blob: 88ab0ecb14ea7ab8f05e75c4ca18c52dfb985a9d (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
|
---
- name: Setup the vpc and the master node group
hosts: localhost
tasks:
- name: get provisioning vars
include_vars: vars.yml
- name: create default vpc
include_role:
name: openshift_aws_vpc
vars:
r_openshift_aws_vpc_clusterid: "{{ provision.clusterid }}"
r_openshift_aws_vpc_cidr: "{{ provision.vpc.cidr }}"
r_openshift_aws_vpc_subnets: "{{ provision.vpc.subnets }}"
r_openshift_aws_vpc_region: "{{ provision.region }}"
r_openshift_aws_vpc_tags: "{{ provision.vpc.tags }}"
r_openshift_aws_vpc_name: "{{ provision.vpc.name | default(provision.clusterid) }}"
- name: bring iam_cert23 into scope
include_role:
name: lib_utils
- name: upload certificates to AWS IAM
iam_cert23:
state: present
name: "{{ provision.clusterid }}-master-external"
cert: "{{ provision.iam_cert_ca.cert_path }}"
key: "{{ provision.iam_cert_ca.key_path }}"
cert_chain: "{{ provision.iam_cert_ca.chain_path | default(omit) }}"
register: elb_cert_chain
failed_when:
- "'failed' in elb_cert_chain"
- elb_cert_chain.failed
- "'msg' in elb_cert_chain"
- "'already exists' not in elb_cert_chain.msg"
when: provision.iam_cert_ca is defined
- debug: var=elb_cert_chain
- name: create aws ssh keypair
include_role:
name: openshift_aws_ssh_keys
vars:
r_openshift_aws_ssh_keys_users: "{{ provision.instance_users }}"
r_openshift_aws_ssh_keys_region: "{{ provision.region }}"
- when: provision.openshift_registry_s3 | default(false)
name: create s3 bucket for registry
include_role:
name: openshift_aws_s3
vars:
r_openshift_aws_s3_clusterid: "{{ provision.clusterid }}-docker-registry"
r_openshift_aws_s3_region: "{{ provision.region }}"
r_openshift_aws_s3_mode: create
- name: include scale group creation for master
include: build_node_group.yml
vars:
openshift_build_node_type: master
openshift_clusterid: "{{ provision.clusterid }}"
openshift_region: "{{ provision.region }}"
openshift_use_custom_ami: "{{ provision.use_custom_ami }}"
openshift_ami_name: "{{ provision.build.ami_name }}"
openshift_ami_tags: "{{ provision.build.ami_tags }}"
openshift_node_group_config: "{{ provision.node_group_config }}"
openshift_subnet_name: "{{ provision.vpc.subnets[provision.region][0].az }}"
- name: fetch new master instances
ec2_remote_facts:
region: "{{ provision.region }}"
filters:
"tag:clusterid": "{{ provision.clusterid }}"
"tag:host-type": master
instance-state-name: running
register: instancesout
retries: 20
delay: 3
until: instancesout.instances|length > 0
- name: create our master external and internal load balancers
include_role:
name: openshift_aws_elb
vars:
r_openshift_aws_elb_clusterid: "{{ provision.clusterid }}"
r_openshift_aws_elb_region: "{{ provision.region }}"
r_openshift_aws_elb_instance_filter:
"tag:clusterid": "{{ provision.clusterid }}"
"tag:host-type": master
instance-state-name: running
r_openshift_aws_elb_type: master
r_openshift_aws_elb_direction: "{{ elb_item }}"
r_openshift_aws_elb_idle_timout: 400
r_openshift_aws_elb_scheme: internet-facing
r_openshift_aws_elb_security_groups:
- "{{ provision.clusterid }}"
- "{{ provision.clusterid }}_master"
r_openshift_aws_elb_subnet_name: "{{ provision.vpc.subnets[provision.region][0].az }}"
r_openshift_aws_elb_name: "{{ provision.clusterid }}-master-{{ elb_item }}"
r_openshift_aws_elb_cert_arn: "{{ elb_cert_chain.arn }}"
with_items:
- internal
- external
loop_control:
loop_var: elb_item
- name: add new master to masters group
add_host:
groups: "masters,etcd,nodes"
name: "{{ item.public_ip_address }}"
hostname: "{{ provision.clusterid }}-master-{{ item.id[:-5] }}"
with_items: "{{ instancesout.instances }}"
- name: set facts for group normalization
set_fact:
cluster_id: "{{ provision.clusterid }}"
cluster_env: "{{ provision.node_group_config.tags.environment | default('dev') }}"
- name: wait for ssh to become available
wait_for:
port: 22
host: "{{ item.public_ip_address }}"
timeout: 300
search_regex: OpenSSH
with_items: "{{ instancesout.instances }}"
- name: set the master facts for hostname to elb
hosts: masters
gather_facts: no
remote_user: root
tasks:
- name: include vars
include_vars: vars.yml
- name: fetch elbs
ec2_elb_facts:
region: "{{ provision.region }}"
names:
- "{{ item }}"
with_items:
- "{{ provision.clusterid }}-master-external"
- "{{ provision.clusterid }}-master-internal"
delegate_to: localhost
register: elbs
- debug: var=elbs
- name: set fact
set_fact:
openshift_master_cluster_hostname: "{{ elbs.results[1].elbs[0].dns_name }}"
osm_custom_cors_origins:
- "{{ elbs.results[1].elbs[0].dns_name }}"
- "console.{{ provision.clusterid }}.openshift.com"
- "api.{{ provision.clusterid }}.openshift.com"
with_items: "{{ groups['masters'] }}"
- name: normalize groups
include: ../../byo/openshift-cluster/initialize_groups.yml
- name: run the std_include
include: ../../common/openshift-cluster/std_include.yml
- name: run the config
include: ../../common/openshift-cluster/config.yml
|