From 85181ea469ed5f541cbac6f73aefc134526aca8d Mon Sep 17 00:00:00 2001 From: Tomas Sedovic Date: Tue, 7 Nov 2017 14:34:03 +1100 Subject: Move the OpenStack playbooks We move them from `playbooks/provisioning/openstack` to `playbooks/openstack` to mirror `playbooks/aws`. --- .../openshift-cluster/custom_flavor_check.yaml | 9 ++ .../openshift-cluster/custom_image_check.yaml | 9 ++ .../openshift-cluster/net_vars_check.yaml | 14 +++ .../openstack/openshift-cluster/post-install.yml | 57 ++++++++++ .../openshift-cluster/post-provision-openstack.yml | 118 ++++++++++++++++++++ .../openstack/openshift-cluster/pre-install.yml | 19 ++++ .../openstack/openshift-cluster/pre_tasks.yml | 53 +++++++++ .../prepare-and-format-cinder-volume.yaml | 67 +++++++++++ .../openstack/openshift-cluster/prerequisites.yml | 123 +++++++++++++++++++++ .../openshift-cluster/provision-openstack.yml | 35 ++++++ .../openstack/openshift-cluster/provision.yaml | 4 + playbooks/openstack/openshift-cluster/roles | 1 + .../openstack/openshift-cluster/scale-up.yaml | 75 +++++++++++++ .../openstack/openshift-cluster/stack_params.yaml | 49 ++++++++ 14 files changed, 633 insertions(+) create mode 100644 playbooks/openstack/openshift-cluster/custom_flavor_check.yaml create mode 100644 playbooks/openstack/openshift-cluster/custom_image_check.yaml create mode 100644 playbooks/openstack/openshift-cluster/net_vars_check.yaml create mode 100644 playbooks/openstack/openshift-cluster/post-install.yml create mode 100644 playbooks/openstack/openshift-cluster/post-provision-openstack.yml create mode 100644 playbooks/openstack/openshift-cluster/pre-install.yml create mode 100644 playbooks/openstack/openshift-cluster/pre_tasks.yml create mode 100644 playbooks/openstack/openshift-cluster/prepare-and-format-cinder-volume.yaml create mode 100644 playbooks/openstack/openshift-cluster/prerequisites.yml create mode 100644 playbooks/openstack/openshift-cluster/provision-openstack.yml create mode 100644 playbooks/openstack/openshift-cluster/provision.yaml create mode 120000 playbooks/openstack/openshift-cluster/roles create mode 100644 playbooks/openstack/openshift-cluster/scale-up.yaml create mode 100644 playbooks/openstack/openshift-cluster/stack_params.yaml (limited to 'playbooks/openstack/openshift-cluster') diff --git a/playbooks/openstack/openshift-cluster/custom_flavor_check.yaml b/playbooks/openstack/openshift-cluster/custom_flavor_check.yaml new file mode 100644 index 000000000..e11874c28 --- /dev/null +++ b/playbooks/openstack/openshift-cluster/custom_flavor_check.yaml @@ -0,0 +1,9 @@ +--- +- name: Try to get flavor facts + os_flavor_facts: + name: "{{ flavor }}" + register: flavor_result +- name: Check that custom flavor is available + assert: + that: "flavor_result.ansible_facts.openstack_flavors" + msg: "Flavor {{ flavor }} is not available." diff --git a/playbooks/openstack/openshift-cluster/custom_image_check.yaml b/playbooks/openstack/openshift-cluster/custom_image_check.yaml new file mode 100644 index 000000000..452e1e4d8 --- /dev/null +++ b/playbooks/openstack/openshift-cluster/custom_image_check.yaml @@ -0,0 +1,9 @@ +--- +- name: Try to get image facts + os_image_facts: + image: "{{ image }}" + register: image_result +- name: Check that custom image is available + assert: + that: "image_result.ansible_facts.openstack_image" + msg: "Image {{ image }} is not available." diff --git a/playbooks/openstack/openshift-cluster/net_vars_check.yaml b/playbooks/openstack/openshift-cluster/net_vars_check.yaml new file mode 100644 index 000000000..68afde415 --- /dev/null +++ b/playbooks/openstack/openshift-cluster/net_vars_check.yaml @@ -0,0 +1,14 @@ +--- +- name: Check the provider network configuration + fail: + msg: "Flannel SDN requires a dedicated containers data network and can not work over a provider network" + when: + - openstack_provider_network_name is defined + - openstack_private_data_network_name is defined + +- name: Check the flannel network configuration + fail: + msg: "A dedicated containers data network is only supported with Flannel SDN" + when: + - openstack_private_data_network_name is defined + - not openshift_use_flannel|default(False)|bool diff --git a/playbooks/openstack/openshift-cluster/post-install.yml b/playbooks/openstack/openshift-cluster/post-install.yml new file mode 100644 index 000000000..417813e2a --- /dev/null +++ b/playbooks/openstack/openshift-cluster/post-install.yml @@ -0,0 +1,57 @@ +--- +- hosts: OSEv3 + gather_facts: False + become: True + tasks: + - name: Save iptables rules to a backup file + when: openshift_use_flannel|default(False)|bool + shell: iptables-save > /etc/sysconfig/iptables.orig-$(date +%Y%m%d%H%M%S) + +# Enable iptables service on app nodes to persist custom rules (flannel SDN) +# FIXME(bogdando) w/a https://bugzilla.redhat.com/show_bug.cgi?id=1490820 +- hosts: app + gather_facts: False + become: True + vars: + os_firewall_allow: + - service: dnsmasq tcp + port: 53/tcp + - service: dnsmasq udp + port: 53/udp + tasks: + - when: openshift_use_flannel|default(False)|bool + block: + - include_role: + name: openshift-ansible/roles/os_firewall + - include_role: + name: openshift-ansible/roles/lib_os_firewall + - name: set allow rules for dnsmasq + os_firewall_manage_iptables: + name: "{{ item.service }}" + action: add + protocol: "{{ item.port.split('/')[1] }}" + port: "{{ item.port.split('/')[0] }}" + with_items: "{{ os_firewall_allow }}" + +- hosts: OSEv3 + gather_facts: False + become: True + tasks: + - name: Apply post-install iptables hacks for Flannel SDN (the best effort) + when: openshift_use_flannel|default(False)|bool + block: + - name: set allow/masquerade rules for for flannel/docker + shell: >- + (iptables-save | grep -q custom-flannel-docker-1) || + iptables -A DOCKER -w + -p all -j ACCEPT + -m comment --comment "custom-flannel-docker-1"; + (iptables-save | grep -q custom-flannel-docker-2) || + iptables -t nat -A POSTROUTING -w + -o {{flannel_interface|default('eth1')}} + -m comment --comment "custom-flannel-docker-2" + -j MASQUERADE + + # NOTE(bogdando) the rules will not be restored, when iptables service unit is disabled & masked + - name: Persist in-memory iptables rules (w/o dynamic KUBE rules) + shell: iptables-save | grep -v KUBE > /etc/sysconfig/iptables diff --git a/playbooks/openstack/openshift-cluster/post-provision-openstack.yml b/playbooks/openstack/openshift-cluster/post-provision-openstack.yml new file mode 100644 index 000000000..e460fbf12 --- /dev/null +++ b/playbooks/openstack/openshift-cluster/post-provision-openstack.yml @@ -0,0 +1,118 @@ +--- +- hosts: cluster_hosts + name: Wait for the the nodes to come up + become: False + gather_facts: False + tasks: + - when: not openstack_use_bastion|default(False)|bool + wait_for_connection: + - when: openstack_use_bastion|default(False)|bool + delegate_to: bastion + wait_for_connection: + +- hosts: cluster_hosts + gather_facts: True + tasks: + - name: Debug hostvar + debug: + msg: "{{ hostvars[inventory_hostname] }}" + verbosity: 2 + +- name: OpenShift Pre-Requisites (part 1) + include: pre-install.yml + +- name: Assign hostnames + hosts: cluster_hosts + gather_facts: False + become: true + roles: + - role: hostnames + +- name: Subscribe DNS Host to allow for configuration below + hosts: dns + gather_facts: False + become: true + roles: + - role: subscription-manager + when: hostvars.localhost.rhsm_register|default(False) + tags: 'subscription-manager' + +- name: Determine which DNS server(s) to use for our generated records + hosts: localhost + gather_facts: False + become: False + roles: + - dns-server-detect + +- name: Build the DNS Server Views and Configure DNS Server(s) + hosts: dns + gather_facts: False + become: true + roles: + - role: dns-views + - role: infra-ansible/roles/dns-server + +- name: Build and process DNS Records + hosts: localhost + gather_facts: True + become: False + roles: + - role: dns-records + use_bastion: "{{ openstack_use_bastion|default(False)|bool }}" + - role: infra-ansible/roles/dns + +- name: Switch the stack subnet to the configured private DNS server + hosts: localhost + gather_facts: False + become: False + vars_files: + - stack_params.yaml + tasks: + - include_role: + name: openstack-stack + tasks_from: subnet_update_dns_servers + +- name: OpenShift Pre-Requisites (part 2) + hosts: OSEv3 + gather_facts: true + become: true + vars: + interface: "{{ flannel_interface|default('eth1') }}" + interface_file: /etc/sysconfig/network-scripts/ifcfg-{{ interface }} + interface_config: + DEVICE: "{{ interface }}" + TYPE: Ethernet + BOOTPROTO: dhcp + ONBOOT: 'yes' + DEFTROUTE: 'no' + PEERDNS: 'no' + pre_tasks: + - name: "Include DNS configuration to ensure proper name resolution" + lineinfile: + state: present + dest: /etc/sysconfig/network + regexp: "IP4_NAMESERVERS={{ hostvars['localhost'].private_dns_server }}" + line: "IP4_NAMESERVERS={{ hostvars['localhost'].private_dns_server }}" + - name: "Configure the flannel interface options" + when: openshift_use_flannel|default(False)|bool + block: + - file: + dest: "{{ interface_file }}" + state: touch + mode: 0644 + owner: root + group: root + - lineinfile: + state: present + dest: "{{ interface_file }}" + regexp: "{{ item.key }}=" + line: "{{ item.key }}={{ item.value }}" + with_dict: "{{ interface_config }}" + roles: + - node-network-manager + +- include: prepare-and-format-cinder-volume.yaml + when: > + prepare_and_format_registry_volume|default(False) or + (cinder_registry_volume is defined and + cinder_registry_volume.changed|default(False)) diff --git a/playbooks/openstack/openshift-cluster/pre-install.yml b/playbooks/openstack/openshift-cluster/pre-install.yml new file mode 100644 index 000000000..45e9005cc --- /dev/null +++ b/playbooks/openstack/openshift-cluster/pre-install.yml @@ -0,0 +1,19 @@ +--- +############################### +# OpenShift Pre-Requisites + +# - subscribe hosts +# - prepare docker +# - other prep (install additional packages, etc.) +# +- hosts: OSEv3 + become: true + roles: + - { role: subscription-manager, when: hostvars.localhost.rhsm_register|default(False), tags: 'subscription-manager', ansible_sudo: true } + - { role: docker, tags: 'docker' } + - { role: openshift-prep, tags: 'openshift-prep' } + +- hosts: localhost:cluster_hosts + become: False + tasks: + - include: pre_tasks.yml diff --git a/playbooks/openstack/openshift-cluster/pre_tasks.yml b/playbooks/openstack/openshift-cluster/pre_tasks.yml new file mode 100644 index 000000000..11fe2dd84 --- /dev/null +++ b/playbooks/openstack/openshift-cluster/pre_tasks.yml @@ -0,0 +1,53 @@ +--- +- name: Generate Environment ID + set_fact: + env_random_id: "{{ ansible_date_time.epoch }}" + run_once: true + delegate_to: localhost + +- name: Set default Environment ID + set_fact: + default_env_id: "openshift-{{ lookup('env','OS_USERNAME') }}-{{ env_random_id }}" + delegate_to: localhost + +- name: Setting Common Facts + set_fact: + env_id: "{{ env_id | default(default_env_id) }}" + delegate_to: localhost + +- name: Updating DNS domain to include env_id (if not empty) + set_fact: + full_dns_domain: "{{ (env_id|trim == '') | ternary(public_dns_domain, env_id + '.' + public_dns_domain) }}" + delegate_to: localhost + +- name: Set the APP domain for OpenShift use + set_fact: + openshift_app_domain: "{{ openshift_app_domain | default('apps') }}" + delegate_to: localhost + +- name: Set the default app domain for routing purposes + set_fact: + openshift_master_default_subdomain: "{{ openshift_app_domain }}.{{ full_dns_domain }}" + delegate_to: localhost + when: + - openshift_master_default_subdomain is undefined + +# Check that openshift_cluster_node_labels has regions defined for all groups +# NOTE(kpilatov): if node labels are to be enabled for more groups, +# this check needs to be modified as well +- name: Set openshift_cluster_node_labels if undefined (should not happen) + set_fact: + openshift_cluster_node_labels: {'app': {'region': 'primary'}, 'infra': {'region': 'infra'}} + when: openshift_cluster_node_labels is not defined + +- name: Set openshift_cluster_node_labels for the infra group + set_fact: + openshift_cluster_node_labels: "{{ openshift_cluster_node_labels | combine({'infra': {'region': 'infra'}}, recursive=True) }}" + +- name: Set openshift_cluster_node_labels for the app group + set_fact: + openshift_cluster_node_labels: "{{ openshift_cluster_node_labels | combine({'app': {'region': 'primary'}}, recursive=True) }}" + +- name: Set openshift_cluster_node_labels for auto-scaling app nodes + set_fact: + openshift_cluster_node_labels: "{{ openshift_cluster_node_labels | combine({'app': {'autoscaling': 'app'}}, recursive=True) }}" diff --git a/playbooks/openstack/openshift-cluster/prepare-and-format-cinder-volume.yaml b/playbooks/openstack/openshift-cluster/prepare-and-format-cinder-volume.yaml new file mode 100644 index 000000000..30e094459 --- /dev/null +++ b/playbooks/openstack/openshift-cluster/prepare-and-format-cinder-volume.yaml @@ -0,0 +1,67 @@ +--- +- hosts: localhost + gather_facts: False + become: False + tasks: + - set_fact: + cinder_volume: "{{ hostvars[groups.masters[0]].openshift_hosted_registry_storage_openstack_volumeID }}" + cinder_fs: "{{ hostvars[groups.masters[0]].openshift_hosted_registry_storage_openstack_filesystem }}" + + - name: Attach the volume to the VM + os_server_volume: + state: present + server: "{{ groups['masters'][0] }}" + volume: "{{ cinder_volume }}" + register: volume_attachment + + - set_fact: + attached_device: >- + {{ volume_attachment['attachments']|json_query("[?volume_id=='" + cinder_volume + "'].device | [0]") }} + + - delegate_to: "{{ groups['masters'][0] }}" + block: + - name: Wait for the device to appear + wait_for: path={{ attached_device }} + + - name: Create a temp directory for mounting the volume + tempfile: + prefix: cinder-volume + state: directory + register: cinder_mount_dir + + - name: Format the device + filesystem: + fstype: "{{ cinder_fs }}" + dev: "{{ attached_device }}" + + - name: Mount the device + mount: + name: "{{ cinder_mount_dir.path }}" + src: "{{ attached_device }}" + state: mounted + fstype: "{{ cinder_fs }}" + + - name: Change mode on the filesystem + file: + path: "{{ cinder_mount_dir.path }}" + state: directory + recurse: true + mode: 0777 + + - name: Unmount the device + mount: + name: "{{ cinder_mount_dir.path }}" + src: "{{ attached_device }}" + state: absent + fstype: "{{ cinder_fs }}" + + - name: Delete the temp directory + file: + name: "{{ cinder_mount_dir.path }}" + state: absent + + - name: Detach the volume from the VM + os_server_volume: + state: absent + server: "{{ groups['masters'][0] }}" + volume: "{{ cinder_volume }}" diff --git a/playbooks/openstack/openshift-cluster/prerequisites.yml b/playbooks/openstack/openshift-cluster/prerequisites.yml new file mode 100644 index 000000000..11a31411e --- /dev/null +++ b/playbooks/openstack/openshift-cluster/prerequisites.yml @@ -0,0 +1,123 @@ +--- +- hosts: localhost + tasks: + + # Sanity check of inventory variables + - include: net_vars_check.yaml + + # Check ansible + - name: Check Ansible version + assert: + that: > + (ansible_version.major == 2 and ansible_version.minor >= 3) or + (ansible_version.major > 2) + msg: "Ansible version must be at least 2.3" + + # Check shade + - name: Try to import python module shade + command: python -c "import shade" + ignore_errors: yes + register: shade_result + - name: Check if shade is installed + assert: + that: 'shade_result.rc == 0' + msg: "Python module shade is not installed" + + # Check jmespath + - name: Try to import python module shade + command: python -c "import jmespath" + ignore_errors: yes + register: jmespath_result + - name: Check if jmespath is installed + assert: + that: 'jmespath_result.rc == 0' + msg: "Python module jmespath is not installed" + + # Check python-dns + - name: Try to import python DNS module + command: python -c "import dns" + ignore_errors: yes + register: pythondns_result + - name: Check if python-dns is installed + assert: + that: 'pythondns_result.rc == 0' + msg: "Python module python-dns is not installed" + + # Check jinja2 + - name: Try to import jinja2 module + command: python -c "import jinja2" + ignore_errors: yes + register: jinja_result + - name: Check if jinja2 is installed + assert: + that: 'jinja_result.rc == 0' + msg: "Python module jinja2 is not installed" + + # Check Glance image + - name: Try to get image facts + os_image_facts: + image: "{{ openstack_default_image_name }}" + register: image_result + - name: Check that image is available + assert: + that: "image_result.ansible_facts.openstack_image" + msg: "Image {{ openstack_default_image_name }} is not available" + + # Check network name + - name: Try to get network facts + os_networks_facts: + name: "{{ openstack_external_network_name }}" + register: network_result + when: not openstack_provider_network_name|default(None) + - name: Check that network is available + assert: + that: "network_result.ansible_facts.openstack_networks" + msg: "Network {{ openstack_external_network_name }} is not available" + when: not openstack_provider_network_name|default(None) + + # Check keypair + # TODO kpilatov: there is no Ansible module for getting OS keypairs + # (os_keypair is not suitable for this) + # this method does not force python-openstackclient dependency + - name: Try to show keypair + command: > + python -c 'import shade; cloud = shade.openstack_cloud(); + exit(cloud.get_keypair("{{ openstack_ssh_public_key }}") is None)' + ignore_errors: yes + register: key_result + - name: Check that keypair is available + assert: + that: 'key_result.rc == 0' + msg: "Keypair {{ openstack_ssh_public_key }} is not available" + +# Check that custom images and flavors exist +- hosts: localhost + + # Include variables that will be used by heat + vars_files: + - stack_params.yaml + + tasks: + # Check that custom images are available + - include: custom_image_check.yaml + with_items: + - "{{ openstack_master_image }}" + - "{{ openstack_infra_image }}" + - "{{ openstack_node_image }}" + - "{{ openstack_lb_image }}" + - "{{ openstack_etcd_image }}" + - "{{ openstack_dns_image }}" + loop_control: + loop_var: image + + # Check that custom flavors are available + - include: custom_flavor_check.yaml + with_items: + - "{{ master_flavor }}" + - "{{ infra_flavor }}" + - "{{ node_flavor }}" + - "{{ lb_flavor }}" + - "{{ etcd_flavor }}" + - "{{ dns_flavor }}" + loop_control: + loop_var: flavor diff --git a/playbooks/openstack/openshift-cluster/provision-openstack.yml b/playbooks/openstack/openshift-cluster/provision-openstack.yml new file mode 100644 index 000000000..bf424676d --- /dev/null +++ b/playbooks/openstack/openshift-cluster/provision-openstack.yml @@ -0,0 +1,35 @@ +--- +- hosts: localhost + gather_facts: True + become: False + vars_files: + - stack_params.yaml + pre_tasks: + - include: pre_tasks.yml + roles: + - role: openstack-stack + - role: openstack-create-cinder-registry + when: + - cinder_hosted_registry_name is defined + - cinder_hosted_registry_size_gb is defined + - role: static_inventory + when: openstack_inventory|default('static') == 'static' + inventory_path: "{{ openstack_inventory_path|default(inventory_dir) }}" + private_ssh_key: "{{ openstack_private_ssh_key|default('') }}" + ssh_config_path: "{{ openstack_ssh_config_path|default('/tmp/ssh.config.openshift.ansible' + '.' + stack_name) }}" + ssh_user: "{{ ansible_user }}" + +- name: Refresh Server inventory or exit to apply SSH config + hosts: localhost + connection: local + become: False + gather_facts: False + tasks: + - name: Exit to apply SSH config for a bastion + meta: end_play + when: openstack_use_bastion|default(False)|bool + - name: Refresh Server inventory + meta: refresh_inventory + +- include: post-provision-openstack.yml + when: not openstack_use_bastion|default(False)|bool diff --git a/playbooks/openstack/openshift-cluster/provision.yaml b/playbooks/openstack/openshift-cluster/provision.yaml new file mode 100644 index 000000000..474c9c803 --- /dev/null +++ b/playbooks/openstack/openshift-cluster/provision.yaml @@ -0,0 +1,4 @@ +--- +- include: "prerequisites.yml" + +- include: "provision-openstack.yml" diff --git a/playbooks/openstack/openshift-cluster/roles b/playbooks/openstack/openshift-cluster/roles new file mode 120000 index 000000000..e2b799b9d --- /dev/null +++ b/playbooks/openstack/openshift-cluster/roles @@ -0,0 +1 @@ +../../../roles/ \ No newline at end of file diff --git a/playbooks/openstack/openshift-cluster/scale-up.yaml b/playbooks/openstack/openshift-cluster/scale-up.yaml new file mode 100644 index 000000000..79fc09050 --- /dev/null +++ b/playbooks/openstack/openshift-cluster/scale-up.yaml @@ -0,0 +1,75 @@ +--- +# Get the needed information about the current deployment +- hosts: masters[0] + tasks: + - name: Get number of app nodes + shell: oc get nodes -l autoscaling=app --no-headers=true | wc -l + register: oc_old_num_nodes + - name: Get names of app nodes + shell: oc get nodes -l autoscaling=app --no-headers=true | cut -f1 -d " " + register: oc_old_app_nodes + +- hosts: localhost + tasks: + # Since both number and names of app nodes are to be removed + # localhost variables for these values need to be set + - name: Store old number and names of app nodes locally (if there is an existing deployment) + when: '"masters" in groups' + register: set_fact_result + set_fact: + oc_old_num_nodes: "{{ hostvars[groups['masters'][0]]['oc_old_num_nodes'].stdout }}" + oc_old_app_nodes: "{{ hostvars[groups['masters'][0]]['oc_old_app_nodes'].stdout_lines }}" + + - name: Set default values for old app nodes (if there is no existing deployment) + when: 'set_fact_result | skipped' + set_fact: + oc_old_num_nodes: 0 + oc_old_app_nodes: [] + + # Set how many nodes are to be added (1 by default) + - name: Set how many nodes are to be added + set_fact: + increment_by: 1 + - name: Check that the number corresponds to scaling up (not down) + assert: + that: 'increment_by | int >= 1' + msg: > + FAIL: The value of increment_by must be at least 1 + (but it is {{ increment_by | int }}). + - name: Update openstack_num_nodes variable + set_fact: + openstack_num_nodes: "{{ oc_old_num_nodes | int + increment_by | int }}" + +# Run provision.yaml with higher number of nodes to create a new app-node VM +- include: provision.yaml + +# Run config.yml to perform openshift installation +# Path to openshift-ansible can be customised: +# - the value of openshift_ansible_dir has to be an absolute path +# - the path cannot contain the '/' symbol at the end + +# Creating a new deployment by the full installation +- include: "{{ openshift_ansible_dir }}/playbooks/byo/config.yml" + vars: + openshift_ansible_dir: ../../../../openshift-ansible + when: 'not groups["new_nodes"] | list' + +# Scaling up existing deployment +- include: "{{ openshift_ansible_dir }}/playbooks/byo/openshift-node/scaleup.yml" + vars: + openshift_ansible_dir: ../../../../openshift-ansible + when: 'groups["new_nodes"] | list' + +# Post-verification: Verify new number of nodes +- hosts: masters[0] + tasks: + - name: Get number of nodes + shell: oc get nodes -l autoscaling=app --no-headers=true | wc -l + register: oc_new_num_nodes + - name: Check that the actual result matches the defined value + assert: + that: 'oc_new_num_nodes.stdout | int == (hostvars["localhost"]["oc_old_num_nodes"] | int + hostvars["localhost"]["increment_by"] | int)' + msg: > + FAIL: Number of application nodes has not been increased accordingly + (it should be {{ hostvars["localhost"]["oc_old_num_nodes"] | int + hostvars["localhost"]["increment_by"] | int }} + but it is {{ oc_new_num_nodes.stdout | int }}). diff --git a/playbooks/openstack/openshift-cluster/stack_params.yaml b/playbooks/openstack/openshift-cluster/stack_params.yaml new file mode 100644 index 000000000..a4da31bfe --- /dev/null +++ b/playbooks/openstack/openshift-cluster/stack_params.yaml @@ -0,0 +1,49 @@ +--- +stack_name: "{{ env_id }}.{{ public_dns_domain }}" +dns_domain: "{{ public_dns_domain }}" +dns_nameservers: "{{ public_dns_nameservers }}" +subnet_prefix: "{{ openstack_subnet_prefix }}" +master_hostname: "{{ openstack_master_hostname | default('master') }}" +infra_hostname: "{{ openstack_infra_hostname | default('infra-node') }}" +node_hostname: "{{ openstack_node_hostname | default('app-node') }}" +lb_hostname: "{{ openstack_lb_hostname | default('lb') }}" +etcd_hostname: "{{ openstack_etcd_hostname | default('etcd') }}" +dns_hostname: "{{ openstack_dns_hostname | default('dns') }}" +ssh_public_key: "{{ openstack_ssh_public_key }}" +openstack_image: "{{ openstack_default_image_name }}" +lb_flavor: "{{ openstack_lb_flavor | default(openstack_default_flavor) }}" +etcd_flavor: "{{ openstack_etcd_flavor | default(openstack_default_flavor) }}" +master_flavor: "{{ openstack_master_flavor | default(openstack_default_flavor) }}" +node_flavor: "{{ openstack_node_flavor | default(openstack_default_flavor) }}" +infra_flavor: "{{ openstack_infra_flavor | default(openstack_default_flavor) }}" +dns_flavor: "{{ openstack_dns_flavor | default(openstack_default_flavor) }}" +openstack_master_image: "{{ openstack_master_image_name | default(openstack_default_image_name) }}" +openstack_infra_image: "{{ openstack_infra_image_name | default(openstack_default_image_name) }}" +openstack_node_image: "{{ openstack_node_image_name | default(openstack_default_image_name) }}" +openstack_lb_image: "{{ openstack_lb_image_name | default(openstack_default_image_name) }}" +openstack_etcd_image: "{{ openstack_etcd_image_name | default(openstack_default_image_name) }}" +openstack_dns_image: "{{ openstack_dns_image_name | default(openstack_default_image_name) }}" +openstack_private_network: >- + {% if openstack_provider_network_name | default(None) -%} + {{ openstack_provider_network_name }} + {%- else -%} + {{ openstack_private_network_name | default ('openshift-ansible-' + stack_name + '-net') }} + {%- endif -%} +provider_network: "{{ openstack_provider_network_name | default(None) }}" +external_network: "{{ openstack_external_network_name | default(None) }}" +num_etcd: "{{ openstack_num_etcd | default(0) }}" +num_masters: "{{ openstack_num_masters }}" +num_nodes: "{{ openstack_num_nodes }}" +num_infra: "{{ openstack_num_infra }}" +num_dns: "{{ openstack_num_dns | default(1) }}" +master_server_group_policies: "{{ openstack_master_server_group_policies | default([]) | to_yaml }}" +infra_server_group_policies: "{{ openstack_infra_server_group_policies | default([]) | to_yaml }}" +master_volume_size: "{{ docker_master_volume_size | default(docker_volume_size) }}" +infra_volume_size: "{{ docker_infra_volume_size | default(docker_volume_size) }}" +node_volume_size: "{{ docker_node_volume_size | default(docker_volume_size) }}" +etcd_volume_size: "{{ docker_etcd_volume_size | default('2') }}" +dns_volume_size: "{{ docker_dns_volume_size | default('1') }}" +lb_volume_size: "{{ docker_lb_volume_size | default('5') }}" +nodes_to_remove: "{{ openstack_nodes_to_remove | default([]) | to_yaml }}" +use_bastion: "{{ openstack_use_bastion|default(False) }}" +ui_ssh_tunnel: "{{ openshift_ui_ssh_tunnel|default(False) }}" -- cgit v1.2.3 From 8b8eeab919b76bee6a2e0ad1336bd4dbb1db1e95 Mon Sep 17 00:00:00 2001 From: Tomas Sedovic Date: Mon, 16 Oct 2017 17:35:54 +0200 Subject: Use the docker-storage-setup role --- playbooks/openstack/openshift-cluster/pre-install.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'playbooks/openstack/openshift-cluster') diff --git a/playbooks/openstack/openshift-cluster/pre-install.yml b/playbooks/openstack/openshift-cluster/pre-install.yml index 45e9005cc..c9f333b92 100644 --- a/playbooks/openstack/openshift-cluster/pre-install.yml +++ b/playbooks/openstack/openshift-cluster/pre-install.yml @@ -10,7 +10,9 @@ become: true roles: - { role: subscription-manager, when: hostvars.localhost.rhsm_register|default(False), tags: 'subscription-manager', ansible_sudo: true } - - { role: docker, tags: 'docker' } + - role: docker-storage-setup + docker_dev: /dev/vdb + tags: 'docker' - { role: openshift-prep, tags: 'openshift-prep' } - hosts: localhost:cluster_hosts -- cgit v1.2.3 From 4ed9aef6f8ed0850e70b498e780d0d8e22bc277f Mon Sep 17 00:00:00 2001 From: Tomas Sedovic Date: Mon, 23 Oct 2017 12:57:29 +0200 Subject: Add openshift_openstack role and move tasks there All the tasks that were previously in playbooks are now under `roles/openshift_openstack`. The `openshift-cluster` directory now only contains playbooks that include tasks from that role. This makes the structure much closer to that of the AWS provider. --- playbooks/openstack/README.md | 18 + playbooks/openstack/galaxy-requirements.yaml | 10 - .../openshift-cluster/custom_flavor_check.yaml | 9 - .../openshift-cluster/custom_image_check.yaml | 9 - playbooks/openstack/openshift-cluster/install.yml | 18 + .../openshift-cluster/net_vars_check.yaml | 14 - .../openstack/openshift-cluster/post-install.yml | 4 +- .../openshift-cluster/post-provision-openstack.yml | 118 --- .../openstack/openshift-cluster/pre-install.yml | 21 - .../openstack/openshift-cluster/pre_tasks.yml | 53 -- .../prepare-and-format-cinder-volume.yaml | 67 -- .../openstack/openshift-cluster/prerequisites.yml | 129 +-- .../openshift-cluster/provision-openstack.yml | 35 - .../openstack/openshift-cluster/provision.yaml | 4 - .../openstack/openshift-cluster/provision.yml | 37 + .../openshift-cluster/provision_install.yml | 9 + .../openstack/openshift-cluster/scale-up.yaml | 11 +- .../openstack/openshift-cluster/stack_params.yaml | 49 -- playbooks/openstack/sample-inventory/inventory.py | 36 +- requirements.txt | 1 + roles/common/defaults/main.yml | 6 - roles/dns-records/defaults/main.yml | 2 - roles/dns-records/tasks/main.yml | 121 --- roles/dns-server-detect/defaults/main.yml | 3 - roles/dns-server-detect/tasks/main.yml | 36 - roles/dns-views/defaults/main.yml | 4 - roles/dns-views/tasks/main.yml | 30 - roles/docker-storage-setup/defaults/main.yaml | 7 - roles/docker-storage-setup/tasks/main.yaml | 46 -- .../templates/docker-storage-setup-dm.j2 | 4 - .../templates/docker-storage-setup-overlayfs.j2 | 7 - roles/hostnames/tasks/main.yaml | 26 - roles/hostnames/test/inv | 12 - roles/hostnames/test/roles | 1 - roles/hostnames/test/test.yaml | 4 - roles/hostnames/vars/main.yaml | 2 - roles/hostnames/vars/records.yaml | 28 - roles/node-network-manager/tasks/main.yml | 22 - roles/openshift-prep/defaults/main.yml | 13 - roles/openshift-prep/tasks/main.yml | 4 - roles/openshift-prep/tasks/prerequisites.yml | 37 - roles/openshift_openstack/defaults/main.yml | 49 ++ .../tasks/check-prerequisites.yml | 109 +++ roles/openshift_openstack/tasks/cleanup.yml | 6 + .../tasks/container-storage-setup.yml | 37 + .../tasks/custom_flavor_check.yaml | 9 + .../tasks/custom_image_check.yaml | 10 + .../tasks/generate-templates.yml | 26 + roles/openshift_openstack/tasks/hostname.yml | 33 + .../openshift_openstack/tasks/net_vars_check.yaml | 14 + .../tasks/node-configuration.yml | 11 + roles/openshift_openstack/tasks/node-network.yml | 19 + roles/openshift_openstack/tasks/node-packages.yml | 15 + roles/openshift_openstack/tasks/populate-dns.yml | 5 + .../tasks/prepare-and-format-cinder-volume.yaml | 59 ++ roles/openshift_openstack/tasks/provision.yml | 30 + .../tasks/subnet_update_dns_servers.yaml | 9 + .../templates/docker-storage-setup-dm.j2 | 4 + .../templates/docker-storage-setup-overlayfs.j2 | 7 + .../templates/heat_stack.yaml.j2 | 888 +++++++++++++++++++++ .../templates/heat_stack_server.yaml.j2 | 270 +++++++ roles/openshift_openstack/templates/user_data.j2 | 13 + roles/openshift_openstack/vars/main.yml | 49 ++ roles/openstack-stack/tasks/main.yml | 1 - .../tasks/subnet_update_dns_servers.yaml | 9 - 65 files changed, 1791 insertions(+), 958 deletions(-) delete mode 100644 playbooks/openstack/galaxy-requirements.yaml delete mode 100644 playbooks/openstack/openshift-cluster/custom_flavor_check.yaml delete mode 100644 playbooks/openstack/openshift-cluster/custom_image_check.yaml create mode 100644 playbooks/openstack/openshift-cluster/install.yml delete mode 100644 playbooks/openstack/openshift-cluster/net_vars_check.yaml delete mode 100644 playbooks/openstack/openshift-cluster/post-provision-openstack.yml delete mode 100644 playbooks/openstack/openshift-cluster/pre-install.yml delete mode 100644 playbooks/openstack/openshift-cluster/pre_tasks.yml delete mode 100644 playbooks/openstack/openshift-cluster/prepare-and-format-cinder-volume.yaml delete mode 100644 playbooks/openstack/openshift-cluster/provision-openstack.yml delete mode 100644 playbooks/openstack/openshift-cluster/provision.yaml create mode 100644 playbooks/openstack/openshift-cluster/provision.yml create mode 100644 playbooks/openstack/openshift-cluster/provision_install.yml delete mode 100644 playbooks/openstack/openshift-cluster/stack_params.yaml delete mode 100644 roles/common/defaults/main.yml delete mode 100644 roles/dns-records/defaults/main.yml delete mode 100644 roles/dns-records/tasks/main.yml delete mode 100644 roles/dns-server-detect/defaults/main.yml delete mode 100644 roles/dns-server-detect/tasks/main.yml delete mode 100644 roles/dns-views/defaults/main.yml delete mode 100644 roles/dns-views/tasks/main.yml delete mode 100644 roles/docker-storage-setup/defaults/main.yaml delete mode 100644 roles/docker-storage-setup/tasks/main.yaml delete mode 100644 roles/docker-storage-setup/templates/docker-storage-setup-dm.j2 delete mode 100644 roles/docker-storage-setup/templates/docker-storage-setup-overlayfs.j2 delete mode 100644 roles/hostnames/tasks/main.yaml delete mode 100644 roles/hostnames/test/inv delete mode 120000 roles/hostnames/test/roles delete mode 100644 roles/hostnames/test/test.yaml delete mode 100644 roles/hostnames/vars/main.yaml delete mode 100644 roles/hostnames/vars/records.yaml delete mode 100644 roles/node-network-manager/tasks/main.yml delete mode 100644 roles/openshift-prep/defaults/main.yml delete mode 100644 roles/openshift-prep/tasks/main.yml delete mode 100644 roles/openshift-prep/tasks/prerequisites.yml create mode 100644 roles/openshift_openstack/defaults/main.yml create mode 100644 roles/openshift_openstack/tasks/check-prerequisites.yml create mode 100644 roles/openshift_openstack/tasks/cleanup.yml create mode 100644 roles/openshift_openstack/tasks/container-storage-setup.yml create mode 100644 roles/openshift_openstack/tasks/custom_flavor_check.yaml create mode 100644 roles/openshift_openstack/tasks/custom_image_check.yaml create mode 100644 roles/openshift_openstack/tasks/generate-templates.yml create mode 100644 roles/openshift_openstack/tasks/hostname.yml create mode 100644 roles/openshift_openstack/tasks/net_vars_check.yaml create mode 100644 roles/openshift_openstack/tasks/node-configuration.yml create mode 100644 roles/openshift_openstack/tasks/node-network.yml create mode 100644 roles/openshift_openstack/tasks/node-packages.yml create mode 100644 roles/openshift_openstack/tasks/populate-dns.yml create mode 100644 roles/openshift_openstack/tasks/prepare-and-format-cinder-volume.yaml create mode 100644 roles/openshift_openstack/tasks/provision.yml create mode 100644 roles/openshift_openstack/tasks/subnet_update_dns_servers.yaml create mode 100644 roles/openshift_openstack/templates/docker-storage-setup-dm.j2 create mode 100644 roles/openshift_openstack/templates/docker-storage-setup-overlayfs.j2 create mode 100644 roles/openshift_openstack/templates/heat_stack.yaml.j2 create mode 100644 roles/openshift_openstack/templates/heat_stack_server.yaml.j2 create mode 100644 roles/openshift_openstack/templates/user_data.j2 create mode 100644 roles/openshift_openstack/vars/main.yml delete mode 100644 roles/openstack-stack/tasks/subnet_update_dns_servers.yaml (limited to 'playbooks/openstack/openshift-cluster') diff --git a/playbooks/openstack/README.md b/playbooks/openstack/README.md index f3d5b5aa8..875004cc9 100644 --- a/playbooks/openstack/README.md +++ b/playbooks/openstack/README.md @@ -38,6 +38,19 @@ Optional: * External Neutron network with a floating IP address pool +## DNS Requirements + +OpenShift requires DNS to operate properly. OpenStack supports DNS-as-a-service +in the form of the Designate project, but the playbooks here don't support it +yet. Until we do, you will need to provide a DNS solution yourself (or in case +you are not running Designate when we do). + +If your server supports nsupdate, we will use it to add the necessary records. + +TODO(shadower): describe how to build a sample DNS server and how to configure +our playbooks for nsupdate. + + ## Installation There are four main parts to the installation: @@ -143,6 +156,8 @@ $ vi inventory/group_vars/all.yml 4. Set the `openstack_default_flavor` to the flavor you want your OpenShift VMs to use. - See `openstack flavor list` for the list of available flavors. +5. Set the `public_dns_nameservers` to the list of the IP addresses + of the DNS servers used for the **private** address resolution[1]. **NOTE**: In most OpenStack environments, you will also need to configure the forwarders for the DNS server we create. This depends on @@ -153,6 +168,9 @@ put the IP addresses into `public_dns_nameservers` in `inventory/group_vars/all.yml`. +[1]: Yes, the name is bad. We will fix it. + + #### OpenShift configuration The OpenShift configuration is in `inventory/group_vars/OSEv3.yml`. diff --git a/playbooks/openstack/galaxy-requirements.yaml b/playbooks/openstack/galaxy-requirements.yaml deleted file mode 100644 index 1d745dcc3..000000000 --- a/playbooks/openstack/galaxy-requirements.yaml +++ /dev/null @@ -1,10 +0,0 @@ ---- -# This is the Ansible Galaxy requirements file to pull in the correct roles - -# From 'infra-ansible' -- src: https://github.com/redhat-cop/infra-ansible - version: master - -# From 'openshift-ansible' -- src: https://github.com/openshift/openshift-ansible - version: master diff --git a/playbooks/openstack/openshift-cluster/custom_flavor_check.yaml b/playbooks/openstack/openshift-cluster/custom_flavor_check.yaml deleted file mode 100644 index e11874c28..000000000 --- a/playbooks/openstack/openshift-cluster/custom_flavor_check.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -- name: Try to get flavor facts - os_flavor_facts: - name: "{{ flavor }}" - register: flavor_result -- name: Check that custom flavor is available - assert: - that: "flavor_result.ansible_facts.openstack_flavors" - msg: "Flavor {{ flavor }} is not available." diff --git a/playbooks/openstack/openshift-cluster/custom_image_check.yaml b/playbooks/openstack/openshift-cluster/custom_image_check.yaml deleted file mode 100644 index 452e1e4d8..000000000 --- a/playbooks/openstack/openshift-cluster/custom_image_check.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -- name: Try to get image facts - os_image_facts: - image: "{{ image }}" - register: image_result -- name: Check that custom image is available - assert: - that: "image_result.ansible_facts.openstack_image" - msg: "Image {{ image }} is not available." diff --git a/playbooks/openstack/openshift-cluster/install.yml b/playbooks/openstack/openshift-cluster/install.yml new file mode 100644 index 000000000..40d4767ba --- /dev/null +++ b/playbooks/openstack/openshift-cluster/install.yml @@ -0,0 +1,18 @@ +--- +# NOTE(shadower): the AWS playbook builds an in-memory inventory of +# all the EC2 instances here. We don't need to as that's done by the +# dynamic inventory. + +# TODO(shadower): the AWS playbook sets the +# `openshift_master_cluster_hostname` and `osm_custom_cors_origins` +# values here. We do it in the OSEv3 group vars. Do we need to add +# some logic here? + +- name: normalize groups + include: ../../byo/openshift-cluster/initialize_groups.yml + +- name: run the std_include + include: ../../common/openshift-cluster/std_include.yml + +- name: run the config + include: ../../common/openshift-cluster/config.yml diff --git a/playbooks/openstack/openshift-cluster/net_vars_check.yaml b/playbooks/openstack/openshift-cluster/net_vars_check.yaml deleted file mode 100644 index 68afde415..000000000 --- a/playbooks/openstack/openshift-cluster/net_vars_check.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -- name: Check the provider network configuration - fail: - msg: "Flannel SDN requires a dedicated containers data network and can not work over a provider network" - when: - - openstack_provider_network_name is defined - - openstack_private_data_network_name is defined - -- name: Check the flannel network configuration - fail: - msg: "A dedicated containers data network is only supported with Flannel SDN" - when: - - openstack_private_data_network_name is defined - - not openshift_use_flannel|default(False)|bool diff --git a/playbooks/openstack/openshift-cluster/post-install.yml b/playbooks/openstack/openshift-cluster/post-install.yml index 417813e2a..7b1744a18 100644 --- a/playbooks/openstack/openshift-cluster/post-install.yml +++ b/playbooks/openstack/openshift-cluster/post-install.yml @@ -22,9 +22,9 @@ - when: openshift_use_flannel|default(False)|bool block: - include_role: - name: openshift-ansible/roles/os_firewall + name: os_firewall - include_role: - name: openshift-ansible/roles/lib_os_firewall + name: lib_os_firewall - name: set allow rules for dnsmasq os_firewall_manage_iptables: name: "{{ item.service }}" diff --git a/playbooks/openstack/openshift-cluster/post-provision-openstack.yml b/playbooks/openstack/openshift-cluster/post-provision-openstack.yml deleted file mode 100644 index e460fbf12..000000000 --- a/playbooks/openstack/openshift-cluster/post-provision-openstack.yml +++ /dev/null @@ -1,118 +0,0 @@ ---- -- hosts: cluster_hosts - name: Wait for the the nodes to come up - become: False - gather_facts: False - tasks: - - when: not openstack_use_bastion|default(False)|bool - wait_for_connection: - - when: openstack_use_bastion|default(False)|bool - delegate_to: bastion - wait_for_connection: - -- hosts: cluster_hosts - gather_facts: True - tasks: - - name: Debug hostvar - debug: - msg: "{{ hostvars[inventory_hostname] }}" - verbosity: 2 - -- name: OpenShift Pre-Requisites (part 1) - include: pre-install.yml - -- name: Assign hostnames - hosts: cluster_hosts - gather_facts: False - become: true - roles: - - role: hostnames - -- name: Subscribe DNS Host to allow for configuration below - hosts: dns - gather_facts: False - become: true - roles: - - role: subscription-manager - when: hostvars.localhost.rhsm_register|default(False) - tags: 'subscription-manager' - -- name: Determine which DNS server(s) to use for our generated records - hosts: localhost - gather_facts: False - become: False - roles: - - dns-server-detect - -- name: Build the DNS Server Views and Configure DNS Server(s) - hosts: dns - gather_facts: False - become: true - roles: - - role: dns-views - - role: infra-ansible/roles/dns-server - -- name: Build and process DNS Records - hosts: localhost - gather_facts: True - become: False - roles: - - role: dns-records - use_bastion: "{{ openstack_use_bastion|default(False)|bool }}" - - role: infra-ansible/roles/dns - -- name: Switch the stack subnet to the configured private DNS server - hosts: localhost - gather_facts: False - become: False - vars_files: - - stack_params.yaml - tasks: - - include_role: - name: openstack-stack - tasks_from: subnet_update_dns_servers - -- name: OpenShift Pre-Requisites (part 2) - hosts: OSEv3 - gather_facts: true - become: true - vars: - interface: "{{ flannel_interface|default('eth1') }}" - interface_file: /etc/sysconfig/network-scripts/ifcfg-{{ interface }} - interface_config: - DEVICE: "{{ interface }}" - TYPE: Ethernet - BOOTPROTO: dhcp - ONBOOT: 'yes' - DEFTROUTE: 'no' - PEERDNS: 'no' - pre_tasks: - - name: "Include DNS configuration to ensure proper name resolution" - lineinfile: - state: present - dest: /etc/sysconfig/network - regexp: "IP4_NAMESERVERS={{ hostvars['localhost'].private_dns_server }}" - line: "IP4_NAMESERVERS={{ hostvars['localhost'].private_dns_server }}" - - name: "Configure the flannel interface options" - when: openshift_use_flannel|default(False)|bool - block: - - file: - dest: "{{ interface_file }}" - state: touch - mode: 0644 - owner: root - group: root - - lineinfile: - state: present - dest: "{{ interface_file }}" - regexp: "{{ item.key }}=" - line: "{{ item.key }}={{ item.value }}" - with_dict: "{{ interface_config }}" - roles: - - node-network-manager - -- include: prepare-and-format-cinder-volume.yaml - when: > - prepare_and_format_registry_volume|default(False) or - (cinder_registry_volume is defined and - cinder_registry_volume.changed|default(False)) diff --git a/playbooks/openstack/openshift-cluster/pre-install.yml b/playbooks/openstack/openshift-cluster/pre-install.yml deleted file mode 100644 index c9f333b92..000000000 --- a/playbooks/openstack/openshift-cluster/pre-install.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -############################### -# OpenShift Pre-Requisites - -# - subscribe hosts -# - prepare docker -# - other prep (install additional packages, etc.) -# -- hosts: OSEv3 - become: true - roles: - - { role: subscription-manager, when: hostvars.localhost.rhsm_register|default(False), tags: 'subscription-manager', ansible_sudo: true } - - role: docker-storage-setup - docker_dev: /dev/vdb - tags: 'docker' - - { role: openshift-prep, tags: 'openshift-prep' } - -- hosts: localhost:cluster_hosts - become: False - tasks: - - include: pre_tasks.yml diff --git a/playbooks/openstack/openshift-cluster/pre_tasks.yml b/playbooks/openstack/openshift-cluster/pre_tasks.yml deleted file mode 100644 index 11fe2dd84..000000000 --- a/playbooks/openstack/openshift-cluster/pre_tasks.yml +++ /dev/null @@ -1,53 +0,0 @@ ---- -- name: Generate Environment ID - set_fact: - env_random_id: "{{ ansible_date_time.epoch }}" - run_once: true - delegate_to: localhost - -- name: Set default Environment ID - set_fact: - default_env_id: "openshift-{{ lookup('env','OS_USERNAME') }}-{{ env_random_id }}" - delegate_to: localhost - -- name: Setting Common Facts - set_fact: - env_id: "{{ env_id | default(default_env_id) }}" - delegate_to: localhost - -- name: Updating DNS domain to include env_id (if not empty) - set_fact: - full_dns_domain: "{{ (env_id|trim == '') | ternary(public_dns_domain, env_id + '.' + public_dns_domain) }}" - delegate_to: localhost - -- name: Set the APP domain for OpenShift use - set_fact: - openshift_app_domain: "{{ openshift_app_domain | default('apps') }}" - delegate_to: localhost - -- name: Set the default app domain for routing purposes - set_fact: - openshift_master_default_subdomain: "{{ openshift_app_domain }}.{{ full_dns_domain }}" - delegate_to: localhost - when: - - openshift_master_default_subdomain is undefined - -# Check that openshift_cluster_node_labels has regions defined for all groups -# NOTE(kpilatov): if node labels are to be enabled for more groups, -# this check needs to be modified as well -- name: Set openshift_cluster_node_labels if undefined (should not happen) - set_fact: - openshift_cluster_node_labels: {'app': {'region': 'primary'}, 'infra': {'region': 'infra'}} - when: openshift_cluster_node_labels is not defined - -- name: Set openshift_cluster_node_labels for the infra group - set_fact: - openshift_cluster_node_labels: "{{ openshift_cluster_node_labels | combine({'infra': {'region': 'infra'}}, recursive=True) }}" - -- name: Set openshift_cluster_node_labels for the app group - set_fact: - openshift_cluster_node_labels: "{{ openshift_cluster_node_labels | combine({'app': {'region': 'primary'}}, recursive=True) }}" - -- name: Set openshift_cluster_node_labels for auto-scaling app nodes - set_fact: - openshift_cluster_node_labels: "{{ openshift_cluster_node_labels | combine({'app': {'autoscaling': 'app'}}, recursive=True) }}" diff --git a/playbooks/openstack/openshift-cluster/prepare-and-format-cinder-volume.yaml b/playbooks/openstack/openshift-cluster/prepare-and-format-cinder-volume.yaml deleted file mode 100644 index 30e094459..000000000 --- a/playbooks/openstack/openshift-cluster/prepare-and-format-cinder-volume.yaml +++ /dev/null @@ -1,67 +0,0 @@ ---- -- hosts: localhost - gather_facts: False - become: False - tasks: - - set_fact: - cinder_volume: "{{ hostvars[groups.masters[0]].openshift_hosted_registry_storage_openstack_volumeID }}" - cinder_fs: "{{ hostvars[groups.masters[0]].openshift_hosted_registry_storage_openstack_filesystem }}" - - - name: Attach the volume to the VM - os_server_volume: - state: present - server: "{{ groups['masters'][0] }}" - volume: "{{ cinder_volume }}" - register: volume_attachment - - - set_fact: - attached_device: >- - {{ volume_attachment['attachments']|json_query("[?volume_id=='" + cinder_volume + "'].device | [0]") }} - - - delegate_to: "{{ groups['masters'][0] }}" - block: - - name: Wait for the device to appear - wait_for: path={{ attached_device }} - - - name: Create a temp directory for mounting the volume - tempfile: - prefix: cinder-volume - state: directory - register: cinder_mount_dir - - - name: Format the device - filesystem: - fstype: "{{ cinder_fs }}" - dev: "{{ attached_device }}" - - - name: Mount the device - mount: - name: "{{ cinder_mount_dir.path }}" - src: "{{ attached_device }}" - state: mounted - fstype: "{{ cinder_fs }}" - - - name: Change mode on the filesystem - file: - path: "{{ cinder_mount_dir.path }}" - state: directory - recurse: true - mode: 0777 - - - name: Unmount the device - mount: - name: "{{ cinder_mount_dir.path }}" - src: "{{ attached_device }}" - state: absent - fstype: "{{ cinder_fs }}" - - - name: Delete the temp directory - file: - name: "{{ cinder_mount_dir.path }}" - state: absent - - - name: Detach the volume from the VM - os_server_volume: - state: absent - server: "{{ groups['masters'][0] }}" - volume: "{{ cinder_volume }}" diff --git a/playbooks/openstack/openshift-cluster/prerequisites.yml b/playbooks/openstack/openshift-cluster/prerequisites.yml index 11a31411e..0356b37dd 100644 --- a/playbooks/openstack/openshift-cluster/prerequisites.yml +++ b/playbooks/openstack/openshift-cluster/prerequisites.yml @@ -1,123 +1,12 @@ --- - hosts: localhost tasks: - - # Sanity check of inventory variables - - include: net_vars_check.yaml - - # Check ansible - - name: Check Ansible version - assert: - that: > - (ansible_version.major == 2 and ansible_version.minor >= 3) or - (ansible_version.major > 2) - msg: "Ansible version must be at least 2.3" - - # Check shade - - name: Try to import python module shade - command: python -c "import shade" - ignore_errors: yes - register: shade_result - - name: Check if shade is installed - assert: - that: 'shade_result.rc == 0' - msg: "Python module shade is not installed" - - # Check jmespath - - name: Try to import python module shade - command: python -c "import jmespath" - ignore_errors: yes - register: jmespath_result - - name: Check if jmespath is installed - assert: - that: 'jmespath_result.rc == 0' - msg: "Python module jmespath is not installed" - - # Check python-dns - - name: Try to import python DNS module - command: python -c "import dns" - ignore_errors: yes - register: pythondns_result - - name: Check if python-dns is installed - assert: - that: 'pythondns_result.rc == 0' - msg: "Python module python-dns is not installed" - - # Check jinja2 - - name: Try to import jinja2 module - command: python -c "import jinja2" - ignore_errors: yes - register: jinja_result - - name: Check if jinja2 is installed - assert: - that: 'jinja_result.rc == 0' - msg: "Python module jinja2 is not installed" - - # Check Glance image - - name: Try to get image facts - os_image_facts: - image: "{{ openstack_default_image_name }}" - register: image_result - - name: Check that image is available - assert: - that: "image_result.ansible_facts.openstack_image" - msg: "Image {{ openstack_default_image_name }} is not available" - - # Check network name - - name: Try to get network facts - os_networks_facts: - name: "{{ openstack_external_network_name }}" - register: network_result - when: not openstack_provider_network_name|default(None) - - name: Check that network is available - assert: - that: "network_result.ansible_facts.openstack_networks" - msg: "Network {{ openstack_external_network_name }} is not available" - when: not openstack_provider_network_name|default(None) - - # Check keypair - # TODO kpilatov: there is no Ansible module for getting OS keypairs - # (os_keypair is not suitable for this) - # this method does not force python-openstackclient dependency - - name: Try to show keypair - command: > - python -c 'import shade; cloud = shade.openstack_cloud(); - exit(cloud.get_keypair("{{ openstack_ssh_public_key }}") is None)' - ignore_errors: yes - register: key_result - - name: Check that keypair is available - assert: - that: 'key_result.rc == 0' - msg: "Keypair {{ openstack_ssh_public_key }} is not available" - -# Check that custom images and flavors exist -- hosts: localhost - - # Include variables that will be used by heat - vars_files: - - stack_params.yaml - - tasks: - # Check that custom images are available - - include: custom_image_check.yaml - with_items: - - "{{ openstack_master_image }}" - - "{{ openstack_infra_image }}" - - "{{ openstack_node_image }}" - - "{{ openstack_lb_image }}" - - "{{ openstack_etcd_image }}" - - "{{ openstack_dns_image }}" - loop_control: - loop_var: image - - # Check that custom flavors are available - - include: custom_flavor_check.yaml - with_items: - - "{{ master_flavor }}" - - "{{ infra_flavor }}" - - "{{ node_flavor }}" - - "{{ lb_flavor }}" - - "{{ etcd_flavor }}" - - "{{ dns_flavor }}" - loop_control: - loop_var: flavor + - name: Check dependencies and OpenStack prerequisites + include_role: + name: openshift_openstack + tasks_from: check-prerequisites.yml + + - name: Check network configuration + include_role: + name: openshift_openstack + tasks_from: net_vars_check.yaml diff --git a/playbooks/openstack/openshift-cluster/provision-openstack.yml b/playbooks/openstack/openshift-cluster/provision-openstack.yml deleted file mode 100644 index bf424676d..000000000 --- a/playbooks/openstack/openshift-cluster/provision-openstack.yml +++ /dev/null @@ -1,35 +0,0 @@ ---- -- hosts: localhost - gather_facts: True - become: False - vars_files: - - stack_params.yaml - pre_tasks: - - include: pre_tasks.yml - roles: - - role: openstack-stack - - role: openstack-create-cinder-registry - when: - - cinder_hosted_registry_name is defined - - cinder_hosted_registry_size_gb is defined - - role: static_inventory - when: openstack_inventory|default('static') == 'static' - inventory_path: "{{ openstack_inventory_path|default(inventory_dir) }}" - private_ssh_key: "{{ openstack_private_ssh_key|default('') }}" - ssh_config_path: "{{ openstack_ssh_config_path|default('/tmp/ssh.config.openshift.ansible' + '.' + stack_name) }}" - ssh_user: "{{ ansible_user }}" - -- name: Refresh Server inventory or exit to apply SSH config - hosts: localhost - connection: local - become: False - gather_facts: False - tasks: - - name: Exit to apply SSH config for a bastion - meta: end_play - when: openstack_use_bastion|default(False)|bool - - name: Refresh Server inventory - meta: refresh_inventory - -- include: post-provision-openstack.yml - when: not openstack_use_bastion|default(False)|bool diff --git a/playbooks/openstack/openshift-cluster/provision.yaml b/playbooks/openstack/openshift-cluster/provision.yaml deleted file mode 100644 index 474c9c803..000000000 --- a/playbooks/openstack/openshift-cluster/provision.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- include: "prerequisites.yml" - -- include: "provision-openstack.yml" diff --git a/playbooks/openstack/openshift-cluster/provision.yml b/playbooks/openstack/openshift-cluster/provision.yml new file mode 100644 index 000000000..5b20d5720 --- /dev/null +++ b/playbooks/openstack/openshift-cluster/provision.yml @@ -0,0 +1,37 @@ +--- +- name: Create the OpenStack resources for cluster installation + hosts: localhost + tasks: + - name: provision cluster + include_role: + name: openshift_openstack + tasks_from: provision.yml + +# NOTE(shadower): the (internal) DNS must be functional at this point!! +# That will have happened in provision.yml if nsupdate was configured. + +# TODO(shadower): consider splitting this up so people can stop here +# and configure their DNS if they have to. + +- name: Prepare the Nodes in the cluster for installation + hosts: cluster_hosts + become: true + # NOTE: The nodes may not be up yet, don't gather facts here. + # They'll be collected after `wait_for_connection`. + gather_facts: no + tasks: + - name: Wait for the the nodes to come up + wait_for_connection: + + - name: Gather facts for the new nodes + setup: + + - name: Install dependencies + include_role: + name: openshift_openstack + tasks_from: node-packages.yml + + - name: Configure Node + include_role: + name: openshift_openstack + tasks_from: node-configuration.yml diff --git a/playbooks/openstack/openshift-cluster/provision_install.yml b/playbooks/openstack/openshift-cluster/provision_install.yml new file mode 100644 index 000000000..5d88c105f --- /dev/null +++ b/playbooks/openstack/openshift-cluster/provision_install.yml @@ -0,0 +1,9 @@ +--- +- name: Check the prerequisites for cluster provisioning in OpenStack + include: prerequisites.yml + +- name: Include the provision.yml playbook to create cluster + include: provision.yml + +- name: Include the install.yml playbook to install cluster + include: install.yml diff --git a/playbooks/openstack/openshift-cluster/scale-up.yaml b/playbooks/openstack/openshift-cluster/scale-up.yaml index 79fc09050..f99ff1349 100644 --- a/playbooks/openstack/openshift-cluster/scale-up.yaml +++ b/playbooks/openstack/openshift-cluster/scale-up.yaml @@ -41,21 +41,16 @@ openstack_num_nodes: "{{ oc_old_num_nodes | int + increment_by | int }}" # Run provision.yaml with higher number of nodes to create a new app-node VM -- include: provision.yaml +- include: provision.yml # Run config.yml to perform openshift installation -# Path to openshift-ansible can be customised: -# - the value of openshift_ansible_dir has to be an absolute path -# - the path cannot contain the '/' symbol at the end # Creating a new deployment by the full installation -- include: "{{ openshift_ansible_dir }}/playbooks/byo/config.yml" - vars: - openshift_ansible_dir: ../../../../openshift-ansible +- include: install.yml when: 'not groups["new_nodes"] | list' # Scaling up existing deployment -- include: "{{ openshift_ansible_dir }}/playbooks/byo/openshift-node/scaleup.yml" +- include: "../../byo/openshift-node/scaleup.yml" vars: openshift_ansible_dir: ../../../../openshift-ansible when: 'groups["new_nodes"] | list' diff --git a/playbooks/openstack/openshift-cluster/stack_params.yaml b/playbooks/openstack/openshift-cluster/stack_params.yaml deleted file mode 100644 index a4da31bfe..000000000 --- a/playbooks/openstack/openshift-cluster/stack_params.yaml +++ /dev/null @@ -1,49 +0,0 @@ ---- -stack_name: "{{ env_id }}.{{ public_dns_domain }}" -dns_domain: "{{ public_dns_domain }}" -dns_nameservers: "{{ public_dns_nameservers }}" -subnet_prefix: "{{ openstack_subnet_prefix }}" -master_hostname: "{{ openstack_master_hostname | default('master') }}" -infra_hostname: "{{ openstack_infra_hostname | default('infra-node') }}" -node_hostname: "{{ openstack_node_hostname | default('app-node') }}" -lb_hostname: "{{ openstack_lb_hostname | default('lb') }}" -etcd_hostname: "{{ openstack_etcd_hostname | default('etcd') }}" -dns_hostname: "{{ openstack_dns_hostname | default('dns') }}" -ssh_public_key: "{{ openstack_ssh_public_key }}" -openstack_image: "{{ openstack_default_image_name }}" -lb_flavor: "{{ openstack_lb_flavor | default(openstack_default_flavor) }}" -etcd_flavor: "{{ openstack_etcd_flavor | default(openstack_default_flavor) }}" -master_flavor: "{{ openstack_master_flavor | default(openstack_default_flavor) }}" -node_flavor: "{{ openstack_node_flavor | default(openstack_default_flavor) }}" -infra_flavor: "{{ openstack_infra_flavor | default(openstack_default_flavor) }}" -dns_flavor: "{{ openstack_dns_flavor | default(openstack_default_flavor) }}" -openstack_master_image: "{{ openstack_master_image_name | default(openstack_default_image_name) }}" -openstack_infra_image: "{{ openstack_infra_image_name | default(openstack_default_image_name) }}" -openstack_node_image: "{{ openstack_node_image_name | default(openstack_default_image_name) }}" -openstack_lb_image: "{{ openstack_lb_image_name | default(openstack_default_image_name) }}" -openstack_etcd_image: "{{ openstack_etcd_image_name | default(openstack_default_image_name) }}" -openstack_dns_image: "{{ openstack_dns_image_name | default(openstack_default_image_name) }}" -openstack_private_network: >- - {% if openstack_provider_network_name | default(None) -%} - {{ openstack_provider_network_name }} - {%- else -%} - {{ openstack_private_network_name | default ('openshift-ansible-' + stack_name + '-net') }} - {%- endif -%} -provider_network: "{{ openstack_provider_network_name | default(None) }}" -external_network: "{{ openstack_external_network_name | default(None) }}" -num_etcd: "{{ openstack_num_etcd | default(0) }}" -num_masters: "{{ openstack_num_masters }}" -num_nodes: "{{ openstack_num_nodes }}" -num_infra: "{{ openstack_num_infra }}" -num_dns: "{{ openstack_num_dns | default(1) }}" -master_server_group_policies: "{{ openstack_master_server_group_policies | default([]) | to_yaml }}" -infra_server_group_policies: "{{ openstack_infra_server_group_policies | default([]) | to_yaml }}" -master_volume_size: "{{ docker_master_volume_size | default(docker_volume_size) }}" -infra_volume_size: "{{ docker_infra_volume_size | default(docker_volume_size) }}" -node_volume_size: "{{ docker_node_volume_size | default(docker_volume_size) }}" -etcd_volume_size: "{{ docker_etcd_volume_size | default('2') }}" -dns_volume_size: "{{ docker_dns_volume_size | default('1') }}" -lb_volume_size: "{{ docker_lb_volume_size | default('5') }}" -nodes_to_remove: "{{ openstack_nodes_to_remove | default([]) | to_yaml }}" -use_bastion: "{{ openstack_use_bastion|default(False) }}" -ui_ssh_tunnel: "{{ openshift_ui_ssh_tunnel|default(False) }}" diff --git a/playbooks/openstack/sample-inventory/inventory.py b/playbooks/openstack/sample-inventory/inventory.py index 6a1b74b3d..47c56d94d 100755 --- a/playbooks/openstack/sample-inventory/inventory.py +++ b/playbooks/openstack/sample-inventory/inventory.py @@ -1,4 +1,11 @@ #!/usr/bin/env python +""" +This is an Ansible dynamic inventory for OpenStack. + +It requires your OpenStack credentials to be set in clouds.yaml or your shell +environment. + +""" from __future__ import print_function @@ -7,7 +14,8 @@ import json import shade -if __name__ == '__main__': +def build_inventory(): + '''Build the dynamic inventory.''' cloud = shade.openstack_cloud() inventory = {} @@ -39,13 +47,10 @@ if __name__ == '__main__': dns = [server.name for server in cluster_hosts if server.metadata['host-type'] == 'dns'] - lb = [server.name for server in cluster_hosts - if server.metadata['host-type'] == 'lb'] + load_balancers = [server.name for server in cluster_hosts + if server.metadata['host-type'] == 'lb'] - osev3 = list(set(nodes + etcd + lb)) - - groups = [server.metadata.group for server in cluster_hosts - if 'group' in server.metadata] + osev3 = list(set(nodes + etcd + load_balancers)) inventory['cluster_hosts'] = {'hosts': [s.name for s in cluster_hosts]} inventory['OSEv3'] = {'hosts': osev3} @@ -55,7 +60,7 @@ if __name__ == '__main__': inventory['infra_hosts'] = {'hosts': infra_hosts} inventory['app'] = {'hosts': app} inventory['dns'] = {'hosts': dns} - inventory['lb'] = {'hosts': lb} + inventory['lb'] = {'hosts': load_balancers} for server in cluster_hosts: if 'group' in server.metadata: @@ -68,21 +73,24 @@ if __name__ == '__main__': for server in cluster_hosts: ssh_ip_address = server.public_v4 or server.private_v4 - vars = { + hostvars = { 'ansible_host': ssh_ip_address } public_v4 = server.public_v4 or server.private_v4 if public_v4: - vars['public_v4'] = public_v4 + hostvars['public_v4'] = public_v4 # TODO(shadower): what about multiple networks? if server.private_v4: - vars['private_v4'] = server.private_v4 + hostvars['private_v4'] = server.private_v4 node_labels = server.metadata.get('node_labels') if node_labels: - vars['openshift_node_labels'] = node_labels + hostvars['openshift_node_labels'] = node_labels + + inventory['_meta']['hostvars'][server.name] = hostvars + return inventory - inventory['_meta']['hostvars'][server.name] = vars - print(json.dumps(inventory, indent=4, sort_keys=True)) +if __name__ == '__main__': + print(json.dumps(build_inventory(), indent=4, sort_keys=True)) diff --git a/requirements.txt b/requirements.txt index bf95b4ff9..3cdcff90e 100644 --- a/requirements.txt +++ b/requirements.txt @@ -7,4 +7,5 @@ pyOpenSSL==16.2.0 # We need to disable ruamel.yaml for now because of test failures #ruamel.yaml six==1.10.0 +shade==1.24.0 passlib==1.6.5 diff --git a/roles/common/defaults/main.yml b/roles/common/defaults/main.yml deleted file mode 100644 index 8db591374..000000000 --- a/roles/common/defaults/main.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -openshift_cluster_node_labels: - app: - region: primary - infra: - region: infra diff --git a/roles/dns-records/defaults/main.yml b/roles/dns-records/defaults/main.yml deleted file mode 100644 index 3f7fa783f..000000000 --- a/roles/dns-records/defaults/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -use_bastion: False diff --git a/roles/dns-records/tasks/main.yml b/roles/dns-records/tasks/main.yml deleted file mode 100644 index 7148b016a..000000000 --- a/roles/dns-records/tasks/main.yml +++ /dev/null @@ -1,121 +0,0 @@ ---- -- name: "Generate list of private A records" - set_fact: - private_records: "{{ private_records | default([]) + [ { 'type': 'A', 'hostname': hostvars[item]['ansible_hostname'], 'ip': hostvars[item]['private_v4'] } ] }}" - with_items: "{{ groups['cluster_hosts'] }}" - -- name: "Add wildcard records to the private A records for infrahosts" - set_fact: - private_records: "{{ private_records | default([]) + [ { 'type': 'A', 'hostname': '*.' + openshift_app_domain, 'ip': hostvars[item]['private_v4'] } ] }}" - with_items: "{{ groups['infra_hosts'] }}" - -- name: "Add public master cluster hostname records to the private A records (single master)" - set_fact: - private_records: "{{ private_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(full_dns_domain, ''))[:-1], 'ip': hostvars[groups.masters[0]].private_v4 } ] }}" - when: - - hostvars[groups.masters[0]].openshift_master_cluster_public_hostname is defined - - openstack_num_masters == 1 - -- name: "Add public master cluster hostname records to the private A records (multi-master)" - set_fact: - private_records: "{{ private_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(full_dns_domain, ''))[:-1], 'ip': hostvars[groups.lb[0]].private_v4 } ] }}" - when: - - hostvars[groups.masters[0]].openshift_master_cluster_public_hostname is defined - - openstack_num_masters > 1 - -- name: "Set the private DNS server to use the external value (if provided)" - set_fact: - nsupdate_server_private: "{{ external_nsupdate_keys['private']['server'] }}" - nsupdate_key_secret_private: "{{ external_nsupdate_keys['private']['key_secret'] }}" - nsupdate_key_algorithm_private: "{{ external_nsupdate_keys['private']['key_algorithm'] }}" - nsupdate_private_key_name: "{{ external_nsupdate_keys['private']['key_name']|default('private-' + full_dns_domain) }}" - when: - - external_nsupdate_keys is defined - - external_nsupdate_keys['private'] is defined - -- name: "Set the private DNS server to use the provisioned value" - set_fact: - nsupdate_server_private: "{{ hostvars[groups['dns'][0]].public_v4 }}" - nsupdate_key_secret_private: "{{ hostvars[groups['dns'][0]].nsupdate_keys['private-' + full_dns_domain].key_secret }}" - nsupdate_key_algorithm_private: "{{ hostvars[groups['dns'][0]].nsupdate_keys['private-' + full_dns_domain].key_algorithm }}" - when: - - nsupdate_server_private is undefined - -- name: "Generate the private Add section for DNS" - set_fact: - private_named_records: - - view: "private" - zone: "{{ full_dns_domain }}" - server: "{{ nsupdate_server_private }}" - key_name: "{{ nsupdate_private_key_name|default('private-' + full_dns_domain) }}" - key_secret: "{{ nsupdate_key_secret_private }}" - key_algorithm: "{{ nsupdate_key_algorithm_private | lower }}" - entries: "{{ private_records }}" - -- name: "Generate list of public A records" - set_fact: - public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': hostvars[item]['ansible_hostname'], 'ip': hostvars[item]['public_v4'] } ] }}" - with_items: "{{ groups['cluster_hosts'] }}" - when: hostvars[item]['public_v4'] is defined - -- name: "Add wildcard records to the public A records" - set_fact: - public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': '*.' + openshift_app_domain, 'ip': hostvars[item]['public_v4'] } ] }}" - with_items: "{{ groups['infra_hosts'] }}" - when: hostvars[item]['public_v4'] is defined - -- name: "Add public master cluster hostname records to the public A records (single master)" - set_fact: - public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(full_dns_domain, ''))[:-1], 'ip': hostvars[groups.masters[0]].public_v4 } ] }}" - when: - - hostvars[groups.masters[0]].openshift_master_cluster_public_hostname is defined - - openstack_num_masters == 1 - - not use_bastion|bool - -- name: "Add public master cluster hostname records to the public A records (single master behind a bastion)" - set_fact: - public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(full_dns_domain, ''))[:-1], 'ip': hostvars[groups.bastions[0]].public_v4 } ] }}" - when: - - hostvars[groups.masters[0]].openshift_master_cluster_public_hostname is defined - - openstack_num_masters == 1 - - use_bastion|bool - -- name: "Add public master cluster hostname records to the public A records (multi-master)" - set_fact: - public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(full_dns_domain, ''))[:-1], 'ip': hostvars[groups.lb[0]].public_v4 } ] }}" - when: - - hostvars[groups.masters[0]].openshift_master_cluster_public_hostname is defined - - openstack_num_masters > 1 - -- name: "Set the public DNS server details to use the external value (if provided)" - set_fact: - nsupdate_server_public: "{{ external_nsupdate_keys['public']['server'] }}" - nsupdate_key_secret_public: "{{ external_nsupdate_keys['public']['key_secret'] }}" - nsupdate_key_algorithm_public: "{{ external_nsupdate_keys['public']['key_algorithm'] }}" - nsupdate_public_key_name: "{{ external_nsupdate_keys['public']['key_name']|default('public-' + full_dns_domain) }}" - when: - - external_nsupdate_keys is defined - - external_nsupdate_keys['public'] is defined - -- name: "Set the public DNS server details to use the provisioned value" - set_fact: - nsupdate_server_public: "{{ hostvars[groups['dns'][0]].public_v4 }}" - nsupdate_key_secret_public: "{{ hostvars[groups['dns'][0]].nsupdate_keys['public-' + full_dns_domain].key_secret }}" - nsupdate_key_algorithm_public: "{{ hostvars[groups['dns'][0]].nsupdate_keys['public-' + full_dns_domain].key_algorithm }}" - when: - - nsupdate_server_public is undefined - -- name: "Generate the public Add section for DNS" - set_fact: - public_named_records: - - view: "public" - zone: "{{ full_dns_domain }}" - server: "{{ nsupdate_server_public }}" - key_name: "{{ nsupdate_public_key_name|default('public-' + full_dns_domain) }}" - key_secret: "{{ nsupdate_key_secret_public }}" - key_algorithm: "{{ nsupdate_key_algorithm_public | lower }}" - entries: "{{ public_records }}" - -- name: "Generate the final dns_records_add" - set_fact: - dns_records_add: "{{ private_named_records + public_named_records }}" diff --git a/roles/dns-server-detect/defaults/main.yml b/roles/dns-server-detect/defaults/main.yml deleted file mode 100644 index 58bd861cd..000000000 --- a/roles/dns-server-detect/defaults/main.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- - -external_nsupdate_keys: {} diff --git a/roles/dns-server-detect/tasks/main.yml b/roles/dns-server-detect/tasks/main.yml deleted file mode 100644 index cd775814f..000000000 --- a/roles/dns-server-detect/tasks/main.yml +++ /dev/null @@ -1,36 +0,0 @@ ---- -- fail: - msg: 'Missing required private DNS server(s)' - when: - - external_nsupdate_keys['private'] is undefined - - hostvars[groups['dns'][0]] is undefined - -- fail: - msg: 'Missing required public DNS server(s)' - when: - - external_nsupdate_keys['public'] is undefined - - hostvars[groups['dns'][0]] is undefined - -- name: "Set the private DNS server to use the external value (if provided)" - set_fact: - private_dns_server: "{{ external_nsupdate_keys['private']['server'] }}" - when: - - external_nsupdate_keys['private'] is defined - -- name: "Set the private DNS server to use the provisioned value" - set_fact: - private_dns_server: "{{ hostvars[groups['dns'][0]].private_v4 }}" - when: - - private_dns_server is undefined - -- name: "Set the public DNS server to use the external value (if provided)" - set_fact: - public_dns_server: "{{ external_nsupdate_keys['public']['server'] }}" - when: - - external_nsupdate_keys['public'] is defined - -- name: "Set the public DNS server to use the provisioned value" - set_fact: - public_dns_server: "{{ hostvars[groups['dns'][0]].public_v4 }}" - when: - - public_dns_server is undefined diff --git a/roles/dns-views/defaults/main.yml b/roles/dns-views/defaults/main.yml deleted file mode 100644 index c9f8248af..000000000 --- a/roles/dns-views/defaults/main.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -external_nsupdate_keys: {} -named_private_recursion: 'yes' -named_public_recursion: 'no' diff --git a/roles/dns-views/tasks/main.yml b/roles/dns-views/tasks/main.yml deleted file mode 100644 index ffbad2e3f..000000000 --- a/roles/dns-views/tasks/main.yml +++ /dev/null @@ -1,30 +0,0 @@ ---- -- name: "Generate ACL list for DNS server" - set_fact: - acl_list: "{{ acl_list | default([]) + [ (hostvars[item]['private_v4'] + '/32') ] }}" - with_items: "{{ groups['cluster_hosts'] }}" - -- name: "Generate the private view" - set_fact: - private_named_view: - - name: "private" - recursion: "{{ named_private_recursion }}" - acl_entry: "{{ acl_list }}" - zone: - - dns_domain: "{{ full_dns_domain }}" - forwarder: "{{ public_dns_nameservers }}" - when: external_nsupdate_keys['private'] is undefined - -- name: "Generate the public view" - set_fact: - public_named_view: - - name: "public" - recursion: "{{ named_public_recursion }}" - zone: - - dns_domain: "{{ full_dns_domain }}" - forwarder: "{{ public_dns_nameservers }}" - when: external_nsupdate_keys['public'] is undefined - -- name: "Generate the final named_config_views" - set_fact: - named_config_views: "{{ private_named_view|default([]) + public_named_view|default([]) }}" diff --git a/roles/docker-storage-setup/defaults/main.yaml b/roles/docker-storage-setup/defaults/main.yaml deleted file mode 100644 index 062f543ad..000000000 --- a/roles/docker-storage-setup/defaults/main.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -docker_dev: "/dev/sdb" -docker_vg: "docker-vol" -docker_data_size: "95%VG" -docker_dm_basesize: "3G" -container_root_lv_name: "dockerlv" -container_root_lv_mount_path: "/var/lib/docker" diff --git a/roles/docker-storage-setup/tasks/main.yaml b/roles/docker-storage-setup/tasks/main.yaml deleted file mode 100644 index 8606eeba4..000000000 --- a/roles/docker-storage-setup/tasks/main.yaml +++ /dev/null @@ -1,46 +0,0 @@ ---- -- name: stop docker - service: name=docker state=stopped - -- block: - - name: create the docker-storage config file - template: - src: "{{ role_path }}/templates/docker-storage-setup-overlayfs.j2" - dest: /etc/sysconfig/docker-storage-setup - owner: root - group: root - mode: 0644 - when: - - ansible_distribution_version | version_compare('7.4', '>=') - - ansible_distribution == "RedHat" - -- block: - - name: create the docker-storage-setup config file - template: - src: "{{ role_path }}/templates/docker-storage-setup-dm.j2" - dest: /etc/sysconfig/docker-storage-setup - owner: root - group: root - mode: 0644 - when: - - ansible_distribution_version | version_compare('7.4', '<') - - ansible_distribution == "RedHat" - -- block: - - name: create the docker-storage-setup config file for CentOS - template: - src: "{{ role_path }}/templates/docker-storage-setup-dm.j2" - dest: /etc/sysconfig/docker-storage-setup - owner: root - group: root - mode: 0644 - - # TODO(shadower): Find out which CentOS version supports overlayfs2 - when: - - ansible_distribution == "CentOS" - -- name: Install Docker - package: name=docker state=present - -- name: start docker - service: name=docker state=restarted enabled=true diff --git a/roles/docker-storage-setup/templates/docker-storage-setup-dm.j2 b/roles/docker-storage-setup/templates/docker-storage-setup-dm.j2 deleted file mode 100644 index b5869feff..000000000 --- a/roles/docker-storage-setup/templates/docker-storage-setup-dm.j2 +++ /dev/null @@ -1,4 +0,0 @@ -DEVS="{{ docker_dev }}" -VG="{{ docker_vg }}" -DATA_SIZE="{{ docker_data_size }}" -EXTRA_DOCKER_STORAGE_OPTIONS="--storage-opt dm.basesize={{ docker_dm_basesize }}" diff --git a/roles/docker-storage-setup/templates/docker-storage-setup-overlayfs.j2 b/roles/docker-storage-setup/templates/docker-storage-setup-overlayfs.j2 deleted file mode 100644 index d8b4a0276..000000000 --- a/roles/docker-storage-setup/templates/docker-storage-setup-overlayfs.j2 +++ /dev/null @@ -1,7 +0,0 @@ -DEVS="{{ docker_dev }}" -VG="{{ docker_vg }}" -DATA_SIZE="{{ docker_data_size }}" -STORAGE_DRIVER=overlay2 -CONTAINER_ROOT_LV_NAME="{{ container_root_lv_name }}" -CONTAINER_ROOT_LV_MOUNT_PATH="{{ container_root_lv_mount_path }}" -CONTAINER_ROOT_LV_SIZE=100%FREE diff --git a/roles/hostnames/tasks/main.yaml b/roles/hostnames/tasks/main.yaml deleted file mode 100644 index c49852210..000000000 --- a/roles/hostnames/tasks/main.yaml +++ /dev/null @@ -1,26 +0,0 @@ ---- -- name: Setting Hostname Fact - set_fact: - new_hostname: "{{ custom_hostname | default(inventory_hostname_short) }}" - -- name: Setting FQDN Fact - set_fact: - new_fqdn: "{{ new_hostname }}.{{ full_dns_domain }}" - -- name: Setting hostname and DNS domain - hostname: name="{{ new_fqdn }}" - -- name: Check for cloud.cfg - stat: path=/etc/cloud/cloud.cfg - register: cloud_cfg - -- name: Prevent cloud-init updates of hostname/fqdn (if applicable) - lineinfile: - dest: /etc/cloud/cloud.cfg - state: present - regexp: "{{ item.regexp }}" - line: "{{ item.line }}" - with_items: - - { regexp: '^ - set_hostname', line: '# - set_hostname' } - - { regexp: '^ - update_hostname', line: '# - update_hostname' } - when: cloud_cfg.stat.exists == True diff --git a/roles/hostnames/test/inv b/roles/hostnames/test/inv deleted file mode 100644 index ffbe6e03d..000000000 --- a/roles/hostnames/test/inv +++ /dev/null @@ -1,12 +0,0 @@ -[all:vars] -dns_domain=example.com - -[openshift_masters] -192.168.124.41 dns_private_ip=1.1.1.41 dns_public_ip=192.168.124.41 -192.168.124.117 dns_private_ip=1.1.1.117 dns_public_ip=192.168.124.117 - -[openshift_nodes] -192.168.124.40 dns_private_ip=1.1.1.40 dns_public_ip=192.168.124.40 - -#[dns] -#192.168.124.117 dns_private_ip=1.1.1.117 diff --git a/roles/hostnames/test/roles b/roles/hostnames/test/roles deleted file mode 120000 index e2b799b9d..000000000 --- a/roles/hostnames/test/roles +++ /dev/null @@ -1 +0,0 @@ -../../../roles/ \ No newline at end of file diff --git a/roles/hostnames/test/test.yaml b/roles/hostnames/test/test.yaml deleted file mode 100644 index 0c56aea51..000000000 --- a/roles/hostnames/test/test.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- hosts: all - roles: - - role: hostnames diff --git a/roles/hostnames/vars/main.yaml b/roles/hostnames/vars/main.yaml deleted file mode 100644 index 3eecb8dc4..000000000 --- a/roles/hostnames/vars/main.yaml +++ /dev/null @@ -1,2 +0,0 @@ ---- -counter: 1 diff --git a/roles/hostnames/vars/records.yaml b/roles/hostnames/vars/records.yaml deleted file mode 100644 index 0cadc8181..000000000 --- a/roles/hostnames/vars/records.yaml +++ /dev/null @@ -1,28 +0,0 @@ ---- -- name: "Building Records" - set_fact: - dns_records_add: - - view: private - zone: example.com - entries: - - type: A - hostname: master1.example.com - ip: 172.16.15.94 - - type: A - hostname: node1.example.com - ip: 172.16.15.86 - - type: A - hostname: node2.example.com - ip: 172.16.15.87 - - view: public - zone: example.com - entries: - - type: A - hostname: master1.example.com - ip: 10.3.10.116 - - type: A - hostname: node1.example.com - ip: 10.3.11.46 - - type: A - hostname: node2.example.com - ip: 10.3.12.6 diff --git a/roles/node-network-manager/tasks/main.yml b/roles/node-network-manager/tasks/main.yml deleted file mode 100644 index 6a17855e7..000000000 --- a/roles/node-network-manager/tasks/main.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -- name: install NetworkManager - package: - name: NetworkManager - state: present - -- name: configure NetworkManager - lineinfile: - dest: "/etc/sysconfig/network-scripts/ifcfg-{{ ansible_default_ipv4['interface'] }}" - regexp: '^{{ item }}=' - line: '{{ item }}=yes' - state: present - create: yes - with_items: - - 'USE_PEERDNS' - - 'NM_CONTROLLED' - -- name: enable and start NetworkManager - service: - name: NetworkManager - state: restarted - enabled: yes diff --git a/roles/openshift-prep/defaults/main.yml b/roles/openshift-prep/defaults/main.yml deleted file mode 100644 index c8c9a00c0..000000000 --- a/roles/openshift-prep/defaults/main.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- -# Defines either to install required packages and update all -manage_packages: true -install_debug_packages: false -required_packages: - - wget - - git - - net-tools - - bind-utils - - bridge-utils -debug_packages: - - bash-completion - - vim-enhanced diff --git a/roles/openshift-prep/tasks/main.yml b/roles/openshift-prep/tasks/main.yml deleted file mode 100644 index 5e484e75f..000000000 --- a/roles/openshift-prep/tasks/main.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -# Starting Point for OpenShift Installation and Configuration -- include: prerequisites.yml - tags: [prerequisites] diff --git a/roles/openshift-prep/tasks/prerequisites.yml b/roles/openshift-prep/tasks/prerequisites.yml deleted file mode 100644 index b7601aa48..000000000 --- a/roles/openshift-prep/tasks/prerequisites.yml +++ /dev/null @@ -1,37 +0,0 @@ ---- -- name: "Cleaning yum repositories" - command: "yum clean all" - -- name: "Install required packages" - yum: - name: "{{ item }}" - state: latest - with_items: "{{ required_packages }}" - when: manage_packages|bool - -- name: "Install debug packages (optional)" - yum: - name: "{{ item }}" - state: latest - with_items: "{{ debug_packages }}" - when: install_debug_packages|bool - -- name: "Update all packages (this can take a very long time)" - yum: - name: '*' - state: latest - when: manage_packages|bool - -- name: "Verify hostname" - shell: hostnamectl status | awk "/Static hostname/"'{ print $3 }' - register: hostname_fqdn - -- name: "Set hostname if required" - hostname: - name: "{{ ansible_fqdn }}" - when: hostname_fqdn.stdout != ansible_fqdn - -- name: "Verify SELinux is enforcing" - fail: - msg: "SELinux is required for OpenShift and has been detected as '{{ ansible_selinux.config_mode }}'" - when: ansible_selinux.config_mode != "enforcing" diff --git a/roles/openshift_openstack/defaults/main.yml b/roles/openshift_openstack/defaults/main.yml new file mode 100644 index 000000000..05f1c0911 --- /dev/null +++ b/roles/openshift_openstack/defaults/main.yml @@ -0,0 +1,49 @@ +--- + +stack_state: 'present' + +ssh_ingress_cidr: 0.0.0.0/0 +node_ingress_cidr: 0.0.0.0/0 +master_ingress_cidr: 0.0.0.0/0 +lb_ingress_cidr: 0.0.0.0/0 +bastion_ingress_cidr: 0.0.0.0/0 +num_etcd: 0 +num_masters: 1 +num_nodes: 1 +num_dns: 1 +num_infra: 1 +nodes_to_remove: [] +etcd_volume_size: 2 +dns_volume_size: 1 +lb_volume_size: 5 +use_bastion: False +ui_ssh_tunnel: False +provider_network: False + + +openshift_cluster_node_labels: + app: + region: primary + infra: + region: infra + +install_debug_packages: false +required_packages: + - docker + - NetworkManager + - wget + - git + - net-tools + - bind-utils + - bridge-utils +debug_packages: + - bash-completion + - vim-enhanced + +# container-storage-setup +docker_dev: "/dev/sdb" +docker_vg: "docker-vol" +docker_data_size: "95%VG" +docker_dm_basesize: "3G" +container_root_lv_name: "dockerlv" +container_root_lv_mount_path: "/var/lib/docker" diff --git a/roles/openshift_openstack/tasks/check-prerequisites.yml b/roles/openshift_openstack/tasks/check-prerequisites.yml new file mode 100644 index 000000000..4d7cfbf11 --- /dev/null +++ b/roles/openshift_openstack/tasks/check-prerequisites.yml @@ -0,0 +1,109 @@ +--- +# Check ansible +- name: Check Ansible version + assert: + that: > + (ansible_version.major == 2 and ansible_version.minor >= 3) or + (ansible_version.major > 2) + msg: "Ansible version must be at least 2.3" + +# Check shade +- name: Try to import python module shade + command: python -c "import shade" + ignore_errors: yes + register: shade_result +- name: Check if shade is installed + assert: + that: 'shade_result.rc == 0' + msg: "Python module shade is not installed" + +# Check jmespath +- name: Try to import python module shade + command: python -c "import jmespath" + ignore_errors: yes + register: jmespath_result +- name: Check if jmespath is installed + assert: + that: 'jmespath_result.rc == 0' + msg: "Python module jmespath is not installed" + +# Check python-dns +- name: Try to import python DNS module + command: python -c "import dns" + ignore_errors: yes + register: pythondns_result +- name: Check if python-dns is installed + assert: + that: 'pythondns_result.rc == 0' + msg: "Python module python-dns is not installed" + +# Check jinja2 +- name: Try to import jinja2 module + command: python -c "import jinja2" + ignore_errors: yes + register: jinja_result +- name: Check if jinja2 is installed + assert: + that: 'jinja_result.rc == 0' + msg: "Python module jinja2 is not installed" + +# Check Glance image +- name: Try to get image facts + os_image_facts: + image: "{{ openstack_default_image_name }}" + register: image_result +- name: Check that image is available + assert: + that: "image_result.ansible_facts.openstack_image" + msg: "Image {{ openstack_default_image_name }} is not available" + +# Check network name +- name: Try to get network facts + os_networks_facts: + name: "{{ openstack_external_network_name }}" + register: network_result + when: not openstack_provider_network_name|default(None) +- name: Check that network is available + assert: + that: "network_result.ansible_facts.openstack_networks" + msg: "Network {{ openstack_external_network_name }} is not available" + when: not openstack_provider_network_name|default(None) + +# Check keypair +# TODO kpilatov: there is no Ansible module for getting OS keypairs +# (os_keypair is not suitable for this) +# this method does not force python-openstackclient dependency +- name: Try to show keypair + command: > + python -c 'import shade; cloud = shade.openstack_cloud(); + exit(cloud.get_keypair("{{ openstack_ssh_public_key }}") is None)' + ignore_errors: yes + register: key_result +- name: Check that keypair is available + assert: + that: 'key_result.rc == 0' + msg: "Keypair {{ openstack_ssh_public_key }} is not available" + +# Check that custom images are available +- include: custom_image_check.yaml + with_items: + - "{{ openstack_master_image }}" + - "{{ openstack_infra_image }}" + - "{{ openstack_node_image }}" + - "{{ openstack_lb_image }}" + - "{{ openstack_etcd_image }}" + - "{{ openstack_dns_image }}" + loop_control: + loop_var: image + +# Check that custom flavors are available +- include: custom_flavor_check.yaml + with_items: + - "{{ master_flavor }}" + - "{{ infra_flavor }}" + - "{{ node_flavor }}" + - "{{ lb_flavor }}" + - "{{ etcd_flavor }}" + - "{{ dns_flavor }}" + loop_control: + loop_var: flavor diff --git a/roles/openshift_openstack/tasks/cleanup.yml b/roles/openshift_openstack/tasks/cleanup.yml new file mode 100644 index 000000000..258334a6b --- /dev/null +++ b/roles/openshift_openstack/tasks/cleanup.yml @@ -0,0 +1,6 @@ +--- + +- name: cleanup temp files + file: + path: "{{ stack_template_pre.path }}" + state: absent diff --git a/roles/openshift_openstack/tasks/container-storage-setup.yml b/roles/openshift_openstack/tasks/container-storage-setup.yml new file mode 100644 index 000000000..5cd48ca2c --- /dev/null +++ b/roles/openshift_openstack/tasks/container-storage-setup.yml @@ -0,0 +1,37 @@ +--- +- block: + - name: create the docker-storage config file + template: + src: "{{ role_path }}/templates/docker-storage-setup-overlayfs.j2" + dest: /etc/sysconfig/docker-storage-setup + owner: root + group: root + mode: 0644 + when: + - ansible_distribution_version | version_compare('7.4', '>=') + - ansible_distribution == "RedHat" + +- block: + - name: create the docker-storage-setup config file + template: + src: "{{ role_path }}/templates/docker-storage-setup-dm.j2" + dest: /etc/sysconfig/docker-storage-setup + owner: root + group: root + mode: 0644 + when: + - ansible_distribution_version | version_compare('7.4', '<') + - ansible_distribution == "RedHat" + +- block: + - name: create the docker-storage-setup config file for CentOS + template: + src: "{{ role_path }}/templates/docker-storage-setup-dm.j2" + dest: /etc/sysconfig/docker-storage-setup + owner: root + group: root + mode: 0644 + + # TODO(shadower): Find out which CentOS version supports overlayfs2 + when: + - ansible_distribution == "CentOS" diff --git a/roles/openshift_openstack/tasks/custom_flavor_check.yaml b/roles/openshift_openstack/tasks/custom_flavor_check.yaml new file mode 100644 index 000000000..e11874c28 --- /dev/null +++ b/roles/openshift_openstack/tasks/custom_flavor_check.yaml @@ -0,0 +1,9 @@ +--- +- name: Try to get flavor facts + os_flavor_facts: + name: "{{ flavor }}" + register: flavor_result +- name: Check that custom flavor is available + assert: + that: "flavor_result.ansible_facts.openstack_flavors" + msg: "Flavor {{ flavor }} is not available." diff --git a/roles/openshift_openstack/tasks/custom_image_check.yaml b/roles/openshift_openstack/tasks/custom_image_check.yaml new file mode 100644 index 000000000..4fbd6a687 --- /dev/null +++ b/roles/openshift_openstack/tasks/custom_image_check.yaml @@ -0,0 +1,10 @@ +--- +- name: Try to get image facts + os_image_facts: + image: "{{ image }}" + register: image_result + +- name: Check that custom image is available + assert: + that: "image_result.ansible_facts.openstack_image" + msg: "Image {{ image }} is not available." diff --git a/roles/openshift_openstack/tasks/generate-templates.yml b/roles/openshift_openstack/tasks/generate-templates.yml new file mode 100644 index 000000000..0ff50a095 --- /dev/null +++ b/roles/openshift_openstack/tasks/generate-templates.yml @@ -0,0 +1,26 @@ +--- +- name: create HOT stack template prefix + register: stack_template_pre + tempfile: + state: directory + prefix: openshift-ansible + +- name: set template paths + set_fact: + stack_template_path: "{{ stack_template_pre.path }}/stack.yaml" + user_data_template_path: "{{ stack_template_pre.path }}/user-data" + +- name: generate HOT stack template from jinja2 template + template: + src: heat_stack.yaml.j2 + dest: "{{ stack_template_path }}" + +- name: generate HOT server template from jinja2 template + template: + src: heat_stack_server.yaml.j2 + dest: "{{ stack_template_pre.path }}/server.yaml" + +- name: generate user_data from jinja2 template + template: + src: user_data.j2 + dest: "{{ user_data_template_path }}" diff --git a/roles/openshift_openstack/tasks/hostname.yml b/roles/openshift_openstack/tasks/hostname.yml new file mode 100644 index 000000000..0fc8fbc4c --- /dev/null +++ b/roles/openshift_openstack/tasks/hostname.yml @@ -0,0 +1,33 @@ +--- +- name: "Verify hostname" + command: hostnamectl status --static + register: hostname_fqdn + +- name: "Set hostname if required" + when: hostname_fqdn.stdout != ansible_fqdn + block: + - name: Setting Hostname Fact + set_fact: + new_hostname: "{{ custom_hostname | default(inventory_hostname_short) }}" + + - name: Setting FQDN Fact + set_fact: + new_fqdn: "{{ new_hostname }}.{{ full_dns_domain }}" + + - name: Setting hostname and DNS domain + hostname: name="{{ new_fqdn }}" + + - name: Check for cloud.cfg + stat: path=/etc/cloud/cloud.cfg + register: cloud_cfg + + - name: Prevent cloud-init updates of hostname/fqdn (if applicable) + lineinfile: + dest: /etc/cloud/cloud.cfg + state: present + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + with_items: + - { regexp: '^ - set_hostname', line: '# - set_hostname' } + - { regexp: '^ - update_hostname', line: '# - update_hostname' } + when: cloud_cfg.stat.exists == True diff --git a/roles/openshift_openstack/tasks/net_vars_check.yaml b/roles/openshift_openstack/tasks/net_vars_check.yaml new file mode 100644 index 000000000..68afde415 --- /dev/null +++ b/roles/openshift_openstack/tasks/net_vars_check.yaml @@ -0,0 +1,14 @@ +--- +- name: Check the provider network configuration + fail: + msg: "Flannel SDN requires a dedicated containers data network and can not work over a provider network" + when: + - openstack_provider_network_name is defined + - openstack_private_data_network_name is defined + +- name: Check the flannel network configuration + fail: + msg: "A dedicated containers data network is only supported with Flannel SDN" + when: + - openstack_private_data_network_name is defined + - not openshift_use_flannel|default(False)|bool diff --git a/roles/openshift_openstack/tasks/node-configuration.yml b/roles/openshift_openstack/tasks/node-configuration.yml new file mode 100644 index 000000000..8a6a8022f --- /dev/null +++ b/roles/openshift_openstack/tasks/node-configuration.yml @@ -0,0 +1,11 @@ +--- +- include: hostname.yml + +- include: container-storage-setup.yml + +- include: node-network.yml + +- name: "Verify SELinux is enforcing" + fail: + msg: "SELinux is required for OpenShift and has been detected as '{{ ansible_selinux.config_mode }}'" + when: ansible_selinux.config_mode != "enforcing" diff --git a/roles/openshift_openstack/tasks/node-network.yml b/roles/openshift_openstack/tasks/node-network.yml new file mode 100644 index 000000000..f494e5158 --- /dev/null +++ b/roles/openshift_openstack/tasks/node-network.yml @@ -0,0 +1,19 @@ +--- +- name: configure NetworkManager + lineinfile: + dest: "/etc/sysconfig/network-scripts/ifcfg-{{ ansible_default_ipv4['interface'] }}" + regexp: '^{{ item }}=' + line: '{{ item }}=yes' + state: present + create: yes + with_items: + - 'USE_PEERDNS' + - 'NM_CONTROLLED' + +- name: enable and start NetworkManager + service: + name: NetworkManager + state: restarted + enabled: yes + +# TODO(shadower): add the flannel interface tasks from post-provision-openstack.yml diff --git a/roles/openshift_openstack/tasks/node-packages.yml b/roles/openshift_openstack/tasks/node-packages.yml new file mode 100644 index 000000000..c65eaec3b --- /dev/null +++ b/roles/openshift_openstack/tasks/node-packages.yml @@ -0,0 +1,15 @@ +--- +# TODO: subscribe to RHEL and install docker and other packages here + +- name: Install required packages + yum: + name: "{{ item }}" + state: latest + with_items: "{{ required_packages }}" + +- name: Install debug packages (optional) + yum: + name: "{{ item }}" + state: latest + with_items: "{{ debug_packages }}" + when: install_debug_packages|bool diff --git a/roles/openshift_openstack/tasks/populate-dns.yml b/roles/openshift_openstack/tasks/populate-dns.yml new file mode 100644 index 000000000..f1a868a19 --- /dev/null +++ b/roles/openshift_openstack/tasks/populate-dns.yml @@ -0,0 +1,5 @@ +# TODO: use nsupdate to populate the DNS servers using the keys +# specified in the inventory. + +# this is an optional step -- the deployers may do whatever else they +# wish here. diff --git a/roles/openshift_openstack/tasks/prepare-and-format-cinder-volume.yaml b/roles/openshift_openstack/tasks/prepare-and-format-cinder-volume.yaml new file mode 100644 index 000000000..fc51f6dc2 --- /dev/null +++ b/roles/openshift_openstack/tasks/prepare-and-format-cinder-volume.yaml @@ -0,0 +1,59 @@ +--- +- name: Attach the volume to the VM + os_server_volume: + state: present + server: "{{ groups['masters'][0] }}" + volume: "{{ cinder_volume }}" + register: volume_attachment + +- set_fact: + attached_device: >- + {{ volume_attachment['attachments']|json_query("[?volume_id=='" + cinder_volume + "'].device | [0]") }} + +- delegate_to: "{{ groups['masters'][0] }}" + block: + - name: Wait for the device to appear + wait_for: path={{ attached_device }} + + - name: Create a temp directory for mounting the volume + tempfile: + prefix: cinder-volume + state: directory + register: cinder_mount_dir + + - name: Format the device + filesystem: + fstype: "{{ cinder_fs }}" + dev: "{{ attached_device }}" + + - name: Mount the device + mount: + name: "{{ cinder_mount_dir.path }}" + src: "{{ attached_device }}" + state: mounted + fstype: "{{ cinder_fs }}" + + - name: Change mode on the filesystem + file: + path: "{{ cinder_mount_dir.path }}" + state: directory + recurse: true + mode: 0777 + + - name: Unmount the device + mount: + name: "{{ cinder_mount_dir.path }}" + src: "{{ attached_device }}" + state: absent + fstype: "{{ cinder_fs }}" + + - name: Delete the temp directory + file: + name: "{{ cinder_mount_dir.path }}" + state: absent + +- name: Detach the volume from the VM + os_server_volume: + state: absent + server: "{{ groups['masters'][0] }}" + volume: "{{ cinder_volume }}" diff --git a/roles/openshift_openstack/tasks/provision.yml b/roles/openshift_openstack/tasks/provision.yml new file mode 100644 index 000000000..8ebda8100 --- /dev/null +++ b/roles/openshift_openstack/tasks/provision.yml @@ -0,0 +1,30 @@ +--- +- name: Generate the templates + include: generate-templates.yml + when: + - stack_state == 'present' + +- name: Handle the Stack (create/delete) + ignore_errors: False + register: stack_create + os_stack: + name: "{{ stack_name }}" + state: "{{ stack_state }}" + template: "{{ stack_template_path | default(omit) }}" + wait: yes + +- name: Add the new nodes to the inventory + meta: refresh_inventory + +- name: Populate DNS entries + include: populate-dns.yml + when: + - stack_state == 'present' + +- name: CleanUp + include: cleanup.yml + when: + - stack_state == 'present' + +# TODO(shadower): create the registry and PV Cinder volumes if specified +# and include the `prepare-and-format-cinder-volume` tasks to set it up diff --git a/roles/openshift_openstack/tasks/subnet_update_dns_servers.yaml b/roles/openshift_openstack/tasks/subnet_update_dns_servers.yaml new file mode 100644 index 000000000..af28fc98f --- /dev/null +++ b/roles/openshift_openstack/tasks/subnet_update_dns_servers.yaml @@ -0,0 +1,9 @@ +--- +- name: Live update the subnet's DNS servers + os_subnet: + name: openshift-ansible-{{ stack_name }}-subnet + network_name: openshift-ansible-{{ stack_name }}-net + state: present + use_default_subnetpool: yes + dns_nameservers: "{{ [private_dns_server|default(public_dns_nameservers[0])]|union(public_dns_nameservers)|unique }}" + when: not provider_network diff --git a/roles/openshift_openstack/templates/docker-storage-setup-dm.j2 b/roles/openshift_openstack/templates/docker-storage-setup-dm.j2 new file mode 100644 index 000000000..b5869feff --- /dev/null +++ b/roles/openshift_openstack/templates/docker-storage-setup-dm.j2 @@ -0,0 +1,4 @@ +DEVS="{{ docker_dev }}" +VG="{{ docker_vg }}" +DATA_SIZE="{{ docker_data_size }}" +EXTRA_DOCKER_STORAGE_OPTIONS="--storage-opt dm.basesize={{ docker_dm_basesize }}" diff --git a/roles/openshift_openstack/templates/docker-storage-setup-overlayfs.j2 b/roles/openshift_openstack/templates/docker-storage-setup-overlayfs.j2 new file mode 100644 index 000000000..d8b4a0276 --- /dev/null +++ b/roles/openshift_openstack/templates/docker-storage-setup-overlayfs.j2 @@ -0,0 +1,7 @@ +DEVS="{{ docker_dev }}" +VG="{{ docker_vg }}" +DATA_SIZE="{{ docker_data_size }}" +STORAGE_DRIVER=overlay2 +CONTAINER_ROOT_LV_NAME="{{ container_root_lv_name }}" +CONTAINER_ROOT_LV_MOUNT_PATH="{{ container_root_lv_mount_path }}" +CONTAINER_ROOT_LV_SIZE=100%FREE diff --git a/roles/openshift_openstack/templates/heat_stack.yaml.j2 b/roles/openshift_openstack/templates/heat_stack.yaml.j2 new file mode 100644 index 000000000..2359842a5 --- /dev/null +++ b/roles/openshift_openstack/templates/heat_stack.yaml.j2 @@ -0,0 +1,888 @@ +heat_template_version: 2016-10-14 + +description: OpenShift cluster + +parameters: + +outputs: + + etcd_names: + description: Name of the etcds + value: { get_attr: [ etcd, name ] } + + etcd_ips: + description: IPs of the etcds + value: { get_attr: [ etcd, private_ip ] } + + etcd_floating_ips: + description: Floating IPs of the etcds + value: { get_attr: [ etcd, floating_ip ] } + + master_names: + description: Name of the masters + value: { get_attr: [ masters, name ] } + + master_ips: + description: IPs of the masters + value: { get_attr: [ masters, private_ip ] } + + master_floating_ips: + description: Floating IPs of the masters + value: { get_attr: [ masters, floating_ip ] } + + node_names: + description: Name of the nodes + value: { get_attr: [ compute_nodes, name ] } + + node_ips: + description: IPs of the nodes + value: { get_attr: [ compute_nodes, private_ip ] } + + node_floating_ips: + description: Floating IPs of the nodes + value: { get_attr: [ compute_nodes, floating_ip ] } + + infra_names: + description: Name of the nodes + value: { get_attr: [ infra_nodes, name ] } + + infra_ips: + description: IPs of the nodes + value: { get_attr: [ infra_nodes, private_ip ] } + + infra_floating_ips: + description: Floating IPs of the nodes + value: { get_attr: [ infra_nodes, floating_ip ] } + +{% if num_dns|int > 0 %} + dns_name: + description: Name of the DNS + value: + get_attr: + - dns + - name + + dns_floating_ips: + description: Floating IPs of the DNS + value: { get_attr: [ dns, floating_ip ] } + + dns_private_ips: + description: Private IPs of the DNS + value: { get_attr: [ dns, private_ip ] } +{% endif %} + +conditions: + no_floating: {% if provider_network or use_bastion|bool %}true{% else %}false{% endif %} + +resources: + +{% if not provider_network %} + net: + type: OS::Neutron::Net + properties: + name: + str_replace: + template: openshift-ansible-cluster_id-net + params: + cluster_id: {{ stack_name }} + + subnet: + type: OS::Neutron::Subnet + properties: + name: + str_replace: + template: openshift-ansible-cluster_id-subnet + params: + cluster_id: {{ stack_name }} + network: { get_resource: net } + cidr: + str_replace: + template: subnet_24_prefix.0/24 + params: + subnet_24_prefix: {{ subnet_prefix }} + allocation_pools: + - start: + str_replace: + template: subnet_24_prefix.3 + params: + subnet_24_prefix: {{ subnet_prefix }} + end: + str_replace: + template: subnet_24_prefix.254 + params: + subnet_24_prefix: {{ subnet_prefix }} + dns_nameservers: +{% for nameserver in dns_nameservers %} + - {{ nameserver }} +{% endfor %} + +{% if openshift_use_flannel|default(False)|bool %} + data_net: + type: OS::Neutron::Net + properties: + name: openshift-ansible-{{ stack_name }}-data-net + port_security_enabled: false + + data_subnet: + type: OS::Neutron::Subnet + properties: + name: openshift-ansible-{{ stack_name }}-data-subnet + network: { get_resource: data_net } + cidr: {{ osm_cluster_network_cidr|default('10.128.0.0/14') }} + gateway_ip: null +{% endif %} + + router: + type: OS::Neutron::Router + properties: + name: + str_replace: + template: openshift-ansible-cluster_id-router + params: + cluster_id: {{ stack_name }} + external_gateway_info: + network: {{ external_network }} + + interface: + type: OS::Neutron::RouterInterface + properties: + router_id: { get_resource: router } + subnet_id: { get_resource: subnet } + +{% endif %} + +# keypair: +# type: OS::Nova::KeyPair +# properties: +# name: +# str_replace: +# template: openshift-ansible-cluster_id-keypair +# params: +# cluster_id: {{ stack_name }} +# public_key: {{ ssh_public_key }} + + common-secgrp: + type: OS::Neutron::SecurityGroup + properties: + name: + str_replace: + template: openshift-ansible-cluster_id-common-secgrp + params: + cluster_id: {{ stack_name }} + description: + str_replace: + template: Basic ssh/icmp security group for cluster_id OpenShift cluster + params: + cluster_id: {{ stack_name }} + rules: + - direction: ingress + protocol: tcp + port_range_min: 22 + port_range_max: 22 + remote_ip_prefix: {{ ssh_ingress_cidr }} +{% if use_bastion|bool %} + - direction: ingress + protocol: tcp + port_range_min: 22 + port_range_max: 22 + remote_ip_prefix: {{ bastion_ingress_cidr }} +{% endif %} + - direction: ingress + protocol: icmp + remote_ip_prefix: {{ ssh_ingress_cidr }} + +{% if openstack_flat_secgrp|default(False)|bool %} + flat-secgrp: + type: OS::Neutron::SecurityGroup + properties: + name: + str_replace: + template: openshift-ansible-cluster_id-flat-secgrp + params: + cluster_id: {{ stack_name }} + description: + str_replace: + template: Security group for cluster_id OpenShift cluster + params: + cluster_id: {{ stack_name }} + rules: + - direction: ingress + protocol: tcp + port_range_min: 4001 + port_range_max: 4001 + - direction: ingress + protocol: tcp + port_range_min: {{ openshift_master_api_port|default(8443) }} + port_range_max: {{ openshift_master_api_port|default(8443) }} + - direction: ingress + protocol: tcp + port_range_min: {{ openshift_master_console_port|default(8443) }} + port_range_max: {{ openshift_master_console_port|default(8443) }} + - direction: ingress + protocol: tcp + port_range_min: 8053 + port_range_max: 8053 + - direction: ingress + protocol: udp + port_range_min: 8053 + port_range_max: 8053 + - direction: ingress + protocol: tcp + port_range_min: 24224 + port_range_max: 24224 + - direction: ingress + protocol: udp + port_range_min: 24224 + port_range_max: 24224 + - direction: ingress + protocol: tcp + port_range_min: 2224 + port_range_max: 2224 + - direction: ingress + protocol: udp + port_range_min: 5404 + port_range_max: 5405 + - direction: ingress + protocol: tcp + port_range_min: 9090 + port_range_max: 9090 + - direction: ingress + protocol: tcp + port_range_min: 2379 + port_range_max: 2380 + remote_mode: remote_group_id + - direction: ingress + protocol: tcp + port_range_min: 10250 + port_range_max: 10250 + remote_mode: remote_group_id + - direction: ingress + protocol: udp + port_range_min: 10250 + port_range_max: 10250 + remote_mode: remote_group_id + - direction: ingress + protocol: tcp + port_range_min: 10255 + port_range_max: 10255 + remote_mode: remote_group_id + - direction: ingress + protocol: udp + port_range_min: 10255 + port_range_max: 10255 + remote_mode: remote_group_id + - direction: ingress + protocol: udp + port_range_min: 4789 + port_range_max: 4789 + remote_mode: remote_group_id + - direction: ingress + protocol: tcp + port_range_min: 30000 + port_range_max: 32767 + remote_ip_prefix: {{ node_ingress_cidr }} + - direction: ingress + protocol: tcp + port_range_min: 30000 + port_range_max: 32767 + remote_ip_prefix: "{{ openstack_subnet_prefix }}.0/24" +{% else %} + master-secgrp: + type: OS::Neutron::SecurityGroup + properties: + name: + str_replace: + template: openshift-ansible-cluster_id-master-secgrp + params: + cluster_id: {{ stack_name }} + description: + str_replace: + template: Security group for cluster_id OpenShift cluster master + params: + cluster_id: {{ stack_name }} + rules: + - direction: ingress + protocol: tcp + port_range_min: 4001 + port_range_max: 4001 + - direction: ingress + protocol: tcp + port_range_min: {{ openshift_master_api_port|default(8443) }} + port_range_max: {{ openshift_master_api_port|default(8443) }} + - direction: ingress + protocol: tcp + port_range_min: {{ openshift_master_console_port|default(8443) }} + port_range_max: {{ openshift_master_console_port|default(8443) }} + - direction: ingress + protocol: tcp + port_range_min: 8053 + port_range_max: 8053 + - direction: ingress + protocol: udp + port_range_min: 8053 + port_range_max: 8053 + - direction: ingress + protocol: tcp + port_range_min: 24224 + port_range_max: 24224 + - direction: ingress + protocol: udp + port_range_min: 24224 + port_range_max: 24224 + - direction: ingress + protocol: tcp + port_range_min: 2224 + port_range_max: 2224 + - direction: ingress + protocol: udp + port_range_min: 5404 + port_range_max: 5405 + - direction: ingress + protocol: tcp + port_range_min: 9090 + port_range_max: 9090 +{% if openshift_use_flannel|default(False)|bool %} + - direction: ingress + protocol: tcp + port_range_min: 2379 + port_range_max: 2379 +{% endif %} + + etcd-secgrp: + type: OS::Neutron::SecurityGroup + properties: + name: + str_replace: + template: openshift-ansible-cluster_id-etcd-secgrp + params: + cluster_id: {{ stack_name }} + description: + str_replace: + template: Security group for cluster_id etcd cluster + params: + cluster_id: {{ stack_name }} + rules: + - direction: ingress + protocol: tcp + port_range_min: 2379 + port_range_max: 2379 + remote_mode: remote_group_id + remote_group_id: { get_resource: master-secgrp } + - direction: ingress + protocol: tcp + port_range_min: 2380 + port_range_max: 2380 + remote_mode: remote_group_id + + node-secgrp: + type: OS::Neutron::SecurityGroup + properties: + name: + str_replace: + template: openshift-ansible-cluster_id-node-secgrp + params: + cluster_id: {{ stack_name }} + description: + str_replace: + template: Security group for cluster_id OpenShift cluster nodes + params: + cluster_id: {{ stack_name }} + rules: + - direction: ingress + protocol: tcp + port_range_min: 10250 + port_range_max: 10250 + remote_mode: remote_group_id + - direction: ingress + protocol: tcp + port_range_min: 10255 + port_range_max: 10255 + remote_mode: remote_group_id + - direction: ingress + protocol: udp + port_range_min: 10255 + port_range_max: 10255 + remote_mode: remote_group_id + - direction: ingress + protocol: udp + port_range_min: 4789 + port_range_max: 4789 + remote_mode: remote_group_id + - direction: ingress + protocol: tcp + port_range_min: 30000 + port_range_max: 32767 + remote_ip_prefix: {{ node_ingress_cidr }} + - direction: ingress + protocol: tcp + port_range_min: 30000 + port_range_max: 32767 + remote_ip_prefix: "{{ openstack_subnet_prefix }}.0/24" +{% endif %} + + infra-secgrp: + type: OS::Neutron::SecurityGroup + properties: + name: + str_replace: + template: openshift-ansible-cluster_id-infra-secgrp + params: + cluster_id: {{ stack_name }} + description: + str_replace: + template: Security group for cluster_id OpenShift infrastructure cluster nodes + params: + cluster_id: {{ stack_name }} + rules: + - direction: ingress + protocol: tcp + port_range_min: 80 + port_range_max: 80 + - direction: ingress + protocol: tcp + port_range_min: 443 + port_range_max: 443 + +{% if num_dns|int > 0 %} + dns-secgrp: + type: OS::Neutron::SecurityGroup + properties: + name: + str_replace: + template: openshift-ansible-cluster_id-dns-secgrp + params: + cluster_id: {{ stack_name }} + description: + str_replace: + template: Security group for cluster_id cluster DNS + params: + cluster_id: {{ stack_name }} + rules: + - direction: ingress + protocol: udp + port_range_min: 53 + port_range_max: 53 + remote_ip_prefix: {{ node_ingress_cidr }} + - direction: ingress + protocol: udp + port_range_min: 53 + port_range_max: 53 + remote_ip_prefix: "{{ openstack_subnet_prefix }}.0/24" + - direction: ingress + protocol: tcp + port_range_min: 53 + port_range_max: 53 + remote_ip_prefix: {{ node_ingress_cidr }} + - direction: ingress + protocol: tcp + port_range_min: 53 + port_range_max: 53 + remote_ip_prefix: "{{ openstack_subnet_prefix }}.0/24" +{% endif %} + +{% if num_masters|int > 1 or ui_ssh_tunnel|bool %} + lb-secgrp: + type: OS::Neutron::SecurityGroup + properties: + name: openshift-ansible-{{ stack_name }}-lb-secgrp + description: Security group for {{ stack_name }} cluster Load Balancer + rules: + - direction: ingress + protocol: tcp + port_range_min: {{ openshift_master_api_port | default(8443) }} + port_range_max: {{ openshift_master_api_port | default(8443) }} + remote_ip_prefix: {{ lb_ingress_cidr | default(bastion_ingress_cidr) }} +{% if ui_ssh_tunnel|bool %} + - direction: ingress + protocol: tcp + port_range_min: {{ openshift_master_api_port | default(8443) }} + port_range_max: {{ openshift_master_api_port | default(8443) }} + remote_ip_prefix: {{ ssh_ingress_cidr }} +{% endif %} +{% if openshift_master_console_port is defined and openshift_master_console_port != openshift_master_api_port %} + - direction: ingress + protocol: tcp + port_range_min: {{ openshift_master_console_port | default(8443) }} + port_range_max: {{ openshift_master_console_port | default(8443) }} + remote_ip_prefix: {{ lb_ingress_cidr | default(bastion_ingress_cidr) }} +{% endif %} +{% endif %} + + etcd: + type: OS::Heat::ResourceGroup + properties: + count: {{ num_etcd }} + resource_def: + type: server.yaml + properties: + name: + str_replace: + template: k8s_type-%index%.cluster_id + params: + cluster_id: {{ stack_name }} + k8s_type: {{ etcd_hostname | default('etcd') }} + cluster_env: {{ public_dns_domain }} + cluster_id: {{ stack_name }} + group: + str_replace: + template: k8s_type.cluster_id + params: + k8s_type: etcds + cluster_id: {{ stack_name }} + type: etcd + image: {{ openstack_etcd_image | default(openstack_image) }} + flavor: {{ etcd_flavor }} + key_name: {{ ssh_public_key }} +{% if provider_network %} + net: {{ provider_network }} + net_name: {{ provider_network }} +{% else %} + net: { get_resource: net } + subnet: { get_resource: subnet } + net_name: + str_replace: + template: openshift-ansible-cluster_id-net + params: + cluster_id: {{ stack_name }} +{% endif %} + secgrp: + - { get_resource: {% if openstack_flat_secgrp|default(False)|bool %}flat-secgrp{% else %}etcd-secgrp{% endif %} } + - { get_resource: common-secgrp } + floating_network: + if: + - no_floating + - null + - {{ external_network }} +{% if use_bastion|bool or provider_network %} + attach_float_net: false +{% endif %} + volume_size: {{ etcd_volume_size }} +{% if not provider_network %} + depends_on: + - interface +{% endif %} + +{% if master_server_group_policies|length > 0 %} + master_server_group: + type: OS::Nova::ServerGroup + properties: + name: master_server_group + policies: {{ master_server_group_policies }} +{% endif %} +{% if infra_server_group_policies|length > 0 %} + infra_server_group: + type: OS::Nova::ServerGroup + properties: + name: infra_server_group + policies: {{ infra_server_group_policies }} +{% endif %} +{% if num_masters|int > 1 %} + loadbalancer: + type: OS::Heat::ResourceGroup + properties: + count: 1 + resource_def: + type: server.yaml + properties: + name: + str_replace: + template: k8s_type-%index%.cluster_id + params: + cluster_id: {{ stack_name }} + k8s_type: {{ lb_hostname | default('lb') }} + cluster_env: {{ public_dns_domain }} + cluster_id: {{ stack_name }} + group: + str_replace: + template: k8s_type.cluster_id + params: + k8s_type: lb + cluster_id: {{ stack_name }} + type: lb + image: {{ openstack_lb_image | default(openstack_image) }} + flavor: {{ lb_flavor }} + key_name: {{ ssh_public_key }} +{% if provider_network %} + net: {{ provider_network }} + net_name: {{ provider_network }} +{% else %} + net: { get_resource: net } + subnet: { get_resource: subnet } + net_name: + str_replace: + template: openshift-ansible-cluster_id-net + params: + cluster_id: {{ stack_name }} +{% endif %} + secgrp: + - { get_resource: lb-secgrp } + - { get_resource: common-secgrp } +{% if not provider_network %} + floating_network: {{ external_network }} +{% endif %} + volume_size: {{ lb_volume_size }} +{% if not provider_network %} + depends_on: + - interface +{% endif %} +{% endif %} + + masters: + type: OS::Heat::ResourceGroup + properties: + count: {{ num_masters }} + resource_def: + type: server.yaml + properties: + name: + str_replace: + template: k8s_type-%index%.cluster_id + params: + cluster_id: {{ stack_name }} + k8s_type: {{ master_hostname | default('master')}} + cluster_env: {{ public_dns_domain }} + cluster_id: {{ stack_name }} + group: + str_replace: + template: k8s_type.cluster_id + params: + k8s_type: masters + cluster_id: {{ stack_name }} + type: master + image: {{ openstack_master_image | default(openstack_image) }} + flavor: {{ master_flavor }} + key_name: {{ ssh_public_key }} +{% if provider_network %} + net: {{ provider_network }} + net_name: {{ provider_network }} +{% else %} + net: { get_resource: net } + subnet: { get_resource: subnet } + net_name: + str_replace: + template: openshift-ansible-cluster_id-net + params: + cluster_id: {{ stack_name }} +{% if openshift_use_flannel|default(False)|bool %} + attach_data_net: true + data_net: { get_resource: data_net } + data_subnet: { get_resource: data_subnet } +{% endif %} +{% endif %} + secgrp: +{% if openstack_flat_secgrp|default(False)|bool %} + - { get_resource: flat-secgrp } +{% else %} + - { get_resource: master-secgrp } + - { get_resource: node-secgrp } +{% if num_etcd|int == 0 %} + - { get_resource: etcd-secgrp } +{% endif %} +{% endif %} + - { get_resource: common-secgrp } + floating_network: + if: + - no_floating + - null + - {{ external_network }} +{% if use_bastion|bool or provider_network %} + attach_float_net: false +{% endif %} + volume_size: {{ master_volume_size }} +{% if master_server_group_policies|length > 0 %} + scheduler_hints: + group: { get_resource: master_server_group } +{% endif %} +{% if not provider_network %} + depends_on: + - interface +{% endif %} + + compute_nodes: + type: OS::Heat::ResourceGroup + properties: + count: {{ num_nodes }} + removal_policies: + - resource_list: {{ nodes_to_remove }} + resource_def: + type: server.yaml + properties: + name: + str_replace: + template: sub_type_k8s_type-%index%.cluster_id + params: + cluster_id: {{ stack_name }} + sub_type_k8s_type: {{ node_hostname | default('app-node') }} + cluster_env: {{ public_dns_domain }} + cluster_id: {{ stack_name }} + group: + str_replace: + template: k8s_type.cluster_id + params: + k8s_type: nodes + cluster_id: {{ stack_name }} + type: node + subtype: app + node_labels: +{% for k, v in openshift_cluster_node_labels.app.iteritems() %} + {{ k|e }}: {{ v|e }} +{% endfor %} + image: {{ openstack_node_image | default(openstack_image) }} + flavor: {{ node_flavor }} + key_name: {{ ssh_public_key }} +{% if provider_network %} + net: {{ provider_network }} + net_name: {{ provider_network }} +{% else %} + net: { get_resource: net } + subnet: { get_resource: subnet } + net_name: + str_replace: + template: openshift-ansible-cluster_id-net + params: + cluster_id: {{ stack_name }} +{% if openshift_use_flannel|default(False)|bool %} + attach_data_net: true + data_net: { get_resource: data_net } + data_subnet: { get_resource: data_subnet } +{% endif %} +{% endif %} + secgrp: + - { get_resource: {% if openstack_flat_secgrp|default(False)|bool %}flat-secgrp{% else %}node-secgrp{% endif %} } + - { get_resource: common-secgrp } + floating_network: + if: + - no_floating + - null + - {{ external_network }} +{% if use_bastion|bool or provider_network %} + attach_float_net: false +{% endif %} + volume_size: {{ node_volume_size }} +{% if not provider_network %} + depends_on: + - interface +{% endif %} + + infra_nodes: + type: OS::Heat::ResourceGroup + properties: + count: {{ num_infra }} + resource_def: + type: server.yaml + properties: + name: + str_replace: + template: sub_type_k8s_type-%index%.cluster_id + params: + cluster_id: {{ stack_name }} + sub_type_k8s_type: {{ infra_hostname | default('infranode') }} + cluster_env: {{ public_dns_domain }} + cluster_id: {{ stack_name }} + group: + str_replace: + template: k8s_type.cluster_id + params: + k8s_type: infra + cluster_id: {{ stack_name }} + type: node + subtype: infra + node_labels: +{% for k, v in openshift_cluster_node_labels.infra.iteritems() %} + {{ k|e }}: {{ v|e }} +{% endfor %} + image: {{ openstack_infra_image | default(openstack_image) }} + flavor: {{ infra_flavor }} + key_name: {{ ssh_public_key }} +{% if provider_network %} + net: {{ provider_network }} + net_name: {{ provider_network }} +{% else %} + net: { get_resource: net } + subnet: { get_resource: subnet } + net_name: + str_replace: + template: openshift-ansible-cluster_id-net + params: + cluster_id: {{ stack_name }} +{% if openshift_use_flannel|default(False)|bool %} + attach_data_net: true + data_net: { get_resource: data_net } + data_subnet: { get_resource: data_subnet } +{% endif %} +{% endif %} + secgrp: +# TODO(bogdando) filter only required node rules into infra-secgrp +{% if openstack_flat_secgrp|default(False)|bool %} + - { get_resource: flat-secgrp } +{% else %} + - { get_resource: node-secgrp } +{% endif %} +{% if ui_ssh_tunnel|bool and num_masters|int < 2 %} + - { get_resource: lb-secgrp } +{% endif %} + - { get_resource: infra-secgrp } + - { get_resource: common-secgrp } +{% if not provider_network %} + floating_network: {{ external_network }} +{% endif %} + volume_size: {{ infra_volume_size }} +{% if infra_server_group_policies|length > 0 %} + scheduler_hints: + group: { get_resource: infra_server_group } +{% endif %} +{% if not provider_network %} + depends_on: + - interface +{% endif %} + +{% if num_dns|int > 0 %} + dns: + type: OS::Heat::ResourceGroup + properties: + count: {{ num_dns }} + resource_def: + type: server.yaml + properties: + name: + str_replace: + template: k8s_type-%index%.cluster_id + params: + cluster_id: {{ stack_name }} + k8s_type: {{ dns_hostname | default('dns') }} + cluster_env: {{ public_dns_domain }} + cluster_id: {{ stack_name }} + group: + str_replace: + template: k8s_type.cluster_id + params: + k8s_type: dns + cluster_id: {{ stack_name }} + type: dns + image: {{ openstack_dns_image | default(openstack_image) }} + flavor: {{ dns_flavor }} + key_name: {{ ssh_public_key }} +{% if provider_network %} + net: {{ provider_network }} + net_name: {{ provider_network }} +{% else %} + net: { get_resource: net } + subnet: { get_resource: subnet } + net_name: + str_replace: + template: openshift-ansible-cluster_id-net + params: + cluster_id: {{ stack_name }} +{% endif %} + secgrp: + - { get_resource: dns-secgrp } + - { get_resource: common-secgrp } +{% if not provider_network %} + floating_network: {{ external_network }} +{% endif %} + volume_size: {{ dns_volume_size }} +{% if not provider_network %} + depends_on: + - interface +{% endif %} +{% endif %} diff --git a/roles/openshift_openstack/templates/heat_stack_server.yaml.j2 b/roles/openshift_openstack/templates/heat_stack_server.yaml.j2 new file mode 100644 index 000000000..9ffe721a5 --- /dev/null +++ b/roles/openshift_openstack/templates/heat_stack_server.yaml.j2 @@ -0,0 +1,270 @@ +heat_template_version: 2016-10-14 + +description: OpenShift cluster server + +parameters: + + name: + type: string + label: Name + description: Name + + group: + type: string + label: Host Group + description: The Primary Ansible Host Group + default: host + + cluster_env: + type: string + label: Cluster environment + description: Environment of the cluster + + cluster_id: + type: string + label: Cluster ID + description: Identifier of the cluster + + type: + type: string + label: Type + description: Type master or node + + subtype: + type: string + label: Sub-type + description: Sub-type compute or infra for nodes, default otherwise + default: default + + key_name: + type: string + label: Key name + description: Key name of keypair + + image: + type: string + label: Image + description: Name of the image + + flavor: + type: string + label: Flavor + description: Name of the flavor + + net: + type: string + label: Net ID + description: Net resource + + net_name: + type: string + label: Net name + description: Net name + +{% if not provider_network %} + subnet: + type: string + label: Subnet ID + description: Subnet resource +{% endif %} + +{% if openshift_use_flannel|default(False)|bool %} + attach_data_net: + type: boolean + default: false + label: Attach-data-net + description: A switch for data port connection + + data_net: + type: string + default: '' + label: Net ID + description: Net resource + +{% if not provider_network %} + data_subnet: + type: string + default: '' + label: Subnet ID + description: Subnet resource +{% endif %} +{% endif %} + + secgrp: + type: comma_delimited_list + label: Security groups + description: Security group resources + + attach_float_net: + type: boolean + default: true + + label: Attach-float-net + description: A switch for floating network port connection + +{% if not provider_network %} + floating_network: + type: string + default: '' + label: Floating network + description: Network to allocate floating IP from +{% endif %} + + availability_zone: + type: string + description: The Availability Zone to launch the instance. + default: nova + + volume_size: + type: number + description: Size of the volume to be created. + default: 1 + constraints: + - range: { min: 1, max: 1024 } + description: must be between 1 and 1024 Gb. + + node_labels: + type: json + description: OpenShift Node Labels + default: {"region": "default" } + + scheduler_hints: + type: json + description: Server scheduler hints. + default: {} + +outputs: + + name: + description: Name of the server + value: { get_attr: [ server, name ] } + + private_ip: + description: Private IP of the server + value: + get_attr: + - server + - addresses + - { get_param: net_name } + - 0 + - addr + + floating_ip: + description: Floating IP of the server + value: + get_attr: + - server + - addresses + - { get_param: net_name } +{% if provider_network %} + - 0 +{% else %} + - 1 +{% endif %} + - addr + +conditions: + no_floating: {not: { get_param: attach_float_net} } +{% if openshift_use_flannel|default(False)|bool %} + no_data_subnet: {not: { get_param: attach_data_net} } +{% endif %} + +resources: + + server: + type: OS::Nova::Server + properties: + name: { get_param: name } + key_name: { get_param: key_name } + image: { get_param: image } + flavor: { get_param: flavor } + networks: +{% if openshift_use_flannel|default(False)|bool %} + if: + - no_data_subnet +{% if use_trunk_ports|default(false)|bool %} + - - port: { get_attr: [trunk-port, port_id] } +{% else %} + - - port: { get_resource: port } +{% endif %} +{% if use_trunk_ports|default(false)|bool %} + - - port: { get_attr: [trunk-port, port_id] } +{% else %} + - - port: { get_resource: port } + - port: { get_resource: data_port } +{% endif %} + +{% else %} +{% if use_trunk_ports|default(false)|bool %} + - port: { get_attr: [trunk-port, port_id] } +{% else %} + - port: { get_resource: port } +{% endif %} +{% endif %} + user_data: + get_file: user-data + user_data_format: RAW + user_data_update_policy: IGNORE + metadata: + group: { get_param: group } + environment: { get_param: cluster_env } + clusterid: { get_param: cluster_id } + host-type: { get_param: type } + sub-host-type: { get_param: subtype } + node_labels: { get_param: node_labels } + scheduler_hints: { get_param: scheduler_hints } + +{% if use_trunk_ports|default(false)|bool %} + trunk-port: + type: OS::Neutron::Trunk + properties: + name: { get_param: name } + port: { get_resource: port } +{% endif %} + + port: + type: OS::Neutron::Port + properties: + network: { get_param: net } +{% if not provider_network %} + fixed_ips: + - subnet: { get_param: subnet } +{% endif %} + security_groups: { get_param: secgrp } + +{% if openshift_use_flannel|default(False)|bool %} + data_port: + type: OS::Neutron::Port + condition: { not: no_data_subnet } + properties: + network: { get_param: data_net } + port_security_enabled: false +{% if not provider_network %} + fixed_ips: + - subnet: { get_param: data_subnet } +{% endif %} +{% endif %} + +{% if not provider_network %} + floating-ip: + condition: { not: no_floating } + type: OS::Neutron::FloatingIP + properties: + floating_network: { get_param: floating_network } + port_id: { get_resource: port } +{% endif %} + +{% if not ephemeral_volumes|default(false)|bool %} + cinder_volume: + type: OS::Cinder::Volume + properties: + size: { get_param: volume_size } + availability_zone: { get_param: availability_zone } + + volume_attachment: + type: OS::Cinder::VolumeAttachment + properties: + volume_id: { get_resource: cinder_volume } + instance_uuid: { get_resource: server } + mountpoint: /dev/sdb +{% endif %} diff --git a/roles/openshift_openstack/templates/user_data.j2 b/roles/openshift_openstack/templates/user_data.j2 new file mode 100644 index 000000000..eb65f7cec --- /dev/null +++ b/roles/openshift_openstack/templates/user_data.j2 @@ -0,0 +1,13 @@ +#cloud-config +disable_root: true + +system_info: + default_user: + name: openshift + sudo: ["ALL=(ALL) NOPASSWD: ALL"] + +write_files: + - path: /etc/sudoers.d/00-openshift-no-requiretty + permissions: 440 + content: | + Defaults:openshift !requiretty diff --git a/roles/openshift_openstack/vars/main.yml b/roles/openshift_openstack/vars/main.yml new file mode 100644 index 000000000..a4da31bfe --- /dev/null +++ b/roles/openshift_openstack/vars/main.yml @@ -0,0 +1,49 @@ +--- +stack_name: "{{ env_id }}.{{ public_dns_domain }}" +dns_domain: "{{ public_dns_domain }}" +dns_nameservers: "{{ public_dns_nameservers }}" +subnet_prefix: "{{ openstack_subnet_prefix }}" +master_hostname: "{{ openstack_master_hostname | default('master') }}" +infra_hostname: "{{ openstack_infra_hostname | default('infra-node') }}" +node_hostname: "{{ openstack_node_hostname | default('app-node') }}" +lb_hostname: "{{ openstack_lb_hostname | default('lb') }}" +etcd_hostname: "{{ openstack_etcd_hostname | default('etcd') }}" +dns_hostname: "{{ openstack_dns_hostname | default('dns') }}" +ssh_public_key: "{{ openstack_ssh_public_key }}" +openstack_image: "{{ openstack_default_image_name }}" +lb_flavor: "{{ openstack_lb_flavor | default(openstack_default_flavor) }}" +etcd_flavor: "{{ openstack_etcd_flavor | default(openstack_default_flavor) }}" +master_flavor: "{{ openstack_master_flavor | default(openstack_default_flavor) }}" +node_flavor: "{{ openstack_node_flavor | default(openstack_default_flavor) }}" +infra_flavor: "{{ openstack_infra_flavor | default(openstack_default_flavor) }}" +dns_flavor: "{{ openstack_dns_flavor | default(openstack_default_flavor) }}" +openstack_master_image: "{{ openstack_master_image_name | default(openstack_default_image_name) }}" +openstack_infra_image: "{{ openstack_infra_image_name | default(openstack_default_image_name) }}" +openstack_node_image: "{{ openstack_node_image_name | default(openstack_default_image_name) }}" +openstack_lb_image: "{{ openstack_lb_image_name | default(openstack_default_image_name) }}" +openstack_etcd_image: "{{ openstack_etcd_image_name | default(openstack_default_image_name) }}" +openstack_dns_image: "{{ openstack_dns_image_name | default(openstack_default_image_name) }}" +openstack_private_network: >- + {% if openstack_provider_network_name | default(None) -%} + {{ openstack_provider_network_name }} + {%- else -%} + {{ openstack_private_network_name | default ('openshift-ansible-' + stack_name + '-net') }} + {%- endif -%} +provider_network: "{{ openstack_provider_network_name | default(None) }}" +external_network: "{{ openstack_external_network_name | default(None) }}" +num_etcd: "{{ openstack_num_etcd | default(0) }}" +num_masters: "{{ openstack_num_masters }}" +num_nodes: "{{ openstack_num_nodes }}" +num_infra: "{{ openstack_num_infra }}" +num_dns: "{{ openstack_num_dns | default(1) }}" +master_server_group_policies: "{{ openstack_master_server_group_policies | default([]) | to_yaml }}" +infra_server_group_policies: "{{ openstack_infra_server_group_policies | default([]) | to_yaml }}" +master_volume_size: "{{ docker_master_volume_size | default(docker_volume_size) }}" +infra_volume_size: "{{ docker_infra_volume_size | default(docker_volume_size) }}" +node_volume_size: "{{ docker_node_volume_size | default(docker_volume_size) }}" +etcd_volume_size: "{{ docker_etcd_volume_size | default('2') }}" +dns_volume_size: "{{ docker_dns_volume_size | default('1') }}" +lb_volume_size: "{{ docker_lb_volume_size | default('5') }}" +nodes_to_remove: "{{ openstack_nodes_to_remove | default([]) | to_yaml }}" +use_bastion: "{{ openstack_use_bastion|default(False) }}" +ui_ssh_tunnel: "{{ openshift_ui_ssh_tunnel|default(False) }}" diff --git a/roles/openstack-stack/tasks/main.yml b/roles/openstack-stack/tasks/main.yml index 983567026..0348f53ce 100644 --- a/roles/openstack-stack/tasks/main.yml +++ b/roles/openstack-stack/tasks/main.yml @@ -1,5 +1,4 @@ --- - - name: Generate the templates include: generate-templates.yml when: diff --git a/roles/openstack-stack/tasks/subnet_update_dns_servers.yaml b/roles/openstack-stack/tasks/subnet_update_dns_servers.yaml deleted file mode 100644 index af28fc98f..000000000 --- a/roles/openstack-stack/tasks/subnet_update_dns_servers.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -- name: Live update the subnet's DNS servers - os_subnet: - name: openshift-ansible-{{ stack_name }}-subnet - network_name: openshift-ansible-{{ stack_name }}-net - state: present - use_default_subnetpool: yes - dns_nameservers: "{{ [private_dns_server|default(public_dns_nameservers[0])]|union(public_dns_nameservers)|unique }}" - when: not provider_network -- cgit v1.2.3 From 94413931c26e47fd9acd3c0d20bbcfd1704755d1 Mon Sep 17 00:00:00 2001 From: Tomas Sedovic Date: Fri, 27 Oct 2017 17:59:44 +0200 Subject: Remove the post-install and scale-up playbooks They're not necessary for the initial PR so let's add them properly later. --- .../openstack/openshift-cluster/post-install.yml | 57 ------------------ .../openstack/openshift-cluster/scale-up.yaml | 70 ---------------------- 2 files changed, 127 deletions(-) delete mode 100644 playbooks/openstack/openshift-cluster/post-install.yml delete mode 100644 playbooks/openstack/openshift-cluster/scale-up.yaml (limited to 'playbooks/openstack/openshift-cluster') diff --git a/playbooks/openstack/openshift-cluster/post-install.yml b/playbooks/openstack/openshift-cluster/post-install.yml deleted file mode 100644 index 7b1744a18..000000000 --- a/playbooks/openstack/openshift-cluster/post-install.yml +++ /dev/null @@ -1,57 +0,0 @@ ---- -- hosts: OSEv3 - gather_facts: False - become: True - tasks: - - name: Save iptables rules to a backup file - when: openshift_use_flannel|default(False)|bool - shell: iptables-save > /etc/sysconfig/iptables.orig-$(date +%Y%m%d%H%M%S) - -# Enable iptables service on app nodes to persist custom rules (flannel SDN) -# FIXME(bogdando) w/a https://bugzilla.redhat.com/show_bug.cgi?id=1490820 -- hosts: app - gather_facts: False - become: True - vars: - os_firewall_allow: - - service: dnsmasq tcp - port: 53/tcp - - service: dnsmasq udp - port: 53/udp - tasks: - - when: openshift_use_flannel|default(False)|bool - block: - - include_role: - name: os_firewall - - include_role: - name: lib_os_firewall - - name: set allow rules for dnsmasq - os_firewall_manage_iptables: - name: "{{ item.service }}" - action: add - protocol: "{{ item.port.split('/')[1] }}" - port: "{{ item.port.split('/')[0] }}" - with_items: "{{ os_firewall_allow }}" - -- hosts: OSEv3 - gather_facts: False - become: True - tasks: - - name: Apply post-install iptables hacks for Flannel SDN (the best effort) - when: openshift_use_flannel|default(False)|bool - block: - - name: set allow/masquerade rules for for flannel/docker - shell: >- - (iptables-save | grep -q custom-flannel-docker-1) || - iptables -A DOCKER -w - -p all -j ACCEPT - -m comment --comment "custom-flannel-docker-1"; - (iptables-save | grep -q custom-flannel-docker-2) || - iptables -t nat -A POSTROUTING -w - -o {{flannel_interface|default('eth1')}} - -m comment --comment "custom-flannel-docker-2" - -j MASQUERADE - - # NOTE(bogdando) the rules will not be restored, when iptables service unit is disabled & masked - - name: Persist in-memory iptables rules (w/o dynamic KUBE rules) - shell: iptables-save | grep -v KUBE > /etc/sysconfig/iptables diff --git a/playbooks/openstack/openshift-cluster/scale-up.yaml b/playbooks/openstack/openshift-cluster/scale-up.yaml deleted file mode 100644 index f99ff1349..000000000 --- a/playbooks/openstack/openshift-cluster/scale-up.yaml +++ /dev/null @@ -1,70 +0,0 @@ ---- -# Get the needed information about the current deployment -- hosts: masters[0] - tasks: - - name: Get number of app nodes - shell: oc get nodes -l autoscaling=app --no-headers=true | wc -l - register: oc_old_num_nodes - - name: Get names of app nodes - shell: oc get nodes -l autoscaling=app --no-headers=true | cut -f1 -d " " - register: oc_old_app_nodes - -- hosts: localhost - tasks: - # Since both number and names of app nodes are to be removed - # localhost variables for these values need to be set - - name: Store old number and names of app nodes locally (if there is an existing deployment) - when: '"masters" in groups' - register: set_fact_result - set_fact: - oc_old_num_nodes: "{{ hostvars[groups['masters'][0]]['oc_old_num_nodes'].stdout }}" - oc_old_app_nodes: "{{ hostvars[groups['masters'][0]]['oc_old_app_nodes'].stdout_lines }}" - - - name: Set default values for old app nodes (if there is no existing deployment) - when: 'set_fact_result | skipped' - set_fact: - oc_old_num_nodes: 0 - oc_old_app_nodes: [] - - # Set how many nodes are to be added (1 by default) - - name: Set how many nodes are to be added - set_fact: - increment_by: 1 - - name: Check that the number corresponds to scaling up (not down) - assert: - that: 'increment_by | int >= 1' - msg: > - FAIL: The value of increment_by must be at least 1 - (but it is {{ increment_by | int }}). - - name: Update openstack_num_nodes variable - set_fact: - openstack_num_nodes: "{{ oc_old_num_nodes | int + increment_by | int }}" - -# Run provision.yaml with higher number of nodes to create a new app-node VM -- include: provision.yml - -# Run config.yml to perform openshift installation - -# Creating a new deployment by the full installation -- include: install.yml - when: 'not groups["new_nodes"] | list' - -# Scaling up existing deployment -- include: "../../byo/openshift-node/scaleup.yml" - vars: - openshift_ansible_dir: ../../../../openshift-ansible - when: 'groups["new_nodes"] | list' - -# Post-verification: Verify new number of nodes -- hosts: masters[0] - tasks: - - name: Get number of nodes - shell: oc get nodes -l autoscaling=app --no-headers=true | wc -l - register: oc_new_num_nodes - - name: Check that the actual result matches the defined value - assert: - that: 'oc_new_num_nodes.stdout | int == (hostvars["localhost"]["oc_old_num_nodes"] | int + hostvars["localhost"]["increment_by"] | int)' - msg: > - FAIL: Number of application nodes has not been increased accordingly - (it should be {{ hostvars["localhost"]["oc_old_num_nodes"] | int + hostvars["localhost"]["increment_by"] | int }} - but it is {{ oc_new_num_nodes.stdout | int }}). -- cgit v1.2.3 From eb1f8107bb5b76cec7004f9a1ea7effab5aa0516 Mon Sep 17 00:00:00 2001 From: Tomas Sedovic Date: Fri, 27 Oct 2017 18:00:50 +0200 Subject: Use correct host group in provision.yml --- playbooks/openstack/openshift-cluster/provision.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'playbooks/openstack/openshift-cluster') diff --git a/playbooks/openstack/openshift-cluster/provision.yml b/playbooks/openstack/openshift-cluster/provision.yml index 5b20d5720..ed44d4a32 100644 --- a/playbooks/openstack/openshift-cluster/provision.yml +++ b/playbooks/openstack/openshift-cluster/provision.yml @@ -14,7 +14,7 @@ # and configure their DNS if they have to. - name: Prepare the Nodes in the cluster for installation - hosts: cluster_hosts + hosts: oo_all_hosts become: true # NOTE: The nodes may not be up yet, don't gather facts here. # They'll be collected after `wait_for_connection`. -- cgit v1.2.3 From 79f29bc825286c4f69073827a5b6d71f71f47c91 Mon Sep 17 00:00:00 2001 From: Tomas Sedovic Date: Wed, 1 Nov 2017 16:43:13 +0100 Subject: Add the DNS updates and rename the openstack vars Most of the vars in `roles/openshift_openstack/defaults/main.yml` are now prefixed with `openstack_`. --- .gitignore | 1 - playbooks/openstack/README.md | 18 +- playbooks/openstack/advanced-configuration.md | 11 +- .../openstack/openshift-cluster/provision.yml | 36 +++- .../sample-inventory/group_vars/OSEv3.yml | 4 +- .../openstack/sample-inventory/group_vars/all.yml | 4 +- roles/openshift_openstack/defaults/main.yml | 91 +++++----- .../tasks/check-prerequisites.yml | 4 +- .../tasks/generate-templates.yml | 3 + roles/openshift_openstack/tasks/hostname.yml | 49 +++--- roles/openshift_openstack/tasks/populate-dns.yml | 187 ++++++++------------ roles/openshift_openstack/tasks/provision.yml | 5 - .../templates/heat_stack.yaml.j2 | 190 ++++++++++----------- .../templates/heat_stack_server.yaml.j2 | 14 +- 14 files changed, 284 insertions(+), 333 deletions(-) (limited to 'playbooks/openstack/openshift-cluster') diff --git a/.gitignore b/.gitignore index e8be4ea5b..1e187db16 100644 --- a/.gitignore +++ b/.gitignore @@ -24,4 +24,3 @@ multi_ec2.yaml *.egg-info .eggs cover/ -roles/infra-ansible/ diff --git a/playbooks/openstack/README.md b/playbooks/openstack/README.md index 4347ddaa8..99f4ab12f 100644 --- a/playbooks/openstack/README.md +++ b/playbooks/openstack/README.md @@ -142,7 +142,7 @@ corresponding to your OpenStack installation. $ vi inventory/group_vars/all.yml ``` -1. Set the `openstack_ssh_public_key` to your OpenStack keypair name. +1. Set the `openstack_keypair_name` to your OpenStack keypair name. - See `openstack keypair list` to find the keypairs registered with OpenShift. - This must correspond to your private SSH key in `~/.ssh/id_rsa` @@ -156,20 +156,16 @@ $ vi inventory/group_vars/all.yml 4. Set the `openstack_default_flavor` to the flavor you want your OpenShift VMs to use. - See `openstack flavor list` for the list of available flavors. -5. Set the `public_dns_nameservers` to the list of the IP addresses - of the DNS servers used for the **private** address resolution[1]. +5. Set the `openstack_dns_nameservers` to the list of the IP addresses + of the DNS servers used for the **private** address resolution. -**NOTE**: In most OpenStack environments, you will also need to -configure the forwarders for the DNS server we create. This depends on -your environment. +**NOTE ON DNS**: at minimum, the OpenShift nodes need to be able to access each +other by their hostname. OpenStack doesn't provide this by default, so you +need to provide a DNS server. Put the address of that DNS server in +`openstack_dns_nameservers` variable. -Launch a VM in your OpenStack and look at its `/etc/resolv.conf` and -put the IP addresses into `public_dns_nameservers` in -`inventory/group_vars/all.yml`. -[1]: Yes, the name is bad. We will fix it. - #### OpenShift configuration diff --git a/playbooks/openstack/advanced-configuration.md b/playbooks/openstack/advanced-configuration.md index 72bb95254..5ffec708a 100644 --- a/playbooks/openstack/advanced-configuration.md +++ b/playbooks/openstack/advanced-configuration.md @@ -192,11 +192,10 @@ The `openstack__hostname` is a set of variables used for customising hostnames of servers with a given role. When such a variable stays commented, default hostname (usually the role name) is used. -The `public_dns_nameservers` is a list of DNS servers accessible from all -the created Nova servers. These will be serving as your DNS forwarders for -external FQDNs that do not belong to the cluster's DNS domain and its subdomains. -If you're unsure what to put in here, you can try the google or opendns servers, -but note that some organizations may be blocking them. +The `openstack_dns_nameservers` is a list of DNS servers accessible from all +the created Nova servers. These will provide the internal name resolution for +your OpenShift nodes (as well as upstream name resolution for installing +packages, etc.). The `openshift_use_dnsmasq` controls either dnsmasq is deployed or not. By default, dnsmasq is deployed and comes as the hosts' /etc/resolv.conf file @@ -265,7 +264,7 @@ step for flannel and docker iptables configuration: ## Other configuration variables -`openstack_ssh_public_key` is a Nova keypair - you can see your +`openstack_keypair_name` is a Nova keypair - you can see your keypairs with `openstack keypair list`. It must correspond to the private SSH key Ansible will use to log into the created VMs. This is `~/.ssh/id_rsa` by default, but you can use a different key by passing diff --git a/playbooks/openstack/openshift-cluster/provision.yml b/playbooks/openstack/openshift-cluster/provision.yml index ed44d4a32..b1dff1870 100644 --- a/playbooks/openstack/openshift-cluster/provision.yml +++ b/playbooks/openstack/openshift-cluster/provision.yml @@ -7,15 +7,17 @@ name: openshift_openstack tasks_from: provision.yml -# NOTE(shadower): the (internal) DNS must be functional at this point!! -# That will have happened in provision.yml if nsupdate was configured. -# TODO(shadower): consider splitting this up so people can stop here -# and configure their DNS if they have to. +# NOTE(shadower): Bring in the host groups: +- name: normalize groups + include: ../../byo/openshift-cluster/initialize_groups.yml +- name: evaluate groups + include: ../../common/openshift-cluster/evaluate_groups.yml -- name: Prepare the Nodes in the cluster for installation + +- name: Wait for the nodes and gather their facts hosts: oo_all_hosts - become: true + become: yes # NOTE: The nodes may not be up yet, don't gather facts here. # They'll be collected after `wait_for_connection`. gather_facts: no @@ -26,6 +28,28 @@ - name: Gather facts for the new nodes setup: + +# NOTE(shadower): the (internal) DNS must be functional at this point!! +# That will have happened in provision.yml if nsupdate was configured. + +# TODO(shadower): consider splitting this up so people can stop here +# and configure their DNS if they have to. +- name: Populate the DNS entries + hosts: localhost + tasks: + - name: Populate DNS entries + include_role: + name: openshift_openstack + tasks_from: populate-dns.yml + when: + - external_nsupdate_keys is defined + - external_nsupdate_keys.private is defined or external_nsupdate_keys.public is defined + +- name: Prepare the Nodes in the cluster for installation + hosts: oo_all_hosts + become: yes + gather_facts: yes + tasks: - name: Install dependencies include_role: name: openshift_openstack diff --git a/playbooks/openstack/sample-inventory/group_vars/OSEv3.yml b/playbooks/openstack/sample-inventory/group_vars/OSEv3.yml index 949a323a7..7d8dc157e 100644 --- a/playbooks/openstack/sample-inventory/group_vars/OSEv3.yml +++ b/playbooks/openstack/sample-inventory/group_vars/OSEv3.yml @@ -5,8 +5,8 @@ openshift_deployment_type: origin openshift_master_default_subdomain: "apps.{{ env_id }}.{{ public_dns_domain }}" openshift_master_cluster_method: native -openshift_master_cluster_hostname: "{{ groups.lb.0|default(groups.masters.0) }}" -openshift_master_cluster_public_hostname: "{{ groups.lb.0|default(groups.masters.0) }}" +openshift_master_cluster_hostname: "console.{{ env_id }}.{{ public_dns_domain }}" +openshift_master_cluster_public_hostname: "{{ openshift_master_cluster_hostname }}" osm_default_node_selector: 'region=primary' diff --git a/playbooks/openstack/sample-inventory/group_vars/all.yml b/playbooks/openstack/sample-inventory/group_vars/all.yml index 8ea798c14..e0618d685 100644 --- a/playbooks/openstack/sample-inventory/group_vars/all.yml +++ b/playbooks/openstack/sample-inventory/group_vars/all.yml @@ -1,7 +1,7 @@ --- env_id: "openshift" public_dns_domain: "example.com" -public_dns_nameservers: [] +openstack_dns_nameservers: [] # # Used Hostnames # # - set custom hostnames for roles by uncommenting corresponding lines @@ -12,7 +12,7 @@ public_dns_nameservers: [] #openstack_etcd_hostname: "etcd" #openstack_dns_hostname: "dns" -openstack_ssh_public_key: "openshift" +openstack_keypair_name: "openshift" openstack_external_network_name: "public" #openstack_private_network_name: "openshift-ansible-{{ stack_name }}-net" # # A dedicated Neutron network name for containers data network diff --git a/roles/openshift_openstack/defaults/main.yml b/roles/openshift_openstack/defaults/main.yml index d1408abf0..aa03c088e 100644 --- a/roles/openshift_openstack/defaults/main.yml +++ b/roles/openshift_openstack/defaults/main.yml @@ -1,5 +1,4 @@ --- - stack_state: 'present' ssh_ingress_cidr: 0.0.0.0/0 @@ -7,18 +6,13 @@ node_ingress_cidr: 0.0.0.0/0 master_ingress_cidr: 0.0.0.0/0 lb_ingress_cidr: 0.0.0.0/0 bastion_ingress_cidr: 0.0.0.0/0 -num_etcd: 0 -num_masters: 1 -num_nodes: 1 -num_dns: 1 -num_infra: 1 -nodes_to_remove: [] -etcd_volume_size: 2 -dns_volume_size: 1 -lb_volume_size: 5 -use_bastion: False -ui_ssh_tunnel: False -provider_network: False +openstack_num_etcd: 0 +openstack_num_masters: 1 +openstack_num_nodes: 1 +openstack_num_dns: 0 +openstack_num_infra: 1 +openstack_dns_nameservers: [] +openstack_nodes_to_remove: [] openshift_cluster_node_labels: @@ -61,48 +55,41 @@ openshift_app_domain: "apps" # heat vars stack_name: "{{ env_id }}.{{ public_dns_domain }}" -dns_domain: "{{ public_dns_domain }}" -dns_nameservers: "{{ public_dns_nameservers }}" -subnet_prefix: "{{ openstack_subnet_prefix }}" -master_hostname: "{{ openstack_master_hostname | default('master') }}" -infra_hostname: "{{ openstack_infra_hostname | default('infra-node') }}" -node_hostname: "{{ openstack_node_hostname | default('app-node') }}" -lb_hostname: "{{ openstack_lb_hostname | default('lb') }}" -etcd_hostname: "{{ openstack_etcd_hostname | default('etcd') }}" -dns_hostname: "{{ openstack_dns_hostname | default('dns') }}" -ssh_public_key: "{{ openstack_ssh_public_key }}" -openstack_image: "{{ openstack_default_image_name }}" -lb_flavor: "{{ openstack_lb_flavor | default(openstack_default_flavor) }}" -etcd_flavor: "{{ openstack_etcd_flavor | default(openstack_default_flavor) }}" -master_flavor: "{{ openstack_master_flavor | default(openstack_default_flavor) }}" -node_flavor: "{{ openstack_node_flavor | default(openstack_default_flavor) }}" -infra_flavor: "{{ openstack_infra_flavor | default(openstack_default_flavor) }}" -dns_flavor: "{{ openstack_dns_flavor | default(openstack_default_flavor) }}" -openstack_master_image: "{{ openstack_master_image_name | default(openstack_default_image_name) }}" -openstack_infra_image: "{{ openstack_infra_image_name | default(openstack_default_image_name) }}" -openstack_node_image: "{{ openstack_node_image_name | default(openstack_default_image_name) }}" -openstack_lb_image: "{{ openstack_lb_image_name | default(openstack_default_image_name) }}" -openstack_etcd_image: "{{ openstack_etcd_image_name | default(openstack_default_image_name) }}" -openstack_dns_image: "{{ openstack_dns_image_name | default(openstack_default_image_name) }}" +openstack_subnet_prefix: "192.168.99" +openstack_master_hostname: master +openstack_infra_hostname: infra-node +openstack_node_hostname: app-node +openstack_lb_hostname: lb +openstack_etcd_hostname: etcd +openstack_dns_hostname: dns +openstack_keypair_name: openshift +openstack_lb_flavor: "{{ openstack_default_flavor }}" +openstack_etcd_flavor: "{{ openstack_default_flavor }}" +openstack_master_flavor: "{{ openstack_default_flavor }}" +openstack_node_flavor: "{{ openstack_default_flavor }}" +openstack_infra_flavor: "{{ openstack_default_flavor }}" +openstack_dns_flavor: "{{ openstack_default_flavor }}" +openstack_master_image: "{{ openstack_default_image_name }}" +openstack_infra_image: "{{ openstack_default_image_name }}" +openstack_node_image: "{{ openstack_default_image_name }}" +openstack_lb_image: "{{ openstack_default_image_name }}" +openstack_etcd_image: "{{ openstack_default_image_name }}" +openstack_dns_image: "{{ openstack_default_image_name }}" +openstack_provider_network_name: False +openstack_external_network_name: False openstack_private_network: >- {% if openstack_provider_network_name | default(None) -%} {{ openstack_provider_network_name }} {%- else -%} {{ openstack_private_network_name | default ('openshift-ansible-' + stack_name + '-net') }} {%- endif -%} -provider_network: "{{ openstack_provider_network_name | default(None) }}" -external_network: "{{ openstack_external_network_name | default(None) }}" -num_etcd: "{{ openstack_num_etcd | default(0) }}" -num_masters: "{{ openstack_num_masters }}" -num_nodes: "{{ openstack_num_nodes }}" -num_infra: "{{ openstack_num_infra }}" -num_dns: "{{ openstack_num_dns | default(1) }}" -master_server_group_policies: "{{ openstack_master_server_group_policies | default([]) | to_yaml }}" -infra_server_group_policies: "{{ openstack_infra_server_group_policies | default([]) | to_yaml }}" -master_volume_size: "{{ docker_master_volume_size | default(docker_volume_size) }}" -infra_volume_size: "{{ docker_infra_volume_size | default(docker_volume_size) }}" -node_volume_size: "{{ docker_node_volume_size | default(docker_volume_size) }}" -etcd_volume_size: "{{ docker_etcd_volume_size | default('2') }}" -dns_volume_size: "{{ docker_dns_volume_size | default('1') }}" -lb_volume_size: "{{ docker_lb_volume_size | default('5') }}" -nodes_to_remove: "{{ openstack_nodes_to_remove | default([]) | to_yaml }}" +openstack_master_server_group_policies: [] +openstack_infra_server_group_policies: [] +openstack_master_volume_size: "{{ docker_volume_size }}" +openstack_infra_volume_size: "{{ docker_volume_size }}" +openstack_node_volume_size: "{{ docker_volume_size }}" +openstack_etcd_volume_size: 2 +openstack_dns_volume_size: 1 +openstack_lb_volume_size: 5 +openstack_use_bastion: false +openshift_ui_ssh_tunnel: false diff --git a/roles/openshift_openstack/tasks/check-prerequisites.yml b/roles/openshift_openstack/tasks/check-prerequisites.yml index 4d7cfbf11..13000e31f 100644 --- a/roles/openshift_openstack/tasks/check-prerequisites.yml +++ b/roles/openshift_openstack/tasks/check-prerequisites.yml @@ -76,13 +76,13 @@ - name: Try to show keypair command: > python -c 'import shade; cloud = shade.openstack_cloud(); - exit(cloud.get_keypair("{{ openstack_ssh_public_key }}") is None)' + exit(cloud.get_keypair("{{ openstack_keypair_name }}") is None)' ignore_errors: yes register: key_result - name: Check that keypair is available assert: that: 'key_result.rc == 0' - msg: "Keypair {{ openstack_ssh_public_key }} is not available" + msg: "Keypair {{ openstack_keypair_name }} is not available" # Check that custom images are available - include: custom_image_check.yaml diff --git a/roles/openshift_openstack/tasks/generate-templates.yml b/roles/openshift_openstack/tasks/generate-templates.yml index 0ff50a095..3a8b588e9 100644 --- a/roles/openshift_openstack/tasks/generate-templates.yml +++ b/roles/openshift_openstack/tasks/generate-templates.yml @@ -10,6 +10,9 @@ stack_template_path: "{{ stack_template_pre.path }}/stack.yaml" user_data_template_path: "{{ stack_template_pre.path }}/user-data" +- name: Print out the Heat template directory + debug: var=stack_template_pre + - name: generate HOT stack template from jinja2 template template: src: heat_stack.yaml.j2 diff --git a/roles/openshift_openstack/tasks/hostname.yml b/roles/openshift_openstack/tasks/hostname.yml index 0fc8fbc4c..9815d0e80 100644 --- a/roles/openshift_openstack/tasks/hostname.yml +++ b/roles/openshift_openstack/tasks/hostname.yml @@ -1,33 +1,26 @@ --- -- name: "Verify hostname" - command: hostnamectl status --static - register: hostname_fqdn +- name: Setting Hostname Fact + set_fact: + new_hostname: "{{ custom_hostname | default(inventory_hostname_short) }}" -- name: "Set hostname if required" - when: hostname_fqdn.stdout != ansible_fqdn - block: - - name: Setting Hostname Fact - set_fact: - new_hostname: "{{ custom_hostname | default(inventory_hostname_short) }}" +- name: Setting FQDN Fact + set_fact: + new_fqdn: "{{ new_hostname }}.{{ full_dns_domain }}" - - name: Setting FQDN Fact - set_fact: - new_fqdn: "{{ new_hostname }}.{{ full_dns_domain }}" +- name: Setting hostname and DNS domain + hostname: name="{{ new_fqdn }}" - - name: Setting hostname and DNS domain - hostname: name="{{ new_fqdn }}" +- name: Check for cloud.cfg + stat: path=/etc/cloud/cloud.cfg + register: cloud_cfg - - name: Check for cloud.cfg - stat: path=/etc/cloud/cloud.cfg - register: cloud_cfg - - - name: Prevent cloud-init updates of hostname/fqdn (if applicable) - lineinfile: - dest: /etc/cloud/cloud.cfg - state: present - regexp: "{{ item.regexp }}" - line: "{{ item.line }}" - with_items: - - { regexp: '^ - set_hostname', line: '# - set_hostname' } - - { regexp: '^ - update_hostname', line: '# - update_hostname' } - when: cloud_cfg.stat.exists == True +- name: Prevent cloud-init updates of hostname/fqdn (if applicable) + lineinfile: + dest: /etc/cloud/cloud.cfg + state: present + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + with_items: + - { regexp: '^ - set_hostname', line: '# - set_hostname' } + - { regexp: '^ - update_hostname', line: '# - update_hostname' } + when: cloud_cfg.stat.exists == True diff --git a/roles/openshift_openstack/tasks/populate-dns.yml b/roles/openshift_openstack/tasks/populate-dns.yml index c8243dc1f..669b65a01 100644 --- a/roles/openshift_openstack/tasks/populate-dns.yml +++ b/roles/openshift_openstack/tasks/populate-dns.yml @@ -1,37 +1,26 @@ -# TODO: use nsupdate to populate the DNS servers using the keys -# specified in the inventory. - -# this is an optional step -- the deployers may do whatever else they -# wish here. - - -# TODO: build records -# TODO: run nsupdate - - - name: "Generate list of private A records" set_fact: - private_records: "{{ [ { 'type': 'A', 'hostname': hostvars[item]['ansible_hostname'], 'ip': hostvars[item]['private_v4'] } ] }}" + private_records: "{{ private_records | default([]) + [ { 'type': 'A', 'hostname': hostvars[item]['ansible_hostname'], 'ip': hostvars[item]['private_v4'] } ] }}" with_items: "{{ groups['cluster_hosts'] }}" -# - name: "Add wildcard records to the private A records for infrahosts" -# set_fact: -# private_records: "{{ private_records | default([]) + [ { 'type': 'A', 'hostname': '*.' + openshift_app_domain, 'ip': hostvars[item]['private_v4'] } ] }}" -# with_items: "{{ groups['infra_hosts'] }}" - -# - name: "Add public master cluster hostname records to the private A records (single master)" -# set_fact: -# private_records: "{{ private_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(full_dns_domain, ''))[:-1], 'ip': hostvars[groups.masters[0]].private_v4 } ] }}" -# when: -# - hostvars[groups.masters[0]].openshift_master_cluster_public_hostname is defined -# - openstack_num_masters == 1 - -# - name: "Add public master cluster hostname records to the private A records (multi-master)" -# set_fact: -# private_records: "{{ private_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(full_dns_domain, ''))[:-1], 'ip': hostvars[groups.lb[0]].private_v4 } ] }}" -# when: -# - hostvars[groups.masters[0]].openshift_master_cluster_public_hostname is defined -# - openstack_num_masters > 1 +- name: "Add wildcard records to the private A records for infrahosts" + set_fact: + private_records: "{{ private_records | default([]) + [ { 'type': 'A', 'hostname': '*.' + openshift_app_domain, 'ip': hostvars[item]['private_v4'] } ] }}" + with_items: "{{ groups['infra_hosts'] }}" + +- name: "Add public master cluster hostname records to the private A records (single master)" + set_fact: + private_records: "{{ private_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(full_dns_domain, ''))[:-1], 'ip': hostvars[groups.masters[0]].private_v4 } ] }}" + when: + - hostvars[groups.masters[0]].openshift_master_cluster_public_hostname is defined + - openstack_num_masters == 1 + +- name: "Add public master cluster hostname records to the private A records (multi-master)" + set_fact: + private_records: "{{ private_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(full_dns_domain, ''))[:-1], 'ip': hostvars[groups.lb[0]].private_v4 } ] }}" + when: + - hostvars[groups.masters[0]].openshift_master_cluster_public_hostname is defined + - openstack_num_masters > 1 - name: "Set the private DNS server to use the external value (if provided)" set_fact: @@ -55,102 +44,67 @@ key_algorithm: "{{ nsupdate_key_algorithm_private | lower }}" entries: "{{ private_records }}" -# - name: "Generate list of public A records" -# set_fact: -# public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': hostvars[item]['ansible_hostname'], 'ip': hostvars[item]['public_v4'] } ] }}" -# with_items: "{{ groups['cluster_hosts'] }}" -# when: hostvars[item]['public_v4'] is defined - -# - name: "Add wildcard records to the public A records" -# set_fact: -# public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': '*.' + openshift_app_domain, 'ip': hostvars[item]['public_v4'] } ] }}" -# with_items: "{{ groups['infra_hosts'] }}" -# when: hostvars[item]['public_v4'] is defined - -# - name: "Add public master cluster hostname records to the public A records (single master)" -# set_fact: -# public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(full_dns_domain, ''))[:-1], 'ip': hostvars[groups.masters[0]].public_v4 } ] }}" -# when: -# - hostvars[groups.masters[0]].openshift_master_cluster_public_hostname is defined -# - openstack_num_masters == 1 -# - not use_bastion|bool - -# - name: "Add public master cluster hostname records to the public A records (single master behind a bastion)" -# set_fact: -# public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(full_dns_domain, ''))[:-1], 'ip': hostvars[groups.bastions[0]].public_v4 } ] }}" -# when: -# - hostvars[groups.masters[0]].openshift_master_cluster_public_hostname is defined -# - openstack_num_masters == 1 -# - use_bastion|bool - -# - name: "Add public master cluster hostname records to the public A records (multi-master)" -# set_fact: -# public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(full_dns_domain, ''))[:-1], 'ip': hostvars[groups.lb[0]].public_v4 } ] }}" -# when: -# - hostvars[groups.masters[0]].openshift_master_cluster_public_hostname is defined -# - openstack_num_masters > 1 - -# - name: "Set the public DNS server details to use the external value (if provided)" -# set_fact: -# nsupdate_server_public: "{{ external_nsupdate_keys['public']['server'] }}" -# nsupdate_key_secret_public: "{{ external_nsupdate_keys['public']['key_secret'] }}" -# nsupdate_key_algorithm_public: "{{ external_nsupdate_keys['public']['key_algorithm'] }}" -# nsupdate_public_key_name: "{{ external_nsupdate_keys['public']['key_name']|default('public-' + full_dns_domain) }}" -# when: -# - external_nsupdate_keys is defined -# - external_nsupdate_keys['public'] is defined - -# - name: "Set the public DNS server details to use the provisioned value" -# set_fact: -# nsupdate_server_public: "{{ hostvars[groups['dns'][0]].public_v4 }}" -# nsupdate_key_secret_public: "{{ hostvars[groups['dns'][0]].nsupdate_keys['public-' + full_dns_domain].key_secret }}" -# nsupdate_key_algorithm_public: "{{ hostvars[groups['dns'][0]].nsupdate_keys['public-' + full_dns_domain].key_algorithm }}" -# when: -# - nsupdate_server_public is undefined - -# - name: "Generate the public Add section for DNS" -# set_fact: -# public_named_records: -# - view: "public" -# zone: "{{ full_dns_domain }}" -# server: "{{ nsupdate_server_public }}" -# key_name: "{{ nsupdate_public_key_name|default('public-' + full_dns_domain) }}" -# key_secret: "{{ nsupdate_key_secret_public }}" -# key_algorithm: "{{ nsupdate_key_algorithm_public | lower }}" -# entries: "{{ public_records }}" - +- name: "Generate list of public A records" + set_fact: + public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': hostvars[item]['ansible_hostname'], 'ip': hostvars[item]['public_v4'] } ] }}" + with_items: "{{ groups['cluster_hosts'] }}" + when: hostvars[item]['public_v4'] is defined +- name: "Add wildcard records to the public A records" + set_fact: + public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': '*.' + openshift_app_domain, 'ip': hostvars[item]['public_v4'] } ] }}" + with_items: "{{ groups['infra_hosts'] }}" + when: hostvars[item]['public_v4'] is defined +- name: "Add public master cluster hostname records to the public A records (single master)" + set_fact: + public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(full_dns_domain, ''))[:-1], 'ip': hostvars[groups.masters[0]].public_v4 } ] }}" + when: + - hostvars[groups.masters[0]].openshift_master_cluster_public_hostname is defined + - openstack_num_masters == 1 + - not openstack_use_bastion|bool +- name: "Add public master cluster hostname records to the public A records (single master behind a bastion)" + set_fact: + public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(full_dns_domain, ''))[:-1], 'ip': hostvars[groups.bastions[0]].public_v4 } ] }}" + when: + - hostvars[groups.masters[0]].openshift_master_cluster_public_hostname is defined + - openstack_num_masters == 1 + - openstack_use_bastion|bool +- name: "Add public master cluster hostname records to the public A records (multi-master)" + set_fact: + public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(full_dns_domain, ''))[:-1], 'ip': hostvars[groups.lb[0]].public_v4 } ] }}" + when: + - hostvars[groups.masters[0]].openshift_master_cluster_public_hostname is defined + - openstack_num_masters > 1 -- name: "Generate the final dns_records_add" +- name: "Set the public DNS server details to use the external value (if provided)" set_fact: - # TODO(shadower): enable this when we add public records - #dns_records_add: "{{ private_named_records + public_named_records }}" - dns_records_add: "{{ private_named_records }}" + nsupdate_server_public: "{{ external_nsupdate_keys['public']['server'] }}" + nsupdate_key_secret_public: "{{ external_nsupdate_keys['public']['key_secret'] }}" + nsupdate_key_algorithm_public: "{{ external_nsupdate_keys['public']['key_algorithm'] }}" + nsupdate_public_key_name: "{{ external_nsupdate_keys['public']['key_name']|default('public-' + full_dns_domain) }}" + when: + - external_nsupdate_keys is defined + - external_nsupdate_keys['public'] is defined +- name: "Generate the public Add section for DNS" + set_fact: + public_named_records: + - view: "public" + zone: "{{ full_dns_domain }}" + server: "{{ nsupdate_server_public }}" + key_name: "{{ nsupdate_public_key_name|default('public-' + full_dns_domain) }}" + key_secret: "{{ nsupdate_key_secret_public }}" + key_algorithm: "{{ nsupdate_key_algorithm_public | lower }}" + entries: "{{ public_records }}" -# RUN NSUPDATE +- name: "Generate the final dns_records_add" + set_fact: + dns_records_add: "{{ private_named_records + public_named_records }}" -- name: "Remove any deleted DNS A records" - nsupdate: - key_name: "{{ item.0.key_name }}" - key_secret: "{{ item.0.key_secret }}" - key_algorithm: "{{ item.0.key_algorithm }}" - server: "{{ item.0.server }}" - zone: "{{ item.0.zone }}" - record: "{{ item.1.hostname }}" - type: "{{ item.1.type }}" - state: absent - with_subelements: - - "{{ dns_records_rm | default({}) }}" - - entries - register: nsupdate_remove_result - until: nsupdate_remove_result|succeeded - retries: 10 - delay: 1 - name: "Add DNS A records" nsupdate: @@ -162,6 +116,7 @@ record: "{{ item.1.hostname }}" value: "{{ item.1.ip }}" type: "{{ item.1.type }}" + # TODO(shadower): add a cleanup playbook that removes these records, too! state: present with_subelements: - "{{ dns_records_add | default({}) }}" diff --git a/roles/openshift_openstack/tasks/provision.yml b/roles/openshift_openstack/tasks/provision.yml index 8ebda8100..e693f535a 100644 --- a/roles/openshift_openstack/tasks/provision.yml +++ b/roles/openshift_openstack/tasks/provision.yml @@ -16,11 +16,6 @@ - name: Add the new nodes to the inventory meta: refresh_inventory -- name: Populate DNS entries - include: populate-dns.yml - when: - - stack_state == 'present' - - name: CleanUp include: cleanup.yml when: diff --git a/roles/openshift_openstack/templates/heat_stack.yaml.j2 b/roles/openshift_openstack/templates/heat_stack.yaml.j2 index 2359842a5..28634f9a4 100644 --- a/roles/openshift_openstack/templates/heat_stack.yaml.j2 +++ b/roles/openshift_openstack/templates/heat_stack.yaml.j2 @@ -54,7 +54,7 @@ outputs: description: Floating IPs of the nodes value: { get_attr: [ infra_nodes, floating_ip ] } -{% if num_dns|int > 0 %} +{% if openstack_num_dns|int > 0 %} dns_name: description: Name of the DNS value: @@ -72,11 +72,11 @@ outputs: {% endif %} conditions: - no_floating: {% if provider_network or use_bastion|bool %}true{% else %}false{% endif %} + no_floating: {% if openstack_provider_network_name or openstack_use_bastion|bool %}true{% else %}false{% endif %} resources: -{% if not provider_network %} +{% if not openstack_provider_network_name %} net: type: OS::Neutron::Net properties: @@ -99,20 +99,20 @@ resources: str_replace: template: subnet_24_prefix.0/24 params: - subnet_24_prefix: {{ subnet_prefix }} + subnet_24_prefix: {{ openstack_subnet_prefix }} allocation_pools: - start: str_replace: template: subnet_24_prefix.3 params: - subnet_24_prefix: {{ subnet_prefix }} + subnet_24_prefix: {{ openstack_subnet_prefix }} end: str_replace: template: subnet_24_prefix.254 params: - subnet_24_prefix: {{ subnet_prefix }} + subnet_24_prefix: {{ openstack_subnet_prefix }} dns_nameservers: -{% for nameserver in dns_nameservers %} +{% for nameserver in openstack_dns_nameservers %} - {{ nameserver }} {% endfor %} @@ -141,7 +141,7 @@ resources: params: cluster_id: {{ stack_name }} external_gateway_info: - network: {{ external_network }} + network: {{ openstack_external_network_name }} interface: type: OS::Neutron::RouterInterface @@ -159,7 +159,7 @@ resources: # template: openshift-ansible-cluster_id-keypair # params: # cluster_id: {{ stack_name }} -# public_key: {{ ssh_public_key }} +# public_key: {{ openstack_keypair_name }} common-secgrp: type: OS::Neutron::SecurityGroup @@ -180,7 +180,7 @@ resources: port_range_min: 22 port_range_max: 22 remote_ip_prefix: {{ ssh_ingress_cidr }} -{% if use_bastion|bool %} +{% if openstack_use_bastion|bool %} - direction: ingress protocol: tcp port_range_min: 22 @@ -443,7 +443,7 @@ resources: port_range_min: 443 port_range_max: 443 -{% if num_dns|int > 0 %} +{% if openstack_num_dns|int > 0 %} dns-secgrp: type: OS::Neutron::SecurityGroup properties: @@ -480,7 +480,7 @@ resources: remote_ip_prefix: "{{ openstack_subnet_prefix }}.0/24" {% endif %} -{% if num_masters|int > 1 or ui_ssh_tunnel|bool %} +{% if openstack_num_masters|int > 1 or openshift_ui_ssh_tunnel|bool %} lb-secgrp: type: OS::Neutron::SecurityGroup properties: @@ -492,7 +492,7 @@ resources: port_range_min: {{ openshift_master_api_port | default(8443) }} port_range_max: {{ openshift_master_api_port | default(8443) }} remote_ip_prefix: {{ lb_ingress_cidr | default(bastion_ingress_cidr) }} -{% if ui_ssh_tunnel|bool %} +{% if openshift_ui_ssh_tunnel|bool %} - direction: ingress protocol: tcp port_range_min: {{ openshift_master_api_port | default(8443) }} @@ -511,7 +511,7 @@ resources: etcd: type: OS::Heat::ResourceGroup properties: - count: {{ num_etcd }} + count: {{ openstack_num_etcd }} resource_def: type: server.yaml properties: @@ -520,7 +520,7 @@ resources: template: k8s_type-%index%.cluster_id params: cluster_id: {{ stack_name }} - k8s_type: {{ etcd_hostname | default('etcd') }} + k8s_type: {{ openstack_etcd_hostname }} cluster_env: {{ public_dns_domain }} cluster_id: {{ stack_name }} group: @@ -530,12 +530,12 @@ resources: k8s_type: etcds cluster_id: {{ stack_name }} type: etcd - image: {{ openstack_etcd_image | default(openstack_image) }} - flavor: {{ etcd_flavor }} - key_name: {{ ssh_public_key }} -{% if provider_network %} - net: {{ provider_network }} - net_name: {{ provider_network }} + image: {{ openstack_etcd_image }} + flavor: {{ openstack_etcd_flavor }} + key_name: {{ openstack_keypair_name }} +{% if openstack_provider_network_name %} + net: {{ openstack_provider_network_name }} + net_name: {{ openstack_provider_network_name }} {% else %} net: { get_resource: net } subnet: { get_resource: subnet } @@ -552,31 +552,31 @@ resources: if: - no_floating - null - - {{ external_network }} -{% if use_bastion|bool or provider_network %} + - {{ openstack_external_network_name }} +{% if openstack_use_bastion|bool or openstack_provider_network_name %} attach_float_net: false {% endif %} - volume_size: {{ etcd_volume_size }} -{% if not provider_network %} + volume_size: {{ openstack_etcd_volume_size }} +{% if not openstack_provider_network_name %} depends_on: - interface {% endif %} -{% if master_server_group_policies|length > 0 %} +{% if openstack_master_server_group_policies|length > 0 %} master_server_group: type: OS::Nova::ServerGroup properties: name: master_server_group - policies: {{ master_server_group_policies }} + policies: {{ openstack_master_server_group_policies }} {% endif %} -{% if infra_server_group_policies|length > 0 %} +{% if openstack_infra_server_group_policies|length > 0 %} infra_server_group: type: OS::Nova::ServerGroup properties: name: infra_server_group - policies: {{ infra_server_group_policies }} + policies: {{ openstack_infra_server_group_policies }} {% endif %} -{% if num_masters|int > 1 %} +{% if openstack_num_masters|int > 1 %} loadbalancer: type: OS::Heat::ResourceGroup properties: @@ -589,7 +589,7 @@ resources: template: k8s_type-%index%.cluster_id params: cluster_id: {{ stack_name }} - k8s_type: {{ lb_hostname | default('lb') }} + k8s_type: {{ openstack_lb_hostname }} cluster_env: {{ public_dns_domain }} cluster_id: {{ stack_name }} group: @@ -599,12 +599,12 @@ resources: k8s_type: lb cluster_id: {{ stack_name }} type: lb - image: {{ openstack_lb_image | default(openstack_image) }} - flavor: {{ lb_flavor }} - key_name: {{ ssh_public_key }} -{% if provider_network %} - net: {{ provider_network }} - net_name: {{ provider_network }} + image: {{ openstack_lb_image }} + flavor: {{ openstack_lb_flavor }} + key_name: {{ openstack_keypair_name }} +{% if openstack_provider_network_name %} + net: {{ openstack_provider_network_name }} + net_name: {{ openstack_provider_network_name }} {% else %} net: { get_resource: net } subnet: { get_resource: subnet } @@ -617,11 +617,11 @@ resources: secgrp: - { get_resource: lb-secgrp } - { get_resource: common-secgrp } -{% if not provider_network %} - floating_network: {{ external_network }} +{% if not openstack_provider_network_name %} + floating_network: {{ openstack_external_network_name }} {% endif %} - volume_size: {{ lb_volume_size }} -{% if not provider_network %} + volume_size: {{ openstack_lb_volume_size }} +{% if not openstack_provider_network_name %} depends_on: - interface {% endif %} @@ -630,7 +630,7 @@ resources: masters: type: OS::Heat::ResourceGroup properties: - count: {{ num_masters }} + count: {{ openstack_num_masters }} resource_def: type: server.yaml properties: @@ -639,7 +639,7 @@ resources: template: k8s_type-%index%.cluster_id params: cluster_id: {{ stack_name }} - k8s_type: {{ master_hostname | default('master')}} + k8s_type: {{ openstack_master_hostname }} cluster_env: {{ public_dns_domain }} cluster_id: {{ stack_name }} group: @@ -649,12 +649,12 @@ resources: k8s_type: masters cluster_id: {{ stack_name }} type: master - image: {{ openstack_master_image | default(openstack_image) }} - flavor: {{ master_flavor }} - key_name: {{ ssh_public_key }} -{% if provider_network %} - net: {{ provider_network }} - net_name: {{ provider_network }} + image: {{ openstack_master_image }} + flavor: {{ openstack_master_flavor }} + key_name: {{ openstack_keypair_name }} +{% if openstack_provider_network_name %} + net: {{ openstack_provider_network_name }} + net_name: {{ openstack_provider_network_name }} {% else %} net: { get_resource: net } subnet: { get_resource: subnet } @@ -675,7 +675,7 @@ resources: {% else %} - { get_resource: master-secgrp } - { get_resource: node-secgrp } -{% if num_etcd|int == 0 %} +{% if openstack_num_etcd|int == 0 %} - { get_resource: etcd-secgrp } {% endif %} {% endif %} @@ -684,16 +684,16 @@ resources: if: - no_floating - null - - {{ external_network }} -{% if use_bastion|bool or provider_network %} + - {{ openstack_external_network_name }} +{% if openstack_use_bastion|bool or openstack_provider_network_name %} attach_float_net: false {% endif %} - volume_size: {{ master_volume_size }} -{% if master_server_group_policies|length > 0 %} + volume_size: {{ openstack_master_volume_size }} +{% if openstack_master_server_group_policies|length > 0 %} scheduler_hints: group: { get_resource: master_server_group } {% endif %} -{% if not provider_network %} +{% if not openstack_provider_network_name %} depends_on: - interface {% endif %} @@ -701,9 +701,9 @@ resources: compute_nodes: type: OS::Heat::ResourceGroup properties: - count: {{ num_nodes }} + count: {{ openstack_num_nodes }} removal_policies: - - resource_list: {{ nodes_to_remove }} + - resource_list: {{ openstack_nodes_to_remove }} resource_def: type: server.yaml properties: @@ -712,7 +712,7 @@ resources: template: sub_type_k8s_type-%index%.cluster_id params: cluster_id: {{ stack_name }} - sub_type_k8s_type: {{ node_hostname | default('app-node') }} + sub_type_k8s_type: {{ openstack_node_hostname }} cluster_env: {{ public_dns_domain }} cluster_id: {{ stack_name }} group: @@ -727,12 +727,12 @@ resources: {% for k, v in openshift_cluster_node_labels.app.iteritems() %} {{ k|e }}: {{ v|e }} {% endfor %} - image: {{ openstack_node_image | default(openstack_image) }} - flavor: {{ node_flavor }} - key_name: {{ ssh_public_key }} -{% if provider_network %} - net: {{ provider_network }} - net_name: {{ provider_network }} + image: {{ openstack_node_image }} + flavor: {{ openstack_node_flavor }} + key_name: {{ openstack_keypair_name }} +{% if openstack_provider_network_name %} + net: {{ openstack_provider_network_name }} + net_name: {{ openstack_provider_network_name }} {% else %} net: { get_resource: net } subnet: { get_resource: subnet } @@ -754,12 +754,12 @@ resources: if: - no_floating - null - - {{ external_network }} -{% if use_bastion|bool or provider_network %} + - {{ openstack_external_network_name }} +{% if openstack_use_bastion|bool or openstack_provider_network_name %} attach_float_net: false {% endif %} - volume_size: {{ node_volume_size }} -{% if not provider_network %} + volume_size: {{ openstack_node_volume_size }} +{% if not openstack_provider_network_name %} depends_on: - interface {% endif %} @@ -767,7 +767,7 @@ resources: infra_nodes: type: OS::Heat::ResourceGroup properties: - count: {{ num_infra }} + count: {{ openstack_num_infra }} resource_def: type: server.yaml properties: @@ -776,7 +776,7 @@ resources: template: sub_type_k8s_type-%index%.cluster_id params: cluster_id: {{ stack_name }} - sub_type_k8s_type: {{ infra_hostname | default('infranode') }} + sub_type_k8s_type: {{ openstack_infra_hostname }} cluster_env: {{ public_dns_domain }} cluster_id: {{ stack_name }} group: @@ -791,12 +791,12 @@ resources: {% for k, v in openshift_cluster_node_labels.infra.iteritems() %} {{ k|e }}: {{ v|e }} {% endfor %} - image: {{ openstack_infra_image | default(openstack_image) }} - flavor: {{ infra_flavor }} - key_name: {{ ssh_public_key }} -{% if provider_network %} - net: {{ provider_network }} - net_name: {{ provider_network }} + image: {{ openstack_infra_image }} + flavor: {{ openstack_infra_flavor }} + key_name: {{ openstack_keypair_name }} +{% if openstack_provider_network_name %} + net: {{ openstack_provider_network_name }} + net_name: {{ openstack_provider_network_name }} {% else %} net: { get_resource: net } subnet: { get_resource: subnet } @@ -818,29 +818,29 @@ resources: {% else %} - { get_resource: node-secgrp } {% endif %} -{% if ui_ssh_tunnel|bool and num_masters|int < 2 %} +{% if openshift_ui_ssh_tunnel|bool and openstack_num_masters|int < 2 %} - { get_resource: lb-secgrp } {% endif %} - { get_resource: infra-secgrp } - { get_resource: common-secgrp } -{% if not provider_network %} - floating_network: {{ external_network }} +{% if not openstack_provider_network_name %} + floating_network: {{ openstack_external_network_name }} {% endif %} - volume_size: {{ infra_volume_size }} -{% if infra_server_group_policies|length > 0 %} + volume_size: {{ openstack_infra_volume_size }} +{% if openstack_infra_server_group_policies|length > 0 %} scheduler_hints: group: { get_resource: infra_server_group } {% endif %} -{% if not provider_network %} +{% if not openstack_provider_network_name %} depends_on: - interface {% endif %} -{% if num_dns|int > 0 %} +{% if openstack_num_dns|int > 0 %} dns: type: OS::Heat::ResourceGroup properties: - count: {{ num_dns }} + count: {{ openstack_num_dns }} resource_def: type: server.yaml properties: @@ -849,7 +849,7 @@ resources: template: k8s_type-%index%.cluster_id params: cluster_id: {{ stack_name }} - k8s_type: {{ dns_hostname | default('dns') }} + k8s_type: {{ openstack_dns_hostname }} cluster_env: {{ public_dns_domain }} cluster_id: {{ stack_name }} group: @@ -859,12 +859,12 @@ resources: k8s_type: dns cluster_id: {{ stack_name }} type: dns - image: {{ openstack_dns_image | default(openstack_image) }} - flavor: {{ dns_flavor }} - key_name: {{ ssh_public_key }} -{% if provider_network %} - net: {{ provider_network }} - net_name: {{ provider_network }} + image: {{ openstack_dns_image }} + flavor: {{ openstack_dns_flavor }} + key_name: {{ openstack_keypair_name }} +{% if openstack_provider_network_name %} + net: {{ openstack_provider_network_name }} + net_name: {{ openstack_provider_network_name }} {% else %} net: { get_resource: net } subnet: { get_resource: subnet } @@ -877,11 +877,11 @@ resources: secgrp: - { get_resource: dns-secgrp } - { get_resource: common-secgrp } -{% if not provider_network %} - floating_network: {{ external_network }} +{% if not openstack_provider_network_name %} + floating_network: {{ openstack_external_network_name }} {% endif %} - volume_size: {{ dns_volume_size }} -{% if not provider_network %} + volume_size: {{ openstack_dns_volume_size }} +{% if not openstack_provider_network_name %} depends_on: - interface {% endif %} diff --git a/roles/openshift_openstack/templates/heat_stack_server.yaml.j2 b/roles/openshift_openstack/templates/heat_stack_server.yaml.j2 index 9ffe721a5..160345baf 100644 --- a/roles/openshift_openstack/templates/heat_stack_server.yaml.j2 +++ b/roles/openshift_openstack/templates/heat_stack_server.yaml.j2 @@ -61,7 +61,7 @@ parameters: label: Net name description: Net name -{% if not provider_network %} +{% if not openstack_provider_network_name %} subnet: type: string label: Subnet ID @@ -81,7 +81,7 @@ parameters: label: Net ID description: Net resource -{% if not provider_network %} +{% if not openstack_provider_network_name %} data_subnet: type: string default: '' @@ -102,7 +102,7 @@ parameters: label: Attach-float-net description: A switch for floating network port connection -{% if not provider_network %} +{% if not openstack_provider_network_name %} floating_network: type: string default: '' @@ -156,7 +156,7 @@ outputs: - server - addresses - { get_param: net_name } -{% if provider_network %} +{% if openstack_provider_network_name %} - 0 {% else %} - 1 @@ -226,7 +226,7 @@ resources: type: OS::Neutron::Port properties: network: { get_param: net } -{% if not provider_network %} +{% if not openstack_provider_network_name %} fixed_ips: - subnet: { get_param: subnet } {% endif %} @@ -239,13 +239,13 @@ resources: properties: network: { get_param: data_net } port_security_enabled: false -{% if not provider_network %} +{% if not openstack_provider_network_name %} fixed_ips: - subnet: { get_param: data_subnet } {% endif %} {% endif %} -{% if not provider_network %} +{% if not openstack_provider_network_name %} floating-ip: condition: { not: no_floating } type: OS::Neutron::FloatingIP -- cgit v1.2.3 From b95170503613bb97c00175324b31ed91f6f41ea1 Mon Sep 17 00:00:00 2001 From: Tomas Sedovic Date: Thu, 2 Nov 2017 11:03:39 +0100 Subject: Namespace the OpenStack vars This makes sure that all the variables used in the `openshift_openstack` role are prefixed with `openshift_openstack_` as is the convention. --- playbooks/openstack/README.md | 12 +- playbooks/openstack/advanced-configuration.md | 80 ++--- .../openstack/openshift-cluster/provision.yml | 4 +- .../sample-inventory/group_vars/OSEv3.yml | 10 +- .../openstack/sample-inventory/group_vars/all.yml | 102 +++---- roles/openshift_openstack/defaults/main.yml | 132 ++++---- .../tasks/check-prerequisites.yml | 40 +-- roles/openshift_openstack/tasks/hostname.yml | 2 +- .../openshift_openstack/tasks/net_vars_check.yaml | 2 +- roles/openshift_openstack/tasks/node-packages.yml | 6 +- roles/openshift_openstack/tasks/populate-dns.yml | 66 ++-- roles/openshift_openstack/tasks/provision.yml | 8 +- .../templates/docker-storage-setup-dm.j2 | 8 +- .../templates/docker-storage-setup-overlayfs.j2 | 10 +- .../templates/heat_stack.yaml.j2 | 336 ++++++++++----------- .../templates/heat_stack_server.yaml.j2 | 16 +- 16 files changed, 418 insertions(+), 416 deletions(-) (limited to 'playbooks/openstack/openshift-cluster') diff --git a/playbooks/openstack/README.md b/playbooks/openstack/README.md index 99f4ab12f..f3fe13530 100644 --- a/playbooks/openstack/README.md +++ b/playbooks/openstack/README.md @@ -142,27 +142,27 @@ corresponding to your OpenStack installation. $ vi inventory/group_vars/all.yml ``` -1. Set the `openstack_keypair_name` to your OpenStack keypair name. +1. Set the `openshift_openstack_keypair_name` to your OpenStack keypair name. - See `openstack keypair list` to find the keypairs registered with OpenShift. - This must correspond to your private SSH key in `~/.ssh/id_rsa` -2. Set the `openstack_external_network_name` to the floating IP +2. Set the `openshift_openstack_external_network_name` to the floating IP network of your openstack. - See `openstack network list` for the list of networks. - It's often called `public`, `external` or `ext-net`. -3. Set the `openstack_default_image_name` to the image you want your +3. Set the `openshift_openstack_default_image_name` to the image you want your OpenShift VMs to run. - See `openstack image list` for the list of available images. -4. Set the `openstack_default_flavor` to the flavor you want your +4. Set the `openshift_openstack_default_flavor` to the flavor you want your OpenShift VMs to use. - See `openstack flavor list` for the list of available flavors. -5. Set the `openstack_dns_nameservers` to the list of the IP addresses +5. Set the `openshift_openstack_dns_nameservers` to the list of the IP addresses of the DNS servers used for the **private** address resolution. **NOTE ON DNS**: at minimum, the OpenShift nodes need to be able to access each other by their hostname. OpenStack doesn't provide this by default, so you need to provide a DNS server. Put the address of that DNS server in -`openstack_dns_nameservers` variable. +`openshift_openstack_dns_nameservers` variable. diff --git a/playbooks/openstack/advanced-configuration.md b/playbooks/openstack/advanced-configuration.md index 5ffec708a..90cc20b98 100644 --- a/playbooks/openstack/advanced-configuration.md +++ b/playbooks/openstack/advanced-configuration.md @@ -182,17 +182,17 @@ So the provisioned cluster nodes will start using those natively as default nameservers. Technically, this allows to deploy OpenShift clusters without dnsmasq proxies. -The `env_id` and `public_dns_domain` will form the cluster's DNS domain all +The `openshift_openstack_clusterid` and `openshift_openstack_public_dns_domain` will form the cluster's DNS domain all your servers will be under. With the default values, this will be `openshift.example.com`. For workloads, the default subdomain is 'apps'. -That sudomain can be set as well by the `openshift_app_domain` variable in +That sudomain can be set as well by the `openshift_openstack_app_subdomain` variable in the inventory. The `openstack__hostname` is a set of variables used for customising hostnames of servers with a given role. When such a variable stays commented, default hostname (usually the role name) is used. -The `openstack_dns_nameservers` is a list of DNS servers accessible from all +The `openshift_openstack_dns_nameservers` is a list of DNS servers accessible from all the created Nova servers. These will provide the internal name resolution for your OpenShift nodes (as well as upstream name resolution for installing packages, etc.). @@ -204,10 +204,10 @@ daemon that in turn proxies DNS requests to the authoritative DNS server. When Network Manager is enabled for provisioned cluster nodes, which is normally the case, you should not change the defaults and always deploy dnsmasq. -`external_nsupdate_keys` describes an external authoritative DNS server(s) +`openshift_openstack_external_nsupdate_keys` describes an external authoritative DNS server(s) processing dynamic records updates in the public and private cluster views: - external_nsupdate_keys: + openshift_openstack_external_nsupdate_keys: public: key_secret: key_algorithm: 'hmac-md5' @@ -227,7 +227,7 @@ another external DNS server. Another example defines an external DNS server for the public view additionally to the in-stack DNS server used for the private view only: - external_nsupdate_keys: + openshift_openstack_external_nsupdate_keys: public: key_secret: key_algorithm: 'hmac-sha256' @@ -264,51 +264,51 @@ step for flannel and docker iptables configuration: ## Other configuration variables -`openstack_keypair_name` is a Nova keypair - you can see your +`openshift_openstack_keypair_name` is a Nova keypair - you can see your keypairs with `openstack keypair list`. It must correspond to the private SSH key Ansible will use to log into the created VMs. This is `~/.ssh/id_rsa` by default, but you can use a different key by passing `--private-key` to `ansible-playbook`. -`openstack_default_image_name` is the default name of the Glance image the +`openshift_openstack_default_image_name` is the default name of the Glance image the servers will use. You can see your images with `openstack image list`. In order to set a different image for a role, uncomment the line with the -corresponding variable (e.g. `openstack_lb_image_name` for load balancer) and -set its value to another available image name. `openstack_default_image_name` +corresponding variable (e.g. `openshift_openstack_lb_image_name` for load balancer) and +set its value to another available image name. `openshift_openstack_default_image_name` must stay defined as it is used as a default value for the rest of the roles. -`openstack_default_flavor` is the default Nova flavor the servers will use. +`openshift_openstack_default_flavor` is the default Nova flavor the servers will use. You can see your flavors with `openstack flavor list`. In order to set a different flavor for a role, uncomment the line with the -corresponding variable (e.g. `openstack_lb_flavor` for load balancer) and -set its value to another available flavor. `openstack_default_flavor` must +corresponding variable (e.g. `openshift_openstack_lb_flavor` for load balancer) and +set its value to another available flavor. `openshift_openstack_default_flavor` must stay defined as it is used as a default value for the rest of the roles. -`openstack_external_network_name` is the name of the Neutron network +`openshift_openstack_external_network_name` is the name of the Neutron network providing external connectivity. It is often called `public`, `external` or `ext-net`. You can see your networks with `openstack network list`. -`openstack_private_network_name` is the name of the private Neutron network +`openshift_openstack_private_network_name` is the name of the private Neutron network providing admin/control access for ansible. It can be merged with other cluster networks, there are no special requirements for networking. -The `openstack_num_masters`, `openstack_num_infra` and -`openstack_num_nodes` values specify the number of Master, Infra and +The `openshift_openstack_num_masters`, `openshift_openstack_num_infra` and +`openshift_openstack_num_nodes` values specify the number of Master, Infra and App nodes to create. -The `openshift_cluster_node_labels` defines custom labels for your openshift +The `openshift_openstack_cluster_node_labels` defines custom labels for your openshift cluster node groups. It currently supports app and infra node groups. The default value of this variable sets `region: primary` to app nodes and `region: infra` to infra nodes. An example of setting a customised label: ``` -openshift_cluster_node_labels: +openshift_openstack_cluster_node_labels: app: mylabel: myvalue ``` -The `openstack_nodes_to_remove` allows you to specify the numerical indexes +The `openshift_openstack_nodes_to_remove` allows you to specify the numerical indexes of App nodes that should be removed; for example, ['0', '2'], The `docker_volume_size` is the default Docker volume size the servers will use. @@ -318,15 +318,15 @@ for master) and change its value. `docker_volume_size` must stay defined as it i used as a default value for some of the servers (master, infra, app node). The rest of the roles (etcd, load balancer, dns) have their defaults hard-coded. -**Note**: If the `ephemeral_volumes` is set to `true`, the `*_volume_size` variables +**Note**: If the `openshift_openstack_ephemeral_volumes` is set to `true`, the `*_volume_size` variables will be ignored and the deployment will not create any cinder volumes. -The `openstack_flat_secgrp`, controls Neutron security groups creation for Heat +The `openshift_openstack_flat_secgrp`, controls Neutron security groups creation for Heat stacks. Set it to true, if you experience issues with sec group rules quotas. It trades security for number of rules, by sharing the same set of firewall rules for master, node, etcd and infra nodes. -The `required_packages` variable also provides a list of the additional +The `openshift_openstack_required_packages` variable also provides a list of the additional prerequisite packages to be installed before to deploy an OpenShift cluster. Those are ignored though, if the `manage_packages: False`. @@ -358,11 +358,11 @@ floating IP addresses to each node. If you have a provider network set up, this is all unnecessary as you can just access servers that are placed in the provider network directly. -To use a provider network, set its name in `openstack_provider_network_name` in +To use a provider network, set its name in `openshift_openstack_provider_network_name` in `inventory/group_vars/all.yml`. -If you set the provider network name, the `openstack_external_network_name` and -`openstack_private_network_name` fields will be ignored. +If you set the provider network name, the `openshift_openstack_external_network_name` and +`openshift_openstack_private_network_name` fields will be ignored. **NOTE**: this will not update the nodes' DNS, so running openshift-ansible right after provisioning will fail (unless you're using an external DNS server @@ -373,7 +373,7 @@ resolve each other by name. Configure required `*_ingress_cidr` variables to restrict public access to provisioned servers from your laptop (a /32 notation should be used) -or your trusted network. The most important is the `node_ingress_cidr` +or your trusted network. The most important is the `openshift_openstack_node_ingress_cidr` that restricts public access to the deployed DNS server and cluster nodes' ephemeral ports range. @@ -388,7 +388,7 @@ implications though, and is not recommended for production deployments. ### DNS servers security options -Aside from `node_ingress_cidr` restricting public access to in-stack DNS +Aside from `openshift_openstack_node_ingress_cidr` restricting public access to in-stack DNS servers, there are following (bind/named specific) DNS security options available: @@ -435,8 +435,8 @@ it up as the OpenShift hosted registry. To do that you need specify the desired Cinder volume name and size in Gigabytes in `inventory/group_vars/all.yml`: - cinder_hosted_registry_name: cinder-registry - cinder_hosted_registry_size_gb: 10 + openshift_openstack_cinder_hosted_registry_name: cinder-registry + openshift_openstack_cinder_hosted_registry_size_gb: 10 With this, the playbooks will create the volume and set up its filesystem. If there is an existing volume of the same name, we will @@ -483,8 +483,8 @@ the volume. If you're using the dynamic inventory, you must uncomment these two values as well: - #openshift_hosted_registry_storage_openstack_volumeID: "{{ lookup('os_cinder', cinder_hosted_registry_name).id }}" - #openshift_hosted_registry_storage_volume_size: "{{ cinder_hosted_registry_size_gb }}Gi" + #openshift_hosted_registry_storage_openstack_volumeID: "{{ lookup('os_cinder', openshift_openstack_cinder_hosted_registry_name).id }}" + #openshift_hosted_registry_storage_volume_size: "{{ openshift_openstack_cinder_hosted_registry_size_gb }}Gi" But note that they use the `os_cinder` lookup plugin we provide, so you must tell Ansible where to find it either in `ansible.cfg` (the one we provide is @@ -528,7 +528,7 @@ the **UUID** of the Cinder volume, *not its name*. We can do formate the volume for you if you ask for it in `inventory/group_vars/all.yml`: - prepare_and_format_registry_volume: true + openshift_openstack_prepare_and_format_registry_volume: true **NOTE:** doing so **will destroy any data that's currently on the volume**! @@ -544,16 +544,16 @@ You can also run the registry setup playbook directly: Example inventory variables: - openstack_use_bastion: true - bastion_ingress_cidr: "{{openstack_subnet_prefix}}.0/24" + openshift_openstack_use_bastion: true + openshift_openstack_bastion_ingress_cidr: "{{openshift_openstack_subnet_prefix}}.0/24" openstack_private_ssh_key: ~/.ssh/id_rsa openstack_inventory: static openstack_inventory_path: ../../../../inventory openstack_ssh_config_path: /tmp/ssh.config.openshift.ansible.openshift.example.com -The `openstack_subnet_prefix` is the openstack private network for your cluster. -And the `bastion_ingress_cidr` defines accepted range for SSH connections to nodes -additionally to the `ssh_ingress_cidr`` (see the security notes above). +The `openshift_openstack_subnet_prefix` is the openstack private network for your cluster. +And the `openshift_openstack_bastion_ingress_cidr` defines accepted range for SSH connections to nodes +additionally to the `openshift_openstack_ssh_ingress_cidr`` (see the security notes above). The SSH config will be stored on the ansible control node by the gitven path. Ansible uses it automatically. To access the cluster nodes with @@ -738,7 +738,7 @@ OpenShift UI may be accessed via the 1st master node FQDN, port 8443. When using a bastion, you may want to make an SSH tunnel from your control node to access UI on the `https://localhost:8443`, with this inventory variable: - openshift_ui_ssh_tunnel: True + openshift_openstack_ui_ssh_tunnel: True Note, this requires sudo rights on the ansible control node and an absolute path for the `openstack_private_ssh_key`. You should also update the control node's @@ -769,4 +769,4 @@ Usage: ansible-playbook -i openshift-ansible-contrib/playbooks/provisioning/openstack/scale-up.yaml` [-e increment_by=] [-e openshift_ansible_dir=] ``` -Note: This playbook works only without a bastion node (`openstack_use_bastion: False`). +Note: This playbook works only without a bastion node (`openshift_openstack_use_bastion: False`). diff --git a/playbooks/openstack/openshift-cluster/provision.yml b/playbooks/openstack/openshift-cluster/provision.yml index b1dff1870..fe3057158 100644 --- a/playbooks/openstack/openshift-cluster/provision.yml +++ b/playbooks/openstack/openshift-cluster/provision.yml @@ -42,8 +42,8 @@ name: openshift_openstack tasks_from: populate-dns.yml when: - - external_nsupdate_keys is defined - - external_nsupdate_keys.private is defined or external_nsupdate_keys.public is defined + - openshift_openstack_external_nsupdate_keys is defined + - openshift_openstack_external_nsupdate_keys.private is defined or openshift_openstack_external_nsupdate_keys.public is defined - name: Prepare the Nodes in the cluster for installation hosts: oo_all_hosts diff --git a/playbooks/openstack/sample-inventory/group_vars/OSEv3.yml b/playbooks/openstack/sample-inventory/group_vars/OSEv3.yml index 7d8dc157e..1e55adb9e 100644 --- a/playbooks/openstack/sample-inventory/group_vars/OSEv3.yml +++ b/playbooks/openstack/sample-inventory/group_vars/OSEv3.yml @@ -2,10 +2,10 @@ openshift_deployment_type: origin #openshift_deployment_type: openshift-enterprise #openshift_release: v3.5 -openshift_master_default_subdomain: "apps.{{ env_id }}.{{ public_dns_domain }}" +openshift_master_default_subdomain: "apps.{{ openshift_openstack_clusterid }}.{{ openshift_openstack_public_dns_domain }}" openshift_master_cluster_method: native -openshift_master_cluster_hostname: "console.{{ env_id }}.{{ public_dns_domain }}" +openshift_master_cluster_hostname: "console.{{ openshift_openstack_clusterid }}.{{ openshift_openstack_public_dns_domain }}" openshift_master_cluster_public_hostname: "{{ openshift_master_cluster_hostname }}" osm_default_node_selector: 'region=primary' @@ -29,10 +29,10 @@ openshift_hosted_registry_wait: True ## NOTE(shadower): This won't work until the openshift-ansible issue #5657 is fixed: ## https://github.com/openshift/openshift-ansible/issues/5657 -## If you're using the `cinder_hosted_registry_name` option from +## If you're using the `openshift_openstack_cinder_hosted_registry_name` option from ## `all.yml`, uncomment these lines: -#openshift_hosted_registry_storage_openstack_volumeID: "{{ lookup('os_cinder', cinder_hosted_registry_name).id }}" -#openshift_hosted_registry_storage_volume_size: "{{ cinder_hosted_registry_size_gb }}Gi" +#openshift_hosted_registry_storage_openstack_volumeID: "{{ lookup('os_cinder', openshift_openstack_cinder_hosted_registry_name).id }}" +#openshift_hosted_registry_storage_volume_size: "{{ openshift_openstack_cinder_hosted_registry_size_gb }}Gi" ## If you're using a Cinder volume you've set up yourself, uncomment these lines: #openshift_hosted_registry_storage_openstack_volumeID: e0ba2d73-d2f9-4514-a3b2-a0ced507fa05 diff --git a/playbooks/openstack/sample-inventory/group_vars/all.yml b/playbooks/openstack/sample-inventory/group_vars/all.yml index e0618d685..450642c81 100644 --- a/playbooks/openstack/sample-inventory/group_vars/all.yml +++ b/playbooks/openstack/sample-inventory/group_vars/all.yml @@ -1,59 +1,59 @@ --- -env_id: "openshift" -public_dns_domain: "example.com" -openstack_dns_nameservers: [] +openshift_openstack_clusterid: "openshift" +openshift_openstack_public_dns_domain: "example.com" +openshift_openstack_dns_nameservers: [] # # Used Hostnames # # - set custom hostnames for roles by uncommenting corresponding lines -#openstack_master_hostname: "master" -#openstack_infra_hostname: "infra-node" -#openstack_node_hostname: "app-node" -#openstack_lb_hostname: "lb" -#openstack_etcd_hostname: "etcd" -#openstack_dns_hostname: "dns" - -openstack_keypair_name: "openshift" -openstack_external_network_name: "public" -#openstack_private_network_name: "openshift-ansible-{{ stack_name }}-net" +#openshift_openstack_master_hostname: "master" +#openshift_openstack_infra_hostname: "infra-node" +#openshift_openstack_node_hostname: "app-node" +#openshift_openstack_lb_hostname: "lb" +#openshift_openstack_etcd_hostname: "etcd" +#openshift_openstack_dns_hostname: "dns" + +openshift_openstack_keypair_name: "openshift" +openshift_openstack_external_network_name: "public" +#openshift_openstack_private_network_name: "openshift-ansible-{{ openshift_openstack_stack_name }}-net" # # A dedicated Neutron network name for containers data network -# # Configures the data network to be separated from openstack_private_network_name +# # Configures the data network to be separated from openshift_openstack_private_network_name # # NOTE: this is only supported with Flannel SDN yet -#openstack_private_data_network_name: "openshift-ansible-{{ stack_name }}-data-net" +#openstack_private_data_network_name: "openshift-ansible-{{ openshift_openstack_stack_name }}-data-net" ## If you want to use a provider network, set its name here. -## NOTE: the `openstack_external_network_name` and -## `openstack_private_network_name` options will be ignored when using a +## NOTE: the `openshift_openstack_external_network_name` and +## `openshift_openstack_private_network_name` options will be ignored when using a ## provider network. -#openstack_provider_network_name: "provider" +#openshift_openstack_provider_network_name: "provider" # # Used Images # # - set specific images for roles by uncommenting corresponding lines -# # - note: do not remove openstack_default_image_name definition -#openstack_master_image_name: "centos7" -#openstack_infra_image_name: "centos7" -#openstack_node_image_name: "centos7" -#openstack_lb_image_name: "centos7" -#openstack_etcd_image_name: "centos7" -#openstack_dns_image_name: "centos7" -openstack_default_image_name: "centos7" - -openstack_num_masters: 1 -openstack_num_infra: 1 -openstack_num_nodes: 2 +# # - note: do not remove openshift_openstack_default_image_name definition +#openshift_openstack_master_image_name: "centos7" +#openshift_openstack_infra_image_name: "centos7" +#openshift_openstack_node_image_name: "centos7" +#openshift_openstack_lb_image_name: "centos7" +#openshift_openstack_etcd_image_name: "centos7" +#openshift_openstack_dns_image_name: "centos7" +openshift_openstack_default_image_name: "centos7" + +openshift_openstack_num_masters: 1 +openshift_openstack_num_infra: 1 +openshift_openstack_num_nodes: 2 # # Used Flavors # # - set specific flavors for roles by uncommenting corresponding lines -# # - note: do note remove openstack_default_flavor definition -#openstack_master_flavor: "m1.medium" -#openstack_infra_flavor: "m1.medium" -#openstack_node_flavor: "m1.medium" -#openstack_lb_flavor: "m1.medium" -#openstack_etcd_flavor: "m1.medium" -#openstack_dns_flavor: "m1.medium" -openstack_default_flavor: "m1.medium" +# # - note: do note remove openshift_openstack_default_flavor definition +#openshift_openstack_master_flavor: "m1.medium" +#openshift_openstack_infra_flavor: "m1.medium" +#openshift_openstack_node_flavor: "m1.medium" +#openshift_openstack_lb_flavor: "m1.medium" +#openshift_openstack_etcd_flavor: "m1.medium" +#openshift_openstack_dns_flavor: "m1.medium" +openshift_openstack_default_flavor: "m1.medium" # # Numerical index of nodes to remove -# openstack_nodes_to_remove: [] +# openshift_openstack_nodes_to_remove: [] # # Docker volume size # # - set specific volume size for roles by uncommenting corresponding lines @@ -69,22 +69,22 @@ docker_volume_size: "15" ## Specify server group policies for master and infra nodes. Nova must be configured to ## enable these policies. 'anti-affinity' will ensure that each VM is launched on a ## different physical host. -#openstack_master_server_group_policies: [anti-affinity] -#openstack_infra_server_group_policies: [anti-affinity] +#openshift_openstack_master_server_group_policies: [anti-affinity] +#openshift_openstack_infra_server_group_policies: [anti-affinity] ## Create a Cinder volume and use it for the OpenShift registry. ## NOTE: the openstack credentials and hosted registry options must be set in OSEv3.yml! -#cinder_hosted_registry_name: cinder-registry -#cinder_hosted_registry_size_gb: 10 +#openshift_openstack_cinder_hosted_registry_name: cinder-registry +#openshift_openstack_cinder_hosted_registry_size_gb: 10 ## Set up a filesystem on the cinder volume specified in `OSEv3.yaml`. ## You need to specify the file system and volume ID in OSEv3 via ## `openshift_hosted_registry_storage_openstack_filesystem` and ## `openshift_hosted_registry_storage_openstack_volumeID`. ## WARNING: This will delete any data on the volume! -#prepare_and_format_registry_volume: False +#openshift_openstack_prepare_and_format_registry_volume: False -openstack_subnet_prefix: "192.168.99" +openshift_openstack_subnet_prefix: "192.168.99" ## Red Hat subscription defaults to false which means we will not attempt to ## subscribe the nodes @@ -110,8 +110,8 @@ openstack_subnet_prefix: "192.168.99" # # Roll-your-own DNS -#openstack_num_dns: 0 -#external_nsupdate_keys: +#openshift_openstack_num_dns: 0 +#openshift_openstack_external_nsupdate_keys: # public: # key_secret: 'SKqKNdpfk7llKxZ57bbxUnUDobaaJp9t8CjXLJPl+fRI5mPcSBuxTAyvJPa6Y9R7vUg9DwCy/6WTpgLNqnV4Hg==' # key_algorithm: 'hmac-md5' @@ -131,16 +131,16 @@ openstack_subnet_prefix: "192.168.99" ansible_user: openshift # # Use a single security group for a cluster (default: false) -#openstack_flat_secgrp: false +#openshift_openstack_flat_secgrp: false # If you want to use the VM storage instead of Cinder volumes, set this to `true`. # NOTE: this is for testing only! Your data will be gone once the VM disappears! -# ephemeral_volumes: false +# openshift_openstack_ephemeral_volumes: false # # OpenShift node labels # # - in order to customise node labels for app and/or infra group, set the -# # openshift_cluster_node_labels variable -#openshift_cluster_node_labels: +# # openshift_openstack_cluster_node_labels variable +#openshift_openstack_cluster_node_labels: # app: # region: primary # infra: diff --git a/roles/openshift_openstack/defaults/main.yml b/roles/openshift_openstack/defaults/main.yml index 1f9c09c96..3eca52963 100644 --- a/roles/openshift_openstack/defaults/main.yml +++ b/roles/openshift_openstack/defaults/main.yml @@ -1,28 +1,27 @@ --- -stack_state: 'present' +openshift_openstack_stack_state: 'present' -ssh_ingress_cidr: 0.0.0.0/0 -node_ingress_cidr: 0.0.0.0/0 -master_ingress_cidr: 0.0.0.0/0 -lb_ingress_cidr: 0.0.0.0/0 -bastion_ingress_cidr: 0.0.0.0/0 -openstack_num_etcd: 0 -openstack_num_masters: 1 -openstack_num_nodes: 1 -openstack_num_dns: 0 -openstack_num_infra: 1 -openstack_dns_nameservers: [] -openstack_nodes_to_remove: [] +openshift_openstack_ssh_ingress_cidr: 0.0.0.0/0 +openshift_openstack_node_ingress_cidr: 0.0.0.0/0 +openshift_openstack_lb_ingress_cidr: 0.0.0.0/0 +openshift_openstack_bastion_ingress_cidr: 0.0.0.0/0 +openshift_openstack_num_etcd: 0 +openshift_openstack_num_masters: 1 +openshift_openstack_num_nodes: 1 +openshift_openstack_num_dns: 0 +openshift_openstack_num_infra: 1 +openshift_openstack_dns_nameservers: [] +openshift_openstack_nodes_to_remove: [] -openshift_cluster_node_labels: +openshift_openstack_cluster_node_labels: app: region: primary infra: region: infra -install_debug_packages: false -required_packages: +openshift_openstack_install_debug_packages: false +openshift_openstack_required_packages: - docker - NetworkManager - wget @@ -30,66 +29,69 @@ required_packages: - net-tools - bind-utils - bridge-utils -debug_packages: +openshift_openstack_debug_packages: - bash-completion - vim-enhanced # container-storage-setup -docker_dev: "/dev/sdb" -docker_vg: "docker-vol" -docker_data_size: "95%VG" -docker_dm_basesize: "3G" -container_root_lv_name: "dockerlv" -container_root_lv_mount_path: "/var/lib/docker" +openshift_openstack_container_storage_setup: + docker_dev: "/dev/sdb" + docker_vg: "docker-vol" + docker_data_size: "95%VG" + docker_dm_basesize: "3G" + container_root_lv_name: "dockerlv" + container_root_lv_mount_path: "/var/lib/docker" # populate-dns -dns_records_rm: [] -dns_records_add: [] -external_nsupdate_keys: {} +openshift_openstack_dns_records_add: [] +openshift_openstack_external_nsupdate_keys: {} -full_dns_domain: "{{ (env_id|trim == '') | ternary(public_dns_domain, env_id + '.' + public_dns_domain) }}" -openshift_app_domain: "apps" +openshift_openstack_full_dns_domain: "{{ (openshift_openstack_clusterid|trim == '') | ternary(openshift_openstack_public_dns_domain, openshift_openstack_clusterid + '.' + openshift_openstack_public_dns_domain) }}" +openshift_openstack_app_subdomain: "apps" # heat vars -stack_name: "{{ env_id }}.{{ public_dns_domain }}" -openstack_subnet_prefix: "192.168.99" -openstack_master_hostname: master -openstack_infra_hostname: infra-node -openstack_node_hostname: app-node -openstack_lb_hostname: lb -openstack_etcd_hostname: etcd -openstack_dns_hostname: dns -openstack_keypair_name: openshift -openstack_lb_flavor: "{{ openstack_default_flavor }}" -openstack_etcd_flavor: "{{ openstack_default_flavor }}" -openstack_master_flavor: "{{ openstack_default_flavor }}" -openstack_node_flavor: "{{ openstack_default_flavor }}" -openstack_infra_flavor: "{{ openstack_default_flavor }}" -openstack_dns_flavor: "{{ openstack_default_flavor }}" -openstack_master_image: "{{ openstack_default_image_name }}" -openstack_infra_image: "{{ openstack_default_image_name }}" -openstack_node_image: "{{ openstack_default_image_name }}" -openstack_lb_image: "{{ openstack_default_image_name }}" -openstack_etcd_image: "{{ openstack_default_image_name }}" -openstack_dns_image: "{{ openstack_default_image_name }}" -openstack_provider_network_name: null -openstack_external_network_name: null -openstack_private_network: >- - {% if openstack_provider_network_name | default(None) -%} - {{ openstack_provider_network_name }} +openshift_openstack_clusterid: openshift +openshift_openstack_stack_name: "{{ openshift_openstack_clusterid }}.{{ openshift_openstack_public_dns_domain }}" +openshift_openstack_subnet_prefix: "192.168.99" +openshift_openstack_master_hostname: master +openshift_openstack_infra_hostname: infra-node +openshift_openstack_node_hostname: app-node +openshift_openstack_lb_hostname: lb +openshift_openstack_etcd_hostname: etcd +openshift_openstack_dns_hostname: dns +openshift_openstack_keypair_name: openshift +openshift_openstack_lb_flavor: "{{ openshift_openstack_default_flavor }}" +openshift_openstack_etcd_flavor: "{{ openshift_openstack_default_flavor }}" +openshift_openstack_master_flavor: "{{ openshift_openstack_default_flavor }}" +openshift_openstack_node_flavor: "{{ openshift_openstack_default_flavor }}" +openshift_openstack_infra_flavor: "{{ openshift_openstack_default_flavor }}" +openshift_openstack_dns_flavor: "{{ openshift_openstack_default_flavor }}" +openshift_openstack_master_image: "{{ openshift_openstack_default_image_name }}" +openshift_openstack_infra_image: "{{ openshift_openstack_default_image_name }}" +openshift_openstack_node_image: "{{ openshift_openstack_default_image_name }}" +openshift_openstack_lb_image: "{{ openshift_openstack_default_image_name }}" +openshift_openstack_etcd_image: "{{ openshift_openstack_default_image_name }}" +openshift_openstack_dns_image: "{{ openshift_openstack_default_image_name }}" +openshift_openstack_provider_network_name: null +openshift_openstack_external_network_name: null +openshift_openstack_private_network: >- + {% if openshift_openstack_provider_network_name | default(None) -%} + {{ openshift_openstack_provider_network_name }} {%- else -%} - {{ openstack_private_network_name | default ('openshift-ansible-' + stack_name + '-net') }} + {{ openshift_openstack_private_network_name | default ('openshift-ansible-' + openshift_openstack_stack_name + '-net') }} {%- endif -%} -openstack_master_server_group_policies: [] -openstack_infra_server_group_policies: [] -openstack_master_volume_size: "{{ docker_volume_size }}" -openstack_infra_volume_size: "{{ docker_volume_size }}" -openstack_node_volume_size: "{{ docker_volume_size }}" -openstack_etcd_volume_size: 2 -openstack_dns_volume_size: 1 -openstack_lb_volume_size: 5 -openstack_use_bastion: false -openshift_ui_ssh_tunnel: false +openshift_openstack_master_server_group_policies: [] +openshift_openstack_infra_server_group_policies: [] +openshift_openstack_docker_volume_size: 15 +openshift_openstack_master_volume_size: "{{ openshift_openstack_docker_volume_size }}" +openshift_openstack_infra_volume_size: "{{ openshift_openstack_docker_volume_size }}" +openshift_openstack_node_volume_size: "{{ openshift_openstack_docker_volume_size }}" +openshift_openstack_etcd_volume_size: 2 +openshift_openstack_dns_volume_size: 1 +openshift_openstack_lb_volume_size: 5 +openshift_openstack_use_bastion: false +openshift_openstack_ui_ssh_tunnel: false +openshift_openstack_ephemeral_volumes: false diff --git a/roles/openshift_openstack/tasks/check-prerequisites.yml b/roles/openshift_openstack/tasks/check-prerequisites.yml index a91e60640..57c7238d1 100644 --- a/roles/openshift_openstack/tasks/check-prerequisites.yml +++ b/roles/openshift_openstack/tasks/check-prerequisites.yml @@ -50,24 +50,24 @@ # Check Glance image - name: Try to get image facts os_image_facts: - image: "{{ openstack_default_image_name }}" + image: "{{ openshift_openstack_default_image_name }}" register: image_result - name: Check that image is available assert: that: "image_result.ansible_facts.openstack_image" - msg: "Image {{ openstack_default_image_name }} is not available" + msg: "Image {{ openshift_openstack_default_image_name }} is not available" # Check network name - name: Try to get network facts os_networks_facts: - name: "{{ openstack_external_network_name }}" + name: "{{ openshift_openstack_external_network_name }}" register: network_result - when: not openstack_provider_network_name|default(None) + when: not openshift_openstack_provider_network_name|default(None) - name: Check that network is available assert: that: "network_result.ansible_facts.openstack_networks" - msg: "Network {{ openstack_external_network_name }} is not available" - when: not openstack_provider_network_name|default(None) + msg: "Network {{ openshift_openstack_external_network_name }} is not available" + when: not openshift_openstack_provider_network_name|default(None) # Check keypair # TODO kpilatov: there is no Ansible module for getting OS keypairs @@ -76,30 +76,30 @@ - name: Try to show keypair command: > python -c 'import shade; cloud = shade.openstack_cloud(); - exit(cloud.get_keypair("{{ openstack_keypair_name }}") is None)' + exit(cloud.get_keypair("{{ openshift_openstack_keypair_name }}") is None)' ignore_errors: yes register: key_result - name: Check that keypair is available assert: that: 'key_result.rc == 0' - msg: "Keypair {{ openstack_keypair_name }} is not available" + msg: "Keypair {{ openshift_openstack_keypair_name }} is not available" # Check that custom images are available - include: custom_image_check.yaml with_items: - - "{{ openstack_master_image }}" - - "{{ openstack_infra_image }}" - - "{{ openstack_node_image }}" - - "{{ openstack_lb_image }}" - - "{{ openstack_etcd_image }}" - - "{{ openstack_dns_image }}" + - "{{ openshift_openstack_master_image }}" + - "{{ openshift_openstack_infra_image }}" + - "{{ openshift_openstack_node_image }}" + - "{{ openshift_openstack_lb_image }}" + - "{{ openshift_openstack_etcd_image }}" + - "{{ openshift_openstack_dns_image }}" # Check that custom flavors are available - include: custom_flavor_check.yaml with_items: - - "{{ openstack_master_flavor }}" - - "{{ openstack_infra_flavor }}" - - "{{ openstack_node_flavor }}" - - "{{ openstack_lb_flavor }}" - - "{{ openstack_etcd_flavor }}" - - "{{ openstack_dns_flavor }}" + - "{{ openshift_openstack_master_flavor }}" + - "{{ openshift_openstack_infra_flavor }}" + - "{{ openshift_openstack_node_flavor }}" + - "{{ openshift_openstack_lb_flavor }}" + - "{{ openshift_openstack_etcd_flavor }}" + - "{{ openshift_openstack_dns_flavor }}" diff --git a/roles/openshift_openstack/tasks/hostname.yml b/roles/openshift_openstack/tasks/hostname.yml index 9815d0e80..e1a18425f 100644 --- a/roles/openshift_openstack/tasks/hostname.yml +++ b/roles/openshift_openstack/tasks/hostname.yml @@ -5,7 +5,7 @@ - name: Setting FQDN Fact set_fact: - new_fqdn: "{{ new_hostname }}.{{ full_dns_domain }}" + new_fqdn: "{{ new_hostname }}.{{ openshift_openstack_full_dns_domain }}" - name: Setting hostname and DNS domain hostname: name="{{ new_fqdn }}" diff --git a/roles/openshift_openstack/tasks/net_vars_check.yaml b/roles/openshift_openstack/tasks/net_vars_check.yaml index 68afde415..18b9b21b9 100644 --- a/roles/openshift_openstack/tasks/net_vars_check.yaml +++ b/roles/openshift_openstack/tasks/net_vars_check.yaml @@ -3,7 +3,7 @@ fail: msg: "Flannel SDN requires a dedicated containers data network and can not work over a provider network" when: - - openstack_provider_network_name is defined + - openshift_openstack_provider_network_name is defined - openstack_private_data_network_name is defined - name: Check the flannel network configuration diff --git a/roles/openshift_openstack/tasks/node-packages.yml b/roles/openshift_openstack/tasks/node-packages.yml index c65eaec3b..7864f5269 100644 --- a/roles/openshift_openstack/tasks/node-packages.yml +++ b/roles/openshift_openstack/tasks/node-packages.yml @@ -5,11 +5,11 @@ yum: name: "{{ item }}" state: latest - with_items: "{{ required_packages }}" + with_items: "{{ openshift_openstack_required_packages }}" - name: Install debug packages (optional) yum: name: "{{ item }}" state: latest - with_items: "{{ debug_packages }}" - when: install_debug_packages|bool + with_items: "{{ openshift_openstack_debug_packages }}" + when: openshift_openstack_install_debug_packages|bool diff --git a/roles/openshift_openstack/tasks/populate-dns.yml b/roles/openshift_openstack/tasks/populate-dns.yml index 669b65a01..080c3aca9 100644 --- a/roles/openshift_openstack/tasks/populate-dns.yml +++ b/roles/openshift_openstack/tasks/populate-dns.yml @@ -5,41 +5,41 @@ - name: "Add wildcard records to the private A records for infrahosts" set_fact: - private_records: "{{ private_records | default([]) + [ { 'type': 'A', 'hostname': '*.' + openshift_app_domain, 'ip': hostvars[item]['private_v4'] } ] }}" + private_records: "{{ private_records | default([]) + [ { 'type': 'A', 'hostname': '*.' + openshift_openstack_app_subdomain, 'ip': hostvars[item]['private_v4'] } ] }}" with_items: "{{ groups['infra_hosts'] }}" - name: "Add public master cluster hostname records to the private A records (single master)" set_fact: - private_records: "{{ private_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(full_dns_domain, ''))[:-1], 'ip': hostvars[groups.masters[0]].private_v4 } ] }}" + private_records: "{{ private_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(openshift_openstack_full_dns_domain, ''))[:-1], 'ip': hostvars[groups.masters[0]].private_v4 } ] }}" when: - hostvars[groups.masters[0]].openshift_master_cluster_public_hostname is defined - - openstack_num_masters == 1 + - openshift_openstack_num_masters == 1 - name: "Add public master cluster hostname records to the private A records (multi-master)" set_fact: - private_records: "{{ private_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(full_dns_domain, ''))[:-1], 'ip': hostvars[groups.lb[0]].private_v4 } ] }}" + private_records: "{{ private_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(openshift_openstack_full_dns_domain, ''))[:-1], 'ip': hostvars[groups.lb[0]].private_v4 } ] }}" when: - hostvars[groups.masters[0]].openshift_master_cluster_public_hostname is defined - - openstack_num_masters > 1 + - openshift_openstack_num_masters > 1 - name: "Set the private DNS server to use the external value (if provided)" set_fact: - nsupdate_server_private: "{{ external_nsupdate_keys['private']['server'] }}" - nsupdate_key_secret_private: "{{ external_nsupdate_keys['private']['key_secret'] }}" - nsupdate_key_algorithm_private: "{{ external_nsupdate_keys['private']['key_algorithm'] }}" - nsupdate_private_key_name: "{{ external_nsupdate_keys['private']['key_name']|default('private-' + full_dns_domain) }}" + nsupdate_server_private: "{{ openshift_openstack_external_nsupdate_keys['private']['server'] }}" + nsupdate_key_secret_private: "{{ openshift_openstack_external_nsupdate_keys['private']['key_secret'] }}" + nsupdate_key_algorithm_private: "{{ openshift_openstack_external_nsupdate_keys['private']['key_algorithm'] }}" + nsupdate_private_key_name: "{{ openshift_openstack_external_nsupdate_keys['private']['key_name']|default('private-' + openshift_openstack_full_dns_domain) }}" when: - - external_nsupdate_keys is defined - - external_nsupdate_keys['private'] is defined + - openshift_openstack_external_nsupdate_keys is defined + - openshift_openstack_external_nsupdate_keys['private'] is defined - name: "Generate the private Add section for DNS" set_fact: private_named_records: - view: "private" - zone: "{{ full_dns_domain }}" + zone: "{{ openshift_openstack_full_dns_domain }}" server: "{{ nsupdate_server_private }}" - key_name: "{{ nsupdate_private_key_name|default('private-' + full_dns_domain) }}" + key_name: "{{ nsupdate_private_key_name|default('private-' + openshift_openstack_full_dns_domain) }}" key_secret: "{{ nsupdate_key_secret_private }}" key_algorithm: "{{ nsupdate_key_algorithm_private | lower }}" entries: "{{ private_records }}" @@ -52,58 +52,58 @@ - name: "Add wildcard records to the public A records" set_fact: - public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': '*.' + openshift_app_domain, 'ip': hostvars[item]['public_v4'] } ] }}" + public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': '*.' + openshift_openstack_app_subdomain, 'ip': hostvars[item]['public_v4'] } ] }}" with_items: "{{ groups['infra_hosts'] }}" when: hostvars[item]['public_v4'] is defined - name: "Add public master cluster hostname records to the public A records (single master)" set_fact: - public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(full_dns_domain, ''))[:-1], 'ip': hostvars[groups.masters[0]].public_v4 } ] }}" + public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(openshift_openstack_full_dns_domain, ''))[:-1], 'ip': hostvars[groups.masters[0]].public_v4 } ] }}" when: - hostvars[groups.masters[0]].openshift_master_cluster_public_hostname is defined - - openstack_num_masters == 1 - - not openstack_use_bastion|bool + - openshift_openstack_num_masters == 1 + - not openshift_openstack_use_bastion|bool - name: "Add public master cluster hostname records to the public A records (single master behind a bastion)" set_fact: - public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(full_dns_domain, ''))[:-1], 'ip': hostvars[groups.bastions[0]].public_v4 } ] }}" + public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(openshift_openstack_full_dns_domain, ''))[:-1], 'ip': hostvars[groups.bastions[0]].public_v4 } ] }}" when: - hostvars[groups.masters[0]].openshift_master_cluster_public_hostname is defined - - openstack_num_masters == 1 - - openstack_use_bastion|bool + - openshift_openstack_num_masters == 1 + - openshift_openstack_use_bastion|bool - name: "Add public master cluster hostname records to the public A records (multi-master)" set_fact: - public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(full_dns_domain, ''))[:-1], 'ip': hostvars[groups.lb[0]].public_v4 } ] }}" + public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(openshift_openstack_full_dns_domain, ''))[:-1], 'ip': hostvars[groups.lb[0]].public_v4 } ] }}" when: - hostvars[groups.masters[0]].openshift_master_cluster_public_hostname is defined - - openstack_num_masters > 1 + - openshift_openstack_num_masters > 1 - name: "Set the public DNS server details to use the external value (if provided)" set_fact: - nsupdate_server_public: "{{ external_nsupdate_keys['public']['server'] }}" - nsupdate_key_secret_public: "{{ external_nsupdate_keys['public']['key_secret'] }}" - nsupdate_key_algorithm_public: "{{ external_nsupdate_keys['public']['key_algorithm'] }}" - nsupdate_public_key_name: "{{ external_nsupdate_keys['public']['key_name']|default('public-' + full_dns_domain) }}" + nsupdate_server_public: "{{ openshift_openstack_external_nsupdate_keys['public']['server'] }}" + nsupdate_key_secret_public: "{{ openshift_openstack_external_nsupdate_keys['public']['key_secret'] }}" + nsupdate_key_algorithm_public: "{{ openshift_openstack_external_nsupdate_keys['public']['key_algorithm'] }}" + nsupdate_public_key_name: "{{ openshift_openstack_external_nsupdate_keys['public']['key_name']|default('public-' + openshift_openstack_full_dns_domain) }}" when: - - external_nsupdate_keys is defined - - external_nsupdate_keys['public'] is defined + - openshift_openstack_external_nsupdate_keys is defined + - openshift_openstack_external_nsupdate_keys['public'] is defined - name: "Generate the public Add section for DNS" set_fact: public_named_records: - view: "public" - zone: "{{ full_dns_domain }}" + zone: "{{ openshift_openstack_full_dns_domain }}" server: "{{ nsupdate_server_public }}" - key_name: "{{ nsupdate_public_key_name|default('public-' + full_dns_domain) }}" + key_name: "{{ nsupdate_public_key_name|default('public-' + openshift_openstack_full_dns_domain) }}" key_secret: "{{ nsupdate_key_secret_public }}" key_algorithm: "{{ nsupdate_key_algorithm_public | lower }}" entries: "{{ public_records }}" -- name: "Generate the final dns_records_add" +- name: "Generate the final openshift_openstack_dns_records_add" set_fact: - dns_records_add: "{{ private_named_records + public_named_records }}" + openshift_openstack_dns_records_add: "{{ private_named_records + public_named_records }}" - name: "Add DNS A records" @@ -119,7 +119,7 @@ # TODO(shadower): add a cleanup playbook that removes these records, too! state: present with_subelements: - - "{{ dns_records_add | default({}) }}" + - "{{ openshift_openstack_dns_records_add | default({}) }}" - entries register: nsupdate_add_result until: nsupdate_add_result|succeeded diff --git a/roles/openshift_openstack/tasks/provision.yml b/roles/openshift_openstack/tasks/provision.yml index e693f535a..dccbe334c 100644 --- a/roles/openshift_openstack/tasks/provision.yml +++ b/roles/openshift_openstack/tasks/provision.yml @@ -2,14 +2,14 @@ - name: Generate the templates include: generate-templates.yml when: - - stack_state == 'present' + - openshift_openstack_stack_state == 'present' - name: Handle the Stack (create/delete) ignore_errors: False register: stack_create os_stack: - name: "{{ stack_name }}" - state: "{{ stack_state }}" + name: "{{ openshift_openstack_stack_name }}" + state: "{{ openshift_openstack_stack_state }}" template: "{{ stack_template_path | default(omit) }}" wait: yes @@ -19,7 +19,7 @@ - name: CleanUp include: cleanup.yml when: - - stack_state == 'present' + - openshift_openstack_stack_state == 'present' # TODO(shadower): create the registry and PV Cinder volumes if specified # and include the `prepare-and-format-cinder-volume` tasks to set it up diff --git a/roles/openshift_openstack/templates/docker-storage-setup-dm.j2 b/roles/openshift_openstack/templates/docker-storage-setup-dm.j2 index b5869feff..32c6b5838 100644 --- a/roles/openshift_openstack/templates/docker-storage-setup-dm.j2 +++ b/roles/openshift_openstack/templates/docker-storage-setup-dm.j2 @@ -1,4 +1,4 @@ -DEVS="{{ docker_dev }}" -VG="{{ docker_vg }}" -DATA_SIZE="{{ docker_data_size }}" -EXTRA_DOCKER_STORAGE_OPTIONS="--storage-opt dm.basesize={{ docker_dm_basesize }}" +DEVS="{{ openshift_openstack_container_storage_setup.docker_dev }}" +VG="{{ openshift_openstack_container_storage_setup.docker_vg }}" +DATA_SIZE="{{ openshift_openstack_container_storage_setup.docker_data_size }}" +EXTRA_DOCKER_STORAGE_OPTIONS="--storage-opt dm.basesize={{ openshift_openstack_container_storage_setup.docker_dm_basesize }}" diff --git a/roles/openshift_openstack/templates/docker-storage-setup-overlayfs.j2 b/roles/openshift_openstack/templates/docker-storage-setup-overlayfs.j2 index d8b4a0276..1bf366bdc 100644 --- a/roles/openshift_openstack/templates/docker-storage-setup-overlayfs.j2 +++ b/roles/openshift_openstack/templates/docker-storage-setup-overlayfs.j2 @@ -1,7 +1,7 @@ -DEVS="{{ docker_dev }}" -VG="{{ docker_vg }}" -DATA_SIZE="{{ docker_data_size }}" +DEVS="{{ openshift_openstack_container_storage_setup.docker_dev }}" +VG="{{ openshift_openstack_container_storage_setup.docker_vg }}" +DATA_SIZE="{{ openshift_openstack_container_storage_setup.docker_data_size }}" STORAGE_DRIVER=overlay2 -CONTAINER_ROOT_LV_NAME="{{ container_root_lv_name }}" -CONTAINER_ROOT_LV_MOUNT_PATH="{{ container_root_lv_mount_path }}" +CONTAINER_ROOT_LV_NAME="{{ openshift_openstack_container_storage_setup.container_root_lv_name }}" +CONTAINER_ROOT_LV_MOUNT_PATH="{{ openshift_openstack_container_storage_setup.container_root_lv_mount_path }}" CONTAINER_ROOT_LV_SIZE=100%FREE diff --git a/roles/openshift_openstack/templates/heat_stack.yaml.j2 b/roles/openshift_openstack/templates/heat_stack.yaml.j2 index 28634f9a4..bfa65b460 100644 --- a/roles/openshift_openstack/templates/heat_stack.yaml.j2 +++ b/roles/openshift_openstack/templates/heat_stack.yaml.j2 @@ -54,7 +54,7 @@ outputs: description: Floating IPs of the nodes value: { get_attr: [ infra_nodes, floating_ip ] } -{% if openstack_num_dns|int > 0 %} +{% if openshift_openstack_num_dns|int > 0 %} dns_name: description: Name of the DNS value: @@ -72,11 +72,11 @@ outputs: {% endif %} conditions: - no_floating: {% if openstack_provider_network_name or openstack_use_bastion|bool %}true{% else %}false{% endif %} + no_floating: {% if openshift_openstack_provider_network_name or openshift_openstack_use_bastion|bool %}true{% else %}false{% endif %} resources: -{% if not openstack_provider_network_name %} +{% if not openshift_openstack_provider_network_name %} net: type: OS::Neutron::Net properties: @@ -84,7 +84,7 @@ resources: str_replace: template: openshift-ansible-cluster_id-net params: - cluster_id: {{ stack_name }} + cluster_id: {{ openshift_openstack_stack_name }} subnet: type: OS::Neutron::Subnet @@ -93,26 +93,26 @@ resources: str_replace: template: openshift-ansible-cluster_id-subnet params: - cluster_id: {{ stack_name }} + cluster_id: {{ openshift_openstack_stack_name }} network: { get_resource: net } cidr: str_replace: template: subnet_24_prefix.0/24 params: - subnet_24_prefix: {{ openstack_subnet_prefix }} + subnet_24_prefix: {{ openshift_openstack_subnet_prefix }} allocation_pools: - start: str_replace: template: subnet_24_prefix.3 params: - subnet_24_prefix: {{ openstack_subnet_prefix }} + subnet_24_prefix: {{ openshift_openstack_subnet_prefix }} end: str_replace: template: subnet_24_prefix.254 params: - subnet_24_prefix: {{ openstack_subnet_prefix }} + subnet_24_prefix: {{ openshift_openstack_subnet_prefix }} dns_nameservers: -{% for nameserver in openstack_dns_nameservers %} +{% for nameserver in openshift_openstack_dns_nameservers %} - {{ nameserver }} {% endfor %} @@ -120,13 +120,13 @@ resources: data_net: type: OS::Neutron::Net properties: - name: openshift-ansible-{{ stack_name }}-data-net + name: openshift-ansible-{{ openshift_openstack_stack_name }}-data-net port_security_enabled: false data_subnet: type: OS::Neutron::Subnet properties: - name: openshift-ansible-{{ stack_name }}-data-subnet + name: openshift-ansible-{{ openshift_openstack_stack_name }}-data-subnet network: { get_resource: data_net } cidr: {{ osm_cluster_network_cidr|default('10.128.0.0/14') }} gateway_ip: null @@ -139,9 +139,9 @@ resources: str_replace: template: openshift-ansible-cluster_id-router params: - cluster_id: {{ stack_name }} + cluster_id: {{ openshift_openstack_stack_name }} external_gateway_info: - network: {{ openstack_external_network_name }} + network: {{ openshift_openstack_external_network_name }} interface: type: OS::Neutron::RouterInterface @@ -158,8 +158,8 @@ resources: # str_replace: # template: openshift-ansible-cluster_id-keypair # params: -# cluster_id: {{ stack_name }} -# public_key: {{ openstack_keypair_name }} +# cluster_id: {{ openshift_openstack_stack_name }} +# public_key: {{ openshift_openstack_keypair_name }} common-secgrp: type: OS::Neutron::SecurityGroup @@ -168,30 +168,30 @@ resources: str_replace: template: openshift-ansible-cluster_id-common-secgrp params: - cluster_id: {{ stack_name }} + cluster_id: {{ openshift_openstack_stack_name }} description: str_replace: template: Basic ssh/icmp security group for cluster_id OpenShift cluster params: - cluster_id: {{ stack_name }} + cluster_id: {{ openshift_openstack_stack_name }} rules: - direction: ingress protocol: tcp port_range_min: 22 port_range_max: 22 - remote_ip_prefix: {{ ssh_ingress_cidr }} -{% if openstack_use_bastion|bool %} + remote_ip_prefix: {{ openshift_openstack_ssh_ingress_cidr }} +{% if openshift_openstack_use_bastion|bool %} - direction: ingress protocol: tcp port_range_min: 22 port_range_max: 22 - remote_ip_prefix: {{ bastion_ingress_cidr }} + remote_ip_prefix: {{ openshift_openstack_bastion_ingress_cidr }} {% endif %} - direction: ingress protocol: icmp - remote_ip_prefix: {{ ssh_ingress_cidr }} + remote_ip_prefix: {{ openshift_openstack_ssh_ingress_cidr }} -{% if openstack_flat_secgrp|default(False)|bool %} +{% if openshift_openstack_flat_secgrp|default(False)|bool %} flat-secgrp: type: OS::Neutron::SecurityGroup properties: @@ -199,12 +199,12 @@ resources: str_replace: template: openshift-ansible-cluster_id-flat-secgrp params: - cluster_id: {{ stack_name }} + cluster_id: {{ openshift_openstack_stack_name }} description: str_replace: template: Security group for cluster_id OpenShift cluster params: - cluster_id: {{ stack_name }} + cluster_id: {{ openshift_openstack_stack_name }} rules: - direction: ingress protocol: tcp @@ -280,12 +280,12 @@ resources: protocol: tcp port_range_min: 30000 port_range_max: 32767 - remote_ip_prefix: {{ node_ingress_cidr }} + remote_ip_prefix: {{ openshift_openstack_node_ingress_cidr }} - direction: ingress protocol: tcp port_range_min: 30000 port_range_max: 32767 - remote_ip_prefix: "{{ openstack_subnet_prefix }}.0/24" + remote_ip_prefix: "{{ openshift_openstack_subnet_prefix }}.0/24" {% else %} master-secgrp: type: OS::Neutron::SecurityGroup @@ -294,12 +294,12 @@ resources: str_replace: template: openshift-ansible-cluster_id-master-secgrp params: - cluster_id: {{ stack_name }} + cluster_id: {{ openshift_openstack_stack_name }} description: str_replace: template: Security group for cluster_id OpenShift cluster master params: - cluster_id: {{ stack_name }} + cluster_id: {{ openshift_openstack_stack_name }} rules: - direction: ingress protocol: tcp @@ -355,12 +355,12 @@ resources: str_replace: template: openshift-ansible-cluster_id-etcd-secgrp params: - cluster_id: {{ stack_name }} + cluster_id: {{ openshift_openstack_stack_name }} description: str_replace: template: Security group for cluster_id etcd cluster params: - cluster_id: {{ stack_name }} + cluster_id: {{ openshift_openstack_stack_name }} rules: - direction: ingress protocol: tcp @@ -381,12 +381,12 @@ resources: str_replace: template: openshift-ansible-cluster_id-node-secgrp params: - cluster_id: {{ stack_name }} + cluster_id: {{ openshift_openstack_stack_name }} description: str_replace: template: Security group for cluster_id OpenShift cluster nodes params: - cluster_id: {{ stack_name }} + cluster_id: {{ openshift_openstack_stack_name }} rules: - direction: ingress protocol: tcp @@ -412,12 +412,12 @@ resources: protocol: tcp port_range_min: 30000 port_range_max: 32767 - remote_ip_prefix: {{ node_ingress_cidr }} + remote_ip_prefix: {{ openshift_openstack_node_ingress_cidr }} - direction: ingress protocol: tcp port_range_min: 30000 port_range_max: 32767 - remote_ip_prefix: "{{ openstack_subnet_prefix }}.0/24" + remote_ip_prefix: "{{ openshift_openstack_subnet_prefix }}.0/24" {% endif %} infra-secgrp: @@ -427,12 +427,12 @@ resources: str_replace: template: openshift-ansible-cluster_id-infra-secgrp params: - cluster_id: {{ stack_name }} + cluster_id: {{ openshift_openstack_stack_name }} description: str_replace: template: Security group for cluster_id OpenShift infrastructure cluster nodes params: - cluster_id: {{ stack_name }} + cluster_id: {{ openshift_openstack_stack_name }} rules: - direction: ingress protocol: tcp @@ -443,7 +443,7 @@ resources: port_range_min: 443 port_range_max: 443 -{% if openstack_num_dns|int > 0 %} +{% if openshift_openstack_num_dns|int > 0 %} dns-secgrp: type: OS::Neutron::SecurityGroup properties: @@ -451,67 +451,67 @@ resources: str_replace: template: openshift-ansible-cluster_id-dns-secgrp params: - cluster_id: {{ stack_name }} + cluster_id: {{ openshift_openstack_stack_name }} description: str_replace: template: Security group for cluster_id cluster DNS params: - cluster_id: {{ stack_name }} + cluster_id: {{ openshift_openstack_stack_name }} rules: - direction: ingress protocol: udp port_range_min: 53 port_range_max: 53 - remote_ip_prefix: {{ node_ingress_cidr }} + remote_ip_prefix: {{ openshift_openstack_node_ingress_cidr }} - direction: ingress protocol: udp port_range_min: 53 port_range_max: 53 - remote_ip_prefix: "{{ openstack_subnet_prefix }}.0/24" + remote_ip_prefix: "{{ openshift_openstack_subnet_prefix }}.0/24" - direction: ingress protocol: tcp port_range_min: 53 port_range_max: 53 - remote_ip_prefix: {{ node_ingress_cidr }} + remote_ip_prefix: {{ openshift_openstack_node_ingress_cidr }} - direction: ingress protocol: tcp port_range_min: 53 port_range_max: 53 - remote_ip_prefix: "{{ openstack_subnet_prefix }}.0/24" + remote_ip_prefix: "{{ openshift_openstack_subnet_prefix }}.0/24" {% endif %} -{% if openstack_num_masters|int > 1 or openshift_ui_ssh_tunnel|bool %} +{% if openshift_openstack_num_masters|int > 1 or openshift_openstack_ui_ssh_tunnel|bool %} lb-secgrp: type: OS::Neutron::SecurityGroup properties: - name: openshift-ansible-{{ stack_name }}-lb-secgrp - description: Security group for {{ stack_name }} cluster Load Balancer + name: openshift-ansible-{{ openshift_openstack_stack_name }}-lb-secgrp + description: Security group for {{ openshift_openstack_stack_name }} cluster Load Balancer rules: - direction: ingress protocol: tcp port_range_min: {{ openshift_master_api_port | default(8443) }} port_range_max: {{ openshift_master_api_port | default(8443) }} - remote_ip_prefix: {{ lb_ingress_cidr | default(bastion_ingress_cidr) }} -{% if openshift_ui_ssh_tunnel|bool %} + remote_ip_prefix: {{ openshift_openstack_lb_ingress_cidr | default(openshift_openstack_bastion_ingress_cidr) }} +{% if openshift_openstack_ui_ssh_tunnel|bool %} - direction: ingress protocol: tcp port_range_min: {{ openshift_master_api_port | default(8443) }} port_range_max: {{ openshift_master_api_port | default(8443) }} - remote_ip_prefix: {{ ssh_ingress_cidr }} + remote_ip_prefix: {{ openshift_openstack_ssh_ingress_cidr }} {% endif %} {% if openshift_master_console_port is defined and openshift_master_console_port != openshift_master_api_port %} - direction: ingress protocol: tcp port_range_min: {{ openshift_master_console_port | default(8443) }} port_range_max: {{ openshift_master_console_port | default(8443) }} - remote_ip_prefix: {{ lb_ingress_cidr | default(bastion_ingress_cidr) }} + remote_ip_prefix: {{ openshift_openstack_lb_ingress_cidr | default(openshift_openstack_bastion_ingress_cidr) }} {% endif %} {% endif %} etcd: type: OS::Heat::ResourceGroup properties: - count: {{ openstack_num_etcd }} + count: {{ openshift_openstack_num_etcd }} resource_def: type: server.yaml properties: @@ -519,23 +519,23 @@ resources: str_replace: template: k8s_type-%index%.cluster_id params: - cluster_id: {{ stack_name }} - k8s_type: {{ openstack_etcd_hostname }} - cluster_env: {{ public_dns_domain }} - cluster_id: {{ stack_name }} + cluster_id: {{ openshift_openstack_stack_name }} + k8s_type: {{ openshift_openstack_etcd_hostname }} + cluster_env: {{ openshift_openstack_public_dns_domain }} + cluster_id: {{ openshift_openstack_stack_name }} group: str_replace: template: k8s_type.cluster_id params: k8s_type: etcds - cluster_id: {{ stack_name }} + cluster_id: {{ openshift_openstack_stack_name }} type: etcd - image: {{ openstack_etcd_image }} - flavor: {{ openstack_etcd_flavor }} - key_name: {{ openstack_keypair_name }} -{% if openstack_provider_network_name %} - net: {{ openstack_provider_network_name }} - net_name: {{ openstack_provider_network_name }} + image: {{ openshift_openstack_etcd_image }} + flavor: {{ openshift_openstack_etcd_flavor }} + key_name: {{ openshift_openstack_keypair_name }} +{% if openshift_openstack_provider_network_name %} + net: {{ openshift_openstack_provider_network_name }} + net_name: {{ openshift_openstack_provider_network_name }} {% else %} net: { get_resource: net } subnet: { get_resource: subnet } @@ -543,40 +543,40 @@ resources: str_replace: template: openshift-ansible-cluster_id-net params: - cluster_id: {{ stack_name }} + cluster_id: {{ openshift_openstack_stack_name }} {% endif %} secgrp: - - { get_resource: {% if openstack_flat_secgrp|default(False)|bool %}flat-secgrp{% else %}etcd-secgrp{% endif %} } + - { get_resource: {% if openshift_openstack_flat_secgrp|default(False)|bool %}flat-secgrp{% else %}etcd-secgrp{% endif %} } - { get_resource: common-secgrp } floating_network: if: - no_floating - null - - {{ openstack_external_network_name }} -{% if openstack_use_bastion|bool or openstack_provider_network_name %} + - {{ openshift_openstack_external_network_name }} +{% if openshift_openstack_use_bastion|bool or openshift_openstack_provider_network_name %} attach_float_net: false {% endif %} - volume_size: {{ openstack_etcd_volume_size }} -{% if not openstack_provider_network_name %} + volume_size: {{ openshift_openstack_etcd_volume_size }} +{% if not openshift_openstack_provider_network_name %} depends_on: - interface {% endif %} -{% if openstack_master_server_group_policies|length > 0 %} +{% if openshift_openstack_master_server_group_policies|length > 0 %} master_server_group: type: OS::Nova::ServerGroup properties: name: master_server_group - policies: {{ openstack_master_server_group_policies }} + policies: {{ openshift_openstack_master_server_group_policies }} {% endif %} -{% if openstack_infra_server_group_policies|length > 0 %} +{% if openshift_openstack_infra_server_group_policies|length > 0 %} infra_server_group: type: OS::Nova::ServerGroup properties: name: infra_server_group - policies: {{ openstack_infra_server_group_policies }} + policies: {{ openshift_openstack_infra_server_group_policies }} {% endif %} -{% if openstack_num_masters|int > 1 %} +{% if openshift_openstack_num_masters|int > 1 %} loadbalancer: type: OS::Heat::ResourceGroup properties: @@ -588,23 +588,23 @@ resources: str_replace: template: k8s_type-%index%.cluster_id params: - cluster_id: {{ stack_name }} - k8s_type: {{ openstack_lb_hostname }} - cluster_env: {{ public_dns_domain }} - cluster_id: {{ stack_name }} + cluster_id: {{ openshift_openstack_stack_name }} + k8s_type: {{ openshift_openstack_lb_hostname }} + cluster_env: {{ openshift_openstack_public_dns_domain }} + cluster_id: {{ openshift_openstack_stack_name }} group: str_replace: template: k8s_type.cluster_id params: k8s_type: lb - cluster_id: {{ stack_name }} + cluster_id: {{ openshift_openstack_stack_name }} type: lb - image: {{ openstack_lb_image }} - flavor: {{ openstack_lb_flavor }} - key_name: {{ openstack_keypair_name }} -{% if openstack_provider_network_name %} - net: {{ openstack_provider_network_name }} - net_name: {{ openstack_provider_network_name }} + image: {{ openshift_openstack_lb_image }} + flavor: {{ openshift_openstack_lb_flavor }} + key_name: {{ openshift_openstack_keypair_name }} +{% if openshift_openstack_provider_network_name %} + net: {{ openshift_openstack_provider_network_name }} + net_name: {{ openshift_openstack_provider_network_name }} {% else %} net: { get_resource: net } subnet: { get_resource: subnet } @@ -612,16 +612,16 @@ resources: str_replace: template: openshift-ansible-cluster_id-net params: - cluster_id: {{ stack_name }} + cluster_id: {{ openshift_openstack_stack_name }} {% endif %} secgrp: - { get_resource: lb-secgrp } - { get_resource: common-secgrp } -{% if not openstack_provider_network_name %} - floating_network: {{ openstack_external_network_name }} +{% if not openshift_openstack_provider_network_name %} + floating_network: {{ openshift_openstack_external_network_name }} {% endif %} - volume_size: {{ openstack_lb_volume_size }} -{% if not openstack_provider_network_name %} + volume_size: {{ openshift_openstack_lb_volume_size }} +{% if not openshift_openstack_provider_network_name %} depends_on: - interface {% endif %} @@ -630,7 +630,7 @@ resources: masters: type: OS::Heat::ResourceGroup properties: - count: {{ openstack_num_masters }} + count: {{ openshift_openstack_num_masters }} resource_def: type: server.yaml properties: @@ -638,23 +638,23 @@ resources: str_replace: template: k8s_type-%index%.cluster_id params: - cluster_id: {{ stack_name }} - k8s_type: {{ openstack_master_hostname }} - cluster_env: {{ public_dns_domain }} - cluster_id: {{ stack_name }} + cluster_id: {{ openshift_openstack_stack_name }} + k8s_type: {{ openshift_openstack_master_hostname }} + cluster_env: {{ openshift_openstack_public_dns_domain }} + cluster_id: {{ openshift_openstack_stack_name }} group: str_replace: template: k8s_type.cluster_id params: k8s_type: masters - cluster_id: {{ stack_name }} + cluster_id: {{ openshift_openstack_stack_name }} type: master - image: {{ openstack_master_image }} - flavor: {{ openstack_master_flavor }} - key_name: {{ openstack_keypair_name }} -{% if openstack_provider_network_name %} - net: {{ openstack_provider_network_name }} - net_name: {{ openstack_provider_network_name }} + image: {{ openshift_openstack_master_image }} + flavor: {{ openshift_openstack_master_flavor }} + key_name: {{ openshift_openstack_keypair_name }} +{% if openshift_openstack_provider_network_name %} + net: {{ openshift_openstack_provider_network_name }} + net_name: {{ openshift_openstack_provider_network_name }} {% else %} net: { get_resource: net } subnet: { get_resource: subnet } @@ -662,7 +662,7 @@ resources: str_replace: template: openshift-ansible-cluster_id-net params: - cluster_id: {{ stack_name }} + cluster_id: {{ openshift_openstack_stack_name }} {% if openshift_use_flannel|default(False)|bool %} attach_data_net: true data_net: { get_resource: data_net } @@ -670,12 +670,12 @@ resources: {% endif %} {% endif %} secgrp: -{% if openstack_flat_secgrp|default(False)|bool %} +{% if openshift_openstack_flat_secgrp|default(False)|bool %} - { get_resource: flat-secgrp } {% else %} - { get_resource: master-secgrp } - { get_resource: node-secgrp } -{% if openstack_num_etcd|int == 0 %} +{% if openshift_openstack_num_etcd|int == 0 %} - { get_resource: etcd-secgrp } {% endif %} {% endif %} @@ -684,16 +684,16 @@ resources: if: - no_floating - null - - {{ openstack_external_network_name }} -{% if openstack_use_bastion|bool or openstack_provider_network_name %} + - {{ openshift_openstack_external_network_name }} +{% if openshift_openstack_use_bastion|bool or openshift_openstack_provider_network_name %} attach_float_net: false {% endif %} - volume_size: {{ openstack_master_volume_size }} -{% if openstack_master_server_group_policies|length > 0 %} + volume_size: {{ openshift_openstack_master_volume_size }} +{% if openshift_openstack_master_server_group_policies|length > 0 %} scheduler_hints: group: { get_resource: master_server_group } {% endif %} -{% if not openstack_provider_network_name %} +{% if not openshift_openstack_provider_network_name %} depends_on: - interface {% endif %} @@ -701,9 +701,9 @@ resources: compute_nodes: type: OS::Heat::ResourceGroup properties: - count: {{ openstack_num_nodes }} + count: {{ openshift_openstack_num_nodes }} removal_policies: - - resource_list: {{ openstack_nodes_to_remove }} + - resource_list: {{ openshift_openstack_nodes_to_remove }} resource_def: type: server.yaml properties: @@ -711,28 +711,28 @@ resources: str_replace: template: sub_type_k8s_type-%index%.cluster_id params: - cluster_id: {{ stack_name }} - sub_type_k8s_type: {{ openstack_node_hostname }} - cluster_env: {{ public_dns_domain }} - cluster_id: {{ stack_name }} + cluster_id: {{ openshift_openstack_stack_name }} + sub_type_k8s_type: {{ openshift_openstack_node_hostname }} + cluster_env: {{ openshift_openstack_public_dns_domain }} + cluster_id: {{ openshift_openstack_stack_name }} group: str_replace: template: k8s_type.cluster_id params: k8s_type: nodes - cluster_id: {{ stack_name }} + cluster_id: {{ openshift_openstack_stack_name }} type: node subtype: app node_labels: -{% for k, v in openshift_cluster_node_labels.app.iteritems() %} +{% for k, v in openshift_openstack_cluster_node_labels.app.iteritems() %} {{ k|e }}: {{ v|e }} {% endfor %} - image: {{ openstack_node_image }} - flavor: {{ openstack_node_flavor }} - key_name: {{ openstack_keypair_name }} -{% if openstack_provider_network_name %} - net: {{ openstack_provider_network_name }} - net_name: {{ openstack_provider_network_name }} + image: {{ openshift_openstack_node_image }} + flavor: {{ openshift_openstack_node_flavor }} + key_name: {{ openshift_openstack_keypair_name }} +{% if openshift_openstack_provider_network_name %} + net: {{ openshift_openstack_provider_network_name }} + net_name: {{ openshift_openstack_provider_network_name }} {% else %} net: { get_resource: net } subnet: { get_resource: subnet } @@ -740,7 +740,7 @@ resources: str_replace: template: openshift-ansible-cluster_id-net params: - cluster_id: {{ stack_name }} + cluster_id: {{ openshift_openstack_stack_name }} {% if openshift_use_flannel|default(False)|bool %} attach_data_net: true data_net: { get_resource: data_net } @@ -748,18 +748,18 @@ resources: {% endif %} {% endif %} secgrp: - - { get_resource: {% if openstack_flat_secgrp|default(False)|bool %}flat-secgrp{% else %}node-secgrp{% endif %} } + - { get_resource: {% if openshift_openstack_flat_secgrp|default(False)|bool %}flat-secgrp{% else %}node-secgrp{% endif %} } - { get_resource: common-secgrp } floating_network: if: - no_floating - null - - {{ openstack_external_network_name }} -{% if openstack_use_bastion|bool or openstack_provider_network_name %} + - {{ openshift_openstack_external_network_name }} +{% if openshift_openstack_use_bastion|bool or openshift_openstack_provider_network_name %} attach_float_net: false {% endif %} - volume_size: {{ openstack_node_volume_size }} -{% if not openstack_provider_network_name %} + volume_size: {{ openshift_openstack_node_volume_size }} +{% if not openshift_openstack_provider_network_name %} depends_on: - interface {% endif %} @@ -767,7 +767,7 @@ resources: infra_nodes: type: OS::Heat::ResourceGroup properties: - count: {{ openstack_num_infra }} + count: {{ openshift_openstack_num_infra }} resource_def: type: server.yaml properties: @@ -775,28 +775,28 @@ resources: str_replace: template: sub_type_k8s_type-%index%.cluster_id params: - cluster_id: {{ stack_name }} - sub_type_k8s_type: {{ openstack_infra_hostname }} - cluster_env: {{ public_dns_domain }} - cluster_id: {{ stack_name }} + cluster_id: {{ openshift_openstack_stack_name }} + sub_type_k8s_type: {{ openshift_openstack_infra_hostname }} + cluster_env: {{ openshift_openstack_public_dns_domain }} + cluster_id: {{ openshift_openstack_stack_name }} group: str_replace: template: k8s_type.cluster_id params: k8s_type: infra - cluster_id: {{ stack_name }} + cluster_id: {{ openshift_openstack_stack_name }} type: node subtype: infra node_labels: -{% for k, v in openshift_cluster_node_labels.infra.iteritems() %} +{% for k, v in openshift_openstack_cluster_node_labels.infra.iteritems() %} {{ k|e }}: {{ v|e }} {% endfor %} - image: {{ openstack_infra_image }} - flavor: {{ openstack_infra_flavor }} - key_name: {{ openstack_keypair_name }} -{% if openstack_provider_network_name %} - net: {{ openstack_provider_network_name }} - net_name: {{ openstack_provider_network_name }} + image: {{ openshift_openstack_infra_image }} + flavor: {{ openshift_openstack_infra_flavor }} + key_name: {{ openshift_openstack_keypair_name }} +{% if openshift_openstack_provider_network_name %} + net: {{ openshift_openstack_provider_network_name }} + net_name: {{ openshift_openstack_provider_network_name }} {% else %} net: { get_resource: net } subnet: { get_resource: subnet } @@ -804,7 +804,7 @@ resources: str_replace: template: openshift-ansible-cluster_id-net params: - cluster_id: {{ stack_name }} + cluster_id: {{ openshift_openstack_stack_name }} {% if openshift_use_flannel|default(False)|bool %} attach_data_net: true data_net: { get_resource: data_net } @@ -813,34 +813,34 @@ resources: {% endif %} secgrp: # TODO(bogdando) filter only required node rules into infra-secgrp -{% if openstack_flat_secgrp|default(False)|bool %} +{% if openshift_openstack_flat_secgrp|default(False)|bool %} - { get_resource: flat-secgrp } {% else %} - { get_resource: node-secgrp } {% endif %} -{% if openshift_ui_ssh_tunnel|bool and openstack_num_masters|int < 2 %} +{% if openshift_openstack_ui_ssh_tunnel|bool and openshift_openstack_num_masters|int < 2 %} - { get_resource: lb-secgrp } {% endif %} - { get_resource: infra-secgrp } - { get_resource: common-secgrp } -{% if not openstack_provider_network_name %} - floating_network: {{ openstack_external_network_name }} +{% if not openshift_openstack_provider_network_name %} + floating_network: {{ openshift_openstack_external_network_name }} {% endif %} - volume_size: {{ openstack_infra_volume_size }} -{% if openstack_infra_server_group_policies|length > 0 %} + volume_size: {{ openshift_openstack_infra_volume_size }} +{% if openshift_openstack_infra_server_group_policies|length > 0 %} scheduler_hints: group: { get_resource: infra_server_group } {% endif %} -{% if not openstack_provider_network_name %} +{% if not openshift_openstack_provider_network_name %} depends_on: - interface {% endif %} -{% if openstack_num_dns|int > 0 %} +{% if openshift_openstack_num_dns|int > 0 %} dns: type: OS::Heat::ResourceGroup properties: - count: {{ openstack_num_dns }} + count: {{ openshift_openstack_num_dns }} resource_def: type: server.yaml properties: @@ -848,23 +848,23 @@ resources: str_replace: template: k8s_type-%index%.cluster_id params: - cluster_id: {{ stack_name }} - k8s_type: {{ openstack_dns_hostname }} - cluster_env: {{ public_dns_domain }} - cluster_id: {{ stack_name }} + cluster_id: {{ openshift_openstack_stack_name }} + k8s_type: {{ openshift_openstack_dns_hostname }} + cluster_env: {{ openshift_openstack_public_dns_domain }} + cluster_id: {{ openshift_openstack_stack_name }} group: str_replace: template: k8s_type.cluster_id params: k8s_type: dns - cluster_id: {{ stack_name }} + cluster_id: {{ openshift_openstack_stack_name }} type: dns - image: {{ openstack_dns_image }} - flavor: {{ openstack_dns_flavor }} - key_name: {{ openstack_keypair_name }} -{% if openstack_provider_network_name %} - net: {{ openstack_provider_network_name }} - net_name: {{ openstack_provider_network_name }} + image: {{ openshift_openstack_dns_image }} + flavor: {{ openshift_openstack_dns_flavor }} + key_name: {{ openshift_openstack_keypair_name }} +{% if openshift_openstack_provider_network_name %} + net: {{ openshift_openstack_provider_network_name }} + net_name: {{ openshift_openstack_provider_network_name }} {% else %} net: { get_resource: net } subnet: { get_resource: subnet } @@ -872,16 +872,16 @@ resources: str_replace: template: openshift-ansible-cluster_id-net params: - cluster_id: {{ stack_name }} + cluster_id: {{ openshift_openstack_stack_name }} {% endif %} secgrp: - { get_resource: dns-secgrp } - { get_resource: common-secgrp } -{% if not openstack_provider_network_name %} - floating_network: {{ openstack_external_network_name }} +{% if not openshift_openstack_provider_network_name %} + floating_network: {{ openshift_openstack_external_network_name }} {% endif %} - volume_size: {{ openstack_dns_volume_size }} -{% if not openstack_provider_network_name %} + volume_size: {{ openshift_openstack_dns_volume_size }} +{% if not openshift_openstack_provider_network_name %} depends_on: - interface {% endif %} diff --git a/roles/openshift_openstack/templates/heat_stack_server.yaml.j2 b/roles/openshift_openstack/templates/heat_stack_server.yaml.j2 index 160345baf..a829da34f 100644 --- a/roles/openshift_openstack/templates/heat_stack_server.yaml.j2 +++ b/roles/openshift_openstack/templates/heat_stack_server.yaml.j2 @@ -61,7 +61,7 @@ parameters: label: Net name description: Net name -{% if not openstack_provider_network_name %} +{% if not openshift_openstack_provider_network_name %} subnet: type: string label: Subnet ID @@ -81,7 +81,7 @@ parameters: label: Net ID description: Net resource -{% if not openstack_provider_network_name %} +{% if not openshift_openstack_provider_network_name %} data_subnet: type: string default: '' @@ -102,7 +102,7 @@ parameters: label: Attach-float-net description: A switch for floating network port connection -{% if not openstack_provider_network_name %} +{% if not openshift_openstack_provider_network_name %} floating_network: type: string default: '' @@ -156,7 +156,7 @@ outputs: - server - addresses - { get_param: net_name } -{% if openstack_provider_network_name %} +{% if openshift_openstack_provider_network_name %} - 0 {% else %} - 1 @@ -226,7 +226,7 @@ resources: type: OS::Neutron::Port properties: network: { get_param: net } -{% if not openstack_provider_network_name %} +{% if not openshift_openstack_provider_network_name %} fixed_ips: - subnet: { get_param: subnet } {% endif %} @@ -239,13 +239,13 @@ resources: properties: network: { get_param: data_net } port_security_enabled: false -{% if not openstack_provider_network_name %} +{% if not openshift_openstack_provider_network_name %} fixed_ips: - subnet: { get_param: data_subnet } {% endif %} {% endif %} -{% if not openstack_provider_network_name %} +{% if not openshift_openstack_provider_network_name %} floating-ip: condition: { not: no_floating } type: OS::Neutron::FloatingIP @@ -254,7 +254,7 @@ resources: port_id: { get_resource: port } {% endif %} -{% if not ephemeral_volumes|default(false)|bool %} +{% if not openshift_openstack_ephemeral_volumes|default(false)|bool %} cinder_volume: type: OS::Cinder::Volume properties: -- cgit v1.2.3