diff options
Diffstat (limited to 'roles')
18 files changed, 138 insertions, 55 deletions
diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index 2223bb675..2e9de3abe 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -1,7 +1,7 @@ --- # tasks file for docker - name: Install docker - yum: pkg=docker + yum: pkg=docker-io - name: enable docker service command: /usr/bin/systemctl enable docker.service diff --git a/roles/kubernetes_apiserver/tasks/main.yml b/roles/kubernetes_apiserver/tasks/main.yml index 81fdbbb40..995c2702e 100644 --- a/roles/kubernetes_apiserver/tasks/main.yml +++ b/roles/kubernetes_apiserver/tasks/main.yml @@ -9,7 +9,7 @@ regexp: "{{ item.regex }}" line: "{{ item.line }}" with_items: - - { regex: '^KUBE_API_MACHINES=', line: 'KUBE_API_MACHINES=\"{{ oo_minion_ips | join(",") }}\"' } + - { regex: '^KUBE_API_MACHINES=', line: 'KUBE_API_MACHINES=\"{{ oo_node_ips | join(",") }}\"' } - { regex: '^KUBE_API_ADDRESS=', line: 'KUBE_API_ADDRESS=\"0.0.0.0\"' } notify: - restart kubernetes-apiserver diff --git a/roles/openshift_master/handlers/main.yml b/roles/openshift_master/handlers/main.yml index 216af5dc9..5c30dccab 100644 --- a/roles/openshift_master/handlers/main.yml +++ b/roles/openshift_master/handlers/main.yml @@ -1,4 +1,4 @@ --- # handlers file for openshift_master - name: restart openshift-master - service: name=openshift state=restarted + service: name=openshift-master state=restarted diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 6826ef452..9f28a3469 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -1,20 +1,19 @@ --- # tasks file for openshift_master - name: Install Origin - yum: pkg=origin state=installed + yum: pkg=openshift-master state=installed - # fixme: Once openshift stops resolving hostnames for minion queries remove this... + # fixme: Once openshift stops resolving hostnames for node queries remove this... - name: Set hostname to IP Addr (WORKAROUND) command: /usr/bin/hostname {{ oo_bind_ip }} - name: Configure OpenShift Master settings lineinfile: - dest: /etc/sysconfig/openshift + dest: /etc/sysconfig/openshift-master regexp: "{{ item.regex }}" line: "{{ item.line }}" with_items: - - { regex: '^ROLE=', line: 'ROLE=\"master\"' } - - { regex: '^OPTIONS=', line: 'OPTIONS=\"--nodes={{ oo_minion_ips | join(",") }} --loglevel=5\"' } + - { regex: '^OPTIONS=', line: 'OPTIONS=\"--public-master={{ oo_public_ip }} --nodes={{ oo_node_ips | join(",") }} --loglevel=5\"' } notify: - restart openshift-master @@ -31,4 +30,4 @@ firewalld: port=8080/tcp permanent=true state=enabled - name: Enable OpenShift - service: name=openshift enabled=yes state=started + service: name=openshift-master enabled=yes state=started diff --git a/roles/openshift_minion/defaults/main.yml b/roles/openshift_minion/defaults/main.yml deleted file mode 100644 index dfcf3d98f..000000000 --- a/roles/openshift_minion/defaults/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -# defaults file for openshift_minion diff --git a/roles/openshift_minion/handlers/main.yml b/roles/openshift_minion/handlers/main.yml deleted file mode 100644 index 2764456f4..000000000 --- a/roles/openshift_minion/handlers/main.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -# handlers file for openshift_minion -- name: restart openshift-minion - service: name=openshift state=restarted diff --git a/roles/openshift_minion/tasks/main.yml b/roles/openshift_minion/tasks/main.yml deleted file mode 100644 index 3821277bc..000000000 --- a/roles/openshift_minion/tasks/main.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- -# tasks file for openshift_minion -- name: Install OpenShift - yum: pkg=origin state=installed - - # fixme: Once openshift stops resolving hostnames for minion queries remove this... -- name: Set hostname to IP Addr (WORKAROUND) - command: /usr/bin/hostname {{ oo_bind_ip }} - -- name: Configure OpenShift Minion settings - lineinfile: - dest: /etc/sysconfig/openshift - regexp: "{{ item.regex }}" - line: "{{ item.line }}" - with_items: - - { regex: '^ROLE=', line: 'ROLE=\"node\"' } - - { regex: '^OPTIONS=', line: 'OPTIONS=\"--master=http://{{ oo_master_ips[0] }}:8080 --loglevel=5\"' } - notify: - - restart openshift-minion - -- name: Open firewalld port for OpenShift - firewalld: port=10250/tcp permanent=false state=enabled - -- name: Save firewalld port for OpenShift - firewalld: port=10250/tcp permanent=true state=enabled - -- name: Enable OpenShift - service: name=openshift enabled=yes state=started - diff --git a/roles/openshift_minion/vars/main.yml b/roles/openshift_minion/vars/main.yml deleted file mode 100644 index 715fba487..000000000 --- a/roles/openshift_minion/vars/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -# vars file for openshift_minion diff --git a/roles/openshift_minion/README.md b/roles/openshift_node/README.md index 225dd44b9..225dd44b9 100644 --- a/roles/openshift_minion/README.md +++ b/roles/openshift_node/README.md diff --git a/roles/openshift_node/defaults/main.yml b/roles/openshift_node/defaults/main.yml new file mode 100644 index 000000000..af92e96d7 --- /dev/null +++ b/roles/openshift_node/defaults/main.yml @@ -0,0 +1,2 @@ +--- +# defaults file for openshift_node diff --git a/roles/openshift_node/files/sysconfig/kubeconfig b/roles/openshift_node/files/sysconfig/kubeconfig new file mode 100644 index 000000000..81e660ae4 --- /dev/null +++ b/roles/openshift_node/files/sysconfig/kubeconfig @@ -0,0 +1,40 @@ +apiVersion: v1 +clusters: +- cluster: + api-version: v1beta1 + server: http://cow.org:8080 + name: cow-cluster +- cluster: + certificate-authority: path/to/my/cafile + server: https://horse.org:4443 + name: horse-cluster +- cluster: + insecure-skip-tls-verify: true + server: https://pig.org:443 + name: pig-cluster +contexts: +- context: + cluster: horse-cluster + namespace: chisel-ns + user: green-user + name: federal-context +- context: + cluster: pig-cluster + namespace: saw-ns + user: black-user + name: queen-anne-context +current-context: federal-context +kind: Config +preferences: + colors: true +users: +- name: black-user + user: + auth-path: path/to/my/existing/.kubernetes_auth_file +- name: blue-user + user: + token: blue-token +- name: green-user + user: + client-certificate: path/to/my/client/cert + client-key: path/to/my/client/key diff --git a/roles/openshift_node/handlers/main.yml b/roles/openshift_node/handlers/main.yml new file mode 100644 index 000000000..afbb5a53f --- /dev/null +++ b/roles/openshift_node/handlers/main.yml @@ -0,0 +1,4 @@ +--- +# handlers file for openshift_node +- name: restart openshift-node + service: name=openshift-node state=restarted diff --git a/roles/openshift_minion/meta/main.yml b/roles/openshift_node/meta/main.yml index c5c362c60..c5c362c60 100644 --- a/roles/openshift_minion/meta/main.yml +++ b/roles/openshift_node/meta/main.yml diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml new file mode 100644 index 000000000..9da269888 --- /dev/null +++ b/roles/openshift_node/tasks/main.yml @@ -0,0 +1,38 @@ +--- +# tasks file for openshift_node +- name: Install OpenShift + yum: pkg=openshift-node state=installed + + # fixme: Once openshift stops resolving hostnames for node queries remove this... +- name: Set hostname to IP Addr (WORKAROUND) + command: /usr/bin/hostname {{ oo_bind_ip }} + +- name: Retrieve OpenShift Master credentials + local_action: command /usr/bin/rsync --compress --archive --rsh 'ssh -S none -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null' root@{{ oo_master_public_ips[0] }}:/var/lib/openshift/openshift.local.certificates/admin/ /tmp/openshift + ignore_errors: yes + +- file: path=/var/lib/openshift/openshift.local.certificates/admin state=directory + +- name: Store OpenShift Master credentials + local_action: command /usr/bin/rsync --compress --archive --rsh 'ssh -S none -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null' /tmp/openshift/ root@{{ oo_public_ip }}:/var/lib/openshift/openshift.local.certificates/admin + ignore_errors: yes + +- name: Configure OpenShift Node settings + lineinfile: + dest: /etc/sysconfig/openshift-node + regexp: "{{ item.regex }}" + line: "{{ item.line }}" + with_items: + - { regex: '^OPTIONS=', line: 'OPTIONS=\"--master=http://{{ oo_master_ips[0] }}:8080 --loglevel=5\"' } + notify: + - restart openshift-node + +- name: Open firewalld port for OpenShift + firewalld: port=10250/tcp permanent=false state=enabled + +- name: Save firewalld port for OpenShift + firewalld: port=10250/tcp permanent=true state=enabled + +- name: Enable OpenShift + service: name=openshift-node enabled=yes state=started + diff --git a/roles/openshift_node/vars/main.yml b/roles/openshift_node/vars/main.yml new file mode 100644 index 000000000..3184e8ac7 --- /dev/null +++ b/roles/openshift_node/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for openshift_node diff --git a/roles/repos/files/epel7-origin.repo b/roles/repos/files/epel7-openshift.repo index c7629872d..c7629872d 100644 --- a/roles/repos/files/epel7-origin.repo +++ b/roles/repos/files/epel7-openshift.repo diff --git a/roles/repos/files/oso-rhui-rhel-7-server.repo b/roles/repos/files/oso-rhui-rhel-7-server.repo index d32070634..fa182cb0a 100644 --- a/roles/repos/files/oso-rhui-rhel-7-server.repo +++ b/roles/repos/files/oso-rhui-rhel-7-server.repo @@ -1,13 +1,45 @@ -[oso-rhel-7-server] -name=Red Hat Enterprise Linux 7 Server from RHUI (RPMs) -baseurl=http://10.240.169.148/mirror/rhui-rhel-server-7-releases +[oso-rhui-rhel-server-releases] +name=OpenShift Online RHUI Mirror RH Enterprise Linux $majorrelease +baseurl=https://gce-mirror1.ops.rhcloud.com/libra/rhui-rhel-server-$majorrelease-releases/ + https://mirror.ops.rhcloud.com/libra/rhui-rhel-server-$majorrelease-releases/ enabled=1 gpgcheck=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +gpgkey=file:///srv/libra/keys/RPM-GPG-KEY-redhat-release +sslverify=False +sslclientcert=/var/lib/yum/client-cert.pem +sslclientkey=/var/lib/yum/client-key.pem -[oso-rhel-7-server-optional] -name=Red Hat Enterprise Linux 7 Server - Optional from RHUI (RPMs) -baseurl=http://10.240.169.148/mirror/rhui-rhel-server-7-releases-optional +[oso-rhui-rhel-server-releases-optional] +name=OpenShift Online RHUI Mirror RH Enterprise Linux $majorrelease - Optional +baseurl=https://gce-mirror1.ops.rhcloud.com/libra/rhui-rhel-server-$majorrelease-releases-optional/ + https://mirror.ops.rhcloud.com/libra/rhui-rhel-server-$majorrelease-releases-optional/ enabled=1 gpgcheck=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +gpgkey=file:///srv/libra/keys/RPM-GPG-KEY-redhat-release +sslverify=False +sslclientcert=/var/lib/yum/client-cert.pem +sslclientkey=/var/lib/yum/client-key.pem + +[oso-rhui-rhel-server-extras] +name=OpenShift Online RHUI Mirror RH Enterprise Linux - Extras +baseurl=https://gce-mirror1.ops.rhcloud.com/libra/rhui-rhel-server-$majorrelease-extras/ + https://mirror.ops.rhcloud.com/libra/rhui-rhel-server-$majorrelease-extras/ +enabled=1 +gpgcheck=1 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release,file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta +failovermethod=priority +sslverify=False +sslclientcert=/var/lib/yum/client-cert.pem +sslclientkey=/var/lib/yum/client-key.pem + +[oso-rhui-rhel-server-extras-htb] +name=OpenShift Online RHUI Mirror RH Enterprise Linux - Extras HTB +baseurl=https://gce-mirror1.ops.rhcloud.com/libra/rhui-rhel-server-$majorrelease-extras-htb/ + https://mirror.ops.rhcloud.com/libra/rhui-rhel-server-$majorrelease-extras-htb/ +enabled=0 +gpgcheck=1 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release,file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta +failovermethod=priority +sslverify=False +sslclientcert=/var/lib/yum/client-cert.pem +sslclientkey=/var/lib/yum/client-key.pem diff --git a/roles/repos/tasks/main.yaml b/roles/repos/tasks/main.yaml index 3b66bb392..cb4b5ad40 100644 --- a/roles/repos/tasks/main.yaml +++ b/roles/repos/tasks/main.yaml @@ -10,4 +10,7 @@ copy: src=epel7-kubernetes.repo dest=/etc/yum.repos.d/epel7-kubernetes.repo - name: Ensure the origin repo is available - copy: src=epel7-origin.repo dest=/etc/yum.repos.d/epel7-origin.repo + copy: src=epel7-openshift.repo dest=/etc/yum.repos.d/epel7-openshift.repo + +- name: Ensure the rhel repo is available + copy: src=oso-rhui-rhel-7-server.repo dest=/etc/yum.repos.d/oso-rhui-rhel-7-server.repo |