Looks like using a non root user is tricky in local.

thekoma · Jun 4, 2020 · c94be85 · c94be85
1 parent 3fd71d5
commit c94be85
Show file tree

Hide file tree

Showing 7 changed files with 66 additions and 16 deletions.
diff --git a/tasks/01-check_dns.yml b/tasks/01-check_dns.yml
@@ -2,6 +2,7 @@
 
 - name: Install Ansible's DNS required libraryes
   delegate_to: localhost
+  become: yes
   yum:
     name: 
       - python3-dns
@@ -72,6 +73,7 @@
       - "We should be able to resolve the WebServer"
   when: 
     - lookup('dig', hostvars[ groups['webserver'][0] ]['ansible_fqdn'] , 'qtype=A') == 'NXDOMAIN'
+    - ocp_installer.install_method != 'template'
   ignore_errors: "{{ 'Yes'|bool if dns_fail_is_not_fatal|bool else 'No' }}"
 
 

diff --git a/tasks/10-nginx.yml b/tasks/10-nginx.yml
@@ -1,16 +1,19 @@
 - name: Install Needed Packages
+  become: yes
   yum:
     state: present
     name:
      - nginx
 
 - name: Enable Firewalld
+  become: yes
   service:
     name: firewalld
     enabled: yes
     state: started
 
 - name: enable Ports on firewall
+  become: yes
   loop:
       - 8080/tcp
   firewalld:
@@ -20,6 +23,7 @@
       immediate: yes
 
 - name: Change Nginx Listen Port
+  become: yes
   lineinfile:
     path: "{{ item.file }}"
     regexp: "{{ item.regexp }}"
@@ -36,57 +40,68 @@
       file: '/etc/nginx/nginx.conf.default'
 
 - name: enable nginx
+  become: yes
   service:
     name: nginx
     state: restarted
     enabled: yes
 
 - name: Download bootstrap kernel for RHCOS netinstall
+  become: yes
   when: ocp_installer.install_method == 'netinstall'
   get_url:
     url: "{{ ocp_installer.kernel }}"
     dest: "/usr/share/nginx/html/{{ ocp_installer.kernel | basename }}"
     checksum: "{{'sha256:' + ocp_installer.coreos_sha256 if ocp_installer.coreos_sha256 is defined else omit }}"
 
 - name: Download bootstrap kernel for RHCOS netinstall
+  become: yes
   when: ocp_installer.install_method == 'netinstall'
   file:
     dest: "/usr/share/nginx/html/kernel"
     src: "/usr/share/nginx/html/{{ ocp_installer.kernel | basename }}"
     state: link
 
 - name: Download bootstrap initrd for RHCOS netinstall
+  become: yes
   when: ocp_installer.install_method == 'netinstall'
   get_url:
     url: "{{ ocp_installer.initrd }}"
     dest: "/usr/share/nginx/html/{{ ocp_installer.initrd |basename}}"
     checksum: "{{'sha256:' + ocp_installer.coreos_sha256 if ocp_installer.coreos_sha256 is defined else omit }}"
 
 - name: Download bootstrap initrd for RHCOS netinstall
+  become: yes
   when: ocp_installer.install_method == 'netinstall'
   file:
     dest: "/usr/share/nginx/html/initramfs.img"
     src: "/usr/share/nginx/html/{{ ocp_installer.initrd | basename }}"
     state: link
 
 - name: Download RHCOS image  netinstall
+  become: yes
   when: ocp_installer.install_method == 'netinstall'
   get_url:
     url: "{{ ocp_installer.coreos_image }}"
     dest: "/usr/share/nginx/html/{{ ocp_installer.coreos_image | basename }}"
     checksum: "{{'sha256:' + ocp_installer.coreos_sha256 if ocp_installer.coreos_sha256 is defined else omit }}"
 
 - name: Download bootstrap coreos_image.raw.gz for RHCOS netinstall
+  become: yes
   when: ocp_installer.install_method == 'netinstall'
   file:
     dest: "/usr/share/nginx/html/coreos_image.raw.gz"
     src: "/usr/share/nginx/html/{{ ocp_installer.coreos_image | basename }}"
     state: link
 
 - name: Download FCOS image  netinstall signature
+  become: yes
   when: 
     - ocp_installer.install_method == 'netinstall'
     - ocp_installer.install_type == 'fedoracos'
   get_url:
     url: "{{ ocp_installer.coreos_image }}.sig"
-    dest: /usr/share/nginx/html/coreos_image.raw.gz.sig
+    dest: /usr/share/nginx/html/coreos_image.raw.gz.sig
+
+
+
diff --git a/tasks/20-haproxy.yml b/tasks/20-haproxy.yml
@@ -1,17 +1,20 @@
 - name: Install Needed Packages
+  become: yes 
   yum:
     state: present
     name:
      - haproxy
      - python3-libsemanage
 
 - name: Enable Firewalld
+  become: yes
   service:
     name: firewalld
     enabled: yes
     state: started
 
 - name: enable services on firewall
+  become: yes
   loop:
     - http
     - https
@@ -23,6 +26,7 @@
     immediate: yes
 
 - name: enable Ports on firewall
+  become: yes
   loop:
       - 6443/tcp
       - 9000/tcp
@@ -34,17 +38,20 @@
       immediate: yes
 
 - name: Prepare Configuration for HaProxy by Template
+  become: yes
   template:
     src: haproxy.cfg.j2
     dest: /etc/haproxy/haproxy.cfg
 
 - name: Enable HaProxy to bind to any TCP
+  become: yes
   seboolean:
     name: haproxy_connect_any
     state: yes
     persistent: yes
 
 - name: enable haproxy
+  become: yes
   service:
     name: haproxy
     state: restarted

diff --git a/tasks/30-pxe.yml b/tasks/30-pxe.yml
@@ -1,5 +1,6 @@
 ---
 - name: Install Needed Packages
+  become: yes
   delegate_to: localhost
   yum:
     state: present

diff --git a/tasks/40-installer.yml b/tasks/40-installer.yml
@@ -29,7 +29,8 @@
     path: "{{playbook_dir}}/tmp/downloads/ocp_installer.tgz"
 
 
-- name: Create ipxe config path
+- name: Create base config path
+  become: false
   delegate_to: localhost  
   loop:
     - "{{playbook_dir}}/tmp/downloads"
@@ -41,20 +42,23 @@
     recurse: yes
 
 - name: Download Installer
+  become: false
   delegate_to: localhost  
   when: not installer_tgz.stat.exists
   get_url:
     url: "{{ ocp_installer.installer }}"
     dest: "{{playbook_dir}}/tmp/downloads/ocp_installer.tgz"
 
 - name: "Extract {{playbook_dir}}/tmp/downloads/ocp_installer.tgz in {{playbook_dir}}/tmp/bin"
+  become: false
   delegate_to: localhost  
   when: not installer_bin.stat.exists
   unarchive:
     src: "{{playbook_dir}}/tmp/downloads/ocp_installer.tgz"
     dest: "{{playbook_dir}}/tmp/bin"
 
 - name: Create configuration template
+  become: false
   delegate_to: localhost  
   when: not install_config.stat.exists
   loop:
@@ -65,11 +69,13 @@
     dest: "{{ item }}"
 
 - name: Create Manifests
+  become: false
   delegate_to: localhost  
   when: (not manifest_dir.stat.exists) and (not master_ign.stat.exists)
   shell: '{{playbook_dir}}/tmp/bin/openshift-install create manifests --dir="{{playbook_dir}}/tmp/cluster_conf"'
 
 - name: Ensure Masters not schedulable
+  become: false
   delegate_to: localhost  
   when: not master_ign.stat.exists
   lineinfile:
@@ -78,16 +84,8 @@
     line: '  mastersSchedulable: false'
 
 - name: Create Ignition
+  become: false
   delegate_to: localhost  
   when: not master_ign.stat.exists
   shell: '{{playbook_dir}}/tmp/bin/openshift-install create ignition-configs --dir="{{playbook_dir}}/tmp/cluster_conf"'
 
-- name: Copy files to Nginx Share
-  delegate_to: localhost  
-  loop:
-    - bootstrap.ign
-    - master.ign
-    - worker.ign
-  copy:
-    src: "{{playbook_dir}}/tmp/cluster_conf/{{item}}"
-    dest: "/usr/share/nginx/html/{{item}}"
diff --git a/tasks/41-transpile.yml b/tasks/41-transpile.yml
@@ -2,6 +2,7 @@
 
 - name: Install Ansible's vmware_guest required libraryes
   delegate_to: localhost
+  become: yes
   yum:
     name: 
       - python3-requests
@@ -12,12 +13,14 @@
 
 - name: Fetch ipxe source filetranspiler
   delegate_to: localhost
+  become: no
   git:
     repo: https://github.com/ashcrow/filetranspiler
     dest: "{{playbook_dir}}/tmp/src/filetranspiler"
     force: yes
 
 - name: Cleanup first Create structure per machines
+  become: no
   tags: filetranspiler
   loop: "{{ vm_hosts }}"
   file:
@@ -26,6 +29,7 @@
   delegate_to: localhost
 
 - name: Create structure per machines
+  become: no
   tags: filetranspiler
   loop: "{{ vm_hosts }}"
   file:
@@ -35,6 +39,7 @@
   delegate_to: localhost
 
 - name: Create structure per machines
+  become: no
   tags: filetranspiler
   loop: "{{ vm_hosts }}"
   file:
@@ -45,6 +50,7 @@
 
 
 - name: Create Hostname
+  become: no
   tags: filetranspiler
   loop: "{{ vm_hosts }}"
   copy:
@@ -54,6 +60,7 @@
   delegate_to: localhost
 
 - name: Create Resolv
+  become: no
   when: ocp_installer.install_type != 'fedoracos'
   tags: filetranspiler
   loop: "{{ vm_hosts }}"
@@ -64,6 +71,7 @@
   delegate_to: localhost
 
 - name: Create interface (old)
+  become: no
   when: ocp_installer.install_type != 'fedoracos'
   tags: filetranspiler
   loop: "{{ vm_hosts }}"
@@ -74,6 +82,7 @@
   delegate_to: localhost
 
 - name: Create interface (new)
+  become: no
   when: ocp_installer.install_type != 'rhcos'
   tags: filetranspiler
   loop: "{{ vm_hosts }}"
@@ -84,6 +93,7 @@
   delegate_to: localhost
 
 - name: Run transpiler
+  become: no
   tags: filetranspiler
   loop: "{{ vm_hosts }}"
   shell: >
@@ -95,4 +105,20 @@
 
 - set_fact:
     ign: "{{ ign | combine( { item.hostname: lookup('file', playbook_dir + '/tmp/' + item.hostname + '.ign')| string | b64encode } ) }}"
-  loop: "{{ vm_hosts }}"
+  loop: "{{ vm_hosts }}"
+
+- name: Copy files to Nginx Share
+  become: yes
+  when: 
+    - ocp_installer.install_method != 'template'
+    - not checks_only|bool
+    - not ocp_vm_cleanup|bool
+    - ocp_vm_create_webserver
+    - "'webserver' in group_names"
+  loop:
+    - bootstrap.ign
+    - master.ign
+    - worker.ign
+  copy:
+    src: "{{playbook_dir}}/tmp/cluster_conf/{{item}}"
+    dest: "/usr/share/nginx/html/{{item}}"
diff --git a/tasks/50-vms.yml b/tasks/50-vms.yml
@@ -2,13 +2,15 @@
 ---
 - name: Install Ansible's vmware_guest required libraryes
   delegate_to: localhost
+  become: yes
   yum:
     name: 
       - python3-requests
       - python3-pip
     state: present
 
 - name: Install python non rpm packages
+  become: yes
   delegate_to: localhost
   pip:
     name: 
@@ -162,7 +164,7 @@
 
       # Set iPXE fileserver
       - key:   guestinfo.ipxe.fileserver
-        value: "http://{{hosts_defaults.webserver | default(hostvars[ groups.webserver[0] ]['ansible_fqdn'])}}:8080"
+        value: "http://{{ hostvars[ groups.webserver[0] ]['ansible_fqdn'] | default(hosts_defaults.webserver) |default('127.0.0.1')}}:8080"
 
       # Set DNS
       - key:   guestinfo.ipxe.dns
@@ -172,12 +174,11 @@
         value: "{{item.network.dns[0] | default(hosts_defaults.network.dns[0])}}"
 
       - key:   guestinfo.ipxe.dns2
-        value: "{{item.network.dns[1] | default(hosts_defaults.network.dns[1]) | default(omit)}}"
+        value: "{{item.network.dns[1] | default(hosts_defaults.network.dns[1]) | default(hosts_defaults.network.dns[0])}}"
 
       - key:   guestinfo.ipxe.dns3
-        value: "{{item.network.dns[2] | default(hosts_defaults.network.dns[2]) | default(omit)}}"
+        value: "{{item.network.dns[2] | default(hosts_defaults.network.dns[2]) | default(hosts_defaults.network.dns[0])}}"
 
-
       - key:   guestinfo.ipxe.kernel-installer
         value: "{{item.kernelimg | default(hosts_defaults.kernelimg) | default('kernel')}}"