playbooks/common/openshift-cluster/openshift_hosted.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166

---
- name: Create persistent volumes
  hosts: oo_first_master
  tags:
  - hosted
  vars:
    persistent_volumes: "{{ hostvars[groups.oo_first_master.0] | oo_persistent_volumes(groups) }}"
    persistent_volume_claims: "{{ hostvars[groups.oo_first_master.0] | oo_persistent_volume_claims }}"
  roles:
  - role: openshift_persistent_volumes
    when: persistent_volumes | length > 0 or persistent_volume_claims | length > 0

- name: Create Hosted Resources
  hosts: oo_first_master
  tags:
  - hosted
  pre_tasks:
  - set_fact:
      openshift_hosted_router_registryurl: "{{ hostvars[groups.oo_first_master.0].openshift.master.registry_url }}"
      openshift_hosted_registry_registryurl: "{{ hostvars[groups.oo_first_master.0].openshift.master.registry_url }}"
    when: "'master' in hostvars[groups.oo_first_master.0].openshift and 'registry_url' in hostvars[groups.oo_first_master.0].openshift.master"
  - set_fact:
      logging_hostname: "{{ openshift_hosted_logging_hostname | default('kibana.' ~ openshift_master_default_subdomain) }}"
      logging_ops_hostname: "{{ openshift_hosted_logging_ops_hostname | default('kibana-ops.' ~ openshift_master_default_subdomain) }}"
      logging_master_public_url: "{{ openshift_hosted_logging_master_public_url | default(openshift.master.public_api_url) }}"
      logging_elasticsearch_cluster_size: "{{ openshift_hosted_logging_elasticsearch_cluster_size | default(1) }}"
      logging_elasticsearch_ops_cluster_size: "{{ openshift_hosted_logging_elasticsearch_ops_cluster_size | default(1) }}"
  roles:
  - role: openshift_cli
  - role: openshift_hosted_facts
  - role: openshift_projects
    # TODO: Move standard project definitions to openshift_hosted/vars/main.yml
    # Vars are not accessible in meta/main.yml in ansible-1.9.x
    openshift_projects: "{{ openshift_additional_projects | default({}) | oo_merge_dicts({'default':{'default_node_selector':''},'openshift-infra':{'default_node_selector':''},'logging':{'default_node_selector':''}}) }}"
  - role: openshift_serviceaccounts
    openshift_serviceaccounts_names:
    - router
    openshift_serviceaccounts_namespace: default
    openshift_serviceaccounts_sccs:
    - hostnetwork
    when: openshift.common.version_gte_3_2_or_1_2
  - role: openshift_serviceaccounts
    openshift_serviceaccounts_names:
    - router
    - registry
    openshift_serviceaccounts_namespace: default
    openshift_serviceaccounts_sccs:
    - privileged
    when: not openshift.common.version_gte_3_2_or_1_2
  - role: openshift_hosted
  - role: openshift_metrics
    when: openshift.hosted.metrics.deploy | bool
  - role: openshift_hosted_logging
    when: openshift.hosted.logging.deploy | bool
    openshift_hosted_logging_hostname: "{{ logging_hostname }}"
    openshift_hosted_logging_ops_hostname: "{{ logging_ops_hostname }}"
    openshift_hosted_logging_master_public_url: "{{ logging_master_public_url }}"
    openshift_hosted_logging_elasticsearch_cluster_size: "{{ logging_elasticsearch_cluster_size }}"
    openshift_hosted_logging_elasticsearch_ops_cluster_size: "{{ logging_elasticsearch_ops_cluster_size }}"
    openshift_hosted_logging_elasticsearch_pvc_dynamic: "{{ 'true' if openshift.hosted.logging.storage_kind | default(none) == 'dynamic' else 'false' }}"
    openshift_hosted_logging_elasticsearch_pvc_size: "{{ openshift.hosted.logging.storage.volume.size if openshift.hosted.logging.storage_kind | default(none) == 'dynamic' else ''  }}"
    openshift_hosted_logging_elasticsearch_pvc_prefix: "{{ 'logging-es' if openshift.hosted.logging.storage_kind | default(none) is not none else '' }}"

  - role: cockpit-ui
    when: openshift.common.deployment_subtype == 'registry'

- name: Configure all masters for logging
  serial: 1
  handlers:
  - include: ../../../roles/openshift_master/handlers/main.yml
    static: yes
  hosts: oo_masters
  tasks:
  - openshift_facts:
      role: master
      local_facts:
        logging_public_url: "https://{{ openshift_hosted_logging_hostname | default('kibana.' ~ openshift_master_default_subdomain) }}"
    when: openshift.hosted.logging.deploy | default(openshift.common.version_gte_3_3_or_1_3)
  - modify_yaml:
      dest: "{{ openshift.common.config_base }}/master/master-config.yaml"
      yaml_key: assetConfig.loggingPublicURL
      yaml_value: "{{ openshift.master.logging_public_url }}"
    notify: restart master
    when: openshift.hosted.logging.deploy | default(openshift.common.version_gte_3_3_or_1_3)

- name: Configure CA certificate for secure registry
  hosts: oo_nodes_to_config
  tags:
  - hosted
  tasks:
  - name: Create temp directory for kubeconfig
    command: mktemp -d /tmp/openshift-ansible-XXXXXX
    register: mktemp
    when: openshift.common.deployment_subtype == 'registry'
    changed_when: false
    delegate_to: "{{ groups.oo_first_master.0 }}"
    run_once: true
  - set_fact:
      openshift_hosted_kubeconfig: "{{ mktemp.stdout }}/admin.kubeconfig"
    when: openshift.common.deployment_subtype == 'registry'
    delegate_to: "{{ groups.oo_first_master.0 }}"
    run_once: true
  - name: Copy the admin client config(s)
    command: >
      cp {{ openshift.common.config_base }}/master/admin.kubeconfig {{ openshift_hosted_kubeconfig }}
    when: openshift.common.deployment_subtype == 'registry'
    changed_when: false
    delegate_to: "{{ groups.oo_first_master.0 }}"
    run_once: true
  - name: Retrieve docker-registry route
    command: >
      {{ openshift.common.client_binary }} get route docker-registry
      --template='{{ '{{' }} .spec.host {{ '}}' }}'
      --config={{ openshift_hosted_kubeconfig }}
      -n default
    register: docker_registry_route
    when: openshift.common.deployment_subtype == 'registry'
    changed_when: false
    delegate_to: "{{ groups.oo_first_master.0 }}"
    run_once: true
  - name: Retrieve registry service IP
    command: >
      {{ openshift.common.client_binary }} get service docker-registry
      --template='{{ '{{' }} .spec.clusterIP {{ '}}' }}'
      --config={{ openshift_hosted_kubeconfig }}
      -n default
    register: docker_registry_service_ip
    when: openshift.common.deployment_subtype == 'registry'
    changed_when: false
    delegate_to: "{{ groups.oo_first_master.0 }}"
    run_once: true
  - name: Create registry CA directories
    file:
      path: "/etc/docker/certs.d/{{ item }}"
      state: directory
    with_items:
    - "{{ docker_registry_service_ip.stdout }}:5000"
    - "{{ docker_registry_route.stdout }}"
    - "docker-registry.default.svc.cluster.local:5000"
    when: openshift.common.deployment_subtype == 'registry'
  - name: Copy CA to registry CA directories
    copy:
      src: "{{ openshift.common.config_base }}/node/ca.crt"
      dest: "/etc/docker/certs.d/{{ item }}"
      remote_src: yes
      force: yes
    with_items:
    - "{{ docker_registry_service_ip.stdout }}:5000"
    - "{{ docker_registry_route.stdout }}"
    - "docker-registry.default.svc.cluster.local:5000"
    when: openshift.common.deployment_subtype == 'registry'
    notify:
    - Restart docker
  - name: Delete temp directory
    file:
      name: "{{ mktemp.stdout }}"
      state: absent
    when: openshift.common.deployment_subtype == 'registry'
    changed_when: False
    delegate_to: "{{ groups.oo_first_master.0 }}"
    run_once: true
  handlers:
  - name: Restart docker
    service:
      name: docker
      state: restarted