playbooks/aws/openshift-cluster/provision.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157

---
- name: Setup the vpc and the master node group
  hosts: localhost
  tasks:
  - name: get provisioning vars
    include_vars: vars.yml

  - name: create default vpc
    include_role:
      name: openshift_aws_vpc
    vars:
      r_openshift_aws_vpc_clusterid: "{{ provision.clusterid }}"
      r_openshift_aws_vpc_cidr: "{{ provision.vpc.cidr }}"
      r_openshift_aws_vpc_subnets: "{{ provision.vpc.subnets }}"
      r_openshift_aws_vpc_region: "{{ provision.region }}"
      r_openshift_aws_vpc_tags: "{{ provision.vpc.tags }}"
      r_openshift_aws_vpc_name: "{{ provision.vpc.name | default(provision.clusterid) }}"

  - name: create aws ssh keypair
    include_role:
      name: openshift_aws_ssh_keys
    vars:
      r_openshift_aws_ssh_keys_users: "{{ provision.instance_users }}"
      r_openshift_aws_ssh_keys_region: "{{ provision.region }}"

  - when: provision.openshift_registry_s3 | default(false)
    name: create s3 bucket for registry
    include_role:
      name: openshift_aws_s3
    vars:
      r_openshift_aws_s3_clusterid: "{{ provision.clusterid }}-docker-registry"
      r_openshift_aws_s3_region: "{{ provision.region }}"
      r_openshift_aws_s3_mode: create

  - name: include scale group creation for master
    include: build_node_group.yml
    vars:
      openshift_build_node_type: master

  - name: fetch new master instances
    ec2_remote_facts:
      region: "{{ provision.region }}"
      filters:
        "tag:clusterid": "{{ provision.clusterid }}"
        "tag:host-type": master
        instance-state-name: running
    register: instancesout
    retries: 20
    delay: 3
    until: instancesout.instances|length > 0

  - name: bring iam_cert23 into scope
    include_role:
      name: lib_utils

  - name: upload certificates to AWS IAM
    iam_cert23:
      state: present
      name: "{{ provision.clusterid }}-master-external"
      cert: "{{ provision.iam_cert_ca.cert_path }}"
      key: "{{ provision.iam_cert_ca.key_path }}"
      cert_chain: "{{ provision.iam_cert_ca.chain_path | default(omit) }}"
    register: elb_cert_chain
    failed_when:
    - "'failed' in elb_cert_chain"
    - elb_cert_chain.failed
    - "'msg' in elb_cert_chain"
    - "'already exists' not in elb_cert_chain.msg"
    when: provision.iam_cert_ca is defined

  - debug: var=elb_cert_chain

  - name: create our master external and internal load balancers
    include_role:
      name: openshift_aws_elb
    vars:
      r_openshift_aws_elb_clusterid: "{{ provision.clusterid }}"
      r_openshift_aws_elb_region: "{{ provision.region }}"
      r_openshift_aws_elb_instance_filter:
        "tag:clusterid": "{{ provision.clusterid }}"
        "tag:host-type": master
        instance-state-name: running
      r_openshift_aws_elb_type: master
      r_openshift_aws_elb_direction: "{{ elb_item }}"
      r_openshift_aws_elb_idle_timout: 400
      r_openshift_aws_elb_scheme: internet-facing
      r_openshift_aws_elb_security_groups:
      - "{{ provision.clusterid }}"
      - "{{ provision.clusterid }}_master"
      r_openshift_aws_elb_subnet_name: "{{ provision.vpc.subnets[provision.region][0].az }}"
      r_openshift_aws_elb_name: "{{ provision.clusterid }}-master-{{ elb_item }}"
      r_openshift_aws_elb_cert_arn: "{{ elb_cert_chain.arn }}"
    with_items:
    - internal
    - external
    loop_control:
      loop_var: elb_item

  - name: add new master to masters group
    add_host:
      groups: "masters,etcd,nodes"
      name: "{{ item.public_ip_address }}"
      hostname: "{{ provision.clusterid }}-master-{{ item.id[:-5] }}"
    with_items: "{{ instancesout.instances }}"

  - name: set facts for group normalization
    set_fact:
      cluster_id: "{{ provision.clusterid }}"
      cluster_env: "{{ provision.node_group_config.tags.environment | default('dev') }}"

  - name: wait for ssh to become available
    wait_for:
      port: 22
      host: "{{ item.public_ip_address }}"
      timeout: 300
      search_regex: OpenSSH
    with_items: "{{ instancesout.instances }}"


- name: set the master facts for hostname to elb
  hosts: masters
  gather_facts: no
  remote_user: root
  tasks:
  - name: include vars
    include_vars: vars.yml

  - name: fetch elbs
    ec2_elb_facts:
      region: "{{ provision.region }}"
      names:
      - "{{ item }}"
    with_items:
    - "{{ provision.clusterid }}-master-external"
    - "{{ provision.clusterid }}-master-internal"
    delegate_to: localhost
    register: elbs

  - debug: var=elbs

  - name: set fact
    set_fact:
      openshift_master_cluster_hostname: "{{ elbs.results[1].elbs[0].dns_name }}"
      osm_custom_cors_origins:
      - "{{ elbs.results[1].elbs[0].dns_name }}"
      - "console.{{ provision.clusterid }}.openshift.com"
      - "api.{{ provision.clusterid }}.openshift.com"
    with_items: "{{ groups['masters'] }}"

- name: normalize groups
  include: ../../byo/openshift-cluster/initialize_groups.yml

- name: run the std_include
  include: ../../common/openshift-cluster/std_include.yml

- name: run the config
  include: ../../common/openshift-cluster/config.yml