Bootstrap enhancements.

playbooks/aws/openshift-cluster/prerequisites.yml

@@ -4,5 +4,3 @@
 - include: provision_ssh_keypair.yml
 
 - include: provision_sec_group.yml
-  vars:
-    openshift_aws_node_group_type: compute

playbooks/aws/openshift-cluster/provision_sec_group.yml

@@ -6,7 +6,7 @@
   connection: local
   gather_facts: no
   tasks:
-  - name: create an instance and prepare for ami
+  - name: create security groups
     include_role:
       name: openshift_aws
       tasks_from: security_group.yml

playbooks/common/openshift-master/config.yml

@@ -212,6 +212,12 @@
       tasks_from: master
     when: openshift_use_kuryr | default(false) | bool
 
+  - name: Setup the node group config maps
+    include_role:
+      name: openshift_node_group
+    when: openshift_master_bootstrap_enabled | default(false) | bool
+    run_once: True
+
   post_tasks:
   - name: Create group for deployment type
     group_by: key=oo_masters_deployment_type_{{ openshift.common.deployment_type }}

roles/openshift_aws/defaults/main.yml

@@ -4,7 +4,6 @@ openshift_aws_create_iam_cert: True
 openshift_aws_create_security_groups: True
 openshift_aws_create_launch_config: True
 openshift_aws_create_scale_group: True
-openshift_aws_node_group_type: master
 
 openshift_aws_wait_for_ssh: True
 
@@ -16,7 +15,7 @@ openshift_aws_build_ami_group: "{{ openshift_aws_clusterid }}"
 openshift_aws_iam_cert_name: "{{ openshift_aws_clusterid }}-master-external"
 openshift_aws_iam_cert_path: ''
 openshift_aws_iam_cert_key_path: ''
-openshift_aws_scale_group_name: "{{ openshift_aws_clusterid }} openshift {{ openshift_aws_node_group_type }}"
+openshift_aws_scale_group_basename: "{{ openshift_aws_clusterid }} openshift"
 
 openshift_aws_iam_kms_alias: "alias/{{ openshift_aws_clusterid }}_kms"
 openshift_aws_ami: ''
@@ -27,7 +26,7 @@ openshift_aws_ami_name: openshift-gi
 openshift_aws_base_ami_name: ami_base
 
 openshift_aws_launch_config_bootstrap_token: ''
-openshift_aws_launch_config_name: "{{ openshift_aws_clusterid }}-{{ openshift_aws_node_group_type }}-{{ ansible_date_time.epoch }}"
+openshift_aws_launch_config_basename: "{{ openshift_aws_clusterid }}"
 
 openshift_aws_users: []
 
@@ -47,19 +46,19 @@ openshift_aws_elb_health_check:
   unhealthy_threshold: 2
   healthy_threshold: 2
 
-openshift_aws_elb_basename: "{{ openshift_aws_clusterid }}-{{ openshift_aws_node_group_type }}"
+openshift_aws_elb_basename: "{{ openshift_aws_clusterid }}"
 openshift_aws_elb_name_dict:
   master:
-    external: "{{ openshift_aws_elb_basename }}-external"
-    internal: "{{ openshift_aws_elb_basename }}-internal"
+    external: "{{ openshift_aws_elb_basename }}-master-external"
+    internal: "{{ openshift_aws_elb_basename }}-master-internal"
   infra:
-    external: "{{ openshift_aws_elb_basename }}"
+    external: "{{ openshift_aws_elb_basename }}-infra"
 
 openshift_aws_elb_idle_timout: 400
 openshift_aws_elb_scheme: internet-facing
 openshift_aws_elb_cert_arn: ''
 
-openshift_aws_elb_listeners:
+openshift_aws_elb_dict:
   master:
     external:
     - protocol: tcp
@@ -112,11 +111,15 @@ openshift_aws_node_group_replace_instances: []
 openshift_aws_node_group_replace_all_instances: False
 openshift_aws_node_group_config_extra_labels: {}
 
-openshift_aws_node_group_config:
-  tags: "{{ openshift_aws_node_group_config_tags }}"
+openshift_aws_ami_map:
+  master: "{{ openshift_aws_ami }}"
+  infra: "{{ openshift_aws_ami }}"
+  compute: "{{ openshift_aws_ami }}"
+
+openshift_aws_master_group_config:
+  # The 'master' key is always required here.
   master:
     instance_type: m4.xlarge
-    ami: "{{ openshift_aws_ami }}"
     volumes: "{{ openshift_aws_node_group_config_master_volumes }}"
     health_check:
       period: 60
@@ -132,10 +135,12 @@ openshift_aws_node_group_config:
     wait_for_instances: True
     termination_policy: "{{ openshift_aws_node_group_termination_policy }}"
     replace_all_instances: "{{ openshift_aws_node_group_replace_all_instances }}"
-    elbs: "{{ openshift_aws_elb_name_dict[openshift_aws_node_group_type].keys()| map('extract', openshift_aws_elb_name_dict[openshift_aws_node_group_type]) | list }}"
+    elbs: "{{ openshift_aws_elb_name_dict['master'].keys()| map('extract', openshift_aws_elb_name_dict['master']) | list }}"
+
+openshift_aws_node_group_config:
+  # The 'compute' key is always required here.
   compute:
     instance_type: m4.xlarge
-    ami: "{{ openshift_aws_ami }}"
     volumes: "{{ openshift_aws_node_group_config_node_volumes }}"
     health_check:
       period: 60
@@ -150,9 +155,9 @@ openshift_aws_node_group_config:
       type: compute
     termination_policy: "{{ openshift_aws_node_group_termination_policy }}"
     replace_all_instances: "{{ openshift_aws_node_group_replace_all_instances }}"
+  # The 'infra' key is always required here.
   infra:
     instance_type: m4.xlarge
-    ami: "{{ openshift_aws_ami }}"
     volumes: "{{ openshift_aws_node_group_config_node_volumes }}"
     health_check:
       period: 60
@@ -167,22 +172,31 @@ openshift_aws_node_group_config:
       type: infra
     termination_policy: "{{ openshift_aws_node_group_termination_policy }}"
     replace_all_instances: "{{ openshift_aws_node_group_replace_all_instances }}"
-    elbs: "{{ openshift_aws_elb_name_dict[openshift_aws_node_group_type].keys()| map('extract', openshift_aws_elb_name_dict[openshift_aws_node_group_type]) | list }}"
+    elbs: "{{ openshift_aws_elb_name_dict['infra'].keys()| map('extract', openshift_aws_elb_name_dict['infra']) | list }}"
 
-openshift_aws_elb_tags: "{{ openshift_aws_clusterid | build_instance_tags }}"
+openshift_aws_elb_tags: "{{ openshift_aws_kube_tags }}"
 openshift_aws_elb_az_load_balancing: False
 
-openshift_aws_elb_security_groups:
-- "{{ openshift_aws_clusterid }}"  # default sg
-- "{{ openshift_aws_clusterid }}_{{ openshift_aws_node_group_type }}"  # node type sg
-- "{{ openshift_aws_clusterid }}_{{ openshift_aws_node_group_type }}_k8s"  # node type sg k8s
+openshift_aws_kube_tags: "{{ openshift_aws_clusterid | build_instance_tags }}"
+
+openshift_aws_elb_security_groups: "{{ openshift_aws_launch_config_security_groups }}"
+
+openshift_aws_launch_config_security_groups:
+  compute:
+  - "{{ openshift_aws_clusterid }}"  # default sg
+  - "{{ openshift_aws_clusterid }}_compute"  # node type sg
+  - "{{ openshift_aws_clusterid }}_compute_k8s"  # node type sg k8s
+  infra:
+  - "{{ openshift_aws_clusterid }}"  # default sg
+  - "{{ openshift_aws_clusterid }}_infra"  # node type sg
+  - "{{ openshift_aws_clusterid }}_infra_k8s"  # node type sg k8s
+  master:
+  - "{{ openshift_aws_clusterid }}"  # default sg
+  - "{{ openshift_aws_clusterid }}_master"  # node type sg
+  - "{{ openshift_aws_clusterid }}_master_k8s"  # node type sg k8s
 
-openshift_aws_elb_instance_filter:
-  "tag:clusterid": "{{ openshift_aws_clusterid }}"
-  "tag:host-type": "{{ openshift_aws_node_group_type }}"
-  instance-state-name: running
+openshift_aws_security_groups_tags: "{{ openshift_aws_kube_tags }}"
 
-openshift_aws_security_groups_tags: "{{ openshift_aws_clusterid | build_instance_tags }}"
 openshift_aws_node_security_groups:
   default:
     name: "{{ openshift_aws_clusterid }}"
@@ -251,3 +265,18 @@ openshift_aws_vpc:
 openshift_aws_node_run_bootstrap_startup: True
 openshift_aws_node_user_data: ''
 openshift_aws_node_config_namespace: openshift-node
+
+# If creating extra node groups, you'll need to define all of the following
+
+# The format is the same as openshift_aws_node_group_config, but the top-level
+# key names should be different (ie, not == master or infra).
+# openshift_aws_node_group_config_extra: {}
+
+# This variable should look like openshift_aws_launch_config_security_groups
+# and contain a one-to-one mapping of top level keys that are defined in
+# openshift_aws_node_group_config_extra.
+# openshift_aws_launch_config_security_groups_extra: {}
+
+# openshift_aws_node_security_groups_extra: {}
+
+# openshift_aws_ami_map_extra: {}

roles/openshift_aws/tasks/build_node_group.yml

@@ -1,4 +1,6 @@
 ---
+# This task file expects l_nodes_to_build to be passed in.
+
 # When openshift_aws_use_custom_ami is '' then
 # we retrieve the latest build AMI.
 # Then set openshift_aws_ami to the ami.
@@ -21,10 +23,12 @@
     - "'results' in amiout"
     - amiout.results|length > 0
 
+# Need to set epoch time in one place to use for launch_config and scale_group
+- set_fact:
+    l_epoch_time: "{{ ansible_date_time.epoch }}"
+
 - when: openshift_aws_create_launch_config
-  name: "Create {{ openshift_aws_node_group_type }} launch config"
   include: launch_config.yml
 
 - when: openshift_aws_create_scale_group
-  name: "Create {{ openshift_aws_node_group_type }} node group"
   include: scale_group.yml

roles/openshift_aws/tasks/elb.yml

@@ -1,45 +1,24 @@
 ---
-- name: query vpc
-  ec2_vpc_net_facts:
-    region: "{{ openshift_aws_region }}"
-    filters:
-      'tag:Name': "{{ openshift_aws_vpc_name }}"
-  register: vpcout
-
-- name: debug
-  debug: var=vpcout
-
-- name: fetch the default subnet id
-  ec2_vpc_subnet_facts:
-    region: "{{ openshift_aws_region }}"
-    filters:
-      "tag:Name": "{{ openshift_aws_subnet_name }}"
-      vpc-id: "{{ vpcout.vpcs[0].id }}"
-  register: subnetout
-
-- name: dump the elb listeners
+- name: "dump the elb listeners for {{ l_elb_dict_item.key }}"
   debug:
-    msg: "{{ openshift_aws_elb_listeners[openshift_aws_node_group_type][openshift_aws_elb_direction]
-                   if 'master' in openshift_aws_node_group_type or 'infra' in openshift_aws_node_group_type
-                   else openshift_aws_elb_listeners }}"
+    msg: "{{ l_elb_dict_item.value }}"
 
-- name: "Create ELB {{ l_openshift_aws_elb_name }}"
+- name: "Create ELB {{ l_elb_dict_item.key }}"
   ec2_elb_lb:
-    name: "{{ l_openshift_aws_elb_name }}"
+    name: "{{ l_openshift_aws_elb_name_dict[l_elb_dict_item.key][item.key] }}"
     state: present
     cross_az_load_balancing: "{{ openshift_aws_elb_az_load_balancing }}"
-    security_group_names: "{{ openshift_aws_elb_security_groups }}"
+    security_group_names: "{{ l_elb_security_groups[l_elb_dict_item.key] }}"
     idle_timeout: "{{ openshift_aws_elb_idle_timout }}"
     region: "{{ openshift_aws_region }}"
     subnets:
     - "{{ subnetout.subnets[0].id }}"
     health_check: "{{ openshift_aws_elb_health_check }}"
-    listeners: "{{ openshift_aws_elb_listeners[openshift_aws_node_group_type][openshift_aws_elb_direction]
-                   if 'master' in openshift_aws_node_group_type  or 'infra' in openshift_aws_node_group_type
-                   else openshift_aws_elb_listeners }}"
+    listeners: "{{ item.value }}"
     scheme: "{{ openshift_aws_elb_scheme }}"
     tags: "{{ openshift_aws_elb_tags }}"
   register: new_elb
+  with_dict: "{{ l_elb_dict_item.value }}"
 
 - debug:
     msg: "{{ item }}"

roles/openshift_aws/tasks/launch_config.yml

@@ -9,31 +9,7 @@
   when:
   - openshift_deployment_type is undefined
 
-- name: query vpc
-  ec2_vpc_net_facts:
-    region: "{{ openshift_aws_region }}"
-    filters:
-      'tag:Name': "{{ openshift_aws_vpc_name }}"
-  register: vpcout
-
-- name: fetch the security groups for launch config
-  ec2_group_facts:
-    filters:
-      group-name: "{{ openshift_aws_elb_security_groups }}"
-      vpc-id: "{{ vpcout.vpcs[0].id }}"
-    region: "{{ openshift_aws_region }}"
-  register: ec2sgs
-
-# Create the scale group config
-- name: Create the node scale group launch config
-  ec2_lc:
-    name: "{{ openshift_aws_launch_config_name }}"
-    region: "{{ openshift_aws_region }}"
-    image_id: "{{ openshift_aws_ami }}"
-    instance_type: "{{ openshift_aws_node_group_config[openshift_aws_node_group_type].instance_type }}"
-    security_groups: "{{ openshift_aws_launch_config_security_group_id  | default(ec2sgs.security_groups | map(attribute='group_id')| list) }}"
-    user_data: "{{ lookup('template', 'user_data.j2') }}"
-    key_name: "{{ openshift_aws_ssh_key_name }}"
-    ebs_optimized: False
-    volumes: "{{ openshift_aws_node_group_config[openshift_aws_node_group_type].volumes }}"
-    assign_public_ip: True
+- include: launch_config_create.yml
+  with_dict: "{{ l_nodes_to_build }}"
+  loop_control:
+    loop_var: launch_config_item

roles/openshift_aws/tasks/launch_config_create.yml

@@ -0,0 +1,22 @@
+---
+- name: fetch the security groups for launch config
+  ec2_group_facts:
+    filters:
+      group-name: "{{ l_launch_config_security_groups[launch_config_item.key] }}"
+      vpc-id: "{{ vpcout.vpcs[0].id }}"
+    region: "{{ openshift_aws_region }}"
+  register: ec2sgs
+
+# Create the scale group config
+- name: Create the node scale group launch config
+  ec2_lc:
+    name: "{{ openshift_aws_launch_config_basename }}-{{ launch_config_item.key }}-{{ l_epoch_time }}"
+    region: "{{ openshift_aws_region }}"
+    image_id: "{{ l_aws_ami_map[launch_config_item.key] | default(openshift_aws_ami) }}"
+    instance_type: "{{ launch_config_item.value.instance_type }}"
+    security_groups: "{{ openshift_aws_launch_config_security_group_id  | default(ec2sgs.security_groups | map(attribute='group_id')| list) }}"
+    user_data: "{{ lookup('template', 'user_data.j2') }}"
+    key_name: "{{ openshift_aws_ssh_key_name }}"
+    ebs_optimized: False
+    volumes: "{{ launch_config_item.value.volumes }}"
+    assign_public_ip: True

roles/openshift_aws/tasks/master_facts.yml

@@ -3,7 +3,7 @@
   ec2_elb_facts:
     region: "{{ openshift_aws_region }}"
     names:
-    - "{{ openshift_aws_elb_name_dict[openshift_aws_node_group_type]['internal'] }}"
+    - "{{ openshift_aws_elb_name_dict['master']['internal'] }}"
   delegate_to: localhost
   register: elbs
 

roles/openshift_aws/tasks/provision.yml

@@ -7,47 +7,30 @@
   name: create s3 bucket for registry
   include: s3.yml
 
-- when: openshift_aws_create_security_groups
-  block:
-  - name: "Create {{ openshift_aws_node_group_type }} security groups"
-    include: security_group.yml
+- include: vpc_and_subnet_id.yml
 
-  - name: "Create {{ openshift_aws_node_group_type }} security groups"
-    include: security_group.yml
-    vars:
-      openshift_aws_node_group_type: infra
-
-- name: create our master internal load balancer
-  include: elb.yml
-  vars:
-    openshift_aws_elb_direction: internal
-    openshift_aws_elb_scheme: internal
-    l_openshift_aws_elb_name: "{{ openshift_aws_elb_name_dict[openshift_aws_node_group_type]['internal'] }}"
-
-- name: create our master external load balancer
+- name: create elbs
   include: elb.yml
+  with_dict: "{{ openshift_aws_elb_dict }}"
   vars:
-    openshift_aws_elb_direction: external
-    openshift_aws_elb_scheme: internet-facing
-    l_openshift_aws_elb_name: "{{ openshift_aws_elb_name_dict[openshift_aws_node_group_type]['external'] }}"
-
-- name: create our infra node external load balancer
-  include: elb.yml
-  vars:
-    l_openshift_aws_elb_name: "{{ openshift_aws_elb_name_dict['infra']['external'] }}"
-    openshift_aws_elb_direction: external
-    openshift_aws_elb_scheme: internet-facing
-    openshift_aws_node_group_type: infra
+    l_elb_security_groups: "{{ openshift_aws_elb_security_groups }}"
+    l_openshift_aws_elb_name_dict: "{{ openshift_aws_elb_name_dict }}"
+  loop_control:
+    loop_var: l_elb_dict_item
 
 - name: include scale group creation for master
   include: build_node_group.yml
+  vars:
+    l_nodes_to_build: "{{ openshift_aws_master_group_config }}"
+    l_launch_config_security_groups: "{{ openshift_aws_launch_config_security_groups }}"
+    l_aws_ami_map: "{{ openshift_aws_ami_map }}"
 
 - name: fetch newly created instances
   ec2_remote_facts:
     region: "{{ openshift_aws_region }}"
     filters:
       "tag:clusterid": "{{ openshift_aws_clusterid }}"
-      "tag:host-type": "{{ openshift_aws_node_group_type }}"
+      "tag:host-type": "master"
       instance-state-name: running
   register: instancesout
   retries: 20

roles/openshift_aws/tasks/provision_instance.yml

@@ -3,20 +3,7 @@
   set_fact:
     openshift_node_bootstrap: True
 
-- name: query vpc
-  ec2_vpc_net_facts:
-    region: "{{ openshift_aws_region }}"
-    filters:
-      'tag:Name': "{{ openshift_aws_vpc_name }}"
-  register: vpcout
-
-- name: fetch the default subnet id
-  ec2_vpc_subnet_facts:
-    region: "{{ openshift_aws_region }}"
-    filters:
-      "tag:Name": "{{ openshift_aws_subnet_name }}"
-      vpc-id: "{{ vpcout.vpcs[0].id }}"
-  register: subnetout
+- include: vpc_and_subnet_id.yml
 
 - name: create instance for ami creation
   ec2:

roles/openshift_aws/tasks/provision_nodes.yml

@@ -25,19 +25,23 @@
   set_fact:
     openshift_aws_launch_config_bootstrap_token: "{{ bootstrap['content'] | b64decode }}"
 
-- name: include build node group for infra
+- include: vpc_and_subnet_id.yml
+
+- name: include build compute and infra node groups
   include: build_node_group.yml
   vars:
-    openshift_aws_node_group_type: infra
-    openshift_aws_scale_group_name: "{{ openshift_aws_clusterid }} openshift infra"
-    openshift_aws_launch_config_name: "{{ openshift_aws_clusterid }}-infra-{{ ansible_date_time.epoch }}"
+    l_nodes_to_build: "{{ openshift_aws_node_group_config }}"
+    l_launch_config_security_groups: "{{ openshift_aws_launch_config_security_groups }}"
+    l_aws_ami_map: "{{ openshift_aws_ami_map }}"
 
-- name: include build node group for compute
+- name: include build node group for extra nodes
   include: build_node_group.yml
+  when: openshift_aws_node_group_config_extra is defined
   vars:
-    openshift_aws_node_group_type: compute
-    openshift_aws_scale_group_name: "{{ openshift_aws_clusterid }} openshift compute"
-    openshift_aws_launch_config_name: "{{ openshift_aws_clusterid }}-compute-{{ ansible_date_time.epoch }}"
+    l_nodes_to_build: "{{ openshift_aws_node_group_config_extra | default({}) }}"
+    l_launch_config_security_groups: "{{ openshift_aws_launch_config_security_groups_extra }}"
+    l_aws_ami_map: "{{ openshift_aws_ami_map_extra }}"
+
 
 - when: openshift_aws_wait_for_ssh | bool
   block:

roles/openshift_aws/tasks/scale_group.yml

@@ -1,11 +1,4 @@
 ---
-- name: query vpc
-  ec2_vpc_net_facts:
-    region: "{{ openshift_aws_region }}"
-    filters:
-      'tag:Name': "{{ openshift_aws_vpc_name }}"
-  register: vpcout
-
 - name: fetch the subnet to use in scale group
   ec2_vpc_subnet_facts:
     region: "{{ openshift_aws_region }}"
@@ -16,19 +9,20 @@
 
 - name: Create the scale group
   ec2_asg:
-    name: "{{ openshift_aws_scale_group_name }}"
-    launch_config_name: "{{ openshift_aws_launch_config_name }}"
-    health_check_period: "{{ openshift_aws_node_group_config[openshift_aws_node_group_type].health_check.period }}"
-    health_check_type: "{{ openshift_aws_node_group_config[openshift_aws_node_group_type].health_check.type }}"
-    min_size: "{{ openshift_aws_node_group_config[openshift_aws_node_group_type].min_size }}"
-    max_size: "{{ openshift_aws_node_group_config[openshift_aws_node_group_type].max_size }}"
-    desired_capacity: "{{ openshift_aws_node_group_config[openshift_aws_node_group_type].desired_size }}"
+    name: "{{ openshift_aws_scale_group_basename }} {{ item.key }}"
+    launch_config_name: "{{ openshift_aws_launch_config_basename }}-{{ item.key }}-{{ l_epoch_time }}"
+    health_check_period: "{{ item.value.health_check.period }}"
+    health_check_type: "{{ item.value.health_check.type }}"
+    min_size: "{{ item.value.min_size }}"
+    max_size: "{{ item.value.max_size }}"
+    desired_capacity: "{{ item.value.desired_size }}"
     region: "{{ openshift_aws_region }}"
-    termination_policies: "{{ openshift_aws_node_group_config[openshift_aws_node_group_type].termination_policy if 'termination_policy' in  openshift_aws_node_group_config[openshift_aws_node_group_type] else omit }}"
-    load_balancers: "{{ openshift_aws_node_group_config[openshift_aws_node_group_type].elbs if 'elbs' in openshift_aws_node_group_config[openshift_aws_node_group_type] else omit }}"
-    wait_for_instances: "{{ openshift_aws_node_group_config[openshift_aws_node_group_type].wait_for_instances | default(False)}}"
+    termination_policies: "{{ item.value.termination_policy if 'termination_policy' in  item.value else omit }}"
+    load_balancers: "{{ item.value.elbs if 'elbs' in item.value else omit }}"
+    wait_for_instances: "{{ item.value.wait_for_instances | default(False)}}"
     vpc_zone_identifier: "{{ subnetout.subnets[0].id }}"
     replace_instances: "{{ openshift_aws_node_group_replace_instances if openshift_aws_node_group_replace_instances != [] else omit }}"
-    replace_all_instances: "{{ omit if openshift_aws_node_group_replace_instances != [] else (openshift_aws_node_group_config[openshift_aws_node_group_type].replace_all_instances | default(omit)) }}"
+    replace_all_instances: "{{ omit if openshift_aws_node_group_replace_instances != [] else (item.value.replace_all_instances | default(omit)) }}"
     tags:
-    - "{{ openshift_aws_node_group_config.tags | combine(openshift_aws_node_group_config[openshift_aws_node_group_type].tags) }}"
+    - "{{ openshift_aws_node_group_config_tags | combine(item.value.tags) }}"
+  with_dict: "{{ l_nodes_to_build }}"

roles/openshift_aws/tasks/security_group.yml

@@ -6,39 +6,11 @@
       "tag:Name": "{{ openshift_aws_clusterid }}"
   register: vpcout
 
-- name: Create default security group for cluster
-  ec2_group:
-    name: "{{ openshift_aws_node_security_groups.default.name }}"
-    description: "{{ openshift_aws_node_security_groups.default.desc }}"
-    region: "{{ openshift_aws_region }}"
-    vpc_id: "{{ vpcout.vpcs[0].id }}"
-    rules: "{{ openshift_aws_node_security_groups.default.rules | default(omit, True)}}"
-  register: sg_default_created
-
-- name: create the node group sgs
-  ec2_group:
-    name: "{{ item.name}}"
-    description: "{{ item.desc }}"
-    rules: "{{ item.rules if 'rules' in item else [] }}"
-    region: "{{ openshift_aws_region }}"
-    vpc_id: "{{ vpcout.vpcs[0].id }}"
-  register: sg_create
-  with_items:
-  - "{{ openshift_aws_node_security_groups[openshift_aws_node_group_type]}}"
+- include: security_group_create.yml
+  vars:
+    l_security_groups: "{{ openshift_aws_node_security_groups }}"
 
-- name: create the k8s sgs for the node group
-  ec2_group:
-    name: "{{ item.name }}_k8s"
-    description: "{{ item.desc }} for k8s"
-    region: "{{ openshift_aws_region }}"
-    vpc_id: "{{ vpcout.vpcs[0].id }}"
-  register: k8s_sg_create
-  with_items:
-  - "{{ openshift_aws_node_security_groups[openshift_aws_node_group_type]}}"
-
-- name: tag sg groups with proper tags
-  ec2_tag:
-    tags: "{{ openshift_aws_security_groups_tags }}"
-    resource: "{{ item.group_id }}"
-    region: "{{ openshift_aws_region }}"
-  with_items: "{{ k8s_sg_create.results }}"
+- include: security_group_create.yml
+  when: openshift_aws_node_security_groups_extra is defined
+  vars:
+    l_security_groups: "{{ openshift_aws_node_security_groups_extra | default({}) }}"

roles/openshift_aws/tasks/security_group_create.yml

@@ -0,0 +1,25 @@
+---
+- name: create the node group sgs
+  ec2_group:
+    name: "{{ item.value.name}}"
+    description: "{{ item.value.desc }}"
+    rules: "{{ item.value.rules if 'rules' in item.value else [] }}"
+    region: "{{ openshift_aws_region }}"
+    vpc_id: "{{ vpcout.vpcs[0].id }}"
+  with_dict: "{{ l_security_groups }}"
+
+- name: create the k8s sgs for the node group
+  ec2_group:
+    name: "{{ item.value.name }}_k8s"
+    description: "{{ item.value.desc }} for k8s"
+    region: "{{ openshift_aws_region }}"
+    vpc_id: "{{ vpcout.vpcs[0].id }}"
+  with_dict: "{{ l_security_groups }}"
+  register: k8s_sg_create
+
+- name: tag sg groups with proper tags
+  ec2_tag:
+    tags: "{{ openshift_aws_security_groups_tags }}"
+    resource: "{{ item.group_id }}"
+    region: "{{ openshift_aws_region }}"
+  with_items: "{{ k8s_sg_create.results }}"

roles/openshift_aws/tasks/vpc_and_subnet_id.yml

@@ -0,0 +1,18 @@
+---
+- name: query vpc
+  ec2_vpc_net_facts:
+    region: "{{ openshift_aws_region }}"
+    filters:
+      'tag:Name': "{{ openshift_aws_vpc_name }}"
+  register: vpcout
+
+- name: debug
+  debug: var=vpcout
+
+- name: fetch the default subnet id
+  ec2_vpc_subnet_facts:
+    region: "{{ openshift_aws_region }}"
+    filters:
+      "tag:Name": "{{ openshift_aws_subnet_name }}"
+      vpc-id: "{{ vpcout.vpcs[0].id }}"
+  register: subnetout

roles/openshift_aws/templates/user_data.j2

@@ -7,8 +7,8 @@ write_files:
   owner: 'root:root'
   permissions: '0640'
   content: |
-    openshift_group_type: {{ openshift_aws_node_group_type }}
-{%   if openshift_aws_node_group_type != 'master' %}
+    openshift_group_type: {{ launch_config_item.key }}
+{%   if launch_config_item.key != 'master' %}
 - path: /etc/origin/node/bootstrap.kubeconfig
   owner: 'root:root'
   permissions: '0640'
@@ -19,7 +19,7 @@ runcmd:
 {%     if openshift_aws_node_run_bootstrap_startup %}
 - [ ansible-playbook, /root/openshift_bootstrap/bootstrap.yml]
 {%     endif %}
-{%     if openshift_aws_node_group_type != 'master' %}
+{%     if launch_config_item.key != 'master' %}
 - [ systemctl, enable, {% if openshift_deployment_type == 'openshift-enterprise' %}atomic-openshift{% else %}origin{% endif %}-node]
 - [ systemctl, start, {% if openshift_deployment_type == 'openshift-enterprise' %}atomic-openshift{% else %}origin{% endif %}-node]
 {%     endif %}

roles/openshift_master/defaults/main.yml

@@ -26,7 +26,6 @@ default_r_openshift_master_os_firewall_allow:
   cond: "{{ groups.oo_etcd_to_config | default([]) | length == 0 }}"
 r_openshift_master_os_firewall_allow: "{{ default_r_openshift_master_os_firewall_allow | union(openshift_master_open_ports | default([])) }}"
 
-
 # oreg_url is defined by user input
 oreg_host: "{{ oreg_url.split('/')[0] if (oreg_url is defined and '.' in oreg_url.split('/')[0]) else '' }}"
 oreg_auth_credentials_path: "{{ r_openshift_master_data_dir }}/.docker"
@@ -60,87 +59,10 @@ r_openshift_master_sdn_network_plugin_name: "{{ r_openshift_master_sdn_network_p
 openshift_master_image_config_latest_default: "{{ openshift_image_config_latest | default(False) }}"
 openshift_master_image_config_latest: "{{ openshift_master_image_config_latest_default }}"
 
-openshift_master_config_dir_default: "{{ (openshift.common.config_base | default('/etc/origin/master')) ~ '/master' }}"
+openshift_master_config_dir_default: "{{ openshift.common.config_base ~ '/master' if openshift is defined and 'common' in openshift else '/etc/origin/master' }}"
 openshift_master_config_dir: "{{ openshift_master_config_dir_default }}"
-openshift_master_cloud_provider: "{{ openshift_cloudprovider_kind | default('aws') }}"
-
-openshift_master_node_config_networkconfig_mtu: "{{ openshift_node_sdn_mtu | default(1450) }}"
-
-openshift_master_node_config_kubeletargs_cpu: 500m
-openshift_master_node_config_kubeletargs_mem: 512M
 
 openshift_master_bootstrap_enabled: False
 
-openshift_master_client_binary: "{{ openshift.common.client_binary if openshift is defined else 'oc' }}"
-
-openshift_master_config_imageconfig_format: "{{ openshift.node.registry_url }}"
-
-# these are for the default settings in a generated node-config.yaml
-openshift_master_node_config_default_edits:
-- key: nodeName
-  state: absent
-- key: dnsBindAddress
-  value: 127.0.0.1:53
-- key: dnsDomain
-  value: cluster.local
-- key: dnsRecursiveResolvConf
-  value: /etc/origin/node/resolv.conf
-- key: imageConfig.format
-  value: "{{ openshift_master_config_imageconfig_format }}"
-- key: kubeletArguments.cloud-config
-  value:
-  - "/etc/origin/cloudprovider/{{ openshift_master_cloud_provider }}.conf"
-- key: kubeletArguments.cloud-provider
-  value:
-  - "{{ openshift_master_cloud_provider }}"
-- key: kubeletArguments.kube-reserved
-  value:
-  - "cpu={{ openshift_master_node_config_kubeletargs_cpu }},memory={{ openshift_master_node_config_kubeletargs_mem }}"
-- key: kubeletArguments.system-reserved
-  value:
-  - "cpu={{ openshift_master_node_config_kubeletargs_cpu }},memory={{ openshift_master_node_config_kubeletargs_mem }}"
-- key: enable-controller-attach-detach
-  value:
-  - 'true'
-- key: networkConfig.mtu
-  value: "{{ openshift_master_node_config_networkconfig_mtu }}"
-- key: networkConfig.networkPluginName
-  value: "{{ r_openshift_master_sdn_network_plugin_name }}"
-- key: networkPluginName
-  value: "{{ r_openshift_master_sdn_network_plugin_name }}"
-
-
-# We support labels for all nodes here
-openshift_master_node_config_kubeletargs_default_labels: []
-# We do support overrides for node group labels
-openshift_master_node_config_kubeletargs_master_labels: []
-openshift_master_node_config_kubeletargs_infra_labels: []
-openshift_master_node_config_kubeletargs_compute_labels: []
-
-openshift_master_node_config_master:
-  type: master
-  edits:
-  - key: kubeletArguments.node-labels
-    value: "{{ openshift_master_node_config_kubeletargs_default_labels |
-               union(openshift_master_node_config_kubeletargs_master_labels) |
-               union(['type=master']) }}"
-openshift_master_node_config_infra:
-  type: infra
-  edits:
-  - key: kubeletArguments.node-labels
-    value: "{{ openshift_master_node_config_kubeletargs_default_labels |
-               union(openshift_master_node_config_kubeletargs_infra_labels) |
-               union(['type=infra']) }}"
-openshift_master_node_config_compute:
-  type: compute
-  edits:
-  - key: kubeletArguments.node-labels
-    value: "{{ openshift_master_node_config_kubeletargs_default_labels |
-               union(openshift_master_node_config_kubeletargs_compute_labels) |
-               union(['type=compute']) }}"
-
-openshift_master_node_configs:
-- "{{ openshift_master_node_config_infra }}"
-- "{{ openshift_master_node_config_compute }}"
-
-openshift_master_bootstrap_namespace: openshift-node
+openshift_master_csr_sa: node-bootstrapper
+openshift_master_csr_namespace: openshift-infra

roles/openshift_master/tasks/bootstrap.yml

@@ -2,7 +2,8 @@
 # TODO: create a module for this command.
 # oc_serviceaccounts_kubeconfig
 - name: create service account kubeconfig with csr rights
-  command: "oc serviceaccounts create-kubeconfig node-bootstrapper -n openshift-infra"
+  command: >
+    oc serviceaccounts create-kubeconfig {{ openshift_master_csr_sa }} -n {{ openshift_master_csr_namespace }}
   register: kubeconfig_out
   until: kubeconfig_out.rc == 0
   retries: 24
@@ -12,67 +13,3 @@
   copy:
     content: "{{ kubeconfig_out.stdout }}"
     dest: "{{ openshift_master_config_dir }}/bootstrap.kubeconfig"
-
-- name: create a temp dir for this work
-  command: mktemp -d /tmp/openshift_node_config-XXXXXX
-  register: mktempout
-  run_once: true
-
-# This generate is so that we do not have to maintain
-# our own copy of the template.  This is generated by
-# the product and the following settings will be
-# generated by the master
-- name: generate a node-config dynamically
-  command: >
-    {{ openshift_master_client_binary }} adm create-node-config
-    --node-dir={{ mktempout.stdout }}/
-    --node=CONFIGMAP
-    --hostnames=test
-    --dns-ip=0.0.0.0
-    --certificate-authority={{ openshift_master_config_dir }}/ca.crt
-    --signer-cert={{ openshift_master_config_dir }}/ca.crt
-    --signer-key={{ openshift_master_config_dir }}/ca.key
-    --signer-serial={{ openshift_master_config_dir }}/ca.serial.txt
-    --node-client-certificate-authority={{ openshift_master_config_dir }}/ca.crt
-  register: configgen
-  run_once: true
-
-- name: remove the default settings
-  yedit:
-    state: "{{ item.state | default('present') }}"
-    src: "{{ mktempout.stdout }}/node-config.yaml"
-    key: "{{ item.key }}"
-    value: "{{ item.value | default(omit) }}"
-  with_items: "{{ openshift_master_node_config_default_edits }}"
-  run_once: true
-
-- name: copy the generated config into each group
-  copy:
-    src: "{{ mktempout.stdout }}/node-config.yaml"
-    remote_src: true
-    dest: "{{ mktempout.stdout }}/node-config-{{ item.type }}.yaml"
-  with_items: "{{ openshift_master_node_configs }}"
-  run_once: true
-
-- name: "specialize the generated configs for node-config-{{ item.type }}"
-  yedit:
-    src: "{{ mktempout.stdout }}/node-config-{{ item.type }}.yaml"
-    edits: "{{ item.edits }}"
-  with_items: "{{ openshift_master_node_configs }}"
-  run_once: true
-
-- name: create node-config.yaml configmap
-  oc_configmap:
-    name: "node-config-{{ item.type }}"
-    namespace: "{{ openshift_master_bootstrap_namespace }}"
-    from_file:
-      node-config.yaml: "{{ mktempout.stdout }}/node-config-{{ item.type }}.yaml"
-  with_items: "{{ openshift_master_node_configs }}"
-  run_once: true
-
-- name: remove templated files
-  file:
-    dest: "{{ mktempout.stdout }}/"
-    state: absent
-  with_items: "{{ openshift_master_node_configs }}"
-  run_once: true

roles/openshift_master/tasks/bootstrap_settings.yml

@@ -0,0 +1,14 @@
+---
+- name: modify controller args
+  yedit:
+    src: /etc/origin/master/master-config.yaml
+    edits:
+    - key: kubernetesMasterConfig.controllerArguments.cluster-signing-cert-file
+      value:
+      - /etc/origin/master/ca.crt
+    - key: kubernetesMasterConfig.controllerArguments.cluster-signing-key-file
+      value:
+      - /etc/origin/master/ca.key
+  notify:
+  - restart master controllers
+  when: openshift_master_bootstrap_enabled | default(False)

roles/openshift_master/tasks/main.yml

@@ -218,18 +218,7 @@
   - restart master api
   - restart master controllers
 
-- name: modify controller args
-  yedit:
-    src: /etc/origin/master/master-config.yaml
-    edits:
-    - key: kubernetesMasterConfig.controllerArguments.cluster-signing-cert-file
-      value:
-      - /etc/origin/master/ca.crt
-    - key: kubernetesMasterConfig.controllerArguments.cluster-signing-key-file
-      value:
-      - /etc/origin/master/ca.key
-  notify:
-  - restart master controllers
+- include: bootstrap_settings.yml
   when: openshift_master_bootstrap_enabled | default(False)
 
 - include: set_loopback_context.yml

roles/openshift_node_group/defaults/main.yml

@@ -0,0 +1,26 @@
+---
+openshift_node_groups:
+- name: node-config-master
+  labels:
+  - 'type=master'
+  edits: []
+- name: node-config-infra
+  labels:
+  - 'type=infra'
+  edits: []
+- name: node-config-compute
+  labels:
+  - 'type=compute'
+  edits: []
+
+openshift_node_group_edits: []
+openshift_node_group_namespace: openshift-node
+openshift_node_group_labels: []
+
+openshift_imageconfig_format: "{{ oreg_url if oreg_url is defined else openshift.node.registry_url }}"
+openshift_node_group_cloud_provider: "{{ openshift_cloudprovider_kind | default('aws') }}"
+openshift_node_group_network_plugin_default: "{{ os_sdn_network_plugin_name | default('redhat/openshift-ovs-subnet') }}"
+openshift_node_group_network_plugin: "{{ openshift_node_group_network_plugin_default }}"
+openshift_node_group_node_data_dir_default: "{{ openshift_data_dir | default('/var/lib/origin') }}"
+openshift_node_group_node_data_dir: "{{ openshift_node_group_node_data_dir_default }}"
+openshift_node_group_network_mtu: "{{ openshift_node_sdn_mtu | default(8951) }}"

roles/openshift_node_group/meta/main.yml

@@ -0,0 +1,4 @@
+---
+dependencies:
+- role: lib_openshift
+- role: lib_utils

roles/openshift_node_group/tasks/create_config.yml

@@ -0,0 +1,58 @@
+---
+- name: fetch node configmap
+  oc_configmap:
+    name: "{{ openshift_node_group_name }}"
+    namespace: "{{ openshift_node_group_namespace }}"
+    state: list
+  register: configout
+  run_once: true
+
+- name: debug node config
+  debug: var=configout
+
+- when:
+  - configout.results.results.0 == {} or (configout.results.results.0 != {} and openshift_node_group_edits|length > 0)
+  block:
+  - name: create a temp dir for this work
+    command: mktemp -d /tmp/openshift_node_config-XXXXXX
+    register: mktempout
+    run_once: true
+
+  - name: create node config template
+    template:
+      src: node-config.yaml.j2
+      dest: "{{ mktempout.stdout }}/node-config.yaml"
+    when:
+    - configout.results.results.0 == {}
+
+  - name: lay down the config from the existing configmap
+    copy:
+      content: "{{ configout.results.results.0.data['node-config.yaml'] }}"
+      dest: "{{ mktempout.stdout }}/node-config.yaml"
+    when:
+    - configout.results.results.0 != {}
+
+  - name: "specialize the generated configs for {{ openshift_node_group_name }}"
+    yedit:
+      content:
+      src: "{{ mktempout.stdout }}/node-config.yaml"
+      edits: "{{ openshift_node_group_edits }}"
+    register: yeditout
+    when: openshift_node_group_edits|length > 0
+    run_once: true
+
+  - debug: var=yeditout
+
+  - name: create node-config.yaml configmap
+    oc_configmap:
+      name: "{{ openshift_node_group_name }}"
+      namespace: "{{ openshift_node_group_namespace }}"
+      from_file:
+        node-config.yaml: "{{ mktempout.stdout }}/node-config.yaml"
+    run_once: true
+
+  - name: remove templated files
+    file:
+      dest: "{{ mktempout.stdout }}/"
+      state: absent
+    run_once: true

roles/openshift_node_group/tasks/main.yml

@@ -0,0 +1,10 @@
+---
+- name: Build node config maps
+  include: create_config.yml
+  vars:
+    openshift_node_group_name: "{{ node_group.name }}"
+    openshift_node_group_edits: "{{ node_group.edits | default([]) }}"
+    openshift_node_group_labels: "{{ node_group.labels | default([]) }}"
+  with_items: "{{ openshift_node_groups }}"
+  loop_control:
+    loop_var: node_group

roles/openshift_node_group/templates/node-config.yaml.j2

@@ -0,0 +1,53 @@
+allowDisabledDocker: false
+apiVersion: v1
+authConfig:
+  authenticationCacheSize: 1000
+  authenticationCacheTTL: 5m
+  authorizationCacheSize: 1000
+  authorizationCacheTTL: 5m
+dnsBindAddress: "127.0.0.1:53"
+dnsDomain: cluster.local
+dnsIP: 0.0.0.0
+dnsNameservers: null
+dnsRecursiveResolvConf: /etc/origin/node/resolv.conf
+dockerConfig:
+  dockerShimRootDirectory: /var/lib/dockershim
+  dockerShimSocket: /var/run/dockershim.sock
+  execHandlerName: native
+enableUnidling: true
+imageConfig:
+  format: "{{ openshift_imageconfig_format }}"
+  latest: false
+iptablesSyncPeriod: 30s
+kind: NodeConfig
+kubeletArguments:
+  cloud-config:
+  - /etc/origin/cloudprovider/{{ openshift_node_group_cloud_provider }}.conf
+  cloud-provider:
+  - {{ openshift_node_group_cloud_provider }}
+  node-labels: {{ openshift_node_group_labels | to_json }}
+masterClientConnectionOverrides:
+  acceptContentTypes: application/vnd.kubernetes.protobuf,application/json
+  burst: 40
+  contentType: application/vnd.kubernetes.protobuf
+  qps: 20
+masterKubeConfig: node.kubeconfig
+networkConfig:
+  mtu: "{{ openshift_node_group_network_mtu }}"
+  networkPluginName: {{ openshift_node_group_network_plugin }}
+nodeIP: ""
+podManifestConfig: null
+servingInfo:
+  bindAddress: 0.0.0.0:10250
+  bindNetwork: tcp4
+  certFile: server.crt
+  clientCA: node-client-ca.crt
+  keyFile: server.key
+  namedCertificates: null
+volumeConfig:
+  localQuota:
+    perFSGroup: null
+volumeDirectory: {{ openshift_node_group_node_data_dir }}/openshift.local.volumes
+enable-controller-attach-detach:
+- 'true'
+networkPluginName: {{ openshift_node_group_network_plugin }}