diff options
Diffstat (limited to 'roles/openshift_openstack')
-rw-r--r-- | roles/openshift_openstack/defaults/main.yml | 12 | ||||
-rw-r--r-- | roles/openshift_openstack/tasks/check-prerequisites.yml | 8 | ||||
-rw-r--r-- | roles/openshift_openstack/tasks/hostname.yml | 26 | ||||
-rw-r--r-- | roles/openshift_openstack/tasks/node-configuration.yml | 6 | ||||
-rw-r--r-- | roles/openshift_openstack/tasks/populate-dns.yml | 23 | ||||
-rw-r--r-- | roles/openshift_openstack/tasks/provision.yml | 4 | ||||
-rw-r--r-- | roles/openshift_openstack/templates/heat_stack.yaml.j2 | 136 |
7 files changed, 26 insertions, 189 deletions
diff --git a/roles/openshift_openstack/defaults/main.yml b/roles/openshift_openstack/defaults/main.yml index 5f182e0d6..65a647b8f 100644 --- a/roles/openshift_openstack/defaults/main.yml +++ b/roles/openshift_openstack/defaults/main.yml @@ -4,11 +4,9 @@ openshift_openstack_stack_state: 'present' openshift_openstack_ssh_ingress_cidr: 0.0.0.0/0 openshift_openstack_node_ingress_cidr: 0.0.0.0/0 openshift_openstack_lb_ingress_cidr: 0.0.0.0/0 -openshift_openstack_bastion_ingress_cidr: 0.0.0.0/0 openshift_openstack_num_etcd: 0 openshift_openstack_num_masters: 1 openshift_openstack_num_nodes: 1 -openshift_openstack_num_dns: 0 openshift_openstack_num_infra: 1 openshift_openstack_dns_nameservers: [] openshift_openstack_nodes_to_remove: [] @@ -45,8 +43,10 @@ openshift_openstack_container_storage_setup: # populate-dns openshift_openstack_dns_records_add: [] -openshift_openstack_external_nsupdate_keys: {} +openshift_openstack_public_hostname_suffix: "" +openshift_openstack_private_hostname_suffix: "" +openshift_openstack_public_dns_domain: "example.com" openshift_openstack_full_dns_domain: "{{ (openshift_openstack_clusterid|trim == '') | ternary(openshift_openstack_public_dns_domain, openshift_openstack_clusterid + '.' + openshift_openstack_public_dns_domain) }}" openshift_openstack_app_subdomain: "apps" @@ -60,20 +60,17 @@ openshift_openstack_infra_hostname: infra-node openshift_openstack_node_hostname: app-node openshift_openstack_lb_hostname: lb openshift_openstack_etcd_hostname: etcd -openshift_openstack_dns_hostname: dns openshift_openstack_keypair_name: openshift openshift_openstack_lb_flavor: "{{ openshift_openstack_default_flavor }}" openshift_openstack_etcd_flavor: "{{ openshift_openstack_default_flavor }}" openshift_openstack_master_flavor: "{{ openshift_openstack_default_flavor }}" openshift_openstack_node_flavor: "{{ openshift_openstack_default_flavor }}" openshift_openstack_infra_flavor: "{{ openshift_openstack_default_flavor }}" -openshift_openstack_dns_flavor: "{{ openshift_openstack_default_flavor }}" openshift_openstack_master_image: "{{ openshift_openstack_default_image_name }}" openshift_openstack_infra_image: "{{ openshift_openstack_default_image_name }}" openshift_openstack_node_image: "{{ openshift_openstack_default_image_name }}" openshift_openstack_lb_image: "{{ openshift_openstack_default_image_name }}" openshift_openstack_etcd_image: "{{ openshift_openstack_default_image_name }}" -openshift_openstack_dns_image: "{{ openshift_openstack_default_image_name }}" openshift_openstack_provider_network_name: null openshift_openstack_external_network_name: null openshift_openstack_private_network: >- @@ -89,8 +86,5 @@ openshift_openstack_master_volume_size: "{{ openshift_openstack_docker_volume_si openshift_openstack_infra_volume_size: "{{ openshift_openstack_docker_volume_size }}" openshift_openstack_node_volume_size: "{{ openshift_openstack_docker_volume_size }}" openshift_openstack_etcd_volume_size: 2 -openshift_openstack_dns_volume_size: 1 openshift_openstack_lb_volume_size: 5 -openshift_openstack_use_bastion: false -openshift_openstack_ui_ssh_tunnel: false openshift_openstack_ephemeral_volumes: false diff --git a/roles/openshift_openstack/tasks/check-prerequisites.yml b/roles/openshift_openstack/tasks/check-prerequisites.yml index 57c7238d1..30996cc47 100644 --- a/roles/openshift_openstack/tasks/check-prerequisites.yml +++ b/roles/openshift_openstack/tasks/check-prerequisites.yml @@ -32,10 +32,12 @@ command: python -c "import dns" ignore_errors: yes register: pythondns_result + when: openshift_openstack_external_nsupdate_keys is defined - name: Check if python-dns is installed assert: that: 'pythondns_result.rc == 0' msg: "Python module python-dns is not installed" + when: openshift_openstack_external_nsupdate_keys is defined # Check jinja2 - name: Try to import jinja2 module @@ -85,21 +87,19 @@ msg: "Keypair {{ openshift_openstack_keypair_name }} is not available" # Check that custom images are available -- include: custom_image_check.yaml +- include_tasks: custom_image_check.yaml with_items: - "{{ openshift_openstack_master_image }}" - "{{ openshift_openstack_infra_image }}" - "{{ openshift_openstack_node_image }}" - "{{ openshift_openstack_lb_image }}" - "{{ openshift_openstack_etcd_image }}" - - "{{ openshift_openstack_dns_image }}" # Check that custom flavors are available -- include: custom_flavor_check.yaml +- include_tasks: custom_flavor_check.yaml with_items: - "{{ openshift_openstack_master_flavor }}" - "{{ openshift_openstack_infra_flavor }}" - "{{ openshift_openstack_node_flavor }}" - "{{ openshift_openstack_lb_flavor }}" - "{{ openshift_openstack_etcd_flavor }}" - - "{{ openshift_openstack_dns_flavor }}" diff --git a/roles/openshift_openstack/tasks/hostname.yml b/roles/openshift_openstack/tasks/hostname.yml deleted file mode 100644 index e1a18425f..000000000 --- a/roles/openshift_openstack/tasks/hostname.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -- name: Setting Hostname Fact - set_fact: - new_hostname: "{{ custom_hostname | default(inventory_hostname_short) }}" - -- name: Setting FQDN Fact - set_fact: - new_fqdn: "{{ new_hostname }}.{{ openshift_openstack_full_dns_domain }}" - -- name: Setting hostname and DNS domain - hostname: name="{{ new_fqdn }}" - -- name: Check for cloud.cfg - stat: path=/etc/cloud/cloud.cfg - register: cloud_cfg - -- name: Prevent cloud-init updates of hostname/fqdn (if applicable) - lineinfile: - dest: /etc/cloud/cloud.cfg - state: present - regexp: "{{ item.regexp }}" - line: "{{ item.line }}" - with_items: - - { regexp: '^ - set_hostname', line: '# - set_hostname' } - - { regexp: '^ - update_hostname', line: '# - update_hostname' } - when: cloud_cfg.stat.exists == True diff --git a/roles/openshift_openstack/tasks/node-configuration.yml b/roles/openshift_openstack/tasks/node-configuration.yml index 89e58d830..59df2e396 100644 --- a/roles/openshift_openstack/tasks/node-configuration.yml +++ b/roles/openshift_openstack/tasks/node-configuration.yml @@ -4,8 +4,6 @@ msg: "SELinux is required for OpenShift and has been detected as '{{ ansible_selinux.config_mode }}'" when: ansible_selinux.config_mode != "enforcing" -- include: hostname.yml +- include_tasks: container-storage-setup.yml -- include: container-storage-setup.yml - -- include: node-network.yml +- include_tasks: node-network.yml diff --git a/roles/openshift_openstack/tasks/populate-dns.yml b/roles/openshift_openstack/tasks/populate-dns.yml index c03aceb94..cf2ead5c3 100644 --- a/roles/openshift_openstack/tasks/populate-dns.yml +++ b/roles/openshift_openstack/tasks/populate-dns.yml @@ -1,7 +1,7 @@ --- - name: "Generate list of private A records" set_fact: - private_records: "{{ private_records | default([]) + [ { 'type': 'A', 'hostname': hostvars[item]['ansible_hostname'], 'ip': hostvars[item]['private_v4'] } ] }}" + private_records: "{{ private_records | default([]) + [ { 'type': 'A', 'hostname': hostvars[item]['ansible_hostname'] + openshift_openstack_private_hostname_suffix, 'ip': hostvars[item]['private_v4'] } ] }}" with_items: "{{ groups['cluster_hosts'] }}" - name: "Add wildcard records to the private A records for infrahosts" @@ -30,7 +30,6 @@ nsupdate_key_algorithm_private: "{{ openshift_openstack_external_nsupdate_keys['private']['key_algorithm'] }}" nsupdate_private_key_name: "{{ openshift_openstack_external_nsupdate_keys['private']['key_name']|default('private-' + openshift_openstack_full_dns_domain) }}" when: - - openshift_openstack_external_nsupdate_keys is defined - openshift_openstack_external_nsupdate_keys['private'] is defined @@ -44,10 +43,12 @@ key_secret: "{{ nsupdate_key_secret_private }}" key_algorithm: "{{ nsupdate_key_algorithm_private | lower }}" entries: "{{ private_records }}" + when: + - openshift_openstack_external_nsupdate_keys['private'] is defined - name: "Generate list of public A records" set_fact: - public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': hostvars[item]['ansible_hostname'], 'ip': hostvars[item]['public_v4'] } ] }}" + public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': hostvars[item]['ansible_hostname'] + openshift_openstack_public_hostname_suffix, 'ip': hostvars[item]['public_v4'] } ] }}" with_items: "{{ groups['cluster_hosts'] }}" when: hostvars[item]['public_v4'] is defined @@ -63,15 +64,6 @@ when: - hostvars[groups.masters[0]].openshift_master_cluster_public_hostname is defined - openshift_openstack_num_masters == 1 - - not openshift_openstack_use_bastion|bool - -- name: "Add public master cluster hostname records to the public A records (single master behind a bastion)" - set_fact: - public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(openshift_openstack_full_dns_domain, ''))[:-1], 'ip': hostvars[groups.bastions[0]].public_v4 } ] }}" - when: - - hostvars[groups.masters[0]].openshift_master_cluster_public_hostname is defined - - openshift_openstack_num_masters == 1 - - openshift_openstack_use_bastion|bool - name: "Add public master cluster hostname records to the public A records (multi-master)" set_fact: @@ -87,7 +79,6 @@ nsupdate_key_algorithm_public: "{{ openshift_openstack_external_nsupdate_keys['public']['key_algorithm'] }}" nsupdate_public_key_name: "{{ openshift_openstack_external_nsupdate_keys['public']['key_name']|default('public-' + openshift_openstack_full_dns_domain) }}" when: - - openshift_openstack_external_nsupdate_keys is defined - openshift_openstack_external_nsupdate_keys['public'] is defined - name: "Generate the public Add section for DNS" @@ -100,11 +91,13 @@ key_secret: "{{ nsupdate_key_secret_public }}" key_algorithm: "{{ nsupdate_key_algorithm_public | lower }}" entries: "{{ public_records }}" + when: + - openshift_openstack_external_nsupdate_keys['public'] is defined - name: "Generate the final openshift_openstack_dns_records_add" set_fact: - openshift_openstack_dns_records_add: "{{ private_named_records + public_named_records }}" + openshift_openstack_dns_records_add: "{{ private_named_records|default([]) + public_named_records|default([]) }}" - name: "Add DNS A records" @@ -120,7 +113,7 @@ # TODO(shadower): add a cleanup playbook that removes these records, too! state: present with_subelements: - - "{{ openshift_openstack_dns_records_add | default({}) }}" + - "{{ openshift_openstack_dns_records_add | default([]) }}" - entries register: nsupdate_add_result until: nsupdate_add_result|succeeded diff --git a/roles/openshift_openstack/tasks/provision.yml b/roles/openshift_openstack/tasks/provision.yml index dccbe334c..b774bd620 100644 --- a/roles/openshift_openstack/tasks/provision.yml +++ b/roles/openshift_openstack/tasks/provision.yml @@ -1,6 +1,6 @@ --- - name: Generate the templates - include: generate-templates.yml + include_tasks: generate-templates.yml when: - openshift_openstack_stack_state == 'present' @@ -17,7 +17,7 @@ meta: refresh_inventory - name: CleanUp - include: cleanup.yml + include_tasks: cleanup.yml when: - openshift_openstack_stack_state == 'present' diff --git a/roles/openshift_openstack/templates/heat_stack.yaml.j2 b/roles/openshift_openstack/templates/heat_stack.yaml.j2 index 0e7538629..8d13eb81e 100644 --- a/roles/openshift_openstack/templates/heat_stack.yaml.j2 +++ b/roles/openshift_openstack/templates/heat_stack.yaml.j2 @@ -54,25 +54,8 @@ outputs: description: Floating IPs of the nodes value: { get_attr: [ infra_nodes, floating_ip ] } -{% if openshift_openstack_num_dns|int > 0 %} - dns_name: - description: Name of the DNS - value: - get_attr: - - dns - - name - - dns_floating_ips: - description: Floating IPs of the DNS - value: { get_attr: [ dns, floating_ip ] } - - dns_private_ips: - description: Private IPs of the DNS - value: { get_attr: [ dns, private_ip ] } -{% endif %} - conditions: - no_floating: {% if openshift_openstack_provider_network_name or openshift_openstack_use_bastion|bool %}true{% else %}false{% endif %} + no_floating: {% if openshift_openstack_provider_network_name %}true{% else %}false{% endif %} resources: @@ -180,13 +163,6 @@ resources: port_range_min: 22 port_range_max: 22 remote_ip_prefix: {{ openshift_openstack_ssh_ingress_cidr }} -{% if openshift_openstack_use_bastion|bool %} - - direction: ingress - protocol: tcp - port_range_min: 22 - port_range_max: 22 - remote_ip_prefix: {{ openshift_openstack_bastion_ingress_cidr }} -{% endif %} - direction: ingress protocol: icmp remote_ip_prefix: {{ openshift_openstack_ssh_ingress_cidr }} @@ -443,44 +419,7 @@ resources: port_range_min: 443 port_range_max: 443 -{% if openshift_openstack_num_dns|int > 0 %} - dns-secgrp: - type: OS::Neutron::SecurityGroup - properties: - name: - str_replace: - template: openshift-ansible-cluster_id-dns-secgrp - params: - cluster_id: {{ openshift_openstack_stack_name }} - description: - str_replace: - template: Security group for cluster_id cluster DNS - params: - cluster_id: {{ openshift_openstack_stack_name }} - rules: - - direction: ingress - protocol: udp - port_range_min: 53 - port_range_max: 53 - remote_ip_prefix: {{ openshift_openstack_node_ingress_cidr }} - - direction: ingress - protocol: udp - port_range_min: 53 - port_range_max: 53 - remote_ip_prefix: "{{ openshift_openstack_subnet_prefix }}.0/24" - - direction: ingress - protocol: tcp - port_range_min: 53 - port_range_max: 53 - remote_ip_prefix: {{ openshift_openstack_node_ingress_cidr }} - - direction: ingress - protocol: tcp - port_range_min: 53 - port_range_max: 53 - remote_ip_prefix: "{{ openshift_openstack_subnet_prefix }}.0/24" -{% endif %} - -{% if openshift_openstack_num_masters|int > 1 or openshift_openstack_ui_ssh_tunnel|bool %} +{% if openshift_openstack_num_masters|int > 1 %} lb-secgrp: type: OS::Neutron::SecurityGroup properties: @@ -491,20 +430,13 @@ resources: protocol: tcp port_range_min: {{ openshift_master_api_port | default(8443) }} port_range_max: {{ openshift_master_api_port | default(8443) }} - remote_ip_prefix: {{ openshift_openstack_lb_ingress_cidr | default(openshift_openstack_bastion_ingress_cidr) }} -{% if openshift_openstack_ui_ssh_tunnel|bool %} - - direction: ingress - protocol: tcp - port_range_min: {{ openshift_master_api_port | default(8443) }} - port_range_max: {{ openshift_master_api_port | default(8443) }} - remote_ip_prefix: {{ openshift_openstack_ssh_ingress_cidr }} -{% endif %} + remote_ip_prefix: {{ openshift_openstack_lb_ingress_cidr }} {% if openshift_master_console_port is defined and openshift_master_console_port != openshift_master_api_port %} - direction: ingress protocol: tcp port_range_min: {{ openshift_master_console_port | default(8443) }} port_range_max: {{ openshift_master_console_port | default(8443) }} - remote_ip_prefix: {{ openshift_openstack_lb_ingress_cidr | default(openshift_openstack_bastion_ingress_cidr) }} + remote_ip_prefix: {{ openshift_openstack_lb_ingress_cidr }} {% endif %} {% endif %} @@ -553,7 +485,7 @@ resources: - no_floating - null - {{ openshift_openstack_external_network_name }} -{% if openshift_openstack_use_bastion|bool or openshift_openstack_provider_network_name %} +{% if openshift_openstack_provider_network_name %} attach_float_net: false {% endif %} volume_size: {{ openshift_openstack_etcd_volume_size }} @@ -685,7 +617,7 @@ resources: - no_floating - null - {{ openshift_openstack_external_network_name }} -{% if openshift_openstack_use_bastion|bool or openshift_openstack_provider_network_name %} +{% if openshift_openstack_provider_network_name %} attach_float_net: false {% endif %} volume_size: {{ openshift_openstack_master_volume_size }} @@ -755,7 +687,7 @@ resources: - no_floating - null - {{ openshift_openstack_external_network_name }} -{% if openshift_openstack_use_bastion|bool or openshift_openstack_provider_network_name %} +{% if openshift_openstack_provider_network_name %} attach_float_net: false {% endif %} volume_size: {{ openshift_openstack_node_volume_size }} @@ -818,9 +750,6 @@ resources: {% else %} - { get_resource: node-secgrp } {% endif %} -{% if openshift_openstack_ui_ssh_tunnel|bool and openshift_openstack_num_masters|int < 2 %} - - { get_resource: lb-secgrp } -{% endif %} - { get_resource: infra-secgrp } - { get_resource: common-secgrp } {% if not openshift_openstack_provider_network_name %} @@ -835,54 +764,3 @@ resources: depends_on: - interface {% endif %} - -{% if openshift_openstack_num_dns|int > 0 %} - dns: - type: OS::Heat::ResourceGroup - properties: - count: {{ openshift_openstack_num_dns }} - resource_def: - type: server.yaml - properties: - name: - str_replace: - template: k8s_type-%index%.cluster_id - params: - cluster_id: {{ openshift_openstack_stack_name }} - k8s_type: {{ openshift_openstack_dns_hostname }} - cluster_env: {{ openshift_openstack_public_dns_domain }} - cluster_id: {{ openshift_openstack_stack_name }} - group: - str_replace: - template: k8s_type.cluster_id - params: - k8s_type: dns - cluster_id: {{ openshift_openstack_stack_name }} - type: dns - image: {{ openshift_openstack_dns_image }} - flavor: {{ openshift_openstack_dns_flavor }} - key_name: {{ openshift_openstack_keypair_name }} -{% if openshift_openstack_provider_network_name %} - net: {{ openshift_openstack_provider_network_name }} - net_name: {{ openshift_openstack_provider_network_name }} -{% else %} - net: { get_resource: net } - subnet: { get_resource: subnet } - net_name: - str_replace: - template: openshift-ansible-cluster_id-net - params: - cluster_id: {{ openshift_openstack_stack_name }} -{% endif %} - secgrp: - - { get_resource: dns-secgrp } - - { get_resource: common-secgrp } -{% if not openshift_openstack_provider_network_name %} - floating_network: {{ openshift_openstack_external_network_name }} -{% endif %} - volume_size: {{ openshift_openstack_dns_volume_size }} -{% if not openshift_openstack_provider_network_name %} - depends_on: - - interface -{% endif %} -{% endif %} |