diff options
Diffstat (limited to 'playbooks')
57 files changed, 823 insertions, 284 deletions
diff --git a/playbooks/adhoc/bootstrap-fedora.yml b/playbooks/adhoc/bootstrap-fedora.yml index 0df77e309..471c41f16 100644 --- a/playbooks/adhoc/bootstrap-fedora.yml +++ b/playbooks/adhoc/bootstrap-fedora.yml @@ -1,5 +1,4 @@ - hosts: OSEv3 - gather_facts: false tasks: - name: install python and deps for ansible modules raw: dnf install -y python2 python2-dnf libselinux-python libsemanage-python diff --git a/playbooks/adhoc/create_pv/create_pv.yaml b/playbooks/adhoc/create_pv/create_pv.yaml index 347d9f574..81c1ee653 100644 --- a/playbooks/adhoc/create_pv/create_pv.yaml +++ b/playbooks/adhoc/create_pv/create_pv.yaml @@ -150,7 +150,7 @@ # We have to use the shell module because we can't set env vars with the command module. - name: "Place PV into oc" - shell: "KUBECONFIG=/etc/openshift/master/admin.kubeconfig oc create -f {{ pv_template | quote }}" + shell: "KUBECONFIG=/etc/origin/master/admin.kubeconfig oc create -f {{ pv_template | quote }}" register: oc_output - debug: var=oc_output diff --git a/playbooks/adhoc/s3_registry/s3_registry.yml b/playbooks/adhoc/s3_registry/s3_registry.yml index 38ce92e92..daf84e242 100644 --- a/playbooks/adhoc/s3_registry/s3_registry.yml +++ b/playbooks/adhoc/s3_registry/s3_registry.yml @@ -15,6 +15,9 @@ aws_secret_key: "{{ lookup('env', 'S3_SECRET_ACCESS_KEY') }}" aws_bucket_name: "{{ aws_bucket | default(clusterid ~ '-docker') }}" aws_bucket_region: "{{ aws_region | default(lookup('env', 'S3_REGION') | default('us-east-1', true)) }}" + aws_create_bucket: "{{ aws_create | default(True) }}" + aws_tmp_path: "{{ aws_tmp_pathfile | default('/root/config.yml')}}" + aws_delete_tmp_file: "{{ aws_delete_tmp | default(True) }}" tasks: @@ -30,6 +33,7 @@ command: oc scale --replicas=0 dc/docker-registry - name: Create S3 bucket + when: aws_create_bucket | bool local_action: module: s3 bucket="{{ aws_bucket_name }}" mode=create @@ -70,4 +74,5 @@ command: oc scale --replicas=1 dc/docker-registry - name: Delete temporary config file - file: path=/root/config.yml state=absent + file: path={{ aws_tmp_path }} state=absent + when: aws_delete_tmp_file | bool diff --git a/playbooks/adhoc/uninstall.yml b/playbooks/adhoc/uninstall.yml index 36d686c8b..8b620d9ad 100644 --- a/playbooks/adhoc/uninstall.yml +++ b/playbooks/adhoc/uninstall.yml @@ -53,6 +53,13 @@ - pcsd failed_when: false + - name: Stop additional atomic services + service: name={{ item }} state=stopped + when: is_atomic | bool + with_items: + - etcd_container + failed_when: false + - name: Remove packages action: "{{ ansible_pkg_mgr }} name={{ item }} state=absent" when: not is_atomic | bool diff --git a/playbooks/aws/openshift-cluster/cluster_hosts.yml b/playbooks/aws/openshift-cluster/cluster_hosts.yml index 1023f3ec1..9a3361919 100644 --- a/playbooks/aws/openshift-cluster/cluster_hosts.yml +++ b/playbooks/aws/openshift-cluster/cluster_hosts.yml @@ -10,8 +10,12 @@ g_nfs_hosts: "{{ g_all_hosts | intersect(groups['tag_host-type_nfs'] | defau g_master_hosts: "{{ g_all_hosts | intersect(groups['tag_host-type_master'] | default([])) }}" +g_new_master_hosts: "{{ g_all_hosts | intersect(groups['tag_host-type_new_master'] | default([])) }}" + g_node_hosts: "{{ g_all_hosts | intersect(groups['tag_host-type_node'] | default([])) }}" +g_new_node_hosts: "{{ g_all_hosts | intersect(groups['tag_host-type_new_node'] | default([])) }}" + g_infra_hosts: "{{ g_node_hosts | intersect(groups['tag_sub-host-type_infra']) | default([]) }}" -g_compute_hosts: "{{ g_node_hosts | intersect(groups['tag_sub-host-type_compute']) | default([]) }}" +g_compute_hosts: "{{ g_node_hosts | intersect(groups['tag_sub-host-type_compute'] | default([])) }}" diff --git a/playbooks/aws/openshift-cluster/config.yml b/playbooks/aws/openshift-cluster/config.yml index 33fcf6af5..9fba856a2 100644 --- a/playbooks/aws/openshift-cluster/config.yml +++ b/playbooks/aws/openshift-cluster/config.yml @@ -10,7 +10,12 @@ openshift_debug_level: "{{ debug_level }}" openshift_deployment_type: "{{ deployment_type }}" openshift_public_hostname: "{{ ec2_ip_address }}" + openshift_registry_selector: 'type=infra' openshift_router_selector: 'type=infra' openshift_infra_nodes: "{{ g_infra_hosts }}" openshift_node_labels: '{"region": "{{ ec2_region }}", "type": "{{ hostvars[inventory_hostname]["ec2_tag_sub-host-type"] if inventory_hostname in groups["tag_host-type_node"] else hostvars[inventory_hostname]["ec2_tag_host-type"] }}"}' openshift_master_cluster_method: 'native' + openshift_use_openshift_sdn: "{{ lookup('oo_option', 'use_openshift_sdn') }}" + os_sdn_network_plugin_name: "{{ lookup('oo_option', 'sdn_network_plugin_name') }}" + openshift_use_flannel: "{{ lookup('oo_option', 'use_flannel') }}" + openshift_use_fluentd: "{{ lookup('oo_option', 'use_fluentd') }}" diff --git a/playbooks/aws/openshift-cluster/tasks/launch_instances.yml b/playbooks/aws/openshift-cluster/tasks/launch_instances.yml index 6090ed6fe..63be06ecf 100644 --- a/playbooks/aws/openshift-cluster/tasks/launch_instances.yml +++ b/playbooks/aws/openshift-cluster/tasks/launch_instances.yml @@ -34,26 +34,22 @@ - set_fact: ec2_instance_type: "{{ ec2_master_instance_type | default(lookup('env', 'ec2_master_instance_type') | default(lookup('env', 'ec2_instance_type') | default(deployment_vars[deployment_type].type, true), true), true) }}" - ec2_security_groups: "{{ ec2_master_security_groups - | default(deployment_vars[deployment_type].security_groups, true) }}" + ec2_security_groups: "{{ ec2_master_security_groups | default(lookup('env', 'ec2_master_security_groups') | default(lookup('env', 'ec2_security_groups') | default(deployment_vars[deployment_type].security_groups, true), true), true) }}" when: host_type == "master" and sub_host_type == "default" - set_fact: ec2_instance_type: "{{ ec2_etcd_instance_type | default(lookup('env', 'ec2_etcd_instance_type') | default(lookup('env', 'ec2_instance_type') | default(deployment_vars[deployment_type].type, true), true), true) }}" - ec2_security_groups: "{{ ec2_etcd_security_groups - | default(deployment_vars[deployment_type].security_groups, true)}}" + ec2_security_groups: "{{ ec2_etcd_security_groups | default(lookup('env', 'ec2_etcd_security_groups') | default(lookup('env', 'ec2_security_groups') | default(deployment_vars[deployment_type].security_groups, true), true), true) }}" when: host_type == "etcd" and sub_host_type == "default" - set_fact: ec2_instance_type: "{{ ec2_infra_instance_type | default(lookup('env', 'ec2_infra_instance_type') | default(lookup('env', 'ec2_instance_type') | default(deployment_vars[deployment_type].type, true), true), true) }}" - ec2_security_groups: "{{ ec2_infra_security_groups - | default(deployment_vars[deployment_type].security_groups, true) }}" + ec2_security_groups: "{{ ec2_infra_security_groups | default(lookup('env', 'ec2_infra_security_groups') | default(lookup('env', 'ec2_security_groups') | default(deployment_vars[deployment_type].security_groups, true), true), true) }}" when: host_type == "node" and sub_host_type == "infra" - set_fact: ec2_instance_type: "{{ ec2_node_instance_type | default(lookup('env', 'ec2_node_instance_type') | default(lookup('env', 'ec2_instance_type') | default(deployment_vars[deployment_type].type, true), true), true) }}" - ec2_security_groups: "{{ ec2_node_security_groups - | default(deployment_vars[deployment_type].security_groups, true) }}" + ec2_security_groups: "{{ ec2_node_security_groups | default(lookup('env', 'ec2_node_security_groups') | default(lookup('env', 'ec2_security_groups') | default(deployment_vars[deployment_type].security_groups, true), true), true) }}" when: host_type == "node" and sub_host_type == "compute" - set_fact: @@ -61,8 +57,7 @@ | default(deployment_vars[deployment_type].type, true) }}" when: ec2_instance_type is not defined - set_fact: - ec2_security_groups: "{{ lookup('env', 'ec2_security_groups') - | default(deployment_vars[deployment_type].security_groups, true) }}" + ec2_security_groups: "{{ lookup('env', 'ec2_security_groups') | default(deployment_vars[deployment_type].security_groups, true) }}" when: ec2_security_groups is not defined - name: Find amis for deployment_type diff --git a/playbooks/aws/openshift-cluster/terminate.yml b/playbooks/aws/openshift-cluster/terminate.yml index c20f370bf..6dd5d8b62 100644 --- a/playbooks/aws/openshift-cluster/terminate.yml +++ b/playbooks/aws/openshift-cluster/terminate.yml @@ -18,7 +18,7 @@ hosts: oo_hosts_to_terminate roles: - role: rhel_unsubscribe - when: deployment_type == "enterprise" and + when: deployment_type in ['atomic-enterprise', 'enterprise', 'openshift-enterprise'] and ansible_distribution == "RedHat" and lookup('oo_option', 'rhel_skip_subscription') | default(rhsub_skip, True) | default('no', True) | lower in ['no', 'false'] diff --git a/playbooks/byo/openshift-cluster/cluster_hosts.yml b/playbooks/byo/openshift-cluster/cluster_hosts.yml index e093b2580..8893db245 100644 --- a/playbooks/byo/openshift-cluster/cluster_hosts.yml +++ b/playbooks/byo/openshift-cluster/cluster_hosts.yml @@ -5,8 +5,12 @@ g_lb_hosts: "{{ groups.lb | default([]) }}" g_master_hosts: "{{ groups.masters | default([]) }}" +g_new_master_hosts: "{{ groups.new_masters | default([]) }}" + g_node_hosts: "{{ groups.nodes | default([]) }}" +g_new_node_hosts: "{{ groups.new_nodes | default([]) }}" + g_nfs_hosts: "{{ groups.nfs | default([]) }}" g_all_hosts: "{{ g_master_hosts | union(g_node_hosts) | union(g_etcd_hosts) diff --git a/playbooks/byo/openshift-cluster/scaleup.yml b/playbooks/byo/openshift-master/scaleup.yml index 1702690f6..18797d02a 100644 --- a/playbooks/byo/openshift-cluster/scaleup.yml +++ b/playbooks/byo/openshift-master/scaleup.yml @@ -1,5 +1,5 @@ --- -- include: ../../common/openshift-cluster/scaleup.yml +- include: ../../common/openshift-master/scaleup.yml vars_files: - ../../byo/openshift-cluster/cluster_hosts.yml vars: diff --git a/playbooks/byo/openshift-node/filter_plugins b/playbooks/byo/openshift-node/filter_plugins new file mode 120000 index 000000000..99a95e4ca --- /dev/null +++ b/playbooks/byo/openshift-node/filter_plugins @@ -0,0 +1 @@ +../../../filter_plugins
\ No newline at end of file diff --git a/playbooks/byo/openshift-node/lookup_plugins b/playbooks/byo/openshift-node/lookup_plugins new file mode 120000 index 000000000..ac79701db --- /dev/null +++ b/playbooks/byo/openshift-node/lookup_plugins @@ -0,0 +1 @@ +../../../lookup_plugins
\ No newline at end of file diff --git a/playbooks/byo/openshift-node/roles b/playbooks/byo/openshift-node/roles new file mode 120000 index 000000000..20c4c58cf --- /dev/null +++ b/playbooks/byo/openshift-node/roles @@ -0,0 +1 @@ +../../../roles
\ No newline at end of file diff --git a/playbooks/byo/openshift-node/scaleup.yml b/playbooks/byo/openshift-node/scaleup.yml new file mode 100644 index 000000000..0343597b5 --- /dev/null +++ b/playbooks/byo/openshift-node/scaleup.yml @@ -0,0 +1,8 @@ +--- +- include: ../../common/openshift-node/scaleup.yml + vars_files: + - ../../byo/openshift-cluster/cluster_hosts.yml + vars: + openshift_cluster_id: "{{ cluster_id | default('default') }}" + openshift_debug_level: "{{ debug_level | default(2) }}" + openshift_deployment_type: "{{ deployment_type }}" diff --git a/playbooks/byo/openshift_facts.yml b/playbooks/byo/openshift_facts.yml index babdfb952..916dfd0a6 100644 --- a/playbooks/byo/openshift_facts.yml +++ b/playbooks/byo/openshift_facts.yml @@ -5,5 +5,6 @@ - openshift_facts tasks: - openshift_facts: + openshift_env: "{{ hostvars[inventory_hostname] | oo_openshift_env }}" register: result - debug: var=result diff --git a/playbooks/byo/rhel_subscribe.yml b/playbooks/byo/rhel_subscribe.yml index f564905ea..990ddd2f2 100644 --- a/playbooks/byo/rhel_subscribe.yml +++ b/playbooks/byo/rhel_subscribe.yml @@ -4,7 +4,7 @@ openshift_deployment_type: "{{ deployment_type }}" roles: - role: rhel_subscribe - when: deployment_type == "enterprise" and + when: deployment_type in ['atomic-enterprise', 'enterprise', 'openshift-enterprise'] and ansible_distribution == "RedHat" and lookup('oo_option', 'rhel_skip_subscription') | default(rhsub_skip, True) | default('no', True) | lower in ['no', 'false'] diff --git a/playbooks/common/openshift-cluster/additional_config.yml b/playbooks/common/openshift-cluster/additional_config.yml new file mode 100644 index 000000000..1ac78468a --- /dev/null +++ b/playbooks/common/openshift-cluster/additional_config.yml @@ -0,0 +1,56 @@ +- name: Configure flannel + hosts: oo_first_master + vars: + etcd_urls: "{{ openshift.master.etcd_urls }}" + roles: + - role: flannel_register + when: openshift.common.use_flannel | bool + +- name: Additional master configuration + hosts: oo_first_master + vars: + cockpit_plugins: "{{ osm_cockpit_plugins | default(['cockpit-kubernetes']) }}" + etcd_urls: "{{ openshift.master.etcd_urls }}" + openshift_master_ha: "{{ groups.oo_masters | length > 1 }}" + omc_cluster_hosts: "{{ groups.oo_masters | join(' ')}}" + roles: + - role: openshift_master_cluster + when: openshift_master_ha | bool and openshift.master.cluster_method == "pacemaker" + - role: openshift_examples + when: openshift.common.install_examples | bool + - role: openshift_cluster_metrics + when: openshift.common.use_cluster_metrics | bool + - role: openshift_manageiq + when: openshift.common.use_manageiq | bool + - role: cockpit + when: not openshift.common.is_atomic and ( deployment_type in ['atomic-enterprise','openshift-enterprise'] ) and + (osm_use_cockpit | bool or osm_use_cockpit is undefined ) + - role: flannel_register + when: openshift.common.use_flannel | bool + - role: pods + when: openshift.common.deployment_type == 'online' + - role: os_env_extras + when: openshift.common.deployment_type == 'online' + +- name: Create persistent volumes and create hosted services + hosts: oo_first_master + vars: + attach_registry_volume: "{{ openshift.hosted.registry.storage.kind != None }}" + deploy_infra: "{{ openshift.master.infra_nodes | default([]) | length > 0 }}" + persistent_volumes: "{{ hostvars[groups.oo_first_master.0] | oo_persistent_volumes(groups) }}" + persistent_volume_claims: "{{ hostvars[groups.oo_first_master.0] | oo_persistent_volume_claims }}" + roles: + - role: openshift_persistent_volumes + when: persistent_volumes | length > 0 or persistent_volume_claims | length > 0 + - role: openshift_serviceaccounts + openshift_serviceaccounts_names: + - router + - registry + openshift_serviceaccounts_namespace: default + openshift_serviceaccounts_sccs: + - privileged + - role: openshift_router + when: deploy_infra | bool + - role: openshift_registry + registry_volume_claim: "{{ openshift.hosted.registry.storage.volume.name }}-claim" + when: deploy_infra | bool and attach_registry_volume | bool diff --git a/playbooks/common/openshift-cluster/config.yml b/playbooks/common/openshift-cluster/config.yml index 11e5b68f6..23c8f039e 100644 --- a/playbooks/common/openshift-cluster/config.yml +++ b/playbooks/common/openshift-cluster/config.yml @@ -1,6 +1,8 @@ --- - include: evaluate_groups.yml +- include: validate_hostnames.yml + - include: ../openshift-docker/config.yml - include: ../openshift-etcd/config.yml @@ -9,4 +11,6 @@ - include: ../openshift-master/config.yml +- include: additional_config.yml + - include: ../openshift-node/config.yml diff --git a/playbooks/common/openshift-cluster/evaluate_groups.yml b/playbooks/common/openshift-cluster/evaluate_groups.yml index db7105ed5..432a92b49 100644 --- a/playbooks/common/openshift-cluster/evaluate_groups.yml +++ b/playbooks/common/openshift-cluster/evaluate_groups.yml @@ -10,8 +10,8 @@ when: g_etcd_hosts is not defined - fail: - msg: This playbook requires g_master_hosts to be set - when: g_master_hosts is not defined + msg: This playbook requires g_master_hosts or g_new_master_hosts to be set + when: g_master_hosts is not defined and g_new_master_hosts is not defined - fail: msg: This playbook requires g_node_hosts or g_new_node_hosts to be set @@ -29,6 +29,14 @@ msg: The nfs group must be limited to one host when: (groups[g_nfs_hosts] | default([])) | length > 1 + - name: Evaluate oo_masters + add_host: + name: "{{ item }}" + groups: oo_masters + ansible_ssh_user: "{{ g_ssh_user | default(omit) }}" + ansible_sudo: "{{ g_sudo | default(omit) }}" + with_items: "{{ g_master_hosts | union(g_new_master_hosts) | default([]) }}" + - name: Evaluate oo_etcd_to_config add_host: name: "{{ item }}" @@ -43,11 +51,7 @@ groups: oo_masters_to_config ansible_ssh_user: "{{ g_ssh_user | default(omit) }}" ansible_sudo: "{{ g_sudo | default(omit) }}" - with_items: "{{ g_master_hosts | default([]) }}" - - # Use g_new_node_hosts if it exists otherwise g_node_hosts - - set_fact: - g_node_hosts_to_config: "{{ g_new_node_hosts | default(g_node_hosts | default([])) }}" + with_items: "{{ g_new_master_hosts | default(g_master_hosts | default([], true), true) }}" - name: Evaluate oo_nodes_to_config add_host: @@ -55,7 +59,7 @@ groups: oo_nodes_to_config ansible_ssh_user: "{{ g_ssh_user | default(omit) }}" ansible_sudo: "{{ g_sudo | default(omit) }}" - with_items: "{{ g_node_hosts_to_config | default([]) }}" + with_items: "{{ g_new_node_hosts | default(g_node_hosts | default([], true), true) }}" # Skip adding the master to oo_nodes_to_config when g_new_node_hosts is - name: Evaluate oo_nodes_to_config diff --git a/playbooks/common/openshift-cluster/scaleup.yml b/playbooks/common/openshift-cluster/scaleup.yml deleted file mode 100644 index d2ba3fc7a..000000000 --- a/playbooks/common/openshift-cluster/scaleup.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- include: evaluate_groups.yml - -- include: ../openshift-node/config.yml - vars: - openshift_deployment_type: "{{ deployment_type }}" diff --git a/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml index 8ec379109..0fb38f32e 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml @@ -74,6 +74,11 @@ - set_fact: g_new_version: "{{ g_aos_versions.curr_version.split('-', 1).0 if g_aos_versions.avail_version is none else g_aos_versions.avail_version.split('-', 1).0 }}" + when: openshift_pkg_version is not defined + + - set_fact: + g_new_version: "{{ openshift_pkg_version | replace('-','') }}" + when: openshift_pkg_version is defined - fail: msg: This playbook requires Origin 1.0.6 or later @@ -229,12 +234,19 @@ hosts: oo_masters_to_config vars: openshift_version: "{{ openshift_pkg_version | default('') }}" + roles: + - openshift_facts tasks: - name: Upgrade to latest available kernel action: "{{ ansible_pkg_mgr}} name=kernel state=latest" - name: Upgrade master packages command: "{{ ansible_pkg_mgr}} update -y {{ openshift.common.service_type }}-master{{ openshift_version }}" + when: openshift_pkg_version is not defined + + - name: Upgrade packages + command: "{{ ansible_pkg_mgr}} install -y {{ openshift.common.installed_variant_rpms | oo_31_rpm_rename_conversion(openshift_version) | join (' ')}}" + when: openshift_pkg_version is defined and deployment_type == 'openshift-enterprise' - name: Ensure python-yaml present for config upgrade action: "{{ ansible_pkg_mgr }} name=PyYAML state=present" @@ -251,7 +263,7 @@ openshift_master_certs_no_etcd: - admin.crt - master.kubelet-client.crt - - "{{ 'master.proxy-client.crt' if openshift.common.version_greater_than_3_1_or_1_1 else omit }}" + - "{{ 'master.proxy-client.crt' if openshift.common.version_gte_3_1_or_1_1 else omit }}" - master.server.crt - openshift-master.crt - openshift-registry.crt @@ -415,6 +427,11 @@ tasks: - name: Upgrade node packages command: "{{ ansible_pkg_mgr }} update -y {{ openshift.common.service_type }}-node{{ openshift_version }}" + when: openshift_pkg_version is not defined + + - name: Upgrade packages + command: "{{ ansible_pkg_mgr}} install -y {{ openshift.common.installed_variant_rpms | oo_31_rpm_rename_conversion(openshift_version) | join (' ')}}" + when: openshift_pkg_version is defined and deployment_type == 'openshift-enterprise' - name: Restart node service service: name="{{ openshift.common.service_type }}-node" state=restarted @@ -484,6 +501,7 @@ {{ openshift.common.admin_binary}} --config={{ openshift.common.config_base }}/master/admin.kubeconfig policy reconcile-cluster-role-bindings --exclude-groups=system:authenticated + --exclude-groups=system:authenticated:oauth --exclude-groups=system:unauthenticated --exclude-users=system:anonymous --additive-only=true --confirm @@ -555,46 +573,65 @@ - role: openshift_examples openshift_examples_import_command: replace pre_tasks: - - name: Check for default router + - name: Collect all routers command: > - {{ oc_cmd }} get -n default dc/router - register: _default_router + {{ oc_cmd }} get pods --all-namespaces -l 'router' -o json + register: all_routers failed_when: false changed_when: false + - set_fact: haproxy_routers="{{ (all_routers.stdout | from_json)['items'] | oo_pods_match_component(openshift_deployment_type, 'haproxy-router') | oo_select_keys_from_list(['metadata']) }}" + when: all_routers.rc == 0 + + - set_fact: haproxy_routers=[] + when: all_routers.rc != 0 + - name: Check for allowHostNetwork and allowHostPorts - when: _default_router.rc == 0 + when: all_routers.rc == 0 shell: > {{ oc_cmd }} get -o yaml scc/privileged | /usr/bin/grep -e allowHostPorts -e allowHostNetwork register: _scc - name: Grant allowHostNetwork and allowHostPorts when: - - _default_router.rc == 0 + - all_routers.rc == 0 - "'false' in _scc.stdout" command: > {{ oc_cmd }} patch scc/privileged -p '{"allowHostPorts":true,"allowHostNetwork":true}' --api-version=v1 - name: Update deployment config to 1.0.4/3.0.1 spec - when: _default_router.rc == 0 + when: all_routers.rc == 0 command: > - {{ oc_cmd }} patch dc/router -p + {{ oc_cmd }} patch dc/{{ item['labels']['deploymentconfig'] }} -p '{"spec":{"strategy":{"rollingParams":{"updatePercent":-10},"spec":{"serviceAccount":"router","serviceAccountName":"router"}}}}' --api-version=v1 + with_items: haproxy_routers - name: Switch to hostNetwork=true - when: _default_router.rc == 0 + when: all_routers.rc == 0 command: > - {{ oc_cmd }} patch dc/router -p '{"spec":{"template":{"spec":{"hostNetwork":true}}}}' + {{ oc_cmd }} patch dc/{{ item['labels']['deploymentconfig'] }} -p '{"spec":{"template":{"spec":{"hostNetwork":true}}}}' --api-version=v1 + with_items: haproxy_routers - name: Update router image to current version - when: _default_router.rc == 0 + when: all_routers.rc == 0 command: > - {{ oc_cmd }} patch dc/router -p + {{ oc_cmd }} patch dc/{{ item['labels']['deploymentconfig'] }} -p '{"spec":{"template":{"spec":{"containers":[{"name":"router","image":"{{ router_image }}"}]}}}}' --api-version=v1 + with_items: haproxy_routers + when: not openshift.common.version_gte_3_1_1_or_1_1_1 + + - name: Update router image to current version + when: all_routers.rc == 0 + command: > + {{ oc_cmd }} patch dc/{{ item['labels']['deploymentconfig'] }} -p + '{"spec":{"template":{"spec":{"containers":[{"name":"router","image":"{{ router_image }}","livenessProbe":{"tcpSocket":null,"httpGet":{"path": "/healthz", "port": 1936, "host": "localhost", "scheme": "HTTP"},"initialDelaySeconds":10,"timeoutSeconds":1}}]}}}}' + --api-version=v1 + with_items: haproxy_routers + when: openshift.common.version_gte_3_1_1_or_1_1_1 - name: Check for default registry command: > diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_minor/post.yml b/playbooks/common/openshift-cluster/upgrades/v3_1_minor/post.yml index d8336fcae..196393b2a 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_1_minor/post.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_1_minor/post.yml @@ -20,13 +20,27 @@ - role: openshift_examples openshift_examples_import_command: replace pre_tasks: - - name: Check for default router + - name: Collect all routers command: > - {{ oc_cmd }} get -n default dc/router - register: _default_router + {{ oc_cmd }} get pods --all-namespaces -l 'router' -o json + register: all_routers failed_when: false changed_when: false + - set_fact: haproxy_routers="{{ (all_routers.stdout | from_json)['items'] | oo_pods_match_component(openshift_deployment_type, 'haproxy-router') | oo_select_keys_from_list(['metadata']) }}" + when: all_routers.rc == 0 + + - set_fact: haproxy_routers=[] + when: all_routers.rc != 0 + + - name: Update router image to current version + when: all_routers.rc == 0 + command: > + {{ oc_cmd }} patch dc/{{ item['labels']['deploymentconfig'] }} -p + '{"spec":{"template":{"spec":{"containers":[{"name":"router","image":"{{ router_image }}","livenessProbe":{"tcpSocket":null,"httpGet":{"path": "/healthz", "port": 1936, "host": "localhost", "scheme": "HTTP"},"initialDelaySeconds":10,"timeoutSeconds":1}}]}}}}' + --api-version=v1 + with_items: haproxy_routers + - name: Check for default registry command: > {{ oc_cmd }} get -n default dc/docker-registry @@ -34,13 +48,6 @@ failed_when: false changed_when: false - - name: Update router image to current version - when: _default_router.rc == 0 - command: > - {{ oc_cmd }} patch dc/router -p - '{"spec":{"template":{"spec":{"containers":[{"name":"router","image":"{{ router_image }}"}]}}}}' - --api-version=v1 - - name: Update registry image to current version when: _default_registry.rc == 0 command: > diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_minor/pre.yml b/playbooks/common/openshift-cluster/upgrades/v3_1_minor/pre.yml index 91780de09..12b9c84d3 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_1_minor/pre.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_1_minor/pre.yml @@ -41,7 +41,7 @@ g_new_service_name: "{{ 'origin' if deployment_type =='origin' else 'atomic-openshift' }}" - name: Determine available versions - script: ../files/versions.sh {{ g_new_service_name }} openshift + script: ../files/versions.sh {{ g_new_service_name }} register: g_versions_result - set_fact: diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_minor/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_1_minor/upgrade.yml index 81dbba1e3..dbf746f12 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_1_minor/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_1_minor/upgrade.yml @@ -109,6 +109,7 @@ {{ openshift.common.admin_binary}} --config={{ openshift.common.config_base }}/master/admin.kubeconfig policy reconcile-cluster-role-bindings --exclude-groups=system:authenticated + --exclude-groups=system:authenticated:oauth --exclude-groups=system:unauthenticated --exclude-users=system:anonymous --additive-only=true --confirm diff --git a/playbooks/common/openshift-cluster/validate_hostnames.yml b/playbooks/common/openshift-cluster/validate_hostnames.yml new file mode 100644 index 000000000..fd82997b9 --- /dev/null +++ b/playbooks/common/openshift-cluster/validate_hostnames.yml @@ -0,0 +1,26 @@ +--- +- include: evaluate_groups.yml + +- name: Gather and set facts for node hosts + hosts: oo_nodes_to_config + roles: + - openshift_facts + tasks: + - openshift_facts: + role: "{{ item.role }}" + local_facts: "{{ item.local_facts }}" + with_items: + - role: common + local_facts: + hostname: "{{ openshift_hostname | default(None) }}" + public_hostname: "{{ openshift_public_hostname | default(None) }}" + - shell: + getent ahostsv4 {{ openshift.common.hostname }} | head -n 1 | awk '{ print $1 }' + register: lookupip + changed_when: false + failed_when: false + - name: Warn user about bad openshift_hostname values + pause: + prompt: "The hostname \"{{ openshift.common.hostname }}\" for \"{{ ansible_nodename }}\" doesn't resolve to an ip address owned by this host. Please set openshift_hostname variable to a hostname that when resolved on the host in question resolves to an IP address matching an interface on this host. This host will fail liveness checks for pods utilizing hostPorts, press ENTER to continue or CTRL-C to abort." + seconds: "{{ 10 if openshift_override_hostname_check | default(false) | bool else omit }}" + when: lookupip.stdout not in ansible_all_ipv4_addresses diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index 6f86703d6..b9d595576 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -18,6 +18,10 @@ - .config_managed - set_fact: + openshift_master_pod_eviction_timeout: "{{ lookup('oo_option', 'openshift_master_pod_eviction_timeout') | default(none, true) }}" + when: openshift_master_pod_eviction_timeout is not defined + + - set_fact: openshift_master_etcd_port: "{{ (etcd_client_port | default('2379')) if (groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config) else none }}" openshift_master_etcd_hosts: "{{ hostvars | oo_select_keys(groups['oo_etcd_to_config'] @@ -53,6 +57,13 @@ console_use_ssl: "{{ openshift_master_console_use_ssl | default(None) }}" public_console_url: "{{ openshift_master_public_console_url | default(None) }}" portal_net: "{{ openshift_master_portal_net | default(None) }}" + ha: "{{ openshift_master_ha | default(groups.oo_masters | length > 1) }}" + master_count: "{{ openshift_master_count | default(groups.oo_masters | length) }}" + - openshift_facts: + role: hosted + openshift_env: + openshift_hosted_registry_storage_kind: 'nfs' + when: openshift_hosted_registry_storage_kind is not defined and groups.oo_nfs_to_config is defined and groups.oo_nfs_to_config | length > 0 - name: Check status of external etcd certificatees stat: path: "{{ openshift.common.config_base }}/master/{{ item }}" @@ -135,13 +146,13 @@ when: etcd_client_certs_missing is defined and etcd_client_certs_missing - name: Determine if master certificates need to be generated - hosts: oo_masters_to_config + hosts: oo_first_master:oo_masters_to_config tasks: - set_fact: openshift_master_certs_no_etcd: - admin.crt - master.kubelet-client.crt - - "{{ 'master.proxy-client.crt' if openshift.common.version_greater_than_3_1_or_1_1 else omit }}" + - "{{ 'master.proxy-client.crt' if openshift.common.version_gte_3_1_or_1_1 else omit }}" - master.server.crt - openshift-master.crt - openshift-registry.crt @@ -165,10 +176,10 @@ master_cert_subdir: master-{{ openshift.common.hostname }} master_cert_config_dir: "{{ openshift.common.config_base }}/master" - set_fact: - openshift_infra_nodes: "{{ hostvars | oo_select_keys(groups['nodes']) + openshift_infra_nodes: "{{ hostvars | oo_select_keys(groups['oo_nodes_to_config']) | oo_nodes_with_label('region', 'infra') | oo_collect('inventory_hostname') }}" - when: openshift_infra_nodes is not defined + when: openshift_infra_nodes is not defined and groups.oo_nodes_to_config | default([]) | length > 0 - name: Configure master certificates hosts: oo_first_master @@ -212,15 +223,6 @@ validate_checksum: yes with_items: masters_needing_certs -- name: Compute haproxy_backend_servers - hosts: localhost - connection: local - become: no - gather_facts: no - tasks: - - set_fact: - haproxy_backend_servers: "{{ hostvars | oo_select_keys(groups['oo_masters_to_config']) | oo_haproxy_backend_masters }}" - - name: Configure load balancers hosts: oo_lb_to_config vars: @@ -239,11 +241,11 @@ mode: tcp option: tcplog balance: source - servers: "{{ hostvars.localhost.haproxy_backend_servers }}" + servers: "{{ hostvars | oo_select_keys(groups['oo_masters']) | oo_haproxy_backend_masters }}" roles: - role: openshift_facts - role: haproxy - when: groups.oo_masters_to_config | length > 1 + when: hostvars[groups.oo_first_master.0].openshift.master.ha | bool - name: Check for cached session secrets hosts: oo_first_master @@ -325,8 +327,8 @@ serial: 1 vars: sync_tmpdir: "{{ hostvars.localhost.g_master_mktemp.stdout }}" - openshift_master_ha: "{{ groups.oo_masters_to_config | length > 1 }}" - openshift_master_count: "{{ groups.oo_masters_to_config | length }}" + openshift_master_ha: "{{ openshift.master.ha }}" + openshift_master_count: "{{ openshift.master.master_count }}" openshift_master_session_auth_secrets: "{{ hostvars[groups.oo_first_master.0].openshift.master.session_auth_secrets }}" openshift_master_session_encryption_secrets: "{{ hostvars[groups.oo_first_master.0].openshift.master.session_encryption_secrets }}" pre_tasks: @@ -334,17 +336,15 @@ file: path: "{{ openshift.common.config_base }}/master" state: directory - when: master_certs_missing and 'oo_first_master' not in group_names + when: master_certs_missing | bool and 'oo_first_master' not in group_names - name: Unarchive the tarball on the master unarchive: src: "{{ sync_tmpdir }}/{{ master_cert_subdir }}.tgz" dest: "{{ master_cert_config_dir }}" - when: master_certs_missing and 'oo_first_master' not in group_names + when: master_certs_missing | bool and 'oo_first_master' not in group_names roles: - openshift_master - role: nickhammond.logrotate - - role: fluentd_master - when: openshift.common.use_fluentd | bool - role: nuage_master when: openshift.common.use_nuage | bool post_tasks: @@ -352,38 +352,6 @@ group_by: key=oo_masters_deployment_type_{{ openshift.common.deployment_type }} changed_when: False -- name: Additional master configuration - hosts: oo_first_master - vars: - openshift_master_ha: "{{ groups.oo_masters_to_config | length > 1 }}" - omc_cluster_hosts: "{{ groups.oo_masters_to_config | join(' ')}}" - roles: - - role: openshift_master_cluster - when: openshift_master_ha | bool and openshift.master.cluster_method == "pacemaker" - - role: openshift_examples - when: openshift.common.install_examples | bool - - role: openshift_cluster_metrics - when: openshift.common.use_cluster_metrics | bool - - role: openshift_manageiq - when: openshift.common.use_manageiq | bool - -- name: Enable cockpit - hosts: oo_first_master - vars: - cockpit_plugins: "{{ osm_cockpit_plugins | default(['cockpit-kubernetes']) }}" - roles: - - role: cockpit - when: not openshift.common.is_atomic and ( deployment_type in ['atomic-enterprise','openshift-enterprise'] ) and - (osm_use_cockpit | bool or osm_use_cockpit is undefined ) - -- name: Configure flannel - hosts: oo_first_master - vars: - etcd_urls: "{{ openshift.master.etcd_urls }}" - roles: - - role: flannel_register - when: openshift.common.use_flannel | bool - # Additional instance config for online deployments - name: Additional instance config hosts: oo_masters_deployment_type_online @@ -399,27 +367,3 @@ tasks: - file: name={{ g_master_mktemp.stdout }} state=absent changed_when: False - -- name: Configure service accounts - hosts: oo_first_master - - vars: - accounts: ["router", "registry"] - - roles: - - openshift_serviceaccounts - -- name: Create services - hosts: oo_first_master - vars: - attach_registry_volume: "{{ groups.oo_nfs_to_config | length > 0 }}" - pre_tasks: - - set_fact: - nfs_host: "{{ groups.oo_nfs_to_config.0 }}" - registry_volume_path: "{{ hostvars[groups.oo_nfs_to_config.0].openshift.nfs.exports_dir + '/' + hostvars[groups.oo_nfs_to_config.0].openshift.nfs.registry_volume }}" - when: attach_registry_volume | bool - roles: - - role: openshift_router - when: openshift.master.infra_nodes is defined - - role: openshift_registry - when: openshift.master.infra_nodes is defined and attach_registry_volume | bool diff --git a/playbooks/common/openshift-master/library/modify_yaml.py b/playbooks/common/openshift-master/library/modify_yaml.py new file mode 100755 index 000000000..a4be10ca3 --- /dev/null +++ b/playbooks/common/openshift-master/library/modify_yaml.py @@ -0,0 +1,95 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# vim: expandtab:tabstop=4:shiftwidth=4 + +''' modify_yaml ansible module ''' + +import yaml + +DOCUMENTATION = ''' +--- +module: modify_yaml +short_description: Modify yaml key value pairs +author: Andrew Butcher +requirements: [ ] +''' +EXAMPLES = ''' +- modify_yaml: + dest: /etc/origin/master/master-config.yaml + yaml_key: 'kubernetesMasterConfig.masterCount' + yaml_value: 2 +''' + +def main(): + ''' Modify key (supplied in jinja2 dot notation) in yaml file, setting + the key to the desired value. + ''' + + # disabling pylint errors for global-variable-undefined and invalid-name + # for 'global module' usage, since it is required to use ansible_facts + # pylint: disable=global-variable-undefined, invalid-name, + # redefined-outer-name + global module + + module = AnsibleModule( + argument_spec=dict( + dest=dict(required=True), + yaml_key=dict(required=True), + yaml_value=dict(required=True), + backup=dict(required=False, default=True, type='bool'), + ), + supports_check_mode=True, + ) + + dest = module.params['dest'] + yaml_key = module.params['yaml_key'] + yaml_value = module.safe_eval(module.params['yaml_value']) + backup = module.params['backup'] + + # Represent null values as an empty string. + # pylint: disable=missing-docstring, unused-argument + def none_representer(dumper, data): + return yaml.ScalarNode(tag=u'tag:yaml.org,2002:null', value=u'') + yaml.add_representer(type(None), none_representer) + + try: + changes = [] + + yaml_file = open(dest) + yaml_data = yaml.safe_load(yaml_file.read()) + yaml_file.close() + + ptr = yaml_data + for key in yaml_key.split('.'): + if key not in ptr and key != yaml_key.split('.')[-1]: + ptr[key] = {} + elif key == yaml_key.split('.')[-1]: + if (key in ptr and module.safe_eval(ptr[key]) != yaml_value) or (key not in ptr): + ptr[key] = yaml_value + changes.append((yaml_key, yaml_value)) + else: + ptr = ptr[key] + + if len(changes) > 0: + if backup: + module.backup_local(dest) + yaml_file = open(dest, 'w') + yaml_string = yaml.dump(yaml_data, default_flow_style=False) + yaml_string = yaml_string.replace('\'\'', '""') + yaml_file.write(yaml_string) + yaml_file.close() + + return module.exit_json(changed=(len(changes) > 0), changes=changes) + + # ignore broad-except error to avoid stack trace to ansible user + # pylint: disable=broad-except + except Exception, e: + return module.fail_json(msg=str(e)) + +# ignore pylint errors related to the module_utils import +# pylint: disable=redefined-builtin, unused-wildcard-import, wildcard-import +# import module snippets +from ansible.module_utils.basic import * + +if __name__ == '__main__': + main() diff --git a/playbooks/common/openshift-master/scaleup.yml b/playbooks/common/openshift-master/scaleup.yml new file mode 100644 index 000000000..6f8151d30 --- /dev/null +++ b/playbooks/common/openshift-master/scaleup.yml @@ -0,0 +1,55 @@ +--- +- include: ../openshift-cluster/evaluate_groups.yml + +- name: Gather facts + hosts: oo_etcd_to_config:oo_masters_to_config:oo_nodes_to_config + roles: + - openshift_facts + +- name: Update master count + hosts: oo_masters:!oo_masters_to_config + serial: 1 + roles: + - openshift_facts + post_tasks: + - openshift_facts: + role: master + local_facts: + ha: "{{ openshift_master_ha | default(groups.oo_masters | length > 1) }}" + master_count: "{{ openshift_master_count | default(groups.oo_masters | length) }}" + - name: Update master count + modify_yaml: + dest: "{{ openshift.common.config_base}}/master/master-config.yaml" + yaml_key: 'kubernetesMasterConfig.masterCount' + yaml_value: "{{ openshift.master.master_count }}" + notify: + - restart master api + - restart master controllers + handlers: + - name: restart master api + service: name={{ openshift.common.service_type }}-master-controllers state=restarted + notify: verify api server + - name: restart master controllers + service: name={{ openshift.common.service_type }}-master-controllers state=restarted + - name: verify api server + command: > + curl -k --head --silent {{ openshift.master.api_url }} + register: api_available_output + until: api_available_output.stdout.find("200 OK") != -1 + retries: 120 + delay: 1 + changed_when: false + +- name: Configure docker hosts + hosts: oo_masters_to-config:oo_nodes_to_config + vars: + docker_additional_registries: "{{ lookup('oo_option', 'docker_additional_registries') | oo_split }}" + docker_insecure_registries: "{{ lookup('oo_option', 'docker_insecure_registries') | oo_split }}" + docker_blocked_registries: "{{ lookup('oo_option', 'docker_blocked_registries') | oo_split }}" + roles: + - openshift_facts + - openshift_docker + +- include: ../openshift-master/config.yml + +- include: ../openshift-node/config.yml diff --git a/playbooks/common/openshift-nfs/config.yml b/playbooks/common/openshift-nfs/config.yml index e3f5c17ca..ba7530ed7 100644 --- a/playbooks/common/openshift-nfs/config.yml +++ b/playbooks/common/openshift-nfs/config.yml @@ -2,4 +2,5 @@ - name: Configure nfs hosts hosts: oo_nfs_to_config roles: + - role: openshift_facts - role: openshift_storage_nfs diff --git a/playbooks/common/openshift-node/config.yml b/playbooks/common/openshift-node/config.yml index 81ec9ab6d..56d30e9b9 100644 --- a/playbooks/common/openshift-node/config.yml +++ b/playbooks/common/openshift-node/config.yml @@ -80,6 +80,7 @@ when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing roles: - role: etcd_certificates + when: openshift_use_flannel | default(false) | bool post_tasks: - name: Create a tarball of the etcd flannel certs command: > @@ -175,6 +176,7 @@ - name: Evaluate node groups hosts: localhost become: no + connection: local tasks: - name: Evaluate oo_containerized_master_nodes add_host: @@ -215,8 +217,6 @@ - role: nuage_node when: openshift.common.use_nuage | bool - role: nickhammond.logrotate - - role: fluentd_node - when: openshift.common.use_fluentd | bool tasks: - name: Create group for deployment type group_by: key=oo_nodes_deployment_type_{{ openshift.common.deployment_type }} diff --git a/playbooks/common/openshift-node/scaleup.yml b/playbooks/common/openshift-node/scaleup.yml new file mode 100644 index 000000000..d36f7acea --- /dev/null +++ b/playbooks/common/openshift-node/scaleup.yml @@ -0,0 +1,14 @@ +--- +- include: ../openshift-cluster/evaluate_groups.yml + +- name: Configure docker hosts + hosts: oo_nodes_to_config + vars: + docker_additional_registries: "{{ lookup('oo_option', 'docker_additional_registries') | oo_split }}" + docker_insecure_registries: "{{ lookup('oo_option', 'docker_insecure_registries') | oo_split }}" + docker_blocked_registries: "{{ lookup('oo_option', 'docker_blocked_registries') | oo_split }}" + roles: + - openshift_facts + - openshift_docker + +- include: ../openshift-node/config.yml diff --git a/playbooks/gce/openshift-cluster/add_nodes.yml b/playbooks/gce/openshift-cluster/add_nodes.yml new file mode 100644 index 000000000..765e03fdc --- /dev/null +++ b/playbooks/gce/openshift-cluster/add_nodes.yml @@ -0,0 +1,43 @@ +--- +- name: Launch instance(s) + hosts: localhost + connection: local + become: no + gather_facts: no + vars_files: + - vars.yml + vars: + oo_extend_env: True + tasks: + - fail: + msg: Deployment type not supported for gce provider yet + when: deployment_type == 'enterprise' + + - include: ../../common/openshift-cluster/tasks/set_node_launch_facts.yml + vars: + type: "compute" + count: "{{ num_nodes }}" + - include: tasks/launch_instances.yml + vars: + instances: "{{ node_names }}" + cluster: "{{ cluster_id }}" + type: "{{ k8s_type }}" + g_sub_host_type: "{{ sub_host_type }}" + gce_machine_type: "{{ lookup('env', 'gce_machine_node_type') | default(lookup('env', 'gce_machine_type'), true) }}" + gce_machine_image: "{{ lookup('env', 'gce_machine_node_image') | default(lookup('env', 'gce_machine_image'), true) }}" + + - include: ../../common/openshift-cluster/tasks/set_node_launch_facts.yml + vars: + type: "infra" + count: "{{ num_infra }}" + - include: tasks/launch_instances.yml + vars: + instances: "{{ node_names }}" + cluster: "{{ cluster_id }}" + type: "{{ k8s_type }}" + g_sub_host_type: "{{ sub_host_type }}" + gce_machine_type: "{{ lookup('env', 'gce_machine_node_type') | default(lookup('env', 'gce_machine_type'), true) }}" + gce_machine_image: "{{ lookup('env', 'gce_machine_node_image') | default(lookup('env', 'gce_machine_image'), true) }}" + +- include: scaleup.yml +- include: list.yml diff --git a/playbooks/gce/openshift-cluster/cluster_hosts.yml b/playbooks/gce/openshift-cluster/cluster_hosts.yml index 15690e3bf..b989e15fa 100644 --- a/playbooks/gce/openshift-cluster/cluster_hosts.yml +++ b/playbooks/gce/openshift-cluster/cluster_hosts.yml @@ -10,8 +10,12 @@ g_nfs_hosts: "{{ g_all_hosts | intersect(groups['tag_host-type-nfs'] | defau g_master_hosts: "{{ g_all_hosts | intersect(groups['tag_host-type-master'] | default([])) }}" +g_new_master_hosts: "{{ g_all_hosts | intersect(groups['tag_host-type-new-master'] | default([])) }}" + g_node_hosts: "{{ g_all_hosts | intersect(groups['tag_host-type-node'] | default([])) }}" +g_new_node_hosts: "{{ g_all_hosts | intersect(groups['tag_host-type-new-node'] | default([])) }}" + g_infra_hosts: "{{ g_node_hosts | intersect(groups['tag_sub-host-type-infra']) | default([]) }}" -g_compute_hosts: "{{ g_node_hosts | intersect(groups['tag_sub-host-type-compute']) | default([]) }}" +g_compute_hosts: "{{ g_node_hosts | intersect(groups['tag_sub-host-type-compute'] | default([])) }}" diff --git a/playbooks/gce/openshift-cluster/config.yml b/playbooks/gce/openshift-cluster/config.yml index 8bc9b1e53..ba37a3a1f 100644 --- a/playbooks/gce/openshift-cluster/config.yml +++ b/playbooks/gce/openshift-cluster/config.yml @@ -1,6 +1,4 @@ --- -# TODO: fix firewall related bug with GCE and origin, since GCE is overriding -# /etc/sysconfig/iptables - include: ../../common/openshift-cluster/config.yml vars_files: - ../../gce/openshift-cluster/vars.yml @@ -13,6 +11,11 @@ openshift_debug_level: "{{ debug_level }}" openshift_deployment_type: "{{ deployment_type }}" openshift_hostname: "{{ gce_private_ip }}" + openshift_registry_selector: 'type=infra' openshift_router_selector: 'type=infra' openshift_infra_nodes: "{{ g_infra_hosts }}" openshift_master_cluster_method: 'native' + openshift_use_openshift_sdn: "{{ lookup('oo_option', 'use_openshift_sdn') }}" + os_sdn_network_plugin_name: "{{ lookup('oo_option', 'sdn_network_plugin_name') }}" + openshift_use_flannel: "{{ lookup('oo_option', 'use_flannel') }}" + openshift_use_fluentd: "{{ lookup('oo_option', 'use_fluentd') }}" diff --git a/playbooks/gce/openshift-cluster/join_node.yml b/playbooks/gce/openshift-cluster/join_node.yml deleted file mode 100644 index 75343dffa..000000000 --- a/playbooks/gce/openshift-cluster/join_node.yml +++ /dev/null @@ -1,51 +0,0 @@ ---- -- name: Populate oo_hosts_to_update group - hosts: localhost - connection: local - become: no - gather_facts: no - vars_files: - - vars.yml - - cluster_hosts.yml - tasks: - - name: Evaluate oo_hosts_to_update - add_host: - name: "{{ node_ip }}" - groups: oo_hosts_to_update - ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" - ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" - -- include: ../../common/openshift-cluster/update_repos_and_packages.yml - -- name: Populate oo_masters_to_config host group - hosts: localhost - connection: local - become: no - gather_facts: no - vars_files: - - vars.yml - - cluster_hosts.yml - tasks: - - name: Evaluate oo_nodes_to_config - add_host: - name: "{{ node_ip }}" - ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" - ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" - groups: oo_nodes_to_config - - - name: Evaluate oo_first_master - add_host: - name: "{{ master_hosts | first }}" - ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" - ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" - groups: oo_first_master - when: master_hosts is defined and master_hosts|length > 0 - -#- include: config.yml -- include: ../../common/openshift-node/config.yml - vars: - openshift_cluster_id: "{{ cluster_id }}" - openshift_debug_level: 4 - openshift_deployment_type: "{{ deployment_type }}" - openshift_hostname: "{{ ansible_default_ipv4.address }}" - openshift_node_labels: "{{ lookup('oo_option', 'openshift_node_labels') }} " diff --git a/playbooks/gce/openshift-cluster/launch.yml b/playbooks/gce/openshift-cluster/launch.yml index 562bf8d29..7532a678b 100644 --- a/playbooks/gce/openshift-cluster/launch.yml +++ b/playbooks/gce/openshift-cluster/launch.yml @@ -10,6 +10,17 @@ - fail: msg="Deployment type not supported for gce provider yet" when: deployment_type == 'enterprise' + - include: ../../common/openshift-cluster/tasks/set_etcd_launch_facts.yml + - include: tasks/launch_instances.yml + vars: + instances: "{{ etcd_names }}" + cluster: "{{ cluster_id }}" + type: "{{ k8s_type }}" + g_sub_host_type: "default" + gce_machine_type: "{{ lookup('env', 'gce_machine_etcd_type') | default(lookup('env', 'gce_machine_type'), true) }}" + gce_machine_image: "{{ lookup('env', 'gce_machine_etcd_image') | default(lookup('env', 'gce_machine_image'), true) }}" + + - include: ../../common/openshift-cluster/tasks/set_master_launch_facts.yml - include: tasks/launch_instances.yml vars: @@ -43,6 +54,8 @@ cluster: "{{ cluster_id }}" type: "{{ k8s_type }}" g_sub_host_type: "{{ sub_host_type }}" + gce_machine_type: "{{ lookup('env', 'gce_machine_node_type') | default(lookup('env', 'gce_machine_type'), true) }}" + gce_machine_image: "{{ lookup('env', 'gce_machine_node_image') | default(lookup('env', 'gce_machine_image'), true) }}" - add_host: name: "{{ master_names.0 }}" @@ -50,17 +63,5 @@ when: master_names is defined and master_names.0 is defined - include: update.yml -# -#- name: Deploy OpenShift Services -# hosts: service_master -# connection: ssh -# gather_facts: yes -# roles: -# - openshift_registry -# - openshift_router -# -#- include: ../../common/openshift-cluster/create_services.yml -# vars: -# g_svc_master: "{{ service_master }}" - include: list.yml diff --git a/playbooks/gce/openshift-cluster/list.yml b/playbooks/gce/openshift-cluster/list.yml index e67685912..992033d16 100644 --- a/playbooks/gce/openshift-cluster/list.yml +++ b/playbooks/gce/openshift-cluster/list.yml @@ -14,13 +14,20 @@ - add_host: name: "{{ item }}" groups: oo_list_hosts - ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user | default(ansible_ssh_user, true) }}" + ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" with_items: groups[scratch_group] | default([], true) | difference(['localhost']) | difference(groups.status_terminated | default([], true)) -- name: List instance(s) +- name: List Hosts hosts: oo_list_hosts + +- name: List Hosts + hosts: localhost + become: no + connection: local gather_facts: no + vars_files: + - vars.yml tasks: - debug: - msg: "private ip:{{ hostvars[inventory_hostname].gce_private_ip }}" + msg: "{{ hostvars | oo_select_keys(groups[scratch_group] | default([])) | oo_pretty_print_cluster }}" diff --git a/playbooks/gce/openshift-cluster/service.yml b/playbooks/gce/openshift-cluster/service.yml index 8925de4cb..914f38c1f 100644 --- a/playbooks/gce/openshift-cluster/service.yml +++ b/playbooks/gce/openshift-cluster/service.yml @@ -14,14 +14,14 @@ - add_host: name: "{{ item }}" groups: g_service_nodes - ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user | default(ansible_ssh_user, true) }}" + ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" with_items: "{{ node_hosts | default([]) | difference(['localhost']) | difference(groups.status_terminated) }}" - add_host: name: "{{ item }}" groups: g_service_masters - ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user | default(ansible_ssh_user, true) }}" + ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" with_items: "{{ master_hosts | default([]) | difference(['localhost']) | difference(groups.status_terminated) }}" diff --git a/playbooks/gce/openshift-cluster/tasks/launch_instances.yml b/playbooks/gce/openshift-cluster/tasks/launch_instances.yml index 488b62eb9..8ebf71cd4 100644 --- a/playbooks/gce/openshift-cluster/tasks/launch_instances.yml +++ b/playbooks/gce/openshift-cluster/tasks/launch_instances.yml @@ -1,7 +1,4 @@ --- -# TODO: when we are ready to go to ansible 1.9+ support only, we can update to -# the gce task to use the disk_auto_delete parameter to avoid having to delete -# the disk as a separate step on termination - name: Launch instance(s) gce: instance_names: "{{ instances }}" @@ -41,7 +38,7 @@ add_host: hostname: "{{ item.name }}" ansible_ssh_host: "{{ item.public_ip }}" - ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user | default(ansible_ssh_user, true) }}" + ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" groups: "{{ item.tags | oo_prepend_strings_in_list('tag_') | join(',') }}" gce_public_ip: "{{ item.public_ip }}" diff --git a/playbooks/gce/openshift-cluster/terminate.yml b/playbooks/gce/openshift-cluster/terminate.yml index faa46c0d6..d835c53ba 100644 --- a/playbooks/gce/openshift-cluster/terminate.yml +++ b/playbooks/gce/openshift-cluster/terminate.yml @@ -10,7 +10,7 @@ - add_host: name: "{{ item }}" groups: oo_hosts_to_terminate - ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user | default(ansible_ssh_user, true) }}" + ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" with_items: (groups['tag_clusterid-' ~ cluster_id] | default([])) | difference(['localhost']) @@ -20,7 +20,7 @@ - vars.yml roles: - role: rhel_unsubscribe - when: deployment_type == "enterprise" and + when: deployment_type in ['atomic-enterprise', 'enterprise', 'openshift-enterprise'] and ansible_distribution == "RedHat" and lookup('oo_option', 'rhel_skip_subscription') | default(rhsub_skip, True) | default('no', True) | lower in ['no', 'false'] diff --git a/playbooks/gce/openshift-cluster/update.yml b/playbooks/gce/openshift-cluster/update.yml index dadceae58..2dc540978 100644 --- a/playbooks/gce/openshift-cluster/update.yml +++ b/playbooks/gce/openshift-cluster/update.yml @@ -12,7 +12,7 @@ add_host: name: "{{ item }}" groups: oo_hosts_to_update - ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user | default(ansible_ssh_user, true) }}" + ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" with_items: "{{ g_all_hosts | default([]) }}" diff --git a/playbooks/gce/openshift-cluster/vars.yml b/playbooks/gce/openshift-cluster/vars.yml index f004a9e6b..d173213fc 100644 --- a/playbooks/gce/openshift-cluster/vars.yml +++ b/playbooks/gce/openshift-cluster/vars.yml @@ -2,16 +2,16 @@ debug_level: 2 deployment_rhel7_ent_base: - image: rhel-7 - machine_type: n1-standard-1 - ssh_user: + image: "{{ lookup('oo_option', 'image_name') | default('rhel-7', True) }}" + machine_type: "{{ lookup('oo_option', 'machine_type') | default('n1-standard-1', True) }}" + ssh_user: "{{ lookup('env', 'gce_ssh_user') | default(ansible_ssh_user, true) }}" sudo: yes deployment_vars: origin: - image: preinstalled-slave-50g-v5 - machine_type: n1-standard-1 - ssh_user: root + image: "{{ lookup('oo_option', 'image_name') | default('centos-7', True) }}" + machine_type: "{{ lookup('oo_option', 'machine_type') | default('n1-standard-1', True) }}" + ssh_user: "{{ lookup('env', 'gce_ssh_user') | default(ansible_ssh_user, true) }}" sudo: yes online: image: libra-rhel7 diff --git a/playbooks/gce/openshift-cluster/wip.yml b/playbooks/gce/openshift-cluster/wip.yml deleted file mode 100644 index 0e3757546..000000000 --- a/playbooks/gce/openshift-cluster/wip.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -- name: WIP - hosts: localhost - become: no - connection: local - gather_facts: no - vars_files: - - vars.yml - tasks: - - name: Evaluate oo_masters_for_deploy - add_host: - name: "{{ item }}" - groups: oo_masters_for_deploy - ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user | default(ansible_ssh_user, true) }}" - ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" - with_items: "{{ g_master_hosts | default([]) }}" - -- name: Deploy OpenShift Services - hosts: oo_masters_for_deploy - connection: ssh - gather_facts: yes - user: root - vars_files: - - vars.yml - roles: - - openshift_registry - - openshift_router diff --git a/playbooks/libvirt/openshift-cluster/cluster_hosts.yml b/playbooks/libvirt/openshift-cluster/cluster_hosts.yml index 15690e3bf..b989e15fa 100644 --- a/playbooks/libvirt/openshift-cluster/cluster_hosts.yml +++ b/playbooks/libvirt/openshift-cluster/cluster_hosts.yml @@ -10,8 +10,12 @@ g_nfs_hosts: "{{ g_all_hosts | intersect(groups['tag_host-type-nfs'] | defau g_master_hosts: "{{ g_all_hosts | intersect(groups['tag_host-type-master'] | default([])) }}" +g_new_master_hosts: "{{ g_all_hosts | intersect(groups['tag_host-type-new-master'] | default([])) }}" + g_node_hosts: "{{ g_all_hosts | intersect(groups['tag_host-type-node'] | default([])) }}" +g_new_node_hosts: "{{ g_all_hosts | intersect(groups['tag_host-type-new-node'] | default([])) }}" + g_infra_hosts: "{{ g_node_hosts | intersect(groups['tag_sub-host-type-infra']) | default([]) }}" -g_compute_hosts: "{{ g_node_hosts | intersect(groups['tag_sub-host-type-compute']) | default([]) }}" +g_compute_hosts: "{{ g_node_hosts | intersect(groups['tag_sub-host-type-compute'] | default([])) }}" diff --git a/playbooks/libvirt/openshift-cluster/config.yml b/playbooks/libvirt/openshift-cluster/config.yml index 9bd99c4fc..0e003ef67 100644 --- a/playbooks/libvirt/openshift-cluster/config.yml +++ b/playbooks/libvirt/openshift-cluster/config.yml @@ -13,6 +13,11 @@ openshift_cluster_id: "{{ cluster_id }}" openshift_debug_level: "{{ debug_level }}" openshift_deployment_type: "{{ deployment_type }}" + openshift_registry_selector: 'type=infra' openshift_router_selector: 'type=infra' openshift_infra_nodes: "{{ g_infra_hosts }}" openshift_master_cluster_method: 'native' + openshift_use_openshift_sdn: "{{ lookup('oo_option', 'use_openshift_sdn') }}" + os_sdn_network_plugin_name: "{{ lookup('oo_option', 'sdn_network_plugin_name') }}" + openshift_use_flannel: "{{ lookup('oo_option', 'use_flannel') }}" + openshift_use_fluentd: "{{ lookup('oo_option', 'use_fluentd') }}" diff --git a/playbooks/libvirt/openshift-cluster/tasks/launch_instances.yml b/playbooks/libvirt/openshift-cluster/tasks/launch_instances.yml index ff1cedc94..b00352539 100644 --- a/playbooks/libvirt/openshift-cluster/tasks/launch_instances.yml +++ b/playbooks/libvirt/openshift-cluster/tasks/launch_instances.yml @@ -13,16 +13,28 @@ get_url: url: '{{ image_url }}' sha256sum: '{{ image_sha256 }}' - dest: '{{ os_libvirt_storage_pool_path }}/{{ [image_name, image_compression] | join(".") }}' + dest: '{{ os_libvirt_storage_pool_path }}/{{ [image_name, image_compression] | reject("equalto", "") | join(".") }}' when: '{{ ( lookup("oo_option", "skip_image_download") | default("no", True) | lower ) in ["false", "no"] }}' register: downloaded_image -- name: Uncompress Base Cloud image +- name: Uncompress xz compressed base cloud image command: 'unxz -kf {{ os_libvirt_storage_pool_path }}/{{ [image_name, image_compression] | join(".") }}' args: creates: '{{ os_libvirt_storage_pool_path }}/{{ image_name }}' when: image_compression in ["xz"] and downloaded_image.changed +- name: Uncompress tgz compressed base cloud image + command: 'tar zxvf {{ os_libvirt_storage_pool_path }}/{{ [image_name, image_compression] | join(".") }}' + args: + creates: '{{ os_libvirt_storage_pool_path }}/{{ image_name }}' + when: image_compression in ["tgz"] and downloaded_image.changed + +- name: Uncompress gzip compressed base cloud image + command: 'gunzip {{ os_libvirt_storage_pool_path }}/{{ [image_name, image_compression] | join(".") }}' + args: + creates: '{{ os_libvirt_storage_pool_path }}/{{ image_name }}' + when: image_compression in ["gz"] and downloaded_image.changed + - name: Create the cloud-init config drive path file: dest: '{{ os_libvirt_storage_pool_path }}/{{ item }}_configdrive/' @@ -82,6 +94,16 @@ - set_fact: ips: "{{ scratch_ip.results | default([]) | oo_collect('stdout') }}" +- set_fact: + node_label: + type: "{{ g_sub_host_type }}" + when: instances | length > 0 and type == "node" + +- set_fact: + node_label: + type: "{{ type }}" + when: instances | length > 0 and type != "node" + - name: Add new instances add_host: hostname: '{{ item.0 }}' @@ -89,6 +111,7 @@ ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" groups: "tag_environment-{{ cluster_env }}, tag_host-type-{{ type }}, tag_sub-host-type-{{ g_sub_host_type }}, tag_clusterid-{{ cluster_id }}" + openshift_node_labels: "{{ node_label }}" with_together: - instances - ips diff --git a/playbooks/libvirt/openshift-cluster/templates/user-data b/playbooks/libvirt/openshift-cluster/templates/user-data index e0c966e45..ead881f78 100644 --- a/playbooks/libvirt/openshift-cluster/templates/user-data +++ b/playbooks/libvirt/openshift-cluster/templates/user-data @@ -3,7 +3,6 @@ disable_root: true hostname: {{ item[0] }} fqdn: {{ item[0] }}.example.com -manage_etc_hosts: true users: - default diff --git a/playbooks/libvirt/openshift-cluster/terminate.yml b/playbooks/libvirt/openshift-cluster/terminate.yml index 8d845c8f2..f4749c28d 100644 --- a/playbooks/libvirt/openshift-cluster/terminate.yml +++ b/playbooks/libvirt/openshift-cluster/terminate.yml @@ -23,7 +23,7 @@ - vars.yml roles: - role: rhel_unsubscribe - when: deployment_type == "enterprise" and + when: deployment_type in ['atomic-enterprise', 'enterprise', 'openshift-enterprise'] and ansible_distribution == "RedHat" and lookup('oo_option', 'rhel_skip_subscription') | default(rhsub_skip, True) | default('no', True) | lower in ['no', 'false'] diff --git a/playbooks/libvirt/openshift-cluster/vars.yml b/playbooks/libvirt/openshift-cluster/vars.yml index da628786b..c78b52867 100644 --- a/playbooks/libvirt/openshift-cluster/vars.yml +++ b/playbooks/libvirt/openshift-cluster/vars.yml @@ -15,6 +15,7 @@ deployment_rhel7_ent_base: default('rhel-guest-image-7.2-20151102.0.x86_64.qcow2', True) }}" sha256: "{{ lookup('oo_option', 'image_sha256') | default('25f880767ec6bf71beb532e17f1c45231640bbfdfbbb1dffb79d2c1b328388e0', True) }}" + compression: "" ssh_user: openshift sudo: yes @@ -41,3 +42,5 @@ deployment_vars: enterprise: "{{ deployment_rhel7_ent_base }}" openshift-enterprise: "{{ deployment_rhel7_ent_base }}" atomic-enterprise: "{{ deployment_rhel7_ent_base }}" + + diff --git a/playbooks/openstack/openshift-cluster/cluster_hosts.yml b/playbooks/openstack/openshift-cluster/cluster_hosts.yml index 1023f3ec1..9a3361919 100644 --- a/playbooks/openstack/openshift-cluster/cluster_hosts.yml +++ b/playbooks/openstack/openshift-cluster/cluster_hosts.yml @@ -10,8 +10,12 @@ g_nfs_hosts: "{{ g_all_hosts | intersect(groups['tag_host-type_nfs'] | defau g_master_hosts: "{{ g_all_hosts | intersect(groups['tag_host-type_master'] | default([])) }}" +g_new_master_hosts: "{{ g_all_hosts | intersect(groups['tag_host-type_new_master'] | default([])) }}" + g_node_hosts: "{{ g_all_hosts | intersect(groups['tag_host-type_node'] | default([])) }}" +g_new_node_hosts: "{{ g_all_hosts | intersect(groups['tag_host-type_new_node'] | default([])) }}" + g_infra_hosts: "{{ g_node_hosts | intersect(groups['tag_sub-host-type_infra']) | default([]) }}" -g_compute_hosts: "{{ g_node_hosts | intersect(groups['tag_sub-host-type_compute']) | default([]) }}" +g_compute_hosts: "{{ g_node_hosts | intersect(groups['tag_sub-host-type_compute'] | default([])) }}" diff --git a/playbooks/openstack/openshift-cluster/config.yml b/playbooks/openstack/openshift-cluster/config.yml index 5128e767f..093beaf03 100644 --- a/playbooks/openstack/openshift-cluster/config.yml +++ b/playbooks/openstack/openshift-cluster/config.yml @@ -10,7 +10,11 @@ openshift_cluster_id: "{{ cluster_id }}" openshift_debug_level: "{{ debug_level }}" openshift_deployment_type: "{{ deployment_type }}" - openshift_hostname: "{{ ansible_default_ipv4.address }}" + openshift_registry_selector: 'type=infra' openshift_router_selector: 'type=infra' openshift_infra_nodes: "{{ g_infra_hosts }}" openshift_master_cluster_method: 'native' + openshift_use_openshift_sdn: "{{ lookup('oo_option', 'use_openshift_sdn') }}" + os_sdn_network_plugin_name: "{{ lookup('oo_option', 'sdn_network_plugin_name') }}" + openshift_use_flannel: "{{ lookup('oo_option', 'use_flannel') }}" + openshift_use_fluentd: "{{ lookup('oo_option', 'use_fluentd') }}" diff --git a/playbooks/openstack/openshift-cluster/dns.yml b/playbooks/openstack/openshift-cluster/dns.yml new file mode 100644 index 000000000..5e7671a48 --- /dev/null +++ b/playbooks/openstack/openshift-cluster/dns.yml @@ -0,0 +1,47 @@ +- name: Populate oo_dns_hosts_to_update group + hosts: localhost + connection: local + become: no + gather_facts: no + vars_files: + - vars.yml + - cluster_hosts.yml + tasks: + - name: Evaluate oo_dns_hosts_to_update + add_host: + name: "{{ item }}" + groups: oo_dns_hosts_to_update + ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" + ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" + with_items: "{{ groups[cluster_id ~ '-dns'] }}" + + - name: Evaluate oo_hosts_to_add_in_dns + add_host: + name: "{{ item }}" + groups: oo_hosts_to_add_in_dns + ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" + ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" + with_items: "{{ groups['tag_clusterid_' ~ cluster_id] }}" + +- name: Gather facts + hosts: oo_hosts_to_add_in_dns + vars_files: + - vars.yml + - cluster_hosts.yml + +- name: Configure the DNS + hosts: oo_dns_hosts_to_update + vars_files: + - vars.yml + - cluster_hosts.yml + roles: + - role: rhel_subscribe + when: deployment_type in ["enterprise", "atomic-enterprise", "openshift-enterprise"] and + ansible_distribution == "RedHat" and + lookup('oo_option', 'rhel_skip_subscription') | default(rhsub_skip, True) | + default('no', True) | lower in ['no', 'false'] + + - { role: dns, + dns_forwarders: "{{ openstack_network_dns }}", + dns_zones: [ novalocal, openstacklocal ], + dns_all_hosts: "{{ g_all_hosts }}" } diff --git a/playbooks/openstack/openshift-cluster/files/heat_stack.yaml b/playbooks/openstack/openshift-cluster/files/heat_stack.yaml index 4f6a59a30..af774aa32 100644 --- a/playbooks/openstack/openshift-cluster/files/heat_stack.yaml +++ b/playbooks/openstack/openshift-cluster/files/heat_stack.yaml @@ -14,10 +14,10 @@ parameters: label: Cluster ID description: Identifier of the cluster - cidr: + subnet_24_prefix: type: string - label: CIDR - description: CIDR of the network of the cluster + label: subnet /24 prefix + description: /24 subnet prefix of the network of the cluster (dot separated number triplet) dns_nameservers: type: comma_delimited_list @@ -30,12 +30,6 @@ parameters: description: Name of the external network default: external - floating_ip_pool: - type: string - label: Floating IP pool - description: Floating IP pools - default: external - ssh_public_key: type: string label: SSH public key @@ -88,6 +82,11 @@ parameters: label: Infra image description: Name of the image for the infra node servers + dns_image: + type: string + label: DNS image + description: Name of the image for the DNS server + etcd_flavor: type: string label: Etcd flavor @@ -108,6 +107,11 @@ parameters: label: Infra flavor description: Flavor of the infra node servers + dns_flavor: + type: string + label: DNS flavor + description: Flavor of the DNS server + outputs: etcd_names: @@ -158,6 +162,26 @@ outputs: description: Floating IPs of the nodes value: { get_attr: [ infra_nodes, floating_ip ] } + dns_name: + description: Name of the DNS + value: + get_attr: + - dns + - name + + dns_floating_ip: + description: Floating IP of the DNS + value: + get_attr: + - dns + - addresses + - str_replace: + template: openshift-ansible-cluster_id-net + params: + cluster_id: { get_param: cluster_id } + - 1 + - addr + resources: net: @@ -178,8 +202,27 @@ resources: params: cluster_id: { get_param: cluster_id } network: { get_resource: net } - cidr: { get_param: cidr } - dns_nameservers: { get_param: dns_nameservers } + cidr: + str_replace: + template: subnet_24_prefix.0/24 + params: + subnet_24_prefix: { get_param: subnet_24_prefix } + allocation_pools: + - start: + str_replace: + template: subnet_24_prefix.3 + params: + subnet_24_prefix: { get_param: subnet_24_prefix } + end: + str_replace: + template: subnet_24_prefix.254 + params: + subnet_24_prefix: { get_param: subnet_24_prefix } + dns_nameservers: + - str_replace: + template: subnet_24_prefix.2 + params: + subnet_24_prefix: { get_param: subnet_24_prefix } router: type: OS::Neutron::Router @@ -303,16 +346,16 @@ resources: port_range_max: 22 remote_ip_prefix: { get_param: ssh_incoming } - direction: ingress - protocol: udp - port_range_min: 4789 - port_range_max: 4789 - remote_mode: remote_group_id - - direction: ingress protocol: tcp port_range_min: 10250 port_range_max: 10250 remote_mode: remote_group_id remote_group_id: { get_resource: master-secgrp } + - direction: ingress + protocol: udp + port_range_min: 4789 + port_range_max: 4789 + remote_mode: remote_group_id infra-secgrp: type: OS::Neutron::SecurityGroup @@ -337,6 +380,44 @@ resources: port_range_min: 443 port_range_max: 443 + dns-secgrp: + type: OS::Neutron::SecurityGroup + properties: + name: + str_replace: + template: openshift-ansible-cluster_id-dns-secgrp + params: + cluster_id: { get_param: cluster_id } + description: + str_replace: + template: Security group for cluster_id cluster DNS + params: + cluster_id: { get_param: cluster_id } + rules: + - direction: ingress + protocol: tcp + port_range_min: 22 + port_range_max: 22 + remote_ip_prefix: { get_param: ssh_incoming } + - direction: ingress + protocol: udp + port_range_min: 53 + port_range_max: 53 + remote_mode: remote_group_id + remote_group_id: { get_resource: etcd-secgrp } + - direction: ingress + protocol: udp + port_range_min: 53 + port_range_max: 53 + remote_mode: remote_group_id + remote_group_id: { get_resource: master-secgrp } + - direction: ingress + protocol: udp + port_range_min: 53 + port_range_max: 53 + remote_mode: remote_group_id + remote_group_id: { get_resource: node-secgrp } + etcd: type: OS::Heat::ResourceGroup properties: @@ -360,13 +441,14 @@ resources: subnet: { get_resource: subnet } secgrp: - { get_resource: etcd-secgrp } - floating_network: { get_param: floating_ip_pool } + floating_network: { get_param: external_net } net_name: str_replace: template: openshift-ansible-cluster_id-net params: cluster_id: { get_param: cluster_id } - depends_on: interface + depends_on: + - interface masters: type: OS::Heat::ResourceGroup @@ -391,13 +473,15 @@ resources: subnet: { get_resource: subnet } secgrp: - { get_resource: master-secgrp } - floating_network: { get_param: floating_ip_pool } + - { get_resource: node-secgrp } + floating_network: { get_param: external_net } net_name: str_replace: template: openshift-ansible-cluster_id-net params: cluster_id: { get_param: cluster_id } - depends_on: interface + depends_on: + - interface compute_nodes: type: OS::Heat::ResourceGroup @@ -424,13 +508,14 @@ resources: subnet: { get_resource: subnet } secgrp: - { get_resource: node-secgrp } - floating_network: { get_param: floating_ip_pool } + floating_network: { get_param: external_net } net_name: str_replace: template: openshift-ansible-cluster_id-net params: cluster_id: { get_param: cluster_id } - depends_on: interface + depends_on: + - interface infra_nodes: type: OS::Heat::ResourceGroup @@ -458,10 +543,77 @@ resources: secgrp: - { get_resource: node-secgrp } - { get_resource: infra-secgrp } - floating_network: { get_param: floating_ip_pool } + floating_network: { get_param: external_net } net_name: str_replace: template: openshift-ansible-cluster_id-net params: cluster_id: { get_param: cluster_id } - depends_on: interface + depends_on: + - interface + + dns: + type: OS::Nova::Server + properties: + name: + str_replace: + template: cluster_id-dns + params: + cluster_id: { get_param: cluster_id } + key_name: { get_resource: keypair } + image: { get_param: dns_image } + flavor: { get_param: dns_flavor } + networks: + - port: { get_resource: dns-port } + user_data: { get_resource: dns-config } + user_data_format: RAW + + dns-port: + type: OS::Neutron::Port + properties: + network: { get_resource: net } + fixed_ips: + - subnet: { get_resource: subnet } + ip_address: + str_replace: + template: subnet_24_prefix.2 + params: + subnet_24_prefix: { get_param: subnet_24_prefix } + security_groups: + - { get_resource: dns-secgrp } + + dns-floating-ip: + type: OS::Neutron::FloatingIP + properties: + floating_network: { get_param: external_net } + port_id: { get_resource: dns-port } + + dns-config: + type: OS::Heat::MultipartMime + properties: + parts: + - config: { get_file: user-data } + - config: + str_replace: + template: | + #cloud-config + write_files: + - path: /etc/sysconfig/network-scripts/ifcfg-eth0 + content: | + DEVICE="eth0" + BOOTPROTO="dhcp" + DNS1="$dns1" + DNS2="$dns2" + PEERDNS="no" + ONBOOT="yes" + runcmd: + - [ "/usr/bin/systemctl", "restart", "network" ] + params: + $dns1: + get_param: + - dns_nameservers + - 0 + $dns2: + get_param: + - dns_nameservers + - 1 diff --git a/playbooks/openstack/openshift-cluster/launch.yml b/playbooks/openstack/openshift-cluster/launch.yml index 76cc64a73..0afcad72e 100644 --- a/playbooks/openstack/openshift-cluster/launch.yml +++ b/playbooks/openstack/openshift-cluster/launch.yml @@ -29,13 +29,12 @@ - name: Create or Update OpenStack Stack command: 'heat {{ heat_stack_action }} -f {{ openstack_infra_heat_stack }} - --timeout 3 --enable-rollback + --timeout 3 -P cluster_env={{ cluster_env }} -P cluster_id={{ cluster_id }} - -P cidr={{ openstack_network_cidr }} + -P subnet_24_prefix={{ openstack_subnet_24_prefix }} -P dns_nameservers={{ openstack_network_dns | join(",") }} -P external_net={{ openstack_network_external_net }} - -P floating_ip_pool={{ openstack_floating_ip_pool }} -P ssh_public_key="{{ openstack_ssh_public_key }}" -P ssh_incoming={{ openstack_ssh_access_from }} -P num_etcd={{ num_etcd }} @@ -46,10 +45,12 @@ -P master_image={{ deployment_vars[deployment_type].image }} -P node_image={{ deployment_vars[deployment_type].image }} -P infra_image={{ deployment_vars[deployment_type].image }} + -P dns_image={{ deployment_vars[deployment_type].image }} -P etcd_flavor={{ openstack_flavor["etcd"] }} -P master_flavor={{ openstack_flavor["master"] }} -P node_flavor={{ openstack_flavor["node"] }} -P infra_flavor={{ openstack_flavor["infra"] }} + -P dns_flavor=m1.small openshift-ansible-{{ cluster_id }}-stack' - name: Wait for OpenStack Stack readiness @@ -58,7 +59,40 @@ until: stack_show_status_result.stdout not in ['CREATE_IN_PROGRESS', 'UPDATE_IN_PROGRESS'] retries: 30 delay: 5 - failed_when: stack_show_status_result.stdout not in ['CREATE_COMPLETE', 'UPDATE_COMPLETE'] + + - name: Display the stack resources + command: 'heat resource-list openshift-ansible-{{ cluster_id }}-stack' + register: stack_resource_list_result + when: stack_show_status_result.stdout not in ['CREATE_COMPLETE', 'UPDATE_COMPLETE'] + + - name: Display the stack status + command: 'heat stack-show openshift-ansible-{{ cluster_id }}-stack' + register: stack_show_result + when: stack_show_status_result.stdout not in ['CREATE_COMPLETE', 'UPDATE_COMPLETE'] + + - name: Delete the stack + command: 'heat stack-delete openshift-ansible-{{ cluster_id }}-stack' + when: stack_show_status_result.stdout not in ['CREATE_COMPLETE', 'UPDATE_COMPLETE'] + + - fail: + msg: | + + +--------------------------------------+ + | ^ | + | /!\ Failed to create the heat stack | + | /___\ | + +--------------------------------------+ + + Here is the list of stack resources and their status: + {{ stack_resource_list_result.stdout }} + + Here is the status of the stack: + {{ stack_show_result.stdout }} + + ^ Failed to create the heat stack + /!\ + /___\ Please check the `stack_status_reason` line in the above array to know why. + when: stack_show_status_result.stdout not in ['CREATE_COMPLETE', 'UPDATE_COMPLETE'] - name: Read OpenStack Stack outputs command: 'heat stack-show openshift-ansible-{{ cluster_id }}-stack' @@ -74,6 +108,8 @@ ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" groups: 'tag_environment_{{ cluster_env }}, tag_host-type_etcd, tag_sub-host-type_default, tag_clusterid_{{ cluster_id }}' + openshift_node_labels: + type: "etcd" with_together: - parsed_outputs.etcd_names - parsed_outputs.etcd_ips @@ -86,6 +122,8 @@ ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" groups: 'tag_environment_{{ cluster_env }}, tag_host-type_master, tag_sub-host-type_default, tag_clusterid_{{ cluster_id }}' + openshift_node_labels: + type: "master" with_together: - parsed_outputs.master_names - parsed_outputs.master_ips @@ -98,6 +136,8 @@ ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" groups: 'tag_environment_{{ cluster_env }}, tag_host-type_node, tag_sub-host-type_compute, tag_clusterid_{{ cluster_id }}' + openshift_node_labels: + type: "compute" with_together: - parsed_outputs.node_names - parsed_outputs.node_ips @@ -110,11 +150,21 @@ ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" groups: 'tag_environment_{{ cluster_env }}, tag_host-type_node, tag_sub-host-type_infra, tag_clusterid_{{ cluster_id }}' + openshift_node_labels: + type: "infra" with_together: - parsed_outputs.infra_names - parsed_outputs.infra_ips - parsed_outputs.infra_floating_ips + - name: Add DNS groups and variables + add_host: + hostname: '{{ parsed_outputs.dns_name }}' + ansible_ssh_host: '{{ parsed_outputs.dns_floating_ip }}' + ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" + ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" + groups: '{{ cluster_id }}-dns' + - name: Wait for ssh wait_for: host: '{{ item }}' @@ -123,6 +173,7 @@ - parsed_outputs.master_floating_ips - parsed_outputs.node_floating_ips - parsed_outputs.infra_floating_ips + - parsed_outputs.dns_floating_ip - name: Wait for user setup command: 'ssh -o StrictHostKeyChecking=no -o PasswordAuthentication=no -o ConnectTimeout=10 -o UserKnownHostsFile=/dev/null {{ deployment_vars[deployment_type].ssh_user }}@{{ item }} echo {{ deployment_vars[deployment_type].ssh_user }} user is setup' @@ -134,6 +185,7 @@ - parsed_outputs.master_floating_ips - parsed_outputs.node_floating_ips - parsed_outputs.infra_floating_ips + - parsed_outputs.dns_floating_ip - include: update.yml diff --git a/playbooks/openstack/openshift-cluster/terminate.yml b/playbooks/openstack/openshift-cluster/terminate.yml index 7a86b78c5..a1fb41b53 100644 --- a/playbooks/openstack/openshift-cluster/terminate.yml +++ b/playbooks/openstack/openshift-cluster/terminate.yml @@ -19,7 +19,7 @@ - vars.yml roles: - role: rhel_unsubscribe - when: deployment_type == "enterprise" and + when: deployment_type in ['atomic-enterprise', 'enterprise', 'openshift-enterprise'] and ansible_distribution == "RedHat" and lookup('oo_option', 'rhel_skip_subscription') | default(rhsub_skip, True) | default('no', True) | lower in ['no', 'false'] diff --git a/playbooks/openstack/openshift-cluster/update.yml b/playbooks/openstack/openshift-cluster/update.yml index 2dc540978..16027b15c 100644 --- a/playbooks/openstack/openshift-cluster/update.yml +++ b/playbooks/openstack/openshift-cluster/update.yml @@ -1,4 +1,6 @@ --- +- include: dns.yml + - name: Populate oo_hosts_to_update group hosts: localhost connection: local diff --git a/playbooks/openstack/openshift-cluster/vars.yml b/playbooks/openstack/openshift-cluster/vars.yml index 76cde1706..ee26d223e 100644 --- a/playbooks/openstack/openshift-cluster/vars.yml +++ b/playbooks/openstack/openshift-cluster/vars.yml @@ -2,12 +2,10 @@ debug_level: 2 openstack_infra_heat_stack: "{{ lookup('oo_option', 'infra_heat_stack' ) | default('files/heat_stack.yaml', True) }}" -openstack_network_cidr: "{{ lookup('oo_option', 'net_cidr' ) | - default('192.168.' + ( ( 1048576 | random % 256 ) | string() ) + '.0/24', True) }}" +openstack_subnet_24_prefix: "{{ lookup('oo_option', 'subnet_24_prefix' ) | + default('192.168.' + ( ( 1048576 | random % 256 ) | string() ), True) }}" openstack_network_external_net: "{{ lookup('oo_option', 'external_net' ) | default('external', True) }}" -openstack_floating_ip_pool: "{{ lookup('oo_option', 'floating_ip_pool' ) | - default('external', True) }}" openstack_network_dns: "{{ lookup('oo_option', 'dns' ) | default('8.8.8.8,8.8.4.4', True) | oo_split() }}" openstack_ssh_public_key: "{{ lookup('file', lookup('oo_option', 'public_key') | |