Add the DNS updates and rename the openstack vars

Most of the vars in `roles/openshift_openstack/defaults/main.yml` are
now prefixed with `openstack_`.

.gitignore

@@ -24,4 +24,3 @@ multi_ec2.yaml
 *.egg-info
 .eggs
 cover/
-roles/infra-ansible/

playbooks/openstack/README.md

@@ -142,7 +142,7 @@ corresponding to your OpenStack installation.
 $ vi inventory/group_vars/all.yml
 ```
 
-1. Set the `openstack_ssh_public_key` to your OpenStack keypair name.
+1. Set the `openstack_keypair_name` to your OpenStack keypair name.
    - See `openstack keypair list` to find the keypairs registered with
    OpenShift.
    - This must correspond to your private SSH key in `~/.ssh/id_rsa`
@@ -156,20 +156,16 @@ $ vi inventory/group_vars/all.yml
 4. Set the `openstack_default_flavor` to the flavor you want your
    OpenShift VMs to use.
    - See `openstack flavor list` for the list of available flavors.
-5. Set the `public_dns_nameservers` to the list of the IP addresses
-   of the DNS servers used for the **private** address resolution[1].
+5. Set the `openstack_dns_nameservers` to the list of the IP addresses
+   of the DNS servers used for the **private** address resolution.
 
-**NOTE**: In most OpenStack environments, you will also need to
-configure the forwarders for the DNS server we create. This depends on
-your environment.
+**NOTE ON DNS**: at minimum, the OpenShift nodes need to be able to access each
+other by their hostname.  OpenStack doesn't provide this by default, so you
+need to provide a DNS server. Put the address of that DNS server in
+`openstack_dns_nameservers` variable.
 
-Launch a VM in your OpenStack and look at its `/etc/resolv.conf` and
-put the IP addresses into `public_dns_nameservers` in
-`inventory/group_vars/all.yml`.
 
 
-[1]: Yes, the name is bad. We will fix it.
-
 
 #### OpenShift configuration
 

playbooks/openstack/advanced-configuration.md

@@ -192,11 +192,10 @@ The `openstack_<role name>_hostname` is a set of variables used for customising
 hostnames of servers with a given role. When such a variable stays commented,
 default hostname (usually the role name) is used.
 
-The `public_dns_nameservers` is a list of DNS servers accessible from all
-the created Nova servers. These will be serving as your DNS forwarders for
-external FQDNs that do not belong to the cluster's DNS domain and its subdomains.
-If you're unsure what to put in here, you can try the google or opendns servers,
-but note that some organizations may be blocking them.
+The `openstack_dns_nameservers` is a list of DNS servers accessible from all
+the created Nova servers. These will provide the internal name resolution for
+your OpenShift nodes (as well as upstream name resolution for installing
+packages, etc.).
 
 The `openshift_use_dnsmasq` controls either dnsmasq is deployed or not.
 By default, dnsmasq is deployed and comes as the hosts' /etc/resolv.conf file
@@ -265,7 +264,7 @@ step for flannel and docker iptables configuration:
 
 ## Other configuration variables
 
-`openstack_ssh_public_key` is a Nova keypair - you can see your
+`openstack_keypair_name` is a Nova keypair - you can see your
 keypairs with `openstack keypair list`. It must correspond to the
 private SSH key Ansible will use to log into the created VMs. This is
 `~/.ssh/id_rsa` by default, but you can use a different key by passing

playbooks/openstack/openshift-cluster/provision.yml

@@ -7,15 +7,17 @@
       name: openshift_openstack
       tasks_from: provision.yml
 
-# NOTE(shadower): the (internal) DNS must be functional at this point!!
-# That will have happened in provision.yml if nsupdate was configured.
 
-# TODO(shadower): consider splitting this up so people can stop here
-# and configure their DNS if they have to.
+# NOTE(shadower): Bring in the host groups:
+- name: normalize groups
+  include: ../../byo/openshift-cluster/initialize_groups.yml
+- name: evaluate groups
+  include: ../../common/openshift-cluster/evaluate_groups.yml
 
-- name: Prepare the Nodes in the cluster for installation
+
+- name: Wait for the nodes and gather their facts
   hosts: oo_all_hosts
-  become: true
+  become: yes
   # NOTE: The nodes may not be up yet, don't gather facts here.
   # They'll be collected after `wait_for_connection`.
   gather_facts: no
@@ -26,6 +28,28 @@
   - name: Gather facts for the new nodes
     setup:
 
+
+# NOTE(shadower): the (internal) DNS must be functional at this point!!
+# That will have happened in provision.yml if nsupdate was configured.
+
+# TODO(shadower): consider splitting this up so people can stop here
+# and configure their DNS if they have to.
+- name: Populate the DNS entries
+  hosts: localhost
+  tasks:
+  - name: Populate DNS entries
+    include_role:
+      name: openshift_openstack
+      tasks_from: populate-dns.yml
+    when:
+    - external_nsupdate_keys is defined
+    - external_nsupdate_keys.private is defined or external_nsupdate_keys.public is defined
+
+- name: Prepare the Nodes in the cluster for installation
+  hosts: oo_all_hosts
+  become: yes
+  gather_facts: yes
+  tasks:
   - name: Install dependencies
     include_role:
       name: openshift_openstack

playbooks/openstack/sample-inventory/group_vars/OSEv3.yml

@@ -5,8 +5,8 @@ openshift_deployment_type: origin
 openshift_master_default_subdomain: "apps.{{ env_id }}.{{ public_dns_domain }}"
 
 openshift_master_cluster_method: native
-openshift_master_cluster_hostname: "{{ groups.lb.0|default(groups.masters.0) }}"
-openshift_master_cluster_public_hostname: "{{ groups.lb.0|default(groups.masters.0) }}"
+openshift_master_cluster_hostname: "console.{{ env_id }}.{{ public_dns_domain }}"
+openshift_master_cluster_public_hostname: "{{ openshift_master_cluster_hostname }}"
 
 osm_default_node_selector: 'region=primary'
 

playbooks/openstack/sample-inventory/group_vars/all.yml

@@ -1,7 +1,7 @@
 ---
 env_id: "openshift"
 public_dns_domain: "example.com"
-public_dns_nameservers: []
+openstack_dns_nameservers: []
 
 # # Used Hostnames
 # # - set custom hostnames for roles by uncommenting corresponding lines
@@ -12,7 +12,7 @@ public_dns_nameservers: []
 #openstack_etcd_hostname: "etcd"
 #openstack_dns_hostname: "dns"
 
-openstack_ssh_public_key: "openshift"
+openstack_keypair_name: "openshift"
 openstack_external_network_name: "public"
 #openstack_private_network_name:  "openshift-ansible-{{ stack_name }}-net"
 # # A dedicated Neutron network name for containers data network

roles/openshift_openstack/defaults/main.yml

@@ -1,5 +1,4 @@
 ---
-
 stack_state: 'present'
 
 ssh_ingress_cidr: 0.0.0.0/0
@@ -7,18 +6,13 @@ node_ingress_cidr: 0.0.0.0/0
 master_ingress_cidr: 0.0.0.0/0
 lb_ingress_cidr: 0.0.0.0/0
 bastion_ingress_cidr: 0.0.0.0/0
-num_etcd: 0
-num_masters: 1
-num_nodes: 1
-num_dns: 1
-num_infra: 1
-nodes_to_remove: []
-etcd_volume_size: 2
-dns_volume_size: 1
-lb_volume_size: 5
-use_bastion: False
-ui_ssh_tunnel: False
-provider_network: False
+openstack_num_etcd: 0
+openstack_num_masters: 1
+openstack_num_nodes: 1
+openstack_num_dns: 0
+openstack_num_infra: 1
+openstack_dns_nameservers: []
+openstack_nodes_to_remove: []
 
 
 openshift_cluster_node_labels:
@@ -61,48 +55,41 @@ openshift_app_domain: "apps"
 
 # heat vars
 stack_name: "{{ env_id }}.{{ public_dns_domain }}"
-dns_domain: "{{ public_dns_domain }}"
-dns_nameservers: "{{ public_dns_nameservers }}"
-subnet_prefix: "{{ openstack_subnet_prefix }}"
-master_hostname: "{{ openstack_master_hostname | default('master') }}"
-infra_hostname: "{{ openstack_infra_hostname | default('infra-node') }}"
-node_hostname: "{{ openstack_node_hostname | default('app-node') }}"
-lb_hostname: "{{ openstack_lb_hostname | default('lb') }}"
-etcd_hostname: "{{ openstack_etcd_hostname | default('etcd') }}"
-dns_hostname: "{{ openstack_dns_hostname | default('dns') }}"
-ssh_public_key: "{{ openstack_ssh_public_key }}"
-openstack_image: "{{ openstack_default_image_name }}"
-lb_flavor: "{{ openstack_lb_flavor | default(openstack_default_flavor) }}"
-etcd_flavor: "{{ openstack_etcd_flavor | default(openstack_default_flavor) }}"
-master_flavor: "{{ openstack_master_flavor | default(openstack_default_flavor) }}"
-node_flavor: "{{ openstack_node_flavor | default(openstack_default_flavor) }}"
-infra_flavor: "{{ openstack_infra_flavor | default(openstack_default_flavor) }}"
-dns_flavor: "{{ openstack_dns_flavor | default(openstack_default_flavor) }}"
-openstack_master_image: "{{ openstack_master_image_name | default(openstack_default_image_name) }}"
-openstack_infra_image: "{{ openstack_infra_image_name | default(openstack_default_image_name) }}"
-openstack_node_image: "{{ openstack_node_image_name | default(openstack_default_image_name) }}"
-openstack_lb_image: "{{ openstack_lb_image_name | default(openstack_default_image_name) }}"
-openstack_etcd_image: "{{ openstack_etcd_image_name | default(openstack_default_image_name) }}"
-openstack_dns_image: "{{ openstack_dns_image_name | default(openstack_default_image_name) }}"
+openstack_subnet_prefix: "192.168.99"
+openstack_master_hostname: master
+openstack_infra_hostname: infra-node
+openstack_node_hostname: app-node
+openstack_lb_hostname: lb
+openstack_etcd_hostname: etcd
+openstack_dns_hostname: dns
+openstack_keypair_name: openshift
+openstack_lb_flavor: "{{ openstack_default_flavor }}"
+openstack_etcd_flavor: "{{ openstack_default_flavor }}"
+openstack_master_flavor: "{{ openstack_default_flavor }}"
+openstack_node_flavor: "{{ openstack_default_flavor }}"
+openstack_infra_flavor: "{{ openstack_default_flavor }}"
+openstack_dns_flavor: "{{ openstack_default_flavor }}"
+openstack_master_image: "{{ openstack_default_image_name }}"
+openstack_infra_image: "{{ openstack_default_image_name }}"
+openstack_node_image: "{{ openstack_default_image_name }}"
+openstack_lb_image: "{{ openstack_default_image_name }}"
+openstack_etcd_image: "{{ openstack_default_image_name }}"
+openstack_dns_image: "{{ openstack_default_image_name }}"
+openstack_provider_network_name: False
+openstack_external_network_name: False
 openstack_private_network: >-
   {% if openstack_provider_network_name | default(None) -%}
   {{ openstack_provider_network_name }}
   {%- else -%}
   {{ openstack_private_network_name | default ('openshift-ansible-' + stack_name + '-net') }}
   {%- endif -%}
-provider_network: "{{ openstack_provider_network_name | default(None) }}"
-external_network: "{{ openstack_external_network_name | default(None) }}"
-num_etcd: "{{ openstack_num_etcd | default(0) }}"
-num_masters: "{{ openstack_num_masters }}"
-num_nodes: "{{ openstack_num_nodes }}"
-num_infra: "{{ openstack_num_infra }}"
-num_dns: "{{ openstack_num_dns | default(1) }}"
-master_server_group_policies: "{{ openstack_master_server_group_policies | default([]) | to_yaml }}"
-infra_server_group_policies: "{{ openstack_infra_server_group_policies | default([]) | to_yaml }}"
-master_volume_size: "{{ docker_master_volume_size | default(docker_volume_size) }}"
-infra_volume_size: "{{ docker_infra_volume_size | default(docker_volume_size) }}"
-node_volume_size: "{{ docker_node_volume_size | default(docker_volume_size) }}"
-etcd_volume_size: "{{ docker_etcd_volume_size | default('2') }}"
-dns_volume_size: "{{ docker_dns_volume_size | default('1') }}"
-lb_volume_size: "{{ docker_lb_volume_size | default('5') }}"
-nodes_to_remove: "{{ openstack_nodes_to_remove | default([]) |  to_yaml }}"
+openstack_master_server_group_policies: []
+openstack_infra_server_group_policies: []
+openstack_master_volume_size: "{{ docker_volume_size }}"
+openstack_infra_volume_size: "{{ docker_volume_size }}"
+openstack_node_volume_size: "{{ docker_volume_size }}"
+openstack_etcd_volume_size: 2
+openstack_dns_volume_size: 1
+openstack_lb_volume_size: 5
+openstack_use_bastion: false
+openshift_ui_ssh_tunnel: false

roles/openshift_openstack/tasks/check-prerequisites.yml

@@ -76,13 +76,13 @@
 - name: Try to show keypair
   command: >
            python -c 'import shade; cloud = shade.openstack_cloud();
-           exit(cloud.get_keypair("{{ openstack_ssh_public_key }}") is None)'
+           exit(cloud.get_keypair("{{ openstack_keypair_name }}") is None)'
   ignore_errors: yes
   register: key_result
 - name: Check that keypair is available
   assert:
     that: 'key_result.rc == 0'
-    msg: "Keypair {{ openstack_ssh_public_key }} is not available"
+    msg: "Keypair {{ openstack_keypair_name }} is not available"
 
 # Check that custom images are available
 - include: custom_image_check.yaml

roles/openshift_openstack/tasks/generate-templates.yml

@@ -10,6 +10,9 @@
     stack_template_path: "{{ stack_template_pre.path }}/stack.yaml"
     user_data_template_path: "{{ stack_template_pre.path }}/user-data"
 
+- name: Print out the Heat template directory
+  debug: var=stack_template_pre
+
 - name: generate HOT stack template from jinja2 template
   template:
     src: heat_stack.yaml.j2

roles/openshift_openstack/tasks/hostname.yml

@@ -1,33 +1,26 @@
 ---
-- name: "Verify hostname"
-  command: hostnamectl status --static
-  register: hostname_fqdn
+- name: Setting Hostname Fact
+  set_fact:
+    new_hostname: "{{ custom_hostname | default(inventory_hostname_short) }}"
 
-- name: "Set hostname if required"
-  when: hostname_fqdn.stdout != ansible_fqdn
-  block:
-  - name: Setting Hostname Fact
-    set_fact:
-      new_hostname: "{{ custom_hostname | default(inventory_hostname_short) }}"
+- name: Setting FQDN Fact
+  set_fact:
+    new_fqdn: "{{ new_hostname }}.{{ full_dns_domain }}"
 
-  - name: Setting FQDN Fact
-    set_fact:
-      new_fqdn: "{{ new_hostname }}.{{ full_dns_domain }}"
+- name: Setting hostname and DNS domain
+  hostname: name="{{ new_fqdn }}"
 
-  - name: Setting hostname and DNS domain
-    hostname: name="{{ new_fqdn }}"
+- name: Check for cloud.cfg
+  stat: path=/etc/cloud/cloud.cfg
+  register: cloud_cfg
 
-  - name: Check for cloud.cfg
-    stat: path=/etc/cloud/cloud.cfg
-    register: cloud_cfg
-
-  - name: Prevent cloud-init updates of hostname/fqdn (if applicable)
-    lineinfile:
-      dest: /etc/cloud/cloud.cfg
-      state: present
-      regexp: "{{ item.regexp }}"
-      line: "{{ item.line }}"
-    with_items:
-    - { regexp: '^ - set_hostname', line: '# - set_hostname' }
-    - { regexp: '^ - update_hostname', line: '# - update_hostname' }
-    when: cloud_cfg.stat.exists == True
+- name: Prevent cloud-init updates of hostname/fqdn (if applicable)
+  lineinfile:
+    dest: /etc/cloud/cloud.cfg
+    state: present
+    regexp: "{{ item.regexp }}"
+    line: "{{ item.line }}"
+  with_items:
+  - { regexp: '^ - set_hostname', line: '# - set_hostname' }
+  - { regexp: '^ - update_hostname', line: '# - update_hostname' }
+  when: cloud_cfg.stat.exists == True

roles/openshift_openstack/tasks/populate-dns.yml

@@ -1,37 +1,26 @@
-# TODO: use nsupdate to populate the DNS servers using the keys
-# specified in the inventory.
-
-# this is an optional step -- the deployers may do whatever else they
-# wish here.
-
-
-# TODO: build records
-# TODO: run nsupdate
-
-
 - name: "Generate list of private A records"
   set_fact:
-    private_records: "{{ [ { 'type': 'A', 'hostname': hostvars[item]['ansible_hostname'], 'ip': hostvars[item]['private_v4'] } ] }}"
+    private_records: "{{ private_records | default([]) + [ { 'type': 'A', 'hostname': hostvars[item]['ansible_hostname'], 'ip': hostvars[item]['private_v4'] } ] }}"
   with_items: "{{ groups['cluster_hosts'] }}"
 
-# - name: "Add wildcard records to the private A records for infrahosts"
-#   set_fact:
-#     private_records: "{{ private_records | default([]) + [ { 'type': 'A', 'hostname': '*.' + openshift_app_domain, 'ip': hostvars[item]['private_v4'] } ] }}"
-#   with_items: "{{ groups['infra_hosts'] }}"
-
-# - name: "Add public master cluster hostname records to the private A records (single master)"
-#   set_fact:
-#     private_records: "{{ private_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(full_dns_domain, ''))[:-1], 'ip': hostvars[groups.masters[0]].private_v4 } ] }}"
-#   when:
-#     - hostvars[groups.masters[0]].openshift_master_cluster_public_hostname is defined
-#     - openstack_num_masters == 1
-
-# - name: "Add public master cluster hostname records to the private A records (multi-master)"
-#   set_fact:
-#     private_records: "{{ private_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(full_dns_domain, ''))[:-1], 'ip': hostvars[groups.lb[0]].private_v4 } ] }}"
-#   when:
-#     - hostvars[groups.masters[0]].openshift_master_cluster_public_hostname is defined
-#     - openstack_num_masters > 1
+- name: "Add wildcard records to the private A records for infrahosts"
+  set_fact:
+    private_records: "{{ private_records | default([]) + [ { 'type': 'A', 'hostname': '*.' + openshift_app_domain, 'ip': hostvars[item]['private_v4'] } ] }}"
+  with_items: "{{ groups['infra_hosts'] }}"
+
+- name: "Add public master cluster hostname records to the private A records (single master)"
+  set_fact:
+    private_records: "{{ private_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(full_dns_domain, ''))[:-1], 'ip': hostvars[groups.masters[0]].private_v4 } ] }}"
+  when:
+    - hostvars[groups.masters[0]].openshift_master_cluster_public_hostname is defined
+    - openstack_num_masters == 1
+
+- name: "Add public master cluster hostname records to the private A records (multi-master)"
+  set_fact:
+    private_records: "{{ private_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(full_dns_domain, ''))[:-1], 'ip': hostvars[groups.lb[0]].private_v4 } ] }}"
+  when:
+    - hostvars[groups.masters[0]].openshift_master_cluster_public_hostname is defined
+    - openstack_num_masters > 1
 
 - name: "Set the private DNS server to use the external value (if provided)"
   set_fact:
@@ -55,102 +44,67 @@
         key_algorithm: "{{ nsupdate_key_algorithm_private | lower }}"
         entries: "{{ private_records }}"
 
-# - name: "Generate list of public A records"
-#   set_fact:
-#     public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': hostvars[item]['ansible_hostname'], 'ip': hostvars[item]['public_v4'] } ] }}"
-#   with_items: "{{ groups['cluster_hosts'] }}"
-#   when: hostvars[item]['public_v4'] is defined
-
-# - name: "Add wildcard records to the public A records"
-#   set_fact:
-#     public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': '*.' + openshift_app_domain, 'ip': hostvars[item]['public_v4'] } ] }}"
-#   with_items: "{{ groups['infra_hosts'] }}"
-#   when: hostvars[item]['public_v4'] is defined
-
-# - name: "Add public master cluster hostname records to the public A records (single master)"
-#   set_fact:
-#     public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(full_dns_domain, ''))[:-1], 'ip': hostvars[groups.masters[0]].public_v4 } ] }}"
-#   when:
-#     - hostvars[groups.masters[0]].openshift_master_cluster_public_hostname is defined
-#     - openstack_num_masters == 1
-#     - not use_bastion|bool
-
-# - name: "Add public master cluster hostname records to the public A records (single master behind a bastion)"
-#   set_fact:
-#     public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(full_dns_domain, ''))[:-1], 'ip': hostvars[groups.bastions[0]].public_v4 } ] }}"
-#   when:
-#     - hostvars[groups.masters[0]].openshift_master_cluster_public_hostname is defined
-#     - openstack_num_masters == 1
-#     - use_bastion|bool
-
-# - name: "Add public master cluster hostname records to the public A records (multi-master)"
-#   set_fact:
-#     public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(full_dns_domain, ''))[:-1], 'ip': hostvars[groups.lb[0]].public_v4 } ] }}"
-#   when:
-#     - hostvars[groups.masters[0]].openshift_master_cluster_public_hostname is defined
-#     - openstack_num_masters > 1
-
-# - name: "Set the public DNS server details to use the external value (if provided)"
-#   set_fact:
-#     nsupdate_server_public: "{{ external_nsupdate_keys['public']['server'] }}"
-#     nsupdate_key_secret_public: "{{ external_nsupdate_keys['public']['key_secret'] }}"
-#     nsupdate_key_algorithm_public: "{{ external_nsupdate_keys['public']['key_algorithm'] }}"
-#     nsupdate_public_key_name: "{{ external_nsupdate_keys['public']['key_name']|default('public-' + full_dns_domain) }}"
-#   when:
-#     - external_nsupdate_keys is defined
-#     - external_nsupdate_keys['public'] is defined
-
-# - name: "Set the public DNS server details to use the provisioned value"
-#   set_fact:
-#     nsupdate_server_public: "{{ hostvars[groups['dns'][0]].public_v4 }}"
-#     nsupdate_key_secret_public: "{{ hostvars[groups['dns'][0]].nsupdate_keys['public-' + full_dns_domain].key_secret }}"
-#     nsupdate_key_algorithm_public: "{{ hostvars[groups['dns'][0]].nsupdate_keys['public-' + full_dns_domain].key_algorithm }}"
-#   when:
-#     - nsupdate_server_public is undefined
-
-# - name: "Generate the public Add section for DNS"
-#   set_fact:
-#     public_named_records:
-#       - view: "public"
-#         zone: "{{ full_dns_domain }}"
-#         server: "{{ nsupdate_server_public }}"
-#         key_name: "{{ nsupdate_public_key_name|default('public-' + full_dns_domain) }}"
-#         key_secret: "{{ nsupdate_key_secret_public }}"
-#         key_algorithm: "{{ nsupdate_key_algorithm_public | lower }}"
-#         entries: "{{ public_records }}"
-
+- name: "Generate list of public A records"
+  set_fact:
+    public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': hostvars[item]['ansible_hostname'], 'ip': hostvars[item]['public_v4'] } ] }}"
+  with_items: "{{ groups['cluster_hosts'] }}"
+  when: hostvars[item]['public_v4'] is defined
 
+- name: "Add wildcard records to the public A records"
+  set_fact:
+    public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': '*.' + openshift_app_domain, 'ip': hostvars[item]['public_v4'] } ] }}"
+  with_items: "{{ groups['infra_hosts'] }}"
+  when: hostvars[item]['public_v4'] is defined
 
+- name: "Add public master cluster hostname records to the public A records (single master)"
+  set_fact:
+    public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(full_dns_domain, ''))[:-1], 'ip': hostvars[groups.masters[0]].public_v4 } ] }}"
+  when:
+    - hostvars[groups.masters[0]].openshift_master_cluster_public_hostname is defined
+    - openstack_num_masters == 1
+    - not openstack_use_bastion|bool
 
+- name: "Add public master cluster hostname records to the public A records (single master behind a bastion)"
+  set_fact:
+    public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(full_dns_domain, ''))[:-1], 'ip': hostvars[groups.bastions[0]].public_v4 } ] }}"
+  when:
+    - hostvars[groups.masters[0]].openshift_master_cluster_public_hostname is defined
+    - openstack_num_masters == 1
+    - openstack_use_bastion|bool
 
+- name: "Add public master cluster hostname records to the public A records (multi-master)"
+  set_fact:
+    public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(full_dns_domain, ''))[:-1], 'ip': hostvars[groups.lb[0]].public_v4 } ] }}"
+  when:
+    - hostvars[groups.masters[0]].openshift_master_cluster_public_hostname is defined
+    - openstack_num_masters > 1
 
-- name: "Generate the final dns_records_add"
+- name: "Set the public DNS server details to use the external value (if provided)"
   set_fact:
-    # TODO(shadower): enable this when we add public records
-    #dns_records_add: "{{ private_named_records + public_named_records }}"
-    dns_records_add: "{{ private_named_records }}"
+    nsupdate_server_public: "{{ external_nsupdate_keys['public']['server'] }}"
+    nsupdate_key_secret_public: "{{ external_nsupdate_keys['public']['key_secret'] }}"
+    nsupdate_key_algorithm_public: "{{ external_nsupdate_keys['public']['key_algorithm'] }}"
+    nsupdate_public_key_name: "{{ external_nsupdate_keys['public']['key_name']|default('public-' + full_dns_domain) }}"
+  when:
+    - external_nsupdate_keys is defined
+    - external_nsupdate_keys['public'] is defined
 
+- name: "Generate the public Add section for DNS"
+  set_fact:
+    public_named_records:
+      - view: "public"
+        zone: "{{ full_dns_domain }}"
+        server: "{{ nsupdate_server_public }}"
+        key_name: "{{ nsupdate_public_key_name|default('public-' + full_dns_domain) }}"
+        key_secret: "{{ nsupdate_key_secret_public }}"
+        key_algorithm: "{{ nsupdate_key_algorithm_public | lower }}"
+        entries: "{{ public_records }}"
 
 
-# RUN NSUPDATE
+- name: "Generate the final dns_records_add"
+  set_fact:
+    dns_records_add: "{{ private_named_records + public_named_records }}"
 
-- name: "Remove any deleted DNS A records"
-  nsupdate:
-    key_name: "{{ item.0.key_name }}"
-    key_secret: "{{ item.0.key_secret }}"
-    key_algorithm: "{{ item.0.key_algorithm }}"
-    server: "{{ item.0.server }}"
-    zone: "{{ item.0.zone }}"
-    record: "{{ item.1.hostname }}"
-    type: "{{ item.1.type }}"
-    state: absent
-  with_subelements:
-  - "{{ dns_records_rm | default({}) }}"
-  - entries
-  register: nsupdate_remove_result
-  until: nsupdate_remove_result|succeeded
-  retries: 10
-  delay: 1
 
 - name: "Add DNS A records"
   nsupdate:
@@ -162,6 +116,7 @@
     record: "{{ item.1.hostname }}"
     value: "{{ item.1.ip }}"
     type: "{{ item.1.type }}"
+    # TODO(shadower): add a cleanup playbook that removes these records, too!
     state: present
   with_subelements:
   - "{{ dns_records_add | default({}) }}"

roles/openshift_openstack/tasks/provision.yml

@@ -16,11 +16,6 @@
 - name: Add the new nodes to the inventory
   meta: refresh_inventory
 
-- name: Populate DNS entries
-  include: populate-dns.yml
-  when:
-  - stack_state == 'present'
-
 - name: CleanUp
   include: cleanup.yml
   when:

roles/openshift_openstack/templates/heat_stack.yaml.j2

@@ -54,7 +54,7 @@ outputs:
     description: Floating IPs of the nodes
     value: { get_attr: [ infra_nodes, floating_ip ] }
 
-{% if num_dns|int > 0 %}
+{% if openstack_num_dns|int > 0 %}
   dns_name:
     description: Name of the DNS
     value:
@@ -72,11 +72,11 @@ outputs:
 {% endif %}
 
 conditions:
-  no_floating: {% if provider_network or use_bastion|bool %}true{% else %}false{% endif %}
+  no_floating: {% if openstack_provider_network_name or openstack_use_bastion|bool %}true{% else %}false{% endif %}
 
 resources:
 
-{% if not provider_network %}
+{% if not openstack_provider_network_name %}
   net:
     type: OS::Neutron::Net
     properties:
@@ -99,20 +99,20 @@ resources:
         str_replace:
           template: subnet_24_prefix.0/24
           params:
-            subnet_24_prefix: {{ subnet_prefix }}
+            subnet_24_prefix: {{ openstack_subnet_prefix }}
       allocation_pools:
         - start:
             str_replace:
               template: subnet_24_prefix.3
               params:
-                subnet_24_prefix: {{ subnet_prefix }}
+                subnet_24_prefix: {{ openstack_subnet_prefix }}
           end:
             str_replace:
               template: subnet_24_prefix.254
               params:
-                subnet_24_prefix: {{ subnet_prefix }}
+                subnet_24_prefix: {{ openstack_subnet_prefix }}
       dns_nameservers:
-{% for nameserver in dns_nameservers %}
+{% for nameserver in openstack_dns_nameservers %}
         - {{ nameserver }}
 {% endfor %}
 
@@ -141,7 +141,7 @@ resources:
           params:
             cluster_id: {{ stack_name }}
       external_gateway_info:
-        network: {{ external_network }}
+        network: {{ openstack_external_network_name }}
 
   interface:
     type: OS::Neutron::RouterInterface
@@ -159,7 +159,7 @@ resources:
 #          template: openshift-ansible-cluster_id-keypair
 #          params:
 #            cluster_id: {{ stack_name }}
-#      public_key: {{ ssh_public_key }}
+#      public_key: {{ openstack_keypair_name }}
 
   common-secgrp:
     type: OS::Neutron::SecurityGroup
@@ -180,7 +180,7 @@ resources:
           port_range_min: 22
           port_range_max: 22
           remote_ip_prefix: {{ ssh_ingress_cidr }}
-{% if use_bastion|bool %}
+{% if openstack_use_bastion|bool %}
         - direction: ingress
           protocol: tcp
           port_range_min: 22
@@ -443,7 +443,7 @@ resources:
           port_range_min: 443
           port_range_max: 443
 
-{% if num_dns|int > 0 %}
+{% if openstack_num_dns|int > 0 %}
   dns-secgrp:
     type: OS::Neutron::SecurityGroup
     properties:
@@ -480,7 +480,7 @@ resources:
           remote_ip_prefix: "{{ openstack_subnet_prefix }}.0/24"
 {% endif %}
 
-{% if num_masters|int > 1 or ui_ssh_tunnel|bool %}
+{% if openstack_num_masters|int > 1 or openshift_ui_ssh_tunnel|bool %}
   lb-secgrp:
     type: OS::Neutron::SecurityGroup
     properties:
@@ -492,7 +492,7 @@ resources:
         port_range_min: {{ openshift_master_api_port | default(8443) }}
         port_range_max: {{ openshift_master_api_port | default(8443) }}
         remote_ip_prefix: {{ lb_ingress_cidr | default(bastion_ingress_cidr) }}
-{% if ui_ssh_tunnel|bool %}
+{% if openshift_ui_ssh_tunnel|bool %}
       - direction: ingress
         protocol: tcp
         port_range_min: {{ openshift_master_api_port | default(8443) }}
@@ -511,7 +511,7 @@ resources:
   etcd:
     type: OS::Heat::ResourceGroup
     properties:
-      count: {{ num_etcd }}
+      count: {{ openstack_num_etcd }}
       resource_def:
         type: server.yaml
         properties:
@@ -520,7 +520,7 @@ resources:
               template: k8s_type-%index%.cluster_id
               params:
                 cluster_id: {{ stack_name }}
-                k8s_type: {{ etcd_hostname | default('etcd') }}
+                k8s_type: {{ openstack_etcd_hostname }}
           cluster_env: {{ public_dns_domain }}
           cluster_id:  {{ stack_name }}
           group:
@@ -530,12 +530,12 @@ resources:
                 k8s_type: etcds
                 cluster_id: {{ stack_name }}
           type:        etcd
-          image:       {{ openstack_etcd_image | default(openstack_image) }}
-          flavor:      {{ etcd_flavor }}
-          key_name:    {{ ssh_public_key }}
-{% if provider_network %}
-          net:         {{ provider_network }}
-          net_name:         {{ provider_network }}
+          image:       {{ openstack_etcd_image }}
+          flavor:      {{ openstack_etcd_flavor }}
+          key_name:    {{ openstack_keypair_name }}
+{% if openstack_provider_network_name %}
+          net:         {{ openstack_provider_network_name }}
+          net_name:         {{ openstack_provider_network_name }}
 {% else %}
           net:         { get_resource: net }
           subnet:      { get_resource: subnet }
@@ -552,31 +552,31 @@ resources:
             if:
               - no_floating
               - null
-              - {{ external_network }}
-{% if use_bastion|bool or provider_network %}
+              - {{ openstack_external_network_name }}
+{% if openstack_use_bastion|bool or openstack_provider_network_name %}
           attach_float_net: false
 {% endif %}
-          volume_size: {{ etcd_volume_size }}
-{% if not provider_network %}
+          volume_size: {{ openstack_etcd_volume_size }}
+{% if not openstack_provider_network_name %}
     depends_on:
       - interface
 {% endif %}
 
-{% if master_server_group_policies|length > 0 %}
+{% if openstack_master_server_group_policies|length > 0 %}
   master_server_group:
     type: OS::Nova::ServerGroup
     properties:
       name: master_server_group
-      policies: {{ master_server_group_policies }}
+      policies: {{ openstack_master_server_group_policies }}
 {% endif %}
-{% if infra_server_group_policies|length > 0 %}
+{% if openstack_infra_server_group_policies|length > 0 %}
   infra_server_group:
     type: OS::Nova::ServerGroup
     properties:
       name: infra_server_group
-      policies: {{ infra_server_group_policies }}
+      policies: {{ openstack_infra_server_group_policies }}
 {% endif %}
-{% if num_masters|int > 1 %}
+{% if openstack_num_masters|int > 1 %}
   loadbalancer:
     type: OS::Heat::ResourceGroup
     properties:
@@ -589,7 +589,7 @@ resources:
               template: k8s_type-%index%.cluster_id
               params:
                 cluster_id: {{ stack_name }}
-                k8s_type: {{ lb_hostname | default('lb') }}
+                k8s_type: {{ openstack_lb_hostname }}
           cluster_env: {{ public_dns_domain }}
           cluster_id:  {{ stack_name }}
           group:
@@ -599,12 +599,12 @@ resources:
                 k8s_type: lb
                 cluster_id: {{ stack_name }}
           type:        lb
-          image:       {{ openstack_lb_image | default(openstack_image) }}
-          flavor:      {{ lb_flavor }}
-          key_name:    {{ ssh_public_key }}
-{% if provider_network %}
-          net:         {{ provider_network }}
-          net_name:         {{ provider_network }}
+          image:       {{ openstack_lb_image }}
+          flavor:      {{ openstack_lb_flavor }}
+          key_name:    {{ openstack_keypair_name }}
+{% if openstack_provider_network_name %}
+          net:         {{ openstack_provider_network_name }}
+          net_name:         {{ openstack_provider_network_name }}
 {% else %}
           net:         { get_resource: net }
           subnet:      { get_resource: subnet }
@@ -617,11 +617,11 @@ resources:
           secgrp:
             - { get_resource: lb-secgrp }
             - { get_resource: common-secgrp }
-{% if not provider_network %}
-          floating_network: {{ external_network }}
+{% if not openstack_provider_network_name %}
+          floating_network: {{ openstack_external_network_name }}
 {% endif %}
-          volume_size: {{ lb_volume_size }}
-{% if not provider_network %}
+          volume_size: {{ openstack_lb_volume_size }}
+{% if not openstack_provider_network_name %}
     depends_on:
       - interface
 {% endif %}
@@ -630,7 +630,7 @@ resources:
   masters:
     type: OS::Heat::ResourceGroup
     properties:
-      count: {{ num_masters }}
+      count: {{ openstack_num_masters }}
       resource_def:
         type: server.yaml
         properties:
@@ -639,7 +639,7 @@ resources:
               template: k8s_type-%index%.cluster_id
               params:
                 cluster_id: {{ stack_name }}
-                k8s_type: {{ master_hostname | default('master')}}
+                k8s_type: {{ openstack_master_hostname }}
           cluster_env: {{ public_dns_domain }}
           cluster_id:  {{ stack_name }}
           group:
@@ -649,12 +649,12 @@ resources:
                 k8s_type: masters
                 cluster_id: {{ stack_name }}
           type:        master
-          image:       {{ openstack_master_image | default(openstack_image) }}
-          flavor:      {{ master_flavor }}
-          key_name:    {{ ssh_public_key }}
-{% if provider_network %}
-          net:         {{ provider_network }}
-          net_name:         {{ provider_network }}
+          image:       {{ openstack_master_image }}
+          flavor:      {{ openstack_master_flavor }}
+          key_name:    {{ openstack_keypair_name }}
+{% if openstack_provider_network_name %}
+          net:         {{ openstack_provider_network_name }}
+          net_name:         {{ openstack_provider_network_name }}
 {% else %}
           net:         { get_resource: net }
           subnet:      { get_resource: subnet }
@@ -675,7 +675,7 @@ resources:
 {% else %}
             - { get_resource: master-secgrp }
             - { get_resource: node-secgrp }
-{% if num_etcd|int == 0 %}
+{% if openstack_num_etcd|int == 0 %}
             - { get_resource: etcd-secgrp }
 {% endif %}
 {% endif %}
@@ -684,16 +684,16 @@ resources:
             if:
               - no_floating
               - null
-              - {{ external_network }}
-{% if use_bastion|bool or provider_network %}
+              - {{ openstack_external_network_name }}
+{% if openstack_use_bastion|bool or openstack_provider_network_name %}
           attach_float_net: false
 {% endif %}
-          volume_size: {{ master_volume_size }}
-{% if master_server_group_policies|length > 0 %}
+          volume_size: {{ openstack_master_volume_size }}
+{% if openstack_master_server_group_policies|length > 0 %}
           scheduler_hints:
             group: { get_resource: master_server_group }
 {% endif %}
-{% if not provider_network %}
+{% if not openstack_provider_network_name %}
     depends_on:
       - interface
 {% endif %}
@@ -701,9 +701,9 @@ resources:
   compute_nodes:
     type: OS::Heat::ResourceGroup
     properties:
-      count: {{ num_nodes }}
+      count: {{ openstack_num_nodes }}
       removal_policies:
-      - resource_list: {{ nodes_to_remove }}
+      - resource_list: {{ openstack_nodes_to_remove }}
       resource_def:
         type: server.yaml
         properties:
@@ -712,7 +712,7 @@ resources:
               template: sub_type_k8s_type-%index%.cluster_id
               params:
                 cluster_id: {{ stack_name }}
-                sub_type_k8s_type: {{ node_hostname | default('app-node') }}
+                sub_type_k8s_type: {{ openstack_node_hostname }}
           cluster_env: {{ public_dns_domain }}
           cluster_id:  {{ stack_name }}
           group:
@@ -727,12 +727,12 @@ resources:
 {% for k, v in openshift_cluster_node_labels.app.iteritems() %}
             {{ k|e }}: {{ v|e }}
 {% endfor %}
-          image:       {{ openstack_node_image | default(openstack_image) }}
-          flavor:      {{ node_flavor }}
-          key_name:    {{ ssh_public_key }}
-{% if provider_network %}
-          net:         {{ provider_network }}
-          net_name:         {{ provider_network }}
+          image:       {{ openstack_node_image }}
+          flavor:      {{ openstack_node_flavor }}
+          key_name:    {{ openstack_keypair_name }}
+{% if openstack_provider_network_name %}
+          net:         {{ openstack_provider_network_name }}
+          net_name:         {{ openstack_provider_network_name }}
 {% else %}
           net:         { get_resource: net }
           subnet:      { get_resource: subnet }
@@ -754,12 +754,12 @@ resources:
             if:
               - no_floating
               - null
-              - {{ external_network }}
-{% if use_bastion|bool or provider_network %}
+              - {{ openstack_external_network_name }}
+{% if openstack_use_bastion|bool or openstack_provider_network_name %}
           attach_float_net: false
 {% endif %}
-          volume_size: {{ node_volume_size }}
-{% if not provider_network %}
+          volume_size: {{ openstack_node_volume_size }}
+{% if not openstack_provider_network_name %}
     depends_on:
       - interface
 {% endif %}
@@ -767,7 +767,7 @@ resources:
   infra_nodes:
     type: OS::Heat::ResourceGroup
     properties:
-      count: {{ num_infra }}
+      count: {{ openstack_num_infra }}
       resource_def:
         type: server.yaml
         properties:
@@ -776,7 +776,7 @@ resources:
               template: sub_type_k8s_type-%index%.cluster_id
               params:
                 cluster_id: {{ stack_name }}
-                sub_type_k8s_type: {{ infra_hostname | default('infranode') }}
+                sub_type_k8s_type: {{ openstack_infra_hostname }}
           cluster_env: {{ public_dns_domain }}
           cluster_id:  {{ stack_name }}
           group:
@@ -791,12 +791,12 @@ resources:
 {% for k, v in openshift_cluster_node_labels.infra.iteritems() %}
             {{ k|e }}: {{ v|e }}
 {% endfor %}
-          image:       {{ openstack_infra_image | default(openstack_image) }}
-          flavor:      {{ infra_flavor }}
-          key_name:    {{ ssh_public_key }}
-{% if provider_network %}
-          net:         {{ provider_network }}
-          net_name:         {{ provider_network }}
+          image:       {{ openstack_infra_image }}
+          flavor:      {{ openstack_infra_flavor }}
+          key_name:    {{ openstack_keypair_name }}
+{% if openstack_provider_network_name %}
+          net:         {{ openstack_provider_network_name }}
+          net_name:         {{ openstack_provider_network_name }}
 {% else %}
           net:         { get_resource: net }
           subnet:      { get_resource: subnet }
@@ -818,29 +818,29 @@ resources:
 {% else %}
             - { get_resource: node-secgrp }
 {% endif %}
-{% if ui_ssh_tunnel|bool and num_masters|int < 2 %}
+{% if openshift_ui_ssh_tunnel|bool and openstack_num_masters|int < 2 %}
             - { get_resource: lb-secgrp }
 {% endif %}
             - { get_resource: infra-secgrp }
             - { get_resource: common-secgrp }
-{% if not provider_network %}
-          floating_network: {{ external_network }}
+{% if not openstack_provider_network_name %}
+          floating_network: {{ openstack_external_network_name }}
 {% endif %}
-          volume_size: {{ infra_volume_size }}
-{% if infra_server_group_policies|length > 0 %}
+          volume_size: {{ openstack_infra_volume_size }}
+{% if openstack_infra_server_group_policies|length > 0 %}
           scheduler_hints:
             group: { get_resource: infra_server_group }
 {% endif %}
-{% if not provider_network %}
+{% if not openstack_provider_network_name %}
     depends_on:
       - interface
 {% endif %}
 
-{% if num_dns|int > 0 %}
+{% if openstack_num_dns|int > 0 %}
   dns:
     type: OS::Heat::ResourceGroup
     properties:
-      count: {{ num_dns }}
+      count: {{ openstack_num_dns }}
       resource_def:
         type: server.yaml
         properties:
@@ -849,7 +849,7 @@ resources:
               template: k8s_type-%index%.cluster_id
               params:
                 cluster_id: {{ stack_name }}
-                k8s_type: {{ dns_hostname | default('dns') }}
+                k8s_type: {{ openstack_dns_hostname }}
           cluster_env: {{ public_dns_domain }}
           cluster_id:  {{ stack_name }}
           group:
@@ -859,12 +859,12 @@ resources:
                 k8s_type: dns
                 cluster_id: {{ stack_name }}
           type:        dns
-          image:       {{ openstack_dns_image | default(openstack_image) }}
-          flavor:      {{ dns_flavor }}
-          key_name:    {{ ssh_public_key }}
-{% if provider_network %}
-          net:         {{ provider_network }}
-          net_name:         {{ provider_network }}
+          image:       {{ openstack_dns_image }}
+          flavor:      {{ openstack_dns_flavor }}
+          key_name:    {{ openstack_keypair_name }}
+{% if openstack_provider_network_name %}
+          net:         {{ openstack_provider_network_name }}
+          net_name:         {{ openstack_provider_network_name }}
 {% else %}
           net:         { get_resource: net }
           subnet:      { get_resource: subnet }
@@ -877,11 +877,11 @@ resources:
           secgrp:
             - { get_resource: dns-secgrp }
             - { get_resource: common-secgrp }
-{% if not provider_network %}
-          floating_network: {{ external_network }}
+{% if not openstack_provider_network_name %}
+          floating_network: {{ openstack_external_network_name }}
 {% endif %}
-          volume_size: {{ dns_volume_size }}
-{% if not provider_network %}
+          volume_size: {{ openstack_dns_volume_size }}
+{% if not openstack_provider_network_name %}
     depends_on:
       - interface
 {% endif %}

roles/openshift_openstack/templates/heat_stack_server.yaml.j2

@@ -61,7 +61,7 @@ parameters:
     label: Net name
     description: Net name
 
-{% if not provider_network %}
+{% if not openstack_provider_network_name %}
   subnet:
     type: string
     label: Subnet ID
@@ -81,7 +81,7 @@ parameters:
     label: Net ID
     description: Net resource
 
-{% if not provider_network %}
+{% if not openstack_provider_network_name %}
   data_subnet:
     type: string
     default: ''
@@ -102,7 +102,7 @@ parameters:
     label: Attach-float-net
     description: A switch for floating network port connection
 
-{% if not provider_network %}
+{% if not openstack_provider_network_name %}
   floating_network:
     type: string
     default: ''
@@ -156,7 +156,7 @@ outputs:
         - server
         - addresses
         - { get_param: net_name }
-{% if provider_network %}
+{% if openstack_provider_network_name %}
         - 0
 {% else %}
         - 1
@@ -226,7 +226,7 @@ resources:
     type: OS::Neutron::Port
     properties:
       network: { get_param: net }
-{% if not provider_network %}
+{% if not openstack_provider_network_name %}
       fixed_ips:
         - subnet: { get_param: subnet }
 {% endif %}
@@ -239,13 +239,13 @@ resources:
     properties:
       network: { get_param: data_net }
       port_security_enabled: false
-{% if not provider_network %}
+{% if not openstack_provider_network_name %}
       fixed_ips:
         - subnet: { get_param: data_subnet }
 {% endif %}
 {% endif %}
 
-{% if not provider_network %}
+{% if not openstack_provider_network_name %}
   floating-ip:
     condition: { not: no_floating }
     type: OS::Neutron::FloatingIP