diff options
Diffstat (limited to 'playbooks/openstack/openshift-cluster')
12 files changed, 422 insertions, 0 deletions
diff --git a/playbooks/openstack/openshift-cluster/config.yml b/playbooks/openstack/openshift-cluster/config.yml new file mode 100644 index 000000000..1c0644e04 --- /dev/null +++ b/playbooks/openstack/openshift-cluster/config.yml @@ -0,0 +1,34 @@ +- name: Populate oo_masters_to_config host group + hosts: localhost + gather_facts: no + vars_files: + - vars.yml + tasks: + - name: Evaluate oo_masters_to_config + add_host: + name: "{{ item }}" + ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" + ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" + groups: oo_masters_to_config + with_items: groups["tag_env-host-type_{{ cluster_id }}-openshift-master"] | default([]) + - name: Evaluate oo_nodes_to_config + add_host: + name: "{{ item }}" + ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" + ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" + groups: oo_nodes_to_config + with_items: groups["tag_env-host-type_{{ cluster_id }}-openshift-node"] | default([]) + - name: Evaluate oo_first_master + add_host: + name: "{{ groups['tag_env-host-type_' ~ cluster_id ~ '-openshift-master'][0] }}" + ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" + ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" + groups: oo_first_master + when: "'tag_env-host-type_{{ cluster_id }}-openshift-master' in groups" + +- include: ../../common/openshift-cluster/config.yml + vars: + openshift_cluster_id: "{{ cluster_id }}" + openshift_debug_level: 4 + openshift_deployment_type: "{{ deployment_type }}" + openshift_hostname: "{{ ansible_default_ipv4.address }}" diff --git a/playbooks/openstack/openshift-cluster/files/heat_stack.yml b/playbooks/openstack/openshift-cluster/files/heat_stack.yml new file mode 100644 index 000000000..c5f95d87d --- /dev/null +++ b/playbooks/openstack/openshift-cluster/files/heat_stack.yml @@ -0,0 +1,149 @@ +heat_template_version: 2014-10-16 + +description: OpenShift cluster + +parameters: + cluster-id: + type: string + label: Cluster ID + description: Identifier of the cluster + + network-prefix: + type: string + label: Network prefix + description: Prefix of the network objects + + cidr: + type: string + label: CIDR + description: CIDR of the network of the cluster + + dns-nameservers: + type: comma_delimited_list + label: DNS nameservers list + description: List of DNS nameservers + + external-net: + type: string + label: External network + description: Name of the external network + default: external + + ssh-incoming: + type: string + label: Source of ssh connections + description: Source of legitimate ssh connections + +resources: + net: + type: OS::Neutron::Net + properties: + name: + str_replace: + template: network-prefix-net + params: + network-prefix: { get_param: network-prefix } + + subnet: + type: OS::Neutron::Subnet + properties: + name: + str_replace: + template: network-prefix-subnet + params: + network-prefix: { get_param: network-prefix } + network: { get_resource: net } + cidr: { get_param: cidr } + dns_nameservers: { get_param: dns-nameservers } + + router: + type: OS::Neutron::Router + properties: + name: + str_replace: + template: network-prefix-router + params: + network-prefix: { get_param: network-prefix } + external_gateway_info: + network: { get_param: external-net } + + interface: + type: OS::Neutron::RouterInterface + properties: + router_id: { get_resource: router } + subnet_id: { get_resource: subnet } + + node-secgrp: + type: OS::Neutron::SecurityGroup + properties: + name: + str_replace: + template: network-prefix-node-secgrp + params: + network-prefix: { get_param: network-prefix } + description: + str_replace: + template: Security group for cluster-id OpenShift cluster nodes + params: + cluster-id: { get_param: cluster-id } + rules: + - direction: ingress + protocol: tcp + port_range_min: 22 + port_range_max: 22 + remote_ip_prefix: { get_param: ssh-incoming } + - direction: ingress + protocol: udp + port_range_min: 4789 + port_range_max: 4789 + remote_mode: remote_group_id + - direction: ingress + protocol: tcp + port_range_min: 10250 + port_range_max: 10250 + remote_mode: remote_group_id + remote_group_id: { get_resource: master-secgrp } + + master-secgrp: + type: OS::Neutron::SecurityGroup + properties: + name: + str_replace: + template: network-prefix-master-secgrp + params: + network-prefix: { get_param: network-prefix } + description: + str_replace: + template: Security group for cluster-id OpenShift cluster master + params: + cluster-id: { get_param: cluster-id } + rules: + - direction: ingress + protocol: tcp + port_range_min: 22 + port_range_max: 22 + remote_ip_prefix: { get_param: ssh-incoming } + - direction: ingress + protocol: tcp + port_range_min: 4001 + port_range_max: 4001 + - direction: ingress + protocol: tcp + port_range_min: 8443 + port_range_max: 8443 + - direction: ingress + protocol: tcp + port_range_min: 53 + port_range_max: 53 + - direction: ingress + protocol: udp + port_range_min: 53 + port_range_max: 53 + - direction: ingress + protocol: tcp + port_range_min: 24224 + port_range_max: 24224 + - direction: ingress + protocol: udp + port_range_min: 24224 + port_range_max: 24224 diff --git a/playbooks/openstack/openshift-cluster/files/user-data b/playbooks/openstack/openshift-cluster/files/user-data new file mode 100644 index 000000000..e789a5b69 --- /dev/null +++ b/playbooks/openstack/openshift-cluster/files/user-data @@ -0,0 +1,7 @@ +#cloud-config +disable_root: true + +system_info: + default_user: + name: openshift + sudo: ["ALL=(ALL) NOPASSWD: ALL"] diff --git a/playbooks/openstack/openshift-cluster/filter_plugins b/playbooks/openstack/openshift-cluster/filter_plugins new file mode 120000 index 000000000..99a95e4ca --- /dev/null +++ b/playbooks/openstack/openshift-cluster/filter_plugins @@ -0,0 +1 @@ +../../../filter_plugins
\ No newline at end of file diff --git a/playbooks/openstack/openshift-cluster/launch.yml b/playbooks/openstack/openshift-cluster/launch.yml new file mode 100644 index 000000000..5c86ade3f --- /dev/null +++ b/playbooks/openstack/openshift-cluster/launch.yml @@ -0,0 +1,31 @@ +--- +- name: Launch instance(s) + hosts: localhost + connection: local + gather_facts: no + vars_files: + - vars.yml + tasks: + - fail: + msg: "Deployment type not supported for OpenStack provider yet" + when: deployment_type in ['online', 'enterprise'] + + - include: tasks/configure_openstack.yml + + - include: ../../common/openshift-cluster/set_master_launch_facts_tasks.yml + - include: tasks/launch_instances.yml + vars: + instances: "{{ master_names }}" + cluster: "{{ cluster_id }}" + type: "{{ k8s_type }}" + + - include: ../../common/openshift-cluster/set_node_launch_facts_tasks.yml + - include: tasks/launch_instances.yml + vars: + instances: "{{ node_names }}" + cluster: "{{ cluster_id }}" + type: "{{ k8s_type }}" + +- include: update.yml + +- include: list.yml diff --git a/playbooks/openstack/openshift-cluster/list.yml b/playbooks/openstack/openshift-cluster/list.yml new file mode 100644 index 000000000..a75e350c7 --- /dev/null +++ b/playbooks/openstack/openshift-cluster/list.yml @@ -0,0 +1,24 @@ +--- +- name: Generate oo_list_hosts group + hosts: localhost + gather_facts: no + vars_files: + - vars.yml + tasks: + - set_fact: scratch_group=tag_env_{{ cluster_id }} + when: cluster_id != '' + - set_fact: scratch_group=all + when: cluster_id == '' + - add_host: + name: "{{ item }}" + groups: oo_list_hosts + ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" + ansible_ssh_host: "{{ hostvars[item].ansible_ssh_host | default(item) }}" + ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" + with_items: groups[scratch_group] | default([]) | difference(['localhost']) + +- name: List Hosts + hosts: oo_list_hosts + tasks: + - debug: + msg: 'public:{{ansible_ssh_host}} private:{{ansible_default_ipv4.address}}' diff --git a/playbooks/openstack/openshift-cluster/roles b/playbooks/openstack/openshift-cluster/roles new file mode 120000 index 000000000..20c4c58cf --- /dev/null +++ b/playbooks/openstack/openshift-cluster/roles @@ -0,0 +1 @@ +../../../roles
\ No newline at end of file diff --git a/playbooks/openstack/openshift-cluster/tasks/configure_openstack.yml b/playbooks/openstack/openshift-cluster/tasks/configure_openstack.yml new file mode 100644 index 000000000..2cbdb4805 --- /dev/null +++ b/playbooks/openstack/openshift-cluster/tasks/configure_openstack.yml @@ -0,0 +1,27 @@ +--- +- name: Check infra + command: 'heat stack-show {{ openstack_network_prefix }}-stack' + register: stack_show_result + changed_when: false + failed_when: stack_show_result.rc != 0 and 'Stack not found' not in stack_show_result.stderr + +- name: Create infra + command: 'heat stack-create -f {{ openstack_infra_heat_stack }} -P cluster-id={{ cluster_id }} -P network-prefix={{ openstack_network_prefix }} -P dns-nameservers={{ openstack_network_dns | join(",") }} -P cidr={{ openstack_network_cidr }} -P ssh-incoming={{ openstack_ssh_access_from }} {{ openstack_network_prefix }}-stack' + when: stack_show_result.rc == 1 + +- name: Update infra + command: 'heat stack-update -f {{ openstack_infra_heat_stack }} -P cluster-id={{ cluster_id }} -P network-prefix={{ openstack_network_prefix }} -P dns-nameservers={{ openstack_network_dns | join(",") }} -P cidr={{ openstack_network_cidr }} -P ssh-incoming={{ openstack_ssh_access_from }} {{ openstack_network_prefix }}-stack' + when: stack_show_result.rc == 0 + +- name: Wait for infra readiness + shell: 'heat stack-show {{ openstack_network_prefix }}-stack | awk ''$2 == "stack_status" {print $4}''' + register: stack_show_status_result + until: stack_show_status_result.stdout not in ['CREATE_IN_PROGRESS', 'UPDATE_IN_PROGRESS'] + retries: 30 + delay: 1 + failed_when: stack_show_status_result.stdout not in ['CREATE_COMPLETE', 'UPDATE_COMPLETE'] + +- name: Create ssh keypair + nova_keypair: + name: "{{ openstack_ssh_keypair }}" + public_key: "{{ openstack_ssh_public_key }}" diff --git a/playbooks/openstack/openshift-cluster/tasks/launch_instances.yml b/playbooks/openstack/openshift-cluster/tasks/launch_instances.yml new file mode 100644 index 000000000..1b9696aac --- /dev/null +++ b/playbooks/openstack/openshift-cluster/tasks/launch_instances.yml @@ -0,0 +1,48 @@ +--- +- name: Get net id + shell: 'neutron net-show {{ openstack_network_prefix }}-net | awk "/\\<id\\>/ {print \$4}"' + register: net_id_result + +- name: Launch instance(s) + nova_compute: + name: '{{ item }}' + image_name: '{{ deployment_vars[deployment_type].image.name | default(omit, true) }}' + image_id: '{{ deployment_vars[deployment_type].image.id | default(omit, true) }}' + flavor_ram: '{{ openstack_flavor[k8s_type].ram | default(omit, true) }}' + flavor_id: '{{ openstack_flavor[k8s_type].id | default(omit, true) }}' + flavor_include: '{{ openstack_flavor[k8s_type].include | default(omit, true) }}' + key_name: '{{ openstack_ssh_keypair }}' + security_groups: '{{ openstack_network_prefix }}-{{ k8s_type }}-secgrp' + nics: + - net-id: '{{ net_id_result.stdout }}' + user_data: "{{ lookup('file','files/user-data') }}" + meta: + env: '{{ cluster }}' + host-type: '{{ type }}' + env-host-type: '{{ cluster }}-openshift-{{ type }}' + floating_ip_pools: '{{ openstack_floating_ip_pools }}' + with_items: instances + register: nova_compute_result + +- name: Add new instances groups and variables + add_host: + hostname: '{{ item.item }}' + ansible_ssh_host: '{{ item.public_ip }}' + ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" + ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" + groups: 'tag_env_{{ cluster }}, tag_host-type_{{ type }}, tag_env-host-type_{{ cluster }}-openshift-{{ type }}' + with_items: nova_compute_result.results + +- name: Wait for ssh + wait_for: + host: '{{ item.public_ip }}' + port: 22 + with_items: nova_compute_result.results + +- name: Wait for user setup + command: 'ssh -o StrictHostKeyChecking=no -o PasswordAuthentication=no -o ConnectTimeout=10 -o UserKnownHostsFile=/dev/null {{ hostvars[item.item].ansible_ssh_user }}@{{ item.public_ip }} echo {{ hostvars[item.item].ansible_ssh_user }} user is setup' + register: result + until: result.rc == 0 + retries: 30 + delay: 1 + with_items: nova_compute_result.results diff --git a/playbooks/openstack/openshift-cluster/terminate.yml b/playbooks/openstack/openshift-cluster/terminate.yml new file mode 100644 index 000000000..2f05f0992 --- /dev/null +++ b/playbooks/openstack/openshift-cluster/terminate.yml @@ -0,0 +1,43 @@ +- name: Terminate instance(s) + hosts: localhost + connection: local + gather_facts: no + vars_files: + - vars.yml + tasks: + - set_fact: cluster_group=tag_env_{{ cluster_id }} + - add_host: + name: "{{ item }}" + groups: oo_hosts_to_terminate + ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" + ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" + with_items: groups[cluster_group] | default([]) + +- hosts: oo_hosts_to_terminate + +- hosts: localhost + connection: local + gather_facts: no + vars_files: + - vars.yml + tasks: + - name: Retrieve the floating IPs + shell: "neutron floatingip-list | awk '/{{ hostvars[item].ansible_default_ipv4.address }}/ {print $2}'" + with_items: groups['oo_hosts_to_terminate'] | default([]) + register: floating_ips_to_delete + + - name: Terminate instance(s) + nova_compute: + name: "{{ hostvars[item].os_name }}" + state: absent + with_items: groups['oo_hosts_to_terminate'] | default([]) + + - name: Delete floating IPs + command: "neutron floatingip-delete {{ item.stdout }}" + with_items: floating_ips_to_delete.results | default([]) + + - name: Destroy the network + command: "heat stack-delete {{ openstack_network_prefix }}-stack" + register: stack_delete_result + changed_when: stack_delete_result.rc == 0 + failed_when: stack_delete_result.rc != 0 and 'could not be found' not in stack_delete_result.stdout diff --git a/playbooks/openstack/openshift-cluster/update.yml b/playbooks/openstack/openshift-cluster/update.yml new file mode 100644 index 000000000..5e7ab4e58 --- /dev/null +++ b/playbooks/openstack/openshift-cluster/update.yml @@ -0,0 +1,18 @@ +--- +- name: Populate oo_hosts_to_update group + hosts: localhost + gather_facts: no + vars_files: + - vars.yml + tasks: + - name: Evaluate oo_hosts_to_update + add_host: + name: "{{ item }}" + groups: oo_hosts_to_update + ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" + ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" + with_items: groups["tag_env-host-type_{{ cluster_id }}-openshift-master"] | union(groups["tag_env-host-type_{{ cluster_id }}-openshift-node"]) | default([]) + +- include: ../../common/openshift-cluster/update_repos_and_packages.yml + +- include: config.yml diff --git a/playbooks/openstack/openshift-cluster/vars.yml b/playbooks/openstack/openshift-cluster/vars.yml new file mode 100644 index 000000000..c754f19fc --- /dev/null +++ b/playbooks/openstack/openshift-cluster/vars.yml @@ -0,0 +1,39 @@ +--- +openstack_infra_heat_stack: "{{ opt_infra_heat_stack | default('files/heat_stack.yml') }}" +openstack_network_prefix: "{{ opt_network_prefix | default('openshift-ansible-'+cluster_id) }}" +openstack_network_cidr: "{{ opt_net_cidr | default('192.168.' + ( ( 1048576 | random % 256 ) | string() ) + '.0/24') }}" +openstack_network_external_net: "{{ opt_external_net | default('external') }}" +openstack_floating_ip_pools: "{{ opt_floating_ip_pools | default('external') | oo_split() }}" +openstack_network_dns: "{{ opt_dns | default('8.8.8.8,8.8.4.4') | oo_split() }}" +openstack_ssh_keypair: "{{ opt_keypair | default(lookup('env', 'LOGNAME')+'_key') }}" +openstack_ssh_public_key: "{{ lookup('file', opt_public_key | default('~/.ssh/id_rsa.pub')) }}" +openstack_ssh_access_from: "{{ opt_ssh_from | default('0.0.0.0/0') }}" +openstack_flavor: + master: + ram: "{{ opt_master_flavor_ram | default(2048) }}" + id: "{{ opt_master_flavor_id | default() }}" + include: "{{ opt_master_flavor_include | default() }}" + node: + ram: "{{ opt_node_flavor_ram | default(4096) }}" + id: "{{ opt_node_flavor_id | default() }}" + include: "{{ opt_node_flavor_include | default() }}" + +deployment_vars: + origin: + image: + name: "{{ opt_image_name | default('centos-70-raw') }}" + id: + ssh_user: openshift + sudo: yes + online: + image: + name: + id: + ssh_user: root + sudo: no + enterprise: + image: + name: "{{ opt_image_name | default('centos-70-raw') }}" + id: + ssh_user: openshift + sudo: yes |