From 2a7131b9403a4b22ebc55606814f604f723dc826 Mon Sep 17 00:00:00 2001
From: Sylvain Baubeau <sbaubeau@redhat.com>
Date: Tue, 13 Oct 2015 16:36:01 +0200
Subject: Add flannel support

Signed-off-by: Sylvain Baubeau <sbaubeau@redhat.com>
---
 playbooks/common/openshift-node/config.yml | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'playbooks/common/openshift-node')

diff --git a/playbooks/common/openshift-node/config.yml b/playbooks/common/openshift-node/config.yml
index a14ca8e11..e39e9164c 100644
--- a/playbooks/common/openshift-node/config.yml
+++ b/playbooks/common/openshift-node/config.yml
@@ -84,6 +84,7 @@
   vars:
     sync_tmpdir: "{{ hostvars.localhost.mktemp.stdout }}"
     openshift_node_master_api_url: "{{ hostvars[groups.oo_first_master.0].openshift.master.api_url }}"
+    etcd_urls: "{{ hostvars[groups.oo_first_master.0].openshift.master.etcd_urls }}"
   pre_tasks:
   - name: Ensure certificate directory exists
     file:
@@ -100,6 +101,8 @@
     when: certs_missing
   roles:
   - openshift_node
+  - role: flannel
+    when: openshift.common.use_flannel | bool
   - role: nickhammond.logrotate
   - role: fluentd_node
     when: openshift.common.use_fluentd | bool
-- 
cgit v1.2.3


From bb30f53935399fee9dcaf42664fe8678dd157ee1 Mon Sep 17 00:00:00 2001
From: Sylvain Baubeau <sbaubeau@redhat.com>
Date: Mon, 19 Oct 2015 15:50:07 +0200
Subject: Generate etcd certificats for flannel when is not embedded

---
 playbooks/common/openshift-node/config.yml | 70 ++++++++++++++++++++++++++++++
 1 file changed, 70 insertions(+)

(limited to 'playbooks/common/openshift-node')

diff --git a/playbooks/common/openshift-node/config.yml b/playbooks/common/openshift-node/config.yml
index e39e9164c..5f0f329c4 100644
--- a/playbooks/common/openshift-node/config.yml
+++ b/playbooks/common/openshift-node/config.yml
@@ -38,6 +38,21 @@
       node_subdir: node-{{ openshift.common.hostname }}
       config_dir: "{{ openshift.common.config_base }}/generated-configs/node-{{ openshift.common.hostname }}"
       node_cert_dir: "{{ openshift.common.config_base }}/node"
+  - name: Check status of flannel external etcd certificates
+    stat:
+      path: "{{ openshift.common.config_base }}/node/{{ item }}"
+    with_items:
+    - node.etcd-client.crt
+    - node.etcd-ca.crt
+    register: g_external_etcd_flannel_cert_stat_result
+  - set_fact:
+      etcd_client_flannel_certs_missing: "{{ g_external_etcd_flannel_cert_stat_result.results
+                                             | map(attribute='stat.exists')
+                                             | list | intersect([false])}}"
+      etcd_cert_subdir: openshift-node-{{ openshift.common.hostname }}
+      etcd_cert_config_dir: "{{ openshift.common.config_base }}/node"
+      etcd_cert_prefix: node.etcd-
+    when: groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config
 
 - name: Create temp directory for syncing certs
   hosts: localhost
@@ -50,6 +65,60 @@
     register: mktemp
     changed_when: False
 
+- name: Configure flannel etcd certificates
+  hosts: oo_first_etcd
+  vars:
+    etcd_generated_certs_dir: /etc/etcd/generated_certs
+    etcd_needing_client_certs: "{{ hostvars
+                                   | oo_select_keys(groups['oo_nodes_to_config'])
+                                   | oo_filter_list(filter_attr='etcd_client_flannel_certs_missing') }}"
+    sync_tmpdir: "{{ hostvars.localhost.mktemp.stdout }}"
+  pre_tasks:
+  roles:
+  - role: etcd_certificates
+  post_tasks:
+  - name: Create a tarball of the etcd flannel certs
+    command: >
+      tar -czvf {{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz
+        -C {{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }} .
+    args:
+      creates: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz"
+    with_items: etcd_needing_client_certs
+  - name: Retrieve the etcd cert tarballs
+    fetch:
+      src: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz"
+      dest: "{{ sync_tmpdir }}/"
+      flat: yes
+      fail_on_missing: yes
+      validate_checksum: yes
+    with_items: etcd_needing_client_certs
+
+- name: Copy the external etcd flannel certs to the nodes
+  hosts: oo_nodes_to_config
+  vars:
+    sync_tmpdir: "{{ hostvars.localhost.mktemp.stdout }}"
+  tasks:
+  - name: Ensure certificate directory exists
+    file:
+      path: "{{ openshift.common.config_base }}/node"
+      state: directory
+    when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing
+  - name: Unarchive the tarball on the master
+    unarchive:
+      src: "{{ sync_tmpdir }}/{{ etcd_cert_subdir }}.tgz"
+      dest: "{{ etcd_cert_config_dir }}"
+    when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing
+  - file:
+      path: "{{ etcd_cert_config_dir }}/{{ item }}"
+      owner: root
+      group: root
+      mode: 0600
+    with_items:
+    - node.etcd-client.crt
+    - node.etcd-client.key
+    - node.etcd-ca.crt
+    when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing
+
 - name: Create node certificates
   hosts: oo_first_master
   vars:
@@ -85,6 +154,7 @@
     sync_tmpdir: "{{ hostvars.localhost.mktemp.stdout }}"
     openshift_node_master_api_url: "{{ hostvars[groups.oo_first_master.0].openshift.master.api_url }}"
     etcd_urls: "{{ hostvars[groups.oo_first_master.0].openshift.master.etcd_urls }}"
+    embedded_etcd: "{{ hostvars[groups.oo_first_master.0].openshift.master.embedded_etcd }}"
   pre_tasks:
   - name: Ensure certificate directory exists
     file:
-- 
cgit v1.2.3


From 4db5a237af8b826b52622e1b79017df98611ab10 Mon Sep 17 00:00:00 2001
From: Sylvain Baubeau <sbaubeau@redhat.com>
Date: Tue, 27 Oct 2015 16:16:44 +0100
Subject: Check etcd certs exist for flannel when its support is enabled

---
 playbooks/common/openshift-node/config.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'playbooks/common/openshift-node')

diff --git a/playbooks/common/openshift-node/config.yml b/playbooks/common/openshift-node/config.yml
index 5f0f329c4..ba96b4a78 100644
--- a/playbooks/common/openshift-node/config.yml
+++ b/playbooks/common/openshift-node/config.yml
@@ -52,7 +52,7 @@
       etcd_cert_subdir: openshift-node-{{ openshift.common.hostname }}
       etcd_cert_config_dir: "{{ openshift.common.config_base }}/node"
       etcd_cert_prefix: node.etcd-
-    when: groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config
+    when: groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config and (openshift.common.use_flannel | bool)
 
 - name: Create temp directory for syncing certs
   hosts: localhost
-- 
cgit v1.2.3


From 53988dfe57a2c061f111cdb3bfe464796a49dba0 Mon Sep 17 00:00:00 2001
From: Andrew Butcher <abutcher@redhat.com>
Date: Sun, 8 Nov 2015 12:34:23 -0500
Subject: Conditionals for flannel etcd client certs.

---
 playbooks/common/openshift-node/config.yml | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

(limited to 'playbooks/common/openshift-node')

diff --git a/playbooks/common/openshift-node/config.yml b/playbooks/common/openshift-node/config.yml
index ba96b4a78..8da9e231f 100644
--- a/playbooks/common/openshift-node/config.yml
+++ b/playbooks/common/openshift-node/config.yml
@@ -45,6 +45,7 @@
     - node.etcd-client.crt
     - node.etcd-ca.crt
     register: g_external_etcd_flannel_cert_stat_result
+    when: groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config and (openshift.common.use_flannel | bool)
   - set_fact:
       etcd_client_flannel_certs_missing: "{{ g_external_etcd_flannel_cert_stat_result.results
                                              | map(attribute='stat.exists')
@@ -69,11 +70,13 @@
   hosts: oo_first_etcd
   vars:
     etcd_generated_certs_dir: /etc/etcd/generated_certs
-    etcd_needing_client_certs: "{{ hostvars
-                                   | oo_select_keys(groups['oo_nodes_to_config'])
-                                   | oo_filter_list(filter_attr='etcd_client_flannel_certs_missing') }}"
     sync_tmpdir: "{{ hostvars.localhost.mktemp.stdout }}"
   pre_tasks:
+  - set_fact:
+      etcd_needing_client_certs: "{{ hostvars
+                                   | oo_select_keys(groups['oo_nodes_to_config'])
+                                   | oo_filter_list(filter_attr='etcd_client_flannel_certs_missing') | default([]) }}"
+    when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing
   roles:
   - role: etcd_certificates
   post_tasks:
@@ -84,6 +87,7 @@
     args:
       creates: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz"
     with_items: etcd_needing_client_certs
+    when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing
   - name: Retrieve the etcd cert tarballs
     fetch:
       src: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz"
@@ -92,6 +96,7 @@
       fail_on_missing: yes
       validate_checksum: yes
     with_items: etcd_needing_client_certs
+    when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing
 
 - name: Copy the external etcd flannel certs to the nodes
   hosts: oo_nodes_to_config
-- 
cgit v1.2.3