summaryrefslogtreecommitdiffstats
path: root/docs/proposals
diff options
context:
space:
mode:
Diffstat (limited to 'docs/proposals')
-rw-r--r--docs/proposals/crt_management_proposal.md113
-rw-r--r--docs/proposals/role_decomposition.md16
2 files changed, 121 insertions, 8 deletions
diff --git a/docs/proposals/crt_management_proposal.md b/docs/proposals/crt_management_proposal.md
new file mode 100644
index 000000000..bf4048744
--- /dev/null
+++ b/docs/proposals/crt_management_proposal.md
@@ -0,0 +1,113 @@
+# Container Runtime Management
+
+## Description
+origin and openshift-ansible support multiple container runtimes. This proposal
+is related to refactoring how we handle those runtimes in openshift-ansible.
+
+### Problems addressed
+We currently don't install docker during the install at a point early enough to
+not fail health checks, and we don't have a good story around when/how to do it.
+This is complicated by logic around containerized and non-containerized installs.
+
+A web of dependencies can cause changes to docker that are unintended and has
+resulted in a series of work-around such as 'skip_docker' boolean.
+
+We don't handle docker storage because it's BYO. By moving docker to a prerequisite
+play, we can tackle storage up front and never have to touch it again.
+
+container_runtime logic is currently spread across 3 roles: docker, openshift_docker,
+and openshift_docker_facts. The name 'docker' does not accurately portray what
+the role(s) do.
+
+## Rationale
+* Refactor docker (and related meta/fact roles) into 'container_runtime' role.
+* Strip all meta-depends on container runtime out of other roles and plays.
+* Create a 'prerequisites.yml' entry point that will setup various items
+such as container storage and container runtime before executing installation.
+* All other roles and plays should merely consume container runtime, should not
+configure, restart, or change the container runtime as much as feasible.
+
+## Design
+
+The container_runtime role should be comprised of 3 'pseudo-roles' which will be
+consumed using import_role; each component area should be enabled/disabled with
+a boolean value, defaulting to true.
+
+I call them 'pseudo-roles' because they are more or less independent functional
+areas that may share some variables and act on closely related components. This
+is an effort to reuse as much code as possible, limit role-bloat (we already have
+an abundance of roles), and make things as modular as possible.
+
+```yaml
+# prerequisites.yml
+- include: std_include.yml
+- include: container_runtime_setup.yml
+...
+# container_runtime_setup.yml
+- hosts: "{{ openshift_runtime_manage_hosts | default('oo_nodes_to_config') }}"
+ tasks:
+ - import_role:
+ name: container_runtime
+ tasks_from: install.yml
+ when: openshift_container_runtime_install | default(True) | bool
+ - import_role:
+ name: container_runtime
+ tasks_from: storage.yml
+ when: openshift_container_runtime_storage | default(True) | bool
+ - import_role:
+ name: container_runtime
+ tasks_from: configure.yml
+ when: openshift_container_runtime_configure | default(True) | bool
+```
+
+Note the host group on the above play. No more guessing what hosts to run this
+stuff against. If you want to use an atomic install, specify what hosts will need
+us to setup container runtime (such as etcd hosts, loadbalancers, etc);
+
+We should direct users that are using atomic hosts to disable install in the docs,
+let's not add a bunch of logic.
+
+Alternatively, we can create a new group.
+
+### Part 1, container runtime install
+Install the container runtime components of the desired type.
+
+```yaml
+# install.yml
+- include: docker.yml
+ when: openshift_container_runtime_install_docker | bool
+
+- include: crio.yml
+ when: openshift_container_runtime_install_crio | bool
+
+... other container run times...
+```
+
+Alternatively to using booleans for each run time, we could use a variable like
+"openshift_container_runtime_type". This would be my preference, as we could
+use this information in later roles.
+
+### Part 2, configure/setup container runtime storage
+Configure a supported storage solution for containers.
+
+Similar setup to the previous section. We might need to add some logic for the
+different runtimes here, or we maybe create a matrix of possible options.
+
+### Part 3, configure container runtime.
+Place config files, environment files, systemd units, etc. Start/restart
+the container runtime as needed.
+
+Similar to Part 1 with how we should do things.
+
+## Checklist
+* Strip docker from meta dependencies.
+* Combine docker facts and meta roles into container_runtime role.
+* Docs
+
+## User Story
+As a user of openshift-ansible, I want to be able to manage my container runtime
+and related components independent of openshift itself.
+
+## Acceptance Criteria
+* Verify that each container runtime installs with this new method.
+* Verify that openshift installs with this new method.
diff --git a/docs/proposals/role_decomposition.md b/docs/proposals/role_decomposition.md
index 6434e24e7..61690e8bd 100644
--- a/docs/proposals/role_decomposition.md
+++ b/docs/proposals/role_decomposition.md
@@ -115,12 +115,12 @@ providing the location of the generated certificates to the individual roles.
generated_certs_dir: "{{openshift.common.config_base}}/logging"
## Elasticsearch
-- include_role:
+- import_role:
name: openshift_logging_elasticsearch
vars:
generated_certs_dir: "{{openshift.common.config_base}}/logging"
-- include_role:
+- import_role:
name: openshift_logging_elasticsearch
vars:
generated_certs_dir: "{{openshift.common.config_base}}/logging"
@@ -130,7 +130,7 @@ providing the location of the generated certificates to the individual roles.
## Kibana
-- include_role:
+- import_role:
name: openshift_logging_kibana
vars:
generated_certs_dir: "{{openshift.common.config_base}}/logging"
@@ -144,7 +144,7 @@ providing the location of the generated certificates to the individual roles.
openshift_logging_kibana_es_port: "{{ openshift_logging_es_port }}"
openshift_logging_kibana_image_pull_secret: "{{ openshift_logging_image_pull_secret }}"
-- include_role:
+- import_role:
name: openshift_logging_kibana
vars:
generated_certs_dir: "{{openshift.common.config_base}}/logging"
@@ -173,7 +173,7 @@ providing the location of the generated certificates to the individual roles.
## Curator
-- include_role:
+- import_role:
name: openshift_logging_curator
vars:
generated_certs_dir: "{{openshift.common.config_base}}/logging"
@@ -183,7 +183,7 @@ providing the location of the generated certificates to the individual roles.
openshift_logging_curator_image_version: "{{ openshift_logging_image_version }}"
openshift_logging_curator_image_pull_secret: "{{ openshift_logging_image_pull_secret }}"
-- include_role:
+- import_role:
name: openshift_logging_curator
vars:
generated_certs_dir: "{{openshift.common.config_base}}/logging"
@@ -201,7 +201,7 @@ providing the location of the generated certificates to the individual roles.
## Fluentd
-- include_role:
+- import_role:
name: openshift_logging_fluentd
vars:
generated_certs_dir: "{{openshift.common.config_base}}/logging"
@@ -262,7 +262,7 @@ dependencies:
- name: "Create logging project"
command: >
- {{ openshift.common.admin_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig new-project {{openshift_logging_namespace}}
+ {{ openshift.common.client_binary }} adm --config={{ mktemp.stdout }}/admin.kubeconfig new-project {{openshift_logging_namespace}}
when: not ansible_check_mode and "not found" in logging_project_result.stderr
- name: Create logging cert directory