diff options
5 files changed, 41 insertions, 24 deletions
diff --git a/playbooks/provisioning/openstack/README.md b/playbooks/provisioning/openstack/README.md index df00e5507..57b72c7f3 100644 --- a/playbooks/provisioning/openstack/README.md +++ b/playbooks/provisioning/openstack/README.md @@ -8,6 +8,7 @@ etc.). The result is an environment ready for openshift-ansible. ## Dependencies * [Ansible 2.3](https://pypi.python.org/pypi/ansible) +* [jinja2](http://jinja.pocoo.org/docs/2.9/) * [shade](https://pypi.python.org/pypi/shade) * python-dns @@ -67,6 +68,9 @@ The `openstack_num_masters`, `openstack_num_infra` and `openstack_num_nodes` values specify the number of Master, Infra and App nodes to create. +The `openstack_nodes_to_remove` allows you to specify the numerical indexes +of App nodes that should be removed; for example, ['0', '2'], + The `openstack_flat_secgrp`, controls Neutron security groups creation for Heat stacks. Set it to true, if you experience issues with sec group rules quotas. It trades security for number of rules, by sharing the same set diff --git a/playbooks/provisioning/openstack/provision-openstack.yml b/playbooks/provisioning/openstack/provision-openstack.yml index a2cf7b110..feea15d5d 100644 --- a/playbooks/provisioning/openstack/provision-openstack.yml +++ b/playbooks/provisioning/openstack/provision-openstack.yml @@ -24,6 +24,7 @@ num_nodes: "{{ openstack_num_nodes }}" num_infra: "{{ openstack_num_infra }}" num_dns: "{{ openstack_num_dns | default(1) }}" + nodes_to_remove: "{{ openstack_nodes_to_remove | default([]) | to_yaml }}" master_volume_size: "{{ docker_volume_size }}" app_volume_size: "{{ docker_volume_size }}" infra_volume_size: "{{ docker_volume_size }}" diff --git a/playbooks/provisioning/openstack/sample-inventory/group_vars/all.yml b/playbooks/provisioning/openstack/sample-inventory/group_vars/all.yml index 047923253..7c9033828 100644 --- a/playbooks/provisioning/openstack/sample-inventory/group_vars/all.yml +++ b/playbooks/provisioning/openstack/sample-inventory/group_vars/all.yml @@ -12,46 +12,49 @@ openstack_num_masters: 1 openstack_num_infra: 1 openstack_num_nodes: 2 +# # Numerical index of nodes to remove +# openstack_nodes_to_remove: [] + docker_volume_size: "15" openstack_subnet_prefix: "192.168.99" # # Red Hat subscription # # Using Red Hat Satellite: -# rhsm_register: True -# rhsm_satellite: 'sat-6.example.com' -# rhsm_org: 'OPENSHIFT_ORG' -# rhsm_activationkey: '<activation-key>' +#rhsm_register: True +#rhsm_satellite: 'sat-6.example.com' +#rhsm_org: 'OPENSHIFT_ORG' +#rhsm_activationkey: '<activation-key>' # # Or using RHN username, password and optionally pool: -# rhsm_register: True -# rhsm_username: '<username>' -# rhsm_password: '<password>' -# rhsm_pool: '<pool id>' +#rhsm_register: True +#rhsm_username: '<username>' +#rhsm_password: '<password>' +#rhsm_pool: '<pool id>' -# rhsm_repos: -# - "rhel-7-server-rpms" -# - "rhel-7-server-ose-3.5-rpms" -# - "rhel-7-server-extras-rpms" -# - "rhel-7-fast-datapath-rpms" +#rhsm_repos: +# - "rhel-7-server-rpms" +# - "rhel-7-server-ose-3.5-rpms" +# - "rhel-7-server-extras-rpms" +# - "rhel-7-fast-datapath-rpms" # # Roll-your-own DNS -# openstack_num_dns: 0 -# external_nsupdate_keys: -# public: -# key_secret: 'SKqKNdpfk7llKxZ57bbxUnUDobaaJp9t8CjXLJPl+fRI5mPcSBuxTAyvJPa6Y9R7vUg9DwCy/6WTpgLNqnV4Hg==' -# key_algorithm: 'hmac-md5' -# server: '192.168.1.1' -# private: -# key_secret: 'kVE2bVTgZjrdJipxPhID8BEZmbHD8cExlVPR+zbFpW6la8kL5wpXiwOh8q5AAosXQI5t95UXwq3Inx8QT58duw==' -# key_algorithm: 'hmac-md5' -# server: '192.168.1.2' +#openstack_num_dns: 0 +#external_nsupdate_keys: +# public: +# key_secret: 'SKqKNdpfk7llKxZ57bbxUnUDobaaJp9t8CjXLJPl+fRI5mPcSBuxTAyvJPa6Y9R7vUg9DwCy/6WTpgLNqnV4Hg==' +# key_algorithm: 'hmac-md5' +# server: '192.168.1.1' +# private: +# key_secret: 'kVE2bVTgZjrdJipxPhID8BEZmbHD8cExlVPR+zbFpW6la8kL5wpXiwOh8q5AAosXQI5t95UXwq3Inx8QT58duw==' +# key_algorithm: 'hmac-md5' +# server: '192.168.1.2' # NOTE(shadower): Do not change this value. The Ansible user is currently # hardcoded to `openshift`. ansible_user: openshift -# Use a single security group for a cluster +# # Use a single security group for a cluster openstack_flat_secgrp: false diff --git a/roles/openstack-stack/defaults/main.yml b/roles/openstack-stack/defaults/main.yml index 2a4ef3a45..4831d6bc4 100644 --- a/roles/openstack-stack/defaults/main.yml +++ b/roles/openstack-stack/defaults/main.yml @@ -9,4 +9,5 @@ num_masters: 1 num_nodes: 1 num_dns: 1 num_infra: 1 +nodes_to_remove: [] etcd_volume_size: 2 diff --git a/roles/openstack-stack/templates/heat_stack.yaml.j2 b/roles/openstack-stack/templates/heat_stack.yaml.j2 index 7fd52e52d..00a46896c 100644 --- a/roles/openstack-stack/templates/heat_stack.yaml.j2 +++ b/roles/openstack-stack/templates/heat_stack.yaml.j2 @@ -592,6 +592,8 @@ resources: type: OS::Heat::ResourceGroup properties: count: {{ num_nodes }} + removal_policies: + - resource_list: {{ nodes_to_remove }} resource_def: type: server.yaml properties: @@ -664,6 +666,12 @@ resources: net: { get_resource: net } subnet: { get_resource: subnet } secgrp: +# TODO(bogdando) filter only required node rules into infra-secgrp +{% if openstack_flat_secgrp|bool %} + - { get_resource: flat-secgrp } +{% else %} + - { get_resource: node-secgrp } +{% endif %} - { get_resource: infra-secgrp } - { get_resource: common-secgrp } floating_network: {{ external_network }} |