diff options
-rw-r--r-- | README_OSE.md | 142 | ||||
-rw-r--r-- | ansible.cfg | 23 | ||||
-rw-r--r-- | inventory/byo/group_vars/all | 28 | ||||
-rw-r--r-- | inventory/byo/hosts | 10 | ||||
-rw-r--r-- | playbooks/byo/config.yml | 6 | ||||
l--------- | playbooks/byo/filter_plugins | 1 | ||||
-rw-r--r-- | playbooks/byo/openshift-master/config.yml | 9 | ||||
l--------- | playbooks/byo/openshift-master/filter_plugins | 1 | ||||
l--------- | playbooks/byo/openshift-master/roles | 1 | ||||
-rw-r--r-- | playbooks/byo/openshift-node/config.yml | 79 | ||||
l--------- | playbooks/byo/openshift-node/filter_plugins | 1 | ||||
l--------- | playbooks/byo/openshift-node/roles | 1 | ||||
l--------- | playbooks/byo/roles | 1 | ||||
-rw-r--r-- | roles/openshift_node/tasks/main.yml | 1 |
14 files changed, 304 insertions, 0 deletions
diff --git a/README_OSE.md b/README_OSE.md new file mode 100644 index 000000000..6ebdb7f99 --- /dev/null +++ b/README_OSE.md @@ -0,0 +1,142 @@ +# Installing OSEv3 from dev puddles using ansible + +* [Requirements](#requirements) +* [Caveats](#caveats) +* [Known Issues](#known-issues) +* [Configuring the host inventory](#configuring-the-host-inventory) +* [Creating the default variables for the hosts and host groups](#creating-the-default-variables-for-the-hosts-and-host-groups) +* [Running the ansible playbooks](#running-the-ansible-playbooks) +* [Post-ansible steps](#post-ansible-steps) + +## Requirements +* ansible + * Tested using ansible-1.8.2-1.fc20.noarch, but should work with version 1.8+ + * Available in Fedora channels + * Available for EL with EPEL and Optional channel +* One or more RHEL 7.1 VMs +* ssh key based auth for the root user needs to be pre-configured from the host + running ansible to the remote hosts +* A checkout of openshift-ansible from https://github.com/openshift/openshift-ansible/ + + ```sh + git clone https://github.com/openshift/openshift-ansible.git + cd openshift-ansible + ``` + +## Caveats +This ansible repo is currently under heavy revision for providing OSE support; +the following items are highly likely to change before the OSE support is +merged into the upstream repo: + * the current git branch for testing + * how the inventory file should be configured + * variables that need to be set + * bootstrapping steps + * other configuration steps + +## Known Issues +* Host subscriptions are not configurable yet, the hosts need to be + pre-registered with subscription-manager or have the RHEL base repo + pre-configured. If using subscription-manager the following commands will + disable all but the rhel-7-server rhel-7-server-extras and + rhel-server7-ose-beta repos: +```sh +subscription-manager repos --disable="*" +subscription-manager repos \ +--enable="rhel-7-server-rpms" \ +--enable="rhel-7-server-extras-rpms" \ +--enable="rhel-server-7-ose-beta-rpms" +``` +* Configuration of router is not automated yet +* Configuration of docker-registry is not automated yet +* End-to-end testing has not been completed yet using this module +* root user is used for all ansible actions; eventually we will support using + a non-root user with sudo. + +## Configuring the host inventory +[Ansible docs](http://docs.ansible.com/intro_inventory.html) + +Example inventory file for configuring one master and two nodes for the test +environment. This can be configured in the default inventory file +(/etc/ansible/hosts), or using a custom file and passing the --inventory +option to ansible-playbook. + +/etc/ansible/hosts: +```ini +# This is an example of a bring your own (byo) host inventory + +# host group for masters +[masters] +ose3-master.example.com + +# host group for nodes +[nodes] +ose3-node[1:2].example.com +``` + +The hostnames above should resolve both from the hosts themselves and +the host where ansible is running (if different). + +## Creating the default variables for the hosts and host groups +[Ansible docs](http://docs.ansible.com/intro_inventory.html#id9) + +#### Group vars for all hosts +/etc/ansible/group_vars/all: +```yaml +--- +# Assume that we want to use the root as the ssh user for all hosts +ansible_ssh_user: root + +# Default debug level for all OpenShift hosts +openshift_debug_level: 4 + +# Set the OpenShift deployment type for all hosts +openshift_deployment_type: enterprise + +# Override the default registry for development +openshift_registry_url: docker-buildvm-rhose.usersys.redhat.com:5000/openshift3_beta/ose-${component}:${version} + +# To use the latest OpenShift Enterprise Errata puddle: +#openshift_additional_repos: +#- id: ose-devel +# name: ose-devel +# baseurl: http://buildvm-devops.usersys.redhat.com/puddle/build/OpenShiftEnterpriseErrata/3.0/latest/RH7-RHOSE-3.0/$basearch/os +# enabled: 1 +# gpgcheck: 0 +# To use the latest OpenShift Enterprise Whitelist puddle: +openshift_additional_repos: +- id: ose-devel + name: ose-devel + baseurl: http://buildvm-devops.usersys.redhat.com/puddle/build/OpenShiftEnterprise/3.0/latest/RH7-RHOSE-3.0/$basearch/os + enabled: 1 + gpgcheck: 0 + +``` + +## Running the ansible playbooks +From the openshift-ansible checkout run: +```sh +ansible-playbook playbooks/byo/config.yml +``` +**Note:** this assumes that the host inventory is /etc/ansible/hosts and the +group_vars are defined in /etc/ansible/group_vars, if using a different +inventory file (and a group_vars directory that is in the same directory as +the directory as the inventory) use the -i option for ansible-playbook. + +## Post-ansible steps +#### Create the default router +On the master host: +```sh +systemctl restart openshift-sdn-master +openshift ex router --create=true \ + --credentials=/var/lib/openshift/openshift.local.certificates/openshift-client/.kubeconfig \ + --images='docker-buildvm-rhose.usersys.redhat.com:5000/openshift3_beta/ose-${component}:${version}' +``` + +#### Create the default docker-registry +On the master host: +```sh +openshift ex registry --create=true \ + --credentials=/var/lib/openshift/openshift.local.certificates/openshift-client/.kubeconfig \ + --images='docker-buildvm-rhose.usersys.redhat.com:5000/openshift3_beta/ose-${component}:${version}' \ + --mount-host=/var/lib/openshift/docker-registry +``` diff --git a/ansible.cfg b/ansible.cfg new file mode 100644 index 000000000..6a7722ad8 --- /dev/null +++ b/ansible.cfg @@ -0,0 +1,23 @@ +# config file for ansible -- http://ansible.com/ +# ============================================== + +# This config file provides examples for running +# the OpenShift playbooks with the provided +# inventory scripts. Only global defaults are +# left uncommented + +[defaults] +# Add the roles directory to the roles path +roles_path = roles/ + +# Set the log_path +log_path = /tmp/ansible.log + +# Uncomment to use the provided BYO inventory +#hostfile = inventory/byo/hosts + +# Uncomment to use the provided GCE dynamic inventory script +#hostfile = inventory/gce/gce.py + +# Uncomment to use the provided AWS dynamic inventory script +#hostfile = inventory/aws/ec2.py diff --git a/inventory/byo/group_vars/all b/inventory/byo/group_vars/all new file mode 100644 index 000000000..d63e96668 --- /dev/null +++ b/inventory/byo/group_vars/all @@ -0,0 +1,28 @@ +--- +# lets assume that we want to use the root as the ssh user for all hosts +ansible_ssh_user: root + +# default debug level for all OpenShift hosts +openshift_debug_level: 4 + +# set the OpenShift deployment type for all hosts +openshift_deployment_type: enterprise + +# Override the default registry for development +openshift_registry_url: docker-buildvm-rhose.usersys.redhat.com:5000/openshift3_beta/ose-${component}:${version} + +# Use latest Errata puddle as an additional repo: +#openshift_additional_repos: +#- id: ose-devel +# name: ose-devel +# baseurl: http://buildvm-devops.usersys.redhat.com/puddle/build/OpenShiftEnterpriseErrata/3.0/latest/RH7-RHOSE-3.0/$basearch/os +# enabled: 1 +# gpgcheck: 0 + +# Use latest Whitelist puddle as an additional repo: +openshift_additional_repos: +- id: ose-devel + name: ose-devel + baseurl: http://buildvm-devops.usersys.redhat.com/puddle/build/OpenShiftEnterprise/3.0/latest/RH7-RHOSE-3.0/$basearch/os + enabled: 1 + gpgcheck: 0 diff --git a/inventory/byo/hosts b/inventory/byo/hosts new file mode 100644 index 000000000..2dd854778 --- /dev/null +++ b/inventory/byo/hosts @@ -0,0 +1,10 @@ +# This is an example of a bring your own (byo) host inventory + +# host group for masters +[masters] +ose3-master-ansible.test.example.com + +# host group for nodes +[nodes] +ose3-node[1:2]-ansible.test.example.com + diff --git a/playbooks/byo/config.yml b/playbooks/byo/config.yml new file mode 100644 index 000000000..dce49d32f --- /dev/null +++ b/playbooks/byo/config.yml @@ -0,0 +1,6 @@ +--- +- name: Run the openshift-master config playbook + include: openshift-master/config.yml + +- name: Run the openshift-node config playbook + include: openshift-node/config.yml diff --git a/playbooks/byo/filter_plugins b/playbooks/byo/filter_plugins new file mode 120000 index 000000000..a4f518f07 --- /dev/null +++ b/playbooks/byo/filter_plugins @@ -0,0 +1 @@ +../../filter_plugins
\ No newline at end of file diff --git a/playbooks/byo/openshift-master/config.yml b/playbooks/byo/openshift-master/config.yml new file mode 100644 index 000000000..706f9285c --- /dev/null +++ b/playbooks/byo/openshift-master/config.yml @@ -0,0 +1,9 @@ +--- +- name: Gather facts for node hosts + hosts: nodes + +- name: Configure master instances + hosts: masters + roles: + - openshift_master + - openshift_sdn_master diff --git a/playbooks/byo/openshift-master/filter_plugins b/playbooks/byo/openshift-master/filter_plugins new file mode 120000 index 000000000..99a95e4ca --- /dev/null +++ b/playbooks/byo/openshift-master/filter_plugins @@ -0,0 +1 @@ +../../../filter_plugins
\ No newline at end of file diff --git a/playbooks/byo/openshift-master/roles b/playbooks/byo/openshift-master/roles new file mode 120000 index 000000000..20c4c58cf --- /dev/null +++ b/playbooks/byo/openshift-master/roles @@ -0,0 +1 @@ +../../../roles
\ No newline at end of file diff --git a/playbooks/byo/openshift-node/config.yml b/playbooks/byo/openshift-node/config.yml new file mode 100644 index 000000000..69ad7a840 --- /dev/null +++ b/playbooks/byo/openshift-node/config.yml @@ -0,0 +1,79 @@ +--- +- name: Gather facts for node hosts + hosts: nodes + roles: + - openshift_facts + tasks: + # Since the master is registering the nodes before they are configured, we + # need to make sure to set the node properties beforehand if we do not want + # the defaults + - openshift_facts: + role: 'node' + local_facts: + hostname: "{{ openshift_hostname | default(None) }}" + external_id: "{{ openshift_node_external_id | default(None) }}" + resources_cpu: "{{ openshfit_node_resources_cpu | default(None) }}" + resources_memory: "{{ openshfit_node_resources_memory | default(None) }}" + pod_cidr: "{{ openshfit_node_pod_cidr | default(None) }}" + labels: "{{ openshfit_node_labels | default(None) }}" + annotations: "{{ openshfit_node_annotations | default(None) }}" + + +- name: Register nodes + hosts: masters[0] + vars: + openshift_nodes: "{{ hostvars | oo_select_keys(groups['nodes']) }}" + roles: + - openshift_register_nodes + tasks: + - name: Create local temp directory for syncing certs + local_action: command /usr/bin/mktemp -d /tmp/openshift-ansible-XXXXXXX + register: mktemp + + - name: Sync master certs to localhost + synchronize: + mode: pull + checksum: yes + src: /var/lib/openshift/openshift.local.certificates + dest: "{{ mktemp.stdout }}" + + +- name: Configure node instances + hosts: nodes + vars: + sync_tmpdir: "{{ hostvars[groups['masters'][0]].mktemp.stdout }}" + cert_parent_rel_path: openshift.local.certificates + cert_rel_path: "{{ cert_parent_rel_path }}/node-{{ openshift.common.hostname }}" + cert_base_path: /var/lib/openshift + cert_parent_path: "{{ cert_base_path }}/{{ cert_parent_rel_path }}" + cert_path: "{{ cert_base_path }}/{{ cert_rel_path }}" + openshift_sdn_master_url: http://{{ hostvars[groups['masters'][0]].openshift.common.hostname }}:4001 + pre_tasks: + - name: Ensure certificate directories exists + file: + path: "{{ item }}" + state: directory + with_items: + - "{{ cert_path }}" + - "{{ cert_parent_path }}/ca" + + # TODO: notify restart openshift-node and/or restart openshift-sdn-node, + # possibly test service started time against certificate/config file + # timestamps in openshift-node or openshift-sdn-node to trigger notify + - name: Sync certs to nodes + synchronize: + checksum: yes + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: no + group: no + with_items: + - src: "{{ sync_tmpdir }}/{{ cert_rel_path }}" + dest: "{{ cert_parent_path }}" + - src: "{{ sync_tmpdir }}/{{ cert_parent_rel_path }}/ca/cert.crt" + dest: "{{ cert_parent_path }}/ca/cert.crt" + - local_action: file name={{ sync_tmpdir }} state=absent + run_once: true + roles: + - openshift_node + - openshift_sdn_node diff --git a/playbooks/byo/openshift-node/filter_plugins b/playbooks/byo/openshift-node/filter_plugins new file mode 120000 index 000000000..99a95e4ca --- /dev/null +++ b/playbooks/byo/openshift-node/filter_plugins @@ -0,0 +1 @@ +../../../filter_plugins
\ No newline at end of file diff --git a/playbooks/byo/openshift-node/roles b/playbooks/byo/openshift-node/roles new file mode 120000 index 000000000..20c4c58cf --- /dev/null +++ b/playbooks/byo/openshift-node/roles @@ -0,0 +1 @@ +../../../roles
\ No newline at end of file diff --git a/playbooks/byo/roles b/playbooks/byo/roles new file mode 120000 index 000000000..b741aa3db --- /dev/null +++ b/playbooks/byo/roles @@ -0,0 +1 @@ +../../roles
\ No newline at end of file diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index 8cfef0e15..e3c04585b 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -1,6 +1,7 @@ --- # TODO: allow for overriding default ports where possible # TODO: trigger the external service when restart is needed + - name: Set node OpenShift facts openshift_facts: role: 'node' |