Merge pull request #9492 from mgugino-upstream-stage/aws-dns

Aws dns

playbooks/aws/openshift-cluster/provision.yml

@@ -21,3 +21,5 @@
     import_role:
       name: openshift_aws
       tasks_from: provision.yml
+
+- import_playbook: provision_dns.yml

playbooks/aws/openshift-cluster/provision_dns.yml

@@ -0,0 +1,9 @@
+---
+- name: provision dns
+  hosts: localhost
+  connection: local
+  tasks:
+  - name: provision dns
+    import_role:
+      name: openshift_aws
+      tasks_from: provision_dns.yml

roles/lib_utils/filter_plugins/oo_filters.py

@@ -668,6 +668,20 @@ def lib_utils_oo_oreg_image(image_default, oreg_url):
     return '/'.join([oreg_parts[0], image_parts[1], image_parts[2]])
 
 
+def lib_utils_oo_list_of_dict_to_dict_from_key(input_list, keyname):
+    '''Converts a list of dictionaries to a dictionary with keyname: dictionary
+
+       Example input: [{'name': 'first', 'url': 'x.com'}, {'name': 'second', 'url': 'y.com'}],
+                      'name'
+       Example output: {'first': {'url': 'x.com', 'name': 'first'}, 'second': {'url': 'y.com', 'name': 'second'}}'''
+    output_dict = {}
+    for item in input_list:
+        retrieved_val = item.get(keyname)
+        if keyname is not None:
+            output_dict[retrieved_val] = item
+    return output_dict
+
+
 class FilterModule(object):
     """ Custom ansible filter mapping """
 
@@ -701,4 +715,5 @@ class FilterModule(object):
             "lib_utils_oo_etcd_host_urls": lib_utils_oo_etcd_host_urls,
             "lib_utils_mutate_htpass_provider": lib_utils_mutate_htpass_provider,
             "lib_utils_oo_oreg_image": lib_utils_oo_oreg_image,
+            "lib_utils_oo_list_of_dict_to_dict_from_key": lib_utils_oo_list_of_dict_to_dict_from_key,
         }

roles/openshift_aws/defaults/main.yml

@@ -61,6 +61,57 @@ openshift_aws_vpc:
 #    - cidr: 172.31.16.0/20
 #      az: "us-east-1a"
 
+openshift_aws_create_dns: False
+openshift_aws_dns_provider: "route53"
+# openshift_aws_dns_zone: ""
+# ie. openshift_aws_dns_zone: "{{ openshift_aws_clusterid }}.example.com"
+
+# elb names we want to query to support dns record creation.
+# you don't need to adjust this unless you have modified openshift_aws_elb_dict
+openshift_aws_elb_names:
+- "{{ openshift_aws_elb_master_internal_name }}"
+- "{{ openshift_aws_elb_master_external_name }}"
+- "{{ openshift_aws_elb_infra_name }}"
+
+# l_openshift_aws_elb_facts is created by querying ec2 for all elb names in
+# l_openshift_aws_elb_names via tasks/build_elb_dict.yml
+openshift_aws_dns_records:
+  # Pertains to inventory file key: openshift_master_cluster_public_hostname
+  'api':
+    type: 'CNAME'
+    # A public or private vpc attached Route53 zone will be created based on
+    # private_zone boolean.  Split-tier dns is supported.
+    private_zone: False
+    value: "{{ l_openshift_aws_elb_facts[openshift_aws_elb_master_external_name].dns_name }}"
+  # Pertains to inventory file key: openshift_master_cluster_hostname
+  'internal.api':
+    type: 'CNAME'
+    private_zone: False
+    value: "{{ l_openshift_aws_elb_facts[openshift_aws_elb_master_internal_name].dns_name }}"
+  # Pertains to inventory file key: openshift_master_default_subdomain
+  '*.apps':
+    type: "CNAME"
+    private_zone: False
+    value: "{{ l_openshift_aws_elb_facts[openshift_aws_elb_infra_name].dns_name }}"
+  'logs':
+    type: "CNAME"
+    private_zone: False
+    value: "{{ l_openshift_aws_elb_facts[openshift_aws_elb_infra_name].dns_name }}"
+  'metrics':
+    type: "CNAME"
+    private_zone: False
+    value: "{{ l_openshift_aws_elb_facts[openshift_aws_elb_infra_name].dns_name }}"
+  'registry':
+    type: "CNAME"
+    private_zone: False
+    value: "{{ l_openshift_aws_elb_facts[openshift_aws_elb_infra_name].dns_name }}"
+
+# Allows users to add and recursively override
+# https://docs.ansible.com/ansible/2.5/user_guide/playbooks_filters.html#combining-hashes-dictionaries
+openshift_aws_dns_records_override: {}
+
+l_openshift_aws_dns_records: "{{ openshift_aws_dns_records | combine(openshift_aws_dns_records_override, recursive=True) }}"
+
 openshift_aws_elb_basename: "{{ openshift_aws_clusterid }}"
 openshift_aws_elb_master_external_name: "{{ openshift_aws_elb_basename }}-master-external"
 openshift_aws_elb_master_internal_name: "{{ openshift_aws_elb_basename }}-master-internal"

roles/openshift_aws/tasks/build_elb_dict.yml

@@ -0,0 +1,12 @@
+---
+- name: querying elb
+  ec2_elb_facts:
+    names: "{{ openshift_aws_elb_names | join(',') }}"
+    region: "{{ openshift_aws_region }}"
+  register: elb_res
+
+# lib_utils_oo_list_of_dict_to_dict_from_key is a custom filter in
+# roles/lib_utils/filters/oo_filters.py
+- name: set elb fact dictionary
+  set_fact:
+    l_openshift_aws_elb_facts: "{{ elb_res | lib_utils_oo_list_of_dict_to_dict_from_key('name')}}"

roles/openshift_aws/tasks/dns.yml

@@ -0,0 +1,15 @@
+---
+- import_tasks: vpc_and_subnet_id.yml
+
+- import_tasks: build_elb_dict.yml
+
+- name: provision route53
+  import_tasks: dns_route53.yml
+  when: "openshift_aws_dns_provider == 'route53'"
+
+- name: provision custom dns
+  include_role:
+    name: "{{ openshift_aws_custom_dns_provider_role }}"
+    tasks_from: "{{ openshift_aws_custom_provider_role_tasks | default('main.yml') }}"
+  when:
+  - openshift_aws_custom_dns_provider_role is defined

roles/openshift_aws/tasks/dns_route53.yml

@@ -0,0 +1,31 @@
+---
+- name: creating route53 zone(s)
+  route53_zone:
+    comment: "{{ openshift_aws_dns_zone }}"
+    state: present
+    vpc_id: "{{ item }}"
+    vpc_region: "{{ openshift_aws_region }}"
+    zone: "{{ openshift_aws_dns_zone }}"
+  with_items: "{{ l_zone_items }}"
+  vars:
+    # for each item in openshift_aws_dns_records, determine value of private_zone (false if unset), map to list
+    l_pz_list: "{{ openshift_aws_dns_records | list | map('extract', openshift_aws_dns_records, 'private_zone') | map('bool') | list }}"
+    l_pz_add_private: "{{ (True in l_pz_list) | ternary([vpcout.vpcs.0.id], []) }}"
+    l_pz_add_public: "{{ (False in l_pz_list) | ternary([''], []) }}"
+    # This will add '' if there are any private_zone: No records, and will add
+    # vpcout.vpcs.0.id if there are any private_zone: Yes records.
+    l_zone_items: "{{ [] + l_pz_add_public + l_pz_add_private }}"
+
+- name: creating record
+  route53:
+    command: create
+    overwrite: no
+    private_zone: "{{ l_openshift_aws_dns_element.value['private_zone'] | bool }}"
+    record: "{{ l_openshift_aws_dns_element.key }}.{{ openshift_aws_dns_zone }}"
+    type: "{{ l_openshift_aws_dns_element.value['type'] }}"
+    ttl: 300
+    value: "{{ l_openshift_aws_dns_element.value['value'] }}"
+    zone: "{{ openshift_aws_dns_zone }}"
+  with_dict: "{{ l_openshift_aws_dns_records }}"
+  loop_control:
+    loop_var: l_openshift_aws_dns_element

roles/openshift_aws/tasks/provision_dns.yml

@@ -0,0 +1,4 @@
+---
+- name: provision dns
+  import_tasks: dns.yml
+  when: openshift_aws_create_dns | bool