preflight.yml

preflight.yml

---
- name: Prepare instances for OpenShift Deployment on AWS
  hosts: ocp*
  become: yes

  vars:
    rhn_username: "{{ lookup('env','RHN_USERNAME') }}"
    rhn_password: "{{ lookup('env','RHN_PASSWORD') }}"
    rhn_pool: "{{ lookup('env','RHN_SUBSCRIPTION_POOL') }}"
    dockerstorage_dev: "/dev/sdb"

  tasks:
    - name: Instances should be registered and subscribed
      redhat_subscription:
        state: present
        username: "{{ rhn_username }}"
        password: "{{ rhn_password }}"
        pool: "{{ rhn_pool }}"
      register: subscription
    
    - name: Instances should not have default repositories enabled
      rhsm_repository:
        name: '*'
        state: disabled
      when: subscription.changed

    - name: Instances should not have RHUI repositories enabled
      file:
        path: "{{ item }}"
        state: absent
      with_items:
        - /etc/yum.repos.d/redhat-rhui-client-config.repo
        - /etc/yum.repos.d/redhat-rhui.repo
        - /etc/yum.repos.d/rhui-load-balancers.conf

    - name: Instances should have required repositories enabled
      rhsm_repository:
        name: "{{ item }}"
        state: enabled
      with_items:
        - rhel-7-server-rpms
        - rhel-7-server-extras-rpms
        - rhel-7-server-ose-3.11-rpms
        - rhel-7-server-ansible-2.6-rpms
        - rh-gluster-3-client-for-rhel-7-server-rpms

    - name: All RPMs packages should be updated
      yum:
        name: "*"
        state: latest

    - name: SELinux should be enabled and enforcing
      selinux:
        policy: targeted
        state: enforcing

    - name: Dependencies and must-have RPMs should be installed in the latest version
      yum:
        name: "{{ item }}"
        state: latest
      with_items:
        - wget
        - git 
        - net-tools
        - bind-utils
        - yum-utils
        - iptables-services
        - bridge-utils
        - bash-completion
        - kexec-tools
        - sos
        - psacct
        - openshift-ansible
        - docker
        - glusterfs
        - glusterfs-client-xlators
        - glusterfs-libs
        - glusterfs-fuse
        - vim
        - screen

    - name: Docker-Storage-Setup sysconfig file should be configured
      copy:
        content: |
          STORAGE_DRIVER="devicemapper"
          DEVS="{{ dockerstorage_dev }}"
          VG=docker-vg
          DATA_SIZE=100%FREE
          WIPE_SIGNATURES=true
        dest: /etc/sysconfig/docker-storage-setup
      register: dockerstorage

    - name: Docker-Storage should run if sysconfig has changed
      command: docker-storage-setup
      when: dockerstorage.changed
      ignore_errors: yes
    
    - name: Docker Engine service should be enabled and started
      service:
        name: docker
        enabled: yes
        state: started
    
    - name: User root should have SSH Key generated
      user:
        name: root
        generate_ssh_key: yes
      register: userdata

    - name: User root keys should be authorized in all nodes
      authorized_key:
        user: root
        key: "{{ hostvars[item].userdata.ssh_public_key }}"
      with_items: "{{ groups['all'] }}"
      when: "'ocp' in inventory_hostname"

    - name: Ansible Engine should not check SSH Key fingerprint
      lineinfile:
        path: /etc/ansible/ansible.cfg
        regexp: '#host_key_checking'
        line: 'host_key_checking = False'
    
    - name: Instances should have a copy of the OpenShift Advanced Installer's Inventory file
      copy:
        src: files/ocp_inventory
        dest: /etc/ansible/hosts
        owner: root
        group: root
        mode: 0644
        backup: yes

    - name: Rebooting instances
      shell: /sbin/shutdown -r +1