okd/playbooks/common/openshift-cluster/openshift_hosted.yml

---
- name: Create persistent volumes
  hosts: oo_first_master
  tags:
  - hosted
  vars:
    persistent_volumes: "{{ hostvars[groups.oo_first_master.0] | oo_persistent_volumes(groups) }}"
    persistent_volume_claims: "{{ hostvars[groups.oo_first_master.0] | oo_persistent_volume_claims }}"
  roles:
  - role: openshift_persistent_volumes
    when: persistent_volumes | length > 0 or persistent_volume_claims | length > 0

- name: Create Hosted Resources
  hosts: oo_first_master
  tags:
  - hosted
  pre_tasks:
  - set_fact:
      openshift_hosted_router_registryurl: "{{ hostvars[groups.oo_first_master.0].openshift.master.registry_url }}"
      openshift_hosted_registry_registryurl: "{{ hostvars[groups.oo_first_master.0].openshift.master.registry_url }}"
    when: "'master' in hostvars[groups.oo_first_master.0].openshift and 'registry_url' in hostvars[groups.oo_first_master.0].openshift.master"
  - set_fact:
      logging_hostname: "{{ openshift_hosted_logging_hostname | default('kibana.' ~ (openshift.master.default_subdomain | default('router.default.svc.cluster.local', true))) }}"
      logging_ops_hostname: "{{ openshift_hosted_logging_ops_hostname | default('kibana-ops.' ~ (openshift.master.default_subdomain | default('router.default.svc.cluster.local', true))) }}"
      logging_master_public_url: "{{ openshift_hosted_logging_master_public_url | default(openshift.master.public_api_url) }}"
      logging_elasticsearch_cluster_size: "{{ openshift_hosted_logging_elasticsearch_cluster_size | default(1) }}"
      logging_elasticsearch_ops_cluster_size: "{{ openshift_hosted_logging_elasticsearch_ops_cluster_size | default(1) }}"
  roles:
  - role: openshift_cli
  - role: openshift_hosted_facts
  - role: openshift_projects
    # TODO: Move standard project definitions to openshift_hosted/vars/main.yml
    # Vars are not accessible in meta/main.yml in ansible-1.9.x
    openshift_projects: "{{ openshift_additional_projects | default({}) | oo_merge_dicts({'default':{'default_node_selector':''},'openshift-infra':{'default_node_selector':''},'logging':{'default_node_selector':''}}) }}"
  - role: openshift_serviceaccounts
    openshift_serviceaccounts_names:
    - router
    openshift_serviceaccounts_namespace: default
    openshift_serviceaccounts_sccs:
    - hostnetwork
    when: openshift.common.version_gte_3_2_or_1_2
  - role: openshift_serviceaccounts
    openshift_serviceaccounts_names:
    - router
    - registry
    openshift_serviceaccounts_namespace: default
    openshift_serviceaccounts_sccs:
    - privileged
    when: not openshift.common.version_gte_3_2_or_1_2
  - role: openshift_hosted
  - role: openshift_metrics
    when: openshift.hosted.metrics.deploy | bool
  - role: openshift_hosted_logging
    when: openshift.hosted.logging.deploy | bool
    openshift_hosted_logging_hostname: "{{ logging_hostname }}"
    openshift_hosted_logging_ops_hostname: "{{ logging_ops_hostname }}"
    openshift_hosted_logging_master_public_url: "{{ logging_master_public_url }}"
    openshift_hosted_logging_elasticsearch_cluster_size: "{{ logging_elasticsearch_cluster_size }}"
    openshift_hosted_logging_elasticsearch_pvc_dynamic: "{{ 'true' if openshift.hosted.logging.storage_kind | default(none) == 'dynamic' else 'false' }}"
    openshift_hosted_logging_elasticsearch_pvc_size: "{{ openshift.hosted.logging.storage.volume.size if openshift.hosted.logging.storage_kind | default(none) == 'dynamic' else ''  }}"
    openshift_hosted_logging_elasticsearch_pvc_prefix: "{{ 'logging-es' if openshift.hosted.logging.storage_kind | default(none) is not none else '' }}"
    openshift_hosted_logging_elasticsearch_ops_cluster_size: "{{ logging_elasticsearch_ops_cluster_size }}"
    openshift_hosted_logging_elasticsearch_ops_pvc_dynamic: "{{ 'true' if openshift.hosted.logging.storage_kind | default(none) == 'dynamic' else 'false' }}"
    openshift_hosted_logging_elasticsearch_ops_pvc_size: "{{ openshift.hosted.logging.storage.volume.size if openshift.hosted.logging.storage_kind | default(none) == 'dynamic' else ''  }}"
    openshift_hosted_logging_elasticsearch_ops_pvc_prefix: "{{ 'logging-es' if openshift.hosted.logging.storage_kind | default(none) is not none else '' }}"

  - role: cockpit-ui
    when: openshift.common.deployment_subtype == 'registry'

- name: Configure all masters for logging
  serial: 1
  handlers:
  - include: ../../../roles/openshift_master/handlers/main.yml
    static: yes
  hosts: oo_masters
  tasks:
  - openshift_facts:
      role: master
      local_facts:
        logging_public_url: "https://{{ openshift_hosted_logging_hostname | default('kibana.' ~ openshift_master_default_subdomain) }}"
    when: openshift.hosted.logging.deploy | default(openshift.common.version_gte_3_3_or_1_3)
  - modify_yaml:
      dest: "{{ openshift.common.config_base }}/master/master-config.yaml"
      yaml_key: assetConfig.loggingPublicURL
      yaml_value: "{{ openshift.master.logging_public_url }}"
    notify: restart master
    when: openshift.hosted.logging.deploy | default(openshift.common.version_gte_3_3_or_1_3)

- name: Configure CA certificate for secure registry
  hosts: oo_nodes_to_config
  tags:
  - hosted
  tasks:
  - name: Create temp directory for kubeconfig
    command: mktemp -d /tmp/openshift-ansible-XXXXXX
    register: mktemp
    when: openshift.common.deployment_subtype == 'registry'
    changed_when: false
    delegate_to: "{{ groups.oo_first_master.0 }}"
    run_once: true
  - set_fact:
      openshift_hosted_kubeconfig: "{{ mktemp.stdout }}/admin.kubeconfig"
    when: openshift.common.deployment_subtype == 'registry'
    delegate_to: "{{ groups.oo_first_master.0 }}"
    run_once: true
  - name: Copy the admin client config(s)
    command: >
      cp {{ openshift.common.config_base }}/master/admin.kubeconfig {{ openshift_hosted_kubeconfig }}
    when: openshift.common.deployment_subtype == 'registry'
    changed_when: false
    delegate_to: "{{ groups.oo_first_master.0 }}"
    run_once: true
  - name: Retrieve docker-registry route
    command: >
      {{ openshift.common.client_binary }} get route docker-registry
      --template='{{ '{{' }} .spec.host {{ '}}' }}'
      --config={{ openshift_hosted_kubeconfig }}
      -n default
    register: docker_registry_route
    when: openshift.common.deployment_subtype == 'registry'
    changed_when: false
    delegate_to: "{{ groups.oo_first_master.0 }}"
    run_once: true
  - name: Retrieve registry service IP
    command: >
      {{ openshift.common.client_binary }} get service docker-registry
      --template='{{ '{{' }} .spec.clusterIP {{ '}}' }}'
      --config={{ openshift_hosted_kubeconfig }}
      -n default
    register: docker_registry_service_ip
    when: openshift.common.deployment_subtype == 'registry'
    changed_when: false
    delegate_to: "{{ groups.oo_first_master.0 }}"
    run_once: true
  - name: Create registry CA directories
    file:
      path: "/etc/docker/certs.d/{{ item }}"
      state: directory
    with_items:
    - "{{ docker_registry_service_ip.stdout }}:5000"
    - "{{ docker_registry_route.stdout }}"
    - "docker-registry.default.svc.cluster.local:5000"
    when: openshift.common.deployment_subtype == 'registry'
  - name: Copy CA to registry CA directories
    copy:
      src: "{{ openshift.common.config_base }}/node/ca.crt"
      dest: "/etc/docker/certs.d/{{ item }}"
      remote_src: yes
      force: yes
    with_items:
    - "{{ docker_registry_service_ip.stdout }}:5000"
    - "{{ docker_registry_route.stdout }}"
    - "docker-registry.default.svc.cluster.local:5000"
    when: openshift.common.deployment_subtype == 'registry'
    notify:
    - Restart docker
  - name: Delete temp directory
    file:
      name: "{{ mktemp.stdout }}"
      state: absent
    when: openshift.common.deployment_subtype == 'registry'
    changed_when: False
    delegate_to: "{{ groups.oo_first_master.0 }}"
    run_once: true
  handlers:
  - name: Restart docker
    service:
      name: docker
      state: restarted