Blame - roles/magnum/tasks/main.yml - atmosphere

blob: 9033e9266e0e3bc1c9eef46ed56ae2aaf85d06ea [file] [log] [blame]

Mohammed Naser	096ade0	2022-12-15 09:53:33 -0500	[diff] [blame]	1	# Copyright (c) 2022 VEXXHOST, Inc.
				2	#
				3	# Licensed under the Apache License, Version 2.0 (the "License"); you may
				4	# not use this file except in compliance with the License. You may obtain
				5	# a copy of the License at
				6	#
				7	# http://www.apache.org/licenses/LICENSE-2.0
				8	#
				9	# Unless required by applicable law or agreed to in writing, software
				10	# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
				11	# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
				12	# License for the specific language governing permissions and limitations
				13	# under the License.
				14
Mohammed Naser	fef6942	2023-01-18 02:38:06 +0000	[diff] [blame]	15	# NOTE(mnaser): We should get rid of this task eventually as it is suspending
				16	# the old HelmRelease and removing it to avoid uninstalling the
				17	# Helm chart.
				18	- name: Uninstall the legacy HelmRelease
				19	run_once: true
				20	block:
				21	- name: Suspend the existing HelmRelease
Mohammed Naser	f0314a8	2023-04-11 18:53:30 +0000	[diff] [blame]	22	failed_when: false
Mohammed Naser	fef6942	2023-01-18 02:38:06 +0000	[diff] [blame]	23	kubernetes.core.k8s:
				24	state: patched
				25	api_version: helm.toolkit.fluxcd.io/v2beta1
				26	kind: HelmRelease
Mohammed Naser	2145fc3	2023-01-29 23:23:03 +0000	[diff] [blame]	27	name: "{{ magnum_helm_release_name }}"
				28	namespace: "{{ magnum_helm_release_namespace }}"
Mohammed Naser	fef6942	2023-01-18 02:38:06 +0000	[diff] [blame]	29	definition:
				30	spec:
				31	suspend: true
				32
				33	- name: Remove the existing HelmRelease
Mohammed Naser	f0314a8	2023-04-11 18:53:30 +0000	[diff] [blame]	34	failed_when: false
Mohammed Naser	fef6942	2023-01-18 02:38:06 +0000	[diff] [blame]	35	kubernetes.core.k8s:
				36	state: absent
				37	api_version: helm.toolkit.fluxcd.io/v2beta1
				38	kind: HelmRelease
Mohammed Naser	2145fc3	2023-01-29 23:23:03 +0000	[diff] [blame]	39	name: "{{ magnum_helm_release_name }}"
				40	namespace: "{{ magnum_helm_release_namespace }}"
Mohammed Naser	fef6942	2023-01-18 02:38:06 +0000	[diff] [blame]	41
Mohammed Naser	65850fd	2023-02-22 21:36:27 -0500	[diff] [blame]	42	- name: Install "clusterctl"
				43	ansible.builtin.get_url:
				44	url: "{{ magnum_clusterctl_url }}"
				45	dest: /usr/local/bin/clusterctl
Mohammed Naser	2fec641	2023-03-01 12:55:37 +0000	[diff] [blame]	46	mode: "0755"
Mohammed Naser	65850fd	2023-02-22 21:36:27 -0500	[diff] [blame]	47	owner: root
				48	group: root
				49
				50	- name: Create a configuration file
				51	ansible.builtin.copy:
				52	content: "{{ magnum_clusterctl_config \| to_nice_yaml }}"
				53	dest: "{{ magnum_clusterctl_config_file }}"
Mohammed Naser	2fec641	2023-03-01 12:55:37 +0000	[diff] [blame]	54	mode: "0644"
Mohammed Naser	65850fd	2023-02-22 21:36:27 -0500	[diff] [blame]	55	owner: root
				56	group: root
				57
				58	- name: Initialize the management cluster
okozachenko1203	19b530e	2023-01-27 23:52:04 +1100	[diff] [blame]	59	run_once: true
okozachenko1203	5b9d0f1	2023-01-28 01:24:40 +1100	[diff] [blame]	60	changed_when: false
Mohammed Naser	65850fd	2023-02-22 21:36:27 -0500	[diff] [blame]	61	ansible.builtin.command: \|
				62	clusterctl init \
				63	--config {{ magnum_clusterctl_config_file }} \
				64	--core cluster-api:v1.3.3 \
				65	--bootstrap kubeadm:v1.3.3 \
				66	--control-plane kubeadm:v1.3.3 \
Oleksandr Kozachenko	9217570	2023-03-03 09:55:29 +0100	[diff] [blame]	67	--infrastructure openstack:v0.7.1
Mohammed Naser	65850fd	2023-02-22 21:36:27 -0500	[diff] [blame]	68	environment:
				69	CLUSTER_TOPOLOGY: "true"
				70	EXP_CLUSTER_RESOURCE_SET: "true"
okozachenko1203	19b530e	2023-01-27 23:52:04 +1100	[diff] [blame]	71
Oleksandr Kozachenko	7765352	2023-05-11 23:23:39 +0200	[diff] [blame]	72
				73	# NOTE(okozachenko1203): We should get rid of this task eventually as it is removing
				74	# the old RBAC resources.
				75	- name: Remove the legacy mcapi RBAC resources
				76	run_once: true
				77	block:
				78	- name: Remove the Role
				79	failed_when: false
				80	kubernetes.core.k8s:
				81	state: absent
				82	api_version: rbac.authorization.k8s.io/v1
				83	kind: Role
				84	name: magnum-cluster-api
				85	namespace: magnum-system
				86
				87	- name: Remove the RoleBinding
				88	failed_when: false
				89	kubernetes.core.k8s:
				90	state: absent
				91	api_version: rbac.authorization.k8s.io/v1
				92	kind: RoleBinding
				93	name: magnum-cluster-api
				94	namespace: magnum-system
				95
Mohammed Naser	7943cf8	2023-02-23 04:31:30 +0000	[diff] [blame]	96	- name: Deploy Cluster API for Magnum RBAC
				97	kubernetes.core.k8s:
				98	state: present
				99	definition:
				100	- apiVersion: v1
				101	kind: Namespace
				102	metadata:
				103	name: magnum-system
				104
Mohammed Naser	1588236	2023-04-04 20:38:56 +0000	[diff] [blame]	105	# TODO(mnaser): This should be removed once we have a proper Helm chart
				106	# for Cluster API for Magnum.
Mohammed Naser	7943cf8	2023-02-23 04:31:30 +0000	[diff] [blame]	107	- apiVersion: rbac.authorization.k8s.io/v1
Mohammed Naser	1588236	2023-04-04 20:38:56 +0000	[diff] [blame]	108	kind: ClusterRoleBinding
Mohammed Naser	7943cf8	2023-02-23 04:31:30 +0000	[diff] [blame]	109	metadata:
				110	name: magnum-cluster-api
Mohammed Naser	7943cf8	2023-02-23 04:31:30 +0000	[diff] [blame]	111	roleRef:
				112	apiGroup: rbac.authorization.k8s.io
Mohammed Naser	1588236	2023-04-04 20:38:56 +0000	[diff] [blame]	113	kind: ClusterRole
				114	name: cluster-admin
Mohammed Naser	7943cf8	2023-02-23 04:31:30 +0000	[diff] [blame]	115	subjects:
				116	- kind: ServiceAccount
				117	name: magnum-conductor
				118	namespace: "{{ magnum_helm_release_namespace }}"
				119
Mohammed Naser	fef6942	2023-01-18 02:38:06 +0000	[diff] [blame]	120	- name: Deploy Helm chart
				121	run_once: true
				122	kubernetes.core.helm:
Mohammed Naser	2145fc3	2023-01-29 23:23:03 +0000	[diff] [blame]	123	name: "{{ magnum_helm_release_name }}"
				124	chart_ref: "{{ magnum_helm_chart_ref }}"
				125	release_namespace: "{{ magnum_helm_release_namespace }}"
Mohammed Naser	fef6942	2023-01-18 02:38:06 +0000	[diff] [blame]	126	create_namespace: true
				127	kubeconfig: /etc/kubernetes/admin.conf
Mohammed Naser	2145fc3	2023-01-29 23:23:03 +0000	[diff] [blame]	128	values: "{{ _magnum_helm_values \| combine(magnum_helm_values, recursive=True) }}"
Mohammed Naser	096ade0	2022-12-15 09:53:33 -0500	[diff] [blame]	129
Mohammed Naser	f0314a8	2023-04-11 18:53:30 +0000	[diff] [blame]	130	- name: Deploy "magnum-cluster-api-proxy"
				131	run_once: true
				132	kubernetes.core.k8s:
				133	state: present
				134	definition:
				135	- apiVerison: v1
				136	kind: ConfigMap
				137	metadata:
				138	name: magnum-cluster-api-proxy-config
				139	namespace: "{{ magnum_helm_release_namespace }}"
				140	data:
				141	magnum_capi_sudoers: \|
				142	Defaults !requiretty
				143	Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin:/var/lib/openstack/bin:/var/lib/kolla/venv/bin"
				144	magnum ALL = (root) NOPASSWD: /var/lib/openstack/bin/privsep-helper
				145
				146	- apiVersion: apps/v1
				147	kind: DaemonSet
				148	metadata:
				149	name: magnum-cluster-api-proxy
				150	namespace: openstack
				151	labels:
				152	application: magnum
				153	component: cluster-api-proxy
				154	spec:
				155	selector:
				156	matchLabels:
				157	application: magnum
				158	component: cluster-api-proxy
				159	template:
				160	metadata:
				161	labels:
				162	application: magnum
				163	component: cluster-api-proxy
				164	spec:
				165	containers:
				166	- name: magnum-cluster-api-proxy
				167	command: ["magnum-cluster-api-proxy"]
				168	image: "{{ atmosphere_images['magnum_cluster_api_proxy'] \| vexxhost.kubernetes.docker_image('ref') }}"
				169	securityContext:
				170	privileged: true
				171	readOnlyRootFilesystem: true
				172	volumeMounts:
				173	- name: pod-tmp
				174	mountPath: /tmp
				175	- name: pod-run
				176	mountPath: /run
				177	- name: config
				178	mountPath: /etc/sudoers.d/magnum_capi_sudoers
				179	subPath: magnum_capi_sudoers
				180	readOnly: true
				181	- name: haproxy-state
				182	mountPath: /var/lib/magnum/.magnum-cluster-api-proxy
				183	- name: host-run-netns
				184	mountPath: /run/netns
				185	mountPropagation: Bidirectional
				186	nodeSelector:
				187	openstack-control-plane: enabled
				188	securityContext:
				189	runAsUser: 42424
				190	serviceAccountName: magnum-conductor
				191	volumes:
				192	- name: pod-tmp
				193	emptyDir: {}
				194	- name: pod-run
				195	emptyDir: {}
				196	- name: config
				197	configMap:
				198	name: magnum-cluster-api-proxy-config
				199	- name: haproxy-state
				200	emptyDir: {}
				201	- name: host-run-netns
				202	hostPath:
				203	path: /run/netns
				204
Mohammed Naser	4c33bb5	2023-01-18 03:23:18 +0000	[diff] [blame]	205	- name: Create Ingress
				206	ansible.builtin.include_role:
				207	name: openstack_helm_ingress
				208	vars:
				209	openstack_helm_ingress_endpoint: container_infra
				210	openstack_helm_ingress_service_name: magnum-api
				211	openstack_helm_ingress_service_port: 9511
Mohammed Naser	2145fc3	2023-01-29 23:23:03 +0000	[diff] [blame]	212	openstack_helm_ingress_annotations: "{{ magnum_ingress_annotations }}"
Mohammed Naser	4c33bb5	2023-01-18 03:23:18 +0000	[diff] [blame]	213
Mohammed Naser	e97c6a5	2023-04-13 17:50:29 +0000	[diff] [blame]	214	- name: Delete un-used job and PVC
				215	run_once: true
				216	kubernetes.core.k8s:
				217	state: absent
				218	definition:
				219	- apiVersion: batch/v1
				220	kind: Job
				221	metadata:
				222	name: magnum-registry-init
				223	namespace: "{{ magnum_helm_release_namespace }}"
				224	- apiVersion: v1
				225	kind: PersistentVolumeClaim
				226	metadata:
				227	name: magnum-registry
				228	namespace: "{{ magnum_helm_release_namespace }}"
				229
okozachenko1203	19b530e	2023-01-27 23:52:04 +1100	[diff] [blame]	230	- name: Deploy magnum registry
Mohammed Naser	65850fd	2023-02-22 21:36:27 -0500	[diff] [blame]	231	run_once: true
Mohammed Naser	096ade0	2022-12-15 09:53:33 -0500	[diff] [blame]	232	kubernetes.core.k8s:
				233	state: present
				234	definition:
Mohammed Naser	096ade0	2022-12-15 09:53:33 -0500	[diff] [blame]	235	- apiVersion: apps/v1
				236	kind: Deployment
				237	metadata:
Mohammed Naser	e97c6a5	2023-04-13 17:50:29 +0000	[diff] [blame]	238	name: magnum-registry
				239	namespace: "{{ magnum_helm_release_namespace }}"
Mohammed Naser	096ade0	2022-12-15 09:53:33 -0500	[diff] [blame]	240	labels:
				241	application: magnum
				242	component: registry
Mohammed Naser	096ade0	2022-12-15 09:53:33 -0500	[diff] [blame]	243	spec:
Mohammed Naser	e97c6a5	2023-04-13 17:50:29 +0000	[diff] [blame]	244	replicas: 3
Mohammed Naser	096ade0	2022-12-15 09:53:33 -0500	[diff] [blame]	245	selector:
				246	matchLabels:
				247	application: magnum
				248	component: registry
Mohammed Naser	096ade0	2022-12-15 09:53:33 -0500	[diff] [blame]	249	template:
				250	metadata:
				251	labels:
				252	application: magnum
				253	component: registry
				254	spec:
				255	containers:
				256	- name: registry
Mohammed Naser	31171f4	2023-03-19 00:10:46 +0000	[diff] [blame]	257	image: "{{ atmosphere_images['magnum_registry'] \| vexxhost.kubernetes.docker_image('ref') }}"
Mohammed Naser	096ade0	2022-12-15 09:53:33 -0500	[diff] [blame]	258	ports:
Mohammed Naser	e97c6a5	2023-04-13 17:50:29 +0000	[diff] [blame]	259	- name: registry
				260	containerPort: 5000
Mohammed Naser	096ade0	2022-12-15 09:53:33 -0500	[diff] [blame]	261	protocol: TCP
				262	livenessProbe:
				263	httpGet:
				264	path: /
				265	port: 5000
				266	scheme: HTTP
				267	readinessProbe:
				268	httpGet:
				269	path: /
				270	port: 5000
				271	scheme: HTTP
Mohammed Naser	096ade0	2022-12-15 09:53:33 -0500	[diff] [blame]	272	nodeSelector:
				273	openstack-control-plane: enabled
Mohammed Naser	096ade0	2022-12-15 09:53:33 -0500	[diff] [blame]	274
				275	- apiVersion: v1
				276	kind: Service
				277	metadata:
Mohammed Naser	e97c6a5	2023-04-13 17:50:29 +0000	[diff] [blame]	278	name: magnum-registry
				279	namespace: "{{ magnum_helm_release_namespace }}"
Mohammed Naser	096ade0	2022-12-15 09:53:33 -0500	[diff] [blame]	280	labels:
				281	application: magnum
				282	component: registry
Mohammed Naser	096ade0	2022-12-15 09:53:33 -0500	[diff] [blame]	283	spec:
Mohammed Naser	e97c6a5	2023-04-13 17:50:29 +0000	[diff] [blame]	284	type: ClusterIP
Mohammed Naser	096ade0	2022-12-15 09:53:33 -0500	[diff] [blame]	285	ports:
				286	- name: magnum
				287	port: 5000
				288	protocol: TCP
				289	targetPort: 5000
				290	selector:
				291	application: magnum
				292	component: registry
Mohammed Naser	096ade0	2022-12-15 09:53:33 -0500	[diff] [blame]	293
Mohammed Naser	096ade0	2022-12-15 09:53:33 -0500	[diff] [blame]	294	- name: Create magnum registry Ingress
				295	ansible.builtin.include_role:
				296	name: openstack_helm_ingress
				297	vars:
				298	openstack_helm_ingress_endpoint: container_infra_registry
				299	openstack_helm_ingress_service_name: magnum-registry
				300	openstack_helm_ingress_service_port: 5000
Mohammed Naser	756b717	2023-02-03 04:01:53 +0000	[diff] [blame]	301	openstack_helm_ingress_annotations: "{{ _magnum_registry_ingress_annotations \| combine(magnum_registry_ingress_annotations) }}"
Mohammed Naser	096ade0	2022-12-15 09:53:33 -0500	[diff] [blame]	302
Mohammed Naser	4b63004	2023-02-07 20:47:45 +0000	[diff] [blame]	303	- name: Upload images
				304	ansible.builtin.include_role:
				305	name: glance_image
				306	loop: "{{ magnum_images }}"
				307	vars:
				308	glance_image_name: "{{ item.name }}"
				309	glance_image_url: "{{ item.url }}"
				310	glance_image_container_format: "{{ magnum_image_container_format }}"
				311	glance_image_disk_format: "{{ magnum_image_disk_format }}"
Mohammed Naser	38a7438	2023-02-07 22:48:11 +0000	[diff] [blame]	312	glance_image_properties:
				313	os_distro: "{{ item.distro }}"