summaryrefslogtreecommitdiffstats
path: root/roles/ands_openshift/tasks
diff options
context:
space:
mode:
authorSuren A. Chilingaryan <csa@suren.me>2017-04-01 04:53:28 +0200
committerSuren A. Chilingaryan <csa@suren.me>2017-04-01 04:53:28 +0200
commite7ed329bd81c2273c03e94c93c9ce9c1d01cdc86 (patch)
tree444778102e4f73b83ef9462235b7f614b004b264 /roles/ands_openshift/tasks
downloadands-e7ed329bd81c2273c03e94c93c9ce9c1d01cdc86.tar.gz
ands-e7ed329bd81c2273c03e94c93c9ce9c1d01cdc86.tar.bz2
ands-e7ed329bd81c2273c03e94c93c9ce9c1d01cdc86.tar.xz
ands-e7ed329bd81c2273c03e94c93c9ce9c1d01cdc86.zip
Initial import
Diffstat (limited to 'roles/ands_openshift/tasks')
-rw-r--r--roles/ands_openshift/tasks/heketi.yml13
-rw-r--r--roles/ands_openshift/tasks/heketi_perms.yml9
-rw-r--r--roles/ands_openshift/tasks/heketi_resources.yml74
-rw-r--r--roles/ands_openshift/tasks/hostnames.yml15
-rw-r--r--roles/ands_openshift/tasks/main.yml6
-rw-r--r--roles/ands_openshift/tasks/ssh.yml21
-rw-r--r--roles/ands_openshift/tasks/ssh_keygen.yml12
-rw-r--r--roles/ands_openshift/tasks/storage.yml4
-rw-r--r--roles/ands_openshift/tasks/storage_resources.yml33
-rw-r--r--roles/ands_openshift/tasks/users.yml8
-rw-r--r--roles/ands_openshift/tasks/users_resources.yml40
11 files changed, 235 insertions, 0 deletions
diff --git a/roles/ands_openshift/tasks/heketi.yml b/roles/ands_openshift/tasks/heketi.yml
new file mode 100644
index 0000000..149f85d
--- /dev/null
+++ b/roles/ands_openshift/tasks/heketi.yml
@@ -0,0 +1,13 @@
+---
+- block:
+ - name: Ensure all required packages are installed
+ yum: name={{item}} state=present
+ with_items:
+ - heketi-client
+
+ - include: heketi_resources.yml
+ run_once: true
+ delegate_to: "{{ groups.masters[0] }}"
+ when: ansible_lvm.lvs.{{ ands_heketi_lv }} is defined
+
+ when: ansible_lvm.lvs.{{ ands_heketi_lv }} is defined
diff --git a/roles/ands_openshift/tasks/heketi_perms.yml b/roles/ands_openshift/tasks/heketi_perms.yml
new file mode 100644
index 0000000..4df6260
--- /dev/null
+++ b/roles/ands_openshift/tasks/heketi_perms.yml
@@ -0,0 +1,9 @@
+---
+- name: Mount heketidb volume
+ mount: name="{{ heketi_template_path }}/heketidbstorage" src="localhost:heketidbstorage" fstype="glusterfs" opts="defaults,_netdev" state="mounted"
+
+- name: Allow writting to heketidb
+ file: path="{{ heketi_template_path }}/heketidbstorage" owner="root" group="root" mode=0777
+
+- name: Mount heketidb volume
+ mount: name="{{ heketi_template_path }}/heketidbstorage" state="absent"
diff --git a/roles/ands_openshift/tasks/heketi_resources.yml b/roles/ands_openshift/tasks/heketi_resources.yml
new file mode 100644
index 0000000..06ae6b3
--- /dev/null
+++ b/roles/ands_openshift/tasks/heketi_resources.yml
@@ -0,0 +1,74 @@
+---
+- name: Ensure heketi configuration directory exists
+ file: path="{{ heketi_template_path }}" state="directory" mode=0600 owner=root group=root
+
+- name: Check if secret exists
+ command: oc -n "{{ openshift_namespace }}" get secret/heketi
+ register: result
+ failed_when: false
+ changed_when: (result | failed)
+
+- name: Create secret for dynamic volume provisioning
+ command: "kubectl create secret generic heketi --type=kubernetes.io/glusterfs --from-literal=key={{ ands_secrets.heketi.admin | quote }} --from-literal=user={{ ands_secrets.heketi.user | quote }} --namespace={{ openshift_namespace }}"
+ when: (result | changed)
+
+- name: Copy Heketi configuration
+ copy: src="heketi/heketi.json" dest="{{ heketi_template_path }}/heketi.json" owner=root group=root mode="0644"
+ register: result1
+
+- name: Check if configMap exists
+ command: oc -n "{{ openshift_namespace }}" get cm/heketi
+ register: result2
+ failed_when: false
+ changed_when: (result2 | failed)
+
+- name: Desotry existing Heketi configuration
+ command: oc -n "{{ openshift_namespace }}" delete cm/heketi
+ when: ( result1 | changed ) and (not (result2 | changed))
+
+- name: Create heketiConfigmap
+ command: oc -n "{{ openshift_namespace }}" create cm heketi --from-file="{{ heketi_template_path }}/heketi.json"
+ when: (result1 | changed) or (result2 | changed)
+
+- name: Check if Heketi POD is running
+ command: oc -n "{{ openshift_namespace }}" get dc/heketi --template "{{ '{{.status.availableReplicas}}' }}"
+ register: result
+ failed_when: false
+ changed_when: (result | failed) or ((result.stdout | int) < 1)
+
+- name: Fix GlusterFS volume permissions
+ include: heketi_perms.yml
+ run_once: true
+ delegate_to: "{{ groups.masters[0] }}"
+ when: (result | changed)
+
+- name: Copy Heketi Template
+ template: src="heketi/heketi_template.json.j2" dest="{{ heketi_template_path }}/heketi_template.json" owner=root group=root mode="0644"
+ register: result
+
+- name: Create Heketi Pod
+ include_role: name="openshift_resource"
+ vars:
+ template: heketi_template.json
+ template_path: "{{ heketi_template_path }}"
+ project: "{{ openshift_namespace }}"
+ recreate: "{{ result | changed | ternary (true, false) }}"
+
+- name: Wait until heketi service is running
+ wait_for: host="heketi.{{ openshift_master_default_subdomain }}" port=80 state=present
+
+- name: Copy Heketi topology
+ template: src="heketi/topology.json.j2" dest="{{ heketi_template_path }}/topology.json" owner=root group=root mode="0644"
+ notify: heketi_topology
+
+- name: Copy Heketi storage class
+ template: src="heketi/heketi-sc.yml.j2" dest="{{ heketi_template_path }}/heketi-sc.yml" owner=root group=root mode="0644"
+ register: result
+
+- name: Setup Heketi-based dynamic volume provisioning
+ include_role: name="openshift_resource"
+ vars:
+ template: heketi-sc.yml
+ template_path: "{{ heketi_template_path }}"
+ project: "{{ openshift_namespace }}"
+ recreate: "{{ result | changed | ternary (true, false) }}"
diff --git a/roles/ands_openshift/tasks/hostnames.yml b/roles/ands_openshift/tasks/hostnames.yml
new file mode 100644
index 0000000..e489a8c
--- /dev/null
+++ b/roles/ands_openshift/tasks/hostnames.yml
@@ -0,0 +1,15 @@
+---
+#- name: Remove obsolte hostnames from /etc/hosts
+# lineinfile: dest="/etc/hosts" regexp="{{ hostvars[item]['openshift_hostname'] }}" state="absent"
+# with_inventory_hostnames:
+# - nodes
+
+
+- name: Configure all cluster hostnames in /etc/hosts
+ lineinfile: dest="/etc/hosts" line="{{ hostvars[item]['openshift_ip'] }} {{ hostvars[item]['openshift_public_hostname'] }} {{ hostvars[item]['openshift_hostname'] }}" regexp="{{ hostvars[item]['openshift_hostname'] }}" state="present"
+ with_inventory_hostnames:
+ - nodes
+
+- name: Provision /etc/hosts to ensure that all masters servers are accessing Master API on loopback device
+ lineinfile: dest="/etc/hosts" line="127.0.0.1 {{ openshift_master_cluster_hostname }}" regexp=".*{{ openshift_master_cluster_hostname }}$" state="present"
+ when: "'masters' in group_names"
diff --git a/roles/ands_openshift/tasks/main.yml b/roles/ands_openshift/tasks/main.yml
new file mode 100644
index 0000000..f72123f
--- /dev/null
+++ b/roles/ands_openshift/tasks/main.yml
@@ -0,0 +1,6 @@
+---
+- name: "Configuring OpenShift"
+ include: "{{ current_subrole }}.yml"
+ with_items: "{{ openshift_subroles }}"
+ loop_control:
+ loop_var: current_subrole
diff --git a/roles/ands_openshift/tasks/ssh.yml b/roles/ands_openshift/tasks/ssh.yml
new file mode 100644
index 0000000..7d8d99d
--- /dev/null
+++ b/roles/ands_openshift/tasks/ssh.yml
@@ -0,0 +1,21 @@
+---
+- name: Check if ssh secret exists
+ run_once: true
+ delegate_to: "{{ groups.masters[0] }}"
+ command: oc -n "{{ openshift_namespace }}" get secret/ands-ssh
+ register: result
+ changed_when: (result | failed)
+ failed_when: false
+
+- include: ssh_keygen.yml
+ run_once: true
+ delegate_to: "{{ groups.masters[0] }}"
+ when: (result | changed)
+
+- name: Read SSH public key
+ shell: cat "{{ ssh_template_path }}/id_rsa.pub"
+ changed_when: false
+ register: result
+
+- name: Distribute public keys
+ authorized_key: user="root" key="{{result.stdout}}" state=present manage_dir=yes exclusive=no
diff --git a/roles/ands_openshift/tasks/ssh_keygen.yml b/roles/ands_openshift/tasks/ssh_keygen.yml
new file mode 100644
index 0000000..21a7b0a
--- /dev/null
+++ b/roles/ands_openshift/tasks/ssh_keygen.yml
@@ -0,0 +1,12 @@
+---
+- name: Ensure ssh directory exists
+ file: path="{{ ssh_template_path }}" state="directory" mode=0600 owner=root group=root
+
+- name: Generate ssh-key
+ command: ssh-keygen -t rsa -C "ands-ssh@ipe.kit.edu" -N "" -f "{{ ssh_template_path }}"/id_rsa creates="{{ ssh_template_path }}/id_rsa"
+
+- name: Create ssh secret
+ command: oc -n "{{ openshift_namespace }}" secrets new ands-ssh id_rsa="{{ ssh_template_path }}"/id_rsa id_rsa_pub="{{ ssh_template_path }}/id_rsa.pub"
+
+- name: Ensure ssh secret key is removed
+ file: path="{{ ssh_template_path }}/id_rsa" state=absent
diff --git a/roles/ands_openshift/tasks/storage.yml b/roles/ands_openshift/tasks/storage.yml
new file mode 100644
index 0000000..be2583a
--- /dev/null
+++ b/roles/ands_openshift/tasks/storage.yml
@@ -0,0 +1,4 @@
+---
+- include: storage_resources.yml
+ run_once: true
+ delegate_to: "{{ groups.masters[0] }}"
diff --git a/roles/ands_openshift/tasks/storage_resources.yml b/roles/ands_openshift/tasks/storage_resources.yml
new file mode 100644
index 0000000..5adf69e
--- /dev/null
+++ b/roles/ands_openshift/tasks/storage_resources.yml
@@ -0,0 +1,33 @@
+---
+- name: Ensure OpenShift template directory exists
+ file: path="{{ storage_template_path }}" state="directory" mode=0644 owner=root group=root
+
+- name: Copy GlusterFS service template
+ copy: src="gfs-svc.yml" dest="{{ storage_template_path }}/gfs-svc.yml" owner=root group=root mode="0644"
+ register: result
+
+- name: Configure GFS service & endpoints
+ include_role: name="openshift_resource"
+ vars:
+ template: gfs-svc.yml
+ template_path: "{{ storage_template_path }}"
+ project: "{{ prj_item }}"
+ recreate: "{{ result | changed | ternary (true, false) }}"
+ with_items: "{{ ands_openshift_projects.keys() | union(['default']) }}"
+ loop_control:
+ loop_var: prj_item
+
+- name: Configure GlusterFS end-points
+ template: src="gfs-ep.yml.j2" dest="{{ storage_template_path }}/gfs-ep.yml" owner=root group=root mode="0644"
+ register: result
+
+- name: Configure GFS service & endpoints
+ include_role: name="openshift_resource"
+ vars:
+ template: gfs-ep.yml
+ template_path: "{{ storage_template_path }}"
+ project: "{{ prj_item }}"
+ recreate: "{{ result | changed | ternary (true, false) }}"
+ with_items: "{{ ands_openshift_projects.keys() | union(['default']) }}"
+ loop_control:
+ loop_var: prj_item
diff --git a/roles/ands_openshift/tasks/users.yml b/roles/ands_openshift/tasks/users.yml
new file mode 100644
index 0000000..c816203
--- /dev/null
+++ b/roles/ands_openshift/tasks/users.yml
@@ -0,0 +1,8 @@
+---
+- name: Copy htpasswd to /etc/origin/master
+ copy: src="users/htpasswd" dest="/etc/origin/master/htpasswd" mode=0644 owner=root group=root force=yes backup=no
+ when: "'masters' in group_names"
+
+- include: users_resources.yml
+ run_once: true
+ delegate_to: "{{ groups.masters[0] }}"
diff --git a/roles/ands_openshift/tasks/users_resources.yml b/roles/ands_openshift/tasks/users_resources.yml
new file mode 100644
index 0000000..35323cb
--- /dev/null
+++ b/roles/ands_openshift/tasks/users_resources.yml
@@ -0,0 +1,40 @@
+---
+- name: Configure cluster roles
+ command: "oc adm policy add-cluster-role-to-user {{ item.key.split('/')[0] }} {{ item.value.replace(' ','').split(',') | join(' ') }}"
+ with_dict: "{{ ands_openshift_roles }}"
+ when: "{{ item.key.split('/') | length == 1 }}"
+
+- name: Get project list
+ command: "oc get projects -o json"
+ changed_when: false
+ register: results
+
+- name: Find missing projects
+ set_fact: new_projects="{{ ands_openshift_projects.keys() | difference (results.stdout | from_json | json_query('items[*].metadata.name')) }}"
+ when: (results | succeeded)
+
+- name: Create missing projects
+ command: "oc adm new-project --description '{{ ands_openshift_projects[item] }}' {{ item }}"
+ with_items: "{{ new_projects | default([]) }}"
+
+- name: Configure per project roles
+ command: "oc adm policy add-role-to-user -n {{ item.key.split('/')[0] }} {{ item.key.split('/')[1] }} {{ item.value.replace(' ','').split(',') | join(' ') }}"
+ with_dict: "{{ ands_openshift_roles }}"
+ when: "{{ item.key.split('/') | length == 2 }}"
+
+- name: Get user list
+ command: "oc get users -o json"
+ changed_when: false
+ register: results
+
+- name: Find removed users
+ set_fact: removed_users="{{ results.stdout | from_json | json_query('items[*].metadata.name') | difference(ands_openshift_users.keys()) }}"
+ when: (results | succeeded)
+
+- name: Create missing projects
+ command: "oc delete identity htpasswd_auth:{{ item }}"
+ with_items: "{{ removed_users | default([]) }}"
+
+- name: Create missing projects
+ command: "oc delete user {{ item }}"
+ with_items: "{{ removed_users | default([]) }}"