summaryrefslogtreecommitdiffstats
path: root/roles/nuage_node
diff options
context:
space:
mode:
Diffstat (limited to 'roles/nuage_node')
-rw-r--r--roles/nuage_node/README.md9
-rw-r--r--roles/nuage_node/handlers/main.yaml8
-rw-r--r--roles/nuage_node/meta/main.yml16
-rw-r--r--roles/nuage_node/tasks/certificates.yml50
-rw-r--r--roles/nuage_node/tasks/main.yaml39
-rw-r--r--roles/nuage_node/templates/vsp-openshift.j224
-rw-r--r--roles/nuage_node/vars/main.yaml21
7 files changed, 167 insertions, 0 deletions
diff --git a/roles/nuage_node/README.md b/roles/nuage_node/README.md
new file mode 100644
index 000000000..02a3cbc77
--- /dev/null
+++ b/roles/nuage_node/README.md
@@ -0,0 +1,9 @@
+Nuage Node
+==========
+
+Setup Nuage VRS (Virtual Routing Switching) on the Openshift Node
+
+Requirements
+------------
+
+This role assumes it has been deployed on RHEL/Fedora
diff --git a/roles/nuage_node/handlers/main.yaml b/roles/nuage_node/handlers/main.yaml
new file mode 100644
index 000000000..25482a845
--- /dev/null
+++ b/roles/nuage_node/handlers/main.yaml
@@ -0,0 +1,8 @@
+---
+- name: restart vrs
+ sudo: true
+ service: name=openvswitch state=restarted
+
+- name: restart node
+ sudo: true
+ service: name={{ openshift.common.service_type }}-node state=restarted
diff --git a/roles/nuage_node/meta/main.yml b/roles/nuage_node/meta/main.yml
new file mode 100644
index 000000000..3f16dd819
--- /dev/null
+++ b/roles/nuage_node/meta/main.yml
@@ -0,0 +1,16 @@
+---
+galaxy_info:
+ author: Vishal Patil
+ description:
+ company: Nuage Networks
+ license: Apache License, Version 2.0
+ min_ansible_version: 1.8
+ platforms:
+ - name: EL
+ versions:
+ - 7
+ categories:
+ - cloud
+ - system
+dependencies:
+- { role: nuage_ca }
diff --git a/roles/nuage_node/tasks/certificates.yml b/roles/nuage_node/tasks/certificates.yml
new file mode 100644
index 000000000..0fe6f7bac
--- /dev/null
+++ b/roles/nuage_node/tasks/certificates.yml
@@ -0,0 +1,50 @@
+---
+- name: Create a directory to hold the certificates
+ file: path="{{ nuage_plugin_rest_client_crt_dir }}" state=directory
+ delegate_to: "{{ nuage_ca_master }}"
+
+- name: Create the key
+ command: >
+ openssl genrsa -out "{{ nuage_ca_master_plugin_key }}" 4096
+ delegate_to: "{{ nuage_ca_master }}"
+
+- name: Create the req file
+ command: >
+ openssl req -key "{{ nuage_ca_master_plugin_key }}" -new -out "{{ nuage_plugin_rest_client_crt_dir }}/restClient.req" -subj "/CN=nuage-client"
+ delegate_to: "{{ nuage_ca_master }}"
+
+- name: Generate the crt file
+ command: >
+ openssl x509 -req -in "{{ nuage_plugin_rest_client_crt_dir }}/restClient.req" -CA "{{ nuage_ca_crt }}" -CAkey "{{ nuage_ca_key }}" -CAserial "{{ nuage_ca_serial }}" -out "{{ nuage_ca_master_plugin_crt }}" -extensions clientauth -extfile "{{ nuage_ca_dir }}"/openssl.cnf
+ delegate_to: "{{ nuage_ca_master }}"
+
+- name: Remove the req file
+ file: path="{{ nuage_plugin_rest_client_crt_dir }}/restClient.req" state=absent
+ delegate_to: "{{ nuage_ca_master }}"
+
+- name: Copy nuage CA crt
+ shell: cp "{{ nuage_ca_crt }}" "{{ nuage_plugin_rest_client_crt_dir }}"
+ delegate_to: "{{ nuage_ca_master }}"
+
+- name: Archive the certificate dir
+ shell: "cd {{ nuage_plugin_rest_client_crt_dir }} && tar -czvf /tmp/{{ ansible_nodename }}.tgz *"
+ delegate_to: "{{ nuage_ca_master }}"
+
+- name: Create a temp directory for the certificates
+ local_action: command mktemp -d "/tmp/openshift-{{ ansible_nodename }}-XXXXXXX"
+ register: mktemp
+
+- name: Download the certificates
+ fetch: src="/tmp/{{ ansible_nodename }}.tgz" dest="{{ mktemp.stdout }}/{{ ansible_nodename }}.tgz" flat=yes
+ delegate_to: "{{ nuage_ca_master }}"
+
+- name: Extract the certificates
+ unarchive: src="{{ mktemp.stdout }}/{{ ansible_nodename }}.tgz" dest={{ nuage_plugin_crt_dir }}
+
+- name: Delete the certificates after copy
+ file: path="{{ nuage_plugin_rest_client_crt_dir }}" state=absent
+ delegate_to: "{{ nuage_ca_master }}"
+
+- name: Delete the temp directory
+ file: path="{{ mktemp.stdout }}" state=absent
+ delegate_to: "{{ nuage_ca_master }}"
diff --git a/roles/nuage_node/tasks/main.yaml b/roles/nuage_node/tasks/main.yaml
new file mode 100644
index 000000000..d7dd53802
--- /dev/null
+++ b/roles/nuage_node/tasks/main.yaml
@@ -0,0 +1,39 @@
+---
+- name: Install Nuage VRS
+ sudo: true
+ yum: name={{ vrs_rpm }} state=present
+
+- name: Set the uplink interface
+ sudo: true
+ lineinfile: dest={{ vrs_config }} regexp=^NETWORK_UPLINK_INTF line='NETWORK_UPLINK_INTF={{ uplink_interface }}'
+
+- name: Set the Active Controller
+ sudo: true
+ lineinfile: dest={{ vrs_config }} regexp=^ACTIVE_CONTROLLER line='ACTIVE_CONTROLLER={{ vsc_active_ip }}'
+
+- name: Set the Standby Controller
+ sudo: true
+ lineinfile: dest={{ vrs_config }} regexp=^STANDBY_CONTROLLER line='STANDBY_CONTROLLER={{ vsc_standby_ip }}'
+ when: vsc_standby_ip is defined
+
+- name: Install plugin rpm
+ sudo: true
+ yum: name={{ plugin_rpm }} state=present
+
+- name: Copy the certificates and keys
+ sudo: true
+ copy: src="/tmp/{{ item }}" dest="{{ vsp_openshift_dir }}/{{ item }}"
+ with_items:
+ - ca.crt
+ - nuage.crt
+ - nuage.key
+ - nuage.kubeconfig
+
+- include: certificates.yml
+
+- name: Set the vsp-openshift.yaml
+ sudo: true
+ template: src=vsp-openshift.j2 dest={{ vsp_openshift_yaml }} owner=root mode=0644
+ notify:
+ - restart vrs
+ - restart node
diff --git a/roles/nuage_node/templates/vsp-openshift.j2 b/roles/nuage_node/templates/vsp-openshift.j2
new file mode 100644
index 000000000..6c10b9c24
--- /dev/null
+++ b/roles/nuage_node/templates/vsp-openshift.j2
@@ -0,0 +1,24 @@
+clientCert: {{ client_cert }}
+# The key to the certificate in clientCert above
+clientKey: {{ client_key }}
+# The certificate authority's certificate for the local kubelet. Usually the
+# same as the CA cert used to create the client Cert/Key pair.
+CACert: {{ ca_cert }}
+# Name of the enterprise in which pods will reside
+enterpriseName: {{ enterprise }}
+# Name of the domain in which pods will reside
+domainName: {{ domain }}
+# IP address and port number of master API server
+masterApiServer: {{ api_server }}
+# REST server URL
+nuageMonRestServer: {{ nuage_mon_rest_server_url }}
+# Bridge name for the docker bridge
+dockerBridgeName: {{ docker_bridge }}
+# Certificate for connecting to the kubemon REST API
+nuageMonClientCert: {{ rest_client_cert }}
+# Key to the certificate in restClientCert
+nuageMonClientKey: {{ rest_client_key }}
+# CA certificate for verifying the master's rest server
+nuageMonServerCA: {{ rest_server_ca_cert }}
+# Nuage vport mtu size
+interfaceMTU: {{ vport_mtu }}
diff --git a/roles/nuage_node/vars/main.yaml b/roles/nuage_node/vars/main.yaml
new file mode 100644
index 000000000..5acc65ef4
--- /dev/null
+++ b/roles/nuage_node/vars/main.yaml
@@ -0,0 +1,21 @@
+---
+vrs_config: /etc/default/openvswitch
+vsp_openshift_dir: /usr/share/vsp-openshift
+vsp_openshift_yaml: "{{ vsp_openshift_dir }}/vsp-openshift.yaml"
+client_cert: "{{ vsp_openshift_dir }}/nuage.crt"
+client_key: "{{ vsp_openshift_dir }}/nuage.key"
+ca_cert: "{{ vsp_openshift_dir }}/ca.crt"
+api_server: "{{ openshift_node_master_api_url }}"
+nuage_mon_rest_server_port: "{{ nuage_openshift_monitor_rest_server_port | default('9443') }}"
+nuage_mon_rest_server_url: "https://{{ openshift_master_cluster_hostname }}:{{ nuage_mon_rest_server_port }}"
+docker_bridge: "docker0"
+rest_client_cert: "{{ vsp_openshift_dir }}/nuageMonClient.crt"
+rest_client_key: "{{ vsp_openshift_dir }}/nuageMonClient.key"
+rest_server_ca_cert: "{{ vsp_openshift_dir }}/nuageMonCA.crt"
+vport_mtu: "{{ nuage_interface_mtu | default('1460') }}"
+
+nuage_plugin_rest_client_crt_dir: "{{ nuage_ca_master_crt_dir }}/{{ ansible_nodename }}"
+nuage_ca_master_plugin_key: "{{ nuage_plugin_rest_client_crt_dir }}/nuageMonClient.key"
+nuage_ca_master_plugin_crt: "{{ nuage_plugin_rest_client_crt_dir }}/nuageMonClient.crt"
+
+nuage_plugin_crt_dir : /usr/share/vsp-openshift
generated by cgit v1.2.3 (git 2.25.1) at 2024-10-19 15:59:46 +0000