From 79f29bc825286c4f69073827a5b6d71f71f47c91 Mon Sep 17 00:00:00 2001 From: Tomas Sedovic Date: Wed, 1 Nov 2017 16:43:13 +0100 Subject: Add the DNS updates and rename the openstack vars Most of the vars in `roles/openshift_openstack/defaults/main.yml` are now prefixed with `openstack_`. --- .gitignore | 1 - playbooks/openstack/README.md | 18 +- playbooks/openstack/advanced-configuration.md | 11 +- .../openstack/openshift-cluster/provision.yml | 36 +++- .../sample-inventory/group_vars/OSEv3.yml | 4 +- .../openstack/sample-inventory/group_vars/all.yml | 4 +- roles/openshift_openstack/defaults/main.yml | 91 +++++----- .../tasks/check-prerequisites.yml | 4 +- .../tasks/generate-templates.yml | 3 + roles/openshift_openstack/tasks/hostname.yml | 49 +++--- roles/openshift_openstack/tasks/populate-dns.yml | 187 ++++++++------------ roles/openshift_openstack/tasks/provision.yml | 5 - .../templates/heat_stack.yaml.j2 | 190 ++++++++++----------- .../templates/heat_stack_server.yaml.j2 | 14 +- 14 files changed, 284 insertions(+), 333 deletions(-) diff --git a/.gitignore b/.gitignore index e8be4ea5b..1e187db16 100644 --- a/.gitignore +++ b/.gitignore @@ -24,4 +24,3 @@ multi_ec2.yaml *.egg-info .eggs cover/ -roles/infra-ansible/ diff --git a/playbooks/openstack/README.md b/playbooks/openstack/README.md index 4347ddaa8..99f4ab12f 100644 --- a/playbooks/openstack/README.md +++ b/playbooks/openstack/README.md @@ -142,7 +142,7 @@ corresponding to your OpenStack installation. $ vi inventory/group_vars/all.yml ``` -1. Set the `openstack_ssh_public_key` to your OpenStack keypair name. +1. Set the `openstack_keypair_name` to your OpenStack keypair name. - See `openstack keypair list` to find the keypairs registered with OpenShift. - This must correspond to your private SSH key in `~/.ssh/id_rsa` @@ -156,20 +156,16 @@ $ vi inventory/group_vars/all.yml 4. Set the `openstack_default_flavor` to the flavor you want your OpenShift VMs to use. - See `openstack flavor list` for the list of available flavors. -5. Set the `public_dns_nameservers` to the list of the IP addresses - of the DNS servers used for the **private** address resolution[1]. +5. Set the `openstack_dns_nameservers` to the list of the IP addresses + of the DNS servers used for the **private** address resolution. -**NOTE**: In most OpenStack environments, you will also need to -configure the forwarders for the DNS server we create. This depends on -your environment. +**NOTE ON DNS**: at minimum, the OpenShift nodes need to be able to access each +other by their hostname. OpenStack doesn't provide this by default, so you +need to provide a DNS server. Put the address of that DNS server in +`openstack_dns_nameservers` variable. -Launch a VM in your OpenStack and look at its `/etc/resolv.conf` and -put the IP addresses into `public_dns_nameservers` in -`inventory/group_vars/all.yml`. -[1]: Yes, the name is bad. We will fix it. - #### OpenShift configuration diff --git a/playbooks/openstack/advanced-configuration.md b/playbooks/openstack/advanced-configuration.md index 72bb95254..5ffec708a 100644 --- a/playbooks/openstack/advanced-configuration.md +++ b/playbooks/openstack/advanced-configuration.md @@ -192,11 +192,10 @@ The `openstack__hostname` is a set of variables used for customising hostnames of servers with a given role. When such a variable stays commented, default hostname (usually the role name) is used. -The `public_dns_nameservers` is a list of DNS servers accessible from all -the created Nova servers. These will be serving as your DNS forwarders for -external FQDNs that do not belong to the cluster's DNS domain and its subdomains. -If you're unsure what to put in here, you can try the google or opendns servers, -but note that some organizations may be blocking them. +The `openstack_dns_nameservers` is a list of DNS servers accessible from all +the created Nova servers. These will provide the internal name resolution for +your OpenShift nodes (as well as upstream name resolution for installing +packages, etc.). The `openshift_use_dnsmasq` controls either dnsmasq is deployed or not. By default, dnsmasq is deployed and comes as the hosts' /etc/resolv.conf file @@ -265,7 +264,7 @@ step for flannel and docker iptables configuration: ## Other configuration variables -`openstack_ssh_public_key` is a Nova keypair - you can see your +`openstack_keypair_name` is a Nova keypair - you can see your keypairs with `openstack keypair list`. It must correspond to the private SSH key Ansible will use to log into the created VMs. This is `~/.ssh/id_rsa` by default, but you can use a different key by passing diff --git a/playbooks/openstack/openshift-cluster/provision.yml b/playbooks/openstack/openshift-cluster/provision.yml index ed44d4a32..b1dff1870 100644 --- a/playbooks/openstack/openshift-cluster/provision.yml +++ b/playbooks/openstack/openshift-cluster/provision.yml @@ -7,15 +7,17 @@ name: openshift_openstack tasks_from: provision.yml -# NOTE(shadower): the (internal) DNS must be functional at this point!! -# That will have happened in provision.yml if nsupdate was configured. -# TODO(shadower): consider splitting this up so people can stop here -# and configure their DNS if they have to. +# NOTE(shadower): Bring in the host groups: +- name: normalize groups + include: ../../byo/openshift-cluster/initialize_groups.yml +- name: evaluate groups + include: ../../common/openshift-cluster/evaluate_groups.yml -- name: Prepare the Nodes in the cluster for installation + +- name: Wait for the nodes and gather their facts hosts: oo_all_hosts - become: true + become: yes # NOTE: The nodes may not be up yet, don't gather facts here. # They'll be collected after `wait_for_connection`. gather_facts: no @@ -26,6 +28,28 @@ - name: Gather facts for the new nodes setup: + +# NOTE(shadower): the (internal) DNS must be functional at this point!! +# That will have happened in provision.yml if nsupdate was configured. + +# TODO(shadower): consider splitting this up so people can stop here +# and configure their DNS if they have to. +- name: Populate the DNS entries + hosts: localhost + tasks: + - name: Populate DNS entries + include_role: + name: openshift_openstack + tasks_from: populate-dns.yml + when: + - external_nsupdate_keys is defined + - external_nsupdate_keys.private is defined or external_nsupdate_keys.public is defined + +- name: Prepare the Nodes in the cluster for installation + hosts: oo_all_hosts + become: yes + gather_facts: yes + tasks: - name: Install dependencies include_role: name: openshift_openstack diff --git a/playbooks/openstack/sample-inventory/group_vars/OSEv3.yml b/playbooks/openstack/sample-inventory/group_vars/OSEv3.yml index 949a323a7..7d8dc157e 100644 --- a/playbooks/openstack/sample-inventory/group_vars/OSEv3.yml +++ b/playbooks/openstack/sample-inventory/group_vars/OSEv3.yml @@ -5,8 +5,8 @@ openshift_deployment_type: origin openshift_master_default_subdomain: "apps.{{ env_id }}.{{ public_dns_domain }}" openshift_master_cluster_method: native -openshift_master_cluster_hostname: "{{ groups.lb.0|default(groups.masters.0) }}" -openshift_master_cluster_public_hostname: "{{ groups.lb.0|default(groups.masters.0) }}" +openshift_master_cluster_hostname: "console.{{ env_id }}.{{ public_dns_domain }}" +openshift_master_cluster_public_hostname: "{{ openshift_master_cluster_hostname }}" osm_default_node_selector: 'region=primary' diff --git a/playbooks/openstack/sample-inventory/group_vars/all.yml b/playbooks/openstack/sample-inventory/group_vars/all.yml index 8ea798c14..e0618d685 100644 --- a/playbooks/openstack/sample-inventory/group_vars/all.yml +++ b/playbooks/openstack/sample-inventory/group_vars/all.yml @@ -1,7 +1,7 @@ --- env_id: "openshift" public_dns_domain: "example.com" -public_dns_nameservers: [] +openstack_dns_nameservers: [] # # Used Hostnames # # - set custom hostnames for roles by uncommenting corresponding lines @@ -12,7 +12,7 @@ public_dns_nameservers: [] #openstack_etcd_hostname: "etcd" #openstack_dns_hostname: "dns" -openstack_ssh_public_key: "openshift" +openstack_keypair_name: "openshift" openstack_external_network_name: "public" #openstack_private_network_name: "openshift-ansible-{{ stack_name }}-net" # # A dedicated Neutron network name for containers data network diff --git a/roles/openshift_openstack/defaults/main.yml b/roles/openshift_openstack/defaults/main.yml index d1408abf0..aa03c088e 100644 --- a/roles/openshift_openstack/defaults/main.yml +++ b/roles/openshift_openstack/defaults/main.yml @@ -1,5 +1,4 @@ --- - stack_state: 'present' ssh_ingress_cidr: 0.0.0.0/0 @@ -7,18 +6,13 @@ node_ingress_cidr: 0.0.0.0/0 master_ingress_cidr: 0.0.0.0/0 lb_ingress_cidr: 0.0.0.0/0 bastion_ingress_cidr: 0.0.0.0/0 -num_etcd: 0 -num_masters: 1 -num_nodes: 1 -num_dns: 1 -num_infra: 1 -nodes_to_remove: [] -etcd_volume_size: 2 -dns_volume_size: 1 -lb_volume_size: 5 -use_bastion: False -ui_ssh_tunnel: False -provider_network: False +openstack_num_etcd: 0 +openstack_num_masters: 1 +openstack_num_nodes: 1 +openstack_num_dns: 0 +openstack_num_infra: 1 +openstack_dns_nameservers: [] +openstack_nodes_to_remove: [] openshift_cluster_node_labels: @@ -61,48 +55,41 @@ openshift_app_domain: "apps" # heat vars stack_name: "{{ env_id }}.{{ public_dns_domain }}" -dns_domain: "{{ public_dns_domain }}" -dns_nameservers: "{{ public_dns_nameservers }}" -subnet_prefix: "{{ openstack_subnet_prefix }}" -master_hostname: "{{ openstack_master_hostname | default('master') }}" -infra_hostname: "{{ openstack_infra_hostname | default('infra-node') }}" -node_hostname: "{{ openstack_node_hostname | default('app-node') }}" -lb_hostname: "{{ openstack_lb_hostname | default('lb') }}" -etcd_hostname: "{{ openstack_etcd_hostname | default('etcd') }}" -dns_hostname: "{{ openstack_dns_hostname | default('dns') }}" -ssh_public_key: "{{ openstack_ssh_public_key }}" -openstack_image: "{{ openstack_default_image_name }}" -lb_flavor: "{{ openstack_lb_flavor | default(openstack_default_flavor) }}" -etcd_flavor: "{{ openstack_etcd_flavor | default(openstack_default_flavor) }}" -master_flavor: "{{ openstack_master_flavor | default(openstack_default_flavor) }}" -node_flavor: "{{ openstack_node_flavor | default(openstack_default_flavor) }}" -infra_flavor: "{{ openstack_infra_flavor | default(openstack_default_flavor) }}" -dns_flavor: "{{ openstack_dns_flavor | default(openstack_default_flavor) }}" -openstack_master_image: "{{ openstack_master_image_name | default(openstack_default_image_name) }}" -openstack_infra_image: "{{ openstack_infra_image_name | default(openstack_default_image_name) }}" -openstack_node_image: "{{ openstack_node_image_name | default(openstack_default_image_name) }}" -openstack_lb_image: "{{ openstack_lb_image_name | default(openstack_default_image_name) }}" -openstack_etcd_image: "{{ openstack_etcd_image_name | default(openstack_default_image_name) }}" -openstack_dns_image: "{{ openstack_dns_image_name | default(openstack_default_image_name) }}" +openstack_subnet_prefix: "192.168.99" +openstack_master_hostname: master +openstack_infra_hostname: infra-node +openstack_node_hostname: app-node +openstack_lb_hostname: lb +openstack_etcd_hostname: etcd +openstack_dns_hostname: dns +openstack_keypair_name: openshift +openstack_lb_flavor: "{{ openstack_default_flavor }}" +openstack_etcd_flavor: "{{ openstack_default_flavor }}" +openstack_master_flavor: "{{ openstack_default_flavor }}" +openstack_node_flavor: "{{ openstack_default_flavor }}" +openstack_infra_flavor: "{{ openstack_default_flavor }}" +openstack_dns_flavor: "{{ openstack_default_flavor }}" +openstack_master_image: "{{ openstack_default_image_name }}" +openstack_infra_image: "{{ openstack_default_image_name }}" +openstack_node_image: "{{ openstack_default_image_name }}" +openstack_lb_image: "{{ openstack_default_image_name }}" +openstack_etcd_image: "{{ openstack_default_image_name }}" +openstack_dns_image: "{{ openstack_default_image_name }}" +openstack_provider_network_name: False +openstack_external_network_name: False openstack_private_network: >- {% if openstack_provider_network_name | default(None) -%} {{ openstack_provider_network_name }} {%- else -%} {{ openstack_private_network_name | default ('openshift-ansible-' + stack_name + '-net') }} {%- endif -%} -provider_network: "{{ openstack_provider_network_name | default(None) }}" -external_network: "{{ openstack_external_network_name | default(None) }}" -num_etcd: "{{ openstack_num_etcd | default(0) }}" -num_masters: "{{ openstack_num_masters }}" -num_nodes: "{{ openstack_num_nodes }}" -num_infra: "{{ openstack_num_infra }}" -num_dns: "{{ openstack_num_dns | default(1) }}" -master_server_group_policies: "{{ openstack_master_server_group_policies | default([]) | to_yaml }}" -infra_server_group_policies: "{{ openstack_infra_server_group_policies | default([]) | to_yaml }}" -master_volume_size: "{{ docker_master_volume_size | default(docker_volume_size) }}" -infra_volume_size: "{{ docker_infra_volume_size | default(docker_volume_size) }}" -node_volume_size: "{{ docker_node_volume_size | default(docker_volume_size) }}" -etcd_volume_size: "{{ docker_etcd_volume_size | default('2') }}" -dns_volume_size: "{{ docker_dns_volume_size | default('1') }}" -lb_volume_size: "{{ docker_lb_volume_size | default('5') }}" -nodes_to_remove: "{{ openstack_nodes_to_remove | default([]) | to_yaml }}" +openstack_master_server_group_policies: [] +openstack_infra_server_group_policies: [] +openstack_master_volume_size: "{{ docker_volume_size }}" +openstack_infra_volume_size: "{{ docker_volume_size }}" +openstack_node_volume_size: "{{ docker_volume_size }}" +openstack_etcd_volume_size: 2 +openstack_dns_volume_size: 1 +openstack_lb_volume_size: 5 +openstack_use_bastion: false +openshift_ui_ssh_tunnel: false diff --git a/roles/openshift_openstack/tasks/check-prerequisites.yml b/roles/openshift_openstack/tasks/check-prerequisites.yml index 4d7cfbf11..13000e31f 100644 --- a/roles/openshift_openstack/tasks/check-prerequisites.yml +++ b/roles/openshift_openstack/tasks/check-prerequisites.yml @@ -76,13 +76,13 @@ - name: Try to show keypair command: > python -c 'import shade; cloud = shade.openstack_cloud(); - exit(cloud.get_keypair("{{ openstack_ssh_public_key }}") is None)' + exit(cloud.get_keypair("{{ openstack_keypair_name }}") is None)' ignore_errors: yes register: key_result - name: Check that keypair is available assert: that: 'key_result.rc == 0' - msg: "Keypair {{ openstack_ssh_public_key }} is not available" + msg: "Keypair {{ openstack_keypair_name }} is not available" # Check that custom images are available - include: custom_image_check.yaml diff --git a/roles/openshift_openstack/tasks/generate-templates.yml b/roles/openshift_openstack/tasks/generate-templates.yml index 0ff50a095..3a8b588e9 100644 --- a/roles/openshift_openstack/tasks/generate-templates.yml +++ b/roles/openshift_openstack/tasks/generate-templates.yml @@ -10,6 +10,9 @@ stack_template_path: "{{ stack_template_pre.path }}/stack.yaml" user_data_template_path: "{{ stack_template_pre.path }}/user-data" +- name: Print out the Heat template directory + debug: var=stack_template_pre + - name: generate HOT stack template from jinja2 template template: src: heat_stack.yaml.j2 diff --git a/roles/openshift_openstack/tasks/hostname.yml b/roles/openshift_openstack/tasks/hostname.yml index 0fc8fbc4c..9815d0e80 100644 --- a/roles/openshift_openstack/tasks/hostname.yml +++ b/roles/openshift_openstack/tasks/hostname.yml @@ -1,33 +1,26 @@ --- -- name: "Verify hostname" - command: hostnamectl status --static - register: hostname_fqdn +- name: Setting Hostname Fact + set_fact: + new_hostname: "{{ custom_hostname | default(inventory_hostname_short) }}" -- name: "Set hostname if required" - when: hostname_fqdn.stdout != ansible_fqdn - block: - - name: Setting Hostname Fact - set_fact: - new_hostname: "{{ custom_hostname | default(inventory_hostname_short) }}" +- name: Setting FQDN Fact + set_fact: + new_fqdn: "{{ new_hostname }}.{{ full_dns_domain }}" - - name: Setting FQDN Fact - set_fact: - new_fqdn: "{{ new_hostname }}.{{ full_dns_domain }}" +- name: Setting hostname and DNS domain + hostname: name="{{ new_fqdn }}" - - name: Setting hostname and DNS domain - hostname: name="{{ new_fqdn }}" +- name: Check for cloud.cfg + stat: path=/etc/cloud/cloud.cfg + register: cloud_cfg - - name: Check for cloud.cfg - stat: path=/etc/cloud/cloud.cfg - register: cloud_cfg - - - name: Prevent cloud-init updates of hostname/fqdn (if applicable) - lineinfile: - dest: /etc/cloud/cloud.cfg - state: present - regexp: "{{ item.regexp }}" - line: "{{ item.line }}" - with_items: - - { regexp: '^ - set_hostname', line: '# - set_hostname' } - - { regexp: '^ - update_hostname', line: '# - update_hostname' } - when: cloud_cfg.stat.exists == True +- name: Prevent cloud-init updates of hostname/fqdn (if applicable) + lineinfile: + dest: /etc/cloud/cloud.cfg + state: present + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + with_items: + - { regexp: '^ - set_hostname', line: '# - set_hostname' } + - { regexp: '^ - update_hostname', line: '# - update_hostname' } + when: cloud_cfg.stat.exists == True diff --git a/roles/openshift_openstack/tasks/populate-dns.yml b/roles/openshift_openstack/tasks/populate-dns.yml index c8243dc1f..669b65a01 100644 --- a/roles/openshift_openstack/tasks/populate-dns.yml +++ b/roles/openshift_openstack/tasks/populate-dns.yml @@ -1,37 +1,26 @@ -# TODO: use nsupdate to populate the DNS servers using the keys -# specified in the inventory. - -# this is an optional step -- the deployers may do whatever else they -# wish here. - - -# TODO: build records -# TODO: run nsupdate - - - name: "Generate list of private A records" set_fact: - private_records: "{{ [ { 'type': 'A', 'hostname': hostvars[item]['ansible_hostname'], 'ip': hostvars[item]['private_v4'] } ] }}" + private_records: "{{ private_records | default([]) + [ { 'type': 'A', 'hostname': hostvars[item]['ansible_hostname'], 'ip': hostvars[item]['private_v4'] } ] }}" with_items: "{{ groups['cluster_hosts'] }}" -# - name: "Add wildcard records to the private A records for infrahosts" -# set_fact: -# private_records: "{{ private_records | default([]) + [ { 'type': 'A', 'hostname': '*.' + openshift_app_domain, 'ip': hostvars[item]['private_v4'] } ] }}" -# with_items: "{{ groups['infra_hosts'] }}" - -# - name: "Add public master cluster hostname records to the private A records (single master)" -# set_fact: -# private_records: "{{ private_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(full_dns_domain, ''))[:-1], 'ip': hostvars[groups.masters[0]].private_v4 } ] }}" -# when: -# - hostvars[groups.masters[0]].openshift_master_cluster_public_hostname is defined -# - openstack_num_masters == 1 - -# - name: "Add public master cluster hostname records to the private A records (multi-master)" -# set_fact: -# private_records: "{{ private_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(full_dns_domain, ''))[:-1], 'ip': hostvars[groups.lb[0]].private_v4 } ] }}" -# when: -# - hostvars[groups.masters[0]].openshift_master_cluster_public_hostname is defined -# - openstack_num_masters > 1 +- name: "Add wildcard records to the private A records for infrahosts" + set_fact: + private_records: "{{ private_records | default([]) + [ { 'type': 'A', 'hostname': '*.' + openshift_app_domain, 'ip': hostvars[item]['private_v4'] } ] }}" + with_items: "{{ groups['infra_hosts'] }}" + +- name: "Add public master cluster hostname records to the private A records (single master)" + set_fact: + private_records: "{{ private_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(full_dns_domain, ''))[:-1], 'ip': hostvars[groups.masters[0]].private_v4 } ] }}" + when: + - hostvars[groups.masters[0]].openshift_master_cluster_public_hostname is defined + - openstack_num_masters == 1 + +- name: "Add public master cluster hostname records to the private A records (multi-master)" + set_fact: + private_records: "{{ private_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(full_dns_domain, ''))[:-1], 'ip': hostvars[groups.lb[0]].private_v4 } ] }}" + when: + - hostvars[groups.masters[0]].openshift_master_cluster_public_hostname is defined + - openstack_num_masters > 1 - name: "Set the private DNS server to use the external value (if provided)" set_fact: @@ -55,102 +44,67 @@ key_algorithm: "{{ nsupdate_key_algorithm_private | lower }}" entries: "{{ private_records }}" -# - name: "Generate list of public A records" -# set_fact: -# public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': hostvars[item]['ansible_hostname'], 'ip': hostvars[item]['public_v4'] } ] }}" -# with_items: "{{ groups['cluster_hosts'] }}" -# when: hostvars[item]['public_v4'] is defined - -# - name: "Add wildcard records to the public A records" -# set_fact: -# public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': '*.' + openshift_app_domain, 'ip': hostvars[item]['public_v4'] } ] }}" -# with_items: "{{ groups['infra_hosts'] }}" -# when: hostvars[item]['public_v4'] is defined - -# - name: "Add public master cluster hostname records to the public A records (single master)" -# set_fact: -# public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(full_dns_domain, ''))[:-1], 'ip': hostvars[groups.masters[0]].public_v4 } ] }}" -# when: -# - hostvars[groups.masters[0]].openshift_master_cluster_public_hostname is defined -# - openstack_num_masters == 1 -# - not use_bastion|bool - -# - name: "Add public master cluster hostname records to the public A records (single master behind a bastion)" -# set_fact: -# public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(full_dns_domain, ''))[:-1], 'ip': hostvars[groups.bastions[0]].public_v4 } ] }}" -# when: -# - hostvars[groups.masters[0]].openshift_master_cluster_public_hostname is defined -# - openstack_num_masters == 1 -# - use_bastion|bool - -# - name: "Add public master cluster hostname records to the public A records (multi-master)" -# set_fact: -# public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(full_dns_domain, ''))[:-1], 'ip': hostvars[groups.lb[0]].public_v4 } ] }}" -# when: -# - hostvars[groups.masters[0]].openshift_master_cluster_public_hostname is defined -# - openstack_num_masters > 1 - -# - name: "Set the public DNS server details to use the external value (if provided)" -# set_fact: -# nsupdate_server_public: "{{ external_nsupdate_keys['public']['server'] }}" -# nsupdate_key_secret_public: "{{ external_nsupdate_keys['public']['key_secret'] }}" -# nsupdate_key_algorithm_public: "{{ external_nsupdate_keys['public']['key_algorithm'] }}" -# nsupdate_public_key_name: "{{ external_nsupdate_keys['public']['key_name']|default('public-' + full_dns_domain) }}" -# when: -# - external_nsupdate_keys is defined -# - external_nsupdate_keys['public'] is defined - -# - name: "Set the public DNS server details to use the provisioned value" -# set_fact: -# nsupdate_server_public: "{{ hostvars[groups['dns'][0]].public_v4 }}" -# nsupdate_key_secret_public: "{{ hostvars[groups['dns'][0]].nsupdate_keys['public-' + full_dns_domain].key_secret }}" -# nsupdate_key_algorithm_public: "{{ hostvars[groups['dns'][0]].nsupdate_keys['public-' + full_dns_domain].key_algorithm }}" -# when: -# - nsupdate_server_public is undefined - -# - name: "Generate the public Add section for DNS" -# set_fact: -# public_named_records: -# - view: "public" -# zone: "{{ full_dns_domain }}" -# server: "{{ nsupdate_server_public }}" -# key_name: "{{ nsupdate_public_key_name|default('public-' + full_dns_domain) }}" -# key_secret: "{{ nsupdate_key_secret_public }}" -# key_algorithm: "{{ nsupdate_key_algorithm_public | lower }}" -# entries: "{{ public_records }}" - +- name: "Generate list of public A records" + set_fact: + public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': hostvars[item]['ansible_hostname'], 'ip': hostvars[item]['public_v4'] } ] }}" + with_items: "{{ groups['cluster_hosts'] }}" + when: hostvars[item]['public_v4'] is defined +- name: "Add wildcard records to the public A records" + set_fact: + public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': '*.' + openshift_app_domain, 'ip': hostvars[item]['public_v4'] } ] }}" + with_items: "{{ groups['infra_hosts'] }}" + when: hostvars[item]['public_v4'] is defined +- name: "Add public master cluster hostname records to the public A records (single master)" + set_fact: + public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(full_dns_domain, ''))[:-1], 'ip': hostvars[groups.masters[0]].public_v4 } ] }}" + when: + - hostvars[groups.masters[0]].openshift_master_cluster_public_hostname is defined + - openstack_num_masters == 1 + - not openstack_use_bastion|bool +- name: "Add public master cluster hostname records to the public A records (single master behind a bastion)" + set_fact: + public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(full_dns_domain, ''))[:-1], 'ip': hostvars[groups.bastions[0]].public_v4 } ] }}" + when: + - hostvars[groups.masters[0]].openshift_master_cluster_public_hostname is defined + - openstack_num_masters == 1 + - openstack_use_bastion|bool +- name: "Add public master cluster hostname records to the public A records (multi-master)" + set_fact: + public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(full_dns_domain, ''))[:-1], 'ip': hostvars[groups.lb[0]].public_v4 } ] }}" + when: + - hostvars[groups.masters[0]].openshift_master_cluster_public_hostname is defined + - openstack_num_masters > 1 -- name: "Generate the final dns_records_add" +- name: "Set the public DNS server details to use the external value (if provided)" set_fact: - # TODO(shadower): enable this when we add public records - #dns_records_add: "{{ private_named_records + public_named_records }}" - dns_records_add: "{{ private_named_records }}" + nsupdate_server_public: "{{ external_nsupdate_keys['public']['server'] }}" + nsupdate_key_secret_public: "{{ external_nsupdate_keys['public']['key_secret'] }}" + nsupdate_key_algorithm_public: "{{ external_nsupdate_keys['public']['key_algorithm'] }}" + nsupdate_public_key_name: "{{ external_nsupdate_keys['public']['key_name']|default('public-' + full_dns_domain) }}" + when: + - external_nsupdate_keys is defined + - external_nsupdate_keys['public'] is defined +- name: "Generate the public Add section for DNS" + set_fact: + public_named_records: + - view: "public" + zone: "{{ full_dns_domain }}" + server: "{{ nsupdate_server_public }}" + key_name: "{{ nsupdate_public_key_name|default('public-' + full_dns_domain) }}" + key_secret: "{{ nsupdate_key_secret_public }}" + key_algorithm: "{{ nsupdate_key_algorithm_public | lower }}" + entries: "{{ public_records }}" -# RUN NSUPDATE +- name: "Generate the final dns_records_add" + set_fact: + dns_records_add: "{{ private_named_records + public_named_records }}" -- name: "Remove any deleted DNS A records" - nsupdate: - key_name: "{{ item.0.key_name }}" - key_secret: "{{ item.0.key_secret }}" - key_algorithm: "{{ item.0.key_algorithm }}" - server: "{{ item.0.server }}" - zone: "{{ item.0.zone }}" - record: "{{ item.1.hostname }}" - type: "{{ item.1.type }}" - state: absent - with_subelements: - - "{{ dns_records_rm | default({}) }}" - - entries - register: nsupdate_remove_result - until: nsupdate_remove_result|succeeded - retries: 10 - delay: 1 - name: "Add DNS A records" nsupdate: @@ -162,6 +116,7 @@ record: "{{ item.1.hostname }}" value: "{{ item.1.ip }}" type: "{{ item.1.type }}" + # TODO(shadower): add a cleanup playbook that removes these records, too! state: present with_subelements: - "{{ dns_records_add | default({}) }}" diff --git a/roles/openshift_openstack/tasks/provision.yml b/roles/openshift_openstack/tasks/provision.yml index 8ebda8100..e693f535a 100644 --- a/roles/openshift_openstack/tasks/provision.yml +++ b/roles/openshift_openstack/tasks/provision.yml @@ -16,11 +16,6 @@ - name: Add the new nodes to the inventory meta: refresh_inventory -- name: Populate DNS entries - include: populate-dns.yml - when: - - stack_state == 'present' - - name: CleanUp include: cleanup.yml when: diff --git a/roles/openshift_openstack/templates/heat_stack.yaml.j2 b/roles/openshift_openstack/templates/heat_stack.yaml.j2 index 2359842a5..28634f9a4 100644 --- a/roles/openshift_openstack/templates/heat_stack.yaml.j2 +++ b/roles/openshift_openstack/templates/heat_stack.yaml.j2 @@ -54,7 +54,7 @@ outputs: description: Floating IPs of the nodes value: { get_attr: [ infra_nodes, floating_ip ] } -{% if num_dns|int > 0 %} +{% if openstack_num_dns|int > 0 %} dns_name: description: Name of the DNS value: @@ -72,11 +72,11 @@ outputs: {% endif %} conditions: - no_floating: {% if provider_network or use_bastion|bool %}true{% else %}false{% endif %} + no_floating: {% if openstack_provider_network_name or openstack_use_bastion|bool %}true{% else %}false{% endif %} resources: -{% if not provider_network %} +{% if not openstack_provider_network_name %} net: type: OS::Neutron::Net properties: @@ -99,20 +99,20 @@ resources: str_replace: template: subnet_24_prefix.0/24 params: - subnet_24_prefix: {{ subnet_prefix }} + subnet_24_prefix: {{ openstack_subnet_prefix }} allocation_pools: - start: str_replace: template: subnet_24_prefix.3 params: - subnet_24_prefix: {{ subnet_prefix }} + subnet_24_prefix: {{ openstack_subnet_prefix }} end: str_replace: template: subnet_24_prefix.254 params: - subnet_24_prefix: {{ subnet_prefix }} + subnet_24_prefix: {{ openstack_subnet_prefix }} dns_nameservers: -{% for nameserver in dns_nameservers %} +{% for nameserver in openstack_dns_nameservers %} - {{ nameserver }} {% endfor %} @@ -141,7 +141,7 @@ resources: params: cluster_id: {{ stack_name }} external_gateway_info: - network: {{ external_network }} + network: {{ openstack_external_network_name }} interface: type: OS::Neutron::RouterInterface @@ -159,7 +159,7 @@ resources: # template: openshift-ansible-cluster_id-keypair # params: # cluster_id: {{ stack_name }} -# public_key: {{ ssh_public_key }} +# public_key: {{ openstack_keypair_name }} common-secgrp: type: OS::Neutron::SecurityGroup @@ -180,7 +180,7 @@ resources: port_range_min: 22 port_range_max: 22 remote_ip_prefix: {{ ssh_ingress_cidr }} -{% if use_bastion|bool %} +{% if openstack_use_bastion|bool %} - direction: ingress protocol: tcp port_range_min: 22 @@ -443,7 +443,7 @@ resources: port_range_min: 443 port_range_max: 443 -{% if num_dns|int > 0 %} +{% if openstack_num_dns|int > 0 %} dns-secgrp: type: OS::Neutron::SecurityGroup properties: @@ -480,7 +480,7 @@ resources: remote_ip_prefix: "{{ openstack_subnet_prefix }}.0/24" {% endif %} -{% if num_masters|int > 1 or ui_ssh_tunnel|bool %} +{% if openstack_num_masters|int > 1 or openshift_ui_ssh_tunnel|bool %} lb-secgrp: type: OS::Neutron::SecurityGroup properties: @@ -492,7 +492,7 @@ resources: port_range_min: {{ openshift_master_api_port | default(8443) }} port_range_max: {{ openshift_master_api_port | default(8443) }} remote_ip_prefix: {{ lb_ingress_cidr | default(bastion_ingress_cidr) }} -{% if ui_ssh_tunnel|bool %} +{% if openshift_ui_ssh_tunnel|bool %} - direction: ingress protocol: tcp port_range_min: {{ openshift_master_api_port | default(8443) }} @@ -511,7 +511,7 @@ resources: etcd: type: OS::Heat::ResourceGroup properties: - count: {{ num_etcd }} + count: {{ openstack_num_etcd }} resource_def: type: server.yaml properties: @@ -520,7 +520,7 @@ resources: template: k8s_type-%index%.cluster_id params: cluster_id: {{ stack_name }} - k8s_type: {{ etcd_hostname | default('etcd') }} + k8s_type: {{ openstack_etcd_hostname }} cluster_env: {{ public_dns_domain }} cluster_id: {{ stack_name }} group: @@ -530,12 +530,12 @@ resources: k8s_type: etcds cluster_id: {{ stack_name }} type: etcd - image: {{ openstack_etcd_image | default(openstack_image) }} - flavor: {{ etcd_flavor }} - key_name: {{ ssh_public_key }} -{% if provider_network %} - net: {{ provider_network }} - net_name: {{ provider_network }} + image: {{ openstack_etcd_image }} + flavor: {{ openstack_etcd_flavor }} + key_name: {{ openstack_keypair_name }} +{% if openstack_provider_network_name %} + net: {{ openstack_provider_network_name }} + net_name: {{ openstack_provider_network_name }} {% else %} net: { get_resource: net } subnet: { get_resource: subnet } @@ -552,31 +552,31 @@ resources: if: - no_floating - null - - {{ external_network }} -{% if use_bastion|bool or provider_network %} + - {{ openstack_external_network_name }} +{% if openstack_use_bastion|bool or openstack_provider_network_name %} attach_float_net: false {% endif %} - volume_size: {{ etcd_volume_size }} -{% if not provider_network %} + volume_size: {{ openstack_etcd_volume_size }} +{% if not openstack_provider_network_name %} depends_on: - interface {% endif %} -{% if master_server_group_policies|length > 0 %} +{% if openstack_master_server_group_policies|length > 0 %} master_server_group: type: OS::Nova::ServerGroup properties: name: master_server_group - policies: {{ master_server_group_policies }} + policies: {{ openstack_master_server_group_policies }} {% endif %} -{% if infra_server_group_policies|length > 0 %} +{% if openstack_infra_server_group_policies|length > 0 %} infra_server_group: type: OS::Nova::ServerGroup properties: name: infra_server_group - policies: {{ infra_server_group_policies }} + policies: {{ openstack_infra_server_group_policies }} {% endif %} -{% if num_masters|int > 1 %} +{% if openstack_num_masters|int > 1 %} loadbalancer: type: OS::Heat::ResourceGroup properties: @@ -589,7 +589,7 @@ resources: template: k8s_type-%index%.cluster_id params: cluster_id: {{ stack_name }} - k8s_type: {{ lb_hostname | default('lb') }} + k8s_type: {{ openstack_lb_hostname }} cluster_env: {{ public_dns_domain }} cluster_id: {{ stack_name }} group: @@ -599,12 +599,12 @@ resources: k8s_type: lb cluster_id: {{ stack_name }} type: lb - image: {{ openstack_lb_image | default(openstack_image) }} - flavor: {{ lb_flavor }} - key_name: {{ ssh_public_key }} -{% if provider_network %} - net: {{ provider_network }} - net_name: {{ provider_network }} + image: {{ openstack_lb_image }} + flavor: {{ openstack_lb_flavor }} + key_name: {{ openstack_keypair_name }} +{% if openstack_provider_network_name %} + net: {{ openstack_provider_network_name }} + net_name: {{ openstack_provider_network_name }} {% else %} net: { get_resource: net } subnet: { get_resource: subnet } @@ -617,11 +617,11 @@ resources: secgrp: - { get_resource: lb-secgrp } - { get_resource: common-secgrp } -{% if not provider_network %} - floating_network: {{ external_network }} +{% if not openstack_provider_network_name %} + floating_network: {{ openstack_external_network_name }} {% endif %} - volume_size: {{ lb_volume_size }} -{% if not provider_network %} + volume_size: {{ openstack_lb_volume_size }} +{% if not openstack_provider_network_name %} depends_on: - interface {% endif %} @@ -630,7 +630,7 @@ resources: masters: type: OS::Heat::ResourceGroup properties: - count: {{ num_masters }} + count: {{ openstack_num_masters }} resource_def: type: server.yaml properties: @@ -639,7 +639,7 @@ resources: template: k8s_type-%index%.cluster_id params: cluster_id: {{ stack_name }} - k8s_type: {{ master_hostname | default('master')}} + k8s_type: {{ openstack_master_hostname }} cluster_env: {{ public_dns_domain }} cluster_id: {{ stack_name }} group: @@ -649,12 +649,12 @@ resources: k8s_type: masters cluster_id: {{ stack_name }} type: master - image: {{ openstack_master_image | default(openstack_image) }} - flavor: {{ master_flavor }} - key_name: {{ ssh_public_key }} -{% if provider_network %} - net: {{ provider_network }} - net_name: {{ provider_network }} + image: {{ openstack_master_image }} + flavor: {{ openstack_master_flavor }} + key_name: {{ openstack_keypair_name }} +{% if openstack_provider_network_name %} + net: {{ openstack_provider_network_name }} + net_name: {{ openstack_provider_network_name }} {% else %} net: { get_resource: net } subnet: { get_resource: subnet } @@ -675,7 +675,7 @@ resources: {% else %} - { get_resource: master-secgrp } - { get_resource: node-secgrp } -{% if num_etcd|int == 0 %} +{% if openstack_num_etcd|int == 0 %} - { get_resource: etcd-secgrp } {% endif %} {% endif %} @@ -684,16 +684,16 @@ resources: if: - no_floating - null - - {{ external_network }} -{% if use_bastion|bool or provider_network %} + - {{ openstack_external_network_name }} +{% if openstack_use_bastion|bool or openstack_provider_network_name %} attach_float_net: false {% endif %} - volume_size: {{ master_volume_size }} -{% if master_server_group_policies|length > 0 %} + volume_size: {{ openstack_master_volume_size }} +{% if openstack_master_server_group_policies|length > 0 %} scheduler_hints: group: { get_resource: master_server_group } {% endif %} -{% if not provider_network %} +{% if not openstack_provider_network_name %} depends_on: - interface {% endif %} @@ -701,9 +701,9 @@ resources: compute_nodes: type: OS::Heat::ResourceGroup properties: - count: {{ num_nodes }} + count: {{ openstack_num_nodes }} removal_policies: - - resource_list: {{ nodes_to_remove }} + - resource_list: {{ openstack_nodes_to_remove }} resource_def: type: server.yaml properties: @@ -712,7 +712,7 @@ resources: template: sub_type_k8s_type-%index%.cluster_id params: cluster_id: {{ stack_name }} - sub_type_k8s_type: {{ node_hostname | default('app-node') }} + sub_type_k8s_type: {{ openstack_node_hostname }} cluster_env: {{ public_dns_domain }} cluster_id: {{ stack_name }} group: @@ -727,12 +727,12 @@ resources: {% for k, v in openshift_cluster_node_labels.app.iteritems() %} {{ k|e }}: {{ v|e }} {% endfor %} - image: {{ openstack_node_image | default(openstack_image) }} - flavor: {{ node_flavor }} - key_name: {{ ssh_public_key }} -{% if provider_network %} - net: {{ provider_network }} - net_name: {{ provider_network }} + image: {{ openstack_node_image }} + flavor: {{ openstack_node_flavor }} + key_name: {{ openstack_keypair_name }} +{% if openstack_provider_network_name %} + net: {{ openstack_provider_network_name }} + net_name: {{ openstack_provider_network_name }} {% else %} net: { get_resource: net } subnet: { get_resource: subnet } @@ -754,12 +754,12 @@ resources: if: - no_floating - null - - {{ external_network }} -{% if use_bastion|bool or provider_network %} + - {{ openstack_external_network_name }} +{% if openstack_use_bastion|bool or openstack_provider_network_name %} attach_float_net: false {% endif %} - volume_size: {{ node_volume_size }} -{% if not provider_network %} + volume_size: {{ openstack_node_volume_size }} +{% if not openstack_provider_network_name %} depends_on: - interface {% endif %} @@ -767,7 +767,7 @@ resources: infra_nodes: type: OS::Heat::ResourceGroup properties: - count: {{ num_infra }} + count: {{ openstack_num_infra }} resource_def: type: server.yaml properties: @@ -776,7 +776,7 @@ resources: template: sub_type_k8s_type-%index%.cluster_id params: cluster_id: {{ stack_name }} - sub_type_k8s_type: {{ infra_hostname | default('infranode') }} + sub_type_k8s_type: {{ openstack_infra_hostname }} cluster_env: {{ public_dns_domain }} cluster_id: {{ stack_name }} group: @@ -791,12 +791,12 @@ resources: {% for k, v in openshift_cluster_node_labels.infra.iteritems() %} {{ k|e }}: {{ v|e }} {% endfor %} - image: {{ openstack_infra_image | default(openstack_image) }} - flavor: {{ infra_flavor }} - key_name: {{ ssh_public_key }} -{% if provider_network %} - net: {{ provider_network }} - net_name: {{ provider_network }} + image: {{ openstack_infra_image }} + flavor: {{ openstack_infra_flavor }} + key_name: {{ openstack_keypair_name }} +{% if openstack_provider_network_name %} + net: {{ openstack_provider_network_name }} + net_name: {{ openstack_provider_network_name }} {% else %} net: { get_resource: net } subnet: { get_resource: subnet } @@ -818,29 +818,29 @@ resources: {% else %} - { get_resource: node-secgrp } {% endif %} -{% if ui_ssh_tunnel|bool and num_masters|int < 2 %} +{% if openshift_ui_ssh_tunnel|bool and openstack_num_masters|int < 2 %} - { get_resource: lb-secgrp } {% endif %} - { get_resource: infra-secgrp } - { get_resource: common-secgrp } -{% if not provider_network %} - floating_network: {{ external_network }} +{% if not openstack_provider_network_name %} + floating_network: {{ openstack_external_network_name }} {% endif %} - volume_size: {{ infra_volume_size }} -{% if infra_server_group_policies|length > 0 %} + volume_size: {{ openstack_infra_volume_size }} +{% if openstack_infra_server_group_policies|length > 0 %} scheduler_hints: group: { get_resource: infra_server_group } {% endif %} -{% if not provider_network %} +{% if not openstack_provider_network_name %} depends_on: - interface {% endif %} -{% if num_dns|int > 0 %} +{% if openstack_num_dns|int > 0 %} dns: type: OS::Heat::ResourceGroup properties: - count: {{ num_dns }} + count: {{ openstack_num_dns }} resource_def: type: server.yaml properties: @@ -849,7 +849,7 @@ resources: template: k8s_type-%index%.cluster_id params: cluster_id: {{ stack_name }} - k8s_type: {{ dns_hostname | default('dns') }} + k8s_type: {{ openstack_dns_hostname }} cluster_env: {{ public_dns_domain }} cluster_id: {{ stack_name }} group: @@ -859,12 +859,12 @@ resources: k8s_type: dns cluster_id: {{ stack_name }} type: dns - image: {{ openstack_dns_image | default(openstack_image) }} - flavor: {{ dns_flavor }} - key_name: {{ ssh_public_key }} -{% if provider_network %} - net: {{ provider_network }} - net_name: {{ provider_network }} + image: {{ openstack_dns_image }} + flavor: {{ openstack_dns_flavor }} + key_name: {{ openstack_keypair_name }} +{% if openstack_provider_network_name %} + net: {{ openstack_provider_network_name }} + net_name: {{ openstack_provider_network_name }} {% else %} net: { get_resource: net } subnet: { get_resource: subnet } @@ -877,11 +877,11 @@ resources: secgrp: - { get_resource: dns-secgrp } - { get_resource: common-secgrp } -{% if not provider_network %} - floating_network: {{ external_network }} +{% if not openstack_provider_network_name %} + floating_network: {{ openstack_external_network_name }} {% endif %} - volume_size: {{ dns_volume_size }} -{% if not provider_network %} + volume_size: {{ openstack_dns_volume_size }} +{% if not openstack_provider_network_name %} depends_on: - interface {% endif %} diff --git a/roles/openshift_openstack/templates/heat_stack_server.yaml.j2 b/roles/openshift_openstack/templates/heat_stack_server.yaml.j2 index 9ffe721a5..160345baf 100644 --- a/roles/openshift_openstack/templates/heat_stack_server.yaml.j2 +++ b/roles/openshift_openstack/templates/heat_stack_server.yaml.j2 @@ -61,7 +61,7 @@ parameters: label: Net name description: Net name -{% if not provider_network %} +{% if not openstack_provider_network_name %} subnet: type: string label: Subnet ID @@ -81,7 +81,7 @@ parameters: label: Net ID description: Net resource -{% if not provider_network %} +{% if not openstack_provider_network_name %} data_subnet: type: string default: '' @@ -102,7 +102,7 @@ parameters: label: Attach-float-net description: A switch for floating network port connection -{% if not provider_network %} +{% if not openstack_provider_network_name %} floating_network: type: string default: '' @@ -156,7 +156,7 @@ outputs: - server - addresses - { get_param: net_name } -{% if provider_network %} +{% if openstack_provider_network_name %} - 0 {% else %} - 1 @@ -226,7 +226,7 @@ resources: type: OS::Neutron::Port properties: network: { get_param: net } -{% if not provider_network %} +{% if not openstack_provider_network_name %} fixed_ips: - subnet: { get_param: subnet } {% endif %} @@ -239,13 +239,13 @@ resources: properties: network: { get_param: data_net } port_security_enabled: false -{% if not provider_network %} +{% if not openstack_provider_network_name %} fixed_ips: - subnet: { get_param: data_subnet } {% endif %} {% endif %} -{% if not provider_network %} +{% if not openstack_provider_network_name %} floating-ip: condition: { not: no_floating } type: OS::Neutron::FloatingIP -- cgit v1.2.3