From f752eaccbb1a5f0e2c1d36502f755d022a21d073 Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Fri, 10 Jul 2015 15:04:26 -0400 Subject: Playbook updates for clustered etcd - Add support to bin/cluster for specifying etcd hosts - defaults to 0, if no etcd hosts are selected, then configures embedded etcd - Updates for the byo inventory file for etcd and master as node by default - Consolidation of cluster logic more centrally into common playbook - Added etcd config support to playbooks - Restructured byo playbooks to leverage the common openshift-cluster playbook - Added support to common master playbook to generate and apply external etcd client certs from the etcd ca - start of refactor for better handling of master certs in a multi-master environment. - added the openshift_master_ca and openshift_master_certificates roles to manage master certs instead of generating them in the openshift_master role - added etcd host groups to the cluster update playbooks - aded better handling of host groups when they are either not present or are empty. - Update AWS readme --- roles/openshift_master_ca/README.md | 34 ++++++++++++++++++++++++++++++++ roles/openshift_master_ca/meta/main.yml | 16 +++++++++++++++ roles/openshift_master_ca/tasks/main.yml | 22 +++++++++++++++++++++ roles/openshift_master_ca/vars/main.yml | 5 +++++ 4 files changed, 77 insertions(+) create mode 100644 roles/openshift_master_ca/README.md create mode 100644 roles/openshift_master_ca/meta/main.yml create mode 100644 roles/openshift_master_ca/tasks/main.yml create mode 100644 roles/openshift_master_ca/vars/main.yml (limited to 'roles/openshift_master_ca') diff --git a/roles/openshift_master_ca/README.md b/roles/openshift_master_ca/README.md new file mode 100644 index 000000000..5b2d3601b --- /dev/null +++ b/roles/openshift_master_ca/README.md @@ -0,0 +1,34 @@ +OpenShift Master CA +======================== + +TODO + +Requirements +------------ + +TODO + +Role Variables +-------------- + +TODO + +Dependencies +------------ + +TODO + +Example Playbook +---------------- + +TODO + +License +------- + +Apache License Version 2.0 + +Author Information +------------------ + +Jason DeTiberus (jdetiber@redhat.com) diff --git a/roles/openshift_master_ca/meta/main.yml b/roles/openshift_master_ca/meta/main.yml new file mode 100644 index 000000000..f3236e850 --- /dev/null +++ b/roles/openshift_master_ca/meta/main.yml @@ -0,0 +1,16 @@ +--- +galaxy_info: + author: Jason DeTiberus + description: + company: Red Hat, Inc. + license: Apache License, Version 2.0 + min_ansible_version: 1.8 + platforms: + - name: EL + versions: + - 7 + categories: + - cloud + - system +dependencies: +- { role: openshift_facts } diff --git a/roles/openshift_master_ca/tasks/main.yml b/roles/openshift_master_ca/tasks/main.yml new file mode 100644 index 000000000..8163ecd7f --- /dev/null +++ b/roles/openshift_master_ca/tasks/main.yml @@ -0,0 +1,22 @@ +--- +- name: Install the OpenShift package for admin tooling + yum: pkg=openshift state=present + register: install_result + +- name: Reload generated facts + openshift_facts: + +- name: Create openshift_master_config_dir if it doesn't exist + file: + path: "{{ openshift_master_config_dir }}" + state: directory + +- name: Create the master certificates if they do not already exist + command: > + {{ openshift.common.admin_binary }} create-master-certs + --hostnames={{ openshift.common.hostname }},{{ openshift.common.public_hostname }} + --master={{ openshift.master.api_url }} + --public-master={{ openshift.master.public_api_url }} + --cert-dir={{ openshift_master_config_dir }} --overwrite=false + args: + creates: "{{ openshift_master_config_dir }}/master.server.key" diff --git a/roles/openshift_master_ca/vars/main.yml b/roles/openshift_master_ca/vars/main.yml new file mode 100644 index 000000000..2925680bb --- /dev/null +++ b/roles/openshift_master_ca/vars/main.yml @@ -0,0 +1,5 @@ +--- +openshift_master_config_dir: /etc/openshift/master +openshift_master_ca_cert: "{{ openshift_master_config_dir }}/ca.crt" +openshift_master_ca_key: "{{ openshift_master_config_dir }}/ca.key" +openshift_master_ca_serial: "{{ openshift_master_config_dir }}/ca.serial.txt" -- cgit v1.2.3 From 6b4282004a4331d9db0e0ab857c96d83a738d82c Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Tue, 14 Jul 2015 14:48:38 -0400 Subject: Initial HA master - Ability to specify multiple masters - configures the CA only a single time on the first master - creates and distributes additional certs for additional master hosts - Depending on the status of openshift_master_cluster_defer_ha (defaults to False) one of two actions are taken when multiple masters are defined 1. If openshift_master_cluster_defer_ha is true a. Certs/configs for all masters are deployed b. openshift-master service is only started and enabled on the master c. HA configuration is expected to be handled by the user manually after the completion of the playbook run. 2. If oepnshift_master_cluster_defer_ha is false or undefined a. Certs/configs for all masters are deployed b. a Pacemaker/RHEL HA cluster is configured i. VIPs are configured based on the values of openshift_master_cluster_vip and openshift_master_cluster_plublic_vip ii. The openshift-master service is configured as an active/passive cluster service --- roles/openshift_master_ca/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'roles/openshift_master_ca') diff --git a/roles/openshift_master_ca/tasks/main.yml b/roles/openshift_master_ca/tasks/main.yml index 8163ecd7f..03eb7e15f 100644 --- a/roles/openshift_master_ca/tasks/main.yml +++ b/roles/openshift_master_ca/tasks/main.yml @@ -14,7 +14,7 @@ - name: Create the master certificates if they do not already exist command: > {{ openshift.common.admin_binary }} create-master-certs - --hostnames={{ openshift.common.hostname }},{{ openshift.common.public_hostname }} + --hostnames={{ openshift.common.all_hostnames | join(',') }} --master={{ openshift.master.api_url }} --public-master={{ openshift.master.public_api_url }} --cert-dir={{ openshift_master_config_dir }} --overwrite=false -- cgit v1.2.3 From 638eeaff58fd871d145ca2037f5493dfbbd38ce0 Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Fri, 17 Jul 2015 21:37:08 -0400 Subject: Update dependencies to ensure repos are available before openshift_master_* and etcd_* roles are run --- roles/openshift_master_ca/meta/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'roles/openshift_master_ca') diff --git a/roles/openshift_master_ca/meta/main.yml b/roles/openshift_master_ca/meta/main.yml index f3236e850..0c8881521 100644 --- a/roles/openshift_master_ca/meta/main.yml +++ b/roles/openshift_master_ca/meta/main.yml @@ -13,4 +13,4 @@ galaxy_info: - cloud - system dependencies: -- { role: openshift_facts } +- { role: openshift_repos } -- cgit v1.2.3 From 1b3fff6248fbd6788a26ee2b6c60f7731891c0f4 Mon Sep 17 00:00:00 2001 From: Avesh Agarwal Date: Fri, 19 Jun 2015 14:41:10 -0400 Subject: Atomic Enterprise related changes. --- roles/openshift_master_ca/tasks/main.yml | 4 ++-- roles/openshift_master_ca/vars/main.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'roles/openshift_master_ca') diff --git a/roles/openshift_master_ca/tasks/main.yml b/roles/openshift_master_ca/tasks/main.yml index 03eb7e15f..303dc9c5d 100644 --- a/roles/openshift_master_ca/tasks/main.yml +++ b/roles/openshift_master_ca/tasks/main.yml @@ -1,6 +1,6 @@ --- -- name: Install the OpenShift package for admin tooling - yum: pkg=openshift state=present +- name: Install the base package for admin tooling + yum: pkg={{ openshift.common.service_type }} state=present register: install_result - name: Reload generated facts diff --git a/roles/openshift_master_ca/vars/main.yml b/roles/openshift_master_ca/vars/main.yml index 2925680bb..1f6af808c 100644 --- a/roles/openshift_master_ca/vars/main.yml +++ b/roles/openshift_master_ca/vars/main.yml @@ -1,5 +1,5 @@ --- -openshift_master_config_dir: /etc/openshift/master +openshift_master_config_dir: "{{ openshift.common.config_base }}/master" openshift_master_ca_cert: "{{ openshift_master_config_dir }}/ca.crt" openshift_master_ca_key: "{{ openshift_master_config_dir }}/ca.key" openshift_master_ca_serial: "{{ openshift_master_config_dir }}/ca.serial.txt" -- cgit v1.2.3 From 633c651285b53ee154cd497513ded4a26c88d991 Mon Sep 17 00:00:00 2001 From: Scott Dodson Date: Thu, 3 Sep 2015 15:30:03 -0400 Subject: Add openshift_version to set RPM versions Mostly necessary for debugging / testing upgrade paths --- roles/openshift_master_ca/tasks/main.yml | 2 +- roles/openshift_master_ca/vars/main.yml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) (limited to 'roles/openshift_master_ca') diff --git a/roles/openshift_master_ca/tasks/main.yml b/roles/openshift_master_ca/tasks/main.yml index 303dc9c5d..5c9639ea5 100644 --- a/roles/openshift_master_ca/tasks/main.yml +++ b/roles/openshift_master_ca/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Install the base package for admin tooling - yum: pkg={{ openshift.common.service_type }} state=present + yum: pkg={{ openshift.common.service_type }}{{ openshift_version }} state=present register: install_result - name: Reload generated facts diff --git a/roles/openshift_master_ca/vars/main.yml b/roles/openshift_master_ca/vars/main.yml index 1f6af808c..9e9561e02 100644 --- a/roles/openshift_master_ca/vars/main.yml +++ b/roles/openshift_master_ca/vars/main.yml @@ -3,3 +3,4 @@ openshift_master_config_dir: "{{ openshift.common.config_base }}/master" openshift_master_ca_cert: "{{ openshift_master_config_dir }}/ca.crt" openshift_master_ca_key: "{{ openshift_master_config_dir }}/ca.key" openshift_master_ca_serial: "{{ openshift_master_config_dir }}/ca.serial.txt" +openshift_version: "{{ openshift_version | default('') }}" -- cgit v1.2.3 From 07c59ea91a8e87d1b7edbb88ae6012ac13643f52 Mon Sep 17 00:00:00 2001 From: Scott Dodson Date: Fri, 4 Sep 2015 18:32:28 -0400 Subject: Avoid a recursive loop --- roles/openshift_master_ca/vars/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'roles/openshift_master_ca') diff --git a/roles/openshift_master_ca/vars/main.yml b/roles/openshift_master_ca/vars/main.yml index 9e9561e02..b35339b18 100644 --- a/roles/openshift_master_ca/vars/main.yml +++ b/roles/openshift_master_ca/vars/main.yml @@ -3,4 +3,4 @@ openshift_master_config_dir: "{{ openshift.common.config_base }}/master" openshift_master_ca_cert: "{{ openshift_master_config_dir }}/ca.crt" openshift_master_ca_key: "{{ openshift_master_config_dir }}/ca.key" openshift_master_ca_serial: "{{ openshift_master_config_dir }}/ca.serial.txt" -openshift_version: "{{ openshift_version | default('') }}" +openshift_version: "{{ openshift_pkg_version | default('') }}" -- cgit v1.2.3 From 7f5c403e144e6ef4d39bf7b11adb4c4a8976521c Mon Sep 17 00:00:00 2001 From: Andrew Butcher Date: Wed, 21 Oct 2015 16:17:39 -0400 Subject: Add proxy client certs to master config. --- roles/openshift_master_ca/tasks/main.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'roles/openshift_master_ca') diff --git a/roles/openshift_master_ca/tasks/main.yml b/roles/openshift_master_ca/tasks/main.yml index 5c9639ea5..cfd1ceabf 100644 --- a/roles/openshift_master_ca/tasks/main.yml +++ b/roles/openshift_master_ca/tasks/main.yml @@ -18,5 +18,4 @@ --master={{ openshift.master.api_url }} --public-master={{ openshift.master.public_api_url }} --cert-dir={{ openshift_master_config_dir }} --overwrite=false - args: - creates: "{{ openshift_master_config_dir }}/master.server.key" + when: master_certs_missing -- cgit v1.2.3