summaryrefslogtreecommitdiffstats
path: root/roles
diff options
context:
space:
mode:
Diffstat (limited to 'roles')
-rw-r--r--roles/openshift-prep/defaults/main.yml11
-rw-r--r--roles/openshift-prep/tasks/prerequisites.yml13
-rw-r--r--roles/openstack-stack/defaults/main.yml1
-rw-r--r--roles/openstack-stack/tasks/main.yml5
-rw-r--r--roles/openstack-stack/tasks/subnet_update_dns_servers.yaml8
-rw-r--r--roles/openstack-stack/templates/heat_stack.yaml.j248
6 files changed, 50 insertions, 36 deletions
diff --git a/roles/openshift-prep/defaults/main.yml b/roles/openshift-prep/defaults/main.yml
new file mode 100644
index 000000000..fac25dcc1
--- /dev/null
+++ b/roles/openshift-prep/defaults/main.yml
@@ -0,0 +1,11 @@
+---
+# Defines either to install required packages and update all
+manage_packages: true
+required_packages:
+ - wget
+ - git
+ - net-tools
+ - bind-utils
+ - bridge-utils
+ - bash-completion
+ - vim-enhanced
diff --git a/roles/openshift-prep/tasks/prerequisites.yml b/roles/openshift-prep/tasks/prerequisites.yml
index 60507636f..433c1c4e3 100644
--- a/roles/openshift-prep/tasks/prerequisites.yml
+++ b/roles/openshift-prep/tasks/prerequisites.yml
@@ -6,19 +6,14 @@
yum:
name: "{{ item }}"
state: latest
- with_items:
- - wget
- - git
- - net-tools
- - bind-utils
- - bridge-utils
- - bash-completion
- - vim-enhanced
+ with_items: "{{ required_packages }}"
+ when: manage_packages|bool
- name: "Update all packages (this can take a very long time)"
yum:
- name: "*"
+ name: '*'
state: latest
+ when: manage_packages|bool
- name: "Verify hostname"
shell: hostnamectl status | awk "/Static hostname/"'{ print $3 }'
diff --git a/roles/openstack-stack/defaults/main.yml b/roles/openstack-stack/defaults/main.yml
index 2a4ef3a45..4831d6bc4 100644
--- a/roles/openstack-stack/defaults/main.yml
+++ b/roles/openstack-stack/defaults/main.yml
@@ -9,4 +9,5 @@ num_masters: 1
num_nodes: 1
num_dns: 1
num_infra: 1
+nodes_to_remove: []
etcd_volume_size: 2
diff --git a/roles/openstack-stack/tasks/main.yml b/roles/openstack-stack/tasks/main.yml
index 71c7bbe0d..a53e6350b 100644
--- a/roles/openstack-stack/tasks/main.yml
+++ b/roles/openstack-stack/tasks/main.yml
@@ -35,6 +35,11 @@
template: "{{ stack_template_path }}"
wait: yes
+# NOTE(bogdando) OS::Neutron::Subnet doesn't support live updates for
+# dns_nameservers, so we can't do that for the "create stack" task.
+- include: subnet_update_dns_servers.yaml
+ when: private_dns_server is defined
+
- name: cleanup temp files
file:
path: "{{ stack_template_pre.path }}"
diff --git a/roles/openstack-stack/tasks/subnet_update_dns_servers.yaml b/roles/openstack-stack/tasks/subnet_update_dns_servers.yaml
new file mode 100644
index 000000000..be4f07b97
--- /dev/null
+++ b/roles/openstack-stack/tasks/subnet_update_dns_servers.yaml
@@ -0,0 +1,8 @@
+---
+- name: Live update the subnet's DNS servers
+ os_subnet:
+ name: openshift-ansible-{{ stack_name }}-subnet
+ network_name: openshift-ansible-{{ stack_name }}-net
+ state: present
+ use_default_subnetpool: yes
+ dns_nameservers: "{{ [private_dns_server|default(public_dns_nameservers[0])]|union(public_dns_nameservers)|unique }}"
diff --git a/roles/openstack-stack/templates/heat_stack.yaml.j2 b/roles/openstack-stack/templates/heat_stack.yaml.j2
index cba03e2ca..8bf76b57c 100644
--- a/roles/openstack-stack/templates/heat_stack.yaml.j2
+++ b/roles/openstack-stack/templates/heat_stack.yaml.j2
@@ -61,18 +61,13 @@ outputs:
- dns
- name
- dns_floating_ip:
- description: Floating IP of the DNS
- value:
- get_attr:
- - dns
- - addresses
- - str_replace:
- template: openshift-ansible-cluster_id-net
- params:
- cluster_id: {{ stack_name }}
- - 1
- - addr
+ dns_floating_ips:
+ description: Floating IPs of the DNS
+ value: { get_attr: [ dns, floating_ip ] }
+
+ dns_private_ips:
+ description: Private IPs of the DNS
+ value: { get_attr: [ dns, private_ip ] }
resources:
@@ -111,9 +106,9 @@ resources:
params:
subnet_24_prefix: {{ subnet_prefix }}
dns_nameservers:
- {% for nameserver in dns_nameservers %}
+{% for nameserver in dns_nameservers %}
- {{ nameserver }}
- {% endfor %}
+{% endfor %}
router:
type: OS::Neutron::Router
@@ -152,7 +147,7 @@ resources:
cluster_id: {{ stack_name }}
description:
str_replace:
- template: Basic ssh/dns security group for cluster_id OpenShift cluster
+ template: Basic ssh/icmp security group for cluster_id OpenShift cluster
params:
cluster_id: {{ stack_name }}
rules:
@@ -162,13 +157,8 @@ resources:
port_range_max: 22
remote_ip_prefix: {{ ssh_ingress_cidr }}
- direction: ingress
- protocol: tcp
- port_range_min: 53
- port_range_max: 53
- - direction: ingress
- protocol: udp
- port_range_min: 53
- port_range_max: 53
+ protocol: icmp
+ remote_ip_prefix: {{ ssh_ingress_cidr }}
{% if openstack_flat_secgrp|bool %}
flat-secgrp:
@@ -423,11 +413,6 @@ resources:
cluster_id: {{ stack_name }}
rules:
- direction: ingress
- protocol: tcp
- port_range_min: 22
- port_range_max: 22
- remote_ip_prefix: {{ ssh_ingress_cidr }}
- - direction: ingress
protocol: udp
port_range_min: 53
port_range_max: 53
@@ -602,6 +587,8 @@ resources:
type: OS::Heat::ResourceGroup
properties:
count: {{ num_nodes }}
+ removal_policies:
+ - resource_list: {{ nodes_to_remove }}
resource_def:
type: server.yaml
properties:
@@ -674,6 +661,12 @@ resources:
net: { get_resource: net }
subnet: { get_resource: subnet }
secgrp:
+# TODO(bogdando) filter only required node rules into infra-secgrp
+{% if openstack_flat_secgrp|bool %}
+ - { get_resource: flat-secgrp }
+{% else %}
+ - { get_resource: node-secgrp }
+{% endif %}
- { get_resource: infra-secgrp }
- { get_resource: common-secgrp }
floating_network: {{ external_network }}
@@ -715,6 +708,7 @@ resources:
subnet: { get_resource: subnet }
secgrp:
- { get_resource: dns-secgrp }
+ - { get_resource: common-secgrp }
floating_network: {{ external_network }}
net_name:
str_replace: