diff options
Diffstat (limited to 'playbooks/openstack')
-rw-r--r-- | playbooks/openstack/README.md | 28 | ||||
-rw-r--r-- | playbooks/openstack/advanced-configuration.md | 146 | ||||
-rwxr-xr-x | playbooks/openstack/inventory.py (renamed from playbooks/openstack/sample-inventory/inventory.py) | 20 | ||||
-rw-r--r-- | playbooks/openstack/openshift-cluster/install.yml | 3 | ||||
-rw-r--r-- | playbooks/openstack/openshift-cluster/prerequisites.yml | 4 | ||||
-rw-r--r-- | playbooks/openstack/openshift-cluster/provision.yml | 30 | ||||
-rw-r--r-- | playbooks/openstack/sample-inventory/group_vars/OSEv3.yml | 7 | ||||
-rw-r--r-- | playbooks/openstack/sample-inventory/group_vars/all.yml | 5 |
8 files changed, 198 insertions, 45 deletions
diff --git a/playbooks/openstack/README.md b/playbooks/openstack/README.md index d361d6278..842bb34de 100644 --- a/playbooks/openstack/README.md +++ b/playbooks/openstack/README.md @@ -30,15 +30,17 @@ version 10) or newer. It must also satisfy these requirements: - look at the [Minimum Hardware Requirements page][hardware-requirements] for production -* The keypair for SSH must be available in openstack -* `keystonerc` file that lets you talk to the openstack services +* The keypair for SSH must be available in OpenStack +* `keystonerc` file that lets you talk to the OpenStack services * NOTE: only Keystone V2 is currently supported +* A host with the supported version of [Ansible][ansible] installed, see the + [Setup section of the openshift-ansible README][openshift-ansible-setup] + for details on the requirements. Optional: * External Neutron network with a floating IP address pool - ## Installation There are four main parts to the installation: @@ -68,12 +70,11 @@ First, you need to select where to run [Ansible][ansible] from (the *Ansible host*). This can be the computer you read this guide on or an OpenStack VM you'll create specifically for this purpose. -We will use -a +This guide will use a [Docker image that has all the dependencies installed][control-host-image] to make things easier. If you don't want to use Docker, take a look at the [Ansible host dependencies][ansible-dependencies] and make sure -they're installed. +they are installed. Your *Ansible host* needs to have the following: @@ -183,13 +184,16 @@ Then run the provision + install playbook -- this will create the OpenStack resources: ```bash -$ ansible-playbook --user openshift -i inventory \ - openshift-ansible/playbooks/openstack/openshift-cluster/provision_install.yaml \ - -e openshift_repos_enable_testing=true +$ ansible-playbook --user openshift \ + -i openshift-ansible/playbooks/openstack/inventory.py \ + -i inventory \ + openshift-ansible/playbooks/openstack/openshift-cluster/provision_install.yml ``` -Note, you may want to use the testing repo for development purposes only. -Normally, `openshift_repos_enable_testing` should not be specified. +In addition to *your* inventory with your OpenShift and OpenStack +configuration, we are also supplying the [dynamic inventory][dynamic] from +`openshift-ansible/inventory`. It's a script that will look at the Nova servers +and other resources that will be created and let Ansible know about them. If you're using multiple inventories, make sure you pass the path to the right one to `-i`. @@ -219,6 +223,7 @@ advanced configuration: [ansible]: https://www.ansible.com/ [openshift-ansible]: https://github.com/openshift/openshift-ansible +[openshift-ansible-setup]: https://github.com/openshift/openshift-ansible#setup [devstack]: https://docs.openstack.org/devstack/ [tripleo]: http://tripleo.org/ [ansible-dependencies]: ./advanced-configuration.md#dependencies-for-localhost-ansible-controladmin-node @@ -233,3 +238,4 @@ advanced configuration: [loadbalancer]: ./advanced-configuration.md#multi-master-configuration [external-dns]: ./advanced-configuration.md#dns-configuration-variables [cinder-registry]: ./advanced-configuration.md#creating-and-using-a-cinder-volume-for-the-openshift-registry +[dynamic]: http://docs.ansible.com/ansible/latest/intro_dynamic_inventory.html diff --git a/playbooks/openstack/advanced-configuration.md b/playbooks/openstack/advanced-configuration.md index 403e0e1a7..e8f4cfc32 100644 --- a/playbooks/openstack/advanced-configuration.md +++ b/playbooks/openstack/advanced-configuration.md @@ -1,9 +1,8 @@ ## Dependencies for localhost (ansible control/admin node) -* [Ansible 2.3](https://pypi.python.org/pypi/ansible) -* [Ansible-galaxy](https://pypi.python.org/pypi/ansible-galaxy-local-deps) -* [jinja2](http://jinja.pocoo.org/docs/2.9/) -* [shade](https://pypi.python.org/pypi/shade) +* [Ansible](https://pypi.python.org/pypi/ansible) version >=2.4.0 +* [jinja2](http://jinja.pocoo.org/docs/2.9/) version >= 2.10 +* [shade](https://pypi.python.org/pypi/shade) version >= 1.26 * python-jmespath / [jmespath](https://pypi.python.org/pypi/jmespath) * python-dns / [dnspython](https://pypi.python.org/pypi/dnspython) * Become (sudo) is not required. @@ -133,7 +132,7 @@ You can also access the OpenShift cluster with a web browser by going to: https://master-0.openshift.example.com:8443 Note that for this to work, the OpenShift nodes must be accessible -from your computer and it's DNS configuration must use the cruster's +from your computer and its DNS configuration must use the cluster's DNS. @@ -153,17 +152,28 @@ openstack stack delete --wait --yes openshift.example.com Pay special attention to the values in the first paragraph -- these will depend on your OpenStack environment. -Note that the provsisioning playbooks update the original Neutron subnet +Note that the provisioning playbooks update the original Neutron subnet created with the Heat stack to point to the configured DNS servers. So the provisioned cluster nodes will start using those natively as default nameservers. Technically, this allows to deploy OpenShift clusters without dnsmasq proxies. -The `openshift_openstack_clusterid` and `openshift_openstack_public_dns_domain` will form the cluster's DNS domain all -your servers will be under. With the default values, this will be -`openshift.example.com`. For workloads, the default subdomain is 'apps'. -That sudomain can be set as well by the `openshift_openstack_app_subdomain` variable in -the inventory. +The `openshift_openstack_clusterid` and `openshift_openstack_public_dns_domain` +will form the cluster's public DNS domain all your servers will be under. With +the default values, this will be `openshift.example.com`. For workloads, the +default subdomain is 'apps'. That subdomain can be set as well by the +`openshift_openstack_app_subdomain` variable in the inventory. + +If you want to use a two sets of hostnames for public and private/prefixed DNS +records for your externally managed public DNS server, you can specify +`openshift_openstack_public_hostname_suffix` and/or +`openshift_openstack_private_hostname_suffix`. The suffixes will be added +to the nsupdate records sent to the external DNS server. Those are empty by default. + +**Note** the real hostnames, Nova servers' or ansible hostnames and inventory +variables will not be updated. The deployment may be done on arbitrary named +hosts with the hostnames managed by cloud-init. Inventory hostnames will ignore +the suffixes. The `openstack_<role name>_hostname` is a set of variables used for customising public names of Nova servers provisioned with a given role. When such a variable stays commented, @@ -323,7 +333,7 @@ or your trusted network. The most important is the `openshift_openstack_node_ing that restricts public access to the deployed DNS server and cluster nodes' ephemeral ports range. -Note, the command ``curl https://api.ipify.org`` helps fiding an external +Note, the command ``curl https://api.ipify.org`` helps finding an external IP address of your box (the ansible admin node). There is also the `manage_packages` variable (defaults to True) you @@ -361,6 +371,112 @@ In order to set a custom entrypoint, update `openshift_master_cluster_public_hos Note than an empty hostname does not work, so if your domain is `openshift.example.com`, you cannot set this value to simply `openshift.example.com`. + +## Using Cinder-backed Persistent Volumes + +You will need to set up OpenStack credentials. You can try putting this in your +`inventory/group_vars/OSEv3.yml`: + + openshift_cloudprovider_kind: openstack + openshift_cloudprovider_openstack_auth_url: "{{ lookup('env','OS_AUTH_URL') }}" + openshift_cloudprovider_openstack_username: "{{ lookup('env','OS_USERNAME') }}" + openshift_cloudprovider_openstack_password: "{{ lookup('env','OS_PASSWORD') }}" + openshift_cloudprovider_openstack_tenant_name: "{{ lookup('env','OS_PROJECT_NAME') }}" + openshift_cloudprovider_openstack_domain_name: "{{ lookup('env','OS_USER_DOMAIN_NAME') }}" + openshift_cloudprovider_openstack_blockstorage_version: v2 + +**NOTE**: you must specify the Block Storage version as v2, because OpenShift +does not support the v3 API yet and the version detection is currently not +working properly. + +For more information, consult the [Configuring for OpenStack page in the OpenShift documentation][openstack-credentials]. + +[openstack-credentials]: https://docs.openshift.org/latest/install_config/configuring_openstack.html#install-config-configuring-openstack + +**NOTE** the OpenStack integration currently requires DNS to be configured and +running and the `openshift_hostname` variable must match the Nova server name +for each node. The cluster deployment will fail without it. If you use the +provided OpenStack dynamic inventory and configure the +`openshift_openstack_dns_nameservers` Ansible variable, this will be handled +for you. + +After a successful deployment, the cluster is configured for Cinder persistent +volumes. + +### Validation + +1. Log in and create a new project (with `oc login` and `oc new-project`) +2. Create a file called `cinder-claim.yaml` with the following contents: + +```yaml +apiVersion: "v1" +kind: "PersistentVolumeClaim" +metadata: + name: "claim1" +spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: "1Gi" +``` +3. Run `oc create -f cinder-claim.yaml` to create the Persistent Volume Claim object in OpenShift +4. Run `oc describe pvc claim1` to verify that the claim was created and its Status is `Bound` +5. Run `openstack volume list` + * A new volume called `kubernetes-dynamic-pvc-UUID` should be created + * Its size should be `1` + * It should not be attached to any server +6. Create a file called `mysql-pod.yaml` with the following contents: + +```yaml +apiVersion: v1 +kind: Pod +metadata: + name: mysql + labels: + name: mysql +spec: + containers: + - resources: + limits : + cpu: 0.5 + image: openshift/mysql-55-centos7 + name: mysql + env: + - name: MYSQL_ROOT_PASSWORD + value: yourpassword + - name: MYSQL_USER + value: wp_user + - name: MYSQL_PASSWORD + value: wp_pass + - name: MYSQL_DATABASE + value: wp_db + ports: + - containerPort: 3306 + name: mysql + volumeMounts: + - name: mysql-persistent-storage + mountPath: /var/lib/mysql/data + volumes: + - name: mysql-persistent-storage + persistentVolumeClaim: + claimName: claim1 +``` + +7. Run `oc create -f mysql-pod.yaml` to create the pod +8. Run `oc describe pod mysql` + * Its events should show that the pod has successfully attached the volume above + * It should show no errors + * `openstack volume list` should show the volume attached to an OpenShift app node + * NOTE: this can take several seconds +9. After a while, `oc get pod` should show the `mysql` pod as running +10. Run `oc delete pod mysql` to remove the pod + * The Cinder volume should no longer be attached +11. Run `oc delete pvc claim1` to remove the volume claim + * The Cinder volume should be deleted + + + ## Creating and using a Cinder volume for the OpenShift registry You can optionally have the playbooks create a Cinder volume and set @@ -404,7 +520,7 @@ OpenStack)[openstack] for more information. [openstack]: https://docs.openshift.org/latest/install_config/configuring_openstack.html -Next, we need to instruct OpenShift to use the Cinder volume for it's +Next, we need to instruct OpenShift to use the Cinder volume for its registry. Again in `OSEv3.yml`: #openshift_hosted_registry_storage_kind: openstack @@ -459,12 +575,12 @@ The **Cinder volume ID**, **filesystem** and **volume size** variables must correspond to the values in your volume. The volume ID must be the **UUID** of the Cinder volume, *not its name*. -We can do formate the volume for you if you ask for it in +The volume can also be formatted if you configure it in `inventory/group_vars/all.yml`: openshift_openstack_prepare_and_format_registry_volume: true -**NOTE:** doing so **will destroy any data that's currently on the volume**! +**NOTE:** Formatting **will destroy any data that's currently on the volume**! You can also run the registry setup playbook directly: diff --git a/playbooks/openstack/sample-inventory/inventory.py b/playbooks/openstack/inventory.py index ad3fd936b..76e658eb7 100755 --- a/playbooks/openstack/sample-inventory/inventory.py +++ b/playbooks/openstack/inventory.py @@ -9,6 +9,7 @@ environment. from __future__ import print_function +from collections import Mapping import json import shade @@ -42,7 +43,10 @@ def build_inventory(): if server.metadata['host-type'] == 'node' and server.metadata['sub-host-type'] == 'app'] - nodes = list(set(masters + infra_hosts + app)) + cns = [server.name for server in cluster_hosts + if server.metadata['host-type'] == 'cns'] + + nodes = list(set(masters + infra_hosts + app + cns)) dns = [server.name for server in cluster_hosts if server.metadata['host-type'] == 'dns'] @@ -59,6 +63,7 @@ def build_inventory(): inventory['nodes'] = {'hosts': nodes} inventory['infra_hosts'] = {'hosts': infra_hosts} inventory['app'] = {'hosts': app} + inventory['glusterfs'] = {'hosts': cns} inventory['dns'] = {'hosts': dns} inventory['lb'] = {'hosts': load_balancers} @@ -84,16 +89,25 @@ def build_inventory(): # TODO(shadower): what about multiple networks? if server.private_v4: hostvars['private_v4'] = server.private_v4 + hostvars['openshift_ip'] = server.private_v4 + # NOTE(shadower): Yes, we set both hostname and IP to the private # IP address for each node. OpenStack doesn't resolve nodes by # name at all, so using a hostname here would require an internal # DNS which would complicate the setup and potentially introduce # performance issues. - hostvars['openshift_ip'] = server.private_v4 - hostvars['openshift_hostname'] = server.private_v4 + hostvars['openshift_hostname'] = server.metadata.get( + 'openshift_hostname', server.private_v4) hostvars['openshift_public_hostname'] = server.name + if server.metadata['host-type'] == 'cns': + hostvars['glusterfs_devices'] = ['/dev/nvme0n1'] + node_labels = server.metadata.get('node_labels') + # NOTE(shadower): the node_labels value must be a dict not string + if not isinstance(node_labels, Mapping): + node_labels = json.loads(node_labels) + if node_labels: hostvars['openshift_node_labels'] = node_labels diff --git a/playbooks/openstack/openshift-cluster/install.yml b/playbooks/openstack/openshift-cluster/install.yml index 3211f619a..2ab7d14a0 100644 --- a/playbooks/openstack/openshift-cluster/install.yml +++ b/playbooks/openstack/openshift-cluster/install.yml @@ -9,4 +9,7 @@ # some logic here? - name: run the cluster deploy + import_playbook: ../../prerequisites.yml + +- name: run the cluster deploy import_playbook: ../../deploy_cluster.yml diff --git a/playbooks/openstack/openshift-cluster/prerequisites.yml b/playbooks/openstack/openshift-cluster/prerequisites.yml index 0356b37dd..8bb700501 100644 --- a/playbooks/openstack/openshift-cluster/prerequisites.yml +++ b/playbooks/openstack/openshift-cluster/prerequisites.yml @@ -2,11 +2,11 @@ - hosts: localhost tasks: - name: Check dependencies and OpenStack prerequisites - include_role: + import_role: name: openshift_openstack tasks_from: check-prerequisites.yml - name: Check network configuration - include_role: + import_role: name: openshift_openstack tasks_from: net_vars_check.yaml diff --git a/playbooks/openstack/openshift-cluster/provision.yml b/playbooks/openstack/openshift-cluster/provision.yml index 583e72b51..73c1926a0 100644 --- a/playbooks/openstack/openshift-cluster/provision.yml +++ b/playbooks/openstack/openshift-cluster/provision.yml @@ -3,7 +3,7 @@ hosts: localhost tasks: - name: provision cluster - include_role: + import_role: name: openshift_openstack tasks_from: provision.yml @@ -26,8 +26,8 @@ - name: Gather facts for the new nodes setup: -- name: set common facts - import_playbook: ../../init/facts.yml +- import_playbook: ../../init/basic_facts.yml +- import_playbook: ../../init/cluster_facts.yml # TODO(shadower): consider splitting this up so people can stop here @@ -36,7 +36,7 @@ hosts: localhost tasks: - name: Populate DNS entries - include_role: + import_role: name: openshift_openstack tasks_from: populate-dns.yml when: @@ -47,20 +47,28 @@ hosts: oo_all_hosts become: yes gather_facts: yes - roles: - - role: rhel_subscribe + tasks: + - name: Subscribe RHEL instances + import_role: + name: rhel_subscribe when: - ansible_distribution == "RedHat" - - rhsub_user | default(False) - - rhsub_pass | default(False) + - rhsub_user is defined + - rhsub_pass is defined + + - name: Enable required YUM repositories + import_role: + name: openshift_repos + when: + - ansible_distribution == "RedHat" + - rh_subscribed is defined - tasks: - name: Install dependencies - include_role: + import_role: name: openshift_openstack tasks_from: node-packages.yml - name: Configure Node - include_role: + import_role: name: openshift_openstack tasks_from: node-configuration.yml diff --git a/playbooks/openstack/sample-inventory/group_vars/OSEv3.yml b/playbooks/openstack/sample-inventory/group_vars/OSEv3.yml index 933117127..1287b25f3 100644 --- a/playbooks/openstack/sample-inventory/group_vars/OSEv3.yml +++ b/playbooks/openstack/sample-inventory/group_vars/OSEv3.yml @@ -14,12 +14,13 @@ openshift_hosted_router_wait: True openshift_hosted_registry_wait: True ## Openstack credentials -#openshift_cloudprovider_kind=openstack +#openshift_cloudprovider_kind: openstack #openshift_cloudprovider_openstack_auth_url: "{{ lookup('env','OS_AUTH_URL') }}" #openshift_cloudprovider_openstack_username: "{{ lookup('env','OS_USERNAME') }}" #openshift_cloudprovider_openstack_password: "{{ lookup('env','OS_PASSWORD') }}" #openshift_cloudprovider_openstack_tenant_name: "{{ lookup('env','OS_TENANT_NAME') }}" -#openshift_cloudprovider_openstack_region="{{ lookup('env', 'OS_REGION_NAME') }}" +#openshift_cloudprovider_openstack_region: "{{ lookup('env', 'OS_REGION_NAME') }}" +#openshift_cloudprovider_openstack_blockstorage_version: v2 ## Use Cinder volume for Openshift registry: @@ -42,7 +43,7 @@ openshift_hosted_registry_wait: True # NOTE(shadower): the hostname check seems to always fail because the # host's floating IP address doesn't match the address received from # inside the host. -openshift_override_hostname_check: true +openshift_hostname_check: false # For POCs or demo environments that are using smaller instances than # the official recommended values for RAM and DISK, uncomment the line below. diff --git a/playbooks/openstack/sample-inventory/group_vars/all.yml b/playbooks/openstack/sample-inventory/group_vars/all.yml index c7afe9a24..d63229120 100644 --- a/playbooks/openstack/sample-inventory/group_vars/all.yml +++ b/playbooks/openstack/sample-inventory/group_vars/all.yml @@ -7,6 +7,7 @@ openshift_openstack_dns_nameservers: [] # # - set custom hostnames for roles by uncommenting corresponding lines #openshift_openstack_master_hostname: "master" #openshift_openstack_infra_hostname: "infra-node" +#openshift_openstack_cns_hostname: "cns" #openshift_openstack_node_hostname: "app-node" #openshift_openstack_lb_hostname: "lb" #openshift_openstack_etcd_hostname: "etcd" @@ -30,6 +31,7 @@ openshift_openstack_external_network_name: "public" # # - note: do not remove openshift_openstack_default_image_name definition #openshift_openstack_master_image_name: "centos7" #openshift_openstack_infra_image_name: "centos7" +#openshift_openstack_cns_image_name: "centos7" #openshift_openstack_node_image_name: "centos7" #openshift_openstack_lb_image_name: "centos7" #openshift_openstack_etcd_image_name: "centos7" @@ -37,6 +39,7 @@ openshift_openstack_default_image_name: "centos7" openshift_openstack_num_masters: 1 openshift_openstack_num_infra: 1 +openshift_openstack_num_cns: 0 openshift_openstack_num_nodes: 2 # # Used Flavors @@ -44,6 +47,7 @@ openshift_openstack_num_nodes: 2 # # - note: do note remove openshift_openstack_default_flavor definition #openshift_openstack_master_flavor: "m1.medium" #openshift_openstack_infra_flavor: "m1.medium" +#openshift_openstack_cns_flavor: "m1.medium" #openshift_openstack_node_flavor: "m1.medium" #openshift_openstack_lb_flavor: "m1.medium" #openshift_openstack_etcd_flavor: "m1.medium" @@ -57,6 +61,7 @@ openshift_openstack_default_flavor: "m1.medium" # # - note: do not remove docker_default_volume_size definition #openshift_openstack_docker_master_volume_size: "15" #openshift_openstack_docker_infra_volume_size: "15" +#openshift_openstack_docker_cns_volume_size: "15" #openshift_openstack_docker_node_volume_size: "15" #openshift_openstack_docker_etcd_volume_size: "2" #openshift_openstack_docker_lb_volume_size: "5" |