OSBS: Create a dedicated playbook to provision the OpenShift cluster.

Signed-off-by: Clement Verna <cverna@tutanota.com>
This commit is contained in:
Clement Verna 2019-11-26 11:06:14 +01:00 committed by Pierre-Yves Chibon
parent a29a48fa76
commit 31ad931016

View file

@ -0,0 +1,338 @@
# create an osbs server
- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=osbs_control"
- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=osbs_control_stg"
- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=osbs_nodes:osbs_masters"
- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=osbs_nodes_stg:osbs_masters_stg"
- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=osbs_aarch64_masters_stg"
- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=osbs_aarch64_masters"
- name: make the box be real
hosts: osbs_control:osbs_masters:osbs_nodes:osbs_control_stg:osbs_masters_stg:osbs_nodes_stg:osbs_aarch64_masters_stg:osbs_aarch64_masters
user: root
gather_facts: True
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
pre_tasks:
- import_tasks: "{{ tasks_path }}/yumrepos.yml"
roles:
- base
- rkhunter
- nagios_client
- hosts
- fas_client
- sudo
- collectd/base
- rsyncd
tasks:
- name: put openshift repo on os- systems
template: src="{{ files }}/openshift/openshift.repo" dest="/etc/yum.repos.d/openshift.repo"
tags:
- config
- packages
- yumrepos
- name: install redhat ca file
package:
name: subscription-manager-rhsm-certificates
state: present
- import_tasks: "{{ tasks_path }}/2fa_client.yml"
- import_tasks: "{{ tasks_path }}/motd.yml"
handlers:
- import_tasks: "{{ handlers_path }}/restart_services.yml"
- name: OSBS control hosts pre-req setup
hosts: osbs_control:osbs_control_stg
tags:
- osbs-cluster-prereq
user: root
gather_facts: True
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
tasks:
- name: deploy private key to control hosts
copy:
src: "{{private}}/files/osbs/{{env}}/control_key"
dest: "/root/.ssh/id_rsa"
owner: root
mode: 0600
- name: set ansible to use pipelining
ini_file:
dest: /etc/ansible/ansible.cfg
section: ssh_connection
option: pipelining
value: "True"
- name: Setup cluster masters pre-reqs
hosts: osbs_masters_stg:osbs_masters:osbs_aarch64_masters_stg:osbs_aarch64_masters
tags:
- osbs-cluster-prereq
user: root
gather_facts: True
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
tasks:
- name: ensure origin conf dir exists
file:
path: "/etc/origin"
state: "directory"
- name: create cert dir for openshift public facing REST API SSL
file:
path: "/etc/origin/master/named_certificates"
state: "directory"
- name: install cert for openshift public facing REST API SSL
copy:
src: "{{private}}/files/osbs/{{env}}/osbs-internal.pem"
dest: "/etc/origin/master/named_certificates/{{osbs_url}}.pem"
- name: install key for openshift public facing REST API SSL
copy:
src: "{{private}}/files/osbs/{{env}}/osbs-internal.key"
dest: "/etc/origin/master/named_certificates/{{osbs_url}}.key"
- name: place htpasswd file
copy:
src: "{{private}}/files/httpd/osbs-{{env}}.htpasswd"
dest: /etc/origin/master/htpasswd
- name: Setup cluster hosts pre-reqs
hosts: osbs_masters_stg:osbs_nodes_stg:osbs_masters:osbs_nodes:osbs_aarch64_masters_stg:osbs_aarch64_masters
tags:
- osbs-cluster-prereq
user: root
gather_facts: True
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
handlers:
- name: restart NetworkManager
service:
name: NetworkManager
state: restarted
tasks:
- name: Install necessary packages that openshift-ansible needs
package:
state: installed
name:
- tar
- rsync
- dbus-python
- NetworkManager
- libselinux-python
- python2-pyyaml
when: env == "staging"
- name: Install necessary packages that openshift-ansible needs
package:
state: installed
name:
- tar
- rsync
- dbus-python
- NetworkManager
- libselinux-python
- python3-PyYAML
when: env == "production"
- name: Deploy controller public ssh keys to osbs cluster hosts
authorized_key:
user: root
key: "{{ lookup('file', '{{private}}/files/osbs/{{env}}/control_key.pub') }}"
# This is required for OpenShift built-in SkyDNS inside the overlay network
# of the cluster
- name: ensure NM_CONTROLLED is set to "yes" for osbs cluster
lineinfile:
dest: "/etc/sysconfig/network-scripts/ifcfg-eth0"
line: "NM_CONTROLLED=yes"
notify:
- restart NetworkManager
# This is required for OpenShift built-in SkyDNS inside the overlay network
# of the cluster
- name: ensure NetworkManager is enabled and started
service:
name: NetworkManager
state: started
enabled: yes
- name: cron entry to clean up docker storage
copy:
src: "{{files}}/osbs/cleanup-docker-storage"
dest: "/etc/cron.d/cleanup-docker-storage"
- name: copy docker-storage-setup config
copy:
src: "{{files}}/osbs/docker-storage-setup"
dest: "/etc/sysconfig/docker-storage-setup"
- name: Deploy kerberose keytab to cluster hosts
hosts: osbs_masters_stg:osbs_nodes_stg:osbs_masters:osbs_nodes:osbs_aarch64_masters_stg:osbs_aarch64_masters
tags:
- osbs-cluster-prereq
user: root
gather_facts: True
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
roles:
- role: keytab/service
owner_user: root
owner_group: root
service: osbs
host: "osbs.fedoraproject.org"
when: env == "production"
- role: keytab/service
owner_user: root
owner_group: root
service: osbs
host: "osbs.stg.fedoraproject.org"
when: env == "staging"
- name: Deploy OpenShift Cluster x86_64
hosts: osbs_control:osbs_control_stg
tags:
- osbs-deploy-openshift
- osbs-x86-deploy-openshift
user: root
gather_facts: True
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
roles:
- role: ansible-ansible-openshift-ansible
cluster_inventory_filename: "{{ inventory_filename }}"
openshift_master_public_api_url: "https://{{ osbs_url }}:8443"
openshift_release: "v3.11"
openshift_ansible_path: "/root/openshift-ansible"
openshift_ansible_pre_playbook: "playbooks/prerequisites.yml"
openshift_ansible_playbook: "playbooks/deploy_cluster.yml"
openshift_ansible_version: "openshift-ansible-3.11.51-1"
openshift_ansible_ssh_user: root
openshift_ansible_install_examples: false
openshift_ansible_containerized_deploy: true
openshift_cluster_masters_group: "{{ cluster_masters_group }}"
openshift_cluster_nodes_group: "{{ cluster_nodes_group }}"
openshift_cluster_infra_group: "{{ cluster_infra_group }}"
openshift_auth_profile: "osbs"
openshift_cluster_url: "https://{{osbs_url}}"
openshift_master_ha: false
openshift_debug_level: 2
openshift_shared_infra: true
openshift_deployment_type: "origin"
openshift_ansible_python_interpreter: "/usr/bin/python3"
openshift_ansible_use_crio: false
openshift_ansible_crio_only: false
tags: ['openshift-cluster-x86','ansible-ansible-openshift-ansible']
when: env != "staging"
- role: ansible-ansible-openshift-ansible
cluster_inventory_filename: "{{ inventory_filename }}"
openshift_master_public_api_url: "https://{{ osbs_url }}:8443"
openshift_release: "v3.11"
openshift_ansible_path: "/root/openshift-ansible"
openshift_ansible_pre_playbook: "playbooks/prerequisites.yml"
openshift_ansible_playbook: "playbooks/deploy_cluster.yml"
openshift_ansible_version: "openshift-ansible-3.11.51-1"
openshift_ansible_ssh_user: root
openshift_ansible_install_examples: false
openshift_ansible_containerized_deploy: false
openshift_cluster_masters_group: "{{ cluster_masters_group }}"
openshift_cluster_nodes_group: "{{ cluster_nodes_group }}"
openshift_cluster_infra_group: "{{ cluster_infra_group }}"
openshift_auth_profile: "osbs"
openshift_cluster_url: "https://{{osbs_url}}"
openshift_master_ha: false
openshift_debug_level: 2
openshift_shared_infra: true
openshift_deployment_type: "openshift-enterprise"
openshift_ansible_use_crio: false
openshift_ansible_crio_only: false
tags: ['openshift-cluster-x86','ansible-ansible-openshift-ansible']
when: env == "staging"
- name: Deploy OpenShift Cluster aarch64
hosts: osbs_control:osbs_control_stg
tags:
- osbs-deploy-openshift
- osbs-aarch-deploy-openshift
user: root
gather_facts: True
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
roles:
- role: ansible-ansible-openshift-ansible
cluster_inventory_filename: "{{ inventory_filename }}"
openshift_htpasswd_file: "/etc/origin/htpasswd"
openshift_master_public_api_url: "https://{{ osbs_url }}:8443"
openshift_release: "v3.9.0"
openshift_ansible_path: "/root/openshift-ansible"
openshift_ansible_pre_playbook: "playbooks/prerequisites.yml"
openshift_ansible_playbook: "playbooks/deploy_cluster.yml"
openshift_ansible_version: "osbs-aarch64-fedora"
openshift_ansible_ssh_user: root
openshift_ansible_install_examples: false
openshift_ansible_containerized_deploy: false
openshift_cluster_masters_group: "{{ aarch_masters_group }}"
openshift_cluster_nodes_group: "{{ aarch_nodes_group }}"
openshift_cluster_infra_group: "{{ aarch_infra_group }}"
openshift_auth_profile: "osbs"
openshift_cluster_url: "https://{{osbs_url}}"
openshift_master_ha: false
openshift_debug_level: 2
openshift_shared_infra: true
openshift_deployment_type: "origin"
openshift_ansible_python_interpreter: "/usr/bin/python3"
openshift_ansible_use_crio: false
openshift_ansible_crio_only: false
tags: ['openshift-cluster-aarch','ansible-ansible-openshift-ansible']
- name: Setup OSBS requirements for OpenShift cluster hosts
hosts: osbs_masters_stg:osbs_nodes_stg:osbs_masters:osbs_nodes
tags:
- osbs-cluster-req
user: root
gather_facts: True
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
tasks:
- name: Ensures /etc/dnsmasq.d/ dir exists
file: path="/etc/dnsmasq.d/" state=directory
- name: install fedora dnsmasq specific config
copy:
src: "{{files}}/osbs/fedora-dnsmasq.conf.{{env}}"
dest: "/etc/dnsmasq.d/fedora-dns.conf"