shixiong
/
okd


			
				
					
						
						
							12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091
							---
- name: Retrieve list of openshift nodes matching router selector
  oc_obj:
    state: list
    kind: node
    namespace: "{{ openshift.hosted.router.namespace | default('default') }}"
    selector: "{{ openshift.hosted.router.selector | default(omit) }}"
  register: router_nodes
  when: openshift.hosted.router.replicas | default(none) is none

- name: set_fact replicas
  set_fact:
    replicas: "{{ openshift.hosted.router.replicas|default(None) | get_router_replicas(router_nodes) }}"

- block:

  - name: Assert that 'certfile', 'keyfile' and 'cafile' keys provided in openshift_hosted_router_certificate
    assert:
      that:
      - "'certfile' in openshift_hosted_router_certificate"
      - "'keyfile' in openshift_hosted_router_certificate"
      - "'cafile' in openshift_hosted_router_certificate"
      msg: "'certfile', 'keyfile' and 'cafile' keys must be specified when supplying the openshift_hosted_router_certificate variable."

  - name: Read router certificate and key
    become: no
    local_action:
      module: slurp
      src: "{{ item }}"
    register: openshift_router_certificate_output
    # Defaulting dictionary keys to none to avoid deprecation warnings
    # (future fatal errors) during template evaluation. Dictionary keys
    # won't be accessed unless openshift_hosted_router_certificate is
    # defined and has all keys (certfile, keyfile, cafile) which we
    # check above.
    with_items:
    - "{{ (openshift_hosted_router_certificate | default({'certfile':none})).certfile }}"
    - "{{ (openshift_hosted_router_certificate | default({'keyfile':none})).keyfile }}"
    - "{{ (openshift_hosted_router_certificate | default({'cafile':none})).cafile }}"

  - name: Persist certificate contents
    openshift_facts:
      role: hosted
      openshift_env:
        openshift_hosted_router_certificate_contents: "{% for certificate in openshift_router_certificate_output.results -%}{{ certificate.content | b64decode }}{% endfor -%}"

  - name: Create PEM certificate
    copy:
      content: "{{ openshift.hosted.router.certificate.contents }}"
      dest: "{{ openshift_master_config_dir }}/openshift-router.pem"
      mode: 0600

  when: openshift_hosted_router_certificate is defined

- name: Create OpenShift router
  oc_adm_router:
    name: "{{ openshift.hosted.router.name | default('router') }}"
    replicas: "{{ replicas }}"
    namespace: "{{ openshift.hosted.router.namespace | default('default') }}"
    # This option is not yet implemented
    # force_subdomain: "{{ openshift.hosted.router.force_subdomain | default(none) }}"
    service_account: router
    selector: "{{ openshift.hosted.router.selector | default(none) }}"
    images: "{{ openshift.hosted.router.registryurl | default(none) }}"
    default_cert: "{{ openshift_hosted_router_certificate is defined | default(false) | ternary(openshift_master_config_dir + '/openshift-router.pem', omit) }}"
    # These edits are being specified only to prevent 'changed' on rerun
    edits:
    - key: spec.strategy.rollingParams.intervalSeconds
      value: 1
      action: put
    - key: spec.strategy.rollingParams.updatePeriodSeconds
      value: 1
      action: put
    - key: spec.strategy.activeDeadlineSeconds
      value: 21600
      action: put
  register: routerout

# This should probably move to module
- name: wait for deploy
  pause:
    seconds: 30
  when: routerout.changed

- name: Ensure router replica count matches desired
  oc_scale:
    kind: dc
    name: "{{ openshift.hosted.router.name | default('router') }}"
    namespace: "{{ openshift.hosted.router.namespace | default('default') }}"
    replicas: "{{ replicas }}"
  when: replicas | int > 0