diff options
26 files changed, 276 insertions, 329 deletions
diff --git a/playbooks/aws/openshift-cluster/prerequisites.yml b/playbooks/aws/openshift-cluster/prerequisites.yml index f5eb01b14..df77fe3bc 100644 --- a/playbooks/aws/openshift-cluster/prerequisites.yml +++ b/playbooks/aws/openshift-cluster/prerequisites.yml @@ -4,3 +4,5 @@ - include: provision_ssh_keypair.yml - include: provision_sec_group.yml + vars: + openshift_aws_node_group_type: compute diff --git a/playbooks/aws/openshift-cluster/provision_sec_group.yml b/playbooks/aws/openshift-cluster/provision_sec_group.yml index 7d74a691a..039357adb 100644 --- a/playbooks/aws/openshift-cluster/provision_sec_group.yml +++ b/playbooks/aws/openshift-cluster/provision_sec_group.yml @@ -6,7 +6,7 @@ connection: local gather_facts: no tasks: - - name: create security groups + - name: create an instance and prepare for ami include_role: name: openshift_aws tasks_from: security_group.yml diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index f32073f09..b359919ba 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -212,13 +212,6 @@ tasks_from: master when: openshift_use_kuryr | default(false) | bool - - name: Setup the compute and infra node config maps - include_role: - name: openshift_node_bootstrap_configmap - tasks_from: standard.yml - when: openshift_master_bootstrap_enabled | default(false) | bool - run_once: True - post_tasks: - name: Create group for deployment type group_by: key=oo_masters_deployment_type_{{ openshift.common.deployment_type }} diff --git a/roles/openshift_aws/defaults/main.yml b/roles/openshift_aws/defaults/main.yml index 51f7d31c2..9f3c14bad 100644 --- a/roles/openshift_aws/defaults/main.yml +++ b/roles/openshift_aws/defaults/main.yml @@ -4,6 +4,7 @@ openshift_aws_create_iam_cert: True openshift_aws_create_security_groups: True openshift_aws_create_launch_config: True openshift_aws_create_scale_group: True +openshift_aws_node_group_type: master openshift_aws_wait_for_ssh: True @@ -15,7 +16,7 @@ openshift_aws_build_ami_group: "{{ openshift_aws_clusterid }}" openshift_aws_iam_cert_name: "{{ openshift_aws_clusterid }}-master-external" openshift_aws_iam_cert_path: '' openshift_aws_iam_cert_key_path: '' -openshift_aws_scale_group_basename: "{{ openshift_aws_clusterid }} openshift" +openshift_aws_scale_group_name: "{{ openshift_aws_clusterid }} openshift {{ openshift_aws_node_group_type }}" openshift_aws_iam_kms_alias: "alias/{{ openshift_aws_clusterid }}_kms" openshift_aws_ami: '' @@ -26,7 +27,7 @@ openshift_aws_ami_name: openshift-gi openshift_aws_base_ami_name: ami_base openshift_aws_launch_config_bootstrap_token: '' -openshift_aws_launch_config_basename: "{{ openshift_aws_clusterid }}" +openshift_aws_launch_config_name: "{{ openshift_aws_clusterid }}-{{ openshift_aws_node_group_type }}-{{ ansible_date_time.epoch }}" openshift_aws_users: [] @@ -46,19 +47,19 @@ openshift_aws_elb_health_check: unhealthy_threshold: 2 healthy_threshold: 2 -openshift_aws_elb_basename: "{{ openshift_aws_clusterid }}" +openshift_aws_elb_basename: "{{ openshift_aws_clusterid }}-{{ openshift_aws_node_group_type }}" openshift_aws_elb_name_dict: master: - external: "{{ openshift_aws_elb_basename }}-master-external" - internal: "{{ openshift_aws_elb_basename }}-master-internal" + external: "{{ openshift_aws_elb_basename }}-external" + internal: "{{ openshift_aws_elb_basename }}-internal" infra: - external: "{{ openshift_aws_elb_basename }}-infra" + external: "{{ openshift_aws_elb_basename }}" openshift_aws_elb_idle_timout: 400 openshift_aws_elb_scheme: internet-facing openshift_aws_elb_cert_arn: '' -openshift_aws_elb_dict: +openshift_aws_elb_listeners: master: external: - protocol: tcp @@ -111,15 +112,11 @@ openshift_aws_node_group_replace_instances: [] openshift_aws_node_group_replace_all_instances: False openshift_aws_node_group_config_extra_labels: {} -openshift_aws_ami_map: - master: "{{ openshift_aws_ami }}" - infra: "{{ openshift_aws_ami }}" - compute: "{{ openshift_aws_ami }}" - -openshift_aws_master_group_config: - # The 'master' key is always required here. +openshift_aws_node_group_config: + tags: "{{ openshift_aws_node_group_config_tags }}" master: instance_type: m4.xlarge + ami: "{{ openshift_aws_ami }}" volumes: "{{ openshift_aws_node_group_config_master_volumes }}" health_check: period: 60 @@ -135,12 +132,10 @@ openshift_aws_master_group_config: wait_for_instances: True termination_policy: "{{ openshift_aws_node_group_termination_policy }}" replace_all_instances: "{{ openshift_aws_node_group_replace_all_instances }}" - elbs: "{{ openshift_aws_elb_name_dict['master'].keys()| map('extract', openshift_aws_elb_name_dict['master']) | list }}" - -openshift_aws_node_group_config: - # The 'compute' key is always required here. + elbs: "{{ openshift_aws_elb_name_dict[openshift_aws_node_group_type].keys()| map('extract', openshift_aws_elb_name_dict[openshift_aws_node_group_type]) | list }}" compute: instance_type: m4.xlarge + ami: "{{ openshift_aws_ami }}" volumes: "{{ openshift_aws_node_group_config_node_volumes }}" health_check: period: 60 @@ -155,9 +150,9 @@ openshift_aws_node_group_config: type: compute termination_policy: "{{ openshift_aws_node_group_termination_policy }}" replace_all_instances: "{{ openshift_aws_node_group_replace_all_instances }}" - # The 'infra' key is always required here. infra: instance_type: m4.xlarge + ami: "{{ openshift_aws_ami }}" volumes: "{{ openshift_aws_node_group_config_node_volumes }}" health_check: period: 60 @@ -172,31 +167,22 @@ openshift_aws_node_group_config: type: infra termination_policy: "{{ openshift_aws_node_group_termination_policy }}" replace_all_instances: "{{ openshift_aws_node_group_replace_all_instances }}" - elbs: "{{ openshift_aws_elb_name_dict['infra'].keys()| map('extract', openshift_aws_elb_name_dict['infra']) | list }}" + elbs: "{{ openshift_aws_elb_name_dict[openshift_aws_node_group_type].keys()| map('extract', openshift_aws_elb_name_dict[openshift_aws_node_group_type]) | list }}" -openshift_aws_elb_tags: "{{ openshift_aws_kube_tags }}" +openshift_aws_elb_tags: "{{ openshift_aws_clusterid | build_instance_tags }}" openshift_aws_elb_az_load_balancing: False -openshift_aws_kube_tags: "{{ openshift_aws_clusterid | build_instance_tags }}" - -openshift_aws_elb_security_groups: "{{ openshift_aws_launch_config_security_groups }}" - -openshift_aws_launch_config_security_groups: - compute: - - "{{ openshift_aws_clusterid }}" # default sg - - "{{ openshift_aws_clusterid }}_compute" # node type sg - - "{{ openshift_aws_clusterid }}_compute_k8s" # node type sg k8s - infra: - - "{{ openshift_aws_clusterid }}" # default sg - - "{{ openshift_aws_clusterid }}_infra" # node type sg - - "{{ openshift_aws_clusterid }}_infra_k8s" # node type sg k8s - master: - - "{{ openshift_aws_clusterid }}" # default sg - - "{{ openshift_aws_clusterid }}_master" # node type sg - - "{{ openshift_aws_clusterid }}_master_k8s" # node type sg k8s +openshift_aws_elb_security_groups: +- "{{ openshift_aws_clusterid }}" # default sg +- "{{ openshift_aws_clusterid }}_{{ openshift_aws_node_group_type }}" # node type sg +- "{{ openshift_aws_clusterid }}_{{ openshift_aws_node_group_type }}_k8s" # node type sg k8s -openshift_aws_security_groups_tags: "{{ openshift_aws_kube_tags }}" +openshift_aws_elb_instance_filter: + "tag:clusterid": "{{ openshift_aws_clusterid }}" + "tag:host-type": "{{ openshift_aws_node_group_type }}" + instance-state-name: running +openshift_aws_security_groups_tags: "{{ openshift_aws_clusterid | build_instance_tags }}" openshift_aws_node_security_groups: default: name: "{{ openshift_aws_clusterid }}" @@ -265,18 +251,3 @@ openshift_aws_vpc: openshift_aws_node_run_bootstrap_startup: True openshift_aws_node_user_data: '' openshift_aws_node_config_namespace: openshift-node - -# If creating extra node groups, you'll need to define all of the following - -# The format is the same as openshift_aws_node_group_config, but the top-level -# key names should be different (ie, not == master or infra). -# openshift_aws_node_group_config_extra: {} - -# This variable should look like openshift_aws_launch_config_security_groups -# and contain a one-to-one mapping of top level keys that are defined in -# openshift_aws_node_group_config_extra. -# openshift_aws_launch_config_security_groups_extra: {} - -# openshift_aws_node_security_groups_extra: {} - -# openshift_aws_ami_map_extra: {} diff --git a/roles/openshift_aws/tasks/build_node_group.yml b/roles/openshift_aws/tasks/build_node_group.yml index 852adc7b5..0aac40ddd 100644 --- a/roles/openshift_aws/tasks/build_node_group.yml +++ b/roles/openshift_aws/tasks/build_node_group.yml @@ -1,6 +1,4 @@ --- -# This task file expects l_nodes_to_build to be passed in. - # When openshift_aws_use_custom_ami is '' then # we retrieve the latest build AMI. # Then set openshift_aws_ami to the ami. @@ -23,12 +21,10 @@ - "'results' in amiout" - amiout.results|length > 0 -# Need to set epoch time in one place to use for launch_config and scale_group -- set_fact: - l_epoch_time: "{{ ansible_date_time.epoch }}" - - when: openshift_aws_create_launch_config + name: "Create {{ openshift_aws_node_group_type }} launch config" include: launch_config.yml - when: openshift_aws_create_scale_group + name: "Create {{ openshift_aws_node_group_type }} node group" include: scale_group.yml diff --git a/roles/openshift_aws/tasks/elb.yml b/roles/openshift_aws/tasks/elb.yml index a543222d5..56abe9dd7 100644 --- a/roles/openshift_aws/tasks/elb.yml +++ b/roles/openshift_aws/tasks/elb.yml @@ -1,24 +1,45 @@ --- -- name: "dump the elb listeners for {{ l_elb_dict_item.key }}" +- name: query vpc + ec2_vpc_net_facts: + region: "{{ openshift_aws_region }}" + filters: + 'tag:Name': "{{ openshift_aws_vpc_name }}" + register: vpcout + +- name: debug + debug: var=vpcout + +- name: fetch the default subnet id + ec2_vpc_subnet_facts: + region: "{{ openshift_aws_region }}" + filters: + "tag:Name": "{{ openshift_aws_subnet_name }}" + vpc-id: "{{ vpcout.vpcs[0].id }}" + register: subnetout + +- name: dump the elb listeners debug: - msg: "{{ l_elb_dict_item.value }}" + msg: "{{ openshift_aws_elb_listeners[openshift_aws_node_group_type][openshift_aws_elb_direction] + if 'master' in openshift_aws_node_group_type or 'infra' in openshift_aws_node_group_type + else openshift_aws_elb_listeners }}" -- name: "Create ELB {{ l_elb_dict_item.key }}" +- name: "Create ELB {{ l_openshift_aws_elb_name }}" ec2_elb_lb: - name: "{{ l_openshift_aws_elb_name_dict[l_elb_dict_item.key][item.key] }}" + name: "{{ l_openshift_aws_elb_name }}" state: present cross_az_load_balancing: "{{ openshift_aws_elb_az_load_balancing }}" - security_group_names: "{{ l_elb_security_groups[l_elb_dict_item.key] }}" + security_group_names: "{{ openshift_aws_elb_security_groups }}" idle_timeout: "{{ openshift_aws_elb_idle_timout }}" region: "{{ openshift_aws_region }}" subnets: - "{{ subnetout.subnets[0].id }}" health_check: "{{ openshift_aws_elb_health_check }}" - listeners: "{{ item.value }}" + listeners: "{{ openshift_aws_elb_listeners[openshift_aws_node_group_type][openshift_aws_elb_direction] + if 'master' in openshift_aws_node_group_type or 'infra' in openshift_aws_node_group_type + else openshift_aws_elb_listeners }}" scheme: "{{ openshift_aws_elb_scheme }}" tags: "{{ openshift_aws_elb_tags }}" register: new_elb - with_dict: "{{ l_elb_dict_item.value }}" - debug: msg: "{{ item }}" diff --git a/roles/openshift_aws/tasks/launch_config.yml b/roles/openshift_aws/tasks/launch_config.yml index 0dbeba5a0..94aca5a35 100644 --- a/roles/openshift_aws/tasks/launch_config.yml +++ b/roles/openshift_aws/tasks/launch_config.yml @@ -9,7 +9,31 @@ when: - openshift_deployment_type is undefined -- include: launch_config_create.yml - with_dict: "{{ l_nodes_to_build }}" - loop_control: - loop_var: launch_config_item +- name: query vpc + ec2_vpc_net_facts: + region: "{{ openshift_aws_region }}" + filters: + 'tag:Name': "{{ openshift_aws_vpc_name }}" + register: vpcout + +- name: fetch the security groups for launch config + ec2_group_facts: + filters: + group-name: "{{ openshift_aws_elb_security_groups }}" + vpc-id: "{{ vpcout.vpcs[0].id }}" + region: "{{ openshift_aws_region }}" + register: ec2sgs + +# Create the scale group config +- name: Create the node scale group launch config + ec2_lc: + name: "{{ openshift_aws_launch_config_name }}" + region: "{{ openshift_aws_region }}" + image_id: "{{ openshift_aws_ami }}" + instance_type: "{{ openshift_aws_node_group_config[openshift_aws_node_group_type].instance_type }}" + security_groups: "{{ openshift_aws_launch_config_security_group_id | default(ec2sgs.security_groups | map(attribute='group_id')| list) }}" + user_data: "{{ lookup('template', 'user_data.j2') }}" + key_name: "{{ openshift_aws_ssh_key_name }}" + ebs_optimized: False + volumes: "{{ openshift_aws_node_group_config[openshift_aws_node_group_type].volumes }}" + assign_public_ip: True diff --git a/roles/openshift_aws/tasks/launch_config_create.yml b/roles/openshift_aws/tasks/launch_config_create.yml deleted file mode 100644 index 8265c2179..000000000 --- a/roles/openshift_aws/tasks/launch_config_create.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -- name: fetch the security groups for launch config - ec2_group_facts: - filters: - group-name: "{{ l_launch_config_security_groups[launch_config_item.key] }}" - vpc-id: "{{ vpcout.vpcs[0].id }}" - region: "{{ openshift_aws_region }}" - register: ec2sgs - -# Create the scale group config -- name: Create the node scale group launch config - ec2_lc: - name: "{{ openshift_aws_launch_config_basename }}-{{ launch_config_item.key }}-{{ l_epoch_time }}" - region: "{{ openshift_aws_region }}" - image_id: "{{ l_aws_ami_map[launch_config_item.key] | default(openshift_aws_ami) }}" - instance_type: "{{ launch_config_item.value.instance_type }}" - security_groups: "{{ openshift_aws_launch_config_security_group_id | default(ec2sgs.security_groups | map(attribute='group_id')| list) }}" - user_data: "{{ lookup('template', 'user_data.j2') }}" - key_name: "{{ openshift_aws_ssh_key_name }}" - ebs_optimized: False - volumes: "{{ launch_config_item.value.volumes }}" - assign_public_ip: True diff --git a/roles/openshift_aws/tasks/master_facts.yml b/roles/openshift_aws/tasks/master_facts.yml index 530b0134d..1c99229ff 100644 --- a/roles/openshift_aws/tasks/master_facts.yml +++ b/roles/openshift_aws/tasks/master_facts.yml @@ -3,7 +3,7 @@ ec2_elb_facts: region: "{{ openshift_aws_region }}" names: - - "{{ openshift_aws_elb_name_dict['master']['internal'] }}" + - "{{ openshift_aws_elb_name_dict[openshift_aws_node_group_type]['internal'] }}" delegate_to: localhost register: elbs diff --git a/roles/openshift_aws/tasks/provision.yml b/roles/openshift_aws/tasks/provision.yml index 91538ed5c..e99017b9f 100644 --- a/roles/openshift_aws/tasks/provision.yml +++ b/roles/openshift_aws/tasks/provision.yml @@ -7,30 +7,47 @@ name: create s3 bucket for registry include: s3.yml -- include: vpc_and_subnet_id.yml +- when: openshift_aws_create_security_groups + block: + - name: "Create {{ openshift_aws_node_group_type }} security groups" + include: security_group.yml -- name: create elbs + - name: "Create {{ openshift_aws_node_group_type }} security groups" + include: security_group.yml + vars: + openshift_aws_node_group_type: infra + +- name: create our master internal load balancer + include: elb.yml + vars: + openshift_aws_elb_direction: internal + openshift_aws_elb_scheme: internal + l_openshift_aws_elb_name: "{{ openshift_aws_elb_name_dict[openshift_aws_node_group_type]['internal'] }}" + +- name: create our master external load balancer include: elb.yml - with_dict: "{{ openshift_aws_elb_dict }}" vars: - l_elb_security_groups: "{{ openshift_aws_elb_security_groups }}" - l_openshift_aws_elb_name_dict: "{{ openshift_aws_elb_name_dict }}" - loop_control: - loop_var: l_elb_dict_item + openshift_aws_elb_direction: external + openshift_aws_elb_scheme: internet-facing + l_openshift_aws_elb_name: "{{ openshift_aws_elb_name_dict[openshift_aws_node_group_type]['external'] }}" + +- name: create our infra node external load balancer + include: elb.yml + vars: + l_openshift_aws_elb_name: "{{ openshift_aws_elb_name_dict['infra']['external'] }}" + openshift_aws_elb_direction: external + openshift_aws_elb_scheme: internet-facing + openshift_aws_node_group_type: infra - name: include scale group creation for master include: build_node_group.yml - vars: - l_nodes_to_build: "{{ openshift_aws_master_group_config }}" - l_launch_config_security_groups: "{{ openshift_aws_launch_config_security_groups }}" - l_aws_ami_map: "{{ openshift_aws_ami_map }}" - name: fetch newly created instances ec2_remote_facts: region: "{{ openshift_aws_region }}" filters: "tag:clusterid": "{{ openshift_aws_clusterid }}" - "tag:host-type": "master" + "tag:host-type": "{{ openshift_aws_node_group_type }}" instance-state-name: running register: instancesout retries: 20 diff --git a/roles/openshift_aws/tasks/provision_instance.yml b/roles/openshift_aws/tasks/provision_instance.yml index 3349acb7a..25ae6ce1c 100644 --- a/roles/openshift_aws/tasks/provision_instance.yml +++ b/roles/openshift_aws/tasks/provision_instance.yml @@ -3,7 +3,20 @@ set_fact: openshift_node_bootstrap: True -- include: vpc_and_subnet_id.yml +- name: query vpc + ec2_vpc_net_facts: + region: "{{ openshift_aws_region }}" + filters: + 'tag:Name': "{{ openshift_aws_vpc_name }}" + register: vpcout + +- name: fetch the default subnet id + ec2_vpc_subnet_facts: + region: "{{ openshift_aws_region }}" + filters: + "tag:Name": "{{ openshift_aws_subnet_name }}" + vpc-id: "{{ vpcout.vpcs[0].id }}" + register: subnetout - name: create instance for ami creation ec2: diff --git a/roles/openshift_aws/tasks/provision_nodes.yml b/roles/openshift_aws/tasks/provision_nodes.yml index 1b40f24d3..fc4996c68 100644 --- a/roles/openshift_aws/tasks/provision_nodes.yml +++ b/roles/openshift_aws/tasks/provision_nodes.yml @@ -25,23 +25,19 @@ set_fact: openshift_aws_launch_config_bootstrap_token: "{{ bootstrap['content'] | b64decode }}" -- include: vpc_and_subnet_id.yml - -- name: include build compute and infra node groups +- name: include build node group for infra include: build_node_group.yml vars: - l_nodes_to_build: "{{ openshift_aws_node_group_config }}" - l_launch_config_security_groups: "{{ openshift_aws_launch_config_security_groups }}" - l_aws_ami_map: "{{ openshift_aws_ami_map }}" + openshift_aws_node_group_type: infra + openshift_aws_scale_group_name: "{{ openshift_aws_clusterid }} openshift infra" + openshift_aws_launch_config_name: "{{ openshift_aws_clusterid }}-infra-{{ ansible_date_time.epoch }}" -- name: include build node group for extra nodes +- name: include build node group for compute include: build_node_group.yml - when: openshift_aws_node_group_config_extra is defined vars: - l_nodes_to_build: "{{ openshift_aws_node_group_config_extra | default({}) }}" - l_launch_config_security_groups: "{{ openshift_aws_launch_config_security_groups_extra }}" - l_aws_ami_map: "{{ openshift_aws_ami_map_extra }}" - + openshift_aws_node_group_type: compute + openshift_aws_scale_group_name: "{{ openshift_aws_clusterid }} openshift compute" + openshift_aws_launch_config_name: "{{ openshift_aws_clusterid }}-compute-{{ ansible_date_time.epoch }}" - when: openshift_aws_wait_for_ssh | bool block: diff --git a/roles/openshift_aws/tasks/scale_group.yml b/roles/openshift_aws/tasks/scale_group.yml index 097859af2..eb31636e7 100644 --- a/roles/openshift_aws/tasks/scale_group.yml +++ b/roles/openshift_aws/tasks/scale_group.yml @@ -1,4 +1,11 @@ --- +- name: query vpc + ec2_vpc_net_facts: + region: "{{ openshift_aws_region }}" + filters: + 'tag:Name': "{{ openshift_aws_vpc_name }}" + register: vpcout + - name: fetch the subnet to use in scale group ec2_vpc_subnet_facts: region: "{{ openshift_aws_region }}" @@ -9,20 +16,19 @@ - name: Create the scale group ec2_asg: - name: "{{ openshift_aws_scale_group_basename }} {{ item.key }}" - launch_config_name: "{{ openshift_aws_launch_config_basename }}-{{ item.key }}-{{ l_epoch_time }}" - health_check_period: "{{ item.value.health_check.period }}" - health_check_type: "{{ item.value.health_check.type }}" - min_size: "{{ item.value.min_size }}" - max_size: "{{ item.value.max_size }}" - desired_capacity: "{{ item.value.desired_size }}" + name: "{{ openshift_aws_scale_group_name }}" + launch_config_name: "{{ openshift_aws_launch_config_name }}" + health_check_period: "{{ openshift_aws_node_group_config[openshift_aws_node_group_type].health_check.period }}" + health_check_type: "{{ openshift_aws_node_group_config[openshift_aws_node_group_type].health_check.type }}" + min_size: "{{ openshift_aws_node_group_config[openshift_aws_node_group_type].min_size }}" + max_size: "{{ openshift_aws_node_group_config[openshift_aws_node_group_type].max_size }}" + desired_capacity: "{{ openshift_aws_node_group_config[openshift_aws_node_group_type].desired_size }}" region: "{{ openshift_aws_region }}" - termination_policies: "{{ item.value.termination_policy if 'termination_policy' in item.value else omit }}" - load_balancers: "{{ item.value.elbs if 'elbs' in item.value else omit }}" - wait_for_instances: "{{ item.value.wait_for_instances | default(False)}}" + termination_policies: "{{ openshift_aws_node_group_config[openshift_aws_node_group_type].termination_policy if 'termination_policy' in openshift_aws_node_group_config[openshift_aws_node_group_type] else omit }}" + load_balancers: "{{ openshift_aws_node_group_config[openshift_aws_node_group_type].elbs if 'elbs' in openshift_aws_node_group_config[openshift_aws_node_group_type] else omit }}" + wait_for_instances: "{{ openshift_aws_node_group_config[openshift_aws_node_group_type].wait_for_instances | default(False)}}" vpc_zone_identifier: "{{ subnetout.subnets[0].id }}" replace_instances: "{{ openshift_aws_node_group_replace_instances if openshift_aws_node_group_replace_instances != [] else omit }}" - replace_all_instances: "{{ omit if openshift_aws_node_group_replace_instances != [] else (item.value.replace_all_instances | default(omit)) }}" + replace_all_instances: "{{ omit if openshift_aws_node_group_replace_instances != [] else (openshift_aws_node_group_config[openshift_aws_node_group_type].replace_all_instances | default(omit)) }}" tags: - - "{{ openshift_aws_node_group_config_tags | combine(item.value.tags) }}" - with_dict: "{{ l_nodes_to_build }}" + - "{{ openshift_aws_node_group_config.tags | combine(openshift_aws_node_group_config[openshift_aws_node_group_type].tags) }}" diff --git a/roles/openshift_aws/tasks/security_group.yml b/roles/openshift_aws/tasks/security_group.yml index 5cc7ae537..e1fb99b02 100644 --- a/roles/openshift_aws/tasks/security_group.yml +++ b/roles/openshift_aws/tasks/security_group.yml @@ -6,11 +6,39 @@ "tag:Name": "{{ openshift_aws_clusterid }}" register: vpcout -- include: security_group_create.yml - vars: - l_security_groups: "{{ openshift_aws_node_security_groups }}" +- name: Create default security group for cluster + ec2_group: + name: "{{ openshift_aws_node_security_groups.default.name }}" + description: "{{ openshift_aws_node_security_groups.default.desc }}" + region: "{{ openshift_aws_region }}" + vpc_id: "{{ vpcout.vpcs[0].id }}" + rules: "{{ openshift_aws_node_security_groups.default.rules | default(omit, True)}}" + register: sg_default_created + +- name: create the node group sgs + ec2_group: + name: "{{ item.name}}" + description: "{{ item.desc }}" + rules: "{{ item.rules if 'rules' in item else [] }}" + region: "{{ openshift_aws_region }}" + vpc_id: "{{ vpcout.vpcs[0].id }}" + register: sg_create + with_items: + - "{{ openshift_aws_node_security_groups[openshift_aws_node_group_type]}}" -- include: security_group_create.yml - when: openshift_aws_node_security_groups_extra is defined - vars: - l_security_groups: "{{ openshift_aws_node_security_groups_extra | default({}) }}" +- name: create the k8s sgs for the node group + ec2_group: + name: "{{ item.name }}_k8s" + description: "{{ item.desc }} for k8s" + region: "{{ openshift_aws_region }}" + vpc_id: "{{ vpcout.vpcs[0].id }}" + register: k8s_sg_create + with_items: + - "{{ openshift_aws_node_security_groups[openshift_aws_node_group_type]}}" + +- name: tag sg groups with proper tags + ec2_tag: + tags: "{{ openshift_aws_security_groups_tags }}" + resource: "{{ item.group_id }}" + region: "{{ openshift_aws_region }}" + with_items: "{{ k8s_sg_create.results }}" diff --git a/roles/openshift_aws/tasks/security_group_create.yml b/roles/openshift_aws/tasks/security_group_create.yml deleted file mode 100644 index ef6060555..000000000 --- a/roles/openshift_aws/tasks/security_group_create.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- -- name: create the node group sgs - ec2_group: - name: "{{ item.value.name}}" - description: "{{ item.value.desc }}" - rules: "{{ item.value.rules if 'rules' in item.value else [] }}" - region: "{{ openshift_aws_region }}" - vpc_id: "{{ vpcout.vpcs[0].id }}" - with_dict: "{{ l_security_groups }}" - -- name: create the k8s sgs for the node group - ec2_group: - name: "{{ item.value.name }}_k8s" - description: "{{ item.value.desc }} for k8s" - region: "{{ openshift_aws_region }}" - vpc_id: "{{ vpcout.vpcs[0].id }}" - with_dict: "{{ l_security_groups }}" - register: k8s_sg_create - -- name: tag sg groups with proper tags - ec2_tag: - tags: "{{ openshift_aws_security_groups_tags }}" - resource: "{{ item.group_id }}" - region: "{{ openshift_aws_region }}" - with_items: "{{ k8s_sg_create.results }}" diff --git a/roles/openshift_aws/tasks/vpc_and_subnet_id.yml b/roles/openshift_aws/tasks/vpc_and_subnet_id.yml deleted file mode 100644 index aaf9b300f..000000000 --- a/roles/openshift_aws/tasks/vpc_and_subnet_id.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -- name: query vpc - ec2_vpc_net_facts: - region: "{{ openshift_aws_region }}" - filters: - 'tag:Name': "{{ openshift_aws_vpc_name }}" - register: vpcout - -- name: debug - debug: var=vpcout - -- name: fetch the default subnet id - ec2_vpc_subnet_facts: - region: "{{ openshift_aws_region }}" - filters: - "tag:Name": "{{ openshift_aws_subnet_name }}" - vpc-id: "{{ vpcout.vpcs[0].id }}" - register: subnetout diff --git a/roles/openshift_aws/templates/user_data.j2 b/roles/openshift_aws/templates/user_data.j2 index a8c7f9a95..76aebdcea 100644 --- a/roles/openshift_aws/templates/user_data.j2 +++ b/roles/openshift_aws/templates/user_data.j2 @@ -7,8 +7,8 @@ write_files: owner: 'root:root' permissions: '0640' content: | - openshift_group_type: {{ launch_config_item.key }} -{% if launch_config_item.key != 'master' %} + openshift_group_type: {{ openshift_aws_node_group_type }} +{% if openshift_aws_node_group_type != 'master' %} - path: /etc/origin/node/bootstrap.kubeconfig owner: 'root:root' permissions: '0640' @@ -19,7 +19,7 @@ runcmd: {% if openshift_aws_node_run_bootstrap_startup %} - [ ansible-playbook, /root/openshift_bootstrap/bootstrap.yml] {% endif %} -{% if launch_config_item.key != 'master' %} +{% if openshift_aws_node_group_type != 'master' %} - [ systemctl, enable, {% if openshift_deployment_type == 'openshift-enterprise' %}atomic-openshift{% else %}origin{% endif %}-node] - [ systemctl, start, {% if openshift_deployment_type == 'openshift-enterprise' %}atomic-openshift{% else %}origin{% endif %}-node] {% endif %} diff --git a/roles/openshift_master/defaults/main.yml b/roles/openshift_master/defaults/main.yml index 4acac7923..fe78dea66 100644 --- a/roles/openshift_master/defaults/main.yml +++ b/roles/openshift_master/defaults/main.yml @@ -26,6 +26,7 @@ default_r_openshift_master_os_firewall_allow: cond: "{{ groups.oo_etcd_to_config | default([]) | length == 0 }}" r_openshift_master_os_firewall_allow: "{{ default_r_openshift_master_os_firewall_allow | union(openshift_master_open_ports | default([])) }}" + # oreg_url is defined by user input oreg_host: "{{ oreg_url.split('/')[0] if (oreg_url is defined and '.' in oreg_url.split('/')[0]) else '' }}" oreg_auth_credentials_path: "{{ r_openshift_master_data_dir }}/.docker" @@ -59,7 +60,7 @@ r_openshift_master_sdn_network_plugin_name: "{{ r_openshift_master_sdn_network_p openshift_master_image_config_latest_default: "{{ openshift_image_config_latest | default(False) }}" openshift_master_image_config_latest: "{{ openshift_master_image_config_latest_default }}" -openshift_master_config_dir_default: "{{ openshift.common.config_base ~ '/master' if openshift is defined and 'common' in openshift else '/etc/origin/master' }}" +openshift_master_config_dir_default: "{{ (openshift.common.config_base | default('/etc/origin/master')) ~ '/master' }}" openshift_master_config_dir: "{{ openshift_master_config_dir_default }}" openshift_master_cloud_provider: "{{ openshift_cloudprovider_kind | default('aws') }}" @@ -70,6 +71,8 @@ openshift_master_node_config_kubeletargs_mem: 512M openshift_master_bootstrap_enabled: False +openshift_master_client_binary: "{{ openshift.common.client_binary if openshift is defined else 'oc' }}" + openshift_master_config_imageconfig_format: "{{ openshift.node.registry_url }}" # these are for the default settings in a generated node-config.yaml @@ -141,5 +144,3 @@ openshift_master_node_configs: - "{{ openshift_master_node_config_compute }}" openshift_master_bootstrap_namespace: openshift-node -openshift_master_csr_sa: node-bootstrapper -openshift_master_csr_namespace: openshift-infra diff --git a/roles/openshift_master/tasks/bootstrap.yml b/roles/openshift_master/tasks/bootstrap.yml index ce55e7d0c..f837a8bae 100644 --- a/roles/openshift_master/tasks/bootstrap.yml +++ b/roles/openshift_master/tasks/bootstrap.yml @@ -2,8 +2,7 @@ # TODO: create a module for this command. # oc_serviceaccounts_kubeconfig - name: create service account kubeconfig with csr rights - command: > - oc serviceaccounts create-kubeconfig {{ openshift_master_csr_sa }} -n {{ openshift_master_csr_namespace }} + command: "oc serviceaccounts create-kubeconfig node-bootstrapper -n openshift-infra" register: kubeconfig_out until: kubeconfig_out.rc == 0 retries: 24 @@ -13,3 +12,67 @@ copy: content: "{{ kubeconfig_out.stdout }}" dest: "{{ openshift_master_config_dir }}/bootstrap.kubeconfig" + +- name: create a temp dir for this work + command: mktemp -d /tmp/openshift_node_config-XXXXXX + register: mktempout + run_once: true + +# This generate is so that we do not have to maintain +# our own copy of the template. This is generated by +# the product and the following settings will be +# generated by the master +- name: generate a node-config dynamically + command: > + {{ openshift_master_client_binary }} adm create-node-config + --node-dir={{ mktempout.stdout }}/ + --node=CONFIGMAP + --hostnames=test + --dns-ip=0.0.0.0 + --certificate-authority={{ openshift_master_config_dir }}/ca.crt + --signer-cert={{ openshift_master_config_dir }}/ca.crt + --signer-key={{ openshift_master_config_dir }}/ca.key + --signer-serial={{ openshift_master_config_dir }}/ca.serial.txt + --node-client-certificate-authority={{ openshift_master_config_dir }}/ca.crt + register: configgen + run_once: true + +- name: remove the default settings + yedit: + state: "{{ item.state | default('present') }}" + src: "{{ mktempout.stdout }}/node-config.yaml" + key: "{{ item.key }}" + value: "{{ item.value | default(omit) }}" + with_items: "{{ openshift_master_node_config_default_edits }}" + run_once: true + +- name: copy the generated config into each group + copy: + src: "{{ mktempout.stdout }}/node-config.yaml" + remote_src: true + dest: "{{ mktempout.stdout }}/node-config-{{ item.type }}.yaml" + with_items: "{{ openshift_master_node_configs }}" + run_once: true + +- name: "specialize the generated configs for node-config-{{ item.type }}" + yedit: + src: "{{ mktempout.stdout }}/node-config-{{ item.type }}.yaml" + edits: "{{ item.edits }}" + with_items: "{{ openshift_master_node_configs }}" + run_once: true + +- name: create node-config.yaml configmap + oc_configmap: + name: "node-config-{{ item.type }}" + namespace: "{{ openshift_master_bootstrap_namespace }}" + from_file: + node-config.yaml: "{{ mktempout.stdout }}/node-config-{{ item.type }}.yaml" + with_items: "{{ openshift_master_node_configs }}" + run_once: true + +- name: remove templated files + file: + dest: "{{ mktempout.stdout }}/" + state: absent + with_items: "{{ openshift_master_node_configs }}" + run_once: true diff --git a/roles/openshift_master/tasks/bootstrap_settings.yml b/roles/openshift_master/tasks/bootstrap_settings.yml deleted file mode 100644 index cbd7f587b..000000000 --- a/roles/openshift_master/tasks/bootstrap_settings.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- -- name: modify controller args - yedit: - src: /etc/origin/master/master-config.yaml - edits: - - key: kubernetesMasterConfig.controllerArguments.cluster-signing-cert-file - value: - - /etc/origin/master/ca.crt - - key: kubernetesMasterConfig.controllerArguments.cluster-signing-key-file - value: - - /etc/origin/master/ca.key - notify: - - restart master controllers - when: openshift_master_bootstrap_enabled | default(False) diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index c7c02d49b..48b34c578 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -218,7 +218,18 @@ - restart master api - restart master controllers -- include: bootstrap_settings.yml +- name: modify controller args + yedit: + src: /etc/origin/master/master-config.yaml + edits: + - key: kubernetesMasterConfig.controllerArguments.cluster-signing-cert-file + value: + - /etc/origin/master/ca.crt + - key: kubernetesMasterConfig.controllerArguments.cluster-signing-key-file + value: + - /etc/origin/master/ca.key + notify: + - restart master controllers when: openshift_master_bootstrap_enabled | default(False) - include: set_loopback_context.yml diff --git a/roles/openshift_node_bootstrap_configmap/defaults/main.yml b/roles/openshift_node_bootstrap_configmap/defaults/main.yml deleted file mode 100644 index 02c872646..000000000 --- a/roles/openshift_node_bootstrap_configmap/defaults/main.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -openshift_node_bootstrap_configmap_custom_labels: [] -openshift_node_bootstrap_configmap_edits: [] -openshift_node_bootstrap_configmap_name: node-config-compute -openshift_node_bootstrap_configmap_namespace: openshift-node -openshift_node_bootstrap_configmap_default_labels: -- type=compute - -openshift_imageconfig_format: "{{ openshift.node.registry_url if openshift is defined and 'node' in openshift else oreg_url }}" -openshift_node_bootstrap_configmap_cloud_provider: "{{ openshift_cloudprovider_kind | default('aws') }}" -openshift_node_bootstrap_configmap_network_plugin_default: "{{ os_sdn_network_plugin_name | default('redhat/openshift-ovs-subnet') }}" -openshift_node_bootstrap_configmap_network_plugin: "{{ openshift_node_bootstrap_configmap_network_plugin_default }}" -openshift_node_bootstrap_configmap_node_data_dir_default: "{{ openshift_data_dir | default('/var/lib/origin') }}" -openshift_node_bootstrap_configmap_node_data_dir: "{{ openshift_node_bootstrap_configmap_node_data_dir_default }}" -openshift_node_bootstrap_configmap_network_mtu: "{{ openshift_node_sdn_mtu | default(8951) }}" diff --git a/roles/openshift_node_bootstrap_configmap/meta/main.yml b/roles/openshift_node_bootstrap_configmap/meta/main.yml deleted file mode 100644 index 14c1dd498..000000000 --- a/roles/openshift_node_bootstrap_configmap/meta/main.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -dependencies: -- role: lib_openshift -- role: lib_utils diff --git a/roles/openshift_node_bootstrap_configmap/tasks/create_config.yml b/roles/openshift_node_bootstrap_configmap/tasks/create_config.yml deleted file mode 100644 index 05080daa4..000000000 --- a/roles/openshift_node_bootstrap_configmap/tasks/create_config.yml +++ /dev/null @@ -1,32 +0,0 @@ ---- -- name: create a temp dir for this work - command: mktemp -d /tmp/openshift_node_config-XXXXXX - register: mktempout - run_once: true - -- name: create node config template - template: - src: node-config.yaml.j2 - dest: "{{ mktempout.stdout }}/node-config.yaml" - -- name: "specialize the generated configs for {{ openshift_node_bootstrap_configmap_name }}" - yedit: - content: - src: "{{ mktempout.stdout }}/node-config.yaml" - edits: "{{ openshift_node_bootstrap_configmap_edits }}" - when: openshift_node_bootstrap_configmap_edits|length > 0 - run_once: true - -- name: create node-config.yaml configmap - oc_configmap: - name: "{{ openshift_node_bootstrap_configmap_name }}" - namespace: "{{ openshift_node_bootstrap_configmap_namespace }}" - from_file: - node-config.yaml: "{{ mktempout.stdout }}/node-config.yaml" - run_once: true - -- name: remove templated files - file: - dest: "{{ mktempout.stdout }}/" - state: absent - run_once: true diff --git a/roles/openshift_node_bootstrap_configmap/tasks/standard.yml b/roles/openshift_node_bootstrap_configmap/tasks/standard.yml deleted file mode 100644 index 637d7c7fc..000000000 --- a/roles/openshift_node_bootstrap_configmap/tasks/standard.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- -- name: Build an infra node configmap - include: create_config.yml - vars: - openshift_node_bootstrap_configmap_name: node-config-infra - static: true - -- name: Build an infra node configmap - include: create_config.yml - vars: - openshift_node_bootstrap_configmap_name: node-config-compute - static: true diff --git a/roles/openshift_node_bootstrap_configmap/templates/node-config.yaml.j2 b/roles/openshift_node_bootstrap_configmap/templates/node-config.yaml.j2 deleted file mode 100644 index d533b88fa..000000000 --- a/roles/openshift_node_bootstrap_configmap/templates/node-config.yaml.j2 +++ /dev/null @@ -1,53 +0,0 @@ -allowDisabledDocker: false -apiVersion: v1 -authConfig: - authenticationCacheSize: 1000 - authenticationCacheTTL: 5m - authorizationCacheSize: 1000 - authorizationCacheTTL: 5m -dnsBindAddress: "127.0.0.1:53" -dnsDomain: cluster.local -dnsIP: 0.0.0.0 -dnsNameservers: null -dnsRecursiveResolvConf: /etc/origin/node/resolv.conf -dockerConfig: - dockerShimRootDirectory: /var/lib/dockershim - dockerShimSocket: /var/run/dockershim.sock - execHandlerName: native -enableUnidling: true -imageConfig: - format: "{{ openshift_imageconfig_format }}" - latest: false -iptablesSyncPeriod: 30s -kind: NodeConfig -kubeletArguments: - cloud-config: - - /etc/origin/cloudprovider/{{ openshift_node_bootstrap_configmap_cloud_provider }}.conf - cloud-provider: - - {{ openshift_node_bootstrap_configmap_cloud_provider }} - node-labels: {{ openshift_node_bootstrap_configmap_default_labels | union(openshift_node_bootstrap_configmap_custom_labels) | list | to_json }} -masterClientConnectionOverrides: - acceptContentTypes: application/vnd.kubernetes.protobuf,application/json - burst: 40 - contentType: application/vnd.kubernetes.protobuf - qps: 20 -masterKubeConfig: node.kubeconfig -networkConfig: - mtu: "{{ openshift_node_bootstrap_configmap_network_mtu }}" - networkPluginName: {{ openshift_node_bootstrap_configmap_network_plugin }} -nodeIP: "" -podManifestConfig: null -servingInfo: - bindAddress: 0.0.0.0:10250 - bindNetwork: tcp4 - certFile: server.crt - clientCA: node-client-ca.crt - keyFile: server.key - namedCertificates: null -volumeConfig: - localQuota: - perFSGroup: null -volumeDirectory: {{ openshift_node_bootstrap_configmap_node_data_dir }}/openshift.local.volumes -enable-controller-attach-detach: -- 'true' -networkPluginName: {{ openshift_node_bootstrap_configmap_network_plugin }} |