shixiong
/
okd


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255
							---
- name: Create GCP network
  gcp_compute_network:
    auth_kind: serviceaccount
    scopes:
    - https://www.googleapis.com/auth/compute
    service_account_file: "{{ openshift_gcp_iam_service_account_keyfile }}"
    project: "{{ openshift_gcp_project }}"
    name: "{{ openshift_gcp_network_name }}"
    state: present
  register: network

- name: Create GCP firewall
  gcp_compute_firewall:
    auth_kind: serviceaccount
    scopes:
    - https://www.googleapis.com/auth/compute
    service_account_file: "{{ openshift_gcp_iam_service_account_keyfile }}"
    project: "{{ openshift_gcp_project }}"
    name: "{{ openshift_gcp_prefix }}{{ item.rule }}"
    allowed: "{{ item.allowed }}"
    network: "{{ network.selfLink }}"
    target_tags: "{{ item.target_tags | default(omit) }}"
    source_tags: "{{ item.source_tags | default(omit) }}"
    state: present
  with_items: "{{ openshift_gcp_firewall_rules }}"

- import_tasks: provision_ssh_keys.yml

- name: Find GCP image
  gcp_compute_image_facts:
    auth_kind: serviceaccount
    scopes:
    - https://www.googleapis.com/auth/compute
    service_account_file: "{{ openshift_gcp_iam_service_account_keyfile }}"
    project: "{{ openshift_gcp_project }}"
    filters:
    - "family = {{ openshift_gcp_image }}"
  register: gcp_node_image

- fail:
    msg: "No images for family '{{ openshift_gcp_image }}' found"
  when: gcp_node_image['items'] | length == 0

- name: Provision GCP instance templates
  gcp_compute_instance_template:
    auth_kind: serviceaccount
    scopes:
    - https://www.googleapis.com/auth/compute
    service_account_file: "{{ openshift_gcp_iam_service_account_keyfile }}"
    project: "{{ openshift_gcp_project }}"
    name: "{{ openshift_gcp_prefix }}instance-template-{{ item.name }}"
    properties:
      machine_type: "{{ item.machine_type }}"
      network_interfaces:
      - network: "{{ network }}"
        access_configs:
        - name: "{{ openshift_gcp_prefix }}instance-template-{{ item.name }}-config"
          type: 'ONE_TO_ONE_NAT'
      disks:
      - auto_delete: true
        boot: true
        initialize_params:
          disk_size_gb: "{{ item.boot_disk_size }}"
          source_image: "{{ gcp_node_image['items'][0].selfLink }}"
      metadata:
        "cluster-id": "{{ openshift_gcp_prefix + openshift_gcp_clusterid }}"
        "node-group": "{{ item.name }}"
      tags:
        items:
        - "ocp"
        - "{{ openshift_gcp_prefix }}ocp"
        - "{{ item.tags }}"
    state: present
  with_items: "{{ openshift_gcp_node_group_config }}"
  register: instance_template

- name: Create GCP Instance Groups
  gcp_compute_instance_group_manager:
    auth_kind: serviceaccount
    scopes:
    - https://www.googleapis.com/auth/compute
    service_account_file: "{{ openshift_gcp_iam_service_account_keyfile }}"
    project: "{{ openshift_gcp_project }}"
    zone: "{{ openshift_gcp_zone }}"
    name: "{{ openshift_gcp_prefix }}ig-{{ item.item.suffix }}"
    base_instance_name: "{{ openshift_gcp_prefix }}ig-{{ item.item.suffix }}"
    instance_template: "{{ item }}"
    target_size: "{{ item.item.scale | int}}"
    named_ports:
    - name: "{{ openshift_gcp_prefix }}port-kube-api"
      port: "{{ openshift_gcp_kubernetes_api_port }}"
    - name: "{{ openshift_gcp_prefix }}port-openshift-api"
      port: "{{ openshift_master_api_port }}"
    state: present
  with_items: "{{ instance_template.results }}"
  register: instance_groups

- name: Get bootstrap instance group
  gcp_compute_instance_group_facts:
    auth_kind: serviceaccount
    scopes:
    - https://www.googleapis.com/auth/compute
    service_account_file: "{{ openshift_gcp_iam_service_account_keyfile }}"
    project: "{{ openshift_gcp_project }}"
    zone: "{{ openshift_gcp_zone }}"
    filters:
    - name = "{{ openshift_gcp_prefix }}ig-b"
  register: bootstrap_instance_group

- name: Get master instance group
  gcp_compute_instance_group_facts:
    auth_kind: serviceaccount
    scopes:
    - https://www.googleapis.com/auth/compute
    service_account_file: "{{ openshift_gcp_iam_service_account_keyfile }}"
    project: "{{ openshift_gcp_project }}"
    zone: "{{ openshift_gcp_zone }}"
    filters:
    - name = "{{ openshift_gcp_prefix }}ig-m"
  register: master_instance_group

- set_fact:
    bootstrap_instance_group: "{{ bootstrap_instance_group['items'][0] }}"
    master_instance_group: "{{ master_instance_group['items'][0] }}"

- name: Wait for bootstrap instance group to start all instances
  gcp_compute_instance_group_manager_facts:
    auth_kind: serviceaccount
    scopes:
    - https://www.googleapis.com/auth/compute
    service_account_file: "{{ openshift_gcp_iam_service_account_keyfile }}"
    project: "{{ openshift_gcp_project }}"
    zone: "{{ openshift_gcp_zone }}"
    filters: "name = {{ bootstrap_instance_group['name'] }}"
  register: bootstrap_group_result
  # Wait for 3 minutes
  retries: 36
  delay: 5
  until:
  - "bootstrap_group_result['items'][0]['currentActions']['none'] == bootstrap_group_result['items'][0]['targetSize']"

- name: Wait for master instance group to start all instances
  gcp_compute_instance_group_manager_facts:
    auth_kind: serviceaccount
    scopes:
    - https://www.googleapis.com/auth/compute
    service_account_file: "{{ openshift_gcp_iam_service_account_keyfile }}"
    project: "{{ openshift_gcp_project }}"
    zone: "{{ openshift_gcp_zone }}"
    filters: "name = {{ master_instance_group['name'] }}"
  register: master_group_result
  # Wait for 3 minutes
  retries: 36
  delay: 5
  until:
  - "master_group_result['items'][0]['currentActions']['none'] == master_group_result['items'][0]['targetSize']"

- name: Collect a list of instances
  gcp_compute_instance_facts:
    auth_kind: serviceaccount
    scopes:
    - https://www.googleapis.com/auth/compute
    service_account_file: "{{ openshift_gcp_iam_service_account_keyfile }}"
    project: "{{ openshift_gcp_project }}"
    zone: "{{ openshift_gcp_zone }}"
  register: all_instances

- name: Filter instances to fetch bootstrap
  set_fact:
    bootstrap_instances: "{{ item }}"
  with_items:
  - "{{ all_instances['items'] }}"
  when:
  - "'tags' in item"
  - "'items' in item['tags']"
  - "cluster_tag in item['tags']['items']"
  - "'ocp-bootstrap' in item['tags']['items']"
  vars:
    cluster_tag: "{{ openshift_gcp_prefix }}ocp"

- name: Filter instances to fetch masters
  set_fact:
    master_instances: "{{ master_instances | default([]) }} + [ {{ item }} ]"
  with_items:
  - "{{ all_instances['items'] }}"
  when:
  - "'tags' in item"
  - "'items' in item['tags']"
  - "cluster_tag in item['tags']['items']"
  - "'ocp-master' in item['tags']['items']"
  vars:
    cluster_tag: "{{ openshift_gcp_prefix }}ocp"

- set_fact:
    etcd_discovery_targets: "{{ etcd_discovery_targets | default([]) }} + ['0 0 2380 {{ entry_name }}']"
    master_external_ips: "{{ master_external_ips | default([]) }} + ['{{ master_ip }}']"
  with_indexed_items: "{{ master_instances }}"
  vars:
    entry_name: "{{ openshift_gcp_prefix }}etcd-{{ item.0 }}.{{ public_hosted_zone }}."
    master_ip: "{{ item.1.networkInterfaces[0].accessConfigs[0].natIP }}"

- set_fact:
    bootstrap_and_masters: "{{ master_external_ips | list }} + ['{{ bootstrap_instances.networkInterfaces[0].accessConfigs[0].natIP }}']"

- name: Get managed zone
  gcp_dns_managed_zone:
    auth_kind: serviceaccount
    scopes:
    - https://www.googleapis.com/auth/ndev.clouddns.readwrite
    service_account_file: "{{ openshift_gcp_iam_service_account_keyfile }}"
    project: "{{ openshift_gcp_project }}"
    name: "{{ dns_managed_zone | default(openshift_gcp_prefix + 'managed-zone') }}"
    state: present
  register: managed_zone

- name: Create public API hostname
  gcp_dns_resource_record_set:
    auth_kind: serviceaccount
    scopes:
    - https://www.googleapis.com/auth/ndev.clouddns.readwrite
    service_account_file: "{{ openshift_gcp_iam_service_account_keyfile }}"
    project: "{{ openshift_gcp_project }}"
    name: "{{ openshift_master_cluster_public_hostname }}."
    managed_zone: "{{ managed_zone }}"
    type: A
    ttl: 600
    target: "{{ bootstrap_and_masters }}"
    state: present

- name: Create etcd records for masters
  gcp_dns_resource_record_set:
    auth_kind: serviceaccount
    scopes:
    - https://www.googleapis.com/auth/ndev.clouddns.readwrite
    service_account_file: "{{ openshift_gcp_iam_service_account_keyfile }}"
    project: "{{ openshift_gcp_project }}"
    name: "{{ entry_name }}"
    managed_zone: "{{ managed_zone }}"
    type: A
    ttl: 600
    target: "{{ master_ip }}"
    state: present
  with_indexed_items: "{{ master_instances }}"
  vars:
    entry_name: "{{ openshift_gcp_prefix }}etcd-{{ item.0 }}.{{ public_hosted_zone }}."
    master_ip: "{{ item.1.networkInterfaces[0].networkIP }}"

- name: Templatize DNS script
  template: src=additional_settings.j2.sh dest=/tmp/additional_settings.sh mode=u+rx

- name: Run addition provision GCP script
  command: /tmp/additional_settings.sh
  args:
    chdir: "{{ files_dir }}"