Add PVC playbooks

Signed-off-by: Webster Mudge <wmudge@cloudera.com>

Author: wmudge

playbooks/pvc_base_postfix.yml

@@ -0,0 +1,166 @@
+---
+
+# Copyright 2023 Cloudera, Inc. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# STARTBLOCK # Fix Auto-TLS
+- name: Auto-TLS Services Setup
+  hosts: "{{ target | default('cloudera_manager') }}"
+  gather_facts: no
+  roles:
+    - role: cloudera.cluster.cloudera_manager.cms_tls
+      when: autotls is defined and autotls == True
+  tags:
+    - autotls
+    - never
+# ENDBLOCK # Fix Auto-TLS
+
+# STARTBLOCK # Setup HDFS Encryption
+- name: Setup KTS HA
+  hosts: "{{ target | default('localhost') }}"
+  become: yes
+  gather_facts: no
+  tasks:
+    - ansible.builtin.include_role:
+        name: cloudera.cluster.deployment.services.kts_high_availability
+        public: yes
+        apply:
+          tags:
+            - kts
+            - full_cluster
+      when:
+        - "'kts_active' in groups"
+        - "'kts_passive' in groups"
+  tags:
+    - kts
+    - full_cluster
+
+- name: Handle KMS services
+  hosts: "{{ target | default('localhost') }}"
+  gather_facts: no
+  become: yes
+  roles:
+    - role: cloudera.cluster.deployment.services.kms
+      when: "'kms_servers' in groups"
+    - role: cloudera.cluster.deployment.services.kms_ha
+      when: "'kms_servers' in groups"
+  tags:
+    - kms
+    - full_cluster
+
+- name: Handle KMS services
+  hosts: "{{ target | default('cloudera_manager') }}"
+  gather_facts: no
+  become: no
+  roles:
+    - role: cloudera.cluster.operations.refresh_ranger_kms_repo
+      when: "'kms_servers' in groups"
+  tags:
+    - kms
+    - full_cluster
+
+- name: Restart and re-deploy stale client configs
+  hosts: "{{ target | default('localhost') }}"
+  gather_facts: no
+  roles:
+    - role: cloudera.cluster.operations.restart_stale
+      when: "'kms_servers' in groups"
+  vars:
+    client_config_timeout: "{{ restart_client_config_timeout | default(300) }}"
+  tags:
+    - kms
+    - restart_stale
+    - full_cluster
+ # ENDBLOCK # Setup HDFS Encryption
+ 
+ # STARTBLOCK # WXM Setup
+- name: Handle WXM Setup
+  hosts: "{{ target | default('cluster_master_nodes[0]') }}"
+  gather_facts: yes
+  tags:
+    - wxm
+    - full_cluster
+  tasks:
+    - name: Setup WXM
+      when:
+        - use_wxm | default(False)
+        - altus_key_id | length > 0
+        - altus_private_key | length > 0
+      import_role:
+        name: cloudera.cluster.deployment.services.wxm
+# ENDBLOCK # WXM Setup
+
+- name: Post-Install for PvC on all cluster hosts
+  hosts: "{{ target | default('cloudera_manager, cluster, ecs_nodes') }}"
+  gather_facts: yes
+  tags:
+    - pvc
+  tasks:
+    - name: Add missing ExtJS for Oozie UI
+      include_role:
+        name: cloudera.cluster.config.services.oozie_ui
+      when: oozie_service_exists | default(false)
+
+- name: Post-Install Cloudera Manager and Cluster
+  hosts: "{{ target | default('cloudera_manager') }}"
+  gather_facts: yes
+  tags:
+    - pvc
+  tasks:
+    - name: Refresh CM Services Info
+      include_role:
+        name: cloudera.cluster.cloudera_manager.services_info
+        public: yes
+      vars:
+        cluster_name: "{{ cluster_name_base }}"
+
+    - name: Fix Hue ticket lifetime for Free IPA
+      include_role:
+        name: cloudera.cluster.config.services.hue_ticket_lifetime
+      when:
+        - hue_service_exists | default(false)
+        - krb5_kdc_type == 'Red Hat IPA'
+
+    - name: Set Cloudera Manager session timeout to 30d
+      include_role:
+        name: cloudera.cluster.cloudera_manager.session_timeout
+
+## TODO Believe this is version specific, in 7.1.7Spx solr plugin is NOT missing, needs work
+#    - name: Create missing Solr plugin for Ranger
+#      include_role:
+#        name: cloudera.cluster.config.services.solr_ranger_plugin
+#      when:
+#        - ranger_service_exists | default(false)
+#        - solr_service_exists | default(false)
+
+    - name: Add Solr urls to Knox
+      include_role:
+        name: cloudera.cluster.config.services.solr_knox
+      when: knox_service_exists | default(false) and solr_service_exists | default(false)
+
+    - name: Add missing TLS values for KMS
+      when:
+        - kms_service_exists | default(False)
+        - (autotls | default(False))
+      include_role:
+        name: cloudera.cluster.config.services.kms_tls
+
+## TODO Believe this is version specific, in 7.1.7SPx Ranger policies are duplicated, needs work
+#    - name: Ranger extra policies to have enough rights with basic accounts
+#      when: ranger_service_exists | default(false)
+#      include_role:
+#        name: cloudera.cluster.config.services.ranger_pvc_default_policies
+
+# End run
+###