diff options
Diffstat (limited to 'playbooks/openshift-node')
21 files changed, 364 insertions, 0 deletions
diff --git a/playbooks/openshift-node/certificates.yml b/playbooks/openshift-node/certificates.yml new file mode 100644 index 000000000..0384877d9 --- /dev/null +++ b/playbooks/openshift-node/certificates.yml @@ -0,0 +1,4 @@ +--- +- include: ../init/main.yml + +- include: private/certificates.yml diff --git a/playbooks/openshift-node/config.yml b/playbooks/openshift-node/config.yml new file mode 100644 index 000000000..8ee57ce8d --- /dev/null +++ b/playbooks/openshift-node/config.yml @@ -0,0 +1,4 @@ +--- +- include: ../init/main.yml + +- include: private/config.yml diff --git a/playbooks/openshift-node/network_manager.yml b/playbooks/openshift-node/network_manager.yml new file mode 100644 index 000000000..c0900308c --- /dev/null +++ b/playbooks/openshift-node/network_manager.yml @@ -0,0 +1,4 @@ +--- +- include: ../init/evaluate_groups.yml + +- include: private/network_manager.yml diff --git a/playbooks/openshift-node/private/additional_config.yml b/playbooks/openshift-node/private/additional_config.yml new file mode 100644 index 000000000..ac757397b --- /dev/null +++ b/playbooks/openshift-node/private/additional_config.yml @@ -0,0 +1,64 @@ +--- +- name: create additional node network plugin groups + hosts: "{{ openshift_node_scale_up_group | default('oo_nodes_to_config') }}" + tasks: + # Creating these node groups will prevent a ton of skipped tasks. + # Create group for flannel nodes + - group_by: + key: oo_nodes_use_{{ (openshift_use_flannel | default(False)) | ternary('flannel','nothing') }} + changed_when: False + # Create group for calico nodes + - group_by: + key: oo_nodes_use_{{ (openshift_use_calico | default(False)) | ternary('calico','nothing') }} + changed_when: False + # Create group for nuage nodes + - group_by: + key: oo_nodes_use_{{ (openshift_use_nuage | default(False)) | ternary('nuage','nothing') }} + changed_when: False + # Create group for contiv nodes + - group_by: + key: oo_nodes_use_{{ (openshift_use_contiv | default(False)) | ternary('contiv','nothing') }} + changed_when: False + # Create group for kuryr nodes + - group_by: + key: oo_nodes_use_{{ (openshift_use_kuryr | default(False)) | ternary('kuryr','nothing') }} + changed_when: False + +- include: etcd_client_config.yml + vars: + openshift_node_scale_up_group: "oo_nodes_use_flannel:oo_nodes_use_calico:oo_nodes_use_contiv:oo_nodes_use_kuryr" + +- name: Additional node config + hosts: oo_nodes_use_flannel + roles: + - role: flannel + etcd_urls: "{{ hostvars[groups.oo_first_master.0].openshift.master.etcd_urls }}" + embedded_etcd: "{{ hostvars[groups.oo_first_master.0].openshift.master.embedded_etcd }}" + when: openshift_use_flannel | default(false) | bool + +- name: Additional node config + hosts: oo_nodes_use_calico + roles: + - role: calico + when: openshift_use_calico | default(false) | bool + +- name: Additional node config + hosts: oo_nodes_use_nuage + roles: + - role: nuage_node + when: openshift_use_nuage | default(false) | bool + +- name: Additional node config + hosts: oo_nodes_use_contiv + roles: + - role: contiv + contiv_role: netplugin + when: openshift_use_contiv | default(false) | bool + +- name: Configure Kuryr node + hosts: oo_nodes_use_kuryr + tasks: + - include_role: + name: kuryr + tasks_from: node + when: openshift_use_kuryr | default(false) | bool diff --git a/playbooks/openshift-node/private/certificates.yml b/playbooks/openshift-node/private/certificates.yml new file mode 100644 index 000000000..908885ee6 --- /dev/null +++ b/playbooks/openshift-node/private/certificates.yml @@ -0,0 +1,8 @@ +--- +- name: Create OpenShift certificates for node hosts + hosts: oo_nodes_to_config + gather_facts: no + roles: + - role: openshift_node_certificates + openshift_ca_host: "{{ groups.oo_first_master.0 }}" + when: not openshift_node_bootstrap | default(false) | bool diff --git a/playbooks/openshift-node/private/clean_image.yml b/playbooks/openshift-node/private/clean_image.yml new file mode 100644 index 000000000..38753d0af --- /dev/null +++ b/playbooks/openshift-node/private/clean_image.yml @@ -0,0 +1,10 @@ +--- +- name: Configure nodes + hosts: oo_nodes_to_config:!oo_containerized_master_nodes + tasks: + - name: Remove any ansible facts created during AMI creation + file: + path: "/etc/ansible/facts.d/{{ item }}" + state: absent + with_items: + - openshift.fact diff --git a/playbooks/openshift-node/private/config.yml b/playbooks/openshift-node/private/config.yml new file mode 100644 index 000000000..28e3c1b1b --- /dev/null +++ b/playbooks/openshift-node/private/config.yml @@ -0,0 +1,38 @@ +--- +- name: Node Install Checkpoint Start + hosts: all + gather_facts: false + tasks: + - name: Set Node install 'In Progress' + run_once: true + set_stats: + data: + installer_phase_node: + status: "In Progress" + start: "{{ lookup('pipe', 'date +%Y%m%d%H%M%SZ') }}" + +- include: certificates.yml + +- include: setup.yml + +- include: containerized_nodes.yml + +- include: configure_nodes.yml + +- include: additional_config.yml + +- include: manage_node.yml + +- include: enable_excluders.yml + +- name: Node Install Checkpoint End + hosts: all + gather_facts: false + tasks: + - name: Set Node install 'Complete' + run_once: true + set_stats: + data: + installer_phase_node: + status: "Complete" + end: "{{ lookup('pipe', 'date +%Y%m%d%H%M%SZ') }}" diff --git a/playbooks/openshift-node/private/configure_nodes.yml b/playbooks/openshift-node/private/configure_nodes.yml new file mode 100644 index 000000000..17259422d --- /dev/null +++ b/playbooks/openshift-node/private/configure_nodes.yml @@ -0,0 +1,17 @@ +--- +- name: Configure nodes + hosts: oo_nodes_to_config:!oo_containerized_master_nodes + vars: + openshift_node_master_api_url: "{{ hostvars[groups.oo_first_master.0].openshift.master.api_url }}" + openshift_node_first_master_ip: "{{ hostvars[groups.oo_first_master.0].openshift.common.ip }}" + openshift_docker_hosted_registry_network: "{{ hostvars[groups.oo_first_master.0].openshift.common.portal_net }}" + openshift_no_proxy_internal_hostnames: "{{ hostvars | oo_select_keys(groups['oo_nodes_to_config'] + | union(groups['oo_masters_to_config']) + | union(groups['oo_etcd_to_config'] | default([]))) + | oo_collect('openshift.common.hostname') | default([]) | join (',') + }}" + roles: + - role: os_firewall + - role: openshift_node + - role: tuned + - role: nickhammond.logrotate diff --git a/playbooks/openshift-node/private/containerized_nodes.yml b/playbooks/openshift-node/private/containerized_nodes.yml new file mode 100644 index 000000000..6fac937e3 --- /dev/null +++ b/playbooks/openshift-node/private/containerized_nodes.yml @@ -0,0 +1,19 @@ +--- +- name: Configure containerized nodes + hosts: oo_containerized_master_nodes + serial: 1 + vars: + openshift_node_master_api_url: "{{ hostvars[groups.oo_first_master.0].openshift.master.api_url }}" + openshift_node_first_master_ip: "{{ hostvars[groups.oo_first_master.0].openshift.common.ip }}" + openshift_docker_hosted_registry_network: "{{ hostvars[groups.oo_first_master.0].openshift.common.portal_net }}" + openshift_no_proxy_internal_hostnames: "{{ hostvars | oo_select_keys(groups['oo_nodes_to_config'] + | union(groups['oo_masters_to_config']) + | union(groups['oo_etcd_to_config'] | default([]))) + | oo_collect('openshift.common.hostname') | default([]) | join (',') + }}" + + roles: + - role: os_firewall + - role: openshift_node + openshift_ca_host: "{{ groups.oo_first_master.0 }}" + - role: nickhammond.logrotate diff --git a/playbooks/openshift-node/private/enable_excluders.yml b/playbooks/openshift-node/private/enable_excluders.yml new file mode 100644 index 000000000..5288b14f9 --- /dev/null +++ b/playbooks/openshift-node/private/enable_excluders.yml @@ -0,0 +1,8 @@ +--- +- name: Re-enable excluder if it was previously enabled + hosts: oo_nodes_to_config + gather_facts: no + roles: + - role: openshift_excluder + r_openshift_excluder_action: enable + r_openshift_excluder_service_type: "{{ openshift.common.service_type }}" diff --git a/playbooks/openshift-node/private/etcd_client_config.yml b/playbooks/openshift-node/private/etcd_client_config.yml new file mode 100644 index 000000000..c3fa38a81 --- /dev/null +++ b/playbooks/openshift-node/private/etcd_client_config.yml @@ -0,0 +1,11 @@ +--- +- name: etcd_client node config + hosts: "{{ openshift_node_scale_up_group | default('this_group_does_not_exist') }}" + roles: + - role: openshift_facts + - role: openshift_etcd_facts + - role: openshift_etcd_client_certificates + etcd_cert_prefix: flannel.etcd- + etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}" + etcd_cert_subdir: "openshift-node-{{ openshift.common.hostname }}" + etcd_cert_config_dir: "{{ openshift.common.config_base }}/node" diff --git a/playbooks/openshift-node/private/filter_plugins b/playbooks/openshift-node/private/filter_plugins new file mode 120000 index 000000000..99a95e4ca --- /dev/null +++ b/playbooks/openshift-node/private/filter_plugins @@ -0,0 +1 @@ +../../../filter_plugins
\ No newline at end of file diff --git a/playbooks/openshift-node/private/image_prep.yml b/playbooks/openshift-node/private/image_prep.yml new file mode 100644 index 000000000..3c042acdc --- /dev/null +++ b/playbooks/openshift-node/private/image_prep.yml @@ -0,0 +1,21 @@ +--- +- name: normalize groups + include: ../../init/evaluate_groups.yml + +- name: initialize the facts + include: ../../init/facts.yml + +- name: initialize the repositories + include: ../../init/repos.yml + +- name: run node config setup + include: setup.yml + +- name: run node config + include: configure_nodes.yml + +- name: Re-enable excluders + include: enable_excluders.yml + +- name: Remove any undesired artifacts from build + include: clean_image.yml diff --git a/playbooks/openshift-node/private/lookup_plugins b/playbooks/openshift-node/private/lookup_plugins new file mode 120000 index 000000000..ac79701db --- /dev/null +++ b/playbooks/openshift-node/private/lookup_plugins @@ -0,0 +1 @@ +../../../lookup_plugins
\ No newline at end of file diff --git a/playbooks/openshift-node/private/manage_node.yml b/playbooks/openshift-node/private/manage_node.yml new file mode 100644 index 000000000..f48a19a9c --- /dev/null +++ b/playbooks/openshift-node/private/manage_node.yml @@ -0,0 +1,12 @@ +--- +- name: Additional node config + hosts: "{{ openshift_node_scale_up_group | default('oo_nodes_to_config') }}" + vars: + openshift_node_master_api_url: "{{ hostvars[groups.oo_first_master.0].openshift.master.api_url }}" + roles: + - role: openshift_manage_node + openshift_master_host: "{{ groups.oo_first_master.0 }}" + tasks: + - name: Create group for deployment type + group_by: key=oo_nodes_deployment_type_{{ openshift.common.deployment_type }} + changed_when: False diff --git a/playbooks/openshift-node/private/network_manager.yml b/playbooks/openshift-node/private/network_manager.yml new file mode 100644 index 000000000..c2efb0483 --- /dev/null +++ b/playbooks/openshift-node/private/network_manager.yml @@ -0,0 +1,28 @@ +--- +- include: ../../init/evaluate_groups.yml + +- name: Install and configure NetworkManager + hosts: oo_all_hosts + become: yes + tasks: + - name: install NetworkManager + package: + name: 'NetworkManager' + state: present + + - name: configure NetworkManager + lineinfile: + dest: "/etc/sysconfig/network-scripts/ifcfg-{{ ansible_default_ipv4['interface'] }}" + regexp: '^{{ item }}=' + line: '{{ item }}=yes' + state: present + create: yes + with_items: + - 'USE_PEERDNS' + - 'NM_CONTROLLED' + + - name: enable and start NetworkManager + service: + name: 'NetworkManager' + state: started + enabled: yes diff --git a/playbooks/openshift-node/private/restart.yml b/playbooks/openshift-node/private/restart.yml new file mode 100644 index 000000000..c3beb59b7 --- /dev/null +++ b/playbooks/openshift-node/private/restart.yml @@ -0,0 +1,61 @@ +--- +- name: Restart nodes + hosts: oo_nodes_to_config + serial: "{{ openshift_restart_nodes_serial | default(1) }}" + + roles: + - lib_openshift + + tasks: + - name: Restart docker + service: + name: docker + state: restarted + register: l_docker_restart_docker_in_node_result + until: not l_docker_restart_docker_in_node_result | failed + retries: 3 + delay: 30 + + - name: Update docker facts + openshift_facts: + role: docker + + - name: Restart containerized services + service: + name: "{{ item }}" + state: started + with_items: + - etcd_container + - openvswitch + - "{{ openshift.common.service_type }}-master-api" + - "{{ openshift.common.service_type }}-master-controllers" + - "{{ openshift.common.service_type }}-node" + failed_when: false + when: openshift.common.is_containerized | bool + + - name: Wait for master API to come back online + wait_for: + host: "{{ openshift.common.hostname }}" + state: started + delay: 10 + port: "{{ openshift.master.api_port }}" + timeout: 600 + when: inventory_hostname in groups.oo_masters_to_config + + - name: restart node + service: + name: "{{ openshift.common.service_type }}-node" + state: restarted + + - name: Wait for node to be ready + oc_obj: + state: list + kind: node + name: "{{ openshift.common.hostname | lower }}" + register: node_output + delegate_to: "{{ groups.oo_first_master.0 }}" + when: inventory_hostname in groups.oo_nodes_to_config + until: node_output.results.returncode == 0 and node_output.results.results[0].status.conditions | selectattr('type', 'match', '^Ready$') | map(attribute='status') | join | bool == True + # Give the node two minutes to come back online. + retries: 24 + delay: 5 diff --git a/playbooks/openshift-node/private/roles b/playbooks/openshift-node/private/roles new file mode 120000 index 000000000..e2b799b9d --- /dev/null +++ b/playbooks/openshift-node/private/roles @@ -0,0 +1 @@ +../../../roles/
\ No newline at end of file diff --git a/playbooks/openshift-node/private/setup.yml b/playbooks/openshift-node/private/setup.yml new file mode 100644 index 000000000..794c03a67 --- /dev/null +++ b/playbooks/openshift-node/private/setup.yml @@ -0,0 +1,27 @@ +--- +- name: Disable excluders + hosts: oo_nodes_to_config + gather_facts: no + roles: + - role: openshift_excluder + r_openshift_excluder_action: disable + r_openshift_excluder_service_type: "{{ openshift.common.service_type }}" + +- name: Evaluate node groups + hosts: localhost + become: no + connection: local + tasks: + - name: Evaluate oo_containerized_master_nodes + add_host: + name: "{{ item }}" + groups: oo_containerized_master_nodes + ansible_ssh_user: "{{ g_ssh_user | default(omit) }}" + ansible_become: "{{ g_sudo | default(omit) }}" + with_items: "{{ groups.oo_nodes_to_config | default([]) }}" + when: + - hostvars[item].openshift is defined + - hostvars[item].openshift.common is defined + - hostvars[item].openshift.common.is_containerized | bool + - (item in groups.oo_nodes_to_config and item in groups.oo_masters_to_config) + changed_when: False diff --git a/playbooks/openshift-node/restart.yml b/playbooks/openshift-node/restart.yml new file mode 100644 index 000000000..5e28e274e --- /dev/null +++ b/playbooks/openshift-node/restart.yml @@ -0,0 +1,4 @@ +--- +- include: ../init/main.yml + +- include: private/restart.yml diff --git a/playbooks/openshift-node/scaleup.yml b/playbooks/openshift-node/scaleup.yml new file mode 100644 index 000000000..b4c39e37e --- /dev/null +++ b/playbooks/openshift-node/scaleup.yml @@ -0,0 +1,21 @@ +--- +- include: ../init/evaluate_groups.yml + +- name: Ensure there are new_nodes + hosts: localhost + connection: local + become: no + gather_facts: no + tasks: + - fail: + msg: > + Detected no new_nodes in inventory. Please add hosts to the + new_nodes host group to add nodes. + when: + - g_new_node_hosts | default([]) | length == 0 + +# Need a better way to do the above check for node without +# running evaluate_groups and init/main.yml +- include: ../init/main.yml + +- include: private/config.yml |