summaryrefslogtreecommitdiffstats
path: root/playbooks
diff options
context:
space:
mode:
Diffstat (limited to 'playbooks')
-rw-r--r--playbooks/byo/openshift-cluster/config.yml1
-rw-r--r--playbooks/common/openshift-cluster/config.yml8
-rw-r--r--playbooks/common/openshift-master/config.yml49
3 files changed, 52 insertions, 6 deletions
diff --git a/playbooks/byo/openshift-cluster/config.yml b/playbooks/byo/openshift-cluster/config.yml
index 9e50a4a18..411c7e660 100644
--- a/playbooks/byo/openshift-cluster/config.yml
+++ b/playbooks/byo/openshift-cluster/config.yml
@@ -4,6 +4,7 @@
g_etcd_group: "{{ 'etcd' }}"
g_masters_group: "{{ 'masters' }}"
g_nodes_group: "{{ 'nodes' }}"
+ g_lb_group: "{{ 'lb' }}"
openshift_cluster_id: "{{ cluster_id | default('default') }}"
openshift_debug_level: 2
openshift_deployment_type: "{{ deployment_type }}"
diff --git a/playbooks/common/openshift-cluster/config.yml b/playbooks/common/openshift-cluster/config.yml
index 57de7130b..b66ca4709 100644
--- a/playbooks/common/openshift-cluster/config.yml
+++ b/playbooks/common/openshift-cluster/config.yml
@@ -1,6 +1,14 @@
---
- include: evaluate_groups.yml
+ - name: Evaluate oo_lb_to_config
+ add_host:
+ name: "{{ item }}"
+ groups: oo_lb_to_config
+ ansible_ssh_user: "{{ g_ssh_user | default(omit) }}"
+ ansible_sudo: "{{ g_sudo | default(omit) }}"
+ with_items: groups[g_lb_group] | default(groups[g_masters_group]) | default([])
+
- include: ../openshift-etcd/config.yml
- include: ../openshift-master/config.yml
diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml
index e5357f6e3..e223e3d57 100644
--- a/playbooks/common/openshift-master/config.yml
+++ b/playbooks/common/openshift-master/config.yml
@@ -209,7 +209,24 @@
parsed_named_certificates: "{{ openshift_master_named_certificates | oo_parse_certificate_names(master_cert_config_dir, openshift.common.internal_hostnames) }}"
when: openshift_master_named_certificates is defined
-- name: Compute haproxy_backend_servers
+- name: Fetch master server certificate for load balancer
+ hosts: oo_first_master
+ vars:
+ sync_tmpdir: "{{ hostvars.localhost.g_master_mktemp.stdout }}"
+ tasks:
+ - file:
+ path: "{{ sync_tmpdir }}/haproxy_cert"
+ state: directory
+ - fetch:
+ src: /etc/origin/master/master.server.crt
+ dest: "{{ sync_tmpdir }}/haproxy_cert/server.crt"
+ flat: yes
+ - fetch:
+ src: /etc/origin/master/master.server.key
+ dest: "{{ sync_tmpdir }}/haproxy_cert/server.key"
+ flat: yes
+
+- name: Compute haproxy_backend_servers and combine certificate
hosts: localhost
connection: local
sudo: false
@@ -217,24 +234,44 @@
tasks:
- set_fact:
haproxy_backend_servers: "{{ hostvars | oo_select_keys(groups['oo_masters_to_config']) | oo_haproxy_backend_masters }}"
+ - shell: cat server.crt server.key > server.pem
+ args:
+ chdir: "{{ g_master_mktemp.stdout }}/haproxy_cert"
+ creates: "{{ g_master_mktemp.stdout }}/haproxy_cert/server.pem"
+
- name: Configure load balancers
- hosts: oo_first_master
+ hosts: oo_lb_to_config
vars:
+ sync_tmpdir: "{{ hostvars.localhost.g_master_mktemp.stdout }}"
haproxy_frontends:
- - name: atomic-openshift
- bind: "*:80"
- default_backend: atomic-openshift
+ - name: atomic-openshift-api
+ options:
+ - tcplog
+ binds:
+ - "*:{{ hostvars[groups.oo_first_master.0].openshift.master.api_port }} ssl crt /etc/haproxy/server.pem"
+ default_backend: atomic-openshift-api
haproxy_backends:
- - name: atomic-openshift
+ - name: atomic-openshift-api
balance: roundrobin
servers: "{{ hostvars.localhost.haproxy_backend_servers }}"
+ pre_tasks:
+ - file:
+ path: /etc/haproxy
+ state: directory
+ - copy:
+ src: "{{ sync_tmpdir }}/haproxy_cert/server.pem"
+ dest: /etc/haproxy/server.pem
+ mode: 0600
+ owner: root
+ group: root
roles:
- role: haproxy
when: groups.oo_masters_to_config | length > 1
- name: Configure master instances
hosts: oo_masters_to_config
+ serial: 1
vars:
named_certificates: "{{ hostvars[groups['oo_first_master'][0]]['parsed_named_certificates'] | default([])}}"
sync_tmpdir: "{{ hostvars.localhost.g_master_mktemp.stdout }}"