From 636510c3eec7317acdfded00d6237ed5f6ff3529 Mon Sep 17 00:00:00 2001 From: Andrew Block Date: Mon, 8 Feb 2016 00:10:01 -0600 Subject: New OSE3 docker host builder and OpenStack ansible provisioning support --- roles/common/pre_tasks/pre_tasks.yml | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 roles/common/pre_tasks/pre_tasks.yml (limited to 'roles/common') diff --git a/roles/common/pre_tasks/pre_tasks.yml b/roles/common/pre_tasks/pre_tasks.yml new file mode 100644 index 000000000..c573bff8c --- /dev/null +++ b/roles/common/pre_tasks/pre_tasks.yml @@ -0,0 +1,4 @@ +--- +- name: Generate Environment ID + shell: echo "$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | head -c 8)" + register: env_random_id \ No newline at end of file -- cgit v1.2.3 From ca1b17aeeb8ed4f4db0a90a11bccd9ea009f9eac Mon Sep 17 00:00:00 2001 From: Eric Sauer Date: Fri, 13 May 2016 16:25:19 -0400 Subject: Changes by JayKayy for a full provision of OpenShift on OpenStack --- roles/common/pre_tasks/pre_tasks.yml | 2 +- roles/hostnames/tasks/main.yaml | 17 +++++++++++++++ roles/hostnames/templates/records.template.yaml | 28 +++++++++++++++++++++++++ roles/hostnames/test/inv | 12 +++++++++++ roles/hostnames/test/roles | 1 + roles/hostnames/test/test.retry | 3 +++ roles/hostnames/test/test.yaml | 21 +++++++++++++++++++ roles/hostnames/vars/main.yaml | 2 ++ roles/hostnames/vars/records.yaml | 28 +++++++++++++++++++++++++ 9 files changed, 113 insertions(+), 1 deletion(-) create mode 100644 roles/hostnames/tasks/main.yaml create mode 100644 roles/hostnames/templates/records.template.yaml create mode 100644 roles/hostnames/test/inv create mode 120000 roles/hostnames/test/roles create mode 100644 roles/hostnames/test/test.retry create mode 100644 roles/hostnames/test/test.yaml create mode 100644 roles/hostnames/vars/main.yaml create mode 100644 roles/hostnames/vars/records.yaml (limited to 'roles/common') diff --git a/roles/common/pre_tasks/pre_tasks.yml b/roles/common/pre_tasks/pre_tasks.yml index c573bff8c..9dd14c30c 100644 --- a/roles/common/pre_tasks/pre_tasks.yml +++ b/roles/common/pre_tasks/pre_tasks.yml @@ -1,4 +1,4 @@ --- - name: Generate Environment ID shell: echo "$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | head -c 8)" - register: env_random_id \ No newline at end of file + register: env_random_id diff --git a/roles/hostnames/tasks/main.yaml b/roles/hostnames/tasks/main.yaml new file mode 100644 index 000000000..921cd664b --- /dev/null +++ b/roles/hostnames/tasks/main.yaml @@ -0,0 +1,17 @@ +--- + - name: Setting master(s) hostname + hostname: name="{% for thishost in groups['openshift_masters'] %}{% if inventory_hostname == thishost %}master{{ counter }}.{{ dns_domain }}{% endif %}{% set counter = counter + 1 %}{% endfor %}" + when: "'openshift_masters' in group_names" + + - name: Setting node(s) hostname + hostname: name="{% for thishost in groups['openshift_nodes'] %}{% if inventory_hostname == thishost %}node{{ counter }}.{{ dns_domain }}{% endif %}{% set counter = counter + 1 %}{% endfor %}" + when: "'openshift_nodes' in group_names" + + - name: "Templating records" + become: false + remote_user: cloud-user + template: + src: "{{ role_path }}/templates/records.template.yaml" + dest: "/tmp/records.yaml" + force: yes + delegate_to: localhost diff --git a/roles/hostnames/templates/records.template.yaml b/roles/hostnames/templates/records.template.yaml new file mode 100644 index 000000000..a916fd2b3 --- /dev/null +++ b/roles/hostnames/templates/records.template.yaml @@ -0,0 +1,28 @@ +--- +dns_records_add: + - view: private + zone: {{ dns_domain }} + entries: +{% for mst in groups['openshift_masters'] %} + - type: A + hostname: {{ hostvars[mst]['ansible_hostname'] }} + ip: {{ hostvars[mst]['dns_private_ip'] }} +{% endfor %} +{% for node in groups['openshift_nodes'] %} + - type: A + hostname: {{ hostvars[node]['ansible_hostname'] }} + ip: {{ hostvars[node]['dns_private_ip'] }} +{% endfor %} + - view: public + zone: {{ dns_domain}} + entries: +{% for mst in groups['openshift_masters']%} + - type: A + hostname: {{ hostvars[mst]['ansible_hostname'] }} + ip: {{ hostvars[mst]['dns_public_ip'] }} +{% endfor %} +{% for node in groups['openshift_nodes'] %} + - type: A + hostname: {{ hostvars[node]['ansible_hostname'] }} + ip: {{ hostvars[node]['dns_public_ip'] }} +{% endfor %} diff --git a/roles/hostnames/test/inv b/roles/hostnames/test/inv new file mode 100644 index 000000000..ffbe6e03d --- /dev/null +++ b/roles/hostnames/test/inv @@ -0,0 +1,12 @@ +[all:vars] +dns_domain=example.com + +[openshift_masters] +192.168.124.41 dns_private_ip=1.1.1.41 dns_public_ip=192.168.124.41 +192.168.124.117 dns_private_ip=1.1.1.117 dns_public_ip=192.168.124.117 + +[openshift_nodes] +192.168.124.40 dns_private_ip=1.1.1.40 dns_public_ip=192.168.124.40 + +#[dns] +#192.168.124.117 dns_private_ip=1.1.1.117 diff --git a/roles/hostnames/test/roles b/roles/hostnames/test/roles new file mode 120000 index 000000000..e2b799b9d --- /dev/null +++ b/roles/hostnames/test/roles @@ -0,0 +1 @@ +../../../roles/ \ No newline at end of file diff --git a/roles/hostnames/test/test.retry b/roles/hostnames/test/test.retry new file mode 100644 index 000000000..63fc08e4c --- /dev/null +++ b/roles/hostnames/test/test.retry @@ -0,0 +1,3 @@ +192.168.124.117 +192.168.124.40 +192.168.124.41 diff --git a/roles/hostnames/test/test.yaml b/roles/hostnames/test/test.yaml new file mode 100644 index 000000000..34bf37942 --- /dev/null +++ b/roles/hostnames/test/test.yaml @@ -0,0 +1,21 @@ +--- +- hosts: all + roles: + - role: hostnames + +# - debug: +# +# - hosts: dns +# roles: +# - role: dns-server +# named_config_views: +# - name: private +# acl_entry: +# - 192.168.124.40/32 +# - 192.168.124.40/32 +# zone: +# - dns_domain: example.com +# - name: public +# zone: +# - dns_domain: example.com +# - role: dns diff --git a/roles/hostnames/vars/main.yaml b/roles/hostnames/vars/main.yaml new file mode 100644 index 000000000..3eecb8dc4 --- /dev/null +++ b/roles/hostnames/vars/main.yaml @@ -0,0 +1,2 @@ +--- +counter: 1 diff --git a/roles/hostnames/vars/records.yaml b/roles/hostnames/vars/records.yaml new file mode 100644 index 000000000..3bf12ae2b --- /dev/null +++ b/roles/hostnames/vars/records.yaml @@ -0,0 +1,28 @@ +--- + - name: "Building Records" + set_fact: + dns_records_add: + - view: private + zone: example.com + entries: + - type: A + hostname: master1.example.com + ip: 172.16.15.94 + - type: A + hostname: node1.example.com + ip: 172.16.15.86 + - type: A + hostname: node2.example.com + ip: 172.16.15.87 + - view: public + zone: example.com + entries: + - type: A + hostname: master1.example.com + ip: 10.3.10.116 + - type: A + hostname: node1.example.com + ip: 10.3.11.46 + - type: A + hostname: node2.example.com + ip: 10.3.12.6 -- cgit v1.2.3 From 4d6eb644d78f4b972154ade3d12c23b28dbe19e3 Mon Sep 17 00:00:00 2001 From: Øystein Bedin Date: Thu, 9 Jun 2016 11:34:07 -0400 Subject: Updated to run as root rather than cloud-user, for now... --- roles/common/pre_tasks/pre_tasks.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'roles/common') diff --git a/roles/common/pre_tasks/pre_tasks.yml b/roles/common/pre_tasks/pre_tasks.yml index 9dd14c30c..ed57a2993 100644 --- a/roles/common/pre_tasks/pre_tasks.yml +++ b/roles/common/pre_tasks/pre_tasks.yml @@ -1,4 +1,4 @@ --- - name: Generate Environment ID - shell: echo "$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | head -c 8)" + shell: echo "$(date +%s)" register: env_random_id -- cgit v1.2.3 From c757fd690d24865ef3b5b9a1b536120299b39a6c Mon Sep 17 00:00:00 2001 From: Øystein Bedin Date: Sun, 21 Aug 2016 02:12:53 -0400 Subject: Updated env_id to be a sub-domain + make the logic a bit more flexible --- roles/common/pre_tasks/pre_tasks.yml | 21 +++++++++++++++++++-- roles/hostnames/tasks/main.yaml | 4 ++-- 2 files changed, 21 insertions(+), 4 deletions(-) (limited to 'roles/common') diff --git a/roles/common/pre_tasks/pre_tasks.yml b/roles/common/pre_tasks/pre_tasks.yml index ed57a2993..1ba1ea55d 100644 --- a/roles/common/pre_tasks/pre_tasks.yml +++ b/roles/common/pre_tasks/pre_tasks.yml @@ -1,4 +1,21 @@ --- - name: Generate Environment ID - shell: echo "$(date +%s)" - register: env_random_id + set_fact: + env_random_id: "{{ ansible_date_time.epoch }}" + run_once: true + delegate_to: localhost + +- name: Set default Environment ID + set_fact: + default_env_id: "casl-{{ lookup('env','OS_USERNAME') }}-{{ env_random_id }}" + delegate_to: localhost + +- name: Setting Common Facts + set_fact: + env_id: "{{ env_id | default(default_env_id) }}" + delegate_to: localhost + +- name: Updating DNS domain to include env_id (if not empty) + set_fact: + full_dns_domain: "{{ (env_id|trim == '') | ternary(dns_domain, env_id + '.' + dns_domain) }}" + delegate_to: localhost diff --git a/roles/hostnames/tasks/main.yaml b/roles/hostnames/tasks/main.yaml index bb45445f5..bf142d653 100644 --- a/roles/hostnames/tasks/main.yaml +++ b/roles/hostnames/tasks/main.yaml @@ -1,11 +1,11 @@ --- - name: Setting Hostname Fact set_fact: - new_hostname: "{{ custom_hostname | default(inventory_hostname) }}" + new_hostname: "{{ custom_hostname | default(inventory_hostname_short) }}" - name: Setting FQDN Fact set_fact: - new_fqdn: "{{ new_hostname }}.{{ dns_domain }}" + new_fqdn: "{{ new_hostname }}.{{ full_dns_domain }}" - name: Setting hostname and DNS domain hostname: name="{{ new_fqdn }}" -- cgit v1.2.3 From 11b48fe4e237950f9d9e9a0e66d8b15f48be1ea0 Mon Sep 17 00:00:00 2001 From: Eric Sauer Date: Wed, 21 Dec 2016 10:37:40 -0500 Subject: Openstack heat (#2) * Adding a role to invoke openstack heat * Adding readme * Pulling parameters out to inventory file * start of end-to-end playbook * More enhancements and refactoring to make dynamic inventory the driver for an openshift install * Switching to variable substituted path to config.yaml playbook * Changes to allow defining of number of nodes/infranodes. * Added labels to inventory * Start of end-to-end functionality * Enhancements to support openstack heat provisioning * Updating inventory sample to remove some deprecation warnings * Working towards making the secure-registry role 'become' aware * Fixing node labels and removing secure-registry as it's no longer needed * No longer need insecure registry line, as installer will secure our registry * Adjusted dynamic inventory to filter by clusterid * Minor updates to dynamic inventory bug * Adding a refactored sample inventory directory * Refactoring playbooks for better directory structure, and to narrow down host groups * Adding volume mounts to heat template * Moving dns playbooks back to original location * Fixing incorrect file path * Cleaning up inventory samples * One more hostname to clean up * Changing var name * changed openshift-provision to openshift-prep * Adjusting current provision script to avoid breakage by new openstack-heat code --- roles/common/pre_tasks/pre_tasks.yml | 5 + roles/openshift-prep/tasks/main.yml | 4 + roles/openshift-prep/tasks/prerequisites.yml | 36 ++ roles/openstack-stack/README.md | 9 + roles/openstack-stack/files/heat_stack.yaml | 684 +++++++++++++++++++++ roles/openstack-stack/files/heat_stack_server.yaml | 156 +++++ roles/openstack-stack/files/user-data | 13 + roles/openstack-stack/tasks/main.yml | 31 + roles/openstack-stack/test/roles | 1 + roles/openstack-stack/test/stack-create-test.yml | 17 + 10 files changed, 956 insertions(+) create mode 100644 roles/openshift-prep/tasks/main.yml create mode 100644 roles/openshift-prep/tasks/prerequisites.yml create mode 100644 roles/openstack-stack/README.md create mode 100644 roles/openstack-stack/files/heat_stack.yaml create mode 100644 roles/openstack-stack/files/heat_stack_server.yaml create mode 100644 roles/openstack-stack/files/user-data create mode 100644 roles/openstack-stack/tasks/main.yml create mode 120000 roles/openstack-stack/test/roles create mode 100644 roles/openstack-stack/test/stack-create-test.yml (limited to 'roles/common') diff --git a/roles/common/pre_tasks/pre_tasks.yml b/roles/common/pre_tasks/pre_tasks.yml index 1ba1ea55d..71a989b30 100644 --- a/roles/common/pre_tasks/pre_tasks.yml +++ b/roles/common/pre_tasks/pre_tasks.yml @@ -15,6 +15,11 @@ env_id: "{{ env_id | default(default_env_id) }}" delegate_to: localhost +- name: Set Dynamic Inventory Filters + shell: > + export OS_INV_FILTER_KEY=clusterid && OS_INV_FILTER_VALUE={{ env_id }} + delegate_to: localhost + - name: Updating DNS domain to include env_id (if not empty) set_fact: full_dns_domain: "{{ (env_id|trim == '') | ternary(dns_domain, env_id + '.' + dns_domain) }}" diff --git a/roles/openshift-prep/tasks/main.yml b/roles/openshift-prep/tasks/main.yml new file mode 100644 index 000000000..5e484e75f --- /dev/null +++ b/roles/openshift-prep/tasks/main.yml @@ -0,0 +1,4 @@ +--- +# Starting Point for OpenShift Installation and Configuration +- include: prerequisites.yml + tags: [prerequisites] diff --git a/roles/openshift-prep/tasks/prerequisites.yml b/roles/openshift-prep/tasks/prerequisites.yml new file mode 100644 index 000000000..1286905f4 --- /dev/null +++ b/roles/openshift-prep/tasks/prerequisites.yml @@ -0,0 +1,36 @@ +--- +- name: "Cleaning yum repositories" + command: "yum clean all" + +- name: "Install required packages" + yum: + name: "{{ item }}" + state: latest + with_items: + - wget + - git + - net-tools + - bind-utils + - bridge-utils + - bash-completion + - atomic-openshift-utils + - vim-enhanced + +- name: "Update all packages (this can take a very long time)" + yum: + name: "*" + state: latest + +- name: "Verify hostname" + shell: hostnamectl status | awk "/Static hostname/"'{ print $3 }' + register: hostname_fqdn + +- name: "Set hostname if required" + hostname: + name: "{{ ansible_fqdn }}" + when: hostname_fqdn.stdout != ansible_fqdn + +- name: "Verify SELinux is enforcing" + fail: + msg: "SELinux is required for OpenShift and has been detected as '{{ ansible_selinux.config_mode }}'" + when: ansible_selinux.config_mode != "enforcing" diff --git a/roles/openstack-stack/README.md b/roles/openstack-stack/README.md new file mode 100644 index 000000000..509c9de6c --- /dev/null +++ b/roles/openstack-stack/README.md @@ -0,0 +1,9 @@ +# Role openstack-stack + +Role for spinning up instances using OpenStack Heat. + +## To Test + +``` +ansible-playbook casl-ansible/roles/openstack-stack/test/stack-create-test.yml +``` diff --git a/roles/openstack-stack/files/heat_stack.yaml b/roles/openstack-stack/files/heat_stack.yaml new file mode 100644 index 000000000..058f7a7ad --- /dev/null +++ b/roles/openstack-stack/files/heat_stack.yaml @@ -0,0 +1,684 @@ +heat_template_version: 2014-10-16 + +description: OpenShift cluster + +parameters: + + cluster_env: + type: string + label: Cluster environment + description: Environment of the cluster + + cluster_id: + type: string + label: Cluster ID + description: Identifier of the cluster + + subnet_24_prefix: + type: string + label: subnet /24 prefix + description: /24 subnet prefix of the network of the cluster (dot separated number triplet) + + dns_nameservers: + type: comma_delimited_list + label: DNS nameservers list + description: List of DNS nameservers + + external_net: + type: string + label: External network + description: Name of the external network + default: external + + ssh_public_key: + type: string + label: SSH public key + description: SSH public key + hidden: true + + ssh_incoming: + type: string + label: Source of ssh connections + description: Source of legitimate ssh connections + default: 0.0.0.0/0 + + node_port_incoming: + type: string + label: Source of node port connections + description: Authorized sources targetting node ports + default: 0.0.0.0/0 + + num_etcd: + type: number + label: Number of etcd nodes + description: Number of etcd nodes + + num_masters: + type: number + label: Number of masters + description: Number of masters + + num_nodes: + type: number + label: Number of compute nodes + description: Number of compute nodes + + num_infra: + type: number + label: Number of infrastructure nodes + description: Number of infrastructure nodes + + num_dns: + type: number + label: Number of dns servers + description: Number of dns servers + + etcd_image: + type: string + label: Etcd image + description: Name of the image for the etcd servers + + master_image: + type: string + label: Master image + description: Name of the image for the master servers + + node_image: + type: string + label: Node image + description: Name of the image for the compute node servers + + infra_image: + type: string + label: Infra image + description: Name of the image for the infra node servers + + dns_image: + type: string + label: DNS image + description: Name of the image for the DNS server + + etcd_flavor: + type: string + label: Etcd flavor + description: Flavor of the etcd servers + + master_flavor: + type: string + label: Master flavor + description: Flavor of the master servers + + node_flavor: + type: string + label: Node flavor + description: Flavor of the compute node servers + + infra_flavor: + type: string + label: Infra flavor + description: Flavor of the infra node servers + + dns_flavor: + type: string + label: DNS flavor + description: Flavor of the DNS server + + master_volume_size: + type: number + description: Size of the volume to be created. + default: 5 + constraints: + - range: { min: 1, max: 1024 } + description: must be between 1 and 1024 Gb. + + app_volume_size: + type: number + description: Size of the volume to be created. + default: 5 + constraints: + - range: { min: 1, max: 1024 } + description: must be between 1 and 1024 Gb. + + infra_volume_size: + type: number + description: Size of the volume to be created. + default: 5 + constraints: + - range: { min: 1, max: 1024 } + description: must be between 1 and 1024 Gb. + + dns_volume_size: + type: number + description: Size of the volume to be created. + default: 5 + constraints: + - range: { min: 1, max: 1024 } + description: must be between 1 and 1024 Gb. + + etcd_volume_size: + type: number + description: Size of the volume to be created. + default: 5 + constraints: + - range: { min: 1, max: 1024 } + description: must be between 1 and 1024 Gb. + +outputs: + + etcd_names: + description: Name of the etcds + value: { get_attr: [ etcd, name ] } + + etcd_ips: + description: IPs of the etcds + value: { get_attr: [ etcd, private_ip ] } + + etcd_floating_ips: + description: Floating IPs of the etcds + value: { get_attr: [ etcd, floating_ip ] } + + master_names: + description: Name of the masters + value: { get_attr: [ masters, name ] } + + master_ips: + description: IPs of the masters + value: { get_attr: [ masters, private_ip ] } + + master_floating_ips: + description: Floating IPs of the masters + value: { get_attr: [ masters, floating_ip ] } + + node_names: + description: Name of the nodes + value: { get_attr: [ compute_nodes, name ] } + + node_ips: + description: IPs of the nodes + value: { get_attr: [ compute_nodes, private_ip ] } + + node_floating_ips: + description: Floating IPs of the nodes + value: { get_attr: [ compute_nodes, floating_ip ] } + + infra_names: + description: Name of the nodes + value: { get_attr: [ infra_nodes, name ] } + + infra_ips: + description: IPs of the nodes + value: { get_attr: [ infra_nodes, private_ip ] } + + infra_floating_ips: + description: Floating IPs of the nodes + value: { get_attr: [ infra_nodes, floating_ip ] } + + dns_name: + description: Name of the DNS + value: + get_attr: + - dns + - name + + dns_floating_ip: + description: Floating IP of the DNS + value: + get_attr: + - dns + - addresses + - str_replace: + template: openshift-ansible-cluster_id-net + params: + cluster_id: { get_param: cluster_id } + - 1 + - addr + +resources: + + net: + type: OS::Neutron::Net + properties: + name: + str_replace: + template: openshift-ansible-cluster_id-net + params: + cluster_id: { get_param: cluster_id } + + subnet: + type: OS::Neutron::Subnet + properties: + name: + str_replace: + template: openshift-ansible-cluster_id-subnet + params: + cluster_id: { get_param: cluster_id } + network: { get_resource: net } + cidr: + str_replace: + template: subnet_24_prefix.0/24 + params: + subnet_24_prefix: { get_param: subnet_24_prefix } + allocation_pools: + - start: + str_replace: + template: subnet_24_prefix.3 + params: + subnet_24_prefix: { get_param: subnet_24_prefix } + end: + str_replace: + template: subnet_24_prefix.254 + params: + subnet_24_prefix: { get_param: subnet_24_prefix } + dns_nameservers: + - 10.9.48.31 +# - { get_param: dns_nameservers } +# repeat: +# for_each: +# <%nameserver%>: { get_param: dns_nameservers } +# template: <%nameserver%> + + router: + type: OS::Neutron::Router + properties: + name: + str_replace: + template: openshift-ansible-cluster_id-router + params: + cluster_id: { get_param: cluster_id } + external_gateway_info: + network: { get_param: external_net } + + interface: + type: OS::Neutron::RouterInterface + properties: + router_id: { get_resource: router } + subnet_id: { get_resource: subnet } + +# keypair: +# type: OS::Nova::KeyPair +# properties: +# name: +# str_replace: +# template: openshift-ansible-cluster_id-keypair +# params: +# cluster_id: { get_param: cluster_id } +# public_key: { get_param: ssh_public_key } + + master-secgrp: + type: OS::Neutron::SecurityGroup + properties: + name: + str_replace: + template: openshift-ansible-cluster_id-master-secgrp + params: + cluster_id: { get_param: cluster_id } + description: + str_replace: + template: Security group for cluster_id OpenShift cluster master + params: + cluster_id: { get_param: cluster_id } + rules: + - direction: ingress + protocol: tcp + port_range_min: 22 + port_range_max: 22 + remote_ip_prefix: { get_param: ssh_incoming } + - direction: ingress + protocol: tcp + port_range_min: 4001 + port_range_max: 4001 + - direction: ingress + protocol: tcp + port_range_min: 8443 + port_range_max: 8443 + - direction: ingress + protocol: tcp + port_range_min: 8444 + port_range_max: 8444 + - direction: ingress + protocol: tcp + port_range_min: 53 + port_range_max: 53 + - direction: ingress + protocol: udp + port_range_min: 53 + port_range_max: 53 + - direction: ingress + protocol: tcp + port_range_min: 8053 + port_range_max: 8053 + - direction: ingress + protocol: udp + port_range_min: 8053 + port_range_max: 8053 + - direction: ingress + protocol: tcp + port_range_min: 24224 + port_range_max: 24224 + - direction: ingress + protocol: udp + port_range_min: 24224 + port_range_max: 24224 + - direction: ingress + protocol: tcp + port_range_min: 2224 + port_range_max: 2224 + - direction: ingress + protocol: udp + port_range_min: 5404 + port_range_max: 5404 + - direction: ingress + protocol: udp + port_range_min: 5405 + port_range_max: 5405 + - direction: ingress + protocol: tcp + port_range_min: 9090 + port_range_max: 9090 + + etcd-secgrp: + type: OS::Neutron::SecurityGroup + properties: + name: + str_replace: + template: openshift-ansible-cluster_id-etcd-secgrp + params: + cluster_id: { get_param: cluster_id } + description: + str_replace: + template: Security group for cluster_id etcd cluster + params: + cluster_id: { get_param: cluster_id } + rules: + - direction: ingress + protocol: tcp + port_range_min: 22 + port_range_max: 22 + remote_ip_prefix: { get_param: ssh_incoming } + - direction: ingress + protocol: tcp + port_range_min: 2379 + port_range_max: 2379 + remote_mode: remote_group_id + remote_group_id: { get_resource: master-secgrp } + - direction: ingress + protocol: tcp + port_range_min: 2380 + port_range_max: 2380 + remote_mode: remote_group_id + + node-secgrp: + type: OS::Neutron::SecurityGroup + properties: + name: + str_replace: + template: openshift-ansible-cluster_id-node-secgrp + params: + cluster_id: { get_param: cluster_id } + description: + str_replace: + template: Security group for cluster_id OpenShift cluster nodes + params: + cluster_id: { get_param: cluster_id } + rules: + - direction: ingress + protocol: tcp + port_range_min: 22 + port_range_max: 22 + remote_ip_prefix: { get_param: ssh_incoming } + - direction: ingress + protocol: tcp + port_range_min: 10250 + port_range_max: 10250 + remote_mode: remote_group_id + - direction: ingress + protocol: tcp + port_range_min: 10255 + port_range_max: 10255 + remote_mode: remote_group_id + - direction: ingress + protocol: udp + port_range_min: 10255 + port_range_max: 10255 + remote_mode: remote_group_id + - direction: ingress + protocol: udp + port_range_min: 4789 + port_range_max: 4789 + remote_mode: remote_group_id + - direction: ingress + protocol: tcp + port_range_min: 30000 + port_range_max: 32767 + remote_ip_prefix: { get_param: node_port_incoming } + + infra-secgrp: + type: OS::Neutron::SecurityGroup + properties: + name: + str_replace: + template: openshift-ansible-cluster_id-infra-secgrp + params: + cluster_id: { get_param: cluster_id } + description: + str_replace: + template: Security group for cluster_id OpenShift infrastructure cluster nodes + params: + cluster_id: { get_param: cluster_id } + rules: + - direction: ingress + protocol: tcp + port_range_min: 80 + port_range_max: 80 + - direction: ingress + protocol: tcp + port_range_min: 443 + port_range_max: 443 + + dns-secgrp: + type: OS::Neutron::SecurityGroup + properties: + name: + str_replace: + template: openshift-ansible-cluster_id-dns-secgrp + params: + cluster_id: { get_param: cluster_id } + description: + str_replace: + template: Security group for cluster_id cluster DNS + params: + cluster_id: { get_param: cluster_id } + rules: + - direction: ingress + protocol: tcp + port_range_min: 22 + port_range_max: 22 + remote_ip_prefix: { get_param: ssh_incoming } + - direction: ingress + protocol: udp + port_range_min: 53 + port_range_max: 53 + remote_ip_prefix: { get_param: node_port_incoming } + - direction: ingress + protocol: tcp + port_range_min: 53 + port_range_max: 53 + remote_ip_prefix: { get_param: node_port_incoming } + + etcd: + type: OS::Heat::ResourceGroup + properties: + count: { get_param: num_etcd } + resource_def: + type: heat_stack_server.yaml + properties: + name: + str_replace: + template: k8s_type-%index%.cluster_id.cluster_env + params: + cluster_id: { get_param: cluster_id } + k8s_type: etcd + cluster_env: { get_param: cluster_env } + cluster_env: { get_param: cluster_env } + cluster_id: { get_param: cluster_id } + type: etcd + image: { get_param: etcd_image } + flavor: { get_param: etcd_flavor } + key_name: { get_param: ssh_public_key } + net: { get_resource: net } + subnet: { get_resource: subnet } + secgrp: + - { get_resource: etcd-secgrp } + floating_network: { get_param: external_net } + net_name: + str_replace: + template: openshift-ansible-cluster_id-net + params: + cluster_id: { get_param: cluster_id } + volume_size: { get_param: etcd_volume_size } + depends_on: + - interface + + masters: + type: OS::Heat::ResourceGroup + properties: + count: { get_param: num_masters } + resource_def: + type: heat_stack_server.yaml + properties: + name: + str_replace: + template: k8s_type-%index%.cluster_id.cluster_env + params: + cluster_id: { get_param: cluster_id } + k8s_type: master + cluster_env: { get_param: cluster_env } + cluster_env: { get_param: cluster_env } + cluster_id: { get_param: cluster_id } + type: master + image: { get_param: master_image } + flavor: { get_param: master_flavor } + key_name: { get_param: ssh_public_key } + net: { get_resource: net } + subnet: { get_resource: subnet } + secgrp: + - { get_resource: master-secgrp } + - { get_resource: node-secgrp } + floating_network: { get_param: external_net } + net_name: + str_replace: + template: openshift-ansible-cluster_id-net + params: + cluster_id: { get_param: cluster_id } + volume_size: { get_param: master_volume_size } + depends_on: + - interface + + compute_nodes: + type: OS::Heat::ResourceGroup + properties: + count: { get_param: num_nodes } + resource_def: + type: heat_stack_server.yaml + properties: + name: + str_replace: + template: subtype-k8s_type-%index%.cluster_id.cluster_env + params: + cluster_id: { get_param: cluster_id } + k8s_type: node + subtype: app + cluster_env: { get_param: cluster_env } + cluster_env: { get_param: cluster_env } + cluster_id: { get_param: cluster_id } + type: node + subtype: app + image: { get_param: node_image } + flavor: { get_param: node_flavor } + key_name: { get_param: ssh_public_key } + net: { get_resource: net } + subnet: { get_resource: subnet } + secgrp: + - { get_resource: node-secgrp } + floating_network: { get_param: external_net } + net_name: + str_replace: + template: openshift-ansible-cluster_id-net + params: + cluster_id: { get_param: cluster_id } + volume_size: { get_param: app_volume_size } + depends_on: + - interface + + infra_nodes: + type: OS::Heat::ResourceGroup + properties: + count: { get_param: num_infra } + resource_def: + type: heat_stack_server.yaml + properties: + name: + str_replace: + template: subtypek8s_type-%index%.cluster_id.cluster_env + params: + cluster_id: { get_param: cluster_id } + k8s_type: node + subtype: infra + cluster_env: { get_param: cluster_env } + cluster_env: { get_param: cluster_env } + cluster_id: { get_param: cluster_id } + type: node + subtype: infra + image: { get_param: infra_image } + flavor: { get_param: infra_flavor } + key_name: { get_param: ssh_public_key } + net: { get_resource: net } + subnet: { get_resource: subnet } + secgrp: + - { get_resource: node-secgrp } + - { get_resource: infra-secgrp } + floating_network: { get_param: external_net } + net_name: + str_replace: + template: openshift-ansible-cluster_id-net + params: + cluster_id: { get_param: cluster_id } + volume_size: { get_param: infra_volume_size } + depends_on: + - interface + + dns: + type: OS::Heat::ResourceGroup + properties: + count: { get_param: num_dns } + resource_def: + type: heat_stack_server.yaml + properties: + name: + str_replace: + template: k8s_type-%index%.cluster_id.cluster_env + params: + cluster_id: { get_param: cluster_id } + k8s_type: dns + cluster_env: { get_param: cluster_env } + cluster_env: { get_param: cluster_env } + cluster_id: { get_param: cluster_id } + type: dns + image: { get_param: dns_image } + flavor: { get_param: dns_flavor } + key_name: { get_param: ssh_public_key } + net: { get_resource: net } + subnet: { get_resource: subnet } + secgrp: + - { get_resource: node-secgrp } + - { get_resource: dns-secgrp } + floating_network: { get_param: external_net } + net_name: + str_replace: + template: openshift-ansible-cluster_id-net + params: + cluster_id: { get_param: cluster_id } + volume_size: { get_param: dns_volume_size } + depends_on: + - interface + diff --git a/roles/openstack-stack/files/heat_stack_server.yaml b/roles/openstack-stack/files/heat_stack_server.yaml new file mode 100644 index 000000000..978da4f0b --- /dev/null +++ b/roles/openstack-stack/files/heat_stack_server.yaml @@ -0,0 +1,156 @@ +heat_template_version: 2014-10-16 + +description: OpenShift cluster server + +parameters: + + name: + type: string + label: Name + description: Name + + cluster_env: + type: string + label: Cluster environment + description: Environment of the cluster + + cluster_id: + type: string + label: Cluster ID + description: Identifier of the cluster + + type: + type: string + label: Type + description: Type master or node + + subtype: + type: string + label: Sub-type + description: Sub-type compute or infra for nodes, default otherwise + default: default + + key_name: + type: string + label: Key name + description: Key name of keypair + + image: + type: string + label: Image + description: Name of the image + + flavor: + type: string + label: Flavor + description: Name of the flavor + + net: + type: string + label: Net ID + description: Net resource + + net_name: + type: string + label: Net name + description: Net name + + subnet: + type: string + label: Subnet ID + description: Subnet resource + + secgrp: + type: comma_delimited_list + label: Security groups + description: Security group resources + + floating_network: + type: string + label: Floating network + description: Network to allocate floating IP from + + availability_zone: + type: string + description: The Availability Zone to launch the instance. + default: nova + + volume_size: + type: number + description: Size of the volume to be created. + default: 1 + constraints: + - range: { min: 1, max: 1024 } + description: must be between 1 and 1024 Gb. + +outputs: + + name: + description: Name of the server + value: { get_attr: [ server, name ] } + + private_ip: + description: Private IP of the server + value: + get_attr: + - server + - addresses + - { get_param: net_name } + - 0 + - addr + + floating_ip: + description: Floating IP of the server + value: + get_attr: + - server + - addresses + - { get_param: net_name } + - 1 + - addr + +resources: + + server: + type: OS::Nova::Server + properties: + name: { get_param: name } + key_name: { get_param: key_name } + image: { get_param: image } + flavor: { get_param: flavor } + networks: + - port: { get_resource: port } + user_data: { get_file: user-data } + user_data_format: RAW + metadata: + environment: { get_param: cluster_env } + clusterid: { get_param: cluster_id } + host-type: { get_param: type } + sub-host-type: { get_param: subtype } + + port: + type: OS::Neutron::Port + properties: + network: { get_param: net } + fixed_ips: + - subnet: { get_param: subnet } + security_groups: { get_param: secgrp } + + floating-ip: + type: OS::Neutron::FloatingIP + properties: + floating_network: { get_param: floating_network } + port_id: { get_resource: port } + + cinder_volume: + type: OS::Cinder::Volume + properties: + size: { get_param: volume_size } + availability_zone: { get_param: availability_zone } + + volume_attachment: + type: OS::Cinder::VolumeAttachment + properties: + volume_id: { get_resource: cinder_volume } + instance_uuid: { get_resource: server } + mountpoint: /dev/sdb diff --git a/roles/openstack-stack/files/user-data b/roles/openstack-stack/files/user-data new file mode 100644 index 000000000..eb65f7cec --- /dev/null +++ b/roles/openstack-stack/files/user-data @@ -0,0 +1,13 @@ +#cloud-config +disable_root: true + +system_info: + default_user: + name: openshift + sudo: ["ALL=(ALL) NOPASSWD: ALL"] + +write_files: + - path: /etc/sudoers.d/00-openshift-no-requiretty + permissions: 440 + content: | + Defaults:openshift !requiretty diff --git a/roles/openstack-stack/tasks/main.yml b/roles/openstack-stack/tasks/main.yml new file mode 100644 index 000000000..c953cb603 --- /dev/null +++ b/roles/openstack-stack/tasks/main.yml @@ -0,0 +1,31 @@ +--- +- name: create stack + ignore_errors: False + register: stack_create + os_stack: + name: "{{ stack_name }}" + state: present + template: 'roles/openstack-stack/files/heat_stack.yaml' + wait: yes + parameters: + cluster_env: "{{ dns_domain }}" + cluster_id: "{{ stack_name }}" + subnet_24_prefix: "{{ subnet_prefix }}" + dns_nameservers: "{{ dns_nameservers }}" + external_net: "{{ external_network }}" + ssh_public_key: "{{ ssh_public_key }}" + num_etcd: "{{ num_etcd }}" + num_masters: "{{ num_masters }}" + num_nodes: "{{ num_nodes }}" + num_infra: "{{ num_infra }}" + num_dns: "{{ num_dns }}" + etcd_image: "{{ openstack_image }}" + master_image: "{{ openstack_image }}" + node_image: "{{ openstack_image }}" + infra_image: "{{ openstack_image }}" + dns_image: "{{ openstack_image }}" + etcd_flavor: "{{ etcd_flavor }}" + master_flavor: "{{ master_flavor }}" + node_flavor: "{{ node_flavor }}" + infra_flavor: "{{ infra_flavor }}" + dns_flavor: "{{ dns_flavor }}" diff --git a/roles/openstack-stack/test/roles b/roles/openstack-stack/test/roles new file mode 120000 index 000000000..e2b799b9d --- /dev/null +++ b/roles/openstack-stack/test/roles @@ -0,0 +1 @@ +../../../roles/ \ No newline at end of file diff --git a/roles/openstack-stack/test/stack-create-test.yml b/roles/openstack-stack/test/stack-create-test.yml new file mode 100644 index 000000000..94e312ee3 --- /dev/null +++ b/roles/openstack-stack/test/stack-create-test.yml @@ -0,0 +1,17 @@ +--- +- hosts: localhost + roles: + - role: openstack-stack + stack_name: test-stack + dns_domain: "{{ openstack_dns_domain }}" + dns_nameservers: "{{ openstack_nameservers }}" + subnet_prefix: "{{ openstack_subnet_prefix }}" + ssh_public_key: "{{ openstack_ssh_public_key }}" + openstack_image: "{{ openstack_default_image_name }}" + etcd_flavor: "{{ openstack_default_flavor }}" + master_flavor: "{{ openstack_default_flavor }}" + node_flavor: "{{ openstack_default_flavor }}" + infra_flavor: "{{ openstack_default_flavor }}" + dns_flavor: "{{ openstack_default_flavor }}" + external_network: "{{ openstack_external_network_name }}" + -- cgit v1.2.3 From fdac6976d4b48c11b8de253ef8afa34af0da8cdb Mon Sep 17 00:00:00 2001 From: Øystein Bedin Date: Mon, 20 Feb 2017 12:56:21 -0500 Subject: Ensure DNS configuration has wildcards set for infra nodes (#24) * Ensure DNS configuration has wildcards set for infra nodes * Updated to include all cluster hosts for DNS entries --- roles/common/pre_tasks/pre_tasks.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'roles/common') diff --git a/roles/common/pre_tasks/pre_tasks.yml b/roles/common/pre_tasks/pre_tasks.yml index 71a989b30..06a56605d 100644 --- a/roles/common/pre_tasks/pre_tasks.yml +++ b/roles/common/pre_tasks/pre_tasks.yml @@ -24,3 +24,13 @@ set_fact: full_dns_domain: "{{ (env_id|trim == '') | ternary(dns_domain, env_id + '.' + dns_domain) }}" delegate_to: localhost + +- name: Set the APP domain for OpenShift use + set_fact: + openshift_app_domain: "{{ openshift_app_domain | default('apps') }}" + delegate_to: localhost + +- name: Set the default app domain for routing purposes + set_fact: + openshift_master_default_subdomain: "{{ openshift_app_domain }}.{{ full_dns_domain }}" + delegate_to: localhost -- cgit v1.2.3 From 469a88f6d7609df5ffaab812093e0c58baa3be29 Mon Sep 17 00:00:00 2001 From: Øystein Bedin Date: Mon, 5 Jun 2017 16:47:13 -0400 Subject: Conditionally set the openshift_master_default_subdomain to avoid overriding it unecessary (#47) --- roles/common/pre_tasks/pre_tasks.yml | 2 ++ 1 file changed, 2 insertions(+) (limited to 'roles/common') diff --git a/roles/common/pre_tasks/pre_tasks.yml b/roles/common/pre_tasks/pre_tasks.yml index 06a56605d..cc4e64a0f 100644 --- a/roles/common/pre_tasks/pre_tasks.yml +++ b/roles/common/pre_tasks/pre_tasks.yml @@ -34,3 +34,5 @@ set_fact: openshift_master_default_subdomain: "{{ openshift_app_domain }}.{{ full_dns_domain }}" delegate_to: localhost + when: + - openshift_master_default_subdomain is undefined -- cgit v1.2.3 From 22e88c9ce8f81cb13c3d050455d332161a1acd83 Mon Sep 17 00:00:00 2001 From: Øystein Bedin Date: Tue, 13 Jun 2017 15:35:22 -0400 Subject: Update CASL to use nsupdate for DNS records (#48) * Updated to use nsupdate for DNS records * Updated formatting of dict * Updating descriptive text * Support for external DNS config * Upgrading jinja2 to work correctly with latest templates * Latest update for nsupdate * Updated to use nsupdate for DNS records * Updated formatting of dict * Updating descriptive text * Support for external DNS config * Latest update for nsupdate * Updated to support external public/private DNS server(s) * Updated DNS server handling * Updated DNS server handling * Updated DNS server handling * Eliminated the from the sample inventories * Updated sample inventory to point to 2 separate DNS servers for private/public * Playbook clean-up * Adding 'python-dns' * splitting subscription manager calls to allow for a clean pre-install playbook --- roles/common/pre_tasks/pre_tasks.yml | 2 +- roles/dns-server-detect/defaults/main.yml | 3 ++ roles/dns-server-detect/tasks/main.yml | 38 ++++++++++++++++++++++ roles/openstack-stack/templates/heat_stack.yaml.j2 | 12 +++---- roles/openstack-stack/test/stack-create-test.yml | 4 +-- 5 files changed, 50 insertions(+), 9 deletions(-) create mode 100644 roles/dns-server-detect/defaults/main.yml create mode 100644 roles/dns-server-detect/tasks/main.yml (limited to 'roles/common') diff --git a/roles/common/pre_tasks/pre_tasks.yml b/roles/common/pre_tasks/pre_tasks.yml index cc4e64a0f..c5e79e89c 100644 --- a/roles/common/pre_tasks/pre_tasks.yml +++ b/roles/common/pre_tasks/pre_tasks.yml @@ -22,7 +22,7 @@ - name: Updating DNS domain to include env_id (if not empty) set_fact: - full_dns_domain: "{{ (env_id|trim == '') | ternary(dns_domain, env_id + '.' + dns_domain) }}" + full_dns_domain: "{{ (env_id|trim == '') | ternary(public_dns_domain, env_id + '.' + public_dns_domain) }}" delegate_to: localhost - name: Set the APP domain for OpenShift use diff --git a/roles/dns-server-detect/defaults/main.yml b/roles/dns-server-detect/defaults/main.yml new file mode 100644 index 000000000..58bd861cd --- /dev/null +++ b/roles/dns-server-detect/defaults/main.yml @@ -0,0 +1,3 @@ +--- + +external_nsupdate_keys: {} diff --git a/roles/dns-server-detect/tasks/main.yml b/roles/dns-server-detect/tasks/main.yml new file mode 100644 index 000000000..e8dd0acf0 --- /dev/null +++ b/roles/dns-server-detect/tasks/main.yml @@ -0,0 +1,38 @@ +--- + +- fail: + msg: 'Missing required private DNS server(s)' + when: + - external_nsupdate_keys['private'] is undefined + - hostvars[groups['dns'][0]] is undefined + +- fail: + msg: 'Missing required public DNS server(s)' + when: + - external_nsupdate_keys['public'] is undefined + - hostvars[groups['dns'][0]] is undefined + +- name: "Set the private DNS server to use the external value (if provided)" + set_fact: + private_dns_server: "{{ external_nsupdate_keys['private']['server'] }}" + when: + - external_nsupdate_keys['private'] is defined + +- name: "Set the private DNS server to use the provisioned value" + set_fact: + private_dns_server: "{{ hostvars[groups['dns'][0]].openstack.private_v4 }}" + when: + - private_dns_server is undefined + +- name: "Set the public DNS server to use the external value (if provided)" + set_fact: + public_dns_server: "{{ external_nsupdate_keys['public']['server'] }}" + when: + - external_nsupdate_keys['public'] is defined + +- name: "Set the public DNS server to use the provisioned value" + set_fact: + public_dns_server: "{{ hostvars[groups['dns'][0]].openstack.public_v4 }}" + when: + - public_dns_server is undefined + diff --git a/roles/openstack-stack/templates/heat_stack.yaml.j2 b/roles/openstack-stack/templates/heat_stack.yaml.j2 index c367aabe7..09b62cba7 100644 --- a/roles/openstack-stack/templates/heat_stack.yaml.j2 +++ b/roles/openstack-stack/templates/heat_stack.yaml.j2 @@ -381,7 +381,7 @@ resources: params: cluster_id: {{ stack_name }} k8s_type: etcd - cluster_env: {{ dns_domain }} + cluster_env: {{ public_dns_domain }} cluster_id: {{ stack_name }} group: str_replace: @@ -421,7 +421,7 @@ resources: params: cluster_id: {{ stack_name }} k8s_type: lb - cluster_env: {{ dns_domain }} + cluster_env: {{ public_dns_domain }} cluster_id: {{ stack_name }} group: str_replace: @@ -461,7 +461,7 @@ resources: params: cluster_id: {{ stack_name }} k8s_type: master - cluster_env: {{ dns_domain }} + cluster_env: {{ public_dns_domain }} cluster_id: {{ stack_name }} group: str_replace: @@ -505,7 +505,7 @@ resources: cluster_id: {{ stack_name }} k8s_type: node subtype: app - cluster_env: {{ dns_domain }} + cluster_env: {{ public_dns_domain }} cluster_id: {{ stack_name }} group: str_replace: @@ -548,7 +548,7 @@ resources: cluster_id: {{ stack_name }} k8s_type: node subtype: infra - cluster_env: {{ dns_domain }} + cluster_env: {{ public_dns_domain }} cluster_id: {{ stack_name }} group: str_replace: @@ -591,7 +591,7 @@ resources: params: cluster_id: {{ stack_name }} k8s_type: dns - cluster_env: {{ dns_domain }} + cluster_env: {{ public_dns_domain }} cluster_id: {{ stack_name }} group: str_replace: diff --git a/roles/openstack-stack/test/stack-create-test.yml b/roles/openstack-stack/test/stack-create-test.yml index 94e312ee3..6cbd7ff30 100644 --- a/roles/openstack-stack/test/stack-create-test.yml +++ b/roles/openstack-stack/test/stack-create-test.yml @@ -3,8 +3,8 @@ roles: - role: openstack-stack stack_name: test-stack - dns_domain: "{{ openstack_dns_domain }}" - dns_nameservers: "{{ openstack_nameservers }}" + dns_domain: "{{ public_dns_domain }}" + dns_nameservers: "{{ public_dns_nameservers }}" subnet_prefix: "{{ openstack_subnet_prefix }}" ssh_public_key: "{{ openstack_ssh_public_key }}" openstack_image: "{{ openstack_default_image_name }}" -- cgit v1.2.3