Blame - roles/octavia/tasks/main.yml - atmosphere

blob: 4432856bbf4b49876e1926547e5f5390cdce2354 [file] [log] [blame]

okozachenko1203	d8d2aa1	2022-10-22 00:55:14 +1100	[diff] [blame]	1	# Copyright (c) 2022 VEXXHOST, Inc.
				2	#
				3	# Licensed under the Apache License, Version 2.0 (the "License"); you may
				4	# not use this file except in compliance with the License. You may obtain
				5	# a copy of the License at
				6	#
				7	# http://www.apache.org/licenses/LICENSE-2.0
				8	#
				9	# Unless required by applicable law or agreed to in writing, software
				10	# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
				11	# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
				12	# License for the specific language governing permissions and limitations
				13	# under the License.
				14
Mohammed Naser	0a13cee	2023-03-02 11:28:29 +0100	[diff] [blame]	15	- name: Generate resources
				16	ansible.builtin.import_tasks:
				17	file: generate_resources.yml
okozachenko1203	d8d2aa1	2022-10-22 00:55:14 +1100	[diff] [blame]	18
Mohammed Naser	c582420	2022-11-12 17:17:02 +0000	[diff] [blame]	19	- name: Create CAs & Issuers
				20	kubernetes.core.k8s:
				21	state: present
				22	definition:
				23	- apiVersion: cert-manager.io/v1
				24	kind: Certificate
				25	metadata:
				26	name: "{{ item }}-ca"
				27	namespace: openstack
				28	spec:
				29	isCA: true
Mohammed Naser	0a13cee	2023-03-02 11:28:29 +0100	[diff] [blame]	30	commonName: "{{ octavia_tls_server_common_name if item == 'octavia-server' else octavia_tls_client_common_name }}"
Mohammed Naser	c582420	2022-11-12 17:17:02 +0000	[diff] [blame]	31	secretName: "{{ item }}-ca"
Giovanni Tirloni	295808a	2024-02-26 20:45:29 -0300	[diff] [blame]	32	duration: 87600h0m0s
				33	renewBefore: 720h0m0s
Mohammed Naser	0a13cee	2023-03-02 11:28:29 +0100	[diff] [blame]	34	privateKey: "{{ private_key \| from_yaml }}"
Mohammed Naser	c582420	2022-11-12 17:17:02 +0000	[diff] [blame]	35	issuerRef:
				36	name: self-signed
Mohammed Naser	bb89a84	2022-11-14 19:49:36 +0000	[diff] [blame]	37	kind: ClusterIssuer
Mohammed Naser	c582420	2022-11-12 17:17:02 +0000	[diff] [blame]	38	group: cert-manager.io
okozachenko1203	d8d2aa1	2022-10-22 00:55:14 +1100	[diff] [blame]	39
Mohammed Naser	c582420	2022-11-12 17:17:02 +0000	[diff] [blame]	40	- apiVersion: cert-manager.io/v1
				41	kind: Issuer
				42	metadata:
				43	name: "{{ item }}"
				44	namespace: openstack
				45	spec:
				46	ca:
				47	secretName: "{{ item }}-ca"
Mohammed Naser	0a13cee	2023-03-02 11:28:29 +0100	[diff] [blame]	48	vars:
				49	# NOTE(mnaser): Unfortuantely, Ansible renders all variables as strings so
				50	# we do this workaround to make sure the size is an integer.
				51	private_key: \|
				52	algorithm: "{{ octavia_tls_server_private_key_algorithm if item == 'octavia-server' else octavia_tls_client_private_key_algorithm }}"
				53	size: {{ octavia_tls_server_private_key_size if item == 'octavia-server' else octavia_tls_client_private_key_size }}
Mohammed Naser	c582420	2022-11-12 17:17:02 +0000	[diff] [blame]	54	loop:
				55	- octavia-client
				56	- octavia-server
okozachenko1203	d8d2aa1	2022-10-22 00:55:14 +1100	[diff] [blame]	57
Mohammed Naser	c582420	2022-11-12 17:17:02 +0000	[diff] [blame]	58	- name: Create certificate for Octavia clients
				59	kubernetes.core.k8s:
				60	state: present
				61	definition:
				62	apiVersion: cert-manager.io/v1
				63	kind: Certificate
				64	metadata:
				65	name: octavia-client-certs
				66	namespace: openstack
				67	spec:
Mohammed Naser	0a13cee	2023-03-02 11:28:29 +0100	[diff] [blame]	68	commonName: "{{ octavia_tls_client_common_name }}"
Mohammed Naser	c582420	2022-11-12 17:17:02 +0000	[diff] [blame]	69	secretName: octavia-client-certs
				70	additionalOutputFormats:
				71	- type: CombinedPEM
Giovanni Tirloni	295808a	2024-02-26 20:45:29 -0300	[diff] [blame]	72	duration: 87600h0m0s
				73	renewBefore: 720h0m0s
Mohammed Naser	0a13cee	2023-03-02 11:28:29 +0100	[diff] [blame]	74	privateKey: "{{ private_key \| from_yaml }}"
Mohammed Naser	c582420	2022-11-12 17:17:02 +0000	[diff] [blame]	75	issuerRef:
				76	name: octavia-client
				77	kind: Issuer
				78	group: cert-manager.io
Mohammed Naser	0a13cee	2023-03-02 11:28:29 +0100	[diff] [blame]	79	vars:
				80	# NOTE(mnaser): Unfortuantely, Ansible renders all variables as strings so
				81	# we do this workaround to make sure the size is an integer.
				82	private_key: \|
				83	algorithm: "{{ octavia_tls_client_private_key_algorithm }}"
				84	size: {{ octavia_tls_client_private_key_size }}
okozachenko1203	d8d2aa1	2022-10-22 00:55:14 +1100	[diff] [blame]	85
				86	- name: Create admin compute quotaset
				87	openstack.cloud.quota:
				88	cloud: atmosphere
				89	# NOTE(okozachenko): It uses project name instead of id.
				90	name: admin
				91	instances: -1
				92	cores: -1
				93	ram: -1
Mohammed Naser	9c8115d	2023-02-07 22:06:48 +0000	[diff] [blame]	94	volumes: -1
				95	gigabytes: -1
Mohammed Naser	e7d6624	2023-03-09 08:17:24 +0000	[diff] [blame]	96	security_group: -1
				97	security_group_rule: -1
okozachenko1203	d8d2aa1	2022-10-22 00:55:14 +1100	[diff] [blame]	98
				99	- name: Deploy Helm chart
guilhermesteinmuller	9b173d2	2023-01-24 19:15:17 +0000	[diff] [blame]	100	run_once: true
				101	kubernetes.core.helm:
Mohammed Naser	2145fc3	2023-01-29 23:23:03 +0000	[diff] [blame]	102	name: "{{ octavia_helm_release_name }}"
				103	chart_ref: "{{ octavia_helm_chart_ref }}"
				104	release_namespace: "{{ octavia_helm_release_namespace }}"
guilhermesteinmuller	9b173d2	2023-01-24 19:15:17 +0000	[diff] [blame]	105	create_namespace: true
Austin Talbot	78a774a	2024-09-25 10:15:36 -0600	[diff] [blame]	106	kubeconfig: "{{ octavia_helm_kubeconfig }}"
Mohammed Naser	2145fc3	2023-01-29 23:23:03 +0000	[diff] [blame]	107	values: "{{ _octavia_helm_values \| combine(octavia_helm_values, recursive=True) }}"
okozachenko1203	d8d2aa1	2022-10-22 00:55:14 +1100	[diff] [blame]	108
Mohammed Naser	f641f86	2023-02-16 19:04:57 +0000	[diff] [blame]	109	- name: Add implied roles
Mohammed Naser	24abccb	2023-01-29 22:50:42 +0000	[diff] [blame]	110	run_once: true
				111	ansible.builtin.shell: \|
Tadas Sutkaitis	7a28658	2024-05-01 02:12:08 +0300	[diff] [blame]	112	set -o posix
				113	source /etc/profile.d/atmosphere.sh
Mohammed Naser	24abccb	2023-01-29 22:50:42 +0000	[diff] [blame]	114	openstack implied role create \
Mohammed Naser	f641f86	2023-02-16 19:04:57 +0000	[diff] [blame]	115	--implied-role {{ item.implies }} \
				116	{{ item.role }}
Tadas Sutkaitis	7a28658	2024-05-01 02:12:08 +0300	[diff] [blame]	117	args:
				118	executable: /bin/bash
Mohammed Naser	f641f86	2023-02-16 19:04:57 +0000	[diff] [blame]	119	loop:
				120	- role: member
				121	implies: load-balancer_member
				122	- role: reader
				123	implies: load-balancer_observer
Mohammed Naser	24abccb	2023-01-29 22:50:42 +0000	[diff] [blame]	124	environment:
				125	OS_CLOUD: atmosphere
Mohammed Naser	2145fc3	2023-01-29 23:23:03 +0000	[diff] [blame]	126	register: _octavia_implied_role_create
				127	changed_when: _octavia_implied_role_create.rc == 0
				128	failed_when: _octavia_implied_role_create.rc != 0 and 'Duplicate entry.' not in _octavia_implied_role_create.stderr
Mohammed Naser	7270870	2024-06-20 00:07:56 -0400	[diff] [blame]	129	retries: 10
				130	delay: 1
				131	until: _octavia_implied_role_create.rc == 0 or 'Duplicate entry.' in _octavia_implied_role_create.stderr
Mohammed Naser	24abccb	2023-01-29 22:50:42 +0000	[diff] [blame]	132
okozachenko1203	d8d2aa1	2022-10-22 00:55:14 +1100	[diff] [blame]	133	- name: Create Ingress
				134	ansible.builtin.include_role:
				135	name: openstack_helm_ingress
				136	vars:
				137	openstack_helm_ingress_endpoint: load_balancer
				138	openstack_helm_ingress_service_name: octavia-api
				139	openstack_helm_ingress_service_port: 9876
Mohammed Naser	2145fc3	2023-01-29 23:23:03 +0000	[diff] [blame]	140	openstack_helm_ingress_annotations: "{{ octavia_ingress_annotations }}"
Mohammed Naser	c139abc	2025-02-05 14:03:20 -0500	[diff] [blame]	141	openstack_helm_ingress_class_name: "{{ octavia_ingress_class_name }}"