From 71b27bb845a88d18d23c4ad9dfe7628b81db60f7 Mon Sep 17 00:00:00 2001 From: Kenny Woodson Date: Thu, 2 Mar 2017 12:04:26 -0500 Subject: Adding support for router sharding. --- roles/openshift_hosted/defaults/main.yml | 22 +++++ roles/openshift_hosted/tasks/router/router.yml | 129 +++++++++++++------------ 2 files changed, 90 insertions(+), 61 deletions(-) diff --git a/roles/openshift_hosted/defaults/main.yml b/roles/openshift_hosted/defaults/main.yml index 17a0d5301..769d006e1 100644 --- a/roles/openshift_hosted/defaults/main.yml +++ b/roles/openshift_hosted/defaults/main.yml @@ -1,2 +1,24 @@ --- registry_volume_claim: 'registry-claim' + +openshift_hosted_router_edits: +- key: spec.strategy.rollingParams.intervalSeconds + value: 1 + action: put +- key: spec.strategy.rollingParams.updatePeriodSeconds + value: 1 + action: put +- key: spec.strategy.activeDeadlineSeconds + value: 21600 + action: put + +openshift_hosted_routers: +- name: router + replicas: "{{ openshift_hosted_router_replicas }}" + namespace: default + serviceaccount: router + selector: "{{ openshift_hosted_router_selector }}" + images: "{{ openshift_hosted_router_image }}" + edits: "{{ openshift_hosted_router_edits }}" + +openshift_hosted_router_certificates: {} diff --git a/roles/openshift_hosted/tasks/router/router.yml b/roles/openshift_hosted/tasks/router/router.yml index 607ace7f9..7b6ac580b 100644 --- a/roles/openshift_hosted/tasks/router/router.yml +++ b/roles/openshift_hosted/tasks/router/router.yml @@ -11,69 +11,76 @@ - name: set_fact replicas set_fact: replicas: "{{ openshift.hosted.router.replicas|default(None) | get_router_replicas(router_nodes) }}" + openshift_hosted_router_selector: "{{ openshift.hosted.router.selector | default(None) }}" + openshift_hosted_router_image: "{{ openshift.hosted.router.registryurl }}" -- block: - - - name: Assert that 'certfile', 'keyfile' and 'cafile' keys provided in openshift_hosted_router_certificate - assert: - that: - - "'certfile' in openshift_hosted_router_certificate" - - "'keyfile' in openshift_hosted_router_certificate" - - "'cafile' in openshift_hosted_router_certificate" - msg: "'certfile', 'keyfile' and 'cafile' keys must be specified when supplying the openshift_hosted_router_certificate variable." - - - name: Read router certificate and key - become: no - local_action: - module: slurp - src: "{{ item }}" - register: openshift_router_certificate_output - # Defaulting dictionary keys to none to avoid deprecation warnings - # (future fatal errors) during template evaluation. Dictionary keys - # won't be accessed unless openshift_hosted_router_certificate is - # defined and has all keys (certfile, keyfile, cafile) which we - # check above. - with_items: - - "{{ (openshift_hosted_router_certificate | default({'certfile':none})).certfile }}" - - "{{ (openshift_hosted_router_certificate | default({'keyfile':none})).keyfile }}" - - "{{ (openshift_hosted_router_certificate | default({'cafile':none})).cafile }}" - - - name: Persist certificate contents - openshift_facts: - role: hosted - openshift_env: - openshift_hosted_router_certificate_contents: "{% for certificate in openshift_router_certificate_output.results -%}{{ certificate.content | b64decode }}{% endfor -%}" - - - name: Create PEM certificate - copy: - content: "{{ openshift.hosted.router.certificate.contents }}" - dest: "{{ openshift_master_config_dir }}/openshift-router.pem" - mode: 0600 - - when: openshift_hosted_router_certificate is defined - +#- block: +# +# - name: Assert that 'certfile', 'keyfile' and 'cafile' keys provided in openshift_hosted_router_certificate +# assert: +# that: +# - "'certfile' in openshift_hosted_router_certificate" +# - "'keyfile' in openshift_hosted_router_certificate" +# - "'cafile' in openshift_hosted_router_certificate" +# msg: "'certfile', 'keyfile' and 'cafile' keys must be specified when supplying the openshift_hosted_router_certificate variable." +# +- name: Get the certificate contents for registry + copy: + backup: True + dest: "/etc/origin/master/{{ item.value | basename }}" + src: "{{ item.value }}" + when: item.key in ['certfile', 'keyfile', 'cafile'] and item.value is not None + with_dict: "{{ openshift_hosted_router_certificates }}" +# - name: Read router certificate and key +# become: no +# local_action: +# module: slurp +# src: "{{ item }}" +# register: openshift_router_certificate_output +# # Defaulting dictionary keys to none to avoid deprecation warnings +# # (future fatal errors) during template evaluation. Dictionary keys +# # won't be accessed unless openshift_hosted_router_certificate is +# # defined and has all keys (certfile, keyfile, cafile) which we +# # check above. +# with_items: +# - "{{ (openshift_hosted_router_certificate | default({'certfile':none})).certfile }}" +# - "{{ (openshift_hosted_router_certificate | default({'keyfile':none})).keyfile }}" +# - "{{ (openshift_hosted_router_certificate | default({'cafile':none})).cafile }}" +# +# - name: Persist certificate contents +# openshift_facts: +# role: hosted +# openshift_env: +# openshift_hosted_router_certificate_contents: "{% for certificate in openshift_router_certificate_output.results -%}{{ certificate.content | b64decode }}{% endfor -%}" +# +# - name: Create PEM certificate +# copy: +# content: "{{ openshift.hosted.router.certificate.contents }}" +# dest: "{{ openshift_master_config_dir }}/openshift-router.pem" +# mode: 0600 +# +# +# when: openshift_hosted_router_certificate is defined - name: Create OpenShift router oc_adm_router: name: "{{ openshift.hosted.router.name | default('router') }}" - replicas: "{{ replicas }}" - namespace: "{{ openshift.hosted.router.namespace | default('default') }}" + replicas: "{{ item[0].replicas | default(replicas) }}" + namespace: "{{ item[0].namespace | default('default') }}" # This option is not yet implemented # force_subdomain: "{{ openshift.hosted.router.force_subdomain | default(none) }}" - service_account: router - selector: "{{ openshift.hosted.router.selector | default(none) }}" - images: "{{ openshift.hosted.router.registryurl | default(none) }}" - default_cert: "{{ openshift_hosted_router_certificate is defined | default(false) | ternary(openshift_master_config_dir + '/openshift-router.pem', omit) }}" - # These edits are being specified only to prevent 'changed' on rerun - edits: - - key: spec.strategy.rollingParams.intervalSeconds - value: 1 - action: put - - key: spec.strategy.rollingParams.updatePeriodSeconds - value: 1 - action: put - - key: spec.strategy.activeDeadlineSeconds - value: 21600 - action: put + service_account: "{{ item[0].serviceaccount | default('router') }}" + selector: "{{ item[0].selector | default(none) }}" + images: "{{ item[0].images | default(omit) }}" + cert_file: "{{ ('certfile' in item[1]) | + ternary('/etc/origin/master/' ~ (item[1]|default({'certfile':none})).certfile, omit) }}" + key_file: "{{ ('keyfile' in item[1]) | + ternary('/etc/origin/master/' ~ (item[1]|default({'keyfile':none})).keyfile, omit) }}" + cacert_file: "{{ ('cafile' in item[1]) | + ternary('/etc/origin/master/' ~ (item[1]|default({'cafile':none})).cafile, omit) }}" + edits: "{{ openshift_hosted_router_edits | unon(item[0].edits) }}" + with_together: + - openshift_hosted_routers + - openshift_hosted_router_certificates register: routerout # This should probably move to module @@ -85,7 +92,7 @@ - name: Ensure router replica count matches desired oc_scale: kind: dc - name: "{{ openshift.hosted.router.name | default('router') }}" - namespace: "{{ openshift.hosted.router.namespace | default('default') }}" - replicas: "{{ replicas }}" - when: replicas | int > 0 + name: "{{ item.name | default('router') }}" + namespace: "{{ item.namespace | default('default') }}" + replicas: "{{ item.replicas }}" + with_items: "{{ openshift_hosted_routers }}" -- cgit v1.2.1 From 0eb0ea75b8e9c1e67c4ce41000f809ea67934a43 Mon Sep 17 00:00:00 2001 From: Kenny Woodson Date: Thu, 2 Mar 2017 16:36:49 -0500 Subject: Updated to work with an array of routers. --- roles/openshift_hosted/defaults/main.yml | 4 +- roles/openshift_hosted/tasks/router/router.yml | 76 ++++++-------------------- 2 files changed, 19 insertions(+), 61 deletions(-) diff --git a/roles/openshift_hosted/defaults/main.yml b/roles/openshift_hosted/defaults/main.yml index 769d006e1..d6d6edf67 100644 --- a/roles/openshift_hosted/defaults/main.yml +++ b/roles/openshift_hosted/defaults/main.yml @@ -14,11 +14,13 @@ openshift_hosted_router_edits: openshift_hosted_routers: - name: router - replicas: "{{ openshift_hosted_router_replicas }}" + replicas: "{{ replicas }}" namespace: default serviceaccount: router selector: "{{ openshift_hosted_router_selector }}" images: "{{ openshift_hosted_router_image }}" edits: "{{ openshift_hosted_router_edits }}" + certificates: "{{ openshift_hosted_router_certificate | default({}) }}" + openshift_hosted_router_certificates: {} diff --git a/roles/openshift_hosted/tasks/router/router.yml b/roles/openshift_hosted/tasks/router/router.yml index 7b6ac580b..9d4dcc72c 100644 --- a/roles/openshift_hosted/tasks/router/router.yml +++ b/roles/openshift_hosted/tasks/router/router.yml @@ -14,73 +14,29 @@ openshift_hosted_router_selector: "{{ openshift.hosted.router.selector | default(None) }}" openshift_hosted_router_image: "{{ openshift.hosted.router.registryurl }}" -#- block: -# -# - name: Assert that 'certfile', 'keyfile' and 'cafile' keys provided in openshift_hosted_router_certificate -# assert: -# that: -# - "'certfile' in openshift_hosted_router_certificate" -# - "'keyfile' in openshift_hosted_router_certificate" -# - "'cafile' in openshift_hosted_router_certificate" -# msg: "'certfile', 'keyfile' and 'cafile' keys must be specified when supplying the openshift_hosted_router_certificate variable." -# -- name: Get the certificate contents for registry +- name: Get the certificate contents for router copy: backup: True - dest: "/etc/origin/master/{{ item.value | basename }}" - src: "{{ item.value }}" - when: item.key in ['certfile', 'keyfile', 'cafile'] and item.value is not None - with_dict: "{{ openshift_hosted_router_certificates }}" -# - name: Read router certificate and key -# become: no -# local_action: -# module: slurp -# src: "{{ item }}" -# register: openshift_router_certificate_output -# # Defaulting dictionary keys to none to avoid deprecation warnings -# # (future fatal errors) during template evaluation. Dictionary keys -# # won't be accessed unless openshift_hosted_router_certificate is -# # defined and has all keys (certfile, keyfile, cafile) which we -# # check above. -# with_items: -# - "{{ (openshift_hosted_router_certificate | default({'certfile':none})).certfile }}" -# - "{{ (openshift_hosted_router_certificate | default({'keyfile':none})).keyfile }}" -# - "{{ (openshift_hosted_router_certificate | default({'cafile':none})).cafile }}" -# -# - name: Persist certificate contents -# openshift_facts: -# role: hosted -# openshift_env: -# openshift_hosted_router_certificate_contents: "{% for certificate in openshift_router_certificate_output.results -%}{{ certificate.content | b64decode }}{% endfor -%}" -# -# - name: Create PEM certificate -# copy: -# content: "{{ openshift.hosted.router.certificate.contents }}" -# dest: "{{ openshift_master_config_dir }}/openshift-router.pem" -# mode: 0600 -# -# -# when: openshift_hosted_router_certificate is defined + dest: "/etc/origin/master/{{ item | basename }}" + src: "{{ item }}" + with_items: "{{ openshift_hosted_routers | oo_collect(attribute='certificates') | + oo_select_keys_from_list(['keyfile', 'certfile', 'cafile']) }}" + - name: Create OpenShift router oc_adm_router: name: "{{ openshift.hosted.router.name | default('router') }}" - replicas: "{{ item[0].replicas | default(replicas) }}" - namespace: "{{ item[0].namespace | default('default') }}" + replicas: "{{ item.replicas }}" + namespace: "{{ item.namespace | default('default') }}" # This option is not yet implemented # force_subdomain: "{{ openshift.hosted.router.force_subdomain | default(none) }}" - service_account: "{{ item[0].serviceaccount | default('router') }}" - selector: "{{ item[0].selector | default(none) }}" - images: "{{ item[0].images | default(omit) }}" - cert_file: "{{ ('certfile' in item[1]) | - ternary('/etc/origin/master/' ~ (item[1]|default({'certfile':none})).certfile, omit) }}" - key_file: "{{ ('keyfile' in item[1]) | - ternary('/etc/origin/master/' ~ (item[1]|default({'keyfile':none})).keyfile, omit) }}" - cacert_file: "{{ ('cafile' in item[1]) | - ternary('/etc/origin/master/' ~ (item[1]|default({'cafile':none})).cafile, omit) }}" - edits: "{{ openshift_hosted_router_edits | unon(item[0].edits) }}" - with_together: - - openshift_hosted_routers - - openshift_hosted_router_certificates + service_account: "{{ item.serviceaccount | default('router') }}" + selector: "{{ item.selector | default(none) }}" + images: "{{ item.images | default(omit) }}" + cert_file: "{{ ('/etc/origin/master/' ~ (item.certificates.certfile | basename)) if 'certfile' in item.certificates else omit }}" + key_file: "{{ ('/etc/origin/master/' ~ (item.certificates.keyfile | basename)) if 'keyfile' in item.certificates else omit }}" + cacert_file: "{{ ('/etc/origin/master/' ~ (item.certificates.cafile | basename)) if 'cafile' in item.certificates else omit }}" + edits: "{{ openshift_hosted_router_edits | union(item.edits) }}" + with_items: "{{ openshift_hosted_routers }}" register: routerout # This should probably move to module -- cgit v1.2.1 From b58ed12ba1eef70c38bfe785063c952015b2dd9b Mon Sep 17 00:00:00 2001 From: Kenny Woodson Date: Thu, 2 Mar 2017 17:10:32 -0500 Subject: Fixed router name to produce 2nd router. --- roles/openshift_hosted/tasks/router/router.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/openshift_hosted/tasks/router/router.yml b/roles/openshift_hosted/tasks/router/router.yml index 9d4dcc72c..44014f7e3 100644 --- a/roles/openshift_hosted/tasks/router/router.yml +++ b/roles/openshift_hosted/tasks/router/router.yml @@ -24,7 +24,7 @@ - name: Create OpenShift router oc_adm_router: - name: "{{ openshift.hosted.router.name | default('router') }}" + name: "{{ item.name }}" replicas: "{{ item.replicas }}" namespace: "{{ item.namespace | default('default') }}" # This option is not yet implemented -- cgit v1.2.1 From 9454767696f1b3a442dec5fa9a01848e93f53cc6 Mon Sep 17 00:00:00 2001 From: Kenny Woodson Date: Thu, 2 Mar 2017 17:32:19 -0500 Subject: Added ports. --- roles/openshift_hosted/defaults/main.yml | 4 ++++ roles/openshift_hosted/tasks/router/router.yml | 2 ++ 2 files changed, 6 insertions(+) diff --git a/roles/openshift_hosted/defaults/main.yml b/roles/openshift_hosted/defaults/main.yml index d6d6edf67..0a6299c9b 100644 --- a/roles/openshift_hosted/defaults/main.yml +++ b/roles/openshift_hosted/defaults/main.yml @@ -20,6 +20,10 @@ openshift_hosted_routers: selector: "{{ openshift_hosted_router_selector }}" images: "{{ openshift_hosted_router_image }}" edits: "{{ openshift_hosted_router_edits }}" + stats_port: 1936 + ports: + - 80:80 + - 443:443 certificates: "{{ openshift_hosted_router_certificate | default({}) }}" diff --git a/roles/openshift_hosted/tasks/router/router.yml b/roles/openshift_hosted/tasks/router/router.yml index 44014f7e3..3b7021eae 100644 --- a/roles/openshift_hosted/tasks/router/router.yml +++ b/roles/openshift_hosted/tasks/router/router.yml @@ -36,6 +36,8 @@ key_file: "{{ ('/etc/origin/master/' ~ (item.certificates.keyfile | basename)) if 'keyfile' in item.certificates else omit }}" cacert_file: "{{ ('/etc/origin/master/' ~ (item.certificates.cafile | basename)) if 'cafile' in item.certificates else omit }}" edits: "{{ openshift_hosted_router_edits | union(item.edits) }}" + ports: "{{ item.ports }}" + stats_port: "{{ item.stats_port }}" with_items: "{{ openshift_hosted_routers }}" register: routerout -- cgit v1.2.1