-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathocplabs-bastion-host-setup.yaml
More file actions
111 lines (111 loc) · 3.71 KB
/
ocplabs-bastion-host-setup.yaml
File metadata and controls
111 lines (111 loc) · 3.71 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
- hosts: localhost
gather_facts: true
tasks:
- name: setup_bastion_host | Check OCP Ansible Playbooks exist
stat: path=/usr/share/ansible/openshift-ansible
register: check_ocp_playbooks
- name: setup_bastion_host | Register host and subscribe
redhat_subscription:
state: present
username: "{{rhn_user}}"
password: "{{rhn_password}}"
pool: "{{rhn_pool_id}}"
when: check_ocp_playbooks.stat.exists == false
- name: setup_bastion_host | Clean yum
shell: yum clean all
when: check_ocp_playbooks.stat.exists == false
- name: setup_bastion_host | Disable all repos
shell: subscription-manager repos --disable="*"
when: check_ocp_playbooks.stat.exists == false
- name: setup_bastion_host | Enable OCP and RHSCL repos (needed for Fedora)
shell: subscription-manager repos --enable="rhel-7-server-rpms" --enable="rhel-7-server-extras-rpms" --enable="rhel-7-server-ose-3.11-rpms" --enable="rhel-7-fast-datapath-rpms" --enable="rhel-7-server-ansible-2.6-rpms" --enable="rhel-server-rhscl-7-rpms" --enable="rh-gluster-3-for-rhel-7-server-rpms"
when: check_ocp_playbooks.stat.exists == false
- name: setup_bastion_host | Install deltarpm
yum:
name: deltarpm
when: check_ocp_playbooks.stat.exists == false
- name: setup_bastion_host | Install rpms
yum:
name="{{ item }}"
state=latest
with_items:
- wget
- git
- net-tools
- bind-utils
- iptables-services
- bridge-utils
- bash-completion
- kexec-tools
- sos
- psacct
- python-virtualenv
- gcc
- openshift-ansible
- atomic-openshift-clients
- atomic-openshift-excluder
- rh-python35
- cns-deploy
- heketi-client
when: check_ocp_playbooks.stat.exists == false
- name: setup_bastion_host | Install OpenShift Client
shell: |
atomic-openshift-excluder unexclude
yum install atomic-openshift-clients
atomic-openshift-excluder exclude
when: check_ocp_playbooks.stat.exists == false
- name: Create key for remote user
user:
name: "{{ansible_ssh_user}}"
generate_ssh_key: yes
ssh_key_bits: 2048
ssh_key_file: .ssh/id_rsa
- name: setup_ssh | Remove nodes from known_hosts
known_hosts:
path: /root/.ssh/known_hosts
name: "{{hostvars[item]['ansible_host']}}"
state: absent
with_items:
- "{{ groups['masters'] }}"
- "{{ groups['nodes'] }}"
- name: configure_hosts | Configure /etc/hosts
lineinfile: dest=/etc/hosts line="{{ hostvars[item]['ansible_host'] }} {{ hostvars[item]['inventory_hostname'] }}"
with_items: "{{ groups['all'] }}"
- name: configure_docker | Start Docker
systemd:
name: docker
state: started
- name: setup_dnsmasq_apps | Setup dnsmasq for .apps.* domain
copy:
src: ocplabs-dnsmasq.conf
dest: /etc/dnsmasq.d/ocplabs.conf
owner: root
group: root
mode: 0640
- name: setup_dnsmasq_apps | Stop dnsmasq
systemd:
name: dnsmasq
state: stopped
- name: setup_dnsmasq_apps | Start dnsmasq
systemd:
name: dnsmasq
state: started
- name: setup_firewall_dnsmasq | Setup firewall for DNS-Masq (TCP)
iptables:
chain: IN_public_allow
protocol: tcp
destination_port: 53
jump: ACCEPT
- name: setup_firewall_dnsmasq | Setup firewall for DNS-Masq (UDP)
iptables:
chain: IN_public_allow
protocol: udp
destination_port: 53
jump: ACCEPT
- name: setup_firewall_dnsmasq | Save firewall for DNS-Masq
shell: iptables-save > /etc/sysconfig/iptables
- name: Change etcd image name
lineinfile:
path: /usr/share/ansible/openshift-ansible/roles/etcd/defaults/main.yaml
regexp: '^osm_etcd_image:'
state: absent