summaryrefslogtreecommitdiffstats
path: root/roles/openshift_aws
diff options
context:
space:
mode:
Diffstat (limited to 'roles/openshift_aws')
-rw-r--r--roles/openshift_aws/defaults/main.yml5
-rw-r--r--roles/openshift_aws/tasks/elb.yml8
-rw-r--r--roles/openshift_aws/tasks/launch_config.yml15
-rw-r--r--roles/openshift_aws/tasks/provision.yml4
4 files changed, 21 insertions, 11 deletions
diff --git a/roles/openshift_aws/defaults/main.yml b/roles/openshift_aws/defaults/main.yml
index 4d88db037..fe2d6b4a0 100644
--- a/roles/openshift_aws/defaults/main.yml
+++ b/roles/openshift_aws/defaults/main.yml
@@ -144,6 +144,11 @@ openshift_aws_elb_instance_filter:
"tag:host-type": "{{ openshift_aws_node_group_type }}"
instance-state-name: running
+openshift_aws_launch_config_security_groups:
+- "{{ openshift_aws_clusterid }}" # default sg
+- "{{ openshift_aws_clusterid }}_{{ openshift_aws_node_group_type }}" # node type sg
+- "{{ openshift_aws_clusterid }}_{{ openshift_aws_node_group_type }}_k8s" # node type sg k8s
+
openshift_aws_node_security_groups:
default:
name: "{{ openshift_aws_clusterid }}"
diff --git a/roles/openshift_aws/tasks/elb.yml b/roles/openshift_aws/tasks/elb.yml
index a1fdd66fc..7bc3184df 100644
--- a/roles/openshift_aws/tasks/elb.yml
+++ b/roles/openshift_aws/tasks/elb.yml
@@ -29,9 +29,9 @@
if 'master' in openshift_aws_node_group_type or 'infra' in openshift_aws_node_group_type
else openshift_aws_elb_listeners }}"
-- name: "Create ELB {{ openshift_aws_elb_name }}"
+- name: "Create ELB {{ l_openshift_aws_elb_name }}"
ec2_elb_lb:
- name: "{{ openshift_aws_elb_name }}"
+ name: "{{ l_openshift_aws_elb_name }}"
state: present
security_group_names: "{{ openshift_aws_elb_security_groups }}"
idle_timeout: "{{ openshift_aws_elb_idle_timout }}"
@@ -49,10 +49,10 @@
# It is necessary to ignore_errors here because the instances are not in 'ready'
# state when first added to ELB
-- name: "Add instances to ELB {{ openshift_aws_elb_name }}"
+- name: "Add instances to ELB {{ l_openshift_aws_elb_name }}"
ec2_elb:
instance_id: "{{ item.id }}"
- ec2_elbs: "{{ openshift_aws_elb_name }}"
+ ec2_elbs: "{{ l_openshift_aws_elb_name }}"
state: present
region: "{{ openshift_aws_region }}"
wait: False
diff --git a/roles/openshift_aws/tasks/launch_config.yml b/roles/openshift_aws/tasks/launch_config.yml
index 65c5a6cc0..e6be9969c 100644
--- a/roles/openshift_aws/tasks/launch_config.yml
+++ b/roles/openshift_aws/tasks/launch_config.yml
@@ -4,13 +4,18 @@
when:
- openshift_aws_ami is undefined
+- name: query vpc
+ ec2_vpc_net_facts:
+ region: "{{ openshift_aws_region }}"
+ filters:
+ 'tag:Name': "{{ openshift_aws_vpc_name }}"
+ register: vpcout
+
- name: fetch the security groups for launch config
ec2_group_facts:
filters:
- group-name:
- - "{{ openshift_aws_clusterid }}" # default sg
- - "{{ openshift_aws_clusterid }}_{{ openshift_aws_node_group_type }}" # node type sg
- - "{{ openshift_aws_clusterid }}_{{ openshift_aws_node_group_type }}_k8s" # node type sg k8s
+ group-name: "{{ openshift_aws_launch_config_security_groups }}"
+ vpc-id: "{{ vpcout.vpcs[0].id }}"
region: "{{ openshift_aws_region }}"
register: ec2sgs
@@ -21,7 +26,7 @@
region: "{{ openshift_aws_region }}"
image_id: "{{ openshift_aws_ami }}"
instance_type: "{{ openshift_aws_node_group_config[openshift_aws_node_group_type].instance_type }}"
- security_groups: "{{ ec2sgs.security_groups | map(attribute='group_id')| list }}"
+ security_groups: "{{ openshift_aws_launch_config_security_group_id | default(ec2sgs.security_groups | map(attribute='group_id')| list) }}"
user_data: |-
#cloud-config
{% if openshift_aws_node_group_type != 'master' %}
diff --git a/roles/openshift_aws/tasks/provision.yml b/roles/openshift_aws/tasks/provision.yml
index 189caeaee..a2920b744 100644
--- a/roles/openshift_aws/tasks/provision.yml
+++ b/roles/openshift_aws/tasks/provision.yml
@@ -34,14 +34,14 @@
include: elb.yml
vars:
openshift_aws_elb_direction: internal
- openshift_aws_elb_name: "{{ openshift_aws_clusterid }}-{{openshift_aws_node_group_type }}-internal"
+ l_openshift_aws_elb_name: "{{ openshift_aws_elb_name }}-internal"
openshift_aws_elb_scheme: internal
- name: create our master external load balancers
include: elb.yml
vars:
openshift_aws_elb_direction: external
- openshift_aws_elb_name: "{{ openshift_aws_clusterid }}-{{openshift_aws_node_group_type }}-external"
+ l_openshift_aws_elb_name: "{{ openshift_aws_elb_name }}-external"
openshift_aws_elb_scheme: internet-facing
- name: wait for ssh to become available