Created
November 13, 2018 13:23
-
-
Save davivcgarcia/3b61a3b8dc565378fa70cde35defcec8 to your computer and use it in GitHub Desktop.
preflight.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
- name: Prepare instances for OpenShift Deployment on AWS | |
hosts: ocp* | |
become: yes | |
vars: | |
rhn_username: "{{ lookup('env','RHN_USERNAME') }}" | |
rhn_password: "{{ lookup('env','RHN_PASSWORD') }}" | |
rhn_pool: "{{ lookup('env','RHN_SUBSCRIPTION_POOL') }}" | |
dockerstorage_dev: "/dev/sdb" | |
tasks: | |
- name: Instances should be registered and subscribed | |
redhat_subscription: | |
state: present | |
username: "{{ rhn_username }}" | |
password: "{{ rhn_password }}" | |
pool: "{{ rhn_pool }}" | |
register: subscription | |
- name: Instances should not have default repositories enabled | |
rhsm_repository: | |
name: '*' | |
state: disabled | |
when: subscription.changed | |
- name: Instances should not have RHUI repositories enabled | |
file: | |
path: "{{ item }}" | |
state: absent | |
with_items: | |
- /etc/yum.repos.d/redhat-rhui-client-config.repo | |
- /etc/yum.repos.d/redhat-rhui.repo | |
- /etc/yum.repos.d/rhui-load-balancers.conf | |
- name: Instances should have required repositories enabled | |
rhsm_repository: | |
name: "{{ item }}" | |
state: enabled | |
with_items: | |
- rhel-7-server-rpms | |
- rhel-7-server-extras-rpms | |
- rhel-7-server-ose-3.11-rpms | |
- rhel-7-server-ansible-2.6-rpms | |
- rh-gluster-3-client-for-rhel-7-server-rpms | |
- name: All RPMs packages should be updated | |
yum: | |
name: "*" | |
state: latest | |
- name: SELinux should be enabled and enforcing | |
selinux: | |
policy: targeted | |
state: enforcing | |
- name: Dependencies and must-have RPMs should be installed in the latest version | |
yum: | |
name: "{{ item }}" | |
state: latest | |
with_items: | |
- wget | |
- git | |
- net-tools | |
- bind-utils | |
- yum-utils | |
- iptables-services | |
- bridge-utils | |
- bash-completion | |
- kexec-tools | |
- sos | |
- psacct | |
- openshift-ansible | |
- docker | |
- glusterfs | |
- glusterfs-client-xlators | |
- glusterfs-libs | |
- glusterfs-fuse | |
- vim | |
- screen | |
- name: Docker-Storage-Setup sysconfig file should be configured | |
copy: | |
content: | | |
STORAGE_DRIVER="devicemapper" | |
DEVS="{{ dockerstorage_dev }}" | |
VG=docker-vg | |
DATA_SIZE=100%FREE | |
WIPE_SIGNATURES=true | |
dest: /etc/sysconfig/docker-storage-setup | |
register: dockerstorage | |
- name: Docker-Storage should run if sysconfig has changed | |
command: docker-storage-setup | |
when: dockerstorage.changed | |
ignore_errors: yes | |
- name: Docker Engine service should be enabled and started | |
service: | |
name: docker | |
enabled: yes | |
state: started | |
- name: User root should have SSH Key generated | |
user: | |
name: root | |
generate_ssh_key: yes | |
register: userdata | |
- name: User root keys should be authorized in all nodes | |
authorized_key: | |
user: root | |
key: "{{ hostvars[item].userdata.ssh_public_key }}" | |
with_items: "{{ groups['all'] }}" | |
when: "'ocp' in inventory_hostname" | |
- name: Ansible Engine should not check SSH Key fingerprint | |
lineinfile: | |
path: /etc/ansible/ansible.cfg | |
regexp: '#host_key_checking' | |
line: 'host_key_checking = False' | |
- name: Instances should have a copy of the OpenShift Advanced Installer's Inventory file | |
copy: | |
src: files/ocp_inventory | |
dest: /etc/ansible/hosts | |
owner: root | |
group: root | |
mode: 0644 | |
backup: yes | |
- name: Rebooting instances | |
shell: /sbin/shutdown -r +1 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment