From ca9f4f08fbf14f9edfa7331e327cf92a25cd4401 Mon Sep 17 00:00:00 2001 From: Andrew Butcher Date: Tue, 22 Sep 2015 16:42:36 -0400 Subject: Various HA changes for pacemaker and native methods. --- playbooks/common/openshift-cluster/config.yml | 10 +--- .../common/openshift-cluster/evaluate_groups.yml | 8 ++++ playbooks/common/openshift-master/config.yml | 54 ++++++++++++++++++++-- playbooks/gce/openshift-cluster/join_node.yml | 2 +- 4 files changed, 59 insertions(+), 15 deletions(-) (limited to 'playbooks') diff --git a/playbooks/common/openshift-cluster/config.yml b/playbooks/common/openshift-cluster/config.yml index b66ca4709..a8bd634d3 100644 --- a/playbooks/common/openshift-cluster/config.yml +++ b/playbooks/common/openshift-cluster/config.yml @@ -1,14 +1,6 @@ --- - include: evaluate_groups.yml - - name: Evaluate oo_lb_to_config - add_host: - name: "{{ item }}" - groups: oo_lb_to_config - ansible_ssh_user: "{{ g_ssh_user | default(omit) }}" - ansible_sudo: "{{ g_sudo | default(omit) }}" - with_items: groups[g_lb_group] | default(groups[g_masters_group]) | default([]) - - include: ../openshift-etcd/config.yml - include: ../openshift-master/config.yml @@ -16,4 +8,4 @@ - include: ../openshift-node/config.yml vars: osn_cluster_dns_domain: "{{ hostvars[groups.oo_first_master.0].openshift.dns.domain }}" - osn_cluster_dns_ip: "{{ hostvars[groups.oo_first_master.0].openshift.dns.ip }}" + osn_cluster_dns_ip: "{{ hostvars[groups.oo_first_master.0].cluster_dns_ip }}" diff --git a/playbooks/common/openshift-cluster/evaluate_groups.yml b/playbooks/common/openshift-cluster/evaluate_groups.yml index 1919660dd..a787ba0d3 100644 --- a/playbooks/common/openshift-cluster/evaluate_groups.yml +++ b/playbooks/common/openshift-cluster/evaluate_groups.yml @@ -62,3 +62,11 @@ ansible_ssh_user: "{{ g_ssh_user | default(omit) }}" ansible_sudo: "{{ g_sudo | default(omit) }}" when: g_masters_group in groups and (groups[g_masters_group] | length) > 0 + + - name: Evaluate oo_lb_to_config + add_host: + name: "{{ item }}" + groups: oo_lb_to_config + ansible_ssh_user: "{{ g_ssh_user | default(omit) }}" + ansible_sudo: "{{ g_sudo | default(omit) }}" + with_items: groups[g_lb_group] | default([]) diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index d1aa9c85c..64376040f 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -46,7 +46,6 @@ public_api_url: "{{ openshift_master_public_api_url | default(None) }}" cluster_hostname: "{{ openshift_master_cluster_hostname | default(None) }}" cluster_public_hostname: "{{ openshift_master_cluster_public_hostname | default(None) }}" - cluster_defer_ha: "{{ openshift_master_cluster_defer_ha | default(None) }}" console_path: "{{ openshift_master_console_path | default(None) }}" console_port: "{{ openshift_master_console_port | default(None) }}" console_url: "{{ openshift_master_console_url | default(None) }}" @@ -244,6 +243,35 @@ - role: haproxy when: groups.oo_masters_to_config | length > 1 +- name: Generate master session keys + hosts: oo_first_master + tasks: + - fail: + msg: "Both openshift_master_session_auth_secrets and openshift_master_session_encryption_secrets must be provided if either variable is set" + when: (openshift_master_session_auth_secrets is defined and openshift_master_session_encryption_secrets is not defined) or (openshift_master_session_encryption_secrets is defined and openshift_master_session_auth_secrets is not defined) + - fail: + msg: "openshift_master_session_auth_secrets and openshift_master_encryption_secrets must be equal length" + when: (openshift_master_session_auth_secrets is defined and openshift_master_session_encryption_secrets is defined) and (openshift_master_session_auth_secrets | length != openshift_master_session_encryption_secrets | length) + - name: Generate session authentication key + command: /usr/bin/openssl rand -base64 24 + register: session_auth_output + with_sequence: count=1 + when: openshift_master_session_auth_secrets is undefined + - name: Generate session encryption key + command: /usr/bin/openssl rand -base64 24 + register: session_encryption_output + with_sequence: count=1 + when: openshift_master_session_encryption_secrets is undefined + - set_fact: + session_auth_secret: "{{ openshift_master_session_auth_secrets + | default(session_auth_output.results + | map(attribute='stdout') + | list) }}" + session_encryption_secret: "{{ openshift_master_session_encryption_secrets + | default(session_encryption_output.results + | map(attribute='stdout') + | list) }}" + - name: Configure master instances hosts: oo_masters_to_config serial: 1 @@ -252,6 +280,8 @@ sync_tmpdir: "{{ hostvars.localhost.g_master_mktemp.stdout }}" openshift_master_ha: "{{ groups.oo_masters_to_config | length > 1 }}" openshift_master_count: "{{ groups.oo_masters_to_config | length }}" + openshift_master_session_auth_secrets: "{{ hostvars[groups['oo_first_master'][0]]['session_auth_secret'] }}" + openshift_master_session_encryption_secrets: "{{ hostvars[groups['oo_first_master'][0]]['session_encryption_secret'] }}" pre_tasks: - name: Ensure certificate directory exists file: @@ -276,15 +306,29 @@ - name: Additional master configuration hosts: oo_first_master vars: - #openshift_master_ha: "{{ groups.oo_masters_to_config | length > 1 }}" - # omc_cluster_hosts: "{{ groups.oo_masters_to_config | join(' ')}}" + openshift_master_ha: "{{ groups.oo_masters_to_config | length > 1 }}" + omc_cluster_hosts: "{{ groups.oo_masters_to_config | join(' ')}}" roles: -# - role: openshift_master_cluster -# when: openshift_master_ha | bool + - role: openshift_master_cluster + when: openshift_master_ha | bool and openshift.master.cluster_method == "pacemaker" - openshift_examples - role: openshift_cluster_metrics when: openshift.common.use_cluster_metrics | bool +- name: Determine cluster dns ip + hosts: oo_first_master + tasks: + - name: Get master service ip + command: "{{ openshift.common.client_binary }} get -o template svc kubernetes --template=\\{\\{.spec.clusterIP\\}\\}" + register: master_service_ip_output + when: openshift.common.version_greater_than_3_1_or_1_1 | bool + - set_fact: + cluster_dns_ip: "{{ hostvars[groups.oo_first_master.0].openshift.dns.ip }}" + when: not openshift.common.version_greater_than_3_1_or_1_1 | bool + - set_fact: + cluster_dns_ip: "{{ master_service_ip_output.stdout }}" + when: openshift.common.version_greater_than_3_1_or_1_1 | bool + - name: Enable cockpit hosts: oo_first_master vars: diff --git a/playbooks/gce/openshift-cluster/join_node.yml b/playbooks/gce/openshift-cluster/join_node.yml index 0dfa3e9d7..c8f6065cd 100644 --- a/playbooks/gce/openshift-cluster/join_node.yml +++ b/playbooks/gce/openshift-cluster/join_node.yml @@ -46,4 +46,4 @@ openshift_node_labels: "{{ lookup('oo_option', 'openshift_node_labels') }} " os_sdn_network_plugin_name: "redhat/openshift-ovs-subnet" osn_cluster_dns_domain: "{{ hostvars[groups.oo_first_master.0].openshift.dns.domain }}" - osn_cluster_dns_ip: "{{ hostvars[groups.oo_first_master.0].openshift.dns.ip }}" + osn_cluster_dns_ip: "{{ hostvars[groups.oo_first_master.0].cluster_dns_ip }}" -- cgit v1.2.3