Initial Commit. Sharing is caring

README_GCE.txt

@@ -0,0 +1,45 @@
+
+GCE Setup Instructions
+
+Get a gce service key
+---------------------
+1. ping twiest and ask for a GCE service key
+
+
+Convert a GCE service key into a pem (for ansible)
+--------------------------------------------------
+1. The gce service key looks something like this: os302gce-ef83bd90f261.p12
+2. the ef83bd90f261 part is the public hash
+3. Be in the same directory as the p12 key file.
+4. The commands below should be copy / paste-able
+5. Run these commands:
+   # Temporarily set hash variable
+   export GCE_KEY_HASH=ef83bd90f261
+
+   # Convert the service key (note: 'notasecret' is literally what we want here)
+   openssl pkcs12 -in os302gce-${GCE_KEY_HASH}.p12 -passin pass:notasecret -nodes -nocerts | openssl rsa -out os302gce-${GCE_KEY_HASH}.pem
+
+   # Move the converted service key to the .ssh dir
+   mv os302gce-${GCE_KEY_HASH}.pem ~/.ssh
+
+   # Set a sym link so it's easy to reference
+   ln -s ~/.ssh/os302gce-${GCE_KEY_HASH}.pem ~/.ssh/os302gce_priv_key.pem
+
+6. Once this is done, put the original service key file (os302gce-ef83bd90f261.p12) somewhere safe, or delete it (your call, I don't know what else we'll use it for, and we can always regen it if needed)
+
+
+
+Install Dependencies (not needed for ctl1)
+------------------------------------------
+1. Ansible requires libcloud for gce operations:
+    yum install -y ansible python-libcloud
+
+
+Test The Setup
+--------------
+1. cd li-ops/cloud
+2. Try to list all instances:
+   ./cloud.rb gce list
+
+3. Try to create an instance:
+   ./cloud.rb gce launch -n ${USER}-minion1 -e int --type os3-minion

cloud.rb

@@ -0,0 +1,350 @@
+#!/usr/bin/env ruby
+
+require 'thor'
+require 'json'
+require 'yaml'
+require 'securerandom'
+require 'fileutils'
+
+SCRIPT_DIR = File.expand_path(File.dirname(__FILE__))
+
+module OpenShift
+  module Ops
+    # WARNING: we do not currently support environments with hyphens in the name
+    SUPPORTED_ENVS = ['prod','stg','int','tint','kint','test']
+
+    class GceHelper
+      def self.list_hosts()
+        cmd = "#{SCRIPT_DIR}/inventory/gce/gce.py --list"
+        hosts = %x[#{cmd} 2>&1]
+
+        raise "Error: failed to list hosts\n#{hosts}" unless $?.exitstatus == 0
+
+        return JSON.parse(hosts)
+      end
+
+      def self.get_host_details(host)
+        cmd = "#{SCRIPT_DIR}/inventory/gce/gce.py --host #{host}"
+        details = %x[#{cmd} 2>&1]
+
+        raise "Error: failed to get host details\n#{details}" unless $?.exitstatus == 0
+
+        retval = JSON.parse(details)
+
+        # Convert OpenShift specific tags to entries
+        retval['gce_tags'].each do |tag|
+          if tag =~ /\Ahost-type-([\w\d-]+)\z/
+            retval['host-type'] = $1
+          end
+
+          if tag =~ /\Aenv-([\w\d]+)\z/
+            retval['env'] = $1
+          end
+        end
+
+        return retval
+      end
+
+      def self.generate_env_tag(env)
+        return "env-#{env}"
+      end
+
+      def self.generate_env_tag_name(env)
+        return "tag_#{generate_env_tag(env)}"
+      end
+
+      def self.generate_host_type_tag(host_type)
+        return "host-type-#{host_type}"
+      end
+
+      def self.generate_host_type_tag_name(host_type)
+        return "tag_#{generate_host_type_tag(host_type)}"
+      end
+
+      def self.generate_env_host_type_tag(env, host_type)
+        return "env-host-type-#{env}-#{host_type}"
+      end
+
+      def self.generate_env_host_type_tag_name(env, host_type)
+        return "tag_#{generate_env_host_type_tag(env, host_type)}"
+      end
+    end
+
+    class LaunchHelper
+      def self.expand_name(name)
+        return [name] unless name =~ /^([a-zA-Z0-9\-]+)\{(\d+)-(\d+)\}$/
+
+        # Regex matched, so grab the values
+        start_num = $2
+        end_num = $3
+
+        retval = []
+        start_num.upto(end_num) do |i|
+          retval << "#{$1}#{i}"
+        end
+
+        return retval
+      end
+
+      def self.get_gce_host_types()
+        return Dir.glob("#{SCRIPT_DIR}/playbooks/gce/*").map { |d| File.basename(d) }
+      end
+    end
+
+    class AnsibleHelper
+      attr_accessor :inventory, :extra_vars, :verbosity, :pipelining
+
+      def initialize(extra_vars={}, inventory=nil)
+        @extra_vars = extra_vars
+        @verbosity = '-vvvv'
+        @pipelining = true
+      end
+
+      def run_playbook(playbook)
+        @inventory = 'inventory/hosts' if @inventory.nil?
+
+        # This is used instead of passing in the json on the cli to avoid quoting problems
+        tmpfile = Tempfile.new('extra_vars')
+        tmpfile.write(@extra_vars.to_json)
+        tmpfile.sync()
+        tmpfile.close()
+
+        cmds = []
+
+        cmds << %Q[export ANSIBLE_FILTER_PLUGINS="#{Dir.pwd}/filter_plugins"]
+
+        # We need this for launching instances, otherwise conflicting keys and what not kill it
+        cmds << %q[export ANSIBLE_TRANSPORT="ssh"]
+        cmds << %Q[export ANSIBLE_SSH_ARGS="-o ForwardAgent=yes -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null"]
+
+        # We need pipelining off so that we can do sudo to enable the root account
+        cmds << %Q[export ANSIBLE_SSH_PIPELINING='#{@pipelining.to_s}']
+
+        ssh_key_arg = "--private-key=~/.ssh/mmcgrath_libra" if File.file?(ENV['HOME']+'/.ssh/mmcgrath_libra.pem')
+
+        cmds << %Q[time -p ansible-playbook -i #{@inventory} #{@verbosity} #{playbook} #{ssh_key_arg} --extra-vars '@#{tmpfile.path}']
+
+        cmd = cmds.join(' ; ')
+
+        system(cmd)
+        tmpfile.unlink
+      end
+
+      def merge_extra_vars_file(file)
+        vars = YAML.load_file(file)
+        @extra_vars.merge!(vars)
+      end
+
+      def self.for_gce()
+        ah = AnsibleHelper.new()
+
+        # GCE specific configs
+        ah.extra_vars['gce_pem_file'] = "#{ENV['HOME']}/.ssh/os302gce_priv_key.pem"
+        ah.extra_vars['gce_service_account_email'] = '198287808360-f457cs26hutqeosmlje1eosfeqo0krlg@developer.gserviceaccount.com'
+        ah.extra_vars['gce_project_id'] = 'corded-cable-672'
+
+        ah.inventory = 'inventory/gce/gce.py'
+
+        return ah
+      end
+
+    end
+
+    class GceCommand < Thor
+      option :type, :required => true, :enum => LaunchHelper.get_gce_host_types,
+             :desc => 'The host type of the new instances.'
+      option :env, :required => true, :aliases => '-e', :enum => OpenShift::Ops::SUPPORTED_ENVS,
+             :desc => 'The environment of the new instances.'
+      option :count, :default => 1, :aliases => '-c', :type => :numeric,
+             :desc => 'The number of instances to create'
+      option :tag, :type => :array,
+             :desc => 'The tag(s) to add to the new instances. Allowed characters are letters, numbers, and hyphens.'
+      desc "launch", "Launches instances."
+      def launch()
+        # Expand all of the instance names so that we have a complete array
+        names = []
+        options[:count].times { names << "#{options[:env]}-#{options[:type]}-#{SecureRandom.hex(5)}" }
+
+        ah = AnsibleHelper.for_gce()
+
+        # GCE specific configs
+        ah.extra_vars['oo_new_inst_names'] = names
+        ah.extra_vars['oo_new_inst_tags'] = options[:tag]
+        ah.extra_vars['oo_env'] = options[:env]
+
+        # Add a created by tag
+        ah.extra_vars['oo_new_inst_tags'] = [] if ah.extra_vars['oo_new_inst_tags'].nil?
+
+        ah.extra_vars['oo_new_inst_tags'] << "created-by-#{ENV['USER']}"
+        ah.extra_vars['oo_new_inst_tags'] << GceHelper.generate_env_tag(options[:env])
+        ah.extra_vars['oo_new_inst_tags'] << GceHelper.generate_host_type_tag(options[:type])
+        ah.extra_vars['oo_new_inst_tags'] << GceHelper.generate_env_host_type_tag(options[:env], options[:type])
+
+        puts
+        puts "Creating instance(s) in GCE..."
+        puts
+        puts " .----               Disregard this (ansible bug 6407)                ----."
+        puts " V                                                                        V"
+
+
+        ah.run_playbook("playbooks/gce/#{options[:type]}/launch.yml")
+      end
+
+      option :name, :required => false, :type => :string,
+             :desc => 'The name of the instance to configure.'
+      option :env, :required => false, :aliases => '-e', :enum => OpenShift::Ops::SUPPORTED_ENVS,
+             :desc => 'The environment of the new instances.'
+      option :type, :required => false, :enum => LaunchHelper.get_gce_host_types,
+             :desc => 'The type of the instances to configure.'
+      desc "config", 'Configures instances.'
+      def config()
+        ah = AnsibleHelper.for_gce()
+
+        abort 'Error: you can\'t specify both --name and --type' unless options[:type].nil? || options[:name].nil?
+
+        abort 'Error: you can\'t specify both --name and --env' unless options[:env].nil? || options[:name].nil?
+
+        host_type = nil
+        if options[:name]
+          details = GceHelper.get_host_details(options[:name])
+          ah.extra_vars['oo_host_group_exp'] = options[:name]
+          ah.extra_vars['oo_env'] = details['env']
+          host_type = details['host-type']
+        elsif options[:type] && options[:env]
+          oo_env_host_type_tag = GceHelper.generate_env_host_type_tag_name(options[:env], options[:type])
+          ah.extra_vars['oo_host_group_exp'] = "groups['#{oo_env_host_type_tag}']"
+          ah.extra_vars['oo_env'] = options[:env]
+          host_type = options[:type]
+        else
+          abort 'Error: you need to specify either --name or (--type and --env)'
+        end
+
+        puts
+        puts "Configuring #{options[:type]} instance(s) in GCE..."
+        puts
+        puts " .----               Disregard this (ansible bug 6407)                ----."
+        puts " V                                                                        V"
+
+        ah.run_playbook("playbooks/gce/#{host_type}/config.yml")
+      end
+
+      desc "list", "Lists instances."
+      def list()
+        hosts = GceHelper.list_hosts()
+
+        data = {}
+        hosts.each do |key,value|
+          value.each { |h| (data[h] ||= []) << key }
+        end
+
+        puts
+        puts "Instances"
+        puts "---------"
+        data.keys.sort.each { |k| puts "  #{k}" }
+        puts
+      end
+
+      option :file, :required => true, :type => :string,
+             :desc => 'The name of the file to copy.'
+      option :dest, :required => false, :type => :string,
+             :desc => 'A relative path where files are written to.'
+      desc "scp_from", "scp files from an instance"
+      def scp_from(*ssh_ops, host)
+        if host =~ /^([\w\d_.-]+)@([\w\d-_.]+)$/
+          user = $1
+          host = $2
+        end
+
+        path_to_file = options['file']
+        dest = options['dest']
+
+        details = GceHelper.get_host_details(host)
+        abort "\nError: Instance [#{host}] is not RUNNING\n\n" unless details['gce_status'] == 'RUNNING'
+
+        cmd = "scp #{ssh_ops.join(' ')}"
+
+        if user.nil?
+          cmd += " "
+        else
+          cmd += " #{user}@"
+        end
+        
+        if dest.nil?
+          download = File.join(Dir.pwd, 'download')
+          FileUtils.mkdir_p(download) unless File.exists?(download)
+          cmd += "#{details['gce_public_ip']}:#{path_to_file} download/"
+        else
+          cmd += "#{details['gce_public_ip']}:#{path_to_file} #{File.expand_path(dest)}"
+        end
+
+        exec(cmd)
+      end
+
+      desc "ssh", "Ssh to an instance"
+      def ssh(*ssh_ops, host)
+        puts host
+        if host =~ /^([\w\d_.-]+)@([\w\d-_.]+)/
+          user = $1
+          host = $2
+        end
+        puts "user=#{user}"
+        puts "host=#{host}"
+
+        details = GceHelper.get_host_details(host)
+        abort "\nError: Instance [#{host}] is not RUNNING\n\n" unless details['gce_status'] == 'RUNNING'
+
+        cmd = "ssh #{ssh_ops.join(' ')}"
+
+        if user.nil?
+          cmd += " "
+        else
+          cmd += " #{user}@"
+        end
+
+        cmd += "#{details['gce_public_ip']}"
+
+        exec(cmd)
+      end
+
+      option :name, :required => true, :aliases => '-n', :type => :string,
+             :desc => 'The name of the instance.'
+      desc 'details', 'Displays details about an instance.'
+      def details()
+        name = options[:name]
+
+        details = GceHelper.get_host_details(name)
+
+        key_size = details.keys.max_by { |k| k.size }.size
+
+        header = "Details for #{name}"
+        puts
+        puts header
+        header.size.times { print '-' }
+        puts
+        details.each { |k,v| printf("%#{key_size + 2}s: %s\n", k, v) }
+        puts
+      end
+
+      desc 'types', 'Displays instance types'
+      def types()
+        puts
+        puts "Available Host Types"
+        puts "--------------------"
+        LaunchHelper.get_gce_host_types.each { |t| puts "  #{t}" }
+        puts
+      end
+    end
+
+    class CloudCommand < Thor
+      desc 'gce', 'Manages Google Compute Engine assets'
+      subcommand "gce", GceCommand
+    end
+  end
+end
+
+if __FILE__ == $0
+  Dir.chdir(SCRIPT_DIR) do
+    # Kick off thor
+    OpenShift::Ops::CloudCommand.start(ARGV)
+  end
+end

filter_plugins/.gitignore

@@ -0,0 +1 @@
+*pyc

filter_plugins/oo_filters.py

@@ -0,0 +1,69 @@
+from ansible import errors, runner
+import json
+import pdb
+
+def oo_pdb(arg):
+  ''' This pops you into a pdb instance where arg is the data passed in from the filter.
+        Ex: "{{ hostvars | oo_pdb }}"
+  '''
+  pdb.set_trace()
+  return arg
+
+def get_attr(data, attribute=None):
+  ''' This looks up dictionary attributes of the form a.b.c and returns the value.
+        Ex: data = {'a': {'b': {'c': 5}}}
+            attribute = "a.b.c"
+            returns 5
+  '''
+
+  if not attribute:
+    raise errors.AnsibleFilterError("|failed expects attribute to be set")
+
+  ptr = data
+  for attr in attribute.split('.'):
+    ptr = ptr[attr]
+
+  return ptr
+
+def oo_collect(data, attribute=None):
+  ''' This takes a list of dict and collects all attributes specified into a list
+        Ex: data = [ {'a':1,'b':5}, {'a':2}, {'a':3} ]
+            attribute = 'a'
+            returns [1, 2, 3]
+  '''
+
+  if not issubclass(type(data), list):
+    raise errors.AnsibleFilterError("|failed expects to filter on a List")
+
+  if not attribute:
+    raise errors.AnsibleFilterError("|failed expects attribute to be set")
+
+  retval = [get_attr(d, attribute) for d in data]
+
+  return retval
+
+def oo_select_keys(data, keys):
+  ''' This returns a list, which contains the value portions for the keys
+        Ex: data = { 'a':1, 'b':2, 'c':3 }
+            keys = ['a', 'c']
+            returns [1, 3]
+  '''
+
+  if not issubclass(type(data), dict):
+    raise errors.AnsibleFilterError("|failed expects to filter on a Dictionary")
+
+  if not issubclass(type(keys), list):
+    raise errors.AnsibleFilterError("|failed expects first param is a list")
+
+  # Gather up the values for the list of keys passed in
+  retval = [data[key] for key in keys]
+
+  return retval
+
+class FilterModule (object):
+  def filters(self):
+    return {
+      "oo_select_keys": oo_select_keys,
+      "oo_collect": oo_collect,
+      "oo_pdb": oo_pdb
+    }

inventory/gce/gce.ini

@@ -0,0 +1,47 @@
+#!/usr/bin/python
+# Copyright 2013 Google Inc.
+#
+# This file is part of Ansible
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible.  If not, see <http://www.gnu.org/licenses/>.
+
+# The GCE inventory script has the following dependencies:
+#   1. A valid Google Cloud Platform account with Google Compute Engine
+#      enabled.  See https://cloud.google.com
+#   2. An OAuth2 Service Account flow should be enabled.  This will generate
+#      a private key file that the inventory script will use for API request
+#      authorization.  See https://developers.google.com/accounts/docs/OAuth2
+#   3. Convert the private key from PKCS12 to PEM format
+#      $ openssl pkcs12 -in pkey.pkcs12 -passin pass:notasecret \
+#      > -nodes -nocerts | openssl rsa -out pkey.pem
+#   4. The libcloud (>=0.13.3) python libray.  See http://libcloud.apache.org
+#
+# (See ansible/test/gce_tests.py comments for full install instructions)
+#
+# Author: Eric Johnson <erjohnso@google.com>
+
+[gce]
+# GCE Service Account configuration information can be stored in the
+# libcloud 'secrets.py' file.  Ideally, the 'secrets.py' file will already
+# exist in your PYTHONPATH and be picked up automatically with an import
+# statement in the inventory script.  However, you can specify an absolute
+# path to the secrets.py file with 'libcloud_secrets' parameter.
+libcloud_secrets = 
+
+# If you are not going to use a 'secrets.py' file, you can set the necessary
+# authorization parameters here.
+gce_service_account_email_address = 198287808360-f457cs26hutqeosmlje1eosfeqo0krlg@developer.gserviceaccount.com
+gce_service_account_pem_file_path = ~/.ssh/os302gce_priv_key.pem
+gce_project_id = corded-cable-672
+

inventory/gce/gce.py

@@ -0,0 +1,275 @@
+#!/usr/bin/python
+# Copyright 2013 Google Inc.
+#
+# This file is part of Ansible
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible.  If not, see <http://www.gnu.org/licenses/>.
+
+'''
+GCE external inventory script
+=================================
+
+Generates inventory that Ansible can understand by making API requests
+Google Compute Engine via the libcloud library.  Full install/configuration
+instructions for the gce* modules can be found in the comments of
+ansible/test/gce_tests.py.
+
+When run against a specific host, this script returns the following variables
+based on the data obtained from the libcloud Node object:
+ - gce_uuid
+ - gce_id
+ - gce_image
+ - gce_machine_type
+ - gce_private_ip
+ - gce_public_ip
+ - gce_name
+ - gce_description
+ - gce_status
+ - gce_zone
+ - gce_tags
+ - gce_metadata
+ - gce_network
+
+When run in --list mode, instances are grouped by the following categories:
+ - zone:
+   zone group name examples are us-central1-b, europe-west1-a, etc.
+ - instance tags:
+   An entry is created for each tag.  For example, if you have two instances
+   with a common tag called 'foo', they will both be grouped together under
+   the 'tag_foo' name.
+ - network name:
+   the name of the network is appended to 'network_' (e.g. the 'default'
+   network will result in a group named 'network_default')
+ - machine type
+   types follow a pattern like n1-standard-4, g1-small, etc.
+ - running status:
+   group name prefixed with 'status_' (e.g. status_running, status_stopped,..)
+ - image:
+   when using an ephemeral/scratch disk, this will be set to the image name
+   used when creating the instance (e.g. debian-7-wheezy-v20130816).  when
+   your instance was created with a root persistent disk it will be set to
+   'persistent_disk' since there is no current way to determine the image.
+
+Examples:
+  Execute uname on all instances in the us-central1-a zone
+  $ ansible -i gce.py us-central1-a -m shell -a "/bin/uname -a"
+
+  Use the GCE inventory script to print out instance specific information
+  $ plugins/inventory/gce.py --host my_instance
+
+Author: Eric Johnson <erjohnso@google.com>
+Version: 0.0.1
+'''
+
+USER_AGENT_PRODUCT="Ansible-gce_inventory_plugin"
+USER_AGENT_VERSION="v1"
+
+import sys
+import os
+import argparse
+import ConfigParser
+
+try:
+    import json
+except ImportError:
+    import simplejson as json
+
+try:
+    from libcloud.compute.types import Provider
+    from libcloud.compute.providers import get_driver
+    _ = Provider.GCE
+except:
+    print("GCE inventory script requires libcloud >= 0.13")
+    sys.exit(1)
+
+
+class GceInventory(object):
+    def __init__(self):
+        # Read settings and parse CLI arguments
+        self.parse_cli_args()
+        self.driver = self.get_gce_driver()
+
+        # Just display data for specific host
+        if self.args.host:
+            print self.json_format_dict(self.node_to_dict(
+                    self.get_instance(self.args.host)))
+            sys.exit(0)
+
+        # Otherwise, assume user wants all instances grouped
+        print(self.json_format_dict(self.group_instances()))
+        sys.exit(0)
+
+    def get_gce_driver(self):
+        """Determine the GCE authorization settings and return a
+        libcloud driver.
+        """
+        gce_ini_default_path = os.path.join(
+            os.path.dirname(os.path.realpath(__file__)), "gce.ini")
+        gce_ini_path = os.environ.get('GCE_INI_PATH', gce_ini_default_path)
+
+        # Create a ConfigParser.
+        # This provides empty defaults to each key, so that environment
+        # variable configuration (as opposed to INI configuration) is able
+        # to work.
+        config = ConfigParser.SafeConfigParser(defaults={
+            'gce_service_account_email_address': '',
+            'gce_service_account_pem_file_path': '',
+            'gce_project_id': '',
+            'libcloud_secrets': '',
+        })
+        if 'gce' not in config.sections():
+            config.add_section('gce')
+        config.read(gce_ini_path)
+
+        # Attempt to get GCE params from a configuration file, if one
+        # exists.
+        secrets_path = config.get('gce', 'libcloud_secrets')
+        secrets_found = False
+        try:
+            import secrets
+            args = list(getattr(secrets, 'GCE_PARAMS', []))
+            kwargs = getattr(secrets, 'GCE_KEYWORD_PARAMS', {})
+            secrets_found = True
+        except:
+            pass
+
+        if not secrets_found and secrets_path:
+            if not secrets_path.endswith('secrets.py'):
+                err = "Must specify libcloud secrets file as "
+                err += "/absolute/path/to/secrets.py"
+                print(err)
+                sys.exit(1)
+            sys.path.append(os.path.dirname(secrets_path))
+            try:
+                import secrets
+                args = list(getattr(secrets, 'GCE_PARAMS', []))
+                kwargs = getattr(secrets, 'GCE_KEYWORD_PARAMS', {})
+                secrets_found = True
+            except:
+                pass
+        if not secrets_found:
+            args = [
+                config.get('gce','gce_service_account_email_address'),
+                config.get('gce','gce_service_account_pem_file_path')
+            ]
+            kwargs = {'project': config.get('gce', 'gce_project_id')}
+
+        # If the appropriate environment variables are set, they override
+        # other configuration; process those into our args and kwargs.
+        args[0] = os.environ.get('GCE_EMAIL', args[0])
+        args[1] = os.environ.get('GCE_PEM_FILE_PATH', args[1])
+        kwargs['project'] = os.environ.get('GCE_PROJECT', kwargs['project'])
+
+        # Retrieve and return the GCE driver.
+        gce = get_driver(Provider.GCE)(*args, **kwargs)
+        gce.connection.user_agent_append(
+            '%s/%s' % (USER_AGENT_PRODUCT, USER_AGENT_VERSION),
+        )
+        return gce
+
+    def parse_cli_args(self):
+        ''' Command line argument processing '''
+
+        parser = argparse.ArgumentParser(
+                description='Produce an Ansible Inventory file based on GCE')
+        parser.add_argument('--list', action='store_true', default=True,
+                           help='List instances (default: True)')
+        parser.add_argument('--host', action='store',
+                           help='Get all information about an instance')
+        self.args = parser.parse_args()
+
+
+    def node_to_dict(self, inst):
+        md = {}
+
+        if inst is None:
+            return {}
+
+        if inst.extra['metadata'].has_key('items'):
+            for entry in inst.extra['metadata']['items']:
+                md[entry['key']] = entry['value']
+
+        net = inst.extra['networkInterfaces'][0]['network'].split('/')[-1]
+        return {
+            'gce_uuid': inst.uuid,
+            'gce_id': inst.id,
+            'gce_image': inst.image,
+            'gce_machine_type': inst.size,
+            'gce_private_ip': inst.private_ips[0],
+            'gce_public_ip': inst.public_ips[0],
+            'gce_name': inst.name,
+            'gce_description': inst.extra['description'],
+            'gce_status': inst.extra['status'],
+            'gce_zone': inst.extra['zone'].name,
+            'gce_tags': inst.extra['tags'],
+            'gce_metadata': md,
+            'gce_network': net,
+            # Hosts don't have a public name, so we add an IP
+            'ansible_ssh_host': inst.public_ips[0]
+        }
+
+    def get_instance(self, instance_name):
+        '''Gets details about a specific instance '''
+        try:
+            return self.driver.ex_get_node(instance_name)
+        except Exception, e:
+            return None
+
+    def group_instances(self):
+        '''Group all instances'''
+        groups = {}
+        for node in self.driver.list_nodes():
+            name = node.name
+
+            zone = node.extra['zone'].name
+            if groups.has_key(zone): groups[zone].append(name)
+            else: groups[zone] = [name]
+
+            tags = node.extra['tags']
+            for t in tags:
+                tag = 'tag_%s' % t
+                if groups.has_key(tag): groups[tag].append(name)
+                else: groups[tag] = [name]
+
+            net = node.extra['networkInterfaces'][0]['network'].split('/')[-1]
+            net = 'network_%s' % net
+            if groups.has_key(net): groups[net].append(name)
+            else: groups[net] = [name]
+
+            machine_type = node.size
+            if groups.has_key(machine_type): groups[machine_type].append(name)
+            else: groups[machine_type] = [name]
+
+            image = node.image and node.image or 'persistent_disk'
+            if groups.has_key(image): groups[image].append(name)
+            else: groups[image] = [name]
+
+            status = node.extra['status']
+            stat = 'status_%s' % status.lower()
+            if groups.has_key(stat): groups[stat].append(name)
+            else: groups[stat] = [name]
+        return groups
+
+    def json_format_dict(self, data, pretty=False):
+        ''' Converts a dict to a JSON object and dumps it as a formatted
+        string '''
+
+        if pretty:
+            return json.dumps(data, sort_keys=True, indent=2)
+        else:
+            return json.dumps(data)
+
+
+# Run the script
+GceInventory()

inventory/hosts

@@ -0,0 +1,2 @@
+# Eventually we'll add the GCE, AWS, etc dynamic inventories, but for now...
+localhost

playbooks/gce/os3-master/config.yml

@@ -0,0 +1,41 @@
+- name: "populate oo_hosts_to_config host group if needed"
+  hosts: localhost
+  gather_facts: no
+  tasks:
+  - name: Evaluate oo_host_group_exp if it's set
+    add_host: "name={{ item }} groups=oo_hosts_to_config"
+    with_items: "{{ oo_host_group_exp | default('') }}"
+    when: oo_host_group_exp is defined
+
+- name: "Gather facts for minions in {{ oo_env }}"
+  hosts: "tag_env-host-type-{{ oo_env }}-os3-minion"
+  connection: ssh
+  user: root
+
+- name: "Set OO sepcific facts on localhost (for later use)"
+  hosts: localhost
+  gather_facts: no
+  tasks:
+    - name: Setting oo_minion_ips fact on localhost
+      set_fact:
+        oo_minion_ips: "{{ hostvars
+            | oo_select_keys(groups['tag_env-host-type-' + oo_env + '-os3-minion'])
+            | oo_collect(attribute='ansible_eth0.ipv4.address') }}"
+      when: groups['tag_env-host-type-' + oo_env + '-os3-minion'] is defined
+
+- name: "Configure instances"
+  hosts: oo_hosts_to_config
+  connection: ssh
+  user: root
+  vars_files:
+    - vars.yml
+  roles:
+    - ../../../roles/base_os
+    - ../../../roles/repos
+    - ../../../roles/etcd
+    - {
+        role: ../../../roles/kubernetes_apiserver,
+        oo_minion_ips: "{{ hostvars['localhost'].oo_minion_ips | default(['']) }}"
+      }
+    - ../../../roles/kubernetes_controller_manager
+    - ../../../roles/pods

playbooks/gce/os3-master/launch.yml

@@ -0,0 +1,38 @@
+---
+- name: Launch instance(s)
+  hosts: localhost
+  connection: local
+  gather_facts: no
+
+  vars:
+    inst_names: "{{ oo_new_inst_names }}"
+    machine_type: n1-standard-1
+    image: libra-rhel7
+
+  vars_files:
+      - vars.yml
+
+  tasks:
+    - name: Launch instances
+      gce:
+        instance_names: "{{ inst_names }}"
+        machine_type: "{{ machine_type }}"
+        image: "{{ image }}"
+        service_account_email: "{{ gce_service_account_email }}"
+        pem_file: "{{ gce_pem_file }}"
+        project_id: "{{ gce_project_id }}"
+        tags: "{{ oo_new_inst_tags }}"
+      register: gce
+
+    - name: Add new instances public IPs to oo_hosts_to_config
+      add_host: "hostname={{ item.name }} ansible_ssh_host={{ item.public_ip }} groupname=oo_hosts_to_config"
+      with_items: gce.instance_data
+
+    - name: Wait for ssh
+      wait_for: "port=22 host={{ item.public_ip }}"
+      with_items: gce.instance_data
+
+    - debug: var=gce
+
+# Apply the configs, seprate so that just the configs can be run by themselves
+- include: config.yml

playbooks/gce/os3-minion/config.yml

@@ -0,0 +1,43 @@
+- name: "populate oo_hosts_to_config host group if needed"
+  hosts: localhost
+  gather_facts: no
+  tasks:
+  - name: Evaluate oo_host_group_exp
+    add_host: "name={{ item }} groups=oo_hosts_to_config"
+    with_items: "{{ oo_host_group_exp | default('') }}"
+    when: oo_host_group_exp is defined
+
+- name: "Gather facts for masters in {{ oo_env }}"
+  hosts: "tag_env-host-type-{{ oo_env }}-os3-master"
+  connection: ssh
+  user: root
+
+- name: "Set OO sepcific facts on localhost (for later use)"
+  hosts: localhost
+  gather_facts: no
+  tasks:
+    - name: Setting oo_master_ips fact on localhost
+      set_fact:
+        oo_master_ips: "{{ hostvars
+            | oo_select_keys(groups['tag_env-host-type-' + oo_env + '-os3-master'])
+            | oo_collect(attribute='ansible_eth0.ipv4.address') }}"
+      when: groups['tag_env-host-type-' + oo_env + '-os3-master'] is defined
+
+- name: "Configure instances"
+  hosts: oo_hosts_to_config
+  connection: ssh
+  user: root
+  vars_files:
+    - vars.yml
+  roles:
+    - ../../../roles/base_os
+    - ../../../roles/repos
+    - ../../../roles/docker
+    - {
+        role: ../../../roles/kubernetes_kubelet,
+        oo_master_ips: "{{ hostvars['localhost'].oo_master_ips | default(['']) }}"
+      }
+    - {
+        role: ../../../roles/kubernetes_proxy,
+        oo_master_ips: "{{ hostvars['localhost'].oo_master_ips | default(['']) }}"
+      }

playbooks/gce/os3-minion/launch.yml

@@ -0,0 +1,38 @@
+---
+- name: Launch instance(s)
+  hosts: localhost
+  connection: local
+  gather_facts: no
+
+  vars:
+    inst_names: "{{ oo_new_inst_names }}"
+    machine_type: n1-standard-1
+    image: libra-rhel7
+
+  vars_files:
+      - vars.yml
+
+  tasks:
+    - name: Launch instances
+      gce:
+        instance_names: "{{ inst_names }}"
+        machine_type: "{{ machine_type }}"
+        image: "{{ image }}"
+        service_account_email: "{{ gce_service_account_email }}"
+        pem_file: "{{ gce_pem_file }}"
+        project_id: "{{ gce_project_id }}"
+        tags: "{{ oo_new_inst_tags }}"
+      register: gce
+
+    - name: Add new instances public IPs to oo_hosts_to_config
+      add_host: "hostname={{ item.name }} ansible_ssh_host={{ item.public_ip }} groupname=oo_hosts_to_config"
+      with_items: gce.instance_data
+
+    - name: Wait for ssh
+      wait_for: "port=22 host={{ item.public_ip }}"
+      with_items: gce.instance_data
+
+    - debug: var=gce
+
+# Apply the configs, seprate so that just the configs can be run by themselves
+- include: config.yml

playbooks/gce/os3-registry/config.yml

@@ -0,0 +1,17 @@
+- name: "populate oo_hosts_to_config host group if needed"
+  hosts: localhost
+  gather_facts: no
+  tasks:
+  - name: Evaluate oo_host_group_exp
+    add_host: "name={{ item }} groups=oo_hosts_to_config"
+    with_items: "{{ oo_host_group_exp | default('') }}"
+    when: oo_host_group_exp is defined
+
+- name: "Configure instances"
+  hosts: oo_hosts_to_config
+  connection: ssh
+  user: root
+  vars_files:
+    - vars.yml
+  roles:
+    - ../../../roles/base_os

playbooks/gce/os3-registry/launch.yml

@@ -0,0 +1,38 @@
+---
+- name: Launch instance(s)
+  hosts: localhost
+  connection: local
+  gather_facts: no
+
+  vars:
+    inst_names: "{{ oo_new_inst_names }}"
+    machine_type: n1-standard-1
+    image: libra-rhel7
+
+  vars_files:
+      - vars.yml
+
+  tasks:
+    - name: Launch instances
+      gce:
+        instance_names: "{{ inst_names }}"
+        machine_type: "{{ machine_type }}"
+        image: "{{ image }}"
+        service_account_email: "{{ gce_service_account_email }}"
+        pem_file: "{{ gce_pem_file }}"
+        project_id: "{{ gce_project_id }}"
+        tags: "{{ oo_new_inst_tags }}"
+      register: gce
+
+    - name: Add new instances public IPs to oo_hosts_to_config
+      add_host: "hostname={{ item.name }} ansible_ssh_host={{ item.public_ip }} groupname=oo_hosts_to_config"
+      with_items: gce.instance_data
+
+    - name: Wait for ssh
+      wait_for: "port=22 host={{ item.public_ip }}"
+      with_items: gce.instance_data
+
+    - debug: var=gce
+
+# Apply the configs, seprate so that just the configs can be run by themselves
+- include: config.yml

playbooks/gce/os3-router/config.yml

@@ -0,0 +1,17 @@
+- name: "populate oo_hosts_to_config host group if needed"
+  hosts: localhost
+  gather_facts: no
+  tasks:
+  - name: Evaluate oo_host_group_exp
+    add_host: "name={{ item }} groups=oo_hosts_to_config"
+    with_items: "{{ oo_host_group_exp | default('') }}"
+    when: oo_host_group_exp is defined
+
+- name: "Configure instances"
+  hosts: oo_hosts_to_config
+  connection: ssh
+  user: root
+  vars_files:
+    - vars.yml
+  roles:
+    - ../../../roles/base_os

playbooks/gce/os3-router/launch.yml

@@ -0,0 +1,38 @@
+---
+- name: Launch instance(s)
+  hosts: localhost
+  connection: local
+  gather_facts: no
+
+  vars:
+    inst_names: "{{ oo_new_inst_names }}"
+    machine_type: n1-standard-1
+    image: libra-rhel7
+
+  vars_files:
+      - vars.yml
+
+  tasks:
+    - name: Launch instances
+      gce:
+        instance_names: "{{ inst_names }}"
+        machine_type: "{{ machine_type }}"
+        image: "{{ image }}"
+        service_account_email: "{{ gce_service_account_email }}"
+        pem_file: "{{ gce_pem_file }}"
+        project_id: "{{ gce_project_id }}"
+        tags: "{{ oo_new_inst_tags }}"
+      register: gce
+
+    - name: Add new instances public IPs to oo_hosts_to_config
+      add_host: "hostname={{ item.name }} ansible_ssh_host={{ item.public_ip }} groupname=oo_hosts_to_config"
+      with_items: gce.instance_data
+
+    - name: Wait for ssh
+      wait_for: "port=22 host={{ item.public_ip }}"
+      with_items: gce.instance_data
+
+    - debug: var=gce
+
+# Apply the configs, seprate so that just the configs can be run by themselves
+- include: config.yml

roles/base_os/files/irbrc

@@ -0,0 +1,2 @@
+require 'irb/completion'
+IRB.conf[:PROMPT_MODE] = :SIMPLE

roles/base_os/files/vimrc

@@ -0,0 +1,12 @@
+set tabstop=4
+set shiftwidth=4
+set expandtab
+set list
+
+"flag problematic whitespace (trailing and spaces before tabs)
+"Note you get the same by doing let c_space_errors=1 but
+"this rule really applies to everything.
+highlight RedundantSpaces term=standout ctermbg=red guibg=red
+match RedundantSpaces /\s\+$\| \+\ze\t/ "\ze sets end of match so only spaces highlighted
+"use :set list! to toggle visible whitespace on/off
+set listchars=tab:>-,trail:.,extends:>

roles/base_os/tasks/main.yaml

@@ -0,0 +1,26 @@
+---
+# basic role, configures irbrc, vimrc
+
+- name: Ensure irbrc is installed for user root
+  copy: >
+    src=irbrc
+    dest=/root/.irbrc
+
+- name: Ensure vimrc is installed for user root
+  copy: >
+    src=vimrc
+    dest=/root/.vimrc
+
+- name: Ensure vimrc is installed for user root
+  copy: >
+    src=vimrc
+    dest=/root/.vimrc
+
+- name: Install firewalld
+  yum: pkg=firewalld state=installed
+
+- name: enable firewalld service
+  command: /usr/bin/systemctl enable firewalld.service
+
+- name: start firewalld service
+  command: /usr/bin/systemctl start firewalld.service

roles/docker/README.md

@@ -0,0 +1,38 @@
+Role Name
+=========
+
+A brief description of the role goes here.
+
+Requirements
+------------
+
+Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+
+Role Variables
+--------------
+
+A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
+
+Dependencies
+------------
+
+A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
+
+Example Playbook
+----------------
+
+Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+
+    - hosts: servers
+      roles:
+         - { role: username.rolename, x: 42 }
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+An optional section for the role authors to include contact information, or a website (HTML is not allowed).

roles/docker/defaults/main.yml

@@ -0,0 +1,2 @@
+---
+# defaults file for docker

roles/docker/files/enter-container.sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+
+if [ $# -ne 1 ]
+then
+  echo
+  echo "Usage: $(basename $0) <container_name>"
+  echo
+  exit 1
+fi
+
+PID=$(docker inspect --format '{{.State.Pid}}' $1)
+
+nsenter --target $PID --mount --uts --ipc --net --pid

roles/docker/handlers/main.yml

@@ -0,0 +1,2 @@
+---
+# handlers file for docker

roles/docker/meta/main.yml

@@ -0,0 +1,124 @@
+---
+galaxy_info:
+  author: your name
+  description: 
+  company: your company (optional)
+  # Some suggested licenses:
+  # - BSD (default)
+  # - MIT
+  # - GPLv2
+  # - GPLv3
+  # - Apache
+  # - CC-BY
+  license: license (GPLv2, CC-BY, etc)
+  min_ansible_version: 1.2
+  #
+  # Below are all platforms currently available. Just uncomment
+  # the ones that apply to your role. If you don't see your 
+  # platform on this list, let us know and we'll get it added!
+  #
+  #platforms:
+  #- name: EL
+  #  versions:
+  #  - all
+  #  - 5
+  #  - 6
+  #  - 7
+  #- name: GenericUNIX
+  #  versions:
+  #  - all
+  #  - any
+  #- name: Fedora
+  #  versions:
+  #  - all
+  #  - 16
+  #  - 17
+  #  - 18
+  #  - 19
+  #  - 20
+  #- name: opensuse
+  #  versions:
+  #  - all
+  #  - 12.1
+  #  - 12.2
+  #  - 12.3
+  #  - 13.1
+  #  - 13.2
+  #- name: Amazon
+  #  versions:
+  #  - all
+  #  - 2013.03
+  #  - 2013.09
+  #- name: GenericBSD
+  #  versions:
+  #  - all
+  #  - any
+  #- name: FreeBSD
+  #  versions:
+  #  - all
+  #  - 8.0
+  #  - 8.1
+  #  - 8.2
+  #  - 8.3
+  #  - 8.4
+  #  - 9.0
+  #  - 9.1
+  #  - 9.1
+  #  - 9.2
+  #- name: Ubuntu
+  #  versions:
+  #  - all
+  #  - lucid
+  #  - maverick
+  #  - natty
+  #  - oneiric
+  #  - precise
+  #  - quantal
+  #  - raring
+  #  - saucy
+  #  - trusty
+  #- name: SLES
+  #  versions:
+  #  - all
+  #  - 10SP3
+  #  - 10SP4
+  #  - 11
+  #  - 11SP1
+  #  - 11SP2
+  #  - 11SP3
+  #- name: GenericLinux
+  #  versions:
+  #  - all
+  #  - any
+  #- name: Debian
+  #  versions:
+  #  - all
+  #  - etch
+  #  - lenny
+  #  - squeeze
+  #  - wheezy
+  #
+  # Below are all categories currently available. Just as with
+  # the platforms above, uncomment those that apply to your role.
+  #
+  #categories:
+  #- cloud
+  #- cloud:ec2
+  #- cloud:gce
+  #- cloud:rax
+  #- clustering
+  #- database
+  #- database:nosql
+  #- database:sql
+  #- development
+  #- monitoring
+  #- networking
+  #- packaging
+  #- system
+  #- web
+dependencies: []
+  # List your role dependencies here, one per line. Only
+  # dependencies available via galaxy should be listed here.
+  # Be sure to remove the '[]' above if you add dependencies
+  # to this list.
+  

roles/docker/tasks/main.yml

@@ -0,0 +1,18 @@
+---
+# tasks file for docker
+- name: Install docker
+  yum: pkg=docker
+
+- name: enable docker service
+  command: /usr/bin/systemctl enable docker.service
+
+- name: start the docker service
+  command: /usr/bin/systemctl start docker.service
+
+- copy: src=enter-container.sh dest=/usr/local/bin/enter-container.sh mode=0755
+
+# From the origin rpm there exists instructions on how to
+# setup origin properly.  The following steps come from there
+- name: Change root to be in the Docker group
+  command: usermod -G docker -a root
+

roles/docker/vars/main.yml

@@ -0,0 +1,2 @@
+---
+# vars file for docker

roles/etcd/README.md

@@ -0,0 +1,38 @@
+Role Name
+=========
+
+A brief description of the role goes here.
+
+Requirements
+------------
+
+Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+
+Role Variables
+--------------
+
+A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
+
+Dependencies
+------------
+
+A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
+
+Example Playbook
+----------------
+
+Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+
+    - hosts: servers
+      roles:
+         - { role: username.rolename, x: 42 }
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+An optional section for the role authors to include contact information, or a website (HTML is not allowed).

roles/etcd/defaults/main.yml

@@ -0,0 +1,2 @@
+---
+# defaults file for etcd

roles/etcd/handlers/main.yml

@@ -0,0 +1,3 @@
+---
+- name: restart etcd
+  service: name=etcd state=restarted

roles/etcd/meta/main.yml

@@ -0,0 +1,124 @@
+---
+galaxy_info:
+  author: your name
+  description: 
+  company: your company (optional)
+  # Some suggested licenses:
+  # - BSD (default)
+  # - MIT
+  # - GPLv2
+  # - GPLv3
+  # - Apache
+  # - CC-BY
+  license: license (GPLv2, CC-BY, etc)
+  min_ansible_version: 1.2
+  #
+  # Below are all platforms currently available. Just uncomment
+  # the ones that apply to your role. If you don't see your 
+  # platform on this list, let us know and we'll get it added!
+  #
+  #platforms:
+  #- name: EL
+  #  versions:
+  #  - all
+  #  - 5
+  #  - 6
+  #  - 7
+  #- name: GenericUNIX
+  #  versions:
+  #  - all
+  #  - any
+  #- name: Fedora
+  #  versions:
+  #  - all
+  #  - 16
+  #  - 17
+  #  - 18
+  #  - 19
+  #  - 20
+  #- name: opensuse
+  #  versions:
+  #  - all
+  #  - 12.1
+  #  - 12.2
+  #  - 12.3
+  #  - 13.1
+  #  - 13.2
+  #- name: Amazon
+  #  versions:
+  #  - all
+  #  - 2013.03
+  #  - 2013.09
+  #- name: GenericBSD
+  #  versions:
+  #  - all
+  #  - any
+  #- name: FreeBSD
+  #  versions:
+  #  - all
+  #  - 8.0
+  #  - 8.1
+  #  - 8.2
+  #  - 8.3
+  #  - 8.4
+  #  - 9.0
+  #  - 9.1
+  #  - 9.1
+  #  - 9.2
+  #- name: Ubuntu
+  #  versions:
+  #  - all
+  #  - lucid
+  #  - maverick
+  #  - natty
+  #  - oneiric
+  #  - precise
+  #  - quantal
+  #  - raring
+  #  - saucy
+  #  - trusty
+  #- name: SLES
+  #  versions:
+  #  - all
+  #  - 10SP3
+  #  - 10SP4
+  #  - 11
+  #  - 11SP1
+  #  - 11SP2
+  #  - 11SP3
+  #- name: GenericLinux
+  #  versions:
+  #  - all
+  #  - any
+  #- name: Debian
+  #  versions:
+  #  - all
+  #  - etch
+  #  - lenny
+  #  - squeeze
+  #  - wheezy
+  #
+  # Below are all categories currently available. Just as with
+  # the platforms above, uncomment those that apply to your role.
+  #
+  #categories:
+  #- cloud
+  #- cloud:ec2
+  #- cloud:gce
+  #- cloud:rax
+  #- clustering
+  #- database
+  #- database:nosql
+  #- database:sql
+  #- development
+  #- monitoring
+  #- networking
+  #- packaging
+  #- system
+  #- web
+dependencies: []
+  # List your role dependencies here, one per line. Only
+  # dependencies available via galaxy should be listed here.
+  # Be sure to remove the '[]' above if you add dependencies
+  # to this list.
+  

roles/etcd/tasks/main.yml

@@ -0,0 +1,20 @@
+---
+- name: Install etcd
+  yum: pkg=etcd state=installed disable_gpg_check=yes
+
+- name: Install etcdctl
+  yum: pkg=etcdctl state=installed disable_gpg_check=yes
+
+- name: Write etcd global config file
+  template: src=etcd.conf.j2 dest=/etc/etcd/etcd.conf
+  notify:
+    - restart etcd
+
+- name: Open firewalld port for etcd
+  firewalld: port=4001/tcp permanent=false state=enabled
+
+- name: Save firewalld port for etcd
+  firewalld: port=4001/tcp permanent=true state=enabled
+
+- name: Enable etcd
+  service: name=etcd enabled=yes state=started

roles/etcd/templates/etcd.conf.j2

@@ -0,0 +1,34 @@
+# This configuration file is written in [TOML](https://github.com/mojombo/toml)
+
+# addr = "127.0.0.1:4001"
+# bind_addr = "127.0.0.1:4001"
+# ca_file = ""
+# cert_file = ""
+# cors = []
+# cpu_profile_file = ""
+# data_dir = "."
+# discovery = "http://etcd.local:4001/v2/keys/_etcd/registry/examplecluster"
+# http_read_timeout = 10
+# http_write_timeout = 10
+# key_file = ""
+# peers = []
+# peers_file = ""
+# max_cluster_size = 9
+# max_result_buffer = 1024
+# max_retry_attempts = 3
+# name = "default-name"
+# snapshot = false
+# verbose = false
+# very_verbose = false
+
+# [peer]
+# addr = "127.0.0.1:7001"
+# bind_addr = "127.0.0.1:7001"
+# ca_file = ""
+# cert_file = ""
+# key_file = ""
+
+# [cluster]
+# active_size = 9
+# remove_delay = 1800.0
+# sync_interval = 5.0

roles/etcd/vars/main.yml

@@ -0,0 +1,2 @@
+---
+# vars file for etcd

roles/kubernetes_apiserver/README.md

@@ -0,0 +1,38 @@
+Role Name
+=========
+
+A brief description of the role goes here.
+
+Requirements
+------------
+
+Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+
+Role Variables
+--------------
+
+A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
+
+Dependencies
+------------
+
+A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
+
+Example Playbook
+----------------
+
+Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+
+    - hosts: servers
+      roles:
+         - { role: username.rolename, x: 42 }
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+An optional section for the role authors to include contact information, or a website (HTML is not allowed).

roles/kubernetes_apiserver/defaults/main.yml

@@ -0,0 +1,2 @@
+---
+# defaults file for kubernetes_apiserver

roles/kubernetes_apiserver/handlers/main.yml

@@ -0,0 +1,4 @@
+---
+# handlers file for kubernetes_apiserver
+- name: restart kubernetes-apiserver
+  service: name=kubernetes-apiserver state=restarted

roles/kubernetes_apiserver/meta/main.yml

@@ -0,0 +1,124 @@
+---
+galaxy_info:
+  author: your name
+  description: 
+  company: your company (optional)
+  # Some suggested licenses:
+  # - BSD (default)
+  # - MIT
+  # - GPLv2
+  # - GPLv3
+  # - Apache
+  # - CC-BY
+  license: license (GPLv2, CC-BY, etc)
+  min_ansible_version: 1.2
+  #
+  # Below are all platforms currently available. Just uncomment
+  # the ones that apply to your role. If you don't see your 
+  # platform on this list, let us know and we'll get it added!
+  #
+  #platforms:
+  #- name: EL
+  #  versions:
+  #  - all
+  #  - 5
+  #  - 6
+  #  - 7
+  #- name: GenericUNIX
+  #  versions:
+  #  - all
+  #  - any
+  #- name: Fedora
+  #  versions:
+  #  - all
+  #  - 16
+  #  - 17
+  #  - 18
+  #  - 19
+  #  - 20
+  #- name: opensuse
+  #  versions:
+  #  - all
+  #  - 12.1
+  #  - 12.2
+  #  - 12.3
+  #  - 13.1
+  #  - 13.2
+  #- name: Amazon
+  #  versions:
+  #  - all
+  #  - 2013.03
+  #  - 2013.09
+  #- name: GenericBSD
+  #  versions:
+  #  - all
+  #  - any
+  #- name: FreeBSD
+  #  versions:
+  #  - all
+  #  - 8.0
+  #  - 8.1
+  #  - 8.2
+  #  - 8.3
+  #  - 8.4
+  #  - 9.0
+  #  - 9.1
+  #  - 9.1
+  #  - 9.2
+  #- name: Ubuntu
+  #  versions:
+  #  - all
+  #  - lucid
+  #  - maverick
+  #  - natty
+  #  - oneiric
+  #  - precise
+  #  - quantal
+  #  - raring
+  #  - saucy
+  #  - trusty
+  #- name: SLES
+  #  versions:
+  #  - all
+  #  - 10SP3
+  #  - 10SP4
+  #  - 11
+  #  - 11SP1
+  #  - 11SP2
+  #  - 11SP3
+  #- name: GenericLinux
+  #  versions:
+  #  - all
+  #  - any
+  #- name: Debian
+  #  versions:
+  #  - all
+  #  - etch
+  #  - lenny
+  #  - squeeze
+  #  - wheezy
+  #
+  # Below are all categories currently available. Just as with
+  # the platforms above, uncomment those that apply to your role.
+  #
+  #categories:
+  #- cloud
+  #- cloud:ec2
+  #- cloud:gce
+  #- cloud:rax
+  #- clustering
+  #- database
+  #- database:nosql
+  #- database:sql
+  #- development
+  #- monitoring
+  #- networking
+  #- packaging
+  #- system
+  #- web
+dependencies: []
+  # List your role dependencies here, one per line. Only
+  # dependencies available via galaxy should be listed here.
+  # Be sure to remove the '[]' above if you add dependencies
+  # to this list.
+  

roles/kubernetes_apiserver/tasks/main.yml

@@ -0,0 +1,25 @@
+---
+# tasks file for kubernetes_apiserver
+- name: Install kubernetes
+  yum: pkg=kubernetes
+
+- name: Configure apiserver settings
+  lineinfile: >
+    dest=/etc/sysconfig/kubernetes
+    regexp={{ item.regex }}
+    line="{{ item.line }}"
+  with_items:
+    - { regex: '^KUBE_API_MACHINES=', line: 'KUBE_API_MACHINES=\"{{ oo_minion_ips | join(",") }}\"' }
+    - { regex: '^KUBE_API_ADDRESS=',  line: 'KUBE_API_ADDRESS=\"0.0.0.0\"' }
+  notify:
+    - restart kubernetes-apiserver
+
+- name: Enable apiserver
+  service: name=kubernetes-apiserver enabled=yes state=started
+
+- name: Open firewalld port for apiserver
+  firewalld: port=8080/tcp permanent=false state=enabled
+
+- name: Save firewalld port for apiserver
+  firewalld: port=8080/tcp permanent=true state=enabled
+

roles/kubernetes_apiserver/vars/main.yml

@@ -0,0 +1,2 @@
+---
+# vars file for kubernetes_apiserver

roles/kubernetes_controller_manager/README.md

@@ -0,0 +1,38 @@
+Role Name
+=========
+
+A brief description of the role goes here.
+
+Requirements
+------------
+
+Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+
+Role Variables
+--------------
+
+A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
+
+Dependencies
+------------
+
+A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
+
+Example Playbook
+----------------
+
+Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+
+    - hosts: servers
+      roles:
+         - { role: username.rolename, x: 42 }
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+An optional section for the role authors to include contact information, or a website (HTML is not allowed).

roles/kubernetes_controller_manager/defaults/main.yml

@@ -0,0 +1,2 @@
+---
+# defaults file for kubernetes_controller_manager

roles/kubernetes_controller_manager/handlers/main.yml

@@ -0,0 +1,5 @@
+---
+# handlers file for kubernetes_controller_manager
+- name: restart kubernetes-controller-manager
+  service: name=kubernetes-controller-manager state=restarted
+

roles/kubernetes_controller_manager/meta/main.yml

@@ -0,0 +1,124 @@
+---
+galaxy_info:
+  author: your name
+  description: 
+  company: your company (optional)
+  # Some suggested licenses:
+  # - BSD (default)
+  # - MIT
+  # - GPLv2
+  # - GPLv3
+  # - Apache
+  # - CC-BY
+  license: license (GPLv2, CC-BY, etc)
+  min_ansible_version: 1.2
+  #
+  # Below are all platforms currently available. Just uncomment
+  # the ones that apply to your role. If you don't see your 
+  # platform on this list, let us know and we'll get it added!
+  #
+  #platforms:
+  #- name: EL
+  #  versions:
+  #  - all
+  #  - 5
+  #  - 6
+  #  - 7
+  #- name: GenericUNIX
+  #  versions:
+  #  - all
+  #  - any
+  #- name: Fedora
+  #  versions:
+  #  - all
+  #  - 16
+  #  - 17
+  #  - 18
+  #  - 19
+  #  - 20
+  #- name: opensuse
+  #  versions:
+  #  - all
+  #  - 12.1
+  #  - 12.2
+  #  - 12.3
+  #  - 13.1
+  #  - 13.2
+  #- name: Amazon
+  #  versions:
+  #  - all
+  #  - 2013.03
+  #  - 2013.09
+  #- name: GenericBSD
+  #  versions:
+  #  - all
+  #  - any
+  #- name: FreeBSD
+  #  versions:
+  #  - all
+  #  - 8.0
+  #  - 8.1
+  #  - 8.2
+  #  - 8.3
+  #  - 8.4
+  #  - 9.0
+  #  - 9.1
+  #  - 9.1
+  #  - 9.2
+  #- name: Ubuntu
+  #  versions:
+  #  - all
+  #  - lucid
+  #  - maverick
+  #  - natty
+  #  - oneiric
+  #  - precise
+  #  - quantal
+  #  - raring
+  #  - saucy
+  #  - trusty
+  #- name: SLES
+  #  versions:
+  #  - all
+  #  - 10SP3
+  #  - 10SP4
+  #  - 11
+  #  - 11SP1
+  #  - 11SP2
+  #  - 11SP3
+  #- name: GenericLinux
+  #  versions:
+  #  - all
+  #  - any
+  #- name: Debian
+  #  versions:
+  #  - all
+  #  - etch
+  #  - lenny
+  #  - squeeze
+  #  - wheezy
+  #
+  # Below are all categories currently available. Just as with
+  # the platforms above, uncomment those that apply to your role.
+  #
+  #categories:
+  #- cloud
+  #- cloud:ec2
+  #- cloud:gce
+  #- cloud:rax
+  #- clustering
+  #- database
+  #- database:nosql
+  #- database:sql
+  #- development
+  #- monitoring
+  #- networking
+  #- packaging
+  #- system
+  #- web
+dependencies: []
+  # List your role dependencies here, one per line. Only
+  # dependencies available via galaxy should be listed here.
+  # Be sure to remove the '[]' above if you add dependencies
+  # to this list.
+  

roles/kubernetes_controller_manager/tasks/main.yml

@@ -0,0 +1,7 @@
+---
+# tasks file for kubernetes_controller_manager
+- name: Install kubernetes
+  yum: pkg=kubernetes
+
+- name: Enable controller-manager
+  service: name=kubernetes-controller-manager enabled=yes state=started

roles/kubernetes_controller_manager/vars/main.yml

@@ -0,0 +1,2 @@
+---
+# vars file for kubernetes_controller_manager

roles/kubernetes_kubelet/README.md

@@ -0,0 +1,38 @@
+Role Name
+=========
+
+A brief description of the role goes here.
+
+Requirements
+------------
+
+Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+
+Role Variables
+--------------
+
+A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
+
+Dependencies
+------------
+
+A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
+
+Example Playbook
+----------------
+
+Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+
+    - hosts: servers
+      roles:
+         - { role: username.rolename, x: 42 }
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+An optional section for the role authors to include contact information, or a website (HTML is not allowed).

roles/kubernetes_kubelet/defaults/main.yml

@@ -0,0 +1,2 @@
+---
+# defaults file for kubernetes_kubelet

roles/kubernetes_kubelet/files/kubelet.service

@@ -0,0 +1,10 @@
+[Unit]
+Description=Kubernetes Kubelet Server
+Documentation=https://github.com/GoogleCloudPlatform/kubernetes
+
+[Service]
+EnvironmentFile=/etc/sysconfig/kubelet
+ExecStart=/usr/local/bin/kubelet "$DAEMON_ARGS"
+
+[Install]
+WantedBy=multi-user.target

roles/kubernetes_kubelet/handlers/main.yml

@@ -0,0 +1,4 @@
+---
+# handlers file for kubernetes_kubelet
+- name: restart kubelet
+  service: name=kubernetes-kubelet state=restarted

roles/kubernetes_kubelet/meta/main.yml

@@ -0,0 +1,124 @@
+---
+galaxy_info:
+  author: your name
+  description: 
+  company: your company (optional)
+  # Some suggested licenses:
+  # - BSD (default)
+  # - MIT
+  # - GPLv2
+  # - GPLv3
+  # - Apache
+  # - CC-BY
+  license: license (GPLv2, CC-BY, etc)
+  min_ansible_version: 1.2
+  #
+  # Below are all platforms currently available. Just uncomment
+  # the ones that apply to your role. If you don't see your 
+  # platform on this list, let us know and we'll get it added!
+  #
+  #platforms:
+  #- name: EL
+  #  versions:
+  #  - all
+  #  - 5
+  #  - 6
+  #  - 7
+  #- name: GenericUNIX
+  #  versions:
+  #  - all
+  #  - any
+  #- name: Fedora
+  #  versions:
+  #  - all
+  #  - 16
+  #  - 17
+  #  - 18
+  #  - 19
+  #  - 20
+  #- name: opensuse
+  #  versions:
+  #  - all
+  #  - 12.1
+  #  - 12.2
+  #  - 12.3
+  #  - 13.1
+  #  - 13.2
+  #- name: Amazon
+  #  versions:
+  #  - all
+  #  - 2013.03
+  #  - 2013.09
+  #- name: GenericBSD
+  #  versions:
+  #  - all
+  #  - any
+  #- name: FreeBSD
+  #  versions:
+  #  - all
+  #  - 8.0
+  #  - 8.1
+  #  - 8.2
+  #  - 8.3
+  #  - 8.4
+  #  - 9.0
+  #  - 9.1
+  #  - 9.1
+  #  - 9.2
+  #- name: Ubuntu
+  #  versions:
+  #  - all
+  #  - lucid
+  #  - maverick
+  #  - natty
+  #  - oneiric
+  #  - precise
+  #  - quantal
+  #  - raring
+  #  - saucy
+  #  - trusty
+  #- name: SLES
+  #  versions:
+  #  - all
+  #  - 10SP3
+  #  - 10SP4
+  #  - 11
+  #  - 11SP1
+  #  - 11SP2
+  #  - 11SP3
+  #- name: GenericLinux
+  #  versions:
+  #  - all
+  #  - any
+  #- name: Debian
+  #  versions:
+  #  - all
+  #  - etch
+  #  - lenny
+  #  - squeeze
+  #  - wheezy
+  #
+  # Below are all categories currently available. Just as with
+  # the platforms above, uncomment those that apply to your role.
+  #
+  #categories:
+  #- cloud
+  #- cloud:ec2
+  #- cloud:gce
+  #- cloud:rax
+  #- clustering
+  #- database
+  #- database:nosql
+  #- database:sql
+  #- development
+  #- monitoring
+  #- networking
+  #- packaging
+  #- system
+  #- web
+dependencies: []
+  # List your role dependencies here, one per line. Only
+  # dependencies available via galaxy should be listed here.
+  # Be sure to remove the '[]' above if you add dependencies
+  # to this list.
+  

roles/kubernetes_kubelet/tasks/main.yml

@@ -0,0 +1,31 @@
+---
+# tasks file for kubernetes_kubelet
+- name: Install kubernetes
+  yum: pkg=kubernetes state=installed
+
+- name: Configure kubelet
+  lineinfile: >
+    dest=/etc/sysconfig/kubernetes
+    regexp={{ item.regex }}
+    line="{{ item.line }}"
+  with_items:
+    - { regex: '^KUBE_ETCD_SERVERS=', line: 'KUBE_ETCD_SERVERS=\"http://{{ oo_master_ips[0] }}:4001\"' }
+    - { regex: '^KUBE_KUBELET_ADDRESS=', line: 'KUBE_KUBELET_ADDRESS=\"0.0.0.0\"' }
+    - { regex: '^KUBE_KUBELET_HOSTNAME_OVERRIDE=', line: 'KUBE_KUBELET_HOSTNAME_OVERRIDE=\"{{ hostvars[inventory_hostname].ansible_eth0.ipv4.address }}\"' }
+  notify:
+    - restart kubelet
+
+
+#- name: write the cadvisor config
+#  template: src=cadvisor.manifest dest=/etc/kubernetes/manifests/cadvisor.manifest
+#  notify:
+#    - restart kubelet
+
+- name: Enable kubelet
+  service: name=kubernetes-kubelet enabled=yes state=started
+
+- name: Open firewalld port for the kubelet
+  firewalld: port=10250/tcp permanent=false state=enabled
+
+- name: Save firewalld port for the kubelet
+  firewalld: port=10250/tcp permanent=true state=enabled

roles/kubernetes_kubelet/templates/cadvisor.manifest

@@ -0,0 +1,33 @@
+version: v1beta2
+id: cadvisor-agent
+containers:
+  - name: cadvisor
+    image: google/cadvisor:latest
+    ports:
+      - name: http
+        containerPort: 8080
+        hostPort: 4194
+    volumeMounts:
+      - name: varrun
+        mountPath: /var/run
+        readOnly: false
+      - name: varlibdocker
+        mountPath: /var/lib/docker
+        readOnly: true
+      - name: cgroups
+        mountPath: /sys/fs/cgroup
+        readOnly: true
+volumes:
+  - name: varrun
+    source:
+      hostDir:
+        path: /var/run
+  - name: varlibdocker
+    source:
+      hostDir:
+        path: /var/lib/docker
+  - name: cgroups
+    source:
+      hostDir:
+        path: /sys/fs/cgroup
+

roles/kubernetes_kubelet/templates/kubelet

@@ -0,0 +1,3 @@
+
+DAEMON_ARGS=" -etcd_servers=http://10.245.1.2:4001  -hostname_override=10.245.2.2 -address=0.0.0.0 -config=/etc/kubernetes/manifests"
+

roles/kubernetes_kubelet/vars/main.yml

@@ -0,0 +1,2 @@
+---
+# vars file for kubernetes_kubelet

roles/kubernetes_proxy/README.md

@@ -0,0 +1,38 @@
+Role Name
+=========
+
+A brief description of the role goes here.
+
+Requirements
+------------
+
+Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+
+Role Variables
+--------------
+
+A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
+
+Dependencies
+------------
+
+A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
+
+Example Playbook
+----------------
+
+Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+
+    - hosts: servers
+      roles:
+         - { role: username.rolename, x: 42 }
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+An optional section for the role authors to include contact information, or a website (HTML is not allowed).

roles/kubernetes_proxy/defaults/main.yml

@@ -0,0 +1,2 @@
+---
+# defaults file for kubernetes_proxy

roles/kubernetes_proxy/handlers/main.yml

@@ -0,0 +1,4 @@
+---
+# handlers file for kubernetes_proxy
+- name: restart kubernetes-proxy
+  service: name=kubernetes-proxy state=restarted

roles/kubernetes_proxy/meta/main.yml

@@ -0,0 +1,124 @@
+---
+galaxy_info:
+  author: your name
+  description: 
+  company: your company (optional)
+  # Some suggested licenses:
+  # - BSD (default)
+  # - MIT
+  # - GPLv2
+  # - GPLv3
+  # - Apache
+  # - CC-BY
+  license: license (GPLv2, CC-BY, etc)
+  min_ansible_version: 1.2
+  #
+  # Below are all platforms currently available. Just uncomment
+  # the ones that apply to your role. If you don't see your 
+  # platform on this list, let us know and we'll get it added!
+  #
+  #platforms:
+  #- name: EL
+  #  versions:
+  #  - all
+  #  - 5
+  #  - 6
+  #  - 7
+  #- name: GenericUNIX
+  #  versions:
+  #  - all
+  #  - any
+  #- name: Fedora
+  #  versions:
+  #  - all
+  #  - 16
+  #  - 17
+  #  - 18
+  #  - 19
+  #  - 20
+  #- name: opensuse
+  #  versions:
+  #  - all
+  #  - 12.1
+  #  - 12.2
+  #  - 12.3
+  #  - 13.1
+  #  - 13.2
+  #- name: Amazon
+  #  versions:
+  #  - all
+  #  - 2013.03
+  #  - 2013.09
+  #- name: GenericBSD
+  #  versions:
+  #  - all
+  #  - any
+  #- name: FreeBSD
+  #  versions:
+  #  - all
+  #  - 8.0
+  #  - 8.1
+  #  - 8.2
+  #  - 8.3
+  #  - 8.4
+  #  - 9.0
+  #  - 9.1
+  #  - 9.1
+  #  - 9.2
+  #- name: Ubuntu
+  #  versions:
+  #  - all
+  #  - lucid
+  #  - maverick
+  #  - natty
+  #  - oneiric
+  #  - precise
+  #  - quantal
+  #  - raring
+  #  - saucy
+  #  - trusty
+  #- name: SLES
+  #  versions:
+  #  - all
+  #  - 10SP3
+  #  - 10SP4
+  #  - 11
+  #  - 11SP1
+  #  - 11SP2
+  #  - 11SP3
+  #- name: GenericLinux
+  #  versions:
+  #  - all
+  #  - any
+  #- name: Debian
+  #  versions:
+  #  - all
+  #  - etch
+  #  - lenny
+  #  - squeeze
+  #  - wheezy
+  #
+  # Below are all categories currently available. Just as with
+  # the platforms above, uncomment those that apply to your role.
+  #
+  #categories:
+  #- cloud
+  #- cloud:ec2
+  #- cloud:gce
+  #- cloud:rax
+  #- clustering
+  #- database
+  #- database:nosql
+  #- database:sql
+  #- development
+  #- monitoring
+  #- networking
+  #- packaging
+  #- system
+  #- web
+dependencies: []
+  # List your role dependencies here, one per line. Only
+  # dependencies available via galaxy should be listed here.
+  # Be sure to remove the '[]' above if you add dependencies
+  # to this list.
+  

roles/kubernetes_proxy/tasks/main.yml

@@ -0,0 +1,17 @@
+---
+# tasks file for kubernetes_proxy
+- name: Install kubernetes
+  yum: pkg=kubernetes state=installed
+
+- name: Configure kubernetes-proxy etcd servers
+  lineinfile: >
+    dest=/etc/sysconfig/kubernetes
+    regexp={{ item.regex }}
+    line="{{ item.line }}"
+  with_items:
+    - { regex: '^KUBE_ETCD_SERVERS=', line: 'KUBE_ETCD_SERVERS=\"http://{{ oo_master_ips[0] }}:4001\"' }
+  notify:
+    - restart kubernetes-proxy
+
+- name: Enable proxy
+  service: name=kubernetes-proxy enabled=yes state=started

roles/kubernetes_proxy/vars/main.yml

@@ -0,0 +1,2 @@
+---
+# vars file for kubernetes_proxy

roles/pods/README.md

@@ -0,0 +1,38 @@
+Role Name
+=========
+
+A brief description of the role goes here.
+
+Requirements
+------------
+
+Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+
+Role Variables
+--------------
+
+A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
+
+Dependencies
+------------
+
+A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
+
+Example Playbook
+----------------
+
+Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+
+    - hosts: servers
+      roles:
+         - { role: username.rolename, x: 42 }
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+An optional section for the role authors to include contact information, or a website (HTML is not allowed).

roles/pods/defaults/main.yml

@@ -0,0 +1,2 @@
+---
+# defaults file for pods

roles/pods/files/pods/fedora_apache.json

@@ -0,0 +1,21 @@
+{
+  "id": "apache",
+  "desiredState": {
+    "manifest": {
+      "version": "v1beta1",
+      "id": "apache-1",
+      "containers": [{
+        "name": "master",
+        "image": "fedora/apache",
+        "ports": [{
+          "containerPort": 80,
+          "hostPort": 80
+        }]
+      }]
+    }
+  },
+  "labels": {
+    "name": "apache",
+    "distro": "fedora"
+  }
+}

roles/pods/files/pods/frontend-controller.json

@@ -0,0 +1,23 @@
+{
+  "id": "frontendController",
+  "kind": "ReplicationController",
+  "apiVersion": "v1beta1",
+  "desiredState": {
+    "replicas": 2,
+    "replicaSelector": {"name": "frontend"},
+    "podTemplate": {
+      "desiredState": {
+         "manifest": {
+           "version": "v1beta1",
+           "id": "frontendController",
+           "containers": [{
+             "name": "php-redis",
+             "image": "brendanburns/php-redis",
+             "ports": [{"containerPort": 80, "hostPort": 8000}]
+           }]
+         }
+       },
+       "labels": {"name": "frontend"}
+      }},
+  "labels": {"name": "frontend"}
+}

roles/pods/files/pods/redis-master-service.json

@@ -0,0 +1,10 @@
+{
+  "id": "redismaster",
+  "kind": "Service",
+  "apiVersion": "v1beta1",
+  "port": 10000,
+  "containerPort": 6379,
+  "selector": {
+    "name": "redis-master"
+  }
+}

roles/pods/files/pods/redis-master.json

@@ -0,0 +1,22 @@
+{
+  "id": "redis-master-2",
+  "kind": "Pod",
+  "apiVersion": "v1beta1",
+  "desiredState": {
+    "manifest": {
+      "version": "v1beta1",
+      "id": "redis-master-2",
+      "containers": [{
+        "name": "master",
+        "image": "dockerfile/redis",
+        "ports": [{
+          "containerPort": 6379,
+          "hostPort": 6379
+        }]
+      }]
+    }
+  },
+  "labels": {
+    "name": "redis-master"
+  }
+}

roles/pods/files/pods/redis-slave-controller.json

@@ -0,0 +1,24 @@
+{
+  "id": "redisSlaveController",
+  "kind": "ReplicationController",
+  "apiVersion": "v1beta1",
+  "desiredState": {
+    "replicas": 2,
+    "replicaSelector": {"name": "redisslave"},
+    "podTemplate": {
+      "desiredState": {
+         "manifest": {
+           "version": "v1beta1",
+           "id": "redisSlaveController",
+           "containers": [{
+             "name": "slave",
+             "image": "brendanburns/redis-slave",
+             "ports": [{"containerPort": 6379, "hostPort": 6380}]
+           }]
+         }
+       },
+       "labels": {"name": "redisslave"}
+      }},
+  "labels": {"name": "redisslave"}
+}
+

roles/pods/files/pods/redis-slave-service.json

@@ -0,0 +1,13 @@
+{
+  "id": "redisslave",
+  "kind": "Service",
+  "apiVersion": "v1beta1",
+  "port": 10001,
+  "containerPort": 6379,
+  "labels": {
+    "name": "redisslave"
+  },
+  "selector": {
+    "name": "redisslave"
+  }
+}

roles/pods/handlers/main.yml

@@ -0,0 +1,2 @@
+---
+# handlers file for pods

roles/pods/meta/main.yml

@@ -0,0 +1,124 @@
+---
+galaxy_info:
+  author: your name
+  description: 
+  company: your company (optional)
+  # Some suggested licenses:
+  # - BSD (default)
+  # - MIT
+  # - GPLv2
+  # - GPLv3
+  # - Apache
+  # - CC-BY
+  license: license (GPLv2, CC-BY, etc)
+  min_ansible_version: 1.2
+  #
+  # Below are all platforms currently available. Just uncomment
+  # the ones that apply to your role. If you don't see your 
+  # platform on this list, let us know and we'll get it added!
+  #
+  #platforms:
+  #- name: EL
+  #  versions:
+  #  - all
+  #  - 5
+  #  - 6
+  #  - 7
+  #- name: GenericUNIX
+  #  versions:
+  #  - all
+  #  - any
+  #- name: Fedora
+  #  versions:
+  #  - all
+  #  - 16
+  #  - 17
+  #  - 18
+  #  - 19
+  #  - 20
+  #- name: opensuse
+  #  versions:
+  #  - all
+  #  - 12.1
+  #  - 12.2
+  #  - 12.3
+  #  - 13.1
+  #  - 13.2
+  #- name: Amazon
+  #  versions:
+  #  - all
+  #  - 2013.03
+  #  - 2013.09
+  #- name: GenericBSD
+  #  versions:
+  #  - all
+  #  - any
+  #- name: FreeBSD
+  #  versions:
+  #  - all
+  #  - 8.0
+  #  - 8.1
+  #  - 8.2
+  #  - 8.3
+  #  - 8.4
+  #  - 9.0
+  #  - 9.1
+  #  - 9.1
+  #  - 9.2
+  #- name: Ubuntu
+  #  versions:
+  #  - all
+  #  - lucid
+  #  - maverick
+  #  - natty
+  #  - oneiric
+  #  - precise
+  #  - quantal
+  #  - raring
+  #  - saucy
+  #  - trusty
+  #- name: SLES
+  #  versions:
+  #  - all
+  #  - 10SP3
+  #  - 10SP4
+  #  - 11
+  #  - 11SP1
+  #  - 11SP2
+  #  - 11SP3
+  #- name: GenericLinux
+  #  versions:
+  #  - all
+  #  - any
+  #- name: Debian
+  #  versions:
+  #  - all
+  #  - etch
+  #  - lenny
+  #  - squeeze
+  #  - wheezy
+  #
+  # Below are all categories currently available. Just as with
+  # the platforms above, uncomment those that apply to your role.
+  #
+  #categories:
+  #- cloud
+  #- cloud:ec2
+  #- cloud:gce
+  #- cloud:rax
+  #- clustering
+  #- database
+  #- database:nosql
+  #- database:sql
+  #- development
+  #- monitoring
+  #- networking
+  #- packaging
+  #- system
+  #- web
+dependencies: []
+  # List your role dependencies here, one per line. Only
+  # dependencies available via galaxy should be listed here.
+  # Be sure to remove the '[]' above if you add dependencies
+  # to this list.
+  

roles/pods/tasks/main.yml

@@ -0,0 +1,6 @@
+---
+- name: Transfer the fedora_apache pod template
+  file: path=/usr/local/etc/pods state=directory
+
+- name: Transfer the fedora_apache pod template
+  copy: directory_mode=on src=pods/ dest=/usr/local/etc/pods/

roles/pods/vars/main.yml

@@ -0,0 +1,2 @@
+---
+# vars file for pods

roles/repos/files/RPM-GPG-KEY-redhat-release

@@ -0,0 +1,63 @@
+The following public key can be used to verify RPM packages built and
+signed by Red Hat, Inc.  This key is used for packages in Red Hat
+products shipped after November 2009, and for all updates to those
+products.
+
+Questions about this key should be sent to security@redhat.com.
+
+pub  4096R/FD431D51 2009-10-22 Red Hat, Inc. (release key 2) <security@redhat.com>
+
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1.2.6 (GNU/Linux)
+
+mQINBErgSTsBEACh2A4b0O9t+vzC9VrVtL1AKvUWi9OPCjkvR7Xd8DtJxeeMZ5eF
+0HtzIG58qDRybwUe89FZprB1ffuUKzdE+HcL3FbNWSSOXVjZIersdXyH3NvnLLLF
+0DNRB2ix3bXG9Rh/RXpFsNxDp2CEMdUvbYCzE79K1EnUTVh1L0Of023FtPSZXX0c
+u7Pb5DI5lX5YeoXO6RoodrIGYJsVBQWnrWw4xNTconUfNPk0EGZtEnzvH2zyPoJh
+XGF+Ncu9XwbalnYde10OCvSWAZ5zTCpoLMTvQjWpbCdWXJzCm6G+/hx9upke546H
+5IjtYm4dTIVTnc3wvDiODgBKRzOl9rEOCIgOuGtDxRxcQkjrC+xvg5Vkqn7vBUyW
+9pHedOU+PoF3DGOM+dqv+eNKBvh9YF9ugFAQBkcG7viZgvGEMGGUpzNgN7XnS1gj
+/DPo9mZESOYnKceve2tIC87p2hqjrxOHuI7fkZYeNIcAoa83rBltFXaBDYhWAKS1
+PcXS1/7JzP0ky7d0L6Xbu/If5kqWQpKwUInXtySRkuraVfuK3Bpa+X1XecWi24JY
+HVtlNX025xx1ewVzGNCTlWn1skQN2OOoQTV4C8/qFpTW6DTWYurd4+fE0OJFJZQF
+buhfXYwmRlVOgN5i77NTIJZJQfYFj38c/Iv5vZBPokO6mffrOTv3MHWVgQARAQAB
+tDNSZWQgSGF0LCBJbmMuIChyZWxlYXNlIGtleSAyKSA8c2VjdXJpdHlAcmVkaGF0
+LmNvbT6JAjYEEwECACAFAkrgSTsCGwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAK
+CRAZni+R/UMdUWzpD/9s5SFR/ZF3yjY5VLUFLMXIKUztNN3oc45fyLdTI3+UClKC
+2tEruzYjqNHhqAEXa2sN1fMrsuKec61Ll2NfvJjkLKDvgVIh7kM7aslNYVOP6BTf
+C/JJ7/ufz3UZmyViH/WDl+AYdgk3JqCIO5w5ryrC9IyBzYv2m0HqYbWfphY3uHw5
+un3ndLJcu8+BGP5F+ONQEGl+DRH58Il9Jp3HwbRa7dvkPgEhfFR+1hI+Btta2C7E
+0/2NKzCxZw7Lx3PBRcU92YKyaEihfy/aQKZCAuyfKiMvsmzs+4poIX7I9NQCJpyE
+IGfINoZ7VxqHwRn/d5mw2MZTJjbzSf+Um9YJyA0iEEyD6qjriWQRbuxpQXmlAJbh
+8okZ4gbVFv1F8MzK+4R8VvWJ0XxgtikSo72fHjwha7MAjqFnOq6eo6fEC/75g3NL
+Ght5VdpGuHk0vbdENHMC8wS99e5qXGNDued3hlTavDMlEAHl34q2H9nakTGRF5Ki
+JUfNh3DVRGhg8cMIti21njiRh7gyFI2OccATY7bBSr79JhuNwelHuxLrCFpY7V25
+OFktl15jZJaMxuQBqYdBgSay2G0U6D1+7VsWufpzd/Abx1/c3oi9ZaJvW22kAggq
+dzdA27UUYjWvx42w9menJwh/0jeQcTecIUd0d0rFcw/c1pvgMMl/Q73yzKgKYw==
+=zbHE
+-----END PGP PUBLIC KEY BLOCK-----
+The following public key can be used to verify RPM packages built and
+signed by Red Hat, Inc.  This key is a supporting (auxiliary) key for
+Red Hat products shipped after November 2006 and for all updates to
+those products.
+
+Questions about this key should be sent to security@redhat.com.
+
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1.2.6 (GNU/Linux)
+
+mQGiBEVwDGkRBACwPhZIpvkjI8wV9sFTDoqyPLx1ub8Sd/w+YuI5Ovm49mvvEQVT
+VLg8FgE5JlST59AbsLDyVtRa9CxIvN5syBVrWWWtHtDnnylFBcqG/A6J3bI4E9/A
+UtSL5Zxbav0+utP6f3wOpxQrxc+WIDVgpurdBKAQ3dsobGBqypeX6FXZ5wCgou6C
+yZpGIBqosJaDWLzNeOfb/70D/1thLkQyhW3JJ6cHCYJHNfBShvbLWBf6S231mgmu
+MyMlt8Kmipc9bw+saaAkSkVsQ/ZbfjrWB7e5kbMruKLVrH+nGhamlHYUGyAPtsPg
+Uj/NUSj5BmrCsOkMpn43ngTLssE9MLhSPj2nIHGFv9B+iVLvomDdwnaBRgQ1aK8z
+z6MAA/406yf5yVJ/MlTWs1/68VwDhosc9BtU1V5IE0NXgZUAfBJzzfVzzKQq6zJ2
+eZsMLhr96wbsW13zUZt1ing+ulwh2ee4meuJq6h/971JspFY/XBhcfq4qCNqVjsq
+SZnWoGdCO6J8CxPIemD2IUHzjoyyeEj3RVydup6pcWZAmhzkKrQzUmVkIEhhdCwg
+SW5jLiAoYXV4aWxpYXJ5IGtleSkgPHNlY3VyaXR5QHJlZGhhdC5jb20+iF4EExEC
+AB4FAkVwDGkCGwMGCwkIBwMCAxUCAwMWAgECHgECF4AACgkQRWiciC+mWOC1rQCg
+ooNLCFOzNPcvhd9Za8C801HmnsYAniCw3yzrCqtjYnxDDxlufH0FVTwX
+=d/bm
+-----END PGP PUBLIC KEY BLOCK-----
+

roles/repos/files/docker.repo

@@ -0,0 +1,5 @@
+[docker]
+name= Temporary Docker rpm
+baseurl=http://10.240.169.148/mirror/docker
+gpgcheck=0
+enabled=1

roles/repos/files/epel7-kubernetes.repo

@@ -0,0 +1,6 @@
+[maxamillion-epel7-kubernetes]
+name=Copr repo for epel7-kubernetes owned by maxamillion
+baseurl=http://copr-be.cloud.fedoraproject.org/results/maxamillion/epel7-kubernetes/epel-7-$basearch/
+skip_if_unavailable=True
+gpgcheck=0
+enabled=1

roles/repos/files/oso-rhui-rhel-7-server.repo

@@ -0,0 +1,13 @@
+[oso-rhel-7-server]
+name=Red Hat Enterprise Linux 7 Server from RHUI (RPMs)
+baseurl=http://10.240.169.148/mirror/rhui-rhel-server-7-releases
+enabled=1
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
+
+[oso-rhel-7-server-optional]
+name=Red Hat Enterprise Linux 7 Server - Optional from RHUI (RPMs)
+baseurl=http://10.240.169.148/mirror/rhui-rhel-server-7-releases-optional
+enabled=1
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release

roles/repos/files/rhel-7-libra-candidate.repo

@@ -0,0 +1,10 @@
+[rhel-7-libra-candidate]
+name=rhel-7-libra-candidate - \$basearch
+baseurl=https://mirror1.ops.rhcloud.com/libra/rhel-7-libra-candidate/\$basearch/
+gpgkey=https://mirror1.ops.rhcloud.com/libra/RPM-GPG-KEY-redhat-release https://mirror1.ops.rhcloud.com/libra/RPM-GPG-KEY-redhat-beta https://mirror1.ops.rhcloud.com/libra/RPM-GPG-KEY-redhat-openshifthosted
+skip_if_unavailable=True
+gpgcheck=0
+enabled=1
+sslclientcert=/var/lib/yum/client-cert.pem
+sslclientkey=/var/lib/yum/client-key.pem
+sslverify=False

roles/repos/tasks/main.yaml

@@ -0,0 +1,27 @@
+---
+# The following role lays down the correct repository and gpg key for yum
+
+#- name: Ensure oso rhui rhel 7 server repository exists in yum.repos.d
+#  copy: >
+#    src=oso-rhui-rhel-7-server.repo
+#    dest=/etc/yum.repos.d/oso-rhui-rhel-7-server.repo
+#
+#- name: Ensure Red Hat GPG Key is in place for the previous repo
+#  copy: >
+#    src=RPM-GPG-KEY-redhat-release
+#    dest=/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
+
+- name: Ensure rhel-7-libra-candidate client-key.pem exists
+  copy: src=client-key.pem dest=/var/lib/yum/client-key.pem
+
+- name: Ensure rhel-7-libra-candidate client-cert.pem exists
+  copy: src=client-cert.pem dest=/var/lib/yum/client-cert.pem
+
+- name: Ensure rhel 7 libra candidate exists in yum.repos.d
+  copy: src=rhel-7-libra-candidate.repo dest=/etc/yum.repos.d/rhel-7-libra-candidate.repo
+
+- name: Ensure a docker repo is laid down
+  copy: src=docker.repo dest=/etc/yum.repos.d/docker.repo
+
+- name: Ensure the kubernetes repo is available
+  copy: src=epel7-kubernetes.repo dest=/etc/yum.repos.d/epel7-kubernetes.repo