summaryrefslogtreecommitdiffstats
path: root/playbooks/aws/openshift-cluster
diff options
context:
space:
mode:
Diffstat (limited to 'playbooks/aws/openshift-cluster')
-rw-r--r--playbooks/aws/openshift-cluster/build_ami.yml8
-rw-r--r--playbooks/aws/openshift-cluster/build_node_group.yml31
-rw-r--r--playbooks/aws/openshift-cluster/provision.yml49
-rw-r--r--playbooks/aws/openshift-cluster/provision_nodes.yml19
-rw-r--r--playbooks/aws/openshift-cluster/vars.yml11
5 files changed, 76 insertions, 42 deletions
diff --git a/playbooks/aws/openshift-cluster/build_ami.yml b/playbooks/aws/openshift-cluster/build_ami.yml
index d27874200..998cf4340 100644
--- a/playbooks/aws/openshift-cluster/build_ami.yml
+++ b/playbooks/aws/openshift-cluster/build_ami.yml
@@ -24,6 +24,14 @@
r_openshift_aws_ssh_keys_users: "{{ provision.instance_users }}"
r_openshift_aws_ssh_keys_region: "{{ provision.region }}"
+ - name: Create compute sgs
+ include_role:
+ name: openshift_aws_sg
+ vars:
+ r_openshift_aws_sg_clusterid: "{{ provision.clusterid }}"
+ r_openshift_aws_sg_region: "{{ provision.region }}"
+ r_openshift_aws_sg_type: compute
+
- name: fetch the default subnet id
ec2_vpc_subnet_facts:
region: "{{ provision.region }}"
diff --git a/playbooks/aws/openshift-cluster/build_node_group.yml b/playbooks/aws/openshift-cluster/build_node_group.yml
index 3ef492238..5b0330e46 100644
--- a/playbooks/aws/openshift-cluster/build_node_group.yml
+++ b/playbooks/aws/openshift-cluster/build_node_group.yml
@@ -1,47 +1,48 @@
---
- name: fetch recently created AMI
ec2_ami_find:
- region: "{{ provision.region }}"
+ region: "{{ openshift_region }}"
sort: creationDate
sort_order: descending
- name: "{{ provision.build.ami_name }}*"
- ami_tags: "{{ provision.build.openshift_ami_tags }}"
+ name: "{{ openshift_ami_name }}*"
+ ami_tags: "{{ openshift_ami_tags }}"
#no_result_action: fail
register: amiout
+ when: not openshift_use_custom_ami
- block:
- name: "Create {{ openshift_build_node_type }} sgs"
include_role:
name: openshift_aws_sg
vars:
- r_openshift_aws_sg_clusterid: "{{ provision.clusterid }}"
- r_openshift_aws_sg_region: "{{ provision.region }}"
+ r_openshift_aws_sg_clusterid: "{{ openshift_clusterid }}"
+ r_openshift_aws_sg_region: "{{ openshift_region }}"
r_openshift_aws_sg_type: "{{ openshift_build_node_type }}"
- name: "generate a launch config name for {{ openshift_build_node_type }}"
set_fact:
- launch_config_name: "{{ provision.clusterid }}-{{ openshift_build_node_type }}-{{ ansible_date_time.epoch }}"
+ launch_config_name: "{{ openshift_clusterid }}-{{ openshift_build_node_type }}-{{ ansible_date_time.epoch }}"
- name: create "{{ openshift_build_node_type }} launch config"
include_role:
name: openshift_aws_launch_config
vars:
r_openshift_aws_launch_config_name: "{{ launch_config_name }}"
- r_openshift_aws_launch_config_clusterid: "{{ provision.clusterid }}"
- r_openshift_aws_launch_config_region: "{{ provision.region }}"
- r_openshift_aws_launch_config: "{{ provision.node_group_config }}"
+ r_openshift_aws_launch_config_clusterid: "{{ openshift_clusterid }}"
+ r_openshift_aws_launch_config_region: "{{ openshift_region }}"
+ r_openshift_aws_launch_config: "{{ openshift_node_group_config }}"
r_openshift_aws_launch_config_type: "{{ openshift_build_node_type }}"
- r_openshift_aws_launch_config_custom_image: "{{ '' if 'results' not in amiout else amiout.results[0].ami_id }}"
+ r_openshift_aws_launch_config_custom_image: "{{ '' if 'results' not in amiout and amiout.results|length > 0 else amiout.results[0].ami_id }}"
r_openshift_aws_launch_config_bootstrap_token: "{{ (local_bootstrap['content'] |b64decode) if local_bootstrap is defined else '' }}"
- name: "create {{ openshift_build_node_type }} node groups"
include_role:
name: openshift_aws_node_group
vars:
- r_openshift_aws_node_group_name: "{{ provision.clusterid }} openshift {{ openshift_build_node_type }}"
+ r_openshift_aws_node_group_name: "{{ openshift_clusterid }} openshift {{ openshift_build_node_type }}"
r_openshift_aws_node_group_lc_name: "{{ launch_config_name }}"
- r_openshift_aws_node_group_clusterid: "{{ provision.clusterid }}"
- r_openshift_aws_node_group_region: "{{ provision.region }}"
- r_openshift_aws_node_group_config: "{{ provision.node_group_config }}"
+ r_openshift_aws_node_group_clusterid: "{{ openshift_clusterid }}"
+ r_openshift_aws_node_group_region: "{{ openshift_region }}"
+ r_openshift_aws_node_group_config: "{{ openshift_node_group_config }}"
r_openshift_aws_node_group_type: "{{ openshift_build_node_type }}"
- r_openshift_aws_node_group_subnet_name: "{{ provision.vpc.subnets[provision.region][0].az }}"
+ r_openshift_aws_node_group_subnet_name: "{{ openshift_subnet_name }}"
diff --git a/playbooks/aws/openshift-cluster/provision.yml b/playbooks/aws/openshift-cluster/provision.yml
index dfbf61cc7..88ab0ecb1 100644
--- a/playbooks/aws/openshift-cluster/provision.yml
+++ b/playbooks/aws/openshift-cluster/provision.yml
@@ -16,6 +16,27 @@
r_openshift_aws_vpc_tags: "{{ provision.vpc.tags }}"
r_openshift_aws_vpc_name: "{{ provision.vpc.name | default(provision.clusterid) }}"
+ - name: bring iam_cert23 into scope
+ include_role:
+ name: lib_utils
+
+ - name: upload certificates to AWS IAM
+ iam_cert23:
+ state: present
+ name: "{{ provision.clusterid }}-master-external"
+ cert: "{{ provision.iam_cert_ca.cert_path }}"
+ key: "{{ provision.iam_cert_ca.key_path }}"
+ cert_chain: "{{ provision.iam_cert_ca.chain_path | default(omit) }}"
+ register: elb_cert_chain
+ failed_when:
+ - "'failed' in elb_cert_chain"
+ - elb_cert_chain.failed
+ - "'msg' in elb_cert_chain"
+ - "'already exists' not in elb_cert_chain.msg"
+ when: provision.iam_cert_ca is defined
+
+ - debug: var=elb_cert_chain
+
- name: create aws ssh keypair
include_role:
name: openshift_aws_ssh_keys
@@ -36,6 +57,13 @@
include: build_node_group.yml
vars:
openshift_build_node_type: master
+ openshift_clusterid: "{{ provision.clusterid }}"
+ openshift_region: "{{ provision.region }}"
+ openshift_use_custom_ami: "{{ provision.use_custom_ami }}"
+ openshift_ami_name: "{{ provision.build.ami_name }}"
+ openshift_ami_tags: "{{ provision.build.ami_tags }}"
+ openshift_node_group_config: "{{ provision.node_group_config }}"
+ openshift_subnet_name: "{{ provision.vpc.subnets[provision.region][0].az }}"
- name: fetch new master instances
ec2_remote_facts:
@@ -49,27 +77,6 @@
delay: 3
until: instancesout.instances|length > 0
- - name: bring iam_cert23 into scope
- include_role:
- name: lib_utils
-
- - name: upload certificates to AWS IAM
- iam_cert23:
- state: present
- name: "{{ provision.clusterid }}-master-external"
- cert: "{{ provision.iam_cert_ca.cert_path }}"
- key: "{{ provision.iam_cert_ca.key_path }}"
- cert_chain: "{{ provision.iam_cert_ca.chain_path | default(omit) }}"
- register: elb_cert_chain
- failed_when:
- - "'failed' in elb_cert_chain"
- - elb_cert_chain.failed
- - "'msg' in elb_cert_chain"
- - "'already exists' not in elb_cert_chain.msg"
- when: provision.iam_cert_ca is defined
-
- - debug: var=elb_cert_chain
-
- name: create our master external and internal load balancers
include_role:
name: openshift_aws_elb
diff --git a/playbooks/aws/openshift-cluster/provision_nodes.yml b/playbooks/aws/openshift-cluster/provision_nodes.yml
index 5428fb307..87629e354 100644
--- a/playbooks/aws/openshift-cluster/provision_nodes.yml
+++ b/playbooks/aws/openshift-cluster/provision_nodes.yml
@@ -36,12 +36,27 @@
infra: "infra-{{ ansible_date_time.epoch }}"
compute: "compute-{{ ansible_date_time.epoch }}"
- - name: include build node group
+ - name: include build node group for infra
include: build_node_group.yml
vars:
openshift_build_node_type: infra
+ openshift_clusterid: "{{ provision.clusterid }}"
+ openshift_region: "{{ provision.region }}"
+ openshift_use_custom_ami: "{{ proviion.use_custom_ami }}"
+ openshift_ami_name: "{{ provision.build.ami_name }}"
+ openshift_ami_tags: "{{ provision.build.openshift_ami_tags }}"
+ openshift_node_group_config: "{{ provision.node_group_config }}"
+ openshift_subnet_name: "{{ provision.vpc.subnets[provision.region][0].az }}"
- - name: include build node group
+
+ - name: include build node group for compute
include: build_node_group.yml
vars:
openshift_build_node_type: compute
+ openshift_clusterid: "{{ provision.clusterid }}"
+ openshift_region: "{{ provision.region }}"
+ openshift_use_custom_ami: "{{ proviion.use_custom_ami }}"
+ openshift_ami_name: "{{ provision.build.ami_name }}"
+ openshift_ami_tags: "{{ provision.build.openshift_ami_tags }}"
+ openshift_node_group_config: "{{ provision.node_group_config }}"
+ openshift_subnet_name: "{{ provision.vpc.subnets[provision.region][0].az }}"
diff --git a/playbooks/aws/openshift-cluster/vars.yml b/playbooks/aws/openshift-cluster/vars.yml
index 47da03cb7..1d91593e2 100644
--- a/playbooks/aws/openshift-cluster/vars.yml
+++ b/playbooks/aws/openshift-cluster/vars.yml
@@ -14,7 +14,7 @@ provision:
# when creating an encrypted AMI please specify use_encryption
use_encryption: False
- openshift_ami_tags:
+ ami_tags:
bootstrap: "true"
openshift-created: "true"
clusterid: "{{ clusterid }}"
@@ -22,6 +22,9 @@ provision:
# Use s3 backed registry storage
openshift_registry_s3: True
+ # whether to use custome ami for each node type
+ use_custom_ami: False
+
# if using custom certificates these are required for the ELB
iam_cert_ca:
name: "{{ clusterid }}_openshift"
@@ -45,7 +48,7 @@ provision:
# master specific cluster node settings
master:
instance_type: m4.xlarge
- ami: ami-cdeec8b6 # if using an encrypted AMI this will be replaced
+ ami: ami-cdeec8b6 # if using an encrypted or custom AMI this will be replaced
volumes:
- device_name: /dev/sdb
volume_size: 100
@@ -65,7 +68,7 @@ provision:
# compute specific cluster node settings
compute:
instance_type: m4.xlarge
- ami: ami-cdeec8b6
+ ami: ami-cdeec8b6 # if using an encrypted or custom AMI this will be replaced
volumes:
- device_name: /dev/sdb
volume_size: 100
@@ -84,7 +87,7 @@ provision:
# infra specific cluster node settings
infra:
instance_type: m4.xlarge
- ami: ami-cdeec8b6
+ ami: ami-cdeec8b6 # if using an encrypted or custom AMI this will be replaced
volumes:
- device_name: /dev/sdb
volume_size: 100