diff options
-rw-r--r-- | README_GCE.md | 2 | ||||
-rw-r--r-- | playbooks/common/openshift-cluster/openshift_hosted.yml | 23 | ||||
-rw-r--r-- | playbooks/common/openshift-master/config.yml | 30 | ||||
-rw-r--r-- | playbooks/common/openshift-node/config.yml | 48 | ||||
-rw-r--r-- | roles/openshift_hosted/meta/main.yml | 25 | ||||
-rw-r--r-- | roles/openshift_master/meta/main.yml | 31 | ||||
-rw-r--r-- | roles/openshift_node/meta/main.yml | 24 |
7 files changed, 104 insertions, 79 deletions
diff --git a/README_GCE.md b/README_GCE.md index df9942f24..f909630aa 100644 --- a/README_GCE.md +++ b/README_GCE.md @@ -86,6 +86,8 @@ Install Dependencies yum install -y ansible python-libcloud ``` +> Installation using Mac OSX requires pycrypto library +> $ pip install pycrypto Test The Setup -------------- diff --git a/playbooks/common/openshift-cluster/openshift_hosted.yml b/playbooks/common/openshift-cluster/openshift_hosted.yml index c3077e3c2..4d4a09828 100644 --- a/playbooks/common/openshift-cluster/openshift_hosted.yml +++ b/playbooks/common/openshift-cluster/openshift_hosted.yml @@ -15,4 +15,27 @@ openshift_hosted_registry_registryurl: "{{ hostvars[groups.oo_first_master.0].openshift.master.registry_url }}" when: "'master' in hostvars[groups.oo_first_master.0].openshift and 'registry_url' in hostvars[groups.oo_first_master.0].openshift.master" roles: + - role: openshift_cli + - role: openshift_hosted_facts + - role: openshift_projects + # TODO: Move standard project definitions to openshift_hosted/vars/main.yml + # Vars are not accessible in meta/main.yml in ansible-1.9.x + openshift_projects: "{{ openshift_additional_projects | default({}) | oo_merge_dicts({'default':{'default_node_selector':''},'openshift-infra':{'default_node_selector':''},'logging':{'default_node_selector':''}}) }}" + - role: openshift_serviceaccounts + openshift_serviceaccounts_names: + - router + openshift_serviceaccounts_namespace: default + openshift_serviceaccounts_sccs: + - hostnetwork + when: openshift.common.version_gte_3_2_or_1_2 + - role: openshift_serviceaccounts + openshift_serviceaccounts_names: + - router + - registry + openshift_serviceaccounts_namespace: default + openshift_serviceaccounts_sccs: + - privileged + when: not openshift.common.version_gte_3_2_or_1_2 + - role: openshift_metrics + when: openshift.hosted.metrics.deploy | bool - role: openshift_hosted diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index 34c96a3af..73b4bc594 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -248,7 +248,9 @@ when: "{{ (openshift_http_proxy is defined or openshift_https_proxy is defined) and openshift_generate_no_proxy_hosts | default(True) | bool }}" roles: - - role: openshift_master + - role: openshift_master_facts + - role: openshift_hosted_facts + - role: openshift_master_certificates openshift_ca_host: "{{ groups.oo_first_master.0 }}" openshift_master_etcd_hosts: "{{ hostvars | oo_select_keys(groups['oo_etcd_to_config'] | default([])) @@ -258,6 +260,32 @@ | oo_select_keys(groups['oo_masters_to_config'] | default([])) | oo_collect('openshift.common.all_hostnames') | oo_flatten | unique }}" + - role: openshift_clock + - role: openshift_cloud_provider + - role: openshift_builddefaults + - role: os_firewall + os_firewall_allow: + - service: etcd embedded + port: 4001/tcp + - service: api server https + port: "{{ openshift.master.api_port }}/tcp" + - service: api controllers https + port: "{{ openshift.master.controllers_port }}/tcp" + - service: skydns tcp + port: "{{ openshift.master.dns_port }}/tcp" + - service: skydns udp + port: "{{ openshift.master.dns_port }}/udp" + - service: Fluentd td-agent tcp + port: 24224/tcp + - service: Fluentd td-agent udp + port: 24224/udp + - service: pcsd + port: 2224/tcp + - service: Corosync UDP + port: 5404/udp + - service: Corosync UDP + port: 5405/udp + - role: openshift_master openshift_master_hosts: "{{ groups.oo_masters_to_config }}" - role: nickhammond.logrotate - role: nuage_master diff --git a/playbooks/common/openshift-node/config.yml b/playbooks/common/openshift-node/config.yml index a8c49d37b..fc6e57439 100644 --- a/playbooks/common/openshift-node/config.yml +++ b/playbooks/common/openshift-node/config.yml @@ -60,8 +60,30 @@ when: "{{ (openshift_http_proxy is defined or openshift_https_proxy is defined) and openshift_generate_no_proxy_hosts | default(True) | bool }}" roles: - - role: openshift_node + - role: openshift_clock + - role: openshift_docker + - role: openshift_node_certificates openshift_ca_host: "{{ groups.oo_first_master.0 }}" + - role: openshift_cloud_provider + - role: openshift_common + - role: openshift_node_dnsmasq + when: openshift.common.use_dnsmasq + - role: os_firewall + os_firewall_allow: + - service: Kubernetes kubelet + port: 10250/tcp + - service: http + port: 80/tcp + - service: https + port: 443/tcp + - service: Openshift kubelet ReadOnlyPort + port: 10255/tcp + - service: Openshift kubelet ReadOnlyPort udp + port: 10255/udp + - service: OpenShift OVS sdn + port: 4789/udp + when: openshift.node.use_openshift_sdn | bool + - role: openshift_node - name: Configure node instances hosts: oo_nodes_to_config:!oo_containerized_master_nodes @@ -77,8 +99,30 @@ when: "{{ (openshift_http_proxy is defined or openshift_https_proxy is defined) and openshift_generate_no_proxy_hosts | default(True) | bool }}" roles: - - role: openshift_node + - role: openshift_clock + - role: openshift_docker + - role: openshift_node_certificates openshift_ca_host: "{{ groups.oo_first_master.0 }}" + - role: openshift_cloud_provider + - role: openshift_common + - role: openshift_node_dnsmasq + when: openshift.common.use_dnsmasq + - role: os_firewall + os_firewall_allow: + - service: Kubernetes kubelet + port: 10250/tcp + - service: http + port: 80/tcp + - service: https + port: 443/tcp + - service: Openshift kubelet ReadOnlyPort + port: 10255/tcp + - service: Openshift kubelet ReadOnlyPort udp + port: 10255/udp + - service: OpenShift OVS sdn + port: 4789/udp + when: openshift.node.use_openshift_sdn | bool + - role: openshift_node - name: Gather and set facts for flannel certificatess hosts: oo_nodes_to_config diff --git a/roles/openshift_hosted/meta/main.yml b/roles/openshift_hosted/meta/main.yml index c7d20f88b..74c50ae1d 100644 --- a/roles/openshift_hosted/meta/main.yml +++ b/roles/openshift_hosted/meta/main.yml @@ -11,27 +11,4 @@ galaxy_info: - 7 categories: - cloud -dependencies: -- role: openshift_cli -- role: openshift_hosted_facts -- role: openshift_projects - # TODO: Move standard project definitions to openshift_hosted/vars/main.yml - # Vars are not accessible in meta/main.yml in ansible-1.9.x - openshift_projects: "{{ openshift_additional_projects | default({}) | oo_merge_dicts({'default':{'default_node_selector':''},'openshift-infra':{'default_node_selector':''},'logging':{'default_node_selector':''}}) }}" -- role: openshift_serviceaccounts - openshift_serviceaccounts_names: - - router - openshift_serviceaccounts_namespace: default - openshift_serviceaccounts_sccs: - - hostnetwork - when: openshift.common.version_gte_3_2_or_1_2 -- role: openshift_serviceaccounts - openshift_serviceaccounts_names: - - router - - registry - openshift_serviceaccounts_namespace: default - openshift_serviceaccounts_sccs: - - privileged - when: not openshift.common.version_gte_3_2_or_1_2 -- role: openshift_metrics - when: openshift.hosted.metrics.deploy | bool +dependencies: [] diff --git a/roles/openshift_master/meta/main.yml b/roles/openshift_master/meta/main.yml index be70d9102..e391acfaa 100644 --- a/roles/openshift_master/meta/main.yml +++ b/roles/openshift_master/meta/main.yml @@ -11,32 +11,5 @@ galaxy_info: - 7 categories: - cloud -dependencies: -- role: openshift_clock -- role: openshift_master_certificates -- role: openshift_cloud_provider -- role: openshift_builddefaults -- role: openshift_master_facts -- role: openshift_hosted_facts -- role: os_firewall - os_firewall_allow: - - service: etcd embedded - port: 4001/tcp - - service: api server https - port: "{{ openshift.master.api_port }}/tcp" - - service: api controllers https - port: "{{ openshift.master.controllers_port }}/tcp" - - service: skydns tcp - port: "{{ openshift.master.dns_port }}/tcp" - - service: skydns udp - port: "{{ openshift.master.dns_port }}/udp" - - service: Fluentd td-agent tcp - port: 24224/tcp - - service: Fluentd td-agent udp - port: 24224/udp - - service: pcsd - port: 2224/tcp - - service: Corosync UDP - port: 5404/udp - - service: Corosync UDP - port: 5405/udp +dependencies: [] + diff --git a/roles/openshift_node/meta/main.yml b/roles/openshift_node/meta/main.yml index fd493340b..c39269f33 100644 --- a/roles/openshift_node/meta/main.yml +++ b/roles/openshift_node/meta/main.yml @@ -11,26 +11,4 @@ galaxy_info: - 7 categories: - cloud -dependencies: -- role: openshift_clock -- role: openshift_docker -- role: openshift_node_certificates -- role: openshift_cloud_provider -- role: openshift_common -- role: openshift_node_dnsmasq - when: openshift.common.use_dnsmasq -- role: os_firewall - os_firewall_allow: - - service: Kubernetes kubelet - port: 10250/tcp - - service: http - port: 80/tcp - - service: https - port: 443/tcp - - service: Openshift kubelet ReadOnlyPort - port: 10255/tcp - - service: Openshift kubelet ReadOnlyPort udp - port: 10255/udp - - service: OpenShift OVS sdn - port: 4789/udp - when: openshift.node.use_openshift_sdn | bool +dependencies: [] |