okd/roles/template_service_broker/tasks/install.yml

---
# Fact setting
- name: Ensure that Template Service Broker has nodes to run on
  fail:
    msg: |-
      No schedulable nodes found matching node selector for Template Service Broker - '{{ template_service_broker_selector }}'
  when:
  - openshift_schedulable_node_labels | lib_utils_oo_has_no_matching_selector(template_service_broker_selector)

- name: Set default image variables based on openshift_deployment_type
  include_vars: "{{ item }}"
  with_first_found:
  - "{{ openshift_deployment_type }}.yml"
  - "default_images.yml"

- name: set template_service_broker facts
  set_fact:
    template_service_broker_prefix: "{{ template_service_broker_prefix | default(__template_service_broker_prefix) }}"
    template_service_broker_version: "{{ template_service_broker_version | default(__template_service_broker_version) }}"
    template_service_broker_image_name: "{{ template_service_broker_image_name | default(__template_service_broker_image_name) }}"

- oc_project:
    name: openshift-template-service-broker
    state: present
    node_selector:
    - ""

- command: mktemp -d /tmp/tsb-ansible-XXXXXX
  register: mktemp
  changed_when: False

- name: Copy admin client config
  command: >
    cp {{ openshift.common.config_base }}/master//admin.kubeconfig {{ mktemp.stdout }}/admin.kubeconfig
  changed_when: false

- copy:
    src: "{{ item }}"
    dest: "{{ mktemp.stdout }}/{{ item }}"
  with_items:
  - "{{ __tsb_template_file }}"
  - "{{ __tsb_rbac_file }}"
  - "{{ __tsb_broker_file }}"
  - "{{ __tsb_config_file }}"

- yedit:
    src: "{{ mktemp.stdout }}/{{ __tsb_config_file }}"
    key: templateNamespaces
    value: "{{ openshift_template_service_broker_namespaces }}"
    value_type: list

- slurp:
    src: "{{ mktemp.stdout }}/{{ __tsb_config_file }}"
  register: config

- name: Apply template file
  shell: >
    {{ openshift_client_binary }} process --config={{ mktemp.stdout }}/admin.kubeconfig
    -f "{{ mktemp.stdout }}/{{ __tsb_template_file }}"
    --param API_SERVER_CONFIG="{{ config['content'] | b64decode }}"
    --param IMAGE="{{ template_service_broker_prefix }}{{ template_service_broker_image_name }}:{{ template_service_broker_version }}"
    --param NODE_SELECTOR={{ template_service_broker_selector | to_json | quote }}
    | {{ openshift_client_binary }} apply --config={{ mktemp.stdout }}/admin.kubeconfig -f -

# reconcile with rbac
- name: Reconcile with RBAC file
  shell: >
    {{ openshift_client_binary }} process --config={{ mktemp.stdout }}/admin.kubeconfig -f "{{ mktemp.stdout }}/{{ __tsb_rbac_file }}"
    | {{ openshift_client_binary }} auth reconcile --config={{ mktemp.stdout }}/admin.kubeconfig -f -

# Check that the TSB is running
- name: Verify that TSB is running
  command: >
    curl -k https://apiserver.openshift-template-service-broker.svc/healthz
  args:
    # Disables the following warning:
    # Consider using get_url or uri module rather than running curl
    warn: no
  register: api_health
  until: api_health.stdout == 'ok'
  retries: 60
  delay: 5
  changed_when: false

- set_fact:
    openshift_master_config_dir: "{{ openshift.common.config_base }}/master"
  when: openshift_master_config_dir is undefined

- slurp:
    src: "{{ openshift_master_config_dir }}/service-signer.crt"
  register: __ca_bundle

# Register with broker
- name: Register TSB with broker
  shell: >
    {{ openshift_client_binary }} process --config={{ mktemp.stdout }}/admin.kubeconfig -f "{{ mktemp.stdout }}/{{ __tsb_broker_file }}" --param CA_BUNDLE="{{ __ca_bundle.content }}" | {{ openshift_client_binary }} apply --config={{ mktemp.stdout }}/admin.kubeconfig -f -

- file:
    state: absent
    name: "{{ mktemp.stdout }}"
  changed_when: False

- name: Rollout console so it discovers the template service broker is installed
  include_role:
    name: openshift_web_console
    tasks_from: rollout_console.yml
  when: openshift_web_console_install | default(true) | bool