diff options
Diffstat (limited to 'playbooks')
27 files changed, 475 insertions, 94 deletions
diff --git a/playbooks/aws/openshift-cluster/hosted.yml b/playbooks/aws/openshift-cluster/hosted.yml deleted file mode 100644 index 9d9ed29de..000000000 --- a/playbooks/aws/openshift-cluster/hosted.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- -- import_playbook: ../../openshift-hosted/private/config.yml - -- import_playbook: ../../openshift-metrics/private/config.yml - when: openshift_metrics_install_metrics | default(false) | bool - -- import_playbook: ../../openshift-logging/private/config.yml - when: openshift_logging_install_logging | default(false) | bool - -- import_playbook: ../../openshift-prometheus/private/config.yml - when: openshift_hosted_prometheus_deploy | default(false) | bool - -- import_playbook: ../../openshift-service-catalog/private/config.yml - when: openshift_enable_service_catalog | default(false) | bool - -- import_playbook: ../../openshift-management/private/config.yml - when: openshift_management_install_management | default(false) | bool - -- name: Print deprecated variable warning message if necessary - hosts: oo_first_master - gather_facts: no - tasks: - - debug: msg="{{__deprecation_message}}" - when: - - __deprecation_message | default ('') | length > 0 diff --git a/playbooks/aws/openshift-cluster/install.yml b/playbooks/aws/openshift-cluster/install.yml index a3fc82f9a..938e83f5e 100644 --- a/playbooks/aws/openshift-cluster/install.yml +++ b/playbooks/aws/openshift-cluster/install.yml @@ -18,29 +18,8 @@ - name: run the init import_playbook: ../../init/main.yml -- name: perform the installer openshift-checks - import_playbook: ../../openshift-checks/private/install.yml +- name: configure the control plane + import_playbook: ../../common/private/control_plane.yml -- name: etcd install - import_playbook: ../../openshift-etcd/private/config.yml - -- name: include nfs - import_playbook: ../../openshift-nfs/private/config.yml - when: groups.oo_nfs_to_config | default([]) | count > 0 - -- name: include loadbalancer - import_playbook: ../../openshift-loadbalancer/private/config.yml - when: groups.oo_lb_to_config | default([]) | count > 0 - -- name: include openshift-master config - import_playbook: ../../openshift-master/private/config.yml - -- name: include master additional config - import_playbook: ../../openshift-master/private/additional_config.yml - -- name: include master additional config +- name: ensure the masters are configured as nodes import_playbook: ../../openshift-node/private/config.yml - -- name: include openshift-glusterfs - import_playbook: ../../openshift-glusterfs/private/config.yml - when: groups.oo_glusterfs_to_config | default([]) | count > 0 diff --git a/playbooks/aws/openshift-cluster/provision_install.yml b/playbooks/aws/openshift-cluster/provision_install.yml index f98f5be9a..bd154fa83 100644 --- a/playbooks/aws/openshift-cluster/provision_install.yml +++ b/playbooks/aws/openshift-cluster/provision_install.yml @@ -15,5 +15,5 @@ - name: Include the accept.yml playbook to accept nodes into the cluster import_playbook: accept.yml -- name: Include the hosted.yml playbook to finish the hosted configuration - import_playbook: hosted.yml +- name: Include the components playbook to finish the hosted configuration + import_playbook: ../../common/private/components.yml diff --git a/playbooks/aws/provisioning_vars.yml.example b/playbooks/aws/provisioning_vars.yml.example index f6b1a6b5d..a1a8a5b08 100644 --- a/playbooks/aws/provisioning_vars.yml.example +++ b/playbooks/aws/provisioning_vars.yml.example @@ -41,11 +41,27 @@ openshift_pkg_version: # -3.7.0 # a vpc, set this to false. #openshift_aws_create_vpc: true +# when openshift_aws_create_vpc is true (the default), the VPC defined in +# openshift_aws_vpc will be created +#openshift_aws_vpc: +# name: "{{ openshift_aws_vpc_name }}" +# cidr: 172.31.0.0/16 +# subnets: +# us-east-1: +# - cidr: 172.31.48.0/20 +# az: "us-east-1c" +# default_az: true +# - cidr: 172.31.32.0/20 +# az: "us-east-1e" +# - cidr: 172.31.16.0/20 +# az: "us-east-1a" + # Name of the vpc. Needs to be set if using a pre-existing vpc. #openshift_aws_vpc_name: "{{ openshift_aws_clusterid }}" # Name of the subnet in the vpc to use. Needs to be set if using a pre-existing -# vpc + subnet. +# vpc + subnet. Otherwise will use the subnet with 'default_az' set (see above +# example VPC structure) #openshift_aws_subnet_az: # -------------- # diff --git a/playbooks/common/openshift-cluster/upgrades/pre/config.yml b/playbooks/common/openshift-cluster/upgrades/pre/config.yml index da63450b8..2b27f8dd0 100644 --- a/playbooks/common/openshift-cluster/upgrades/pre/config.yml +++ b/playbooks/common/openshift-cluster/upgrades/pre/config.yml @@ -49,7 +49,7 @@ # to a more specific version, respecting openshift_image_tag and openshift_pkg_version if # defined, and overriding the normal behavior of protecting the installed version openshift_release: "{{ openshift_upgrade_target }}" - openshift_protect_installed_version: False + # openshift_protect_installed_version is passed n via upgrade_control_plane.yml # l_openshift_version_set_hosts is passed via upgrade_control_plane.yml # l_openshift_version_check_hosts is passed via upgrade_control_plane.yml diff --git a/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade.yml index d520c6aee..a2d21b69f 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade.yml @@ -23,6 +23,7 @@ l_upgrade_verify_targets_hosts: "oo_masters_to_config:oo_nodes_to_upgrade" l_upgrade_docker_target_hosts: "oo_masters_to_config:oo_nodes_to_upgrade:oo_etcd_to_config" l_upgrade_excluder_hosts: "oo_nodes_to_config:oo_masters_to_config" + openshift_protect_installed_version: False - import_playbook: validator.yml diff --git a/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade_control_plane.yml index d88880140..9aa5a3b64 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade_control_plane.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade_control_plane.yml @@ -35,6 +35,7 @@ l_upgrade_verify_targets_hosts: "oo_masters_to_config" l_upgrade_docker_target_hosts: "oo_masters_to_config:oo_etcd_to_config" l_upgrade_excluder_hosts: "oo_masters_to_config" + openshift_protect_installed_version: False - import_playbook: validator.yml diff --git a/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade.yml index 4daa9e490..cc2ec2709 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade.yml @@ -23,6 +23,7 @@ l_upgrade_verify_targets_hosts: "oo_masters_to_config:oo_nodes_to_upgrade" l_upgrade_docker_target_hosts: "oo_masters_to_config:oo_nodes_to_upgrade:oo_etcd_to_config" l_upgrade_excluder_hosts: "oo_nodes_to_config:oo_masters_to_config" + openshift_protect_installed_version: False - import_playbook: validator.yml diff --git a/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade_control_plane.yml index ce069e2d0..b1ecc75d3 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade_control_plane.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade_control_plane.yml @@ -35,6 +35,7 @@ l_upgrade_verify_targets_hosts: "oo_masters_to_config" l_upgrade_docker_target_hosts: "oo_masters_to_config:oo_etcd_to_config" l_upgrade_excluder_hosts: "oo_masters_to_config" + openshift_protect_installed_version: False - import_playbook: validator.yml diff --git a/playbooks/common/openshift-cluster/upgrades/v3_8/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_8/upgrade.yml index a9bf354cc..a73b7d63a 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_8/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_8/upgrade.yml @@ -23,6 +23,7 @@ l_upgrade_verify_targets_hosts: "oo_masters_to_config:oo_nodes_to_upgrade" l_upgrade_docker_target_hosts: "oo_masters_to_config:oo_nodes_to_upgrade:oo_etcd_to_config" l_upgrade_excluder_hosts: "oo_nodes_to_config:oo_masters_to_config" + openshift_protect_installed_version: False - import_playbook: validator.yml diff --git a/playbooks/common/openshift-cluster/upgrades/v3_8/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/v3_8/upgrade_control_plane.yml index 3f26a6297..723b2e533 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_8/upgrade_control_plane.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_8/upgrade_control_plane.yml @@ -36,6 +36,7 @@ l_upgrade_verify_targets_hosts: "oo_masters_to_config" l_upgrade_docker_target_hosts: "oo_masters_to_config:oo_etcd_to_config" l_upgrade_excluder_hosts: "oo_masters_to_config" + openshift_protect_installed_version: False - import_playbook: validator.yml diff --git a/playbooks/common/openshift-cluster/upgrades/v3_9/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_9/upgrade.yml index 20e0c165e..bf6e8605e 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_9/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_9/upgrade.yml @@ -20,6 +20,7 @@ l_upgrade_verify_targets_hosts: "oo_masters_to_config:oo_nodes_to_upgrade" l_upgrade_docker_target_hosts: "oo_masters_to_config:oo_nodes_to_upgrade:oo_etcd_to_config" l_upgrade_excluder_hosts: "oo_nodes_to_config:oo_masters_to_config" + openshift_protect_installed_version: False - import_playbook: validator.yml diff --git a/playbooks/common/openshift-cluster/upgrades/v3_9/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/v3_9/upgrade_control_plane.yml index 0f48725f6..1dcc38def 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_9/upgrade_control_plane.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_9/upgrade_control_plane.yml @@ -41,6 +41,7 @@ l_upgrade_verify_targets_hosts: "oo_masters_to_config" l_upgrade_docker_target_hosts: "oo_masters_to_config:oo_etcd_to_config" l_upgrade_excluder_hosts: "oo_masters_to_config" + openshift_protect_installed_version: False when: hostvars[groups.oo_first_master.0].openshift_currently_installed_version | version_compare('3.8','<') - name: Flag pre-upgrade checks complete for hosts without errors 3.8 @@ -82,6 +83,7 @@ l_upgrade_verify_targets_hosts: "oo_masters_to_config" l_upgrade_docker_target_hosts: "oo_masters_to_config:oo_etcd_to_config" l_upgrade_excluder_hosts: "oo_masters_to_config" + openshift_protect_installed_version: False - name: Flag pre-upgrade checks complete for hosts without errors hosts: oo_masters_to_config:oo_etcd_to_config diff --git a/playbooks/common/private/components.yml b/playbooks/common/private/components.yml new file mode 100644 index 000000000..089645d07 --- /dev/null +++ b/playbooks/common/private/components.yml @@ -0,0 +1,38 @@ +--- +# These are the core component plays that configure the layers above the control +# plane. A component is generally considered any part of OpenShift that runs on +# top of the cluster and may be considered optional. Over time, much of OpenShift +# above the Kubernetes apiserver and masters may be considered components. +# +# Preconditions: +# +# 1. The control plane is configured and reachable from nodes inside the cluster +# 2. An admin kubeconfig file in /etc/origin/master/admin.kubeconfig that can +# perform root level actions against the cluster +# 3. On cloud providers, persistent volume provisioners are configured +# 4. A subset of nodes is available to allow components to schedule - this must +# include the masters and usually includes infra nodes. +# 5. The init/main.yml playbook has been invoked + +- import_playbook: ../../openshift-glusterfs/private/config.yml + when: groups.oo_glusterfs_to_config | default([]) | count > 0 + +- import_playbook: ../../openshift-hosted/private/config.yml + +- import_playbook: ../../openshift-web-console/private/config.yml + when: openshift_web_console_install | default(true) | bool + +- import_playbook: ../../openshift-metrics/private/config.yml + when: openshift_metrics_install_metrics | default(false) | bool + +- import_playbook: ../../openshift-logging/private/config.yml + when: openshift_logging_install_logging | default(false) | bool + +- import_playbook: ../../openshift-prometheus/private/config.yml + when: openshift_hosted_prometheus_deploy | default(false) | bool + +- import_playbook: ../../openshift-service-catalog/private/config.yml + when: openshift_enable_service_catalog | default(true) | bool + +- import_playbook: ../../openshift-management/private/config.yml + when: openshift_management_install_management | default(false) | bool diff --git a/playbooks/common/private/control_plane.yml b/playbooks/common/private/control_plane.yml new file mode 100644 index 000000000..0a5f1142b --- /dev/null +++ b/playbooks/common/private/control_plane.yml @@ -0,0 +1,34 @@ +--- +# These are the control plane plays that configure a control plane on top of hosts +# identified as masters. Over time, some of the pieces of the current control plane +# may be moved to the components list. +# +# It is not required for any nodes to be configured, or passed to be configured, +# when this playbook is invoked. +# +# Preconditions: +# +# 1. A set of machines have been identified to act as masters +# 2. On cloud providers, a load balancer has been configured to point to the masters +# and that load balancer has a DNS name +# 3. The init/main.yml playbook has been invoked +# +# Postconditions: +# +# 1. The control plane is reachable from the outside of the cluster +# 2. The master has an /etc/origin/master/admin.kubeconfig file that gives cluster-admin +# access. + +- import_playbook: ../../openshift-checks/private/install.yml + +- import_playbook: ../../openshift-etcd/private/config.yml + +- import_playbook: ../../openshift-nfs/private/config.yml + when: groups.oo_nfs_to_config | default([]) | count > 0 + +- import_playbook: ../../openshift-loadbalancer/private/config.yml + when: groups.oo_lb_to_config | default([]) | count > 0 + +- import_playbook: ../../openshift-master/private/config.yml + +- import_playbook: ../../openshift-master/private/additional_config.yml diff --git a/playbooks/deploy_cluster.yml b/playbooks/deploy_cluster.yml index 5efdc486a..361553ee4 100644 --- a/playbooks/deploy_cluster.yml +++ b/playbooks/deploy_cluster.yml @@ -1,44 +1,11 @@ --- - import_playbook: init/main.yml -- import_playbook: openshift-checks/private/install.yml - -- import_playbook: openshift-etcd/private/config.yml - -- import_playbook: openshift-nfs/private/config.yml - when: groups.oo_nfs_to_config | default([]) | count > 0 - -- import_playbook: openshift-loadbalancer/private/config.yml - when: groups.oo_lb_to_config | default([]) | count > 0 - -- import_playbook: openshift-master/private/config.yml - -- import_playbook: openshift-master/private/additional_config.yml +- import_playbook: common/private/control_plane.yml - import_playbook: openshift-node/private/config.yml -- import_playbook: openshift-glusterfs/private/config.yml - when: groups.oo_glusterfs_to_config | default([]) | count > 0 - -- import_playbook: openshift-hosted/private/config.yml - -- import_playbook: openshift-web-console/private/config.yml - when: openshift_web_console_install | default(true) | bool - -- import_playbook: openshift-metrics/private/config.yml - when: openshift_metrics_install_metrics | default(false) | bool - -- import_playbook: openshift-logging/private/config.yml - when: openshift_logging_install_logging | default(false) | bool - -- import_playbook: openshift-prometheus/private/config.yml - when: openshift_hosted_prometheus_deploy | default(false) | bool - -- import_playbook: openshift-service-catalog/private/config.yml - when: openshift_enable_service_catalog | default(true) | bool - -- import_playbook: openshift-management/private/config.yml - when: openshift_management_install_management | default(false) | bool +- import_playbook: common/private/components.yml - name: Print deprecated variable warning message if necessary hosts: oo_first_master diff --git a/playbooks/gcp/openshift-cluster/build_base_image.yml b/playbooks/gcp/openshift-cluster/build_base_image.yml new file mode 100644 index 000000000..75d0ddf9d --- /dev/null +++ b/playbooks/gcp/openshift-cluster/build_base_image.yml @@ -0,0 +1,162 @@ +--- +# This playbook ensures that a base image is up to date with all of the required settings +- name: Launch image build instance + hosts: localhost + connection: local + gather_facts: no + tasks: + - name: Require openshift_gcp_root_image + fail: + msg: "A root OS image name or family is required for base image building. Please ensure `openshift_gcp_root_image` is defined." + when: openshift_gcp_root_image is undefined + + - name: Create the image instance disk + gce_pd: + service_account_email: "{{ (lookup('file', openshift_gcp_iam_service_account_keyfile ) | from_json ).client_email }}" + credentials_file: "{{ openshift_gcp_iam_service_account_keyfile }}" + project_id: "{{ openshift_gcp_project }}" + zone: "{{ openshift_gcp_zone }}" + name: "{{ openshift_gcp_prefix }}build-image-instance" + disk_type: pd-ssd + image: "{{ openshift_gcp_root_image }}" + size_gb: 10 + state: present + + - name: Launch the image build instance + gce: + service_account_email: "{{ (lookup('file', openshift_gcp_iam_service_account_keyfile ) | from_json ).client_email }}" + credentials_file: "{{ openshift_gcp_iam_service_account_keyfile }}" + project_id: "{{ openshift_gcp_project }}" + zone: "{{ openshift_gcp_zone }}" + machine_type: n1-standard-1 + instance_names: "{{ openshift_gcp_prefix }}build-image-instance" + state: present + tags: + - build-image-instance + disk_auto_delete: false + disks: + - "{{ openshift_gcp_prefix }}build-image-instance" + register: gce + + - add_host: + hostname: "{{ item.public_ip }}" + groupname: build_instance_ips + with_items: "{{ gce.instance_data }}" + + - name: Wait for instance to respond to SSH + wait_for: + delay: 1 + host: "{{ item.public_ip }}" + port: 22 + state: started + timeout: 120 + with_items: "{{ gce.instance_data }}" + +- name: Prepare instance content sources + pre_tasks: + - set_fact: + allow_rhel_subscriptions: "{{ rhsub_skip | default('no', True) | lower in ['no', 'false'] }}" + - set_fact: + using_rhel_subscriptions: "{{ (deployment_type in ['enterprise', 'atomic-enterprise', 'openshift-enterprise'] or ansible_distribution == 'RedHat') and allow_rhel_subscriptions }}" + hosts: build_instance_ips + roles: + - role: rhel_subscribe + when: using_rhel_subscriptions + - role: openshift_repos + vars: + openshift_additional_repos: [] + post_tasks: + - name: Add custom repositories + include_role: + name: openshift_gcp + tasks_from: add_custom_repositories.yml + - name: Add the Google Cloud repo + yum_repository: + name: google-cloud + description: Google Cloud Compute + baseurl: https://packages.cloud.google.com/yum/repos/google-cloud-compute-el7-x86_64 + gpgkey: https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg + gpgcheck: yes + repo_gpgcheck: yes + state: present + when: ansible_os_family == "RedHat" + - name: Add the jdetiber-qemu-user-static copr repo + yum_repository: + name: jdetiber-qemu-user-static + description: QEMU user static COPR + baseurl: https://copr-be.cloud.fedoraproject.org/results/jdetiber/qemu-user-static/epel-7-$basearch/ + gpgkey: https://copr-be.cloud.fedoraproject.org/results/jdetiber/qemu-user-static/pubkey.gpg + gpgcheck: yes + repo_gpgcheck: no + state: present + when: ansible_os_family == "RedHat" + - name: Install qemu-user-static + package: + name: qemu-user-static + state: present + - name: Start and enable systemd-binfmt service + systemd: + name: systemd-binfmt + state: started + enabled: yes + +- name: Build image + hosts: build_instance_ips + pre_tasks: + - name: Set up core host GCP configuration + include_role: + name: openshift_gcp + tasks_from: configure_gcp_base_image.yml + roles: + - role: os_update_latest + post_tasks: + - name: Disable all repos on RHEL + command: subscription-manager repos --disable="*" + when: using_rhel_subscriptions + - name: Enable repos for packages on RHEL + command: subscription-manager repos --enable="rhel-7-server-rpms" --enable="rhel-7-server-extras-rpms" + when: using_rhel_subscriptions + - name: Install common image prerequisites + package: name={{ item }} state=latest + with_items: + # required by Ansible + - PyYAML + - docker + - google-compute-engine + - google-compute-engine-init + - google-config + - wget + - git + - net-tools + - bind-utils + - iptables-services + - bridge-utils + - bash-completion + - name: Clean yum metadata + command: yum clean all + args: + warn: no + when: ansible_os_family == "RedHat" + +- name: Commit image + hosts: localhost + connection: local + tasks: + - name: Terminate the image build instance + gce: + service_account_email: "{{ (lookup('file', openshift_gcp_iam_service_account_keyfile ) | from_json ).client_email }}" + credentials_file: "{{ openshift_gcp_iam_service_account_keyfile }}" + project_id: "{{ openshift_gcp_project }}" + zone: "{{ openshift_gcp_zone }}" + instance_names: "{{ openshift_gcp_prefix }}build-image-instance" + state: absent + - name: Save the new image + command: gcloud --project "{{ openshift_gcp_project}}" compute images create "{{ openshift_gcp_base_image_name | default(openshift_gcp_base_image + '-' + lookup('pipe','date +%Y%m%d-%H%M%S')) }}" --source-disk "{{ openshift_gcp_prefix }}build-image-instance" --source-disk-zone "{{ openshift_gcp_zone }}" --family "{{ openshift_gcp_base_image }}" + - name: Remove the image instance disk + gce_pd: + service_account_email: "{{ (lookup('file', openshift_gcp_iam_service_account_keyfile ) | from_json ).client_email }}" + credentials_file: "{{ openshift_gcp_iam_service_account_keyfile }}" + project_id: "{{ openshift_gcp_project }}" + zone: "{{ openshift_gcp_zone }}" + name: "{{ openshift_gcp_prefix }}build-image-instance" + state: absent diff --git a/playbooks/gcp/openshift-cluster/build_image.yml b/playbooks/gcp/openshift-cluster/build_image.yml new file mode 100644 index 000000000..787de8ebc --- /dev/null +++ b/playbooks/gcp/openshift-cluster/build_image.yml @@ -0,0 +1,106 @@ +--- +- name: Verify prerequisites for image build + hosts: localhost + connection: local + gather_facts: no + tasks: + - name: Require openshift_gcp_base_image + fail: + msg: "A base image name or family is required for image building. Please ensure `openshift_gcp_base_image` is defined." + when: openshift_gcp_base_image is undefined + +- name: Launch image build instance + hosts: localhost + connection: local + gather_facts: no + tasks: + - name: Set facts + set_fact: + openshift_node_bootstrap: True + openshift_master_unsupported_embedded_etcd: True + + - name: Create the image instance disk + gce_pd: + service_account_email: "{{ (lookup('file', openshift_gcp_iam_service_account_keyfile ) | from_json ).client_email }}" + credentials_file: "{{ openshift_gcp_iam_service_account_keyfile }}" + project_id: "{{ openshift_gcp_project }}" + zone: "{{ openshift_gcp_zone }}" + name: "{{ openshift_gcp_prefix }}build-image-instance" + disk_type: pd-ssd + image: "{{ openshift_gcp_base_image }}" + size_gb: 10 + state: present + + - name: Launch the image build instance + gce: + service_account_email: "{{ (lookup('file', openshift_gcp_iam_service_account_keyfile ) | from_json ).client_email }}" + credentials_file: "{{ openshift_gcp_iam_service_account_keyfile }}" + project_id: "{{ openshift_gcp_project }}" + zone: "{{ openshift_gcp_zone }}" + machine_type: n1-standard-1 + instance_names: "{{ openshift_gcp_prefix }}build-image-instance" + state: present + tags: + - build-image-instance + disk_auto_delete: false + disks: + - "{{ openshift_gcp_prefix }}build-image-instance" + register: gce + + - name: add host to nodes + add_host: + hostname: "{{ item.public_ip }}" + groupname: nodes + with_items: "{{ gce.instance_data }}" + + - name: Wait for instance to respond to SSH + wait_for: + delay: 1 + host: "{{ item.public_ip }}" + port: 22 + state: started + timeout: 120 + with_items: "{{ gce.instance_data }}" + +- hosts: nodes + tasks: + - name: Set facts + set_fact: + openshift_node_bootstrap: True + +# This is the part that installs all of the software and configs for the instance +# to become a node. +- import_playbook: ../../openshift-node/private/image_prep.yml + +# Add additional GCP specific behavior +- hosts: nodes + tasks: + - include_role: + name: openshift_gcp + tasks_from: node_cloud_config.yml + - include_role: + name: openshift_gcp + tasks_from: frequent_log_rotation.yml + +- name: Commit image + hosts: localhost + connection: local + tasks: + - name: Terminate the image build instance + gce: + service_account_email: "{{ (lookup('file', openshift_gcp_iam_service_account_keyfile ) | from_json ).client_email }}" + credentials_file: "{{ openshift_gcp_iam_service_account_keyfile }}" + project_id: "{{ openshift_gcp_project }}" + zone: "{{ openshift_gcp_zone }}" + instance_names: "{{ openshift_gcp_prefix }}build-image-instance" + state: absent + - name: Save the new image + command: gcloud --project "{{ openshift_gcp_project}}" compute images create "{{ openshift_gcp_image_name | default(openshift_gcp_image + '-' + lookup('pipe','date +%Y%m%d-%H%M%S')) }}" --source-disk "{{ openshift_gcp_prefix }}build-image-instance" --source-disk-zone "{{ openshift_gcp_zone }}" --family "{{ openshift_gcp_image }}" + - name: Remove the image instance disk + gce_pd: + service_account_email: "{{ (lookup('file', openshift_gcp_iam_service_account_keyfile ) | from_json ).client_email }}" + credentials_file: "{{ openshift_gcp_iam_service_account_keyfile }}" + project_id: "{{ openshift_gcp_project }}" + zone: "{{ openshift_gcp_zone }}" + name: "{{ openshift_gcp_prefix }}build-image-instance" + state: absent diff --git a/playbooks/gcp/openshift-cluster/deprovision.yml b/playbooks/gcp/openshift-cluster/deprovision.yml new file mode 100644 index 000000000..589fddd2f --- /dev/null +++ b/playbooks/gcp/openshift-cluster/deprovision.yml @@ -0,0 +1,10 @@ +# This playbook terminates a running cluster +--- +- name: Terminate running cluster and remove all supporting resources in GCE + hosts: localhost + connection: local + tasks: + - include_role: + name: openshift_gcp + vars: + state: absent diff --git a/playbooks/gcp/openshift-cluster/install.yml b/playbooks/gcp/openshift-cluster/install.yml new file mode 100644 index 000000000..fb35b4348 --- /dev/null +++ b/playbooks/gcp/openshift-cluster/install.yml @@ -0,0 +1,33 @@ +# This playbook installs onto a provisioned cluster +--- +- hosts: localhost + connection: local + tasks: + - name: place all scale groups into Ansible groups + include_role: + name: openshift_gcp + tasks_from: setup_scale_group_facts.yml + +- name: run the init + import_playbook: ../../init/main.yml + +- name: configure the control plane + import_playbook: ../../common/private/control_plane.yml + +- name: ensure the masters are configured as nodes + import_playbook: ../../openshift-node/private/config.yml + +- name: run the GCP specific post steps + import_playbook: install_gcp.yml + +- name: install components + import_playbook: ../../common/private/components.yml + +- hosts: primary_master + gather_facts: no + tasks: + - name: Retrieve cluster configuration + fetch: + src: "{{ openshift.common.config_base }}/master/admin.kubeconfig" + dest: "/tmp/" + flat: yes diff --git a/playbooks/gcp/openshift-cluster/install_gcp.yml b/playbooks/gcp/openshift-cluster/install_gcp.yml new file mode 100644 index 000000000..09db78971 --- /dev/null +++ b/playbooks/gcp/openshift-cluster/install_gcp.yml @@ -0,0 +1,21 @@ +--- +- hosts: masters + gather_facts: no + tasks: + - name: create master health check service + include_role: + name: openshift_gcp + tasks_from: configure_master_healthcheck.yml + - name: configure node bootstrapping + include_role: + name: openshift_gcp + tasks_from: configure_master_bootstrap.yml + when: + - openshift_master_bootstrap_enabled | default(False) + - name: configure node bootstrap autoapprover + include_role: + name: openshift_bootstrap_autoapprover + tasks_from: main + when: + - openshift_master_bootstrap_enabled | default(False) + - openshift_master_bootstrap_auto_approve | default(False) | bool diff --git a/playbooks/gcp/openshift-cluster/inventory.yml b/playbooks/gcp/openshift-cluster/inventory.yml new file mode 100644 index 000000000..96de6d6db --- /dev/null +++ b/playbooks/gcp/openshift-cluster/inventory.yml @@ -0,0 +1,10 @@ +--- +- name: Set up the connection variables for retrieving inventory from GCE + hosts: localhost + connection: local + gather_facts: no + tasks: + - name: materialize the inventory + include_role: + name: openshift_gcp + tasks_from: dynamic_inventory.yml diff --git a/playbooks/gcp/openshift-cluster/launch.yml b/playbooks/gcp/openshift-cluster/launch.yml new file mode 100644 index 000000000..02f00408a --- /dev/null +++ b/playbooks/gcp/openshift-cluster/launch.yml @@ -0,0 +1,12 @@ +# This playbook launches a new cluster or converges it if already launched +--- +- import_playbook: build_image.yml + when: openshift_gcp_build_image | default(False) | bool + +- import_playbook: provision.yml + +- hosts: localhost + tasks: + - meta: refresh_inventory + +- import_playbook: install.yml diff --git a/playbooks/gcp/provision.yml b/playbooks/gcp/openshift-cluster/provision.yml index b6edf9961..293a195c9 100644 --- a/playbooks/gcp/provision.yml +++ b/playbooks/gcp/openshift-cluster/provision.yml @@ -3,11 +3,10 @@ hosts: localhost connection: local gather_facts: no + roles: + - openshift_gcp tasks: - - - name: provision a GCP cluster in the specified project + - name: recalculate the dynamic inventory import_role: name: openshift_gcp - -- name: run the cluster deploy - import_playbook: ../deploy_cluster.yml + tasks_from: dynamic_inventory.yml diff --git a/playbooks/gcp/openshift-cluster/publish_image.yml b/playbooks/gcp/openshift-cluster/publish_image.yml new file mode 100644 index 000000000..76fd49e9c --- /dev/null +++ b/playbooks/gcp/openshift-cluster/publish_image.yml @@ -0,0 +1,9 @@ +--- +- name: Publish the most recent image + hosts: localhost + connection: local + gather_facts: no + tasks: + - import_role: + name: openshift_gcp + tasks_from: publish_image.yml diff --git a/playbooks/gcp/openshift-cluster/roles b/playbooks/gcp/openshift-cluster/roles new file mode 120000 index 000000000..20c4c58cf --- /dev/null +++ b/playbooks/gcp/openshift-cluster/roles @@ -0,0 +1 @@ +../../../roles
\ No newline at end of file diff --git a/playbooks/init/evaluate_groups.yml b/playbooks/init/evaluate_groups.yml index c4cd226c9..924ae481a 100644 --- a/playbooks/init/evaluate_groups.yml +++ b/playbooks/init/evaluate_groups.yml @@ -47,7 +47,7 @@ msg: > Running etcd as an embedded service is no longer supported. when: - - g_etcd_hosts | default([]) | length not in [3,1] + - g_etcd_hosts | default([]) | length not in [5,3,1] - not (openshift_node_bootstrap | default(False)) - name: Evaluate oo_all_hosts |