From 8757073d8509a6301b70ff66383d84416bdd78cb Mon Sep 17 00:00:00 2001 From: Kenny Woodson Date: Sat, 28 Oct 2017 20:46:44 -0400 Subject: Bootstrap enhancements. --- roles/openshift_master/defaults/main.yml | 84 +--------------------- roles/openshift_master/tasks/bootstrap.yml | 67 +---------------- .../openshift_master/tasks/bootstrap_settings.yml | 14 ++++ roles/openshift_master/tasks/main.yml | 13 +--- 4 files changed, 20 insertions(+), 158 deletions(-) create mode 100644 roles/openshift_master/tasks/bootstrap_settings.yml (limited to 'roles/openshift_master') diff --git a/roles/openshift_master/defaults/main.yml b/roles/openshift_master/defaults/main.yml index fe78dea66..a27fbae7e 100644 --- a/roles/openshift_master/defaults/main.yml +++ b/roles/openshift_master/defaults/main.yml @@ -26,7 +26,6 @@ default_r_openshift_master_os_firewall_allow: cond: "{{ groups.oo_etcd_to_config | default([]) | length == 0 }}" r_openshift_master_os_firewall_allow: "{{ default_r_openshift_master_os_firewall_allow | union(openshift_master_open_ports | default([])) }}" - # oreg_url is defined by user input oreg_host: "{{ oreg_url.split('/')[0] if (oreg_url is defined and '.' in oreg_url.split('/')[0]) else '' }}" oreg_auth_credentials_path: "{{ r_openshift_master_data_dir }}/.docker" @@ -60,87 +59,10 @@ r_openshift_master_sdn_network_plugin_name: "{{ r_openshift_master_sdn_network_p openshift_master_image_config_latest_default: "{{ openshift_image_config_latest | default(False) }}" openshift_master_image_config_latest: "{{ openshift_master_image_config_latest_default }}" -openshift_master_config_dir_default: "{{ (openshift.common.config_base | default('/etc/origin/master')) ~ '/master' }}" +openshift_master_config_dir_default: "{{ openshift.common.config_base ~ '/master' if openshift is defined and 'common' in openshift else '/etc/origin/master' }}" openshift_master_config_dir: "{{ openshift_master_config_dir_default }}" -openshift_master_cloud_provider: "{{ openshift_cloudprovider_kind | default('aws') }}" - -openshift_master_node_config_networkconfig_mtu: "{{ openshift_node_sdn_mtu | default(1450) }}" - -openshift_master_node_config_kubeletargs_cpu: 500m -openshift_master_node_config_kubeletargs_mem: 512M openshift_master_bootstrap_enabled: False -openshift_master_client_binary: "{{ openshift.common.client_binary if openshift is defined else 'oc' }}" - -openshift_master_config_imageconfig_format: "{{ openshift.node.registry_url }}" - -# these are for the default settings in a generated node-config.yaml -openshift_master_node_config_default_edits: -- key: nodeName - state: absent -- key: dnsBindAddress - value: 127.0.0.1:53 -- key: dnsDomain - value: cluster.local -- key: dnsRecursiveResolvConf - value: /etc/origin/node/resolv.conf -- key: imageConfig.format - value: "{{ openshift_master_config_imageconfig_format }}" -- key: kubeletArguments.cloud-config - value: - - "/etc/origin/cloudprovider/{{ openshift_master_cloud_provider }}.conf" -- key: kubeletArguments.cloud-provider - value: - - "{{ openshift_master_cloud_provider }}" -- key: kubeletArguments.kube-reserved - value: - - "cpu={{ openshift_master_node_config_kubeletargs_cpu }},memory={{ openshift_master_node_config_kubeletargs_mem }}" -- key: kubeletArguments.system-reserved - value: - - "cpu={{ openshift_master_node_config_kubeletargs_cpu }},memory={{ openshift_master_node_config_kubeletargs_mem }}" -- key: enable-controller-attach-detach - value: - - 'true' -- key: networkConfig.mtu - value: "{{ openshift_master_node_config_networkconfig_mtu }}" -- key: networkConfig.networkPluginName - value: "{{ r_openshift_master_sdn_network_plugin_name }}" -- key: networkPluginName - value: "{{ r_openshift_master_sdn_network_plugin_name }}" - - -# We support labels for all nodes here -openshift_master_node_config_kubeletargs_default_labels: [] -# We do support overrides for node group labels -openshift_master_node_config_kubeletargs_master_labels: [] -openshift_master_node_config_kubeletargs_infra_labels: [] -openshift_master_node_config_kubeletargs_compute_labels: [] - -openshift_master_node_config_master: - type: master - edits: - - key: kubeletArguments.node-labels - value: "{{ openshift_master_node_config_kubeletargs_default_labels | - union(openshift_master_node_config_kubeletargs_master_labels) | - union(['type=master']) }}" -openshift_master_node_config_infra: - type: infra - edits: - - key: kubeletArguments.node-labels - value: "{{ openshift_master_node_config_kubeletargs_default_labels | - union(openshift_master_node_config_kubeletargs_infra_labels) | - union(['type=infra']) }}" -openshift_master_node_config_compute: - type: compute - edits: - - key: kubeletArguments.node-labels - value: "{{ openshift_master_node_config_kubeletargs_default_labels | - union(openshift_master_node_config_kubeletargs_compute_labels) | - union(['type=compute']) }}" - -openshift_master_node_configs: -- "{{ openshift_master_node_config_infra }}" -- "{{ openshift_master_node_config_compute }}" - -openshift_master_bootstrap_namespace: openshift-node +openshift_master_csr_sa: node-bootstrapper +openshift_master_csr_namespace: openshift-infra diff --git a/roles/openshift_master/tasks/bootstrap.yml b/roles/openshift_master/tasks/bootstrap.yml index f837a8bae..ce55e7d0c 100644 --- a/roles/openshift_master/tasks/bootstrap.yml +++ b/roles/openshift_master/tasks/bootstrap.yml @@ -2,7 +2,8 @@ # TODO: create a module for this command. # oc_serviceaccounts_kubeconfig - name: create service account kubeconfig with csr rights - command: "oc serviceaccounts create-kubeconfig node-bootstrapper -n openshift-infra" + command: > + oc serviceaccounts create-kubeconfig {{ openshift_master_csr_sa }} -n {{ openshift_master_csr_namespace }} register: kubeconfig_out until: kubeconfig_out.rc == 0 retries: 24 @@ -12,67 +13,3 @@ copy: content: "{{ kubeconfig_out.stdout }}" dest: "{{ openshift_master_config_dir }}/bootstrap.kubeconfig" - -- name: create a temp dir for this work - command: mktemp -d /tmp/openshift_node_config-XXXXXX - register: mktempout - run_once: true - -# This generate is so that we do not have to maintain -# our own copy of the template. This is generated by -# the product and the following settings will be -# generated by the master -- name: generate a node-config dynamically - command: > - {{ openshift_master_client_binary }} adm create-node-config - --node-dir={{ mktempout.stdout }}/ - --node=CONFIGMAP - --hostnames=test - --dns-ip=0.0.0.0 - --certificate-authority={{ openshift_master_config_dir }}/ca.crt - --signer-cert={{ openshift_master_config_dir }}/ca.crt - --signer-key={{ openshift_master_config_dir }}/ca.key - --signer-serial={{ openshift_master_config_dir }}/ca.serial.txt - --node-client-certificate-authority={{ openshift_master_config_dir }}/ca.crt - register: configgen - run_once: true - -- name: remove the default settings - yedit: - state: "{{ item.state | default('present') }}" - src: "{{ mktempout.stdout }}/node-config.yaml" - key: "{{ item.key }}" - value: "{{ item.value | default(omit) }}" - with_items: "{{ openshift_master_node_config_default_edits }}" - run_once: true - -- name: copy the generated config into each group - copy: - src: "{{ mktempout.stdout }}/node-config.yaml" - remote_src: true - dest: "{{ mktempout.stdout }}/node-config-{{ item.type }}.yaml" - with_items: "{{ openshift_master_node_configs }}" - run_once: true - -- name: "specialize the generated configs for node-config-{{ item.type }}" - yedit: - src: "{{ mktempout.stdout }}/node-config-{{ item.type }}.yaml" - edits: "{{ item.edits }}" - with_items: "{{ openshift_master_node_configs }}" - run_once: true - -- name: create node-config.yaml configmap - oc_configmap: - name: "node-config-{{ item.type }}" - namespace: "{{ openshift_master_bootstrap_namespace }}" - from_file: - node-config.yaml: "{{ mktempout.stdout }}/node-config-{{ item.type }}.yaml" - with_items: "{{ openshift_master_node_configs }}" - run_once: true - -- name: remove templated files - file: - dest: "{{ mktempout.stdout }}/" - state: absent - with_items: "{{ openshift_master_node_configs }}" - run_once: true diff --git a/roles/openshift_master/tasks/bootstrap_settings.yml b/roles/openshift_master/tasks/bootstrap_settings.yml new file mode 100644 index 000000000..cbd7f587b --- /dev/null +++ b/roles/openshift_master/tasks/bootstrap_settings.yml @@ -0,0 +1,14 @@ +--- +- name: modify controller args + yedit: + src: /etc/origin/master/master-config.yaml + edits: + - key: kubernetesMasterConfig.controllerArguments.cluster-signing-cert-file + value: + - /etc/origin/master/ca.crt + - key: kubernetesMasterConfig.controllerArguments.cluster-signing-key-file + value: + - /etc/origin/master/ca.key + notify: + - restart master controllers + when: openshift_master_bootstrap_enabled | default(False) diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 48b34c578..c7c02d49b 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -218,18 +218,7 @@ - restart master api - restart master controllers -- name: modify controller args - yedit: - src: /etc/origin/master/master-config.yaml - edits: - - key: kubernetesMasterConfig.controllerArguments.cluster-signing-cert-file - value: - - /etc/origin/master/ca.crt - - key: kubernetesMasterConfig.controllerArguments.cluster-signing-key-file - value: - - /etc/origin/master/ca.key - notify: - - restart master controllers +- include: bootstrap_settings.yml when: openshift_master_bootstrap_enabled | default(False) - include: set_loopback_context.yml -- cgit v1.2.1