| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123 |
- - name: node/config.yml, populate oo_nodes_to_config host group if needed
- hosts: localhost
- gather_facts: no
- tasks:
- - name: Evaluate oo_host_group_exp
- add_host: "name={{ item }} groups=oo_nodes_to_config"
- with_items: "{{ oo_host_group_exp | default('') }}"
- when: oo_host_group_exp is defined
- - name: Find masters for env
- add_host: "name={{ item }} groups=oo_masters_for_node_config"
- with_items: groups['tag_env-host-type-' + oo_env + '-openshift-master']
- - name: Gather facts for masters in {{ oo_env }}
- hosts: "tag_env-host-type-{{ oo_env }}-openshift-master"
- tasks:
- - set_fact:
- openshift_master_ip: "{{ openshift_ip }}"
- openshift_master_api_url: "{{ openshift_api_url }}"
- openshift_master_webui_url: "{{ openshift_webui_url }}"
- openshift_master_hostname: "{{ openshift_hostname }}"
- openshift_master_public_ip: "{{ openshift_public_ip }}"
- openshift_master_api_public_url: "{{ openshift_api_public_url }}"
- openshift_master_webui_public_url: "{{ openshift_webui_public_url }}"
- openshift_master_public_hostnames: "{{ openshift_public_hostname }}"
- - name: Gather facts for hosts to configure
- hosts: tag_env-host-type-{{ oo_env }}-openshift-node
- tasks:
- - set_fact:
- openshift_node_hostname: "{{ openshift_hostname }}"
- openshift_node_name: "{{ openshift_hostname }}"
- openshift_node_cpu: "{{ openshift_node_cpu if openshift_node_cpu else ansible_processor_cores }}"
- openshift_node_memory: "{{ openshift_node_memory if openshift_node_memory else (ansible_memtotal_mb|int * 1024 * 1024 * 0.75)|int }}"
- openshift_node_pod_cidr: "{{ openshift_node_pod_cidr if openshift_node_pod_cidr else None }}"
- openshift_node_host_ip: "{{ openshift_ip }}"
- openshift_node_labels: "{{ openshift_node_labels if openshift_node_labels else {} }}"
- openshift_node_annotations: "{{ openshift_node_annotations if openshift_node_annotations else {} }}"
- - name: Register nodes
- hosts: tag_env-host-type-{{ oo_env }}-openshift-master[0]
- vars:
- openshift_node_group: tag_env-host-type-{{ oo_env }}-openshift-node
- openshift_nodes: "{{ hostvars
- | oo_select_keys(groups[openshift_node_group]) }}"
- openshift_master_group: tag_env-host-type-{{ oo_env }}-openshift-master
- openshift_master_urls: "{{ hostvars
- | oo_select_keys(groups[openshift_master_group])
- | oo_collect(attribute='openshift_master_api_url') }}"
- openshift_master_public_urls: "{{ hostvars
- | oo_select_keys(groups[openshift_master_group])
- | oo_collect(attribute='openshift_master_api_public_url') }}"
- pre_tasks:
- roles:
- - openshift_register_nodes
- tasks:
- - name: Create local temp directory for syncing certs
- local_action: command /usr/bin/mktemp -d /tmp/openshift-ansible-XXXXXXX
- register: mktemp
- - name: Sync master certs to localhost
- synchronize:
- mode: pull
- checksum: yes
- src: /var/lib/openshift/openshift.local.certificates
- dest: "{{ mktemp.stdout }}"
- # TODO: sync generated certs between masters
- #
- - name: Configure instances
- hosts: oo_nodes_to_config
- vars_files:
- - vars.yml
- vars:
- openshift_master_group: tag_env-host-type-{{ oo_env }}-openshift-master
- openshift_master_ips: "{{ hostvars
- | oo_select_keys(groups[openshift_master_group])
- | oo_collect(attribute='openshift_master_ip') }}"
- openshift_master_hostnames: "{{ hostvars
- | oo_select_keys(groups[openshift_master_group])
- | oo_collect(attribute='openshift_master_hostname') }}"
- openshift_master_public_ips: "{{ hostvars
- | oo_select_keys(groups[openshift_master_group])
- | oo_collect(attribute='openshift_master_public_ip') }}"
- openshift_master_public_hostnames: "{{ hostvars
- | oo_select_keys(groups[openshift_master_group])
- | oo_collect(attribute='openshift_master_public_hostname') }}"
- cert_parent_rel_path: openshift.local.certificates
- cert_rel_path: "{{ cert_parent_rel_path }}/node-{{ openshift_node_name }}"
- cert_base_path: /var/lib/openshift
- cert_parent_path: "{{ cert_base_path }}/{{ cert_parent_rel_path }}"
- cert_path: "{{ cert_base_path }}/{{ cert_rel_path }}"
- pre_tasks:
- - name: Ensure certificate directories exists
- file:
- path: "{{ item }}"
- state: directory
- with_items:
- - "{{ cert_path }}"
- - "{{ cert_parent_path }}/ca"
- # TODO: only sync to a node if it's certs have been updated
- # TODO: notify restart openshift-node and/or restart openshift-sdn-node,
- # possibly test service started time against certificate/config file
- # timestamps in openshift-node or openshift-sdn-node to trigger notify
- # TODO: also copy ca cert: /var/lib/openshift/openshift.local.certificates/ca/cert.crt
- - name: Sync certs to nodes
- synchronize:
- checksum: yes
- src: "{{ item.src }}"
- dest: "{{ item.dest }}"
- owner: no
- group: no
- with_items:
- - src: "{{ hostvars[groups[openshift_master_group][0]].mktemp.stdout }}/{{ cert_rel_path }}"
- dest: "{{ cert_parent_path }}"
- - src: "{{ hostvars[groups[openshift_master_group][0]].mktemp.stdout }}/{{ cert_parent_rel_path }}/ca/cert.crt"
- dest: "{{ cert_parent_path }}/ca/cert.crt"
- - local_action: file name={{ hostvars[groups[openshift_master_group][0]].mktemp.stdout }} state=absent
- run_once: true
- roles:
- - openshift_node
- - os_env_extras
- - os_env_extras_node
|
