summaryrefslogtreecommitdiffstats
path: root/playbooks
diff options
context:
space:
mode:
Diffstat (limited to 'playbooks')
-rw-r--r--playbooks/openstack/openshift-cluster/files/heat_stack.yaml163
-rw-r--r--playbooks/openstack/openshift-cluster/files/heat_stack_server.yaml24
-rw-r--r--playbooks/openstack/openshift-cluster/files/user-data13
3 files changed, 175 insertions, 25 deletions
diff --git a/playbooks/openstack/openshift-cluster/files/heat_stack.yaml b/playbooks/openstack/openshift-cluster/files/heat_stack.yaml
index 20ce47c07..458cf5ac7 100644
--- a/playbooks/openstack/openshift-cluster/files/heat_stack.yaml
+++ b/playbooks/openstack/openshift-cluster/files/heat_stack.yaml
@@ -45,7 +45,7 @@ parameters:
node_port_incoming:
type: string
label: Source of node port connections
- description: Authorized sources targeting node ports
+ description: Authorized sources targetting node ports
default: 0.0.0.0/0
num_etcd:
@@ -88,6 +88,11 @@ parameters:
label: Infra image
description: Name of the image for the infra node servers
+ dns_image:
+ type: string
+ label: DNS image
+ description: Name of the image for the DNS server
+
etcd_flavor:
type: string
label: Etcd flavor
@@ -108,6 +113,11 @@ parameters:
label: Infra flavor
description: Flavor of the infra node servers
+ dns_flavor:
+ type: string
+ label: DNS flavor
+ description: Flavor of the DNS server
+
outputs:
etcd_names:
@@ -158,6 +168,26 @@ outputs:
description: Floating IPs of the nodes
value: { get_attr: [ infra_nodes, floating_ip ] }
+ dns_name:
+ description: Name of the DNS
+ value:
+ get_attr:
+ - dns
+ - name
+
+ dns_floating_ip:
+ description: Floating IP of the DNS
+ value:
+ get_attr:
+ - dns
+ - addresses
+ - str_replace:
+ template: openshift-ansible-cluster_id-net
+ params:
+ cluster_id: { get_param: cluster_id }
+ - 1
+ - addr
+
resources:
net:
@@ -183,7 +213,22 @@ resources:
template: subnet_24_prefix.0/24
params:
subnet_24_prefix: { get_param: subnet_24_prefix }
- dns_nameservers: { get_param: dns_nameservers }
+ allocation_pools:
+ - start:
+ str_replace:
+ template: subnet_24_prefix.3
+ params:
+ subnet_24_prefix: { get_param: subnet_24_prefix }
+ end:
+ str_replace:
+ template: subnet_24_prefix.254
+ params:
+ subnet_24_prefix: { get_param: subnet_24_prefix }
+ dns_nameservers:
+ - str_replace:
+ template: subnet_24_prefix.2
+ params:
+ subnet_24_prefix: { get_param: subnet_24_prefix }
router:
type: OS::Neutron::Router
@@ -383,6 +428,44 @@ resources:
port_range_min: 443
port_range_max: 443
+ dns-secgrp:
+ type: OS::Neutron::SecurityGroup
+ properties:
+ name:
+ str_replace:
+ template: openshift-ansible-cluster_id-dns-secgrp
+ params:
+ cluster_id: { get_param: cluster_id }
+ description:
+ str_replace:
+ template: Security group for cluster_id cluster DNS
+ params:
+ cluster_id: { get_param: cluster_id }
+ rules:
+ - direction: ingress
+ protocol: tcp
+ port_range_min: 22
+ port_range_max: 22
+ remote_ip_prefix: { get_param: ssh_incoming }
+ - direction: ingress
+ protocol: udp
+ port_range_min: 53
+ port_range_max: 53
+ remote_mode: remote_group_id
+ remote_group_id: { get_resource: etcd-secgrp }
+ - direction: ingress
+ protocol: udp
+ port_range_min: 53
+ port_range_max: 53
+ remote_mode: remote_group_id
+ remote_group_id: { get_resource: master-secgrp }
+ - direction: ingress
+ protocol: udp
+ port_range_min: 53
+ port_range_max: 53
+ remote_mode: remote_group_id
+ remote_group_id: { get_resource: node-secgrp }
+
etcd:
type: OS::Heat::ResourceGroup
properties:
@@ -516,3 +599,79 @@ resources:
cluster_id: { get_param: cluster_id }
depends_on:
- interface
+
+ dns:
+ type: OS::Nova::Server
+ properties:
+ name:
+ str_replace:
+ template: cluster_id-dns
+ params:
+ cluster_id: { get_param: cluster_id }
+ key_name: { get_resource: keypair }
+ image: { get_param: dns_image }
+ flavor: { get_param: dns_flavor }
+ networks:
+ - port: { get_resource: dns-port }
+ user_data: { get_resource: dns-config }
+ user_data_format: RAW
+
+ dns-port:
+ type: OS::Neutron::Port
+ properties:
+ network: { get_resource: net }
+ fixed_ips:
+ - subnet: { get_resource: subnet }
+ ip_address:
+ str_replace:
+ template: subnet_24_prefix.2
+ params:
+ subnet_24_prefix: { get_param: subnet_24_prefix }
+ security_groups:
+ - { get_resource: dns-secgrp }
+
+ dns-floating-ip:
+ type: OS::Neutron::FloatingIP
+ properties:
+ floating_network: { get_param: external_net }
+ port_id: { get_resource: dns-port }
+
+ dns-config:
+ type: OS::Heat::MultipartMime
+ properties:
+ parts:
+ - config:
+ str_replace:
+ template: |
+ #cloud-config
+ disable_root: true
+
+ system_info:
+ default_user:
+ name: openshift
+ sudo: ["ALL=(ALL) NOPASSWD: ALL"]
+
+ write_files:
+ - path: /etc/sudoers.d/00-openshift-no-requiretty
+ permissions: 440
+ content: |
+ Defaults:openshift !requiretty
+ - path: /etc/sysconfig/network-scripts/ifcfg-eth0
+ content: |
+ DEVICE="eth0"
+ BOOTPROTO="dhcp"
+ DNS1="$dns1"
+ DNS2="$dns2"
+ PEERDNS="no"
+ ONBOOT="yes"
+ runcmd:
+ - [ "/usr/bin/systemctl", "restart", "network" ]
+ params:
+ $dns1:
+ get_param:
+ - dns_nameservers
+ - 0
+ $dns2:
+ get_param:
+ - dns_nameservers
+ - 1
diff --git a/playbooks/openstack/openshift-cluster/files/heat_stack_server.yaml b/playbooks/openstack/openshift-cluster/files/heat_stack_server.yaml
index 435139849..f83f2c984 100644
--- a/playbooks/openstack/openshift-cluster/files/heat_stack_server.yaml
+++ b/playbooks/openstack/openshift-cluster/files/heat_stack_server.yaml
@@ -107,7 +107,7 @@ resources:
flavor: { get_param: flavor }
networks:
- port: { get_resource: port }
- user_data: { get_resource: config }
+ user_data: { get_file: user-data }
user_data_format: RAW
metadata:
environment: { get_param: cluster_env }
@@ -128,25 +128,3 @@ resources:
properties:
floating_network: { get_param: floating_network }
port_id: { get_resource: port }
-
- config:
- type: OS::Heat::CloudConfig
- properties:
- cloud_config:
- disable_root: true
-
- hostname: { get_param: name }
-
- system_info:
- default_user:
- name: openshift
- sudo: ["ALL=(ALL) NOPASSWD: ALL"]
-
- write_files:
- - path: /etc/sudoers.d/00-openshift-no-requiretty
- permissions: 440
- # content: Defaults:openshift !requiretty
- # Encoded in base64 to be sure that we do not forget the trailing newline or
- # sudo will not be able to parse that file
- encoding: b64
- content: RGVmYXVsdHM6b3BlbnNoaWZ0ICFyZXF1aXJldHR5Cg==
diff --git a/playbooks/openstack/openshift-cluster/files/user-data b/playbooks/openstack/openshift-cluster/files/user-data
new file mode 100644
index 000000000..eb65f7cec
--- /dev/null
+++ b/playbooks/openstack/openshift-cluster/files/user-data
@@ -0,0 +1,13 @@
+#cloud-config
+disable_root: true
+
+system_info:
+ default_user:
+ name: openshift
+ sudo: ["ALL=(ALL) NOPASSWD: ALL"]
+
+write_files:
+ - path: /etc/sudoers.d/00-openshift-no-requiretty
+ permissions: 440
+ content: |
+ Defaults:openshift !requiretty