diff --git a/playbooks/provision-global-templates-and-imagestreams.yml b/playbooks/provision-global-templates-and-imagestreams.yml index 57c4792..271bc1e 100644 --- a/playbooks/provision-global-templates-and-imagestreams.yml +++ b/playbooks/provision-global-templates-and-imagestreams.yml @@ -1,102 +1,7 @@ --- - - include: "../openshift-ansible/playbooks/byo/openshift-master/additional_config.yml" - - name: Provision the default templates and image streams in OpenShift hosts: itix become: yes - vars: - itix_application_templates_repo_url: https://github.com/jboss-openshift/application-templates.git - tasks: - - name: Create a temporary directory - tempfile: - state: directory - register: tempfile - - - name: Clone the jboss-openshift/application-templates GIT repository - git: - repo: '{{ itix_application_templates_repo_url }}' - dest: '{{ tempfile.path }}/application-templates' - version: '{{ itix_application_templates_repo_tag|default(''master'') }}' - - - name: Get an archive of the OpenShift GIT repository - get_url: - url: 'https://github.com/openshift/origin/archive/{{ itix_openshift_origin_repo_tag|default(''master'') }}.tar.gz' - dest: '{{ tempfile.path }}/openshift-origin.tar.gz' - - - name: Extract the OpenShift GIT archive - unarchive: - remote_src: yes - src: '{{ tempfile.path }}/openshift-origin.tar.gz' - dest: '{{ tempfile.path }}' - - - name: Symlink the OpenShift GIT repo - file: - src: '{{ tempfile.path }}/origin-{{ itix_openshift_origin_repo_tag|default(''master'') }}' - dest: '{{ tempfile.path }}/openshift-origin' - state: link - - - set_fact: - objects_to_import: - - '{{ tempfile.path }}/application-templates/jboss-image-streams.json' - - '{{ tempfile.path }}/application-templates/sso/sso71-postgresql-persistent.json' - - '{{ tempfile.path }}/application-templates/openjdk/openjdk18-web-basic-s2i.json' - - '{{ tempfile.path }}/openshift-origin/examples/jenkins/jenkins-persistent-template.json' - - - name: Install new ImageStreams/Templates in the "openshift" namespace - command: oc create -n openshift -f "{{ item }}" - register: oc - failed_when: oc.rc > 0 and 'Error from server (AlreadyExists):' not in oc.stderr - changed_when: oc.rc == 0 - with_items: '{{ objects_to_import }}' - - - name: Update existing ImageStreams/Templates in the "openshift" namespace - command: oc replace -n openshift -f "{{ item }}" - register: oc - failed_when: oc.rc > 0 and 'Error from server (NotFound):' not in oc.stderr - changed_when: oc.rc == 0 - with_items: '{{ objects_to_import }}' - - - name: Get a list of currently installed templates - command: oc get templates -n openshift -o name - register: oc_get_templates - - - name: Delete ephemeral templates - command: oc delete {{ item }} -n openshift - when: item|regex_search('-ephemeral$') - with_items: '{{ oc_get_templates.stdout_lines }}' - - - name: Get a list of currently installed image streams - command: oc get is -n openshift -o name - register: oc_get_is - - - name: Delete unwanted image streams - command: oc delete {{ item }} -n openshift - when: item|regex_search('(datagrid|datavirt|decisionserver|eap64|processserver|tomcat7)') - with_items: '{{ oc_get_is.stdout_lines }}' - - - name: Get a list of the remaining image streams - command: oc get is -n openshift -o name - register: oc_get_is - - - name: Update each image stream - command: oc import-image {{ item }} --confirm --scheduled --all -n openshift - with_items: '{{ oc_get_is.stdout_lines }}' - - - name: Import additional Red Hat image streams (initial import) - command: oc import-image -n openshift {{ item.key }} --from {{ item.value }} --confirm --scheduled - with_dict: - rhel7-atomic: registry.access.redhat.com/rhel7-atomic:latest - rhel7: registry.access.redhat.com/rhel7:latest - when: '(''imagestreams/'' ~ item.key) not in oc_get_is.stdout_lines' - - - name: Import additional Red Hat image streams (additional tags) - command: oc tag -n openshift {{ item.value }} {{ item.key }} --scheduled - with_dict: - 'rhel7-atomic:7.4': registry.access.redhat.com/rhel7-atomic:7.4 - 'rhel7:7.4': registry.access.redhat.com/rhel7:7.4 - - - name: Delete the temporary directory - file: - path: '{{ tempfile.path }}' - state: absent + roles: + - { name: 'openshift-templates', tags: 'openshift-templates' } diff --git a/roles/openshift-templates/defaults/main.yml b/roles/openshift-templates/defaults/main.yml new file mode 100644 index 0000000..44ed823 --- /dev/null +++ b/roles/openshift-templates/defaults/main.yml @@ -0,0 +1,3 @@ +--- + +itix_application_templates_repo_url: https://github.com/jboss-openshift/application-templates.git diff --git a/roles/openshift-templates/files/sso71-allinone.yaml b/roles/openshift-templates/files/sso71-allinone.yaml new file mode 100644 index 0000000..f767dab --- /dev/null +++ b/roles/openshift-templates/files/sso71-allinone.yaml @@ -0,0 +1,520 @@ +kind: Template +apiVersion: v1 +metadata: + annotations: + iconClass: icon-sso + tags: 'sso,keycloak,jboss' + version: 1.4.7 + openshift.io/display-name: 'Single Sign-On 7.1 (development mode)' + openshift.io/provider-display-name: 'Red Hat, Inc.' + description: 'A self-containing Red Hat SSO application with a PostgreSQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.' + template.openshift.io/long-description: 'This template defines resources needed to develop Red Hat Single Sign-On 7.1 server based deployment and deployment configuration for PostgreSQL using persistence.' + template.openshift.io/documentation-url: 'https://access.redhat.com/documentation/en/red-hat-single-sign-on/' + template.openshift.io/support-url: 'https://access.redhat.com' + name: sso71-allinone +labels: + template: sso71-allinone + xpaas: 1.4.7 +message: 'A new persistent SSO service (using PostgreSQL) has been created in your project. The admin username/password for accessing the master realm via the SSO console is ${SSO_ADMIN_USERNAME}/${SSO_ADMIN_PASSWORD}. The username/password for accessing the PostgreSQL database "${DB_DATABASE}" is ${DB_USERNAME}/${DB_PASSWORD}.' +parameters: + - displayName: 'Application Name' + description: 'The name for the application.' + name: APPLICATION_NAME + value: sso + required: true + + - displayName: 'Custom http Route Hostname' + description: 'Custom hostname for http service route. Leave blank for default hostname, e.g.: ..' + name: SSO_HOSTNAME + value: "" + required: false + + - displayName: 'The password that protects the Keystores' + description: 'The password for the keystores and certificates (auto-generated)' + name: SSO_KEYSTORE_PASSWORD + generate: expression + from: '[a-zA-Z0-9]{8}' + required: true + + - displayName: 'Database JNDI Name' + description: 'Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/postgresql' + name: DB_JNDI + value: 'java:jboss/datasources/KeycloakDS' + required: false + + - displayName: 'Database Name' + description: 'Database name' + name: DB_DATABASE + value: sso + required: true + + - displayName: 'Datasource Minimum Pool Size' + description: 'Sets xa-pool/min-pool-size for the configured datasource.' + name: DB_MIN_POOL_SIZE + required: false + + - displayName: 'Datasource Maximum Pool Size' + description: 'Sets xa-pool/max-pool-size for the configured datasource.' + name: DB_MAX_POOL_SIZE + required: false + + - displayName: 'Datasource Transaction Isolation' + description: 'Sets transaction-isolation for the configured datasource.' + name: DB_TX_ISOLATION + required: false + + - displayName: 'PostgreSQL Maximum number of connections' + description: 'The maximum number of client connections allowed. This also sets the maximum number of prepared transactions.' + name: POSTGRESQL_MAX_CONNECTIONS + required: false + + - displayName: 'PostgreSQL Shared Buffers' + description: 'Configures how much memory is dedicated to PostgreSQL for caching data.' + name: POSTGRESQL_SHARED_BUFFERS + required: false + + - displayName: 'Database Username' + description: 'Database user name' + name: DB_USERNAME + value: sso + required: true + + - displayName: 'Database Password' + description: 'Database user password' + name: DB_PASSWORD + from: '[a-zA-Z0-9]{8}' + generate: expression + required: true + + - displayName: 'Database Volume Capacity' + description: 'Size of persistent storage for database volume.' + name: VOLUME_CAPACITY + value: 1Gi + required: true + + - displayName: 'JGroups Cluster Password' + description: 'JGroups cluster password' + name: JGROUPS_CLUSTER_PASSWORD + from: '[a-zA-Z0-9]{8}' + generate: expression + required: true + + - displayName: 'ImageStream Namespace' + description: 'Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you''ve installed the ImageStreams in a different namespace/project.' + name: IMAGE_STREAM_NAMESPACE + value: openshift + required: true + + - displayName: 'SSO Admin Username' + description: 'SSO Server admin username' + name: SSO_ADMIN_USERNAME + value: 'admin' + required: true + + - displayName: 'SSO Admin Password' + description: 'SSO Server admin password' + name: SSO_ADMIN_PASSWORD + from: '[a-zA-Z0-9]{8}' + generate: expression + required: true + + - displayName: 'SSO Realm' + description: 'Realm to be created in the SSO server (e.g. demo).' + name: SSO_REALM + value: "" + required: false + + - displayName: 'SSO Service Username' + description: 'The username used to access the SSO service. This is used by clients to create the appliction client(s) within the specified SSO realm.' + name: SSO_SERVICE_USERNAME + value: "" + required: false + + - displayName: 'SSO Service Password' + description: 'The password for the SSO service user.' + name: SSO_SERVICE_PASSWORD + value: "" + required: false + + - displayName: 'PostgreSQL Image Stream Tag' + description: 'The tag to use for the "postgresql" image stream. Typically, this aligns with the major.minor version of PostgreSQL.' + name: POSTGRESQL_IMAGE_STREAM_TAG + value: '9.5' + required: true + + - description: 'Container memory limit' + name: MEMORY_LIMIT + value: 1Gi + required: false + +objects: +## +## Route and Services +## + - kind: Service + apiVersion: v1 + spec: + ports: + - name: http + port: 8080 + targetPort: 8080 + - name: https + port: 8443 + targetPort: 8443 + selector: + deploymentConfig: '${APPLICATION_NAME}' + metadata: + name: '${APPLICATION_NAME}' + labels: + application: '${APPLICATION_NAME}' + annotations: + description: 'The web server''s http/https ports.' + service.alpha.openshift.io/dependencies: '[{"name": "${APPLICATION_NAME}-postgresql", "kind": "Service"}]' + service.alpha.openshift.io/serving-cert-secret-name: '${APPLICATION_NAME}-https-secret' + + - kind: Service + apiVersion: v1 + spec: + ports: + - name: postgresql + port: 5432 + targetPort: 5432 + selector: + deploymentConfig: '${APPLICATION_NAME}-postgresql' + metadata: + name: '${APPLICATION_NAME}-postgresql' + labels: + application: '${APPLICATION_NAME}' + annotations: + description: 'The database server''s port.' + + - kind: Route + apiVersion: v1 + id: '${APPLICATION_NAME}' + metadata: + name: '${APPLICATION_NAME}' + labels: + application: '${APPLICATION_NAME}' + annotations: + description: 'Route for application''s https service.' + spec: + host: '${SSO_HOSTNAME}' + port: + targetPort: https + to: + kind: Service + name: '${APPLICATION_NAME}' + port: + tls: + termination: reencrypt + insecureEdgeTerminationPolicy: Redirect + +## +## Persistence +## + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: '${APPLICATION_NAME}-database' + labels: + application: '${APPLICATION_NAME}' + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: '${VOLUME_CAPACITY}' + +## +## Service Accounts, Secrets and Role Bindings +## + - apiVersion: v1 + kind: ServiceAccount + metadata: + name: '${APPLICATION_NAME}' + labels: + application: '${APPLICATION_NAME}' + secrets: + - name: '${APPLICATION_NAME}-https-secret' + + - apiVersion: v1 + kind: RoleBinding + metadata: + name: '${APPLICATION_NAME}-can-read-project' + labels: + application: '${APPLICATION_NAME}' + roleRef: + name: view + subjects: + - kind: ServiceAccount + name: '${APPLICATION_NAME}' + +## +## Deploy RH-SSO +## + - kind: DeploymentConfig + apiVersion: v1 + metadata: + name: '${APPLICATION_NAME}' + labels: + application: '${APPLICATION_NAME}' + spec: + strategy: + type: Recreate + recreateParams: + pre: + failurePolicy: Abort + execNewPod: + containerName: '${APPLICATION_NAME}' + command: + - /usr/bin/keytool + - -genseckey + - -alias + - jgroups + - -keystore + - /etc/eap-secret-volume/jgroups.jceks + - -keyalg + - Blowfish + - -keysize + - "56" + - -storetype + - JCEKS + - -keypass + - '${SSO_KEYSTORE_PASSWORD}' + - -storepass + - '${SSO_KEYSTORE_PASSWORD}' + volumes: + - '${APPLICATION_NAME}-eap-secrets' + triggers: + - type: ImageChange + imageChangeParams: + automatic: true + containerNames: + - '${APPLICATION_NAME}' + from: + kind: ImageStreamTag + namespace: '${IMAGE_STREAM_NAMESPACE}' + name: 'redhat-sso71-openshift:1.2' + - type: ConfigChange + replicas: 1 + selector: + deploymentConfig: '${APPLICATION_NAME}' + template: + metadata: + name: '${APPLICATION_NAME}' + labels: + deploymentConfig: '${APPLICATION_NAME}' + application: '${APPLICATION_NAME}' + spec: + serviceAccountName: '${APPLICATION_NAME}' + terminationGracePeriodSeconds: 75 + initContainers: + - name: openshift-ca-pemtokeystore + image: syndesis/pemtokeystore:v0.2.1 + imagePullPolicy: IfNotPresent + args: + - -keystore + - /etc/eap-secret-volume/keystore.jks + - -ca-file + - /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + - -ca-file + - /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt + - -cert-file + - tls=/etc/openshift-secret-volume/tls.crt + - -key-file + - tls=/etc/openshift-secret-volume/tls.key + - -keystore-password + - '${SSO_KEYSTORE_PASSWORD}' + volumeMounts: + - name: "${APPLICATION_NAME}-openshift-secret" + mountPath: "/etc/openshift-secret-volume" + - name: '${APPLICATION_NAME}-eap-secrets' + mountPath: "/etc/eap-secret-volume" + resources: + limits: + memory: 255Mi + requests: + memory: 20Mi + containers: + - name: '${APPLICATION_NAME}' + image: ' ' + imagePullPolicy: Always + resources: + limits: + memory: '${MEMORY_LIMIT}' + volumeMounts: + - name: '${APPLICATION_NAME}-eap-secrets' + mountPath: /etc/eap-secret-volume + # Workaround for a bug on overlayfs2 + # See https://github.com/openshift/openshift-ansible/issues/2823 + - name: '${APPLICATION_NAME}-eap-configuration' + mountPath: /opt/eap/standalone/configuration/standalone_xml_history/ + lifecycle: + preStop: + exec: + command: + - /opt/eap/bin/jboss-cli.sh + - '-c' + - ':shutdown(timeout=60)' + livenessProbe: + exec: + command: + - /bin/bash + - '-c' + - /opt/eap/bin/livenessProbe.sh + initialDelaySeconds: 60 + readinessProbe: + exec: + command: + - /bin/bash + - '-c' + - /opt/eap/bin/readinessProbe.sh + ports: + - name: jolokia + containerPort: 8778 + protocol: TCP + - name: http + containerPort: 8080 + protocol: TCP + - name: https + containerPort: 8443 + protocol: TCP + - name: ping + containerPort: 8888 + protocol: TCP + env: + - name: DB_SERVICE_PREFIX_MAPPING + value: '${APPLICATION_NAME}-postgresql=DB' + - name: DB_JNDI + value: '${DB_JNDI}' + - name: DB_USERNAME + value: '${DB_USERNAME}' + - name: DB_PASSWORD + value: '${DB_PASSWORD}' + - name: DB_DATABASE + value: '${DB_DATABASE}' + - name: TX_DATABASE_PREFIX_MAPPING + value: '${APPLICATION_NAME}-postgresql=DB' + - name: DB_MIN_POOL_SIZE + value: '${DB_MIN_POOL_SIZE}' + - name: DB_MAX_POOL_SIZE + value: '${DB_MAX_POOL_SIZE}' + - name: DB_TX_ISOLATION + value: '${DB_TX_ISOLATION}' + - name: OPENSHIFT_KUBE_PING_LABELS + value: 'application=${APPLICATION_NAME}' + - name: OPENSHIFT_KUBE_PING_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: HTTPS_KEYSTORE_DIR + value: /etc/eap-secret-volume + - name: HTTPS_KEYSTORE + value: 'keystore.jks' + - name: HTTPS_KEYSTORE_TYPE + value: 'JKS' + - name: HTTPS_NAME + value: 'tls' + - name: HTTPS_PASSWORD + value: '${SSO_KEYSTORE_PASSWORD}' + - name: JGROUPS_ENCRYPT_SECRET + value: '${SSO_KEYSTORE_PASSWORD}' + - name: JGROUPS_ENCRYPT_KEYSTORE_DIR + value: /etc/eap-secret-volume + - name: JGROUPS_ENCRYPT_KEYSTORE + value: jgroups.jceks + - name: JGROUPS_ENCRYPT_NAME + value: jgroups + - name: JGROUPS_ENCRYPT_KEYSTORE + value: '${SSO_KEYSTORE_PASSWORD}' + - name: JGROUPS_CLUSTER_PASSWORD + value: '${JGROUPS_CLUSTER_PASSWORD}' + - name: SSO_ADMIN_USERNAME + value: '${SSO_ADMIN_USERNAME}' + - name: SSO_ADMIN_PASSWORD + value: '${SSO_ADMIN_PASSWORD}' + - name: SSO_REALM + value: '${SSO_REALM}' + - name: SSO_SERVICE_USERNAME + value: '${SSO_SERVICE_USERNAME}' + - name: SSO_SERVICE_PASSWORD + value: '${SSO_SERVICE_PASSWORD}' + - name: SSO_TRUSTSTORE + value: 'keystore.jks' + - name: SSO_TRUSTSTORE_DIR + value: /etc/eap-secret-volume + - name: SSO_TRUSTSTORE_PASSWORD + value: '${SSO_KEYSTORE_PASSWORD}' + volumes: + - name: '${APPLICATION_NAME}-openshift-secret' + secret: + secretName: '${APPLICATION_NAME}-https-secret' + - name: '${APPLICATION_NAME}-eap-secrets' + emptyDir: {} + # Workaround for a bug on overlayfs2 + # See https://github.com/openshift/openshift-ansible/issues/2823 + - name: '${APPLICATION_NAME}-eap-configuration' + emptyDir: {} + +## +## Deploy PostgreSQL +## + - kind: DeploymentConfig + apiVersion: v1 + metadata: + name: '${APPLICATION_NAME}-postgresql' + labels: + application: '${APPLICATION_NAME}' + spec: + strategy: + type: Recreate + triggers: + - type: ImageChange + imageChangeParams: + automatic: true + containerNames: + - '${APPLICATION_NAME}-postgresql' + from: + kind: ImageStreamTag + namespace: '${IMAGE_STREAM_NAMESPACE}' + name: 'postgresql:${POSTGRESQL_IMAGE_STREAM_TAG}' + - type: ConfigChange + replicas: 1 + selector: + deploymentConfig: '${APPLICATION_NAME}-postgresql' + template: + metadata: + name: '${APPLICATION_NAME}-postgresql' + labels: + deploymentConfig: '${APPLICATION_NAME}-postgresql' + application: '${APPLICATION_NAME}' + spec: + terminationGracePeriodSeconds: 60 + containers: + - name: '${APPLICATION_NAME}-postgresql' + image: postgresql + imagePullPolicy: Always + ports: + - name: postgresql + containerPort: 5432 + protocol: TCP + volumeMounts: + - mountPath: /var/lib/pgsql/data + name: '${APPLICATION_NAME}-postgresql-pvol' + env: + - name: POSTGRESQL_USER + value: '${DB_USERNAME}' + - name: POSTGRESQL_PASSWORD + value: '${DB_PASSWORD}' + - name: POSTGRESQL_DATABASE + value: '${DB_DATABASE}' + - name: POSTGRESQL_MAX_CONNECTIONS + value: '${POSTGRESQL_MAX_CONNECTIONS}' + - name: POSTGRESQL_MAX_PREPARED_TRANSACTIONS + value: '${POSTGRESQL_MAX_CONNECTIONS}' + - name: POSTGRESQL_SHARED_BUFFERS + value: '${POSTGRESQL_SHARED_BUFFERS}' + volumes: + - name: '${APPLICATION_NAME}-postgresql-pvol' + persistentVolumeClaim: + claimName: '${APPLICATION_NAME}-database' diff --git a/roles/openshift-templates/tasks/main.yml b/roles/openshift-templates/tasks/main.yml new file mode 100644 index 0000000..afbe01b --- /dev/null +++ b/roles/openshift-templates/tasks/main.yml @@ -0,0 +1,99 @@ +--- + +- name: Create a temporary directory + tempfile: + state: directory + register: tempfile + +- name: Copy the Custom SSO template + copy: + src: 'sso71-allinone.yaml' + dest: '{{ tempfile.path }}/sso71-allinone.yaml' + +- name: Clone the jboss-openshift/application-templates GIT repository + git: + repo: '{{ itix_application_templates_repo_url }}' + dest: '{{ tempfile.path }}/application-templates' + version: '{{ itix_application_templates_repo_tag|default(''master'') }}' + +- name: Get an archive of the OpenShift GIT repository + get_url: + url: 'https://github.com/openshift/origin/archive/{{ itix_openshift_origin_repo_tag|default(''master'') }}.tar.gz' + dest: '{{ tempfile.path }}/openshift-origin.tar.gz' + +- name: Extract the OpenShift GIT archive + unarchive: + remote_src: yes + src: '{{ tempfile.path }}/openshift-origin.tar.gz' + dest: '{{ tempfile.path }}' + +- name: Symlink the OpenShift GIT repo + file: + src: '{{ tempfile.path }}/origin-{{ itix_openshift_origin_repo_tag|default(''master'') }}' + dest: '{{ tempfile.path }}/openshift-origin' + state: link + +- set_fact: + objects_to_import: + - '{{ tempfile.path }}/application-templates/jboss-image-streams.json' + - '{{ tempfile.path }}/application-templates/openjdk/openjdk18-web-basic-s2i.json' + - '{{ tempfile.path }}/openshift-origin/examples/jenkins/jenkins-persistent-template.json' + - '{{ tempfile.path }}/sso71-allinone.yaml' + +- name: Install new ImageStreams/Templates in the "openshift" namespace + command: oc create -n openshift -f "{{ item }}" + register: oc + failed_when: oc.rc > 0 and 'Error from server (AlreadyExists):' not in oc.stderr + changed_when: oc.rc == 0 + with_items: '{{ objects_to_import }}' + +- name: Update existing ImageStreams/Templates in the "openshift" namespace + command: oc replace -n openshift -f "{{ item }}" + register: oc + failed_when: oc.rc > 0 and 'Error from server (NotFound):' not in oc.stderr + changed_when: oc.rc == 0 + with_items: '{{ objects_to_import }}' + +- name: Get a list of currently installed templates + command: oc get templates -n openshift -o name + register: oc_get_templates + +- name: Delete ephemeral templates + command: oc delete {{ item }} -n openshift + when: item|regex_search('-ephemeral$') + with_items: '{{ oc_get_templates.stdout_lines }}' + +- name: Get a list of currently installed image streams + command: oc get is -n openshift -o name + register: oc_get_is + +- name: Delete unwanted image streams + command: oc delete {{ item }} -n openshift + when: item|regex_search('(datagrid|datavirt|decisionserver|eap64|processserver|tomcat7)') + with_items: '{{ oc_get_is.stdout_lines }}' + +- name: Get a list of the remaining image streams + command: oc get is -n openshift -o name + register: oc_get_is + +- name: Update each image stream + command: oc import-image {{ item }} --confirm --scheduled --all -n openshift + with_items: '{{ oc_get_is.stdout_lines }}' + +- name: Import additional Red Hat image streams (initial import) + command: oc import-image -n openshift {{ item.key }} --from {{ item.value }} --confirm --scheduled + with_dict: + rhel7-atomic: registry.access.redhat.com/rhel7-atomic:latest + rhel7: registry.access.redhat.com/rhel7:latest + when: '(''imagestreams/'' ~ item.key) not in oc_get_is.stdout_lines' + +- name: Import additional Red Hat image streams (additional tags) + command: oc tag -n openshift {{ item.value }} {{ item.key }} --scheduled + with_dict: + 'rhel7-atomic:7.4': registry.access.redhat.com/rhel7-atomic:7.4 + 'rhel7:7.4': registry.access.redhat.com/rhel7:7.4 + +- name: Delete the temporary directory + file: + path: '{{ tempfile.path }}' + state: absent