Merge branch 'master' of /git/ansible

2017-05-10 15:57:52 +00:00 · 2017-05-10 15:57:52 +00:00 · 051ab3e830
commit 051ab3e830
parent 5d8b9463d7 e48710ae3d
9 changed files with 283 additions and 0 deletions
--- a/inventory/host_vars/os-control01.stg.phx2.fedoraproject.org
+++ b/inventory/host_vars/os-control01.stg.phx2.fedoraproject.org
@ -0,0 +1,12 @@
+---
+nm: 255.255.255.0
+gw: 10.5.128.254
+dns: 10.5.126.21
+
+ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7
+ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/
+
+volgroup: /dev/vg_guests
+eth0_ip: 10.5.128.100
+vmhost: virthost04.phx2.fedoraproject.org
+datacenter: phx2
--- a/inventory/host_vars/os-master01.stg.phx2.fedoraproject.org
+++ b/inventory/host_vars/os-master01.stg.phx2.fedoraproject.org
@ -0,0 +1,19 @@
+---
+nm: 255.255.255.0
+gw: 10.5.128.254
+dns: 10.5.126.21
+ks_url: http://10.5.126.23/repo/rhel/ks/kvm-atomic-rhel-7
+ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/
+volgroup: /dev/vg_guests
+eth0_ip: 10.5.128.101
+vmhost: virthost11.phx2.fedoraproject.org
+datacenter: phx2
+host_group: os-stg
+
+nrpe_procs_warn: 900
+nrpe_procs_crit: 1000
+
+lvm_size: 120g
+mem_size: 8192
+max_mem_size: 8192
+num_cpus: 4
--- a/inventory/host_vars/os-master02.stg.phx2.fedoraproject.org
+++ b/inventory/host_vars/os-master02.stg.phx2.fedoraproject.org
@ -0,0 +1,19 @@
+---
+nm: 255.255.255.0
+gw: 10.5.128.254
+dns: 10.5.126.21
+ks_url: http://10.5.126.23/repo/rhel/ks/kvm-atomic-host-rhel-7
+ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/
+volgroup: /dev/vg_guests
+eth0_ip: 10.5.128.102
+vmhost: virthost04.phx2.fedoraproject.org
+datacenter: phx2
+host_group: os-stg
+
+nrpe_procs_warn: 900
+nrpe_procs_crit: 1000
+
+lvm_size: 120g
+mem_size: 8192
+max_mem_size: 16384
+num_cpus: 4
--- a/inventory/host_vars/os-master03.stg.phx2.fedoraproject.org
+++ b/inventory/host_vars/os-master03.stg.phx2.fedoraproject.org
@ -0,0 +1,19 @@
+---
+nm: 255.255.255.0
+gw: 10.5.128.254
+dns: 10.5.126.21
+ks_url: http://10.5.126.23/repo/rhel/ks/kvm-atomic-host-rhel-7
+ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/
+volgroup: /dev/vg_guests
+eth0_ip: 10.5.128.103
+vmhost: virthost04.phx2.fedoraproject.org
+datacenter: phx2
+host_group: os-stg
+
+nrpe_procs_warn: 900
+nrpe_procs_crit: 1000
+
+lvm_size: 120g
+mem_size: 8192
+max_mem_size: 16384
+num_cpus: 4
--- a/inventory/host_vars/os-node01.stg.phx2.fedoraproject.org
+++ b/inventory/host_vars/os-node01.stg.phx2.fedoraproject.org
@ -0,0 +1,19 @@
+---
+nm: 255.255.255.0
+gw: 10.5.128.254
+dns: 10.5.126.21
+ks_url: http://10.5.126.23/repo/rhel/ks/kvm-atomic-host-rhel-7
+ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/
+volgroup: /dev/vg_guests
+eth0_ip: 10.5.128.104
+vmhost: virthost11.phx2.fedoraproject.org
+datacenter: phx2
+host_group: os-nodes-stg
+
+nrpe_procs_warn: 900
+nrpe_procs_crit: 1000
+
+lvm_size: 120g
+mem_size: 8192
+max_mem_size: 16384
+num_cpus: 4
--- a/inventory/host_vars/os-node02.stg.phx2.fedoraproject.org
+++ b/inventory/host_vars/os-node02.stg.phx2.fedoraproject.org
@ -0,0 +1,19 @@
+---
+nm: 255.255.255.0
+gw: 10.5.128.254
+dns: 10.5.126.21
+ks_url: http://10.5.126.23/repo/rhel/ks/kvm-atomic-host-7
+ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/
+volgroup: /dev/vg_guests
+eth0_ip: 10.5.128.105
+vmhost: virthost04.phx2.fedoraproject.org
+datacenter: phx2
+host_group: os-nodes-stg
+
+nrpe_procs_warn: 900
+nrpe_procs_crit: 1000
+
+lvm_size: 120g
+mem_size: 8192
+max_mem_size: 16384
+num_cpus: 4
--- a/inventory/inventory
+++ b/inventory/inventory
@ -776,6 +776,12 @@ osbs-node02.stg.phx2.fedoraproject.org
 docker-registry01.stg.phx2.fedoraproject.org
 docker-registry02.stg.phx2.fedoraproject.org
 docker-candidate-registry01.stg.phx2.fedoraproject.org
+os-control01.stg.phx2.fedoraproject.org
+os-master01.stg.phx2.fedoraproject.org
+os-master02.stg.phx2.fedoraproject.org
+os-master03.stg.phx2.fedoraproject.org
+os-node01.stg.phx2.fedoraproject.org
+os-node02.stg.phx2.fedoraproject.org

 # This is a list of hosts that are a little "friendly" with staging.
 # They are exempted from the iptables wall between staging and prod.
@ -1324,6 +1330,17 @@ osbs-master01.stg.phx2.fedoraproject.org
 osbs-node01.stg.phx2.fedoraproject.org
 osbs-node02.stg.phx2.fedoraproject.org

+[os-control-stg]
+os-control01.stg.phx2.fedoraproject.org
+
+[os-master-stg]
+os-master01.stg.phx2.fedoraproject.org
+os-master02.stg.phx2.fedoraproject.org
+os-master03.stg.phx2.fedoraproject.org
+
+[os-node-stg]
+os-node01.stg.phx2.fedoraproject.org
+os-node02.stg.phx2.fedoraproject.org

 # Docker (docker-distribution) registries
 [docker-registry]
--- a/playbooks/groups/os-cluster.yml
+++ b/playbooks/groups/os-cluster.yml
@ -0,0 +1,158 @@
+# create an os server
+- include:  "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=os-control-stg:os-control"
+- include:  "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=os-nodes-stg:os-masters-stg:os-nodes:os-masters"
+
+- name: make the box be real
+  hosts: os-control:os-control-stg:os-masters-stg:os-nodes-stg:os-masters:os-nodes
+  user: root
+  gather_facts: True
+
+  vars_files:
+    - /srv/web/infra/ansible/vars/global.yml
+    - "/srv/private/ansible/vars.yml"
+    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+
+  roles:
+    - base
+    - rkhunter
+    - nagios_client
+    - hosts
+    - fas_client
+    - collectd/base
+    - rsyncd
+    - sudo
+
+  tasks:
+    - include: "{{ tasks_path }}/yumrepos.yml"
+    - include: "{{ tasks_path }}/2fa_client.yml"
+    - include: "{{ tasks_path }}/motd.yml"
+
+  handlers:
+  - include: "{{ handlers_path }}/restart_services.yml"
+
+- name: OSBS control hosts pre-req setup
+  hosts: os-control:os-control-stg
+  tags:
+    - os-cluster-prereq
+  user: root
+  gather_facts: True
+
+  vars_files:
+    - /srv/web/infra/ansible/vars/global.yml
+    - "/srv/private/ansible/vars.yml"
+    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+
+  tasks:
+    - name: deploy private key to control hosts
+      copy:
+        src: "{{private}}/files/os/{{env}}/control_key"
+        dest: "/root/.ssh/id_rsa"
+        owner: root
+        mode: 0600
+
+    - name: set ansible to use pipelining
+      ini_file:
+        dest: /etc/ansible/ansible.cfg
+        section: ssh_connection
+        option: pipelining
+        value: "True"
+
+- name: Setup cluster masters pre-reqs
+  hosts: os-masters-stg:os-masters
+  tags:
+    - os-cluster-prereq
+  user: root
+  gather_facts: True
+
+  vars_files:
+    - /srv/web/infra/ansible/vars/global.yml
+    - "/srv/private/ansible/vars.yml"
+    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+
+  tasks:
+    - name: ensure origin conf dir exists
+      file:
+        path: "/etc/origin"
+        state: "directory"
+
+    - name: create cert dir for openshift public facing REST API SSL
+      file:
+        path: "/etc/origin/master/named_certificates"
+        state: "directory"
+
+    - name: install cert for openshift public facing REST API SSL
+      copy:
+        src: "{{private}}/files/os/{{env}}/os-internal.pem"
+        dest: "/etc/origin/master/named_certificates/{{os}}.pem"
+
+    - name: install key for openshift public facing REST API SSL
+      copy:
+        src: "{{private}}/files/os/{{env}}/os-internal.key"
+        dest: "/etc/origin/master/named_certificates/{{os}}.key"
+
+    - name: place htpasswd file
+      copy:
+        src: "{{private}}/files/httpd/os-{{env}}.htpasswd"
+        dest: /etc/origin/htpasswd
+
+
+- name: Setup cluster hosts pre-reqs
+  hosts: os-masters-stg:os-nodes-stg:os-masters:os-nodes
+  tags:
+    - os-cluster-prereq
+  user: root
+  gather_facts: True
+
+  vars_files:
+    - /srv/web/infra/ansible/vars/global.yml
+    - "/srv/private/ansible/vars.yml"
+    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+
+  handlers:
+    - name: restart NetworkManager
+      service:
+        name: NetworkManager
+        state: restarted
+
+  tasks:
+    - name: Install necessary packages that openshift-ansible needs
+      package: name="{{ item }}" state=installed
+      with_items:
+        - tar
+        - rsync
+        - dbus-python
+        - NetworkManager
+        - libselinux-python
+        - origin
+
+    - name: Deploy controller public ssh keys to os cluster hosts
+      authorized_key:
+        user: root
+        key: "{{ lookup('file', '{{private}}/files/os/{{env}}/control_key.pub') }}"
+
+    # This is required for OpenShift built-in SkyDNS inside the overlay network
+    # of the cluster
+    - name: ensure NM_CONTROLLED is set to "yes" for os cluster
+      lineinfile:
+        dest: "/etc/sysconfig/network-scripts/ifcfg-eth0"
+        line: "NM_CONTROLLED=yes"
+      notify:
+        - restart NetworkManager
+
+    # This is required for OpenShift built-in SkyDNS inside the overlay network
+    # of the cluster
+    - name: ensure NetworkManager is enabled and started
+      service:
+        name: NetworkManager
+        state: started
+        enabled: yes
+
+    - name: cron entry to clean up docker storage
+      copy:
+        src: "{{files}}/os/cleanup-docker-storage"
+        dest: "/etc/cron.d/cleanup-docker-storage"
+
+    - name: copy docker-storage-setup config
+      copy:
+        src: "{{files}}/os/docker-storage-setup"
+        dest:  "/etc/sysconfig/docker-storage-setup"
--- a/roles/batcave/tasks/main.yml
+++ b/roles/batcave/tasks/main.yml
@ -21,6 +21,7 @@
  - yum-metadata-parser       # Needed for rhn sync
  - yum-rhn-plugin            # Needed for rhn sync
  - createrepo_c              # Needed for rhn sync
+  - ostree                    # Needed for rhn sync
  - python-sqlalchemy         # Needed for repo2json
  - pyliblzma                 # Needed for repo2json
  - ansible_utils             # Needed for rbac-playbook