summaryrefslogtreecommitdiffstats
path: root/playbooks/openshift-node
diff options
context:
space:
mode:
Diffstat (limited to 'playbooks/openshift-node')
-rw-r--r--playbooks/openshift-node/certificates.yml4
-rw-r--r--playbooks/openshift-node/config.yml4
-rw-r--r--playbooks/openshift-node/network_manager.yml4
-rw-r--r--playbooks/openshift-node/private/additional_config.yml63
-rw-r--r--playbooks/openshift-node/private/certificates-backup.yml24
-rw-r--r--playbooks/openshift-node/private/certificates.yml8
-rw-r--r--playbooks/openshift-node/private/clean_image.yml10
-rw-r--r--playbooks/openshift-node/private/config.yml38
-rw-r--r--playbooks/openshift-node/private/configure_nodes.yml16
-rw-r--r--playbooks/openshift-node/private/containerized_nodes.yml18
-rw-r--r--playbooks/openshift-node/private/enable_excluders.yml7
-rw-r--r--playbooks/openshift-node/private/etcd_client_config.yml11
-rw-r--r--playbooks/openshift-node/private/image_prep.yml19
-rw-r--r--playbooks/openshift-node/private/manage_node.yml13
-rw-r--r--playbooks/openshift-node/private/network_manager.yml28
-rw-r--r--playbooks/openshift-node/private/redeploy-certificates.yml6
-rw-r--r--playbooks/openshift-node/private/restart.yml58
l---------playbooks/openshift-node/private/roles1
-rw-r--r--playbooks/openshift-node/private/setup.yml26
-rw-r--r--playbooks/openshift-node/redeploy-certificates.yml6
-rw-r--r--playbooks/openshift-node/restart.yml4
-rw-r--r--playbooks/openshift-node/scaleup.yml21
22 files changed, 389 insertions, 0 deletions
diff --git a/playbooks/openshift-node/certificates.yml b/playbooks/openshift-node/certificates.yml
new file mode 100644
index 000000000..7ae87c09a
--- /dev/null
+++ b/playbooks/openshift-node/certificates.yml
@@ -0,0 +1,4 @@
+---
+- import_playbook: ../init/main.yml
+
+- import_playbook: private/certificates.yml
diff --git a/playbooks/openshift-node/config.yml b/playbooks/openshift-node/config.yml
new file mode 100644
index 000000000..c7814207c
--- /dev/null
+++ b/playbooks/openshift-node/config.yml
@@ -0,0 +1,4 @@
+---
+- import_playbook: ../init/main.yml
+
+- import_playbook: private/config.yml
diff --git a/playbooks/openshift-node/network_manager.yml b/playbooks/openshift-node/network_manager.yml
new file mode 100644
index 000000000..88a93952d
--- /dev/null
+++ b/playbooks/openshift-node/network_manager.yml
@@ -0,0 +1,4 @@
+---
+- import_playbook: ../init/evaluate_groups.yml
+
+- import_playbook: private/network_manager.yml
diff --git a/playbooks/openshift-node/private/additional_config.yml b/playbooks/openshift-node/private/additional_config.yml
new file mode 100644
index 000000000..b86cb3cc2
--- /dev/null
+++ b/playbooks/openshift-node/private/additional_config.yml
@@ -0,0 +1,63 @@
+---
+- name: create additional node network plugin groups
+ hosts: "{{ openshift_node_scale_up_group | default('oo_nodes_to_config') }}"
+ tasks:
+ # Creating these node groups will prevent a ton of skipped tasks.
+ # Create group for flannel nodes
+ - group_by:
+ key: oo_nodes_use_{{ (openshift_use_flannel | default(False)) | ternary('flannel','nothing') }}
+ changed_when: False
+ # Create group for calico nodes
+ - group_by:
+ key: oo_nodes_use_{{ (openshift_use_calico | default(False)) | ternary('calico','nothing') }}
+ changed_when: False
+ # Create group for nuage nodes
+ - group_by:
+ key: oo_nodes_use_{{ (openshift_use_nuage | default(False)) | ternary('nuage','nothing') }}
+ changed_when: False
+ # Create group for contiv nodes
+ - group_by:
+ key: oo_nodes_use_{{ (openshift_use_contiv | default(False)) | ternary('contiv','nothing') }}
+ changed_when: False
+ # Create group for kuryr nodes
+ - group_by:
+ key: oo_nodes_use_{{ (openshift_use_kuryr | default(False)) | ternary('kuryr','nothing') }}
+ changed_when: False
+
+- import_playbook: etcd_client_config.yml
+ vars:
+ openshift_node_scale_up_group: "oo_nodes_use_flannel:oo_nodes_use_calico:oo_nodes_use_contiv:oo_nodes_use_kuryr"
+
+- name: Additional node config
+ hosts: oo_nodes_use_flannel
+ roles:
+ - role: flannel
+ etcd_urls: "{{ hostvars[groups.oo_first_master.0].openshift.master.etcd_urls }}"
+ when: openshift_use_flannel | default(false) | bool
+
+- name: Additional node config
+ hosts: oo_nodes_use_calico
+ roles:
+ - role: calico
+ when: openshift_use_calico | default(false) | bool
+
+- name: Additional node config
+ hosts: oo_nodes_use_nuage
+ roles:
+ - role: nuage_node
+ when: openshift_use_nuage | default(false) | bool
+
+- name: Additional node config
+ hosts: oo_nodes_use_contiv
+ roles:
+ - role: contiv
+ contiv_role: netplugin
+ when: openshift_use_contiv | default(false) | bool
+
+- name: Configure Kuryr node
+ hosts: oo_nodes_use_kuryr
+ tasks:
+ - include_role:
+ name: kuryr
+ tasks_from: node
+ when: openshift_use_kuryr | default(false) | bool
diff --git a/playbooks/openshift-node/private/certificates-backup.yml b/playbooks/openshift-node/private/certificates-backup.yml
new file mode 100644
index 000000000..2ad84b3b9
--- /dev/null
+++ b/playbooks/openshift-node/private/certificates-backup.yml
@@ -0,0 +1,24 @@
+---
+- name: Ensure node directory is absent from generated configs
+ hosts: oo_first_master
+ tasks:
+ # The generated configs directory (/etc/origin/generated-configs) is
+ # backed up during redeployment of the control plane certificates.
+ # We need to ensure that the generated config directory for
+ # individual nodes has been deleted before continuing, so verify
+ # that it is missing here.
+ - name: Ensure node directories and tarballs are absent from generated configs
+ shell: >
+ rm -rf {{ openshift.common.config_base }}/generated-configs/node-*
+ args:
+ warn: no
+
+- name: Redeploy node certificates
+ hosts: oo_nodes_to_config
+ pre_tasks:
+ - name: Remove CA certificate
+ file:
+ path: "{{ item }}"
+ state: absent
+ with_items:
+ - "{{ openshift.common.config_base }}/node/ca.crt"
diff --git a/playbooks/openshift-node/private/certificates.yml b/playbooks/openshift-node/private/certificates.yml
new file mode 100644
index 000000000..908885ee6
--- /dev/null
+++ b/playbooks/openshift-node/private/certificates.yml
@@ -0,0 +1,8 @@
+---
+- name: Create OpenShift certificates for node hosts
+ hosts: oo_nodes_to_config
+ gather_facts: no
+ roles:
+ - role: openshift_node_certificates
+ openshift_ca_host: "{{ groups.oo_first_master.0 }}"
+ when: not openshift_node_bootstrap | default(false) | bool
diff --git a/playbooks/openshift-node/private/clean_image.yml b/playbooks/openshift-node/private/clean_image.yml
new file mode 100644
index 000000000..38753d0af
--- /dev/null
+++ b/playbooks/openshift-node/private/clean_image.yml
@@ -0,0 +1,10 @@
+---
+- name: Configure nodes
+ hosts: oo_nodes_to_config:!oo_containerized_master_nodes
+ tasks:
+ - name: Remove any ansible facts created during AMI creation
+ file:
+ path: "/etc/ansible/facts.d/{{ item }}"
+ state: absent
+ with_items:
+ - openshift.fact
diff --git a/playbooks/openshift-node/private/config.yml b/playbooks/openshift-node/private/config.yml
new file mode 100644
index 000000000..300a90371
--- /dev/null
+++ b/playbooks/openshift-node/private/config.yml
@@ -0,0 +1,38 @@
+---
+- name: Node Install Checkpoint Start
+ hosts: all
+ gather_facts: false
+ tasks:
+ - name: Set Node install 'In Progress'
+ run_once: true
+ set_stats:
+ data:
+ installer_phase_node:
+ status: "In Progress"
+ start: "{{ lookup('pipe', 'date +%Y%m%d%H%M%SZ') }}"
+
+- import_playbook: certificates.yml
+
+- import_playbook: setup.yml
+
+- import_playbook: containerized_nodes.yml
+
+- import_playbook: configure_nodes.yml
+
+- import_playbook: additional_config.yml
+
+- import_playbook: manage_node.yml
+
+- import_playbook: enable_excluders.yml
+
+- name: Node Install Checkpoint End
+ hosts: all
+ gather_facts: false
+ tasks:
+ - name: Set Node install 'Complete'
+ run_once: true
+ set_stats:
+ data:
+ installer_phase_node:
+ status: "Complete"
+ end: "{{ lookup('pipe', 'date +%Y%m%d%H%M%SZ') }}"
diff --git a/playbooks/openshift-node/private/configure_nodes.yml b/playbooks/openshift-node/private/configure_nodes.yml
new file mode 100644
index 000000000..548ff7c4f
--- /dev/null
+++ b/playbooks/openshift-node/private/configure_nodes.yml
@@ -0,0 +1,16 @@
+---
+- name: Configure nodes
+ hosts: oo_nodes_to_config:!oo_containerized_master_nodes
+ vars:
+ openshift_node_master_api_url: "{{ hostvars[groups.oo_first_master.0].openshift.master.api_url }}"
+ openshift_node_first_master_ip: "{{ hostvars[groups.oo_first_master.0].openshift.common.ip }}"
+ openshift_no_proxy_internal_hostnames: "{{ hostvars | lib_utils_oo_select_keys(groups['oo_nodes_to_config']
+ | union(groups['oo_masters_to_config'])
+ | union(groups['oo_etcd_to_config'] | default([])))
+ | lib_utils_oo_collect('openshift.common.hostname') | default([]) | join (',')
+ }}"
+ roles:
+ - role: openshift_clock
+ - role: openshift_node
+ - role: tuned
+ - role: nickhammond.logrotate
diff --git a/playbooks/openshift-node/private/containerized_nodes.yml b/playbooks/openshift-node/private/containerized_nodes.yml
new file mode 100644
index 000000000..dc68d7585
--- /dev/null
+++ b/playbooks/openshift-node/private/containerized_nodes.yml
@@ -0,0 +1,18 @@
+---
+- name: Configure containerized nodes
+ hosts: oo_containerized_master_nodes
+ serial: 1
+ vars:
+ openshift_node_master_api_url: "{{ hostvars[groups.oo_first_master.0].openshift.master.api_url }}"
+ openshift_node_first_master_ip: "{{ hostvars[groups.oo_first_master.0].openshift.common.ip }}"
+ openshift_no_proxy_internal_hostnames: "{{ hostvars | lib_utils_oo_select_keys(groups['oo_nodes_to_config']
+ | union(groups['oo_masters_to_config'])
+ | union(groups['oo_etcd_to_config'] | default([])))
+ | lib_utils_oo_collect('openshift.common.hostname') | default([]) | join (',')
+ }}"
+
+ roles:
+ - role: openshift_clock
+ - role: openshift_node
+ openshift_ca_host: "{{ groups.oo_first_master.0 }}"
+ - role: nickhammond.logrotate
diff --git a/playbooks/openshift-node/private/enable_excluders.yml b/playbooks/openshift-node/private/enable_excluders.yml
new file mode 100644
index 000000000..30713e694
--- /dev/null
+++ b/playbooks/openshift-node/private/enable_excluders.yml
@@ -0,0 +1,7 @@
+---
+- name: Re-enable excluder if it was previously enabled
+ hosts: oo_nodes_to_config
+ gather_facts: no
+ roles:
+ - role: openshift_excluder
+ r_openshift_excluder_action: enable
diff --git a/playbooks/openshift-node/private/etcd_client_config.yml b/playbooks/openshift-node/private/etcd_client_config.yml
new file mode 100644
index 000000000..c3fa38a81
--- /dev/null
+++ b/playbooks/openshift-node/private/etcd_client_config.yml
@@ -0,0 +1,11 @@
+---
+- name: etcd_client node config
+ hosts: "{{ openshift_node_scale_up_group | default('this_group_does_not_exist') }}"
+ roles:
+ - role: openshift_facts
+ - role: openshift_etcd_facts
+ - role: openshift_etcd_client_certificates
+ etcd_cert_prefix: flannel.etcd-
+ etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}"
+ etcd_cert_subdir: "openshift-node-{{ openshift.common.hostname }}"
+ etcd_cert_config_dir: "{{ openshift.common.config_base }}/node"
diff --git a/playbooks/openshift-node/private/image_prep.yml b/playbooks/openshift-node/private/image_prep.yml
new file mode 100644
index 000000000..6b517197d
--- /dev/null
+++ b/playbooks/openshift-node/private/image_prep.yml
@@ -0,0 +1,19 @@
+---
+- name: normalize groups
+ import_playbook: ../../prerequisites.yml
+ vars:
+ skip_version: True
+ skip_sanity_checks: True
+ skip_validate_hostnames: True
+
+- name: run node config setup
+ import_playbook: setup.yml
+
+- name: run node config
+ import_playbook: configure_nodes.yml
+
+- name: Re-enable excluders
+ import_playbook: enable_excluders.yml
+
+- name: Remove any undesired artifacts from build
+ import_playbook: clean_image.yml
diff --git a/playbooks/openshift-node/private/manage_node.yml b/playbooks/openshift-node/private/manage_node.yml
new file mode 100644
index 000000000..121c54a3d
--- /dev/null
+++ b/playbooks/openshift-node/private/manage_node.yml
@@ -0,0 +1,13 @@
+---
+- name: Additional node config
+ hosts: "{{ openshift_node_scale_up_group | default('oo_nodes_to_config') }}"
+ vars:
+ openshift_node_master_api_url: "{{ hostvars[groups.oo_first_master.0].openshift.master.api_url }}"
+ roles:
+ - role: openshift_manage_node
+ openshift_master_host: "{{ groups.oo_first_master.0 }}"
+ openshift_manage_node_is_master: "{{ ('oo_masters_to_config' in group_names) | bool }}"
+ tasks:
+ - name: Create group for deployment type
+ group_by: key=oo_nodes_deployment_type_{{ openshift.common.deployment_type }}
+ changed_when: False
diff --git a/playbooks/openshift-node/private/network_manager.yml b/playbooks/openshift-node/private/network_manager.yml
new file mode 100644
index 000000000..2638c5223
--- /dev/null
+++ b/playbooks/openshift-node/private/network_manager.yml
@@ -0,0 +1,28 @@
+---
+- name: Install and configure NetworkManager
+ hosts: oo_all_hosts
+ become: yes
+ tasks:
+ - name: install NetworkManager
+ package:
+ name: 'NetworkManager'
+ state: present
+ register: result
+ until: result is succeeded
+
+ - name: configure NetworkManager
+ lineinfile:
+ dest: "/etc/sysconfig/network-scripts/ifcfg-{{ ansible_default_ipv4['interface'] }}"
+ regexp: '^{{ item }}='
+ line: '{{ item }}=yes'
+ state: present
+ create: yes
+ with_items:
+ - 'USE_PEERDNS'
+ - 'NM_CONTROLLED'
+
+ - name: enable and start NetworkManager
+ service:
+ name: 'NetworkManager'
+ state: started
+ enabled: yes
diff --git a/playbooks/openshift-node/private/redeploy-certificates.yml b/playbooks/openshift-node/private/redeploy-certificates.yml
new file mode 100644
index 000000000..c0f75ae80
--- /dev/null
+++ b/playbooks/openshift-node/private/redeploy-certificates.yml
@@ -0,0 +1,6 @@
+---
+- import_playbook: certificates-backup.yml
+
+- import_playbook: certificates.yml
+ vars:
+ openshift_certificates_redeploy: true
diff --git a/playbooks/openshift-node/private/restart.yml b/playbooks/openshift-node/private/restart.yml
new file mode 100644
index 000000000..c2092b23c
--- /dev/null
+++ b/playbooks/openshift-node/private/restart.yml
@@ -0,0 +1,58 @@
+---
+- name: Restart nodes
+ hosts: oo_nodes_to_config
+ serial: "{{ openshift_restart_nodes_serial | default(1) }}"
+
+ roles:
+ - lib_openshift
+ - openshift_facts
+
+ tasks:
+ - name: Restart docker
+ service:
+ name: docker
+ state: restarted
+ register: l_docker_restart_docker_in_node_result
+ until: not (l_docker_restart_docker_in_node_result is failed)
+ retries: 3
+ delay: 30
+
+ - name: Restart containerized services
+ service:
+ name: "{{ item }}"
+ state: started
+ with_items:
+ - etcd_container
+ - openvswitch
+ - "{{ openshift_service_type }}-master-api"
+ - "{{ openshift_service_type }}-master-controllers"
+ - "{{ openshift_service_type }}-node"
+ failed_when: false
+ when: openshift.common.is_containerized | bool
+
+ - name: Wait for master API to come back online
+ wait_for:
+ host: "{{ openshift.common.hostname }}"
+ state: started
+ delay: 10
+ port: "{{ openshift.master.api_port }}"
+ timeout: 600
+ when: inventory_hostname in groups.oo_masters_to_config
+
+ - name: restart node
+ service:
+ name: "{{ openshift_service_type }}-node"
+ state: restarted
+
+ - name: Wait for node to be ready
+ oc_obj:
+ state: list
+ kind: node
+ name: "{{ openshift.common.hostname | lower }}"
+ register: node_output
+ delegate_to: "{{ groups.oo_first_master.0 }}"
+ when: inventory_hostname in groups.oo_nodes_to_config
+ until: node_output.results.returncode == 0 and node_output.results.results[0].status.conditions | selectattr('type', 'match', '^Ready$') | map(attribute='status') | join | bool == True
+ # Give the node two minutes to come back online.
+ retries: 24
+ delay: 5
diff --git a/playbooks/openshift-node/private/roles b/playbooks/openshift-node/private/roles
new file mode 120000
index 000000000..e2b799b9d
--- /dev/null
+++ b/playbooks/openshift-node/private/roles
@@ -0,0 +1 @@
+../../../roles/ \ No newline at end of file
diff --git a/playbooks/openshift-node/private/setup.yml b/playbooks/openshift-node/private/setup.yml
new file mode 100644
index 000000000..541913aef
--- /dev/null
+++ b/playbooks/openshift-node/private/setup.yml
@@ -0,0 +1,26 @@
+---
+- name: Disable excluders
+ hosts: oo_nodes_to_config
+ gather_facts: no
+ roles:
+ - role: openshift_excluder
+ r_openshift_excluder_action: disable
+
+- name: Evaluate node groups
+ hosts: localhost
+ become: no
+ connection: local
+ tasks:
+ - name: Evaluate oo_containerized_master_nodes
+ add_host:
+ name: "{{ item }}"
+ groups: oo_containerized_master_nodes
+ ansible_ssh_user: "{{ g_ssh_user | default(omit) }}"
+ ansible_become: "{{ g_sudo | default(omit) }}"
+ with_items: "{{ groups.oo_nodes_to_config | default([]) }}"
+ when:
+ - hostvars[item].openshift is defined
+ - hostvars[item].openshift.common is defined
+ - hostvars[item].openshift.common.is_containerized | bool
+ - (item in groups.oo_nodes_to_config and item in groups.oo_masters_to_config)
+ changed_when: False
diff --git a/playbooks/openshift-node/redeploy-certificates.yml b/playbooks/openshift-node/redeploy-certificates.yml
new file mode 100644
index 000000000..8b7272485
--- /dev/null
+++ b/playbooks/openshift-node/redeploy-certificates.yml
@@ -0,0 +1,6 @@
+---
+- import_playbook: ../init/main.yml
+
+- import_playbook: private/redeploy-certificates.yml
+
+- import_playbook: private/restart.yml
diff --git a/playbooks/openshift-node/restart.yml b/playbooks/openshift-node/restart.yml
new file mode 100644
index 000000000..041c1384d
--- /dev/null
+++ b/playbooks/openshift-node/restart.yml
@@ -0,0 +1,4 @@
+---
+- import_playbook: ../init/main.yml
+
+- import_playbook: private/restart.yml
diff --git a/playbooks/openshift-node/scaleup.yml b/playbooks/openshift-node/scaleup.yml
new file mode 100644
index 000000000..bdfd3d3e6
--- /dev/null
+++ b/playbooks/openshift-node/scaleup.yml
@@ -0,0 +1,21 @@
+---
+- import_playbook: ../init/evaluate_groups.yml
+
+- name: Ensure there are new_nodes
+ hosts: localhost
+ connection: local
+ become: no
+ gather_facts: no
+ tasks:
+ - fail:
+ msg: >
+ Detected no new_nodes in inventory. Please add hosts to the
+ new_nodes host group to add nodes.
+ when:
+ - g_new_node_hosts | default([]) | length == 0
+
+# Need a better way to do the above check for node without
+# running evaluate_groups and init/main.yml
+- import_playbook: ../init/main.yml
+
+- import_playbook: private/config.yml