diff options
-rw-r--r-- | .tito/packages/openshift-ansible | 2 | ||||
-rw-r--r-- | openshift-ansible.spec | 15 | ||||
-rw-r--r-- | playbooks/aws/openshift-cluster/provision.yml | 10 | ||||
-rw-r--r-- | playbooks/aws/openshift-cluster/provision_elb.yml | 9 | ||||
-rw-r--r-- | playbooks/aws/openshift-cluster/provision_s3.yml | 10 | ||||
-rw-r--r-- | playbooks/cluster-operator/aws/infrastructure.yml | 21 | ||||
l--------- | playbooks/cluster-operator/aws/roles | 1 | ||||
-rw-r--r-- | playbooks/openstack/README.md | 2 | ||||
-rw-r--r-- | playbooks/openstack/advanced-configuration.md | 7 | ||||
-rw-r--r-- | roles/kuryr/tasks/node.yaml | 2 | ||||
-rw-r--r-- | roles/kuryr/templates/cni-daemonset.yaml.j2 | 19 | ||||
-rw-r--r-- | roles/kuryr/templates/configmap.yaml.j2 | 357 | ||||
-rw-r--r-- | roles/openshift_aws/defaults/main.yml | 8 | ||||
-rw-r--r-- | roles/openshift_aws/tasks/provision.yml | 17 | ||||
-rw-r--r-- | roles/openshift_aws/tasks/provision_elb.yml | 15 |
15 files changed, 446 insertions, 49 deletions
diff --git a/.tito/packages/openshift-ansible b/.tito/packages/openshift-ansible index a2b323b95..61e7d68a2 100644 --- a/.tito/packages/openshift-ansible +++ b/.tito/packages/openshift-ansible @@ -1 +1 @@ -3.9.0-0.19.0 ./ +3.9.0-0.20.0 ./ diff --git a/openshift-ansible.spec b/openshift-ansible.spec index a301cfe5b..63c36f551 100644 --- a/openshift-ansible.spec +++ b/openshift-ansible.spec @@ -10,7 +10,7 @@ Name: openshift-ansible Version: 3.9.0 -Release: 0.19.0%{?dist} +Release: 0.20.0%{?dist} Summary: Openshift and Atomic Enterprise Ansible License: ASL 2.0 URL: https://github.com/openshift/openshift-ansible @@ -202,6 +202,19 @@ Atomic OpenShift Utilities includes %changelog +* Mon Jan 15 2018 Jenkins CD Merge Bot <smunilla@redhat.com> 3.9.0-0.20.0 +- Adjust openstack provider dependencies versions (bdobreli@redhat.com) +- Fix openstack provider playbook name in docs (bdobreli@redhat.com) +- Install web console on upgrade (spadgett@redhat.com) +- Add var for controller to enable async bindings (jpeeler@redhat.com) +- Add cluster-operator playbook directory. (abutcher@redhat.com) +- Move s3 & elb provisioning into their own playbooks s.t. they are applied + outside of the openshift_aws master provisioning tasks. (abutcher@redhat.com) +- Update to AWS EC2 root vol size so that Health Check tasks pass + (mazzystr@gmail.com) +- Configure Kuryr CNI daemon (mdulko@redhat.com) +- Clean up host-local IPAM data while nodes are drained (danw@redhat.com) + * Fri Jan 12 2018 Jenkins CD Merge Bot <smunilla@redhat.com> 3.9.0-0.19.0 - diff --git a/playbooks/aws/openshift-cluster/provision.yml b/playbooks/aws/openshift-cluster/provision.yml index 7dde60b7d..d538b862d 100644 --- a/playbooks/aws/openshift-cluster/provision.yml +++ b/playbooks/aws/openshift-cluster/provision.yml @@ -1,8 +1,7 @@ --- -- name: Setup the elb and the master node group +- name: Alert user to variables needed hosts: localhost tasks: - - name: Alert user to variables needed - clusterid debug: msg: "openshift_aws_clusterid={{ openshift_aws_clusterid | default('default') }}" @@ -11,6 +10,13 @@ debug: msg: "openshift_aws_region={{ openshift_aws_region | default('us-east-1') }}" +- import_playbook: provision_s3.yml + +- import_playbook: provision_elb.yml + +- name: Create the master node group + hosts: localhost + tasks: - name: provision cluster import_role: name: openshift_aws diff --git a/playbooks/aws/openshift-cluster/provision_elb.yml b/playbooks/aws/openshift-cluster/provision_elb.yml new file mode 100644 index 000000000..9f27dca3b --- /dev/null +++ b/playbooks/aws/openshift-cluster/provision_elb.yml @@ -0,0 +1,9 @@ +--- +- name: Create elb + hosts: localhost + connection: local + tasks: + - name: provision elb + include_role: + name: openshift_aws + tasks_from: provision_elb.yml diff --git a/playbooks/aws/openshift-cluster/provision_s3.yml b/playbooks/aws/openshift-cluster/provision_s3.yml new file mode 100644 index 000000000..45b439083 --- /dev/null +++ b/playbooks/aws/openshift-cluster/provision_s3.yml @@ -0,0 +1,10 @@ +--- +- name: Create s3 bucket + hosts: localhost + connection: local + tasks: + - name: create s3 bucket + include_role: + name: openshift_aws + tasks_from: s3.yml + when: openshift_aws_create_s3 | default(true) | bool diff --git a/playbooks/cluster-operator/aws/infrastructure.yml b/playbooks/cluster-operator/aws/infrastructure.yml new file mode 100644 index 000000000..9669820fb --- /dev/null +++ b/playbooks/cluster-operator/aws/infrastructure.yml @@ -0,0 +1,21 @@ +--- +- name: Alert user to variables needed + hosts: localhost + tasks: + - name: Alert user to variables needed - clusterid + debug: + msg: "openshift_aws_clusterid={{ openshift_aws_clusterid | default('default') }}" + + - name: Alert user to variables needed - region + debug: + msg: "openshift_aws_region={{ openshift_aws_region | default('us-east-1') }}" + +- import_playbook: ../../aws/openshift-cluster/provision_vpc.yml + +- import_playbook: ../../aws/openshift-cluster/provision_ssh_keypair.yml + +- import_playbook: ../../aws/openshift-cluster/provision_sec_group.yml + +- import_playbook: ../../aws/openshift-cluster/provision_s3.yml + +- import_playbook: ../../aws/openshift-cluster/provision_elb.yml diff --git a/playbooks/cluster-operator/aws/roles b/playbooks/cluster-operator/aws/roles new file mode 120000 index 000000000..20c4c58cf --- /dev/null +++ b/playbooks/cluster-operator/aws/roles @@ -0,0 +1 @@ +../../../roles
\ No newline at end of file diff --git a/playbooks/openstack/README.md b/playbooks/openstack/README.md index d361d6278..2e5cacc76 100644 --- a/playbooks/openstack/README.md +++ b/playbooks/openstack/README.md @@ -184,7 +184,7 @@ resources: ```bash $ ansible-playbook --user openshift -i inventory \ - openshift-ansible/playbooks/openstack/openshift-cluster/provision_install.yaml \ + openshift-ansible/playbooks/openstack/openshift-cluster/provision_install.yml \ -e openshift_repos_enable_testing=true ``` diff --git a/playbooks/openstack/advanced-configuration.md b/playbooks/openstack/advanced-configuration.md index afa56d168..e8f4cfc32 100644 --- a/playbooks/openstack/advanced-configuration.md +++ b/playbooks/openstack/advanced-configuration.md @@ -1,9 +1,8 @@ ## Dependencies for localhost (ansible control/admin node) -* [Ansible 2.3](https://pypi.python.org/pypi/ansible) -* [Ansible-galaxy](https://pypi.python.org/pypi/ansible-galaxy-local-deps) -* [jinja2](http://jinja.pocoo.org/docs/2.9/) -* [shade](https://pypi.python.org/pypi/shade) +* [Ansible](https://pypi.python.org/pypi/ansible) version >=2.4.0 +* [jinja2](http://jinja.pocoo.org/docs/2.9/) version >= 2.10 +* [shade](https://pypi.python.org/pypi/shade) version >= 1.26 * python-jmespath / [jmespath](https://pypi.python.org/pypi/jmespath) * python-dns / [dnspython](https://pypi.python.org/pypi/dnspython) * Become (sudo) is not required. diff --git a/roles/kuryr/tasks/node.yaml b/roles/kuryr/tasks/node.yaml index 08f2d5adc..41d0ead20 100644 --- a/roles/kuryr/tasks/node.yaml +++ b/roles/kuryr/tasks/node.yaml @@ -40,7 +40,7 @@ regexp: '^OPTIONS="?(.*?)"?$' backrefs: yes backup: yes - line: 'OPTIONS="\1 --disable dns,proxy,plugins"' + line: 'OPTIONS="\1 --disable proxy"' - name: force node restart to disable the proxy service: diff --git a/roles/kuryr/templates/cni-daemonset.yaml.j2 b/roles/kuryr/templates/cni-daemonset.yaml.j2 index 39348ae90..09f4c7dfe 100644 --- a/roles/kuryr/templates/cni-daemonset.yaml.j2 +++ b/roles/kuryr/templates/cni-daemonset.yaml.j2 @@ -26,6 +26,13 @@ spec: image: kuryr/cni:latest imagePullPolicy: IfNotPresent command: [ "cni_ds_init" ] + env: + - name: CNI_DAEMON + value: "True" + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName securityContext: privileged: true volumeMounts: @@ -38,6 +45,10 @@ spec: subPath: kuryr-cni.conf - name: etc mountPath: /etc + - name: proc + mountPath: /host_proc + - name: openvswitch + mountPath: /var/run/openvswitch volumes: - name: bin hostPath: @@ -50,4 +61,10 @@ spec: name: kuryr-config - name: etc hostPath: - path: /etc
\ No newline at end of file + path: /etc + - name: proc + hostPath: + path: /proc + - name: openvswitch + hostPath: + path: /var/run/openvswitch diff --git a/roles/kuryr/templates/configmap.yaml.j2 b/roles/kuryr/templates/configmap.yaml.j2 index 96c215f00..4bf1dbddf 100644 --- a/roles/kuryr/templates/configmap.yaml.j2 +++ b/roles/kuryr/templates/configmap.yaml.j2 @@ -16,17 +16,17 @@ data: # Directory for Kuryr vif binding executables. (string value) #bindir = /usr/libexec/kuryr + # Neutron subnetpool name will be prefixed by this. (string value) + #subnetpool_name_prefix = kuryrPool + + # baremetal or nested-containers are the supported values. (string value) + #deployment_type = baremetal + # If set to true, the logging level will be set to DEBUG instead of the default # INFO level. (boolean value) # Note: This option can be changed without restarting. #debug = false - # DEPRECATED: If set to false, the logging level will be set to WARNING instead - # of the default INFO level. (boolean value) - # This option is deprecated for removal. - # Its value may be silently ignored in the future. - #verbose = true - # The name of a logging configuration file. This file is appended to any # existing logging configuration files. For details about logging configuration # files, see the Python logging module documentation. Note that when logging @@ -46,7 +46,7 @@ data: # logging will go to stderr as defined by use_stderr. This option is ignored if # log_config_append is set. (string value) # Deprecated group/name - [DEFAULT]/logfile - #log_file = /var/log/kuryr/kuryr-controller.log + #log_file = <None> # (Optional) The base directory used for relative log_file paths. This option # is ignored if log_config_append is set. (string value) @@ -65,13 +65,19 @@ data: # is set. (boolean value) #use_syslog = false + # Enable journald for logging. If running in a systemd environment you may wish + # to enable journal support. Doing so will use the journal native protocol + # which includes structured metadata in addition to log messages.This option is + # ignored if log_config_append is set. (boolean value) + #use_journal = false + # Syslog facility to receive log lines. This option is ignored if # log_config_append is set. (string value) #syslog_log_facility = LOG_USER # Log output to standard error. This option is ignored if log_config_append is # set. (boolean value) - #use_stderr = true + #use_stderr = false # Format string to use for log messages with context. (string value) #logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s @@ -93,7 +99,7 @@ data: # List of package logging levels in logger=LEVEL pairs. This option is ignored # if log_config_append is set. (list value) - #default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,dogpile.core.dogpile=INFO + #default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,oslo_messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,dogpile.core.dogpile=INFO # Enables or disables publication of error events. (boolean value) #publish_errors = false @@ -106,15 +112,86 @@ data: # value) #instance_uuid_format = "[instance: %(uuid)s] " + # Interval, number of seconds, of log rate limiting. (integer value) + #rate_limit_interval = 0 + + # Maximum number of logged messages per rate_limit_interval. (integer value) + #rate_limit_burst = 0 + + # Log level name used by rate limiting: CRITICAL, ERROR, INFO, WARNING, DEBUG + # or empty string. Logs with level greater or equal to rate_limit_except_level + # are not filtered. An empty string means that all levels are filtered. (string + # value) + #rate_limit_except_level = CRITICAL + # Enables or disables fatal status of deprecations. (boolean value) #fatal_deprecations = false [binding] + # Configuration options for container interface binding. - driver = kuryr.lib.binding.drivers.vlan + # + # From kuryr_kubernetes + # + + # The name prefix of the veth endpoint put inside the container. (string value) + #veth_dst_prefix = eth + + # Driver to use for binding and unbinding ports. (string value) + # Deprecated group/name - [binding]/driver + #default_driver = kuryr.lib.binding.drivers.veth + + # Drivers to use for binding and unbinding ports. (list value) + #enabled_drivers = kuryr.lib.binding.drivers.veth + + # Specifies the name of the Nova instance interface to link the virtual devices + # to (only applicable to some binding drivers. (string value) link_iface = eth0 + driver = kuryr.lib.binding.drivers.vlan + + + [cni_daemon] + + # + # From kuryr_kubernetes + # + + # Enable CNI Daemon configuration. (boolean value) + daemon_enabled = true + + # Bind address for CNI daemon HTTP server. It is recommened to allow only local + # connections. (string value) + bind_address = 127.0.0.1:50036 + + # Maximum number of processes that will be spawned to process requests from CNI + # driver. (integer value) + #worker_num = 30 + + # Time (in seconds) the CNI daemon will wait for VIF annotation to appear in + # pod metadata before failing the CNI request. (integer value) + #vif_annotation_timeout = 120 + + # Kuryr uses pyroute2 library to manipulate networking interfaces. When + # processing a high number of Kuryr requests in parallel, it may take kernel + # more time to process all networking stack changes. This option allows to tune + # internal pyroute2 timeout. (integer value) + #pyroute2_timeout = 30 + + # Set to True when you are running kuryr-daemon inside a Docker container on + # Kubernetes host. E.g. as DaemonSet on Kubernetes cluster Kuryr is supposed to + # provide networking for. This mainly means thatkuryr-daemon will look for + # network namespaces in $netns_proc_dir instead of /proc. (boolean value) + docker_mode = true + + # When docker_mode is set to True, this config option should be set to where + # host's /proc directory is mounted. Please note that mounting it is necessary + # to allow Kuryr-Kubernetes to move host interfaces between host network + # namespaces, which is essential for Kuryr to work. (string value) + netns_proc_dir = /host_proc + + [kubernetes] # @@ -164,11 +241,6 @@ data: # The driver that manages VIFs pools for Kubernetes Pods (string value) vif_pool_driver = {{ kuryr_openstack_enable_pools | default(False) | ternary('nested', 'noop') }} - [vif_pool] - ports_pool_max = {{ kuryr_openstack_pool_max | default(0) }} - ports_pool_min = {{ kuryr_openstack_pool_min | default(1) }} - ports_pool_batch = {{ kuryr_openstack_pool_batch | default(5) }} - ports_pool_update_frequency = {{ kuryr_openstack_pool_update_frequency | default(20) }} [neutron] # Configuration options for OpenStack Neutron @@ -232,13 +304,55 @@ data: external_svc_subnet = {{ kuryr_openstack_external_svc_subnet_id }} [pod_vif_nested] + worker_nodes_subnet = {{ kuryr_openstack_worker_nodes_subnet_id }} + + + [pool_manager] + + # + # From kuryr_kubernetes + # + + # Absolute path to socket file that will be used for communication with the + # Pool Manager daemon (string value) + #sock_file = /run/kuryr/kuryr_manage.sock + + + [vif_pool] + + # + # From kuryr_kubernetes + # + + # Set a maximun amount of ports per pool. 0 to disable (integer value) + ports_pool_max = {{ kuryr_openstack_pool_max | default(0) }} + + # Set a target minimum size of the pool of ports (integer value) + ports_pool_min = {{ kuryr_openstack_pool_min | default(1) }} + + # Number of ports to be created in a bulk request (integer value) + ports_pool_batch = {{ kuryr_openstack_pool_batch | default(5) }} + + # Minimun interval (in seconds) between pool updates (integer value) + ports_pool_update_frequency = {{ kuryr_openstack_pool_update_frequency | default(20) }} + kuryr-cni.conf: |+ [DEFAULT] # # From kuryr_kubernetes # + + # Directory for Kuryr vif binding executables. (string value) + #bindir = /usr/libexec/kuryr + + # Neutron subnetpool name will be prefixed by this. (string value) + #subnetpool_name_prefix = kuryrPool + + # baremetal or nested-containers are the supported values. (string value) + #deployment_type = baremetal + # If set to true, the logging level will be set to DEBUG instead of the default # INFO level. (boolean value) # Note: This option can be changed without restarting. @@ -263,7 +377,7 @@ data: # logging will go to stderr as defined by use_stderr. This option is ignored if # log_config_append is set. (string value) # Deprecated group/name - [DEFAULT]/logfile - #log_file = /var/log/kuryr/cni.log + #log_file = <None> # (Optional) The base directory used for relative log_file paths. This option # is ignored if log_config_append is set. (string value) @@ -282,6 +396,12 @@ data: # is set. (boolean value) #use_syslog = false + # Enable journald for logging. If running in a systemd environment you may wish + # to enable journal support. Doing so will use the journal native protocol + # which includes structured metadata in addition to log messages.This option is + # ignored if log_config_append is set. (boolean value) + #use_journal = false + # Syslog facility to receive log lines. This option is ignored if # log_config_append is set. (string value) #syslog_log_facility = LOG_USER @@ -310,7 +430,7 @@ data: # List of package logging levels in logger=LEVEL pairs. This option is ignored # if log_config_append is set. (list value) - #default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,dogpile.core.dogpile=INFO + #default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,oslo_messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,dogpile.core.dogpile=INFO # Enables or disables publication of error events. (boolean value) #publish_errors = false @@ -323,14 +443,85 @@ data: # value) #instance_uuid_format = "[instance: %(uuid)s] " + # Interval, number of seconds, of log rate limiting. (integer value) + #rate_limit_interval = 0 + + # Maximum number of logged messages per rate_limit_interval. (integer value) + #rate_limit_burst = 0 + + # Log level name used by rate limiting: CRITICAL, ERROR, INFO, WARNING, DEBUG + # or empty string. Logs with level greater or equal to rate_limit_except_level + # are not filtered. An empty string means that all levels are filtered. (string + # value) + #rate_limit_except_level = CRITICAL + # Enables or disables fatal status of deprecations. (boolean value) #fatal_deprecations = false [binding] + # Configuration options for container interface binding. + + # + # From kuryr_kubernetes + # + + # The name prefix of the veth endpoint put inside the container. (string value) + #veth_dst_prefix = eth + + # Driver to use for binding and unbinding ports. (string value) + # Deprecated group/name - [binding]/driver + #default_driver = kuryr.lib.binding.drivers.veth + + # Drivers to use for binding and unbinding ports. (list value) + #enabled_drivers = kuryr.lib.binding.drivers.veth + + # Specifies the name of the Nova instance interface to link the virtual devices + # to (only applicable to some binding drivers. (string value) + link_iface = eth0 driver = kuryr.lib.binding.drivers.vlan - link_iface = {{ kuryr_cni_link_interface }} + + + [cni_daemon] + + # + # From kuryr_kubernetes + # + + # Enable CNI Daemon configuration. (boolean value) + daemon_enabled = true + + # Bind address for CNI daemon HTTP server. It is recommened to allow only local + # connections. (string value) + bind_address = 127.0.0.1:50036 + + # Maximum number of processes that will be spawned to process requests from CNI + # driver. (integer value) + #worker_num = 30 + + # Time (in seconds) the CNI daemon will wait for VIF annotation to appear in + # pod metadata before failing the CNI request. (integer value) + #vif_annotation_timeout = 120 + + # Kuryr uses pyroute2 library to manipulate networking interfaces. When + # processing a high number of Kuryr requests in parallel, it may take kernel + # more time to process all networking stack changes. This option allows to tune + # internal pyroute2 timeout. (integer value) + #pyroute2_timeout = 30 + + # Set to True when you are running kuryr-daemon inside a Docker container on + # Kubernetes host. E.g. as DaemonSet on Kubernetes cluster Kuryr is supposed to + # provide networking for. This mainly means thatkuryr-daemon will look for + # network namespaces in $netns_proc_dir instead of /proc. (boolean value) + docker_mode = true + + # When docker_mode is set to True, this config option should be set to where + # host's /proc directory is mounted. Please note that mounting it is necessary + # to allow Kuryr-Kubernetes to move host interfaces between host network + # namespaces, which is essential for Kuryr to work. (string value) + netns_proc_dir = /host_proc + [kubernetes] @@ -341,12 +532,136 @@ data: # The root URL of the Kubernetes API (string value) api_root = {{ openshift.master.api_url }} - # The token to talk to the k8s API - token_file = /etc/kuryr/token + # Absolute path to client cert to connect to HTTPS K8S_API (string value) + # ssl_client_crt_file = /etc/kuryr/controller.crt + + # Absolute path client key file to connect to HTTPS K8S_API (string value) + # ssl_client_key_file = /etc/kuryr/controller.key # Absolute path to ca cert file to connect to HTTPS K8S_API (string value) - ssl_ca_crt_file = /etc/kuryr/ca.crt + ssl_ca_crt_file = /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + + # The token to talk to the k8s API + token_file = /var/run/secrets/kubernetes.io/serviceaccount/token # HTTPS K8S_API server identity verification (boolean value) # TODO (apuimedo): Make configurable ssl_verify_server_crt = True + + # The driver to determine OpenStack project for pod ports (string value) + pod_project_driver = default + + # The driver to determine OpenStack project for services (string value) + service_project_driver = default + + # The driver to determine Neutron subnets for pod ports (string value) + pod_subnets_driver = default + + # The driver to determine Neutron subnets for services (string value) + service_subnets_driver = default + + # The driver to determine Neutron security groups for pods (string value) + pod_security_groups_driver = default + + # The driver to determine Neutron security groups for services (string value) + service_security_groups_driver = default + + # The driver that provides VIFs for Kubernetes Pods. (string value) + pod_vif_driver = nested-vlan + + # The driver that manages VIFs pools for Kubernetes Pods (string value) + vif_pool_driver = {{ kuryr_openstack_enable_pools | default(False) | ternary('nested', 'noop') }} + + [neutron] + # Configuration options for OpenStack Neutron + + # + # From kuryr_kubernetes + # + + # Authentication URL (string value) + auth_url = {{ kuryr_openstack_auth_url }} + + # Authentication type to load (string value) + # Deprecated group/name - [neutron]/auth_plugin + auth_type = password + + # Domain ID to scope to (string value) + user_domain_name = {{ kuryr_openstack_user_domain_name }} + + # User's password (string value) + password = {{ kuryr_openstack_password }} + + # Domain name containing project (string value) + project_domain_name = {{ kuryr_openstack_project_domain_name }} + + # Project ID to scope to (string value) + # Deprecated group/name - [neutron]/tenant-id + project_id = {{ kuryr_openstack_project_id }} + + # Token (string value) + #token = <None> + + # Trust ID (string value) + #trust_id = <None> + + # User's domain id (string value) + #user_domain_id = <None> + + # User id (string value) + #user_id = <None> + + # Username (string value) + # Deprecated group/name - [neutron]/user-name + username = {{kuryr_openstack_username }} + + # Whether a plugging operation is failed if the port to plug does not become + # active (boolean value) + #vif_plugging_is_fatal = false + + # Seconds to wait for port to become active (integer value) + #vif_plugging_timeout = 0 + + [neutron_defaults] + + pod_security_groups = {{ kuryr_openstack_pod_sg_id }} + pod_subnet = {{ kuryr_openstack_pod_subnet_id }} + service_subnet = {{ kuryr_openstack_service_subnet_id }} + project = {{ kuryr_openstack_pod_project_id }} + # TODO (apuimedo): Remove the duplicated line just after this one once the + # RDO packaging contains the upstream patch + worker_nodes_subnet = {{ kuryr_openstack_worker_nodes_subnet_id }} + + [pod_vif_nested] + + worker_nodes_subnet = {{ kuryr_openstack_worker_nodes_subnet_id }} + + + [pool_manager] + + # + # From kuryr_kubernetes + # + + # Absolute path to socket file that will be used for communication with the + # Pool Manager daemon (string value) + #sock_file = /run/kuryr/kuryr_manage.sock + + + [vif_pool] + + # + # From kuryr_kubernetes + # + + # Set a maximun amount of ports per pool. 0 to disable (integer value) + ports_pool_max = {{ kuryr_openstack_pool_max | default(0) }} + + # Set a target minimum size of the pool of ports (integer value) + ports_pool_min = {{ kuryr_openstack_pool_min | default(1) }} + + # Number of ports to be created in a bulk request (integer value) + ports_pool_batch = {{ kuryr_openstack_pool_batch | default(5) }} + + # Minimun interval (in seconds) between pool updates (integer value) + ports_pool_update_frequency = {{ kuryr_openstack_pool_update_frequency | default(20) }} diff --git a/roles/openshift_aws/defaults/main.yml b/roles/openshift_aws/defaults/main.yml index 8c8227b5e..efd2468b2 100644 --- a/roles/openshift_aws/defaults/main.yml +++ b/roles/openshift_aws/defaults/main.yml @@ -98,12 +98,20 @@ openshift_aws_elb_dict: proxy_protocol: True openshift_aws_node_group_config_master_volumes: +- device_name: /dev/sda1 + volume_size: 100 + device_type: gp2 + delete_on_termination: False - device_name: /dev/sdb volume_size: 100 device_type: gp2 delete_on_termination: False openshift_aws_node_group_config_node_volumes: +- device_name: /dev/sda1 + volume_size: 100 + device_type: gp2 + delete_on_termination: True - device_name: /dev/sdb volume_size: 100 device_type: gp2 diff --git a/roles/openshift_aws/tasks/provision.yml b/roles/openshift_aws/tasks/provision.yml index 786a2e4cf..2b5f317d8 100644 --- a/roles/openshift_aws/tasks/provision.yml +++ b/roles/openshift_aws/tasks/provision.yml @@ -1,23 +1,6 @@ --- -- when: openshift_aws_create_iam_cert | bool - name: create the iam_cert for elb certificate - include_tasks: iam_cert.yml - -- when: openshift_aws_create_s3 | bool - name: create s3 bucket for registry - include_tasks: s3.yml - - include_tasks: vpc_and_subnet_id.yml -- name: create elbs - include_tasks: elb.yml - with_dict: "{{ openshift_aws_elb_dict }}" - vars: - l_elb_security_groups: "{{ openshift_aws_elb_security_groups }}" - l_openshift_aws_elb_name_dict: "{{ openshift_aws_elb_name_dict }}" - loop_control: - loop_var: l_elb_dict_item - - name: include scale group creation for master include_tasks: build_node_group.yml with_items: "{{ openshift_aws_master_group }}" diff --git a/roles/openshift_aws/tasks/provision_elb.yml b/roles/openshift_aws/tasks/provision_elb.yml new file mode 100644 index 000000000..a52f63bd5 --- /dev/null +++ b/roles/openshift_aws/tasks/provision_elb.yml @@ -0,0 +1,15 @@ +--- +- when: openshift_aws_create_iam_cert | bool + name: create the iam_cert for elb certificate + include_tasks: iam_cert.yml + +- include_tasks: vpc_and_subnet_id.yml + +- name: create elbs + include_tasks: elb.yml + with_dict: "{{ openshift_aws_elb_dict }}" + vars: + l_elb_security_groups: "{{ openshift_aws_elb_security_groups }}" + l_openshift_aws_elb_name_dict: "{{ openshift_aws_elb_name_dict }}" + loop_control: + loop_var: l_elb_dict_item |