summaryrefslogtreecommitdiffstats
path: root/inventory
diff options
context:
space:
mode:
Diffstat (limited to 'inventory')
-rw-r--r--inventory/byo/hosts.origin.example121
-rw-r--r--inventory/byo/hosts.ose.example119
-rw-r--r--inventory/openstack/hosts/nova.ini45
-rwxr-xr-xinventory/openstack/hosts/nova.py224
-rwxr-xr-xinventory/openstack/hosts/openstack.py246
5 files changed, 457 insertions, 298 deletions
diff --git a/inventory/byo/hosts.origin.example b/inventory/byo/hosts.origin.example
index b9f429894..706dd8080 100644
--- a/inventory/byo/hosts.origin.example
+++ b/inventory/byo/hosts.origin.example
@@ -65,10 +65,6 @@ openshift_release=v1.2
# See: https://docs.openshift.org/latest/install_config/web_console_customization.html#serving-static-files
#openshift_master_oauth_template=/path/to/login-template.html
-# Configure loggingPublicURL in the master config for aggregate logging
-# See: https://docs.openshift.org/latest/install_config/aggregate_logging.html
-#openshift_master_logging_public_url=https://kibana.example.com
-
# Configure imagePolicyConfig in the master config
# See: https://godoc.org/github.com/openshift/origin/pkg/cmd/server/api#ImagePolicyConfig
#openshift_master_image_policy_config={"maxImagesBulkImportedPerRepository": 3, "disableScheduledImport": true}
@@ -99,7 +95,6 @@ openshift_release=v1.2
# modify image streams to point at that registry by setting the following to true
#openshift_examples_modify_imagestreams=true
-
# Origin copr repo
#openshift_additional_repos=[{'id': 'openshift-origin-copr', 'name': 'OpenShift Origin COPR', 'baseurl': 'https://copr-be.cloud.fedoraproject.org/results/maxamillion/origin-next/epel-7-$basearch/', 'enabled': 1, 'gpgcheck': 1, 'gpgkey': 'https://copr-be.cloud.fedoraproject.org/results/maxamillion/origin-next/pubkey.gpg'}]
@@ -114,17 +109,46 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
#openshift_master_identity_providers=[{'name': 'allow_all', 'login': 'true', 'challenge': 'true', 'kind': 'AllowAllPasswordIdentityProvider'}]
# LDAP auth
-#openshift_master_identity_providers=[{'name': 'my_ldap_provider', 'challenge': 'true', 'login': 'true', 'kind': 'LDAPPasswordIdentityProvider', 'attributes': {'id': ['dn'], 'email': ['mail'], 'name': ['cn'], 'preferredUsername': ['uid']}, 'bindDN': '', 'bindPassword': '', 'ca': '', 'insecure': 'false', 'url': 'ldap://ldap.example.com:389/ou=users,dc=example,dc=com?uid'}]
-# Configuring the ldap ca certificate
+#openshift_master_identity_providers=[{'name': 'my_ldap_provider', 'challenge': 'true', 'login': 'true', 'kind': 'LDAPPasswordIdentityProvider', 'attributes': {'id': ['dn'], 'email': ['mail'], 'name': ['cn'], 'preferredUsername': ['uid']}, 'bindDN': '', 'bindPassword': '', 'ca': 'my-ldap-ca.crt', 'insecure': 'false', 'url': 'ldap://ldap.example.com:389/ou=users,dc=example,dc=com?uid'}]
+#
+# Configure LDAP CA certificate
+# Specify either the ASCII contents of the certificate or the path to
+# the local file that will be copied to the remote host. CA
+# certificate contents will be copied to master systems and saved
+# within /etc/origin/master/ with a filename matching the "ca" key set
+# within the LDAPPasswordIdentityProvider.
+#
#openshift_master_ldap_ca=<ca text>
# or
#openshift_master_ldap_ca_file=<path to local ca file to use>
-# Available variables for configuring certificates for other identity providers:
-#openshift_master_openid_ca
-#openshift_master_openid_ca_file
-#openshift_master_request_header_ca
-#openshift_master_request_header_ca_file
+# OpenID auth
+#openshift_master_identity_providers=[{"name": "openid_auth", "login": "true", "challenge": "false", "kind": "OpenIDIdentityProvider", "client_id": "my_client_id", "client_secret": "my_client_secret", "claims": {"id": ["sub"], "preferredUsername": ["preferred_username"], "name": ["name"], "email": ["email"]}, "urls": {"authorize": "https://myidp.example.com/oauth2/authorize", "token": "https://myidp.example.com/oauth2/token"}, "ca": "my-openid-ca-bundle.crt"}]
+#
+# Configure OpenID CA certificate
+# Specify either the ASCII contents of the certificate or the path to
+# the local file that will be copied to the remote host. CA
+# certificate contents will be copied to master systems and saved
+# within /etc/origin/master/ with a filename matching the "ca" key set
+# within the OpenIDIdentityProvider.
+#
+#openshift_master_openid_ca=<ca text>
+# or
+#openshift_master_openid_ca_file=<path to local ca file to use>
+
+# Request header auth
+#openshift_master_identity_providers=[{"name": "my_request_header_provider", "challenge": "true", "login": "true", "kind": "RequestHeaderIdentityProvider", "challengeURL": "https://www.example.com/challenging-proxy/oauth/authorize?${query}", "loginURL": "https://www.example.com/login-proxy/oauth/authorize?${query}", "clientCA": "my-request-header-ca.crt", "clientCommonNames": ["my-auth-proxy"], "headers": ["X-Remote-User", "SSO-User"], "emailHeaders": ["X-Remote-User-Email"], "nameHeaders": ["X-Remote-User-Display-Name"], "preferredUsernameHeaders": ["X-Remote-User-Login"]}]
+#
+# Configure request header CA certificate
+# Specify either the ASCII contents of the certificate or the path to
+# the local file that will be copied to the remote host. CA
+# certificate contents will be copied to master systems and saved
+# within /etc/origin/master/ with a filename matching the "clientCA"
+# key set within the RequestHeaderIdentityProvider.
+#
+#openshift_master_request_header_ca=<ca text>
+# or
+#openshift_master_request_header_ca_file=<path to local ca file to use>
# Cloud Provider Configuration
#
@@ -145,10 +169,15 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
#openshift_cloudprovider_openstack_auth_url=http://openstack.example.com:35357/v2.0/
#openshift_cloudprovider_openstack_username=username
#openshift_cloudprovider_openstack_password=password
+#openshift_cloudprovider_openstack_domain_id=domain_id
+#openshift_cloudprovider_openstack_domain_name=domain_name
#openshift_cloudprovider_openstack_tenant_id=tenant_id
#openshift_cloudprovider_openstack_tenant_name=tenant_name
#openshift_cloudprovider_openstack_region=region
#openshift_cloudprovider_openstack_lb_subnet_id=subnet_id
+#
+# GCE
+#openshift_cloudprovider_kind=gce
# Project Configuration
#osm_project_request_message=''
@@ -318,7 +347,10 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
#openshift_hosted_registry_storage_s3_bucket=bucket_name
#openshift_hosted_registry_storage_s3_region=bucket_region
#openshift_hosted_registry_storage_s3_chunksize=26214400
+#openshift_hosted_registry_storage_s3_rootdirectory=/registry
#openshift_hosted_registry_pullthrough=true
+#openshift_hosted_registry_acceptschema2=true
+#openshift_hosted_registry_enforcequota=true
# Metrics deployment
# See: https://docs.openshift.com/enterprise/latest/install_config/cluster_metrics.html
@@ -361,8 +393,59 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
#
# Override metricsPublicURL in the master config for cluster metrics
# Defaults to https://hawkular-metrics.{{openshift_master_default_subdomain}}/hawkular/metrics
+# Currently, you may only alter the hostname portion of the url, alterting the
+# `/hawkular/metrics` path will break installation of metrics.
#openshift_hosted_metrics_public_url=https://hawkular-metrics.example.com/hawkular/metrics
+# Logging deployment
+#
+# Currently logging deployment is disabled by default, enable it by setting this
+#openshift_hosted_logging_deploy=true
+#
+# Logging storage config
+# Option A - NFS Host Group
+# An NFS volume will be created with path "nfs_directory/volume_name"
+# on the host within the [nfs] host group. For example, the volume
+# path using these options would be "/exports/logging"
+#openshift_hosted_logging_storage_kind=nfs
+#openshift_hosted_logging_storage_access_modes=['ReadWriteOnce']
+#openshift_hosted_logging_storage_nfs_directory=/exports
+#openshift_hosted_logging_storage_nfs_options='*(rw,root_squash)'
+#openshift_hosted_logging_storage_volume_name=logging
+#openshift_hosted_logging_storage_volume_size=10Gi
+#
+# Option B - External NFS Host
+# NFS volume must already exist with path "nfs_directory/_volume_name" on
+# the storage_host. For example, the remote volume path using these
+# options would be "nfs.example.com:/exports/logging"
+#openshift_hosted_logging_storage_kind=nfs
+#openshift_hosted_logging_storage_access_modes=['ReadWriteOnce']
+#openshift_hosted_logging_storage_host=nfs.example.com
+#openshift_hosted_logging_storage_nfs_directory=/exports
+#openshift_hosted_logging_storage_volume_name=logging
+#openshift_hosted_logging_storage_volume_size=10Gi
+#
+# Option C - Dynamic -- If openshift supports dynamic volume provisioning for
+# your cloud platform use this.
+#openshift_hosted_logging_storage_kind=dynamic
+#
+# Option D - none -- Logging will use emptydir volumes which are destroyed when
+# pods are deleted
+#
+# Other Logging Options -- Common items you may wish to reconfigure, for the complete
+# list of options please see roles/openshift_hosted_logging/README.md
+#
+# Configure loggingPublicURL in the master config for aggregate logging, defaults
+# to https://kibana.{{ openshift_master_default_subdomain }}
+#openshift_master_logging_public_url=https://kibana.example.com
+# Configure the number of elastic search nodes, unless you're using dynamic provisioning
+# this value must be 1
+#openshift_hosted_logging_elasticsearch_cluster_size=1
+#openshift_hosted_logging_hostname=logging.apps.example.com
+# Configure the prefix and version for the deployer image
+#openshift_hosted_logging_deployer_prefix=registry.example.com:8888/openshift3/
+#openshift_hosted_logging_deployer_version=3.3.0
+
# Configure the multi-tenant SDN plugin (default is 'redhat/openshift-ovs-subnet')
# os_sdn_network_plugin_name='redhat/openshift-ovs-multitenant'
@@ -386,6 +469,13 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
# your nodes, pods, or service CIDRs for security reasons.
#openshift_master_external_ip_network_cidrs=['0.0.0.0/0']
+# IngressIPNetworkCIDR controls the range to assign ingress IPs from for
+# services of type LoadBalancer on bare metal. If empty, ingress IPs will not
+# be assigned. It may contain a single CIDR that will be allocated from. For
+# security reasons, you should ensure that this range does not overlap with
+# the CIDRs reserved for external IPs, nodes, pods, or services.
+#openshift_master_ingress_ip_network_cidr=172.46.0.0/16
+
# Configure number of bits to allocate to each host’s subnet e.g. 8
# would mean a /24 network on the host.
#osm_host_subnet_length=8
@@ -509,8 +599,7 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
#openshift_builddefaults_git_http_proxy=http://USER:PASSWORD@HOST:PORT
#openshift_builddefaults_git_https_proxy=https://USER:PASSWORD@HOST:PORT
# Or you may optionally define your own serialized as json
-#openshift_builddefaults_json='{"BuildDefaults":{"configuration":{"apiVersion":"v1","env":[{"name":"HTTP_PROXY","value":"http://proxy.example.com.redhat.com:3128"},{"name":"NO_PROXY","value":"ose3-master.example.com"}],"gitHTTPProxy":"http://proxy.example.com:3128","kind":"BuildDefaultsConfig"}}}'
-
+#openshift_builddefaults_json='{"BuildDefaults":{"configuration":{"kind":"BuildDefaultsConfig","apiVersion":"v1","gitHTTPSProxy":"http://proxy.example.com.redhat.com:3128","gitHTTPProxy":"http://proxy.example.com.redhat.com:3128","env":[{"name":"HTTP_PROXY","value":"http://proxy.example.com.redhat.com:3128"},{"name":"NO_PROXY","value":"ose3-master.example.com"}]}}'
# masterConfig.volumeConfig.dynamicProvisioningEnabled, configurable as of 1.2/3.2, enabled by default
#openshift_master_dynamic_provisioning_enabled=False
@@ -536,8 +625,10 @@ ose3-master[1:3]-ansible.test.example.com
[etcd]
ose3-etcd[1:3]-ansible.test.example.com
+# NOTE: Containerized load balancer hosts are not yet supported, if using a global
+# containerized=true host variable we must set to false.
[lb]
-ose3-lb-ansible.test.example.com
+ose3-lb-ansible.test.example.com containerized=false
# NOTE: Currently we require that masters be part of the SDN which requires that they also be nodes
# However, in order to ensure that your masters are not burdened with running pods you should
diff --git a/inventory/byo/hosts.ose.example b/inventory/byo/hosts.ose.example
index b8452fd51..09f1350b1 100644
--- a/inventory/byo/hosts.ose.example
+++ b/inventory/byo/hosts.ose.example
@@ -65,10 +65,6 @@ openshift_release=v3.2
# See: https://docs.openshift.org/latest/install_config/web_console_customization.html#serving-static-files
#openshift_master_oauth_template=/path/to/login-template.html
-# Configure loggingPublicURL in the master config for aggregate logging
-# See: https://docs.openshift.com/enterprise/latest/install_config/aggregate_logging.html
-#openshift_master_logging_public_url=https://kibana.example.com
-#
# Configure imagePolicyConfig in the master config
# See: https://godoc.org/github.com/openshift/origin/pkg/cmd/server/api#ImagePolicyConfig
#openshift_master_image_policy_config={"maxImagesBulkImportedPerRepository": 3, "disableScheduledImport": true}
@@ -113,17 +109,46 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
#openshift_master_identity_providers=[{'name': 'allow_all', 'login': 'true', 'challenge': 'true', 'kind': 'AllowAllPasswordIdentityProvider'}]
# LDAP auth
-#openshift_master_identity_providers=[{'name': 'my_ldap_provider', 'challenge': 'true', 'login': 'true', 'kind': 'LDAPPasswordIdentityProvider', 'attributes': {'id': ['dn'], 'email': ['mail'], 'name': ['cn'], 'preferredUsername': ['uid']}, 'bindDN': '', 'bindPassword': '', 'ca': '', 'insecure': 'false', 'url': 'ldap://ldap.example.com:389/ou=users,dc=example,dc=com?uid'}]
-# Configuring the ldap ca certificate
+#openshift_master_identity_providers=[{'name': 'my_ldap_provider', 'challenge': 'true', 'login': 'true', 'kind': 'LDAPPasswordIdentityProvider', 'attributes': {'id': ['dn'], 'email': ['mail'], 'name': ['cn'], 'preferredUsername': ['uid']}, 'bindDN': '', 'bindPassword': '', 'ca': 'my-ldap-ca.crt', 'insecure': 'false', 'url': 'ldap://ldap.example.com:389/ou=users,dc=example,dc=com?uid'}]
+#
+# Configure LDAP CA certificate
+# Specify either the ASCII contents of the certificate or the path to
+# the local file that will be copied to the remote host. CA
+# certificate contents will be copied to master systems and saved
+# within /etc/origin/master/ with a filename matching the "ca" key set
+# within the LDAPPasswordIdentityProvider.
+#
#openshift_master_ldap_ca=<ca text>
# or
#openshift_master_ldap_ca_file=<path to local ca file to use>
-# Available variables for configuring certificates for other identity providers:
-#openshift_master_openid_ca
-#openshift_master_openid_ca_file
-#openshift_master_request_header_ca
-#openshift_master_request_header_ca_file
+# OpenID auth
+#openshift_master_identity_providers=[{"name": "openid_auth", "login": "true", "challenge": "false", "kind": "OpenIDIdentityProvider", "client_id": "my_client_id", "client_secret": "my_client_secret", "claims": {"id": ["sub"], "preferredUsername": ["preferred_username"], "name": ["name"], "email": ["email"]}, "urls": {"authorize": "https://myidp.example.com/oauth2/authorize", "token": "https://myidp.example.com/oauth2/token"}, "ca": "my-openid-ca-bundle.crt"}]
+#
+# Configure OpenID CA certificate
+# Specify either the ASCII contents of the certificate or the path to
+# the local file that will be copied to the remote host. CA
+# certificate contents will be copied to master systems and saved
+# within /etc/origin/master/ with a filename matching the "ca" key set
+# within the OpenIDIdentityProvider.
+#
+#openshift_master_openid_ca=<ca text>
+# or
+#openshift_master_openid_ca_file=<path to local ca file to use>
+
+# Request header auth
+#openshift_master_identity_providers=[{"name": "my_request_header_provider", "challenge": "true", "login": "true", "kind": "RequestHeaderIdentityProvider", "challengeURL": "https://www.example.com/challenging-proxy/oauth/authorize?${query}", "loginURL": "https://www.example.com/login-proxy/oauth/authorize?${query}", "clientCA": "my-request-header-ca.crt", "clientCommonNames": ["my-auth-proxy"], "headers": ["X-Remote-User", "SSO-User"], "emailHeaders": ["X-Remote-User-Email"], "nameHeaders": ["X-Remote-User-Display-Name"], "preferredUsernameHeaders": ["X-Remote-User-Login"]}]
+#
+# Configure request header CA certificate
+# Specify either the ASCII contents of the certificate or the path to
+# the local file that will be copied to the remote host. CA
+# certificate contents will be copied to master systems and saved
+# within /etc/origin/master/ with a filename matching the "clientCA"
+# key set within the RequestHeaderIdentityProvider.
+#
+#openshift_master_request_header_ca=<ca text>
+# or
+#openshift_master_request_header_ca_file=<path to local ca file to use>
# Cloud Provider Configuration
#
@@ -144,10 +169,15 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
#openshift_cloudprovider_openstack_auth_url=http://openstack.example.com:35357/v2.0/
#openshift_cloudprovider_openstack_username=username
#openshift_cloudprovider_openstack_password=password
+#openshift_cloudprovider_openstack_domain_id=domain_id
+#openshift_cloudprovider_openstack_domain_name=domain_name
#openshift_cloudprovider_openstack_tenant_id=tenant_id
#openshift_cloudprovider_openstack_tenant_name=tenant_name
#openshift_cloudprovider_openstack_region=region
#openshift_cloudprovider_openstack_lb_subnet_id=subnet_id
+#
+# GCE
+#openshift_cloudprovider_kind=gce
# Project Configuration
#osm_project_request_message=''
@@ -317,7 +347,10 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
#openshift_hosted_registry_storage_s3_bucket=bucket_name
#openshift_hosted_registry_storage_s3_region=bucket_region
#openshift_hosted_registry_storage_s3_chunksize=26214400
+#openshift_hosted_registry_storage_s3_rootdirectory=/registry
#openshift_hosted_registry_pullthrough=true
+#openshift_hosted_registry_acceptschema2=true
+#openshift_hosted_registry_enforcequota=true
# Metrics deployment
# See: https://docs.openshift.com/enterprise/latest/install_config/cluster_metrics.html
@@ -360,8 +393,58 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
#
# Override metricsPublicURL in the master config for cluster metrics
# Defaults to https://hawkular-metrics.{{openshift_master_default_subdomain}}/hawkular/metrics
+# Currently, you may only alter the hostname portion of the url, alterting the
+# `/hawkular/metrics` path will break installation of metrics.
#openshift_hosted_metrics_public_url=https://hawkular-metrics.example.com/hawkular/metrics
+# Logging deployment
+#
+# Currently logging deployment is disabled by default, enable it by setting this
+#openshift_hosted_logging_deploy=true
+#
+# Logging storage config
+# Option A - NFS Host Group
+# An NFS volume will be created with path "nfs_directory/volume_name"
+# on the host within the [nfs] host group. For example, the volume
+# path using these options would be "/exports/logging"
+#openshift_hosted_logging_storage_kind=nfs
+#openshift_hosted_logging_storage_access_modes=['ReadWriteOnce']
+#openshift_hosted_logging_storage_nfs_directory=/exports
+#openshift_hosted_logging_storage_nfs_options='*(rw,root_squash)'
+#openshift_hosted_logging_storage_volume_name=logging
+#openshift_hosted_logging_storage_volume_size=10Gi
+#
+# Option B - External NFS Host
+# NFS volume must already exist with path "nfs_directory/_volume_name" on
+# the storage_host. For example, the remote volume path using these
+# options would be "nfs.example.com:/exports/logging"
+#openshift_hosted_logging_storage_kind=nfs
+#openshift_hosted_logging_storage_access_modes=['ReadWriteOnce']
+#openshift_hosted_logging_storage_host=nfs.example.com
+#openshift_hosted_logging_storage_nfs_directory=/exports
+#openshift_hosted_logging_storage_volume_name=logging
+#openshift_hosted_logging_storage_volume_size=10Gi
+#
+# Option C - Dynamic -- If openshift supports dynamic volume provisioning for
+# your cloud platform use this.
+#openshift_hosted_logging_storage_kind=dynamic
+#
+# Option D - none -- Logging will use emptydir volumes which are destroyed when
+# pods are deleted
+#
+# Other Logging Options -- Common items you may wish to reconfigure, for the complete
+# list of options please see roles/openshift_hosted_logging/README.md
+#
+# Configure loggingPublicURL in the master config for aggregate logging, defaults
+# to https://kibana.{{ openshift_master_default_subdomain }}
+#openshift_master_logging_public_url=https://kibana.example.com
+# Configure the number of elastic search nodes, unless you're using dynamic provisioning
+# this value must be 1
+#openshift_hosted_logging_elasticsearch_cluster_size=1
+#openshift_hosted_logging_hostname=logging.apps.example.com
+# Configure the prefix and version for the deployer image
+#openshift_hosted_logging_deployer_prefix=registry.example.com:8888/openshift3/
+#openshift_hosted_logging_deployer_version=3.3.0
# Configure the multi-tenant SDN plugin (default is 'redhat/openshift-ovs-subnet')
# os_sdn_network_plugin_name='redhat/openshift-ovs-multitenant'
@@ -386,6 +469,13 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
# your nodes, pods, or service CIDRs for security reasons.
#openshift_master_external_ip_network_cidrs=['0.0.0.0/0']
+# IngressIPNetworkCIDR controls the range to assign ingress IPs from for
+# services of type LoadBalancer on bare metal. If empty, ingress IPs will not
+# be assigned. It may contain a single CIDR that will be allocated from. For
+# security reasons, you should ensure that this range does not overlap with
+# the CIDRs reserved for external IPs, nodes, pods, or services.
+#openshift_master_ingress_ip_network_cidr=172.46.0.0/16
+
# Configure number of bits to allocate to each host’s subnet e.g. 8
# would mean a /24 network on the host.
#osm_host_subnet_length=8
@@ -509,8 +599,7 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
#openshift_builddefaults_git_http_proxy=http://USER:PASSWORD@HOST:PORT
#openshift_builddefaults_git_https_proxy=https://USER:PASSWORD@HOST:PORT
# Or you may optionally define your own serialized as json
-#openshift_builddefaults_json='{"BuildDefaults":{"configuration":{"apiVersion":"v1","env":[{"name":"HTTP_PROXY","value":"http://proxy.example.com.redhat.com:3128"},{"name":"NO_PROXY","value":"ose3-master.example.com"}],"gitHTTPProxy":"http://proxy.example.com:3128","kind":"BuildDefaultsConfig"}}}'
-
+#openshift_builddefaults_json='{"BuildDefaults":{"configuration":{"kind":"BuildDefaultsConfig","apiVersion":"v1","gitHTTPSProxy":"http://proxy.example.com.redhat.com:3128","gitHTTPProxy":"http://proxy.example.com.redhat.com:3128","env":[{"name":"HTTP_PROXY","value":"http://proxy.example.com.redhat.com:3128"},{"name":"NO_PROXY","value":"ose3-master.example.com"}]}}'
# masterConfig.volumeConfig.dynamicProvisioningEnabled, configurable as of 1.2/3.2, enabled by default
#openshift_master_dynamic_provisioning_enabled=False
@@ -536,8 +625,10 @@ ose3-master[1:3]-ansible.test.example.com
[etcd]
ose3-etcd[1:3]-ansible.test.example.com
+# NOTE: Containerized load balancer hosts are not yet supported, if using a global
+# containerized=true host variable we must set to false.
[lb]
-ose3-lb-ansible.test.example.com
+ose3-lb-ansible.test.example.com containerized=false
# NOTE: Currently we require that masters be part of the SDN which requires that they also be nodes
# However, in order to ensure that your masters are not burdened with running pods you should
diff --git a/inventory/openstack/hosts/nova.ini b/inventory/openstack/hosts/nova.ini
deleted file mode 100644
index 4900c4965..000000000
--- a/inventory/openstack/hosts/nova.ini
+++ /dev/null
@@ -1,45 +0,0 @@
-# Ansible OpenStack external inventory script
-
-[openstack]
-
-#-------------------------------------------------------------------------
-# Required settings
-#-------------------------------------------------------------------------
-
-# API version
-version = 2
-
-# OpenStack nova username
-username =
-
-# OpenStack nova api_key or password
-api_key =
-
-# OpenStack nova auth_url
-auth_url =
-
-# OpenStack nova project_id or tenant name
-project_id =
-
-#-------------------------------------------------------------------------
-# Optional settings
-#-------------------------------------------------------------------------
-
-# Authentication system
-# auth_system = keystone
-
-# Serverarm region name to use
-# region_name =
-
-# Specify a preference for public or private IPs (public is default)
-# prefer_private = False
-
-# What service type (required for newer nova client)
-# service_type = compute
-
-
-# TODO: Some other options
-# insecure =
-# endpoint_type =
-# extensions =
-# service_name =
diff --git a/inventory/openstack/hosts/nova.py b/inventory/openstack/hosts/nova.py
deleted file mode 100755
index 3197a57bc..000000000
--- a/inventory/openstack/hosts/nova.py
+++ /dev/null
@@ -1,224 +0,0 @@
-#!/usr/bin/env python2
-
-# pylint: skip-file
-
-# (c) 2012, Marco Vito Moscaritolo <marco@agavee.com>
-#
-# This file is part of Ansible,
-#
-# Ansible is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# Ansible is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
-
-import sys
-import re
-import os
-import ConfigParser
-from novaclient import client as nova_client
-
-try:
- import json
-except ImportError:
- import simplejson as json
-
-###################################################
-# executed with no parameters, return the list of
-# all groups and hosts
-
-NOVA_CONFIG_FILES = [os.path.join(os.path.dirname(os.path.realpath(__file__)), "nova.ini"),
- os.path.expanduser(os.environ.get('ANSIBLE_CONFIG', "~/nova.ini")),
- "/etc/ansible/nova.ini"]
-
-NOVA_DEFAULTS = {
- 'auth_system': None,
- 'region_name': None,
- 'service_type': 'compute',
-}
-
-
-def nova_load_config_file():
- p = ConfigParser.SafeConfigParser(NOVA_DEFAULTS)
-
- for path in NOVA_CONFIG_FILES:
- if os.path.exists(path):
- p.read(path)
- return p
-
- return None
-
-
-def get_fallback(config, value, section="openstack"):
- """
- Get value from config object and return the value
- or false
- """
- try:
- return config.get(section, value)
- except ConfigParser.NoOptionError:
- return False
-
-
-def push(data, key, element):
- """
- Assist in items to a dictionary of lists
- """
- if (not element) or (not key):
- return
-
- if key in data:
- data[key].append(element)
- else:
- data[key] = [element]
-
-
-def to_safe(word):
- '''
- Converts 'bad' characters in a string to underscores so they can
- be used as Ansible groups
- '''
- return re.sub(r"[^A-Za-z0-9\-]", "_", word)
-
-
-def get_ips(server, access_ip=True):
- """
- Returns a list of the server's IPs, or the preferred
- access IP
- """
- private = []
- public = []
- address_list = []
- # Iterate through each servers network(s), get addresses and get type
- addresses = getattr(server, 'addresses', {})
- if len(addresses) > 0:
- for network in addresses.itervalues():
- for address in network:
- if address.get('OS-EXT-IPS:type', False) == 'fixed':
- private.append(address['addr'])
- elif address.get('OS-EXT-IPS:type', False) == 'floating':
- public.append(address['addr'])
-
- if not access_ip:
- address_list.append(server.accessIPv4)
- address_list.extend(private)
- address_list.extend(public)
- return address_list
-
- access_ip = None
- # Append group to list
- if server.accessIPv4:
- access_ip = server.accessIPv4
- if (not access_ip) and public and not (private and prefer_private):
- access_ip = public[0]
- if private and not access_ip:
- access_ip = private[0]
-
- return access_ip
-
-
-def get_metadata(server):
- """Returns dictionary of all host metadata"""
- get_ips(server, False)
- results = {}
- for key in vars(server):
- # Extract value
- value = getattr(server, key)
-
- # Generate sanitized key
- key = 'os_' + re.sub(r"[^A-Za-z0-9\-]", "_", key).lower()
-
- # Att value to instance result (exclude manager class)
- #TODO: maybe use value.__class__ or similar inside of key_name
- if key != 'os_manager':
- results[key] = value
- return results
-
-config = nova_load_config_file()
-if not config:
- sys.exit('Unable to find configfile in %s' % ', '.join(NOVA_CONFIG_FILES))
-
-# Load up connections info based on config and then environment
-# variables
-username = (get_fallback(config, 'username') or
- os.environ.get('OS_USERNAME', None))
-api_key = (get_fallback(config, 'api_key') or
- os.environ.get('OS_PASSWORD', None))
-auth_url = (get_fallback(config, 'auth_url') or
- os.environ.get('OS_AUTH_URL', None))
-project_id = (get_fallback(config, 'project_id') or
- os.environ.get('OS_TENANT_NAME', None))
-region_name = (get_fallback(config, 'region_name') or
- os.environ.get('OS_REGION_NAME', None))
-auth_system = (get_fallback(config, 'auth_system') or
- os.environ.get('OS_AUTH_SYSTEM', None))
-
-# Determine what type of IP is preferred to return
-prefer_private = False
-try:
- prefer_private = config.getboolean('openstack', 'prefer_private')
-except ConfigParser.NoOptionError:
- pass
-
-client = nova_client.Client(
- version=config.get('openstack', 'version'),
- username=username,
- api_key=api_key,
- auth_url=auth_url,
- region_name=region_name,
- project_id=project_id,
- auth_system=auth_system,
- service_type=config.get('openstack', 'service_type'),
-)
-
-# Default or added list option
-if (len(sys.argv) == 2 and sys.argv[1] == '--list') or len(sys.argv) == 1:
- groups = {'_meta': {'hostvars': {}}}
- # Cycle on servers
- for server in client.servers.list():
- access_ip = get_ips(server)
-
- # Push to name group of 1
- push(groups, server.name, access_ip)
-
- # Run through each metadata item and add instance to it
- for key, value in server.metadata.iteritems():
- composed_key = to_safe('tag_{0}_{1}'.format(key, value))
- push(groups, composed_key, access_ip)
-
- # Do special handling of group for backwards compat
- # inventory groups
- group = server.metadata['group'] if 'group' in server.metadata else 'undefined'
- push(groups, group, access_ip)
-
- # Add vars to _meta key for performance optimization in
- # Ansible 1.3+
- groups['_meta']['hostvars'][access_ip] = get_metadata(server)
-
- # Return server list
- print(json.dumps(groups, sort_keys=True, indent=2))
- sys.exit(0)
-
-#####################################################
-# executed with a hostname as a parameter, return the
-# variables for that host
-
-elif len(sys.argv) == 3 and (sys.argv[1] == '--host'):
- results = {}
- ips = []
- for server in client.servers.list():
- if sys.argv[2] in (get_ips(server) or []):
- results = get_metadata(server)
- print(json.dumps(results, sort_keys=True, indent=2))
- sys.exit(0)
-
-else:
- print "usage: --list ..OR.. --host <hostname>"
- sys.exit(1)
diff --git a/inventory/openstack/hosts/openstack.py b/inventory/openstack/hosts/openstack.py
new file mode 100755
index 000000000..0d92eae11
--- /dev/null
+++ b/inventory/openstack/hosts/openstack.py
@@ -0,0 +1,246 @@
+#!/usr/bin/env python
+
+# Copyright (c) 2012, Marco Vito Moscaritolo <marco@agavee.com>
+# Copyright (c) 2013, Jesse Keating <jesse.keating@rackspace.com>
+# Copyright (c) 2015, Hewlett-Packard Development Company, L.P.
+# Copyright (c) 2016, Rackspace Australia
+#
+# This module is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This software is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this software. If not, see <http://www.gnu.org/licenses/>.
+
+# The OpenStack Inventory module uses os-client-config for configuration.
+# https://github.com/stackforge/os-client-config
+# This means it will either:
+# - Respect normal OS_* environment variables like other OpenStack tools
+# - Read values from a clouds.yaml file.
+# If you want to configure via clouds.yaml, you can put the file in:
+# - Current directory
+# - ~/.config/openstack/clouds.yaml
+# - /etc/openstack/clouds.yaml
+# - /etc/ansible/openstack.yml
+# The clouds.yaml file can contain entries for multiple clouds and multiple
+# regions of those clouds. If it does, this inventory module will connect to
+# all of them and present them as one contiguous inventory.
+#
+# See the adjacent openstack.yml file for an example config file
+# There are two ansible inventory specific options that can be set in
+# the inventory section.
+# expand_hostvars controls whether or not the inventory will make extra API
+# calls to fill out additional information about each server
+# use_hostnames changes the behavior from registering every host with its UUID
+# and making a group of its hostname to only doing this if the
+# hostname in question has more than one server
+# fail_on_errors causes the inventory to fail and return no hosts if one cloud
+# has failed (for example, bad credentials or being offline).
+# When set to False, the inventory will return hosts from
+# whichever other clouds it can contact. (Default: True)
+
+import argparse
+import collections
+import os
+import sys
+import time
+from distutils.version import StrictVersion
+
+try:
+ import json
+except:
+ import simplejson as json
+
+import os_client_config
+import shade
+import shade.inventory
+
+CONFIG_FILES = ['/etc/ansible/openstack.yaml', '/etc/ansible/openstack.yml']
+
+
+def get_groups_from_server(server_vars, namegroup=True):
+ groups = []
+
+ region = server_vars['region']
+ cloud = server_vars['cloud']
+ metadata = server_vars.get('metadata', {})
+
+ # Create a group for the cloud
+ groups.append(cloud)
+
+ # Create a group on region
+ groups.append(region)
+
+ # And one by cloud_region
+ groups.append("%s_%s" % (cloud, region))
+
+ # Check if group metadata key in servers' metadata
+ if 'group' in metadata:
+ groups.append(metadata['group'])
+
+ for extra_group in metadata.get('groups', '').split(','):
+ if extra_group:
+ groups.append(extra_group.strip())
+
+ groups.append('instance-%s' % server_vars['id'])
+ if namegroup:
+ groups.append(server_vars['name'])
+
+ for key in ('flavor', 'image'):
+ if 'name' in server_vars[key]:
+ groups.append('%s-%s' % (key, server_vars[key]['name']))
+
+ for key, value in iter(metadata.items()):
+ groups.append('meta-%s_%s' % (key, value))
+
+ az = server_vars.get('az', None)
+ if az:
+ # Make groups for az, region_az and cloud_region_az
+ groups.append(az)
+ groups.append('%s_%s' % (region, az))
+ groups.append('%s_%s_%s' % (cloud, region, az))
+ return groups
+
+
+def get_host_groups(inventory, refresh=False):
+ (cache_file, cache_expiration_time) = get_cache_settings()
+ if is_cache_stale(cache_file, cache_expiration_time, refresh=refresh):
+ groups = to_json(get_host_groups_from_cloud(inventory))
+ open(cache_file, 'w').write(groups)
+ else:
+ groups = open(cache_file, 'r').read()
+ return groups
+
+
+def append_hostvars(hostvars, groups, key, server, namegroup=False):
+ hostvars[key] = dict(
+ ansible_ssh_host=server['interface_ip'],
+ openstack=server)
+ for group in get_groups_from_server(server, namegroup=namegroup):
+ groups[group].append(key)
+
+
+def get_host_groups_from_cloud(inventory):
+ groups = collections.defaultdict(list)
+ firstpass = collections.defaultdict(list)
+ hostvars = {}
+ list_args = {}
+ if hasattr(inventory, 'extra_config'):
+ use_hostnames = inventory.extra_config['use_hostnames']
+ list_args['expand'] = inventory.extra_config['expand_hostvars']
+ if StrictVersion(shade.__version__) >= StrictVersion("1.6.0"):
+ list_args['fail_on_cloud_config'] = \
+ inventory.extra_config['fail_on_errors']
+ else:
+ use_hostnames = False
+
+ for server in inventory.list_hosts(**list_args):
+
+ if 'interface_ip' not in server:
+ continue
+ firstpass[server['name']].append(server)
+ for name, servers in firstpass.items():
+ if len(servers) == 1 and use_hostnames:
+ append_hostvars(hostvars, groups, name, servers[0])
+ else:
+ server_ids = set()
+ # Trap for duplicate results
+ for server in servers:
+ server_ids.add(server['id'])
+ if len(server_ids) == 1 and use_hostnames:
+ append_hostvars(hostvars, groups, name, servers[0])
+ else:
+ for server in servers:
+ append_hostvars(
+ hostvars, groups, server['id'], server,
+ namegroup=True)
+ groups['_meta'] = {'hostvars': hostvars}
+ return groups
+
+
+def is_cache_stale(cache_file, cache_expiration_time, refresh=False):
+ ''' Determines if cache file has expired, or if it is still valid '''
+ if refresh:
+ return True
+ if os.path.isfile(cache_file) and os.path.getsize(cache_file) > 0:
+ mod_time = os.path.getmtime(cache_file)
+ current_time = time.time()
+ if (mod_time + cache_expiration_time) > current_time:
+ return False
+ return True
+
+
+def get_cache_settings():
+ config = os_client_config.config.OpenStackConfig(
+ config_files=os_client_config.config.CONFIG_FILES + CONFIG_FILES)
+ # For inventory-wide caching
+ cache_expiration_time = config.get_cache_expiration_time()
+ cache_path = config.get_cache_path()
+ if not os.path.exists(cache_path):
+ os.makedirs(cache_path)
+ cache_file = os.path.join(cache_path, 'ansible-inventory.cache')
+ return (cache_file, cache_expiration_time)
+
+
+def to_json(in_dict):
+ return json.dumps(in_dict, sort_keys=True, indent=2)
+
+
+def parse_args():
+ parser = argparse.ArgumentParser(description='OpenStack Inventory Module')
+ parser.add_argument('--private',
+ action='store_true',
+ help='Use private address for ansible host')
+ parser.add_argument('--refresh', action='store_true',
+ help='Refresh cached information')
+ parser.add_argument('--debug', action='store_true', default=False,
+ help='Enable debug output')
+ group = parser.add_mutually_exclusive_group(required=True)
+ group.add_argument('--list', action='store_true',
+ help='List active servers')
+ group.add_argument('--host', help='List details about the specific host')
+
+ return parser.parse_args()
+
+
+def main():
+ args = parse_args()
+ try:
+ config_files = os_client_config.config.CONFIG_FILES + CONFIG_FILES
+ shade.simple_logging(debug=args.debug)
+ inventory_args = dict(
+ refresh=args.refresh,
+ config_files=config_files,
+ private=args.private,
+ )
+ if hasattr(shade.inventory.OpenStackInventory, 'extra_config'):
+ inventory_args.update(dict(
+ config_key='ansible',
+ config_defaults={
+ 'use_hostnames': False,
+ 'expand_hostvars': True,
+ 'fail_on_errors': True,
+ }
+ ))
+
+ inventory = shade.inventory.OpenStackInventory(**inventory_args)
+
+ if args.list:
+ output = get_host_groups(inventory, refresh=args.refresh)
+ elif args.host:
+ output = to_json(inventory.get_host(args.host))
+ print(output)
+ except shade.OpenStackCloudException as e:
+ sys.stderr.write('%s\n' % e.message)
+ sys.exit(1)
+ sys.exit(0)
+
+
+if __name__ == '__main__':
+ main()
generated by cgit v1.2.1 (git 2.18.0) at 2024-05-13 14:47:36 +0000