diff options
81 files changed, 2739 insertions, 0 deletions
diff --git a/README_GCE.txt b/README_GCE.txt new file mode 100644 index 000000000..b2f6aec21 --- /dev/null +++ b/README_GCE.txt @@ -0,0 +1,45 @@ + +GCE Setup Instructions + +Get a gce service key +--------------------- +1. ping twiest and ask for a GCE service key + + +Convert a GCE service key into a pem (for ansible) +-------------------------------------------------- +1. The gce service key looks something like this: os302gce-ef83bd90f261.p12 +2. the ef83bd90f261 part is the public hash +3. Be in the same directory as the p12 key file. +4. The commands below should be copy / paste-able +5. Run these commands: + # Temporarily set hash variable + export GCE_KEY_HASH=ef83bd90f261 + + # Convert the service key (note: 'notasecret' is literally what we want here) + openssl pkcs12 -in os302gce-${GCE_KEY_HASH}.p12 -passin pass:notasecret -nodes -nocerts | openssl rsa -out os302gce-${GCE_KEY_HASH}.pem + + # Move the converted service key to the .ssh dir + mv os302gce-${GCE_KEY_HASH}.pem ~/.ssh + + # Set a sym link so it's easy to reference + ln -s ~/.ssh/os302gce-${GCE_KEY_HASH}.pem ~/.ssh/os302gce_priv_key.pem + +6. Once this is done, put the original service key file (os302gce-ef83bd90f261.p12) somewhere safe, or delete it (your call, I don't know what else we'll use it for, and we can always regen it if needed) + + + +Install Dependencies (not needed for ctl1) +------------------------------------------ +1. Ansible requires libcloud for gce operations: + yum install -y ansible python-libcloud + + +Test The Setup +-------------- +1. cd li-ops/cloud +2. Try to list all instances: + ./cloud.rb gce list + +3. Try to create an instance: + ./cloud.rb gce launch -n ${USER}-minion1 -e int --type os3-minion diff --git a/cloud.rb b/cloud.rb new file mode 100755 index 000000000..cc23a7290 --- /dev/null +++ b/cloud.rb @@ -0,0 +1,350 @@ +#!/usr/bin/env ruby + +require 'thor' +require 'json' +require 'yaml' +require 'securerandom' +require 'fileutils' + +SCRIPT_DIR = File.expand_path(File.dirname(__FILE__)) + +module OpenShift + module Ops + # WARNING: we do not currently support environments with hyphens in the name + SUPPORTED_ENVS = ['prod','stg','int','tint','kint','test'] + + class GceHelper + def self.list_hosts() + cmd = "#{SCRIPT_DIR}/inventory/gce/gce.py --list" + hosts = %x[#{cmd} 2>&1] + + raise "Error: failed to list hosts\n#{hosts}" unless $?.exitstatus == 0 + + return JSON.parse(hosts) + end + + def self.get_host_details(host) + cmd = "#{SCRIPT_DIR}/inventory/gce/gce.py --host #{host}" + details = %x[#{cmd} 2>&1] + + raise "Error: failed to get host details\n#{details}" unless $?.exitstatus == 0 + + retval = JSON.parse(details) + + # Convert OpenShift specific tags to entries + retval['gce_tags'].each do |tag| + if tag =~ /\Ahost-type-([\w\d-]+)\z/ + retval['host-type'] = $1 + end + + if tag =~ /\Aenv-([\w\d]+)\z/ + retval['env'] = $1 + end + end + + return retval + end + + def self.generate_env_tag(env) + return "env-#{env}" + end + + def self.generate_env_tag_name(env) + return "tag_#{generate_env_tag(env)}" + end + + def self.generate_host_type_tag(host_type) + return "host-type-#{host_type}" + end + + def self.generate_host_type_tag_name(host_type) + return "tag_#{generate_host_type_tag(host_type)}" + end + + def self.generate_env_host_type_tag(env, host_type) + return "env-host-type-#{env}-#{host_type}" + end + + def self.generate_env_host_type_tag_name(env, host_type) + return "tag_#{generate_env_host_type_tag(env, host_type)}" + end + end + + class LaunchHelper + def self.expand_name(name) + return [name] unless name =~ /^([a-zA-Z0-9\-]+)\{(\d+)-(\d+)\}$/ + + # Regex matched, so grab the values + start_num = $2 + end_num = $3 + + retval = [] + start_num.upto(end_num) do |i| + retval << "#{$1}#{i}" + end + + return retval + end + + def self.get_gce_host_types() + return Dir.glob("#{SCRIPT_DIR}/playbooks/gce/*").map { |d| File.basename(d) } + end + end + + class AnsibleHelper + attr_accessor :inventory, :extra_vars, :verbosity, :pipelining + + def initialize(extra_vars={}, inventory=nil) + @extra_vars = extra_vars + @verbosity = '-vvvv' + @pipelining = true + end + + def run_playbook(playbook) + @inventory = 'inventory/hosts' if @inventory.nil? + + # This is used instead of passing in the json on the cli to avoid quoting problems + tmpfile = Tempfile.new('extra_vars') + tmpfile.write(@extra_vars.to_json) + tmpfile.sync() + tmpfile.close() + + cmds = [] + + cmds << %Q[export ANSIBLE_FILTER_PLUGINS="#{Dir.pwd}/filter_plugins"] + + # We need this for launching instances, otherwise conflicting keys and what not kill it + cmds << %q[export ANSIBLE_TRANSPORT="ssh"] + cmds << %Q[export ANSIBLE_SSH_ARGS="-o ForwardAgent=yes -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null"] + + # We need pipelining off so that we can do sudo to enable the root account + cmds << %Q[export ANSIBLE_SSH_PIPELINING='#{@pipelining.to_s}'] + + ssh_key_arg = "--private-key=~/.ssh/mmcgrath_libra" if File.file?(ENV['HOME']+'/.ssh/mmcgrath_libra.pem') + + cmds << %Q[time -p ansible-playbook -i #{@inventory} #{@verbosity} #{playbook} #{ssh_key_arg} --extra-vars '@#{tmpfile.path}'] + + cmd = cmds.join(' ; ') + + system(cmd) + tmpfile.unlink + end + + def merge_extra_vars_file(file) + vars = YAML.load_file(file) + @extra_vars.merge!(vars) + end + + def self.for_gce() + ah = AnsibleHelper.new() + + # GCE specific configs + ah.extra_vars['gce_pem_file'] = "#{ENV['HOME']}/.ssh/os302gce_priv_key.pem" + ah.extra_vars['gce_service_account_email'] = '198287808360-f457cs26hutqeosmlje1eosfeqo0krlg@developer.gserviceaccount.com' + ah.extra_vars['gce_project_id'] = 'corded-cable-672' + + ah.inventory = 'inventory/gce/gce.py' + + return ah + end + + end + + class GceCommand < Thor + option :type, :required => true, :enum => LaunchHelper.get_gce_host_types, + :desc => 'The host type of the new instances.' + option :env, :required => true, :aliases => '-e', :enum => OpenShift::Ops::SUPPORTED_ENVS, + :desc => 'The environment of the new instances.' + option :count, :default => 1, :aliases => '-c', :type => :numeric, + :desc => 'The number of instances to create' + option :tag, :type => :array, + :desc => 'The tag(s) to add to the new instances. Allowed characters are letters, numbers, and hyphens.' + desc "launch", "Launches instances." + def launch() + # Expand all of the instance names so that we have a complete array + names = [] + options[:count].times { names << "#{options[:env]}-#{options[:type]}-#{SecureRandom.hex(5)}" } + + ah = AnsibleHelper.for_gce() + + # GCE specific configs + ah.extra_vars['oo_new_inst_names'] = names + ah.extra_vars['oo_new_inst_tags'] = options[:tag] + ah.extra_vars['oo_env'] = options[:env] + + # Add a created by tag + ah.extra_vars['oo_new_inst_tags'] = [] if ah.extra_vars['oo_new_inst_tags'].nil? + + ah.extra_vars['oo_new_inst_tags'] << "created-by-#{ENV['USER']}" + ah.extra_vars['oo_new_inst_tags'] << GceHelper.generate_env_tag(options[:env]) + ah.extra_vars['oo_new_inst_tags'] << GceHelper.generate_host_type_tag(options[:type]) + ah.extra_vars['oo_new_inst_tags'] << GceHelper.generate_env_host_type_tag(options[:env], options[:type]) + + puts + puts "Creating instance(s) in GCE..." + puts + puts " .---- Disregard this (ansible bug 6407) ----." + puts " V V" + + + ah.run_playbook("playbooks/gce/#{options[:type]}/launch.yml") + end + + option :name, :required => false, :type => :string, + :desc => 'The name of the instance to configure.' + option :env, :required => false, :aliases => '-e', :enum => OpenShift::Ops::SUPPORTED_ENVS, + :desc => 'The environment of the new instances.' + option :type, :required => false, :enum => LaunchHelper.get_gce_host_types, + :desc => 'The type of the instances to configure.' + desc "config", 'Configures instances.' + def config() + ah = AnsibleHelper.for_gce() + + abort 'Error: you can\'t specify both --name and --type' unless options[:type].nil? || options[:name].nil? + + abort 'Error: you can\'t specify both --name and --env' unless options[:env].nil? || options[:name].nil? + + host_type = nil + if options[:name] + details = GceHelper.get_host_details(options[:name]) + ah.extra_vars['oo_host_group_exp'] = options[:name] + ah.extra_vars['oo_env'] = details['env'] + host_type = details['host-type'] + elsif options[:type] && options[:env] + oo_env_host_type_tag = GceHelper.generate_env_host_type_tag_name(options[:env], options[:type]) + ah.extra_vars['oo_host_group_exp'] = "groups['#{oo_env_host_type_tag}']" + ah.extra_vars['oo_env'] = options[:env] + host_type = options[:type] + else + abort 'Error: you need to specify either --name or (--type and --env)' + end + + puts + puts "Configuring #{options[:type]} instance(s) in GCE..." + puts + puts " .---- Disregard this (ansible bug 6407) ----." + puts " V V" + + ah.run_playbook("playbooks/gce/#{host_type}/config.yml") + end + + desc "list", "Lists instances." + def list() + hosts = GceHelper.list_hosts() + + data = {} + hosts.each do |key,value| + value.each { |h| (data[h] ||= []) << key } + end + + puts + puts "Instances" + puts "---------" + data.keys.sort.each { |k| puts " #{k}" } + puts + end + + option :file, :required => true, :type => :string, + :desc => 'The name of the file to copy.' + option :dest, :required => false, :type => :string, + :desc => 'A relative path where files are written to.' + desc "scp_from", "scp files from an instance" + def scp_from(*ssh_ops, host) + if host =~ /^([\w\d_.-]+)@([\w\d-_.]+)$/ + user = $1 + host = $2 + end + + path_to_file = options['file'] + dest = options['dest'] + + details = GceHelper.get_host_details(host) + abort "\nError: Instance [#{host}] is not RUNNING\n\n" unless details['gce_status'] == 'RUNNING' + + cmd = "scp #{ssh_ops.join(' ')}" + + if user.nil? + cmd += " " + else + cmd += " #{user}@" + end + + if dest.nil? + download = File.join(Dir.pwd, 'download') + FileUtils.mkdir_p(download) unless File.exists?(download) + cmd += "#{details['gce_public_ip']}:#{path_to_file} download/" + else + cmd += "#{details['gce_public_ip']}:#{path_to_file} #{File.expand_path(dest)}" + end + + exec(cmd) + end + + desc "ssh", "Ssh to an instance" + def ssh(*ssh_ops, host) + puts host + if host =~ /^([\w\d_.-]+)@([\w\d-_.]+)/ + user = $1 + host = $2 + end + puts "user=#{user}" + puts "host=#{host}" + + details = GceHelper.get_host_details(host) + abort "\nError: Instance [#{host}] is not RUNNING\n\n" unless details['gce_status'] == 'RUNNING' + + cmd = "ssh #{ssh_ops.join(' ')}" + + if user.nil? + cmd += " " + else + cmd += " #{user}@" + end + + cmd += "#{details['gce_public_ip']}" + + exec(cmd) + end + + option :name, :required => true, :aliases => '-n', :type => :string, + :desc => 'The name of the instance.' + desc 'details', 'Displays details about an instance.' + def details() + name = options[:name] + + details = GceHelper.get_host_details(name) + + key_size = details.keys.max_by { |k| k.size }.size + + header = "Details for #{name}" + puts + puts header + header.size.times { print '-' } + puts + details.each { |k,v| printf("%#{key_size + 2}s: %s\n", k, v) } + puts + end + + desc 'types', 'Displays instance types' + def types() + puts + puts "Available Host Types" + puts "--------------------" + LaunchHelper.get_gce_host_types.each { |t| puts " #{t}" } + puts + end + end + + class CloudCommand < Thor + desc 'gce', 'Manages Google Compute Engine assets' + subcommand "gce", GceCommand + end + end +end + +if __FILE__ == $0 + Dir.chdir(SCRIPT_DIR) do + # Kick off thor + OpenShift::Ops::CloudCommand.start(ARGV) + end +end diff --git a/filter_plugins/.gitignore b/filter_plugins/.gitignore new file mode 100644 index 000000000..72723e50a --- /dev/null +++ b/filter_plugins/.gitignore @@ -0,0 +1 @@ +*pyc diff --git a/filter_plugins/oo_filters.py b/filter_plugins/oo_filters.py new file mode 100644 index 000000000..0c34cfc3e --- /dev/null +++ b/filter_plugins/oo_filters.py @@ -0,0 +1,69 @@ +from ansible import errors, runner +import json +import pdb + +def oo_pdb(arg): + ''' This pops you into a pdb instance where arg is the data passed in from the filter. + Ex: "{{ hostvars | oo_pdb }}" + ''' + pdb.set_trace() + return arg + +def get_attr(data, attribute=None): + ''' This looks up dictionary attributes of the form a.b.c and returns the value. + Ex: data = {'a': {'b': {'c': 5}}} + attribute = "a.b.c" + returns 5 + ''' + + if not attribute: + raise errors.AnsibleFilterError("|failed expects attribute to be set") + + ptr = data + for attr in attribute.split('.'): + ptr = ptr[attr] + + return ptr + +def oo_collect(data, attribute=None): + ''' This takes a list of dict and collects all attributes specified into a list + Ex: data = [ {'a':1,'b':5}, {'a':2}, {'a':3} ] + attribute = 'a' + returns [1, 2, 3] + ''' + + if not issubclass(type(data), list): + raise errors.AnsibleFilterError("|failed expects to filter on a List") + + if not attribute: + raise errors.AnsibleFilterError("|failed expects attribute to be set") + + retval = [get_attr(d, attribute) for d in data] + + return retval + +def oo_select_keys(data, keys): + ''' This returns a list, which contains the value portions for the keys + Ex: data = { 'a':1, 'b':2, 'c':3 } + keys = ['a', 'c'] + returns [1, 3] + ''' + + if not issubclass(type(data), dict): + raise errors.AnsibleFilterError("|failed expects to filter on a Dictionary") + + if not issubclass(type(keys), list): + raise errors.AnsibleFilterError("|failed expects first param is a list") + + # Gather up the values for the list of keys passed in + retval = [data[key] for key in keys] + + return retval + +class FilterModule (object): + def filters(self): + return { + "oo_select_keys": oo_select_keys, + "oo_collect": oo_collect, + "oo_pdb": oo_pdb + } diff --git a/inventory/gce/gce.ini b/inventory/gce/gce.ini new file mode 100644 index 000000000..3d6403c20 --- /dev/null +++ b/inventory/gce/gce.ini @@ -0,0 +1,47 @@ +#!/usr/bin/python +# Copyright 2013 Google Inc. +# +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. + +# The GCE inventory script has the following dependencies: +# 1. A valid Google Cloud Platform account with Google Compute Engine +# enabled. See https://cloud.google.com +# 2. An OAuth2 Service Account flow should be enabled. This will generate +# a private key file that the inventory script will use for API request +# authorization. See https://developers.google.com/accounts/docs/OAuth2 +# 3. Convert the private key from PKCS12 to PEM format +# $ openssl pkcs12 -in pkey.pkcs12 -passin pass:notasecret \ +# > -nodes -nocerts | openssl rsa -out pkey.pem +# 4. The libcloud (>=0.13.3) python libray. See http://libcloud.apache.org +# +# (See ansible/test/gce_tests.py comments for full install instructions) +# +# Author: Eric Johnson <erjohnso@google.com> + +[gce] +# GCE Service Account configuration information can be stored in the +# libcloud 'secrets.py' file. Ideally, the 'secrets.py' file will already +# exist in your PYTHONPATH and be picked up automatically with an import +# statement in the inventory script. However, you can specify an absolute +# path to the secrets.py file with 'libcloud_secrets' parameter. +libcloud_secrets = + +# If you are not going to use a 'secrets.py' file, you can set the necessary +# authorization parameters here. +gce_service_account_email_address = 198287808360-f457cs26hutqeosmlje1eosfeqo0krlg@developer.gserviceaccount.com +gce_service_account_pem_file_path = ~/.ssh/os302gce_priv_key.pem +gce_project_id = corded-cable-672 + diff --git a/inventory/gce/gce.py b/inventory/gce/gce.py new file mode 100755 index 000000000..c8eeb43ab --- /dev/null +++ b/inventory/gce/gce.py @@ -0,0 +1,275 @@ +#!/usr/bin/python +# Copyright 2013 Google Inc. +# +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. + +''' +GCE external inventory script +================================= + +Generates inventory that Ansible can understand by making API requests +Google Compute Engine via the libcloud library. Full install/configuration +instructions for the gce* modules can be found in the comments of +ansible/test/gce_tests.py. + +When run against a specific host, this script returns the following variables +based on the data obtained from the libcloud Node object: + - gce_uuid + - gce_id + - gce_image + - gce_machine_type + - gce_private_ip + - gce_public_ip + - gce_name + - gce_description + - gce_status + - gce_zone + - gce_tags + - gce_metadata + - gce_network + +When run in --list mode, instances are grouped by the following categories: + - zone: + zone group name examples are us-central1-b, europe-west1-a, etc. + - instance tags: + An entry is created for each tag. For example, if you have two instances + with a common tag called 'foo', they will both be grouped together under + the 'tag_foo' name. + - network name: + the name of the network is appended to 'network_' (e.g. the 'default' + network will result in a group named 'network_default') + - machine type + types follow a pattern like n1-standard-4, g1-small, etc. + - running status: + group name prefixed with 'status_' (e.g. status_running, status_stopped,..) + - image: + when using an ephemeral/scratch disk, this will be set to the image name + used when creating the instance (e.g. debian-7-wheezy-v20130816). when + your instance was created with a root persistent disk it will be set to + 'persistent_disk' since there is no current way to determine the image. + +Examples: + Execute uname on all instances in the us-central1-a zone + $ ansible -i gce.py us-central1-a -m shell -a "/bin/uname -a" + + Use the GCE inventory script to print out instance specific information + $ plugins/inventory/gce.py --host my_instance + +Author: Eric Johnson <erjohnso@google.com> +Version: 0.0.1 +''' + +USER_AGENT_PRODUCT="Ansible-gce_inventory_plugin" +USER_AGENT_VERSION="v1" + +import sys +import os +import argparse +import ConfigParser + +try: + import json +except ImportError: + import simplejson as json + +try: + from libcloud.compute.types import Provider + from libcloud.compute.providers import get_driver + _ = Provider.GCE +except: + print("GCE inventory script requires libcloud >= 0.13") + sys.exit(1) + + +class GceInventory(object): + def __init__(self): + # Read settings and parse CLI arguments + self.parse_cli_args() + self.driver = self.get_gce_driver() + + # Just display data for specific host + if self.args.host: + print self.json_format_dict(self.node_to_dict( + self.get_instance(self.args.host))) + sys.exit(0) + + # Otherwise, assume user wants all instances grouped + print(self.json_format_dict(self.group_instances())) + sys.exit(0) + + def get_gce_driver(self): + """Determine the GCE authorization settings and return a + libcloud driver. + """ + gce_ini_default_path = os.path.join( + os.path.dirname(os.path.realpath(__file__)), "gce.ini") + gce_ini_path = os.environ.get('GCE_INI_PATH', gce_ini_default_path) + + # Create a ConfigParser. + # This provides empty defaults to each key, so that environment + # variable configuration (as opposed to INI configuration) is able + # to work. + config = ConfigParser.SafeConfigParser(defaults={ + 'gce_service_account_email_address': '', + 'gce_service_account_pem_file_path': '', + 'gce_project_id': '', + 'libcloud_secrets': '', + }) + if 'gce' not in config.sections(): + config.add_section('gce') + config.read(gce_ini_path) + + # Attempt to get GCE params from a configuration file, if one + # exists. + secrets_path = config.get('gce', 'libcloud_secrets') + secrets_found = False + try: + import secrets + args = list(getattr(secrets, 'GCE_PARAMS', [])) + kwargs = getattr(secrets, 'GCE_KEYWORD_PARAMS', {}) + secrets_found = True + except: + pass + + if not secrets_found and secrets_path: + if not secrets_path.endswith('secrets.py'): + err = "Must specify libcloud secrets file as " + err += "/absolute/path/to/secrets.py" + print(err) + sys.exit(1) + sys.path.append(os.path.dirname(secrets_path)) + try: + import secrets + args = list(getattr(secrets, 'GCE_PARAMS', [])) + kwargs = getattr(secrets, 'GCE_KEYWORD_PARAMS', {}) + secrets_found = True + except: + pass + if not secrets_found: + args = [ + config.get('gce','gce_service_account_email_address'), + config.get('gce','gce_service_account_pem_file_path') + ] + kwargs = {'project': config.get('gce', 'gce_project_id')} + + # If the appropriate environment variables are set, they override + # other configuration; process those into our args and kwargs. + args[0] = os.environ.get('GCE_EMAIL', args[0]) + args[1] = os.environ.get('GCE_PEM_FILE_PATH', args[1]) + kwargs['project'] = os.environ.get('GCE_PROJECT', kwargs['project']) + + # Retrieve and return the GCE driver. + gce = get_driver(Provider.GCE)(*args, **kwargs) + gce.connection.user_agent_append( + '%s/%s' % (USER_AGENT_PRODUCT, USER_AGENT_VERSION), + ) + return gce + + def parse_cli_args(self): + ''' Command line argument processing ''' + + parser = argparse.ArgumentParser( + description='Produce an Ansible Inventory file based on GCE') + parser.add_argument('--list', action='store_true', default=True, + help='List instances (default: True)') + parser.add_argument('--host', action='store', + help='Get all information about an instance') + self.args = parser.parse_args() + + + def node_to_dict(self, inst): + md = {} + + if inst is None: + return {} + + if inst.extra['metadata'].has_key('items'): + for entry in inst.extra['metadata']['items']: + md[entry['key']] = entry['value'] + + net = inst.extra['networkInterfaces'][0]['network'].split('/')[-1] + return { + 'gce_uuid': inst.uuid, + 'gce_id': inst.id, + 'gce_image': inst.image, + 'gce_machine_type': inst.size, + 'gce_private_ip': inst.private_ips[0], + 'gce_public_ip': inst.public_ips[0], + 'gce_name': inst.name, + 'gce_description': inst.extra['description'], + 'gce_status': inst.extra['status'], + 'gce_zone': inst.extra['zone'].name, + 'gce_tags': inst.extra['tags'], + 'gce_metadata': md, + 'gce_network': net, + # Hosts don't have a public name, so we add an IP + 'ansible_ssh_host': inst.public_ips[0] + } + + def get_instance(self, instance_name): + '''Gets details about a specific instance ''' + try: + return self.driver.ex_get_node(instance_name) + except Exception, e: + return None + + def group_instances(self): + '''Group all instances''' + groups = {} + for node in self.driver.list_nodes(): + name = node.name + + zone = node.extra['zone'].name + if groups.has_key(zone): groups[zone].append(name) + else: groups[zone] = [name] + + tags = node.extra['tags'] + for t in tags: + tag = 'tag_%s' % t + if groups.has_key(tag): groups[tag].append(name) + else: groups[tag] = [name] + + net = node.extra['networkInterfaces'][0]['network'].split('/')[-1] + net = 'network_%s' % net + if groups.has_key(net): groups[net].append(name) + else: groups[net] = [name] + + machine_type = node.size + if groups.has_key(machine_type): groups[machine_type].append(name) + else: groups[machine_type] = [name] + + image = node.image and node.image or 'persistent_disk' + if groups.has_key(image): groups[image].append(name) + else: groups[image] = [name] + + status = node.extra['status'] + stat = 'status_%s' % status.lower() + if groups.has_key(stat): groups[stat].append(name) + else: groups[stat] = [name] + return groups + + def json_format_dict(self, data, pretty=False): + ''' Converts a dict to a JSON object and dumps it as a formatted + string ''' + + if pretty: + return json.dumps(data, sort_keys=True, indent=2) + else: + return json.dumps(data) + + +# Run the script +GceInventory() diff --git a/inventory/hosts b/inventory/hosts new file mode 100644 index 000000000..72b7ae646 --- /dev/null +++ b/inventory/hosts @@ -0,0 +1,2 @@ +# Eventually we'll add the GCE, AWS, etc dynamic inventories, but for now... +localhost diff --git a/playbooks/gce/os3-master/config.yml b/playbooks/gce/os3-master/config.yml new file mode 100644 index 000000000..0d44ada5a --- /dev/null +++ b/playbooks/gce/os3-master/config.yml @@ -0,0 +1,41 @@ +- name: "populate oo_hosts_to_config host group if needed" + hosts: localhost + gather_facts: no + tasks: + - name: Evaluate oo_host_group_exp if it's set + add_host: "name={{ item }} groups=oo_hosts_to_config" + with_items: "{{ oo_host_group_exp | default('') }}" + when: oo_host_group_exp is defined + +- name: "Gather facts for minions in {{ oo_env }}" + hosts: "tag_env-host-type-{{ oo_env }}-os3-minion" + connection: ssh + user: root + +- name: "Set OO sepcific facts on localhost (for later use)" + hosts: localhost + gather_facts: no + tasks: + - name: Setting oo_minion_ips fact on localhost + set_fact: + oo_minion_ips: "{{ hostvars + | oo_select_keys(groups['tag_env-host-type-' + oo_env + '-os3-minion']) + | oo_collect(attribute='ansible_eth0.ipv4.address') }}" + when: groups['tag_env-host-type-' + oo_env + '-os3-minion'] is defined + +- name: "Configure instances" + hosts: oo_hosts_to_config + connection: ssh + user: root + vars_files: + - vars.yml + roles: + - ../../../roles/base_os + - ../../../roles/repos + - ../../../roles/etcd + - { + role: ../../../roles/kubernetes_apiserver, + oo_minion_ips: "{{ hostvars['localhost'].oo_minion_ips | default(['']) }}" + } + - ../../../roles/kubernetes_controller_manager + - ../../../roles/pods diff --git a/playbooks/gce/os3-master/launch.yml b/playbooks/gce/os3-master/launch.yml new file mode 100644 index 000000000..2fe105377 --- /dev/null +++ b/playbooks/gce/os3-master/launch.yml @@ -0,0 +1,38 @@ +--- +- name: Launch instance(s) + hosts: localhost + connection: local + gather_facts: no + + vars: + inst_names: "{{ oo_new_inst_names }}" + machine_type: n1-standard-1 + image: libra-rhel7 + + vars_files: + - vars.yml + + tasks: + - name: Launch instances + gce: + instance_names: "{{ inst_names }}" + machine_type: "{{ machine_type }}" + image: "{{ image }}" + service_account_email: "{{ gce_service_account_email }}" + pem_file: "{{ gce_pem_file }}" + project_id: "{{ gce_project_id }}" + tags: "{{ oo_new_inst_tags }}" + register: gce + + - name: Add new instances public IPs to oo_hosts_to_config + add_host: "hostname={{ item.name }} ansible_ssh_host={{ item.public_ip }} groupname=oo_hosts_to_config" + with_items: gce.instance_data + + - name: Wait for ssh + wait_for: "port=22 host={{ item.public_ip }}" + with_items: gce.instance_data + + - debug: var=gce + +# Apply the configs, seprate so that just the configs can be run by themselves +- include: config.yml diff --git a/playbooks/gce/os3-master/vars.yml b/playbooks/gce/os3-master/vars.yml new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/playbooks/gce/os3-master/vars.yml diff --git a/playbooks/gce/os3-minion/config.yml b/playbooks/gce/os3-minion/config.yml new file mode 100644 index 000000000..6ac051d4b --- /dev/null +++ b/playbooks/gce/os3-minion/config.yml @@ -0,0 +1,43 @@ +- name: "populate oo_hosts_to_config host group if needed" + hosts: localhost + gather_facts: no + tasks: + - name: Evaluate oo_host_group_exp + add_host: "name={{ item }} groups=oo_hosts_to_config" + with_items: "{{ oo_host_group_exp | default('') }}" + when: oo_host_group_exp is defined + +- name: "Gather facts for masters in {{ oo_env }}" + hosts: "tag_env-host-type-{{ oo_env }}-os3-master" + connection: ssh + user: root + +- name: "Set OO sepcific facts on localhost (for later use)" + hosts: localhost + gather_facts: no + tasks: + - name: Setting oo_master_ips fact on localhost + set_fact: + oo_master_ips: "{{ hostvars + | oo_select_keys(groups['tag_env-host-type-' + oo_env + '-os3-master']) + | oo_collect(attribute='ansible_eth0.ipv4.address') }}" + when: groups['tag_env-host-type-' + oo_env + '-os3-master'] is defined + +- name: "Configure instances" + hosts: oo_hosts_to_config + connection: ssh + user: root + vars_files: + - vars.yml + roles: + - ../../../roles/base_os + - ../../../roles/repos + - ../../../roles/docker + - { + role: ../../../roles/kubernetes_kubelet, + oo_master_ips: "{{ hostvars['localhost'].oo_master_ips | default(['']) }}" + } + - { + role: ../../../roles/kubernetes_proxy, + oo_master_ips: "{{ hostvars['localhost'].oo_master_ips | default(['']) }}" + } diff --git a/playbooks/gce/os3-minion/launch.yml b/playbooks/gce/os3-minion/launch.yml new file mode 100644 index 000000000..2fe105377 --- /dev/null +++ b/playbooks/gce/os3-minion/launch.yml @@ -0,0 +1,38 @@ +--- +- name: Launch instance(s) + hosts: localhost + connection: local + gather_facts: no + + vars: + inst_names: "{{ oo_new_inst_names }}" + machine_type: n1-standard-1 + image: libra-rhel7 + + vars_files: + - vars.yml + + tasks: + - name: Launch instances + gce: + instance_names: "{{ inst_names }}" + machine_type: "{{ machine_type }}" + image: "{{ image }}" + service_account_email: "{{ gce_service_account_email }}" + pem_file: "{{ gce_pem_file }}" + project_id: "{{ gce_project_id }}" + tags: "{{ oo_new_inst_tags }}" + register: gce + + - name: Add new instances public IPs to oo_hosts_to_config + add_host: "hostname={{ item.name }} ansible_ssh_host={{ item.public_ip }} groupname=oo_hosts_to_config" + with_items: gce.instance_data + + - name: Wait for ssh + wait_for: "port=22 host={{ item.public_ip }}" + with_items: gce.instance_data + + - debug: var=gce + +# Apply the configs, seprate so that just the configs can be run by themselves +- include: config.yml diff --git a/playbooks/gce/os3-minion/vars.yml b/playbooks/gce/os3-minion/vars.yml new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/playbooks/gce/os3-minion/vars.yml diff --git a/playbooks/gce/os3-registry/config.yml b/playbooks/gce/os3-registry/config.yml new file mode 100644 index 000000000..8103faa5f --- /dev/null +++ b/playbooks/gce/os3-registry/config.yml @@ -0,0 +1,17 @@ +- name: "populate oo_hosts_to_config host group if needed" + hosts: localhost + gather_facts: no + tasks: + - name: Evaluate oo_host_group_exp + add_host: "name={{ item }} groups=oo_hosts_to_config" + with_items: "{{ oo_host_group_exp | default('') }}" + when: oo_host_group_exp is defined + +- name: "Configure instances" + hosts: oo_hosts_to_config + connection: ssh + user: root + vars_files: + - vars.yml + roles: + - ../../../roles/base_os diff --git a/playbooks/gce/os3-registry/launch.yml b/playbooks/gce/os3-registry/launch.yml new file mode 100644 index 000000000..2fe105377 --- /dev/null +++ b/playbooks/gce/os3-registry/launch.yml @@ -0,0 +1,38 @@ +--- +- name: Launch instance(s) + hosts: localhost + connection: local + gather_facts: no + + vars: + inst_names: "{{ oo_new_inst_names }}" + machine_type: n1-standard-1 + image: libra-rhel7 + + vars_files: + - vars.yml + + tasks: + - name: Launch instances + gce: + instance_names: "{{ inst_names }}" + machine_type: "{{ machine_type }}" + image: "{{ image }}" + service_account_email: "{{ gce_service_account_email }}" + pem_file: "{{ gce_pem_file }}" + project_id: "{{ gce_project_id }}" + tags: "{{ oo_new_inst_tags }}" + register: gce + + - name: Add new instances public IPs to oo_hosts_to_config + add_host: "hostname={{ item.name }} ansible_ssh_host={{ item.public_ip }} groupname=oo_hosts_to_config" + with_items: gce.instance_data + + - name: Wait for ssh + wait_for: "port=22 host={{ item.public_ip }}" + with_items: gce.instance_data + + - debug: var=gce + +# Apply the configs, seprate so that just the configs can be run by themselves +- include: config.yml diff --git a/playbooks/gce/os3-registry/vars.yml b/playbooks/gce/os3-registry/vars.yml new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/playbooks/gce/os3-registry/vars.yml diff --git a/playbooks/gce/os3-router/config.yml b/playbooks/gce/os3-router/config.yml new file mode 100644 index 000000000..8103faa5f --- /dev/null +++ b/playbooks/gce/os3-router/config.yml @@ -0,0 +1,17 @@ +- name: "populate oo_hosts_to_config host group if needed" + hosts: localhost + gather_facts: no + tasks: + - name: Evaluate oo_host_group_exp + add_host: "name={{ item }} groups=oo_hosts_to_config" + with_items: "{{ oo_host_group_exp | default('') }}" + when: oo_host_group_exp is defined + +- name: "Configure instances" + hosts: oo_hosts_to_config + connection: ssh + user: root + vars_files: + - vars.yml + roles: + - ../../../roles/base_os diff --git a/playbooks/gce/os3-router/launch.yml b/playbooks/gce/os3-router/launch.yml new file mode 100644 index 000000000..2fe105377 --- /dev/null +++ b/playbooks/gce/os3-router/launch.yml @@ -0,0 +1,38 @@ +--- +- name: Launch instance(s) + hosts: localhost + connection: local + gather_facts: no + + vars: + inst_names: "{{ oo_new_inst_names }}" + machine_type: n1-standard-1 + image: libra-rhel7 + + vars_files: + - vars.yml + + tasks: + - name: Launch instances + gce: + instance_names: "{{ inst_names }}" + machine_type: "{{ machine_type }}" + image: "{{ image }}" + service_account_email: "{{ gce_service_account_email }}" + pem_file: "{{ gce_pem_file }}" + project_id: "{{ gce_project_id }}" + tags: "{{ oo_new_inst_tags }}" + register: gce + + - name: Add new instances public IPs to oo_hosts_to_config + add_host: "hostname={{ item.name }} ansible_ssh_host={{ item.public_ip }} groupname=oo_hosts_to_config" + with_items: gce.instance_data + + - name: Wait for ssh + wait_for: "port=22 host={{ item.public_ip }}" + with_items: gce.instance_data + + - debug: var=gce + +# Apply the configs, seprate so that just the configs can be run by themselves +- include: config.yml diff --git a/playbooks/gce/os3-router/vars.yml b/playbooks/gce/os3-router/vars.yml new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/playbooks/gce/os3-router/vars.yml diff --git a/roles/base_os/files/irbrc b/roles/base_os/files/irbrc new file mode 100644 index 000000000..47374e920 --- /dev/null +++ b/roles/base_os/files/irbrc @@ -0,0 +1,2 @@ +require 'irb/completion' +IRB.conf[:PROMPT_MODE] = :SIMPLE diff --git a/roles/base_os/files/vimrc b/roles/base_os/files/vimrc new file mode 100644 index 000000000..537b944ed --- /dev/null +++ b/roles/base_os/files/vimrc @@ -0,0 +1,12 @@ +set tabstop=4 +set shiftwidth=4 +set expandtab +set list + +"flag problematic whitespace (trailing and spaces before tabs) +"Note you get the same by doing let c_space_errors=1 but +"this rule really applies to everything. +highlight RedundantSpaces term=standout ctermbg=red guibg=red +match RedundantSpaces /\s\+$\| \+\ze\t/ "\ze sets end of match so only spaces highlighted +"use :set list! to toggle visible whitespace on/off +set listchars=tab:>-,trail:.,extends:> diff --git a/roles/base_os/tasks/main.yaml b/roles/base_os/tasks/main.yaml new file mode 100644 index 000000000..ff8cfbe33 --- /dev/null +++ b/roles/base_os/tasks/main.yaml @@ -0,0 +1,26 @@ +--- +# basic role, configures irbrc, vimrc + +- name: Ensure irbrc is installed for user root + copy: > + src=irbrc + dest=/root/.irbrc + +- name: Ensure vimrc is installed for user root + copy: > + src=vimrc + dest=/root/.vimrc + +- name: Ensure vimrc is installed for user root + copy: > + src=vimrc + dest=/root/.vimrc + +- name: Install firewalld + yum: pkg=firewalld state=installed + +- name: enable firewalld service + command: /usr/bin/systemctl enable firewalld.service + +- name: start firewalld service + command: /usr/bin/systemctl start firewalld.service diff --git a/roles/docker/README.md b/roles/docker/README.md new file mode 100644 index 000000000..225dd44b9 --- /dev/null +++ b/roles/docker/README.md @@ -0,0 +1,38 @@ +Role Name +========= + +A brief description of the role goes here. + +Requirements +------------ + +Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. + +Role Variables +-------------- + +A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. + +Dependencies +------------ + +A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. + +Example Playbook +---------------- + +Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: + + - hosts: servers + roles: + - { role: username.rolename, x: 42 } + +License +------- + +BSD + +Author Information +------------------ + +An optional section for the role authors to include contact information, or a website (HTML is not allowed). diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml new file mode 100644 index 000000000..f0327f611 --- /dev/null +++ b/roles/docker/defaults/main.yml @@ -0,0 +1,2 @@ +--- +# defaults file for docker diff --git a/roles/docker/files/enter-container.sh b/roles/docker/files/enter-container.sh new file mode 100755 index 000000000..7cf5b8d83 --- /dev/null +++ b/roles/docker/files/enter-container.sh @@ -0,0 +1,13 @@ +#!/bin/bash + +if [ $# -ne 1 ] +then + echo + echo "Usage: $(basename $0) <container_name>" + echo + exit 1 +fi + +PID=$(docker inspect --format '{{.State.Pid}}' $1) + +nsenter --target $PID --mount --uts --ipc --net --pid diff --git a/roles/docker/handlers/main.yml b/roles/docker/handlers/main.yml new file mode 100644 index 000000000..a2bea013a --- /dev/null +++ b/roles/docker/handlers/main.yml @@ -0,0 +1,2 @@ +--- +# handlers file for docker diff --git a/roles/docker/meta/main.yml b/roles/docker/meta/main.yml new file mode 100644 index 000000000..c5c362c60 --- /dev/null +++ b/roles/docker/meta/main.yml @@ -0,0 +1,124 @@ +--- +galaxy_info: + author: your name + description: + company: your company (optional) + # Some suggested licenses: + # - BSD (default) + # - MIT + # - GPLv2 + # - GPLv3 + # - Apache + # - CC-BY + license: license (GPLv2, CC-BY, etc) + min_ansible_version: 1.2 + # + # Below are all platforms currently available. Just uncomment + # the ones that apply to your role. If you don't see your + # platform on this list, let us know and we'll get it added! + # + #platforms: + #- name: EL + # versions: + # - all + # - 5 + # - 6 + # - 7 + #- name: GenericUNIX + # versions: + # - all + # - any + #- name: Fedora + # versions: + # - all + # - 16 + # - 17 + # - 18 + # - 19 + # - 20 + #- name: opensuse + # versions: + # - all + # - 12.1 + # - 12.2 + # - 12.3 + # - 13.1 + # - 13.2 + #- name: Amazon + # versions: + # - all + # - 2013.03 + # - 2013.09 + #- name: GenericBSD + # versions: + # - all + # - any + #- name: FreeBSD + # versions: + # - all + # - 8.0 + # - 8.1 + # - 8.2 + # - 8.3 + # - 8.4 + # - 9.0 + # - 9.1 + # - 9.1 + # - 9.2 + #- name: Ubuntu + # versions: + # - all + # - lucid + # - maverick + # - natty + # - oneiric + # - precise + # - quantal + # - raring + # - saucy + # - trusty + #- name: SLES + # versions: + # - all + # - 10SP3 + # - 10SP4 + # - 11 + # - 11SP1 + # - 11SP2 + # - 11SP3 + #- name: GenericLinux + # versions: + # - all + # - any + #- name: Debian + # versions: + # - all + # - etch + # - lenny + # - squeeze + # - wheezy + # + # Below are all categories currently available. Just as with + # the platforms above, uncomment those that apply to your role. + # + #categories: + #- cloud + #- cloud:ec2 + #- cloud:gce + #- cloud:rax + #- clustering + #- database + #- database:nosql + #- database:sql + #- development + #- monitoring + #- networking + #- packaging + #- system + #- web +dependencies: [] + # List your role dependencies here, one per line. Only + # dependencies available via galaxy should be listed here. + # Be sure to remove the '[]' above if you add dependencies + # to this list. + diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml new file mode 100644 index 000000000..2223bb675 --- /dev/null +++ b/roles/docker/tasks/main.yml @@ -0,0 +1,18 @@ +--- +# tasks file for docker +- name: Install docker + yum: pkg=docker + +- name: enable docker service + command: /usr/bin/systemctl enable docker.service + +- name: start the docker service + command: /usr/bin/systemctl start docker.service + +- copy: src=enter-container.sh dest=/usr/local/bin/enter-container.sh mode=0755 + +# From the origin rpm there exists instructions on how to +# setup origin properly. The following steps come from there +- name: Change root to be in the Docker group + command: usermod -G docker -a root + diff --git a/roles/docker/vars/main.yml b/roles/docker/vars/main.yml new file mode 100644 index 000000000..3806b4c7e --- /dev/null +++ b/roles/docker/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for docker diff --git a/roles/etcd/README.md b/roles/etcd/README.md new file mode 100644 index 000000000..225dd44b9 --- /dev/null +++ b/roles/etcd/README.md @@ -0,0 +1,38 @@ +Role Name +========= + +A brief description of the role goes here. + +Requirements +------------ + +Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. + +Role Variables +-------------- + +A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. + +Dependencies +------------ + +A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. + +Example Playbook +---------------- + +Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: + + - hosts: servers + roles: + - { role: username.rolename, x: 42 } + +License +------- + +BSD + +Author Information +------------------ + +An optional section for the role authors to include contact information, or a website (HTML is not allowed). diff --git a/roles/etcd/defaults/main.yml b/roles/etcd/defaults/main.yml new file mode 100644 index 000000000..8e1a0fa3d --- /dev/null +++ b/roles/etcd/defaults/main.yml @@ -0,0 +1,2 @@ +--- +# defaults file for etcd diff --git a/roles/etcd/handlers/main.yml b/roles/etcd/handlers/main.yml new file mode 100644 index 000000000..b897913f9 --- /dev/null +++ b/roles/etcd/handlers/main.yml @@ -0,0 +1,3 @@ +--- +- name: restart etcd + service: name=etcd state=restarted diff --git a/roles/etcd/meta/main.yml b/roles/etcd/meta/main.yml new file mode 100644 index 000000000..c5c362c60 --- /dev/null +++ b/roles/etcd/meta/main.yml @@ -0,0 +1,124 @@ +--- +galaxy_info: + author: your name + description: + company: your company (optional) + # Some suggested licenses: + # - BSD (default) + # - MIT + # - GPLv2 + # - GPLv3 + # - Apache + # - CC-BY + license: license (GPLv2, CC-BY, etc) + min_ansible_version: 1.2 + # + # Below are all platforms currently available. Just uncomment + # the ones that apply to your role. If you don't see your + # platform on this list, let us know and we'll get it added! + # + #platforms: + #- name: EL + # versions: + # - all + # - 5 + # - 6 + # - 7 + #- name: GenericUNIX + # versions: + # - all + # - any + #- name: Fedora + # versions: + # - all + # - 16 + # - 17 + # - 18 + # - 19 + # - 20 + #- name: opensuse + # versions: + # - all + # - 12.1 + # - 12.2 + # - 12.3 + # - 13.1 + # - 13.2 + #- name: Amazon + # versions: + # - all + # - 2013.03 + # - 2013.09 + #- name: GenericBSD + # versions: + # - all + # - any + #- name: FreeBSD + # versions: + # - all + # - 8.0 + # - 8.1 + # - 8.2 + # - 8.3 + # - 8.4 + # - 9.0 + # - 9.1 + # - 9.1 + # - 9.2 + #- name: Ubuntu + # versions: + # - all + # - lucid + # - maverick + # - natty + # - oneiric + # - precise + # - quantal + # - raring + # - saucy + # - trusty + #- name: SLES + # versions: + # - all + # - 10SP3 + # - 10SP4 + # - 11 + # - 11SP1 + # - 11SP2 + # - 11SP3 + #- name: GenericLinux + # versions: + # - all + # - any + #- name: Debian + # versions: + # - all + # - etch + # - lenny + # - squeeze + # - wheezy + # + # Below are all categories currently available. Just as with + # the platforms above, uncomment those that apply to your role. + # + #categories: + #- cloud + #- cloud:ec2 + #- cloud:gce + #- cloud:rax + #- clustering + #- database + #- database:nosql + #- database:sql + #- development + #- monitoring + #- networking + #- packaging + #- system + #- web +dependencies: [] + # List your role dependencies here, one per line. Only + # dependencies available via galaxy should be listed here. + # Be sure to remove the '[]' above if you add dependencies + # to this list. + diff --git a/roles/etcd/tasks/main.yml b/roles/etcd/tasks/main.yml new file mode 100644 index 000000000..062d2e8a9 --- /dev/null +++ b/roles/etcd/tasks/main.yml @@ -0,0 +1,20 @@ +--- +- name: Install etcd + yum: pkg=etcd state=installed disable_gpg_check=yes + +- name: Install etcdctl + yum: pkg=etcdctl state=installed disable_gpg_check=yes + +- name: Write etcd global config file + template: src=etcd.conf.j2 dest=/etc/etcd/etcd.conf + notify: + - restart etcd + +- name: Open firewalld port for etcd + firewalld: port=4001/tcp permanent=false state=enabled + +- name: Save firewalld port for etcd + firewalld: port=4001/tcp permanent=true state=enabled + +- name: Enable etcd + service: name=etcd enabled=yes state=started diff --git a/roles/etcd/templates/etcd.conf.j2 b/roles/etcd/templates/etcd.conf.j2 new file mode 100644 index 000000000..1b43f6552 --- /dev/null +++ b/roles/etcd/templates/etcd.conf.j2 @@ -0,0 +1,34 @@ +# This configuration file is written in [TOML](https://github.com/mojombo/toml) + +# addr = "127.0.0.1:4001" +# bind_addr = "127.0.0.1:4001" +# ca_file = "" +# cert_file = "" +# cors = [] +# cpu_profile_file = "" +# data_dir = "." +# discovery = "http://etcd.local:4001/v2/keys/_etcd/registry/examplecluster" +# http_read_timeout = 10 +# http_write_timeout = 10 +# key_file = "" +# peers = [] +# peers_file = "" +# max_cluster_size = 9 +# max_result_buffer = 1024 +# max_retry_attempts = 3 +# name = "default-name" +# snapshot = false +# verbose = false +# very_verbose = false + +# [peer] +# addr = "127.0.0.1:7001" +# bind_addr = "127.0.0.1:7001" +# ca_file = "" +# cert_file = "" +# key_file = "" + +# [cluster] +# active_size = 9 +# remove_delay = 1800.0 +# sync_interval = 5.0 diff --git a/roles/etcd/vars/main.yml b/roles/etcd/vars/main.yml new file mode 100644 index 000000000..508856abe --- /dev/null +++ b/roles/etcd/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for etcd diff --git a/roles/kubernetes_apiserver/README.md b/roles/kubernetes_apiserver/README.md new file mode 100644 index 000000000..225dd44b9 --- /dev/null +++ b/roles/kubernetes_apiserver/README.md @@ -0,0 +1,38 @@ +Role Name +========= + +A brief description of the role goes here. + +Requirements +------------ + +Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. + +Role Variables +-------------- + +A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. + +Dependencies +------------ + +A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. + +Example Playbook +---------------- + +Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: + + - hosts: servers + roles: + - { role: username.rolename, x: 42 } + +License +------- + +BSD + +Author Information +------------------ + +An optional section for the role authors to include contact information, or a website (HTML is not allowed). diff --git a/roles/kubernetes_apiserver/defaults/main.yml b/roles/kubernetes_apiserver/defaults/main.yml new file mode 100644 index 000000000..ab2f8bd50 --- /dev/null +++ b/roles/kubernetes_apiserver/defaults/main.yml @@ -0,0 +1,2 @@ +--- +# defaults file for kubernetes_apiserver diff --git a/roles/kubernetes_apiserver/handlers/main.yml b/roles/kubernetes_apiserver/handlers/main.yml new file mode 100644 index 000000000..5ecb096f0 --- /dev/null +++ b/roles/kubernetes_apiserver/handlers/main.yml @@ -0,0 +1,4 @@ +--- +# handlers file for kubernetes_apiserver +- name: restart kubernetes-apiserver + service: name=kubernetes-apiserver state=restarted diff --git a/roles/kubernetes_apiserver/meta/main.yml b/roles/kubernetes_apiserver/meta/main.yml new file mode 100644 index 000000000..c5c362c60 --- /dev/null +++ b/roles/kubernetes_apiserver/meta/main.yml @@ -0,0 +1,124 @@ +--- +galaxy_info: + author: your name + description: + company: your company (optional) + # Some suggested licenses: + # - BSD (default) + # - MIT + # - GPLv2 + # - GPLv3 + # - Apache + # - CC-BY + license: license (GPLv2, CC-BY, etc) + min_ansible_version: 1.2 + # + # Below are all platforms currently available. Just uncomment + # the ones that apply to your role. If you don't see your + # platform on this list, let us know and we'll get it added! + # + #platforms: + #- name: EL + # versions: + # - all + # - 5 + # - 6 + # - 7 + #- name: GenericUNIX + # versions: + # - all + # - any + #- name: Fedora + # versions: + # - all + # - 16 + # - 17 + # - 18 + # - 19 + # - 20 + #- name: opensuse + # versions: + # - all + # - 12.1 + # - 12.2 + # - 12.3 + # - 13.1 + # - 13.2 + #- name: Amazon + # versions: + # - all + # - 2013.03 + # - 2013.09 + #- name: GenericBSD + # versions: + # - all + # - any + #- name: FreeBSD + # versions: + # - all + # - 8.0 + # - 8.1 + # - 8.2 + # - 8.3 + # - 8.4 + # - 9.0 + # - 9.1 + # - 9.1 + # - 9.2 + #- name: Ubuntu + # versions: + # - all + # - lucid + # - maverick + # - natty + # - oneiric + # - precise + # - quantal + # - raring + # - saucy + # - trusty + #- name: SLES + # versions: + # - all + # - 10SP3 + # - 10SP4 + # - 11 + # - 11SP1 + # - 11SP2 + # - 11SP3 + #- name: GenericLinux + # versions: + # - all + # - any + #- name: Debian + # versions: + # - all + # - etch + # - lenny + # - squeeze + # - wheezy + # + # Below are all categories currently available. Just as with + # the platforms above, uncomment those that apply to your role. + # + #categories: + #- cloud + #- cloud:ec2 + #- cloud:gce + #- cloud:rax + #- clustering + #- database + #- database:nosql + #- database:sql + #- development + #- monitoring + #- networking + #- packaging + #- system + #- web +dependencies: [] + # List your role dependencies here, one per line. Only + # dependencies available via galaxy should be listed here. + # Be sure to remove the '[]' above if you add dependencies + # to this list. + diff --git a/roles/kubernetes_apiserver/tasks/main.yml b/roles/kubernetes_apiserver/tasks/main.yml new file mode 100644 index 000000000..622ecd5ca --- /dev/null +++ b/roles/kubernetes_apiserver/tasks/main.yml @@ -0,0 +1,25 @@ +--- +# tasks file for kubernetes_apiserver +- name: Install kubernetes + yum: pkg=kubernetes + +- name: Configure apiserver settings + lineinfile: > + dest=/etc/sysconfig/kubernetes + regexp={{ item.regex }} + line="{{ item.line }}" + with_items: + - { regex: '^KUBE_API_MACHINES=', line: 'KUBE_API_MACHINES=\"{{ oo_minion_ips | join(",") }}\"' } + - { regex: '^KUBE_API_ADDRESS=', line: 'KUBE_API_ADDRESS=\"0.0.0.0\"' } + notify: + - restart kubernetes-apiserver + +- name: Enable apiserver + service: name=kubernetes-apiserver enabled=yes state=started + +- name: Open firewalld port for apiserver + firewalld: port=8080/tcp permanent=false state=enabled + +- name: Save firewalld port for apiserver + firewalld: port=8080/tcp permanent=true state=enabled + diff --git a/roles/kubernetes_apiserver/vars/main.yml b/roles/kubernetes_apiserver/vars/main.yml new file mode 100644 index 000000000..1f5cb46d6 --- /dev/null +++ b/roles/kubernetes_apiserver/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for kubernetes_apiserver diff --git a/roles/kubernetes_controller_manager/README.md b/roles/kubernetes_controller_manager/README.md new file mode 100644 index 000000000..225dd44b9 --- /dev/null +++ b/roles/kubernetes_controller_manager/README.md @@ -0,0 +1,38 @@ +Role Name +========= + +A brief description of the role goes here. + +Requirements +------------ + +Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. + +Role Variables +-------------- + +A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. + +Dependencies +------------ + +A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. + +Example Playbook +---------------- + +Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: + + - hosts: servers + roles: + - { role: username.rolename, x: 42 } + +License +------- + +BSD + +Author Information +------------------ + +An optional section for the role authors to include contact information, or a website (HTML is not allowed). diff --git a/roles/kubernetes_controller_manager/defaults/main.yml b/roles/kubernetes_controller_manager/defaults/main.yml new file mode 100644 index 000000000..205f3e164 --- /dev/null +++ b/roles/kubernetes_controller_manager/defaults/main.yml @@ -0,0 +1,2 @@ +--- +# defaults file for kubernetes_controller_manager diff --git a/roles/kubernetes_controller_manager/handlers/main.yml b/roles/kubernetes_controller_manager/handlers/main.yml new file mode 100644 index 000000000..a763ccd6c --- /dev/null +++ b/roles/kubernetes_controller_manager/handlers/main.yml @@ -0,0 +1,5 @@ +--- +# handlers file for kubernetes_controller_manager +- name: restart kubernetes-controller-manager + service: name=kubernetes-controller-manager state=restarted + diff --git a/roles/kubernetes_controller_manager/meta/main.yml b/roles/kubernetes_controller_manager/meta/main.yml new file mode 100644 index 000000000..c5c362c60 --- /dev/null +++ b/roles/kubernetes_controller_manager/meta/main.yml @@ -0,0 +1,124 @@ +--- +galaxy_info: + author: your name + description: + company: your company (optional) + # Some suggested licenses: + # - BSD (default) + # - MIT + # - GPLv2 + # - GPLv3 + # - Apache + # - CC-BY + license: license (GPLv2, CC-BY, etc) + min_ansible_version: 1.2 + # + # Below are all platforms currently available. Just uncomment + # the ones that apply to your role. If you don't see your + # platform on this list, let us know and we'll get it added! + # + #platforms: + #- name: EL + # versions: + # - all + # - 5 + # - 6 + # - 7 + #- name: GenericUNIX + # versions: + # - all + # - any + #- name: Fedora + # versions: + # - all + # - 16 + # - 17 + # - 18 + # - 19 + # - 20 + #- name: opensuse + # versions: + # - all + # - 12.1 + # - 12.2 + # - 12.3 + # - 13.1 + # - 13.2 + #- name: Amazon + # versions: + # - all + # - 2013.03 + # - 2013.09 + #- name: GenericBSD + # versions: + # - all + # - any + #- name: FreeBSD + # versions: + # - all + # - 8.0 + # - 8.1 + # - 8.2 + # - 8.3 + # - 8.4 + # - 9.0 + # - 9.1 + # - 9.1 + # - 9.2 + #- name: Ubuntu + # versions: + # - all + # - lucid + # - maverick + # - natty + # - oneiric + # - precise + # - quantal + # - raring + # - saucy + # - trusty + #- name: SLES + # versions: + # - all + # - 10SP3 + # - 10SP4 + # - 11 + # - 11SP1 + # - 11SP2 + # - 11SP3 + #- name: GenericLinux + # versions: + # - all + # - any + #- name: Debian + # versions: + # - all + # - etch + # - lenny + # - squeeze + # - wheezy + # + # Below are all categories currently available. Just as with + # the platforms above, uncomment those that apply to your role. + # + #categories: + #- cloud + #- cloud:ec2 + #- cloud:gce + #- cloud:rax + #- clustering + #- database + #- database:nosql + #- database:sql + #- development + #- monitoring + #- networking + #- packaging + #- system + #- web +dependencies: [] + # List your role dependencies here, one per line. Only + # dependencies available via galaxy should be listed here. + # Be sure to remove the '[]' above if you add dependencies + # to this list. + diff --git a/roles/kubernetes_controller_manager/tasks/main.yml b/roles/kubernetes_controller_manager/tasks/main.yml new file mode 100644 index 000000000..68aee6f19 --- /dev/null +++ b/roles/kubernetes_controller_manager/tasks/main.yml @@ -0,0 +1,7 @@ +--- +# tasks file for kubernetes_controller_manager +- name: Install kubernetes + yum: pkg=kubernetes + +- name: Enable controller-manager + service: name=kubernetes-controller-manager enabled=yes state=started diff --git a/roles/kubernetes_controller_manager/vars/main.yml b/roles/kubernetes_controller_manager/vars/main.yml new file mode 100644 index 000000000..4436c9358 --- /dev/null +++ b/roles/kubernetes_controller_manager/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for kubernetes_controller_manager diff --git a/roles/kubernetes_kubelet/README.md b/roles/kubernetes_kubelet/README.md new file mode 100644 index 000000000..225dd44b9 --- /dev/null +++ b/roles/kubernetes_kubelet/README.md @@ -0,0 +1,38 @@ +Role Name +========= + +A brief description of the role goes here. + +Requirements +------------ + +Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. + +Role Variables +-------------- + +A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. + +Dependencies +------------ + +A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. + +Example Playbook +---------------- + +Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: + + - hosts: servers + roles: + - { role: username.rolename, x: 42 } + +License +------- + +BSD + +Author Information +------------------ + +An optional section for the role authors to include contact information, or a website (HTML is not allowed). diff --git a/roles/kubernetes_kubelet/defaults/main.yml b/roles/kubernetes_kubelet/defaults/main.yml new file mode 100644 index 000000000..72daecfe7 --- /dev/null +++ b/roles/kubernetes_kubelet/defaults/main.yml @@ -0,0 +1,2 @@ +--- +# defaults file for kubernetes_kubelet diff --git a/roles/kubernetes_kubelet/files/kubelet.service b/roles/kubernetes_kubelet/files/kubelet.service new file mode 100644 index 000000000..fef69a803 --- /dev/null +++ b/roles/kubernetes_kubelet/files/kubelet.service @@ -0,0 +1,10 @@ +[Unit] +Description=Kubernetes Kubelet Server +Documentation=https://github.com/GoogleCloudPlatform/kubernetes + +[Service] +EnvironmentFile=/etc/sysconfig/kubelet +ExecStart=/usr/local/bin/kubelet "$DAEMON_ARGS" + +[Install] +WantedBy=multi-user.target diff --git a/roles/kubernetes_kubelet/handlers/main.yml b/roles/kubernetes_kubelet/handlers/main.yml new file mode 100644 index 000000000..36b0c27b6 --- /dev/null +++ b/roles/kubernetes_kubelet/handlers/main.yml @@ -0,0 +1,4 @@ +--- +# handlers file for kubernetes_kubelet +- name: restart kubelet + service: name=kubernetes-kubelet state=restarted diff --git a/roles/kubernetes_kubelet/meta/main.yml b/roles/kubernetes_kubelet/meta/main.yml new file mode 100644 index 000000000..c5c362c60 --- /dev/null +++ b/roles/kubernetes_kubelet/meta/main.yml @@ -0,0 +1,124 @@ +--- +galaxy_info: + author: your name + description: + company: your company (optional) + # Some suggested licenses: + # - BSD (default) + # - MIT + # - GPLv2 + # - GPLv3 + # - Apache + # - CC-BY + license: license (GPLv2, CC-BY, etc) + min_ansible_version: 1.2 + # + # Below are all platforms currently available. Just uncomment + # the ones that apply to your role. If you don't see your + # platform on this list, let us know and we'll get it added! + # + #platforms: + #- name: EL + # versions: + # - all + # - 5 + # - 6 + # - 7 + #- name: GenericUNIX + # versions: + # - all + # - any + #- name: Fedora + # versions: + # - all + # - 16 + # - 17 + # - 18 + # - 19 + # - 20 + #- name: opensuse + # versions: + # - all + # - 12.1 + # - 12.2 + # - 12.3 + # - 13.1 + # - 13.2 + #- name: Amazon + # versions: + # - all + # - 2013.03 + # - 2013.09 + #- name: GenericBSD + # versions: + # - all + # - any + #- name: FreeBSD + # versions: + # - all + # - 8.0 + # - 8.1 + # - 8.2 + # - 8.3 + # - 8.4 + # - 9.0 + # - 9.1 + # - 9.1 + # - 9.2 + #- name: Ubuntu + # versions: + # - all + # - lucid + # - maverick + # - natty + # - oneiric + # - precise + # - quantal + # - raring + # - saucy + # - trusty + #- name: SLES + # versions: + # - all + # - 10SP3 + # - 10SP4 + # - 11 + # - 11SP1 + # - 11SP2 + # - 11SP3 + #- name: GenericLinux + # versions: + # - all + # - any + #- name: Debian + # versions: + # - all + # - etch + # - lenny + # - squeeze + # - wheezy + # + # Below are all categories currently available. Just as with + # the platforms above, uncomment those that apply to your role. + # + #categories: + #- cloud + #- cloud:ec2 + #- cloud:gce + #- cloud:rax + #- clustering + #- database + #- database:nosql + #- database:sql + #- development + #- monitoring + #- networking + #- packaging + #- system + #- web +dependencies: [] + # List your role dependencies here, one per line. Only + # dependencies available via galaxy should be listed here. + # Be sure to remove the '[]' above if you add dependencies + # to this list. + diff --git a/roles/kubernetes_kubelet/tasks/main.yml b/roles/kubernetes_kubelet/tasks/main.yml new file mode 100644 index 000000000..48eab7f84 --- /dev/null +++ b/roles/kubernetes_kubelet/tasks/main.yml @@ -0,0 +1,31 @@ +--- +# tasks file for kubernetes_kubelet +- name: Install kubernetes + yum: pkg=kubernetes state=installed + +- name: Configure kubelet + lineinfile: > + dest=/etc/sysconfig/kubernetes + regexp={{ item.regex }} + line="{{ item.line }}" + with_items: + - { regex: '^KUBE_ETCD_SERVERS=', line: 'KUBE_ETCD_SERVERS=\"http://{{ oo_master_ips[0] }}:4001\"' } + - { regex: '^KUBE_KUBELET_ADDRESS=', line: 'KUBE_KUBELET_ADDRESS=\"0.0.0.0\"' } + - { regex: '^KUBE_KUBELET_HOSTNAME_OVERRIDE=', line: 'KUBE_KUBELET_HOSTNAME_OVERRIDE=\"{{ hostvars[inventory_hostname].ansible_eth0.ipv4.address }}\"' } + notify: + - restart kubelet + + +#- name: write the cadvisor config +# template: src=cadvisor.manifest dest=/etc/kubernetes/manifests/cadvisor.manifest +# notify: +# - restart kubelet + +- name: Enable kubelet + service: name=kubernetes-kubelet enabled=yes state=started + +- name: Open firewalld port for the kubelet + firewalld: port=10250/tcp permanent=false state=enabled + +- name: Save firewalld port for the kubelet + firewalld: port=10250/tcp permanent=true state=enabled diff --git a/roles/kubernetes_kubelet/templates/cadvisor.manifest b/roles/kubernetes_kubelet/templates/cadvisor.manifest new file mode 100644 index 000000000..064803cbe --- /dev/null +++ b/roles/kubernetes_kubelet/templates/cadvisor.manifest @@ -0,0 +1,33 @@ +version: v1beta2 +id: cadvisor-agent +containers: + - name: cadvisor + image: google/cadvisor:latest + ports: + - name: http + containerPort: 8080 + hostPort: 4194 + volumeMounts: + - name: varrun + mountPath: /var/run + readOnly: false + - name: varlibdocker + mountPath: /var/lib/docker + readOnly: true + - name: cgroups + mountPath: /sys/fs/cgroup + readOnly: true +volumes: + - name: varrun + source: + hostDir: + path: /var/run + - name: varlibdocker + source: + hostDir: + path: /var/lib/docker + - name: cgroups + source: + hostDir: + path: /sys/fs/cgroup + diff --git a/roles/kubernetes_kubelet/templates/kubelet b/roles/kubernetes_kubelet/templates/kubelet new file mode 100644 index 000000000..fbf9321fe --- /dev/null +++ b/roles/kubernetes_kubelet/templates/kubelet @@ -0,0 +1,3 @@ + +DAEMON_ARGS=" -etcd_servers=http://10.245.1.2:4001 -hostname_override=10.245.2.2 -address=0.0.0.0 -config=/etc/kubernetes/manifests" + diff --git a/roles/kubernetes_kubelet/vars/main.yml b/roles/kubernetes_kubelet/vars/main.yml new file mode 100644 index 000000000..000e642a2 --- /dev/null +++ b/roles/kubernetes_kubelet/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for kubernetes_kubelet diff --git a/roles/kubernetes_proxy/README.md b/roles/kubernetes_proxy/README.md new file mode 100644 index 000000000..225dd44b9 --- /dev/null +++ b/roles/kubernetes_proxy/README.md @@ -0,0 +1,38 @@ +Role Name +========= + +A brief description of the role goes here. + +Requirements +------------ + +Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. + +Role Variables +-------------- + +A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. + +Dependencies +------------ + +A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. + +Example Playbook +---------------- + +Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: + + - hosts: servers + roles: + - { role: username.rolename, x: 42 } + +License +------- + +BSD + +Author Information +------------------ + +An optional section for the role authors to include contact information, or a website (HTML is not allowed). diff --git a/roles/kubernetes_proxy/defaults/main.yml b/roles/kubernetes_proxy/defaults/main.yml new file mode 100644 index 000000000..e0c322437 --- /dev/null +++ b/roles/kubernetes_proxy/defaults/main.yml @@ -0,0 +1,2 @@ +--- +# defaults file for kubernetes_proxy diff --git a/roles/kubernetes_proxy/handlers/main.yml b/roles/kubernetes_proxy/handlers/main.yml new file mode 100644 index 000000000..86ddde519 --- /dev/null +++ b/roles/kubernetes_proxy/handlers/main.yml @@ -0,0 +1,4 @@ +--- +# handlers file for kubernetes_proxy +- name: restart kubernetes-proxy + service: name=kubernetes-proxy state=restarted diff --git a/roles/kubernetes_proxy/meta/main.yml b/roles/kubernetes_proxy/meta/main.yml new file mode 100644 index 000000000..c5c362c60 --- /dev/null +++ b/roles/kubernetes_proxy/meta/main.yml @@ -0,0 +1,124 @@ +--- +galaxy_info: + author: your name + description: + company: your company (optional) + # Some suggested licenses: + # - BSD (default) + # - MIT + # - GPLv2 + # - GPLv3 + # - Apache + # - CC-BY + license: license (GPLv2, CC-BY, etc) + min_ansible_version: 1.2 + # + # Below are all platforms currently available. Just uncomment + # the ones that apply to your role. If you don't see your + # platform on this list, let us know and we'll get it added! + # + #platforms: + #- name: EL + # versions: + # - all + # - 5 + # - 6 + # - 7 + #- name: GenericUNIX + # versions: + # - all + # - any + #- name: Fedora + # versions: + # - all + # - 16 + # - 17 + # - 18 + # - 19 + # - 20 + #- name: opensuse + # versions: + # - all + # - 12.1 + # - 12.2 + # - 12.3 + # - 13.1 + # - 13.2 + #- name: Amazon + # versions: + # - all + # - 2013.03 + # - 2013.09 + #- name: GenericBSD + # versions: + # - all + # - any + #- name: FreeBSD + # versions: + # - all + # - 8.0 + # - 8.1 + # - 8.2 + # - 8.3 + # - 8.4 + # - 9.0 + # - 9.1 + # - 9.1 + # - 9.2 + #- name: Ubuntu + # versions: + # - all + # - lucid + # - maverick + # - natty + # - oneiric + # - precise + # - quantal + # - raring + # - saucy + # - trusty + #- name: SLES + # versions: + # - all + # - 10SP3 + # - 10SP4 + # - 11 + # - 11SP1 + # - 11SP2 + # - 11SP3 + #- name: GenericLinux + # versions: + # - all + # - any + #- name: Debian + # versions: + # - all + # - etch + # - lenny + # - squeeze + # - wheezy + # + # Below are all categories currently available. Just as with + # the platforms above, uncomment those that apply to your role. + # + #categories: + #- cloud + #- cloud:ec2 + #- cloud:gce + #- cloud:rax + #- clustering + #- database + #- database:nosql + #- database:sql + #- development + #- monitoring + #- networking + #- packaging + #- system + #- web +dependencies: [] + # List your role dependencies here, one per line. Only + # dependencies available via galaxy should be listed here. + # Be sure to remove the '[]' above if you add dependencies + # to this list. + diff --git a/roles/kubernetes_proxy/tasks/main.yml b/roles/kubernetes_proxy/tasks/main.yml new file mode 100644 index 000000000..901b5f3ad --- /dev/null +++ b/roles/kubernetes_proxy/tasks/main.yml @@ -0,0 +1,17 @@ +--- +# tasks file for kubernetes_proxy +- name: Install kubernetes + yum: pkg=kubernetes state=installed + +- name: Configure kubernetes-proxy etcd servers + lineinfile: > + dest=/etc/sysconfig/kubernetes + regexp={{ item.regex }} + line="{{ item.line }}" + with_items: + - { regex: '^KUBE_ETCD_SERVERS=', line: 'KUBE_ETCD_SERVERS=\"http://{{ oo_master_ips[0] }}:4001\"' } + notify: + - restart kubernetes-proxy + +- name: Enable proxy + service: name=kubernetes-proxy enabled=yes state=started diff --git a/roles/kubernetes_proxy/vars/main.yml b/roles/kubernetes_proxy/vars/main.yml new file mode 100644 index 000000000..cbdcaa90d --- /dev/null +++ b/roles/kubernetes_proxy/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for kubernetes_proxy diff --git a/roles/pods/README.md b/roles/pods/README.md new file mode 100644 index 000000000..225dd44b9 --- /dev/null +++ b/roles/pods/README.md @@ -0,0 +1,38 @@ +Role Name +========= + +A brief description of the role goes here. + +Requirements +------------ + +Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. + +Role Variables +-------------- + +A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. + +Dependencies +------------ + +A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. + +Example Playbook +---------------- + +Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: + + - hosts: servers + roles: + - { role: username.rolename, x: 42 } + +License +------- + +BSD + +Author Information +------------------ + +An optional section for the role authors to include contact information, or a website (HTML is not allowed). diff --git a/roles/pods/defaults/main.yml b/roles/pods/defaults/main.yml new file mode 100644 index 000000000..027ac0fd8 --- /dev/null +++ b/roles/pods/defaults/main.yml @@ -0,0 +1,2 @@ +--- +# defaults file for pods diff --git a/roles/pods/files/pods/fedora_apache.json b/roles/pods/files/pods/fedora_apache.json new file mode 100644 index 000000000..54eb712c2 --- /dev/null +++ b/roles/pods/files/pods/fedora_apache.json @@ -0,0 +1,21 @@ +{ + "id": "apache", + "desiredState": { + "manifest": { + "version": "v1beta1", + "id": "apache-1", + "containers": [{ + "name": "master", + "image": "fedora/apache", + "ports": [{ + "containerPort": 80, + "hostPort": 80 + }] + }] + } + }, + "labels": { + "name": "apache", + "distro": "fedora" + } +} diff --git a/roles/pods/files/pods/frontend-controller.json b/roles/pods/files/pods/frontend-controller.json new file mode 100644 index 000000000..1558724b6 --- /dev/null +++ b/roles/pods/files/pods/frontend-controller.json @@ -0,0 +1,23 @@ +{ + "id": "frontendController", + "kind": "ReplicationController", + "apiVersion": "v1beta1", + "desiredState": { + "replicas": 2, + "replicaSelector": {"name": "frontend"}, + "podTemplate": { + "desiredState": { + "manifest": { + "version": "v1beta1", + "id": "frontendController", + "containers": [{ + "name": "php-redis", + "image": "brendanburns/php-redis", + "ports": [{"containerPort": 80, "hostPort": 8000}] + }] + } + }, + "labels": {"name": "frontend"} + }}, + "labels": {"name": "frontend"} +} diff --git a/roles/pods/files/pods/redis-master-service.json b/roles/pods/files/pods/redis-master-service.json new file mode 100644 index 000000000..80808dcd6 --- /dev/null +++ b/roles/pods/files/pods/redis-master-service.json @@ -0,0 +1,10 @@ +{ + "id": "redismaster", + "kind": "Service", + "apiVersion": "v1beta1", + "port": 10000, + "containerPort": 6379, + "selector": { + "name": "redis-master" + } +} diff --git a/roles/pods/files/pods/redis-master.json b/roles/pods/files/pods/redis-master.json new file mode 100644 index 000000000..71acea530 --- /dev/null +++ b/roles/pods/files/pods/redis-master.json @@ -0,0 +1,22 @@ +{ + "id": "redis-master-2", + "kind": "Pod", + "apiVersion": "v1beta1", + "desiredState": { + "manifest": { + "version": "v1beta1", + "id": "redis-master-2", + "containers": [{ + "name": "master", + "image": "dockerfile/redis", + "ports": [{ + "containerPort": 6379, + "hostPort": 6379 + }] + }] + } + }, + "labels": { + "name": "redis-master" + } +} diff --git a/roles/pods/files/pods/redis-slave-controller.json b/roles/pods/files/pods/redis-slave-controller.json new file mode 100644 index 000000000..5c8d1ea30 --- /dev/null +++ b/roles/pods/files/pods/redis-slave-controller.json @@ -0,0 +1,24 @@ +{ + "id": "redisSlaveController", + "kind": "ReplicationController", + "apiVersion": "v1beta1", + "desiredState": { + "replicas": 2, + "replicaSelector": {"name": "redisslave"}, + "podTemplate": { + "desiredState": { + "manifest": { + "version": "v1beta1", + "id": "redisSlaveController", + "containers": [{ + "name": "slave", + "image": "brendanburns/redis-slave", + "ports": [{"containerPort": 6379, "hostPort": 6380}] + }] + } + }, + "labels": {"name": "redisslave"} + }}, + "labels": {"name": "redisslave"} +} + diff --git a/roles/pods/files/pods/redis-slave-service.json b/roles/pods/files/pods/redis-slave-service.json new file mode 100644 index 000000000..f90a9be9f --- /dev/null +++ b/roles/pods/files/pods/redis-slave-service.json @@ -0,0 +1,13 @@ +{ + "id": "redisslave", + "kind": "Service", + "apiVersion": "v1beta1", + "port": 10001, + "containerPort": 6379, + "labels": { + "name": "redisslave" + }, + "selector": { + "name": "redisslave" + } +} diff --git a/roles/pods/handlers/main.yml b/roles/pods/handlers/main.yml new file mode 100644 index 000000000..809f95836 --- /dev/null +++ b/roles/pods/handlers/main.yml @@ -0,0 +1,2 @@ +--- +# handlers file for pods diff --git a/roles/pods/meta/main.yml b/roles/pods/meta/main.yml new file mode 100644 index 000000000..c5c362c60 --- /dev/null +++ b/roles/pods/meta/main.yml @@ -0,0 +1,124 @@ +--- +galaxy_info: + author: your name + description: + company: your company (optional) + # Some suggested licenses: + # - BSD (default) + # - MIT + # - GPLv2 + # - GPLv3 + # - Apache + # - CC-BY + license: license (GPLv2, CC-BY, etc) + min_ansible_version: 1.2 + # + # Below are all platforms currently available. Just uncomment + # the ones that apply to your role. If you don't see your + # platform on this list, let us know and we'll get it added! + # + #platforms: + #- name: EL + # versions: + # - all + # - 5 + # - 6 + # - 7 + #- name: GenericUNIX + # versions: + # - all + # - any + #- name: Fedora + # versions: + # - all + # - 16 + # - 17 + # - 18 + # - 19 + # - 20 + #- name: opensuse + # versions: + # - all + # - 12.1 + # - 12.2 + # - 12.3 + # - 13.1 + # - 13.2 + #- name: Amazon + # versions: + # - all + # - 2013.03 + # - 2013.09 + #- name: GenericBSD + # versions: + # - all + # - any + #- name: FreeBSD + # versions: + # - all + # - 8.0 + # - 8.1 + # - 8.2 + # - 8.3 + # - 8.4 + # - 9.0 + # - 9.1 + # - 9.1 + # - 9.2 + #- name: Ubuntu + # versions: + # - all + # - lucid + # - maverick + # - natty + # - oneiric + # - precise + # - quantal + # - raring + # - saucy + # - trusty + #- name: SLES + # versions: + # - all + # - 10SP3 + # - 10SP4 + # - 11 + # - 11SP1 + # - 11SP2 + # - 11SP3 + #- name: GenericLinux + # versions: + # - all + # - any + #- name: Debian + # versions: + # - all + # - etch + # - lenny + # - squeeze + # - wheezy + # + # Below are all categories currently available. Just as with + # the platforms above, uncomment those that apply to your role. + # + #categories: + #- cloud + #- cloud:ec2 + #- cloud:gce + #- cloud:rax + #- clustering + #- database + #- database:nosql + #- database:sql + #- development + #- monitoring + #- networking + #- packaging + #- system + #- web +dependencies: [] + # List your role dependencies here, one per line. Only + # dependencies available via galaxy should be listed here. + # Be sure to remove the '[]' above if you add dependencies + # to this list. + diff --git a/roles/pods/tasks/main.yml b/roles/pods/tasks/main.yml new file mode 100644 index 000000000..30c387c65 --- /dev/null +++ b/roles/pods/tasks/main.yml @@ -0,0 +1,6 @@ +--- +- name: Transfer the fedora_apache pod template + file: path=/usr/local/etc/pods state=directory + +- name: Transfer the fedora_apache pod template + copy: directory_mode=on src=pods/ dest=/usr/local/etc/pods/ diff --git a/roles/pods/vars/main.yml b/roles/pods/vars/main.yml new file mode 100644 index 000000000..c9ed1df03 --- /dev/null +++ b/roles/pods/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for pods diff --git a/roles/repos/files/RPM-GPG-KEY-redhat-release b/roles/repos/files/RPM-GPG-KEY-redhat-release new file mode 100644 index 000000000..0f83b622d --- /dev/null +++ b/roles/repos/files/RPM-GPG-KEY-redhat-release @@ -0,0 +1,63 @@ +The following public key can be used to verify RPM packages built and +signed by Red Hat, Inc. This key is used for packages in Red Hat +products shipped after November 2009, and for all updates to those +products. + +Questions about this key should be sent to security@redhat.com. + +pub 4096R/FD431D51 2009-10-22 Red Hat, Inc. (release key 2) <security@redhat.com> + +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.2.6 (GNU/Linux) + +mQINBErgSTsBEACh2A4b0O9t+vzC9VrVtL1AKvUWi9OPCjkvR7Xd8DtJxeeMZ5eF +0HtzIG58qDRybwUe89FZprB1ffuUKzdE+HcL3FbNWSSOXVjZIersdXyH3NvnLLLF +0DNRB2ix3bXG9Rh/RXpFsNxDp2CEMdUvbYCzE79K1EnUTVh1L0Of023FtPSZXX0c +u7Pb5DI5lX5YeoXO6RoodrIGYJsVBQWnrWw4xNTconUfNPk0EGZtEnzvH2zyPoJh +XGF+Ncu9XwbalnYde10OCvSWAZ5zTCpoLMTvQjWpbCdWXJzCm6G+/hx9upke546H +5IjtYm4dTIVTnc3wvDiODgBKRzOl9rEOCIgOuGtDxRxcQkjrC+xvg5Vkqn7vBUyW +9pHedOU+PoF3DGOM+dqv+eNKBvh9YF9ugFAQBkcG7viZgvGEMGGUpzNgN7XnS1gj +/DPo9mZESOYnKceve2tIC87p2hqjrxOHuI7fkZYeNIcAoa83rBltFXaBDYhWAKS1 +PcXS1/7JzP0ky7d0L6Xbu/If5kqWQpKwUInXtySRkuraVfuK3Bpa+X1XecWi24JY +HVtlNX025xx1ewVzGNCTlWn1skQN2OOoQTV4C8/qFpTW6DTWYurd4+fE0OJFJZQF +buhfXYwmRlVOgN5i77NTIJZJQfYFj38c/Iv5vZBPokO6mffrOTv3MHWVgQARAQAB +tDNSZWQgSGF0LCBJbmMuIChyZWxlYXNlIGtleSAyKSA8c2VjdXJpdHlAcmVkaGF0 +LmNvbT6JAjYEEwECACAFAkrgSTsCGwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAK +CRAZni+R/UMdUWzpD/9s5SFR/ZF3yjY5VLUFLMXIKUztNN3oc45fyLdTI3+UClKC +2tEruzYjqNHhqAEXa2sN1fMrsuKec61Ll2NfvJjkLKDvgVIh7kM7aslNYVOP6BTf +C/JJ7/ufz3UZmyViH/WDl+AYdgk3JqCIO5w5ryrC9IyBzYv2m0HqYbWfphY3uHw5 +un3ndLJcu8+BGP5F+ONQEGl+DRH58Il9Jp3HwbRa7dvkPgEhfFR+1hI+Btta2C7E +0/2NKzCxZw7Lx3PBRcU92YKyaEihfy/aQKZCAuyfKiMvsmzs+4poIX7I9NQCJpyE +IGfINoZ7VxqHwRn/d5mw2MZTJjbzSf+Um9YJyA0iEEyD6qjriWQRbuxpQXmlAJbh +8okZ4gbVFv1F8MzK+4R8VvWJ0XxgtikSo72fHjwha7MAjqFnOq6eo6fEC/75g3NL +Ght5VdpGuHk0vbdENHMC8wS99e5qXGNDued3hlTavDMlEAHl34q2H9nakTGRF5Ki +JUfNh3DVRGhg8cMIti21njiRh7gyFI2OccATY7bBSr79JhuNwelHuxLrCFpY7V25 +OFktl15jZJaMxuQBqYdBgSay2G0U6D1+7VsWufpzd/Abx1/c3oi9ZaJvW22kAggq +dzdA27UUYjWvx42w9menJwh/0jeQcTecIUd0d0rFcw/c1pvgMMl/Q73yzKgKYw== +=zbHE +-----END PGP PUBLIC KEY BLOCK----- +The following public key can be used to verify RPM packages built and +signed by Red Hat, Inc. This key is a supporting (auxiliary) key for +Red Hat products shipped after November 2006 and for all updates to +those products. + +Questions about this key should be sent to security@redhat.com. + +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.2.6 (GNU/Linux) + +mQGiBEVwDGkRBACwPhZIpvkjI8wV9sFTDoqyPLx1ub8Sd/w+YuI5Ovm49mvvEQVT +VLg8FgE5JlST59AbsLDyVtRa9CxIvN5syBVrWWWtHtDnnylFBcqG/A6J3bI4E9/A +UtSL5Zxbav0+utP6f3wOpxQrxc+WIDVgpurdBKAQ3dsobGBqypeX6FXZ5wCgou6C +yZpGIBqosJaDWLzNeOfb/70D/1thLkQyhW3JJ6cHCYJHNfBShvbLWBf6S231mgmu +MyMlt8Kmipc9bw+saaAkSkVsQ/ZbfjrWB7e5kbMruKLVrH+nGhamlHYUGyAPtsPg +Uj/NUSj5BmrCsOkMpn43ngTLssE9MLhSPj2nIHGFv9B+iVLvomDdwnaBRgQ1aK8z +z6MAA/406yf5yVJ/MlTWs1/68VwDhosc9BtU1V5IE0NXgZUAfBJzzfVzzKQq6zJ2 +eZsMLhr96wbsW13zUZt1ing+ulwh2ee4meuJq6h/971JspFY/XBhcfq4qCNqVjsq +SZnWoGdCO6J8CxPIemD2IUHzjoyyeEj3RVydup6pcWZAmhzkKrQzUmVkIEhhdCwg +SW5jLiAoYXV4aWxpYXJ5IGtleSkgPHNlY3VyaXR5QHJlZGhhdC5jb20+iF4EExEC +AB4FAkVwDGkCGwMGCwkIBwMCAxUCAwMWAgECHgECF4AACgkQRWiciC+mWOC1rQCg +ooNLCFOzNPcvhd9Za8C801HmnsYAniCw3yzrCqtjYnxDDxlufH0FVTwX +=d/bm +-----END PGP PUBLIC KEY BLOCK----- + diff --git a/roles/repos/files/docker.repo b/roles/repos/files/docker.repo new file mode 100644 index 000000000..25ecf9310 --- /dev/null +++ b/roles/repos/files/docker.repo @@ -0,0 +1,5 @@ +[docker] +name= Temporary Docker rpm +baseurl=http://10.240.169.148/mirror/docker +gpgcheck=0 +enabled=1 diff --git a/roles/repos/files/epel7-kubernetes.repo b/roles/repos/files/epel7-kubernetes.repo new file mode 100644 index 000000000..1deae2939 --- /dev/null +++ b/roles/repos/files/epel7-kubernetes.repo @@ -0,0 +1,6 @@ +[maxamillion-epel7-kubernetes] +name=Copr repo for epel7-kubernetes owned by maxamillion +baseurl=http://copr-be.cloud.fedoraproject.org/results/maxamillion/epel7-kubernetes/epel-7-$basearch/ +skip_if_unavailable=True +gpgcheck=0 +enabled=1 diff --git a/roles/repos/files/oso-rhui-rhel-7-server.repo b/roles/repos/files/oso-rhui-rhel-7-server.repo new file mode 100644 index 000000000..d32070634 --- /dev/null +++ b/roles/repos/files/oso-rhui-rhel-7-server.repo @@ -0,0 +1,13 @@ +[oso-rhel-7-server] +name=Red Hat Enterprise Linux 7 Server from RHUI (RPMs) +baseurl=http://10.240.169.148/mirror/rhui-rhel-server-7-releases +enabled=1 +gpgcheck=1 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release + +[oso-rhel-7-server-optional] +name=Red Hat Enterprise Linux 7 Server - Optional from RHUI (RPMs) +baseurl=http://10.240.169.148/mirror/rhui-rhel-server-7-releases-optional +enabled=1 +gpgcheck=1 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release diff --git a/roles/repos/files/rhel-7-libra-candidate.repo b/roles/repos/files/rhel-7-libra-candidate.repo new file mode 100644 index 000000000..0901bf707 --- /dev/null +++ b/roles/repos/files/rhel-7-libra-candidate.repo @@ -0,0 +1,10 @@ +[rhel-7-libra-candidate] +name=rhel-7-libra-candidate - \$basearch +baseurl=https://mirror1.ops.rhcloud.com/libra/rhel-7-libra-candidate/\$basearch/ +gpgkey=https://mirror1.ops.rhcloud.com/libra/RPM-GPG-KEY-redhat-release https://mirror1.ops.rhcloud.com/libra/RPM-GPG-KEY-redhat-beta https://mirror1.ops.rhcloud.com/libra/RPM-GPG-KEY-redhat-openshifthosted +skip_if_unavailable=True +gpgcheck=0 +enabled=1 +sslclientcert=/var/lib/yum/client-cert.pem +sslclientkey=/var/lib/yum/client-key.pem +sslverify=False diff --git a/roles/repos/tasks/main.yaml b/roles/repos/tasks/main.yaml new file mode 100644 index 000000000..d078f9c97 --- /dev/null +++ b/roles/repos/tasks/main.yaml @@ -0,0 +1,27 @@ +--- +# The following role lays down the correct repository and gpg key for yum + +#- name: Ensure oso rhui rhel 7 server repository exists in yum.repos.d +# copy: > +# src=oso-rhui-rhel-7-server.repo +# dest=/etc/yum.repos.d/oso-rhui-rhel-7-server.repo +# +#- name: Ensure Red Hat GPG Key is in place for the previous repo +# copy: > +# src=RPM-GPG-KEY-redhat-release +# dest=/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release + +- name: Ensure rhel-7-libra-candidate client-key.pem exists + copy: src=client-key.pem dest=/var/lib/yum/client-key.pem + +- name: Ensure rhel-7-libra-candidate client-cert.pem exists + copy: src=client-cert.pem dest=/var/lib/yum/client-cert.pem + +- name: Ensure rhel 7 libra candidate exists in yum.repos.d + copy: src=rhel-7-libra-candidate.repo dest=/etc/yum.repos.d/rhel-7-libra-candidate.repo + +- name: Ensure a docker repo is laid down + copy: src=docker.repo dest=/etc/yum.repos.d/docker.repo + +- name: Ensure the kubernetes repo is available + copy: src=epel7-kubernetes.repo dest=/etc/yum.repos.d/epel7-kubernetes.repo |