Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

add ansible-ansible-openshift-ansible and groups/osbs-cluster.yml

Browse source 
Signed-off-by: Adam Miller <maxamillion@fedoraproject.org>
This commit is contained in:
Adam Miller 2016-10-21 22:49:20 -05:00 committed by Adam Miller
parent f36cf4f723
commit a1fbd490ec
6 changed files with 224 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

44
playbooks/groups/osbs-cluster.yml
View file

@ -2,7 +2,7 @@
- include: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=osbs-nodes-stg:osbs-masters-stg"
- name: make the box be real
hosts: osbs-masters-stg:osbs-nodes-stg
hosts: osbs-control:osbs-control-stg:osbs-masters-stg:osbs-nodes-stg
user: root
gather_facts: True
@ -28,3 +28,45 @@
handlers:
- include: "{{ handlers }}/restart_services.yml"
- name: Deploy controller private ssh keys to osbs control hosts
hosts: osbs-control:osbs-control-stg
user: root
gather_facts: True
tasks:
- name: deploy private key to control hosts
copy:
src: "{{private}}/files/{{env}}/control_key"
dest: "/root/.ssh/control_key"
owner: root
mode: 0600
- name: Deploy controller public ssh keys to osbs cluster hosts
hosts: osbs-masters-stg:osbs-nodes-stg
user: root
gather_facts: True
tasks:
- name: deploy public key to control hosts
authorized_key:
user: root
key: "{{ lookup('file', '{{private}}/files/{{env}}/control_key.pub') }}"
- name: Deploy OpenShift Cluster and OSBS
hosts: osbs-control:osbs-control-stg
user: root
gather_facts: True
roles:
- {
role: ansible-ansible-openshift-ansible,
cluster_inventory_filename: "cluster-inventory-stg"
openshift_release: "v1.2",
openshift_ansible_path: "/root/openshift-ansible",
openshift_ansible_playbook: "playbooks/byo/config.yml",
openshift_ansible_refspec: "openshift-ansible-3.2.35-1",
openshift_cluster_masters_group: "osbs-masters-stg",
openshift_cluster_nodes_group: "osbs-nodes-stg",
when: env == 'staging'
}

29
roles/ansible-ansible-openshift-ansible/.travis.yml Normal file
View file

@ -0,0 +1,29 @@
---
language: python
python: "2.7"
# Use the new container infrastructure
sudo: false
# Install ansible
addons:
apt:
packages:
- python-pip
install:
# Install ansible
- pip install ansible
# Check ansible version
- ansible --version
# Create ansible.cfg with correct roles_path
- printf '[defaults]\nroles_path=../' >ansible.cfg
script:
# Basic role syntax check
- ansible-playbook tests/test.yml -i tests/inventory --syntax-check
notifications:
webhooks: https://galaxy.ansible.com/api/v1/notifications/

54
roles/ansible-ansible-openshift-ansible/README.rst Normal file
View file

@ -0,0 +1,54 @@
ansible-ansible-openshift-ansible
#################################
Ansible role to run ansible on a remote "openshift control" what will run
`openshift-ansible`_ to deploy a cluster.
This is a Fedora Infrastructure specific adaptation into a role of the original
prototype located in pagure:
https://pagure.io/ansible-ansible-openshift-ansible/tree/master
What? Why?
----------
The `openshift-ansible`_ playbooks require that various tasks be run on
``localhost`` in order to build their internal abstracted representation of the
inventory list. Running potentially arbitrary code from external sources on a
bastion host (which is what ``localhost`` would be as the ansible control
machine) is often frowned upon. The goal here is to allow for the deployment of
`openshift-ansible`_ via an intermediate host.
.. note::
There is a requirement to setup the SSH keys such that the bastion host
can passwordless ssh into the openshift control host and such that the
openshift control host can passwordless ssh into each of the hosts in
the openshift cluster. This is outside the scope of this document.
::
+---------------+ +-------------------+
| | | |
| bastion host +----[ansible]----->| openshift control |
| | | |
+---------------+ +---------+---------+
|
|
[ansible]
|
|
V
+--------------------------------------------------------------------------+
| |
| openshift cluster |
| |
| +-----------+ +-----------+ +-----------+ |
| | | | | | | |
| | openshift | ...[masters] | openshift | | openshift | ...[nodes] |
| | master | | node | | node | |
| | | | | | | |
| +-----------+ +-----------+ +-----------+ |
| |
+--------------------------------------------------------------------------+

31
roles/ansible-ansible-openshift-ansible/defaults/main.yml Normal file
View file

@ -0,0 +1,31 @@
---
# defaults file for ansible-ansible-openshift-ansible
#
# Destination file name for template-generated cluster inventory
cluster_inventory_filename: "cluster-inventory"
# Release required as per the openshift-ansible
openshift_release: "v1.2"
# Path to clone the openshift-ansible git repo into
openshift_ansible_path: "/root/openshift-ansible"
# Relative path inside the openshift-ansible git repo of the playbook to execute
# remotely
openshift_ansible_playbook: "playbooks/byo/config.yml"
# openshift-ansible refspec, this is the git tag of the "release" of the
# openshift-ansible git repo. We need to track OpenShift v1.x to
# openshift-ansible-3.x.y-1 as that's the release/tag standard upstream.
openshift_ansible_refspec: "openshift-ansible-3.2.35-1"
# The group names assigned to these variables are used to create the "effective"
# inventory (via a template) that is used to deploy the OpenShift Cluster via
# openshift-ansible (https://github.com/openshift/openshift-ansible). The values
# assigned here must match group names in the current running inventory or the
# remote effective inventory that actually deploys the OpenShift Cluster will be
# empty causing undesired effects.
openshift_cluster_masters_group: "openshift-cluster-masters"
openshift_cluster_nodes_group: "openshift-cluster-nodes"

32
roles/ansible-ansible-openshift-ansible/tasks/main.yml Normal file
View file

@ -0,0 +1,32 @@
---
# tasks file for ansible-ansible-openshift-ansible
#
- name: git clone the openshift-ansible repo
git:
repo: "https://github.com/openshift/openshift-ansible.git"
dest: "{{ openshift_ansible_path }}"
refspec: "{{ openshift_ansible_refspec }}"
- name: generate the inventory file
template:
src: "cluster-inventory.j2"
dest: "{{ openshift_ansible_path }}/{{ cluster_inventory_filename }}"
- name: run ansible
shell: "ansible-playbook {{ openshift_ansible_playbook }} -i {{ cluster_inventory_filename }}"
args:
chdir: "{{ openshift_ansible_path }}"
register: run_ansible_out
- name: display run ansible stdout_lines
debug:
var: run_ansible_out.stdout_lines
- name: display run ansible stderr
debug:
var: run_ansible_out.stderr

35
roles/ansible-ansible-openshift-ansible/templates/cluster-inventory.j2 Normal file
View file

@ -0,0 +1,35 @@
[OSEv3:children]
masters
nodes
etcd
lb
[OSEv3:vars]
ansible_ssh_user=root
debug_level=2
deployment_type=origin
openshift_release={{openshift_release }}
openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', 'filename': '/etc/origin/master/htpasswd'}]
[masters]
{% for host in groups[openshift_cluster_masters_group] %}
{{ host }}
{% endfor %}
[etcd]
{% for host in groups[openshift_cluster_masters_group] %}
{{ host }}
{% endfor %}
[lb]
{% for host in groups[openshift_cluster_masters_group] %}
{{ host }}
{% endfor %}
[nodes]
{% for host in groups[openshift_cluster_masters_group] %}
{{ host }} openshift_node_labels="{'region':'infra'}" openshift_schedulable=False
{% endfor %}
{% for host in groups[openshift_cluster_nodes_group] %}
{{ host }} openshift_node_labels="{'region': 'primary', 'zone': 'default'}"
{% endfor %}