From 435bbcb4af02ddedaa2ebcbea48b00f2bbf4d164 Mon Sep 17 00:00:00 2001
From: Kenny Woodson <kwoodson@redhat.com>
Date: Fri, 28 Jul 2017 17:31:21 -0400
Subject: First attempt at provisioning.
---
roles/openshift_aws_elb/README.md | 75 +++++++++++++++++++++++++++++++
roles/openshift_aws_elb/defaults/main.yml | 33 ++++++++++++++
roles/openshift_aws_elb/meta/main.yml | 12 +++++
roles/openshift_aws_elb/tasks/main.yml | 57 +++++++++++++++++++++++
4 files changed, 177 insertions(+)
create mode 100644 roles/openshift_aws_elb/README.md
create mode 100644 roles/openshift_aws_elb/defaults/main.yml
create mode 100644 roles/openshift_aws_elb/meta/main.yml
create mode 100644 roles/openshift_aws_elb/tasks/main.yml
(limited to 'roles/openshift_aws_elb')
diff --git a/roles/openshift_aws_elb/README.md b/roles/openshift_aws_elb/README.md
new file mode 100644
index 000000000..ecc45fa14
--- /dev/null
+++ b/roles/openshift_aws_elb/README.md
@@ -0,0 +1,75 @@
+openshift_aws_elb
+=========
+
+Ansible role to provision and manage AWS ELB's for Openshift.
+
+Requirements
+------------
+
+Ansible Modules:
+
+- ec2_elb
+- ec2_elb_lb
+
+python package:
+
+python-boto
+
+Role Variables
+--------------
+
+- r_openshift_aws_elb_instances: instances to put in ELB
+- r_openshift_aws_elb_elb_name: name of elb
+- r_openshift_aws_elb_security_group_names: list of SGs (by name) that the ELB will belong to
+- r_openshift_aws_elb_region: AWS Region
+- r_openshift_aws_elb_health_check: definition of the ELB health check. See ansible docs for ec2_elb
+```yaml
+ ping_protocol: tcp
+ ping_port: 443
+ response_timeout: 5
+ interval: 30
+ unhealthy_threshold: 2
+ healthy_threshold: 2
+```
+- r_openshift_aws_elb_listeners: definition of the ELB listeners. See ansible docs for ec2_elb
+```yaml
+- protocol: tcp
+ load_balancer_port: 80
+ instance_protocol: ssl
+ instance_port: 443
+- protocol: ssl
+ load_balancer_port: 443
+ instance_protocol: ssl
+ instance_port: 443
+ # ssl certificate required for https or ssl
+ ssl_certificate_id: "{{ r_openshift_aws_elb_cert_arn }}"
+```
+
+Dependencies
+------------
+
+
+Example Playbook
+----------------
+```yaml
+- include_role:
+ name: openshift_aws_elb
+ vars:
+ r_openshift_aws_elb_instances: aws_instances_to_put_in_elb
+ r_openshift_aws_elb_elb_name: elb_name
+ r_openshift_aws_elb_security_groups: security_group_names
+ r_openshift_aws_elb_region: aws_region
+ r_openshift_aws_elb_health_check: "{{ elb_health_check_definition }}"
+ r_openshift_aws_elb_listeners: "{{ elb_listeners_definition }}"
+```
+
+
+License
+-------
+
+Apache 2.0
+
+Author Information
+------------------
+
+Openshift
diff --git a/roles/openshift_aws_elb/defaults/main.yml b/roles/openshift_aws_elb/defaults/main.yml
new file mode 100644
index 000000000..ed5d38079
--- /dev/null
+++ b/roles/openshift_aws_elb/defaults/main.yml
@@ -0,0 +1,33 @@
+---
+r_openshift_aws_elb_health_check:
+ ping_protocol: tcp
+ ping_port: 443
+ response_timeout: 5
+ interval: 30
+ unhealthy_threshold: 2
+ healthy_threshold: 2
+
+r_openshift_aws_elb_cert_arn: ''
+
+r_openshift_aws_elb_listeners:
+ master:
+ external:
+ - protocol: tcp
+ load_balancer_port: 80
+ instance_protocol: ssl
+ instance_port: 443
+ - protocol: ssl
+ load_balancer_port: 443
+ instance_protocol: ssl
+ instance_port: 443
+ # ssl certificate required for https or ssl
+ ssl_certificate_id: "{{ r_openshift_aws_elb_cert_arn }}"
+ internal:
+ - protocol: tcp
+ load_balancer_port: 80
+ instance_protocol: tcp
+ instance_port: 80
+ - protocol: tcp
+ load_balancer_port: 443
+ instance_protocol: tcp
+ instance_port: 443
diff --git a/roles/openshift_aws_elb/meta/main.yml b/roles/openshift_aws_elb/meta/main.yml
new file mode 100644
index 000000000..58be652a5
--- /dev/null
+++ b/roles/openshift_aws_elb/meta/main.yml
@@ -0,0 +1,12 @@
+---
+galaxy_info:
+ author: OpenShift
+ description: Openshift ELB provisioning
+ company: Red Hat, Inc
+ license: ASL 2.0
+ min_ansible_version: 1.2
+ platforms:
+ - name: EL
+ versions:
+ - 7
+dependencies: []
diff --git a/roles/openshift_aws_elb/tasks/main.yml b/roles/openshift_aws_elb/tasks/main.yml
new file mode 100644
index 000000000..64ec18545
--- /dev/null
+++ b/roles/openshift_aws_elb/tasks/main.yml
@@ -0,0 +1,57 @@
+---
+- name: fetch the default subnet id
+ ec2_remote_facts:
+ region: "{{ r_openshift_aws_elb_region }}"
+ filters: "{{ r_openshift_aws_elb_instance_filter }}"
+ register: instancesout
+
+- name: fetch the default subnet id
+ ec2_vpc_subnet_facts:
+ region: "{{ r_openshift_aws_elb_region }}"
+ filters:
+ "tag:Name": "{{ r_openshift_aws_elb_subnet_name }}"
+ register: subnetout
+
+- name:
+ debug:
+ msg: "{{ r_openshift_aws_elb_listeners[r_openshift_aws_elb_type][r_openshift_aws_elb_direction]
+ if 'master' in r_openshift_aws_elb_type or 'infra' in r_openshift_aws_elb_type
+ else r_openshift_aws_elb_listeners }}"
+
+- name: "Create ELB {{ r_openshift_aws_elb_name }}"
+ ec2_elb_lb:
+ name: "{{ r_openshift_aws_elb_name }}"
+ state: present
+ security_group_names: "{{ r_openshift_aws_elb_security_groups }}"
+ idle_timeout: "{{ r_openshift_aws_elb_idle_timout }}"
+ region: "{{ r_openshift_aws_elb_region }}"
+ subnets:
+ - "{{ subnetout.subnets[0].id }}"
+ health_check: "{{ r_openshift_aws_elb_health_check }}"
+ listeners: "{{ r_openshift_aws_elb_listeners[r_openshift_aws_elb_type][r_openshift_aws_elb_direction]
+ if 'master' in r_openshift_aws_elb_type or 'infra' in r_openshift_aws_elb_type
+ else r_openshift_aws_elb_listeners }}"
+ scheme: "{{ r_openshift_aws_elb_scheme }}"
+ tags:
+ KubernetesCluster: "{{ r_openshift_aws_elb_clusterid }}"
+ register: new_elb
+
+# It is necessary to ignore_errors here because the instances are not in 'ready'
+# state when first added to ELB
+- name: "Add instances to ELB {{ r_openshift_aws_elb_name }}"
+ ec2_elb:
+ instance_id: "{{ item.id }}"
+ ec2_elbs: "{{ r_openshift_aws_elb_name }}"
+ state: present
+ region: "{{ r_openshift_aws_elb_region }}"
+ wait: False
+ with_items: "{{ instancesout.instances }}"
+ ignore_errors: True
+ retries: 10
+ register: elb_call
+ until: elb_call|succeeded
+
+- debug:
+ msg: "{{ item }}"
+ with_items:
+ - "{{ new_elb }}"
--
cgit v1.2.3