summaryrefslogtreecommitdiffstats
path: root/roles
diff options
context:
space:
mode:
authorKenny Woodson <kwoodson@redhat.com>2018-02-07 09:05:14 -0500
committerGitHub <noreply@github.com>2018-02-07 09:05:14 -0500
commitab38d34515f536589d99925e9c870e4c594e3b0e (patch)
tree0cfb7dfcbcad82e77a3e831d1f2940b8e0c24ae8 /roles
parent5e7eaaf7b8b30f8343b1564853b82c1e768f546e (diff)
parent0daad23f9b61e1b58ce295059c98605aaa8062f2 (diff)
downloadopenshift-ab38d34515f536589d99925e9c870e4c594e3b0e.tar.gz
openshift-ab38d34515f536589d99925e9c870e4c594e3b0e.tar.bz2
openshift-ab38d34515f536589d99925e9c870e4c594e3b0e.tar.xz
openshift-ab38d34515f536589d99925e9c870e4c594e3b0e.zip
Merge pull request #6993 from joelddiaz/deprovision_elbs
add deprovisioning for ELB (and IAM certs)
Diffstat (limited to 'roles')
-rw-r--r--roles/openshift_aws/tasks/elb.yml24
-rw-r--r--roles/openshift_aws/tasks/elb_single.yml34
-rw-r--r--roles/openshift_aws/tasks/iam_cert.yml9
-rw-r--r--roles/openshift_aws/tasks/uninstall_elb.yml11
-rw-r--r--roles/openshift_aws/tasks/uninstall_iam_cert.yml25
-rw-r--r--roles/openshift_aws/tasks/vpc_and_subnet_id.yml8
6 files changed, 82 insertions, 29 deletions
diff --git a/roles/openshift_aws/tasks/elb.yml b/roles/openshift_aws/tasks/elb.yml
index d8257cf31..3eb7b73b3 100644
--- a/roles/openshift_aws/tasks/elb.yml
+++ b/roles/openshift_aws/tasks/elb.yml
@@ -2,26 +2,8 @@
- name: "dump the elb listeners for {{ l_elb_dict_item.key }}"
debug:
msg: "{{ l_elb_dict_item.value }}"
+ verbosity: 1
-- name: "Create ELB {{ l_elb_dict_item.key }}"
- ec2_elb_lb:
- name: "{{ item.value.name }}"
- state: present
- cross_az_load_balancing: "{{ item.value.cross_az_load_balancing }}"
- security_group_names: "{{ l_elb_security_groups[l_elb_dict_item.key] }}"
- idle_timeout: "{{ item.value.idle_timout }}"
- region: "{{ openshift_aws_region }}"
- subnets:
- - "{{ subnetout.subnets[0].id }}"
- health_check: "{{ item.value.health_check }}"
- listeners: "{{ item.value.listeners }}"
- scheme: "{{ (item.key == 'internal') | ternary('internal','internet-facing') }}"
- tags: "{{ item.value.tags }}"
- wait: True
- register: new_elb
+- name: Create ELB(s)
+ include_tasks: elb_single.yml
with_dict: "{{ l_elb_dict_item.value }}"
-
-- debug:
- msg: "{{ item }}"
- with_items:
- - "{{ new_elb }}"
diff --git a/roles/openshift_aws/tasks/elb_single.yml b/roles/openshift_aws/tasks/elb_single.yml
new file mode 100644
index 000000000..864757549
--- /dev/null
+++ b/roles/openshift_aws/tasks/elb_single.yml
@@ -0,0 +1,34 @@
+---
+- name: "dump the elb listeners for {{ item.key }}"
+ debug:
+ msg: "{{ item.value }}"
+ verbosity: 1
+
+- name: "Create ELB {{ item.value.name }}"
+ ec2_elb_lb:
+ name: "{{ item.value.name }}"
+ state: present
+ cross_az_load_balancing: "{{ item.value.cross_az_load_balancing }}"
+ security_group_names: "{{ l_elb_security_groups[l_elb_dict_item.key] }}"
+ idle_timeout: "{{ item.value.idle_timout }}"
+ region: "{{ openshift_aws_region }}"
+ subnets:
+ - "{{ subnetout.subnets[0].id }}"
+ health_check: "{{ item.value.health_check }}"
+ listeners: "{{ item.value.listeners }}"
+ scheme: "{{ (item.key == 'internal') | ternary('internal','internet-facing') }}"
+ tags: "{{ item.value.tags }}"
+ wait: True
+ register: new_elb
+ retries: 20
+ delay: 5
+ until: new_elb | succeeded
+ ignore_errors: yes
+
+- fail:
+ msg: "couldn't create ELB {{ item.value.name }}"
+ when: not new_elb | succeeded
+
+- debug:
+ msg: "{{ new_elb }}"
+ verbosity: 1
diff --git a/roles/openshift_aws/tasks/iam_cert.yml b/roles/openshift_aws/tasks/iam_cert.yml
index f74a62b8b..42d7d951c 100644
--- a/roles/openshift_aws/tasks/iam_cert.yml
+++ b/roles/openshift_aws/tasks/iam_cert.yml
@@ -18,7 +18,9 @@
- openshift_aws_iam_cert_key_path != ''
- openshift_aws_elb_cert_arn == ''
-- debug: msg="{{ elb_cert_chain }}"
+- debug:
+ msg: "{{ elb_cert_chain }}"
+ verbosity: 1
- name: set_fact openshift_aws_elb_cert_arn
set_fact:
@@ -28,8 +30,3 @@
- openshift_aws_iam_cert_path != ''
- openshift_aws_iam_cert_key_path != ''
- openshift_aws_elb_cert_arn == ''
-
-- name: wait for cert to propagate
- pause:
- seconds: 5
- when: elb_cert_chain.changed
diff --git a/roles/openshift_aws/tasks/uninstall_elb.yml b/roles/openshift_aws/tasks/uninstall_elb.yml
new file mode 100644
index 000000000..147e9a905
--- /dev/null
+++ b/roles/openshift_aws/tasks/uninstall_elb.yml
@@ -0,0 +1,11 @@
+---
+- name: delete elbs
+ ec2_elb_lb:
+ name: "{{ item }}"
+ region: "{{ openshift_aws_region }}"
+ state: absent
+ with_items: "{{ openshift_aws_elb_dict | json_query('*.*.name') | sum(start = []) }}"
+
+- when: openshift_aws_create_iam_cert | bool
+ name: delete the iam_cert for elb certificate
+ include_tasks: uninstall_iam_cert.yml
diff --git a/roles/openshift_aws/tasks/uninstall_iam_cert.yml b/roles/openshift_aws/tasks/uninstall_iam_cert.yml
new file mode 100644
index 000000000..7b47673ee
--- /dev/null
+++ b/roles/openshift_aws/tasks/uninstall_iam_cert.yml
@@ -0,0 +1,25 @@
+---
+- when:
+ - openshift_aws_create_iam_cert | bool
+ - openshift_aws_iam_cert_path != ''
+ - openshift_aws_iam_cert_key_path != ''
+ - openshift_aws_elb_cert_arn == ''
+ block:
+ - name: delete AWS IAM certificates
+ iam_cert23:
+ state: absent
+ name: "{{ openshift_aws_iam_cert_name }}"
+ register: elb_cert_chain
+ retries: 20
+ delay: 10
+ until: elb_cert_chain | succeeded
+ ignore_errors: yes
+
+ - debug:
+ var: elb_cert_chain
+ verbosity: 1
+
+ - name: check for iam cert error
+ fail:
+ msg: "Couldn't delete IAM cert {{ openshift_aws_iam_cert_name }}"
+ when: not elb_cert_chain | succeeded
diff --git a/roles/openshift_aws/tasks/vpc_and_subnet_id.yml b/roles/openshift_aws/tasks/vpc_and_subnet_id.yml
index 1b754f863..c2c345faf 100644
--- a/roles/openshift_aws/tasks/vpc_and_subnet_id.yml
+++ b/roles/openshift_aws/tasks/vpc_and_subnet_id.yml
@@ -7,7 +7,9 @@
register: vpcout
- name: debug vcpout
- debug: var=vpcout
+ debug:
+ var: vpcout
+ verbosity: 1
- name: fetch the default subnet id
ec2_vpc_subnet_facts:
@@ -18,4 +20,6 @@
register: subnetout
- name: debug subnetout
- debug: var=subnetout
+ debug:
+ var: subnetout
+ verbosity: 1