Adding router and registry to lib_openshift.

2 files changed, 388 insertions, 0 deletions

diff --git a/roles/lib_openshift/src/doc/registry b/roles/lib_openshift/src/doc/registry
new file mode 100644
index 000000000..953e8d90d
--- /dev/null
+++ b/roles/lib_openshift/src/doc/registry
@@ -0,0 +1,190 @@
+# flake8: noqa
+# pylint: skip-file
+
+DOCUMENTATION = '''
+---
+module: oadm_manage_node
+short_description: Module to manage openshift nodes
+description:
+  - Manage openshift nodes programmatically.
+options:
+  kubeconfig:
+    description:
+    - The path for the kubeconfig file to use for authentication
+    required: false
+    default: /etc/origin/master/admin.kubeconfig
+    aliases: []
+  debug:
+    description:
+    - Turn on debug output.
+    required: false
+    default: False
+    aliases: []
+  name:
+    description:
+    - The name of the registry
+    required: false
+    default: None
+    aliases: []
+  namespace:
+    description:
+    - The selector when filtering on node labels
+    required: false
+    default: None
+    aliases: []
+  credentials:
+    description:
+    - Path to a .kubeconfig file that will contain the credentials the registry should use to contact the master.
+    required: false
+    default: None
+    aliases: []
+  images:
+    description:
+    - The image to base this registry on - ${component} will be replaced with --type
+    required: 'openshift3/ose-${component}:${version}'
+    default: None
+    aliases: []
+  latest_images:
+    description:
+    - If true, attempt to use the latest image for the registry instead of the latest release.
+    required: false
+    default: False
+    aliases: []
+  labels:
+    description:
+    - A set of labels to uniquely identify the registry and its components.
+    required: false
+    default: None
+    aliases: []
+  enforce_quota:
+    description:
+    - If set, the registry will refuse to write blobs if they exceed quota limits
+    required: False
+    default: False
+    aliases: []
+  mount_host:
+    description:
+    - If set, the registry volume will be created as a host-mount at this path.
+    required: False
+    default: False
+    aliases: []
+  ports:
+    description:
+    - A comma delimited list of ports or port pairs to expose on the registry pod.  The default is set for 5000.
+    required: False
+    default: [5000]
+    aliases: []
+  replicas:
+    description:
+    - The replication factor of the registry; commonly 2 when high availability is desired.
+    required: False
+    default: 1
+    aliases: []
+  selector:
+    description:
+    - Selector used to filter nodes on deployment. Used to run registries on a specific set of nodes.
+    required: False
+    default: None
+    aliases: []
+  service_account:
+    description:
+    - Name of the service account to use to run the registry pod.
+    required: False
+    default: 'registry'
+    aliases: []
+  tls_certificate:
+    description:
+    - An optional path to a PEM encoded certificate (which may contain the private key) for serving over TLS
+    required: false
+    default: None
+    aliases: []
+  tls_key:
+    description:
+    - An optional path to a PEM encoded private key for serving over TLS
+    required: false
+    default: None
+    aliases: []
+  registry_type:
+    description:
+    - The registry image to use - if you specify --images this flag may be ignored.
+    required: false
+    default: 'docker-registry'
+    aliases: []
+  volume:
+    description:
+    - The volume path to use for registry storage; defaults to /registry which is the default for origin-docker-registry.
+    required: false
+    default: '/registry'
+    aliases: []
+  volume_mounts:
+    description:
+    - The volume mounts for the registry.
+    required: false
+    default: None
+    aliases: []
+  daemonset:
+    description:
+    - Use a daemonset instead of a deployment config.
+    required: false
+    default: None
+    aliases: []
+  edits:
+    description:
+    - A list of modifications to make on the deploymentconfig
+    required: false
+    default: None
+    aliases: []
+author:
+- "Kenny Woodson <kwoodson@redhat.com>"
+extends_documentation_fragment: []
+'''
+
+EXAMPLES = '''
+- name: create a secure registry
+  oadm_registry:
+    credentials: /etc/origin/master/openshift-registry.kubeconfig
+    name: docker-registry
+    service_account: registry
+    replicas: 2
+    namespace: default
+    selector: type=infra
+    images: "registry.ops.openshift.com/openshift3/ose-${component}:${version}"
+    env_vars:
+      REGISTRY_CONFIGURATION_PATH: /etc/registryconfig/config.yml
+      REGISTRY_HTTP_TLS_CERTIFICATE: /etc/secrets/registry.crt
+      REGISTRY_HTTP_TLS_KEY: /etc/secrets/registry.key
+      REGISTRY_HTTP_SECRET: supersecret
+    volume_mounts:
+    - path: /etc/secrets
+      name: dockercerts
+      type: secret
+      secret_name: registry-secret
+    - path: /etc/registryconfig
+      name: dockersecrets
+      type: secret
+      secret_name: docker-registry-config
+    edits:
+    - key: spec.template.spec.containers[0].livenessProbe.httpGet.scheme
+      value: HTTPS
+      action: put
+    - key: spec.template.spec.containers[0].readinessProbe.httpGet.scheme
+      value: HTTPS
+      action: put
+    - key: spec.strategy.rollingParams
+      value:
+        intervalSeconds: 1
+        maxSurge: 50%
+        maxUnavailable: 50%
+        timeoutSeconds: 600
+        updatePeriodSeconds: 1
+      action: put
+    - key: spec.template.spec.containers[0].resources.limits.memory
+      value: 2G
+      action: update
+    - key: spec.template.spec.containers[0].resources.requests.memory
+      value: 1G
+      action: update
+
+  register: registryout
+
+'''
diff --git a/roles/lib_openshift/src/doc/router b/roles/lib_openshift/src/doc/router
new file mode 100644
index 000000000..7ba40d253
--- /dev/null
+++ b/roles/lib_openshift/src/doc/router
@@ -0,0 +1,198 @@
+# flake8: noqa
+# pylint: skip-file
+
+DOCUMENTATION = '''
+---
+module: oadm_router
+short_description: Module to manage openshift router
+description:
+  - Manage openshift router programmatically.
+options:
+  state:
+    description:
+    - Whether to create or delete the router
+    - present - create the router
+    - absent - remove the router
+    required: false
+    default: present
+    choices:
+    - present
+    - absent
+    aliases: []
+  kubeconfig:
+    description:
+    - The path for the kubeconfig file to use for authentication
+    required: false
+    default: /etc/origin/master/admin.kubeconfig
+    aliases: []
+  debug:
+    description:
+    - Turn on debug output.
+    required: false
+    default: False
+    aliases: []
+  name:
+    description:
+    - The name of the router
+    required: false
+    default: router
+    aliases: []
+  namespace:
+    description:
+    - The namespace where to manage the router.
+    required: false
+    default: default
+    aliases: []
+  credentials:
+    description:
+    - Path to a .kubeconfig file that will contain the credentials the registry should use to contact the master.
+    required: false
+    default: None
+    aliases: []
+  images:
+    description:
+    - The image to base this router on - ${component} will be replaced with --type
+    required: 'openshift3/ose-${component}:${version}'
+    default: None
+    aliases: []
+  latest_images:
+    description:
+    - If true, attempt to use the latest image for the registry instead of the latest release.
+    required: false
+    default: False
+    aliases: []
+  labels:
+    description:
+    - A set of labels to uniquely identify the registry and its components.
+    required: false
+    default: None
+    aliases: []
+  ports:
+    description:
+    - A list of strings in the 'port:port' format
+    required: False
+    default:
+    - 80:80
+    - 443:443
+    aliases: []
+  replicas:
+    description:
+    - The replication factor of the registry; commonly 2 when high availability is desired.
+    required: False
+    default: 1
+    aliases: []
+  selector:
+    description:
+    - Selector used to filter nodes on deployment. Used to run routers on a specific set of nodes.
+    required: False
+    default: None
+    aliases: []
+  service_account:
+    description:
+    - Name of the service account to use to run the router pod.
+    required: False
+    default: router
+    aliases: []
+  router_type:
+    description:
+    - The router image to use - if you specify --images this flag may be ignored.
+    required: false
+    default: haproxy-router
+    aliases: []
+  external_host:
+    description:
+    - If the underlying router implementation connects with an external host, this is the external host's hostname.
+    required: false
+    default: None
+    aliases: []
+  external_host_vserver:
+    description:
+    - If the underlying router implementation uses virtual servers, this is the name of the virtual server for HTTP connections.
+    required: false
+    default: None
+    aliases: []
+  external_host_insecure:
+    description:
+    - If the underlying router implementation connects with an external host
+    - over a secure connection, this causes the router to skip strict certificate verification with the external host.
+    required: false
+    default: False
+    aliases: []
+  external_host_partition_path:
+    description:
+    - If the underlying router implementation uses partitions for control boundaries, this is the path to use for that partition.
+    required: false
+    default: None
+    aliases: []
+  external_host_username:
+    description:
+    - If the underlying router implementation connects with an external host, this is the username for authenticating with the external host.
+    required: false
+    default: None
+    aliases: []
+  external_host_password:
+    description:
+    - If the underlying router implementation connects with an external host, this is the password for authenticating with the external host.
+    required: false
+    default: None
+    aliases: []
+  external_host_private_key:
+    description:
+    - If the underlying router implementation requires an SSH private key, this is the path to the private key file.
+    required: false
+    default: None
+    aliases: []
+  expose_metrics:
+    description:
+    - This is a hint to run an extra container in the pod to expose metrics - the image
+    - will either be set depending on the router implementation or provided with --metrics-image.
+    required: false
+    default: False
+    aliases: []
+  metrics_image:
+    description:
+    - If expose_metrics is specified this is the image to use to run a sidecar container
+    - in the pod exposing metrics. If not set and --expose-metrics is true the image will
+    - depend on router implementation.
+    required: false
+    default: None
+    aliases: []
+author:
+- "Kenny Woodson <kwoodson@redhat.com>"
+extends_documentation_fragment: []
+'''
+
+EXAMPLES = '''
+- name: create routers
+  oadm_router:
+    name: router
+    service_account: router
+    replicas: 2
+    namespace: default
+    selector: type=infra
+    cert_file: /etc/origin/master/named_certificates/router.crt
+    key_file: /etc/origin/master/named_certificates/router.key
+    cacert_file: /etc/origin/master/named_certificates/router.ca
+    edits:
+    - key: spec.strategy.rollingParams
+      value:
+        intervalSeconds: 1
+        maxSurge: 50%
+        maxUnavailable: 50%
+        timeoutSeconds: 600
+        updatePeriodSeconds: 1
+      action: put
+    - key: spec.template.spec.containers[0].resources.limits.memory
+      value: 2G
+      action: update
+    - key: spec.template.spec.containers[0].resources.requests.memory
+      value: 1G
+      action: update
+    - key: spec.template.spec.containers[0].env
+      value:
+        name: EXTENDED_VALIDATION
+        value: 'false'
+      action: update
+  register: router_out
+  run_once: True
+'''