diff options
| -rw-r--r-- | README_vagrant.md | 28 | ||||
| -rw-r--r-- | Vagrantfile | 41 | ||||
| -rw-r--r-- | filter_plugins/oo_filters.py | 4 | ||||
| -rw-r--r-- | inventory/aws/hosts/hosts | 2 | ||||
| -rw-r--r-- | inventory/byo/hosts.example | 2 | ||||
| -rw-r--r-- | inventory/gce/hosts/hosts | 2 | ||||
| -rw-r--r-- | inventory/libvirt/hosts/hosts | 2 | ||||
| -rw-r--r-- | inventory/openstack/hosts/hosts | 2 | ||||
| -rw-r--r-- | playbooks/aws/openshift-cluster/vars.online.int.yml | 4 | ||||
| -rw-r--r-- | playbooks/aws/openshift-cluster/vars.online.prod.yml | 4 | ||||
| -rw-r--r-- | playbooks/aws/openshift-cluster/vars.online.stage.yml | 4 | ||||
| -rw-r--r-- | playbooks/byo/rhel_subscribe.yml | 12 | ||||
| -rw-r--r-- | playbooks/byo/vagrant.yml | 4 | ||||
| -rw-r--r-- | playbooks/common/openshift-node/config.yml | 3 | ||||
| -rw-r--r-- | roles/etcd/tasks/main.yml | 2 | ||||
| -rw-r--r-- | roles/openshift_manage_node/tasks/main.yml | 7 | ||||
| -rw-r--r-- | roles/openshift_master/tasks/main.yml | 2 | ||||
| -rw-r--r-- | roles/openshift_master/templates/master.yaml.v1.j2 | 6 | ||||
| -rw-r--r-- | roles/openshift_node/tasks/main.yml | 8 | ||||
| -rw-r--r-- | roles/openshift_node/templates/node.yaml.v1.j2 | 3 |
20 files changed, 113 insertions, 29 deletions
diff --git a/README_vagrant.md b/README_vagrant.md index 26ec52c0a..5f87d6633 100644 --- a/README_vagrant.md +++ b/README_vagrant.md @@ -2,9 +2,28 @@ Requirements ------------ - vagrant (tested against version 1.7.2) - vagrant-hostmanager plugin (tested against version 1.5.0) +- vagrant-registration plugin (only required for enterprise deployment type) - vagrant-libvirt (tested against version 0.0.26) - Only required if using libvirt instead of virtualbox +For ``enterprise`` deployment types the base RHEL box has to be added to Vagrant: + +1. Download the RHEL7 vagrant image (libvirt or virtualbox) available from the [Red Hat Container Development Kit downloads in the customer portal](https://access.redhat.com/downloads/content/293/ver=1/rhel---7/1.0.1/x86_64/product-downloads) + +2. Install it into vagrant + + ``$ vagrant box add --name rhel-7 /path/to/rhel-server-libvirt-7.1-3.x86_64.box`` + +3. (optional, recommended) Increase the disk size of the image to 20GB - This is a two step process. (these instructions are specific to libvirt) + + Resize the actual qcow2 image: + + ``$ qemu-img resize ~/.vagrant.d/boxes/rhel-7/0/libvirt/box.img 20GB`` + + Edit `~/.vagrant.d/boxes/rhel-7/0/libvirt/metadata.json` to reflect the new size. A corrected metadata.json looks like this: + + ``{"provider": "libvirt", "format": "qcow2", "virtual_size": 20}`` + Usage ----- ``` @@ -21,5 +40,10 @@ vagrant provision Environment Variables --------------------- The following environment variables can be overriden: -- OPENSHIFT_DEPLOYMENT_TYPE (defaults to origin, choices: origin, enterprise, online) -- OPENSHIFT_NUM_NODES (the number of nodes to create, defaults to 2) +- ``OPENSHIFT_DEPLOYMENT_TYPE`` (defaults to origin, choices: origin, enterprise, online) +- ``OPENSHIFT_NUM_NODES`` (the number of nodes to create, defaults to 2) + +For ``enterprise`` deployment types these env variables should also be specified: +- ``rhel_subscription_user``: rhsm user +- ``rhel_subscription_pass``: rhsm password +- (optional) ``rhel_subscription_pool``: poolID to attach a specific subscription besides what auto-attach detects diff --git a/Vagrantfile b/Vagrantfile index a832ae84e..4675b5d60 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -15,6 +15,28 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| config.hostmanager.manage_host = true config.hostmanager.include_offline = true config.ssh.insert_key = false + + if deployment_type === 'enterprise' + unless Vagrant.has_plugin?('vagrant-registration') + raise 'vagrant-registration-plugin is required for enterprise deployment' + end + username = ENV['rhel_subscription_user'] + password = ENV['rhel_subscription_pass'] + unless username and password + raise 'rhel_subscription_user and rhel_subscription_pass are required' + end + config.registration.username = username + config.registration.password = password + # FIXME this is temporary until vagrant/ansible registration modules + # are capable of handling specific subscription pools + if not ENV['rhel_subscription_pool'].nil? + config.vm.provision "shell" do |s| + s.inline = "subscription-manager attach --pool=$1 || true" + s.args = "#{ENV['rhel_subscription_pool']}" + end + end + end + config.vm.provider "virtualbox" do |vbox, override| override.vm.box = "chef/centos-7.1" vbox.memory = 1024 @@ -28,10 +50,15 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| libvirt.cpus = 2 libvirt.memory = 1024 libvirt.driver = 'kvm' - override.vm.box = "centos-7.1" - override.vm.box_url = "https://download.gluster.org/pub/gluster/purpleidea/vagrant/centos-7.1/centos-7.1.box" - override.vm.box_download_checksum = "b2a9f7421e04e73a5acad6fbaf4e9aba78b5aeabf4230eebacc9942e577c1e05" - override.vm.box_download_checksum_type = "sha256" + case deployment_type + when "enterprise" + override.vm.box = "rhel-7" + when "origin" + override.vm.box = "centos-7.1" + override.vm.box_url = "https://download.gluster.org/pub/gluster/purpleidea/vagrant/centos-7.1/centos-7.1.box" + override.vm.box_download_checksum = "b2a9f7421e04e73a5acad6fbaf4e9aba78b5aeabf4230eebacc9942e577c1e05" + override.vm.box_download_checksum_type = "sha256" + end end num_nodes.times do |n| @@ -53,12 +80,12 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| ansible.sudo = true ansible.groups = { "masters" => ["master"], - "nodes" => ["node1", "node2"], + "nodes" => ["master", "node1", "node2"], } ansible.extra_vars = { - openshift_deployment_type: "origin", + deployment_type: deployment_type, } - ansible.playbook = "playbooks/byo/config.yml" + ansible.playbook = "playbooks/byo/vagrant.yml" end end end diff --git a/filter_plugins/oo_filters.py b/filter_plugins/oo_filters.py index 9c263f0dd..c3408702d 100644 --- a/filter_plugins/oo_filters.py +++ b/filter_plugins/oo_filters.py @@ -130,7 +130,7 @@ class FilterModule(object): rval.append("%s%s%s" % (item['key'], joiner, item['value'])) return rval - + @staticmethod def oo_combine_dict(data, in_joiner='=', out_joiner=' '): '''Take a dict in the form of { 'key': 'value', 'key': 'value' } and @@ -139,7 +139,7 @@ class FilterModule(object): if not issubclass(type(data), dict): raise errors.AnsibleFilterError("|failed expects first param is a dict") - return out_joiner.join([ in_joiner.join([k, v]) for k, v in data.items() ]) + return out_joiner.join([in_joiner.join([k, v]) for k, v in data.items()]) @staticmethod def oo_ami_selector(data, image_name): diff --git a/inventory/aws/hosts/hosts b/inventory/aws/hosts/hosts index 34a4396bd..bf4e0845a 100644 --- a/inventory/aws/hosts/hosts +++ b/inventory/aws/hosts/hosts @@ -1 +1 @@ -localhost ansible_connection=local ansible_sudo=no ansible_python_interpreter=/usr/bin/python2 +localhost ansible_connection=local ansible_sudo=no ansible_python_interpreter='/usr/bin/env python2' diff --git a/inventory/byo/hosts.example b/inventory/byo/hosts.example index dd5c02b77..646790c42 100644 --- a/inventory/byo/hosts.example +++ b/inventory/byo/hosts.example @@ -33,7 +33,7 @@ deployment_type=enterprise #openshift_additional_repos=[{'id': 'openshift-origin-copr', 'name': 'OpenShift Origin COPR', 'baseurl': 'https://copr-be.cloud.fedoraproject.org/results/maxamillion/origin-next/epel-7-$basearch/', 'enabled': 1, 'gpgcheck': 1, gpgkey: 'https://copr-be.cloud.fedoraproject.org/results/maxamillion/origin-next/pubkey.gpg'}] # htpasswd auth -#openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', 'filename': '/etc/openshift/htpasswd'}] +openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', 'filename': '/etc/openshift/htpasswd'}] # Allow all auth #openshift_master_identity_providers=[{'name': 'allow_all', 'login': 'true', 'challenge': 'true', 'kind': 'AllowAllPasswordIdentityProvider'}] diff --git a/inventory/gce/hosts/hosts b/inventory/gce/hosts/hosts index 34a4396bd..bf4e0845a 100644 --- a/inventory/gce/hosts/hosts +++ b/inventory/gce/hosts/hosts @@ -1 +1 @@ -localhost ansible_connection=local ansible_sudo=no ansible_python_interpreter=/usr/bin/python2 +localhost ansible_connection=local ansible_sudo=no ansible_python_interpreter='/usr/bin/env python2' diff --git a/inventory/libvirt/hosts/hosts b/inventory/libvirt/hosts/hosts index 34a4396bd..bf4e0845a 100644 --- a/inventory/libvirt/hosts/hosts +++ b/inventory/libvirt/hosts/hosts @@ -1 +1 @@ -localhost ansible_connection=local ansible_sudo=no ansible_python_interpreter=/usr/bin/python2 +localhost ansible_connection=local ansible_sudo=no ansible_python_interpreter='/usr/bin/env python2' diff --git a/inventory/openstack/hosts/hosts b/inventory/openstack/hosts/hosts index 9cdc31449..2d2194a4d 100644 --- a/inventory/openstack/hosts/hosts +++ b/inventory/openstack/hosts/hosts @@ -1 +1 @@ -localhost ansible_sudo=no ansible_python_interpreter=/usr/bin/python2 connection=local +localhost ansible_sudo=no ansible_python_interpreter='/usr/bin/env python2' connection=local diff --git a/playbooks/aws/openshift-cluster/vars.online.int.yml b/playbooks/aws/openshift-cluster/vars.online.int.yml index b9ee29b83..bb18e13b0 100644 --- a/playbooks/aws/openshift-cluster/vars.online.int.yml +++ b/playbooks/aws/openshift-cluster/vars.online.int.yml @@ -3,9 +3,9 @@ ec2_image: ami-9101c8fa ec2_image_name: libra-ops-rhel7* ec2_region: us-east-1 ec2_keypair: mmcgrath_libra -ec2_master_instance_type: m4.large +ec2_master_instance_type: t2.small ec2_master_security_groups: [ 'integration', 'integration-master' ] -ec2_infra_instance_type: m4.large +ec2_infra_instance_type: c4.large ec2_infra_security_groups: [ 'integration', 'integration-infra' ] ec2_node_instance_type: m4.large ec2_node_security_groups: [ 'integration', 'integration-node' ] diff --git a/playbooks/aws/openshift-cluster/vars.online.prod.yml b/playbooks/aws/openshift-cluster/vars.online.prod.yml index 691582834..bbef9cc56 100644 --- a/playbooks/aws/openshift-cluster/vars.online.prod.yml +++ b/playbooks/aws/openshift-cluster/vars.online.prod.yml @@ -3,9 +3,9 @@ ec2_image: ami-9101c8fa ec2_image_name: libra-ops-rhel7* ec2_region: us-east-1 ec2_keypair: mmcgrath_libra -ec2_master_instance_type: m4.large +ec2_master_instance_type: t2.small ec2_master_security_groups: [ 'production', 'production-master' ] -ec2_infra_instance_type: m4.large +ec2_infra_instance_type: c4.large ec2_infra_security_groups: [ 'production', 'production-infra' ] ec2_node_instance_type: m4.large ec2_node_security_groups: [ 'production', 'production-node' ] diff --git a/playbooks/aws/openshift-cluster/vars.online.stage.yml b/playbooks/aws/openshift-cluster/vars.online.stage.yml index 2ec43ad4c..9008a55ba 100644 --- a/playbooks/aws/openshift-cluster/vars.online.stage.yml +++ b/playbooks/aws/openshift-cluster/vars.online.stage.yml @@ -3,9 +3,9 @@ ec2_image: ami-9101c8fa ec2_image_name: libra-ops-rhel7* ec2_region: us-east-1 ec2_keypair: mmcgrath_libra -ec2_master_instance_type: m4.large +ec2_master_instance_type: t2.small ec2_master_security_groups: [ 'stage', 'stage-master' ] -ec2_infra_instance_type: m4.large +ec2_infra_instance_type: c4.large ec2_infra_security_groups: [ 'stage', 'stage-infra' ] ec2_node_instance_type: m4.large ec2_node_security_groups: [ 'stage', 'stage-node' ] diff --git a/playbooks/byo/rhel_subscribe.yml b/playbooks/byo/rhel_subscribe.yml new file mode 100644 index 000000000..f564905ea --- /dev/null +++ b/playbooks/byo/rhel_subscribe.yml @@ -0,0 +1,12 @@ +--- +- hosts: all + vars: + openshift_deployment_type: "{{ deployment_type }}" + roles: + - role: rhel_subscribe + when: deployment_type == "enterprise" and + ansible_distribution == "RedHat" and + lookup('oo_option', 'rhel_skip_subscription') | default(rhsub_skip, True) | + default('no', True) | lower in ['no', 'false'] + - openshift_repos + - os_update_latest diff --git a/playbooks/byo/vagrant.yml b/playbooks/byo/vagrant.yml new file mode 100644 index 000000000..76246e7b0 --- /dev/null +++ b/playbooks/byo/vagrant.yml @@ -0,0 +1,4 @@ +--- +- include: rhel_subscribe.yml + +- include: config.yml diff --git a/playbooks/common/openshift-node/config.yml b/playbooks/common/openshift-node/config.yml index 4010b4c9e..705f7f223 100644 --- a/playbooks/common/openshift-node/config.yml +++ b/playbooks/common/openshift-node/config.yml @@ -128,9 +128,10 @@ vars: openshift_nodes: "{{ hostvars | oo_select_keys(groups['oo_nodes_to_config']) - | oo_collect('openshift.common.hostname') }}" + | oo_collect('openshift.common.hostname') }}" openshift_unscheduleable_nodes: "{{ hostvars | oo_select_keys(groups['oo_nodes_to_config'] | default([])) | oo_collect('openshift.common.hostname', {'openshift_scheduleable': False}) }}" + openshift_node_vars: "{{ hostvars | oo_select_keys(groups['oo_nodes_to_config']) }}" pre_tasks: - set_fact: openshift_scheduleable_nodes: "{{ hostvars diff --git a/roles/etcd/tasks/main.yml b/roles/etcd/tasks/main.yml index 79a91dfde..27bfb7de9 100644 --- a/roles/etcd/tasks/main.yml +++ b/roles/etcd/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Install etcd - yum: pkg=etcd state=present + yum: pkg=etcd-2.* state=present - name: Validate permissions on the config dir file: diff --git a/roles/openshift_manage_node/tasks/main.yml b/roles/openshift_manage_node/tasks/main.yml index 472d63efe..74e702248 100644 --- a/roles/openshift_manage_node/tasks/main.yml +++ b/roles/openshift_manage_node/tasks/main.yml @@ -19,8 +19,7 @@ - name: Label nodes command: > - {{ openshift.common.client_binary }} label --overwrite node {{ item }} {{ hostvars[item]['openshift_node_labels'] | oo_combine_dict }} + {{ openshift.common.client_binary }} label --overwrite node {{ item.openshift.common.hostname }} {{ item.openshift.node.labels | oo_combine_dict }} with_items: - - "{{ openshift_nodes }}" - when: - "'openshift_node_labels' in hostvars[item]" + - "{{ openshift_node_vars }}" + when: "'labels' in item.openshift.node and item.openshift.node.labels != {}" diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index f90f526c9..3ee21b902 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -56,6 +56,8 @@ default_subdomain: "{{ osm_default_subdomain | default(None) }}" custom_cors_origins: "{{ osm_custom_cors_origins | default(None) }}" default_node_selector: "{{ osm_default_node_selector | default(None) }}" + api_server_args: "{{ osm_api_server_args | default(None) }}" + controller_args: "{{ osm_controller_args | default(None) }}" # TODO: These values need to be configurable - name: Set dns OpenShift facts diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2 index b5e3d2f05..44567aa22 100644 --- a/roles/openshift_master/templates/master.yaml.v1.j2 +++ b/roles/openshift_master/templates/master.yaml.v1.j2 @@ -2,6 +2,9 @@ apiLevels: - v1beta3 - v1 apiVersion: v1 +{% if api_server_args is defined and api_server_args %} +apiServerArguments: {{ api_server_args }} +{% endif %} assetConfig: logoutURL: "" masterPublicURL: {{ openshift.master.public_api_url }} @@ -13,6 +16,9 @@ assetConfig: keyFile: master.server.key maxRequestsInFlight: 0 requestTimeoutSeconds: 0 +{% if controller_args is defined and controller_args %} +controllerArguments: {{ controller_args }} +{% endif %} corsAllowedOrigins: {% for origin in ['127.0.0.1', 'localhost', openshift.common.hostname, openshift.common.ip, openshift.common.public_hostname, openshift.common.public_ip] %} - {{ origin }} diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index e84e74b40..adffca252 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -6,6 +6,9 @@ - fail: msg: This role requres that osn_cluster_dns_ip is set when: osn_cluster_dns_ip is not defined or not osn_cluster_dns_ip +- fail: + msg: "SELinux is disabled, This deployment type requires that SELinux is enabled." + when: (not ansible_selinux or ansible_selinux.status != 'enabled') and deployment_type in ['enterprise', 'online'] - name: Install OpenShift Node package yum: pkg=openshift-node state=present @@ -33,6 +36,7 @@ registry_url: "{{ oreg_url | default(none) }}" debug_level: "{{ openshift_node_debug_level | default(openshift.common.debug_level) }}" portal_net: "{{ openshift_master_portal_net | default(None) }}" + kubelet_args: "{{ openshift_node_kubelet_args | default(None) }}" # TODO: add the validate parameter when there is a validation command to run - name: Create the Node config @@ -63,11 +67,13 @@ lineinfile: dest: /etc/sysconfig/docker regexp: '^OPTIONS=.*' - line: "OPTIONS='--insecure-registry={{ openshift.node.portal_net }} --selinux-enabled'" + line: "OPTIONS='--insecure-registry={{ openshift.node.portal_net }} \ +{% if ansible_selinux and ansible_selinux.status == '''enabled''' %}--selinux-enabled{% endif %}'" when: docker_check.stat.isreg - name: Allow NFS access for VMs seboolean: name=virt_use_nfs state=yes persistent=yes + when: ansible_selinux and ansible_selinux.status == "enabled" - name: Start and enable openshift-node service: name=openshift-node enabled=yes state=started diff --git a/roles/openshift_node/templates/node.yaml.v1.j2 b/roles/openshift_node/templates/node.yaml.v1.j2 index 7778a2a61..e6f75a4c0 100644 --- a/roles/openshift_node/templates/node.yaml.v1.j2 +++ b/roles/openshift_node/templates/node.yaml.v1.j2 @@ -8,6 +8,9 @@ imageConfig: format: {{ openshift.node.registry_url }} latest: false kind: NodeConfig +{% if openshift.common.kubelet_args is defined and openshift.common.kubelet_args %} +kubeletArguments: {{ kubelet_args }} +{% endif %} masterKubeConfig: system:node:{{ openshift.common.hostname }}.kubeconfig networkPluginName: {{ openshift.common.sdn_network_plugin_name }} nodeName: {{ openshift.common.hostname }} |