From 7d74d1913274cba4c4732cbc5f0a573cb99e5248 Mon Sep 17 00:00:00 2001 From: Jhon Honce Date: Thu, 12 Feb 2015 11:26:56 -0700 Subject: - Rename minion to node - Update playbooks to support latest code --- roles/openshift_node/tasks/main.yml | 38 +++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 roles/openshift_node/tasks/main.yml (limited to 'roles/openshift_node/tasks') diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml new file mode 100644 index 000000000..9da269888 --- /dev/null +++ b/roles/openshift_node/tasks/main.yml @@ -0,0 +1,38 @@ +--- +# tasks file for openshift_node +- name: Install OpenShift + yum: pkg=openshift-node state=installed + + # fixme: Once openshift stops resolving hostnames for node queries remove this... +- name: Set hostname to IP Addr (WORKAROUND) + command: /usr/bin/hostname {{ oo_bind_ip }} + +- name: Retrieve OpenShift Master credentials + local_action: command /usr/bin/rsync --compress --archive --rsh 'ssh -S none -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null' root@{{ oo_master_public_ips[0] }}:/var/lib/openshift/openshift.local.certificates/admin/ /tmp/openshift + ignore_errors: yes + +- file: path=/var/lib/openshift/openshift.local.certificates/admin state=directory + +- name: Store OpenShift Master credentials + local_action: command /usr/bin/rsync --compress --archive --rsh 'ssh -S none -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null' /tmp/openshift/ root@{{ oo_public_ip }}:/var/lib/openshift/openshift.local.certificates/admin + ignore_errors: yes + +- name: Configure OpenShift Node settings + lineinfile: + dest: /etc/sysconfig/openshift-node + regexp: "{{ item.regex }}" + line: "{{ item.line }}" + with_items: + - { regex: '^OPTIONS=', line: 'OPTIONS=\"--master=http://{{ oo_master_ips[0] }}:8080 --loglevel=5\"' } + notify: + - restart openshift-node + +- name: Open firewalld port for OpenShift + firewalld: port=10250/tcp permanent=false state=enabled + +- name: Save firewalld port for OpenShift + firewalld: port=10250/tcp permanent=true state=enabled + +- name: Enable OpenShift + service: name=openshift-node enabled=yes state=started + -- cgit v1.2.3 From 90010f6db6294a99c56194afd89a0359a3d278dc Mon Sep 17 00:00:00 2001 From: Jhon Honce Date: Mon, 16 Feb 2015 17:57:08 -0700 Subject: Update code to reflect review comments --- playbooks/gce/openshift-node/config.yml | 15 +++++++-------- roles/openshift_node/tasks/main.yml | 7 +++++-- 2 files changed, 12 insertions(+), 10 deletions(-) (limited to 'roles/openshift_node/tasks') diff --git a/playbooks/gce/openshift-node/config.yml b/playbooks/gce/openshift-node/config.yml index 1f201902f..10016463b 100644 --- a/playbooks/gce/openshift-node/config.yml +++ b/playbooks/gce/openshift-node/config.yml @@ -1,6 +1,7 @@ - name: "populate oo_hosts_to_config host group if needed" hosts: localhost gather_facts: no + tasks: - name: Evaluate oo_host_group_exp add_host: "name={{ item }} groups=oo_hosts_to_config" @@ -29,17 +30,14 @@ | oo_collect(attribute='gce_public_ip') }}" when: groups['tag_env-host-type-' + oo_env + '-openshift-master'] is defined -- name: "Debug hostvars" - hosts: oo_hosts_to_config - connection: ssh - user: root - tasks: - - debug: var=hostvars - - name: "Configure instances" hosts: oo_hosts_to_config connection: ssh user: root + + vars: + tmp_dir: "/tmp/openshift-{{ 9999 | random }}" + vars_files: - vars.yml roles: @@ -51,5 +49,6 @@ oo_master_ips: "{{ hostvars['localhost'].oo_master_ips | default(['']) }}", oo_master_public_ips: "{{ hostvars['localhost'].oo_master_public_ips | default(['']) }}", oo_bind_ip: "{{ hostvars[inventory_hostname].ansible_eth0.ipv4.address | default(['']) }}", - oo_public_ip: "{{ hostvars[inventory_hostname].ansible_ssh_host }}" + oo_public_ip: "{{ hostvars[inventory_hostname].ansible_ssh_host }}", + tmp_dir: "{{ tmp_dir }}" } diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index 9da269888..73383da2c 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -1,4 +1,5 @@ --- + # tasks file for openshift_node - name: Install OpenShift yum: pkg=openshift-node state=installed @@ -8,13 +9,14 @@ command: /usr/bin/hostname {{ oo_bind_ip }} - name: Retrieve OpenShift Master credentials - local_action: command /usr/bin/rsync --compress --archive --rsh 'ssh -S none -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null' root@{{ oo_master_public_ips[0] }}:/var/lib/openshift/openshift.local.certificates/admin/ /tmp/openshift + local_action: command /usr/bin/rsync --compress --archive --rsh 'ssh -S none -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null' root@{{ oo_master_public_ips[0] }}:/var/lib/openshift/openshift.local.certificates/admin/ {{ tmp_dir }} ignore_errors: yes - file: path=/var/lib/openshift/openshift.local.certificates/admin state=directory +- file: path={{ tmp_dir }} state=directory - name: Store OpenShift Master credentials - local_action: command /usr/bin/rsync --compress --archive --rsh 'ssh -S none -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null' /tmp/openshift/ root@{{ oo_public_ip }}:/var/lib/openshift/openshift.local.certificates/admin + local_action: command /usr/bin/rsync --compress --archive --rsh 'ssh -S none -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null' {{ tmp_dir }}/ root@{{ oo_public_ip }}:/var/lib/openshift/openshift.local.certificates/admin ignore_errors: yes - name: Configure OpenShift Node settings @@ -36,3 +38,4 @@ - name: Enable OpenShift service: name=openshift-node enabled=yes state=started +- file: name={{ tmp_dir }} state=absent -- cgit v1.2.3 From 16ab19a24e6e2122f3f1b8f229b8bb20c88045cd Mon Sep 17 00:00:00 2001 From: Jhon Honce Date: Tue, 17 Feb 2015 10:07:09 -0700 Subject: * Use hostname module * Use mktemp for scratch directory --- playbooks/gce/openshift-node/config.yml | 7 +---- roles/openshift_node/files/sysconfig/kubeconfig | 40 ------------------------- roles/openshift_node/tasks/main.yml | 13 ++++---- 3 files changed, 9 insertions(+), 51 deletions(-) delete mode 100644 roles/openshift_node/files/sysconfig/kubeconfig (limited to 'roles/openshift_node/tasks') diff --git a/playbooks/gce/openshift-node/config.yml b/playbooks/gce/openshift-node/config.yml index 10016463b..c9cacbc63 100644 --- a/playbooks/gce/openshift-node/config.yml +++ b/playbooks/gce/openshift-node/config.yml @@ -34,10 +34,6 @@ hosts: oo_hosts_to_config connection: ssh user: root - - vars: - tmp_dir: "/tmp/openshift-{{ 9999 | random }}" - vars_files: - vars.yml roles: @@ -49,6 +45,5 @@ oo_master_ips: "{{ hostvars['localhost'].oo_master_ips | default(['']) }}", oo_master_public_ips: "{{ hostvars['localhost'].oo_master_public_ips | default(['']) }}", oo_bind_ip: "{{ hostvars[inventory_hostname].ansible_eth0.ipv4.address | default(['']) }}", - oo_public_ip: "{{ hostvars[inventory_hostname].ansible_ssh_host }}", - tmp_dir: "{{ tmp_dir }}" + oo_public_ip: "{{ hostvars[inventory_hostname].ansible_ssh_host }}" } diff --git a/roles/openshift_node/files/sysconfig/kubeconfig b/roles/openshift_node/files/sysconfig/kubeconfig deleted file mode 100644 index 81e660ae4..000000000 --- a/roles/openshift_node/files/sysconfig/kubeconfig +++ /dev/null @@ -1,40 +0,0 @@ -apiVersion: v1 -clusters: -- cluster: - api-version: v1beta1 - server: http://cow.org:8080 - name: cow-cluster -- cluster: - certificate-authority: path/to/my/cafile - server: https://horse.org:4443 - name: horse-cluster -- cluster: - insecure-skip-tls-verify: true - server: https://pig.org:443 - name: pig-cluster -contexts: -- context: - cluster: horse-cluster - namespace: chisel-ns - user: green-user - name: federal-context -- context: - cluster: pig-cluster - namespace: saw-ns - user: black-user - name: queen-anne-context -current-context: federal-context -kind: Config -preferences: - colors: true -users: -- name: black-user - user: - auth-path: path/to/my/existing/.kubernetes_auth_file -- name: blue-user - user: - token: blue-token -- name: green-user - user: - client-certificate: path/to/my/client/cert - client-key: path/to/my/client/key diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index 73383da2c..f1b2e9ac0 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -6,17 +6,20 @@ # fixme: Once openshift stops resolving hostnames for node queries remove this... - name: Set hostname to IP Addr (WORKAROUND) - command: /usr/bin/hostname {{ oo_bind_ip }} + hostname: name={{ oo_bind_ip }} + +- local_action: command /usr/bin/mktemp -d /tmp/openshift-ansible-XXXXXXX + register: mktemp - name: Retrieve OpenShift Master credentials - local_action: command /usr/bin/rsync --compress --archive --rsh 'ssh -S none -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null' root@{{ oo_master_public_ips[0] }}:/var/lib/openshift/openshift.local.certificates/admin/ {{ tmp_dir }} + local_action: command /usr/bin/rsync --compress --archive --rsh 'ssh -S none -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null' root@{{ oo_master_public_ips[0] }}:/var/lib/openshift/openshift.local.certificates/admin/ {{ mktemp.stdout }} ignore_errors: yes - file: path=/var/lib/openshift/openshift.local.certificates/admin state=directory -- file: path={{ tmp_dir }} state=directory +- file: path={{ mktemp.stdout }} state=directory - name: Store OpenShift Master credentials - local_action: command /usr/bin/rsync --compress --archive --rsh 'ssh -S none -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null' {{ tmp_dir }}/ root@{{ oo_public_ip }}:/var/lib/openshift/openshift.local.certificates/admin + local_action: command /usr/bin/rsync --compress --archive --rsh 'ssh -S none -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null' {{ mktemp.stdout }}/ root@{{ oo_public_ip }}:/var/lib/openshift/openshift.local.certificates/admin ignore_errors: yes - name: Configure OpenShift Node settings @@ -38,4 +41,4 @@ - name: Enable OpenShift service: name=openshift-node enabled=yes state=started -- file: name={{ tmp_dir }} state=absent +- file: name={{ mktemp.stdout }} state=absent -- cgit v1.2.3 From aa6c548d4bae31526e22116967d730f6ecb528c0 Mon Sep 17 00:00:00 2001 From: Jhon Honce Date: Tue, 17 Feb 2015 10:39:36 -0700 Subject: * CRUD temp directory on local machine --- roles/openshift_node/tasks/main.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'roles/openshift_node/tasks') diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index f1b2e9ac0..e0041a90c 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -16,7 +16,6 @@ ignore_errors: yes - file: path=/var/lib/openshift/openshift.local.certificates/admin state=directory -- file: path={{ mktemp.stdout }} state=directory - name: Store OpenShift Master credentials local_action: command /usr/bin/rsync --compress --archive --rsh 'ssh -S none -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null' {{ mktemp.stdout }}/ root@{{ oo_public_ip }}:/var/lib/openshift/openshift.local.certificates/admin @@ -41,4 +40,4 @@ - name: Enable OpenShift service: name=openshift-node enabled=yes state=started -- file: name={{ mktemp.stdout }} state=absent +- local_action: file name={{ mktemp.stdout }} state=absent -- cgit v1.2.3 From a1b6d03c256ff0065cb7a8772533a1b2c81410e1 Mon Sep 17 00:00:00 2001 From: Jhon Honce Date: Thu, 19 Feb 2015 14:52:33 -0700 Subject: Fix SSL support between master and node(s) --- roles/openshift_master/tasks/main.yml | 4 ++-- roles/openshift_node/tasks/main.yml | 5 +++-- 2 files changed, 5 insertions(+), 4 deletions(-) (limited to 'roles/openshift_node/tasks') diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 9f28a3469..c92ca9c8f 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -24,10 +24,10 @@ firewalld: port=4001/tcp permanent=true state=enabled - name: Open firewalld port for OpenShift - firewalld: port=8080/tcp permanent=false state=enabled + firewalld: port=8443/tcp permanent=false state=enabled - name: Save firewalld port for OpenShift - firewalld: port=8080/tcp permanent=true state=enabled + firewalld: port=8443/tcp permanent=true state=enabled - name: Enable OpenShift service: name=openshift-master enabled=yes state=started diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index e0041a90c..5d846fbe3 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -27,7 +27,7 @@ regexp: "{{ item.regex }}" line: "{{ item.line }}" with_items: - - { regex: '^OPTIONS=', line: 'OPTIONS=\"--master=http://{{ oo_master_ips[0] }}:8080 --loglevel=5\"' } + - { regex: '^OPTIONS=', line: 'OPTIONS=\"--master=https://{{ oo_master_ips[0] }}:8443 --loglevel=5\"' } notify: - restart openshift-node @@ -37,7 +37,8 @@ - name: Save firewalld port for OpenShift firewalld: port=10250/tcp permanent=true state=enabled + # Always bounce service to pick up new credentials - name: Enable OpenShift - service: name=openshift-node enabled=yes state=started + service: name=openshift-node enabled=yes state=restarted - local_action: file name={{ mktemp.stdout }} state=absent -- cgit v1.2.3 From dcd84a6c524c217432f4b529b66da165bf4ff3e9 Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Fri, 20 Feb 2015 12:57:02 -0500 Subject: fix service definition for openshift-node --- roles/openshift_node/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'roles/openshift_node/tasks') diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index 5d846fbe3..deff80a3d 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -39,6 +39,6 @@ # Always bounce service to pick up new credentials - name: Enable OpenShift - service: name=openshift-node enabled=yes state=restarted + service: name=openshift-node enabled=yes state=started - local_action: file name={{ mktemp.stdout }} state=absent -- cgit v1.2.3 From fd4d628907438ecb6372590d7ed67016b9e00de1 Mon Sep 17 00:00:00 2001 From: Jhon Honce Date: Thu, 19 Feb 2015 14:52:33 -0700 Subject: Fix SSL support between master and node(s) --- playbooks/gce/openshift-node/launch.yml | 10 ++++++++++ roles/openshift_node/tasks/main.yml | 3 ++- 2 files changed, 12 insertions(+), 1 deletion(-) (limited to 'roles/openshift_node/tasks') diff --git a/playbooks/gce/openshift-node/launch.yml b/playbooks/gce/openshift-node/launch.yml index f2800b061..935599efd 100644 --- a/playbooks/gce/openshift-node/launch.yml +++ b/playbooks/gce/openshift-node/launch.yml @@ -45,3 +45,13 @@ # Apply the configs, separate so that just the configs can be run by themselves - include: config.yml + +# Always bounce service to pick up new credentials +#- name: "Restart instances" +# hosts: oo_hosts_to_config +# connection: ssh +# user: root +# tasks: +# - debug: var=groups.oo_hosts_to_config +# - name: Restart OpenShift +# service: name=openshift-node enabled=yes state=restarted diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index deff80a3d..8a0694905 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -37,8 +37,9 @@ - name: Save firewalld port for OpenShift firewalld: port=10250/tcp permanent=true state=enabled + # fixme: Once the openshift_cluster playbook is published state should be started # Always bounce service to pick up new credentials - name: Enable OpenShift - service: name=openshift-node enabled=yes state=started + service: name=openshift-node enabled=yes state=restarted - local_action: file name={{ mktemp.stdout }} state=absent -- cgit v1.2.3