summaryrefslogtreecommitdiffstats
path: root/playbooks
Commit message (Collapse)AuthorAgeFilesLines
* Document global DNS security options (#694)Bogdan Dobrelya2017-09-052-0/+18
| | | | | | | | | | | | | | | | | * Document global DNS security options Related changes: * Do not create a view if externally managed. * Allow to specify the recursion settings for public/private views defined by the dns-view role. Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com> * Document public_dns_nameservers better Also use it as the private view forwarder Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
* Add custom post-provision playbook for adding yum repos (#697)tzumainn2017-08-312-9/+29
| | | | | | | | * Add custom post-provision playbook for adding yum repos * fixed formatting issues * requested corrections and formatting changes
* Support external/pre-provisioned authoritative cluster DNS (#690)Bogdan Dobrelya2017-08-251-6/+50
| | | | | | | | | | | | * Document how to use fully external DNS servers w/o provisioning dns servers group with Heat. * Document how to use a mixed servers setup for dynamic records updates mathing public or private views. * Allow custom nsupdate key names for OSP10 dns service compatibility. The osp-dns configures the named service with the fixed key_name 'update-key'. Add optional key_name for the external_nsupdate_keys public section to allow custom key names.
* Added checks for configured images and flavors (#688)Tlacenka2017-08-253-0/+50
| | | | | | | | * prerequisites, custom_*_check: added checking that specified images/flavors are available - uses stack_params as a source of variable value which is then passed to the HOT * minor fixes
* Do not repeat pre_tasks for post-provision playbook (#689)Bogdan Dobrelya2017-08-242-6/+5
| | | | | | Move repeating pre_tasks to pre-install (OpenShift Pre-Requisites) step. Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
* Fix node label customisation (#679)Tlacenka2017-08-234-7/+34
| | | | | | | | | | | | | | | | | | | | * node labels: add checks for custom labels - README: add more info about customising labels - pre_tasks: add checks for label values, set to empty dict if undefined - group_vars: move labels customisation from OSEv3 to all * pre_tasks: tried a new approach to updating variables * pre_tasks: variable update fixed * pre_tasks: rollback upscaling changes (to be added in upscaling PR) * pre_tasks: blank line removed * pre_tasks: add check for undefined variable (should not happen though) * pre_tasks: be sure to have regions defined
* Add documentation regarding running custom post-provision tasks (#678)tzumainn2017-08-231-0/+38
| | | | | | | | * Add documentation regarding running custom post-provision tasks * moved post-provision doc to openstack README * added reference to OSEv3, clarified some text
* Merge pull request #649 from bogdando/mmsBogdan Dobrelya2017-08-232-0/+17
|\ | | | | [WIP] Add docs and defaults for multi-master setup
| * Add docs and defaults for multi-master setupBogdan Dobrelya2017-08-212-0/+17
| | | | | | | | | | | | | | | | Additionally, add the lb group to contain lb nodes to the static inventory template. Include the lb group into the OSEv3 group, in order to apply the cluster group vars to it. Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
* | Ignore *.cfg and *.crt in the openstack inventory (#672)Tomas Sedovic2017-08-211-1/+1
|/ | | | | | This allows our users to keep the ansible.cfg file in the inventory as well as putting e.g. LDAP certificates in. Fixes #481
* Update openshift_release in the sample inventory (#647)Tomas Sedovic2017-08-212-2/+0
| | | | | | | * Update openshift_release in the sample inventory This removes setting the version for Openshift Origin, because the only the latest release is actually available. So if a new Origin release comes up, the installation will fail.
* Configure different Docker volume sizes for different roles (#644)Tlacenka2017-08-173-3/+25
| | | | | | | | | | | | * README, all.yml, stack_params.yaml, openstack-stack: added docker volume size customisation - app_volume_size changed to node_volume_size (it is node everywhere else) * all.yml, stack_params.yaml,openstack-stack: added customisation for lb, etcd, dns * README: updated * README: updated info about ephemeral volumes
* Set custom hostnames for servers (#643)Tlacenka2017-08-163-0/+19
| | | | | | | | | | * README, all.yml, stack_params.yml, heat_stack.yaml.j2: hostname customisation added * hostnames customisation: default set in stack_params * heat_stack: bug fix * fixed commented defaults in group_vars/all.yml
* Access UI via a bastion node (#596)Bogdan Dobrelya2017-08-162-0/+19
| | | | | | | | When using a bastion and a single master, use the lb-secgrp to access UI port allowed from the ingress bastion node cidr. For HA (masters>1), UI still should be accessed via the LB node's ingress cidr, omitting the bastion. Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
* group_vars/all.yml, stack_params.yaml, README: specifying flavors enabled ↵Tlacenka2017-08-153-8/+22
| | | | and documented (#638)
* Specify different image names for roles (#637)Tlacenka2017-08-153-4/+23
| | | | | | | | | | | | * all.yml: set up new variables for specifying images for roles * stack_params.yaml: add image name variables for different roles * more roles added * heat_stack.yaml.j2: openstack_image changed to updated image names * README: updated documentation for specifying image names
* Support multiple private networks for static inventory (#604)Bogdan Dobrelya2017-08-153-0/+6
| | | | | | Add openstack_private_network_name to filter by a wanted private network. Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
* Allow using ephemeral volumes for docker storage (#615)Tomas Sedovic2017-08-041-0/+5
| | | | | | | | For testing cases it's sometimes useful to not create Cinder volumes for the VMs. It can also sometimes be a little faster and more robust (but unfit for production). This adds an option called `ephemeral_volumes` that will use the VM's storage instead of creating volumes when set to true.
* Remove clouds.yaml from sample-inventoryTomas Sedovic2017-08-042-9/+0
| | | | | | | | | | | | | With the move to the static inventory, we don't need it anymore so it's now just an unnecessary step in the deployment. Note that the users may still want to use clouds.yaml for openstack credentials instead of sourcing the `OS_*` environment variables, but they can do that at their discression. The reason we had the clouds.yaml here was because the `openstack.py` dynamic inventory used the servers' UUID's as ansible hosts by default and the options we put in caused it to use the hostnames (as desired).
* Moving common DNS roles out of the playbook area (#605)Øystein Bedin2017-08-023-111/+2
|
* Merge pull request #591 from day4skiing/dnspri-wildcardBogdan Dobrelya2017-07-281-0/+5
|\ | | | | Add wildcard record for Private DNS
| * removed openstackDan Jurgensmeyer2017-07-261-1/+1
| |
| * Add wildcard pointer to Private DNSDan Jurgensmeyer2017-07-261-0/+5
| |
* | Note about jmespath requirement for control node (#599)Bogdan Dobrelya2017-07-282-0/+11
| | | | | | Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
* | Options for bastion, SSH config, static inventory autogenerationBogdan Dobrelya2017-07-256-7/+51
|/ | | | | | | | | | | | | | | * At the provisioning stage, allow users to auto-generate SSH config, when using a static inventory. * Run playbooks to provsion and post-provision as a separate, when using a bastion. This re-applies the SSH config, which ansible can't do on the fly. * Support a pre-installed bastion node, colocated with the 1st infra node. * With a bastion enabled, reduce floating IP footprint to infra and dns nodes only, effectively isolating a cluster in a private network. Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
* README: Added note about infra-ansible installation (#574)Tlacenka2017-07-241-1/+5
| | | | | | | | * README in provisioning: note about infra-ansible not updating versions if one exists * README in provisioning: minor change * README: improved readability
* Static inventory autogeneration (#550)Bogdan Dobrelya2017-07-205-49/+101
| | | | | | | | | * At the provisioning stage, allow users to auto-generate a static inventory w/o manual steps needed. The alternative to go fully dynamic TBD. * Move openshift pre-install playbook to the post provision playbook, where the second part of the pre install tasks is already placed. Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
* Generate static inventory with shade inventory (#538)Bogdan Dobrelya2017-07-208-1028/+43
| | | | | | | | | | | | | | * Autogenerate inventory/hosts when 'inventory: static' (Default), with the shade-inventory tool. * Drop unused anymore: openstack.py and associated GPL notes, an example static inventory, omit manual updates for the inventory DNS names in the deployment guide. * Switch openstack.py formatted inventory hostvars to the shade-inventory format (omit openstack.* from hostvars). * Populate node labels from inventory vars instead of the heat templates combined with inventory vars. * Add app (k8s minions) nodes group for primary node labels. Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
* Merge pull request #560 from Tlacenka/openstackrepoBogdan Dobrelya2017-07-201-0/+6
|\ | | | | Added prerequisity for python-openstackclient installation
| * README: fixKaterina Pilatova2017-07-191-1/+0
| |
| * README: typoKaterina Pilatova2017-07-181-1/+1
| |
| * dependencies: python-heatclient and python-openstackclient added to optional ↵Katerina Pilatova2017-07-181-0/+6
| | | | | | | | dependencies
| * README: added prerequisity for a repository needed for ↵Katerina Pilatova2017-07-181-0/+1
| | | | | | | | python-openstackclient installation
* | Set ansible_become for the OSEv3 groupTomas Sedovic2017-07-192-1/+5
|/ | | | | | | | | | Because openshift-ansible requires root on the cluster nodes, but it doesn't explicitly set it in the playbooks (like we do), let's set it in our inventory instead of requiring to pass `--become` to `ansible-playbook`. That will simplify the installation steps as well as let us include the provisioning and openshift-ansible playbooks in a single playbook.
* Set up NetworkManager automatically (#542)Tomas Sedovic2017-07-142-5/+4
| | | | | | | | | | | | | | | | | | | * Set up NetworkManager automatically This removes the extra step of running the `openshift-ansible/playbooks/byo/openshift-node/network_manager.yml` before installing openshift. In addition, the playbook relies on a host group that the provisioning doesn't provide (oo_all_hosts). Instead, we set up NetworkManager on CentOS nodes automatically. And we restart it on RHEL (which is necessary for the nodes to pick up the new DNS we configured the subnet with). This makes the provisioning easier and more resilient. * Apply the node-network-manager role to every node It makes the code simpler and more consistent across distros.
* Switch the sample inventory to CentOS (#541)Tomas Sedovic2017-07-122-3/+12
| | | | | | | | | | | | | | | | * Switch the sample inventory to CentOS This changes the image name and deployment types to use centos instead of rhel and sets `rhsm_register` to false. With these changes, the inventory should be immediately deployable using the default values (assuming the image, network and flavor names match). Ideally, the upstream CI will just end up using this inventory with little to no changes, too at some point. * Specify the origin openshift_release
* Add defaults values for some openstack vars (#539)Tomas Sedovic2017-07-122-3/+3
| | | | | | | | | | | | | | * Add defaults values for some openstack vars Ansible shows errors when the `rhsm_register` and `openstack_flat_secgrp` values are not present in the inventory even though they have sensible default values. This makes them both default to false when they're not specified. * Comment out the flat security group option in inv It's no longer required to be there so let's comment it out.
* Install DNS roles from casl-infra with galaxy (#529)Bogdan Dobrelya2017-07-123-3/+26
| | | Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
* Playbook prerequisites.yml checks that prerequisites are met before ↵Tlacenka2017-07-102-0/+78
| | | | | | | | | | | | | | | | | | | provisioning (#518) * prerequisites.yml: check prerequisites on localhost needed for provisioning provision.yml: includes prerequisites.yml * prerequisites: indentation fixed * prerequisites.yml: used ansible_version variable, openstack modules for ansible * prerequisites.yml: os_keypair is not suitable for this purpose * prerequisites.yml: openstack keypair command exchanged for shade - there is no Ansible module for this now - os_keypair is not suitable for this purpose - python-openstackclient dependency is not desirable
* Merge pull request #525 from bogdando/manage_packagesTomas Sedovic2017-06-301-0/+10
|\ | | | | Manage packages to install/update for openstack provider
| * Manage packages to install/update for openstack providerBogdan Dobrelya2017-06-301-0/+10
| | | | | | | | | | | | | | Allow required packages and yum update all steps to be optionally disabled. Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
* | Persist DNS configuration for nodes for openstack providerBogdan Dobrelya2017-06-304-59/+86
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Firstly, provision a Heat stack with given public resolvers. * After the DNS node configured as an authoritative server, switch the Heat stack's Neutron subnet to that resolver (private_dns_server) the way it to become the first entry pushed into the hosts /etc/resolv.conf. It will be serving the cluster domain requests for OpenShift nodes and workloads. * Drop post-provision /etc/reslov.conf nameserver hacks as not needed anymore. * Fix dns floating IPs output and add the priv IPs output as well. * Update docs, clarify localhost vs servers requirements, add required Network Manager setup step. * Use post-provision task names instead of comments. Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
* | Fix yaml indentationTomas Sedovic2017-06-291-1/+1
| |
* | Use wait_for_connection for the Heat nodesTomas Sedovic2017-06-291-3/+7
|/ | | | | | | | | | The `wait_for_connection` module is more reliable as it uses Ansible's `ping` to verify the nodes are really accessible. Using `wait_for` and checking that port 22 is open runs into the possibility of SSH being up but the public keys or users not being set up yet (as that's done with cloud-init). In addition, we were gathering facts before running the wait_for task which rendered it useless.
* README.md: fixing typoKaterina Pilatova2017-06-271-1/+1
|
* README.md: list jinja2 as a dependencyKaterina Pilatova2017-06-271-0/+1
|
* Merge pull request #491 from tzumainn/openstack-heat-stack-updateTomas Sedovic2017-06-263-0/+7
|\ | | | | Add node_removal_policies variable to openstack provisioning to allow for scaling down
| * rename node_removal_policies, add some comments and defaultsTzu-Mainn Chen2017-06-233-4/+5
| |
| * Add node_removal_policies variable to allow for scaling downTzu-Mainn Chen2017-06-213-0/+6
| |
* | Merge pull request #499 from Tlacenka/all_yml_remove_whitespaceTomas Sedovic2017-06-261-24/+24
|\ \ | | | | | | all.yml: removed whitespaces in front of variables