Skip to content

Instantly share code, notes, and snippets.

@davivcgarcia
Created November 13, 2018 13:23
Show Gist options
  • Save davivcgarcia/3b61a3b8dc565378fa70cde35defcec8 to your computer and use it in GitHub Desktop.
Save davivcgarcia/3b61a3b8dc565378fa70cde35defcec8 to your computer and use it in GitHub Desktop.
preflight.yml
---
- name: Prepare instances for OpenShift Deployment on AWS
hosts: ocp*
become: yes
vars:
rhn_username: "{{ lookup('env','RHN_USERNAME') }}"
rhn_password: "{{ lookup('env','RHN_PASSWORD') }}"
rhn_pool: "{{ lookup('env','RHN_SUBSCRIPTION_POOL') }}"
dockerstorage_dev: "/dev/sdb"
tasks:
- name: Instances should be registered and subscribed
redhat_subscription:
state: present
username: "{{ rhn_username }}"
password: "{{ rhn_password }}"
pool: "{{ rhn_pool }}"
register: subscription
- name: Instances should not have default repositories enabled
rhsm_repository:
name: '*'
state: disabled
when: subscription.changed
- name: Instances should not have RHUI repositories enabled
file:
path: "{{ item }}"
state: absent
with_items:
- /etc/yum.repos.d/redhat-rhui-client-config.repo
- /etc/yum.repos.d/redhat-rhui.repo
- /etc/yum.repos.d/rhui-load-balancers.conf
- name: Instances should have required repositories enabled
rhsm_repository:
name: "{{ item }}"
state: enabled
with_items:
- rhel-7-server-rpms
- rhel-7-server-extras-rpms
- rhel-7-server-ose-3.11-rpms
- rhel-7-server-ansible-2.6-rpms
- rh-gluster-3-client-for-rhel-7-server-rpms
- name: All RPMs packages should be updated
yum:
name: "*"
state: latest
- name: SELinux should be enabled and enforcing
selinux:
policy: targeted
state: enforcing
- name: Dependencies and must-have RPMs should be installed in the latest version
yum:
name: "{{ item }}"
state: latest
with_items:
- wget
- git
- net-tools
- bind-utils
- yum-utils
- iptables-services
- bridge-utils
- bash-completion
- kexec-tools
- sos
- psacct
- openshift-ansible
- docker
- glusterfs
- glusterfs-client-xlators
- glusterfs-libs
- glusterfs-fuse
- vim
- screen
- name: Docker-Storage-Setup sysconfig file should be configured
copy:
content: |
STORAGE_DRIVER="devicemapper"
DEVS="{{ dockerstorage_dev }}"
VG=docker-vg
DATA_SIZE=100%FREE
WIPE_SIGNATURES=true
dest: /etc/sysconfig/docker-storage-setup
register: dockerstorage
- name: Docker-Storage should run if sysconfig has changed
command: docker-storage-setup
when: dockerstorage.changed
ignore_errors: yes
- name: Docker Engine service should be enabled and started
service:
name: docker
enabled: yes
state: started
- name: User root should have SSH Key generated
user:
name: root
generate_ssh_key: yes
register: userdata
- name: User root keys should be authorized in all nodes
authorized_key:
user: root
key: "{{ hostvars[item].userdata.ssh_public_key }}"
with_items: "{{ groups['all'] }}"
when: "'ocp' in inventory_hostname"
- name: Ansible Engine should not check SSH Key fingerprint
lineinfile:
path: /etc/ansible/ansible.cfg
regexp: '#host_key_checking'
line: 'host_key_checking = False'
- name: Instances should have a copy of the OpenShift Advanced Installer's Inventory file
copy:
src: files/ocp_inventory
dest: /etc/ansible/hosts
owner: root
group: root
mode: 0644
backup: yes
- name: Rebooting instances
shell: /sbin/shutdown -r +1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment