diff --git a/ansible/support/tasks/ignition.yml b/ansible/support/tasks/ignition.yml index 5df17e8..2963148 100644 --- a/ansible/support/tasks/ignition.yml +++ b/ansible/support/tasks/ignition.yml @@ -2,22 +2,21 @@ - hosts: all tasks: - - name: Create Apache directories for installing - file: - path: "{{ item }}" - state: directory - mode: 0755 - with_items: - - /var/www/html/ignition + - name: Assemble the MachineConfig url + shell: | + oc config view -ojson | jq -r '.clusters[].cluster.server' | sed 's|/api\.|/api-int.|' | sed 's|:6443||' | + register: openshift_machine_config_hostname - - name: Disable fcontext - shell: "semanage fcontext -a -t httpd_sys_rw_content_t /var/www/html/ignition/worker.ign || true" + - name: Print the MachineConfig Hostname + ansible.builtin.debug: + msg: MachineConfig Hostname is {{ openshift_machine_config_hostname.stdout_lines[0] }} - - name: Download the Ignition file + # Loop until the Machine Config is updated + - name: Wait until the mcp/worker is updated properly block: - - name: Loop until TARGET_MTU is correct + - name: Loop until mpath is correct ansible.builtin.uri: - url: "{{ openshift_machine_config_url }}" + url: "{{ openshift_machine_config_hostname.stdout_lines[0] }}:22623/config/worker" method: GET return_content: true headers: @@ -29,29 +28,24 @@ delay: 10 until: 'result.status in [200] and "mpath" not in result.content' - - name: Downloading the ignition file - get_url: - url: "{{ openshift_machine_config_url }}" - dest: /var/www/html/ignition/worker.ign - validate_certs: false - headers: - "Accept": "application/vnd.coreos.ignition+json;version=3.2.0" - ignore_errors: true - register: result - retries: 120 - delay: 10 - until: '"Request failed: " not in result.msg' + - name: Disable fcontext + shell: "semanage fcontext -a -t httpd_sys_rw_content_t /var/www/html/ignition/worker.ign || true" + + # In some circumstances the certificates used in the worker ingnition can expire + - name: Refresh the worker ignition file + shell: | + oc extract -n openshift-machine-api secret/worker-user-data --keys=userData --to=- > /var/www/html/ignition/worker.ign - - name: Verify the ignition file exists - ansible.builtin.shell: stat /var/www/html/ignition/worker.ign + - name: Verify the ignition file exists + ansible.builtin.shell: stat /var/www/html/ignition/worker.ign - - name: Make ignition file readable through the www dir - ansible.builtin.file: - path: /var/www - owner: apache - group: apache - recurse: true - mode: u+rwx,g-rx,o-rx + - name: Make ignition file readable through the www dir + ansible.builtin.file: + path: /var/www + owner: apache + group: apache + recurse: true + mode: u+rwx,g-rx,o-rx - name: Best effort SELinux repair - Apache - shell: "restorecon -vR /var/www/html/ignition || true" + shell: "restorecon -vR /var/www/html/ignition || true" \ No newline at end of file diff --git a/ansible/support/vars/vars.yaml b/ansible/support/vars/vars.yaml index 5aa23b9..ed97d53 100644 --- a/ansible/support/vars/vars.yaml +++ b/ansible/support/vars/vars.yaml @@ -1,2 +1 @@ --- -openshift_machine_config_url: "https://:22623/config/worker" \ No newline at end of file diff --git a/modules/4_pvs_support/pvs_support.tf b/modules/4_pvs_support/pvs_support.tf index e0b7ecd..64c83b2 100644 --- a/modules/4_pvs_support/pvs_support.tf +++ b/modules/4_pvs_support/pvs_support.tf @@ -310,7 +310,7 @@ resource "null_resource" "latest_ignition" { nmcli device up env3 echo 'Running ocp4-upi-compute-powervs-ibmcloud playbook for ignition...' cd ocp4-upi-compute-powervs-ibmcloud/intel/support -ANSIBLE_LOG_PATH=/root/.openshift/ocp4-upi-compute-powervs-ibmcloud-support-ignition.log ansible-playbook -e @vars/vars.yaml tasks/ignition.yml --become +ANSIBLE_LOG_PATH=/root/.openshift/ocp4-upi-compute-powervs-ibmcloud-support-ignition.log ansible-playbook tasks/ignition.yml --become EOF ] }