okd/roles/openshift_hosted/tasks/router/router.yml

---
- name: Retrieve list of openshift nodes matching router selector
  oc_obj:
    state: list
    kind: node
    namespace: "{{ openshift.hosted.router.namespace | default('default') }}"
    selector: "{{ openshift.hosted.router.selector | default(omit) }}"
  register: router_nodes
  when: openshift.hosted.router.replicas | default(none) is none

- name: set_fact replicas
  set_fact:
    replicas: "{{ openshift.hosted.router.replicas|default(None) | get_router_replicas(router_nodes) }}"
    openshift_hosted_router_selector: "{{ openshift.hosted.router.selector | default(None) }}"
    openshift_hosted_router_image: "{{ openshift.hosted.router.registryurl }}"

- name: Get the certificate contents for router
  copy:
    backup: True
    dest: "/etc/origin/master/{{ item | basename }}"
    src: "{{ item }}"
  with_items: "{{ openshift_hosted_routers | oo_collect(attribute='certificates') |
                  oo_select_keys_from_list(['keyfile', 'certfile', 'cafile']) }}"

- name: Create the router service account(s)
  oc_serviceaccount:
    name: "{{ item.serviceaccount }}"
    namespace: "{{ item.namespace }}"
    state: present
  with_items: "{{ openshift_hosted_routers }}"

- name: Grant the router serivce account(s) access to the appropriate scc
  oc_adm_policy_user:
    user: "system:serviceaccount:{{ item.namespace }}:{{ item.serviceaccount }}"
    namespace: "{{ item.namespace }}"
    resource_kind: scc
    resource_name: hostnetwork
  with_items: "{{ openshift_hosted_routers }}"

- name: Set additional permissions for router service account
  oc_adm_policy_user:
    user: "system:serviceaccount:{{ item.namespace }}:{{ item.serviceaccount }}"
    namespace: "{{ item.namespace }}"
    resource_kind: cluster-role
    resource_name: cluster-reader
  when: item.namespace == 'default'
  with_items: "{{ openshift_hosted_routers }}"

- name: Create OpenShift router
  oc_adm_router:
    name: "{{ item.name }}"
    replicas: "{{ item.replicas }}"
    namespace: "{{ item.namespace | default('default') }}"
    # This option is not yet implemented
    # force_subdomain: "{{ openshift.hosted.router.force_subdomain | default(none) }}"
    service_account: "{{ item.serviceaccount | default('router') }}"
    selector: "{{ item.selector | default(none) }}"
    images: "{{ item.images | default(omit) }}"
    cert_file: "{{ ('/etc/origin/master/' ~ (item.certificates.certfile | basename)) if 'certfile' in item.certificates else omit }}"
    key_file: "{{ ('/etc/origin/master/' ~ (item.certificates.keyfile | basename)) if 'keyfile' in item.certificates else omit }}"
    cacert_file: "{{ ('/etc/origin/master/' ~ (item.certificates.cafile | basename)) if 'cafile' in item.certificates else omit }}"
    edits: "{{ openshift_hosted_router_edits | union(item.edits)  }}"
    ports: "{{ item.ports }}"
    stats_port: "{{ item.stats_port }}"
  with_items: "{{ openshift_hosted_routers }}"
  register: routerout

# This should probably move to module
- name: wait for deploy
  pause:
    seconds: 30
  when: routerout.changed

- name: Ensure router replica count matches desired
  oc_scale:
    kind: dc
    name: "{{ item.name | default('router') }}"
    namespace: "{{ item.namespace | default('default') }}"
    replicas: "{{ item.replicas }}"
  with_items: "{{ openshift_hosted_routers }}"