Update to use newly released Ansible 2.6 k8s module (theforeman#767)

* workaround ansible/ansible#40185

* Create rolebinding with Ansible module

* remove unnecessary oc command

* explicitly define project with annotations

* _exec -> exec

* {openshift|k8s}_raw -> k8s

* Update required ansible version

* use oc command until ansible/ansible#42116 is fixed

containers/README.md

@@ -20,7 +20,7 @@ This guide assumes that you are in the `containers/` folder for all operations.
 
 This quickstart guide requires that the following are installed already:
 
- * [Ansible 2.5+](http://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html)
+ * [Ansible 2.6+](http://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html)
  * [Minishift](https://docs.openshift.org/latest/minishift/getting-started/installing.html)
    * Alternatively, minishift can be installed with our playbook: `ansible-playbook tools/install-minishift.yml`
  * [Openshift Rest Client 6.0+](https://github.com/openshift/openshift-restclient-python)

containers/deploy/candlepin/tasks/main.yml

@@ -1,13 +1,13 @@
 ---
 - name: candlepin service
-  k8s_raw:
+  k8s:
     state: "{{ deployment_state }}"
     definition: "{{ lookup('template', 'templates/' + item + '.service.yaml') | from_yaml }}"
   with_items:
     - candlepin
 
 - name: candlepin deployment
-  openshift_raw:
+  k8s:
     state: "{{ deployment_state }}"
     definition: "{{ lookup('template', 'templates/' + item + '.deployment.yaml') | from_yaml }}"
   with_items:

containers/deploy/foreman-proxy/tasks/main.yml

@@ -1,13 +1,13 @@
 ---
 - name: foreman proxy service
-  k8s_raw:
+  k8s:
     state: "{{ deployment_state }}"
     definition: "{{ lookup('template', 'templates/' + item + '.service.yaml') | from_yaml }}"
   with_items:
     - foreman-proxy
 
 - name: foreman proxy deployment
-  openshift_raw:
+  k8s:
     state: "{{ deployment_state }}"
     definition: "{{ lookup('template', 'templates/' + item + '.deployment.yaml') | from_yaml }}"
   with_items:

containers/deploy/foreman/tasks/main.yml

@@ -1,27 +1,27 @@
 ---
 - name: foreman persistent volume claim
-  k8s_raw:
+  k8s:
     state: "{{ deployment_state }}"
     definition: "{{ lookup('template', 'templates/' + item + '.pvc.yaml') | from_yaml }}"
   with_items:
     - pub-data
 
 - name: foreman config maps
-  k8s_raw:
+  k8s:
     state: "{{ deployment_state }}"
     definition: "{{ lookup('template', 'templates/' + item + '.config-map.yaml') | from_yaml }}"
   with_items:
     - httpd
 
 - name: foreman jobs
-  k8s_raw:
+  k8s:
     state: "{{ deployment_state }}"
     definition: "{{ lookup('template', 'templates/' + item + '.job.yaml') | from_yaml }}"
   with_items:
     - certificates
 
 - name: foreman service
-  k8s_raw:
+  k8s:
     state: "{{ deployment_state }}"
     definition: "{{ lookup('template', 'templates/' + item + '.service.yaml') | from_yaml }}"
   with_items:
@@ -30,7 +30,7 @@
     - memcached
 
 - name: foreman deployment
-  openshift_raw:
+  k8s:
     state: "{{ deployment_state }}"
     definition: "{{ lookup('template', 'templates/' + item + '.deployment.yaml') | from_yaml }}"
   with_items:
@@ -40,7 +40,7 @@
     - httpd
 
 - name: foreman routes
-  openshift_raw:
+  k8s:
     state: "{{ deployment_state }}"
     definition: "{{ lookup('template', 'templates/' + item + '.route.yaml') | from_yaml }}"
   with_items:

containers/deploy/foreman/templates/httpd.deployment.yaml

@@ -64,6 +64,6 @@ spec:
               name: certs
           lifecycle:
             postStart:
-              _exec:
+              exec:
                 command:
                   - "/usr/bin/save-container-environment"

containers/deploy/mongodb/tasks/main.yml

@@ -1,20 +1,20 @@
 ---
 - name: mongodb persistent volume claim
-  k8s_raw:
+  k8s:
     state: "{{ deployment_state }}"
     definition: "{{ lookup('template', 'templates/' + item + '.pvc.yaml') | from_yaml }}"
   with_items:
     - mongodb
 
 - name: mongodb service
-  k8s_raw:
+  k8s:
     state: "{{ deployment_state }}"
     definition: "{{ lookup('template', 'templates/' + item + '.service.yaml') | from_yaml }}"
   with_items:
     - mongodb
 
 - name: mongodb deployment
-  openshift_raw:
+  k8s:
     state: "{{ deployment_state }}"
     definition: "{{ lookup('template', 'templates/' + item + '.deployment.yaml') | from_yaml }}"
   with_items:

containers/deploy/postgres/tasks/main.yml

@@ -1,20 +1,20 @@
 ---
 - name: postgres persistent volume claim
-  k8s_raw:
+  k8s:
     state: "{{ deployment_state }}"
     definition: "{{ lookup('template', 'templates/' + item + '.pvc.yaml') | from_yaml }}"
   with_items:
     - postgres
 
 - name: postgres service
-  k8s_raw:
+  k8s:
     state: "{{ deployment_state }}"
     definition: "{{ lookup('template', 'templates/' + item + '.service.yaml') | from_yaml }}"
   with_items:
     - postgres
 
 - name: postges deployment
-  openshift_raw:
+  k8s:
     state: "{{ deployment_state }}"
     definition: "{{ lookup('template', 'templates/' + item + '.deployment.yaml') | from_yaml }}"
   with_items:

containers/deploy/project/tasks/main.yml

@@ -1,8 +1,13 @@
 ---
-- name: project foreman
-  openshift_raw:
-    name: "{{ project_name }}"
-    display_name: Foreman
-    description: Foreman stack
-    state: present
-    kind: Project
+- name: project foreman (workaround for https://github.com/ansible/ansible/issues/42116)
+  shell: oc new-project '{{ project_name }}' --description="Foreman Stack" --display-name="Foreman" || oc get project '{{ project_name }}'
+#   k8s:
+#     state: present
+#     definition:
+#       apiVersion: project.openshift.io/v1
+#       kind: Project
+#       metadata:
+#         name: "{{ project_name }}"
+#         annotations:
+#           openshift.io/display-name: Foreman
+#           openshift.io/description: Foreman stack

containers/deploy/pulp/tasks/main.yml

@@ -1,29 +1,74 @@
 ---
 - name: pulp persistent volume claim
-  k8s_raw:
+  k8s:
     state: "{{ deployment_state }}"
     definition: "{{ lookup('template', 'templates/' + item + '.pvc.yaml') | from_yaml }}"
   with_items:
     - pulp-data
     - puppet-data
 
 - name: pulp service
-  k8s_raw:
+  k8s:
     state: "{{ deployment_state }}"
     definition: "{{ lookup('template', 'templates/' + item + '.service.yaml') | from_yaml }}"
   with_items:
     - pulp
     - content-server
 
 - name: pulp deployment
-  openshift_raw:
+  k8s:
     state: "{{ deployment_state }}"
     definition: "{{ lookup('template', 'templates/' + item + '.deployment.yaml') | from_yaml }}"
   with_items:
     - pulp
-    - pulp-worker
     - pulp-celerybeat
     - pulp-resource-manager
     - pulp-streamer
     - squid
     - content-server
+
+- name: Create pulp deployment (workaround for https://github.com/ansible/ansible/issues/40185)
+  k8s:
+    state: "{{ deployment_state }}"
+    definition:
+      apiVersion: v1
+      kind: DeploymentConfig
+      metadata:
+        name: pulp-worker
+        namespace: "{{ project_name }}"
+        labels:
+          app: foreman
+          service: pulp-worker
+      spec:
+        template:
+          metadata:
+            labels:
+              app: foreman
+              service: pulp-worker
+          spec:
+            serviceAccount: anyuid
+            serviceAccountName: anyuid
+            containers:
+              - name: pulp-worker
+                securityContext: {}
+                state: present
+                volumeMounts:
+                  - readOnly: false
+                    mountPath: /var/lib/pulp
+                    name: pulp-data
+                  - readOnly: false
+                    mountPath: /etc/puppet
+                    name: puppet-data
+                image: "{{ registry }}/pulp-worker:latest"
+            volumes:
+              - name: pulp-data
+                persistentVolumeClaim:
+                  claimName: pulp-data
+              - name: puppet-data
+                persistentVolumeClaim:
+                  claimName: puppet-data
+        replicas: "{{ pulp_worker_count }}"
+        strategy:
+          type: Rolling
+          rollingParams:
+            timeoutSeconds: 900

containers/deploy/puppet/tasks/main.yml

@@ -1,13 +1,13 @@
 ---
 - name: puppet service
-  k8s_raw:
+  k8s:
     state: "{{ deployment_state }}"
     definition: "{{ lookup('template', 'templates/' + item + '.service.yaml') | from_yaml }}"
   with_items:
     - puppet
 
 - name: puppet deployment
-  openshift_raw:
+  k8s:
     state: "{{ deployment_state }}"
     definition: "{{ lookup('template', 'templates/' + item + '.deployment.yaml') | from_yaml }}"
   with_items:

containers/deploy/qpid/tasks/main.yml

@@ -1,13 +1,13 @@
 ---
 - name: qpid service
-  k8s_raw:
+  k8s:
     state: "{{ deployment_state }}"
     definition: "{{ lookup('template', 'templates/' + item + '.service.yaml') | from_yaml }}"
   with_items:
     - qpid
 
 - name: qpid deployment
-  openshift_raw:
+  k8s:
     state: "{{ deployment_state }}"
     definition: "{{ lookup('template', 'templates/' + item + '.deployment.yaml') | from_yaml }}"
   with_items:

containers/deploy/service-accounts/tasks/main.yml

@@ -10,11 +10,8 @@
   command: oc login -u developer -p a
   when: minishift or cluster_up
 
-- name: Ensure on project
-  command: "oc project {{ project_name }}"
-
 - name: anyuid service account
-  k8s_raw:
+  k8s:
     state: present
     force: false
     resource_definition:
@@ -25,4 +22,18 @@
         namespace: "{{ project_name }}"
 
 - name: Allow anyuid service account to create secrets
-  command: oc adm policy add-role-to-user edit -z anyuid
+  k8s:
+    definition:
+      apiVersion: rbac.authorization.k8s.io/v1
+      kind: RoleBinding
+      metadata:
+        name: anyuid-edit
+        namespace: "{{ project_name }}"
+      roleRef:
+        apiGroup: rbac.authorization.k8s.io
+        kind: ClusterRole
+        name: edit
+      subjects:
+      - kind: ServiceAccount
+        name: anyuid
+        namespace: "{{ project_name }}"