diff options
Diffstat (limited to 'roles/openshift_aws')
| -rw-r--r-- | roles/openshift_aws/defaults/main.yml | 79 | ||||
| -rw-r--r-- | roles/openshift_aws/tasks/build_node_group.yml | 8 | ||||
| -rw-r--r-- | roles/openshift_aws/tasks/elb.yml | 35 | ||||
| -rw-r--r-- | roles/openshift_aws/tasks/launch_config.yml | 32 | ||||
| -rw-r--r-- | roles/openshift_aws/tasks/launch_config_create.yml | 22 | ||||
| -rw-r--r-- | roles/openshift_aws/tasks/master_facts.yml | 2 | ||||
| -rw-r--r-- | roles/openshift_aws/tasks/provision.yml | 41 | ||||
| -rw-r--r-- | roles/openshift_aws/tasks/provision_instance.yml | 15 | ||||
| -rw-r--r-- | roles/openshift_aws/tasks/provision_nodes.yml | 20 | ||||
| -rw-r--r-- | roles/openshift_aws/tasks/scale_group.yml | 32 | ||||
| -rw-r--r-- | roles/openshift_aws/tasks/security_group.yml | 42 | ||||
| -rw-r--r-- | roles/openshift_aws/tasks/security_group_create.yml | 25 | ||||
| -rw-r--r-- | roles/openshift_aws/tasks/vpc_and_subnet_id.yml | 18 | ||||
| -rw-r--r-- | roles/openshift_aws/templates/user_data.j2 | 6 | 
14 files changed, 185 insertions, 192 deletions
| diff --git a/roles/openshift_aws/defaults/main.yml b/roles/openshift_aws/defaults/main.yml index 9f3c14bad..51f7d31c2 100644 --- a/roles/openshift_aws/defaults/main.yml +++ b/roles/openshift_aws/defaults/main.yml @@ -4,7 +4,6 @@ openshift_aws_create_iam_cert: True  openshift_aws_create_security_groups: True  openshift_aws_create_launch_config: True  openshift_aws_create_scale_group: True -openshift_aws_node_group_type: master  openshift_aws_wait_for_ssh: True @@ -16,7 +15,7 @@ openshift_aws_build_ami_group: "{{ openshift_aws_clusterid }}"  openshift_aws_iam_cert_name: "{{ openshift_aws_clusterid }}-master-external"  openshift_aws_iam_cert_path: ''  openshift_aws_iam_cert_key_path: '' -openshift_aws_scale_group_name: "{{ openshift_aws_clusterid }} openshift {{ openshift_aws_node_group_type }}" +openshift_aws_scale_group_basename: "{{ openshift_aws_clusterid }} openshift"  openshift_aws_iam_kms_alias: "alias/{{ openshift_aws_clusterid }}_kms"  openshift_aws_ami: '' @@ -27,7 +26,7 @@ openshift_aws_ami_name: openshift-gi  openshift_aws_base_ami_name: ami_base  openshift_aws_launch_config_bootstrap_token: '' -openshift_aws_launch_config_name: "{{ openshift_aws_clusterid }}-{{ openshift_aws_node_group_type }}-{{ ansible_date_time.epoch }}" +openshift_aws_launch_config_basename: "{{ openshift_aws_clusterid }}"  openshift_aws_users: [] @@ -47,19 +46,19 @@ openshift_aws_elb_health_check:    unhealthy_threshold: 2    healthy_threshold: 2 -openshift_aws_elb_basename: "{{ openshift_aws_clusterid }}-{{ openshift_aws_node_group_type }}" +openshift_aws_elb_basename: "{{ openshift_aws_clusterid }}"  openshift_aws_elb_name_dict:    master: -    external: "{{ openshift_aws_elb_basename }}-external" -    internal: "{{ openshift_aws_elb_basename }}-internal" +    external: "{{ openshift_aws_elb_basename }}-master-external" +    internal: "{{ openshift_aws_elb_basename }}-master-internal"    infra: -    external: "{{ openshift_aws_elb_basename }}" +    external: "{{ openshift_aws_elb_basename }}-infra"  openshift_aws_elb_idle_timout: 400  openshift_aws_elb_scheme: internet-facing  openshift_aws_elb_cert_arn: '' -openshift_aws_elb_listeners: +openshift_aws_elb_dict:    master:      external:      - protocol: tcp @@ -112,11 +111,15 @@ openshift_aws_node_group_replace_instances: []  openshift_aws_node_group_replace_all_instances: False  openshift_aws_node_group_config_extra_labels: {} -openshift_aws_node_group_config: -  tags: "{{ openshift_aws_node_group_config_tags }}" +openshift_aws_ami_map: +  master: "{{ openshift_aws_ami }}" +  infra: "{{ openshift_aws_ami }}" +  compute: "{{ openshift_aws_ami }}" + +openshift_aws_master_group_config: +  # The 'master' key is always required here.    master:      instance_type: m4.xlarge -    ami: "{{ openshift_aws_ami }}"      volumes: "{{ openshift_aws_node_group_config_master_volumes }}"      health_check:        period: 60 @@ -132,10 +135,12 @@ openshift_aws_node_group_config:      wait_for_instances: True      termination_policy: "{{ openshift_aws_node_group_termination_policy }}"      replace_all_instances: "{{ openshift_aws_node_group_replace_all_instances }}" -    elbs: "{{ openshift_aws_elb_name_dict[openshift_aws_node_group_type].keys()| map('extract', openshift_aws_elb_name_dict[openshift_aws_node_group_type]) | list }}" +    elbs: "{{ openshift_aws_elb_name_dict['master'].keys()| map('extract', openshift_aws_elb_name_dict['master']) | list }}" + +openshift_aws_node_group_config: +  # The 'compute' key is always required here.    compute:      instance_type: m4.xlarge -    ami: "{{ openshift_aws_ami }}"      volumes: "{{ openshift_aws_node_group_config_node_volumes }}"      health_check:        period: 60 @@ -150,9 +155,9 @@ openshift_aws_node_group_config:        type: compute      termination_policy: "{{ openshift_aws_node_group_termination_policy }}"      replace_all_instances: "{{ openshift_aws_node_group_replace_all_instances }}" +  # The 'infra' key is always required here.    infra:      instance_type: m4.xlarge -    ami: "{{ openshift_aws_ami }}"      volumes: "{{ openshift_aws_node_group_config_node_volumes }}"      health_check:        period: 60 @@ -167,22 +172,31 @@ openshift_aws_node_group_config:        type: infra      termination_policy: "{{ openshift_aws_node_group_termination_policy }}"      replace_all_instances: "{{ openshift_aws_node_group_replace_all_instances }}" -    elbs: "{{ openshift_aws_elb_name_dict[openshift_aws_node_group_type].keys()| map('extract', openshift_aws_elb_name_dict[openshift_aws_node_group_type]) | list }}" +    elbs: "{{ openshift_aws_elb_name_dict['infra'].keys()| map('extract', openshift_aws_elb_name_dict['infra']) | list }}" -openshift_aws_elb_tags: "{{ openshift_aws_clusterid | build_instance_tags }}" +openshift_aws_elb_tags: "{{ openshift_aws_kube_tags }}"  openshift_aws_elb_az_load_balancing: False -openshift_aws_elb_security_groups: -- "{{ openshift_aws_clusterid }}"  # default sg -- "{{ openshift_aws_clusterid }}_{{ openshift_aws_node_group_type }}"  # node type sg -- "{{ openshift_aws_clusterid }}_{{ openshift_aws_node_group_type }}_k8s"  # node type sg k8s +openshift_aws_kube_tags: "{{ openshift_aws_clusterid | build_instance_tags }}" + +openshift_aws_elb_security_groups: "{{ openshift_aws_launch_config_security_groups }}" + +openshift_aws_launch_config_security_groups: +  compute: +  - "{{ openshift_aws_clusterid }}"  # default sg +  - "{{ openshift_aws_clusterid }}_compute"  # node type sg +  - "{{ openshift_aws_clusterid }}_compute_k8s"  # node type sg k8s +  infra: +  - "{{ openshift_aws_clusterid }}"  # default sg +  - "{{ openshift_aws_clusterid }}_infra"  # node type sg +  - "{{ openshift_aws_clusterid }}_infra_k8s"  # node type sg k8s +  master: +  - "{{ openshift_aws_clusterid }}"  # default sg +  - "{{ openshift_aws_clusterid }}_master"  # node type sg +  - "{{ openshift_aws_clusterid }}_master_k8s"  # node type sg k8s -openshift_aws_elb_instance_filter: -  "tag:clusterid": "{{ openshift_aws_clusterid }}" -  "tag:host-type": "{{ openshift_aws_node_group_type }}" -  instance-state-name: running +openshift_aws_security_groups_tags: "{{ openshift_aws_kube_tags }}" -openshift_aws_security_groups_tags: "{{ openshift_aws_clusterid | build_instance_tags }}"  openshift_aws_node_security_groups:    default:      name: "{{ openshift_aws_clusterid }}" @@ -251,3 +265,18 @@ openshift_aws_vpc:  openshift_aws_node_run_bootstrap_startup: True  openshift_aws_node_user_data: ''  openshift_aws_node_config_namespace: openshift-node + +# If creating extra node groups, you'll need to define all of the following + +# The format is the same as openshift_aws_node_group_config, but the top-level +# key names should be different (ie, not == master or infra). +# openshift_aws_node_group_config_extra: {} + +# This variable should look like openshift_aws_launch_config_security_groups +# and contain a one-to-one mapping of top level keys that are defined in +# openshift_aws_node_group_config_extra. +# openshift_aws_launch_config_security_groups_extra: {} + +# openshift_aws_node_security_groups_extra: {} + +# openshift_aws_ami_map_extra: {} diff --git a/roles/openshift_aws/tasks/build_node_group.yml b/roles/openshift_aws/tasks/build_node_group.yml index 0aac40ddd..852adc7b5 100644 --- a/roles/openshift_aws/tasks/build_node_group.yml +++ b/roles/openshift_aws/tasks/build_node_group.yml @@ -1,4 +1,6 @@  --- +# This task file expects l_nodes_to_build to be passed in. +  # When openshift_aws_use_custom_ami is '' then  # we retrieve the latest build AMI.  # Then set openshift_aws_ami to the ami. @@ -21,10 +23,12 @@      - "'results' in amiout"      - amiout.results|length > 0 +# Need to set epoch time in one place to use for launch_config and scale_group +- set_fact: +    l_epoch_time: "{{ ansible_date_time.epoch }}" +  - when: openshift_aws_create_launch_config -  name: "Create {{ openshift_aws_node_group_type }} launch config"    include: launch_config.yml  - when: openshift_aws_create_scale_group -  name: "Create {{ openshift_aws_node_group_type }} node group"    include: scale_group.yml diff --git a/roles/openshift_aws/tasks/elb.yml b/roles/openshift_aws/tasks/elb.yml index 56abe9dd7..a543222d5 100644 --- a/roles/openshift_aws/tasks/elb.yml +++ b/roles/openshift_aws/tasks/elb.yml @@ -1,45 +1,24 @@  --- -- name: query vpc -  ec2_vpc_net_facts: -    region: "{{ openshift_aws_region }}" -    filters: -      'tag:Name': "{{ openshift_aws_vpc_name }}" -  register: vpcout - -- name: debug -  debug: var=vpcout - -- name: fetch the default subnet id -  ec2_vpc_subnet_facts: -    region: "{{ openshift_aws_region }}" -    filters: -      "tag:Name": "{{ openshift_aws_subnet_name }}" -      vpc-id: "{{ vpcout.vpcs[0].id }}" -  register: subnetout - -- name: dump the elb listeners +- name: "dump the elb listeners for {{ l_elb_dict_item.key }}"    debug: -    msg: "{{ openshift_aws_elb_listeners[openshift_aws_node_group_type][openshift_aws_elb_direction] -                   if 'master' in openshift_aws_node_group_type or 'infra' in openshift_aws_node_group_type -                   else openshift_aws_elb_listeners }}" +    msg: "{{ l_elb_dict_item.value }}" -- name: "Create ELB {{ l_openshift_aws_elb_name }}" +- name: "Create ELB {{ l_elb_dict_item.key }}"    ec2_elb_lb: -    name: "{{ l_openshift_aws_elb_name }}" +    name: "{{ l_openshift_aws_elb_name_dict[l_elb_dict_item.key][item.key] }}"      state: present      cross_az_load_balancing: "{{ openshift_aws_elb_az_load_balancing }}" -    security_group_names: "{{ openshift_aws_elb_security_groups }}" +    security_group_names: "{{ l_elb_security_groups[l_elb_dict_item.key] }}"      idle_timeout: "{{ openshift_aws_elb_idle_timout }}"      region: "{{ openshift_aws_region }}"      subnets:      - "{{ subnetout.subnets[0].id }}"      health_check: "{{ openshift_aws_elb_health_check }}" -    listeners: "{{ openshift_aws_elb_listeners[openshift_aws_node_group_type][openshift_aws_elb_direction] -                   if 'master' in openshift_aws_node_group_type  or 'infra' in openshift_aws_node_group_type -                   else openshift_aws_elb_listeners }}" +    listeners: "{{ item.value }}"      scheme: "{{ openshift_aws_elb_scheme }}"      tags: "{{ openshift_aws_elb_tags }}"    register: new_elb +  with_dict: "{{ l_elb_dict_item.value }}"  - debug:      msg: "{{ item }}" diff --git a/roles/openshift_aws/tasks/launch_config.yml b/roles/openshift_aws/tasks/launch_config.yml index 94aca5a35..0dbeba5a0 100644 --- a/roles/openshift_aws/tasks/launch_config.yml +++ b/roles/openshift_aws/tasks/launch_config.yml @@ -9,31 +9,7 @@    when:    - openshift_deployment_type is undefined -- name: query vpc -  ec2_vpc_net_facts: -    region: "{{ openshift_aws_region }}" -    filters: -      'tag:Name': "{{ openshift_aws_vpc_name }}" -  register: vpcout - -- name: fetch the security groups for launch config -  ec2_group_facts: -    filters: -      group-name: "{{ openshift_aws_elb_security_groups }}" -      vpc-id: "{{ vpcout.vpcs[0].id }}" -    region: "{{ openshift_aws_region }}" -  register: ec2sgs - -# Create the scale group config -- name: Create the node scale group launch config -  ec2_lc: -    name: "{{ openshift_aws_launch_config_name }}" -    region: "{{ openshift_aws_region }}" -    image_id: "{{ openshift_aws_ami }}" -    instance_type: "{{ openshift_aws_node_group_config[openshift_aws_node_group_type].instance_type }}" -    security_groups: "{{ openshift_aws_launch_config_security_group_id  | default(ec2sgs.security_groups | map(attribute='group_id')| list) }}" -    user_data: "{{ lookup('template', 'user_data.j2') }}" -    key_name: "{{ openshift_aws_ssh_key_name }}" -    ebs_optimized: False -    volumes: "{{ openshift_aws_node_group_config[openshift_aws_node_group_type].volumes }}" -    assign_public_ip: True +- include: launch_config_create.yml +  with_dict: "{{ l_nodes_to_build }}" +  loop_control: +    loop_var: launch_config_item diff --git a/roles/openshift_aws/tasks/launch_config_create.yml b/roles/openshift_aws/tasks/launch_config_create.yml new file mode 100644 index 000000000..8265c2179 --- /dev/null +++ b/roles/openshift_aws/tasks/launch_config_create.yml @@ -0,0 +1,22 @@ +--- +- name: fetch the security groups for launch config +  ec2_group_facts: +    filters: +      group-name: "{{ l_launch_config_security_groups[launch_config_item.key] }}" +      vpc-id: "{{ vpcout.vpcs[0].id }}" +    region: "{{ openshift_aws_region }}" +  register: ec2sgs + +# Create the scale group config +- name: Create the node scale group launch config +  ec2_lc: +    name: "{{ openshift_aws_launch_config_basename }}-{{ launch_config_item.key }}-{{ l_epoch_time }}" +    region: "{{ openshift_aws_region }}" +    image_id: "{{ l_aws_ami_map[launch_config_item.key] | default(openshift_aws_ami) }}" +    instance_type: "{{ launch_config_item.value.instance_type }}" +    security_groups: "{{ openshift_aws_launch_config_security_group_id  | default(ec2sgs.security_groups | map(attribute='group_id')| list) }}" +    user_data: "{{ lookup('template', 'user_data.j2') }}" +    key_name: "{{ openshift_aws_ssh_key_name }}" +    ebs_optimized: False +    volumes: "{{ launch_config_item.value.volumes }}" +    assign_public_ip: True diff --git a/roles/openshift_aws/tasks/master_facts.yml b/roles/openshift_aws/tasks/master_facts.yml index 1c99229ff..530b0134d 100644 --- a/roles/openshift_aws/tasks/master_facts.yml +++ b/roles/openshift_aws/tasks/master_facts.yml @@ -3,7 +3,7 @@    ec2_elb_facts:      region: "{{ openshift_aws_region }}"      names: -    - "{{ openshift_aws_elb_name_dict[openshift_aws_node_group_type]['internal'] }}" +    - "{{ openshift_aws_elb_name_dict['master']['internal'] }}"    delegate_to: localhost    register: elbs diff --git a/roles/openshift_aws/tasks/provision.yml b/roles/openshift_aws/tasks/provision.yml index e99017b9f..91538ed5c 100644 --- a/roles/openshift_aws/tasks/provision.yml +++ b/roles/openshift_aws/tasks/provision.yml @@ -7,47 +7,30 @@    name: create s3 bucket for registry    include: s3.yml -- when: openshift_aws_create_security_groups -  block: -  - name: "Create {{ openshift_aws_node_group_type }} security groups" -    include: security_group.yml +- include: vpc_and_subnet_id.yml -  - name: "Create {{ openshift_aws_node_group_type }} security groups" -    include: security_group.yml -    vars: -      openshift_aws_node_group_type: infra - -- name: create our master internal load balancer -  include: elb.yml -  vars: -    openshift_aws_elb_direction: internal -    openshift_aws_elb_scheme: internal -    l_openshift_aws_elb_name: "{{ openshift_aws_elb_name_dict[openshift_aws_node_group_type]['internal'] }}" - -- name: create our master external load balancer +- name: create elbs    include: elb.yml +  with_dict: "{{ openshift_aws_elb_dict }}"    vars: -    openshift_aws_elb_direction: external -    openshift_aws_elb_scheme: internet-facing -    l_openshift_aws_elb_name: "{{ openshift_aws_elb_name_dict[openshift_aws_node_group_type]['external'] }}" - -- name: create our infra node external load balancer -  include: elb.yml -  vars: -    l_openshift_aws_elb_name: "{{ openshift_aws_elb_name_dict['infra']['external'] }}" -    openshift_aws_elb_direction: external -    openshift_aws_elb_scheme: internet-facing -    openshift_aws_node_group_type: infra +    l_elb_security_groups: "{{ openshift_aws_elb_security_groups }}" +    l_openshift_aws_elb_name_dict: "{{ openshift_aws_elb_name_dict }}" +  loop_control: +    loop_var: l_elb_dict_item  - name: include scale group creation for master    include: build_node_group.yml +  vars: +    l_nodes_to_build: "{{ openshift_aws_master_group_config }}" +    l_launch_config_security_groups: "{{ openshift_aws_launch_config_security_groups }}" +    l_aws_ami_map: "{{ openshift_aws_ami_map }}"  - name: fetch newly created instances    ec2_remote_facts:      region: "{{ openshift_aws_region }}"      filters:        "tag:clusterid": "{{ openshift_aws_clusterid }}" -      "tag:host-type": "{{ openshift_aws_node_group_type }}" +      "tag:host-type": "master"        instance-state-name: running    register: instancesout    retries: 20 diff --git a/roles/openshift_aws/tasks/provision_instance.yml b/roles/openshift_aws/tasks/provision_instance.yml index 25ae6ce1c..3349acb7a 100644 --- a/roles/openshift_aws/tasks/provision_instance.yml +++ b/roles/openshift_aws/tasks/provision_instance.yml @@ -3,20 +3,7 @@    set_fact:      openshift_node_bootstrap: True -- name: query vpc -  ec2_vpc_net_facts: -    region: "{{ openshift_aws_region }}" -    filters: -      'tag:Name': "{{ openshift_aws_vpc_name }}" -  register: vpcout - -- name: fetch the default subnet id -  ec2_vpc_subnet_facts: -    region: "{{ openshift_aws_region }}" -    filters: -      "tag:Name": "{{ openshift_aws_subnet_name }}" -      vpc-id: "{{ vpcout.vpcs[0].id }}" -  register: subnetout +- include: vpc_and_subnet_id.yml  - name: create instance for ami creation    ec2: diff --git a/roles/openshift_aws/tasks/provision_nodes.yml b/roles/openshift_aws/tasks/provision_nodes.yml index fc4996c68..1b40f24d3 100644 --- a/roles/openshift_aws/tasks/provision_nodes.yml +++ b/roles/openshift_aws/tasks/provision_nodes.yml @@ -25,19 +25,23 @@    set_fact:      openshift_aws_launch_config_bootstrap_token: "{{ bootstrap['content'] | b64decode }}" -- name: include build node group for infra +- include: vpc_and_subnet_id.yml + +- name: include build compute and infra node groups    include: build_node_group.yml    vars: -    openshift_aws_node_group_type: infra -    openshift_aws_scale_group_name: "{{ openshift_aws_clusterid }} openshift infra" -    openshift_aws_launch_config_name: "{{ openshift_aws_clusterid }}-infra-{{ ansible_date_time.epoch }}" +    l_nodes_to_build: "{{ openshift_aws_node_group_config }}" +    l_launch_config_security_groups: "{{ openshift_aws_launch_config_security_groups }}" +    l_aws_ami_map: "{{ openshift_aws_ami_map }}" -- name: include build node group for compute +- name: include build node group for extra nodes    include: build_node_group.yml +  when: openshift_aws_node_group_config_extra is defined    vars: -    openshift_aws_node_group_type: compute -    openshift_aws_scale_group_name: "{{ openshift_aws_clusterid }} openshift compute" -    openshift_aws_launch_config_name: "{{ openshift_aws_clusterid }}-compute-{{ ansible_date_time.epoch }}" +    l_nodes_to_build: "{{ openshift_aws_node_group_config_extra | default({}) }}" +    l_launch_config_security_groups: "{{ openshift_aws_launch_config_security_groups_extra }}" +    l_aws_ami_map: "{{ openshift_aws_ami_map_extra }}" +  - when: openshift_aws_wait_for_ssh | bool    block: diff --git a/roles/openshift_aws/tasks/scale_group.yml b/roles/openshift_aws/tasks/scale_group.yml index eb31636e7..097859af2 100644 --- a/roles/openshift_aws/tasks/scale_group.yml +++ b/roles/openshift_aws/tasks/scale_group.yml @@ -1,11 +1,4 @@  --- -- name: query vpc -  ec2_vpc_net_facts: -    region: "{{ openshift_aws_region }}" -    filters: -      'tag:Name': "{{ openshift_aws_vpc_name }}" -  register: vpcout -  - name: fetch the subnet to use in scale group    ec2_vpc_subnet_facts:      region: "{{ openshift_aws_region }}" @@ -16,19 +9,20 @@  - name: Create the scale group    ec2_asg: -    name: "{{ openshift_aws_scale_group_name }}" -    launch_config_name: "{{ openshift_aws_launch_config_name }}" -    health_check_period: "{{ openshift_aws_node_group_config[openshift_aws_node_group_type].health_check.period }}" -    health_check_type: "{{ openshift_aws_node_group_config[openshift_aws_node_group_type].health_check.type }}" -    min_size: "{{ openshift_aws_node_group_config[openshift_aws_node_group_type].min_size }}" -    max_size: "{{ openshift_aws_node_group_config[openshift_aws_node_group_type].max_size }}" -    desired_capacity: "{{ openshift_aws_node_group_config[openshift_aws_node_group_type].desired_size }}" +    name: "{{ openshift_aws_scale_group_basename }} {{ item.key }}" +    launch_config_name: "{{ openshift_aws_launch_config_basename }}-{{ item.key }}-{{ l_epoch_time }}" +    health_check_period: "{{ item.value.health_check.period }}" +    health_check_type: "{{ item.value.health_check.type }}" +    min_size: "{{ item.value.min_size }}" +    max_size: "{{ item.value.max_size }}" +    desired_capacity: "{{ item.value.desired_size }}"      region: "{{ openshift_aws_region }}" -    termination_policies: "{{ openshift_aws_node_group_config[openshift_aws_node_group_type].termination_policy if 'termination_policy' in  openshift_aws_node_group_config[openshift_aws_node_group_type] else omit }}" -    load_balancers: "{{ openshift_aws_node_group_config[openshift_aws_node_group_type].elbs if 'elbs' in openshift_aws_node_group_config[openshift_aws_node_group_type] else omit }}" -    wait_for_instances: "{{ openshift_aws_node_group_config[openshift_aws_node_group_type].wait_for_instances | default(False)}}" +    termination_policies: "{{ item.value.termination_policy if 'termination_policy' in  item.value else omit }}" +    load_balancers: "{{ item.value.elbs if 'elbs' in item.value else omit }}" +    wait_for_instances: "{{ item.value.wait_for_instances | default(False)}}"      vpc_zone_identifier: "{{ subnetout.subnets[0].id }}"      replace_instances: "{{ openshift_aws_node_group_replace_instances if openshift_aws_node_group_replace_instances != [] else omit }}" -    replace_all_instances: "{{ omit if openshift_aws_node_group_replace_instances != [] else (openshift_aws_node_group_config[openshift_aws_node_group_type].replace_all_instances | default(omit)) }}" +    replace_all_instances: "{{ omit if openshift_aws_node_group_replace_instances != [] else (item.value.replace_all_instances | default(omit)) }}"      tags: -    - "{{ openshift_aws_node_group_config.tags | combine(openshift_aws_node_group_config[openshift_aws_node_group_type].tags) }}" +    - "{{ openshift_aws_node_group_config_tags | combine(item.value.tags) }}" +  with_dict: "{{ l_nodes_to_build }}" diff --git a/roles/openshift_aws/tasks/security_group.yml b/roles/openshift_aws/tasks/security_group.yml index e1fb99b02..5cc7ae537 100644 --- a/roles/openshift_aws/tasks/security_group.yml +++ b/roles/openshift_aws/tasks/security_group.yml @@ -6,39 +6,11 @@        "tag:Name": "{{ openshift_aws_clusterid }}"    register: vpcout -- name: Create default security group for cluster -  ec2_group: -    name: "{{ openshift_aws_node_security_groups.default.name }}" -    description: "{{ openshift_aws_node_security_groups.default.desc }}" -    region: "{{ openshift_aws_region }}" -    vpc_id: "{{ vpcout.vpcs[0].id }}" -    rules: "{{ openshift_aws_node_security_groups.default.rules | default(omit, True)}}" -  register: sg_default_created - -- name: create the node group sgs -  ec2_group: -    name: "{{ item.name}}" -    description: "{{ item.desc }}" -    rules: "{{ item.rules if 'rules' in item else [] }}" -    region: "{{ openshift_aws_region }}" -    vpc_id: "{{ vpcout.vpcs[0].id }}" -  register: sg_create -  with_items: -  - "{{ openshift_aws_node_security_groups[openshift_aws_node_group_type]}}" +- include: security_group_create.yml +  vars: +    l_security_groups: "{{ openshift_aws_node_security_groups }}" -- name: create the k8s sgs for the node group -  ec2_group: -    name: "{{ item.name }}_k8s" -    description: "{{ item.desc }} for k8s" -    region: "{{ openshift_aws_region }}" -    vpc_id: "{{ vpcout.vpcs[0].id }}" -  register: k8s_sg_create -  with_items: -  - "{{ openshift_aws_node_security_groups[openshift_aws_node_group_type]}}" - -- name: tag sg groups with proper tags -  ec2_tag: -    tags: "{{ openshift_aws_security_groups_tags }}" -    resource: "{{ item.group_id }}" -    region: "{{ openshift_aws_region }}" -  with_items: "{{ k8s_sg_create.results }}" +- include: security_group_create.yml +  when: openshift_aws_node_security_groups_extra is defined +  vars: +    l_security_groups: "{{ openshift_aws_node_security_groups_extra | default({}) }}" diff --git a/roles/openshift_aws/tasks/security_group_create.yml b/roles/openshift_aws/tasks/security_group_create.yml new file mode 100644 index 000000000..ef6060555 --- /dev/null +++ b/roles/openshift_aws/tasks/security_group_create.yml @@ -0,0 +1,25 @@ +--- +- name: create the node group sgs +  ec2_group: +    name: "{{ item.value.name}}" +    description: "{{ item.value.desc }}" +    rules: "{{ item.value.rules if 'rules' in item.value else [] }}" +    region: "{{ openshift_aws_region }}" +    vpc_id: "{{ vpcout.vpcs[0].id }}" +  with_dict: "{{ l_security_groups }}" + +- name: create the k8s sgs for the node group +  ec2_group: +    name: "{{ item.value.name }}_k8s" +    description: "{{ item.value.desc }} for k8s" +    region: "{{ openshift_aws_region }}" +    vpc_id: "{{ vpcout.vpcs[0].id }}" +  with_dict: "{{ l_security_groups }}" +  register: k8s_sg_create + +- name: tag sg groups with proper tags +  ec2_tag: +    tags: "{{ openshift_aws_security_groups_tags }}" +    resource: "{{ item.group_id }}" +    region: "{{ openshift_aws_region }}" +  with_items: "{{ k8s_sg_create.results }}" diff --git a/roles/openshift_aws/tasks/vpc_and_subnet_id.yml b/roles/openshift_aws/tasks/vpc_and_subnet_id.yml new file mode 100644 index 000000000..aaf9b300f --- /dev/null +++ b/roles/openshift_aws/tasks/vpc_and_subnet_id.yml @@ -0,0 +1,18 @@ +--- +- name: query vpc +  ec2_vpc_net_facts: +    region: "{{ openshift_aws_region }}" +    filters: +      'tag:Name': "{{ openshift_aws_vpc_name }}" +  register: vpcout + +- name: debug +  debug: var=vpcout + +- name: fetch the default subnet id +  ec2_vpc_subnet_facts: +    region: "{{ openshift_aws_region }}" +    filters: +      "tag:Name": "{{ openshift_aws_subnet_name }}" +      vpc-id: "{{ vpcout.vpcs[0].id }}" +  register: subnetout diff --git a/roles/openshift_aws/templates/user_data.j2 b/roles/openshift_aws/templates/user_data.j2 index 76aebdcea..a8c7f9a95 100644 --- a/roles/openshift_aws/templates/user_data.j2 +++ b/roles/openshift_aws/templates/user_data.j2 @@ -7,8 +7,8 @@ write_files:    owner: 'root:root'    permissions: '0640'    content: | -    openshift_group_type: {{ openshift_aws_node_group_type }} -{%   if openshift_aws_node_group_type != 'master' %} +    openshift_group_type: {{ launch_config_item.key }} +{%   if launch_config_item.key != 'master' %}  - path: /etc/origin/node/bootstrap.kubeconfig    owner: 'root:root'    permissions: '0640' @@ -19,7 +19,7 @@ runcmd:  {%     if openshift_aws_node_run_bootstrap_startup %}  - [ ansible-playbook, /root/openshift_bootstrap/bootstrap.yml]  {%     endif %} -{%     if openshift_aws_node_group_type != 'master' %} +{%     if launch_config_item.key != 'master' %}  - [ systemctl, enable, {% if openshift_deployment_type == 'openshift-enterprise' %}atomic-openshift{% else %}origin{% endif %}-node]  - [ systemctl, start, {% if openshift_deployment_type == 'openshift-enterprise' %}atomic-openshift{% else %}origin{% endif %}-node]  {%     endif %} | 
