Trang chủ Khám phá Trợ giúp
Đăng ký Đăng nhập
shixiong
/
okd
1
0
Fork 0
Các tập tin Các vấn đề 0 Yêu cầu khéo về 0 Wiki
Browse Source

add deprovisioning for ELB (and IAM certs)

add playbooks to handle deleting ELBs and any IAM certs that may have been created during provisioning.

redo ELB creation to remove arbitrary wait and just retry until ELB creation succeeds
Joel Diaz 7 năm trước cách đây
mục cha
4fe88b0012
commit
0daad23f9b
7 tập tin đã thay đổi với 91 bổ sung29 xóa
Split View Hiển thị tình trạng sai khác
  1. 9 0
      playbooks/aws/openshift-cluster/uninstall_elb.yml
  2. 3 21
      roles/openshift_aws/tasks/elb.yml
  3. 34 0
      roles/openshift_aws/tasks/elb_single.yml
  4. 3 6
      roles/openshift_aws/tasks/iam_cert.yml
  5. 11 0
      roles/openshift_aws/tasks/uninstall_elb.yml
  6. 25 0
      roles/openshift_aws/tasks/uninstall_iam_cert.yml
  7. 6 2
      roles/openshift_aws/tasks/vpc_and_subnet_id.yml

+ 9 - 0
playbooks/aws/openshift-cluster/uninstall_elb.yml
Xem Tập Tin 

@@ -0,0 +1,9 @@
 
+---
 
+- name: Delete elb
 
+  hosts: localhost
 
+  connection: local
 
+  tasks:
 
+  - name: deprovision elb
 
+    include_role:
 
+      name: openshift_aws
 
+      tasks_from: uninstall_elb.yml

+ 3 - 21
roles/openshift_aws/tasks/elb.yml
Xem Tập Tin 

@@ -2,26 +2,8 @@
 
 - name: "dump the elb listeners for {{ l_elb_dict_item.key }}"
 
   debug:
 
     msg: "{{ l_elb_dict_item.value }}"
 
+    verbosity: 1
 
 
-- name: "Create ELB {{ l_elb_dict_item.key }}"
 
-  ec2_elb_lb:
 
-    name: "{{ item.value.name }}"
 
-    state: present
 
-    cross_az_load_balancing: "{{ item.value.cross_az_load_balancing }}"
 
-    security_group_names: "{{ l_elb_security_groups[l_elb_dict_item.key] }}"
 
-    idle_timeout: "{{ item.value.idle_timout }}"
 
-    region: "{{ openshift_aws_region }}"
 
-    subnets:
 
-    - "{{ subnetout.subnets[0].id }}"
 
-    health_check: "{{ item.value.health_check }}"
 
-    listeners: "{{ item.value.listeners }}"
 
-    scheme: "{{ (item.key == 'internal') | ternary('internal','internet-facing') }}"
 
-    tags: "{{ item.value.tags }}"
 
-    wait: True
 
-  register: new_elb
 
+- name: Create ELB(s)
 
+  include_tasks: elb_single.yml
 
   with_dict: "{{ l_elb_dict_item.value }}"
 
-
 
-- debug:
 
-    msg: "{{ item }}"
 
-  with_items:
 
-  - "{{ new_elb }}"

+ 34 - 0
roles/openshift_aws/tasks/elb_single.yml
Xem Tập Tin 

@@ -0,0 +1,34 @@
 
+---
 
+- name: "dump the elb listeners for {{ item.key }}"
 
+  debug:
 
+    msg: "{{ item.value }}"
 
+    verbosity: 1
 
+
 
+- name: "Create ELB {{ item.value.name }}"
 
+  ec2_elb_lb:
 
+    name: "{{ item.value.name }}"
 
+    state: present
 
+    cross_az_load_balancing: "{{ item.value.cross_az_load_balancing }}"
 
+    security_group_names: "{{ l_elb_security_groups[l_elb_dict_item.key] }}"
 
+    idle_timeout: "{{ item.value.idle_timout }}"
 
+    region: "{{ openshift_aws_region }}"
 
+    subnets:
 
+    - "{{ subnetout.subnets[0].id }}"
 
+    health_check: "{{ item.value.health_check }}"
 
+    listeners: "{{ item.value.listeners }}"
 
+    scheme: "{{ (item.key == 'internal') | ternary('internal','internet-facing') }}"
 
+    tags: "{{ item.value.tags }}"
 
+    wait: True
 
+  register: new_elb
 
+  retries: 20
 
+  delay: 5
 
+  until: new_elb | succeeded
 
+  ignore_errors: yes
 
+
 
+- fail:
 
+    msg: "couldn't create ELB {{ item.value.name }}"
 
+  when: not new_elb | succeeded
 
+
 
+- debug:
 
+    msg: "{{ new_elb }}"
 
+    verbosity: 1

+ 3 - 6
roles/openshift_aws/tasks/iam_cert.yml
Xem Tập Tin 

@@ -18,7 +18,9 @@
 
   - openshift_aws_iam_cert_key_path != ''
 
   - openshift_aws_elb_cert_arn == ''
 
 
-- debug: msg="{{ elb_cert_chain }}"
 
+- debug:
 
+    msg: "{{ elb_cert_chain }}"
 
+    verbosity: 1
 
 
 - name: set_fact openshift_aws_elb_cert_arn
 
   set_fact:
 
@@ -28,8 +30,3 @@
 
   - openshift_aws_iam_cert_path != ''
 
   - openshift_aws_iam_cert_key_path != ''
 
   - openshift_aws_elb_cert_arn == ''
 
-
 
-- name: wait for cert to propagate
 
-  pause:
 
-    seconds: 5
 
-  when: elb_cert_chain.changed

+ 11 - 0
roles/openshift_aws/tasks/uninstall_elb.yml
Xem Tập Tin 

@@ -0,0 +1,11 @@
 
+---
 
+- name: delete elbs
 
+  ec2_elb_lb:
 
+    name: "{{ item }}"
 
+    region: "{{ openshift_aws_region }}"
 
+    state: absent
 
+  with_items: "{{ openshift_aws_elb_dict | json_query('*.*.name') | sum(start = []) }}"
 
+
 
+- when: openshift_aws_create_iam_cert | bool
 
+  name: delete the iam_cert for elb certificate
 
+  include_tasks: uninstall_iam_cert.yml

+ 25 - 0
roles/openshift_aws/tasks/uninstall_iam_cert.yml
Xem Tập Tin 

@@ -0,0 +1,25 @@
 
+---
 
+- when:
 
+  - openshift_aws_create_iam_cert | bool
 
+  - openshift_aws_iam_cert_path != ''
 
+  - openshift_aws_iam_cert_key_path != ''
 
+  - openshift_aws_elb_cert_arn == ''
 
+  block:
 
+  - name: delete AWS IAM certificates
 
+    iam_cert23:
 
+      state: absent
 
+      name: "{{ openshift_aws_iam_cert_name }}"
 
+    register: elb_cert_chain
 
+    retries: 20
 
+    delay: 10
 
+    until: elb_cert_chain | succeeded
 
+    ignore_errors: yes
 
+
 
+  - debug:
 
+      var: elb_cert_chain
 
+      verbosity: 1
 
+
 
+  - name: check for iam cert error
 
+    fail:
 
+      msg: "Couldn't delete IAM cert {{ openshift_aws_iam_cert_name }}"
 
+    when: not elb_cert_chain | succeeded

+ 6 - 2
roles/openshift_aws/tasks/vpc_and_subnet_id.yml
Xem Tập Tin 

@@ -7,7 +7,9 @@
 
   register: vpcout
 
 
 - name: debug vcpout
 
-  debug: var=vpcout
 
+  debug:
 
+    var: vpcout
 
+    verbosity: 1
 
 
 - name: fetch the default subnet id
 
   ec2_vpc_subnet_facts:
 
@@ -18,4 +20,6 @@
 
   register: subnetout
 
 
 - name: debug subnetout
 
-  debug: var=subnetout
 
+  debug:
 
+    var: subnetout
 
+    verbosity: 1