diff options
Diffstat (limited to 'roles/nuage_node')
-rw-r--r-- | roles/nuage_node/README.md | 9 | ||||
-rw-r--r-- | roles/nuage_node/handlers/main.yaml | 8 | ||||
-rw-r--r-- | roles/nuage_node/meta/main.yml | 16 | ||||
-rw-r--r-- | roles/nuage_node/tasks/certificates.yml | 50 | ||||
-rw-r--r-- | roles/nuage_node/tasks/main.yaml | 39 | ||||
-rw-r--r-- | roles/nuage_node/templates/vsp-openshift.j2 | 24 | ||||
-rw-r--r-- | roles/nuage_node/vars/main.yaml | 21 |
7 files changed, 167 insertions, 0 deletions
diff --git a/roles/nuage_node/README.md b/roles/nuage_node/README.md new file mode 100644 index 000000000..02a3cbc77 --- /dev/null +++ b/roles/nuage_node/README.md @@ -0,0 +1,9 @@ +Nuage Node +========== + +Setup Nuage VRS (Virtual Routing Switching) on the Openshift Node + +Requirements +------------ + +This role assumes it has been deployed on RHEL/Fedora diff --git a/roles/nuage_node/handlers/main.yaml b/roles/nuage_node/handlers/main.yaml new file mode 100644 index 000000000..25482a845 --- /dev/null +++ b/roles/nuage_node/handlers/main.yaml @@ -0,0 +1,8 @@ +--- +- name: restart vrs + sudo: true + service: name=openvswitch state=restarted + +- name: restart node + sudo: true + service: name={{ openshift.common.service_type }}-node state=restarted diff --git a/roles/nuage_node/meta/main.yml b/roles/nuage_node/meta/main.yml new file mode 100644 index 000000000..3f16dd819 --- /dev/null +++ b/roles/nuage_node/meta/main.yml @@ -0,0 +1,16 @@ +--- +galaxy_info: + author: Vishal Patil + description: + company: Nuage Networks + license: Apache License, Version 2.0 + min_ansible_version: 1.8 + platforms: + - name: EL + versions: + - 7 + categories: + - cloud + - system +dependencies: +- { role: nuage_ca } diff --git a/roles/nuage_node/tasks/certificates.yml b/roles/nuage_node/tasks/certificates.yml new file mode 100644 index 000000000..0fe6f7bac --- /dev/null +++ b/roles/nuage_node/tasks/certificates.yml @@ -0,0 +1,50 @@ +--- +- name: Create a directory to hold the certificates + file: path="{{ nuage_plugin_rest_client_crt_dir }}" state=directory + delegate_to: "{{ nuage_ca_master }}" + +- name: Create the key + command: > + openssl genrsa -out "{{ nuage_ca_master_plugin_key }}" 4096 + delegate_to: "{{ nuage_ca_master }}" + +- name: Create the req file + command: > + openssl req -key "{{ nuage_ca_master_plugin_key }}" -new -out "{{ nuage_plugin_rest_client_crt_dir }}/restClient.req" -subj "/CN=nuage-client" + delegate_to: "{{ nuage_ca_master }}" + +- name: Generate the crt file + command: > + openssl x509 -req -in "{{ nuage_plugin_rest_client_crt_dir }}/restClient.req" -CA "{{ nuage_ca_crt }}" -CAkey "{{ nuage_ca_key }}" -CAserial "{{ nuage_ca_serial }}" -out "{{ nuage_ca_master_plugin_crt }}" -extensions clientauth -extfile "{{ nuage_ca_dir }}"/openssl.cnf + delegate_to: "{{ nuage_ca_master }}" + +- name: Remove the req file + file: path="{{ nuage_plugin_rest_client_crt_dir }}/restClient.req" state=absent + delegate_to: "{{ nuage_ca_master }}" + +- name: Copy nuage CA crt + shell: cp "{{ nuage_ca_crt }}" "{{ nuage_plugin_rest_client_crt_dir }}" + delegate_to: "{{ nuage_ca_master }}" + +- name: Archive the certificate dir + shell: "cd {{ nuage_plugin_rest_client_crt_dir }} && tar -czvf /tmp/{{ ansible_nodename }}.tgz *" + delegate_to: "{{ nuage_ca_master }}" + +- name: Create a temp directory for the certificates + local_action: command mktemp -d "/tmp/openshift-{{ ansible_nodename }}-XXXXXXX" + register: mktemp + +- name: Download the certificates + fetch: src="/tmp/{{ ansible_nodename }}.tgz" dest="{{ mktemp.stdout }}/{{ ansible_nodename }}.tgz" flat=yes + delegate_to: "{{ nuage_ca_master }}" + +- name: Extract the certificates + unarchive: src="{{ mktemp.stdout }}/{{ ansible_nodename }}.tgz" dest={{ nuage_plugin_crt_dir }} + +- name: Delete the certificates after copy + file: path="{{ nuage_plugin_rest_client_crt_dir }}" state=absent + delegate_to: "{{ nuage_ca_master }}" + +- name: Delete the temp directory + file: path="{{ mktemp.stdout }}" state=absent + delegate_to: "{{ nuage_ca_master }}" diff --git a/roles/nuage_node/tasks/main.yaml b/roles/nuage_node/tasks/main.yaml new file mode 100644 index 000000000..d7dd53802 --- /dev/null +++ b/roles/nuage_node/tasks/main.yaml @@ -0,0 +1,39 @@ +--- +- name: Install Nuage VRS + sudo: true + yum: name={{ vrs_rpm }} state=present + +- name: Set the uplink interface + sudo: true + lineinfile: dest={{ vrs_config }} regexp=^NETWORK_UPLINK_INTF line='NETWORK_UPLINK_INTF={{ uplink_interface }}' + +- name: Set the Active Controller + sudo: true + lineinfile: dest={{ vrs_config }} regexp=^ACTIVE_CONTROLLER line='ACTIVE_CONTROLLER={{ vsc_active_ip }}' + +- name: Set the Standby Controller + sudo: true + lineinfile: dest={{ vrs_config }} regexp=^STANDBY_CONTROLLER line='STANDBY_CONTROLLER={{ vsc_standby_ip }}' + when: vsc_standby_ip is defined + +- name: Install plugin rpm + sudo: true + yum: name={{ plugin_rpm }} state=present + +- name: Copy the certificates and keys + sudo: true + copy: src="/tmp/{{ item }}" dest="{{ vsp_openshift_dir }}/{{ item }}" + with_items: + - ca.crt + - nuage.crt + - nuage.key + - nuage.kubeconfig + +- include: certificates.yml + +- name: Set the vsp-openshift.yaml + sudo: true + template: src=vsp-openshift.j2 dest={{ vsp_openshift_yaml }} owner=root mode=0644 + notify: + - restart vrs + - restart node diff --git a/roles/nuage_node/templates/vsp-openshift.j2 b/roles/nuage_node/templates/vsp-openshift.j2 new file mode 100644 index 000000000..6c10b9c24 --- /dev/null +++ b/roles/nuage_node/templates/vsp-openshift.j2 @@ -0,0 +1,24 @@ +clientCert: {{ client_cert }} +# The key to the certificate in clientCert above +clientKey: {{ client_key }} +# The certificate authority's certificate for the local kubelet. Usually the +# same as the CA cert used to create the client Cert/Key pair. +CACert: {{ ca_cert }} +# Name of the enterprise in which pods will reside +enterpriseName: {{ enterprise }} +# Name of the domain in which pods will reside +domainName: {{ domain }} +# IP address and port number of master API server +masterApiServer: {{ api_server }} +# REST server URL +nuageMonRestServer: {{ nuage_mon_rest_server_url }} +# Bridge name for the docker bridge +dockerBridgeName: {{ docker_bridge }} +# Certificate for connecting to the kubemon REST API +nuageMonClientCert: {{ rest_client_cert }} +# Key to the certificate in restClientCert +nuageMonClientKey: {{ rest_client_key }} +# CA certificate for verifying the master's rest server +nuageMonServerCA: {{ rest_server_ca_cert }} +# Nuage vport mtu size +interfaceMTU: {{ vport_mtu }} diff --git a/roles/nuage_node/vars/main.yaml b/roles/nuage_node/vars/main.yaml new file mode 100644 index 000000000..5acc65ef4 --- /dev/null +++ b/roles/nuage_node/vars/main.yaml @@ -0,0 +1,21 @@ +--- +vrs_config: /etc/default/openvswitch +vsp_openshift_dir: /usr/share/vsp-openshift +vsp_openshift_yaml: "{{ vsp_openshift_dir }}/vsp-openshift.yaml" +client_cert: "{{ vsp_openshift_dir }}/nuage.crt" +client_key: "{{ vsp_openshift_dir }}/nuage.key" +ca_cert: "{{ vsp_openshift_dir }}/ca.crt" +api_server: "{{ openshift_node_master_api_url }}" +nuage_mon_rest_server_port: "{{ nuage_openshift_monitor_rest_server_port | default('9443') }}" +nuage_mon_rest_server_url: "https://{{ openshift_master_cluster_hostname }}:{{ nuage_mon_rest_server_port }}" +docker_bridge: "docker0" +rest_client_cert: "{{ vsp_openshift_dir }}/nuageMonClient.crt" +rest_client_key: "{{ vsp_openshift_dir }}/nuageMonClient.key" +rest_server_ca_cert: "{{ vsp_openshift_dir }}/nuageMonCA.crt" +vport_mtu: "{{ nuage_interface_mtu | default('1460') }}" + +nuage_plugin_rest_client_crt_dir: "{{ nuage_ca_master_crt_dir }}/{{ ansible_nodename }}" +nuage_ca_master_plugin_key: "{{ nuage_plugin_rest_client_crt_dir }}/nuageMonClient.key" +nuage_ca_master_plugin_crt: "{{ nuage_plugin_rest_client_crt_dir }}/nuageMonClient.crt" + +nuage_plugin_crt_dir : /usr/share/vsp-openshift |