Blame - roles/magnum/tasks/main.yml - atmosphere

blob: 93885b3471383ee1acfef6d9a0c0a12f851e98a9 [file] [log] [blame]

Mohammed Naser	096ade0	2022-12-15 09:53:33 -0500	[diff] [blame]	1	# Copyright (c) 2022 VEXXHOST, Inc.
				2	#
				3	# Licensed under the Apache License, Version 2.0 (the "License"); you may
				4	# not use this file except in compliance with the License. You may obtain
				5	# a copy of the License at
				6	#
				7	# http://www.apache.org/licenses/LICENSE-2.0
				8	#
				9	# Unless required by applicable law or agreed to in writing, software
				10	# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
				11	# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
				12	# License for the specific language governing permissions and limitations
				13	# under the License.
				14
Mohammed Naser	fef6942	2023-01-18 02:38:06 +0000	[diff] [blame]	15	# NOTE(mnaser): We should get rid of this task eventually as it is suspending
				16	# the old HelmRelease and removing it to avoid uninstalling the
				17	# Helm chart.
				18	- name: Uninstall the legacy HelmRelease
				19	run_once: true
				20	block:
				21	- name: Suspend the existing HelmRelease
Mohammed Naser	f0314a8	2023-04-11 18:53:30 +0000	[diff] [blame]	22	failed_when: false
Mohammed Naser	fef6942	2023-01-18 02:38:06 +0000	[diff] [blame]	23	kubernetes.core.k8s:
				24	state: patched
				25	api_version: helm.toolkit.fluxcd.io/v2beta1
				26	kind: HelmRelease
Mohammed Naser	2145fc3	2023-01-29 23:23:03 +0000	[diff] [blame]	27	name: "{{ magnum_helm_release_name }}"
				28	namespace: "{{ magnum_helm_release_namespace }}"
Mohammed Naser	fef6942	2023-01-18 02:38:06 +0000	[diff] [blame]	29	definition:
				30	spec:
				31	suspend: true
				32
				33	- name: Remove the existing HelmRelease
Mohammed Naser	f0314a8	2023-04-11 18:53:30 +0000	[diff] [blame]	34	failed_when: false
Mohammed Naser	fef6942	2023-01-18 02:38:06 +0000	[diff] [blame]	35	kubernetes.core.k8s:
				36	state: absent
				37	api_version: helm.toolkit.fluxcd.io/v2beta1
				38	kind: HelmRelease
Mohammed Naser	2145fc3	2023-01-29 23:23:03 +0000	[diff] [blame]	39	name: "{{ magnum_helm_release_name }}"
				40	namespace: "{{ magnum_helm_release_namespace }}"
Mohammed Naser	fef6942	2023-01-18 02:38:06 +0000	[diff] [blame]	41
Oleksandr Kozachenko	7765352	2023-05-11 23:23:39 +0200	[diff] [blame]	42	# NOTE(okozachenko1203): We should get rid of this task eventually as it is removing
				43	# the old RBAC resources.
				44	- name: Remove the legacy mcapi RBAC resources
				45	run_once: true
				46	block:
				47	- name: Remove the Role
				48	failed_when: false
				49	kubernetes.core.k8s:
				50	state: absent
				51	api_version: rbac.authorization.k8s.io/v1
				52	kind: Role
				53	name: magnum-cluster-api
				54	namespace: magnum-system
				55
				56	- name: Remove the RoleBinding
				57	failed_when: false
				58	kubernetes.core.k8s:
				59	state: absent
				60	api_version: rbac.authorization.k8s.io/v1
				61	kind: RoleBinding
				62	name: magnum-cluster-api
				63	namespace: magnum-system
				64
Mohammed Naser	7943cf8	2023-02-23 04:31:30 +0000	[diff] [blame]	65	- name: Deploy Cluster API for Magnum RBAC
				66	kubernetes.core.k8s:
				67	state: present
				68	definition:
				69	- apiVersion: v1
				70	kind: Namespace
				71	metadata:
				72	name: magnum-system
				73
Mohammed Naser	1588236	2023-04-04 20:38:56 +0000	[diff] [blame]	74	# TODO(mnaser): This should be removed once we have a proper Helm chart
				75	# for Cluster API for Magnum.
Mohammed Naser	7943cf8	2023-02-23 04:31:30 +0000	[diff] [blame]	76	- apiVersion: rbac.authorization.k8s.io/v1
Mohammed Naser	1588236	2023-04-04 20:38:56 +0000	[diff] [blame]	77	kind: ClusterRoleBinding
Mohammed Naser	7943cf8	2023-02-23 04:31:30 +0000	[diff] [blame]	78	metadata:
				79	name: magnum-cluster-api
Mohammed Naser	7943cf8	2023-02-23 04:31:30 +0000	[diff] [blame]	80	roleRef:
				81	apiGroup: rbac.authorization.k8s.io
Mohammed Naser	1588236	2023-04-04 20:38:56 +0000	[diff] [blame]	82	kind: ClusterRole
				83	name: cluster-admin
Mohammed Naser	7943cf8	2023-02-23 04:31:30 +0000	[diff] [blame]	84	subjects:
				85	- kind: ServiceAccount
				86	name: magnum-conductor
				87	namespace: "{{ magnum_helm_release_namespace }}"
				88
Mohammed Naser	fef6942	2023-01-18 02:38:06 +0000	[diff] [blame]	89	- name: Deploy Helm chart
				90	run_once: true
				91	kubernetes.core.helm:
Mohammed Naser	2145fc3	2023-01-29 23:23:03 +0000	[diff] [blame]	92	name: "{{ magnum_helm_release_name }}"
				93	chart_ref: "{{ magnum_helm_chart_ref }}"
				94	release_namespace: "{{ magnum_helm_release_namespace }}"
Mohammed Naser	fef6942	2023-01-18 02:38:06 +0000	[diff] [blame]	95	create_namespace: true
				96	kubeconfig: /etc/kubernetes/admin.conf
Mohammed Naser	2145fc3	2023-01-29 23:23:03 +0000	[diff] [blame]	97	values: "{{ _magnum_helm_values \| combine(magnum_helm_values, recursive=True) }}"
Mohammed Naser	096ade0	2022-12-15 09:53:33 -0500	[diff] [blame]	98
Mohammed Naser	f0314a8	2023-04-11 18:53:30 +0000	[diff] [blame]	99	- name: Deploy "magnum-cluster-api-proxy"
				100	run_once: true
				101	kubernetes.core.k8s:
				102	state: present
				103	definition:
				104	- apiVerison: v1
				105	kind: ConfigMap
				106	metadata:
				107	name: magnum-cluster-api-proxy-config
				108	namespace: "{{ magnum_helm_release_namespace }}"
				109	data:
				110	magnum_capi_sudoers: \|
				111	Defaults !requiretty
				112	Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin:/var/lib/openstack/bin:/var/lib/kolla/venv/bin"
				113	magnum ALL = (root) NOPASSWD: /var/lib/openstack/bin/privsep-helper
				114
				115	- apiVersion: apps/v1
				116	kind: DaemonSet
				117	metadata:
				118	name: magnum-cluster-api-proxy
				119	namespace: openstack
				120	labels:
				121	application: magnum
				122	component: cluster-api-proxy
				123	spec:
				124	selector:
				125	matchLabels:
				126	application: magnum
				127	component: cluster-api-proxy
				128	template:
				129	metadata:
				130	labels:
				131	application: magnum
				132	component: cluster-api-proxy
				133	spec:
				134	containers:
				135	- name: magnum-cluster-api-proxy
				136	command: ["magnum-cluster-api-proxy"]
				137	image: "{{ atmosphere_images['magnum_cluster_api_proxy'] \| vexxhost.kubernetes.docker_image('ref') }}"
				138	securityContext:
				139	privileged: true
				140	readOnlyRootFilesystem: true
				141	volumeMounts:
				142	- name: pod-tmp
				143	mountPath: /tmp
				144	- name: pod-run
				145	mountPath: /run
				146	- name: config
				147	mountPath: /etc/sudoers.d/magnum_capi_sudoers
				148	subPath: magnum_capi_sudoers
				149	readOnly: true
				150	- name: haproxy-state
				151	mountPath: /var/lib/magnum/.magnum-cluster-api-proxy
				152	- name: host-run-netns
				153	mountPath: /run/netns
				154	mountPropagation: Bidirectional
Oleksandr K	c090abb	2023-12-12 19:46:11 +0100	[diff] [blame]	155	nodeSelector: "{{ magnum_cluster_api_proxy_ovn_node_selector if atmosphere_network_backend == 'ovn' else magnum_cluster_api_proxy_ovs_node_selector }}" # noqa: yaml[line-length]
Mohammed Naser	f0314a8	2023-04-11 18:53:30 +0000	[diff] [blame]	156	securityContext:
				157	runAsUser: 42424
				158	serviceAccountName: magnum-conductor
				159	volumes:
				160	- name: pod-tmp
				161	emptyDir: {}
				162	- name: pod-run
				163	emptyDir: {}
				164	- name: config
				165	configMap:
				166	name: magnum-cluster-api-proxy-config
				167	- name: haproxy-state
				168	emptyDir: {}
				169	- name: host-run-netns
				170	hostPath:
				171	path: /run/netns
				172
Mohammed Naser	4c33bb5	2023-01-18 03:23:18 +0000	[diff] [blame]	173	- name: Create Ingress
				174	ansible.builtin.include_role:
				175	name: openstack_helm_ingress
				176	vars:
				177	openstack_helm_ingress_endpoint: container_infra
				178	openstack_helm_ingress_service_name: magnum-api
				179	openstack_helm_ingress_service_port: 9511
Mohammed Naser	2145fc3	2023-01-29 23:23:03 +0000	[diff] [blame]	180	openstack_helm_ingress_annotations: "{{ magnum_ingress_annotations }}"
Mohammed Naser	4c33bb5	2023-01-18 03:23:18 +0000	[diff] [blame]	181
Mohammed Naser	e97c6a5	2023-04-13 17:50:29 +0000	[diff] [blame]	182	- name: Delete un-used job and PVC
				183	run_once: true
				184	kubernetes.core.k8s:
				185	state: absent
				186	definition:
				187	- apiVersion: batch/v1
				188	kind: Job
				189	metadata:
				190	name: magnum-registry-init
				191	namespace: "{{ magnum_helm_release_namespace }}"
				192	- apiVersion: v1
				193	kind: PersistentVolumeClaim
				194	metadata:
				195	name: magnum-registry
				196	namespace: "{{ magnum_helm_release_namespace }}"
				197
okozachenko1203	19b530e	2023-01-27 23:52:04 +1100	[diff] [blame]	198	- name: Deploy magnum registry
Mohammed Naser	65850fd	2023-02-22 21:36:27 -0500	[diff] [blame]	199	run_once: true
Mohammed Naser	096ade0	2022-12-15 09:53:33 -0500	[diff] [blame]	200	kubernetes.core.k8s:
				201	state: present
				202	definition:
Mohammed Naser	096ade0	2022-12-15 09:53:33 -0500	[diff] [blame]	203	- apiVersion: apps/v1
				204	kind: Deployment
				205	metadata:
Mohammed Naser	e97c6a5	2023-04-13 17:50:29 +0000	[diff] [blame]	206	name: magnum-registry
				207	namespace: "{{ magnum_helm_release_namespace }}"
Mohammed Naser	096ade0	2022-12-15 09:53:33 -0500	[diff] [blame]	208	labels:
				209	application: magnum
				210	component: registry
Mohammed Naser	096ade0	2022-12-15 09:53:33 -0500	[diff] [blame]	211	spec:
Mohammed Naser	da59fe9	2023-07-07 00:03:37 -0400	[diff] [blame]	212	replicas: 1
Mohammed Naser	096ade0	2022-12-15 09:53:33 -0500	[diff] [blame]	213	selector:
				214	matchLabels:
				215	application: magnum
				216	component: registry
Mohammed Naser	096ade0	2022-12-15 09:53:33 -0500	[diff] [blame]	217	template:
				218	metadata:
				219	labels:
				220	application: magnum
				221	component: registry
				222	spec:
				223	containers:
				224	- name: registry
Mohammed Naser	31171f4	2023-03-19 00:10:46 +0000	[diff] [blame]	225	image: "{{ atmosphere_images['magnum_registry'] \| vexxhost.kubernetes.docker_image('ref') }}"
Mohammed Naser	096ade0	2022-12-15 09:53:33 -0500	[diff] [blame]	226	ports:
Mohammed Naser	e97c6a5	2023-04-13 17:50:29 +0000	[diff] [blame]	227	- name: registry
				228	containerPort: 5000
Mohammed Naser	096ade0	2022-12-15 09:53:33 -0500	[diff] [blame]	229	protocol: TCP
				230	livenessProbe:
				231	httpGet:
				232	path: /
				233	port: 5000
				234	scheme: HTTP
				235	readinessProbe:
				236	httpGet:
				237	path: /
				238	port: 5000
				239	scheme: HTTP
Mohammed Naser	096ade0	2022-12-15 09:53:33 -0500	[diff] [blame]	240	nodeSelector:
				241	openstack-control-plane: enabled
Mohammed Naser	096ade0	2022-12-15 09:53:33 -0500	[diff] [blame]	242
				243	- apiVersion: v1
				244	kind: Service
				245	metadata:
Mohammed Naser	e97c6a5	2023-04-13 17:50:29 +0000	[diff] [blame]	246	name: magnum-registry
				247	namespace: "{{ magnum_helm_release_namespace }}"
Mohammed Naser	096ade0	2022-12-15 09:53:33 -0500	[diff] [blame]	248	labels:
				249	application: magnum
				250	component: registry
Mohammed Naser	096ade0	2022-12-15 09:53:33 -0500	[diff] [blame]	251	spec:
Mohammed Naser	e97c6a5	2023-04-13 17:50:29 +0000	[diff] [blame]	252	type: ClusterIP
Mohammed Naser	096ade0	2022-12-15 09:53:33 -0500	[diff] [blame]	253	ports:
				254	- name: magnum
				255	port: 5000
				256	protocol: TCP
				257	targetPort: 5000
				258	selector:
				259	application: magnum
				260	component: registry
Mohammed Naser	096ade0	2022-12-15 09:53:33 -0500	[diff] [blame]	261
Mohammed Naser	096ade0	2022-12-15 09:53:33 -0500	[diff] [blame]	262	- name: Create magnum registry Ingress
				263	ansible.builtin.include_role:
				264	name: openstack_helm_ingress
				265	vars:
				266	openstack_helm_ingress_endpoint: container_infra_registry
				267	openstack_helm_ingress_service_name: magnum-registry
				268	openstack_helm_ingress_service_port: 5000
Mohammed Naser	756b717	2023-02-03 04:01:53 +0000	[diff] [blame]	269	openstack_helm_ingress_annotations: "{{ _magnum_registry_ingress_annotations \| combine(magnum_registry_ingress_annotations) }}"
Mohammed Naser	096ade0	2022-12-15 09:53:33 -0500	[diff] [blame]	270
Mohammed Naser	4b63004	2023-02-07 20:47:45 +0000	[diff] [blame]	271	- name: Upload images
				272	ansible.builtin.include_role:
				273	name: glance_image
				274	loop: "{{ magnum_images }}"
				275	vars:
				276	glance_image_name: "{{ item.name }}"
				277	glance_image_url: "{{ item.url }}"
				278	glance_image_container_format: "{{ magnum_image_container_format }}"
				279	glance_image_disk_format: "{{ magnum_image_disk_format }}"
Mohammed Naser	38a7438	2023-02-07 22:48:11 +0000	[diff] [blame]	280	glance_image_properties:
				281	os_distro: "{{ item.distro }}"