shixiong
/
okd


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134
							---
- hosts: localhost
  connection: local
  gather_facts: no
  tasks:
  - name: get the necessary vars for ami building
    include_vars: vars.yml

  - name: create a vpc with the name <clusterid>
    include_role:
      name: openshift_aws_vpc
    vars:
      r_openshift_aws_vpc_clusterid: "{{ provision.clusterid }}"
      r_openshift_aws_vpc_cidr: "{{ provision.vpc.cidr }}"
      r_openshift_aws_vpc_subnets: "{{ provision.vpc.subnets }}"
      r_openshift_aws_vpc_region: "{{ provision.region }}"
      r_openshift_aws_vpc_tags: "{{ provision.vpc.tags }}"
      r_openshift_aws_vpc_name: "{{ provision.vpc.name | default(provision.clusterid) }}"

  - name: create aws ssh keypair
    include_role:
      name: openshift_aws_ssh_keys
    vars:
      r_openshift_aws_ssh_keys_users: "{{ provision.instance_users }}"
      r_openshift_aws_ssh_keys_region: "{{ provision.region }}"

  - name: fetch the default subnet id
    ec2_vpc_subnet_facts:
      region: "{{ provision.region }}"
      filters:
        "tag:Name": "{{ provision.vpc.subnets[provision.region][0].az }}"
    register: subnetout

  - name: create instance for ami creation
    ec2:
      assign_public_ip: yes
      region: "{{ provision.region }}"
      key_name: "{{ provision.node_group_config.ssh_key_name }}"
      group: "{{ provision.clusterid }}"
      instance_type: m4.xlarge
      vpc_subnet_id: "{{ subnetout.subnets[0].id }}"
      image: "{{ provision.build.base_image }}"
      volumes:
      - device_name: /dev/sdb
        volume_type: gp2
        volume_size: 100
        delete_on_termination: true
      wait: yes
      exact_count: 1
      count_tag:
        Name: ami_base
      instance_tags:
        Name: ami_base
    register: amibase

  - name: wait for ssh to become available
    wait_for:
      port: 22
      host: "{{ amibase.tagged_instances.0.public_ip }}"
      timeout: 300
      search_regex: OpenSSH

  - name: add host to group
    add_host:
      name: "{{ amibase.tagged_instances.0.public_dns_name }}"
      groups: amibase

- hosts: amibase
  remote_user: root
  tasks:
  - name: included required variables
    include_vars: vars.yml

  - name: run openshift image preparation
    include_role:
      name: openshift_ami_prep
    vars:
      r_openshift_ami_prep_yum_repositories: "{{ provision.build.yum_repositories }}"
      r_openshift_ami_prep_node: atomic-openshift-node
      r_openshift_ami_prep_master: atomic-openshift-master

- hosts: localhost
  connection: local
  become: no
  tasks:
  - name: bundle ami
    ec2_ami:
      instance_id: "{{ amibase.tagged_instances.0.id }}"
      region: "{{ provision.region }}"
      state: present
      description: "This was provisioned {{ ansible_date_time.iso8601 }}"
      name: "{{ provision.build.ami_name }}{{ lookup('pipe', 'date +%Y%m%d%H%M')}}"
      wait: yes
    register: amioutput

  - debug: var=amioutput

  - when: provision.build.use_encryption | default(False)
    block:
    - name: setup kms key for encryption
      include_role:
        name: openshift_aws_iam_kms
      vars:
        r_openshift_aws_iam_kms_region: "{{ provision.region }}"
        r_openshift_aws_iam_kms_alias: "alias/{{ provision.clusterid }}_kms"

    - name: augment the encrypted ami tags with source-ami
      set_fact:
        source_tag:
          source-ami: "{{ amioutput.image_id }}"

    - name: copy the ami for encrypted disks
      include_role:
        name: openshift_aws_ami_copy
      vars:
        r_openshift_aws_ami_copy_region: "{{ provision.region }}"
        r_openshift_aws_ami_copy_name: "{{ provision.build.ami_name }}{{ lookup('pipe', 'date +%Y%m%d%H%M')}}-encrypted"
        r_openshift_aws_ami_copy_src_ami: "{{ amioutput.image_id }}"
        r_openshift_aws_ami_copy_kms_alias: "alias/{{ provision.clusterid }}_kms"
        r_openshift_aws_ami_copy_tags: "{{ source_tag | combine(provision.build.openshift_ami_tags) }}"
        r_openshift_aws_ami_copy_encrypt: "{{ provision.build.use_encryption }}"
        # this option currently fails due to boto waiters
        # when supported this need to be reapplied
        #r_openshift_aws_ami_copy_wait: True

    - name: Display newly created encrypted ami id
      debug:
        msg: "{{ r_openshift_aws_ami_copy_retval_custom_ami }}"

  - name: terminate temporary instance
    ec2:
      state: absent
      region: "{{ provision.region }}"
      instance_ids: "{{ amibase.tagged_instances.0.id }}"