From 86b132e4bb1e5c58c1b194403f7d61fa34b20171 Mon Sep 17 00:00:00 2001 From: Katerina Pilatova Date: Tue, 18 Jul 2017 14:00:17 +0200 Subject: README: added prerequisity for a repository needed for python-openstackclient installation --- playbooks/provisioning/openstack/README.md | 1 + 1 file changed, 1 insertion(+) (limited to 'playbooks/provisioning/openstack/README.md') diff --git a/playbooks/provisioning/openstack/README.md b/playbooks/provisioning/openstack/README.md index 5c2f61202..0d8433367 100644 --- a/playbooks/provisioning/openstack/README.md +++ b/playbooks/provisioning/openstack/README.md @@ -12,6 +12,7 @@ etc.). The result is an environment ready for openshift-ansible. * [shade](https://pypi.python.org/pypi/shade) * python-dns / [dnspython](https://pypi.python.org/pypi/dnspython) * Become (sudo) is not required. +* `rhel-7-server-openstack-10-rpms` repository (in order to be able to install `python-openstackclient`) ## Dependencies for OpenStack hosted cluster nodes (servers) -- cgit v1.2.3 From 7040d1c9562d275bd1cef3059646db696a5f954e Mon Sep 17 00:00:00 2001 From: Katerina Pilatova Date: Tue, 18 Jul 2017 16:38:31 +0200 Subject: dependencies: python-heatclient and python-openstackclient added to optional dependencies --- playbooks/provisioning/openstack/README.md | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'playbooks/provisioning/openstack/README.md') diff --git a/playbooks/provisioning/openstack/README.md b/playbooks/provisioning/openstack/README.md index 0d8433367..e5ec68458 100644 --- a/playbooks/provisioning/openstack/README.md +++ b/playbooks/provisioning/openstack/README.md @@ -14,6 +14,12 @@ etc.). The result is an environment ready for openshift-ansible. * Become (sudo) is not required. * `rhel-7-server-openstack-10-rpms` repository (in order to be able to install `python-openstackclient`) +### Optional Dependencies forlocalhost +**Note**: When using rhel images, `rhel-7-server-openstack-10-rpms` repository is required in order to install these packages. + +* `python-openstackclient` +* `python-heatclient` + ## Dependencies for OpenStack hosted cluster nodes (servers) There are no additional dependencies for the cluster nodes. Required -- cgit v1.2.3 From 5a94e47f12a85daf1f93e1ea695689808c9a481d Mon Sep 17 00:00:00 2001 From: Katerina Pilatova Date: Tue, 18 Jul 2017 16:40:33 +0200 Subject: README: typo --- playbooks/provisioning/openstack/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'playbooks/provisioning/openstack/README.md') diff --git a/playbooks/provisioning/openstack/README.md b/playbooks/provisioning/openstack/README.md index e5ec68458..fe68abb19 100644 --- a/playbooks/provisioning/openstack/README.md +++ b/playbooks/provisioning/openstack/README.md @@ -14,7 +14,7 @@ etc.). The result is an environment ready for openshift-ansible. * Become (sudo) is not required. * `rhel-7-server-openstack-10-rpms` repository (in order to be able to install `python-openstackclient`) -### Optional Dependencies forlocalhost +### Optional Dependencies for localhost **Note**: When using rhel images, `rhel-7-server-openstack-10-rpms` repository is required in order to install these packages. * `python-openstackclient` -- cgit v1.2.3 From 7081dd61c6d591ebff565795c460066f7de3809c Mon Sep 17 00:00:00 2001 From: Katerina Pilatova Date: Wed, 19 Jul 2017 11:49:56 +0200 Subject: README: fix --- playbooks/provisioning/openstack/README.md | 1 - 1 file changed, 1 deletion(-) (limited to 'playbooks/provisioning/openstack/README.md') diff --git a/playbooks/provisioning/openstack/README.md b/playbooks/provisioning/openstack/README.md index fe68abb19..6dd60cd88 100644 --- a/playbooks/provisioning/openstack/README.md +++ b/playbooks/provisioning/openstack/README.md @@ -12,7 +12,6 @@ etc.). The result is an environment ready for openshift-ansible. * [shade](https://pypi.python.org/pypi/shade) * python-dns / [dnspython](https://pypi.python.org/pypi/dnspython) * Become (sudo) is not required. -* `rhel-7-server-openstack-10-rpms` repository (in order to be able to install `python-openstackclient`) ### Optional Dependencies for localhost **Note**: When using rhel images, `rhel-7-server-openstack-10-rpms` repository is required in order to install these packages. -- cgit v1.2.3 From 1975fb57b4ddee77eec6f849f2c7677e2ee3d6df Mon Sep 17 00:00:00 2001 From: Bogdan Dobrelya Date: Thu, 20 Jul 2017 14:53:01 +0200 Subject: Generate static inventory with shade inventory (#538) * Autogenerate inventory/hosts when 'inventory: static' (Default), with the shade-inventory tool. * Drop unused anymore: openstack.py and associated GPL notes, an example static inventory, omit manual updates for the inventory DNS names in the deployment guide. * Switch openstack.py formatted inventory hostvars to the shade-inventory format (omit openstack.* from hostvars). * Populate node labels from inventory vars instead of the heat templates combined with inventory vars. * Add app (k8s minions) nodes group for primary node labels. Signed-off-by: Bogdan Dobrelya --- playbooks/provisioning/openstack/README.md | 19 ++++--------------- 1 file changed, 4 insertions(+), 15 deletions(-) (limited to 'playbooks/provisioning/openstack/README.md') diff --git a/playbooks/provisioning/openstack/README.md b/playbooks/provisioning/openstack/README.md index a92bc8837..d5b7c53ee 100644 --- a/playbooks/provisioning/openstack/README.md +++ b/playbooks/provisioning/openstack/README.md @@ -112,6 +112,9 @@ The `openstack_num_masters`, `openstack_num_infra` and `openstack_num_nodes` values specify the number of Master, Infra and App nodes to create. +The `openshift_cluster_node_labels` defines custom labels for your openshift +cluster node groups, like app or infra nodes. For example: `{'region': 'infra'}`. + The `openstack_nodes_to_remove` allows you to specify the numerical indexes of App nodes that should be removed; for example, ['0', '2'], @@ -141,18 +144,6 @@ be the case for development environments. When turned off, the servers will be provisioned omitting the ``yum update`` command. This brings security implications though, and is not recommended for production deployments. -### Update the DNS names in `inventory/hosts` - -The different server groups are currently grouped by the domain name, -so if you end up using a different domain than -`openshift.example.com`, you will need to update the `inventory/hosts` -file. - -For example, if your final domain is `my.cloud.com`, you can run this -command to fix update the `hosts` file: - - sed -i 's/openshift.example.com/my.cloud.com/' inventory/hosts - ### Configure the OpenShift parameters Finally, you need to update the DNS entry in @@ -193,6 +184,4 @@ Once it succeeds, you can install openshift by running: ## License As the rest of the openshift-ansible-contrib repository, the code here is -licensed under Apache 2. However, the openstack.py file under -`sample-inventory` is GPLv3+. See the INVENTORY-LICENSE.txt file for the full -text of the license. +licensed under Apache 2. -- cgit v1.2.3 From e7a7d1642c1ffbfe23cd5ad2d920e842f0cae4b2 Mon Sep 17 00:00:00 2001 From: Bogdan Dobrelya Date: Thu, 20 Jul 2017 16:53:05 +0200 Subject: Static inventory autogeneration (#550) * At the provisioning stage, allow users to auto-generate a static inventory w/o manual steps needed. The alternative to go fully dynamic TBD. * Move openshift pre-install playbook to the post provision playbook, where the second part of the pre install tasks is already placed. Signed-off-by: Bogdan Dobrelya --- playbooks/provisioning/openstack/README.md | 46 ++++++++++++++++++++++++++---- 1 file changed, 41 insertions(+), 5 deletions(-) (limited to 'playbooks/provisioning/openstack/README.md') diff --git a/playbooks/provisioning/openstack/README.md b/playbooks/provisioning/openstack/README.md index d5b7c53ee..0b0382834 100644 --- a/playbooks/provisioning/openstack/README.md +++ b/playbooks/provisioning/openstack/README.md @@ -93,8 +93,9 @@ steps, and the Neutron subnet for the Heat stack is updated to point to that server in the end. So the provisioned servers will start using it natively as a default nameserver that comes from the NetworkManager and cloud-init. -`openstack_ssh_key` is a Nova keypair -- you can see your keypairs with -`openstack keypair list`. +`openstack_ssh_key` is a Nova keypair - you can see your keypairs with +`openstack keypair list`. This guide assumes that its corresponding private +key is `~/.ssh/openshift`, stored on the ansible admin (control) node. `openstack_default_image_name` is the name of the Glance image the servers will use. You can @@ -127,6 +128,14 @@ The `required_packages` variable also provides a list of the additional prerequisite packages to be installed before to deploy an OpenShift cluster. Those are ignored though, if the `manage_packages: False`. +The `openstack_inventory` controls either a static inventory will be created after the +cluster nodes provisioned on OpenStack cloud. Note, the fully dynamic inventory +is yet to be supported, so the static inventory will be created anyway. + +The `openstack_inventory_path` points the directory to host the generated static inventory. +It should point to the copied example inventory directory, otherwise ti creates +a new one for you. + #### Security notes Configure required `*_ingress_cidr` variables to restrict public access @@ -164,21 +173,48 @@ variables for the `inventory/group_vars/OSEv3.yml`, `all.yml`: origin_release: 1.5.1 openshift_deployment_type: "{{ deployment_type }}" +### Configure static inventory + +Example inventory variables: + + openstack_private_ssh_key: ~/.ssh/openshift + openstack_inventory: static + openstack_inventory_path: ../../../../inventory + + +In this guide, the latter points to the current directory, where you run ansible commands +from. + +To verify nodes connectivity, use the command: + + ansible -v -i inventory/hosts -m ping all + +If something is broken, double-check the inventory variables, paths and the +generated `/hosts` file. + +The `inventory: dynamic` can be used instead to access cluster nodes directly via +floating IPs. In this mode you can not use a bastion node and should specify +the dynamic inventory file in your ansible commands , like `-i openstack.py`. + ## Deployment ### Run the playbook Assuming your OpenStack (Keystone) credentials are in the `keystonerc` -file, this is how you stat the provisioning process: +this is how you stat the provisioning process from your ansible control node: . keystonerc - ansible-playbook -i inventory --timeout 30 --private-key ~/.ssh/openshift openshift-ansible-contrib/playbooks/provisioning/openstack/provision.yaml + ansible-playbook openshift-ansible-contrib/playbooks/provisioning/openstack/provision.yaml + +Note, here you start with an empty inventory. The static inventory will be populated +with data so you can omit providing additional arguments for future ansible commands. + ### Install OpenShift Once it succeeds, you can install openshift by running: - ansible-playbook --user openshift --private-key ~/.ssh/openshift -i inventory/ openshift-ansible/playbooks/byo/config.yml + ansible-playbook openshift-ansible/playbooks/byo/config.yml ## License -- cgit v1.2.3 From 76b277f9649d7932ae84a544633e7dd5c5cd12c4 Mon Sep 17 00:00:00 2001 From: Tlacenka Date: Mon, 24 Jul 2017 10:39:22 +0200 Subject: README: Added note about infra-ansible installation (#574) * README in provisioning: note about infra-ansible not updating versions if one exists * README in provisioning: minor change * README: improved readability --- playbooks/provisioning/openstack/README.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'playbooks/provisioning/openstack/README.md') diff --git a/playbooks/provisioning/openstack/README.md b/playbooks/provisioning/openstack/README.md index 0b0382834..1ff586b49 100644 --- a/playbooks/provisioning/openstack/README.md +++ b/playbooks/provisioning/openstack/README.md @@ -39,8 +39,12 @@ Alternatively you can install directly from github: ansible-galaxy install git+https://github.com/redhat-cop/infra-ansible,master \ -p openshift-ansible-contrib/roles -Note, this assumes we're in the directory that contains the clonned +Notes: +* This assumes we're in the directory that contains the clonned openshift-ansible-contrib repo in its root path. +* When trying to install a different version, the previous one must be removed first +(`infra-ansible` directory from [roles](https://github.com/openshift/openshift-ansible-contrib/tree/master/roles)). +Otherwise, even if there are differences between the two versions, installation of the newer version is skipped. ## What does it do -- cgit v1.2.3 From df8f5f0e251a014ab30dabd62c17e151b7fe36e8 Mon Sep 17 00:00:00 2001 From: Bogdan Dobrelya Date: Wed, 12 Jul 2017 13:09:45 +0200 Subject: Options for bastion, SSH config, static inventory autogeneration * At the provisioning stage, allow users to auto-generate SSH config, when using a static inventory. * Run playbooks to provsion and post-provision as a separate, when using a bastion. This re-applies the SSH config, which ansible can't do on the fly. * Support a pre-installed bastion node, colocated with the 1st infra node. * With a bastion enabled, reduce floating IP footprint to infra and dns nodes only, effectively isolating a cluster in a private network. Signed-off-by: Bogdan Dobrelya --- playbooks/provisioning/openstack/README.md | 31 ++++++++++++++++++++++++++---- 1 file changed, 27 insertions(+), 4 deletions(-) (limited to 'playbooks/provisioning/openstack/README.md') diff --git a/playbooks/provisioning/openstack/README.md b/playbooks/provisioning/openstack/README.md index 1ff586b49..6b9e5a3a9 100644 --- a/playbooks/provisioning/openstack/README.md +++ b/playbooks/provisioning/openstack/README.md @@ -40,7 +40,7 @@ Alternatively you can install directly from github: -p openshift-ansible-contrib/roles Notes: -* This assumes we're in the directory that contains the clonned +* This assumes we're in the directory that contains the clonned openshift-ansible-contrib repo in its root path. * When trying to install a different version, the previous one must be removed first (`infra-ansible` directory from [roles](https://github.com/openshift/openshift-ansible-contrib/tree/master/roles)). @@ -177,16 +177,30 @@ variables for the `inventory/group_vars/OSEv3.yml`, `all.yml`: origin_release: 1.5.1 openshift_deployment_type: "{{ deployment_type }}" -### Configure static inventory +### Configure static inventory and access via a bastion node Example inventory variables: + openstack_use_bastion: true + bastion_ingress_cidr: "{{openstack_subnet_prefix}}.0/24" openstack_private_ssh_key: ~/.ssh/openshift openstack_inventory: static openstack_inventory_path: ../../../../inventory + openstack_ssh_config_path: /tmp/ssh.config.openshift.ansible.openshift.example.com +The `openstack_subnet_prefix` is the openstack private network for your cluster. +And the `bastion_ingress_cidr` defines accepted range for SSH connections to nodes +additionally to the `ssh_ingress_cidr`` (see the security notes above). -In this guide, the latter points to the current directory, where you run ansible commands +The SSH config will be stored on the ansible control node by the +gitven path. Ansible uses it automatically. To access the cluster nodes with +that ssh config, use the `-F` prefix, f.e.: + + ssh -F /tmp/ssh.config.openshift.ansible.openshift.example.com master-0.openshift.example.com echo OK + +Note, relative paths will not work for the `openstack_ssh_config_path`, but it +works for the `openstack_private_ssh_key` and `openstack_inventory_path`. In this +guide, the latter points to the current directory, where you run ansible commands from. To verify nodes connectivity, use the command: @@ -194,7 +208,7 @@ To verify nodes connectivity, use the command: ansible -v -i inventory/hosts -m ping all If something is broken, double-check the inventory variables, paths and the -generated `/hosts` file. +generated `/hosts` and `openstack_ssh_config_path` files. The `inventory: dynamic` can be used instead to access cluster nodes directly via floating IPs. In this mode you can not use a bastion node and should specify @@ -213,6 +227,15 @@ this is how you stat the provisioning process from your ansible control node: Note, here you start with an empty inventory. The static inventory will be populated with data so you can omit providing additional arguments for future ansible commands. +If bastion enabled, the generates SSH config must be applied for ansible. +Otherwise, it is auto included by the previous step. In order to execute it +as a separate playbook, use the following command: + + ansible-playbook openshift-ansible-contrib/playbooks/provisioning/openstack/post-provision-openstack.yml + +The first infra node then becomes a bastion node as well and proxies access +for future ansible commands. The post-provision step also configures Satellite, +if requested, and DNS server, and ensures other OpenShift requirements to be met. ### Install OpenShift -- cgit v1.2.3