Openshift redeploy to production.

Add 3 more nodes (we might use one later for staging) move to latest openshift ansible Change config to do multitenant, have logs and other config tweaks.
2018-09-27 21:04:49 +00:00 · 2018-09-27 21:04:49 +00:00 · 6ca94af4e4
commit 6ca94af4e4
parent b6bb287e9c
11 changed files with 85 additions and 14 deletions
--- a/inventory/host_vars/os-node03.phx2.fedoraproject.org
+++ b/inventory/host_vars/os-node03.phx2.fedoraproject.org
@ -0,0 +1,18 @@
+---
+nm: 255.255.255.0
+gw: 10.5.126.254
+dns: 10.5.126.21
+ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7-osbs
+ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/
+volgroup: /dev/vg_guests
+eth0_ip: 10.5.126.165
+vmhost: virthost01.phx2.fedoraproject.org
+datacenter: phx2
+
+nrpe_procs_warn: 900
+nrpe_procs_crit: 1000
+
+lvm_size: 120g
+mem_size: 16384
+max_mem_size: 16384
+num_cpus: 4
--- a/inventory/host_vars/os-node04.phx2.fedoraproject.org
+++ b/inventory/host_vars/os-node04.phx2.fedoraproject.org
@ -0,0 +1,18 @@
+---
+nm: 255.255.255.0
+gw: 10.5.126.254
+dns: 10.5.126.21
+ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7-osbs
+ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/
+volgroup: /dev/vg_guests
+eth0_ip: 10.5.126.166
+vmhost: virthost12.phx2.fedoraproject.org
+datacenter: phx2
+
+nrpe_procs_warn: 900
+nrpe_procs_crit: 1000
+
+lvm_size: 120g
+mem_size: 16384
+max_mem_size: 16384
+num_cpus: 4
--- a/inventory/host_vars/os-node05.phx2.fedoraproject.org
+++ b/inventory/host_vars/os-node05.phx2.fedoraproject.org
@ -0,0 +1,18 @@
+---
+nm: 255.255.255.0
+gw: 10.5.126.254
+dns: 10.5.126.21
+ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7-osbs
+ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/
+volgroup: /dev/vg_guests
+eth0_ip: 10.5.126.167
+vmhost: virthost14.phx2.fedoraproject.org
+datacenter: phx2
+
+nrpe_procs_warn: 900
+nrpe_procs_crit: 1000
+
+lvm_size: 120g
+mem_size: 16384
+max_mem_size: 16384
+num_cpus: 4
--- a/inventory/inventory
+++ b/inventory/inventory
@ -1472,6 +1472,9 @@ os-master03.phx2.fedoraproject.org
 [os-nodes]
 os-node01.phx2.fedoraproject.org
 os-node02.phx2.fedoraproject.org
+os-node03.phx2.fedoraproject.org
+os-node04.phx2.fedoraproject.org
+os-node05.phx2.fedoraproject.org

 [os:children]
 os-nodes
--- a/playbooks/groups/os-cluster.yml
+++ b/playbooks/groups/os-cluster.yml
@ -162,7 +162,7 @@
        openshift_ansible_path: "/root/openshift-ansible",
        openshift_ansible_pre_playbook: "playbooks/prerequisites.yml",
        openshift_ansible_playbook: "playbooks/deploy_cluster.yml",
-        openshift_ansible_version: "openshift-ansible-3.10.35-1",
+        openshift_ansible_version: "openshift-ansible-3.10.51-1",
        openshift_ansible_ssh_user: root,
        openshift_ansible_install_examples: false,
        openshift_ansible_containerized_deploy: false,
--- a/playbooks/include/proxies-reverseproxy.yml
+++ b/playbooks/include/proxies-reverseproxy.yml
@ -670,7 +670,7 @@
    website: app.os.fedoraproject.org
    destname: app.os
    balancer_name: app-os
-    balancer_members: ['os-node01.vpn.fedoraproject.org', 'os-node02.vpn.fedoraproject.org']
+    balancer_members: ['os-node01.vpn.fedoraproject.org', 'os-node02.vpn.fedoraproject.org', 'os-node03.vpn.fedoraproject.org', 'os-node04.vpn.fedoraproject.org', 'os-node05.vpn.fedoraproject.org']
    keephost: true
    tags:
    - app.os.fedoraproject.org
@ -690,7 +690,7 @@
    website: app.os.stg.fedoraproject.org
    destname: app.os
    balancer_name: app-os-stg
-    balancer_members: ['os-node01.stg.phx2.fedoraproject.org', 'os-node02.stg.phx2.fedoraproject.org']
+    balancer_members: ['os-node01.stg.phx2.fedoraproject.org', 'os-node02.stg.phx2.fedoraproject.org', 'os-node03.stg.phx2.fedoraproject.org', 'os-node04.stg.phx2.fedoraproject.org']
    proxyurl: http://app.os.phx2.fedoraproject.org
    keephost: true
    tags:
--- a/roles/ansible-ansible-openshift-ansible/templates/cluster-inventory-prod.j2
+++ b/roles/ansible-ansible-openshift-ansible/templates/cluster-inventory-prod.j2
@ -94,7 +94,7 @@ debug_level={{openshift_debug_level}}
 # WARNING: This value will be used for all hosts in containerized environments, even those that have another version installed.
 # This could potentially trigger an upgrade and downtime, so be careful with modifying this value after the cluster is set up.
 #openshift_image_tag=v3.10.0
-openshift_image_tag={{openshift_release}}
+openshift_image_tag="v3.10"

 # Specify an exact rpm version to install or configure.
 # WARNING: This value will be used for all hosts in RPM based environments, even those that have another version installed.
@ -599,7 +599,10 @@ openshift_hosted_registry_storage_volume_size=10Gi
 # See: https://docs.openshift.com/enterprise/latest/install_config/cluster_metrics.html
 #
 # By default metrics are not automatically deployed, set this to enable them
-#openshift_metrics_install_metrics=true
+openshift_metrics_install_metrics=true
+openshift_metrics_cassandra_storage_type=emptydir
+openshift_metrics_start_cluster=true
+openshift_metrics_cassandra_nodeselector={"node-role.kubernetes.io/infra":"true"}
 {% if openshift_metrics_deploy is defined %}
 {% if openshift_metrics_deploy %}
 openshift_hosted_metrics_deploy=true
@ -683,7 +686,7 @@ openshift_hosted_metrics_deploy=true
 # Logging deployment
 #
 # Currently logging deployment is disabled by default, enable it by setting this
-#openshift_logging_install_logging=true
+openshift_logging_install_logging=true
 #
 # Logging storage config
 # Option A - NFS Host Group
@ -729,7 +732,7 @@ openshift_hosted_metrics_deploy=true
 #openshift_logging_kibana_hostname=logging.apps.example.com
 # Configure the number of elastic search nodes, unless you're using dynamic provisioning
 # this value must be 1
-#openshift_logging_es_cluster_size=1
+openshift_logging_es_cluster_size=1

 # Prometheus deployment
 #
@ -748,7 +751,7 @@ openshift_hosted_metrics_deploy=true
 #openshift_prometheus_alertbuffer_storage_type=pvc

 # Configure the multi-tenant SDN plugin (default is 'redhat/openshift-ovs-subnet')
-# os_sdn_network_plugin_name='redhat/openshift-ovs-multitenant'
+os_sdn_network_plugin_name='redhat/openshift-ovs-multitenant'

 # Disable the OpenShift SDN plugin
 # openshift_use_openshift_sdn=False
@ -951,21 +954,21 @@ openshift_master_console_port={{openshift_console_port}}
 #openshift_buildoverrides_json='{"BuildOverrides":{"configuration":{"apiVersion":"v1","kind":"BuildDefaultsConfig","forcePull":"true"}}}'

 # Enable service catalog
-#openshift_enable_service_catalog=true
+openshift_enable_service_catalog=true

 # Enable template service broker (requires service catalog to be enabled, above)
-#template_service_broker_install=true
+template_service_broker_install=true

 # Specify an openshift_service_catalog image
 # (defaults for origin and openshift-enterprise, repsectively)
 #openshift_service_catalog_image="docker.io/openshift/origin-service-catalog:{ openshift_image_tag }""
-#openshift_service_catalog_image="registry.access.redhat.com/openshift3/ose-service-catalog:{ openshift_image_tag }"
+openshift_service_catalog_image="registry.access.redhat.com/openshift3/ose-service-catalog:v3.10"

 # TSB image tag
-#template_service_broker_version='v3.9'
+template_service_broker_version='v3.10'

 # Configure one of more namespaces whose templates will be served by the TSB
-#openshift_template_service_broker_namespaces=['openshift']
+openshift_template_service_broker_namespaces=['openshift']

 # masterConfig.volumeConfig.dynamicProvisioningEnabled, configurable as of 1.2/3.2, enabled by default
 #openshift_master_dynamic_provisioning_enabled=True
@ -974,7 +977,7 @@ openshift_master_console_port={{openshift_console_port}}
 #openshift_master_admission_plugin_config={"ProjectRequestLimit":{"configuration":{"apiVersion":"v1","kind":"ProjectRequestLimitConfig","limits":[{"selector":{"admin":"true"}},{"maxProjects":"1"}]}},"PodNodeConstraints":{"configuration":{"apiVersion":"v1","kind":"PodNodeConstraintsConfig"}}}

 # Configure usage of openshift_clock role.
-#openshift_clock_enabled=true
+openshift_clock_enabled=true

 # OpenShift Per-Service Environment Variables
 # Environment variables are added to /etc/sysconfig files for
--- a/roles/haproxy/templates/haproxy.cfg
+++ b/roles/haproxy/templates/haproxy.cfg
@ -570,6 +570,11 @@ backend os-nodes-backend
    balance hdr(appserver)
    server os-node01 os-node01:443 check inter 10s rise 1 fall 2 ssl verify none
    server os-node02 os-node02:443 check inter 10s rise 1 fall 2 ssl verify none
+    server os-node03 os-node03:443 check inter 10s rise 1 fall 2 ssl verify none
+    server os-node04 os-node04:443 check inter 10s rise 1 fall 2 ssl verify none
+{% if env != "staging" %}
+    server os-node05 os-node05:443 check inter 10s rise 1 fall 2 ssl verify none
+{% endif %}
    option  httpchk GET /
    http-check expect status 503

--- a/roles/openvpn/server/files/ccd/os-node03.phx2.fedoraproject.org
+++ b/roles/openvpn/server/files/ccd/os-node03.phx2.fedoraproject.org
@ -0,0 +1,2 @@
+# ifconfig-push actualIP PtPIP
+ifconfig-push 192.168.1.181 192.168.0.181
--- a/roles/openvpn/server/files/ccd/os-node04.phx2.fedoraproject.org
+++ b/roles/openvpn/server/files/ccd/os-node04.phx2.fedoraproject.org
@ -0,0 +1,2 @@
+# ifconfig-push actualIP PtPIP
+ifconfig-push 192.168.1.182 192.168.0.182
--- a/roles/openvpn/server/files/ccd/os-node05.phx2.fedoraproject.org
+++ b/roles/openvpn/server/files/ccd/os-node05.phx2.fedoraproject.org
@ -0,0 +1,2 @@
+# ifconfig-push actualIP PtPIP
+ifconfig-push 192.168.1.183 192.168.0.183