diff options
Diffstat (limited to 'playbooks')
30 files changed, 139 insertions, 149 deletions
diff --git a/playbooks/aws/README.md b/playbooks/aws/README.md index 2b3d4329e..816cb35b4 100644 --- a/playbooks/aws/README.md +++ b/playbooks/aws/README.md @@ -87,11 +87,6 @@ masters nodes etcd -[OSEv3:children] -masters -nodes -etcd - [OSEv3:vars] ################################################################################ # Ensure these variables are set for bootstrap diff --git a/playbooks/aws/openshift-cluster/build_ami.yml b/playbooks/aws/openshift-cluster/build_ami.yml index 1e54f0467..1ab1e8041 100644 --- a/playbooks/aws/openshift-cluster/build_ami.yml +++ b/playbooks/aws/openshift-cluster/build_ami.yml @@ -17,35 +17,17 @@ - name: openshift_aws_region msg: "openshift_aws_region={{ openshift_aws_region | default('us-east-1') }}" - - name: create an instance and prepare for ami - include_role: - name: openshift_aws - tasks_from: build_ami.yml - vars: - openshift_aws_node_group_type: compute +- include: provision_vpc.yml - - name: fetch newly created instances - ec2_remote_facts: - region: "{{ openshift_aws_region | default('us-east-1') }}" - filters: - "tag:Name": "{{ openshift_aws_base_ami_name | default('ami_base') }}" - instance-state-name: running - register: instancesout - retries: 20 - delay: 3 - until: instancesout.instances|length > 0 +- include: provision_ssh_keypair.yml - - name: wait for ssh to become available - wait_for: - port: 22 - host: "{{ instancesout.instances[0].public_ip_address }}" - timeout: 300 - search_regex: OpenSSH +- include: provision_sec_group.yml + vars: + openshift_aws_node_group_type: compute - - name: add host to nodes - add_host: - groups: nodes - name: "{{ instancesout.instances[0].public_dns_name }}" +- include: provision_instance.yml + vars: + openshift_aws_node_group_type: compute - hosts: nodes gather_facts: False @@ -54,34 +36,10 @@ set_fact: ansible_ssh_user: "{{ openshift_aws_build_ami_ssh_user | default('root') }}" -- name: normalize groups - include: ../../byo/openshift-cluster/initialize_groups.yml +# This is the part that installs all of the software and configs for the instance +# to become a node. +- include: ../../common/openshift-node/image_prep.yml -- name: run the std_include - include: ../../common/openshift-cluster/evaluate_groups.yml - -- name: run the std_include - include: ../../common/openshift-cluster/initialize_facts.yml - -- name: run the std_include - include: ../../common/openshift-cluster/initialize_openshift_repos.yml - -- name: run node config setup - include: ../../common/openshift-node/setup.yml - -- name: run node config - include: ../../common/openshift-node/configure_nodes.yml - -- name: Re-enable excluders - include: ../../common/openshift-node/enable_excluders.yml - -- hosts: localhost - connection: local - become: no - tasks: - - name: seal the ami - include_role: - name: openshift_aws - tasks_from: seal_ami.yml - vars: - openshift_aws_ami_name: "openshift-gi-{{ lookup('pipe', 'date +%Y%m%d%H%M')}}" +- include: seal_ami.yml + vars: + openshift_aws_ami_name: "openshift-gi-{{ lookup('pipe', 'date +%Y%m%d%H%M')}}" diff --git a/playbooks/aws/openshift-cluster/install.yml b/playbooks/aws/openshift-cluster/install.yml index 86d58a68e..4d0bf9531 100644 --- a/playbooks/aws/openshift-cluster/install.yml +++ b/playbooks/aws/openshift-cluster/install.yml @@ -1,68 +1,19 @@ --- -- name: Setup the vpc and the master node group +- name: Setup the master node group hosts: localhost tasks: - - name: Alert user to variables needed - clusterid - debug: - msg: "openshift_aws_clusterid={{ openshift_aws_clusterid | default('default') }}" - - - name: Alert user to variables needed - region - debug: - msg: "openshift_aws_region={{ openshift_aws_region | default('us-east-1') }}" - - - name: fetch newly created instances - ec2_remote_facts: - region: "{{ openshift_aws_region | default('us-east-1') }}" - filters: - "tag:clusterid": "{{ openshift_aws_clusterid | default('default') }}" - "tag:host-type": master - instance-state-name: running - register: instancesout - retries: 20 - delay: 3 - until: instancesout.instances|length > 0 - - - name: add new master to masters group - add_host: - groups: "masters,etcd,nodes" - name: "{{ item.public_ip_address }}" - hostname: "{{ openshift_aws_clusterid | default('default') }}-master-{{ item.id[:-5] }}" - with_items: "{{ instancesout.instances }}" - - - name: wait for ssh to become available - wait_for: - port: 22 - host: "{{ item.public_ip_address }}" - timeout: 300 - search_regex: OpenSSH - with_items: "{{ instancesout.instances }}" + - include_role: + name: openshift_aws + tasks_from: setup_master_group.yml - name: set the master facts for hostname to elb hosts: masters gather_facts: no remote_user: root tasks: - - name: fetch elbs - ec2_elb_facts: - region: "{{ openshift_aws_region | default('us-east-1') }}" - names: - - "{{ item }}" - with_items: - - "{{ openshift_aws_clusterid | default('default') }}-master-external" - - "{{ openshift_aws_clusterid | default('default') }}-master-internal" - delegate_to: localhost - register: elbs - - - debug: var=elbs - - - name: set fact - set_fact: - openshift_master_cluster_hostname: "{{ elbs.results[1].elbs[0].dns_name }}" - osm_custom_cors_origins: - - "{{ elbs.results[1].elbs[0].dns_name }}" - - "console.{{ openshift_aws_clusterid | default('default') }}.openshift.com" - - "api.{{ openshift_aws_clusterid | default('default') }}.openshift.com" - with_items: "{{ groups['masters'] }}" + - include_role: + name: openshift_aws + tasks_from: master_facts.yml - name: normalize groups include: ../../byo/openshift-cluster/initialize_groups.yml diff --git a/playbooks/aws/openshift-cluster/provision.yml b/playbooks/aws/openshift-cluster/provision.yml index 8f018abd0..4b5bd22ea 100644 --- a/playbooks/aws/openshift-cluster/provision.yml +++ b/playbooks/aws/openshift-cluster/provision.yml @@ -1,5 +1,5 @@ --- -- name: Setup the vpc and the master node group +- name: Setup the elb and the master node group hosts: localhost tasks: diff --git a/playbooks/aws/openshift-cluster/provision_instance.yml b/playbooks/aws/openshift-cluster/provision_instance.yml new file mode 100644 index 000000000..6e843453c --- /dev/null +++ b/playbooks/aws/openshift-cluster/provision_instance.yml @@ -0,0 +1,12 @@ +--- +# If running this play directly, be sure the variable +# 'openshift_aws_node_group_type' is set correctly for your usage. +# See build_ami.yml for an example. +- hosts: localhost + connection: local + gather_facts: no + tasks: + - name: create an instance and prepare for ami + include_role: + name: openshift_aws + tasks_from: provision_instance.yml diff --git a/playbooks/aws/openshift-cluster/provision_sec_group.yml b/playbooks/aws/openshift-cluster/provision_sec_group.yml new file mode 100644 index 000000000..039357adb --- /dev/null +++ b/playbooks/aws/openshift-cluster/provision_sec_group.yml @@ -0,0 +1,13 @@ +--- +# If running this play directly, be sure the variable +# 'openshift_aws_node_group_type' is set correctly for your usage. +# See build_ami.yml for an example. +- hosts: localhost + connection: local + gather_facts: no + tasks: + - name: create an instance and prepare for ami + include_role: + name: openshift_aws + tasks_from: security_group.yml + when: openshift_aws_create_security_groups | default(True) | bool diff --git a/playbooks/aws/openshift-cluster/provision_ssh_keypair.yml b/playbooks/aws/openshift-cluster/provision_ssh_keypair.yml new file mode 100644 index 000000000..3ec683958 --- /dev/null +++ b/playbooks/aws/openshift-cluster/provision_ssh_keypair.yml @@ -0,0 +1,12 @@ +--- +- hosts: localhost + connection: local + gather_facts: no + tasks: + - name: create an instance and prepare for ami + include_role: + name: openshift_aws + tasks_from: ssh_keys.yml + vars: + openshift_aws_node_group_type: compute + when: openshift_aws_users | default([]) | length > 0 diff --git a/playbooks/aws/openshift-cluster/provision_vpc.yml b/playbooks/aws/openshift-cluster/provision_vpc.yml new file mode 100644 index 000000000..0a23a6d32 --- /dev/null +++ b/playbooks/aws/openshift-cluster/provision_vpc.yml @@ -0,0 +1,10 @@ +--- +- hosts: localhost + connection: local + gather_facts: no + tasks: + - name: create a vpc + include_role: + name: openshift_aws + tasks_from: vpc.yml + when: openshift_aws_create_vpc | default(True) | bool diff --git a/playbooks/aws/openshift-cluster/seal_ami.yml b/playbooks/aws/openshift-cluster/seal_ami.yml new file mode 100644 index 000000000..8239a64fb --- /dev/null +++ b/playbooks/aws/openshift-cluster/seal_ami.yml @@ -0,0 +1,12 @@ +--- +# If running this play directly, be sure the variable +# 'openshift_aws_ami_name' is set correctly for your usage. +# See build_ami.yml for an example. +- hosts: localhost + connection: local + become: no + tasks: + - name: seal the ami + include_role: + name: openshift_aws + tasks_from: seal_ami.yml diff --git a/playbooks/byo/openshift-cluster/openshift-prometheus.yml b/playbooks/byo/openshift-cluster/openshift-prometheus.yml index 15917078d..4d3f7f42c 100644 --- a/playbooks/byo/openshift-cluster/openshift-prometheus.yml +++ b/playbooks/byo/openshift-cluster/openshift-prometheus.yml @@ -1,4 +1,6 @@ --- - include: initialize_groups.yml +- include: ../../common/openshift-cluster/std_include.yml + - include: ../../common/openshift-cluster/openshift_prometheus.yml diff --git a/playbooks/byo/openshift-master/certificates.yml b/playbooks/byo/openshift-master/certificates.yml index 26b964034..e147dcba1 100644 --- a/playbooks/byo/openshift-master/certificates.yml +++ b/playbooks/byo/openshift-master/certificates.yml @@ -3,6 +3,4 @@ - include: ../../common/openshift-cluster/std_include.yml -- include: ../../common/openshift-master/ca.yml - - include: ../../common/openshift-master/certificates.yml diff --git a/playbooks/byo/openshift-node/scaleup.yml b/playbooks/byo/openshift-node/scaleup.yml index 9f992cca6..e0c36fb69 100644 --- a/playbooks/byo/openshift-node/scaleup.yml +++ b/playbooks/byo/openshift-node/scaleup.yml @@ -16,6 +16,4 @@ - include: ../../common/openshift-cluster/std_include.yml -- include: ../../common/openshift-node/certificates.yml - - include: ../../common/openshift-node/config.yml diff --git a/playbooks/common/openshift-cluster/config.yml b/playbooks/common/openshift-cluster/config.yml index 4ca0d48e4..96a43230d 100644 --- a/playbooks/common/openshift-cluster/config.yml +++ b/playbooks/common/openshift-cluster/config.yml @@ -18,10 +18,6 @@ - docker_image_availability - docker_storage -- include: ../openshift-etcd/ca.yml - -- include: ../openshift-etcd/certificates.yml - - include: ../openshift-etcd/config.yml - include: ../openshift-nfs/config.yml @@ -30,16 +26,10 @@ - include: ../openshift-loadbalancer/config.yml when: groups.oo_lb_to_config | default([]) | count > 0 -- include: ../openshift-master/ca.yml - -- include: ../openshift-master/certificates.yml - - include: ../openshift-master/config.yml - include: ../openshift-master/additional_config.yml -- include: ../openshift-node/certificates.yml - - include: ../openshift-node/config.yml - include: ../openshift-glusterfs/config.yml diff --git a/playbooks/common/openshift-cluster/initialize_openshift_version.yml b/playbooks/common/openshift-cluster/initialize_openshift_version.yml index 1b186f181..e6400ea61 100644 --- a/playbooks/common/openshift-cluster/initialize_openshift_version.yml +++ b/playbooks/common/openshift-cluster/initialize_openshift_version.yml @@ -1,6 +1,9 @@ --- +# openshift_install_base_package_group may be set in a play variable to limit +# the host groups the base package is installed on. This is currently used +# for master/control-plane upgrades. - name: Set version_install_base_package true on masters and nodes - hosts: oo_masters_to_config:oo_nodes_to_config + hosts: "{{ openshift_install_base_package_group | default('oo_masters_to_config:oo_nodes_to_config') }}" tasks: - name: Set version_install_base_package true set_fact: @@ -16,8 +19,8 @@ # NOTE: We set this even on etcd hosts as they may also later run as masters, # and we don't want to install wrong version of docker and have to downgrade # later. -- name: Set openshift_version for all hosts - hosts: oo_all_hosts:!oo_first_master +- name: Set openshift_version for etcd, node, and master hosts + hosts: oo_etcd_to_config:oo_nodes_to_config:oo_masters_to_config:!oo_first_master vars: openshift_version: "{{ hostvars[groups.oo_first_master.0].openshift_version }}" pre_tasks: diff --git a/playbooks/common/openshift-cluster/openshift_hosted.yml b/playbooks/common/openshift-cluster/openshift_hosted.yml index b9eb380d3..32e5e708a 100644 --- a/playbooks/common/openshift-cluster/openshift_hosted.yml +++ b/playbooks/common/openshift-cluster/openshift_hosted.yml @@ -23,6 +23,7 @@ - include: cockpit-ui.yml - include: openshift_prometheus.yml + when: openshift_hosted_prometheus_deploy | default(False) | bool - name: Hosted Install Checkpoint End hosts: localhost diff --git a/playbooks/common/openshift-cluster/openshift_prometheus.yml b/playbooks/common/openshift-cluster/openshift_prometheus.yml index ed89d3bde..ac2d250a3 100644 --- a/playbooks/common/openshift-cluster/openshift_prometheus.yml +++ b/playbooks/common/openshift-cluster/openshift_prometheus.yml @@ -3,4 +3,3 @@ hosts: oo_first_master roles: - role: openshift_prometheus - when: openshift_hosted_prometheus_deploy | default(False) | bool diff --git a/playbooks/common/openshift-cluster/redeploy-certificates/openshift-ca.yml b/playbooks/common/openshift-cluster/redeploy-certificates/openshift-ca.yml index 12cd209d2..e4193a00e 100644 --- a/playbooks/common/openshift-cluster/redeploy-certificates/openshift-ca.yml +++ b/playbooks/common/openshift-cluster/redeploy-certificates/openshift-ca.yml @@ -114,12 +114,18 @@ register: g_new_openshift_ca_mktemp changed_when: false -- include: ../../openshift-master/ca.yml +- name: Create OpenShift CA + hosts: oo_first_master vars: # Set openshift_ca_config_dir to a temporary directory where CA # will be created. We'll replace the existing CA with the CA # created in the temporary directory. openshift_ca_config_dir: "{{ hostvars[groups.oo_first_master.0].g_new_openshift_ca_mktemp.stdout }}" + roles: + - role: openshift_master_facts + - role: openshift_named_certificates + - role: openshift_ca + openshift_ca_host: "{{ groups.oo_first_master.0 }}" - name: Create temp directory for syncing certs hosts: localhost diff --git a/playbooks/common/openshift-cluster/upgrades/v3_3/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/v3_3/upgrade_control_plane.yml index 54c85f0fb..f64f0e003 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_3/upgrade_control_plane.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_3/upgrade_control_plane.yml @@ -68,6 +68,7 @@ # defined, and overriding the normal behavior of protecting the installed version openshift_release: "{{ openshift_upgrade_target }}" openshift_protect_installed_version: False + openshift_install_base_package_group: "oo_masters_to_config" # We skip the docker role at this point in upgrade to prevent # unintended package, container, or config upgrades which trigger diff --git a/playbooks/common/openshift-cluster/upgrades/v3_4/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/v3_4/upgrade_control_plane.yml index d7cb38d03..43da5b629 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_4/upgrade_control_plane.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_4/upgrade_control_plane.yml @@ -68,6 +68,7 @@ # defined, and overriding the normal behavior of protecting the installed version openshift_release: "{{ openshift_upgrade_target }}" openshift_protect_installed_version: False + openshift_install_base_package_group: "oo_masters_to_config" # We skip the docker role at this point in upgrade to prevent # unintended package, container, or config upgrades which trigger diff --git a/playbooks/common/openshift-cluster/upgrades/v3_5/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/v3_5/upgrade_control_plane.yml index 6cdea7b84..e9cec9220 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_5/upgrade_control_plane.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_5/upgrade_control_plane.yml @@ -72,6 +72,7 @@ # defined, and overriding the normal behavior of protecting the installed version openshift_release: "{{ openshift_upgrade_target }}" openshift_protect_installed_version: False + openshift_install_base_package_group: "oo_masters_to_config" # We skip the docker role at this point in upgrade to prevent # unintended package, container, or config upgrades which trigger diff --git a/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade_control_plane.yml index 8ab68002d..27d8515dc 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade_control_plane.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade_control_plane.yml @@ -76,6 +76,7 @@ # defined, and overriding the normal behavior of protecting the installed version openshift_release: "{{ openshift_upgrade_target }}" openshift_protect_installed_version: False + openshift_install_base_package_group: "oo_masters_to_config" # We skip the docker role at this point in upgrade to prevent # unintended package, container, or config upgrades which trigger diff --git a/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade_control_plane.yml index 82faf743e..6c4f9671b 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade_control_plane.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade_control_plane.yml @@ -80,6 +80,7 @@ # defined, and overriding the normal behavior of protecting the installed version openshift_release: "{{ openshift_upgrade_target }}" openshift_protect_installed_version: False + openshift_install_base_package_group: "oo_masters_to_config" # We skip the docker role at this point in upgrade to prevent # unintended package, container, or config upgrades which trigger diff --git a/playbooks/common/openshift-etcd/config.yml b/playbooks/common/openshift-etcd/config.yml index 2cae231b4..82539dac8 100644 --- a/playbooks/common/openshift-etcd/config.yml +++ b/playbooks/common/openshift-etcd/config.yml @@ -10,6 +10,10 @@ installer_phase_etcd: "In Progress" aggregate: false +- include: ca.yml + +- include: certificates.yml + - name: Configure etcd hosts: oo_etcd_to_config any_errors_fatal: true diff --git a/playbooks/common/openshift-etcd/scaleup.yml b/playbooks/common/openshift-etcd/scaleup.yml index 8aa508119..b5ba2bbba 100644 --- a/playbooks/common/openshift-etcd/scaleup.yml +++ b/playbooks/common/openshift-etcd/scaleup.yml @@ -20,7 +20,7 @@ /usr/bin/etcdctl --cert-file {{ etcd_peer_cert_file }} --key-file {{ etcd_peer_key_file }} --ca-file {{ etcd_peer_ca_file }} - -C {{ etcd_peer_url_scheme }}://{{ hostvars[etcd_ca_host].etcd_hostname }}:{{ etcd_client_port }} + -C {{ etcd_peer_url_scheme }}://{{ hostvars[etcd_ca_host].etcd_ip }}:{{ etcd_client_port }} member add {{ etcd_hostname }} {{ etcd_peer_url_scheme }}://{{ etcd_ip }}:{{ etcd_peer_port }} delegate_to: "{{ etcd_ca_host }}" failed_when: diff --git a/playbooks/common/openshift-master/ca.yml b/playbooks/common/openshift-master/ca.yml deleted file mode 100644 index 5bb796fa3..000000000 --- a/playbooks/common/openshift-master/ca.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -- name: Create OpenShift CA - hosts: oo_masters_to_config - roles: - - role: openshift_master_facts - - role: openshift_named_certificates - - role: openshift_ca - openshift_ca_host: "{{ groups.oo_first_master.0 }}" diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index 766e0e501..bc1fee982 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -10,6 +10,8 @@ installer_phase_master: "In Progress" aggregate: false +- include: certificates.yml + - name: Disable excluders hosts: oo_masters_to_config gather_facts: no diff --git a/playbooks/common/openshift-master/scaleup.yml b/playbooks/common/openshift-master/scaleup.yml index d007fac85..f4dc9df8a 100644 --- a/playbooks/common/openshift-master/scaleup.yml +++ b/playbooks/common/openshift-master/scaleup.yml @@ -47,8 +47,6 @@ - include: ../openshift-etcd/certificates.yml -- include: ../openshift-master/certificates.yml - - include: ../openshift-master/config.yml - include: ../openshift-loadbalancer/config.yml diff --git a/playbooks/common/openshift-master/set_network_facts.yml b/playbooks/common/openshift-master/set_network_facts.yml index 2ad805858..9a6cf26fc 100644 --- a/playbooks/common/openshift-master/set_network_facts.yml +++ b/playbooks/common/openshift-master/set_network_facts.yml @@ -13,7 +13,9 @@ - name: Set network facts for masters hosts: oo_masters_to_config gather_facts: no - tasks: + roles: + - role: openshift_facts + post_tasks: - block: - set_fact: osm_cluster_network_cidr: "{{ (hostvars[groups.oo_first_master.0].g_master_config_slurp.content|b64decode|from_yaml).networkConfig.clusterNetworkCIDR }}" @@ -24,5 +26,9 @@ - set_fact: openshift_portal_net: "{{ (hostvars[groups.oo_first_master.0].g_master_config_slurp.content|b64decode|from_yaml).networkConfig.serviceNetworkCIDR }}" when: openshift_portal_net is not defined + - openshift_facts: + role: common + local_facts: + portal_net: "{{ openshift_portal_net | default(openshift_master_portal_net) | default(None) }}" when: - hostvars[groups.oo_first_master.0].g_master_config_stat.stat.exists | bool diff --git a/playbooks/common/openshift-node/config.yml b/playbooks/common/openshift-node/config.yml index 6fd8aa6f1..700aab48c 100644 --- a/playbooks/common/openshift-node/config.yml +++ b/playbooks/common/openshift-node/config.yml @@ -10,6 +10,8 @@ installer_phase_node: "In Progress" aggregate: false +- include: certificates.yml + - include: setup.yml - include: containerized_nodes.yml diff --git a/playbooks/common/openshift-node/image_prep.yml b/playbooks/common/openshift-node/image_prep.yml new file mode 100644 index 000000000..fc06621ee --- /dev/null +++ b/playbooks/common/openshift-node/image_prep.yml @@ -0,0 +1,21 @@ +--- +- name: normalize groups + include: ../../byo/openshift-cluster/initialize_groups.yml + +- name: run the std_include + include: ../openshift-cluster/evaluate_groups.yml + +- name: run the std_include + include: ../openshift-cluster/initialize_facts.yml + +- name: run the std_include + include: ../openshift-cluster/initialize_openshift_repos.yml + +- name: run node config setup + include: setup.yml + +- name: run node config + include: configure_nodes.yml + +- name: Re-enable excluders + include: enable_excluders.yml |