summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--ansible/infrastructure.yml4
-rw-r--r--ansible/roles/application-install/tasks/custom_role.yml1
-rw-r--r--ansible/roles/application-install/tasks/install.yml21
-rw-r--r--ansible/roles/certificates/handlers/main.yml5
-rw-r--r--ansible/roles/certificates/tasks/upload_root_ca.yml9
-rw-r--r--ansible/roles/nexus/tasks/insert-images.yml3
-rw-r--r--ansible/roles/resource-data/tasks/unarchive-nfs-resource.yml3
-rw-r--r--ansible/roles/resource-data/tasks/unarchive-resource.yml7
-rw-r--r--ansible/roles/resource-data/tasks/unarchive-ssh-resource.yml3
9 files changed, 40 insertions, 16 deletions
diff --git a/ansible/infrastructure.yml b/ansible/infrastructure.yml
index 83e185fe..18290ae4 100644
--- a/ansible/infrastructure.yml
+++ b/ansible/infrastructure.yml
@@ -20,6 +20,8 @@
roles:
- docker
tasks:
- - import_tasks: roles/certificates/tasks/upload_root_ca.yml
+ - include_role:
+ name: certificates
+ tasks_from: upload_root_ca.yml
vars:
certificates_local_dir: certs
diff --git a/ansible/roles/application-install/tasks/custom_role.yml b/ansible/roles/application-install/tasks/custom_role.yml
index 3c6237e3..b6f6f351 100644
--- a/ansible/roles/application-install/tasks/custom_role.yml
+++ b/ansible/roles/application-install/tasks/custom_role.yml
@@ -6,4 +6,3 @@
when:
- application_custom_role is defined
- application_custom_role is not none
- - application_custom_role | trim != ''
diff --git a/ansible/roles/application-install/tasks/install.yml b/ansible/roles/application-install/tasks/install.yml
index d2134d30..96f66b90 100644
--- a/ansible/roles/application-install/tasks/install.yml
+++ b/ansible/roles/application-install/tasks/install.yml
@@ -4,6 +4,7 @@
{{ helm_bin_dir }}/helm init
--upgrade
--skip-refresh
+ changed_when: true # init is always changed type of action
#A correct way to implement this would be using --wait option in helm init invocation.
#However, it does not work due to https://github.com/helm/helm/issues/4031 (fixed in newer helm release)
@@ -13,22 +14,37 @@
until: result.rc == 0
delay: 10
retries: 12
+ changed_when: false # for idempotency
- name: Get all helm repos
command: "{{ helm_bin_dir }}/helm repo list"
register: repos
+ changed_when: false # for idempotency
- name: Remove stable repo
command: "{{ helm_bin_dir }}/helm repo remove stable"
+ changed_when: true # when executed its a changed type of action
when: "'stable' in repos.stdout"
- name: Helm Serve
shell: "{{ helm_bin_dir }}/helm serve &"
async: 45
- poll: 0
+ poll: 3 # wait 3sec to get a chance for some stderr
+ register: helm_serve
+ changed_when: "'address already in use' not in helm_serve.stderr"
+
+- name: List helm repos
+ command: "{{ helm_bin_dir }}/helm repo list"
+ register: helm_repo_list
+ changed_when: false # for idempotency
+ failed_when:
+ - helm_repo_list.rc > 0
+ - "'Error: no repositories to show' not in helm_repo_list.stderr"
- name: Helm Add Repo
command: "{{ helm_bin_dir }}/helm repo add {{ helm_repository_name }} {{ helm_repository_url }}"
+ when: "'local' not in helm_repo_list.stdout"
+ changed_when: true # when executed its a changed type of action
- name: Build local helm repository
make:
@@ -47,7 +63,7 @@
# WA: this is required because deploy plugin dont process params properly
- name: Create override file with global.cacert
copy:
- dest: "{{ app_data_path}}/override.yaml"
+ dest: "{{ app_data_path }}/override.yaml"
content: |
global:
cacert: |
@@ -66,3 +82,4 @@
{{ helm_repository_name }}/{{ app_helm_chart_name }}
--namespace {{ app_kubernetes_namespace }}
-f {{ app_data_path }}/override.yaml
+ changed_when: true # when executed its a changed type of action
diff --git a/ansible/roles/certificates/handlers/main.yml b/ansible/roles/certificates/handlers/main.yml
new file mode 100644
index 00000000..b2b81223
--- /dev/null
+++ b/ansible/roles/certificates/handlers/main.yml
@@ -0,0 +1,5 @@
+---
+- name: Extract root certificate
+ command: /usr/bin/update-ca-trust extract
+ changed_when: true # this handler is executed just when there is a new cert
+ notify: Restart Docker
diff --git a/ansible/roles/certificates/tasks/upload_root_ca.yml b/ansible/roles/certificates/tasks/upload_root_ca.yml
index b2f1f945..b918187d 100644
--- a/ansible/roles/certificates/tasks/upload_root_ca.yml
+++ b/ansible/roles/certificates/tasks/upload_root_ca.yml
@@ -3,10 +3,5 @@
copy:
src: "{{ certificates_local_dir }}/rootCA.crt"
dest: /etc/pki/ca-trust/source/anchors/
- register: copycert
- notify: Restart Docker
-
-- name: Extract root certificate
- command: /usr/bin/update-ca-trust extract
- when: copycert.changed
- notify: Restart Docker
+ notify: # handler is triggered just when file is changed
+ - Extract root certificate
diff --git a/ansible/roles/nexus/tasks/insert-images.yml b/ansible/roles/nexus/tasks/insert-images.yml
index f71d6990..6c283330 100644
--- a/ansible/roles/nexus/tasks/insert-images.yml
+++ b/ansible/roles/nexus/tasks/insert-images.yml
@@ -1,7 +1,8 @@
---
- name: Load docker images and push into registry
block:
- - set_fact:
+ - name: Register component name for docker login/load
+ set_fact:
component: "{{ (item.path | basename | splitext)[0] }}"
- name: Docker login
diff --git a/ansible/roles/resource-data/tasks/unarchive-nfs-resource.yml b/ansible/roles/resource-data/tasks/unarchive-nfs-resource.yml
index 9f9d92d0..bbf99321 100644
--- a/ansible/roles/resource-data/tasks/unarchive-nfs-resource.yml
+++ b/ansible/roles/resource-data/tasks/unarchive-nfs-resource.yml
@@ -16,7 +16,8 @@
fstype: nfs
state: mounted
- - name: "Unarchive resource {{ resources_dir }}/{{ resource_source_filename }} to {{ resource_destination_directory }} dir on infrastructure servers over nfs"
+ - name: "Unarchive resource {{ resources_dir }}/{{ resource_source_filename }} \
+ to {{ resource_destination_directory }} dir on infrastructure servers over nfs"
unarchive:
src: "/tmp/resource_data/{{ resource_source_filename }}"
dest: "{{ resource_destination_directory }}"
diff --git a/ansible/roles/resource-data/tasks/unarchive-resource.yml b/ansible/roles/resource-data/tasks/unarchive-resource.yml
index 79fdbfce..9097ddc8 100644
--- a/ansible/roles/resource-data/tasks/unarchive-resource.yml
+++ b/ansible/roles/resource-data/tasks/unarchive-resource.yml
@@ -34,7 +34,9 @@
- name: "Unarchive resource {{ resource_source_filename }} from host {{ resources_source_host }}, transport is {{ transport }}"
include_tasks: "unarchive-{{ transport }}-resource.yml"
- - file:
+
+ - name: "Generate flag file after resources are deployed on infra"
+ file:
path: "{{ resource_destination_directory }}/{{ resource_source_filename }}-uploaded"
state: touch
rescue:
@@ -51,5 +53,6 @@
with_items: "{{ files_after_fail.files | difference(original_files.files) }}"
when: files_after_fail is defined
- - fail:
+ - name: "Report failure of upload operation"
+ fail:
msg: "Upload of {{ resource_source_filename }} failed"
diff --git a/ansible/roles/resource-data/tasks/unarchive-ssh-resource.yml b/ansible/roles/resource-data/tasks/unarchive-ssh-resource.yml
index 1385ba55..bd578ae3 100644
--- a/ansible/roles/resource-data/tasks/unarchive-ssh-resource.yml
+++ b/ansible/roles/resource-data/tasks/unarchive-ssh-resource.yml
@@ -29,7 +29,8 @@
set_fact:
tar_extract_options: "{{ '-xzf' if compressed.rc == 0 else '-xf' }}"
- - name: "Unarchive resource {{ resources_dir }}/{{ resource_source_filename }} to {{ resource_destination_directory }} dir on infrastructure servers over ssh"
+ - name: "Unarchive resource {{ resources_dir }}/{{ resource_source_filename }} \
+ to {{ resource_destination_directory }} dir on infrastructure servers over ssh"
shell: >
ssh -o StrictHostKeyChecking=no -o BatchMode=yes
-i /root/.ssh/infra_to_resource.privkey