OSBS: Create a dedicated playbook to provision the OpenShift cluster.

Signed-off-by: Clement Verna <cverna@tutanota.com>

playbooks/groups/osbs/deploy-cluster.yml

@@ -0,0 +1,338 @@
+# create an osbs server
+- import_playbook:  "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=osbs_control"
+- import_playbook:  "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=osbs_control_stg"
+- import_playbook:  "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=osbs_nodes:osbs_masters"
+- import_playbook:  "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=osbs_nodes_stg:osbs_masters_stg"
+- import_playbook:  "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=osbs_aarch64_masters_stg"
+- import_playbook:  "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=osbs_aarch64_masters"
+
+- name: make the box be real
+  hosts: osbs_control:osbs_masters:osbs_nodes:osbs_control_stg:osbs_masters_stg:osbs_nodes_stg:osbs_aarch64_masters_stg:osbs_aarch64_masters
+  user: root
+  gather_facts: True
+
+  vars_files:
+    - /srv/web/infra/ansible/vars/global.yml
+    - "/srv/private/ansible/vars.yml"
+    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+
+  pre_tasks:
+  - import_tasks: "{{ tasks_path }}/yumrepos.yml"
+
+  roles:
+    - base
+    - rkhunter
+    - nagios_client
+    - hosts
+    - fas_client
+    - sudo
+    - collectd/base
+    - rsyncd
+
+  tasks:
+    - name: put openshift repo on os- systems
+      template: src="{{ files }}/openshift/openshift.repo" dest="/etc/yum.repos.d/openshift.repo"
+      tags:
+      - config
+      - packages
+      - yumrepos
+    - name: install redhat ca file
+      package:
+         name: subscription-manager-rhsm-certificates
+         state: present
+    - import_tasks: "{{ tasks_path }}/2fa_client.yml"
+    - import_tasks: "{{ tasks_path }}/motd.yml"
+
+  handlers:
+  - import_tasks: "{{ handlers_path }}/restart_services.yml"
+
+- name: OSBS control hosts pre-req setup
+  hosts: osbs_control:osbs_control_stg
+  tags:
+    - osbs-cluster-prereq
+  user: root
+  gather_facts: True
+
+  vars_files:
+    - /srv/web/infra/ansible/vars/global.yml
+    - "/srv/private/ansible/vars.yml"
+    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+
+  tasks:
+    - name: deploy private key to control hosts
+      copy:
+        src: "{{private}}/files/osbs/{{env}}/control_key"
+        dest: "/root/.ssh/id_rsa"
+        owner: root
+        mode: 0600
+
+    - name: set ansible to use pipelining
+      ini_file:
+        dest: /etc/ansible/ansible.cfg
+        section: ssh_connection
+        option: pipelining
+        value: "True"
+
+- name: Setup cluster masters pre-reqs
+  hosts: osbs_masters_stg:osbs_masters:osbs_aarch64_masters_stg:osbs_aarch64_masters
+  tags:
+    - osbs-cluster-prereq
+  user: root
+  gather_facts: True
+
+  vars_files:
+    - /srv/web/infra/ansible/vars/global.yml
+    - "/srv/private/ansible/vars.yml"
+    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+
+  tasks:
+    - name: ensure origin conf dir exists
+      file:
+        path: "/etc/origin"
+        state: "directory"
+
+    - name: create cert dir for openshift public facing REST API SSL
+      file:
+        path: "/etc/origin/master/named_certificates"
+        state: "directory"
+
+    - name: install cert for openshift public facing REST API SSL
+      copy:
+        src: "{{private}}/files/osbs/{{env}}/osbs-internal.pem"
+        dest: "/etc/origin/master/named_certificates/{{osbs_url}}.pem"
+
+    - name: install key for openshift public facing REST API SSL
+      copy:
+        src: "{{private}}/files/osbs/{{env}}/osbs-internal.key"
+        dest: "/etc/origin/master/named_certificates/{{osbs_url}}.key"
+
+    - name: place htpasswd file
+      copy:
+        src: "{{private}}/files/httpd/osbs-{{env}}.htpasswd"
+        dest: /etc/origin/master/htpasswd
+
+
+- name: Setup cluster hosts pre-reqs
+  hosts: osbs_masters_stg:osbs_nodes_stg:osbs_masters:osbs_nodes:osbs_aarch64_masters_stg:osbs_aarch64_masters
+  tags:
+    - osbs-cluster-prereq
+  user: root
+  gather_facts: True
+
+  vars_files:
+    - /srv/web/infra/ansible/vars/global.yml
+    - "/srv/private/ansible/vars.yml"
+    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+
+  handlers:
+    - name: restart NetworkManager
+      service:
+        name: NetworkManager
+        state: restarted
+
+  tasks:
+    - name: Install necessary packages that openshift-ansible needs
+      package:
+        state: installed
+        name:
+          - tar
+          - rsync
+          - dbus-python
+          - NetworkManager
+          - libselinux-python
+          - python2-pyyaml
+      when: env == "staging"
+    - name: Install necessary packages that openshift-ansible needs
+      package:
+        state: installed
+        name:
+          - tar
+          - rsync
+          - dbus-python
+          - NetworkManager
+          - libselinux-python
+          - python3-PyYAML
+      when: env == "production"
+
+    - name: Deploy controller public ssh keys to osbs cluster hosts
+      authorized_key:
+        user: root
+        key: "{{ lookup('file', '{{private}}/files/osbs/{{env}}/control_key.pub') }}"
+
+    # This is required for OpenShift built-in SkyDNS inside the overlay network
+    # of the cluster
+    - name: ensure NM_CONTROLLED is set to "yes" for osbs cluster
+      lineinfile:
+        dest: "/etc/sysconfig/network-scripts/ifcfg-eth0"
+        line: "NM_CONTROLLED=yes"
+      notify:
+        - restart NetworkManager
+
+    # This is required for OpenShift built-in SkyDNS inside the overlay network
+    # of the cluster
+    - name: ensure NetworkManager is enabled and started
+      service:
+        name: NetworkManager
+        state: started
+        enabled: yes
+
+    - name: cron entry to clean up docker storage
+      copy:
+        src: "{{files}}/osbs/cleanup-docker-storage"
+        dest: "/etc/cron.d/cleanup-docker-storage"
+
+    - name: copy docker-storage-setup config
+      copy:
+        src: "{{files}}/osbs/docker-storage-setup"
+        dest:  "/etc/sysconfig/docker-storage-setup"
+
+- name: Deploy kerberose keytab to cluster hosts
+  hosts: osbs_masters_stg:osbs_nodes_stg:osbs_masters:osbs_nodes:osbs_aarch64_masters_stg:osbs_aarch64_masters
+  tags:
+    - osbs-cluster-prereq
+  user: root
+  gather_facts: True
+
+  vars_files:
+    - /srv/web/infra/ansible/vars/global.yml
+    - "/srv/private/ansible/vars.yml"
+    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+
+  roles:
+  - role: keytab/service
+    owner_user: root
+    owner_group: root
+    service: osbs
+    host: "osbs.fedoraproject.org"
+    when: env == "production"
+  - role: keytab/service
+    owner_user: root
+    owner_group: root
+    service: osbs
+    host: "osbs.stg.fedoraproject.org"
+    when: env == "staging"
+
+- name: Deploy OpenShift Cluster x86_64
+  hosts: osbs_control:osbs_control_stg
+  tags:
+    - osbs-deploy-openshift
+    - osbs-x86-deploy-openshift
+  user: root
+  gather_facts: True
+
+  vars_files:
+    - /srv/web/infra/ansible/vars/global.yml
+    - "/srv/private/ansible/vars.yml"
+    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+
+  roles:
+    - role: ansible-ansible-openshift-ansible
+      cluster_inventory_filename: "{{ inventory_filename }}"
+      openshift_master_public_api_url: "https://{{ osbs_url }}:8443"
+      openshift_release: "v3.11"
+      openshift_ansible_path: "/root/openshift-ansible"
+      openshift_ansible_pre_playbook: "playbooks/prerequisites.yml"
+      openshift_ansible_playbook: "playbooks/deploy_cluster.yml"
+      openshift_ansible_version: "openshift-ansible-3.11.51-1"
+      openshift_ansible_ssh_user: root
+      openshift_ansible_install_examples: false
+      openshift_ansible_containerized_deploy: true
+      openshift_cluster_masters_group: "{{ cluster_masters_group }}"
+      openshift_cluster_nodes_group: "{{ cluster_nodes_group }}"
+      openshift_cluster_infra_group: "{{ cluster_infra_group }}"
+      openshift_auth_profile: "osbs"
+      openshift_cluster_url: "https://{{osbs_url}}"
+      openshift_master_ha: false
+      openshift_debug_level: 2
+      openshift_shared_infra: true
+      openshift_deployment_type: "origin"
+      openshift_ansible_python_interpreter: "/usr/bin/python3"
+      openshift_ansible_use_crio: false
+      openshift_ansible_crio_only: false
+      tags: ['openshift-cluster-x86','ansible-ansible-openshift-ansible']
+      when: env != "staging"
+
+    - role: ansible-ansible-openshift-ansible
+      cluster_inventory_filename: "{{ inventory_filename }}"
+      openshift_master_public_api_url: "https://{{ osbs_url }}:8443"
+      openshift_release: "v3.11"
+      openshift_ansible_path: "/root/openshift-ansible"
+      openshift_ansible_pre_playbook: "playbooks/prerequisites.yml"
+      openshift_ansible_playbook: "playbooks/deploy_cluster.yml"
+      openshift_ansible_version: "openshift-ansible-3.11.51-1"
+      openshift_ansible_ssh_user: root
+      openshift_ansible_install_examples: false
+      openshift_ansible_containerized_deploy: false
+      openshift_cluster_masters_group: "{{ cluster_masters_group }}"
+      openshift_cluster_nodes_group: "{{ cluster_nodes_group }}"
+      openshift_cluster_infra_group: "{{ cluster_infra_group }}"
+      openshift_auth_profile: "osbs"
+      openshift_cluster_url: "https://{{osbs_url}}"
+      openshift_master_ha: false
+      openshift_debug_level: 2
+      openshift_shared_infra: true
+      openshift_deployment_type: "openshift-enterprise"
+      openshift_ansible_use_crio: false
+      openshift_ansible_crio_only: false
+      tags: ['openshift-cluster-x86','ansible-ansible-openshift-ansible']
+      when: env == "staging"
+
+- name: Deploy OpenShift Cluster aarch64
+  hosts: osbs_control:osbs_control_stg
+  tags:
+    - osbs-deploy-openshift
+    - osbs-aarch-deploy-openshift
+  user: root
+  gather_facts: True
+
+  vars_files:
+    - /srv/web/infra/ansible/vars/global.yml
+    - "/srv/private/ansible/vars.yml"
+    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+
+  roles:
+    - role: ansible-ansible-openshift-ansible
+      cluster_inventory_filename: "{{ inventory_filename }}"
+      openshift_htpasswd_file: "/etc/origin/htpasswd"
+      openshift_master_public_api_url: "https://{{ osbs_url }}:8443"
+      openshift_release: "v3.9.0"
+      openshift_ansible_path: "/root/openshift-ansible"
+      openshift_ansible_pre_playbook: "playbooks/prerequisites.yml"
+      openshift_ansible_playbook: "playbooks/deploy_cluster.yml"
+      openshift_ansible_version: "osbs-aarch64-fedora"
+      openshift_ansible_ssh_user: root
+      openshift_ansible_install_examples: false
+      openshift_ansible_containerized_deploy: false
+      openshift_cluster_masters_group: "{{ aarch_masters_group }}"
+      openshift_cluster_nodes_group: "{{ aarch_nodes_group }}"
+      openshift_cluster_infra_group: "{{ aarch_infra_group }}"
+      openshift_auth_profile: "osbs"
+      openshift_cluster_url: "https://{{osbs_url}}"
+      openshift_master_ha: false
+      openshift_debug_level: 2
+      openshift_shared_infra: true
+      openshift_deployment_type: "origin"
+      openshift_ansible_python_interpreter: "/usr/bin/python3"
+      openshift_ansible_use_crio: false
+      openshift_ansible_crio_only: false
+      tags: ['openshift-cluster-aarch','ansible-ansible-openshift-ansible']
+
+- name: Setup OSBS requirements for OpenShift cluster hosts
+  hosts: osbs_masters_stg:osbs_nodes_stg:osbs_masters:osbs_nodes
+  tags:
+    - osbs-cluster-req
+  user: root
+  gather_facts: True
+
+  vars_files:
+    - /srv/web/infra/ansible/vars/global.yml
+    - "/srv/private/ansible/vars.yml"
+    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+
+  tasks:
+    - name: Ensures /etc/dnsmasq.d/ dir exists
+      file: path="/etc/dnsmasq.d/" state=directory
+    - name: install fedora dnsmasq specific config
+      copy:
+        src: "{{files}}/osbs/fedora-dnsmasq.conf.{{env}}"
+        dest: "/etc/dnsmasq.d/fedora-dns.conf"