diff options
19 files changed, 295 insertions, 71 deletions
diff --git a/inventory/byo/hosts.aep.example b/inventory/byo/hosts.aep.example index deeea2e40..43b646c93 100644 --- a/inventory/byo/hosts.aep.example +++ b/inventory/byo/hosts.aep.example @@ -90,6 +90,30 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # LDAP auth #openshift_master_identity_providers=[{'name': 'my_ldap_provider', 'challenge': 'true', 'login': 'true', 'kind': 'LDAPPasswordIdentityProvider', 'attributes': {'id': ['dn'], 'email': ['mail'], 'name': ['cn'], 'preferredUsername': ['uid']}, 'bindDN': '', 'bindPassword': '', 'ca': '', 'insecure': 'false', 'url': 'ldap://ldap.example.com:389/ou=users,dc=example,dc=com?uid'}] +# Cloud Provider Configuration +# +# Note: You may make use of environment variables rather than store +# sensitive configuration within the ansible inventory. +# For example: +#openshift_cloudprovider_aws_access_key="{{ lookup('env','AWS_ACCESS_KEY_ID') }}" +#openshift_cloudprovider_aws_secret_key="{{ lookup('env','AWS_SECRET_ACCESS_KEY') }}" +# +# AWS +#openshift_cloudprovider_kind=aws +# Note: IAM profiles may be used instead of storing API credentials on disk. +#openshift_cloudprovider_aws_access_key=aws_access_key_id +#openshift_cloudprovider_aws_secret_key=aws_secret_access_key +# +# Openstack +#openshift_cloudprovider_kind=openstack +#openshift_cloudprovider_openstack_auth_url=http://openstack.example.com:35357/v2.0/ +#openshift_cloudprovider_openstack_username=username +#openshift_cloudprovider_openstack_password=password +#openshift_cloudprovider_openstack_tenand_id=tenant_id +#openshift_cloudprovider_openstack_tenant_name=tenant_name +#openshift_cloudprovider_openstack_region=region +#openshift_cloudprovider_openstack_lb_subnet_id=subnet_id + # Project Configuration #osm_project_request_message='' #osm_project_request_template='' diff --git a/inventory/byo/hosts.origin.example b/inventory/byo/hosts.origin.example index 8963c2ad6..8b8dbade0 100644 --- a/inventory/byo/hosts.origin.example +++ b/inventory/byo/hosts.origin.example @@ -95,6 +95,30 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # LDAP auth #openshift_master_identity_providers=[{'name': 'my_ldap_provider', 'challenge': 'true', 'login': 'true', 'kind': 'LDAPPasswordIdentityProvider', 'attributes': {'id': ['dn'], 'email': ['mail'], 'name': ['cn'], 'preferredUsername': ['uid']}, 'bindDN': '', 'bindPassword': '', 'ca': '', 'insecure': 'false', 'url': 'ldap://ldap.example.com:389/ou=users,dc=example,dc=com?uid'}] +# Cloud Provider Configuration +# +# Note: You may make use of environment variables rather than store +# sensitive configuration within the ansible inventory. +# For example: +#openshift_cloudprovider_aws_access_key="{{ lookup('env','AWS_ACCESS_KEY_ID') }}" +#openshift_cloudprovider_aws_secret_key="{{ lookup('env','AWS_SECRET_ACCESS_KEY') }}" +# +# AWS +#openshift_cloudprovider_kind=aws +# Note: IAM profiles may be used instead of storing API credentials on disk. +#openshift_cloudprovider_aws_access_key=aws_access_key_id +#openshift_cloudprovider_aws_secret_key=aws_secret_access_key +# +# Openstack +#openshift_cloudprovider_kind=openstack +#openshift_cloudprovider_openstack_auth_url=http://openstack.example.com:35357/v2.0/ +#openshift_cloudprovider_openstack_username=username +#openshift_cloudprovider_openstack_password=password +#openshift_cloudprovider_openstack_tenand_id=tenant_id +#openshift_cloudprovider_openstack_tenant_name=tenant_name +#openshift_cloudprovider_openstack_region=region +#openshift_cloudprovider_openstack_lb_subnet_id=subnet_id + # Project Configuration #osm_project_request_message='' #osm_project_request_template='' diff --git a/inventory/byo/hosts.ose.example b/inventory/byo/hosts.ose.example index b931a684d..4c6aae0bd 100644 --- a/inventory/byo/hosts.ose.example +++ b/inventory/byo/hosts.ose.example @@ -91,6 +91,30 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # LDAP auth #openshift_master_identity_providers=[{'name': 'my_ldap_provider', 'challenge': 'true', 'login': 'true', 'kind': 'LDAPPasswordIdentityProvider', 'attributes': {'id': ['dn'], 'email': ['mail'], 'name': ['cn'], 'preferredUsername': ['uid']}, 'bindDN': '', 'bindPassword': '', 'ca': '', 'insecure': 'false', 'url': 'ldap://ldap.example.com:389/ou=users,dc=example,dc=com?uid'}] +# Cloud Provider Configuration +# +# Note: You may make use of environment variables rather than store +# sensitive configuration within the ansible inventory. +# For example: +#openshift_cloudprovider_aws_access_key="{{ lookup('env','AWS_ACCESS_KEY_ID') }}" +#openshift_cloudprovider_aws_secret_key="{{ lookup('env','AWS_SECRET_ACCESS_KEY') }}" +# +# AWS +#openshift_cloudprovider_kind=aws +# Note: IAM profiles may be used instead of storing API credentials on disk. +#openshift_cloudprovider_aws_access_key=aws_access_key_id +#openshift_cloudprovider_aws_secret_key=aws_secret_access_key +# +# Openstack +#openshift_cloudprovider_kind=openstack +#openshift_cloudprovider_openstack_auth_url=http://openstack.example.com:35357/v2.0/ +#openshift_cloudprovider_openstack_username=username +#openshift_cloudprovider_openstack_password=password +#openshift_cloudprovider_openstack_tenand_id=tenant_id +#openshift_cloudprovider_openstack_tenant_name=tenant_name +#openshift_cloudprovider_openstack_region=region +#openshift_cloudprovider_openstack_lb_subnet_id=subnet_id + # Project Configuration #osm_project_request_message='' #osm_project_request_template='' diff --git a/roles/openshift_cloud_provider/defaults/main.yml b/roles/openshift_cloud_provider/defaults/main.yml deleted file mode 100644 index 6c7403232..000000000 --- a/roles/openshift_cloud_provider/defaults/main.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -ocp_os_auth_url: "{{ lookup('env', 'OS_AUTH_URL') }}" -ocp_os_username: "{{ lookup('env', 'OS_USERNAME') }}" -ocp_os_password: "{{ lookup('env', 'OS_PASSWORD') }}" -ocp_os_tenant_id: "{{ lookup('env', 'OS_TENANT_ID') }}" -ocp_os_tenant_name: "{{ lookup('env', 'OS_TENANT_NAME') }}" -ocp_os_region: "{{ lookup('env', 'OS_REGION_NAME') }}" diff --git a/roles/openshift_cloud_provider/meta/main.yml b/roles/openshift_cloud_provider/meta/main.yml new file mode 100644 index 000000000..8ab95bf5a --- /dev/null +++ b/roles/openshift_cloud_provider/meta/main.yml @@ -0,0 +1,15 @@ +--- +galaxy_info: + author: Sylvain Baubeau, Andrew Butcher + description: OpenShift Cloud Provider + company: Red Hat, Inc. + license: Apache License, Version 2.0 + min_ansible_version: 1.9 + platforms: + - name: EL + versions: + - 7 + categories: + - cloud +dependencies: +- role: openshift_facts diff --git a/roles/openshift_cloud_provider/tasks/aws.yml b/roles/openshift_cloud_provider/tasks/aws.yml new file mode 100644 index 000000000..bf2abcbf5 --- /dev/null +++ b/roles/openshift_cloud_provider/tasks/aws.yml @@ -0,0 +1,6 @@ +- name: Create cloud config + ini_file: + dest: "{{ openshift.common.config_base }}/cloudprovider/aws.conf" + section: Global + option: Zone + value: "{{ openshift.provider.zone }}" diff --git a/roles/openshift_cloud_provider/tasks/main.yml b/roles/openshift_cloud_provider/tasks/main.yml index e14f944e8..471fd686b 100644 --- a/roles/openshift_cloud_provider/tasks/main.yml +++ b/roles/openshift_cloud_provider/tasks/main.yml @@ -1,3 +1,24 @@ --- +- name: Set cloud provider facts + openshift_facts: + role: cloudprovider + openshift_env: "{{ item | oo_openshift_env }}" + openshift_env_structures: + - 'openshift.cloudprovider.aws.*' + - 'openshift.cloudprovider.openstack.*' + no_log: true + with_items: + - "{{ hostvars[inventory_hostname] }}" + - "{{ hostvars }}" + +- name: Create cloudprovider config dir + file: + path: "{{ openshift.common.config_base }}/cloudprovider" + state: directory + when: has_cloudprovider | bool + - include: openstack.yml - when: "openshift_cloud_provider is defined and openshift_cloud_provider == 'openstack' and 'provider' in openshift and openshift.provider.name == 'openstack'" + when: cloudprovider_is_openstack | bool + +- include: aws.yml + when: cloudprovider_is_aws | bool diff --git a/roles/openshift_cloud_provider/tasks/openstack.yml b/roles/openshift_cloud_provider/tasks/openstack.yml index a56f1891a..c501121e5 100644 --- a/roles/openshift_cloud_provider/tasks/openstack.yml +++ b/roles/openshift_cloud_provider/tasks/openstack.yml @@ -1,9 +1,10 @@ +--- - fail: msg: "The Openstack integration requires OpenShift Enterprise 3.2 or Origin 1.2." when: not openshift.common.version_gte_3_2_or_1_2 | bool -- name: Create /etc/cloud.conf +- name: Create cloud config template: - dest: /etc/cloud.conf - src: openstack/cloud.conf.j2 - when: ocp_os_auth_url and ocp_os_username and ocp_os_password and (ocp_os_tenant_id or ocp_os_tenant_name)
\ No newline at end of file + dest: "{{ openshift.common.config_base }}/cloudprovider/openstack.conf" + src: openstack.conf.j2 + when: "'auth_url' in openshift.cloudprovider.openstack and 'username' in openshift.cloudprovider.openstack and 'password' in openshift.cloudprovider.openstack and ('tenant_id' in openshift.cloudprovider.openstack or 'tenant_name' in openshift.cloudprovider.openstack)" diff --git a/roles/openshift_cloud_provider/templates/openstack.conf.j2 b/roles/openshift_cloud_provider/templates/openstack.conf.j2 new file mode 100644 index 000000000..1b70edc16 --- /dev/null +++ b/roles/openshift_cloud_provider/templates/openstack.conf.j2 @@ -0,0 +1,17 @@ +[Global] +auth-url = {{ openshift.cloudprovider.openstack.auth_url }} +username = {{ openshift.cloudprovider.openstack.username }} +password = {{ openshift.cloudprovider.openstack.password }} +{% if 'tenant_id' in openshift.cloudprovider.openstack %} +tenant-id = {{ openshift.cloudprovider.openstack.tenant_id }} +{% else %} +tenant-name = {{ openshift.cloudprovider.openstack.tenant_name }} +{% endif %} +{% if 'region' in openshift.cloudprovider.openstack %} +region = {{ openshift.cloudprovider.openstack.region }} +{% endif %} +{% if 'lb_subnet_id' in openshift.cloudprovider.openstack %} ++ ++[LoadBalancer] ++subnet-id = {{ openshift.cloudprovider.openstack.lb_subnet_id }} ++{% endif %} diff --git a/roles/openshift_cloud_provider/templates/openstack/cloud.conf.j2 b/roles/openshift_cloud_provider/templates/openstack/cloud.conf.j2 deleted file mode 100644 index 388f3a735..000000000 --- a/roles/openshift_cloud_provider/templates/openstack/cloud.conf.j2 +++ /dev/null @@ -1,17 +0,0 @@ -[Global] -auth-url = {{ ocp_os_auth_url }} -username = {{ ocp_os_username }} -password = {{ ocp_os_password }} -{% if ocp_os_tenant_id %} -tenant-id = {{ ocp_os_tenant_id }} -{% else %} -tenant-name = {{ ocp_os_tenant_name }} -{% endif %} -{% if ocp_os_region %} -region = {{ ocp_os_region }} -{% endif %} -{% if ocp_os_lb_subnet_id is defined %} -+ -+[LoadBalancer] -+subnet-id = {{ ocp_os_lb_subnet_id }} -+{% endif %}
\ No newline at end of file diff --git a/roles/openshift_cloud_provider/vars/main.yml b/roles/openshift_cloud_provider/vars/main.yml new file mode 100644 index 000000000..c608e9b54 --- /dev/null +++ b/roles/openshift_cloud_provider/vars/main.yml @@ -0,0 +1,4 @@ +--- +has_cloudprovider: "{{ 'cloudprovider' in openshift and 'kind' in openshift.cloudprovider and openshift.cloudprovider.kind != None }}" +cloudprovider_is_aws: "{{ has_cloudprovider | bool and openshift.cloudprovider.kind == 'aws' }}" +cloudprovider_is_openstack: "{{ has_cloudprovider | bool and openshift.cloudprovider.kind == 'openstack' }}" diff --git a/roles/openshift_common/meta/main.yml b/roles/openshift_common/meta/main.yml index d879db0aa..02150406d 100644 --- a/roles/openshift_common/meta/main.yml +++ b/roles/openshift_common/meta/main.yml @@ -12,7 +12,6 @@ galaxy_info: categories: - cloud dependencies: -- { role: os_firewall } -- { role: openshift_facts } -- { role: openshift_repos } -- { role: openshift_cloud_provider } +- role: os_firewall +- role: openshift_facts +- role: openshift_repos diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index ea7406e5b..02e5f161a 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -332,14 +332,10 @@ def normalize_provider_facts(provider, metadata): facts = dict(name=provider, metadata=metadata, network=dict(interfaces=[], ipv6_enabled=False)) - if os.path.exists('/etc/cloud.conf'): - for arg in ('api_server_args', 'controller_args', 'kubelet_args'): - facts[arg] = {'cloud-provider': [provider], - 'cloud-config': ['/etc/cloud.conf']} if provider == 'gce': facts = normalize_gce_facts(metadata, facts) - elif provider == 'ec2': + elif provider == 'aws': facts = normalize_aws_facts(metadata, facts) elif provider == 'openstack': facts = normalize_openstack_facts(metadata, facts) @@ -918,6 +914,57 @@ def get_current_config(facts): return current_config +def build_kubelet_args(facts): + """ Build node kubelet_args """ + cloud_cfg_path = os.path.join(facts['common']['config_base'], + 'cloudprovider') + if 'node' in facts: + kubelet_args = {} + if 'cloudprovider' in facts: + if facts['cloudprovider']['kind'] == 'aws': + kubelet_args['cloud-provider'] = ['aws'] + kubelet_args['cloud-config'] = [cloud_cfg_path + '/aws.conf'] + if facts['cloudprovider']['kind'] == 'openstack': + kubelet_args['cloud-provider'] = ['openstack'] + kubelet_args['cloud-config'] = [cloud_cfg_path + '/openstack.conf'] + if kubelet_args != {}: + facts = merge_facts({'node': {'kubelet_args': kubelet_args}}, facts, [], []) + return facts + +def build_controller_args(facts): + """ Build master controller_args """ + cloud_cfg_path = os.path.join(facts['common']['config_base'], + 'cloudprovider') + if 'master' in facts: + controller_args = {} + if 'cloudprovider' in facts: + if facts['cloudprovider']['kind'] == 'aws': + controller_args['cloud-provider'] = ['aws'] + controller_args['cloud-config'] = [cloud_cfg_path + '/aws.conf'] + if facts['cloudprovider']['kind'] == 'openstack': + controller_args['cloud-provider'] = ['openstack'] + controller_args['cloud-config'] = [cloud_cfg_path + '/openstack.conf'] + if controller_args != {}: + facts = merge_facts({'master': {'controller_args': controller_args}}, facts, [], []) + return facts + +def build_api_server_args(facts): + """ Build master api_server_args """ + cloud_cfg_path = os.path.join(facts['common']['config_base'], + 'cloudprovider') + if 'master' in facts: + api_server_args = {} + if 'cloudprovider' in facts: + if facts['cloudprovider']['kind'] == 'aws': + api_server_args['cloud-provider'] = ['aws'] + api_server_args['cloud-config'] = [cloud_cfg_path + '/aws.conf'] + if facts['cloudprovider']['kind'] == 'openstack': + api_server_args['cloud-provider'] = ['openstack'] + api_server_args['cloud-config'] = [cloud_cfg_path + '/openstack.conf'] + if api_server_args != {}: + facts = merge_facts({'master': {'api_server_args': api_server_args}}, facts, [], []) + return facts + def get_openshift_version(facts, cli_image=None): """ Get current version of openshift on the host @@ -1084,31 +1131,6 @@ def merge_facts(orig, new, additive_facts_to_overwrite, protected_facts_to_overw facts[key] = copy.deepcopy(new[key]) return facts - -def merge_provider_facts(facts): - """ Recursively merge provider facts dicts - - Args: - facts (dict): existing facts - Returns: - dict: the facts dict updated with the provider config - """ - if 'provider' not in facts: - return facts - if 'master' in facts: - for arg in ('api_server_args', 'controller_args'): - facts['master'][arg] = merge_facts( - facts['provider'].get(arg, {}), - facts['master'].get(arg, {}), - [], []) - if 'node' in facts: - facts['node']['kubelet_args'] = merge_facts( - facts['provider'].get('kubelet_args', {}), - facts['node'].get('kubelet_args', {}), - [], []) - return facts - - def save_local_facts(filename, facts): """ Save local facts @@ -1302,13 +1324,20 @@ class OpenShiftFacts(object): Raises: OpenShiftFactsUnsupportedRoleError: """ - known_roles = ['common', 'master', 'node', 'etcd', 'hosted', 'docker'] + known_roles = ['cloudprovider', + 'common', + 'docker', + 'etcd', + 'hosted', + 'master', + 'node'] # Disabling too-many-arguments, this should be cleaned up as a TODO item. # pylint: disable=too-many-arguments def __init__(self, role, filename, local_facts, additive_facts_to_overwrite=None, openshift_env=None, + openshift_env_structures=None, protected_facts_to_overwrite=None): self.changed = False self.filename = filename @@ -1321,12 +1350,14 @@ class OpenShiftFacts(object): self.facts = self.generate_facts(local_facts, additive_facts_to_overwrite, openshift_env, + openshift_env_structures, protected_facts_to_overwrite) def generate_facts(self, local_facts, additive_facts_to_overwrite, openshift_env, + openshift_env_structures, protected_facts_to_overwrite): """ Generate facts @@ -1343,6 +1374,7 @@ class OpenShiftFacts(object): local_facts = self.init_local_facts(local_facts, additive_facts_to_overwrite, openshift_env, + openshift_env_structures, protected_facts_to_overwrite) roles = local_facts.keys() @@ -1359,7 +1391,6 @@ class OpenShiftFacts(object): local_facts, additive_facts_to_overwrite, protected_facts_to_overwrite) - facts = merge_provider_facts(facts) facts['current_config'] = get_current_config(facts) facts = set_url_facts_if_unset(facts) facts = set_project_cfg_facts_if_unset(facts) @@ -1372,6 +1403,9 @@ class OpenShiftFacts(object): facts = set_sdn_facts_if_unset(facts, self.system_facts) facts = set_deployment_facts_if_unset(facts) facts = set_container_facts_if_unset(facts) + facts = build_kubelet_args(facts) + facts = build_controller_args(facts) + facts = build_api_server_args(facts) facts = set_version_facts_if_unset(facts) facts = set_manageiq_facts_if_unset(facts) facts = set_aggregate_facts(facts) @@ -1434,6 +1468,9 @@ class OpenShiftFacts(object): if 'docker' in roles: defaults['docker'] = dict(disable_push_dockerhub=False) + if 'cloudprovider' in roles: + defaults['cloudprovider'] = dict(kind=None) + defaults['hosted'] = dict( registry=dict( storage=dict( @@ -1452,7 +1489,6 @@ class OpenShiftFacts(object): ) ) - return defaults def guess_host_provider(self): @@ -1488,7 +1524,7 @@ class OpenShiftFacts(object): metadata['instance'].pop('serviceAccounts', None) elif (virt_type == 'xen' and virt_role == 'guest' and re.match(r'.*\.amazon$', product_version)): - provider = 'ec2' + provider = 'aws' metadata_url = 'http://169.254.169.254/latest/meta-data/' metadata = get_provider_metadata(metadata_url) elif re.search(r'OpenStack', product_name): @@ -1530,11 +1566,53 @@ class OpenShiftFacts(object): ) return provider_facts - # Disabling too-many-branches. This should be cleaned up as a TODO item. - #pylint: disable=too-many-branches + @staticmethod + def split_openshift_env_fact_keys(openshift_env_fact, openshift_env_structures): + """ Split openshift_env facts based on openshift_env structures. + + Args: + openshift_env_fact (string): the openshift_env fact to split + ex: 'openshift_cloudprovider_openstack_auth_url' + openshift_env_structures (list): a list of structures to determine fact keys + ex: ['openshift.cloudprovider.openstack.*'] + Returns: + list: a list of keys that represent the fact + ex: ['openshift', 'cloudprovider', 'openstack', 'auth_url'] + """ + # By default, we'll split an openshift_env fact by underscores. + fact_keys = openshift_env_fact.split('_') + + # Determine if any of the provided variable structures match the fact. + matching_structure = None + if openshift_env_structures != None: + for structure in openshift_env_structures: + if re.match(structure, openshift_env_fact): + matching_structure = structure + # Fact didn't match any variable structures so return the default fact keys. + if matching_structure is None: + return fact_keys + + final_keys = [] + structure_keys = matching_structure.split('.') + for structure_key in structure_keys: + # Matched current key. Add to final keys. + if structure_key == fact_keys[structure_keys.index(structure_key)]: + final_keys.append(structure_key) + # Wildcard means we will be taking everything from here to the end of the fact. + elif structure_key == '*': + final_keys.append('_'.join(fact_keys[structure_keys.index(structure_key):])) + # Shouldn't have gotten here, return the fact keys. + else: + return fact_keys + return final_keys + + # Disabling too-many-branches and too-many-locals. + # This should be cleaned up as a TODO item. + #pylint: disable=too-many-branches, too-many-locals def init_local_facts(self, facts=None, additive_facts_to_overwrite=None, openshift_env=None, + openshift_env_structures=None, protected_facts_to_overwrite=None): """ Initialize the local facts @@ -1562,8 +1640,8 @@ class OpenShiftFacts(object): for fact, value in openshift_env.iteritems(): oo_env_facts = dict() current_level = oo_env_facts - keys = fact.split('_')[1:] - if keys[0] != self.role: + keys = self.split_openshift_env_fact_keys(fact, openshift_env_structures)[1:] + if len(keys) > 0 and keys[0] != self.role: continue for key in keys: if key == keys[-1]: @@ -1691,6 +1769,7 @@ def main(): local_facts=dict(default=None, type='dict', required=False), additive_facts_to_overwrite=dict(default=[], type='list', required=False), openshift_env=dict(default={}, type='dict', required=False), + openshift_env_structures=dict(default=[], type='list', required=False), protected_facts_to_overwrite=dict(default=[], type='list', required=False), ), supports_check_mode=True, @@ -1701,6 +1780,7 @@ def main(): local_facts = module.params['local_facts'] additive_facts_to_overwrite = module.params['additive_facts_to_overwrite'] openshift_env = module.params['openshift_env'] + openshift_env_structures = module.params['openshift_env_structures'] protected_facts_to_overwrite = module.params['protected_facts_to_overwrite'] fact_file = '/etc/ansible/facts.d/openshift.fact' @@ -1710,6 +1790,7 @@ def main(): local_facts, additive_facts_to_overwrite, openshift_env, + openshift_env_structures, protected_facts_to_overwrite) file_params = module.params.copy() diff --git a/roles/openshift_master/meta/main.yml b/roles/openshift_master/meta/main.yml index 4eda4a8e2..df96dd901 100644 --- a/roles/openshift_master/meta/main.yml +++ b/roles/openshift_master/meta/main.yml @@ -13,3 +13,4 @@ galaxy_info: - cloud dependencies: - role: openshift_cli +- role: openshift_cloud_provider diff --git a/roles/openshift_master/templates/atomic-openshift-master.j2 b/roles/openshift_master/templates/atomic-openshift-master.j2 index c848e0ac2..7f1576682 100644 --- a/roles/openshift_master/templates/atomic-openshift-master.j2 +++ b/roles/openshift_master/templates/atomic-openshift-master.j2 @@ -4,6 +4,11 @@ CONFIG_FILE={{ openshift_master_config_file }} IMAGE_VERSION={{ openshift_version }} {% endif %} +{% if 'cloudprovider' in openshift and 'aws' in openshift.cloudprovider and openshift.cloudprovider.kind == 'aws' and 'access_key' in openshift.cloudprovider.aws and 'secret_key' in openshift.cloudprovider.aws %} +AWS_ACCESS_KEY_ID={{ openshift.cloudprovider.aws.access_key }} +AWS_SECRET_ACCESS_KEY={{ openshift.cloudprovider.aws.secret_key }} +{% endif %} + # Proxy configuration # Origin uses standard HTTP_PROXY environment variables. Be sure to set # NO_PROXY for your master diff --git a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 index 8e2d927aa..fa2323a2c 100644 --- a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 +++ b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 @@ -4,6 +4,11 @@ CONFIG_FILE={{ openshift_master_config_file }} IMAGE_VERSION={{ openshift_version }} {% endif %} +{% if 'cloudprovider' in openshift and 'aws' in openshift.cloudprovider and openshift.cloudprovider.kind == 'aws' and 'access_key' in openshift.cloudprovider.aws and 'secret_key' in openshift.cloudprovider.aws %} +AWS_ACCESS_KEY_ID={{ openshift.cloudprovider.aws.access_key }} +AWS_SECRET_ACCESS_KEY={{ openshift.cloudprovider.aws.secret_key }} +{% endif %} + # Proxy configuration # Origin uses standard HTTP_PROXY environment variables. Be sure to set # NO_PROXY for your master diff --git a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2 b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2 index 5c6cb2dcb..632dfbb8a 100644 --- a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2 +++ b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2 @@ -4,6 +4,11 @@ CONFIG_FILE={{ openshift_master_config_file }} IMAGE_VERSION={{ openshift_version }} {% endif %} +{% if 'cloudprovider' in openshift and 'aws' in openshift.cloudprovider and openshift.cloudprovider.kind == 'aws' and 'access_key' in openshift.cloudprovider.aws and 'secret_key' in openshift.cloudprovider.aws %} +AWS_ACCESS_KEY_ID={{ openshift.cloudprovider.aws.access_key }} +AWS_SECRET_ACCESS_KEY={{ openshift.cloudprovider.aws.secret_key }} +{% endif %} + # Proxy configuration # Origin uses standard HTTP_PROXY environment variables. Be sure to set # NO_PROXY for your master diff --git a/roles/openshift_node/meta/main.yml b/roles/openshift_node/meta/main.yml index 702012489..62a8480c8 100644 --- a/roles/openshift_node/meta/main.yml +++ b/roles/openshift_node/meta/main.yml @@ -14,3 +14,4 @@ galaxy_info: dependencies: - role: openshift_common - role: openshift_docker +- role: openshift_cloud_provider diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index 993c8c0cd..80b3e710d 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -81,6 +81,21 @@ notify: - restart node +- name: Configure AWS Cloud Provider Settings + lineinfile: + dest: /etc/sysconfig/{{ openshift.common.service_type }}-node + regexp: "{{ item.regex }}" + line: "{{ item.line }}" + create: true + with_items: + - regex: '^AWS_ACCESS_KEY_ID=' + line: "AWS_ACCESS_KEY_ID={{ openshift.cloudprovider.aws.access_key }}" + - regex: '^AWS_SECRET_ACCESS_KEY=' + line: "AWS_SECRET_ACCESS_KEY={{ openshift.cloudprovider.aws.secret_key }}" + when: "'cloudprovider' in openshift and 'aws' in openshift.cloudprovider and openshift.cloudprovider.kind == 'aws' and 'access_key' in openshift.cloudprovider.aws and 'secret_key' in openshift.cloudprovider.aws" + notify: + - restart node + - name: Additional storage plugin configuration include: storage_plugins/main.yml |