From 3778662ef816b2bb0a3788ed65229b45622a0139 Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Fri, 21 Aug 2015 23:49:49 -0400 Subject: Start of true master ha --- playbooks/common/openshift-master/config.yml | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) (limited to 'playbooks/common') diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index 59c4b2370..84ce65f48 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -34,7 +34,9 @@ - role: common local_facts: hostname: "{{ openshift_hostname | default(None) }}" + ip: "{{ openshift_ip | default(None) }}" public_hostname: "{{ openshift_public_hostname | default(None) }}" + public_ip: "{{ openshift_public_ip | default(None) }}" deployment_type: "{{ openshift_deployment_type }}" - role: master local_facts: @@ -207,6 +209,30 @@ parsed_named_certificates: "{{ openshift_master_named_certificates | oo_parse_certificate_names(master_cert_config_dir, openshift.common.internal_hostnames) }}" when: openshift_master_named_certificates is defined +- name: Compute haproxy_backend_servers + hosts: localhost + connection: local + sudo: false + gather_facts: no + tasks: + - set_fact: + haproxy_backend_servers: "{{ hostvars | oo_select_keys(groups['oo_masters_to_config']) | oo_haproxy_backend_masters }}" + +- name: Configure load balancers + hosts: oo_first_master + vars: + haproxy_frontends: + - name: atomic-openshift + bind: "*:80" + default_backend: atomic-openshift + haproxy_backends: + - name: atomic-openshift + balance: roundrobin + servers: "{{ hostvars.localhost.haproxy_backend_servers }}" + roles: + - role: haproxy + when: groups.oo_masters_to_config | length > 1 + - name: Configure master instances hosts: oo_masters_to_config vars: -- cgit v1.2.3 From 51bcc78aea4015bf23d06b621b57de675b21e7cf Mon Sep 17 00:00:00 2001 From: Andrew Butcher Date: Thu, 22 Oct 2015 13:58:38 -0400 Subject: additional native ha changes --- playbooks/common/openshift-master/config.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'playbooks/common') diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index 84ce65f48..e5357f6e3 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -239,7 +239,7 @@ named_certificates: "{{ hostvars[groups['oo_first_master'][0]]['parsed_named_certificates'] | default([])}}" sync_tmpdir: "{{ hostvars.localhost.g_master_mktemp.stdout }}" openshift_master_ha: "{{ groups.oo_masters_to_config | length > 1 }}" - embedded_etcd: "{{ openshift.master.embedded_etcd }}" + openshift_master_count: "{{ groups.oo_masters_to_config | length }}" pre_tasks: - name: Ensure certificate directory exists file: @@ -264,11 +264,11 @@ - name: Additional master configuration hosts: oo_first_master vars: - openshift_master_ha: "{{ groups.oo_masters_to_config | length > 1 }}" - omc_cluster_hosts: "{{ groups.oo_masters_to_config | join(' ')}}" + #openshift_master_ha: "{{ groups.oo_masters_to_config | length > 1 }}" + # omc_cluster_hosts: "{{ groups.oo_masters_to_config | join(' ')}}" roles: - - role: openshift_master_cluster - when: openshift_master_ha | bool +# - role: openshift_master_cluster +# when: openshift_master_ha | bool - openshift_examples - role: openshift_cluster_metrics when: openshift.common.use_cluster_metrics | bool -- cgit v1.2.3 From 18c877db73dcb63b1402322fe8352505006e4985 Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Tue, 25 Aug 2015 08:42:20 -0400 Subject: additional ha related updates --- playbooks/common/openshift-cluster/config.yml | 8 +++++ playbooks/common/openshift-master/config.yml | 49 +++++++++++++++++++++++---- 2 files changed, 51 insertions(+), 6 deletions(-) (limited to 'playbooks/common') diff --git a/playbooks/common/openshift-cluster/config.yml b/playbooks/common/openshift-cluster/config.yml index 57de7130b..b66ca4709 100644 --- a/playbooks/common/openshift-cluster/config.yml +++ b/playbooks/common/openshift-cluster/config.yml @@ -1,6 +1,14 @@ --- - include: evaluate_groups.yml + - name: Evaluate oo_lb_to_config + add_host: + name: "{{ item }}" + groups: oo_lb_to_config + ansible_ssh_user: "{{ g_ssh_user | default(omit) }}" + ansible_sudo: "{{ g_sudo | default(omit) }}" + with_items: groups[g_lb_group] | default(groups[g_masters_group]) | default([]) + - include: ../openshift-etcd/config.yml - include: ../openshift-master/config.yml diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index e5357f6e3..e223e3d57 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -209,7 +209,24 @@ parsed_named_certificates: "{{ openshift_master_named_certificates | oo_parse_certificate_names(master_cert_config_dir, openshift.common.internal_hostnames) }}" when: openshift_master_named_certificates is defined -- name: Compute haproxy_backend_servers +- name: Fetch master server certificate for load balancer + hosts: oo_first_master + vars: + sync_tmpdir: "{{ hostvars.localhost.g_master_mktemp.stdout }}" + tasks: + - file: + path: "{{ sync_tmpdir }}/haproxy_cert" + state: directory + - fetch: + src: /etc/origin/master/master.server.crt + dest: "{{ sync_tmpdir }}/haproxy_cert/server.crt" + flat: yes + - fetch: + src: /etc/origin/master/master.server.key + dest: "{{ sync_tmpdir }}/haproxy_cert/server.key" + flat: yes + +- name: Compute haproxy_backend_servers and combine certificate hosts: localhost connection: local sudo: false @@ -217,24 +234,44 @@ tasks: - set_fact: haproxy_backend_servers: "{{ hostvars | oo_select_keys(groups['oo_masters_to_config']) | oo_haproxy_backend_masters }}" + - shell: cat server.crt server.key > server.pem + args: + chdir: "{{ g_master_mktemp.stdout }}/haproxy_cert" + creates: "{{ g_master_mktemp.stdout }}/haproxy_cert/server.pem" + - name: Configure load balancers - hosts: oo_first_master + hosts: oo_lb_to_config vars: + sync_tmpdir: "{{ hostvars.localhost.g_master_mktemp.stdout }}" haproxy_frontends: - - name: atomic-openshift - bind: "*:80" - default_backend: atomic-openshift + - name: atomic-openshift-api + options: + - tcplog + binds: + - "*:{{ hostvars[groups.oo_first_master.0].openshift.master.api_port }} ssl crt /etc/haproxy/server.pem" + default_backend: atomic-openshift-api haproxy_backends: - - name: atomic-openshift + - name: atomic-openshift-api balance: roundrobin servers: "{{ hostvars.localhost.haproxy_backend_servers }}" + pre_tasks: + - file: + path: /etc/haproxy + state: directory + - copy: + src: "{{ sync_tmpdir }}/haproxy_cert/server.pem" + dest: /etc/haproxy/server.pem + mode: 0600 + owner: root + group: root roles: - role: haproxy when: groups.oo_masters_to_config | length > 1 - name: Configure master instances hosts: oo_masters_to_config + serial: 1 vars: named_certificates: "{{ hostvars[groups['oo_first_master'][0]]['parsed_named_certificates'] | default([])}}" sync_tmpdir: "{{ hostvars.localhost.g_master_mktemp.stdout }}" -- cgit v1.2.3 From ac0f4cb56e1469e9033e3a218265bc70f774624d Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Tue, 25 Aug 2015 14:40:08 -0400 Subject: more tweaks --- playbooks/common/openshift-master/config.yml | 44 ++++++---------------------- 1 file changed, 9 insertions(+), 35 deletions(-) (limited to 'playbooks/common') diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index e223e3d57..67068e001 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -170,6 +170,10 @@ masters_needing_certs: "{{ hostvars | oo_select_keys(groups['oo_masters_to_config'] | difference(groups['oo_first_master'])) | oo_filter_list(filter_attr='master_certs_missing') }}" + master_hostnames: "{{ hostvars + | oo_select_keys(groups['oo_masters_to_config']) + | oo_collect('openshift.common.all_hostnames') + | oo_flatten | unique }}" sync_tmpdir: "{{ hostvars.localhost.g_master_mktemp.stdout }}" roles: - openshift_master_certificates @@ -209,24 +213,7 @@ parsed_named_certificates: "{{ openshift_master_named_certificates | oo_parse_certificate_names(master_cert_config_dir, openshift.common.internal_hostnames) }}" when: openshift_master_named_certificates is defined -- name: Fetch master server certificate for load balancer - hosts: oo_first_master - vars: - sync_tmpdir: "{{ hostvars.localhost.g_master_mktemp.stdout }}" - tasks: - - file: - path: "{{ sync_tmpdir }}/haproxy_cert" - state: directory - - fetch: - src: /etc/origin/master/master.server.crt - dest: "{{ sync_tmpdir }}/haproxy_cert/server.crt" - flat: yes - - fetch: - src: /etc/origin/master/master.server.key - dest: "{{ sync_tmpdir }}/haproxy_cert/server.key" - flat: yes - -- name: Compute haproxy_backend_servers and combine certificate +- name: Compute haproxy_backend_servers hosts: localhost connection: local sudo: false @@ -234,11 +221,6 @@ tasks: - set_fact: haproxy_backend_servers: "{{ hostvars | oo_select_keys(groups['oo_masters_to_config']) | oo_haproxy_backend_masters }}" - - shell: cat server.crt server.key > server.pem - args: - chdir: "{{ g_master_mktemp.stdout }}/haproxy_cert" - creates: "{{ g_master_mktemp.stdout }}/haproxy_cert/server.pem" - - name: Configure load balancers hosts: oo_lb_to_config @@ -246,32 +228,24 @@ sync_tmpdir: "{{ hostvars.localhost.g_master_mktemp.stdout }}" haproxy_frontends: - name: atomic-openshift-api + mode: tcp options: - tcplog binds: - - "*:{{ hostvars[groups.oo_first_master.0].openshift.master.api_port }} ssl crt /etc/haproxy/server.pem" + - "*:{{ hostvars[groups.oo_first_master.0].openshift.master.api_port }}" default_backend: atomic-openshift-api haproxy_backends: - name: atomic-openshift-api + mode: tcp + option: tcplog balance: roundrobin servers: "{{ hostvars.localhost.haproxy_backend_servers }}" - pre_tasks: - - file: - path: /etc/haproxy - state: directory - - copy: - src: "{{ sync_tmpdir }}/haproxy_cert/server.pem" - dest: /etc/haproxy/server.pem - mode: 0600 - owner: root - group: root roles: - role: haproxy when: groups.oo_masters_to_config | length > 1 - name: Configure master instances hosts: oo_masters_to_config - serial: 1 vars: named_certificates: "{{ hostvars[groups['oo_first_master'][0]]['parsed_named_certificates'] | default([])}}" sync_tmpdir: "{{ hostvars.localhost.g_master_mktemp.stdout }}" -- cgit v1.2.3 From 037d77599632faa81f0c6ca1e912a19f04628b55 Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Tue, 25 Aug 2015 15:48:42 -0400 Subject: more tweaks --- playbooks/common/openshift-master/config.yml | 1 + 1 file changed, 1 insertion(+) (limited to 'playbooks/common') diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index 67068e001..9de72fcde 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -246,6 +246,7 @@ - name: Configure master instances hosts: oo_masters_to_config + serial: 1 vars: named_certificates: "{{ hostvars[groups['oo_first_master'][0]]['parsed_named_certificates'] | default([])}}" sync_tmpdir: "{{ hostvars.localhost.g_master_mktemp.stdout }}" -- cgit v1.2.3 From 16e085b44ba3e3328ec7d8a5dd5e2331c7f633a6 Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Wed, 26 Aug 2015 12:54:29 -0400 Subject: default to source persistence for haproxy --- playbooks/common/openshift-master/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'playbooks/common') diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index 9de72fcde..d1aa9c85c 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -238,7 +238,7 @@ - name: atomic-openshift-api mode: tcp option: tcplog - balance: roundrobin + balance: source servers: "{{ hostvars.localhost.haproxy_backend_servers }}" roles: - role: haproxy -- cgit v1.2.3 From ca9f4f08fbf14f9edfa7331e327cf92a25cd4401 Mon Sep 17 00:00:00 2001 From: Andrew Butcher Date: Tue, 22 Sep 2015 16:42:36 -0400 Subject: Various HA changes for pacemaker and native methods. --- playbooks/common/openshift-cluster/config.yml | 10 +--- .../common/openshift-cluster/evaluate_groups.yml | 8 ++++ playbooks/common/openshift-master/config.yml | 54 ++++++++++++++++++++-- 3 files changed, 58 insertions(+), 14 deletions(-) (limited to 'playbooks/common') diff --git a/playbooks/common/openshift-cluster/config.yml b/playbooks/common/openshift-cluster/config.yml index b66ca4709..a8bd634d3 100644 --- a/playbooks/common/openshift-cluster/config.yml +++ b/playbooks/common/openshift-cluster/config.yml @@ -1,14 +1,6 @@ --- - include: evaluate_groups.yml - - name: Evaluate oo_lb_to_config - add_host: - name: "{{ item }}" - groups: oo_lb_to_config - ansible_ssh_user: "{{ g_ssh_user | default(omit) }}" - ansible_sudo: "{{ g_sudo | default(omit) }}" - with_items: groups[g_lb_group] | default(groups[g_masters_group]) | default([]) - - include: ../openshift-etcd/config.yml - include: ../openshift-master/config.yml @@ -16,4 +8,4 @@ - include: ../openshift-node/config.yml vars: osn_cluster_dns_domain: "{{ hostvars[groups.oo_first_master.0].openshift.dns.domain }}" - osn_cluster_dns_ip: "{{ hostvars[groups.oo_first_master.0].openshift.dns.ip }}" + osn_cluster_dns_ip: "{{ hostvars[groups.oo_first_master.0].cluster_dns_ip }}" diff --git a/playbooks/common/openshift-cluster/evaluate_groups.yml b/playbooks/common/openshift-cluster/evaluate_groups.yml index 1919660dd..a787ba0d3 100644 --- a/playbooks/common/openshift-cluster/evaluate_groups.yml +++ b/playbooks/common/openshift-cluster/evaluate_groups.yml @@ -62,3 +62,11 @@ ansible_ssh_user: "{{ g_ssh_user | default(omit) }}" ansible_sudo: "{{ g_sudo | default(omit) }}" when: g_masters_group in groups and (groups[g_masters_group] | length) > 0 + + - name: Evaluate oo_lb_to_config + add_host: + name: "{{ item }}" + groups: oo_lb_to_config + ansible_ssh_user: "{{ g_ssh_user | default(omit) }}" + ansible_sudo: "{{ g_sudo | default(omit) }}" + with_items: groups[g_lb_group] | default([]) diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index d1aa9c85c..64376040f 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -46,7 +46,6 @@ public_api_url: "{{ openshift_master_public_api_url | default(None) }}" cluster_hostname: "{{ openshift_master_cluster_hostname | default(None) }}" cluster_public_hostname: "{{ openshift_master_cluster_public_hostname | default(None) }}" - cluster_defer_ha: "{{ openshift_master_cluster_defer_ha | default(None) }}" console_path: "{{ openshift_master_console_path | default(None) }}" console_port: "{{ openshift_master_console_port | default(None) }}" console_url: "{{ openshift_master_console_url | default(None) }}" @@ -244,6 +243,35 @@ - role: haproxy when: groups.oo_masters_to_config | length > 1 +- name: Generate master session keys + hosts: oo_first_master + tasks: + - fail: + msg: "Both openshift_master_session_auth_secrets and openshift_master_session_encryption_secrets must be provided if either variable is set" + when: (openshift_master_session_auth_secrets is defined and openshift_master_session_encryption_secrets is not defined) or (openshift_master_session_encryption_secrets is defined and openshift_master_session_auth_secrets is not defined) + - fail: + msg: "openshift_master_session_auth_secrets and openshift_master_encryption_secrets must be equal length" + when: (openshift_master_session_auth_secrets is defined and openshift_master_session_encryption_secrets is defined) and (openshift_master_session_auth_secrets | length != openshift_master_session_encryption_secrets | length) + - name: Generate session authentication key + command: /usr/bin/openssl rand -base64 24 + register: session_auth_output + with_sequence: count=1 + when: openshift_master_session_auth_secrets is undefined + - name: Generate session encryption key + command: /usr/bin/openssl rand -base64 24 + register: session_encryption_output + with_sequence: count=1 + when: openshift_master_session_encryption_secrets is undefined + - set_fact: + session_auth_secret: "{{ openshift_master_session_auth_secrets + | default(session_auth_output.results + | map(attribute='stdout') + | list) }}" + session_encryption_secret: "{{ openshift_master_session_encryption_secrets + | default(session_encryption_output.results + | map(attribute='stdout') + | list) }}" + - name: Configure master instances hosts: oo_masters_to_config serial: 1 @@ -252,6 +280,8 @@ sync_tmpdir: "{{ hostvars.localhost.g_master_mktemp.stdout }}" openshift_master_ha: "{{ groups.oo_masters_to_config | length > 1 }}" openshift_master_count: "{{ groups.oo_masters_to_config | length }}" + openshift_master_session_auth_secrets: "{{ hostvars[groups['oo_first_master'][0]]['session_auth_secret'] }}" + openshift_master_session_encryption_secrets: "{{ hostvars[groups['oo_first_master'][0]]['session_encryption_secret'] }}" pre_tasks: - name: Ensure certificate directory exists file: @@ -276,15 +306,29 @@ - name: Additional master configuration hosts: oo_first_master vars: - #openshift_master_ha: "{{ groups.oo_masters_to_config | length > 1 }}" - # omc_cluster_hosts: "{{ groups.oo_masters_to_config | join(' ')}}" + openshift_master_ha: "{{ groups.oo_masters_to_config | length > 1 }}" + omc_cluster_hosts: "{{ groups.oo_masters_to_config | join(' ')}}" roles: -# - role: openshift_master_cluster -# when: openshift_master_ha | bool + - role: openshift_master_cluster + when: openshift_master_ha | bool and openshift.master.cluster_method == "pacemaker" - openshift_examples - role: openshift_cluster_metrics when: openshift.common.use_cluster_metrics | bool +- name: Determine cluster dns ip + hosts: oo_first_master + tasks: + - name: Get master service ip + command: "{{ openshift.common.client_binary }} get -o template svc kubernetes --template=\\{\\{.spec.clusterIP\\}\\}" + register: master_service_ip_output + when: openshift.common.version_greater_than_3_1_or_1_1 | bool + - set_fact: + cluster_dns_ip: "{{ hostvars[groups.oo_first_master.0].openshift.dns.ip }}" + when: not openshift.common.version_greater_than_3_1_or_1_1 | bool + - set_fact: + cluster_dns_ip: "{{ master_service_ip_output.stdout }}" + when: openshift.common.version_greater_than_3_1_or_1_1 | bool + - name: Enable cockpit hosts: oo_first_master vars: -- cgit v1.2.3