diff options
Diffstat (limited to 'docs/proposals')
-rw-r--r-- | docs/proposals/crt_management_proposal.md | 113 | ||||
-rw-r--r-- | docs/proposals/role_decomposition.md | 16 |
2 files changed, 121 insertions, 8 deletions
diff --git a/docs/proposals/crt_management_proposal.md b/docs/proposals/crt_management_proposal.md new file mode 100644 index 000000000..bf4048744 --- /dev/null +++ b/docs/proposals/crt_management_proposal.md @@ -0,0 +1,113 @@ +# Container Runtime Management + +## Description +origin and openshift-ansible support multiple container runtimes. This proposal +is related to refactoring how we handle those runtimes in openshift-ansible. + +### Problems addressed +We currently don't install docker during the install at a point early enough to +not fail health checks, and we don't have a good story around when/how to do it. +This is complicated by logic around containerized and non-containerized installs. + +A web of dependencies can cause changes to docker that are unintended and has +resulted in a series of work-around such as 'skip_docker' boolean. + +We don't handle docker storage because it's BYO. By moving docker to a prerequisite +play, we can tackle storage up front and never have to touch it again. + +container_runtime logic is currently spread across 3 roles: docker, openshift_docker, +and openshift_docker_facts. The name 'docker' does not accurately portray what +the role(s) do. + +## Rationale +* Refactor docker (and related meta/fact roles) into 'container_runtime' role. +* Strip all meta-depends on container runtime out of other roles and plays. +* Create a 'prerequisites.yml' entry point that will setup various items +such as container storage and container runtime before executing installation. +* All other roles and plays should merely consume container runtime, should not +configure, restart, or change the container runtime as much as feasible. + +## Design + +The container_runtime role should be comprised of 3 'pseudo-roles' which will be +consumed using import_role; each component area should be enabled/disabled with +a boolean value, defaulting to true. + +I call them 'pseudo-roles' because they are more or less independent functional +areas that may share some variables and act on closely related components. This +is an effort to reuse as much code as possible, limit role-bloat (we already have +an abundance of roles), and make things as modular as possible. + +```yaml +# prerequisites.yml +- include: std_include.yml +- include: container_runtime_setup.yml +... +# container_runtime_setup.yml +- hosts: "{{ openshift_runtime_manage_hosts | default('oo_nodes_to_config') }}" + tasks: + - import_role: + name: container_runtime + tasks_from: install.yml + when: openshift_container_runtime_install | default(True) | bool + - import_role: + name: container_runtime + tasks_from: storage.yml + when: openshift_container_runtime_storage | default(True) | bool + - import_role: + name: container_runtime + tasks_from: configure.yml + when: openshift_container_runtime_configure | default(True) | bool +``` + +Note the host group on the above play. No more guessing what hosts to run this +stuff against. If you want to use an atomic install, specify what hosts will need +us to setup container runtime (such as etcd hosts, loadbalancers, etc); + +We should direct users that are using atomic hosts to disable install in the docs, +let's not add a bunch of logic. + +Alternatively, we can create a new group. + +### Part 1, container runtime install +Install the container runtime components of the desired type. + +```yaml +# install.yml +- include: docker.yml + when: openshift_container_runtime_install_docker | bool + +- include: crio.yml + when: openshift_container_runtime_install_crio | bool + +... other container run times... +``` + +Alternatively to using booleans for each run time, we could use a variable like +"openshift_container_runtime_type". This would be my preference, as we could +use this information in later roles. + +### Part 2, configure/setup container runtime storage +Configure a supported storage solution for containers. + +Similar setup to the previous section. We might need to add some logic for the +different runtimes here, or we maybe create a matrix of possible options. + +### Part 3, configure container runtime. +Place config files, environment files, systemd units, etc. Start/restart +the container runtime as needed. + +Similar to Part 1 with how we should do things. + +## Checklist +* Strip docker from meta dependencies. +* Combine docker facts and meta roles into container_runtime role. +* Docs + +## User Story +As a user of openshift-ansible, I want to be able to manage my container runtime +and related components independent of openshift itself. + +## Acceptance Criteria +* Verify that each container runtime installs with this new method. +* Verify that openshift installs with this new method. diff --git a/docs/proposals/role_decomposition.md b/docs/proposals/role_decomposition.md index 6434e24e7..61690e8bd 100644 --- a/docs/proposals/role_decomposition.md +++ b/docs/proposals/role_decomposition.md @@ -115,12 +115,12 @@ providing the location of the generated certificates to the individual roles. generated_certs_dir: "{{openshift.common.config_base}}/logging" ## Elasticsearch -- include_role: +- import_role: name: openshift_logging_elasticsearch vars: generated_certs_dir: "{{openshift.common.config_base}}/logging" -- include_role: +- import_role: name: openshift_logging_elasticsearch vars: generated_certs_dir: "{{openshift.common.config_base}}/logging" @@ -130,7 +130,7 @@ providing the location of the generated certificates to the individual roles. ## Kibana -- include_role: +- import_role: name: openshift_logging_kibana vars: generated_certs_dir: "{{openshift.common.config_base}}/logging" @@ -144,7 +144,7 @@ providing the location of the generated certificates to the individual roles. openshift_logging_kibana_es_port: "{{ openshift_logging_es_port }}" openshift_logging_kibana_image_pull_secret: "{{ openshift_logging_image_pull_secret }}" -- include_role: +- import_role: name: openshift_logging_kibana vars: generated_certs_dir: "{{openshift.common.config_base}}/logging" @@ -173,7 +173,7 @@ providing the location of the generated certificates to the individual roles. ## Curator -- include_role: +- import_role: name: openshift_logging_curator vars: generated_certs_dir: "{{openshift.common.config_base}}/logging" @@ -183,7 +183,7 @@ providing the location of the generated certificates to the individual roles. openshift_logging_curator_image_version: "{{ openshift_logging_image_version }}" openshift_logging_curator_image_pull_secret: "{{ openshift_logging_image_pull_secret }}" -- include_role: +- import_role: name: openshift_logging_curator vars: generated_certs_dir: "{{openshift.common.config_base}}/logging" @@ -201,7 +201,7 @@ providing the location of the generated certificates to the individual roles. ## Fluentd -- include_role: +- import_role: name: openshift_logging_fluentd vars: generated_certs_dir: "{{openshift.common.config_base}}/logging" @@ -262,7 +262,7 @@ dependencies: - name: "Create logging project" command: > - {{ openshift.common.admin_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig new-project {{openshift_logging_namespace}} + {{ openshift.common.client_binary }} adm --config={{ mktemp.stdout }}/admin.kubeconfig new-project {{openshift_logging_namespace}} when: not ansible_check_mode and "not found" in logging_project_result.stderr - name: Create logging cert directory |