Gitiles
Code Review Sign In
review.vexxhost.dev / atmosphere / refs/heads/stable/zed / . / roles / octavia / tasks / main.yml
blob: de02aaa3a13685e7b221f2bc79f9e04868b61040 [file] [log] [blame]
okozachenko1203d8d2aa12022-10-22 00:55:14 +1100[diff] [blame]1# Copyright (c) 2022 VEXXHOST, Inc.
2#
3# Licensed under the Apache License, Version 2.0 (the "License"); you may
4# not use this file except in compliance with the License. You may obtain
5# a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
11# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
12# License for the specific language governing permissions and limitations
13# under the License.
14
guilhermesteinmuller9b173d22023-01-24 19:15:17 +0000[diff] [blame]15- name: Uninstall the legacy HelmRelease
16 run_once: true
17 block:
18 - name: Suspend the existing HelmRelease
Mohammed Naserf0314a82023-04-11 18:53:30 +0000[diff] [blame]19 failed_when: false
guilhermesteinmuller9b173d22023-01-24 19:15:17 +0000[diff] [blame]20 kubernetes.core.k8s:
21 state: patched
22 api_version: helm.toolkit.fluxcd.io/v2beta1
23 kind: HelmRelease
Mohammed Naser2145fc32023-01-29 23:23:03 +0000[diff] [blame]24 name: "{{ octavia_helm_release_name }}"
25 namespace: "{{ octavia_helm_release_namespace }}"
guilhermesteinmuller9b173d22023-01-24 19:15:17 +0000[diff] [blame]26 definition:
27 spec:
28 suspend: true
29
30 - name: Remove the existing HelmRelease
Mohammed Naserf0314a82023-04-11 18:53:30 +0000[diff] [blame]31 failed_when: false
guilhermesteinmuller9b173d22023-01-24 19:15:17 +0000[diff] [blame]32 kubernetes.core.k8s:
33 state: absent
34 api_version: helm.toolkit.fluxcd.io/v2beta1
35 kind: HelmRelease
Mohammed Naser2145fc32023-01-29 23:23:03 +0000[diff] [blame]36 name: "{{ octavia_helm_release_name }}"
37 namespace: "{{ octavia_helm_release_namespace }}"
okozachenko1203d8d2aa12022-10-22 00:55:14 +1100[diff] [blame]38
Mohammed Naser0a13cee2023-03-02 11:28:29 +0100[diff] [blame]39- name: Generate resources
40 ansible.builtin.import_tasks:
41 file: generate_resources.yml
okozachenko1203d8d2aa12022-10-22 00:55:14 +1100[diff] [blame]42
Mohammed Naserc5824202022-11-12 17:17:02 +0000[diff] [blame]43- name: Create CAs & Issuers
44 kubernetes.core.k8s:
45 state: present
46 definition:
47 - apiVersion: cert-manager.io/v1
48 kind: Certificate
49 metadata:
50 name: "{{ item }}-ca"
51 namespace: openstack
52 spec:
53 isCA: true
Mohammed Naser0a13cee2023-03-02 11:28:29 +0100[diff] [blame]54 commonName: "{{ octavia_tls_server_common_name if item == 'octavia-server' else octavia_tls_client_common_name }}"
Mohammed Naserc5824202022-11-12 17:17:02 +0000[diff] [blame]55 secretName: "{{ item }}-ca"
Giovanni Tirloni295808a2024-02-26 20:45:29 -0300[diff] [blame]56 duration: 87600h0m0s
57 renewBefore: 720h0m0s
Mohammed Naser0a13cee2023-03-02 11:28:29 +0100[diff] [blame]58 privateKey: "{{ private_key | from_yaml }}"
Mohammed Naserc5824202022-11-12 17:17:02 +0000[diff] [blame]59 issuerRef:
60 name: self-signed
Mohammed Naserbb89a842022-11-14 19:49:36 +0000[diff] [blame]61 kind: ClusterIssuer
Mohammed Naserc5824202022-11-12 17:17:02 +0000[diff] [blame]62 group: cert-manager.io
okozachenko1203d8d2aa12022-10-22 00:55:14 +1100[diff] [blame]63
Mohammed Naserc5824202022-11-12 17:17:02 +0000[diff] [blame]64 - apiVersion: cert-manager.io/v1
65 kind: Issuer
66 metadata:
67 name: "{{ item }}"
68 namespace: openstack
69 spec:
70 ca:
71 secretName: "{{ item }}-ca"
Mohammed Naser0a13cee2023-03-02 11:28:29 +0100[diff] [blame]72 vars:
73 # NOTE(mnaser): Unfortuantely, Ansible renders all variables as strings so
74 # we do this workaround to make sure the size is an integer.
75 private_key: |
76 algorithm: "{{ octavia_tls_server_private_key_algorithm if item == 'octavia-server' else octavia_tls_client_private_key_algorithm }}"
77 size: {{ octavia_tls_server_private_key_size if item == 'octavia-server' else octavia_tls_client_private_key_size }}
Mohammed Naserc5824202022-11-12 17:17:02 +0000[diff] [blame]78 loop:
79 - octavia-client
80 - octavia-server
okozachenko1203d8d2aa12022-10-22 00:55:14 +1100[diff] [blame]81
Mohammed Naserc5824202022-11-12 17:17:02 +0000[diff] [blame]82- name: Create certificate for Octavia clients
83 kubernetes.core.k8s:
84 state: present
85 definition:
86 apiVersion: cert-manager.io/v1
87 kind: Certificate
88 metadata:
89 name: octavia-client-certs
90 namespace: openstack
91 spec:
Mohammed Naser0a13cee2023-03-02 11:28:29 +0100[diff] [blame]92 commonName: "{{ octavia_tls_client_common_name }}"
Mohammed Naserc5824202022-11-12 17:17:02 +0000[diff] [blame]93 secretName: octavia-client-certs
94 additionalOutputFormats:
95 - type: CombinedPEM
Giovanni Tirloni295808a2024-02-26 20:45:29 -0300[diff] [blame]96 duration: 87600h0m0s
97 renewBefore: 720h0m0s
Mohammed Naser0a13cee2023-03-02 11:28:29 +0100[diff] [blame]98 privateKey: "{{ private_key | from_yaml }}"
Mohammed Naserc5824202022-11-12 17:17:02 +0000[diff] [blame]99 issuerRef:
100 name: octavia-client
101 kind: Issuer
102 group: cert-manager.io
Mohammed Naser0a13cee2023-03-02 11:28:29 +0100[diff] [blame]103 vars:
104 # NOTE(mnaser): Unfortuantely, Ansible renders all variables as strings so
105 # we do this workaround to make sure the size is an integer.
106 private_key: |
107 algorithm: "{{ octavia_tls_client_private_key_algorithm }}"
108 size: {{ octavia_tls_client_private_key_size }}
okozachenko1203d8d2aa12022-10-22 00:55:14 +1100[diff] [blame]109
110- name: Create admin compute quotaset
111 openstack.cloud.quota:
112 cloud: atmosphere
113 # NOTE(okozachenko): It uses project name instead of id.
114 name: admin
115 instances: -1
116 cores: -1
117 ram: -1
Mohammed Naser9c8115d2023-02-07 22:06:48 +0000[diff] [blame]118 volumes: -1
119 gigabytes: -1
Mohammed Nasere7d66242023-03-09 08:17:24 +0000[diff] [blame]120 security_group: -1
121 security_group_rule: -1
okozachenko1203d8d2aa12022-10-22 00:55:14 +1100[diff] [blame]122
123- name: Deploy Helm chart
guilhermesteinmuller9b173d22023-01-24 19:15:17 +0000[diff] [blame]124 run_once: true
125 kubernetes.core.helm:
Mohammed Naser2145fc32023-01-29 23:23:03 +0000[diff] [blame]126 name: "{{ octavia_helm_release_name }}"
127 chart_ref: "{{ octavia_helm_chart_ref }}"
128 release_namespace: "{{ octavia_helm_release_namespace }}"
guilhermesteinmuller9b173d22023-01-24 19:15:17 +0000[diff] [blame]129 create_namespace: true
130 kubeconfig: /etc/kubernetes/admin.conf
Mohammed Naser2145fc32023-01-29 23:23:03 +0000[diff] [blame]131 values: "{{ _octavia_helm_values | combine(octavia_helm_values, recursive=True) }}"
okozachenko1203d8d2aa12022-10-22 00:55:14 +1100[diff] [blame]132
Mohammed Naserf641f862023-02-16 19:04:57 +0000[diff] [blame]133- name: Add implied roles
Mohammed Naser24abccb2023-01-29 22:50:42 +0000[diff] [blame]134 run_once: true
135 ansible.builtin.shell: |
vexxhost-botb775bab2024-05-02 12:04:34 -0400[diff] [blame]136 set -o posix
137 source /etc/profile.d/atmosphere.sh
Mohammed Naser24abccb2023-01-29 22:50:42 +0000[diff] [blame]138 openstack implied role create \
Mohammed Naserf641f862023-02-16 19:04:57 +0000[diff] [blame]139 --implied-role {{ item.implies }} \
140 {{ item.role }}
vexxhost-botb775bab2024-05-02 12:04:34 -0400[diff] [blame]141 args:
142 executable: /bin/bash
Mohammed Naserf641f862023-02-16 19:04:57 +0000[diff] [blame]143 loop:
144 - role: member
145 implies: load-balancer_member
146 - role: reader
147 implies: load-balancer_observer
Mohammed Naser24abccb2023-01-29 22:50:42 +0000[diff] [blame]148 environment:
149 OS_CLOUD: atmosphere
Mohammed Naser2145fc32023-01-29 23:23:03 +0000[diff] [blame]150 register: _octavia_implied_role_create
151 changed_when: _octavia_implied_role_create.rc == 0
152 failed_when: _octavia_implied_role_create.rc != 0 and 'Duplicate entry.' not in _octavia_implied_role_create.stderr
Mohammed Naserebcd7d72024-06-20 11:42:28 -0400[diff] [blame]153 retries: 10
154 delay: 1
155 until: _octavia_implied_role_create.rc == 0 or 'Duplicate entry.' in _octavia_implied_role_create.stderr
Mohammed Naser24abccb2023-01-29 22:50:42 +0000[diff] [blame]156
okozachenko1203d8d2aa12022-10-22 00:55:14 +1100[diff] [blame]157- name: Create Ingress
158 ansible.builtin.include_role:
159 name: openstack_helm_ingress
160 vars:
161 openstack_helm_ingress_endpoint: load_balancer
162 openstack_helm_ingress_service_name: octavia-api
163 openstack_helm_ingress_service_port: 9876
Mohammed Naser2145fc32023-01-29 23:23:03 +0000[diff] [blame]164 openstack_helm_ingress_annotations: "{{ octavia_ingress_annotations }}"