ansible-lab-ocpv/exercise12-fix.yaml at main · sanuragi-redhat/ansible-lab-ocpv · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
- name: Preparing  exercise12
  hosts: localhost
  gather_facts: true

  vars:
    user: "{{ lookup('env', 'USER') }}"

  tasks:
    - name: Removing VM A
      kubernetes.core.k8s:
        state: absent
        template: "exercise12-create-vm-a.yaml.j2"
      register: deletevma
      until: deletevma is succeeded
      retries: 60
      delay: 10
      failed_when: deletevma is failed or deletevma.failed

    - name: Removing VM B
      kubernetes.core.k8s:
        state: absent
        template: "exercise12-create-vm-b.yaml.j2"
      register: deletevmb
      until: deletevmb is succeeded
      retries: 60
      delay: 10
      failed_when: deletevma is failed or deletevma.failed

    - name: Wait for the Virtual Machine A to be removed
      kubernetes.core.k8s_info:
        kind: VirtualMachine
        namespace: "namespace-{{ user }}"
        name: "exercise12-a"
      register: cleanvma
      retries: 60
      delay: 2
      until: cleanvma.resources | length == 0

    - name: Wait for the Virtual Machine B to be removed
      kubernetes.core.k8s_info:
        kind: VirtualMachine
        namespace: "namespace-{{ user }}"
        name: "exercise12-b"
      register: cleanvmb
      retries: 60
      delay: 2
      until: cleanvmb.resources | length == 0

    - name: Removing NAD
      kubernetes.core.k8s:
        state: absent
        template: "exercise12-create-nad.yaml.j2"
      register: deletenad
      until: deletenad is succeeded
      retries: 60
      delay: 10
      failed_when: deletenad is failed or deletenad.failed

    # - name: Get user SSH key
    #   ansible.builtin.slurp:
    #     src: "/home/{{ user }}/.ssh/id_rsa.pub"
    #   register: usersshkey

    # - name: Removing the idrsa secret
    #   kubernetes.core.k8s:
    #     state: absent
    #     template: "exercise12-secret.yaml.j2"
    #   register: secretidrsa
    #   until: secretidrsa is succeeded
    #   retries: 60
    #   delay: 10
    #   failed_when: secretidrsa is failed or secretidrsa.failed

    - name: Clean MNP deny
      kubernetes.core.k8s:
        state: absent
        template: "exercise12-mnp-deny.yaml.j2"
      register: mnpallow
      until: mnpallow is succeeded
      retries: 60
      delay: 10
      failed_when: mnpallow is failed or mnpallow.failed

    - name: Clean MNP allow
      kubernetes.core.k8s:
        state: absent
        template: "exercise12-mnp-allow.yaml.j2"
      register: mnpallow
      until: mnpallow is succeeded
      retries: 60
      delay: 10
      failed_when: mnpallow is failed or mnpallow.failed

    - name: Create SSH config file with StrictHostKeyChecking no
      ansible.builtin.copy:
        dest: '/home/{{ user }}/.ssh/config'
        content: |
          Host *
            StrictHostKeyChecking no
            UserKnownHostsFile /dev/null
        owner: '{{ user }}'
        group: '{{ user }}'
        mode: '0600'

    - name: Creating NAD
      kubernetes.core.k8s:
        state: present
        template: "exercise12-create-nad.yaml.j2"
      register: createnad
      until: createnad is succeeded
      retries: 60
      delay: 10
      failed_when: createnad is failed or createnad.failed

    - name: Get user SSH key
      ansible.builtin.slurp:
        src: "/home/{{ user }}/.ssh/id_rsa.pub"
      register: usersshkey

    - name: Create the idrsa secret
      kubernetes.core.k8s:
        state: present
        template: "exercise12-secret.yaml.j2"
      register: secretidrsa
      until: secretidrsa is succeeded
      retries: 60
      delay: 10
      failed_when: secretidrsa is failed or secretidrsa.failed

    - name: Creating VM A
      kubernetes.core.k8s:
        state: present
        template: "exercise12-create-vm-a.yaml.j2"
      register: createvma
      until: createvma is succeeded
      retries: 60
      delay: 10
      failed_when: createvma is failed or createvma.failed

    - name: Creating VM B
      kubernetes.core.k8s:
        state: present
        template: "exercise12-create-vm-b.yaml.j2"
      register: createvmb
      until: createvmb is succeeded
      retries: 60
      delay: 10
      failed_when: createvmb is failed or createvmb.failed

    - name: Wait for exercise12-a
      ansible.builtin.command:
        cmd: virtctl ssh -i /home/{{ user }}/.ssh/id_rsa  lab-user@exercise12-a
      ignore_errors: true
      no_log: false
      register: testssha
      until: testssha.rc == 0
      retries: 20
      delay: 10

    - name: Wait for exercise12-b
      ansible.builtin.command:
        cmd: virtctl ssh -i /home/{{ user }}/.ssh/id_rsa  lab-user@exercise12-b
      ignore_errors: true
      no_log: false
      register: testsshb
      until: testsshb.rc == 0
      retries: 20
      delay: 10

    - name: Fixing exercise part 1
      kubernetes.core.k8s:
        state: present
        template: "exercise12-mnp-deny.yaml.j2"
      register: mnpdeny
      until: mnpdeny is succeeded
      retries: 60
      delay: 10
      failed_when: mnpdeny is failed or mnpdeny.failed

    - name: Fixing exercise part 2
      kubernetes.core.k8s:
        state: present
        template: "exercise12-mnp-allow-fix.yaml.j2"
      register: mnpallow
      until: mnpallow is succeeded
      retries: 60
      delay: 10
      failed_when: mnpallow is failed or mnpallow.failed