From 4ed9aef6f8ed0850e70b498e780d0d8e22bc277f Mon Sep 17 00:00:00 2001 From: Tomas Sedovic Date: Mon, 23 Oct 2017 12:57:29 +0200 Subject: Add openshift_openstack role and move tasks there All the tasks that were previously in playbooks are now under `roles/openshift_openstack`. The `openshift-cluster` directory now only contains playbooks that include tasks from that role. This makes the structure much closer to that of the AWS provider. --- .../tasks/check-prerequisites.yml | 109 +++++++++++++++++++++ roles/openshift_openstack/tasks/cleanup.yml | 6 ++ .../tasks/container-storage-setup.yml | 37 +++++++ .../tasks/custom_flavor_check.yaml | 9 ++ .../tasks/custom_image_check.yaml | 10 ++ .../tasks/generate-templates.yml | 26 +++++ roles/openshift_openstack/tasks/hostname.yml | 33 +++++++ .../openshift_openstack/tasks/net_vars_check.yaml | 14 +++ .../tasks/node-configuration.yml | 11 +++ roles/openshift_openstack/tasks/node-network.yml | 19 ++++ roles/openshift_openstack/tasks/node-packages.yml | 15 +++ roles/openshift_openstack/tasks/populate-dns.yml | 5 + .../tasks/prepare-and-format-cinder-volume.yaml | 59 +++++++++++ roles/openshift_openstack/tasks/provision.yml | 30 ++++++ .../tasks/subnet_update_dns_servers.yaml | 9 ++ 15 files changed, 392 insertions(+) create mode 100644 roles/openshift_openstack/tasks/check-prerequisites.yml create mode 100644 roles/openshift_openstack/tasks/cleanup.yml create mode 100644 roles/openshift_openstack/tasks/container-storage-setup.yml create mode 100644 roles/openshift_openstack/tasks/custom_flavor_check.yaml create mode 100644 roles/openshift_openstack/tasks/custom_image_check.yaml create mode 100644 roles/openshift_openstack/tasks/generate-templates.yml create mode 100644 roles/openshift_openstack/tasks/hostname.yml create mode 100644 roles/openshift_openstack/tasks/net_vars_check.yaml create mode 100644 roles/openshift_openstack/tasks/node-configuration.yml create mode 100644 roles/openshift_openstack/tasks/node-network.yml create mode 100644 roles/openshift_openstack/tasks/node-packages.yml create mode 100644 roles/openshift_openstack/tasks/populate-dns.yml create mode 100644 roles/openshift_openstack/tasks/prepare-and-format-cinder-volume.yaml create mode 100644 roles/openshift_openstack/tasks/provision.yml create mode 100644 roles/openshift_openstack/tasks/subnet_update_dns_servers.yaml (limited to 'roles/openshift_openstack/tasks') diff --git a/roles/openshift_openstack/tasks/check-prerequisites.yml b/roles/openshift_openstack/tasks/check-prerequisites.yml new file mode 100644 index 000000000..4d7cfbf11 --- /dev/null +++ b/roles/openshift_openstack/tasks/check-prerequisites.yml @@ -0,0 +1,109 @@ +--- +# Check ansible +- name: Check Ansible version + assert: + that: > + (ansible_version.major == 2 and ansible_version.minor >= 3) or + (ansible_version.major > 2) + msg: "Ansible version must be at least 2.3" + +# Check shade +- name: Try to import python module shade + command: python -c "import shade" + ignore_errors: yes + register: shade_result +- name: Check if shade is installed + assert: + that: 'shade_result.rc == 0' + msg: "Python module shade is not installed" + +# Check jmespath +- name: Try to import python module shade + command: python -c "import jmespath" + ignore_errors: yes + register: jmespath_result +- name: Check if jmespath is installed + assert: + that: 'jmespath_result.rc == 0' + msg: "Python module jmespath is not installed" + +# Check python-dns +- name: Try to import python DNS module + command: python -c "import dns" + ignore_errors: yes + register: pythondns_result +- name: Check if python-dns is installed + assert: + that: 'pythondns_result.rc == 0' + msg: "Python module python-dns is not installed" + +# Check jinja2 +- name: Try to import jinja2 module + command: python -c "import jinja2" + ignore_errors: yes + register: jinja_result +- name: Check if jinja2 is installed + assert: + that: 'jinja_result.rc == 0' + msg: "Python module jinja2 is not installed" + +# Check Glance image +- name: Try to get image facts + os_image_facts: + image: "{{ openstack_default_image_name }}" + register: image_result +- name: Check that image is available + assert: + that: "image_result.ansible_facts.openstack_image" + msg: "Image {{ openstack_default_image_name }} is not available" + +# Check network name +- name: Try to get network facts + os_networks_facts: + name: "{{ openstack_external_network_name }}" + register: network_result + when: not openstack_provider_network_name|default(None) +- name: Check that network is available + assert: + that: "network_result.ansible_facts.openstack_networks" + msg: "Network {{ openstack_external_network_name }} is not available" + when: not openstack_provider_network_name|default(None) + +# Check keypair +# TODO kpilatov: there is no Ansible module for getting OS keypairs +# (os_keypair is not suitable for this) +# this method does not force python-openstackclient dependency +- name: Try to show keypair + command: > + python -c 'import shade; cloud = shade.openstack_cloud(); + exit(cloud.get_keypair("{{ openstack_ssh_public_key }}") is None)' + ignore_errors: yes + register: key_result +- name: Check that keypair is available + assert: + that: 'key_result.rc == 0' + msg: "Keypair {{ openstack_ssh_public_key }} is not available" + +# Check that custom images are available +- include: custom_image_check.yaml + with_items: + - "{{ openstack_master_image }}" + - "{{ openstack_infra_image }}" + - "{{ openstack_node_image }}" + - "{{ openstack_lb_image }}" + - "{{ openstack_etcd_image }}" + - "{{ openstack_dns_image }}" + loop_control: + loop_var: image + +# Check that custom flavors are available +- include: custom_flavor_check.yaml + with_items: + - "{{ master_flavor }}" + - "{{ infra_flavor }}" + - "{{ node_flavor }}" + - "{{ lb_flavor }}" + - "{{ etcd_flavor }}" + - "{{ dns_flavor }}" + loop_control: + loop_var: flavor diff --git a/roles/openshift_openstack/tasks/cleanup.yml b/roles/openshift_openstack/tasks/cleanup.yml new file mode 100644 index 000000000..258334a6b --- /dev/null +++ b/roles/openshift_openstack/tasks/cleanup.yml @@ -0,0 +1,6 @@ +--- + +- name: cleanup temp files + file: + path: "{{ stack_template_pre.path }}" + state: absent diff --git a/roles/openshift_openstack/tasks/container-storage-setup.yml b/roles/openshift_openstack/tasks/container-storage-setup.yml new file mode 100644 index 000000000..5cd48ca2c --- /dev/null +++ b/roles/openshift_openstack/tasks/container-storage-setup.yml @@ -0,0 +1,37 @@ +--- +- block: + - name: create the docker-storage config file + template: + src: "{{ role_path }}/templates/docker-storage-setup-overlayfs.j2" + dest: /etc/sysconfig/docker-storage-setup + owner: root + group: root + mode: 0644 + when: + - ansible_distribution_version | version_compare('7.4', '>=') + - ansible_distribution == "RedHat" + +- block: + - name: create the docker-storage-setup config file + template: + src: "{{ role_path }}/templates/docker-storage-setup-dm.j2" + dest: /etc/sysconfig/docker-storage-setup + owner: root + group: root + mode: 0644 + when: + - ansible_distribution_version | version_compare('7.4', '<') + - ansible_distribution == "RedHat" + +- block: + - name: create the docker-storage-setup config file for CentOS + template: + src: "{{ role_path }}/templates/docker-storage-setup-dm.j2" + dest: /etc/sysconfig/docker-storage-setup + owner: root + group: root + mode: 0644 + + # TODO(shadower): Find out which CentOS version supports overlayfs2 + when: + - ansible_distribution == "CentOS" diff --git a/roles/openshift_openstack/tasks/custom_flavor_check.yaml b/roles/openshift_openstack/tasks/custom_flavor_check.yaml new file mode 100644 index 000000000..e11874c28 --- /dev/null +++ b/roles/openshift_openstack/tasks/custom_flavor_check.yaml @@ -0,0 +1,9 @@ +--- +- name: Try to get flavor facts + os_flavor_facts: + name: "{{ flavor }}" + register: flavor_result +- name: Check that custom flavor is available + assert: + that: "flavor_result.ansible_facts.openstack_flavors" + msg: "Flavor {{ flavor }} is not available." diff --git a/roles/openshift_openstack/tasks/custom_image_check.yaml b/roles/openshift_openstack/tasks/custom_image_check.yaml new file mode 100644 index 000000000..4fbd6a687 --- /dev/null +++ b/roles/openshift_openstack/tasks/custom_image_check.yaml @@ -0,0 +1,10 @@ +--- +- name: Try to get image facts + os_image_facts: + image: "{{ image }}" + register: image_result + +- name: Check that custom image is available + assert: + that: "image_result.ansible_facts.openstack_image" + msg: "Image {{ image }} is not available." diff --git a/roles/openshift_openstack/tasks/generate-templates.yml b/roles/openshift_openstack/tasks/generate-templates.yml new file mode 100644 index 000000000..0ff50a095 --- /dev/null +++ b/roles/openshift_openstack/tasks/generate-templates.yml @@ -0,0 +1,26 @@ +--- +- name: create HOT stack template prefix + register: stack_template_pre + tempfile: + state: directory + prefix: openshift-ansible + +- name: set template paths + set_fact: + stack_template_path: "{{ stack_template_pre.path }}/stack.yaml" + user_data_template_path: "{{ stack_template_pre.path }}/user-data" + +- name: generate HOT stack template from jinja2 template + template: + src: heat_stack.yaml.j2 + dest: "{{ stack_template_path }}" + +- name: generate HOT server template from jinja2 template + template: + src: heat_stack_server.yaml.j2 + dest: "{{ stack_template_pre.path }}/server.yaml" + +- name: generate user_data from jinja2 template + template: + src: user_data.j2 + dest: "{{ user_data_template_path }}" diff --git a/roles/openshift_openstack/tasks/hostname.yml b/roles/openshift_openstack/tasks/hostname.yml new file mode 100644 index 000000000..0fc8fbc4c --- /dev/null +++ b/roles/openshift_openstack/tasks/hostname.yml @@ -0,0 +1,33 @@ +--- +- name: "Verify hostname" + command: hostnamectl status --static + register: hostname_fqdn + +- name: "Set hostname if required" + when: hostname_fqdn.stdout != ansible_fqdn + block: + - name: Setting Hostname Fact + set_fact: + new_hostname: "{{ custom_hostname | default(inventory_hostname_short) }}" + + - name: Setting FQDN Fact + set_fact: + new_fqdn: "{{ new_hostname }}.{{ full_dns_domain }}" + + - name: Setting hostname and DNS domain + hostname: name="{{ new_fqdn }}" + + - name: Check for cloud.cfg + stat: path=/etc/cloud/cloud.cfg + register: cloud_cfg + + - name: Prevent cloud-init updates of hostname/fqdn (if applicable) + lineinfile: + dest: /etc/cloud/cloud.cfg + state: present + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + with_items: + - { regexp: '^ - set_hostname', line: '# - set_hostname' } + - { regexp: '^ - update_hostname', line: '# - update_hostname' } + when: cloud_cfg.stat.exists == True diff --git a/roles/openshift_openstack/tasks/net_vars_check.yaml b/roles/openshift_openstack/tasks/net_vars_check.yaml new file mode 100644 index 000000000..68afde415 --- /dev/null +++ b/roles/openshift_openstack/tasks/net_vars_check.yaml @@ -0,0 +1,14 @@ +--- +- name: Check the provider network configuration + fail: + msg: "Flannel SDN requires a dedicated containers data network and can not work over a provider network" + when: + - openstack_provider_network_name is defined + - openstack_private_data_network_name is defined + +- name: Check the flannel network configuration + fail: + msg: "A dedicated containers data network is only supported with Flannel SDN" + when: + - openstack_private_data_network_name is defined + - not openshift_use_flannel|default(False)|bool diff --git a/roles/openshift_openstack/tasks/node-configuration.yml b/roles/openshift_openstack/tasks/node-configuration.yml new file mode 100644 index 000000000..8a6a8022f --- /dev/null +++ b/roles/openshift_openstack/tasks/node-configuration.yml @@ -0,0 +1,11 @@ +--- +- include: hostname.yml + +- include: container-storage-setup.yml + +- include: node-network.yml + +- name: "Verify SELinux is enforcing" + fail: + msg: "SELinux is required for OpenShift and has been detected as '{{ ansible_selinux.config_mode }}'" + when: ansible_selinux.config_mode != "enforcing" diff --git a/roles/openshift_openstack/tasks/node-network.yml b/roles/openshift_openstack/tasks/node-network.yml new file mode 100644 index 000000000..f494e5158 --- /dev/null +++ b/roles/openshift_openstack/tasks/node-network.yml @@ -0,0 +1,19 @@ +--- +- name: configure NetworkManager + lineinfile: + dest: "/etc/sysconfig/network-scripts/ifcfg-{{ ansible_default_ipv4['interface'] }}" + regexp: '^{{ item }}=' + line: '{{ item }}=yes' + state: present + create: yes + with_items: + - 'USE_PEERDNS' + - 'NM_CONTROLLED' + +- name: enable and start NetworkManager + service: + name: NetworkManager + state: restarted + enabled: yes + +# TODO(shadower): add the flannel interface tasks from post-provision-openstack.yml diff --git a/roles/openshift_openstack/tasks/node-packages.yml b/roles/openshift_openstack/tasks/node-packages.yml new file mode 100644 index 000000000..c65eaec3b --- /dev/null +++ b/roles/openshift_openstack/tasks/node-packages.yml @@ -0,0 +1,15 @@ +--- +# TODO: subscribe to RHEL and install docker and other packages here + +- name: Install required packages + yum: + name: "{{ item }}" + state: latest + with_items: "{{ required_packages }}" + +- name: Install debug packages (optional) + yum: + name: "{{ item }}" + state: latest + with_items: "{{ debug_packages }}" + when: install_debug_packages|bool diff --git a/roles/openshift_openstack/tasks/populate-dns.yml b/roles/openshift_openstack/tasks/populate-dns.yml new file mode 100644 index 000000000..f1a868a19 --- /dev/null +++ b/roles/openshift_openstack/tasks/populate-dns.yml @@ -0,0 +1,5 @@ +# TODO: use nsupdate to populate the DNS servers using the keys +# specified in the inventory. + +# this is an optional step -- the deployers may do whatever else they +# wish here. diff --git a/roles/openshift_openstack/tasks/prepare-and-format-cinder-volume.yaml b/roles/openshift_openstack/tasks/prepare-and-format-cinder-volume.yaml new file mode 100644 index 000000000..fc51f6dc2 --- /dev/null +++ b/roles/openshift_openstack/tasks/prepare-and-format-cinder-volume.yaml @@ -0,0 +1,59 @@ +--- +- name: Attach the volume to the VM + os_server_volume: + state: present + server: "{{ groups['masters'][0] }}" + volume: "{{ cinder_volume }}" + register: volume_attachment + +- set_fact: + attached_device: >- + {{ volume_attachment['attachments']|json_query("[?volume_id=='" + cinder_volume + "'].device | [0]") }} + +- delegate_to: "{{ groups['masters'][0] }}" + block: + - name: Wait for the device to appear + wait_for: path={{ attached_device }} + + - name: Create a temp directory for mounting the volume + tempfile: + prefix: cinder-volume + state: directory + register: cinder_mount_dir + + - name: Format the device + filesystem: + fstype: "{{ cinder_fs }}" + dev: "{{ attached_device }}" + + - name: Mount the device + mount: + name: "{{ cinder_mount_dir.path }}" + src: "{{ attached_device }}" + state: mounted + fstype: "{{ cinder_fs }}" + + - name: Change mode on the filesystem + file: + path: "{{ cinder_mount_dir.path }}" + state: directory + recurse: true + mode: 0777 + + - name: Unmount the device + mount: + name: "{{ cinder_mount_dir.path }}" + src: "{{ attached_device }}" + state: absent + fstype: "{{ cinder_fs }}" + + - name: Delete the temp directory + file: + name: "{{ cinder_mount_dir.path }}" + state: absent + +- name: Detach the volume from the VM + os_server_volume: + state: absent + server: "{{ groups['masters'][0] }}" + volume: "{{ cinder_volume }}" diff --git a/roles/openshift_openstack/tasks/provision.yml b/roles/openshift_openstack/tasks/provision.yml new file mode 100644 index 000000000..8ebda8100 --- /dev/null +++ b/roles/openshift_openstack/tasks/provision.yml @@ -0,0 +1,30 @@ +--- +- name: Generate the templates + include: generate-templates.yml + when: + - stack_state == 'present' + +- name: Handle the Stack (create/delete) + ignore_errors: False + register: stack_create + os_stack: + name: "{{ stack_name }}" + state: "{{ stack_state }}" + template: "{{ stack_template_path | default(omit) }}" + wait: yes + +- name: Add the new nodes to the inventory + meta: refresh_inventory + +- name: Populate DNS entries + include: populate-dns.yml + when: + - stack_state == 'present' + +- name: CleanUp + include: cleanup.yml + when: + - stack_state == 'present' + +# TODO(shadower): create the registry and PV Cinder volumes if specified +# and include the `prepare-and-format-cinder-volume` tasks to set it up diff --git a/roles/openshift_openstack/tasks/subnet_update_dns_servers.yaml b/roles/openshift_openstack/tasks/subnet_update_dns_servers.yaml new file mode 100644 index 000000000..af28fc98f --- /dev/null +++ b/roles/openshift_openstack/tasks/subnet_update_dns_servers.yaml @@ -0,0 +1,9 @@ +--- +- name: Live update the subnet's DNS servers + os_subnet: + name: openshift-ansible-{{ stack_name }}-subnet + network_name: openshift-ansible-{{ stack_name }}-net + state: present + use_default_subnetpool: yes + dns_nameservers: "{{ [private_dns_server|default(public_dns_nameservers[0])]|union(public_dns_nameservers)|unique }}" + when: not provider_network -- cgit v1.2.3 From fabf16250b3947a04fc3b3bcb9b6fc7c1265651b Mon Sep 17 00:00:00 2001 From: Tomas Sedovic Date: Mon, 30 Oct 2017 17:53:02 +0100 Subject: Add a stub of the dns record update code in This will mostly not work but it's a starting point. --- roles/openshift_openstack/tasks/populate-dns.yml | 167 +++++++++++++++++++++++ 1 file changed, 167 insertions(+) (limited to 'roles/openshift_openstack/tasks') diff --git a/roles/openshift_openstack/tasks/populate-dns.yml b/roles/openshift_openstack/tasks/populate-dns.yml index f1a868a19..c8243dc1f 100644 --- a/roles/openshift_openstack/tasks/populate-dns.yml +++ b/roles/openshift_openstack/tasks/populate-dns.yml @@ -3,3 +3,170 @@ # this is an optional step -- the deployers may do whatever else they # wish here. + + +# TODO: build records +# TODO: run nsupdate + + +- name: "Generate list of private A records" + set_fact: + private_records: "{{ [ { 'type': 'A', 'hostname': hostvars[item]['ansible_hostname'], 'ip': hostvars[item]['private_v4'] } ] }}" + with_items: "{{ groups['cluster_hosts'] }}" + +# - name: "Add wildcard records to the private A records for infrahosts" +# set_fact: +# private_records: "{{ private_records | default([]) + [ { 'type': 'A', 'hostname': '*.' + openshift_app_domain, 'ip': hostvars[item]['private_v4'] } ] }}" +# with_items: "{{ groups['infra_hosts'] }}" + +# - name: "Add public master cluster hostname records to the private A records (single master)" +# set_fact: +# private_records: "{{ private_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(full_dns_domain, ''))[:-1], 'ip': hostvars[groups.masters[0]].private_v4 } ] }}" +# when: +# - hostvars[groups.masters[0]].openshift_master_cluster_public_hostname is defined +# - openstack_num_masters == 1 + +# - name: "Add public master cluster hostname records to the private A records (multi-master)" +# set_fact: +# private_records: "{{ private_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(full_dns_domain, ''))[:-1], 'ip': hostvars[groups.lb[0]].private_v4 } ] }}" +# when: +# - hostvars[groups.masters[0]].openshift_master_cluster_public_hostname is defined +# - openstack_num_masters > 1 + +- name: "Set the private DNS server to use the external value (if provided)" + set_fact: + nsupdate_server_private: "{{ external_nsupdate_keys['private']['server'] }}" + nsupdate_key_secret_private: "{{ external_nsupdate_keys['private']['key_secret'] }}" + nsupdate_key_algorithm_private: "{{ external_nsupdate_keys['private']['key_algorithm'] }}" + nsupdate_private_key_name: "{{ external_nsupdate_keys['private']['key_name']|default('private-' + full_dns_domain) }}" + when: + - external_nsupdate_keys is defined + - external_nsupdate_keys['private'] is defined + + +- name: "Generate the private Add section for DNS" + set_fact: + private_named_records: + - view: "private" + zone: "{{ full_dns_domain }}" + server: "{{ nsupdate_server_private }}" + key_name: "{{ nsupdate_private_key_name|default('private-' + full_dns_domain) }}" + key_secret: "{{ nsupdate_key_secret_private }}" + key_algorithm: "{{ nsupdate_key_algorithm_private | lower }}" + entries: "{{ private_records }}" + +# - name: "Generate list of public A records" +# set_fact: +# public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': hostvars[item]['ansible_hostname'], 'ip': hostvars[item]['public_v4'] } ] }}" +# with_items: "{{ groups['cluster_hosts'] }}" +# when: hostvars[item]['public_v4'] is defined + +# - name: "Add wildcard records to the public A records" +# set_fact: +# public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': '*.' + openshift_app_domain, 'ip': hostvars[item]['public_v4'] } ] }}" +# with_items: "{{ groups['infra_hosts'] }}" +# when: hostvars[item]['public_v4'] is defined + +# - name: "Add public master cluster hostname records to the public A records (single master)" +# set_fact: +# public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(full_dns_domain, ''))[:-1], 'ip': hostvars[groups.masters[0]].public_v4 } ] }}" +# when: +# - hostvars[groups.masters[0]].openshift_master_cluster_public_hostname is defined +# - openstack_num_masters == 1 +# - not use_bastion|bool + +# - name: "Add public master cluster hostname records to the public A records (single master behind a bastion)" +# set_fact: +# public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(full_dns_domain, ''))[:-1], 'ip': hostvars[groups.bastions[0]].public_v4 } ] }}" +# when: +# - hostvars[groups.masters[0]].openshift_master_cluster_public_hostname is defined +# - openstack_num_masters == 1 +# - use_bastion|bool + +# - name: "Add public master cluster hostname records to the public A records (multi-master)" +# set_fact: +# public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(full_dns_domain, ''))[:-1], 'ip': hostvars[groups.lb[0]].public_v4 } ] }}" +# when: +# - hostvars[groups.masters[0]].openshift_master_cluster_public_hostname is defined +# - openstack_num_masters > 1 + +# - name: "Set the public DNS server details to use the external value (if provided)" +# set_fact: +# nsupdate_server_public: "{{ external_nsupdate_keys['public']['server'] }}" +# nsupdate_key_secret_public: "{{ external_nsupdate_keys['public']['key_secret'] }}" +# nsupdate_key_algorithm_public: "{{ external_nsupdate_keys['public']['key_algorithm'] }}" +# nsupdate_public_key_name: "{{ external_nsupdate_keys['public']['key_name']|default('public-' + full_dns_domain) }}" +# when: +# - external_nsupdate_keys is defined +# - external_nsupdate_keys['public'] is defined + +# - name: "Set the public DNS server details to use the provisioned value" +# set_fact: +# nsupdate_server_public: "{{ hostvars[groups['dns'][0]].public_v4 }}" +# nsupdate_key_secret_public: "{{ hostvars[groups['dns'][0]].nsupdate_keys['public-' + full_dns_domain].key_secret }}" +# nsupdate_key_algorithm_public: "{{ hostvars[groups['dns'][0]].nsupdate_keys['public-' + full_dns_domain].key_algorithm }}" +# when: +# - nsupdate_server_public is undefined + +# - name: "Generate the public Add section for DNS" +# set_fact: +# public_named_records: +# - view: "public" +# zone: "{{ full_dns_domain }}" +# server: "{{ nsupdate_server_public }}" +# key_name: "{{ nsupdate_public_key_name|default('public-' + full_dns_domain) }}" +# key_secret: "{{ nsupdate_key_secret_public }}" +# key_algorithm: "{{ nsupdate_key_algorithm_public | lower }}" +# entries: "{{ public_records }}" + + + + + + +- name: "Generate the final dns_records_add" + set_fact: + # TODO(shadower): enable this when we add public records + #dns_records_add: "{{ private_named_records + public_named_records }}" + dns_records_add: "{{ private_named_records }}" + + + +# RUN NSUPDATE + +- name: "Remove any deleted DNS A records" + nsupdate: + key_name: "{{ item.0.key_name }}" + key_secret: "{{ item.0.key_secret }}" + key_algorithm: "{{ item.0.key_algorithm }}" + server: "{{ item.0.server }}" + zone: "{{ item.0.zone }}" + record: "{{ item.1.hostname }}" + type: "{{ item.1.type }}" + state: absent + with_subelements: + - "{{ dns_records_rm | default({}) }}" + - entries + register: nsupdate_remove_result + until: nsupdate_remove_result|succeeded + retries: 10 + delay: 1 + +- name: "Add DNS A records" + nsupdate: + key_name: "{{ item.0.key_name }}" + key_secret: "{{ item.0.key_secret }}" + key_algorithm: "{{ item.0.key_algorithm }}" + server: "{{ item.0.server }}" + zone: "{{ item.0.zone }}" + record: "{{ item.1.hostname }}" + value: "{{ item.1.ip }}" + type: "{{ item.1.type }}" + state: present + with_subelements: + - "{{ dns_records_add | default({}) }}" + - entries + register: nsupdate_add_result + until: nsupdate_add_result|succeeded + retries: 10 + delay: 1 -- cgit v1.2.3 From 23674d565f2801d88060bd0443ec384fbdcdad59 Mon Sep 17 00:00:00 2001 From: Tomas Sedovic Date: Wed, 1 Nov 2017 15:47:04 +0100 Subject: Remove the subnet_update_dns_servers task list It's no longer being used. --- roles/openshift_openstack/tasks/subnet_update_dns_servers.yaml | 9 --------- 1 file changed, 9 deletions(-) delete mode 100644 roles/openshift_openstack/tasks/subnet_update_dns_servers.yaml (limited to 'roles/openshift_openstack/tasks') diff --git a/roles/openshift_openstack/tasks/subnet_update_dns_servers.yaml b/roles/openshift_openstack/tasks/subnet_update_dns_servers.yaml deleted file mode 100644 index af28fc98f..000000000 --- a/roles/openshift_openstack/tasks/subnet_update_dns_servers.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -- name: Live update the subnet's DNS servers - os_subnet: - name: openshift-ansible-{{ stack_name }}-subnet - network_name: openshift-ansible-{{ stack_name }}-net - state: present - use_default_subnetpool: yes - dns_nameservers: "{{ [private_dns_server|default(public_dns_nameservers[0])]|union(public_dns_nameservers)|unique }}" - when: not provider_network -- cgit v1.2.3 From 79f29bc825286c4f69073827a5b6d71f71f47c91 Mon Sep 17 00:00:00 2001 From: Tomas Sedovic Date: Wed, 1 Nov 2017 16:43:13 +0100 Subject: Add the DNS updates and rename the openstack vars Most of the vars in `roles/openshift_openstack/defaults/main.yml` are now prefixed with `openstack_`. --- .../tasks/check-prerequisites.yml | 4 +- .../tasks/generate-templates.yml | 3 + roles/openshift_openstack/tasks/hostname.yml | 49 +++--- roles/openshift_openstack/tasks/populate-dns.yml | 187 ++++++++------------- roles/openshift_openstack/tasks/provision.yml | 5 - 5 files changed, 97 insertions(+), 151 deletions(-) (limited to 'roles/openshift_openstack/tasks') diff --git a/roles/openshift_openstack/tasks/check-prerequisites.yml b/roles/openshift_openstack/tasks/check-prerequisites.yml index 4d7cfbf11..13000e31f 100644 --- a/roles/openshift_openstack/tasks/check-prerequisites.yml +++ b/roles/openshift_openstack/tasks/check-prerequisites.yml @@ -76,13 +76,13 @@ - name: Try to show keypair command: > python -c 'import shade; cloud = shade.openstack_cloud(); - exit(cloud.get_keypair("{{ openstack_ssh_public_key }}") is None)' + exit(cloud.get_keypair("{{ openstack_keypair_name }}") is None)' ignore_errors: yes register: key_result - name: Check that keypair is available assert: that: 'key_result.rc == 0' - msg: "Keypair {{ openstack_ssh_public_key }} is not available" + msg: "Keypair {{ openstack_keypair_name }} is not available" # Check that custom images are available - include: custom_image_check.yaml diff --git a/roles/openshift_openstack/tasks/generate-templates.yml b/roles/openshift_openstack/tasks/generate-templates.yml index 0ff50a095..3a8b588e9 100644 --- a/roles/openshift_openstack/tasks/generate-templates.yml +++ b/roles/openshift_openstack/tasks/generate-templates.yml @@ -10,6 +10,9 @@ stack_template_path: "{{ stack_template_pre.path }}/stack.yaml" user_data_template_path: "{{ stack_template_pre.path }}/user-data" +- name: Print out the Heat template directory + debug: var=stack_template_pre + - name: generate HOT stack template from jinja2 template template: src: heat_stack.yaml.j2 diff --git a/roles/openshift_openstack/tasks/hostname.yml b/roles/openshift_openstack/tasks/hostname.yml index 0fc8fbc4c..9815d0e80 100644 --- a/roles/openshift_openstack/tasks/hostname.yml +++ b/roles/openshift_openstack/tasks/hostname.yml @@ -1,33 +1,26 @@ --- -- name: "Verify hostname" - command: hostnamectl status --static - register: hostname_fqdn +- name: Setting Hostname Fact + set_fact: + new_hostname: "{{ custom_hostname | default(inventory_hostname_short) }}" -- name: "Set hostname if required" - when: hostname_fqdn.stdout != ansible_fqdn - block: - - name: Setting Hostname Fact - set_fact: - new_hostname: "{{ custom_hostname | default(inventory_hostname_short) }}" +- name: Setting FQDN Fact + set_fact: + new_fqdn: "{{ new_hostname }}.{{ full_dns_domain }}" - - name: Setting FQDN Fact - set_fact: - new_fqdn: "{{ new_hostname }}.{{ full_dns_domain }}" +- name: Setting hostname and DNS domain + hostname: name="{{ new_fqdn }}" - - name: Setting hostname and DNS domain - hostname: name="{{ new_fqdn }}" +- name: Check for cloud.cfg + stat: path=/etc/cloud/cloud.cfg + register: cloud_cfg - - name: Check for cloud.cfg - stat: path=/etc/cloud/cloud.cfg - register: cloud_cfg - - - name: Prevent cloud-init updates of hostname/fqdn (if applicable) - lineinfile: - dest: /etc/cloud/cloud.cfg - state: present - regexp: "{{ item.regexp }}" - line: "{{ item.line }}" - with_items: - - { regexp: '^ - set_hostname', line: '# - set_hostname' } - - { regexp: '^ - update_hostname', line: '# - update_hostname' } - when: cloud_cfg.stat.exists == True +- name: Prevent cloud-init updates of hostname/fqdn (if applicable) + lineinfile: + dest: /etc/cloud/cloud.cfg + state: present + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + with_items: + - { regexp: '^ - set_hostname', line: '# - set_hostname' } + - { regexp: '^ - update_hostname', line: '# - update_hostname' } + when: cloud_cfg.stat.exists == True diff --git a/roles/openshift_openstack/tasks/populate-dns.yml b/roles/openshift_openstack/tasks/populate-dns.yml index c8243dc1f..669b65a01 100644 --- a/roles/openshift_openstack/tasks/populate-dns.yml +++ b/roles/openshift_openstack/tasks/populate-dns.yml @@ -1,37 +1,26 @@ -# TODO: use nsupdate to populate the DNS servers using the keys -# specified in the inventory. - -# this is an optional step -- the deployers may do whatever else they -# wish here. - - -# TODO: build records -# TODO: run nsupdate - - - name: "Generate list of private A records" set_fact: - private_records: "{{ [ { 'type': 'A', 'hostname': hostvars[item]['ansible_hostname'], 'ip': hostvars[item]['private_v4'] } ] }}" + private_records: "{{ private_records | default([]) + [ { 'type': 'A', 'hostname': hostvars[item]['ansible_hostname'], 'ip': hostvars[item]['private_v4'] } ] }}" with_items: "{{ groups['cluster_hosts'] }}" -# - name: "Add wildcard records to the private A records for infrahosts" -# set_fact: -# private_records: "{{ private_records | default([]) + [ { 'type': 'A', 'hostname': '*.' + openshift_app_domain, 'ip': hostvars[item]['private_v4'] } ] }}" -# with_items: "{{ groups['infra_hosts'] }}" - -# - name: "Add public master cluster hostname records to the private A records (single master)" -# set_fact: -# private_records: "{{ private_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(full_dns_domain, ''))[:-1], 'ip': hostvars[groups.masters[0]].private_v4 } ] }}" -# when: -# - hostvars[groups.masters[0]].openshift_master_cluster_public_hostname is defined -# - openstack_num_masters == 1 - -# - name: "Add public master cluster hostname records to the private A records (multi-master)" -# set_fact: -# private_records: "{{ private_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(full_dns_domain, ''))[:-1], 'ip': hostvars[groups.lb[0]].private_v4 } ] }}" -# when: -# - hostvars[groups.masters[0]].openshift_master_cluster_public_hostname is defined -# - openstack_num_masters > 1 +- name: "Add wildcard records to the private A records for infrahosts" + set_fact: + private_records: "{{ private_records | default([]) + [ { 'type': 'A', 'hostname': '*.' + openshift_app_domain, 'ip': hostvars[item]['private_v4'] } ] }}" + with_items: "{{ groups['infra_hosts'] }}" + +- name: "Add public master cluster hostname records to the private A records (single master)" + set_fact: + private_records: "{{ private_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(full_dns_domain, ''))[:-1], 'ip': hostvars[groups.masters[0]].private_v4 } ] }}" + when: + - hostvars[groups.masters[0]].openshift_master_cluster_public_hostname is defined + - openstack_num_masters == 1 + +- name: "Add public master cluster hostname records to the private A records (multi-master)" + set_fact: + private_records: "{{ private_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(full_dns_domain, ''))[:-1], 'ip': hostvars[groups.lb[0]].private_v4 } ] }}" + when: + - hostvars[groups.masters[0]].openshift_master_cluster_public_hostname is defined + - openstack_num_masters > 1 - name: "Set the private DNS server to use the external value (if provided)" set_fact: @@ -55,102 +44,67 @@ key_algorithm: "{{ nsupdate_key_algorithm_private | lower }}" entries: "{{ private_records }}" -# - name: "Generate list of public A records" -# set_fact: -# public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': hostvars[item]['ansible_hostname'], 'ip': hostvars[item]['public_v4'] } ] }}" -# with_items: "{{ groups['cluster_hosts'] }}" -# when: hostvars[item]['public_v4'] is defined - -# - name: "Add wildcard records to the public A records" -# set_fact: -# public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': '*.' + openshift_app_domain, 'ip': hostvars[item]['public_v4'] } ] }}" -# with_items: "{{ groups['infra_hosts'] }}" -# when: hostvars[item]['public_v4'] is defined - -# - name: "Add public master cluster hostname records to the public A records (single master)" -# set_fact: -# public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(full_dns_domain, ''))[:-1], 'ip': hostvars[groups.masters[0]].public_v4 } ] }}" -# when: -# - hostvars[groups.masters[0]].openshift_master_cluster_public_hostname is defined -# - openstack_num_masters == 1 -# - not use_bastion|bool - -# - name: "Add public master cluster hostname records to the public A records (single master behind a bastion)" -# set_fact: -# public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(full_dns_domain, ''))[:-1], 'ip': hostvars[groups.bastions[0]].public_v4 } ] }}" -# when: -# - hostvars[groups.masters[0]].openshift_master_cluster_public_hostname is defined -# - openstack_num_masters == 1 -# - use_bastion|bool - -# - name: "Add public master cluster hostname records to the public A records (multi-master)" -# set_fact: -# public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(full_dns_domain, ''))[:-1], 'ip': hostvars[groups.lb[0]].public_v4 } ] }}" -# when: -# - hostvars[groups.masters[0]].openshift_master_cluster_public_hostname is defined -# - openstack_num_masters > 1 - -# - name: "Set the public DNS server details to use the external value (if provided)" -# set_fact: -# nsupdate_server_public: "{{ external_nsupdate_keys['public']['server'] }}" -# nsupdate_key_secret_public: "{{ external_nsupdate_keys['public']['key_secret'] }}" -# nsupdate_key_algorithm_public: "{{ external_nsupdate_keys['public']['key_algorithm'] }}" -# nsupdate_public_key_name: "{{ external_nsupdate_keys['public']['key_name']|default('public-' + full_dns_domain) }}" -# when: -# - external_nsupdate_keys is defined -# - external_nsupdate_keys['public'] is defined - -# - name: "Set the public DNS server details to use the provisioned value" -# set_fact: -# nsupdate_server_public: "{{ hostvars[groups['dns'][0]].public_v4 }}" -# nsupdate_key_secret_public: "{{ hostvars[groups['dns'][0]].nsupdate_keys['public-' + full_dns_domain].key_secret }}" -# nsupdate_key_algorithm_public: "{{ hostvars[groups['dns'][0]].nsupdate_keys['public-' + full_dns_domain].key_algorithm }}" -# when: -# - nsupdate_server_public is undefined - -# - name: "Generate the public Add section for DNS" -# set_fact: -# public_named_records: -# - view: "public" -# zone: "{{ full_dns_domain }}" -# server: "{{ nsupdate_server_public }}" -# key_name: "{{ nsupdate_public_key_name|default('public-' + full_dns_domain) }}" -# key_secret: "{{ nsupdate_key_secret_public }}" -# key_algorithm: "{{ nsupdate_key_algorithm_public | lower }}" -# entries: "{{ public_records }}" - +- name: "Generate list of public A records" + set_fact: + public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': hostvars[item]['ansible_hostname'], 'ip': hostvars[item]['public_v4'] } ] }}" + with_items: "{{ groups['cluster_hosts'] }}" + when: hostvars[item]['public_v4'] is defined +- name: "Add wildcard records to the public A records" + set_fact: + public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': '*.' + openshift_app_domain, 'ip': hostvars[item]['public_v4'] } ] }}" + with_items: "{{ groups['infra_hosts'] }}" + when: hostvars[item]['public_v4'] is defined +- name: "Add public master cluster hostname records to the public A records (single master)" + set_fact: + public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(full_dns_domain, ''))[:-1], 'ip': hostvars[groups.masters[0]].public_v4 } ] }}" + when: + - hostvars[groups.masters[0]].openshift_master_cluster_public_hostname is defined + - openstack_num_masters == 1 + - not openstack_use_bastion|bool +- name: "Add public master cluster hostname records to the public A records (single master behind a bastion)" + set_fact: + public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(full_dns_domain, ''))[:-1], 'ip': hostvars[groups.bastions[0]].public_v4 } ] }}" + when: + - hostvars[groups.masters[0]].openshift_master_cluster_public_hostname is defined + - openstack_num_masters == 1 + - openstack_use_bastion|bool +- name: "Add public master cluster hostname records to the public A records (multi-master)" + set_fact: + public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(full_dns_domain, ''))[:-1], 'ip': hostvars[groups.lb[0]].public_v4 } ] }}" + when: + - hostvars[groups.masters[0]].openshift_master_cluster_public_hostname is defined + - openstack_num_masters > 1 -- name: "Generate the final dns_records_add" +- name: "Set the public DNS server details to use the external value (if provided)" set_fact: - # TODO(shadower): enable this when we add public records - #dns_records_add: "{{ private_named_records + public_named_records }}" - dns_records_add: "{{ private_named_records }}" + nsupdate_server_public: "{{ external_nsupdate_keys['public']['server'] }}" + nsupdate_key_secret_public: "{{ external_nsupdate_keys['public']['key_secret'] }}" + nsupdate_key_algorithm_public: "{{ external_nsupdate_keys['public']['key_algorithm'] }}" + nsupdate_public_key_name: "{{ external_nsupdate_keys['public']['key_name']|default('public-' + full_dns_domain) }}" + when: + - external_nsupdate_keys is defined + - external_nsupdate_keys['public'] is defined +- name: "Generate the public Add section for DNS" + set_fact: + public_named_records: + - view: "public" + zone: "{{ full_dns_domain }}" + server: "{{ nsupdate_server_public }}" + key_name: "{{ nsupdate_public_key_name|default('public-' + full_dns_domain) }}" + key_secret: "{{ nsupdate_key_secret_public }}" + key_algorithm: "{{ nsupdate_key_algorithm_public | lower }}" + entries: "{{ public_records }}" -# RUN NSUPDATE +- name: "Generate the final dns_records_add" + set_fact: + dns_records_add: "{{ private_named_records + public_named_records }}" -- name: "Remove any deleted DNS A records" - nsupdate: - key_name: "{{ item.0.key_name }}" - key_secret: "{{ item.0.key_secret }}" - key_algorithm: "{{ item.0.key_algorithm }}" - server: "{{ item.0.server }}" - zone: "{{ item.0.zone }}" - record: "{{ item.1.hostname }}" - type: "{{ item.1.type }}" - state: absent - with_subelements: - - "{{ dns_records_rm | default({}) }}" - - entries - register: nsupdate_remove_result - until: nsupdate_remove_result|succeeded - retries: 10 - delay: 1 - name: "Add DNS A records" nsupdate: @@ -162,6 +116,7 @@ record: "{{ item.1.hostname }}" value: "{{ item.1.ip }}" type: "{{ item.1.type }}" + # TODO(shadower): add a cleanup playbook that removes these records, too! state: present with_subelements: - "{{ dns_records_add | default({}) }}" diff --git a/roles/openshift_openstack/tasks/provision.yml b/roles/openshift_openstack/tasks/provision.yml index 8ebda8100..e693f535a 100644 --- a/roles/openshift_openstack/tasks/provision.yml +++ b/roles/openshift_openstack/tasks/provision.yml @@ -16,11 +16,6 @@ - name: Add the new nodes to the inventory meta: refresh_inventory -- name: Populate DNS entries - include: populate-dns.yml - when: - - stack_state == 'present' - - name: CleanUp include: cleanup.yml when: -- cgit v1.2.3 From f462e7a682cb65085864d7eff4b7898fe8555a75 Mon Sep 17 00:00:00 2001 From: Tomas Sedovic Date: Thu, 2 Nov 2017 10:07:08 +0100 Subject: Move the selinux check up --- roles/openshift_openstack/tasks/node-configuration.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'roles/openshift_openstack/tasks') diff --git a/roles/openshift_openstack/tasks/node-configuration.yml b/roles/openshift_openstack/tasks/node-configuration.yml index 8a6a8022f..89e58d830 100644 --- a/roles/openshift_openstack/tasks/node-configuration.yml +++ b/roles/openshift_openstack/tasks/node-configuration.yml @@ -1,11 +1,11 @@ --- +- name: "Verify SELinux is enforcing" + fail: + msg: "SELinux is required for OpenShift and has been detected as '{{ ansible_selinux.config_mode }}'" + when: ansible_selinux.config_mode != "enforcing" + - include: hostname.yml - include: container-storage-setup.yml - include: node-network.yml - -- name: "Verify SELinux is enforcing" - fail: - msg: "SELinux is required for OpenShift and has been detected as '{{ ansible_selinux.config_mode }}'" - when: ansible_selinux.config_mode != "enforcing" -- cgit v1.2.3 From bde35d577f4ccb786a65a84142fabe90eb903599 Mon Sep 17 00:00:00 2001 From: Tomas Sedovic Date: Thu, 2 Nov 2017 10:15:42 +0100 Subject: Use the default `item` loop variable for checks --- roles/openshift_openstack/tasks/check-prerequisites.yml | 16 ++++++---------- roles/openshift_openstack/tasks/custom_flavor_check.yaml | 5 +++-- roles/openshift_openstack/tasks/custom_image_check.yaml | 4 ++-- 3 files changed, 11 insertions(+), 14 deletions(-) (limited to 'roles/openshift_openstack/tasks') diff --git a/roles/openshift_openstack/tasks/check-prerequisites.yml b/roles/openshift_openstack/tasks/check-prerequisites.yml index 13000e31f..a91e60640 100644 --- a/roles/openshift_openstack/tasks/check-prerequisites.yml +++ b/roles/openshift_openstack/tasks/check-prerequisites.yml @@ -93,17 +93,13 @@ - "{{ openstack_lb_image }}" - "{{ openstack_etcd_image }}" - "{{ openstack_dns_image }}" - loop_control: - loop_var: image # Check that custom flavors are available - include: custom_flavor_check.yaml with_items: - - "{{ master_flavor }}" - - "{{ infra_flavor }}" - - "{{ node_flavor }}" - - "{{ lb_flavor }}" - - "{{ etcd_flavor }}" - - "{{ dns_flavor }}" - loop_control: - loop_var: flavor + - "{{ openstack_master_flavor }}" + - "{{ openstack_infra_flavor }}" + - "{{ openstack_node_flavor }}" + - "{{ openstack_lb_flavor }}" + - "{{ openstack_etcd_flavor }}" + - "{{ openstack_dns_flavor }}" diff --git a/roles/openshift_openstack/tasks/custom_flavor_check.yaml b/roles/openshift_openstack/tasks/custom_flavor_check.yaml index e11874c28..5fb7a76ff 100644 --- a/roles/openshift_openstack/tasks/custom_flavor_check.yaml +++ b/roles/openshift_openstack/tasks/custom_flavor_check.yaml @@ -1,9 +1,10 @@ --- - name: Try to get flavor facts os_flavor_facts: - name: "{{ flavor }}" + name: "{{ item }}" register: flavor_result + - name: Check that custom flavor is available assert: that: "flavor_result.ansible_facts.openstack_flavors" - msg: "Flavor {{ flavor }} is not available." + msg: "Flavor {{ item }} is not available." diff --git a/roles/openshift_openstack/tasks/custom_image_check.yaml b/roles/openshift_openstack/tasks/custom_image_check.yaml index 4fbd6a687..4ae163406 100644 --- a/roles/openshift_openstack/tasks/custom_image_check.yaml +++ b/roles/openshift_openstack/tasks/custom_image_check.yaml @@ -1,10 +1,10 @@ --- - name: Try to get image facts os_image_facts: - image: "{{ image }}" + image: "{{ item }}" register: image_result - name: Check that custom image is available assert: that: "image_result.ansible_facts.openstack_image" - msg: "Image {{ image }} is not available." + msg: "Image {{ item }} is not available." -- cgit v1.2.3 From 4fd33e96eed4d1d5eaca0af8f2ef3e81fcaf5498 Mon Sep 17 00:00:00 2001 From: Tomas Sedovic Date: Thu, 2 Nov 2017 10:44:41 +0100 Subject: Simplify the template paths for the storage setup Because the templates are present in a role, the `template` module is able to look them up directly, without having to use `{{ role_path }}/templates`. --- roles/openshift_openstack/tasks/container-storage-setup.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'roles/openshift_openstack/tasks') diff --git a/roles/openshift_openstack/tasks/container-storage-setup.yml b/roles/openshift_openstack/tasks/container-storage-setup.yml index 5cd48ca2c..82307b208 100644 --- a/roles/openshift_openstack/tasks/container-storage-setup.yml +++ b/roles/openshift_openstack/tasks/container-storage-setup.yml @@ -2,7 +2,7 @@ - block: - name: create the docker-storage config file template: - src: "{{ role_path }}/templates/docker-storage-setup-overlayfs.j2" + src: docker-storage-setup-overlayfs.j2 dest: /etc/sysconfig/docker-storage-setup owner: root group: root @@ -14,7 +14,7 @@ - block: - name: create the docker-storage-setup config file template: - src: "{{ role_path }}/templates/docker-storage-setup-dm.j2" + src: docker-storage-setup-dm.j2 dest: /etc/sysconfig/docker-storage-setup owner: root group: root @@ -26,7 +26,7 @@ - block: - name: create the docker-storage-setup config file for CentOS template: - src: "{{ role_path }}/templates/docker-storage-setup-dm.j2" + src: docker-storage-setup-dm.j2 dest: /etc/sysconfig/docker-storage-setup owner: root group: root -- cgit v1.2.3 From b95170503613bb97c00175324b31ed91f6f41ea1 Mon Sep 17 00:00:00 2001 From: Tomas Sedovic Date: Thu, 2 Nov 2017 11:03:39 +0100 Subject: Namespace the OpenStack vars This makes sure that all the variables used in the `openshift_openstack` role are prefixed with `openshift_openstack_` as is the convention. --- .../tasks/check-prerequisites.yml | 40 ++++++------- roles/openshift_openstack/tasks/hostname.yml | 2 +- .../openshift_openstack/tasks/net_vars_check.yaml | 2 +- roles/openshift_openstack/tasks/node-packages.yml | 6 +- roles/openshift_openstack/tasks/populate-dns.yml | 66 +++++++++++----------- roles/openshift_openstack/tasks/provision.yml | 8 +-- 6 files changed, 62 insertions(+), 62 deletions(-) (limited to 'roles/openshift_openstack/tasks') diff --git a/roles/openshift_openstack/tasks/check-prerequisites.yml b/roles/openshift_openstack/tasks/check-prerequisites.yml index a91e60640..57c7238d1 100644 --- a/roles/openshift_openstack/tasks/check-prerequisites.yml +++ b/roles/openshift_openstack/tasks/check-prerequisites.yml @@ -50,24 +50,24 @@ # Check Glance image - name: Try to get image facts os_image_facts: - image: "{{ openstack_default_image_name }}" + image: "{{ openshift_openstack_default_image_name }}" register: image_result - name: Check that image is available assert: that: "image_result.ansible_facts.openstack_image" - msg: "Image {{ openstack_default_image_name }} is not available" + msg: "Image {{ openshift_openstack_default_image_name }} is not available" # Check network name - name: Try to get network facts os_networks_facts: - name: "{{ openstack_external_network_name }}" + name: "{{ openshift_openstack_external_network_name }}" register: network_result - when: not openstack_provider_network_name|default(None) + when: not openshift_openstack_provider_network_name|default(None) - name: Check that network is available assert: that: "network_result.ansible_facts.openstack_networks" - msg: "Network {{ openstack_external_network_name }} is not available" - when: not openstack_provider_network_name|default(None) + msg: "Network {{ openshift_openstack_external_network_name }} is not available" + when: not openshift_openstack_provider_network_name|default(None) # Check keypair # TODO kpilatov: there is no Ansible module for getting OS keypairs @@ -76,30 +76,30 @@ - name: Try to show keypair command: > python -c 'import shade; cloud = shade.openstack_cloud(); - exit(cloud.get_keypair("{{ openstack_keypair_name }}") is None)' + exit(cloud.get_keypair("{{ openshift_openstack_keypair_name }}") is None)' ignore_errors: yes register: key_result - name: Check that keypair is available assert: that: 'key_result.rc == 0' - msg: "Keypair {{ openstack_keypair_name }} is not available" + msg: "Keypair {{ openshift_openstack_keypair_name }} is not available" # Check that custom images are available - include: custom_image_check.yaml with_items: - - "{{ openstack_master_image }}" - - "{{ openstack_infra_image }}" - - "{{ openstack_node_image }}" - - "{{ openstack_lb_image }}" - - "{{ openstack_etcd_image }}" - - "{{ openstack_dns_image }}" + - "{{ openshift_openstack_master_image }}" + - "{{ openshift_openstack_infra_image }}" + - "{{ openshift_openstack_node_image }}" + - "{{ openshift_openstack_lb_image }}" + - "{{ openshift_openstack_etcd_image }}" + - "{{ openshift_openstack_dns_image }}" # Check that custom flavors are available - include: custom_flavor_check.yaml with_items: - - "{{ openstack_master_flavor }}" - - "{{ openstack_infra_flavor }}" - - "{{ openstack_node_flavor }}" - - "{{ openstack_lb_flavor }}" - - "{{ openstack_etcd_flavor }}" - - "{{ openstack_dns_flavor }}" + - "{{ openshift_openstack_master_flavor }}" + - "{{ openshift_openstack_infra_flavor }}" + - "{{ openshift_openstack_node_flavor }}" + - "{{ openshift_openstack_lb_flavor }}" + - "{{ openshift_openstack_etcd_flavor }}" + - "{{ openshift_openstack_dns_flavor }}" diff --git a/roles/openshift_openstack/tasks/hostname.yml b/roles/openshift_openstack/tasks/hostname.yml index 9815d0e80..e1a18425f 100644 --- a/roles/openshift_openstack/tasks/hostname.yml +++ b/roles/openshift_openstack/tasks/hostname.yml @@ -5,7 +5,7 @@ - name: Setting FQDN Fact set_fact: - new_fqdn: "{{ new_hostname }}.{{ full_dns_domain }}" + new_fqdn: "{{ new_hostname }}.{{ openshift_openstack_full_dns_domain }}" - name: Setting hostname and DNS domain hostname: name="{{ new_fqdn }}" diff --git a/roles/openshift_openstack/tasks/net_vars_check.yaml b/roles/openshift_openstack/tasks/net_vars_check.yaml index 68afde415..18b9b21b9 100644 --- a/roles/openshift_openstack/tasks/net_vars_check.yaml +++ b/roles/openshift_openstack/tasks/net_vars_check.yaml @@ -3,7 +3,7 @@ fail: msg: "Flannel SDN requires a dedicated containers data network and can not work over a provider network" when: - - openstack_provider_network_name is defined + - openshift_openstack_provider_network_name is defined - openstack_private_data_network_name is defined - name: Check the flannel network configuration diff --git a/roles/openshift_openstack/tasks/node-packages.yml b/roles/openshift_openstack/tasks/node-packages.yml index c65eaec3b..7864f5269 100644 --- a/roles/openshift_openstack/tasks/node-packages.yml +++ b/roles/openshift_openstack/tasks/node-packages.yml @@ -5,11 +5,11 @@ yum: name: "{{ item }}" state: latest - with_items: "{{ required_packages }}" + with_items: "{{ openshift_openstack_required_packages }}" - name: Install debug packages (optional) yum: name: "{{ item }}" state: latest - with_items: "{{ debug_packages }}" - when: install_debug_packages|bool + with_items: "{{ openshift_openstack_debug_packages }}" + when: openshift_openstack_install_debug_packages|bool diff --git a/roles/openshift_openstack/tasks/populate-dns.yml b/roles/openshift_openstack/tasks/populate-dns.yml index 669b65a01..080c3aca9 100644 --- a/roles/openshift_openstack/tasks/populate-dns.yml +++ b/roles/openshift_openstack/tasks/populate-dns.yml @@ -5,41 +5,41 @@ - name: "Add wildcard records to the private A records for infrahosts" set_fact: - private_records: "{{ private_records | default([]) + [ { 'type': 'A', 'hostname': '*.' + openshift_app_domain, 'ip': hostvars[item]['private_v4'] } ] }}" + private_records: "{{ private_records | default([]) + [ { 'type': 'A', 'hostname': '*.' + openshift_openstack_app_subdomain, 'ip': hostvars[item]['private_v4'] } ] }}" with_items: "{{ groups['infra_hosts'] }}" - name: "Add public master cluster hostname records to the private A records (single master)" set_fact: - private_records: "{{ private_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(full_dns_domain, ''))[:-1], 'ip': hostvars[groups.masters[0]].private_v4 } ] }}" + private_records: "{{ private_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(openshift_openstack_full_dns_domain, ''))[:-1], 'ip': hostvars[groups.masters[0]].private_v4 } ] }}" when: - hostvars[groups.masters[0]].openshift_master_cluster_public_hostname is defined - - openstack_num_masters == 1 + - openshift_openstack_num_masters == 1 - name: "Add public master cluster hostname records to the private A records (multi-master)" set_fact: - private_records: "{{ private_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(full_dns_domain, ''))[:-1], 'ip': hostvars[groups.lb[0]].private_v4 } ] }}" + private_records: "{{ private_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(openshift_openstack_full_dns_domain, ''))[:-1], 'ip': hostvars[groups.lb[0]].private_v4 } ] }}" when: - hostvars[groups.masters[0]].openshift_master_cluster_public_hostname is defined - - openstack_num_masters > 1 + - openshift_openstack_num_masters > 1 - name: "Set the private DNS server to use the external value (if provided)" set_fact: - nsupdate_server_private: "{{ external_nsupdate_keys['private']['server'] }}" - nsupdate_key_secret_private: "{{ external_nsupdate_keys['private']['key_secret'] }}" - nsupdate_key_algorithm_private: "{{ external_nsupdate_keys['private']['key_algorithm'] }}" - nsupdate_private_key_name: "{{ external_nsupdate_keys['private']['key_name']|default('private-' + full_dns_domain) }}" + nsupdate_server_private: "{{ openshift_openstack_external_nsupdate_keys['private']['server'] }}" + nsupdate_key_secret_private: "{{ openshift_openstack_external_nsupdate_keys['private']['key_secret'] }}" + nsupdate_key_algorithm_private: "{{ openshift_openstack_external_nsupdate_keys['private']['key_algorithm'] }}" + nsupdate_private_key_name: "{{ openshift_openstack_external_nsupdate_keys['private']['key_name']|default('private-' + openshift_openstack_full_dns_domain) }}" when: - - external_nsupdate_keys is defined - - external_nsupdate_keys['private'] is defined + - openshift_openstack_external_nsupdate_keys is defined + - openshift_openstack_external_nsupdate_keys['private'] is defined - name: "Generate the private Add section for DNS" set_fact: private_named_records: - view: "private" - zone: "{{ full_dns_domain }}" + zone: "{{ openshift_openstack_full_dns_domain }}" server: "{{ nsupdate_server_private }}" - key_name: "{{ nsupdate_private_key_name|default('private-' + full_dns_domain) }}" + key_name: "{{ nsupdate_private_key_name|default('private-' + openshift_openstack_full_dns_domain) }}" key_secret: "{{ nsupdate_key_secret_private }}" key_algorithm: "{{ nsupdate_key_algorithm_private | lower }}" entries: "{{ private_records }}" @@ -52,58 +52,58 @@ - name: "Add wildcard records to the public A records" set_fact: - public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': '*.' + openshift_app_domain, 'ip': hostvars[item]['public_v4'] } ] }}" + public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': '*.' + openshift_openstack_app_subdomain, 'ip': hostvars[item]['public_v4'] } ] }}" with_items: "{{ groups['infra_hosts'] }}" when: hostvars[item]['public_v4'] is defined - name: "Add public master cluster hostname records to the public A records (single master)" set_fact: - public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(full_dns_domain, ''))[:-1], 'ip': hostvars[groups.masters[0]].public_v4 } ] }}" + public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(openshift_openstack_full_dns_domain, ''))[:-1], 'ip': hostvars[groups.masters[0]].public_v4 } ] }}" when: - hostvars[groups.masters[0]].openshift_master_cluster_public_hostname is defined - - openstack_num_masters == 1 - - not openstack_use_bastion|bool + - openshift_openstack_num_masters == 1 + - not openshift_openstack_use_bastion|bool - name: "Add public master cluster hostname records to the public A records (single master behind a bastion)" set_fact: - public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(full_dns_domain, ''))[:-1], 'ip': hostvars[groups.bastions[0]].public_v4 } ] }}" + public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(openshift_openstack_full_dns_domain, ''))[:-1], 'ip': hostvars[groups.bastions[0]].public_v4 } ] }}" when: - hostvars[groups.masters[0]].openshift_master_cluster_public_hostname is defined - - openstack_num_masters == 1 - - openstack_use_bastion|bool + - openshift_openstack_num_masters == 1 + - openshift_openstack_use_bastion|bool - name: "Add public master cluster hostname records to the public A records (multi-master)" set_fact: - public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(full_dns_domain, ''))[:-1], 'ip': hostvars[groups.lb[0]].public_v4 } ] }}" + public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(openshift_openstack_full_dns_domain, ''))[:-1], 'ip': hostvars[groups.lb[0]].public_v4 } ] }}" when: - hostvars[groups.masters[0]].openshift_master_cluster_public_hostname is defined - - openstack_num_masters > 1 + - openshift_openstack_num_masters > 1 - name: "Set the public DNS server details to use the external value (if provided)" set_fact: - nsupdate_server_public: "{{ external_nsupdate_keys['public']['server'] }}" - nsupdate_key_secret_public: "{{ external_nsupdate_keys['public']['key_secret'] }}" - nsupdate_key_algorithm_public: "{{ external_nsupdate_keys['public']['key_algorithm'] }}" - nsupdate_public_key_name: "{{ external_nsupdate_keys['public']['key_name']|default('public-' + full_dns_domain) }}" + nsupdate_server_public: "{{ openshift_openstack_external_nsupdate_keys['public']['server'] }}" + nsupdate_key_secret_public: "{{ openshift_openstack_external_nsupdate_keys['public']['key_secret'] }}" + nsupdate_key_algorithm_public: "{{ openshift_openstack_external_nsupdate_keys['public']['key_algorithm'] }}" + nsupdate_public_key_name: "{{ openshift_openstack_external_nsupdate_keys['public']['key_name']|default('public-' + openshift_openstack_full_dns_domain) }}" when: - - external_nsupdate_keys is defined - - external_nsupdate_keys['public'] is defined + - openshift_openstack_external_nsupdate_keys is defined + - openshift_openstack_external_nsupdate_keys['public'] is defined - name: "Generate the public Add section for DNS" set_fact: public_named_records: - view: "public" - zone: "{{ full_dns_domain }}" + zone: "{{ openshift_openstack_full_dns_domain }}" server: "{{ nsupdate_server_public }}" - key_name: "{{ nsupdate_public_key_name|default('public-' + full_dns_domain) }}" + key_name: "{{ nsupdate_public_key_name|default('public-' + openshift_openstack_full_dns_domain) }}" key_secret: "{{ nsupdate_key_secret_public }}" key_algorithm: "{{ nsupdate_key_algorithm_public | lower }}" entries: "{{ public_records }}" -- name: "Generate the final dns_records_add" +- name: "Generate the final openshift_openstack_dns_records_add" set_fact: - dns_records_add: "{{ private_named_records + public_named_records }}" + openshift_openstack_dns_records_add: "{{ private_named_records + public_named_records }}" - name: "Add DNS A records" @@ -119,7 +119,7 @@ # TODO(shadower): add a cleanup playbook that removes these records, too! state: present with_subelements: - - "{{ dns_records_add | default({}) }}" + - "{{ openshift_openstack_dns_records_add | default({}) }}" - entries register: nsupdate_add_result until: nsupdate_add_result|succeeded diff --git a/roles/openshift_openstack/tasks/provision.yml b/roles/openshift_openstack/tasks/provision.yml index e693f535a..dccbe334c 100644 --- a/roles/openshift_openstack/tasks/provision.yml +++ b/roles/openshift_openstack/tasks/provision.yml @@ -2,14 +2,14 @@ - name: Generate the templates include: generate-templates.yml when: - - stack_state == 'present' + - openshift_openstack_stack_state == 'present' - name: Handle the Stack (create/delete) ignore_errors: False register: stack_create os_stack: - name: "{{ stack_name }}" - state: "{{ stack_state }}" + name: "{{ openshift_openstack_stack_name }}" + state: "{{ openshift_openstack_stack_state }}" template: "{{ stack_template_path | default(omit) }}" wait: yes @@ -19,7 +19,7 @@ - name: CleanUp include: cleanup.yml when: - - stack_state == 'present' + - openshift_openstack_stack_state == 'present' # TODO(shadower): create the registry and PV Cinder volumes if specified # and include the `prepare-and-format-cinder-volume` tasks to set it up -- cgit v1.2.3 From 67791867abbeb06c9bd11a1583ab6b976902fd15 Mon Sep 17 00:00:00 2001 From: Tomas Sedovic Date: Thu, 2 Nov 2017 18:08:03 +0100 Subject: Fix tox --- roles/openshift_openstack/tasks/populate-dns.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'roles/openshift_openstack/tasks') diff --git a/roles/openshift_openstack/tasks/populate-dns.yml b/roles/openshift_openstack/tasks/populate-dns.yml index 080c3aca9..c03aceb94 100644 --- a/roles/openshift_openstack/tasks/populate-dns.yml +++ b/roles/openshift_openstack/tasks/populate-dns.yml @@ -1,3 +1,4 @@ +--- - name: "Generate list of private A records" set_fact: private_records: "{{ private_records | default([]) + [ { 'type': 'A', 'hostname': hostvars[item]['ansible_hostname'], 'ip': hostvars[item]['private_v4'] } ] }}" @@ -119,8 +120,8 @@ # TODO(shadower): add a cleanup playbook that removes these records, too! state: present with_subelements: - - "{{ openshift_openstack_dns_records_add | default({}) }}" - - entries + - "{{ openshift_openstack_dns_records_add | default({}) }}" + - entries register: nsupdate_add_result until: nsupdate_add_result|succeeded retries: 10 -- cgit v1.2.3