diff options
author | Kenny Woodson <kwoodson@redhat.com> | 2017-10-28 20:46:44 -0400 |
---|---|---|
committer | Michael Gugino <mgugino@redhat.com> | 2017-11-03 15:12:09 -0400 |
commit | 983fdade31c57654854cce3c5340e8bf5a7838e7 (patch) | |
tree | 5c94d39c8e802a0b88451bd36efd8947be858588 /roles | |
parent | adb5c51666dfe7c6b93c7bd7c87b339ef2a27f5b (diff) | |
download | openshift-983fdade31c57654854cce3c5340e8bf5a7838e7.tar.gz openshift-983fdade31c57654854cce3c5340e8bf5a7838e7.tar.bz2 openshift-983fdade31c57654854cce3c5340e8bf5a7838e7.tar.xz openshift-983fdade31c57654854cce3c5340e8bf5a7838e7.zip |
Bootstrap enhancements.
Diffstat (limited to 'roles')
23 files changed, 321 insertions, 273 deletions
diff --git a/roles/openshift_aws/defaults/main.yml b/roles/openshift_aws/defaults/main.yml index 9f3c14bad..51f7d31c2 100644 --- a/roles/openshift_aws/defaults/main.yml +++ b/roles/openshift_aws/defaults/main.yml @@ -4,7 +4,6 @@ openshift_aws_create_iam_cert: True openshift_aws_create_security_groups: True openshift_aws_create_launch_config: True openshift_aws_create_scale_group: True -openshift_aws_node_group_type: master openshift_aws_wait_for_ssh: True @@ -16,7 +15,7 @@ openshift_aws_build_ami_group: "{{ openshift_aws_clusterid }}" openshift_aws_iam_cert_name: "{{ openshift_aws_clusterid }}-master-external" openshift_aws_iam_cert_path: '' openshift_aws_iam_cert_key_path: '' -openshift_aws_scale_group_name: "{{ openshift_aws_clusterid }} openshift {{ openshift_aws_node_group_type }}" +openshift_aws_scale_group_basename: "{{ openshift_aws_clusterid }} openshift" openshift_aws_iam_kms_alias: "alias/{{ openshift_aws_clusterid }}_kms" openshift_aws_ami: '' @@ -27,7 +26,7 @@ openshift_aws_ami_name: openshift-gi openshift_aws_base_ami_name: ami_base openshift_aws_launch_config_bootstrap_token: '' -openshift_aws_launch_config_name: "{{ openshift_aws_clusterid }}-{{ openshift_aws_node_group_type }}-{{ ansible_date_time.epoch }}" +openshift_aws_launch_config_basename: "{{ openshift_aws_clusterid }}" openshift_aws_users: [] @@ -47,19 +46,19 @@ openshift_aws_elb_health_check: unhealthy_threshold: 2 healthy_threshold: 2 -openshift_aws_elb_basename: "{{ openshift_aws_clusterid }}-{{ openshift_aws_node_group_type }}" +openshift_aws_elb_basename: "{{ openshift_aws_clusterid }}" openshift_aws_elb_name_dict: master: - external: "{{ openshift_aws_elb_basename }}-external" - internal: "{{ openshift_aws_elb_basename }}-internal" + external: "{{ openshift_aws_elb_basename }}-master-external" + internal: "{{ openshift_aws_elb_basename }}-master-internal" infra: - external: "{{ openshift_aws_elb_basename }}" + external: "{{ openshift_aws_elb_basename }}-infra" openshift_aws_elb_idle_timout: 400 openshift_aws_elb_scheme: internet-facing openshift_aws_elb_cert_arn: '' -openshift_aws_elb_listeners: +openshift_aws_elb_dict: master: external: - protocol: tcp @@ -112,11 +111,15 @@ openshift_aws_node_group_replace_instances: [] openshift_aws_node_group_replace_all_instances: False openshift_aws_node_group_config_extra_labels: {} -openshift_aws_node_group_config: - tags: "{{ openshift_aws_node_group_config_tags }}" +openshift_aws_ami_map: + master: "{{ openshift_aws_ami }}" + infra: "{{ openshift_aws_ami }}" + compute: "{{ openshift_aws_ami }}" + +openshift_aws_master_group_config: + # The 'master' key is always required here. master: instance_type: m4.xlarge - ami: "{{ openshift_aws_ami }}" volumes: "{{ openshift_aws_node_group_config_master_volumes }}" health_check: period: 60 @@ -132,10 +135,12 @@ openshift_aws_node_group_config: wait_for_instances: True termination_policy: "{{ openshift_aws_node_group_termination_policy }}" replace_all_instances: "{{ openshift_aws_node_group_replace_all_instances }}" - elbs: "{{ openshift_aws_elb_name_dict[openshift_aws_node_group_type].keys()| map('extract', openshift_aws_elb_name_dict[openshift_aws_node_group_type]) | list }}" + elbs: "{{ openshift_aws_elb_name_dict['master'].keys()| map('extract', openshift_aws_elb_name_dict['master']) | list }}" + +openshift_aws_node_group_config: + # The 'compute' key is always required here. compute: instance_type: m4.xlarge - ami: "{{ openshift_aws_ami }}" volumes: "{{ openshift_aws_node_group_config_node_volumes }}" health_check: period: 60 @@ -150,9 +155,9 @@ openshift_aws_node_group_config: type: compute termination_policy: "{{ openshift_aws_node_group_termination_policy }}" replace_all_instances: "{{ openshift_aws_node_group_replace_all_instances }}" + # The 'infra' key is always required here. infra: instance_type: m4.xlarge - ami: "{{ openshift_aws_ami }}" volumes: "{{ openshift_aws_node_group_config_node_volumes }}" health_check: period: 60 @@ -167,22 +172,31 @@ openshift_aws_node_group_config: type: infra termination_policy: "{{ openshift_aws_node_group_termination_policy }}" replace_all_instances: "{{ openshift_aws_node_group_replace_all_instances }}" - elbs: "{{ openshift_aws_elb_name_dict[openshift_aws_node_group_type].keys()| map('extract', openshift_aws_elb_name_dict[openshift_aws_node_group_type]) | list }}" + elbs: "{{ openshift_aws_elb_name_dict['infra'].keys()| map('extract', openshift_aws_elb_name_dict['infra']) | list }}" -openshift_aws_elb_tags: "{{ openshift_aws_clusterid | build_instance_tags }}" +openshift_aws_elb_tags: "{{ openshift_aws_kube_tags }}" openshift_aws_elb_az_load_balancing: False -openshift_aws_elb_security_groups: -- "{{ openshift_aws_clusterid }}" # default sg -- "{{ openshift_aws_clusterid }}_{{ openshift_aws_node_group_type }}" # node type sg -- "{{ openshift_aws_clusterid }}_{{ openshift_aws_node_group_type }}_k8s" # node type sg k8s +openshift_aws_kube_tags: "{{ openshift_aws_clusterid | build_instance_tags }}" + +openshift_aws_elb_security_groups: "{{ openshift_aws_launch_config_security_groups }}" + +openshift_aws_launch_config_security_groups: + compute: + - "{{ openshift_aws_clusterid }}" # default sg + - "{{ openshift_aws_clusterid }}_compute" # node type sg + - "{{ openshift_aws_clusterid }}_compute_k8s" # node type sg k8s + infra: + - "{{ openshift_aws_clusterid }}" # default sg + - "{{ openshift_aws_clusterid }}_infra" # node type sg + - "{{ openshift_aws_clusterid }}_infra_k8s" # node type sg k8s + master: + - "{{ openshift_aws_clusterid }}" # default sg + - "{{ openshift_aws_clusterid }}_master" # node type sg + - "{{ openshift_aws_clusterid }}_master_k8s" # node type sg k8s -openshift_aws_elb_instance_filter: - "tag:clusterid": "{{ openshift_aws_clusterid }}" - "tag:host-type": "{{ openshift_aws_node_group_type }}" - instance-state-name: running +openshift_aws_security_groups_tags: "{{ openshift_aws_kube_tags }}" -openshift_aws_security_groups_tags: "{{ openshift_aws_clusterid | build_instance_tags }}" openshift_aws_node_security_groups: default: name: "{{ openshift_aws_clusterid }}" @@ -251,3 +265,18 @@ openshift_aws_vpc: openshift_aws_node_run_bootstrap_startup: True openshift_aws_node_user_data: '' openshift_aws_node_config_namespace: openshift-node + +# If creating extra node groups, you'll need to define all of the following + +# The format is the same as openshift_aws_node_group_config, but the top-level +# key names should be different (ie, not == master or infra). +# openshift_aws_node_group_config_extra: {} + +# This variable should look like openshift_aws_launch_config_security_groups +# and contain a one-to-one mapping of top level keys that are defined in +# openshift_aws_node_group_config_extra. +# openshift_aws_launch_config_security_groups_extra: {} + +# openshift_aws_node_security_groups_extra: {} + +# openshift_aws_ami_map_extra: {} diff --git a/roles/openshift_aws/tasks/build_node_group.yml b/roles/openshift_aws/tasks/build_node_group.yml index 0aac40ddd..852adc7b5 100644 --- a/roles/openshift_aws/tasks/build_node_group.yml +++ b/roles/openshift_aws/tasks/build_node_group.yml @@ -1,4 +1,6 @@ --- +# This task file expects l_nodes_to_build to be passed in. + # When openshift_aws_use_custom_ami is '' then # we retrieve the latest build AMI. # Then set openshift_aws_ami to the ami. @@ -21,10 +23,12 @@ - "'results' in amiout" - amiout.results|length > 0 +# Need to set epoch time in one place to use for launch_config and scale_group +- set_fact: + l_epoch_time: "{{ ansible_date_time.epoch }}" + - when: openshift_aws_create_launch_config - name: "Create {{ openshift_aws_node_group_type }} launch config" include: launch_config.yml - when: openshift_aws_create_scale_group - name: "Create {{ openshift_aws_node_group_type }} node group" include: scale_group.yml diff --git a/roles/openshift_aws/tasks/elb.yml b/roles/openshift_aws/tasks/elb.yml index 56abe9dd7..a543222d5 100644 --- a/roles/openshift_aws/tasks/elb.yml +++ b/roles/openshift_aws/tasks/elb.yml @@ -1,45 +1,24 @@ --- -- name: query vpc - ec2_vpc_net_facts: - region: "{{ openshift_aws_region }}" - filters: - 'tag:Name': "{{ openshift_aws_vpc_name }}" - register: vpcout - -- name: debug - debug: var=vpcout - -- name: fetch the default subnet id - ec2_vpc_subnet_facts: - region: "{{ openshift_aws_region }}" - filters: - "tag:Name": "{{ openshift_aws_subnet_name }}" - vpc-id: "{{ vpcout.vpcs[0].id }}" - register: subnetout - -- name: dump the elb listeners +- name: "dump the elb listeners for {{ l_elb_dict_item.key }}" debug: - msg: "{{ openshift_aws_elb_listeners[openshift_aws_node_group_type][openshift_aws_elb_direction] - if 'master' in openshift_aws_node_group_type or 'infra' in openshift_aws_node_group_type - else openshift_aws_elb_listeners }}" + msg: "{{ l_elb_dict_item.value }}" -- name: "Create ELB {{ l_openshift_aws_elb_name }}" +- name: "Create ELB {{ l_elb_dict_item.key }}" ec2_elb_lb: - name: "{{ l_openshift_aws_elb_name }}" + name: "{{ l_openshift_aws_elb_name_dict[l_elb_dict_item.key][item.key] }}" state: present cross_az_load_balancing: "{{ openshift_aws_elb_az_load_balancing }}" - security_group_names: "{{ openshift_aws_elb_security_groups }}" + security_group_names: "{{ l_elb_security_groups[l_elb_dict_item.key] }}" idle_timeout: "{{ openshift_aws_elb_idle_timout }}" region: "{{ openshift_aws_region }}" subnets: - "{{ subnetout.subnets[0].id }}" health_check: "{{ openshift_aws_elb_health_check }}" - listeners: "{{ openshift_aws_elb_listeners[openshift_aws_node_group_type][openshift_aws_elb_direction] - if 'master' in openshift_aws_node_group_type or 'infra' in openshift_aws_node_group_type - else openshift_aws_elb_listeners }}" + listeners: "{{ item.value }}" scheme: "{{ openshift_aws_elb_scheme }}" tags: "{{ openshift_aws_elb_tags }}" register: new_elb + with_dict: "{{ l_elb_dict_item.value }}" - debug: msg: "{{ item }}" diff --git a/roles/openshift_aws/tasks/launch_config.yml b/roles/openshift_aws/tasks/launch_config.yml index 94aca5a35..0dbeba5a0 100644 --- a/roles/openshift_aws/tasks/launch_config.yml +++ b/roles/openshift_aws/tasks/launch_config.yml @@ -9,31 +9,7 @@ when: - openshift_deployment_type is undefined -- name: query vpc - ec2_vpc_net_facts: - region: "{{ openshift_aws_region }}" - filters: - 'tag:Name': "{{ openshift_aws_vpc_name }}" - register: vpcout - -- name: fetch the security groups for launch config - ec2_group_facts: - filters: - group-name: "{{ openshift_aws_elb_security_groups }}" - vpc-id: "{{ vpcout.vpcs[0].id }}" - region: "{{ openshift_aws_region }}" - register: ec2sgs - -# Create the scale group config -- name: Create the node scale group launch config - ec2_lc: - name: "{{ openshift_aws_launch_config_name }}" - region: "{{ openshift_aws_region }}" - image_id: "{{ openshift_aws_ami }}" - instance_type: "{{ openshift_aws_node_group_config[openshift_aws_node_group_type].instance_type }}" - security_groups: "{{ openshift_aws_launch_config_security_group_id | default(ec2sgs.security_groups | map(attribute='group_id')| list) }}" - user_data: "{{ lookup('template', 'user_data.j2') }}" - key_name: "{{ openshift_aws_ssh_key_name }}" - ebs_optimized: False - volumes: "{{ openshift_aws_node_group_config[openshift_aws_node_group_type].volumes }}" - assign_public_ip: True +- include: launch_config_create.yml + with_dict: "{{ l_nodes_to_build }}" + loop_control: + loop_var: launch_config_item diff --git a/roles/openshift_aws/tasks/launch_config_create.yml b/roles/openshift_aws/tasks/launch_config_create.yml new file mode 100644 index 000000000..8265c2179 --- /dev/null +++ b/roles/openshift_aws/tasks/launch_config_create.yml @@ -0,0 +1,22 @@ +--- +- name: fetch the security groups for launch config + ec2_group_facts: + filters: + group-name: "{{ l_launch_config_security_groups[launch_config_item.key] }}" + vpc-id: "{{ vpcout.vpcs[0].id }}" + region: "{{ openshift_aws_region }}" + register: ec2sgs + +# Create the scale group config +- name: Create the node scale group launch config + ec2_lc: + name: "{{ openshift_aws_launch_config_basename }}-{{ launch_config_item.key }}-{{ l_epoch_time }}" + region: "{{ openshift_aws_region }}" + image_id: "{{ l_aws_ami_map[launch_config_item.key] | default(openshift_aws_ami) }}" + instance_type: "{{ launch_config_item.value.instance_type }}" + security_groups: "{{ openshift_aws_launch_config_security_group_id | default(ec2sgs.security_groups | map(attribute='group_id')| list) }}" + user_data: "{{ lookup('template', 'user_data.j2') }}" + key_name: "{{ openshift_aws_ssh_key_name }}" + ebs_optimized: False + volumes: "{{ launch_config_item.value.volumes }}" + assign_public_ip: True diff --git a/roles/openshift_aws/tasks/master_facts.yml b/roles/openshift_aws/tasks/master_facts.yml index 1c99229ff..530b0134d 100644 --- a/roles/openshift_aws/tasks/master_facts.yml +++ b/roles/openshift_aws/tasks/master_facts.yml @@ -3,7 +3,7 @@ ec2_elb_facts: region: "{{ openshift_aws_region }}" names: - - "{{ openshift_aws_elb_name_dict[openshift_aws_node_group_type]['internal'] }}" + - "{{ openshift_aws_elb_name_dict['master']['internal'] }}" delegate_to: localhost register: elbs diff --git a/roles/openshift_aws/tasks/provision.yml b/roles/openshift_aws/tasks/provision.yml index e99017b9f..91538ed5c 100644 --- a/roles/openshift_aws/tasks/provision.yml +++ b/roles/openshift_aws/tasks/provision.yml @@ -7,47 +7,30 @@ name: create s3 bucket for registry include: s3.yml -- when: openshift_aws_create_security_groups - block: - - name: "Create {{ openshift_aws_node_group_type }} security groups" - include: security_group.yml +- include: vpc_and_subnet_id.yml - - name: "Create {{ openshift_aws_node_group_type }} security groups" - include: security_group.yml - vars: - openshift_aws_node_group_type: infra - -- name: create our master internal load balancer - include: elb.yml - vars: - openshift_aws_elb_direction: internal - openshift_aws_elb_scheme: internal - l_openshift_aws_elb_name: "{{ openshift_aws_elb_name_dict[openshift_aws_node_group_type]['internal'] }}" - -- name: create our master external load balancer +- name: create elbs include: elb.yml + with_dict: "{{ openshift_aws_elb_dict }}" vars: - openshift_aws_elb_direction: external - openshift_aws_elb_scheme: internet-facing - l_openshift_aws_elb_name: "{{ openshift_aws_elb_name_dict[openshift_aws_node_group_type]['external'] }}" - -- name: create our infra node external load balancer - include: elb.yml - vars: - l_openshift_aws_elb_name: "{{ openshift_aws_elb_name_dict['infra']['external'] }}" - openshift_aws_elb_direction: external - openshift_aws_elb_scheme: internet-facing - openshift_aws_node_group_type: infra + l_elb_security_groups: "{{ openshift_aws_elb_security_groups }}" + l_openshift_aws_elb_name_dict: "{{ openshift_aws_elb_name_dict }}" + loop_control: + loop_var: l_elb_dict_item - name: include scale group creation for master include: build_node_group.yml + vars: + l_nodes_to_build: "{{ openshift_aws_master_group_config }}" + l_launch_config_security_groups: "{{ openshift_aws_launch_config_security_groups }}" + l_aws_ami_map: "{{ openshift_aws_ami_map }}" - name: fetch newly created instances ec2_remote_facts: region: "{{ openshift_aws_region }}" filters: "tag:clusterid": "{{ openshift_aws_clusterid }}" - "tag:host-type": "{{ openshift_aws_node_group_type }}" + "tag:host-type": "master" instance-state-name: running register: instancesout retries: 20 diff --git a/roles/openshift_aws/tasks/provision_instance.yml b/roles/openshift_aws/tasks/provision_instance.yml index 25ae6ce1c..3349acb7a 100644 --- a/roles/openshift_aws/tasks/provision_instance.yml +++ b/roles/openshift_aws/tasks/provision_instance.yml @@ -3,20 +3,7 @@ set_fact: openshift_node_bootstrap: True -- name: query vpc - ec2_vpc_net_facts: - region: "{{ openshift_aws_region }}" - filters: - 'tag:Name': "{{ openshift_aws_vpc_name }}" - register: vpcout - -- name: fetch the default subnet id - ec2_vpc_subnet_facts: - region: "{{ openshift_aws_region }}" - filters: - "tag:Name": "{{ openshift_aws_subnet_name }}" - vpc-id: "{{ vpcout.vpcs[0].id }}" - register: subnetout +- include: vpc_and_subnet_id.yml - name: create instance for ami creation ec2: diff --git a/roles/openshift_aws/tasks/provision_nodes.yml b/roles/openshift_aws/tasks/provision_nodes.yml index fc4996c68..1b40f24d3 100644 --- a/roles/openshift_aws/tasks/provision_nodes.yml +++ b/roles/openshift_aws/tasks/provision_nodes.yml @@ -25,19 +25,23 @@ set_fact: openshift_aws_launch_config_bootstrap_token: "{{ bootstrap['content'] | b64decode }}" -- name: include build node group for infra +- include: vpc_and_subnet_id.yml + +- name: include build compute and infra node groups include: build_node_group.yml vars: - openshift_aws_node_group_type: infra - openshift_aws_scale_group_name: "{{ openshift_aws_clusterid }} openshift infra" - openshift_aws_launch_config_name: "{{ openshift_aws_clusterid }}-infra-{{ ansible_date_time.epoch }}" + l_nodes_to_build: "{{ openshift_aws_node_group_config }}" + l_launch_config_security_groups: "{{ openshift_aws_launch_config_security_groups }}" + l_aws_ami_map: "{{ openshift_aws_ami_map }}" -- name: include build node group for compute +- name: include build node group for extra nodes include: build_node_group.yml + when: openshift_aws_node_group_config_extra is defined vars: - openshift_aws_node_group_type: compute - openshift_aws_scale_group_name: "{{ openshift_aws_clusterid }} openshift compute" - openshift_aws_launch_config_name: "{{ openshift_aws_clusterid }}-compute-{{ ansible_date_time.epoch }}" + l_nodes_to_build: "{{ openshift_aws_node_group_config_extra | default({}) }}" + l_launch_config_security_groups: "{{ openshift_aws_launch_config_security_groups_extra }}" + l_aws_ami_map: "{{ openshift_aws_ami_map_extra }}" + - when: openshift_aws_wait_for_ssh | bool block: diff --git a/roles/openshift_aws/tasks/scale_group.yml b/roles/openshift_aws/tasks/scale_group.yml index eb31636e7..097859af2 100644 --- a/roles/openshift_aws/tasks/scale_group.yml +++ b/roles/openshift_aws/tasks/scale_group.yml @@ -1,11 +1,4 @@ --- -- name: query vpc - ec2_vpc_net_facts: - region: "{{ openshift_aws_region }}" - filters: - 'tag:Name': "{{ openshift_aws_vpc_name }}" - register: vpcout - - name: fetch the subnet to use in scale group ec2_vpc_subnet_facts: region: "{{ openshift_aws_region }}" @@ -16,19 +9,20 @@ - name: Create the scale group ec2_asg: - name: "{{ openshift_aws_scale_group_name }}" - launch_config_name: "{{ openshift_aws_launch_config_name }}" - health_check_period: "{{ openshift_aws_node_group_config[openshift_aws_node_group_type].health_check.period }}" - health_check_type: "{{ openshift_aws_node_group_config[openshift_aws_node_group_type].health_check.type }}" - min_size: "{{ openshift_aws_node_group_config[openshift_aws_node_group_type].min_size }}" - max_size: "{{ openshift_aws_node_group_config[openshift_aws_node_group_type].max_size }}" - desired_capacity: "{{ openshift_aws_node_group_config[openshift_aws_node_group_type].desired_size }}" + name: "{{ openshift_aws_scale_group_basename }} {{ item.key }}" + launch_config_name: "{{ openshift_aws_launch_config_basename }}-{{ item.key }}-{{ l_epoch_time }}" + health_check_period: "{{ item.value.health_check.period }}" + health_check_type: "{{ item.value.health_check.type }}" + min_size: "{{ item.value.min_size }}" + max_size: "{{ item.value.max_size }}" + desired_capacity: "{{ item.value.desired_size }}" region: "{{ openshift_aws_region }}" - termination_policies: "{{ openshift_aws_node_group_config[openshift_aws_node_group_type].termination_policy if 'termination_policy' in openshift_aws_node_group_config[openshift_aws_node_group_type] else omit }}" - load_balancers: "{{ openshift_aws_node_group_config[openshift_aws_node_group_type].elbs if 'elbs' in openshift_aws_node_group_config[openshift_aws_node_group_type] else omit }}" - wait_for_instances: "{{ openshift_aws_node_group_config[openshift_aws_node_group_type].wait_for_instances | default(False)}}" + termination_policies: "{{ item.value.termination_policy if 'termination_policy' in item.value else omit }}" + load_balancers: "{{ item.value.elbs if 'elbs' in item.value else omit }}" + wait_for_instances: "{{ item.value.wait_for_instances | default(False)}}" vpc_zone_identifier: "{{ subnetout.subnets[0].id }}" replace_instances: "{{ openshift_aws_node_group_replace_instances if openshift_aws_node_group_replace_instances != [] else omit }}" - replace_all_instances: "{{ omit if openshift_aws_node_group_replace_instances != [] else (openshift_aws_node_group_config[openshift_aws_node_group_type].replace_all_instances | default(omit)) }}" + replace_all_instances: "{{ omit if openshift_aws_node_group_replace_instances != [] else (item.value.replace_all_instances | default(omit)) }}" tags: - - "{{ openshift_aws_node_group_config.tags | combine(openshift_aws_node_group_config[openshift_aws_node_group_type].tags) }}" + - "{{ openshift_aws_node_group_config_tags | combine(item.value.tags) }}" + with_dict: "{{ l_nodes_to_build }}" diff --git a/roles/openshift_aws/tasks/security_group.yml b/roles/openshift_aws/tasks/security_group.yml index e1fb99b02..5cc7ae537 100644 --- a/roles/openshift_aws/tasks/security_group.yml +++ b/roles/openshift_aws/tasks/security_group.yml @@ -6,39 +6,11 @@ "tag:Name": "{{ openshift_aws_clusterid }}" register: vpcout -- name: Create default security group for cluster - ec2_group: - name: "{{ openshift_aws_node_security_groups.default.name }}" - description: "{{ openshift_aws_node_security_groups.default.desc }}" - region: "{{ openshift_aws_region }}" - vpc_id: "{{ vpcout.vpcs[0].id }}" - rules: "{{ openshift_aws_node_security_groups.default.rules | default(omit, True)}}" - register: sg_default_created - -- name: create the node group sgs - ec2_group: - name: "{{ item.name}}" - description: "{{ item.desc }}" - rules: "{{ item.rules if 'rules' in item else [] }}" - region: "{{ openshift_aws_region }}" - vpc_id: "{{ vpcout.vpcs[0].id }}" - register: sg_create - with_items: - - "{{ openshift_aws_node_security_groups[openshift_aws_node_group_type]}}" +- include: security_group_create.yml + vars: + l_security_groups: "{{ openshift_aws_node_security_groups }}" -- name: create the k8s sgs for the node group - ec2_group: - name: "{{ item.name }}_k8s" - description: "{{ item.desc }} for k8s" - region: "{{ openshift_aws_region }}" - vpc_id: "{{ vpcout.vpcs[0].id }}" - register: k8s_sg_create - with_items: - - "{{ openshift_aws_node_security_groups[openshift_aws_node_group_type]}}" - -- name: tag sg groups with proper tags - ec2_tag: - tags: "{{ openshift_aws_security_groups_tags }}" - resource: "{{ item.group_id }}" - region: "{{ openshift_aws_region }}" - with_items: "{{ k8s_sg_create.results }}" +- include: security_group_create.yml + when: openshift_aws_node_security_groups_extra is defined + vars: + l_security_groups: "{{ openshift_aws_node_security_groups_extra | default({}) }}" diff --git a/roles/openshift_aws/tasks/security_group_create.yml b/roles/openshift_aws/tasks/security_group_create.yml new file mode 100644 index 000000000..ef6060555 --- /dev/null +++ b/roles/openshift_aws/tasks/security_group_create.yml @@ -0,0 +1,25 @@ +--- +- name: create the node group sgs + ec2_group: + name: "{{ item.value.name}}" + description: "{{ item.value.desc }}" + rules: "{{ item.value.rules if 'rules' in item.value else [] }}" + region: "{{ openshift_aws_region }}" + vpc_id: "{{ vpcout.vpcs[0].id }}" + with_dict: "{{ l_security_groups }}" + +- name: create the k8s sgs for the node group + ec2_group: + name: "{{ item.value.name }}_k8s" + description: "{{ item.value.desc }} for k8s" + region: "{{ openshift_aws_region }}" + vpc_id: "{{ vpcout.vpcs[0].id }}" + with_dict: "{{ l_security_groups }}" + register: k8s_sg_create + +- name: tag sg groups with proper tags + ec2_tag: + tags: "{{ openshift_aws_security_groups_tags }}" + resource: "{{ item.group_id }}" + region: "{{ openshift_aws_region }}" + with_items: "{{ k8s_sg_create.results }}" diff --git a/roles/openshift_aws/tasks/vpc_and_subnet_id.yml b/roles/openshift_aws/tasks/vpc_and_subnet_id.yml new file mode 100644 index 000000000..aaf9b300f --- /dev/null +++ b/roles/openshift_aws/tasks/vpc_and_subnet_id.yml @@ -0,0 +1,18 @@ +--- +- name: query vpc + ec2_vpc_net_facts: + region: "{{ openshift_aws_region }}" + filters: + 'tag:Name': "{{ openshift_aws_vpc_name }}" + register: vpcout + +- name: debug + debug: var=vpcout + +- name: fetch the default subnet id + ec2_vpc_subnet_facts: + region: "{{ openshift_aws_region }}" + filters: + "tag:Name": "{{ openshift_aws_subnet_name }}" + vpc-id: "{{ vpcout.vpcs[0].id }}" + register: subnetout diff --git a/roles/openshift_aws/templates/user_data.j2 b/roles/openshift_aws/templates/user_data.j2 index 76aebdcea..a8c7f9a95 100644 --- a/roles/openshift_aws/templates/user_data.j2 +++ b/roles/openshift_aws/templates/user_data.j2 @@ -7,8 +7,8 @@ write_files: owner: 'root:root' permissions: '0640' content: | - openshift_group_type: {{ openshift_aws_node_group_type }} -{% if openshift_aws_node_group_type != 'master' %} + openshift_group_type: {{ launch_config_item.key }} +{% if launch_config_item.key != 'master' %} - path: /etc/origin/node/bootstrap.kubeconfig owner: 'root:root' permissions: '0640' @@ -19,7 +19,7 @@ runcmd: {% if openshift_aws_node_run_bootstrap_startup %} - [ ansible-playbook, /root/openshift_bootstrap/bootstrap.yml] {% endif %} -{% if openshift_aws_node_group_type != 'master' %} +{% if launch_config_item.key != 'master' %} - [ systemctl, enable, {% if openshift_deployment_type == 'openshift-enterprise' %}atomic-openshift{% else %}origin{% endif %}-node] - [ systemctl, start, {% if openshift_deployment_type == 'openshift-enterprise' %}atomic-openshift{% else %}origin{% endif %}-node] {% endif %} diff --git a/roles/openshift_master/defaults/main.yml b/roles/openshift_master/defaults/main.yml index fe78dea66..4acac7923 100644 --- a/roles/openshift_master/defaults/main.yml +++ b/roles/openshift_master/defaults/main.yml @@ -26,7 +26,6 @@ default_r_openshift_master_os_firewall_allow: cond: "{{ groups.oo_etcd_to_config | default([]) | length == 0 }}" r_openshift_master_os_firewall_allow: "{{ default_r_openshift_master_os_firewall_allow | union(openshift_master_open_ports | default([])) }}" - # oreg_url is defined by user input oreg_host: "{{ oreg_url.split('/')[0] if (oreg_url is defined and '.' in oreg_url.split('/')[0]) else '' }}" oreg_auth_credentials_path: "{{ r_openshift_master_data_dir }}/.docker" @@ -60,7 +59,7 @@ r_openshift_master_sdn_network_plugin_name: "{{ r_openshift_master_sdn_network_p openshift_master_image_config_latest_default: "{{ openshift_image_config_latest | default(False) }}" openshift_master_image_config_latest: "{{ openshift_master_image_config_latest_default }}" -openshift_master_config_dir_default: "{{ (openshift.common.config_base | default('/etc/origin/master')) ~ '/master' }}" +openshift_master_config_dir_default: "{{ openshift.common.config_base ~ '/master' if openshift is defined and 'common' in openshift else '/etc/origin/master' }}" openshift_master_config_dir: "{{ openshift_master_config_dir_default }}" openshift_master_cloud_provider: "{{ openshift_cloudprovider_kind | default('aws') }}" @@ -71,8 +70,6 @@ openshift_master_node_config_kubeletargs_mem: 512M openshift_master_bootstrap_enabled: False -openshift_master_client_binary: "{{ openshift.common.client_binary if openshift is defined else 'oc' }}" - openshift_master_config_imageconfig_format: "{{ openshift.node.registry_url }}" # these are for the default settings in a generated node-config.yaml @@ -144,3 +141,5 @@ openshift_master_node_configs: - "{{ openshift_master_node_config_compute }}" openshift_master_bootstrap_namespace: openshift-node +openshift_master_csr_sa: node-bootstrapper +openshift_master_csr_namespace: openshift-infra diff --git a/roles/openshift_master/tasks/bootstrap.yml b/roles/openshift_master/tasks/bootstrap.yml index f837a8bae..ce55e7d0c 100644 --- a/roles/openshift_master/tasks/bootstrap.yml +++ b/roles/openshift_master/tasks/bootstrap.yml @@ -2,7 +2,8 @@ # TODO: create a module for this command. # oc_serviceaccounts_kubeconfig - name: create service account kubeconfig with csr rights - command: "oc serviceaccounts create-kubeconfig node-bootstrapper -n openshift-infra" + command: > + oc serviceaccounts create-kubeconfig {{ openshift_master_csr_sa }} -n {{ openshift_master_csr_namespace }} register: kubeconfig_out until: kubeconfig_out.rc == 0 retries: 24 @@ -12,67 +13,3 @@ copy: content: "{{ kubeconfig_out.stdout }}" dest: "{{ openshift_master_config_dir }}/bootstrap.kubeconfig" - -- name: create a temp dir for this work - command: mktemp -d /tmp/openshift_node_config-XXXXXX - register: mktempout - run_once: true - -# This generate is so that we do not have to maintain -# our own copy of the template. This is generated by -# the product and the following settings will be -# generated by the master -- name: generate a node-config dynamically - command: > - {{ openshift_master_client_binary }} adm create-node-config - --node-dir={{ mktempout.stdout }}/ - --node=CONFIGMAP - --hostnames=test - --dns-ip=0.0.0.0 - --certificate-authority={{ openshift_master_config_dir }}/ca.crt - --signer-cert={{ openshift_master_config_dir }}/ca.crt - --signer-key={{ openshift_master_config_dir }}/ca.key - --signer-serial={{ openshift_master_config_dir }}/ca.serial.txt - --node-client-certificate-authority={{ openshift_master_config_dir }}/ca.crt - register: configgen - run_once: true - -- name: remove the default settings - yedit: - state: "{{ item.state | default('present') }}" - src: "{{ mktempout.stdout }}/node-config.yaml" - key: "{{ item.key }}" - value: "{{ item.value | default(omit) }}" - with_items: "{{ openshift_master_node_config_default_edits }}" - run_once: true - -- name: copy the generated config into each group - copy: - src: "{{ mktempout.stdout }}/node-config.yaml" - remote_src: true - dest: "{{ mktempout.stdout }}/node-config-{{ item.type }}.yaml" - with_items: "{{ openshift_master_node_configs }}" - run_once: true - -- name: "specialize the generated configs for node-config-{{ item.type }}" - yedit: - src: "{{ mktempout.stdout }}/node-config-{{ item.type }}.yaml" - edits: "{{ item.edits }}" - with_items: "{{ openshift_master_node_configs }}" - run_once: true - -- name: create node-config.yaml configmap - oc_configmap: - name: "node-config-{{ item.type }}" - namespace: "{{ openshift_master_bootstrap_namespace }}" - from_file: - node-config.yaml: "{{ mktempout.stdout }}/node-config-{{ item.type }}.yaml" - with_items: "{{ openshift_master_node_configs }}" - run_once: true - -- name: remove templated files - file: - dest: "{{ mktempout.stdout }}/" - state: absent - with_items: "{{ openshift_master_node_configs }}" - run_once: true diff --git a/roles/openshift_master/tasks/bootstrap_settings.yml b/roles/openshift_master/tasks/bootstrap_settings.yml new file mode 100644 index 000000000..cbd7f587b --- /dev/null +++ b/roles/openshift_master/tasks/bootstrap_settings.yml @@ -0,0 +1,14 @@ +--- +- name: modify controller args + yedit: + src: /etc/origin/master/master-config.yaml + edits: + - key: kubernetesMasterConfig.controllerArguments.cluster-signing-cert-file + value: + - /etc/origin/master/ca.crt + - key: kubernetesMasterConfig.controllerArguments.cluster-signing-key-file + value: + - /etc/origin/master/ca.key + notify: + - restart master controllers + when: openshift_master_bootstrap_enabled | default(False) diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 48b34c578..c7c02d49b 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -218,18 +218,7 @@ - restart master api - restart master controllers -- name: modify controller args - yedit: - src: /etc/origin/master/master-config.yaml - edits: - - key: kubernetesMasterConfig.controllerArguments.cluster-signing-cert-file - value: - - /etc/origin/master/ca.crt - - key: kubernetesMasterConfig.controllerArguments.cluster-signing-key-file - value: - - /etc/origin/master/ca.key - notify: - - restart master controllers +- include: bootstrap_settings.yml when: openshift_master_bootstrap_enabled | default(False) - include: set_loopback_context.yml diff --git a/roles/openshift_node_bootstrap_configmap/defaults/main.yml b/roles/openshift_node_bootstrap_configmap/defaults/main.yml new file mode 100644 index 000000000..02c872646 --- /dev/null +++ b/roles/openshift_node_bootstrap_configmap/defaults/main.yml @@ -0,0 +1,15 @@ +--- +openshift_node_bootstrap_configmap_custom_labels: [] +openshift_node_bootstrap_configmap_edits: [] +openshift_node_bootstrap_configmap_name: node-config-compute +openshift_node_bootstrap_configmap_namespace: openshift-node +openshift_node_bootstrap_configmap_default_labels: +- type=compute + +openshift_imageconfig_format: "{{ openshift.node.registry_url if openshift is defined and 'node' in openshift else oreg_url }}" +openshift_node_bootstrap_configmap_cloud_provider: "{{ openshift_cloudprovider_kind | default('aws') }}" +openshift_node_bootstrap_configmap_network_plugin_default: "{{ os_sdn_network_plugin_name | default('redhat/openshift-ovs-subnet') }}" +openshift_node_bootstrap_configmap_network_plugin: "{{ openshift_node_bootstrap_configmap_network_plugin_default }}" +openshift_node_bootstrap_configmap_node_data_dir_default: "{{ openshift_data_dir | default('/var/lib/origin') }}" +openshift_node_bootstrap_configmap_node_data_dir: "{{ openshift_node_bootstrap_configmap_node_data_dir_default }}" +openshift_node_bootstrap_configmap_network_mtu: "{{ openshift_node_sdn_mtu | default(8951) }}" diff --git a/roles/openshift_node_bootstrap_configmap/meta/main.yml b/roles/openshift_node_bootstrap_configmap/meta/main.yml new file mode 100644 index 000000000..14c1dd498 --- /dev/null +++ b/roles/openshift_node_bootstrap_configmap/meta/main.yml @@ -0,0 +1,4 @@ +--- +dependencies: +- role: lib_openshift +- role: lib_utils diff --git a/roles/openshift_node_bootstrap_configmap/tasks/create_config.yml b/roles/openshift_node_bootstrap_configmap/tasks/create_config.yml new file mode 100644 index 000000000..05080daa4 --- /dev/null +++ b/roles/openshift_node_bootstrap_configmap/tasks/create_config.yml @@ -0,0 +1,32 @@ +--- +- name: create a temp dir for this work + command: mktemp -d /tmp/openshift_node_config-XXXXXX + register: mktempout + run_once: true + +- name: create node config template + template: + src: node-config.yaml.j2 + dest: "{{ mktempout.stdout }}/node-config.yaml" + +- name: "specialize the generated configs for {{ openshift_node_bootstrap_configmap_name }}" + yedit: + content: + src: "{{ mktempout.stdout }}/node-config.yaml" + edits: "{{ openshift_node_bootstrap_configmap_edits }}" + when: openshift_node_bootstrap_configmap_edits|length > 0 + run_once: true + +- name: create node-config.yaml configmap + oc_configmap: + name: "{{ openshift_node_bootstrap_configmap_name }}" + namespace: "{{ openshift_node_bootstrap_configmap_namespace }}" + from_file: + node-config.yaml: "{{ mktempout.stdout }}/node-config.yaml" + run_once: true + +- name: remove templated files + file: + dest: "{{ mktempout.stdout }}/" + state: absent + run_once: true diff --git a/roles/openshift_node_bootstrap_configmap/tasks/standard.yml b/roles/openshift_node_bootstrap_configmap/tasks/standard.yml new file mode 100644 index 000000000..637d7c7fc --- /dev/null +++ b/roles/openshift_node_bootstrap_configmap/tasks/standard.yml @@ -0,0 +1,12 @@ +--- +- name: Build an infra node configmap + include: create_config.yml + vars: + openshift_node_bootstrap_configmap_name: node-config-infra + static: true + +- name: Build an infra node configmap + include: create_config.yml + vars: + openshift_node_bootstrap_configmap_name: node-config-compute + static: true diff --git a/roles/openshift_node_bootstrap_configmap/templates/node-config.yaml.j2 b/roles/openshift_node_bootstrap_configmap/templates/node-config.yaml.j2 new file mode 100644 index 000000000..d533b88fa --- /dev/null +++ b/roles/openshift_node_bootstrap_configmap/templates/node-config.yaml.j2 @@ -0,0 +1,53 @@ +allowDisabledDocker: false +apiVersion: v1 +authConfig: + authenticationCacheSize: 1000 + authenticationCacheTTL: 5m + authorizationCacheSize: 1000 + authorizationCacheTTL: 5m +dnsBindAddress: "127.0.0.1:53" +dnsDomain: cluster.local +dnsIP: 0.0.0.0 +dnsNameservers: null +dnsRecursiveResolvConf: /etc/origin/node/resolv.conf +dockerConfig: + dockerShimRootDirectory: /var/lib/dockershim + dockerShimSocket: /var/run/dockershim.sock + execHandlerName: native +enableUnidling: true +imageConfig: + format: "{{ openshift_imageconfig_format }}" + latest: false +iptablesSyncPeriod: 30s +kind: NodeConfig +kubeletArguments: + cloud-config: + - /etc/origin/cloudprovider/{{ openshift_node_bootstrap_configmap_cloud_provider }}.conf + cloud-provider: + - {{ openshift_node_bootstrap_configmap_cloud_provider }} + node-labels: {{ openshift_node_bootstrap_configmap_default_labels | union(openshift_node_bootstrap_configmap_custom_labels) | list | to_json }} +masterClientConnectionOverrides: + acceptContentTypes: application/vnd.kubernetes.protobuf,application/json + burst: 40 + contentType: application/vnd.kubernetes.protobuf + qps: 20 +masterKubeConfig: node.kubeconfig +networkConfig: + mtu: "{{ openshift_node_bootstrap_configmap_network_mtu }}" + networkPluginName: {{ openshift_node_bootstrap_configmap_network_plugin }} +nodeIP: "" +podManifestConfig: null +servingInfo: + bindAddress: 0.0.0.0:10250 + bindNetwork: tcp4 + certFile: server.crt + clientCA: node-client-ca.crt + keyFile: server.key + namedCertificates: null +volumeConfig: + localQuota: + perFSGroup: null +volumeDirectory: {{ openshift_node_bootstrap_configmap_node_data_dir }}/openshift.local.volumes +enable-controller-attach-detach: +- 'true' +networkPluginName: {{ openshift_node_bootstrap_configmap_network_plugin }} |