| Zack Williams | 3c28257 | 2018-01-29 14:41:28 -0700 | [diff] [blame^] | 1 | --- |
| 2 | # Copyright 2017-present Open Networking Foundation |
| 3 | # |
| 4 | # Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | # you may not use this file except in compliance with the License. |
| 6 | # You may obtain a copy of the License at |
| 7 | # |
| 8 | # http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | # |
| 10 | # Unless required by applicable law or agreed to in writing, software |
| 11 | # distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | # See the License for the specific language governing permissions and |
| 14 | # limitations under the License. |
| 15 | |
| 16 | # helm/tasks/main.yml |
| 17 | # Installs Helm for kubernetes |
| 18 | |
| 19 | # should probably check that downloaded matched installed version, but would |
| 20 | # need checksum of binary inside the tarball, which isn't published |
| 21 | - name: Check to see if Helm is installed |
| 22 | stat: |
| 23 | path: "{{ helm_bin_path }}" |
| 24 | register: helm_bin |
| 25 | |
| 26 | - name: Create a tempdir for Helm download |
| 27 | when: not helm_bin.stat.exists or not helm_bin.stat.executable |
| 28 | tempfile: |
| 29 | state: directory |
| 30 | suffix: helm |
| 31 | register: helm_tempdir |
| 32 | |
| 33 | - name: Download and verify Helm archive |
| 34 | when: not helm_bin.stat.exists or not helm_bin.stat.executable |
| 35 | get_url: |
| 36 | url: "{{ helm_dl_url }}" |
| 37 | checksum: "{{ helm_dl_checksum }}" |
| 38 | dest: "{{ helm_tempdir.path }}/helm.tgz" |
| 39 | |
| 40 | - name: Unarchive Helm |
| 41 | when: not helm_bin.stat.exists or not helm_bin.stat.executable |
| 42 | unarchive: |
| 43 | remote_src: true |
| 44 | src: "{{ helm_tempdir.path }}/helm.tgz" |
| 45 | dest: "{{ helm_tempdir.path }}/" |
| 46 | |
| 47 | - name: Move helm binary into place |
| 48 | when: not helm_bin.stat.exists or not helm_bin.stat.executable |
| 49 | become: yes |
| 50 | copy: |
| 51 | src: "{{ helm_tempdir.path }}/{{ ansible_system | lower }}-{{ cpu_arch }}/helm" |
| 52 | dest: "{{ helm_bin_path }}" |
| 53 | owner: root |
| 54 | group: root |
| 55 | mode: 0755 |
| 56 | |
| 57 | # The helm binary is now installed. Start up tiller on k8s. |
| 58 | # `helm init --wait` should handle these waits below, but is broken |
| 59 | # as of 2018-02-06, see: https://github.com/kubernetes/helm/issues/3379 |
| 60 | |
| 61 | - name: Initialize Helm and wait for it to be ready |
| 62 | command: "helm init" |
| 63 | tags: |
| 64 | - skip_ansible_lint # while helm may be installed, k8s might have been wiped so tiller needs to be reinstalled |
| 65 | |
| 66 | - name: "Wait for 'helm init' to set up Tiller" |
| 67 | pause: |
| 68 | seconds: 60 |
| 69 | |
| 70 | # needed to give permissions and avoid the cryptic |
| 71 | # "Error: no available release name found" message |
| 72 | # per: https://github.com/kubernetes/helm/issues/3055 |
| 73 | - name: Give RBAC permissions to tiller |
| 74 | command: "kubectl {{ item }}" |
| 75 | with_items: |
| 76 | - 'create serviceaccount --namespace kube-system tiller' |
| 77 | - 'create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller' |
| 78 | - 'patch deploy --namespace kube-system tiller-deploy -p ''{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}''' |
| 79 | tags: |
| 80 | - skip_ansible_lint # have to run these to set up tiller, as k8s might not be up |
| 81 | |
| 82 | - name: "Wait for Helm/Tiller to be ready" |
| 83 | pause: |
| 84 | seconds: 30 |
| 85 | |