From a0d2dd9d29e8622e739870baf172f2b8a7e9c6a0 Mon Sep 17 00:00:00 2001 From: Bogdan Dobrelya Date: Mon, 17 Jul 2017 14:05:42 +0200 Subject: Add a role to generate a static inventory (#540) * Add the static-inventory role that configures the inventory/hosts file by the given path, or creates it for you. Signed-off-by: Bogdan Dobrelya --- roles/static_inventory/defaults/main.yml | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 roles/static_inventory/defaults/main.yml (limited to 'roles/static_inventory/defaults/main.yml') diff --git a/roles/static_inventory/defaults/main.yml b/roles/static_inventory/defaults/main.yml new file mode 100644 index 000000000..315965cde --- /dev/null +++ b/roles/static_inventory/defaults/main.yml @@ -0,0 +1,8 @@ +--- +# Either to checkpoint the dynamic inventory into a static one +refresh_inventory: True +inventory: static +inventory_path: ~/openstack-inventory + +# SSH key to access nodes +private_ssh_key: ~/.ssh/openshift -- cgit v1.2.3 From 677fd46cf37cab5f995170b3567939d784ebb07a Mon Sep 17 00:00:00 2001 From: Bogdan Dobrelya Date: Wed, 5 Jul 2017 12:46:57 +0200 Subject: Add bastion and ssh config for the static inventory role * Autogenerate SSH config for static inventory and bastion. * When using bastion, use FQDN for inventory's ansible_host and SSH config's Hostname. Simplifies accessing nodes by names instead of private IPs. Signed-off-by: Bogdan Dobrelya --- roles/static_inventory/defaults/main.yml | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'roles/static_inventory/defaults/main.yml') diff --git a/roles/static_inventory/defaults/main.yml b/roles/static_inventory/defaults/main.yml index 315965cde..63de45646 100644 --- a/roles/static_inventory/defaults/main.yml +++ b/roles/static_inventory/defaults/main.yml @@ -4,5 +4,18 @@ refresh_inventory: True inventory: static inventory_path: ~/openstack-inventory +# Either to configure bastion +use_bastion: true + +# SSH user/key/options to access hosts via bastion +ssh_user: openshift +ssh_options: >- + -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no + -o ConnectTimeout=90 -o ControlMaster=auto -o ControlPersist=270s + -o ServerAliveInterval=30 -o GSSAPIAuthentication=no + # SSH key to access nodes private_ssh_key: ~/.ssh/openshift + +# The patch to store the generated config to access bastion/hosts +ssh_config_path: /tmp/ssh.config.ansible -- cgit v1.2.3 From 784443b0d88597b988c3d5c58bc6358f5c73675e Mon Sep 17 00:00:00 2001 From: Bogdan Dobrelya Date: Tue, 15 Aug 2017 17:48:58 +0200 Subject: Support multiple private networks for static inventory (#604) Add openstack_private_network_name to filter by a wanted private network. Signed-off-by: Bogdan Dobrelya --- roles/static_inventory/defaults/main.yml | 2 ++ 1 file changed, 2 insertions(+) (limited to 'roles/static_inventory/defaults/main.yml') diff --git a/roles/static_inventory/defaults/main.yml b/roles/static_inventory/defaults/main.yml index 63de45646..5b8aacf5c 100644 --- a/roles/static_inventory/defaults/main.yml +++ b/roles/static_inventory/defaults/main.yml @@ -19,3 +19,5 @@ private_ssh_key: ~/.ssh/openshift # The patch to store the generated config to access bastion/hosts ssh_config_path: /tmp/ssh.config.ansible + +openstack_private_network: private -- cgit v1.2.3 From 6ebad037254b0c254638f6e6dfbd48e451a1ceeb Mon Sep 17 00:00:00 2001 From: Bogdan Dobrelya Date: Wed, 16 Aug 2017 09:14:06 +0200 Subject: Access UI via a bastion node (#596) When using a bastion and a single master, use the lb-secgrp to access UI port allowed from the ingress bastion node cidr. For HA (masters>1), UI still should be accessed via the LB node's ingress cidr, omitting the bastion. Signed-off-by: Bogdan Dobrelya --- roles/static_inventory/defaults/main.yml | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'roles/static_inventory/defaults/main.yml') diff --git a/roles/static_inventory/defaults/main.yml b/roles/static_inventory/defaults/main.yml index 5b8aacf5c..871700f8c 100644 --- a/roles/static_inventory/defaults/main.yml +++ b/roles/static_inventory/defaults/main.yml @@ -20,4 +20,10 @@ private_ssh_key: ~/.ssh/openshift # The patch to store the generated config to access bastion/hosts ssh_config_path: /tmp/ssh.config.ansible +# The IP:port to make an SSH tunnel to access UI on the 1st master +# via bastion node (requires sudo on the ansible control node) +ui_ssh_tunnel: False +ui_port: "{{ openshift_master_api_port | default(8443) }}" +target_ip: "{{ hostvars[groups['masters.' + stack_name|quote][0]].private_v4 }}" + openstack_private_network: private -- cgit v1.2.3