diff options
Diffstat (limited to 'ansible')
-rw-r--r-- | ansible/.gitignore | 3 | ||||
-rw-r--r-- | ansible/infrastructure.yml | 4 | ||||
-rw-r--r-- | ansible/roles/application-install/tasks/custom_role.yml | 1 | ||||
-rw-r--r-- | ansible/roles/application-install/tasks/install.yml | 23 | ||||
-rw-r--r-- | ansible/roles/certificates/handlers/main.yml | 5 | ||||
-rw-r--r-- | ansible/roles/certificates/tasks/upload_root_ca.yml | 9 | ||||
-rw-r--r-- | ansible/roles/docker/tasks/main.yml | 5 | ||||
-rw-r--r-- | ansible/roles/nexus/tasks/insert-images.yml | 3 | ||||
-rw-r--r-- | ansible/roles/resource-data/tasks/unarchive-nfs-resource.yml | 3 | ||||
-rw-r--r-- | ansible/roles/resource-data/tasks/unarchive-resource.yml | 7 | ||||
-rw-r--r-- | ansible/roles/resource-data/tasks/unarchive-ssh-resource.yml | 3 |
11 files changed, 50 insertions, 16 deletions
diff --git a/ansible/.gitignore b/ansible/.gitignore index e5505c9e..c1c4d568 100644 --- a/ansible/.gitignore +++ b/ansible/.gitignore @@ -1,3 +1,6 @@ ansible_chroot application/* certs/ + +# Molecule testing +__pycache__/ diff --git a/ansible/infrastructure.yml b/ansible/infrastructure.yml index 83e185fe..18290ae4 100644 --- a/ansible/infrastructure.yml +++ b/ansible/infrastructure.yml @@ -20,6 +20,8 @@ roles: - docker tasks: - - import_tasks: roles/certificates/tasks/upload_root_ca.yml + - include_role: + name: certificates + tasks_from: upload_root_ca.yml vars: certificates_local_dir: certs diff --git a/ansible/roles/application-install/tasks/custom_role.yml b/ansible/roles/application-install/tasks/custom_role.yml index 3c6237e3..b6f6f351 100644 --- a/ansible/roles/application-install/tasks/custom_role.yml +++ b/ansible/roles/application-install/tasks/custom_role.yml @@ -6,4 +6,3 @@ when: - application_custom_role is defined - application_custom_role is not none - - application_custom_role | trim != '' diff --git a/ansible/roles/application-install/tasks/install.yml b/ansible/roles/application-install/tasks/install.yml index d2134d30..1cccf9ad 100644 --- a/ansible/roles/application-install/tasks/install.yml +++ b/ansible/roles/application-install/tasks/install.yml @@ -4,6 +4,7 @@ {{ helm_bin_dir }}/helm init --upgrade --skip-refresh + changed_when: true # init is always changed type of action #A correct way to implement this would be using --wait option in helm init invocation. #However, it does not work due to https://github.com/helm/helm/issues/4031 (fixed in newer helm release) @@ -13,22 +14,37 @@ until: result.rc == 0 delay: 10 retries: 12 + changed_when: false # for idempotency - name: Get all helm repos command: "{{ helm_bin_dir }}/helm repo list" register: repos + changed_when: false # for idempotency - name: Remove stable repo command: "{{ helm_bin_dir }}/helm repo remove stable" + changed_when: true # when executed its a changed type of action when: "'stable' in repos.stdout" - name: Helm Serve shell: "{{ helm_bin_dir }}/helm serve &" async: 45 - poll: 0 + poll: 3 # wait 3sec to get a chance for some stderr + register: helm_serve + changed_when: "'address already in use' not in helm_serve.stderr" + +- name: List helm repos + command: "{{ helm_bin_dir }}/helm repo list" + register: helm_repo_list + changed_when: false # for idempotency + failed_when: + - helm_repo_list.rc > 0 + - "'Error: no repositories to show' not in helm_repo_list.stderr" - name: Helm Add Repo command: "{{ helm_bin_dir }}/helm repo add {{ helm_repository_name }} {{ helm_repository_url }}" + when: "'local' not in helm_repo_list.stdout" + changed_when: true # when executed its a changed type of action - name: Build local helm repository make: @@ -47,7 +63,7 @@ # WA: this is required because deploy plugin dont process params properly - name: Create override file with global.cacert copy: - dest: "{{ app_data_path}}/override.yaml" + dest: "{{ app_data_path }}/override.yaml" content: | global: cacert: | @@ -66,3 +82,6 @@ {{ helm_repository_name }}/{{ app_helm_chart_name }} --namespace {{ app_kubernetes_namespace }} -f {{ app_data_path }}/override.yaml + changed_when: true # when executed its a changed type of action + register: helm_install + failed_when: helm_install.stderr diff --git a/ansible/roles/certificates/handlers/main.yml b/ansible/roles/certificates/handlers/main.yml new file mode 100644 index 00000000..b2b81223 --- /dev/null +++ b/ansible/roles/certificates/handlers/main.yml @@ -0,0 +1,5 @@ +--- +- name: Extract root certificate + command: /usr/bin/update-ca-trust extract + changed_when: true # this handler is executed just when there is a new cert + notify: Restart Docker diff --git a/ansible/roles/certificates/tasks/upload_root_ca.yml b/ansible/roles/certificates/tasks/upload_root_ca.yml index b2f1f945..b918187d 100644 --- a/ansible/roles/certificates/tasks/upload_root_ca.yml +++ b/ansible/roles/certificates/tasks/upload_root_ca.yml @@ -3,10 +3,5 @@ copy: src: "{{ certificates_local_dir }}/rootCA.crt" dest: /etc/pki/ca-trust/source/anchors/ - register: copycert - notify: Restart Docker - -- name: Extract root certificate - command: /usr/bin/update-ca-trust extract - when: copycert.changed - notify: Restart Docker + notify: # handler is triggered just when file is changed + - Extract root certificate diff --git a/ansible/roles/docker/tasks/main.yml b/ansible/roles/docker/tasks/main.yml index 16b7002f..de740df2 100644 --- a/ansible/roles/docker/tasks/main.yml +++ b/ansible/roles/docker/tasks/main.yml @@ -11,6 +11,11 @@ name: 'python2-docker' state: present +- name: Install python jsonpointer module + package: + name: 'python-jsonpointer' + state: present + - name: Ensure /etc/docker exists file: path: /etc/docker diff --git a/ansible/roles/nexus/tasks/insert-images.yml b/ansible/roles/nexus/tasks/insert-images.yml index f71d6990..6c283330 100644 --- a/ansible/roles/nexus/tasks/insert-images.yml +++ b/ansible/roles/nexus/tasks/insert-images.yml @@ -1,7 +1,8 @@ --- - name: Load docker images and push into registry block: - - set_fact: + - name: Register component name for docker login/load + set_fact: component: "{{ (item.path | basename | splitext)[0] }}" - name: Docker login diff --git a/ansible/roles/resource-data/tasks/unarchive-nfs-resource.yml b/ansible/roles/resource-data/tasks/unarchive-nfs-resource.yml index 9f9d92d0..bbf99321 100644 --- a/ansible/roles/resource-data/tasks/unarchive-nfs-resource.yml +++ b/ansible/roles/resource-data/tasks/unarchive-nfs-resource.yml @@ -16,7 +16,8 @@ fstype: nfs state: mounted - - name: "Unarchive resource {{ resources_dir }}/{{ resource_source_filename }} to {{ resource_destination_directory }} dir on infrastructure servers over nfs" + - name: "Unarchive resource {{ resources_dir }}/{{ resource_source_filename }} \ + to {{ resource_destination_directory }} dir on infrastructure servers over nfs" unarchive: src: "/tmp/resource_data/{{ resource_source_filename }}" dest: "{{ resource_destination_directory }}" diff --git a/ansible/roles/resource-data/tasks/unarchive-resource.yml b/ansible/roles/resource-data/tasks/unarchive-resource.yml index 79fdbfce..9097ddc8 100644 --- a/ansible/roles/resource-data/tasks/unarchive-resource.yml +++ b/ansible/roles/resource-data/tasks/unarchive-resource.yml @@ -34,7 +34,9 @@ - name: "Unarchive resource {{ resource_source_filename }} from host {{ resources_source_host }}, transport is {{ transport }}" include_tasks: "unarchive-{{ transport }}-resource.yml" - - file: + + - name: "Generate flag file after resources are deployed on infra" + file: path: "{{ resource_destination_directory }}/{{ resource_source_filename }}-uploaded" state: touch rescue: @@ -51,5 +53,6 @@ with_items: "{{ files_after_fail.files | difference(original_files.files) }}" when: files_after_fail is defined - - fail: + - name: "Report failure of upload operation" + fail: msg: "Upload of {{ resource_source_filename }} failed" diff --git a/ansible/roles/resource-data/tasks/unarchive-ssh-resource.yml b/ansible/roles/resource-data/tasks/unarchive-ssh-resource.yml index 1385ba55..bd578ae3 100644 --- a/ansible/roles/resource-data/tasks/unarchive-ssh-resource.yml +++ b/ansible/roles/resource-data/tasks/unarchive-ssh-resource.yml @@ -29,7 +29,8 @@ set_fact: tar_extract_options: "{{ '-xzf' if compressed.rc == 0 else '-xf' }}" - - name: "Unarchive resource {{ resources_dir }}/{{ resource_source_filename }} to {{ resource_destination_directory }} dir on infrastructure servers over ssh" + - name: "Unarchive resource {{ resources_dir }}/{{ resource_source_filename }} \ + to {{ resource_destination_directory }} dir on infrastructure servers over ssh" shell: > ssh -o StrictHostKeyChecking=no -o BatchMode=yes -i /root/.ssh/infra_to_resource.privkey |