From 7f60edeba48d78cd01669d20019e9bdacdf4e305 Mon Sep 17 00:00:00 2001 From: Tomas Sedovic Date: Fri, 2 Jun 2017 14:06:52 +0200 Subject: Move the openstack provisioning playbooks They'll live in playbooks/provisioning/openstack from now on. --- .../openstack/post-provision-openstack.yml | 60 ++++++++++++++++++++++ 1 file changed, 60 insertions(+) create mode 100644 playbooks/provisioning/openstack/post-provision-openstack.yml (limited to 'playbooks/provisioning/openstack/post-provision-openstack.yml') diff --git a/playbooks/provisioning/openstack/post-provision-openstack.yml b/playbooks/provisioning/openstack/post-provision-openstack.yml new file mode 100644 index 000000000..d65e075b8 --- /dev/null +++ b/playbooks/provisioning/openstack/post-provision-openstack.yml @@ -0,0 +1,60 @@ +--- + +# Assign hostnames +- hosts: cluster_hosts + pre_tasks: + - include: roles/common/pre_tasks/pre_tasks.yml + roles: + - role: hostnames + +# Subscribe DNS Host to allow for configuration below +- hosts: dns + roles: + - { role: subscription-manager, when: hostvars.localhost.rhsm_register, tags: 'subscription-manager', ansible_sudo: true } + +# Determine which DNS server(s) to use for our generated records +- hosts: localhost + roles: + - dns-server-detect + +# Build the DNS Server Views and Configure DNS Server(s) +- hosts: dns + pre_tasks: + - include: roles/common/pre_tasks/pre_tasks.yml + - name: "Generate dns-server views" + include: openstack_dns_views.yml + roles: + - role: dns-server + +# Build and process DNS Records +- hosts: localhost + pre_tasks: + - include: roles/common/pre_tasks/pre_tasks.yml + - name: "Generate dns records" + include: openstack_dns_records.yml + roles: + - role: dns + +# Use newly configured DNS server for this container ... +- hosts: localhost + tasks: + - name: "Edit /etc/resolv.conf in container" + shell: "sed '0,/.*nameserver.*/s/.*nameserver.*/nameserver {{ public_dns_server }} \\n&/' /etc/resolv.conf > /tmp/resolv.conf && /bin/cp -f /tmp/resolv.conf /etc/resolv.conf" + +# OpenShift Pre-Requisites +- hosts: OSEv3 + tasks: + - name: "Edit /etc/resolv.conf on masters/nodes" + lineinfile: + state: present + dest: /etc/resolv.conf + regexp: "nameserver {{ hostvars['localhost'].private_dns_server }}" + line: "nameserver {{ hostvars['localhost'].private_dns_server }}" + insertafter: search* + - name: "Include DNS configuration to ensure proper name resolution" + lineinfile: + state: present + dest: /etc/sysconfig/network + regexp: "IP4_NAMESERVERS={{ hostvars['localhost'].private_dns_server }}" + line: "IP4_NAMESERVERS={{ hostvars['localhost'].private_dns_server }}" + -- cgit v1.2.3 From 0858a645a4ec808d0309b8522f55cef23792fce9 Mon Sep 17 00:00:00 2001 From: Tomas Sedovic Date: Fri, 2 Jun 2017 14:43:13 +0200 Subject: Fix privileges in the pre-install playbook --- .../openstack/post-provision-openstack.yml | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) (limited to 'playbooks/provisioning/openstack/post-provision-openstack.yml') diff --git a/playbooks/provisioning/openstack/post-provision-openstack.yml b/playbooks/provisioning/openstack/post-provision-openstack.yml index d65e075b8..e1faf14eb 100644 --- a/playbooks/provisioning/openstack/post-provision-openstack.yml +++ b/playbooks/provisioning/openstack/post-provision-openstack.yml @@ -2,25 +2,30 @@ # Assign hostnames - hosts: cluster_hosts + become: true pre_tasks: - - include: roles/common/pre_tasks/pre_tasks.yml + - include: pre_tasks.yml roles: - role: hostnames # Subscribe DNS Host to allow for configuration below - hosts: dns + become: true roles: - - { role: subscription-manager, when: hostvars.localhost.rhsm_register, tags: 'subscription-manager', ansible_sudo: true } + - role: subscription-manager + when: hostvars.localhost.rhsm_register + tags: 'subscription-manager' # Determine which DNS server(s) to use for our generated records - hosts: localhost - roles: + roles: - dns-server-detect # Build the DNS Server Views and Configure DNS Server(s) - hosts: dns + become: true pre_tasks: - - include: roles/common/pre_tasks/pre_tasks.yml + - include: pre_tasks.yml - name: "Generate dns-server views" include: openstack_dns_views.yml roles: @@ -29,20 +34,15 @@ # Build and process DNS Records - hosts: localhost pre_tasks: - - include: roles/common/pre_tasks/pre_tasks.yml + - include: pre_tasks.yml - name: "Generate dns records" include: openstack_dns_records.yml roles: - role: dns -# Use newly configured DNS server for this container ... -- hosts: localhost - tasks: - - name: "Edit /etc/resolv.conf in container" - shell: "sed '0,/.*nameserver.*/s/.*nameserver.*/nameserver {{ public_dns_server }} \\n&/' /etc/resolv.conf > /tmp/resolv.conf && /bin/cp -f /tmp/resolv.conf /etc/resolv.conf" - # OpenShift Pre-Requisites - hosts: OSEv3 + become: true tasks: - name: "Edit /etc/resolv.conf on masters/nodes" lineinfile: -- cgit v1.2.3 From bf7e5e82872684088995cc55559f8e51fe35d4a9 Mon Sep 17 00:00:00 2001 From: Tomas Sedovic Date: Fri, 16 Jun 2017 17:52:37 +0200 Subject: Fix yamllint errors --- playbooks/provisioning/openstack/post-provision-openstack.yml | 2 -- 1 file changed, 2 deletions(-) (limited to 'playbooks/provisioning/openstack/post-provision-openstack.yml') diff --git a/playbooks/provisioning/openstack/post-provision-openstack.yml b/playbooks/provisioning/openstack/post-provision-openstack.yml index e1faf14eb..4e42c1c7f 100644 --- a/playbooks/provisioning/openstack/post-provision-openstack.yml +++ b/playbooks/provisioning/openstack/post-provision-openstack.yml @@ -1,5 +1,4 @@ --- - # Assign hostnames - hosts: cluster_hosts become: true @@ -57,4 +56,3 @@ dest: /etc/sysconfig/network regexp: "IP4_NAMESERVERS={{ hostvars['localhost'].private_dns_server }}" line: "IP4_NAMESERVERS={{ hostvars['localhost'].private_dns_server }}" - -- cgit v1.2.3 From 0908b25d45b9a5297ed341f136f8d42e59438553 Mon Sep 17 00:00:00 2001 From: Bogdan Dobrelya Date: Wed, 21 Jun 2017 15:22:09 +0200 Subject: Use cached facts, do not become for localhost (#484) Prohibit sudoing for localhost played tasks, like DNS setup. Re-use cached facts to speed up deployment. Signed-off-by: Bogdan Dobrelya --- playbooks/provisioning/openstack/post-provision-openstack.yml | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'playbooks/provisioning/openstack/post-provision-openstack.yml') diff --git a/playbooks/provisioning/openstack/post-provision-openstack.yml b/playbooks/provisioning/openstack/post-provision-openstack.yml index 4e42c1c7f..918f9e065 100644 --- a/playbooks/provisioning/openstack/post-provision-openstack.yml +++ b/playbooks/provisioning/openstack/post-provision-openstack.yml @@ -1,6 +1,7 @@ --- # Assign hostnames - hosts: cluster_hosts + gather_facts: False become: true pre_tasks: - include: pre_tasks.yml @@ -9,6 +10,7 @@ # Subscribe DNS Host to allow for configuration below - hosts: dns + gather_facts: False become: true roles: - role: subscription-manager @@ -17,11 +19,14 @@ # Determine which DNS server(s) to use for our generated records - hosts: localhost + gather_facts: False + become: False roles: - dns-server-detect # Build the DNS Server Views and Configure DNS Server(s) - hosts: dns + gather_facts: False become: true pre_tasks: - include: pre_tasks.yml @@ -32,6 +37,8 @@ # Build and process DNS Records - hosts: localhost + gather_facts: False + become: False pre_tasks: - include: pre_tasks.yml - name: "Generate dns records" @@ -41,6 +48,7 @@ # OpenShift Pre-Requisites - hosts: OSEv3 + gather_facts: False become: true tasks: - name: "Edit /etc/resolv.conf on masters/nodes" -- cgit v1.2.3 From 1409e0a52d45b7781b3a23f3f7eaa8fe09d26cd6 Mon Sep 17 00:00:00 2001 From: Bogdan Dobrelya Date: Mon, 19 Jun 2017 12:24:23 +0200 Subject: Persist DNS configuration for nodes for openstack provider * Firstly, provision a Heat stack with given public resolvers. * After the DNS node configured as an authoritative server, switch the Heat stack's Neutron subnet to that resolver (private_dns_server) the way it to become the first entry pushed into the hosts /etc/resolv.conf. It will be serving the cluster domain requests for OpenShift nodes and workloads. * Drop post-provision /etc/reslov.conf nameserver hacks as not needed anymore. * Fix dns floating IPs output and add the priv IPs output as well. * Update docs, clarify localhost vs servers requirements, add required Network Manager setup step. * Use post-provision task names instead of comments. Signed-off-by: Bogdan Dobrelya --- .../openstack/post-provision-openstack.yml | 42 ++++++++++++---------- 1 file changed, 23 insertions(+), 19 deletions(-) (limited to 'playbooks/provisioning/openstack/post-provision-openstack.yml') diff --git a/playbooks/provisioning/openstack/post-provision-openstack.yml b/playbooks/provisioning/openstack/post-provision-openstack.yml index 918f9e065..412ccd221 100644 --- a/playbooks/provisioning/openstack/post-provision-openstack.yml +++ b/playbooks/provisioning/openstack/post-provision-openstack.yml @@ -1,6 +1,6 @@ --- -# Assign hostnames -- hosts: cluster_hosts +- name: Assign hostnames + hosts: cluster_hosts gather_facts: False become: true pre_tasks: @@ -8,8 +8,8 @@ roles: - role: hostnames -# Subscribe DNS Host to allow for configuration below -- hosts: dns +- name: Subscribe DNS Host to allow for configuration below + hosts: dns gather_facts: False become: true roles: @@ -17,15 +17,15 @@ when: hostvars.localhost.rhsm_register tags: 'subscription-manager' -# Determine which DNS server(s) to use for our generated records -- hosts: localhost +- name: Determine which DNS server(s) to use for our generated records + hosts: localhost gather_facts: False become: False roles: - dns-server-detect -# Build the DNS Server Views and Configure DNS Server(s) -- hosts: dns +- name: Build the DNS Server Views and Configure DNS Server(s) + hosts: dns gather_facts: False become: true pre_tasks: @@ -35,8 +35,8 @@ roles: - role: dns-server -# Build and process DNS Records -- hosts: localhost +- name: Build and process DNS Records + hosts: localhost gather_facts: False become: False pre_tasks: @@ -46,18 +46,22 @@ roles: - role: dns -# OpenShift Pre-Requisites -- hosts: OSEv3 +- name: Switch the stack subnet to the configured private DNS server + hosts: localhost + gather_facts: False + become: False + vars_files: + - stack_params.yaml + tasks: + - include_role: + name: openstack-stack + tasks_from: subnet_update_dns_servers + +- name: OpenShift Pre-Requisites + hosts: OSEv3 gather_facts: False become: true tasks: - - name: "Edit /etc/resolv.conf on masters/nodes" - lineinfile: - state: present - dest: /etc/resolv.conf - regexp: "nameserver {{ hostvars['localhost'].private_dns_server }}" - line: "nameserver {{ hostvars['localhost'].private_dns_server }}" - insertafter: search* - name: "Include DNS configuration to ensure proper name resolution" lineinfile: state: present -- cgit v1.2.3 From 25a2d4f772d735bc31e7a891e16e3d7d7002cd68 Mon Sep 17 00:00:00 2001 From: Bogdan Dobrelya Date: Wed, 12 Jul 2017 11:52:11 +0200 Subject: Install DNS roles from casl-infra with galaxy (#529) Signed-off-by: Bogdan Dobrelya --- playbooks/provisioning/openstack/post-provision-openstack.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'playbooks/provisioning/openstack/post-provision-openstack.yml') diff --git a/playbooks/provisioning/openstack/post-provision-openstack.yml b/playbooks/provisioning/openstack/post-provision-openstack.yml index 412ccd221..8d4ba3c12 100644 --- a/playbooks/provisioning/openstack/post-provision-openstack.yml +++ b/playbooks/provisioning/openstack/post-provision-openstack.yml @@ -33,7 +33,7 @@ - name: "Generate dns-server views" include: openstack_dns_views.yml roles: - - role: dns-server + - role: infra-ansible/roles/dns-server - name: Build and process DNS Records hosts: localhost @@ -44,7 +44,7 @@ - name: "Generate dns records" include: openstack_dns_records.yml roles: - - role: dns + - role: infra-ansible/roles/dns - name: Switch the stack subnet to the configured private DNS server hosts: localhost -- cgit v1.2.3 From a3a61ab4544d97dbc76dcd278c0f17d7a17fa022 Mon Sep 17 00:00:00 2001 From: Tomas Sedovic Date: Wed, 12 Jul 2017 17:30:00 +0200 Subject: Add defaults values for some openstack vars (#539) * Add defaults values for some openstack vars Ansible shows errors when the `rhsm_register` and `openstack_flat_secgrp` values are not present in the inventory even though they have sensible default values. This makes them both default to false when they're not specified. * Comment out the flat security group option in inv It's no longer required to be there so let's comment it out. --- playbooks/provisioning/openstack/post-provision-openstack.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'playbooks/provisioning/openstack/post-provision-openstack.yml') diff --git a/playbooks/provisioning/openstack/post-provision-openstack.yml b/playbooks/provisioning/openstack/post-provision-openstack.yml index 8d4ba3c12..460c6596b 100644 --- a/playbooks/provisioning/openstack/post-provision-openstack.yml +++ b/playbooks/provisioning/openstack/post-provision-openstack.yml @@ -14,7 +14,7 @@ become: true roles: - role: subscription-manager - when: hostvars.localhost.rhsm_register + when: hostvars.localhost.rhsm_register|default(False) tags: 'subscription-manager' - name: Determine which DNS server(s) to use for our generated records -- cgit v1.2.3 From fb3d95ff05257906d846562b752fb9258794dc38 Mon Sep 17 00:00:00 2001 From: Tomas Sedovic Date: Fri, 14 Jul 2017 12:22:51 +0200 Subject: Set up NetworkManager automatically (#542) * Set up NetworkManager automatically This removes the extra step of running the `openshift-ansible/playbooks/byo/openshift-node/network_manager.yml` before installing openshift. In addition, the playbook relies on a host group that the provisioning doesn't provide (oo_all_hosts). Instead, we set up NetworkManager on CentOS nodes automatically. And we restart it on RHEL (which is necessary for the nodes to pick up the new DNS we configured the subnet with). This makes the provisioning easier and more resilient. * Apply the node-network-manager role to every node It makes the code simpler and more consistent across distros. --- playbooks/provisioning/openstack/post-provision-openstack.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'playbooks/provisioning/openstack/post-provision-openstack.yml') diff --git a/playbooks/provisioning/openstack/post-provision-openstack.yml b/playbooks/provisioning/openstack/post-provision-openstack.yml index 460c6596b..53db5061c 100644 --- a/playbooks/provisioning/openstack/post-provision-openstack.yml +++ b/playbooks/provisioning/openstack/post-provision-openstack.yml @@ -59,12 +59,14 @@ - name: OpenShift Pre-Requisites hosts: OSEv3 - gather_facts: False + gather_facts: true become: true - tasks: + pre_tasks: - name: "Include DNS configuration to ensure proper name resolution" lineinfile: state: present dest: /etc/sysconfig/network regexp: "IP4_NAMESERVERS={{ hostvars['localhost'].private_dns_server }}" line: "IP4_NAMESERVERS={{ hostvars['localhost'].private_dns_server }}" + roles: + - node-network-manager -- cgit v1.2.3 From e7a7d1642c1ffbfe23cd5ad2d920e842f0cae4b2 Mon Sep 17 00:00:00 2001 From: Bogdan Dobrelya Date: Thu, 20 Jul 2017 16:53:05 +0200 Subject: Static inventory autogeneration (#550) * At the provisioning stage, allow users to auto-generate a static inventory w/o manual steps needed. The alternative to go fully dynamic TBD. * Move openshift pre-install playbook to the post provision playbook, where the second part of the pre install tasks is already placed. Signed-off-by: Bogdan Dobrelya --- .../openstack/post-provision-openstack.yml | 72 ++++++++++++++-------- 1 file changed, 45 insertions(+), 27 deletions(-) (limited to 'playbooks/provisioning/openstack/post-provision-openstack.yml') diff --git a/playbooks/provisioning/openstack/post-provision-openstack.yml b/playbooks/provisioning/openstack/post-provision-openstack.yml index 53db5061c..a807c4d2f 100644 --- a/playbooks/provisioning/openstack/post-provision-openstack.yml +++ b/playbooks/provisioning/openstack/post-provision-openstack.yml @@ -1,72 +1,90 @@ --- +- hosts: cluster_hosts + name: Wait for the the nodes to come up + become: False + gather_facts: False + tasks: + - wait_for_connection: + +- hosts: cluster_hosts + gather_facts: True + tasks: + - name: Debug hostvar + debug: + msg: "{{ hostvars[inventory_hostname] }}" + verbosity: 2 + +- name: OpenShift Pre-Requisites (part 1) + include: pre-install.yml + - name: Assign hostnames hosts: cluster_hosts gather_facts: False become: true pre_tasks: - - include: pre_tasks.yml + - include: pre_tasks.yml roles: - - role: hostnames + - role: hostnames - name: Subscribe DNS Host to allow for configuration below hosts: dns gather_facts: False become: true roles: - - role: subscription-manager - when: hostvars.localhost.rhsm_register|default(False) - tags: 'subscription-manager' + - role: subscription-manager + when: hostvars.localhost.rhsm_register|default(False) + tags: 'subscription-manager' - name: Determine which DNS server(s) to use for our generated records hosts: localhost gather_facts: False become: False roles: - - dns-server-detect + - dns-server-detect - name: Build the DNS Server Views and Configure DNS Server(s) hosts: dns gather_facts: False become: true pre_tasks: - - include: pre_tasks.yml - - name: "Generate dns-server views" - include: openstack_dns_views.yml + - include: pre_tasks.yml + - name: "Generate dns-server views" + include: openstack_dns_views.yml roles: - - role: infra-ansible/roles/dns-server + - role: infra-ansible/roles/dns-server - name: Build and process DNS Records hosts: localhost - gather_facts: False + gather_facts: True become: False pre_tasks: - - include: pre_tasks.yml - - name: "Generate dns records" - include: openstack_dns_records.yml + - include: pre_tasks.yml + - name: "Generate dns records" + include: openstack_dns_records.yml roles: - - role: infra-ansible/roles/dns + - role: infra-ansible/roles/dns - name: Switch the stack subnet to the configured private DNS server hosts: localhost gather_facts: False become: False vars_files: - - stack_params.yaml + - stack_params.yaml tasks: - - include_role: - name: openstack-stack - tasks_from: subnet_update_dns_servers + - include_role: + name: openstack-stack + tasks_from: subnet_update_dns_servers -- name: OpenShift Pre-Requisites +- name: OpenShift Pre-Requisites (part 2) hosts: OSEv3 gather_facts: true become: true pre_tasks: - - name: "Include DNS configuration to ensure proper name resolution" - lineinfile: - state: present - dest: /etc/sysconfig/network - regexp: "IP4_NAMESERVERS={{ hostvars['localhost'].private_dns_server }}" - line: "IP4_NAMESERVERS={{ hostvars['localhost'].private_dns_server }}" + - name: "Include DNS configuration to ensure proper name resolution" + lineinfile: + state: present + dest: /etc/sysconfig/network + regexp: "IP4_NAMESERVERS={{ hostvars['localhost'].private_dns_server }}" + line: "IP4_NAMESERVERS={{ hostvars['localhost'].private_dns_server }}" roles: - - node-network-manager + - node-network-manager -- cgit v1.2.3 From df8f5f0e251a014ab30dabd62c17e151b7fe36e8 Mon Sep 17 00:00:00 2001 From: Bogdan Dobrelya Date: Wed, 12 Jul 2017 13:09:45 +0200 Subject: Options for bastion, SSH config, static inventory autogeneration * At the provisioning stage, allow users to auto-generate SSH config, when using a static inventory. * Run playbooks to provsion and post-provision as a separate, when using a bastion. This re-applies the SSH config, which ansible can't do on the fly. * Support a pre-installed bastion node, colocated with the 1st infra node. * With a bastion enabled, reduce floating IP footprint to infra and dns nodes only, effectively isolating a cluster in a private network. Signed-off-by: Bogdan Dobrelya --- playbooks/provisioning/openstack/post-provision-openstack.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'playbooks/provisioning/openstack/post-provision-openstack.yml') diff --git a/playbooks/provisioning/openstack/post-provision-openstack.yml b/playbooks/provisioning/openstack/post-provision-openstack.yml index a807c4d2f..c7df74a87 100644 --- a/playbooks/provisioning/openstack/post-provision-openstack.yml +++ b/playbooks/provisioning/openstack/post-provision-openstack.yml @@ -4,7 +4,11 @@ become: False gather_facts: False tasks: - - wait_for_connection: + - when: not openstack_use_bastion|default(False)|bool + wait_for_connection: + - when: openstack_use_bastion|default(False)|bool + delegate_to: bastion + wait_for_connection: - hosts: cluster_hosts gather_facts: True -- cgit v1.2.3 From 5820aa4371aec8218426cdceab3360c6955fe018 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=98ystein=20Bedin?= Date: Wed, 2 Aug 2017 14:40:08 +0000 Subject: Moving common DNS roles out of the playbook area (#605) --- playbooks/provisioning/openstack/post-provision-openstack.yml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) (limited to 'playbooks/provisioning/openstack/post-provision-openstack.yml') diff --git a/playbooks/provisioning/openstack/post-provision-openstack.yml b/playbooks/provisioning/openstack/post-provision-openstack.yml index c7df74a87..f683b77be 100644 --- a/playbooks/provisioning/openstack/post-provision-openstack.yml +++ b/playbooks/provisioning/openstack/post-provision-openstack.yml @@ -52,9 +52,8 @@ become: true pre_tasks: - include: pre_tasks.yml - - name: "Generate dns-server views" - include: openstack_dns_views.yml roles: + - role: dns-views - role: infra-ansible/roles/dns-server - name: Build and process DNS Records @@ -63,9 +62,8 @@ become: False pre_tasks: - include: pre_tasks.yml - - name: "Generate dns records" - include: openstack_dns_records.yml roles: + - role: dns-records - role: infra-ansible/roles/dns - name: Switch the stack subnet to the configured private DNS server -- cgit v1.2.3 From 7be1f76a53518dd48092a996841971eb4fd43f27 Mon Sep 17 00:00:00 2001 From: Bogdan Dobrelya Date: Thu, 24 Aug 2017 11:03:07 +0200 Subject: Do not repeat pre_tasks for post-provision playbook (#689) Move repeating pre_tasks to pre-install (OpenShift Pre-Requisites) step. Signed-off-by: Bogdan Dobrelya --- playbooks/provisioning/openstack/post-provision-openstack.yml | 6 ------ 1 file changed, 6 deletions(-) (limited to 'playbooks/provisioning/openstack/post-provision-openstack.yml') diff --git a/playbooks/provisioning/openstack/post-provision-openstack.yml b/playbooks/provisioning/openstack/post-provision-openstack.yml index f683b77be..28f3e5fcf 100644 --- a/playbooks/provisioning/openstack/post-provision-openstack.yml +++ b/playbooks/provisioning/openstack/post-provision-openstack.yml @@ -25,8 +25,6 @@ hosts: cluster_hosts gather_facts: False become: true - pre_tasks: - - include: pre_tasks.yml roles: - role: hostnames @@ -50,8 +48,6 @@ hosts: dns gather_facts: False become: true - pre_tasks: - - include: pre_tasks.yml roles: - role: dns-views - role: infra-ansible/roles/dns-server @@ -60,8 +56,6 @@ hosts: localhost gather_facts: True become: False - pre_tasks: - - include: pre_tasks.yml roles: - role: dns-records - role: infra-ansible/roles/dns -- cgit v1.2.3 From afd6a03b071eced6bd0940bb96a2a39233739523 Mon Sep 17 00:00:00 2001 From: Tomas Sedovic Date: Tue, 12 Sep 2017 17:05:56 +0200 Subject: Support Cinder-backed Openshift registry (#707) * Attach and detach a volume, wait for it to be accessible This is mostly just handling the attach/detach code, making sure the necessary vars are accessible where they need to be as well as finding out the correct device name the volume is attached as. * Create temp directory for mounts, remove some debug info * add the fs actions * Remove debug * Prepare the volume automatically if possible * Add docs and sample inventory * Read OS_* creds from shell in sample inventory * Fix yamlint complaint * Update readme This mentions the potential pitfalls when using devstack. * Better check for the router deployment in CI * Set the openshift_hoster*_wait vars to True * Fix typo --- playbooks/provisioning/openstack/post-provision-openstack.yml | 3 +++ 1 file changed, 3 insertions(+) (limited to 'playbooks/provisioning/openstack/post-provision-openstack.yml') diff --git a/playbooks/provisioning/openstack/post-provision-openstack.yml b/playbooks/provisioning/openstack/post-provision-openstack.yml index 28f3e5fcf..116eb1244 100644 --- a/playbooks/provisioning/openstack/post-provision-openstack.yml +++ b/playbooks/provisioning/openstack/post-provision-openstack.yml @@ -84,3 +84,6 @@ line: "IP4_NAMESERVERS={{ hostvars['localhost'].private_dns_server }}" roles: - node-network-manager + +- include: prepare-and-format-cinder-volume.yaml + when: prepare_and_format_registry_volume|default(False) -- cgit v1.2.3 From b6dd8f112cd5506923b4b3ce51a1774b0bfc037c Mon Sep 17 00:00:00 2001 From: Tomas Sedovic Date: Mon, 11 Sep 2017 14:57:09 +0200 Subject: Pre-create a Cinder registry volume --- playbooks/provisioning/openstack/post-provision-openstack.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'playbooks/provisioning/openstack/post-provision-openstack.yml') diff --git a/playbooks/provisioning/openstack/post-provision-openstack.yml b/playbooks/provisioning/openstack/post-provision-openstack.yml index 116eb1244..61f950c14 100644 --- a/playbooks/provisioning/openstack/post-provision-openstack.yml +++ b/playbooks/provisioning/openstack/post-provision-openstack.yml @@ -86,4 +86,7 @@ - node-network-manager - include: prepare-and-format-cinder-volume.yaml - when: prepare_and_format_registry_volume|default(False) + when: > + prepare_and_format_registry_volume|default(False) or + (cinder_registry_volume is defined and + cinder_registry_volume.changed|default(False)) -- cgit v1.2.3 From 4669bf33d611555613dec904b1b33a1908f0a35b Mon Sep 17 00:00:00 2001 From: Bogdan Dobrelya Date: Tue, 26 Sep 2017 14:36:12 +0200 Subject: Fix public master cluster DNS record when using bastion (#752) When using a bastion and a single master, add the bastion node's public IP the public master's IP for the DNS record. Signed-off-by: Bogdan Dobrelya --- playbooks/provisioning/openstack/post-provision-openstack.yml | 1 + 1 file changed, 1 insertion(+) (limited to 'playbooks/provisioning/openstack/post-provision-openstack.yml') diff --git a/playbooks/provisioning/openstack/post-provision-openstack.yml b/playbooks/provisioning/openstack/post-provision-openstack.yml index 61f950c14..a80e8d829 100644 --- a/playbooks/provisioning/openstack/post-provision-openstack.yml +++ b/playbooks/provisioning/openstack/post-provision-openstack.yml @@ -58,6 +58,7 @@ become: False roles: - role: dns-records + use_bastion: "{{ openstack_use_bastion|default(False)|bool }}" - role: infra-ansible/roles/dns - name: Switch the stack subnet to the configured private DNS server -- cgit v1.2.3 From d2ff422b284f04b8a19ad4c6aa388ba397d915e1 Mon Sep 17 00:00:00 2001 From: Bogdan Dobrelya Date: Wed, 18 Oct 2017 12:53:31 +0200 Subject: Add Flannel support (#814) * Add flannel support * Document Flannel SDN use case for a separate data network. * Add post install step for flannel SDN * Configure iptables rules as described for OCP 3.4 refarch https://access.redhat.com/documentation/en-us/reference_architectures/2017/html/deploying_red_hat_openshift_container_platform_3.4_on_red_hat_openstack_platform_10/emphasis_manual_deployment_emphasis#run_ansible_installer * Configure flannel interface options Signed-off-by: Bogdan Dobrelya * Use os_firewall from galaxy for required flannel rules For flannel SDN: * Add openshift-ansible as a galaxy dependency module. * Use openshift-ansible/roles/os_firewall to apply DNS rules for flanel SDN. * Apply the remaining advanced rules with direct iptables commands as os_firewall do not support advanced rules. * Persist only iptables rules w/o dynamic KUBe rules. Those are added runtime and need restoration after reboot or iptables restart. * Configure and enable the masked iptables service on the app nodes. Enable it to allow the in-memory rules to be persisted. Disable firewalld, which is the expected default behavior of the os_firewall module. Signed-off-by: Bogdan Dobrelya * Allow access from nodes to masters' port 2379 when using flannel Flannel requires to gather information from etcd to configure and assign the subnets in the nodes, therefore, allow access from nodes to port 2379/tcp to the master security group. Signed-off-by: Bogdan Dobrelya --- .../openstack/post-provision-openstack.yml | 25 ++++++++++++++++++++++ 1 file changed, 25 insertions(+) (limited to 'playbooks/provisioning/openstack/post-provision-openstack.yml') diff --git a/playbooks/provisioning/openstack/post-provision-openstack.yml b/playbooks/provisioning/openstack/post-provision-openstack.yml index a80e8d829..e460fbf12 100644 --- a/playbooks/provisioning/openstack/post-provision-openstack.yml +++ b/playbooks/provisioning/openstack/post-provision-openstack.yml @@ -76,6 +76,16 @@ hosts: OSEv3 gather_facts: true become: true + vars: + interface: "{{ flannel_interface|default('eth1') }}" + interface_file: /etc/sysconfig/network-scripts/ifcfg-{{ interface }} + interface_config: + DEVICE: "{{ interface }}" + TYPE: Ethernet + BOOTPROTO: dhcp + ONBOOT: 'yes' + DEFTROUTE: 'no' + PEERDNS: 'no' pre_tasks: - name: "Include DNS configuration to ensure proper name resolution" lineinfile: @@ -83,6 +93,21 @@ dest: /etc/sysconfig/network regexp: "IP4_NAMESERVERS={{ hostvars['localhost'].private_dns_server }}" line: "IP4_NAMESERVERS={{ hostvars['localhost'].private_dns_server }}" + - name: "Configure the flannel interface options" + when: openshift_use_flannel|default(False)|bool + block: + - file: + dest: "{{ interface_file }}" + state: touch + mode: 0644 + owner: root + group: root + - lineinfile: + state: present + dest: "{{ interface_file }}" + regexp: "{{ item.key }}=" + line: "{{ item.key }}={{ item.value }}" + with_dict: "{{ interface_config }}" roles: - node-network-manager -- cgit v1.2.3