From 1409e0a52d45b7781b3a23f3f7eaa8fe09d26cd6 Mon Sep 17 00:00:00 2001 From: Bogdan Dobrelya Date: Mon, 19 Jun 2017 12:24:23 +0200 Subject: Persist DNS configuration for nodes for openstack provider * Firstly, provision a Heat stack with given public resolvers. * After the DNS node configured as an authoritative server, switch the Heat stack's Neutron subnet to that resolver (private_dns_server) the way it to become the first entry pushed into the hosts /etc/resolv.conf. It will be serving the cluster domain requests for OpenShift nodes and workloads. * Drop post-provision /etc/reslov.conf nameserver hacks as not needed anymore. * Fix dns floating IPs output and add the priv IPs output as well. * Update docs, clarify localhost vs servers requirements, add required Network Manager setup step. * Use post-provision task names instead of comments. Signed-off-by: Bogdan Dobrelya --- playbooks/provisioning/openstack/README.md | 39 +++++++++++++++++++++++------- 1 file changed, 30 insertions(+), 9 deletions(-) (limited to 'playbooks/provisioning/openstack/README.md') diff --git a/playbooks/provisioning/openstack/README.md b/playbooks/provisioning/openstack/README.md index 57b72c7f3..972ef705d 100644 --- a/playbooks/provisioning/openstack/README.md +++ b/playbooks/provisioning/openstack/README.md @@ -5,13 +5,19 @@ OpenStack resources (servers, networking, volumes, security groups, etc.). The result is an environment ready for openshift-ansible. -## Dependencies +## Dependencies for localhost (ansible control/admin node) * [Ansible 2.3](https://pypi.python.org/pypi/ansible) * [jinja2](http://jinja.pocoo.org/docs/2.9/) * [shade](https://pypi.python.org/pypi/shade) -* python-dns +* python-dns / [dnspython](https://pypi.python.org/pypi/dnspython) +* Become (sudo) is not required. +## Dependencies for OpenStack hosted cluster nodes (servers) + +There are no additional dependencies for the cluster nodes. Required +configuration steps are done by Heat given a specific user data config +that normally should not be changed. ## What does it do @@ -42,12 +48,27 @@ etc.). The result is an environment ready for openshift-ansible. Pay special attention to the values in the first paragraph -- these will depend on your OpenStack environment. -The `env_id` and `openstack_dns_domain` will form the DNS domain all +The `env_id` and `public_dns_domain` will form the cluster's DNS domain all your servers will be under. With the default values, this will be -`openshift.example.com`. - -`openstack_nameservers` is a list of DNS servers accessible from all -the created Nova servers. These will be serve as your DNS forwarders. +`openshift.example.com`. For workloads, the default subdomain is 'apps'. +That sudomain can be set as well by the `openshift_app_domain` variable in +the inventory. + +The `public_dns_nameservers` is a list of DNS servers accessible from all +the created Nova servers. These will be serving as your DNS forwarders for +external FQDNs that do not belong to the cluster's DNS domain and its subdomains. + +The `openshift_use_dnsmasq` controls either dnsmasq is deployed or not. +By default, dnsmasq is deployed and comes as the hosts' /etc/resolv.conf file +first nameserver entry that points to the local host instance of the dnsmasq +daemon that in turn proxies DNS requests to the authoritative DNS server. +When Network Manager is enabled for provisioned cluster nodes, which is +normally the case, you should not change the defaults and always deploy dnsmasq. + +Note that the authoritative DNS server is configured on post provsision +steps, and the Neutron subnet for the Heat stack is updated to point to that +server in the end. So the provisioned servers will start using it natively +as a default nameserver that comes from the NetworkManager and cloud-init. `openstack_ssh_key` is a Nova keypair -- you can see your keypairs with `openstack keypair list`. @@ -136,8 +157,8 @@ Once it succeeds, you can install openshift by running: ansible-playbook --become --user openshift --private-key ~/.ssh/openshift -i inventory/ openshift-ansible/playbooks/byo/openshift-node/network_manager.yml ansible-playbook --become --user openshift --private-key ~/.ssh/openshift -i inventory/ openshift-ansible/playbooks/byo/config.yml -Note, the `network_manager.yml` is only required if you're deploying OpenShift -origin. +Note, the `network_manager.yml` step is mandatory and is required for persisting +the hosts' DNS configs. ## License -- cgit v1.2.3