Infrastructure/ansible
5
0
Fork 0
Code Issues Pull requests 3 Projects Releases Packages Wiki Activity Actions
ansible/playbooks/groups/os-cluster.yml
Patrick Uiterwijk 90878bb51d Make 5666 opening part of iptables 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
2017-11-29 12:07:21 +00:00

189 lines
6.2 KiB
YAML
Raw Blame History

# create an os server
- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=os-control-stg:os-control:os-nodes-stg:os-masters-stg:os-nodes:os-masters"
- name: make the box be real
hosts: os-control:os-control-stg:os-masters-stg:os-nodes-stg:os-masters:os-nodes
user: root
gather_facts: True
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
roles:
- base
- rkhunter
- nagios_client
- hosts
- fas_client
- collectd/base
- rsyncd
- sudo
- { role: openvpn/client,
when: env != "staging" and 'os-control' not in group_names }
tasks:
- name: put openshift repo on os- systems
template: src="{{ files }}/openshift/openshift.repo" dest="/etc/yum.repos.d/openshift.repo"
tags:
- config
- packages
- yumrepos
- name: Deploy controller public ssh keys to osbs cluster hosts
authorized_key:
user: root
key: "{{ lookup('file', '{{private}}/files/os/{{env}}/control_key.pub') }}"
- name: copy docker-storage-setup config
copy:
src: "{{files}}/osbs/docker-storage-setup"
dest: "/etc/sysconfig/docker-storage-setup"
- import_tasks: "{{ tasks_path }}/yumrepos.yml"
- import_tasks: "{{ tasks_path }}/2fa_client.yml"
- import_tasks: "{{ tasks_path }}/motd.yml"
handlers:
- import_tasks: "{{ handlers_path }}/restart_services.yml"
- name: OSBS control hosts pre-req setup
hosts: os-control:os-control-stg
tags:
- os-cluster-prereq
user: root
gather_facts: True
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
tasks:
- name: fix hosts file
copy:
src: "{{roles_path}}/hosts/files/os-hosts"
dest: "/etc/hosts"
owner: root
mode: 0644
- name: deploy private key to control hosts
copy:
src: "{{private}}/files/os/{{env}}/control_key"
dest: "/root/.ssh/id_rsa"
owner: root
mode: 0600
- name: set ansible to use pipelining
ini_file:
dest: /etc/ansible/ansible.cfg
section: ssh_connection
option: pipelining
value: "True"
- name: Deploy OpenShift cluster
hosts: os-control:os-control-stg
tags:
- os-cluster-deploy
user: root
gather_facts: True
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
roles:
- {
role: ansible-ansible-openshift-ansible,
cluster_inventory_filename: "cluster-inventory-stg",
openshift_release: "v3.6",
openshift_ansible_path: "/root/openshift-ansible",
openshift_ansible_playbook: "playbooks/byo/config.yml",
openshift_ansible_version: "openshift-ansible-3.5.70-1",
openshift_ansible_ssh_user: root,
openshift_ansible_install_examples: true,
openshift_ansible_containerized_deploy: false,
openshift_cluster_masters_group: "os-masters-stg",
openshift_cluster_nodes_group: "os-nodes-stg",
openshift_cluster_infra_group: "os-nodes-stg",
openshift_auth_profile: "fedoraidp-stg",
openshift_master_ha: true,
openshift_debug_level: 2,
openshift_deployment_type: "openshift-enterprise",
openshift_cluster_url: "{{ os_url}}",
openshift_app_subdomain: "{{ os_app_url }}",
openshift_internal_cluster_url: "os-masters{{ env_suffix }}.phx2.fedoraproject.org",
openshift_api_port: 443,
openshift_console_port: 443,
openshift_shared_infra: true,
when: env == 'staging',
tags: ['openshift-cluster','ansible-ansible-openshift-ansible']
}
- {
role: ansible-ansible-openshift-ansible,
cluster_inventory_filename: "cluster-inventory",
openshift_release: "v3.6",
openshift_ansible_path: "/root/openshift-ansible",
openshift_ansible_playbook: "playbooks/byo/config.yml",
openshift_ansible_version: "openshift-ansible-3.6.173.0.81-1",
openshift_ansible_ssh_user: root,
openshift_ansible_install_examples: true,
openshift_ansible_containerized_deploy: false,
openshift_cluster_masters_group: "os-masters",
openshift_cluster_nodes_group: "os-nodes",
openshift_cluster_infra_group: "os-nodes",
openshift_auth_profile: "fedoraidp",
openshift_master_ha: true,
openshift_debug_level: 2,
openshift_deployment_type: "openshift-enterprise",
openshift_cluster_url: "{{ os_url}}",
openshift_app_subdomain: "{{ os_app_url }}",
openshift_internal_cluster_url: "os-masters{{ env_suffix }}.phx2.fedoraproject.org",
openshift_api_port: 443,
openshift_console_port: 443,
openshift_shared_infra: true,
when: env != 'staging',
tags: ['openshift-cluster','ansible-ansible-openshift-ansible']
}
- name: Post-Install setup
hosts: os-stg:os
tags:
- os-post-install
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- /srv/private/ansible/vars.yml
- /srv/private/ansible/files/openstack/passwords.yml
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
tasks:
- name: enable nrpe for monitoring (noc01)
iptables: action=insert chain=INPUT destination_port=5666 protocol=tcp source=10.5.126.41 state=present jump=ACCEPT
tags:
- iptables
- name: Post-Install master setup
hosts: os-masters-stg:os-masters
tags:
- os-post-install
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- /srv/private/ansible/vars.yml
- /srv/private/ansible/files/openstack/passwords.yml
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
tasks:
- name: Disallow users from provisioning
command: oadm policy remove-cluster-role-from-group self-provisioner system:authenticated system:authenticated:oauth
changed_when: false
- name: Allow some users cluster admin
command: oadm policy add-cluster-role-to-user cluster-admin {{item}}
with_items:
- puiterwijk
- kevin
- codeblock
- smooge
changed_when: false
Reference in a new issue View git blame Copy permalink