blob: 4cda3722dd9a6005d8e4f6ed8d09cff9244e9d1b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
|
---
# DO NOT ADD SPACE AROUND ';'
- name: Start rancher server container
docker_container:
name: rancher-server
image: "{{ rancher_server_image }}"
command: ["sh", "-c", "/usr/sbin/update-ca-certificates;/usr/bin/entry /usr/bin/s6-svscan /service"]
ports: 8080:8080
state: started
restart_policy: unless-stopped
volumes:
- "{{ app_data_path }}/certs:/usr/local/share/ca-certificates/extra:ro"
- name: Wait for rancher server to be ready
uri:
url: "{{ rancher_server_url }}/v2-beta"
register: response
retries: 10
delay: 30
until: not response.failed
- name: Create rancher kubernetes environment
rancher_k8s_environment:
name: "{{ app_name }}"
descr: "Kubernetes environment for {{ app_name }}"
server: "{{ rancher_server_url }}"
delete_other_k8s: "{{ rancher_remove_other_env }}"
force: "{{ rancher_redeploy_k8s_env }}"
host_os: "{{ ansible_os_family }}"
register: env
retries: 10
delay: 5
until: env.data is defined
# There is a lack of idempotency in the previous task and so there are new api
# key-pairs created with each run.
#
# ToDo: fix idempotency of rancher role
#
# Anyway as rke will be default k8s orchestrator in Dublin, it's supposed to be
# low prio topic. The following tasks dealing with the API are ignoring this problem
# and they simply use the new created API key-pair, which is set as a fact here:
- name: Set apikey values
set_fact:
k8s_env_id: "{{ env.data.environment.id }}"
key_public: "{{ env.data.apikey.public }}"
key_private: "{{ env.data.apikey.private }}"
rancher_agent_image: "{{ env.data.registration_tokens.image }}"
rancher_agent_reg_url: "{{ env.data.registration_tokens.reg_url }}"
# By default disabled - when enabled this playbook cannot be run more than once.
- name: Setup rancher admin password and enable authentication
rancher1_api:
server: "{{ rancher_server_url }}"
account_key: "{{ key_public }}:{{ key_private }}"
mode: access_control
data:
account_id: 1a1 # default rancher admin account
password: "{{ rancher.admin_password }}"
when: "rancher.auth_enabled is defined and rancher.auth_enabled"
- name: Configure the size of the rancher cattle db and logs
block:
- name: Main tables
rancher1_api:
server: "{{ rancher_server_url }}"
account_key: "{{ key_public }}:{{ key_private }}"
mode: settings
data:
option: main_tables.purge.after.seconds
value: "{{ rancher.main_tables_purge_after_seconds }}"
- name: Events
rancher1_api:
server: "{{ rancher_server_url }}"
account_key: "{{ key_public }}:{{ key_private }}"
mode: settings
data:
option: events.purge.after.seconds
value: "{{ rancher.events_purge_after_seconds }}"
- name: Service log
rancher1_api:
server: "{{ rancher_server_url }}"
account_key: "{{ key_public }}:{{ key_private }}"
mode: settings
data:
option: service_log.purge.after.seconds
value: "{{ rancher.service_log_purge_after_seconds }}"
- name: Audit log
rancher1_api:
server: "{{ rancher_server_url }}"
account_key: "{{ key_public }}:{{ key_private }}"
mode: settings
data:
option: audit_log.purge.after.seconds
value: "{{ rancher.audit_log_purge_after_seconds }}"
|
