release_namespace }}"
    create_namespace: true
    kubeconfig: /etc/kubernetes/admin.conf
    values: "{{ _magnum_helm_values | combine(magnum_helm_values, recursive=True) }}"

- name: Create Ingress
  ansible.builtin.include_role:
    name: openstack_helm_ingress
  vars:
    openstack_helm_ingress_endpoint: container_infra
    openstack_helm_ingress_service_name: magnum-api
    openstack_helm_ingress_service_port: 9511
    openstack_helm_ingress_annotations: "{{ magnum_ingress_annotations }}"

- name: Deploy magnum registry
  run_once: true
  kubernetes.core.k8s:
    state: present
    definition:
      - apiVersion: v1
        kind: PersistentVolumeClaim
        metadata:
          labels:
            application: magnum
            component: registry
          name: magnum-registry
          namespace: "{{ magnum_helm_release_namespace }}"
        spec:
          accessModes:
            - ReadWriteOnce
          resources:
            requests:
              storage: 50Gi

      - apiVersion: apps/v1
        kind: Deployment
        metadata:
          labels:
            application: magnum
            component: registry
          name: magnum-registry
          namespace: "{{ magnum_helm_release_namespace }}"
        spec:
          replicas: 1
          selector:
            matchLabels:
              application: magnum
              component: registry
          strategy:
            type: Recreate
          template:
            metadata:
              labels:
                application: magnum
                component: registry
            spec:
              containers:
                - name: registry
                  env:
                    - name: REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY
                      value: /var/lib/registry
                    - name: REGISTRY_COMPATIBILITY_SCHEMA1_ENABLED
                      value: "true"
                  image: "{{ atmosphere_images['magnum_registry'] | vexxhost.kubernetes.docker_image('ref') }}"
                  ports:
                    - containerPort: 5000
                      name: registry
                      protocol: TCP
                  livenessProbe:
                    httpGet:
                      path: /
                      port: 5000
                      scheme: HTTP
                  readinessProbe:
                    httpGet:
                      path: /
                      port: 5000
                      scheme: HTTP
                  volumeMounts:
                    - mountPath: /var/lib/registry
                      name: magnum-registry
              nodeSelector:
                openstack-control-plane: enabled
              volumes:
                - name: magnum-registry
                  persistentVolumeClaim:
                    claimName: magnum-registry

      - apiVersion: v1
        kind: Service
        metadata:
          labels:
            application: magnum
            component: registry
          name: magnum-registry
          namespace: "{{ magnum_helm_release_namespace }}"
        spec:
          ports:
            - name: magnum
              port: 5000
              protocol: TCP
              targetPort: 5000
          selector:
            application: magnum
            component: registry
          type: ClusterIP

      - apiVersion: batch/v1
        kind: Job
        metadata:
          name: magnum-registry-init
          namespace: "{{ magnum_helm_release_namespace }}"
          labels:
            application: magnum
            component: registry
        spec:
          backoffLimit: 5
          template:
            metadata:
              labels:
                application: magnum
            spec:
              restartPolicy: OnFailure
              containers:
                - name: loader
                  image: "{{ atmosphere_images['magnum_api'] | vexxhost.kubernetes.docker_image('ref') }}"
                  command:
                    - magnum-cluster-api-image-loader
                    - --insecure
                    - --repository
                    - magnum-registry.openstack.svc.cluster.local:5000
              nodeSelector:
                openstack-control-plane: enabled

- name: Create magnum registry Ingress
  ansible.builtin.include_role:
    name: openstack_helm_ingress
  vars:
    openstack_helm_ingress_endpoint: container_infra_registry
    openstack_helm_ingress_service_name: magnum-registry
    openstack_helm_ingress_service_port: 5000
    openstack_helm_ingress_annotations: "{{ _magnum_registry_ingress_annotations | combine(magnum_registry_ingress_annotations) }}"

- name: Upload images
  ansible.builtin.include_role:
    name: glance_image
  loop: "{{ magnum_images }}"
  vars:
    glance_image_name: "{{ item.name }}"
    glance_image_url: "{{ item.url }}"
    glance_image_container_format: "{{ magnum_image_container_format }}"
    glance_image_disk_format: "{{ magnum_image_disk_format }}"
    glance_image_properties:
      os_distro: "{{ item.distro }}"