diff options
| -rw-r--r-- | .gitignore | 1 | ||||
| -rw-r--r-- | README.md | 4 | ||||
| -rw-r--r-- | README_AWS.md | 2 | ||||
| -rw-r--r-- | README_OSE.md | 7 | ||||
| -rw-r--r-- | README_origin.md | 210 | ||||
| -rw-r--r-- | README_vagrant.md | 25 | ||||
| -rw-r--r-- | Vagrantfile | 62 | ||||
| -rwxr-xr-x | bin/ohi | 15 | ||||
| -rw-r--r-- | bin/openshift-ansible-bin.spec | 21 | ||||
| -rw-r--r-- | bin/openshift_ansible/utils.py | 30 | ||||
| -rwxr-xr-x | bin/opscp | 131 | ||||
| -rwxr-xr-x | bin/opssh | 274 | ||||
| -rw-r--r-- | playbooks/common/openshift-node/config.yml | 4 | ||||
| -rw-r--r-- | rel-eng/packages/openshift-ansible-bin | 2 | ||||
| -rw-r--r-- | roles/ansible_tower/tasks/main.yaml | 10 | ||||
| -rw-r--r-- | roles/ansible_tower_cli/README.md | 50 | ||||
| -rw-r--r-- | roles/ansible_tower_cli/defaults/main.yml | 2 | ||||
| -rw-r--r-- | roles/ansible_tower_cli/handlers/main.yml | 2 | ||||
| -rw-r--r-- | roles/ansible_tower_cli/meta/main.yml | 9 | ||||
| -rw-r--r-- | roles/ansible_tower_cli/tasks/main.yml | 18 | ||||
| -rw-r--r-- | roles/ansible_tower_cli/templates/tower_cli.cfg.j2 | 5 | ||||
| -rw-r--r-- | roles/ansible_tower_cli/vars/main.yml | 2 | ||||
| -rw-r--r-- | roles/openshift_ansible_inventory/tasks/main.yml | 34 | ||||
| -rw-r--r-- | roles/openshift_master/tasks/main.yml | 11 |
24 files changed, 777 insertions, 154 deletions
diff --git a/.gitignore b/.gitignore index e25d99eeb..cacc711a1 100644 --- a/.gitignore +++ b/.gitignore @@ -15,3 +15,4 @@ .DS_Store gce.ini multi_ec2.yaml +.vagrant @@ -22,6 +22,10 @@ Setup - [GCE](README_GCE.md) - [local VMs](README_libvirt.md) +- Bring your own host deployments: + - [OpenShift Enterprise](README_OSE.md) + - [OpenShift Origin](README_origin.md) + - Build - [How to build the openshift-ansible rpms](BUILD.md) diff --git a/README_AWS.md b/README_AWS.md index 888abe939..dc93357ee 100644 --- a/README_AWS.md +++ b/README_AWS.md @@ -65,7 +65,7 @@ If needed, these values can be changed by setting environment variables on your - export ec2_ami='ami-307b3658' - export ec2_region='us-east-1' - export ec2_keypair='libra' -- export ec2_security_group='public' +- export ec2_security_groups="['public']" - export os_master_root_vol_size='20' - export os_master_root_vol_type='standard' - export os_node_root_vol_size='15' diff --git a/README_OSE.md b/README_OSE.md index cd0b9f7a6..41a6f2935 100644 --- a/README_OSE.md +++ b/README_OSE.md @@ -12,7 +12,7 @@ ## Requirements * ansible * Tested using ansible-1.8.4-1.fc20.noarch, but should work with version 1.8+ - * There is currently a known issue with ansible-1.9.0, you can downgrade to 1.8.4 on Fedora by installing one of the bulids from Koji: http://koji.fedoraproject.org/koji/packageinfo?packageID=13842 + * There is currently a known issue with ansible-1.9.0, you can downgrade to 1.8.4 on Fedora by installing one of the builds from Koji: http://koji.fedoraproject.org/koji/packageinfo?packageID=13842 * Available in Fedora channels * Available for EL with EPEL and Optional channel * One or more RHEL 7.1 VMs @@ -119,9 +119,8 @@ inventory file use the -i option for ansible-playbook. #### Create the default router On the master host: ```sh -systemctl restart openshift-sdn-master openshift ex router --create=true \ - --credentials=/var/lib/openshift/openshift.local.certificates/openshift-client/.kubeconfig \ + --credentials=/var/lib/openshift/openshift.local.certificates/openshift-router/.kubeconfig \ --images='docker-buildvm-rhose.usersys.redhat.com:5000/openshift3_beta/ose-${component}:${version}' ``` @@ -129,7 +128,7 @@ openshift ex router --create=true \ On the master host: ```sh openshift ex registry --create=true \ - --credentials=/var/lib/openshift/openshift.local.certificates/openshift-client/.kubeconfig \ + --credentials=/var/lib/openshift/openshift.local.certificates/openshift-registry/.kubeconfig \ --images='docker-buildvm-rhose.usersys.redhat.com:5000/openshift3_beta/ose-${component}:${version}' \ --mount-host=/var/lib/openshift/docker-registry ``` diff --git a/README_origin.md b/README_origin.md new file mode 100644 index 000000000..5b3fd2435 --- /dev/null +++ b/README_origin.md @@ -0,0 +1,210 @@ +# Installing OpenShift Origin against existing hosts + +* [Requirements](#requirements) +* [Caveats](#caveats) +* [Known Issues](#known-issues) +* [Configuring the host inventory](#configuring-the-host-inventory) +* [Creating the default variables for the hosts and host groups](#creating-the-default-variables-for-the-hosts-and-host-groups) +* [Running the ansible playbooks](#running-the-ansible-playbooks) +* [Post-ansible steps](#post-ansible-steps) +* [Overriding detected ip addresses and hostnames](#overriding-detected-ip-addresses-and-hostnames) + +## Requirements +* ansible + * Tested using ansible-1.8.4-1.fc20.noarch, but should work with version 1.8+ + * There is currently a known issue with ansible-1.9.0, you can downgrade to 1.8.4 on Fedora by installing one of the builds from Koji: http://koji.fedoraproject.org/koji/packageinfo?packageID=13842 + * Available in Fedora channels + * Available for EL with EPEL and Optional channel +* One or more RHEL 7.1 or CentOS 7.1 VMs +* Either ssh key based auth for the root user or ssh key based auth for a user + with sudo access (no password) +* A checkout of openshift-ansible from https://github.com/openshift/openshift-ansible/ + + ```sh + git clone https://github.com/openshift/openshift-ansible.git + cd openshift-ansible + ``` +## Known Issues +* RHEL - Host subscriptions are not configurable yet, the hosts need to be + pre-registered with subscription-manager or have the RHEL base repo + pre-configured. If using subscription-manager the following commands will + disable all but the rhel-7-server rhel-7-server-extras and + rhel-server7-ose-beta repos: +```sh +subscription-manager repos --disable="*" +subscription-manager repos \ +--enable="rhel-7-server-rpms" \ +--enable="rhel-7-server-extras-rpms" \ +--enable="rhel-server-7-ose-beta-rpms" +``` +* Configuration of router is not automated yet +* Configuration of docker-registry is not automated yet + +## Configuring the host inventory +[Ansible docs](http://docs.ansible.com/intro_inventory.html) + +Example inventory file for configuring one master and two nodes for the test +environment. This can be configured in the default inventory file +(/etc/ansible/hosts), or using a custom file and passing the --inventory +option to ansible-playbook. + +/etc/ansible/hosts: +```ini +# This is an example of a bring your own (byo) host inventory + +# Create an OSEv3 group that contains the masters and nodes groups +[OSv3:children] +masters +nodes + +# Set variables common for all OSEv3 hosts +[OSv3:vars] +# SSH user, this user should allow ssh based auth without requiring a password +ansible_ssh_user=root + +# If ansible_ssh_user is not root, ansible_sudo must be set to true +#ansible_sudo=true + +deployment_type=origin + +# host group for masters +[masters] +osv3-master.example.com + +# host group for nodes +[nodes] +osv3-node[1:2].example.com +``` + +The hostnames above should resolve both from the hosts themselves and +the host where ansible is running (if different). + +## Running the ansible playbooks +From the openshift-ansible checkout run: +```sh +ansible-playbook playbooks/byo/config.yml +``` +**Note:** this assumes that the host inventory is /etc/ansible/hosts, if using a different +inventory file use the -i option for ansible-playbook. + +## Post-ansible steps +#### Create the default router +On the master host: +```sh +openshift ex router --create=true \ + --credentials=/var/lib/openshift/openshift.local.certificates/openshift-router/.kubeconfig +``` + +#### Create the default docker-registry +On the master host: +```sh +openshift ex registry --create=true \ + --credentials=/var/lib/openshift/openshift.local.certificates/openshift-registry/.kubeconfig \ + --mount-host=/var/lib/openshift/docker-registry +``` + +## Overriding detected ip addresses and hostnames +Some deployments will require that the user override the detected hostnames +and ip addresses for the hosts. To see what the default values will be you can +run the openshift_facts playbook: +```sh +ansible-playbook playbooks/byo/openshift_facts.yml +``` +The output will be similar to: +``` +ok: [10.3.9.45] => { + "result": { + "ansible_facts": { + "openshift": { + "common": { + "hostname": "jdetiber-osev3-ansible-005dcfa6-27c6-463d-9b95-ef059579befd.os1.phx2.redhat.com", + "ip": "172.16.4.79", + "public_hostname": "jdetiber-osev3-ansible-005dcfa6-27c6-463d-9b95-ef059579befd.os1.phx2.redhat.com", + "public_ip": "10.3.9.45", + "use_openshift_sdn": true + }, + "provider": { + ... <snip> ... + } + } + }, + "changed": false, + "invocation": { + "module_args": "", + "module_name": "openshift_facts" + } + } +} +ok: [10.3.9.42] => { + "result": { + "ansible_facts": { + "openshift": { + "common": { + "hostname": "jdetiber-osev3-ansible-c6ae8cdc-ba0b-4a81-bb37-14549893f9d3.os1.phx2.redhat.com", + "ip": "172.16.4.75", + "public_hostname": "jdetiber-osev3-ansible-c6ae8cdc-ba0b-4a81-bb37-14549893f9d3.os1.phx2.redhat.com", + "public_ip": "10.3.9.42", + "use_openshift_sdn": true + }, + "provider": { + ...<snip>... + } + } + }, + "changed": false, + "invocation": { + "module_args": "", + "module_name": "openshift_facts" + } + } +} +ok: [10.3.9.36] => { + "result": { + "ansible_facts": { + "openshift": { + "common": { + "hostname": "jdetiber-osev3-ansible-bc39a3d3-cdd7-42fe-9c12-9fac9b0ec320.os1.phx2.redhat.com", + "ip": "172.16.4.73", + "public_hostname": "jdetiber-osev3-ansible-bc39a3d3-cdd7-42fe-9c12-9fac9b0ec320.os1.phx2.redhat.com", + "public_ip": "10.3.9.36", + "use_openshift_sdn": true + }, + "provider": { + ...<snip>... + } + } + }, + "changed": false, + "invocation": { + "module_args": "", + "module_name": "openshift_facts" + } + } +} +``` +Now, we want to verify the detected common settings to verify that they are +what we expect them to be (if not, we can override them). + +* hostname + * Should resolve to the internal ip from the instances themselves. + * openshift_hostname will override. +* ip + * Should be the internal ip of the instance. + * openshift_ip will override. +* public hostname + * Should resolve to the external ip from hosts outside of the cloud + * provider openshift_public_hostname will override. +* public_ip + * Should be the externally accessible ip associated with the instance + * openshift_public_ip will override +* use_openshift_sdn + * Should be true unless the cloud is GCE. + * openshift_use_openshift_sdn overrides + +To override the the defaults, you can set the variables in your inventory: +``` +...snip... +[masters] +osv3-master.example.com openshift_ip=1.1.1.1 openshift_hostname=osv3-master.example.com openshift_public_ip=2.2.2.2 openshift_public_hostname=osv3-master.public.example.com +...snip... +``` diff --git a/README_vagrant.md b/README_vagrant.md new file mode 100644 index 000000000..e3b3b5551 --- /dev/null +++ b/README_vagrant.md @@ -0,0 +1,25 @@ +Requirements +------------ +- vagrant (tested against version 1.7.2) +- vagrant-hostmaster plugin (tested against version 1.5.0) +- vagrant-libvirt (tested against version 0.0.26) + - Only required if using libvirt instead of virtualbox + +Usage +----- +``` +vagrant up --no-provision +vagrant provision +``` + +Using libvirt: +``` +vagrant up --provider=libvirt --no-provision +vagrant provision +``` + +Environment Variables +--------------------- +The following environment variables can be overriden: +- OPENSHIFT_DEPLOYMENT_TYPE (defaults to origin, choices: origin, enterprise, online) +- OPENSHIFT_NUM_NODES (the number of nodes to create, defaults to 2) diff --git a/Vagrantfile b/Vagrantfile new file mode 100644 index 000000000..648bc5171 --- /dev/null +++ b/Vagrantfile @@ -0,0 +1,62 @@ +# -*- mode: ruby -*- +# vi: set ft=ruby : +VAGRANTFILE_API_VERSION = "2" + +unless Vagrant.has_plugin?("vagrant-hostmanager") + raise 'vagrant-hostmanager plugin is required' +end + +Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| + + deployment_type = ENV['OPENSHIFT_DEPLOYMENT_TYPE'] || 'origin' + num_nodes = (ENV['OPENSHIFT_NUM_NODES'] || 2).to_i + + config.hostmanager.enabled = true + config.hostmanager.manage_host = true + config.hostmanager.include_offline = true + config.ssh.insert_key = false + config.vm.provider "virtualbox" do |vbox, override| + override.vm.box = "chef/centos-7.1" + vbox.memory = 1024 + vbox.cpus = 2 + + # Enable multiple guest CPUs if available + vbox.customize ["modifyvm", :id, "--ioapic", "on"] + end + + config.vm.provider "libvirt" do |libvirt, override| + libvirt.cpus = 2 + libvirt.memory = 1024 + libvirt.driver = 'kvm' + override.vm.box = "centos-7.1" + override.vm.box_url = "https://download.gluster.org/pub/gluster/purpleidea/vagrant/centos-7.1/centos-7.1.box" + override.vm.box_download_checksum = "b2a9f7421e04e73a5acad6fbaf4e9aba78b5aeabf4230eebacc9942e577c1e05" + override.vm.box_download_checksum_type = "sha256" + end + + num_nodes.times do |n| + node_index = n+1 + config.vm.define "node#{node_index}" do |node| + node.vm.hostname = "ose3-node#{node_index}.example.com" + node.vm.network :private_network, ip: "192.168.100.#{200 + n}" + end + end + + config.vm.define "master" do |master| + master.vm.hostname = "ose3-master.example.com" + master.vm.network :private_network, ip: "192.168.100.100" + master.vm.network :forwarded_port, guest: 8443, host: 8443 + master.vm.provision "ansible" do |ansible| + ansible.limit = 'all' + ansible.sudo = true + ansible.groups = { + "masters" => ["master"], + "nodes" => ["node1", "node2"], + } + ansible.extra_vars = { + openshift_deployment_type: "origin", + } + ansible.playbook = "playbooks/byo/config.yml" + end + end +end @@ -12,12 +12,15 @@ import subprocess import ConfigParser from openshift_ansible import awsutil +from openshift_ansible import utils from openshift_ansible.awsutil import ArgumentError CONFIG_MAIN_SECTION = 'main' CONFIG_HOST_TYPE_ALIAS_SECTION = 'host_type_aliases' CONFIG_INVENTORY_OPTION = 'inventory' + + class Ohi(object): def __init__(self): self.inventory = None @@ -60,8 +63,12 @@ class Ohi(object): # We weren't able to determine what they wanted to do raise ArgumentError("Invalid combination of arguments") - for host in hosts: - print host + for host in sorted(hosts, key=utils.normalize_dnsname): + if self.args.user: + print "%s@%s" % (self.args.user, host) + else: + print host + return 0 def parse_config_file(self): @@ -94,6 +101,10 @@ class Ohi(object): parser.add_argument('-t', '--host-type', action="store", help="Which host type to use") + parser.add_argument('-l', '--user', action='store', default=None, + help='username') + + self.args = parser.parse_args() diff --git a/bin/openshift-ansible-bin.spec b/bin/openshift-ansible-bin.spec index c7db6f684..29aaff9ae 100644 --- a/bin/openshift-ansible-bin.spec +++ b/bin/openshift-ansible-bin.spec @@ -1,6 +1,6 @@ Summary: OpenShift Ansible Scripts for working with metadata hosts Name: openshift-ansible-bin -Version: 0.0.8 +Version: 0.0.12 Release: 1%{?dist} License: ASL 2.0 URL: https://github.com/openshift/openshift-ansible @@ -23,7 +23,7 @@ mkdir -p %{buildroot}%{python_sitelib}/openshift_ansible mkdir -p %{buildroot}/etc/bash_completion.d mkdir -p %{buildroot}/etc/openshift_ansible -cp -p ossh oscp opssh ohi %{buildroot}%{_bindir} +cp -p ossh oscp opssh opscp ohi %{buildroot}%{_bindir} cp -p openshift_ansible/* %{buildroot}%{python_sitelib}/openshift_ansible cp -p ossh_bash_completion %{buildroot}/etc/bash_completion.d @@ -36,6 +36,23 @@ cp -p openshift_ansible.conf.example %{buildroot}/etc/openshift_ansible/openshif %config(noreplace) /etc/openshift_ansible/ %changelog +* Tue May 05 2015 Thomas Wiest <twiest@redhat.com> 0.0.12-1 +- fixed opssh and opscp to allow just environment or just host-type. + (twiest@redhat.com) + +* Mon May 04 2015 Thomas Wiest <twiest@redhat.com> 0.0.11-1 +- changed opssh to a bash script using ohi to make it easier to maintain, and + to expose all of the pssh features directly. (twiest@redhat.com) +- Added --user option to ohi to pre-pend the username in the hostlist output. + (twiest@redhat.com) +- Added utils.py that contains a normalize_dnsname function good for sorting + dns names to a human readable list. (twiest@redhat.com) + +* Thu Apr 30 2015 Thomas Wiest <twiest@redhat.com> 0.0.10-1 +- added --list-host-types option to opscp (twiest@redhat.com) + +* Thu Apr 30 2015 Thomas Wiest <twiest@redhat.com> 0.0.9-1 +- added opscp (twiest@redhat.com) * Mon Apr 13 2015 Thomas Wiest <twiest@redhat.com> 0.0.8-1 - fixed bug in opssh where it wouldn't actually run pssh (twiest@redhat.com) diff --git a/bin/openshift_ansible/utils.py b/bin/openshift_ansible/utils.py new file mode 100644 index 000000000..e6243aa5a --- /dev/null +++ b/bin/openshift_ansible/utils.py @@ -0,0 +1,30 @@ +#!/usr/bin/env python +# vim: expandtab:tabstop=4:shiftwidth=4 + +''' The purpose of this module is to contain small utility functions. +''' + +import re + +def normalize_dnsname(name, padding=10): + ''' The purpose of this function is to return a dns name with zero padding, + so that it sorts properly (as a human would expect). + + Example: name=ex-lrg-node10.prod.rhcloud.com + Returns: ex-lrg-node0000000010.prod.rhcloud.com + + Example Usage: + sorted(['a3.example.com', 'a10.example.com', 'a1.example.com'], + key=normalize_dnsname) + + Returns: ['a1.example.com', 'a3.example.com', 'a10.example.com'] + ''' + parts = re.split(r'(\d+)', name) + retval = [] + for part in parts: + if re.match(r'^\d+$', part): + retval.append(part.zfill(padding)) + else: + retval.append(part) + + return ''.join(retval) diff --git a/bin/opscp b/bin/opscp new file mode 100755 index 000000000..391cb6696 --- /dev/null +++ b/bin/opscp @@ -0,0 +1,131 @@ +#!/bin/bash +# vim: expandtab:tabstop=4:shiftwidth=4 + + +function usage() { + cat << EOF +Usage: opscp [OPTIONS] local remote + +Options: + --version show program's version number and exit + --help show this help message and exit + -l USER, --user=USER username (OPTIONAL) + -p PAR, --par=PAR max number of parallel threads (OPTIONAL) + --outdir=OUTDIR output directory for stdout files (OPTIONAL) + --errdir=ERRDIR output directory for stderr files (OPTIONAL) + -e ENV, --env ENV which environment to use + -t HOST_TYPE, --host-type HOST_TYPE + which host type to use + --list-host-types list all of the host types + --timeout=TIMEOUT timeout (secs) (0 = no timeout) per host (OPTIONAL) + -O OPTION, --option=OPTION + SSH option (OPTIONAL) + -v, --verbose turn on warning and diagnostic messages (OPTIONAL) + -A, --askpass Ask for a password (OPTIONAL) + -x ARGS, --extra-args=ARGS + Extra command-line arguments, with processing for + spaces, quotes, and backslashes + -X ARG, --extra-arg=ARG + Extra command-line argument + -r, --recursive recusively copy directories (OPTIONAL) + +Example: opscp -t ex-srv -e stg -l irb2 foo.txt /home/irb2/foo.txt + +EOF +} + +if [ $# -eq 0 ] || [ "$1" == "--help" ] +then + usage + exit 1 +fi + +# See if ohi is installed +if ! which ohi &>/dev/null ; then + echo "ERROR: can't find ohi (OpenShift Host Inventory) on your system, please either install the openshift-ansible-bin package, or add openshift-ansible/bin to your path." + + exit 10 +fi + +PAR=200 +USER=root +TIMEOUT=0 +ENV="" +HOST_TYPE="" + +while [ $# -gt 0 ] ; do + case $1 in + -t|--host-type) + shift # get past the option + HOST_TYPE=$1 + shift # get past the value of the option + ;; + + -e) + shift # get past the option + ENV=$1 + shift # get past the value of the option + ;; + + --timeout) + shift # get past the option + TIMEOUT=$1 + shift # get past the value of the option + ;; + + -p|--par) + shift # get past the option + PAR=$1 + shift # get past the value of the option + ;; + + -l|--user) + shift # get past the option + USER=$1 + shift # get past the value of the option + ;; + + --list-host-types) + ohi --list-host-types + exit 0 + ;; + + -h|--hosts|-H|--host|-o) + echo "ERROR: unknown option $1" + exit 20 + ;; + + *) + args+=("$1") + shift + ;; + esac +done + +# Get host list from ohi +if [ -n "$ENV" -a -n "$HOST_TYPE" ] ; then + HOSTS="$(ohi -t "$HOST_TYPE" -e "$ENV" 2>/dev/null)" + OHI_ECODE=$? +elif [ -n "$ENV" ] ; then + HOSTS="$(ohi -e "$ENV" 2>/dev/null)" + OHI_ECODE=$? +elif [ -n "$HOST_TYPE" ] ; then + HOSTS="$(ohi -t "$HOST_TYPE" 2>/dev/null)" + OHI_ECODE=$? +else + echo + echo "Error: either -e or -t must be specified" + echo + exit 10 +fi + +if [ $OHI_ECODE -ne 0 ] ; then + echo + echo "ERROR: ohi failed with exit code $OHI_ECODE" + echo + echo "This is usually caused by a bad value passed for host-type or environment." + echo + exit 25 +fi + +exec pscp.pssh -t $TIMEOUT -p $PAR -l $USER -h <(echo "$HOSTS") "${args[@]}" @@ -1,146 +1,134 @@ -#!/usr/bin/env python +#!/bin/bash # vim: expandtab:tabstop=4:shiftwidth=4 -import argparse -import traceback -import sys -import os -import re -import tempfile -import time -import subprocess -import ConfigParser -from openshift_ansible import awsutil -from openshift_ansible.awsutil import ArgumentError - -DEFAULT_PSSH_PAR = 200 -PSSH = '/usr/bin/pssh' -CONFIG_MAIN_SECTION = 'main' -CONFIG_HOST_TYPE_ALIAS_SECTION = 'host_type_aliases' -CONFIG_INVENTORY_OPTION = 'inventory' - -class Opssh(object): - def __init__(self): - self.inventory = None - self.host_type_aliases = {} - self.file_path = os.path.join(os.path.dirname(os.path.realpath(__file__))) - - # Default the config path to /etc - self.config_path = os.path.join(os.path.sep, 'etc', \ - 'openshift_ansible', \ - 'openshift_ansible.conf') - - self.parse_cli_args() - self.parse_config_file() - - self.aws = awsutil.AwsUtil(self.inventory, self.host_type_aliases) - - def run(self): - if self.args.list_host_types: - self.aws.print_host_types() - return 0 - - if self.args.host_type is not None or \ - self.args.env is not None: - return self.run_pssh() - - # We weren't able to determine what they wanted to do - raise ArgumentError("Invalid combination of arguments") - - def run_pssh(self): - """Actually run the pssh command based off of the supplied options - """ - - # Default set of options - pssh_args = [PSSH, '-t', '0', '-p', str(self.args.par), '--user', self.args.user] - - if self.args.inline: - pssh_args.append("--inline") - - if self.args.outdir: - pssh_args.extend(["--outdir", self.args.outdir]) - - if self.args.errdir: - pssh_args.extend(["--errdir", self.args.errdir]) - - hosts = self.aws.get_host_list(host_type=self.args.host_type, - env=self.args.env) - - with tempfile.NamedTemporaryFile(prefix='opssh-', delete=True) as f: - for h in hosts: - f.write(h + os.linesep) - f.flush() - - pssh_args.extend(["-h", f.name]) - pssh_args.append(self.args.command) - - print - print "Running: %s" % ' '.join(pssh_args) - print - return subprocess.call(pssh_args) - - return None - - def parse_config_file(self): - if os.path.isfile(self.config_path): - config = ConfigParser.ConfigParser() - config.read(self.config_path) - - if config.has_section(CONFIG_MAIN_SECTION) and \ - config.has_option(CONFIG_MAIN_SECTION, CONFIG_INVENTORY_OPTION): - self.inventory = config.get(CONFIG_MAIN_SECTION, CONFIG_INVENTORY_OPTION) - - self.host_type_aliases = {} - if config.has_section(CONFIG_HOST_TYPE_ALIAS_SECTION): - for alias in config.options(CONFIG_HOST_TYPE_ALIAS_SECTION): - value = config.get(CONFIG_HOST_TYPE_ALIAS_SECTION, alias).split(',') - self.host_type_aliases[alias] = value - - def parse_cli_args(self): - """Setup the command line parser with the options we want - """ - - parser = argparse.ArgumentParser(description='Openshift Online PSSH Tool.') - - parser.add_argument('--list-host-types', default=False, action='store_true', - help='List all of the host types') - - parser.add_argument('-e', '--env', action="store", - help="Which environment to use") - - parser.add_argument('-t', '--host-type', action="store", default=None, - help="Which host type to use") - - parser.add_argument('-c', '--command', action='store', - help='Command to run on remote host(s)') - - parser.add_argument('--user', action='store', default='root', - help='username') - - parser.add_argument('-i', '--inline', default=False, action='store_true', - help='inline aggregated output and error for each server') - - parser.add_argument('-p', '--par', action='store', default=DEFAULT_PSSH_PAR, - help=('max number of parallel threads (default %s)' % DEFAULT_PSSH_PAR)) - - parser.add_argument('--outdir', action='store', - help='output directory for stdout files') - - parser.add_argument('--errdir', action='store', - help='output directory for stderr files') - - self.args = parser.parse_args() - - -if __name__ == '__main__': - if len(sys.argv) == 1: - print "\nError: No options given. Use --help to see the available options\n" - sys.exit(0) - - try: - opssh = Opssh() - exitcode = opssh.run() - sys.exit(exitcode) - except ArgumentError as e: - print "\nError: %s\n" % e.message +function usage() { + cat << EOF +Usage: opssh [OPTIONS] command [...] + +Options: + --version show program's version number and exit + --help show this help message and exit + -l USER, --user=USER username (OPTIONAL) + -p PAR, --par=PAR max number of parallel threads (OPTIONAL) + --outdir=OUTDIR output directory for stdout files (OPTIONAL) + --errdir=ERRDIR output directory for stderr files (OPTIONAL) + -e ENV, --env ENV which environment to use + -t HOST_TYPE, --host-type HOST_TYPE + which host type to use + --list-host-types list all of the host types + --timeout=TIMEOUT timeout (secs) (0 = no timeout) per host (OPTIONAL) + -O OPTION, --option=OPTION + SSH option (OPTIONAL) + -v, --verbose turn on warning and diagnostic messages (OPTIONAL) + -A, --askpass Ask for a password (OPTIONAL) + -x ARGS, --extra-args=ARGS + Extra command-line arguments, with processing for + spaces, quotes, and backslashes + -X ARG, --extra-arg=ARG + Extra command-line argument + -i, --inline inline aggregated output and error for each server + --inline-stdout inline standard output for each server + -I, --send-input read from standard input and send as input to ssh + -P, --print print output as we get it + +Example: opssh -t ex-srv -e stg -l irb2 --outdir /tmp/foo uptime + +EOF +} + +if [ $# -eq 0 ] || [ "$1" == "--help" ] +then + usage + exit 1 +fi + +# See if ohi is installed +if ! which ohi &>/dev/null ; then + echo "ERROR: can't find ohi (OpenShift Host Inventory) on your system, please either install the openshift-ansible-bin package, or add openshift-ansible/bin to your path." + + exit 10 +fi + +PAR=200 +USER=root +TIMEOUT=0 +ARGS=() +ENV="" +HOST_TYPE="" +while [ $# -gt 0 ] ; do + case $1 in + -t|--host-type) + shift # get past the option + HOST_TYPE=$1 + shift # get past the value of the option + ;; + + -e) + shift # get past the option + ENV=$1 + shift # get past the value of the option + ;; + + --timeout) + shift # get past the option + TIMEOUT=$1 + shift # get past the value of the option + ;; + + -p|--par) + shift # get past the option + PAR=$1 + shift # get past the value of the option + ;; + + -l|--user) + shift # get past the option + USER=$1 + shift # get past the value of the option + ;; + + --list-host-types) + ohi --list-host-types + exit 0 + ;; + + -h|--hosts|-H|--host|-o) + echo "ERROR: unknown option $1" + exit 20 + ;; + + *) + args+=("$1") + shift + ;; + esac +done + +# Get host list from ohi +if [ -n "$ENV" -a -n "$HOST_TYPE" ] ; then + HOSTS="$(ohi -t "$HOST_TYPE" -e "$ENV" 2>/dev/null)" + OHI_ECODE=$? +elif [ -n "$ENV" ] ; then + HOSTS="$(ohi -e "$ENV" 2>/dev/null)" + OHI_ECODE=$? +elif [ -n "$HOST_TYPE" ] ; then + HOSTS="$(ohi -t "$HOST_TYPE" 2>/dev/null)" + OHI_ECODE=$? +else + echo + echo "Error: either -e or -t must be specified" + echo + exit 10 +fi + +if [ $OHI_ECODE -ne 0 ] ; then + echo + echo "ERROR: ohi failed with exit code $OHI_ECODE" + echo + echo "This is usually caused by a bad value passed for host-type or environment." + echo + exit 25 +fi + +exec pssh -t $TIMEOUT -p $PAR -l $USER -h <(echo "$HOSTS") "${args[@]}" diff --git a/playbooks/common/openshift-node/config.yml b/playbooks/common/openshift-node/config.yml index 5a6c89489..433cfeb87 100644 --- a/playbooks/common/openshift-node/config.yml +++ b/playbooks/common/openshift-node/config.yml @@ -28,6 +28,8 @@ - name: Create temp directory for syncing certs hosts: localhost + connection: local + sudo: false gather_facts: no tasks: - name: Create local temp directory for syncing certs @@ -112,6 +114,8 @@ - name: Delete temporary directory on localhost hosts: localhost + connection: local + sudo: false gather_facts: no tasks: - file: name={{ mktemp.stdout }} state=absent diff --git a/rel-eng/packages/openshift-ansible-bin b/rel-eng/packages/openshift-ansible-bin index 500e1f4b1..8a9624397 100644 --- a/rel-eng/packages/openshift-ansible-bin +++ b/rel-eng/packages/openshift-ansible-bin @@ -1 +1 @@ -0.0.8-1 bin/ +0.0.12-1 bin/ diff --git a/roles/ansible_tower/tasks/main.yaml b/roles/ansible_tower/tasks/main.yaml index 1d75a95e6..c110a3b70 100644 --- a/roles/ansible_tower/tasks/main.yaml +++ b/roles/ansible_tower/tasks/main.yaml @@ -9,7 +9,6 @@ - ansible - telnet - ack - - python-ansible-tower-cli - name: download Tower setup get_url: url=http://releases.ansible.com/ansible-tower/setup/ansible-tower-setup-2.1.1.tar.gz dest=/opt/ force=no @@ -32,3 +31,12 @@ - name: Set (httpd_can_network_connect_db) flag on and keep it persistent across reboots seboolean: name=httpd_can_network_connect_db state=yes persistent=yes +- name: Setup proot to allow access to /etc/tower/ + lineinfile: + dest: /etc/tower/settings.py + backrefs: yes + regexp: "^({{ item.option }})( *)=" + line: '\1\2= {{ item.value }}' + with_items: config_changes | default([], true) + + diff --git a/roles/ansible_tower_cli/README.md b/roles/ansible_tower_cli/README.md new file mode 100644 index 000000000..d2d68146f --- /dev/null +++ b/roles/ansible_tower_cli/README.md @@ -0,0 +1,50 @@ +ansible_tower_cli +============== + +Install ansible-tower-cli rpm. + +Requirements +------------ + +None + +Role Variables +-------------- + +None + +Dependencies +------------ + +None + +Example Playbook +---------------- + +Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: + + - hosts: servers + roles: + - roles/ansible_tower_cli + +License +------- + +Copyright 2012-2014 Red Hat, Inc., All rights reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + +Author Information +------------------ + +openshift operations diff --git a/roles/ansible_tower_cli/defaults/main.yml b/roles/ansible_tower_cli/defaults/main.yml new file mode 100644 index 000000000..bef66bbfd --- /dev/null +++ b/roles/ansible_tower_cli/defaults/main.yml @@ -0,0 +1,2 @@ +--- +# defaults file for ansible_tower_cli diff --git a/roles/ansible_tower_cli/handlers/main.yml b/roles/ansible_tower_cli/handlers/main.yml new file mode 100644 index 000000000..0ce873648 --- /dev/null +++ b/roles/ansible_tower_cli/handlers/main.yml @@ -0,0 +1,2 @@ +--- +# handlers file for ansible_tower_cli diff --git a/roles/ansible_tower_cli/meta/main.yml b/roles/ansible_tower_cli/meta/main.yml new file mode 100644 index 000000000..41dd23720 --- /dev/null +++ b/roles/ansible_tower_cli/meta/main.yml @@ -0,0 +1,9 @@ +--- +galaxy_info: + author: openshift operations name + description: install ansible-tower-cli + company: Red Hat, inc + license: ASL 2.0 + min_ansible_version: 1.2 +dependencies: [] + diff --git a/roles/ansible_tower_cli/tasks/main.yml b/roles/ansible_tower_cli/tasks/main.yml new file mode 100644 index 000000000..41fac22a0 --- /dev/null +++ b/roles/ansible_tower_cli/tasks/main.yml @@ -0,0 +1,18 @@ +--- +- name: Install python-ansible-tower-cli + yum: name=python-ansible-tower-cli + +- template: + src: tower_cli.cfg.j2 + dest: /etc/tower/tower_cli.cfg + owner: awx + group: awx + mode: 0640 + +- file: + state: link + src: /etc/tower + dest: /etc/awx + owner: awx + group: awx + diff --git a/roles/ansible_tower_cli/templates/tower_cli.cfg.j2 b/roles/ansible_tower_cli/templates/tower_cli.cfg.j2 new file mode 100644 index 000000000..5a0a275b0 --- /dev/null +++ b/roles/ansible_tower_cli/templates/tower_cli.cfg.j2 @@ -0,0 +1,5 @@ +[general] +host = {{ oo_towercli_host }} +username = {{ oo_towercli_username }} +password = {{ oo_towercli_password }} +verify_ssl = true diff --git a/roles/ansible_tower_cli/vars/main.yml b/roles/ansible_tower_cli/vars/main.yml new file mode 100644 index 000000000..a4c9abfb4 --- /dev/null +++ b/roles/ansible_tower_cli/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for ansible_tower_cli diff --git a/roles/openshift_ansible_inventory/tasks/main.yml b/roles/openshift_ansible_inventory/tasks/main.yml index 3990d5750..dddfe24e3 100644 --- a/roles/openshift_ansible_inventory/tasks/main.yml +++ b/roles/openshift_ansible_inventory/tasks/main.yml @@ -9,3 +9,37 @@ group: "{{ oo_inventory_group }}" owner: "{{ oo_inventory_owner }}" mode: "0640" + +- file: + state: directory + dest: /etc/ansible/inventory + owner: root + group: libra_ops + mode: 0750 + +- file: + state: link + src: /usr/share/ansible/inventory/multi_ec2.py + dest: /etc/ansible/inventory/multi_ec2.py + owner: root + group: libra_ops + +- lineinfile: + dest: /etc/ansible/ansible.cfg + backrefs: yes + regexp: '^(hostfile|inventory)( *)=' + line: '\1\2= /etc/ansible/inventory' + +- name: setting ec2.ini destination_format + lineinfile: + dest: /usr/share/ansible/inventory/aws/ec2.ini + regexp: '^destination_format *=' + line: "destination_format = {{ oo_ec2_destination_format }}" + when: oo_ec2_destination_format is defined + +- name: setting ec2.ini destination_format_tags + lineinfile: + dest: /usr/share/ansible/inventory/aws/ec2.ini + regexp: '^destination_format_tags *=' + line: "destination_format_tags = {{ oo_ec2_destination_format_tags }}" + when: oo_ec2_destination_format_tags is defined diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 28bdda618..f9e6199a5 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -104,3 +104,14 @@ with_items: - root - "{{ ansible_ssh_user }}" + +- name: Update the permissions on the OpenShift client config(s) + file: + path: "~{{ item }}/.config/openshift/.config" + state: file + mode: 0700 + owner: "{{ item }}" + group: "{{ item }}" + with_items: + - root + - "{{ ansible_ssh_user }}" |