diff options
Diffstat (limited to 'roles')
-rw-r--r-- | roles/openshift-prep/defaults/main.yml | 11 | ||||
-rw-r--r-- | roles/openshift-prep/tasks/prerequisites.yml | 13 | ||||
-rw-r--r-- | roles/openstack-stack/defaults/main.yml | 1 | ||||
-rw-r--r-- | roles/openstack-stack/tasks/main.yml | 5 | ||||
-rw-r--r-- | roles/openstack-stack/tasks/subnet_update_dns_servers.yaml | 8 | ||||
-rw-r--r-- | roles/openstack-stack/templates/heat_stack.yaml.j2 | 48 |
6 files changed, 50 insertions, 36 deletions
diff --git a/roles/openshift-prep/defaults/main.yml b/roles/openshift-prep/defaults/main.yml new file mode 100644 index 000000000..fac25dcc1 --- /dev/null +++ b/roles/openshift-prep/defaults/main.yml @@ -0,0 +1,11 @@ +--- +# Defines either to install required packages and update all +manage_packages: true +required_packages: + - wget + - git + - net-tools + - bind-utils + - bridge-utils + - bash-completion + - vim-enhanced diff --git a/roles/openshift-prep/tasks/prerequisites.yml b/roles/openshift-prep/tasks/prerequisites.yml index 60507636f..433c1c4e3 100644 --- a/roles/openshift-prep/tasks/prerequisites.yml +++ b/roles/openshift-prep/tasks/prerequisites.yml @@ -6,19 +6,14 @@ yum: name: "{{ item }}" state: latest - with_items: - - wget - - git - - net-tools - - bind-utils - - bridge-utils - - bash-completion - - vim-enhanced + with_items: "{{ required_packages }}" + when: manage_packages|bool - name: "Update all packages (this can take a very long time)" yum: - name: "*" + name: '*' state: latest + when: manage_packages|bool - name: "Verify hostname" shell: hostnamectl status | awk "/Static hostname/"'{ print $3 }' diff --git a/roles/openstack-stack/defaults/main.yml b/roles/openstack-stack/defaults/main.yml index 2a4ef3a45..4831d6bc4 100644 --- a/roles/openstack-stack/defaults/main.yml +++ b/roles/openstack-stack/defaults/main.yml @@ -9,4 +9,5 @@ num_masters: 1 num_nodes: 1 num_dns: 1 num_infra: 1 +nodes_to_remove: [] etcd_volume_size: 2 diff --git a/roles/openstack-stack/tasks/main.yml b/roles/openstack-stack/tasks/main.yml index 71c7bbe0d..a53e6350b 100644 --- a/roles/openstack-stack/tasks/main.yml +++ b/roles/openstack-stack/tasks/main.yml @@ -35,6 +35,11 @@ template: "{{ stack_template_path }}" wait: yes +# NOTE(bogdando) OS::Neutron::Subnet doesn't support live updates for +# dns_nameservers, so we can't do that for the "create stack" task. +- include: subnet_update_dns_servers.yaml + when: private_dns_server is defined + - name: cleanup temp files file: path: "{{ stack_template_pre.path }}" diff --git a/roles/openstack-stack/tasks/subnet_update_dns_servers.yaml b/roles/openstack-stack/tasks/subnet_update_dns_servers.yaml new file mode 100644 index 000000000..be4f07b97 --- /dev/null +++ b/roles/openstack-stack/tasks/subnet_update_dns_servers.yaml @@ -0,0 +1,8 @@ +--- +- name: Live update the subnet's DNS servers + os_subnet: + name: openshift-ansible-{{ stack_name }}-subnet + network_name: openshift-ansible-{{ stack_name }}-net + state: present + use_default_subnetpool: yes + dns_nameservers: "{{ [private_dns_server|default(public_dns_nameservers[0])]|union(public_dns_nameservers)|unique }}" diff --git a/roles/openstack-stack/templates/heat_stack.yaml.j2 b/roles/openstack-stack/templates/heat_stack.yaml.j2 index cba03e2ca..8bf76b57c 100644 --- a/roles/openstack-stack/templates/heat_stack.yaml.j2 +++ b/roles/openstack-stack/templates/heat_stack.yaml.j2 @@ -61,18 +61,13 @@ outputs: - dns - name - dns_floating_ip: - description: Floating IP of the DNS - value: - get_attr: - - dns - - addresses - - str_replace: - template: openshift-ansible-cluster_id-net - params: - cluster_id: {{ stack_name }} - - 1 - - addr + dns_floating_ips: + description: Floating IPs of the DNS + value: { get_attr: [ dns, floating_ip ] } + + dns_private_ips: + description: Private IPs of the DNS + value: { get_attr: [ dns, private_ip ] } resources: @@ -111,9 +106,9 @@ resources: params: subnet_24_prefix: {{ subnet_prefix }} dns_nameservers: - {% for nameserver in dns_nameservers %} +{% for nameserver in dns_nameservers %} - {{ nameserver }} - {% endfor %} +{% endfor %} router: type: OS::Neutron::Router @@ -152,7 +147,7 @@ resources: cluster_id: {{ stack_name }} description: str_replace: - template: Basic ssh/dns security group for cluster_id OpenShift cluster + template: Basic ssh/icmp security group for cluster_id OpenShift cluster params: cluster_id: {{ stack_name }} rules: @@ -162,13 +157,8 @@ resources: port_range_max: 22 remote_ip_prefix: {{ ssh_ingress_cidr }} - direction: ingress - protocol: tcp - port_range_min: 53 - port_range_max: 53 - - direction: ingress - protocol: udp - port_range_min: 53 - port_range_max: 53 + protocol: icmp + remote_ip_prefix: {{ ssh_ingress_cidr }} {% if openstack_flat_secgrp|bool %} flat-secgrp: @@ -423,11 +413,6 @@ resources: cluster_id: {{ stack_name }} rules: - direction: ingress - protocol: tcp - port_range_min: 22 - port_range_max: 22 - remote_ip_prefix: {{ ssh_ingress_cidr }} - - direction: ingress protocol: udp port_range_min: 53 port_range_max: 53 @@ -602,6 +587,8 @@ resources: type: OS::Heat::ResourceGroup properties: count: {{ num_nodes }} + removal_policies: + - resource_list: {{ nodes_to_remove }} resource_def: type: server.yaml properties: @@ -674,6 +661,12 @@ resources: net: { get_resource: net } subnet: { get_resource: subnet } secgrp: +# TODO(bogdando) filter only required node rules into infra-secgrp +{% if openstack_flat_secgrp|bool %} + - { get_resource: flat-secgrp } +{% else %} + - { get_resource: node-secgrp } +{% endif %} - { get_resource: infra-secgrp } - { get_resource: common-secgrp } floating_network: {{ external_network }} @@ -715,6 +708,7 @@ resources: subnet: { get_resource: subnet } secgrp: - { get_resource: dns-secgrp } + - { get_resource: common-secgrp } floating_network: {{ external_network }} net_name: str_replace: |