From 2a7131b9403a4b22ebc55606814f604f723dc826 Mon Sep 17 00:00:00 2001 From: Sylvain Baubeau Date: Tue, 13 Oct 2015 16:36:01 +0200 Subject: Add flannel support Signed-off-by: Sylvain Baubeau --- playbooks/common/openshift-master/config.yml | 8 ++++ playbooks/common/openshift-node/config.yml | 3 ++ roles/flannel/README.md | 37 ++++++++++++++++++ roles/flannel/defaults/main.yaml | 8 ++++ roles/flannel/handlers/main.yml | 8 ++++ roles/flannel/meta/main.yml | 16 ++++++++ roles/flannel/tasks/main.yml | 44 ++++++++++++++++++++++ roles/flannel_register/README.md | 37 ++++++++++++++++++ roles/flannel_register/defaults/main.yaml | 11 ++++++ roles/flannel_register/meta/main.yml | 16 ++++++++ roles/flannel_register/tasks/main.yml | 14 +++++++ .../flannel_register/templates/flannel-config.json | 8 ++++ roles/openshift_common/tasks/main.yml | 1 + roles/openshift_facts/library/openshift_facts.py | 18 +++++++++ roles/openshift_master/tasks/main.yml | 11 +++++- roles/openshift_node/tasks/main.yml | 1 + 16 files changed, 240 insertions(+), 1 deletion(-) create mode 100644 roles/flannel/README.md create mode 100644 roles/flannel/defaults/main.yaml create mode 100644 roles/flannel/handlers/main.yml create mode 100644 roles/flannel/meta/main.yml create mode 100644 roles/flannel/tasks/main.yml create mode 100644 roles/flannel_register/README.md create mode 100644 roles/flannel_register/defaults/main.yaml create mode 100644 roles/flannel_register/meta/main.yml create mode 100644 roles/flannel_register/tasks/main.yml create mode 100644 roles/flannel_register/templates/flannel-config.json diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index 1dec923fc..54d61da06 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -247,6 +247,14 @@ when: ( deployment_type in ['atomic-enterprise','openshift-enterprise'] ) and (osm_use_cockpit | bool or osm_use_cockpit is undefined ) +- name: Configure flannel + hosts: oo_first_master + vars: + etcd_urls: "{{ openshift.master.etcd_urls }}" + roles: + - role: flannel_register + when: openshift.common.use_flannel | bool + # Additional instance config for online deployments - name: Additional instance config hosts: oo_masters_deployment_type_online diff --git a/playbooks/common/openshift-node/config.yml b/playbooks/common/openshift-node/config.yml index a14ca8e11..e39e9164c 100644 --- a/playbooks/common/openshift-node/config.yml +++ b/playbooks/common/openshift-node/config.yml @@ -84,6 +84,7 @@ vars: sync_tmpdir: "{{ hostvars.localhost.mktemp.stdout }}" openshift_node_master_api_url: "{{ hostvars[groups.oo_first_master.0].openshift.master.api_url }}" + etcd_urls: "{{ hostvars[groups.oo_first_master.0].openshift.master.etcd_urls }}" pre_tasks: - name: Ensure certificate directory exists file: @@ -100,6 +101,8 @@ when: certs_missing roles: - openshift_node + - role: flannel + when: openshift.common.use_flannel | bool - role: nickhammond.logrotate - role: fluentd_node when: openshift.common.use_fluentd | bool diff --git a/roles/flannel/README.md b/roles/flannel/README.md new file mode 100644 index 000000000..94cf15254 --- /dev/null +++ b/roles/flannel/README.md @@ -0,0 +1,37 @@ +Role Name +========= + +Configure flannel on openshift nodes + +Requirements +------------ + +This role assumes it's being deployed on a RHEL/Fedora based host with package +named 'flannel' available via yum, in version superior to 0.3. + +Role Variables +-------------- + +TODO + +Dependencies +------------ + +openshift_facts + +Example Playbook +---------------- + + - hosts: openshift_node + roles: + - { flannel } + +License +------- + +Apache License, Version 2.0 + +Author Information +------------------ + +Sylvain Baubeau diff --git a/roles/flannel/defaults/main.yaml b/roles/flannel/defaults/main.yaml new file mode 100644 index 000000000..a9acab634 --- /dev/null +++ b/roles/flannel/defaults/main.yaml @@ -0,0 +1,8 @@ +--- +flannel_interface: "{{ ansible_default_ipv4.interface }}" +flannel_etcd_key: /openshift.com/network +etcd_hosts: "{{ etcd_urls }}" +etcd_conf_dir: "{{ openshift.common.config_base }}/node" +etcd_peer_ca_file: "{{ etcd_conf_dir }}/ca.crt" +etcd_peer_cert_file: "{{ etcd_conf_dir }}/system:node:{{ openshift.common.hostname }}.crt" +etcd_peer_key_file: "{{ etcd_conf_dir }}/system:node:{{ openshift.common.hostname }}.key" diff --git a/roles/flannel/handlers/main.yml b/roles/flannel/handlers/main.yml new file mode 100644 index 000000000..f9b9ae7f1 --- /dev/null +++ b/roles/flannel/handlers/main.yml @@ -0,0 +1,8 @@ +--- +- name: restart flanneld + sudo: true + service: name=flanneld state=restarted + +- name: restart docker + sudo: true + service: name=docker state=restarted diff --git a/roles/flannel/meta/main.yml b/roles/flannel/meta/main.yml new file mode 100644 index 000000000..a64934b3c --- /dev/null +++ b/roles/flannel/meta/main.yml @@ -0,0 +1,16 @@ +--- +galaxy_info: + author: Sylvain + description: etcd management + company: Red Hat, Inc. + license: Apache License, Version 2.0 + min_ansible_version: 1.2 + platforms: + - name: EL + versions: + - 7 + categories: + - cloud + - system +dependencies: +- { role: openshift_facts } diff --git a/roles/flannel/tasks/main.yml b/roles/flannel/tasks/main.yml new file mode 100644 index 000000000..8a871efb2 --- /dev/null +++ b/roles/flannel/tasks/main.yml @@ -0,0 +1,44 @@ +--- +- name: Install flannel + sudo: true + yum: pkg=flannel state=present + +- name: Set flannel etcd url + sudo: true + lineinfile: + dest: /etc/sysconfig/flanneld + backrefs: yes + regexp: "^(FLANNEL_ETCD=)" + line: '\1{{ etcd_hosts|join(",") }}' + +- name: Set flannel etcd key + sudo: true + lineinfile: + dest: /etc/sysconfig/flanneld + backrefs: yes + regexp: "^(FLANNEL_ETCD_KEY=)" + line: '\1{{ flannel_etcd_key }}' + notify: + +- name: Set flannel options + sudo: true + lineinfile: + dest: /etc/sysconfig/flanneld + backrefs: yes + regexp: "^#?(FLANNEL_OPTIONS=)" + line: '\1--iface {{ flannel_interface }} --etcd-cafile={{ etcd_peer_ca_file }} --etcd-keyfile={{ etcd_peer_key_file }} --etcd-certfile={{ etcd_peer_cert_file }}' + +- name: Enable flanneld + sudo: true + service: + name: flanneld + state: started + enabled: yes + register: start_result + +- name: Remove docker bridge ip + sudo: true + shell: ip a del `ip a show docker0 | grep inet | awk '{print $2}'` dev docker0 + notify: + - restart docker + - restart node diff --git a/roles/flannel_register/README.md b/roles/flannel_register/README.md new file mode 100644 index 000000000..a11c8fe53 --- /dev/null +++ b/roles/flannel_register/README.md @@ -0,0 +1,37 @@ +Role Name +========= + +Register flannel configuration into etcd + +Requirements +------------ + +This role assumes it's being deployed on a RHEL/Fedora based host with package +named 'flannel' available via yum, in version superior to 0.3. + +Role Variables +-------------- + +TODO + +Dependencies +------------ + +openshift_facts + +Example Playbook +---------------- + + - hosts: openshift_master + roles: + - { flannel_register } + +License +------- + +Apache License, Version 2.0 + +Author Information +------------------ + +Sylvain Baubeau diff --git a/roles/flannel_register/defaults/main.yaml b/roles/flannel_register/defaults/main.yaml new file mode 100644 index 000000000..b7262b40f --- /dev/null +++ b/roles/flannel_register/defaults/main.yaml @@ -0,0 +1,11 @@ +--- +flannel_network: "{{ openshift.master.portal_net | default('172.16.1.1/16') }}" +flannel_min_network: "{{ min_network | default('172.16.5.0') }}" +flannel_subnet_len: "{{ subnet_len | default(24) }}" +flannel_etcd_key: /openshift.com/network +etcd_hosts: "{{ etcd_urls }}" +etcd_conf_dir: "{{ openshift.common.config_base }}/master" +etcd_peer_ca_file: "{{ etcd_conf_dir }}/ca.crt" +etcd_peer_cert_file: "{{ etcd_conf_dir }}/master.etcd-client.crt" +etcd_peer_key_file: "{{ etcd_conf_dir }}/master.etcd-client.key" + diff --git a/roles/flannel_register/meta/main.yml b/roles/flannel_register/meta/main.yml new file mode 100644 index 000000000..a64934b3c --- /dev/null +++ b/roles/flannel_register/meta/main.yml @@ -0,0 +1,16 @@ +--- +galaxy_info: + author: Sylvain + description: etcd management + company: Red Hat, Inc. + license: Apache License, Version 2.0 + min_ansible_version: 1.2 + platforms: + - name: EL + versions: + - 7 + categories: + - cloud + - system +dependencies: +- { role: openshift_facts } diff --git a/roles/flannel_register/tasks/main.yml b/roles/flannel_register/tasks/main.yml new file mode 100644 index 000000000..c58c74d34 --- /dev/null +++ b/roles/flannel_register/tasks/main.yml @@ -0,0 +1,14 @@ +--- +- name: Assures /etc/flannel dir exists + sudo: true + file: path=/etc/flannel state=directory + +- name: Generate etcd configuration for etcd + sudo: true + template: + src: "flannel-config.json" + dest: "/etc/flannel/config.json" + +- name: Insert flannel configuration into etcd + sudo: true + shell: 'curl -L --cacert "{{ etcd_peer_ca_file }}" --cert "{{ etcd_peer_cert_file }}" --key "{{ etcd_peer_key_file }}" "{{ etcd_hosts[0] }}/v2/keys{{ flannel_etcd_key }}/config" -XPUT --data-urlencode value@/etc/flannel/config.json' diff --git a/roles/flannel_register/templates/flannel-config.json b/roles/flannel_register/templates/flannel-config.json new file mode 100644 index 000000000..89ce4c30b --- /dev/null +++ b/roles/flannel_register/templates/flannel-config.json @@ -0,0 +1,8 @@ +{ + "Network": "{{ flannel_network }}", + "SubnetLen": {{ flannel_subnet_len }}, + "SubnetMin": "{{ flannel_min_network }}", + "Backend": { + "Type": "host-gw" + } +} diff --git a/roles/openshift_common/tasks/main.yml b/roles/openshift_common/tasks/main.yml index 73bd28630..64afc5081 100644 --- a/roles/openshift_common/tasks/main.yml +++ b/roles/openshift_common/tasks/main.yml @@ -13,6 +13,7 @@ sdn_network_plugin_name: "{{ os_sdn_network_plugin_name | default(None) }}" deployment_type: "{{ openshift_deployment_type }}" use_fluentd: "{{ openshift_use_fluentd | default(None) }}" + use_flannel: "{{ openshift_use_flannel | default(None) }}" - name: Set hostname hostname: name={{ openshift.common.hostname }} diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index 67994d11d..850dc8a69 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -306,6 +306,23 @@ def set_fluentd_facts_if_unset(facts): facts['common']['use_fluentd'] = use_fluentd return facts +def set_flannel_facts_if_unset(facts): + """ Set flannel facts if not already present in facts dict + dict: the facts dict updated with the flannel facts if + missing + Args: + facts (dict): existing facts + Returns: + dict: the facts dict updated with the flannel + facts if they were not already present + + """ + if 'common' in facts: + if 'use_flannel' not in facts['common']: + use_flannel = False + facts['common']['use_flannel'] = use_flannel + return facts + def set_node_schedulability(facts): """ Set schedulable facts if not already present in facts dict Args: @@ -845,6 +862,7 @@ class OpenShiftFacts(object): facts = set_url_facts_if_unset(facts) facts = set_project_cfg_facts_if_unset(facts) facts = set_fluentd_facts_if_unset(facts) + facts = set_flannel_facts_if_unset(facts) facts = set_node_schedulability(facts) facts = set_master_selectors(facts) facts = set_metrics_facts_if_unset(facts) diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 94eb73346..da20d4f96 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -14,7 +14,10 @@ - name: Set master facts openshift_facts: - role: master + role: "{{ item.role }}" + local_facts: "{{ item.local_facts }}" + with_items: + - role: master local_facts: cluster_hostname: "{{ openshift_master_cluster_hostname | default(None) }}" cluster_public_hostname: "{{ openshift_master_cluster_public_hostname | default(None) }}" @@ -62,6 +65,12 @@ api_server_args: "{{ osm_api_server_args | default(None) }}" controller_args: "{{ osm_controller_args | default(None) }}" infra_nodes: "{{ num_infra | default(None) }}" + - role: common + local_facts: + hostname: "{{ openshift_hostname | default(none) }}" + public_hostname: "{{ openshift_public_hostname | default(none) }}" + deployment_type: "{{ openshift_deployment_type }}" + use_flannel: "{{ openshift_use_flannel | default(None) }}" - name: Install Master package yum: pkg={{ openshift.common.service_type }}-master{{ openshift_version }} state=present diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index 98271c8b3..cb92a8d4e 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -20,6 +20,7 @@ hostname: "{{ openshift_hostname | default(none) }}" public_hostname: "{{ openshift_public_hostname | default(none) }}" deployment_type: "{{ openshift_deployment_type }}" + use_flannel: "{{ openshift_use_flannel | default(None) }}" - role: node local_facts: labels: "{{ lookup('oo_option', 'openshift_node_labels') | default( openshift_node_labels | default(none), true) }}" -- cgit v1.2.3 From 68e09d87fd859d8ec41b5eef5c44b4b39e732ba2 Mon Sep 17 00:00:00 2001 From: Sylvain Baubeau Date: Thu, 15 Oct 2015 10:38:59 +0200 Subject: Ensure openshift-sdn and flannel can't be used at the same time --- roles/openshift_common/tasks/main.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/openshift_common/tasks/main.yml b/roles/openshift_common/tasks/main.yml index 64afc5081..fcc23a4f4 100644 --- a/roles/openshift_common/tasks/main.yml +++ b/roles/openshift_common/tasks/main.yml @@ -1,4 +1,8 @@ --- +- fail: + msg: Flannel can not be used with openshift sdn + when: openshift_use_openshift_sdn | bool and openshift_use_flannel | bool + - name: Set common Cluster facts openshift_facts: role: common -- cgit v1.2.3 From 4d915db61a7ebfeab72e0c649f0ea34a0281b596 Mon Sep 17 00:00:00 2001 From: Sylvain Baubeau Date: Thu, 15 Oct 2015 10:39:29 +0200 Subject: Remove multiple use_flannel fact definition --- roles/openshift_master/tasks/main.yml | 11 +---------- roles/openshift_node/tasks/main.yml | 1 - 2 files changed, 1 insertion(+), 11 deletions(-) diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index da20d4f96..94eb73346 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -14,10 +14,7 @@ - name: Set master facts openshift_facts: - role: "{{ item.role }}" - local_facts: "{{ item.local_facts }}" - with_items: - - role: master + role: master local_facts: cluster_hostname: "{{ openshift_master_cluster_hostname | default(None) }}" cluster_public_hostname: "{{ openshift_master_cluster_public_hostname | default(None) }}" @@ -65,12 +62,6 @@ api_server_args: "{{ osm_api_server_args | default(None) }}" controller_args: "{{ osm_controller_args | default(None) }}" infra_nodes: "{{ num_infra | default(None) }}" - - role: common - local_facts: - hostname: "{{ openshift_hostname | default(none) }}" - public_hostname: "{{ openshift_public_hostname | default(none) }}" - deployment_type: "{{ openshift_deployment_type }}" - use_flannel: "{{ openshift_use_flannel | default(None) }}" - name: Install Master package yum: pkg={{ openshift.common.service_type }}-master{{ openshift_version }} state=present diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index cb92a8d4e..98271c8b3 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -20,7 +20,6 @@ hostname: "{{ openshift_hostname | default(none) }}" public_hostname: "{{ openshift_public_hostname | default(none) }}" deployment_type: "{{ openshift_deployment_type }}" - use_flannel: "{{ openshift_use_flannel | default(None) }}" - role: node local_facts: labels: "{{ lookup('oo_option', 'openshift_node_labels') | default( openshift_node_labels | default(none), true) }}" -- cgit v1.2.3 From fc9392d0b6bcf80b5dafa03e5f4c2b812cb0a57c Mon Sep 17 00:00:00 2001 From: Sylvain Baubeau Date: Thu, 15 Oct 2015 10:53:15 +0200 Subject: Only remove IPv4 address from docker bridge --- roles/flannel/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/flannel/tasks/main.yml b/roles/flannel/tasks/main.yml index 8a871efb2..57e322836 100644 --- a/roles/flannel/tasks/main.yml +++ b/roles/flannel/tasks/main.yml @@ -38,7 +38,7 @@ - name: Remove docker bridge ip sudo: true - shell: ip a del `ip a show docker0 | grep inet | awk '{print $2}'` dev docker0 + shell: ip a del `ip a show docker0 | grep "inet[[:space:]]" | awk '{print $2}'` dev docker0 notify: - restart docker - restart node -- cgit v1.2.3 From 2d084a816d4af52f7cffe3ddb913e2b4555b7d23 Mon Sep 17 00:00:00 2001 From: Sylvain Baubeau Date: Thu, 15 Oct 2015 14:41:35 +0200 Subject: Add flannel modules documentation --- roles/flannel/README.md | 12 ++++++++++-- roles/flannel/meta/main.yml | 2 +- roles/flannel_register/README.md | 12 +++++++++++- roles/flannel_register/meta/main.yml | 2 +- 4 files changed, 23 insertions(+), 5 deletions(-) diff --git a/roles/flannel/README.md b/roles/flannel/README.md index 94cf15254..b8aa830ac 100644 --- a/roles/flannel/README.md +++ b/roles/flannel/README.md @@ -12,7 +12,15 @@ named 'flannel' available via yum, in version superior to 0.3. Role Variables -------------- -TODO +| Name | Default value | Description | +|---------------------|-----------------------------------------|-----------------------------------------------| +| flannel_interface | ansible_default_ipv4.interface | interface to use for inter-host communication | +| flannel_etcd_key | /openshift.com/network | etcd prefix | +| etcd_hosts | etcd_urls | a list of etcd endpoints | +| etcd_conf_dir | {{ openshift.common.config_base }}/node | SSL certificates directory | +| etcd_peer_ca_file | {{ etcd_conf_dir }}/ca.crt | SSL CA to use for etcd | +| etcd_peer_cert_file | Openshift SSL cert | SSL cert to use for etcd | +| etcd_peer_key_file | Openshift SSL key | SSL key to use for etcd | Dependencies ------------ @@ -24,7 +32,7 @@ Example Playbook - hosts: openshift_node roles: - - { flannel } + - { role: flannel, etcd_urls: ['https://127.0.0.1:2379'] } License ------- diff --git a/roles/flannel/meta/main.yml b/roles/flannel/meta/main.yml index a64934b3c..909bdbfa4 100644 --- a/roles/flannel/meta/main.yml +++ b/roles/flannel/meta/main.yml @@ -1,7 +1,7 @@ --- galaxy_info: author: Sylvain - description: etcd management + description: flannel management company: Red Hat, Inc. license: Apache License, Version 2.0 min_ansible_version: 1.2 diff --git a/roles/flannel_register/README.md b/roles/flannel_register/README.md index a11c8fe53..ba7541ab1 100644 --- a/roles/flannel_register/README.md +++ b/roles/flannel_register/README.md @@ -12,7 +12,17 @@ named 'flannel' available via yum, in version superior to 0.3. Role Variables -------------- -TODO +| Name | Default value | Description | +|---------------------|----------------------------------------------------|-------------------------------------------------| +| flannel_network | {{ openshift.master.portal_net }} or 172.16.1.1/16 | interface to use for inter-host communication | +| flannel_min_network | {{ min_network }} or 172.16.5.0 | beginning of IP range for the subnet allocation | +| flannel_subnet_len | /openshift.com/network | size of the subnet allocated to each host | +| flannel_etcd_key | /openshift.com/network | etcd prefix | +| etcd_hosts | etcd_urls | a list of etcd endpoints | +| etcd_conf_dir | {{ openshift.common.config_base }}/master | SSL certificates directory | +| etcd_peer_ca_file | {{ etcd_conf_dir }}/ca.crt | SSL CA to use for etcd | +| etcd_peer_cert_file | {{ etcd_conf_dir }}/master.etcd-client.crt | SSL cert to use for etcd | +| etcd_peer_key_file | {{ etcd_conf_dir }}/master.etcd-client.key | SSL key to use for etcd | Dependencies ------------ diff --git a/roles/flannel_register/meta/main.yml b/roles/flannel_register/meta/main.yml index a64934b3c..73bddcca4 100644 --- a/roles/flannel_register/meta/main.yml +++ b/roles/flannel_register/meta/main.yml @@ -1,7 +1,7 @@ --- galaxy_info: author: Sylvain - description: etcd management + description: register flannel configuration into etcd company: Red Hat, Inc. license: Apache License, Version 2.0 min_ansible_version: 1.2 -- cgit v1.2.3 From 4904ae9603d3a613f872e0cf2b7a84d852b73b40 Mon Sep 17 00:00:00 2001 From: Sylvain Baubeau Date: Thu, 15 Oct 2015 14:44:59 +0200 Subject: Use 'command' module instead of 'shell' --- roles/flannel_register/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/flannel_register/tasks/main.yml b/roles/flannel_register/tasks/main.yml index c58c74d34..1629157c8 100644 --- a/roles/flannel_register/tasks/main.yml +++ b/roles/flannel_register/tasks/main.yml @@ -11,4 +11,4 @@ - name: Insert flannel configuration into etcd sudo: true - shell: 'curl -L --cacert "{{ etcd_peer_ca_file }}" --cert "{{ etcd_peer_cert_file }}" --key "{{ etcd_peer_key_file }}" "{{ etcd_hosts[0] }}/v2/keys{{ flannel_etcd_key }}/config" -XPUT --data-urlencode value@/etc/flannel/config.json' + command: 'curl -L --cacert "{{ etcd_peer_ca_file }}" --cert "{{ etcd_peer_cert_file }}" --key "{{ etcd_peer_key_file }}" "{{ etcd_hosts[0] }}/v2/keys{{ flannel_etcd_key }}/config" -XPUT --data-urlencode value@/etc/flannel/config.json' -- cgit v1.2.3 From 490c50fe358a88d7ebdf3f473a2fb3131d6773c9 Mon Sep 17 00:00:00 2001 From: Sylvain Baubeau Date: Thu, 15 Oct 2015 14:50:19 +0200 Subject: Add missing 2nd true parameters to default Jinja filter --- roles/flannel_register/defaults/main.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/flannel_register/defaults/main.yaml b/roles/flannel_register/defaults/main.yaml index b7262b40f..e4b06b49b 100644 --- a/roles/flannel_register/defaults/main.yaml +++ b/roles/flannel_register/defaults/main.yaml @@ -1,7 +1,7 @@ --- -flannel_network: "{{ openshift.master.portal_net | default('172.16.1.1/16') }}" -flannel_min_network: "{{ min_network | default('172.16.5.0') }}" -flannel_subnet_len: "{{ subnet_len | default(24) }}" +flannel_network: "{{ openshift.master.portal_net | default('172.16.1.1/16', true) }}" +flannel_min_network: "{{ min_network | default('172.16.5.0', true) }}" +flannel_subnet_len: "{{ subnet_len | default(24, true) }}" flannel_etcd_key: /openshift.com/network etcd_hosts: "{{ etcd_urls }}" etcd_conf_dir: "{{ openshift.common.config_base }}/master" -- cgit v1.2.3 From bb30f53935399fee9dcaf42664fe8678dd157ee1 Mon Sep 17 00:00:00 2001 From: Sylvain Baubeau Date: Mon, 19 Oct 2015 15:50:07 +0200 Subject: Generate etcd certificats for flannel when is not embedded --- playbooks/common/openshift-node/config.yml | 70 ++++++++++++++++++++++++++++++ roles/flannel/defaults/main.yaml | 6 +-- roles/flannel_register/defaults/main.yaml | 2 +- 3 files changed, 74 insertions(+), 4 deletions(-) diff --git a/playbooks/common/openshift-node/config.yml b/playbooks/common/openshift-node/config.yml index e39e9164c..5f0f329c4 100644 --- a/playbooks/common/openshift-node/config.yml +++ b/playbooks/common/openshift-node/config.yml @@ -38,6 +38,21 @@ node_subdir: node-{{ openshift.common.hostname }} config_dir: "{{ openshift.common.config_base }}/generated-configs/node-{{ openshift.common.hostname }}" node_cert_dir: "{{ openshift.common.config_base }}/node" + - name: Check status of flannel external etcd certificates + stat: + path: "{{ openshift.common.config_base }}/node/{{ item }}" + with_items: + - node.etcd-client.crt + - node.etcd-ca.crt + register: g_external_etcd_flannel_cert_stat_result + - set_fact: + etcd_client_flannel_certs_missing: "{{ g_external_etcd_flannel_cert_stat_result.results + | map(attribute='stat.exists') + | list | intersect([false])}}" + etcd_cert_subdir: openshift-node-{{ openshift.common.hostname }} + etcd_cert_config_dir: "{{ openshift.common.config_base }}/node" + etcd_cert_prefix: node.etcd- + when: groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config - name: Create temp directory for syncing certs hosts: localhost @@ -50,6 +65,60 @@ register: mktemp changed_when: False +- name: Configure flannel etcd certificates + hosts: oo_first_etcd + vars: + etcd_generated_certs_dir: /etc/etcd/generated_certs + etcd_needing_client_certs: "{{ hostvars + | oo_select_keys(groups['oo_nodes_to_config']) + | oo_filter_list(filter_attr='etcd_client_flannel_certs_missing') }}" + sync_tmpdir: "{{ hostvars.localhost.mktemp.stdout }}" + pre_tasks: + roles: + - role: etcd_certificates + post_tasks: + - name: Create a tarball of the etcd flannel certs + command: > + tar -czvf {{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz + -C {{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }} . + args: + creates: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz" + with_items: etcd_needing_client_certs + - name: Retrieve the etcd cert tarballs + fetch: + src: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz" + dest: "{{ sync_tmpdir }}/" + flat: yes + fail_on_missing: yes + validate_checksum: yes + with_items: etcd_needing_client_certs + +- name: Copy the external etcd flannel certs to the nodes + hosts: oo_nodes_to_config + vars: + sync_tmpdir: "{{ hostvars.localhost.mktemp.stdout }}" + tasks: + - name: Ensure certificate directory exists + file: + path: "{{ openshift.common.config_base }}/node" + state: directory + when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing + - name: Unarchive the tarball on the master + unarchive: + src: "{{ sync_tmpdir }}/{{ etcd_cert_subdir }}.tgz" + dest: "{{ etcd_cert_config_dir }}" + when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing + - file: + path: "{{ etcd_cert_config_dir }}/{{ item }}" + owner: root + group: root + mode: 0600 + with_items: + - node.etcd-client.crt + - node.etcd-client.key + - node.etcd-ca.crt + when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing + - name: Create node certificates hosts: oo_first_master vars: @@ -85,6 +154,7 @@ sync_tmpdir: "{{ hostvars.localhost.mktemp.stdout }}" openshift_node_master_api_url: "{{ hostvars[groups.oo_first_master.0].openshift.master.api_url }}" etcd_urls: "{{ hostvars[groups.oo_first_master.0].openshift.master.etcd_urls }}" + embedded_etcd: "{{ hostvars[groups.oo_first_master.0].openshift.master.embedded_etcd }}" pre_tasks: - name: Ensure certificate directory exists file: diff --git a/roles/flannel/defaults/main.yaml b/roles/flannel/defaults/main.yaml index a9acab634..34cebda9c 100644 --- a/roles/flannel/defaults/main.yaml +++ b/roles/flannel/defaults/main.yaml @@ -3,6 +3,6 @@ flannel_interface: "{{ ansible_default_ipv4.interface }}" flannel_etcd_key: /openshift.com/network etcd_hosts: "{{ etcd_urls }}" etcd_conf_dir: "{{ openshift.common.config_base }}/node" -etcd_peer_ca_file: "{{ etcd_conf_dir }}/ca.crt" -etcd_peer_cert_file: "{{ etcd_conf_dir }}/system:node:{{ openshift.common.hostname }}.crt" -etcd_peer_key_file: "{{ etcd_conf_dir }}/system:node:{{ openshift.common.hostname }}.key" +etcd_peer_ca_file: "{{ etcd_conf_dir }}/{{ 'ca' if (embedded_etcd | bool) else 'node.etcd-ca' }}.crt" +etcd_peer_cert_file: "{{ etcd_conf_dir }}/{{ 'system:node:' + openshift.common.hostname if (embedded_etcd | bool) else 'node.etcd-client' }}.crt" +etcd_peer_key_file: "{{ etcd_conf_dir }}/{{ 'system:node:' + openshift.common.hostname if (embedded_etcd | bool) else 'node.etcd-client' }}.key" diff --git a/roles/flannel_register/defaults/main.yaml b/roles/flannel_register/defaults/main.yaml index e4b06b49b..7a454d1d2 100644 --- a/roles/flannel_register/defaults/main.yaml +++ b/roles/flannel_register/defaults/main.yaml @@ -5,7 +5,7 @@ flannel_subnet_len: "{{ subnet_len | default(24, true) }}" flannel_etcd_key: /openshift.com/network etcd_hosts: "{{ etcd_urls }}" etcd_conf_dir: "{{ openshift.common.config_base }}/master" -etcd_peer_ca_file: "{{ etcd_conf_dir }}/ca.crt" +etcd_peer_ca_file: "{{ etcd_conf_dir + '/ca.crt' if (openshift.master.embedded_etcd | bool) else etcd_conf_dir + '/master.etcd-ca.crt' }}" etcd_peer_cert_file: "{{ etcd_conf_dir }}/master.etcd-client.crt" etcd_peer_key_file: "{{ etcd_conf_dir }}/master.etcd-client.key" -- cgit v1.2.3 From 7e552e7ce4b6bd7dbd99a8fcaf1a6de87f8c8bee Mon Sep 17 00:00:00 2001 From: Sylvain Baubeau Date: Tue, 27 Oct 2015 16:14:02 +0100 Subject: Fix when neither use_openshift_sdn nor use_flannel are specified --- roles/openshift_common/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/openshift_common/tasks/main.yml b/roles/openshift_common/tasks/main.yml index fcc23a4f4..38d5a08e4 100644 --- a/roles/openshift_common/tasks/main.yml +++ b/roles/openshift_common/tasks/main.yml @@ -1,7 +1,7 @@ --- - fail: msg: Flannel can not be used with openshift sdn - when: openshift_use_openshift_sdn | bool and openshift_use_flannel | bool + when: openshift_use_openshift_sdn | default(false) | bool and openshift_use_flannel | default(false) | bool - name: Set common Cluster facts openshift_facts: -- cgit v1.2.3 From 4db5a237af8b826b52622e1b79017df98611ab10 Mon Sep 17 00:00:00 2001 From: Sylvain Baubeau Date: Tue, 27 Oct 2015 16:16:44 +0100 Subject: Check etcd certs exist for flannel when its support is enabled --- playbooks/common/openshift-node/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/playbooks/common/openshift-node/config.yml b/playbooks/common/openshift-node/config.yml index 5f0f329c4..ba96b4a78 100644 --- a/playbooks/common/openshift-node/config.yml +++ b/playbooks/common/openshift-node/config.yml @@ -52,7 +52,7 @@ etcd_cert_subdir: openshift-node-{{ openshift.common.hostname }} etcd_cert_config_dir: "{{ openshift.common.config_base }}/node" etcd_cert_prefix: node.etcd- - when: groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config + when: groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config and (openshift.common.use_flannel | bool) - name: Create temp directory for syncing certs hosts: localhost -- cgit v1.2.3 From b0d050eaffd99598dff73ecba04ad343172fd465 Mon Sep 17 00:00:00 2001 From: Sylvain Baubeau Date: Wed, 28 Oct 2015 14:59:30 +0100 Subject: Remove empty notify section --- roles/flannel/tasks/main.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/flannel/tasks/main.yml b/roles/flannel/tasks/main.yml index 57e322836..acfb009ec 100644 --- a/roles/flannel/tasks/main.yml +++ b/roles/flannel/tasks/main.yml @@ -18,7 +18,6 @@ backrefs: yes regexp: "^(FLANNEL_ETCD_KEY=)" line: '\1{{ flannel_etcd_key }}' - notify: - name: Set flannel options sudo: true -- cgit v1.2.3 From e7b200a24816daf05da374ccfce3a4d5db66e291 Mon Sep 17 00:00:00 2001 From: Sylvain Baubeau Date: Wed, 28 Oct 2015 15:43:05 +0100 Subject: Change flannel registration default values --- roles/flannel_register/defaults/main.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/flannel_register/defaults/main.yaml b/roles/flannel_register/defaults/main.yaml index 7a454d1d2..269d1a17c 100644 --- a/roles/flannel_register/defaults/main.yaml +++ b/roles/flannel_register/defaults/main.yaml @@ -1,7 +1,7 @@ --- -flannel_network: "{{ openshift.master.portal_net | default('172.16.1.1/16', true) }}" -flannel_min_network: "{{ min_network | default('172.16.5.0', true) }}" -flannel_subnet_len: "{{ subnet_len | default(24, true) }}" +flannel_network: "{{ openshift.master.portal_net | default('172.30.0.0/16', true) }}" +flannel_min_network: 172.30.5.0 +flannel_subnet_len: 24 flannel_etcd_key: /openshift.com/network etcd_hosts: "{{ etcd_urls }}" etcd_conf_dir: "{{ openshift.common.config_base }}/master" -- cgit v1.2.3