lint

stackhpc · Sep 5, 2023 · 898471b · 898471b
1 parent 500cb6c
commit 898471b
Showing 1 changed file with 23 additions and 3 deletions.
diff --git a/deployment/site.yml b/deployment/site.yml
@@ -100,8 +100,11 @@
       register: provisioner_password_stat
 
     - name: Get provisioner password
-      ansible.builtin.shell: docker logs step-ca 2>&1 | awk '/Your CA administrative password is/ { print $7 }'
+      ansible.builtin.shell: |
+        set -o pipefail
+        docker logs step-ca 2>&1 | awk '/Your CA administrative password is/ { print $7 }'
       register: provisioner_password
+      changed_when: false
       when: not provisioner_password_stat.stat.exists
 
     - name: Create .step directory
@@ -131,6 +134,7 @@
       ansible.builtin.copy:
         content: "{{ step_ca_root.stdout }}"
         dest: "{{ step_ca_root_cert_local_path }}"
+        mode: "0600"
       delegate_to: localhost
       become: false
 
@@ -173,7 +177,7 @@
         path: /root/.step/config/defaults.json
       register: step_stat
 
-    - name: Get CA fingerprint
+    - name: Get CA fingerprint # noqa: run-once[task]
       ansible.builtin.command: docker exec step-ca step certificate fingerprint certs/root_ca.crt
       register: ca_fingerprint
       changed_when: false
@@ -182,7 +186,10 @@
       when: not step_stat.stat.exists
 
     - name: Bootstrap CA
-      ansible.builtin.command: step ca bootstrap --ca-url https://{{ hostvars[groups['step-ca'][0]].ansible_facts.nodename }}:9999 --fingerprint {{ ca_fingerprint.stdout }} --install
+      ansible.builtin.command: >
+        step ca bootstrap
+        --ca-url https://{{ hostvars[groups['step-ca'][0]].ansible_facts.nodename }}:9999
+        --fingerprint {{ ca_fingerprint.stdout }} --install
       changed_when: true
       when: not step_stat.stat.exists
 
@@ -212,6 +219,12 @@
           - name: host
         volumes: /data
 
+    - name: Wait for minio object storage to start
+      ansible.builtin.uri:
+        url: http://localhost:9001
+      until: result is success
+      register: result
+
 - name: Gather facts for Prometheus
   hosts:
     - haproxy
@@ -381,6 +394,7 @@
     haproxy_server_timeout: "1m"
     haproxy_check_timeout: "10s"
     haproxy_defaults_balance: "roundrobin"
+    reductionist_host: "{{ ansible_facts.default_ipv4.address }}"
   tasks:
     - name: Ensure /etc/haproxy directory exists
       ansible.builtin.file:
@@ -404,3 +418,9 @@
         restart: "{{ haproxy_cfg is changed }}"
         volumes:
           - "/etc/haproxy:/usr/local/etc/haproxy:ro"
+
+    - name: Wait for reductionist server to be accessible via HAProxy
+      ansible.builtin.uri:
+        url: "https://{{ reductionist_host }}:8080/.well-known/reductionist-schema"
+      until: result is success
+      register: result