From 4df36b4a6a063d9dbc461f448bbf66a37b8861f7 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Wed, 10 May 2017 15:45:51 +0000 Subject: [PATCH 1/2] add openshift instances for stg --- .../os-control01.stg.phx2.fedoraproject.org | 12 ++ .../os-master01.stg.phx2.fedoraproject.org | 19 +++ .../os-master02.stg.phx2.fedoraproject.org | 19 +++ .../os-master03.stg.phx2.fedoraproject.org | 19 +++ .../os-node01.stg.phx2.fedoraproject.org | 19 +++ .../os-node02.stg.phx2.fedoraproject.org | 19 +++ inventory/inventory | 17 ++ playbooks/groups/os-cluster.yml | 158 ++++++++++++++++++ 8 files changed, 282 insertions(+) create mode 100644 inventory/host_vars/os-control01.stg.phx2.fedoraproject.org create mode 100644 inventory/host_vars/os-master01.stg.phx2.fedoraproject.org create mode 100644 inventory/host_vars/os-master02.stg.phx2.fedoraproject.org create mode 100644 inventory/host_vars/os-master03.stg.phx2.fedoraproject.org create mode 100644 inventory/host_vars/os-node01.stg.phx2.fedoraproject.org create mode 100644 inventory/host_vars/os-node02.stg.phx2.fedoraproject.org create mode 100644 playbooks/groups/os-cluster.yml diff --git a/inventory/host_vars/os-control01.stg.phx2.fedoraproject.org b/inventory/host_vars/os-control01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..16602435ae --- /dev/null +++ b/inventory/host_vars/os-control01.stg.phx2.fedoraproject.org @@ -0,0 +1,12 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +volgroup: /dev/vg_guests +eth0_ip: 10.5.128.100 +vmhost: virthost04.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/os-master01.stg.phx2.fedoraproject.org b/inventory/host_vars/os-master01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..b3c0bf999e --- /dev/null +++ b/inventory/host_vars/os-master01.stg.phx2.fedoraproject.org @@ -0,0 +1,19 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-atomic-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.128.101 +vmhost: virthost11.phx2.fedoraproject.org +datacenter: phx2 +host_group: os-stg + +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 + +lvm_size: 120g +mem_size: 8192 +max_mem_size: 8192 +num_cpus: 4 diff --git a/inventory/host_vars/os-master02.stg.phx2.fedoraproject.org b/inventory/host_vars/os-master02.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..4ee9672b95 --- /dev/null +++ b/inventory/host_vars/os-master02.stg.phx2.fedoraproject.org @@ -0,0 +1,19 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-atomic-host-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.128.102 +vmhost: virthost04.phx2.fedoraproject.org +datacenter: phx2 +host_group: os-stg + +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 + +lvm_size: 120g +mem_size: 8192 +max_mem_size: 16384 +num_cpus: 4 diff --git a/inventory/host_vars/os-master03.stg.phx2.fedoraproject.org b/inventory/host_vars/os-master03.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..741b8f3f12 --- /dev/null +++ b/inventory/host_vars/os-master03.stg.phx2.fedoraproject.org @@ -0,0 +1,19 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-atomic-host-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.128.103 +vmhost: virthost04.phx2.fedoraproject.org +datacenter: phx2 +host_group: os-stg + +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 + +lvm_size: 120g +mem_size: 8192 +max_mem_size: 16384 +num_cpus: 4 diff --git a/inventory/host_vars/os-node01.stg.phx2.fedoraproject.org b/inventory/host_vars/os-node01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..abddf35d54 --- /dev/null +++ b/inventory/host_vars/os-node01.stg.phx2.fedoraproject.org @@ -0,0 +1,19 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-atomic-host-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.128.104 +vmhost: virthost11.phx2.fedoraproject.org +datacenter: phx2 +host_group: os-nodes-stg + +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 + +lvm_size: 120g +mem_size: 8192 +max_mem_size: 16384 +num_cpus: 4 diff --git a/inventory/host_vars/os-node02.stg.phx2.fedoraproject.org b/inventory/host_vars/os-node02.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..3e06baf710 --- /dev/null +++ b/inventory/host_vars/os-node02.stg.phx2.fedoraproject.org @@ -0,0 +1,19 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-atomic-host-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.128.105 +vmhost: virthost04.phx2.fedoraproject.org +datacenter: phx2 +host_group: os-nodes-stg + +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 + +lvm_size: 120g +mem_size: 8192 +max_mem_size: 16384 +num_cpus: 4 diff --git a/inventory/inventory b/inventory/inventory index 4ca38861a8..39356158ff 100644 --- a/inventory/inventory +++ b/inventory/inventory @@ -776,6 +776,12 @@ osbs-node02.stg.phx2.fedoraproject.org docker-registry01.stg.phx2.fedoraproject.org docker-registry02.stg.phx2.fedoraproject.org docker-candidate-registry01.stg.phx2.fedoraproject.org +os-control01.stg.phx2.fedoraproject.org +os-master01.stg.phx2.fedoraproject.org +os-master02.stg.phx2.fedoraproject.org +os-master03.stg.phx2.fedoraproject.org +os-node01.stg.phx2.fedoraproject.org +os-node02.stg.phx2.fedoraproject.org # This is a list of hosts that are a little "friendly" with staging. # They are exempted from the iptables wall between staging and prod. @@ -1324,6 +1330,17 @@ osbs-master01.stg.phx2.fedoraproject.org osbs-node01.stg.phx2.fedoraproject.org osbs-node02.stg.phx2.fedoraproject.org +[os-control-stg] +os-control01.stg.phx2.fedoraproject.org + +[os-master-stg] +os-master01.stg.phx2.fedoraproject.org +os-master02.stg.phx2.fedoraproject.org +os-master03.stg.phx2.fedoraproject.org + +[os-node-stg] +os-node01.stg.phx2.fedoraproject.org +os-node02.stg.phx2.fedoraproject.org # Docker (docker-distribution) registries [docker-registry] diff --git a/playbooks/groups/os-cluster.yml b/playbooks/groups/os-cluster.yml new file mode 100644 index 0000000000..5d0185bb5e --- /dev/null +++ b/playbooks/groups/os-cluster.yml @@ -0,0 +1,158 @@ +# create an os server +- include: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=os-control-stg:os-control" +- include: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=os-nodes-stg:os-masters-stg:os-nodes:os-masters" + +- name: make the box be real + hosts: os-control:os-control-stg:os-masters-stg:os-nodes-stg:os-masters:os-nodes + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - nagios_client + - hosts + - fas_client + - collectd/base + - rsyncd + - sudo + + tasks: + - include: "{{ tasks_path }}/yumrepos.yml" + - include: "{{ tasks_path }}/2fa_client.yml" + - include: "{{ tasks_path }}/motd.yml" + + handlers: + - include: "{{ handlers_path }}/restart_services.yml" + +- name: OSBS control hosts pre-req setup + hosts: os-control:os-control-stg + tags: + - os-cluster-prereq + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - name: deploy private key to control hosts + copy: + src: "{{private}}/files/os/{{env}}/control_key" + dest: "/root/.ssh/id_rsa" + owner: root + mode: 0600 + + - name: set ansible to use pipelining + ini_file: + dest: /etc/ansible/ansible.cfg + section: ssh_connection + option: pipelining + value: "True" + +- name: Setup cluster masters pre-reqs + hosts: os-masters-stg:os-masters + tags: + - os-cluster-prereq + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - name: ensure origin conf dir exists + file: + path: "/etc/origin" + state: "directory" + + - name: create cert dir for openshift public facing REST API SSL + file: + path: "/etc/origin/master/named_certificates" + state: "directory" + + - name: install cert for openshift public facing REST API SSL + copy: + src: "{{private}}/files/os/{{env}}/os-internal.pem" + dest: "/etc/origin/master/named_certificates/{{os}}.pem" + + - name: install key for openshift public facing REST API SSL + copy: + src: "{{private}}/files/os/{{env}}/os-internal.key" + dest: "/etc/origin/master/named_certificates/{{os}}.key" + + - name: place htpasswd file + copy: + src: "{{private}}/files/httpd/os-{{env}}.htpasswd" + dest: /etc/origin/htpasswd + + +- name: Setup cluster hosts pre-reqs + hosts: os-masters-stg:os-nodes-stg:os-masters:os-nodes + tags: + - os-cluster-prereq + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + handlers: + - name: restart NetworkManager + service: + name: NetworkManager + state: restarted + + tasks: + - name: Install necessary packages that openshift-ansible needs + package: name="{{ item }}" state=installed + with_items: + - tar + - rsync + - dbus-python + - NetworkManager + - libselinux-python + - origin + + - name: Deploy controller public ssh keys to os cluster hosts + authorized_key: + user: root + key: "{{ lookup('file', '{{private}}/files/os/{{env}}/control_key.pub') }}" + + # This is required for OpenShift built-in SkyDNS inside the overlay network + # of the cluster + - name: ensure NM_CONTROLLED is set to "yes" for os cluster + lineinfile: + dest: "/etc/sysconfig/network-scripts/ifcfg-eth0" + line: "NM_CONTROLLED=yes" + notify: + - restart NetworkManager + + # This is required for OpenShift built-in SkyDNS inside the overlay network + # of the cluster + - name: ensure NetworkManager is enabled and started + service: + name: NetworkManager + state: started + enabled: yes + + - name: cron entry to clean up docker storage + copy: + src: "{{files}}/os/cleanup-docker-storage" + dest: "/etc/cron.d/cleanup-docker-storage" + + - name: copy docker-storage-setup config + copy: + src: "{{files}}/os/docker-storage-setup" + dest: "/etc/sysconfig/docker-storage-setup" From e48710ae3d16045893bca959046fd9215f01f9d8 Mon Sep 17 00:00:00 2001 From: Patrick Uiterwijk Date: Wed, 10 May 2017 15:48:15 +0000 Subject: [PATCH 2/2] Add ostree to batcave Signed-off-by: Patrick Uiterwijk --- roles/batcave/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/batcave/tasks/main.yml b/roles/batcave/tasks/main.yml index c14f0b481b..7b9750c1b2 100644 --- a/roles/batcave/tasks/main.yml +++ b/roles/batcave/tasks/main.yml @@ -21,6 +21,7 @@ - yum-metadata-parser # Needed for rhn sync - yum-rhn-plugin # Needed for rhn sync - createrepo_c # Needed for rhn sync + - ostree # Needed for rhn sync - python-sqlalchemy # Needed for repo2json - pyliblzma # Needed for repo2json - ansible_utils # Needed for rbac-playbook