From a1fbd490ecdeae38365ec628c906dd65c2af0ff7 Mon Sep 17 00:00:00 2001 From: Adam Miller Date: Fri, 21 Oct 2016 22:49:20 -0500 Subject: [PATCH] add ansible-ansible-openshift-ansible and groups/osbs-cluster.yml Signed-off-by: Adam Miller --- playbooks/groups/osbs-cluster.yml | 44 ++++++++++++++- .../.travis.yml | 29 ++++++++++ .../README.rst | 54 +++++++++++++++++++ .../defaults/main.yml | 31 +++++++++++ .../tasks/main.yml | 32 +++++++++++ .../templates/cluster-inventory.j2 | 35 ++++++++++++ 6 files changed, 224 insertions(+), 1 deletion(-) create mode 100644 roles/ansible-ansible-openshift-ansible/.travis.yml create mode 100644 roles/ansible-ansible-openshift-ansible/README.rst create mode 100644 roles/ansible-ansible-openshift-ansible/defaults/main.yml create mode 100644 roles/ansible-ansible-openshift-ansible/tasks/main.yml create mode 100644 roles/ansible-ansible-openshift-ansible/templates/cluster-inventory.j2 diff --git a/playbooks/groups/osbs-cluster.yml b/playbooks/groups/osbs-cluster.yml index dd1077bc21..c6c920abbf 100644 --- a/playbooks/groups/osbs-cluster.yml +++ b/playbooks/groups/osbs-cluster.yml @@ -2,7 +2,7 @@ - include: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=osbs-nodes-stg:osbs-masters-stg" - name: make the box be real - hosts: osbs-masters-stg:osbs-nodes-stg + hosts: osbs-control:osbs-control-stg:osbs-masters-stg:osbs-nodes-stg user: root gather_facts: True @@ -28,3 +28,45 @@ handlers: - include: "{{ handlers }}/restart_services.yml" + +- name: Deploy controller private ssh keys to osbs control hosts + hosts: osbs-control:osbs-control-stg + user: root + gather_facts: True + + tasks: + - name: deploy private key to control hosts + copy: + src: "{{private}}/files/{{env}}/control_key" + dest: "/root/.ssh/control_key" + owner: root + mode: 0600 + +- name: Deploy controller public ssh keys to osbs cluster hosts + hosts: osbs-masters-stg:osbs-nodes-stg + user: root + gather_facts: True + + tasks: + - name: deploy public key to control hosts + authorized_key: + user: root + key: "{{ lookup('file', '{{private}}/files/{{env}}/control_key.pub') }}" + +- name: Deploy OpenShift Cluster and OSBS + hosts: osbs-control:osbs-control-stg + user: root + gather_facts: True + + roles: + - { + role: ansible-ansible-openshift-ansible, + cluster_inventory_filename: "cluster-inventory-stg" + openshift_release: "v1.2", + openshift_ansible_path: "/root/openshift-ansible", + openshift_ansible_playbook: "playbooks/byo/config.yml", + openshift_ansible_refspec: "openshift-ansible-3.2.35-1", + openshift_cluster_masters_group: "osbs-masters-stg", + openshift_cluster_nodes_group: "osbs-nodes-stg", + when: env == 'staging' + } diff --git a/roles/ansible-ansible-openshift-ansible/.travis.yml b/roles/ansible-ansible-openshift-ansible/.travis.yml new file mode 100644 index 0000000000..36bbf6208c --- /dev/null +++ b/roles/ansible-ansible-openshift-ansible/.travis.yml @@ -0,0 +1,29 @@ +--- +language: python +python: "2.7" + +# Use the new container infrastructure +sudo: false + +# Install ansible +addons: + apt: + packages: + - python-pip + +install: + # Install ansible + - pip install ansible + + # Check ansible version + - ansible --version + + # Create ansible.cfg with correct roles_path + - printf '[defaults]\nroles_path=../' >ansible.cfg + +script: + # Basic role syntax check + - ansible-playbook tests/test.yml -i tests/inventory --syntax-check + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ \ No newline at end of file diff --git a/roles/ansible-ansible-openshift-ansible/README.rst b/roles/ansible-ansible-openshift-ansible/README.rst new file mode 100644 index 0000000000..b06f1efee5 --- /dev/null +++ b/roles/ansible-ansible-openshift-ansible/README.rst @@ -0,0 +1,54 @@ +ansible-ansible-openshift-ansible +################################# + +Ansible role to run ansible on a remote "openshift control" what will run +`openshift-ansible`_ to deploy a cluster. + +This is a Fedora Infrastructure specific adaptation into a role of the original +prototype located in pagure: + + https://pagure.io/ansible-ansible-openshift-ansible/tree/master + +What? Why? +---------- + +The `openshift-ansible`_ playbooks require that various tasks be run on +``localhost`` in order to build their internal abstracted representation of the +inventory list. Running potentially arbitrary code from external sources on a +bastion host (which is what ``localhost`` would be as the ansible control +machine) is often frowned upon. The goal here is to allow for the deployment of +`openshift-ansible`_ via an intermediate host. + +.. note:: + There is a requirement to setup the SSH keys such that the bastion host + can passwordless ssh into the openshift control host and such that the + openshift control host can passwordless ssh into each of the hosts in + the openshift cluster. This is outside the scope of this document. + + +:: + + +---------------+ +-------------------+ + | | | | + | bastion host +----[ansible]----->| openshift control | + | | | | + +---------------+ +---------+---------+ + | + | + [ansible] + | + | + V + +--------------------------------------------------------------------------+ + | | + | openshift cluster | + | | + | +-----------+ +-----------+ +-----------+ | + | | | | | | | | + | | openshift | ...[masters] | openshift | | openshift | ...[nodes] | + | | master | | node | | node | | + | | | | | | | | + | +-----------+ +-----------+ +-----------+ | + | | + +--------------------------------------------------------------------------+ + diff --git a/roles/ansible-ansible-openshift-ansible/defaults/main.yml b/roles/ansible-ansible-openshift-ansible/defaults/main.yml new file mode 100644 index 0000000000..193523e2cd --- /dev/null +++ b/roles/ansible-ansible-openshift-ansible/defaults/main.yml @@ -0,0 +1,31 @@ +--- +# defaults file for ansible-ansible-openshift-ansible +# + +# Destination file name for template-generated cluster inventory +cluster_inventory_filename: "cluster-inventory" + +# Release required as per the openshift-ansible +openshift_release: "v1.2" + +# Path to clone the openshift-ansible git repo into +openshift_ansible_path: "/root/openshift-ansible" + +# Relative path inside the openshift-ansible git repo of the playbook to execute +# remotely +openshift_ansible_playbook: "playbooks/byo/config.yml" + +# openshift-ansible refspec, this is the git tag of the "release" of the +# openshift-ansible git repo. We need to track OpenShift v1.x to +# openshift-ansible-3.x.y-1 as that's the release/tag standard upstream. +openshift_ansible_refspec: "openshift-ansible-3.2.35-1" + +# The group names assigned to these variables are used to create the "effective" +# inventory (via a template) that is used to deploy the OpenShift Cluster via +# openshift-ansible (https://github.com/openshift/openshift-ansible). The values +# assigned here must match group names in the current running inventory or the +# remote effective inventory that actually deploys the OpenShift Cluster will be +# empty causing undesired effects. +openshift_cluster_masters_group: "openshift-cluster-masters" +openshift_cluster_nodes_group: "openshift-cluster-nodes" + diff --git a/roles/ansible-ansible-openshift-ansible/tasks/main.yml b/roles/ansible-ansible-openshift-ansible/tasks/main.yml new file mode 100644 index 0000000000..587ee73eea --- /dev/null +++ b/roles/ansible-ansible-openshift-ansible/tasks/main.yml @@ -0,0 +1,32 @@ +--- +# tasks file for ansible-ansible-openshift-ansible +# + +- name: git clone the openshift-ansible repo + git: + repo: "https://github.com/openshift/openshift-ansible.git" + dest: "{{ openshift_ansible_path }}" + refspec: "{{ openshift_ansible_refspec }}" + +- name: generate the inventory file + template: + src: "cluster-inventory.j2" + dest: "{{ openshift_ansible_path }}/{{ cluster_inventory_filename }}" + +- name: run ansible + shell: "ansible-playbook {{ openshift_ansible_playbook }} -i {{ cluster_inventory_filename }}" + args: + chdir: "{{ openshift_ansible_path }}" + register: run_ansible_out + +- name: display run ansible stdout_lines + debug: + var: run_ansible_out.stdout_lines + +- name: display run ansible stderr + debug: + var: run_ansible_out.stderr + + + + diff --git a/roles/ansible-ansible-openshift-ansible/templates/cluster-inventory.j2 b/roles/ansible-ansible-openshift-ansible/templates/cluster-inventory.j2 new file mode 100644 index 0000000000..265aa90866 --- /dev/null +++ b/roles/ansible-ansible-openshift-ansible/templates/cluster-inventory.j2 @@ -0,0 +1,35 @@ +[OSEv3:children] +masters +nodes +etcd +lb + +[OSEv3:vars] +ansible_ssh_user=root +debug_level=2 +deployment_type=origin +openshift_release={{openshift_release }} +openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', 'filename': '/etc/origin/master/htpasswd'}] + +[masters] +{% for host in groups[openshift_cluster_masters_group] %} +{{ host }} +{% endfor %} + +[etcd] +{% for host in groups[openshift_cluster_masters_group] %} +{{ host }} +{% endfor %} + +[lb] +{% for host in groups[openshift_cluster_masters_group] %} +{{ host }} +{% endfor %} + +[nodes] +{% for host in groups[openshift_cluster_masters_group] %} +{{ host }} openshift_node_labels="{'region':'infra'}" openshift_schedulable=False +{% endfor %} +{% for host in groups[openshift_cluster_nodes_group] %} +{{ host }} openshift_node_labels="{'region': 'primary', 'zone': 'default'}" +{% endfor %} \ No newline at end of file