shixiong
/
okd


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137
							---
- name: Gather and set facts for node hosts
  hosts: oo_nodes_to_config
  roles:
  - openshift_facts
  tasks:
  # Since the master is generating the node certificates before they are
  # configured, we need to make sure to set the node properties beforehand if
  # we do not want the defaults
  - openshift_facts:
      role: "{{ item.role }}"
      local_facts: "{{ item.local_facts }}"
    with_items:
      - role: common
        local_facts:
          hostname: "{{ openshift_hostname | default(None) }}"
          public_hostname: "{{ openshift_public_hostname | default(None) }}"
          deployment_type: "{{ openshift_deployment_type }}"
      - role: node
        local_facts:
          resources_cpu: "{{ openshift_node_resources_cpu | default(None) }}"
          resources_memory: "{{ openshift_node_resources_memory | default(None) }}"
          pod_cidr: "{{ openshift_node_pod_cidr | default(None) }}"
          labels: "{{ openshift_node_labels | default(None) }}"
          annotations: "{{ openshift_node_annotations | default(None) }}"
  - name: Check status of node certificates
    stat:
      path: "{{ item }}"
    with_items:
    - "/etc/openshift/node/system:node:{{ openshift.common.hostname }}.crt"
    - "/etc/openshift/node/system:node:{{ openshift.common.hostname }}.key"
    - "/etc/openshift/node/system:node:{{ openshift.common.hostname }}.kubeconfig"
    - "/etc/openshift/node/ca.crt"
    - "/etc/openshift/node/server.key"
    - "/etc/openshift/node/server.crt"
    register: stat_result
  - set_fact:
      certs_missing: "{{ stat_result.results | map(attribute='stat.exists')
                         | list | intersect([false])}}"
      node_subdir: node-{{ openshift.common.hostname }}
      config_dir: /etc/openshift/generated-configs/node-{{ openshift.common.hostname }}
      node_cert_dir: /etc/openshift/node

- name: Create temp directory for syncing certs
  hosts: localhost
  connection: local
  sudo: false
  gather_facts: no
  tasks:
  - name: Create local temp directory for syncing certs
    local_action: command mktemp -d /tmp/openshift-ansible-XXXXXXX
    register: mktemp
    changed_when: False

- name: Create node certificates
  hosts: oo_first_master
  vars:
    nodes_needing_certs: "{{ hostvars
                             | oo_select_keys(groups['oo_nodes_to_config'])
                             | oo_filter_list(filter_attr='certs_missing') }}"
    openshift_nodes: "{{ hostvars
                         | oo_select_keys(groups['oo_nodes_to_config']) }}"
    sync_tmpdir: "{{ hostvars.localhost.mktemp.stdout }}"
  roles:
  - openshift_node_certificates
  post_tasks:
  - name: Create a tarball of the node config directories
    command: >
      tar -czvf {{ item.config_dir }}.tgz
        --transform 's|system:{{ item.node_subdir }}|node|'
        -C {{ item.config_dir }} .
    args:
      creates: "{{ item.config_dir }}.tgz"
    with_items: nodes_needing_certs

  - name: Retrieve the node config tarballs from the master
    fetch:
      src: "{{ item.config_dir }}.tgz"
      dest: "{{ sync_tmpdir }}/"
      flat: yes
      fail_on_missing: yes
      validate_checksum: yes
    with_items: nodes_needing_certs

- name: Configure node instances
  hosts: oo_nodes_to_config
  vars:
    sync_tmpdir: "{{ hostvars.localhost.mktemp.stdout }}"
    openshift_node_master_api_url: "{{ hostvars[openshift_first_master].openshift.master.api_url }}"
  pre_tasks:
  - name: Ensure certificate directory exists
    file:
      path: "{{ node_cert_dir }}"
      state: directory

  # TODO: notify restart openshift-node
  # possibly test service started time against certificate/config file
  # timestamps in openshift-node to trigger notify
  - name: Unarchive the tarball on the node
    unarchive:
      src: "{{ sync_tmpdir }}/{{ node_subdir }}.tgz"
      dest: "{{ node_cert_dir }}"
    when: certs_missing
  roles:
  - openshift_node
  - role: fluentd_node
    when: openshift.common.use_fluentd | bool
  tasks:
  - name: Create group for deployment type
    group_by: key=oo_nodes_deployment_type_{{ openshift.common.deployment_type }}
    changed_when: False

- name: Delete the temporary directory on the master
  hosts: oo_first_master
  gather_facts: no
  vars:
    sync_tmpdir: "{{ hostvars.localhost.mktemp.stdout }}"
  tasks:
  - file: name={{ sync_tmpdir }} state=absent
    changed_when: False

- name: Delete temporary directory on localhost
  hosts: localhost
  connection: local
  sudo: false
  gather_facts: no
  tasks:
  - file: name={{ mktemp.stdout }} state=absent
    changed_when: False

# Additional config for online type deployments
- name: Additional instance config
  hosts: oo_nodes_deployment_type_online
  gather_facts: no
  roles:
  - os_env_extras
  - os_env_extras_node