summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBrenton Leanhardt <bleanhar@redhat.com>2016-03-31 11:48:36 -0400
committerBrenton Leanhardt <bleanhar@redhat.com>2016-03-31 11:48:36 -0400
commit272ee48caeeab8692f40f0f667e931879f9a0494 (patch)
tree45115294ea2abb78c2a1ccbbd36cbfbca581ca32
parentf7a9a0ce7a5057a25cea7e9f66576101a9e9f43a (diff)
parent67fda43df08a260571eb9b1d7f1ecdab5e323c41 (diff)
downloadopenshift-272ee48caeeab8692f40f0f667e931879f9a0494.tar.gz
openshift-272ee48caeeab8692f40f0f667e931879f9a0494.tar.bz2
openshift-272ee48caeeab8692f40f0f667e931879f9a0494.tar.xz
openshift-272ee48caeeab8692f40f0f667e931879f9a0494.zip
Merge pull request #1634 from abutcher/aws-cloud-provider
AWS cloud provider
-rw-r--r--inventory/byo/hosts.aep.example24
-rw-r--r--inventory/byo/hosts.origin.example24
-rw-r--r--inventory/byo/hosts.ose.example24
-rw-r--r--roles/openshift_cloud_provider/defaults/main.yml7
-rw-r--r--roles/openshift_cloud_provider/meta/main.yml15
-rw-r--r--roles/openshift_cloud_provider/tasks/aws.yml6
-rw-r--r--roles/openshift_cloud_provider/tasks/main.yml23
-rw-r--r--roles/openshift_cloud_provider/tasks/openstack.yml9
-rw-r--r--roles/openshift_cloud_provider/templates/openstack.conf.j217
-rw-r--r--roles/openshift_cloud_provider/templates/openstack/cloud.conf.j217
-rw-r--r--roles/openshift_cloud_provider/vars/main.yml4
-rw-r--r--roles/openshift_common/meta/main.yml7
-rwxr-xr-xroles/openshift_facts/library/openshift_facts.py157
-rw-r--r--roles/openshift_master/meta/main.yml1
-rw-r--r--roles/openshift_master/templates/atomic-openshift-master.j25
-rw-r--r--roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j25
-rw-r--r--roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j25
-rw-r--r--roles/openshift_node/meta/main.yml1
-rw-r--r--roles/openshift_node/tasks/main.yml15
19 files changed, 295 insertions, 71 deletions
diff --git a/inventory/byo/hosts.aep.example b/inventory/byo/hosts.aep.example
index deeea2e40..43b646c93 100644
--- a/inventory/byo/hosts.aep.example
+++ b/inventory/byo/hosts.aep.example
@@ -90,6 +90,30 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
# LDAP auth
#openshift_master_identity_providers=[{'name': 'my_ldap_provider', 'challenge': 'true', 'login': 'true', 'kind': 'LDAPPasswordIdentityProvider', 'attributes': {'id': ['dn'], 'email': ['mail'], 'name': ['cn'], 'preferredUsername': ['uid']}, 'bindDN': '', 'bindPassword': '', 'ca': '', 'insecure': 'false', 'url': 'ldap://ldap.example.com:389/ou=users,dc=example,dc=com?uid'}]
+# Cloud Provider Configuration
+#
+# Note: You may make use of environment variables rather than store
+# sensitive configuration within the ansible inventory.
+# For example:
+#openshift_cloudprovider_aws_access_key="{{ lookup('env','AWS_ACCESS_KEY_ID') }}"
+#openshift_cloudprovider_aws_secret_key="{{ lookup('env','AWS_SECRET_ACCESS_KEY') }}"
+#
+# AWS
+#openshift_cloudprovider_kind=aws
+# Note: IAM profiles may be used instead of storing API credentials on disk.
+#openshift_cloudprovider_aws_access_key=aws_access_key_id
+#openshift_cloudprovider_aws_secret_key=aws_secret_access_key
+#
+# Openstack
+#openshift_cloudprovider_kind=openstack
+#openshift_cloudprovider_openstack_auth_url=http://openstack.example.com:35357/v2.0/
+#openshift_cloudprovider_openstack_username=username
+#openshift_cloudprovider_openstack_password=password
+#openshift_cloudprovider_openstack_tenand_id=tenant_id
+#openshift_cloudprovider_openstack_tenant_name=tenant_name
+#openshift_cloudprovider_openstack_region=region
+#openshift_cloudprovider_openstack_lb_subnet_id=subnet_id
+
# Project Configuration
#osm_project_request_message=''
#osm_project_request_template=''
diff --git a/inventory/byo/hosts.origin.example b/inventory/byo/hosts.origin.example
index 8963c2ad6..8b8dbade0 100644
--- a/inventory/byo/hosts.origin.example
+++ b/inventory/byo/hosts.origin.example
@@ -95,6 +95,30 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
# LDAP auth
#openshift_master_identity_providers=[{'name': 'my_ldap_provider', 'challenge': 'true', 'login': 'true', 'kind': 'LDAPPasswordIdentityProvider', 'attributes': {'id': ['dn'], 'email': ['mail'], 'name': ['cn'], 'preferredUsername': ['uid']}, 'bindDN': '', 'bindPassword': '', 'ca': '', 'insecure': 'false', 'url': 'ldap://ldap.example.com:389/ou=users,dc=example,dc=com?uid'}]
+# Cloud Provider Configuration
+#
+# Note: You may make use of environment variables rather than store
+# sensitive configuration within the ansible inventory.
+# For example:
+#openshift_cloudprovider_aws_access_key="{{ lookup('env','AWS_ACCESS_KEY_ID') }}"
+#openshift_cloudprovider_aws_secret_key="{{ lookup('env','AWS_SECRET_ACCESS_KEY') }}"
+#
+# AWS
+#openshift_cloudprovider_kind=aws
+# Note: IAM profiles may be used instead of storing API credentials on disk.
+#openshift_cloudprovider_aws_access_key=aws_access_key_id
+#openshift_cloudprovider_aws_secret_key=aws_secret_access_key
+#
+# Openstack
+#openshift_cloudprovider_kind=openstack
+#openshift_cloudprovider_openstack_auth_url=http://openstack.example.com:35357/v2.0/
+#openshift_cloudprovider_openstack_username=username
+#openshift_cloudprovider_openstack_password=password
+#openshift_cloudprovider_openstack_tenand_id=tenant_id
+#openshift_cloudprovider_openstack_tenant_name=tenant_name
+#openshift_cloudprovider_openstack_region=region
+#openshift_cloudprovider_openstack_lb_subnet_id=subnet_id
+
# Project Configuration
#osm_project_request_message=''
#osm_project_request_template=''
diff --git a/inventory/byo/hosts.ose.example b/inventory/byo/hosts.ose.example
index b931a684d..4c6aae0bd 100644
--- a/inventory/byo/hosts.ose.example
+++ b/inventory/byo/hosts.ose.example
@@ -91,6 +91,30 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
# LDAP auth
#openshift_master_identity_providers=[{'name': 'my_ldap_provider', 'challenge': 'true', 'login': 'true', 'kind': 'LDAPPasswordIdentityProvider', 'attributes': {'id': ['dn'], 'email': ['mail'], 'name': ['cn'], 'preferredUsername': ['uid']}, 'bindDN': '', 'bindPassword': '', 'ca': '', 'insecure': 'false', 'url': 'ldap://ldap.example.com:389/ou=users,dc=example,dc=com?uid'}]
+# Cloud Provider Configuration
+#
+# Note: You may make use of environment variables rather than store
+# sensitive configuration within the ansible inventory.
+# For example:
+#openshift_cloudprovider_aws_access_key="{{ lookup('env','AWS_ACCESS_KEY_ID') }}"
+#openshift_cloudprovider_aws_secret_key="{{ lookup('env','AWS_SECRET_ACCESS_KEY') }}"
+#
+# AWS
+#openshift_cloudprovider_kind=aws
+# Note: IAM profiles may be used instead of storing API credentials on disk.
+#openshift_cloudprovider_aws_access_key=aws_access_key_id
+#openshift_cloudprovider_aws_secret_key=aws_secret_access_key
+#
+# Openstack
+#openshift_cloudprovider_kind=openstack
+#openshift_cloudprovider_openstack_auth_url=http://openstack.example.com:35357/v2.0/
+#openshift_cloudprovider_openstack_username=username
+#openshift_cloudprovider_openstack_password=password
+#openshift_cloudprovider_openstack_tenand_id=tenant_id
+#openshift_cloudprovider_openstack_tenant_name=tenant_name
+#openshift_cloudprovider_openstack_region=region
+#openshift_cloudprovider_openstack_lb_subnet_id=subnet_id
+
# Project Configuration
#osm_project_request_message=''
#osm_project_request_template=''
diff --git a/roles/openshift_cloud_provider/defaults/main.yml b/roles/openshift_cloud_provider/defaults/main.yml
deleted file mode 100644
index 6c7403232..000000000
--- a/roles/openshift_cloud_provider/defaults/main.yml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-ocp_os_auth_url: "{{ lookup('env', 'OS_AUTH_URL') }}"
-ocp_os_username: "{{ lookup('env', 'OS_USERNAME') }}"
-ocp_os_password: "{{ lookup('env', 'OS_PASSWORD') }}"
-ocp_os_tenant_id: "{{ lookup('env', 'OS_TENANT_ID') }}"
-ocp_os_tenant_name: "{{ lookup('env', 'OS_TENANT_NAME') }}"
-ocp_os_region: "{{ lookup('env', 'OS_REGION_NAME') }}"
diff --git a/roles/openshift_cloud_provider/meta/main.yml b/roles/openshift_cloud_provider/meta/main.yml
new file mode 100644
index 000000000..8ab95bf5a
--- /dev/null
+++ b/roles/openshift_cloud_provider/meta/main.yml
@@ -0,0 +1,15 @@
+---
+galaxy_info:
+ author: Sylvain Baubeau, Andrew Butcher
+ description: OpenShift Cloud Provider
+ company: Red Hat, Inc.
+ license: Apache License, Version 2.0
+ min_ansible_version: 1.9
+ platforms:
+ - name: EL
+ versions:
+ - 7
+ categories:
+ - cloud
+dependencies:
+- role: openshift_facts
diff --git a/roles/openshift_cloud_provider/tasks/aws.yml b/roles/openshift_cloud_provider/tasks/aws.yml
new file mode 100644
index 000000000..bf2abcbf5
--- /dev/null
+++ b/roles/openshift_cloud_provider/tasks/aws.yml
@@ -0,0 +1,6 @@
+- name: Create cloud config
+ ini_file:
+ dest: "{{ openshift.common.config_base }}/cloudprovider/aws.conf"
+ section: Global
+ option: Zone
+ value: "{{ openshift.provider.zone }}"
diff --git a/roles/openshift_cloud_provider/tasks/main.yml b/roles/openshift_cloud_provider/tasks/main.yml
index e14f944e8..471fd686b 100644
--- a/roles/openshift_cloud_provider/tasks/main.yml
+++ b/roles/openshift_cloud_provider/tasks/main.yml
@@ -1,3 +1,24 @@
---
+- name: Set cloud provider facts
+ openshift_facts:
+ role: cloudprovider
+ openshift_env: "{{ item | oo_openshift_env }}"
+ openshift_env_structures:
+ - 'openshift.cloudprovider.aws.*'
+ - 'openshift.cloudprovider.openstack.*'
+ no_log: true
+ with_items:
+ - "{{ hostvars[inventory_hostname] }}"
+ - "{{ hostvars }}"
+
+- name: Create cloudprovider config dir
+ file:
+ path: "{{ openshift.common.config_base }}/cloudprovider"
+ state: directory
+ when: has_cloudprovider | bool
+
- include: openstack.yml
- when: "openshift_cloud_provider is defined and openshift_cloud_provider == 'openstack' and 'provider' in openshift and openshift.provider.name == 'openstack'"
+ when: cloudprovider_is_openstack | bool
+
+- include: aws.yml
+ when: cloudprovider_is_aws | bool
diff --git a/roles/openshift_cloud_provider/tasks/openstack.yml b/roles/openshift_cloud_provider/tasks/openstack.yml
index a56f1891a..c501121e5 100644
--- a/roles/openshift_cloud_provider/tasks/openstack.yml
+++ b/roles/openshift_cloud_provider/tasks/openstack.yml
@@ -1,9 +1,10 @@
+---
- fail:
msg: "The Openstack integration requires OpenShift Enterprise 3.2 or Origin 1.2."
when: not openshift.common.version_gte_3_2_or_1_2 | bool
-- name: Create /etc/cloud.conf
+- name: Create cloud config
template:
- dest: /etc/cloud.conf
- src: openstack/cloud.conf.j2
- when: ocp_os_auth_url and ocp_os_username and ocp_os_password and (ocp_os_tenant_id or ocp_os_tenant_name) \ No newline at end of file
+ dest: "{{ openshift.common.config_base }}/cloudprovider/openstack.conf"
+ src: openstack.conf.j2
+ when: "'auth_url' in openshift.cloudprovider.openstack and 'username' in openshift.cloudprovider.openstack and 'password' in openshift.cloudprovider.openstack and ('tenant_id' in openshift.cloudprovider.openstack or 'tenant_name' in openshift.cloudprovider.openstack)"
diff --git a/roles/openshift_cloud_provider/templates/openstack.conf.j2 b/roles/openshift_cloud_provider/templates/openstack.conf.j2
new file mode 100644
index 000000000..1b70edc16
--- /dev/null
+++ b/roles/openshift_cloud_provider/templates/openstack.conf.j2
@@ -0,0 +1,17 @@
+[Global]
+auth-url = {{ openshift.cloudprovider.openstack.auth_url }}
+username = {{ openshift.cloudprovider.openstack.username }}
+password = {{ openshift.cloudprovider.openstack.password }}
+{% if 'tenant_id' in openshift.cloudprovider.openstack %}
+tenant-id = {{ openshift.cloudprovider.openstack.tenant_id }}
+{% else %}
+tenant-name = {{ openshift.cloudprovider.openstack.tenant_name }}
+{% endif %}
+{% if 'region' in openshift.cloudprovider.openstack %}
+region = {{ openshift.cloudprovider.openstack.region }}
+{% endif %}
+{% if 'lb_subnet_id' in openshift.cloudprovider.openstack %}
++
++[LoadBalancer]
++subnet-id = {{ openshift.cloudprovider.openstack.lb_subnet_id }}
++{% endif %}
diff --git a/roles/openshift_cloud_provider/templates/openstack/cloud.conf.j2 b/roles/openshift_cloud_provider/templates/openstack/cloud.conf.j2
deleted file mode 100644
index 388f3a735..000000000
--- a/roles/openshift_cloud_provider/templates/openstack/cloud.conf.j2
+++ /dev/null
@@ -1,17 +0,0 @@
-[Global]
-auth-url = {{ ocp_os_auth_url }}
-username = {{ ocp_os_username }}
-password = {{ ocp_os_password }}
-{% if ocp_os_tenant_id %}
-tenant-id = {{ ocp_os_tenant_id }}
-{% else %}
-tenant-name = {{ ocp_os_tenant_name }}
-{% endif %}
-{% if ocp_os_region %}
-region = {{ ocp_os_region }}
-{% endif %}
-{% if ocp_os_lb_subnet_id is defined %}
-+
-+[LoadBalancer]
-+subnet-id = {{ ocp_os_lb_subnet_id }}
-+{% endif %} \ No newline at end of file
diff --git a/roles/openshift_cloud_provider/vars/main.yml b/roles/openshift_cloud_provider/vars/main.yml
new file mode 100644
index 000000000..c608e9b54
--- /dev/null
+++ b/roles/openshift_cloud_provider/vars/main.yml
@@ -0,0 +1,4 @@
+---
+has_cloudprovider: "{{ 'cloudprovider' in openshift and 'kind' in openshift.cloudprovider and openshift.cloudprovider.kind != None }}"
+cloudprovider_is_aws: "{{ has_cloudprovider | bool and openshift.cloudprovider.kind == 'aws' }}"
+cloudprovider_is_openstack: "{{ has_cloudprovider | bool and openshift.cloudprovider.kind == 'openstack' }}"
diff --git a/roles/openshift_common/meta/main.yml b/roles/openshift_common/meta/main.yml
index d879db0aa..02150406d 100644
--- a/roles/openshift_common/meta/main.yml
+++ b/roles/openshift_common/meta/main.yml
@@ -12,7 +12,6 @@ galaxy_info:
categories:
- cloud
dependencies:
-- { role: os_firewall }
-- { role: openshift_facts }
-- { role: openshift_repos }
-- { role: openshift_cloud_provider }
+- role: os_firewall
+- role: openshift_facts
+- role: openshift_repos
diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py
index ea7406e5b..02e5f161a 100755
--- a/roles/openshift_facts/library/openshift_facts.py
+++ b/roles/openshift_facts/library/openshift_facts.py
@@ -332,14 +332,10 @@ def normalize_provider_facts(provider, metadata):
facts = dict(name=provider, metadata=metadata,
network=dict(interfaces=[], ipv6_enabled=False))
- if os.path.exists('/etc/cloud.conf'):
- for arg in ('api_server_args', 'controller_args', 'kubelet_args'):
- facts[arg] = {'cloud-provider': [provider],
- 'cloud-config': ['/etc/cloud.conf']}
if provider == 'gce':
facts = normalize_gce_facts(metadata, facts)
- elif provider == 'ec2':
+ elif provider == 'aws':
facts = normalize_aws_facts(metadata, facts)
elif provider == 'openstack':
facts = normalize_openstack_facts(metadata, facts)
@@ -918,6 +914,57 @@ def get_current_config(facts):
return current_config
+def build_kubelet_args(facts):
+ """ Build node kubelet_args """
+ cloud_cfg_path = os.path.join(facts['common']['config_base'],
+ 'cloudprovider')
+ if 'node' in facts:
+ kubelet_args = {}
+ if 'cloudprovider' in facts:
+ if facts['cloudprovider']['kind'] == 'aws':
+ kubelet_args['cloud-provider'] = ['aws']
+ kubelet_args['cloud-config'] = [cloud_cfg_path + '/aws.conf']
+ if facts['cloudprovider']['kind'] == 'openstack':
+ kubelet_args['cloud-provider'] = ['openstack']
+ kubelet_args['cloud-config'] = [cloud_cfg_path + '/openstack.conf']
+ if kubelet_args != {}:
+ facts = merge_facts({'node': {'kubelet_args': kubelet_args}}, facts, [], [])
+ return facts
+
+def build_controller_args(facts):
+ """ Build master controller_args """
+ cloud_cfg_path = os.path.join(facts['common']['config_base'],
+ 'cloudprovider')
+ if 'master' in facts:
+ controller_args = {}
+ if 'cloudprovider' in facts:
+ if facts['cloudprovider']['kind'] == 'aws':
+ controller_args['cloud-provider'] = ['aws']
+ controller_args['cloud-config'] = [cloud_cfg_path + '/aws.conf']
+ if facts['cloudprovider']['kind'] == 'openstack':
+ controller_args['cloud-provider'] = ['openstack']
+ controller_args['cloud-config'] = [cloud_cfg_path + '/openstack.conf']
+ if controller_args != {}:
+ facts = merge_facts({'master': {'controller_args': controller_args}}, facts, [], [])
+ return facts
+
+def build_api_server_args(facts):
+ """ Build master api_server_args """
+ cloud_cfg_path = os.path.join(facts['common']['config_base'],
+ 'cloudprovider')
+ if 'master' in facts:
+ api_server_args = {}
+ if 'cloudprovider' in facts:
+ if facts['cloudprovider']['kind'] == 'aws':
+ api_server_args['cloud-provider'] = ['aws']
+ api_server_args['cloud-config'] = [cloud_cfg_path + '/aws.conf']
+ if facts['cloudprovider']['kind'] == 'openstack':
+ api_server_args['cloud-provider'] = ['openstack']
+ api_server_args['cloud-config'] = [cloud_cfg_path + '/openstack.conf']
+ if api_server_args != {}:
+ facts = merge_facts({'master': {'api_server_args': api_server_args}}, facts, [], [])
+ return facts
+
def get_openshift_version(facts, cli_image=None):
""" Get current version of openshift on the host
@@ -1084,31 +1131,6 @@ def merge_facts(orig, new, additive_facts_to_overwrite, protected_facts_to_overw
facts[key] = copy.deepcopy(new[key])
return facts
-
-def merge_provider_facts(facts):
- """ Recursively merge provider facts dicts
-
- Args:
- facts (dict): existing facts
- Returns:
- dict: the facts dict updated with the provider config
- """
- if 'provider' not in facts:
- return facts
- if 'master' in facts:
- for arg in ('api_server_args', 'controller_args'):
- facts['master'][arg] = merge_facts(
- facts['provider'].get(arg, {}),
- facts['master'].get(arg, {}),
- [], [])
- if 'node' in facts:
- facts['node']['kubelet_args'] = merge_facts(
- facts['provider'].get('kubelet_args', {}),
- facts['node'].get('kubelet_args', {}),
- [], [])
- return facts
-
-
def save_local_facts(filename, facts):
""" Save local facts
@@ -1302,13 +1324,20 @@ class OpenShiftFacts(object):
Raises:
OpenShiftFactsUnsupportedRoleError:
"""
- known_roles = ['common', 'master', 'node', 'etcd', 'hosted', 'docker']
+ known_roles = ['cloudprovider',
+ 'common',
+ 'docker',
+ 'etcd',
+ 'hosted',
+ 'master',
+ 'node']
# Disabling too-many-arguments, this should be cleaned up as a TODO item.
# pylint: disable=too-many-arguments
def __init__(self, role, filename, local_facts,
additive_facts_to_overwrite=None,
openshift_env=None,
+ openshift_env_structures=None,
protected_facts_to_overwrite=None):
self.changed = False
self.filename = filename
@@ -1321,12 +1350,14 @@ class OpenShiftFacts(object):
self.facts = self.generate_facts(local_facts,
additive_facts_to_overwrite,
openshift_env,
+ openshift_env_structures,
protected_facts_to_overwrite)
def generate_facts(self,
local_facts,
additive_facts_to_overwrite,
openshift_env,
+ openshift_env_structures,
protected_facts_to_overwrite):
""" Generate facts
@@ -1343,6 +1374,7 @@ class OpenShiftFacts(object):
local_facts = self.init_local_facts(local_facts,
additive_facts_to_overwrite,
openshift_env,
+ openshift_env_structures,
protected_facts_to_overwrite)
roles = local_facts.keys()
@@ -1359,7 +1391,6 @@ class OpenShiftFacts(object):
local_facts,
additive_facts_to_overwrite,
protected_facts_to_overwrite)
- facts = merge_provider_facts(facts)
facts['current_config'] = get_current_config(facts)
facts = set_url_facts_if_unset(facts)
facts = set_project_cfg_facts_if_unset(facts)
@@ -1372,6 +1403,9 @@ class OpenShiftFacts(object):
facts = set_sdn_facts_if_unset(facts, self.system_facts)
facts = set_deployment_facts_if_unset(facts)
facts = set_container_facts_if_unset(facts)
+ facts = build_kubelet_args(facts)
+ facts = build_controller_args(facts)
+ facts = build_api_server_args(facts)
facts = set_version_facts_if_unset(facts)
facts = set_manageiq_facts_if_unset(facts)
facts = set_aggregate_facts(facts)
@@ -1434,6 +1468,9 @@ class OpenShiftFacts(object):
if 'docker' in roles:
defaults['docker'] = dict(disable_push_dockerhub=False)
+ if 'cloudprovider' in roles:
+ defaults['cloudprovider'] = dict(kind=None)
+
defaults['hosted'] = dict(
registry=dict(
storage=dict(
@@ -1452,7 +1489,6 @@ class OpenShiftFacts(object):
)
)
-
return defaults
def guess_host_provider(self):
@@ -1488,7 +1524,7 @@ class OpenShiftFacts(object):
metadata['instance'].pop('serviceAccounts', None)
elif (virt_type == 'xen' and virt_role == 'guest'
and re.match(r'.*\.amazon$', product_version)):
- provider = 'ec2'
+ provider = 'aws'
metadata_url = 'http://169.254.169.254/latest/meta-data/'
metadata = get_provider_metadata(metadata_url)
elif re.search(r'OpenStack', product_name):
@@ -1530,11 +1566,53 @@ class OpenShiftFacts(object):
)
return provider_facts
- # Disabling too-many-branches. This should be cleaned up as a TODO item.
- #pylint: disable=too-many-branches
+ @staticmethod
+ def split_openshift_env_fact_keys(openshift_env_fact, openshift_env_structures):
+ """ Split openshift_env facts based on openshift_env structures.
+
+ Args:
+ openshift_env_fact (string): the openshift_env fact to split
+ ex: 'openshift_cloudprovider_openstack_auth_url'
+ openshift_env_structures (list): a list of structures to determine fact keys
+ ex: ['openshift.cloudprovider.openstack.*']
+ Returns:
+ list: a list of keys that represent the fact
+ ex: ['openshift', 'cloudprovider', 'openstack', 'auth_url']
+ """
+ # By default, we'll split an openshift_env fact by underscores.
+ fact_keys = openshift_env_fact.split('_')
+
+ # Determine if any of the provided variable structures match the fact.
+ matching_structure = None
+ if openshift_env_structures != None:
+ for structure in openshift_env_structures:
+ if re.match(structure, openshift_env_fact):
+ matching_structure = structure
+ # Fact didn't match any variable structures so return the default fact keys.
+ if matching_structure is None:
+ return fact_keys
+
+ final_keys = []
+ structure_keys = matching_structure.split('.')
+ for structure_key in structure_keys:
+ # Matched current key. Add to final keys.
+ if structure_key == fact_keys[structure_keys.index(structure_key)]:
+ final_keys.append(structure_key)
+ # Wildcard means we will be taking everything from here to the end of the fact.
+ elif structure_key == '*':
+ final_keys.append('_'.join(fact_keys[structure_keys.index(structure_key):]))
+ # Shouldn't have gotten here, return the fact keys.
+ else:
+ return fact_keys
+ return final_keys
+
+ # Disabling too-many-branches and too-many-locals.
+ # This should be cleaned up as a TODO item.
+ #pylint: disable=too-many-branches, too-many-locals
def init_local_facts(self, facts=None,
additive_facts_to_overwrite=None,
openshift_env=None,
+ openshift_env_structures=None,
protected_facts_to_overwrite=None):
""" Initialize the local facts
@@ -1562,8 +1640,8 @@ class OpenShiftFacts(object):
for fact, value in openshift_env.iteritems():
oo_env_facts = dict()
current_level = oo_env_facts
- keys = fact.split('_')[1:]
- if keys[0] != self.role:
+ keys = self.split_openshift_env_fact_keys(fact, openshift_env_structures)[1:]
+ if len(keys) > 0 and keys[0] != self.role:
continue
for key in keys:
if key == keys[-1]:
@@ -1691,6 +1769,7 @@ def main():
local_facts=dict(default=None, type='dict', required=False),
additive_facts_to_overwrite=dict(default=[], type='list', required=False),
openshift_env=dict(default={}, type='dict', required=False),
+ openshift_env_structures=dict(default=[], type='list', required=False),
protected_facts_to_overwrite=dict(default=[], type='list', required=False),
),
supports_check_mode=True,
@@ -1701,6 +1780,7 @@ def main():
local_facts = module.params['local_facts']
additive_facts_to_overwrite = module.params['additive_facts_to_overwrite']
openshift_env = module.params['openshift_env']
+ openshift_env_structures = module.params['openshift_env_structures']
protected_facts_to_overwrite = module.params['protected_facts_to_overwrite']
fact_file = '/etc/ansible/facts.d/openshift.fact'
@@ -1710,6 +1790,7 @@ def main():
local_facts,
additive_facts_to_overwrite,
openshift_env,
+ openshift_env_structures,
protected_facts_to_overwrite)
file_params = module.params.copy()
diff --git a/roles/openshift_master/meta/main.yml b/roles/openshift_master/meta/main.yml
index 4eda4a8e2..df96dd901 100644
--- a/roles/openshift_master/meta/main.yml
+++ b/roles/openshift_master/meta/main.yml
@@ -13,3 +13,4 @@ galaxy_info:
- cloud
dependencies:
- role: openshift_cli
+- role: openshift_cloud_provider
diff --git a/roles/openshift_master/templates/atomic-openshift-master.j2 b/roles/openshift_master/templates/atomic-openshift-master.j2
index c848e0ac2..7f1576682 100644
--- a/roles/openshift_master/templates/atomic-openshift-master.j2
+++ b/roles/openshift_master/templates/atomic-openshift-master.j2
@@ -4,6 +4,11 @@ CONFIG_FILE={{ openshift_master_config_file }}
IMAGE_VERSION={{ openshift_version }}
{% endif %}
+{% if 'cloudprovider' in openshift and 'aws' in openshift.cloudprovider and openshift.cloudprovider.kind == 'aws' and 'access_key' in openshift.cloudprovider.aws and 'secret_key' in openshift.cloudprovider.aws %}
+AWS_ACCESS_KEY_ID={{ openshift.cloudprovider.aws.access_key }}
+AWS_SECRET_ACCESS_KEY={{ openshift.cloudprovider.aws.secret_key }}
+{% endif %}
+
# Proxy configuration
# Origin uses standard HTTP_PROXY environment variables. Be sure to set
# NO_PROXY for your master
diff --git a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2
index 8e2d927aa..fa2323a2c 100644
--- a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2
+++ b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2
@@ -4,6 +4,11 @@ CONFIG_FILE={{ openshift_master_config_file }}
IMAGE_VERSION={{ openshift_version }}
{% endif %}
+{% if 'cloudprovider' in openshift and 'aws' in openshift.cloudprovider and openshift.cloudprovider.kind == 'aws' and 'access_key' in openshift.cloudprovider.aws and 'secret_key' in openshift.cloudprovider.aws %}
+AWS_ACCESS_KEY_ID={{ openshift.cloudprovider.aws.access_key }}
+AWS_SECRET_ACCESS_KEY={{ openshift.cloudprovider.aws.secret_key }}
+{% endif %}
+
# Proxy configuration
# Origin uses standard HTTP_PROXY environment variables. Be sure to set
# NO_PROXY for your master
diff --git a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2 b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2
index 5c6cb2dcb..632dfbb8a 100644
--- a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2
+++ b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2
@@ -4,6 +4,11 @@ CONFIG_FILE={{ openshift_master_config_file }}
IMAGE_VERSION={{ openshift_version }}
{% endif %}
+{% if 'cloudprovider' in openshift and 'aws' in openshift.cloudprovider and openshift.cloudprovider.kind == 'aws' and 'access_key' in openshift.cloudprovider.aws and 'secret_key' in openshift.cloudprovider.aws %}
+AWS_ACCESS_KEY_ID={{ openshift.cloudprovider.aws.access_key }}
+AWS_SECRET_ACCESS_KEY={{ openshift.cloudprovider.aws.secret_key }}
+{% endif %}
+
# Proxy configuration
# Origin uses standard HTTP_PROXY environment variables. Be sure to set
# NO_PROXY for your master
diff --git a/roles/openshift_node/meta/main.yml b/roles/openshift_node/meta/main.yml
index 702012489..62a8480c8 100644
--- a/roles/openshift_node/meta/main.yml
+++ b/roles/openshift_node/meta/main.yml
@@ -14,3 +14,4 @@ galaxy_info:
dependencies:
- role: openshift_common
- role: openshift_docker
+- role: openshift_cloud_provider
diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml
index 993c8c0cd..80b3e710d 100644
--- a/roles/openshift_node/tasks/main.yml
+++ b/roles/openshift_node/tasks/main.yml
@@ -81,6 +81,21 @@
notify:
- restart node
+- name: Configure AWS Cloud Provider Settings
+ lineinfile:
+ dest: /etc/sysconfig/{{ openshift.common.service_type }}-node
+ regexp: "{{ item.regex }}"
+ line: "{{ item.line }}"
+ create: true
+ with_items:
+ - regex: '^AWS_ACCESS_KEY_ID='
+ line: "AWS_ACCESS_KEY_ID={{ openshift.cloudprovider.aws.access_key }}"
+ - regex: '^AWS_SECRET_ACCESS_KEY='
+ line: "AWS_SECRET_ACCESS_KEY={{ openshift.cloudprovider.aws.secret_key }}"
+ when: "'cloudprovider' in openshift and 'aws' in openshift.cloudprovider and openshift.cloudprovider.kind == 'aws' and 'access_key' in openshift.cloudprovider.aws and 'secret_key' in openshift.cloudprovider.aws"
+ notify:
+ - restart node
+
- name: Additional storage plugin configuration
include: storage_plugins/main.yml