summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--playbooks/aws/README.md36
-rw-r--r--playbooks/aws/openshift-cluster/build_ami.yml8
-rw-r--r--playbooks/aws/openshift-cluster/build_node_group.yml31
-rw-r--r--playbooks/aws/openshift-cluster/provision.yml49
-rw-r--r--playbooks/aws/openshift-cluster/provision_nodes.yml19
-rw-r--r--playbooks/aws/openshift-cluster/vars.yml11
6 files changed, 112 insertions, 42 deletions
diff --git a/playbooks/aws/README.md b/playbooks/aws/README.md
index 0fb29ca06..4b0f444ba 100644
--- a/playbooks/aws/README.md
+++ b/playbooks/aws/README.md
@@ -49,13 +49,18 @@ provision:
region: "{{ region }}"
build:
+ ami_name: "openshift-gi-"
base_image: ami-bdd5d6ab # base image for AMI to build from
+
# when creating an encrypted AMI please specify use_encryption
use_encryption: False
# for s3 registry backend
openshift_registry_s3: True
+ # whether to use custome ami for each node type
+ use_custom_ami: False
+
# if using custom certificates these are required for the ELB
iam_cert_ca:
name: test_openshift
@@ -116,6 +121,37 @@ Repeat the following setup for the infra and compute node groups. This most lik
#### Step 1
+Once the vars.yml file has been updated with the correct settings for the desired AWS account then we are ready to build an AMI.
+
+```
+$ ansible-playbook build_ami.yml
+```
+
+1. This script will build a VPC. Default name will be clusterid if not specified.
+2. Create an ssh key required for the instance.
+3. Create a security group.
+4. Create an instance.
+5. Run some setup roles to ensure packages and services are correctly configured.
+6. Create the AMI.
+7. If encryption is desired
+ - A KMS key is created with the name of $clusterid
+ - An encrypted AMI will be produced with $clusterid KMS key
+8. Terminate the instance used to configure the AMI.
+
+#### Step 2
+
+Now that we have created an AMI for our Openshift installation, that AMI id needs to be placed in the `vars.yml` file. To do so update the following fields (The AMI can be captured from the output of the previous step or found in the ec2 console under AMIs):
+
+```
+ # when creating an encrypted AMI please specify use_encryption
+ use_encryption: False # defaults to false
+```
+
+**Note**: If using encryption, specify with `use_encryption: True`. This will ensure to take the recently created AMI and encrypt it to be used later. If encryption is not desired then set the value to false. The AMI id will be fetched and used according to its most recent creation date.
+
+#### Step 3
+
+>>>>>>> Fixing variables and allowing custom ami.
Create an openshift-ansible inventory file to use for a byo installation. The exception here is that there will be no hosts specified by the inventory file. Here is an example:
```ini
diff --git a/playbooks/aws/openshift-cluster/build_ami.yml b/playbooks/aws/openshift-cluster/build_ami.yml
index d27874200..998cf4340 100644
--- a/playbooks/aws/openshift-cluster/build_ami.yml
+++ b/playbooks/aws/openshift-cluster/build_ami.yml
@@ -24,6 +24,14 @@
r_openshift_aws_ssh_keys_users: "{{ provision.instance_users }}"
r_openshift_aws_ssh_keys_region: "{{ provision.region }}"
+ - name: Create compute sgs
+ include_role:
+ name: openshift_aws_sg
+ vars:
+ r_openshift_aws_sg_clusterid: "{{ provision.clusterid }}"
+ r_openshift_aws_sg_region: "{{ provision.region }}"
+ r_openshift_aws_sg_type: compute
+
- name: fetch the default subnet id
ec2_vpc_subnet_facts:
region: "{{ provision.region }}"
diff --git a/playbooks/aws/openshift-cluster/build_node_group.yml b/playbooks/aws/openshift-cluster/build_node_group.yml
index 3ef492238..5b0330e46 100644
--- a/playbooks/aws/openshift-cluster/build_node_group.yml
+++ b/playbooks/aws/openshift-cluster/build_node_group.yml
@@ -1,47 +1,48 @@
---
- name: fetch recently created AMI
ec2_ami_find:
- region: "{{ provision.region }}"
+ region: "{{ openshift_region }}"
sort: creationDate
sort_order: descending
- name: "{{ provision.build.ami_name }}*"
- ami_tags: "{{ provision.build.openshift_ami_tags }}"
+ name: "{{ openshift_ami_name }}*"
+ ami_tags: "{{ openshift_ami_tags }}"
#no_result_action: fail
register: amiout
+ when: not openshift_use_custom_ami
- block:
- name: "Create {{ openshift_build_node_type }} sgs"
include_role:
name: openshift_aws_sg
vars:
- r_openshift_aws_sg_clusterid: "{{ provision.clusterid }}"
- r_openshift_aws_sg_region: "{{ provision.region }}"
+ r_openshift_aws_sg_clusterid: "{{ openshift_clusterid }}"
+ r_openshift_aws_sg_region: "{{ openshift_region }}"
r_openshift_aws_sg_type: "{{ openshift_build_node_type }}"
- name: "generate a launch config name for {{ openshift_build_node_type }}"
set_fact:
- launch_config_name: "{{ provision.clusterid }}-{{ openshift_build_node_type }}-{{ ansible_date_time.epoch }}"
+ launch_config_name: "{{ openshift_clusterid }}-{{ openshift_build_node_type }}-{{ ansible_date_time.epoch }}"
- name: create "{{ openshift_build_node_type }} launch config"
include_role:
name: openshift_aws_launch_config
vars:
r_openshift_aws_launch_config_name: "{{ launch_config_name }}"
- r_openshift_aws_launch_config_clusterid: "{{ provision.clusterid }}"
- r_openshift_aws_launch_config_region: "{{ provision.region }}"
- r_openshift_aws_launch_config: "{{ provision.node_group_config }}"
+ r_openshift_aws_launch_config_clusterid: "{{ openshift_clusterid }}"
+ r_openshift_aws_launch_config_region: "{{ openshift_region }}"
+ r_openshift_aws_launch_config: "{{ openshift_node_group_config }}"
r_openshift_aws_launch_config_type: "{{ openshift_build_node_type }}"
- r_openshift_aws_launch_config_custom_image: "{{ '' if 'results' not in amiout else amiout.results[0].ami_id }}"
+ r_openshift_aws_launch_config_custom_image: "{{ '' if 'results' not in amiout and amiout.results|length > 0 else amiout.results[0].ami_id }}"
r_openshift_aws_launch_config_bootstrap_token: "{{ (local_bootstrap['content'] |b64decode) if local_bootstrap is defined else '' }}"
- name: "create {{ openshift_build_node_type }} node groups"
include_role:
name: openshift_aws_node_group
vars:
- r_openshift_aws_node_group_name: "{{ provision.clusterid }} openshift {{ openshift_build_node_type }}"
+ r_openshift_aws_node_group_name: "{{ openshift_clusterid }} openshift {{ openshift_build_node_type }}"
r_openshift_aws_node_group_lc_name: "{{ launch_config_name }}"
- r_openshift_aws_node_group_clusterid: "{{ provision.clusterid }}"
- r_openshift_aws_node_group_region: "{{ provision.region }}"
- r_openshift_aws_node_group_config: "{{ provision.node_group_config }}"
+ r_openshift_aws_node_group_clusterid: "{{ openshift_clusterid }}"
+ r_openshift_aws_node_group_region: "{{ openshift_region }}"
+ r_openshift_aws_node_group_config: "{{ openshift_node_group_config }}"
r_openshift_aws_node_group_type: "{{ openshift_build_node_type }}"
- r_openshift_aws_node_group_subnet_name: "{{ provision.vpc.subnets[provision.region][0].az }}"
+ r_openshift_aws_node_group_subnet_name: "{{ openshift_subnet_name }}"
diff --git a/playbooks/aws/openshift-cluster/provision.yml b/playbooks/aws/openshift-cluster/provision.yml
index dfbf61cc7..88ab0ecb1 100644
--- a/playbooks/aws/openshift-cluster/provision.yml
+++ b/playbooks/aws/openshift-cluster/provision.yml
@@ -16,6 +16,27 @@
r_openshift_aws_vpc_tags: "{{ provision.vpc.tags }}"
r_openshift_aws_vpc_name: "{{ provision.vpc.name | default(provision.clusterid) }}"
+ - name: bring iam_cert23 into scope
+ include_role:
+ name: lib_utils
+
+ - name: upload certificates to AWS IAM
+ iam_cert23:
+ state: present
+ name: "{{ provision.clusterid }}-master-external"
+ cert: "{{ provision.iam_cert_ca.cert_path }}"
+ key: "{{ provision.iam_cert_ca.key_path }}"
+ cert_chain: "{{ provision.iam_cert_ca.chain_path | default(omit) }}"
+ register: elb_cert_chain
+ failed_when:
+ - "'failed' in elb_cert_chain"
+ - elb_cert_chain.failed
+ - "'msg' in elb_cert_chain"
+ - "'already exists' not in elb_cert_chain.msg"
+ when: provision.iam_cert_ca is defined
+
+ - debug: var=elb_cert_chain
+
- name: create aws ssh keypair
include_role:
name: openshift_aws_ssh_keys
@@ -36,6 +57,13 @@
include: build_node_group.yml
vars:
openshift_build_node_type: master
+ openshift_clusterid: "{{ provision.clusterid }}"
+ openshift_region: "{{ provision.region }}"
+ openshift_use_custom_ami: "{{ provision.use_custom_ami }}"
+ openshift_ami_name: "{{ provision.build.ami_name }}"
+ openshift_ami_tags: "{{ provision.build.ami_tags }}"
+ openshift_node_group_config: "{{ provision.node_group_config }}"
+ openshift_subnet_name: "{{ provision.vpc.subnets[provision.region][0].az }}"
- name: fetch new master instances
ec2_remote_facts:
@@ -49,27 +77,6 @@
delay: 3
until: instancesout.instances|length > 0
- - name: bring iam_cert23 into scope
- include_role:
- name: lib_utils
-
- - name: upload certificates to AWS IAM
- iam_cert23:
- state: present
- name: "{{ provision.clusterid }}-master-external"
- cert: "{{ provision.iam_cert_ca.cert_path }}"
- key: "{{ provision.iam_cert_ca.key_path }}"
- cert_chain: "{{ provision.iam_cert_ca.chain_path | default(omit) }}"
- register: elb_cert_chain
- failed_when:
- - "'failed' in elb_cert_chain"
- - elb_cert_chain.failed
- - "'msg' in elb_cert_chain"
- - "'already exists' not in elb_cert_chain.msg"
- when: provision.iam_cert_ca is defined
-
- - debug: var=elb_cert_chain
-
- name: create our master external and internal load balancers
include_role:
name: openshift_aws_elb
diff --git a/playbooks/aws/openshift-cluster/provision_nodes.yml b/playbooks/aws/openshift-cluster/provision_nodes.yml
index 5428fb307..87629e354 100644
--- a/playbooks/aws/openshift-cluster/provision_nodes.yml
+++ b/playbooks/aws/openshift-cluster/provision_nodes.yml
@@ -36,12 +36,27 @@
infra: "infra-{{ ansible_date_time.epoch }}"
compute: "compute-{{ ansible_date_time.epoch }}"
- - name: include build node group
+ - name: include build node group for infra
include: build_node_group.yml
vars:
openshift_build_node_type: infra
+ openshift_clusterid: "{{ provision.clusterid }}"
+ openshift_region: "{{ provision.region }}"
+ openshift_use_custom_ami: "{{ proviion.use_custom_ami }}"
+ openshift_ami_name: "{{ provision.build.ami_name }}"
+ openshift_ami_tags: "{{ provision.build.openshift_ami_tags }}"
+ openshift_node_group_config: "{{ provision.node_group_config }}"
+ openshift_subnet_name: "{{ provision.vpc.subnets[provision.region][0].az }}"
- - name: include build node group
+
+ - name: include build node group for compute
include: build_node_group.yml
vars:
openshift_build_node_type: compute
+ openshift_clusterid: "{{ provision.clusterid }}"
+ openshift_region: "{{ provision.region }}"
+ openshift_use_custom_ami: "{{ proviion.use_custom_ami }}"
+ openshift_ami_name: "{{ provision.build.ami_name }}"
+ openshift_ami_tags: "{{ provision.build.openshift_ami_tags }}"
+ openshift_node_group_config: "{{ provision.node_group_config }}"
+ openshift_subnet_name: "{{ provision.vpc.subnets[provision.region][0].az }}"
diff --git a/playbooks/aws/openshift-cluster/vars.yml b/playbooks/aws/openshift-cluster/vars.yml
index 47da03cb7..1d91593e2 100644
--- a/playbooks/aws/openshift-cluster/vars.yml
+++ b/playbooks/aws/openshift-cluster/vars.yml
@@ -14,7 +14,7 @@ provision:
# when creating an encrypted AMI please specify use_encryption
use_encryption: False
- openshift_ami_tags:
+ ami_tags:
bootstrap: "true"
openshift-created: "true"
clusterid: "{{ clusterid }}"
@@ -22,6 +22,9 @@ provision:
# Use s3 backed registry storage
openshift_registry_s3: True
+ # whether to use custome ami for each node type
+ use_custom_ami: False
+
# if using custom certificates these are required for the ELB
iam_cert_ca:
name: "{{ clusterid }}_openshift"
@@ -45,7 +48,7 @@ provision:
# master specific cluster node settings
master:
instance_type: m4.xlarge
- ami: ami-cdeec8b6 # if using an encrypted AMI this will be replaced
+ ami: ami-cdeec8b6 # if using an encrypted or custom AMI this will be replaced
volumes:
- device_name: /dev/sdb
volume_size: 100
@@ -65,7 +68,7 @@ provision:
# compute specific cluster node settings
compute:
instance_type: m4.xlarge
- ami: ami-cdeec8b6
+ ami: ami-cdeec8b6 # if using an encrypted or custom AMI this will be replaced
volumes:
- device_name: /dev/sdb
volume_size: 100
@@ -84,7 +87,7 @@ provision:
# infra specific cluster node settings
infra:
instance_type: m4.xlarge
- ami: ami-cdeec8b6
+ ami: ami-cdeec8b6 # if using an encrypted or custom AMI this will be replaced
volumes:
- device_name: /dev/sdb
volume_size: 100