Kezdőlap Felfedezés Súgó
Regisztráció Bejelentkezés
shixiong
/
okd
1
0
Másolás 0
Fájlok Problémák 0 Beolvasztási kérések 0 Wiki
Fa: f0d03d257f
Branch-ok Tag-ek
okd
/
playbooks
/
common
/
openshift-master
/
config.yml

config.yml 9.2 KB
Előzmények Nyers

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236 
  1. ---
    2. 

  2. - name: Set master facts and determine if external etcd certs need to be generated
    3. 

  3.   hosts: oo_masters_to_config
    4. 

  4.   pre_tasks:
    5. 

  5.   - set_fact:
    6. 

  6.       openshift_master_etcd_port: "{{ (etcd_client_port | default('2379')) if (groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config) else none }}"
    7. 

  7.       openshift_master_etcd_hosts: "{{ hostvars
    8. 

  8.                                        | oo_select_keys(groups['oo_etcd_to_config']
    9. 

  9.                                                         | default([]))
    10. 

  10.                                        | oo_collect('openshift.common.hostname')
    11. 

  11.                                        | default(none, true) }}"
    12. 

  12.   roles:
    13. 

  13.   - openshift_facts
    14. 

  14.   post_tasks:
    15. 

  15.   - openshift_facts:
    16. 

  16.       role: "{{ item.role }}"
    17. 

  17.       local_facts: "{{ item.local_facts }}"
    18. 

  18.     with_items:
    19. 

  19.       - role: common
    20. 

  20.         local_facts:
    21. 

  21.           hostname: "{{ openshift_hostname | default(None) }}"
    22. 

  22.           public_hostname: "{{ openshift_public_hostname | default(None) }}"
    23. 

  23.           deployment_type: "{{ openshift_deployment_type }}"
    24. 

  24.       - role: master
    25. 

  25.         local_facts:
    26. 

  26.           api_port: "{{ openshift_master_api_port | default(None) }}"
    27. 

  27.           api_url: "{{ openshift_master_api_url | default(None) }}"
    28. 

  28.           api_use_ssl: "{{ openshift_master_api_use_ssl | default(None) }}"
    29. 

  29.           public_api_url: "{{ openshift_master_public_api_url | default(None) }}"
    30. 

  30.           cluster_hostname: "{{ openshift_master_cluster_hostname | default(None) }}"
    31. 

  31.           cluster_public_hostname: "{{ openshift_master_cluster_public_hostname | default(None) }}"
    32. 

  32.           cluster_defer_ha: "{{ openshift_master_cluster_defer_ha | default(None) }}"
    33. 

  33.           console_path: "{{ openshift_master_console_path | default(None) }}"
    34. 

  34.           console_port: "{{ openshift_master_console_port | default(None) }}"
    35. 

  35.           console_url: "{{ openshift_master_console_url | default(None) }}"
    36. 

  36.           console_use_ssl: "{{ openshift_master_console_use_ssl | default(None) }}"
    37. 

  37.           public_console_url: "{{ openshift_master_public_console_url | default(None) }}"
    38. 

  38.   - name: Check status of external etcd certificatees
    39. 

  39.     stat:
    40. 

  40.       path: "/etc/openshift/master/{{ item }}"
    41. 

  41.     with_items:
    42. 

  42.     - master.etcd-client.crt
    43. 

  43.     - master.etcd-ca.crt
    44. 

  44.     register: g_external_etcd_cert_stat_result
    45. 

  45.   - set_fact:
    46. 

  46.       etcd_client_certs_missing: "{{ g_external_etcd_cert_stat_result.results
    47. 

  47.                                     | map(attribute='stat.exists')
    48. 

  48.                                     | list | intersect([false])}}"
    49. 

  49.       etcd_cert_subdir: openshift-master-{{ openshift.common.hostname }}
    50. 

  50.       etcd_cert_config_dir: /etc/openshift/master
    51. 

  51.       etcd_cert_prefix: master.etcd-
    52. 

  52.     when: groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config
    53. 

  53. 

  54. - name: Create temp directory for syncing certs
    55. 

  55.   hosts: localhost
    56. 

  56.   connection: local
    57. 

  57.   sudo: false
    58. 

  58.   gather_facts: no
    59. 

  59.   tasks:
    60. 

  60.   - name: Create local temp directory for syncing certs
    61. 

  61.     local_action: command mktemp -d /tmp/openshift-ansible-XXXXXXX
    62. 

  62.     register: g_master_mktemp
    63. 

  63.     changed_when: False
    64. 

  64. 

  65. - name: Configure etcd certificates
    66. 

  66.   hosts: oo_first_etcd
    67. 

  67.   vars:
    68. 

  68.     etcd_generated_certs_dir: /etc/etcd/generated_certs
    69. 

  69.     etcd_needing_client_certs: "{{ hostvars
    70. 

  70.                                    | oo_select_keys(groups['oo_masters_to_config'])
    71. 

  71.                                    | oo_filter_list(filter_attr='etcd_client_certs_missing') }}"
    72. 

  72.     sync_tmpdir: "{{ hostvars.localhost.g_master_mktemp.stdout }}"
    73. 

  73.   roles:
    74. 

  74.   - etcd_certificates
    75. 

  75.   post_tasks:
    76. 

  76.   - name: Create a tarball of the etcd certs
    77. 

  77.     command: >
    78. 

  78.       tar -czvf {{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz
    79. 

  79.         -C {{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }} .
    80. 

  80.     args:
    81. 

  81.       creates: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz"
    82. 

  82.     with_items: etcd_needing_client_certs
    83. 

  83.   - name: Retrieve the etcd cert tarballs
    84. 

  84.     fetch:
    85. 

  85.       src: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz"
    86. 

  86.       dest: "{{ sync_tmpdir }}/"
    87. 

  87.       flat: yes
    88. 

  88.       fail_on_missing: yes
    89. 

  89.       validate_checksum: yes
    90. 

  90.     with_items: etcd_needing_client_certs
    91. 

  91. 

  92. - name: Copy the external etcd certs to the masters
    93. 

  93.   hosts: oo_masters_to_config
    94. 

  94.   vars:
    95. 

  95.     sync_tmpdir: "{{ hostvars.localhost.g_master_mktemp.stdout }}"
    96. 

  96.   tasks:
    97. 

  97.   - name: Ensure certificate directory exists
    98. 

  98.     file:
    99. 

  99.       path: /etc/openshift/master
    100. 

  100.       state: directory
    101. 

  101.     when: etcd_client_certs_missing is defined and etcd_client_certs_missing
    102. 

  102.   - name: Unarchive the tarball on the master
    103. 

  103.     unarchive:
    104. 

  104.       src: "{{ sync_tmpdir }}/{{ etcd_cert_subdir }}.tgz"
    105. 

  105.       dest: "{{ etcd_cert_config_dir }}"
    106. 

  106.     when: etcd_client_certs_missing is defined and etcd_client_certs_missing
    107. 

  107.   - file:
    108. 

  108.       path: "{{ etcd_cert_config_dir }}/{{ item }}"
    109. 

  109.       owner: root
    110. 

  110.       group: root
    111. 

  111.       mode: 0600
    112. 

  112.     with_items:
    113. 

  113.     - master.etcd-client.crt
    114. 

  114.     - master.etcd-client.key
    115. 

  115.     - master.etcd-ca.crt
    116. 

  116.     when: etcd_client_certs_missing is defined and etcd_client_certs_missing
    117. 

  117. 

  118. - name: Determine if master certificates need to be generated
    119. 

  119.   hosts: oo_masters_to_config
    120. 

  120.   tasks:
    121. 

  121.   - set_fact:
    122. 

  122.       openshift_master_certs_no_etcd:
    123. 

  123.       - admin.crt
    124. 

  124.       - master.kubelet-client.crt
    125. 

  125.       - master.server.crt
    126. 

  126.       - openshift-master.crt
    127. 

  127.       - openshift-registry.crt
    128. 

  128.       - openshift-router.crt
    129. 

  129.       - etcd.server.crt
    130. 

  130.       openshift_master_certs_etcd:
    131. 

  131.       - master.etcd-client.crt
    132. 

  132.   - set_fact:
    133. 

  133.       openshift_master_certs: "{{ (openshift_master_certs_no_etcd | union(openshift_master_certs_etcd)) if (groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config) else openshift_master_certs_no_etcd }}"
    134. 

  134. 

  135.   - name: Check status of master certificates
    136. 

  136.     stat:
    137. 

  137.       path: "/etc/openshift/master/{{ item }}"
    138. 

  138.     with_items: openshift_master_certs
    139. 

  139.     register: g_master_cert_stat_result
    140. 

  140.   - set_fact:
    141. 

  141.       master_certs_missing: "{{ g_master_cert_stat_result.results
    142. 

  142.                                 | map(attribute='stat.exists')
    143. 

  143.                                 | list | intersect([false])}}"
    144. 

  144.       master_cert_subdir: master-{{ openshift.common.hostname }}
    145. 

  145.       master_cert_config_dir: /etc/openshift/master
    146. 

  146. 

  147. - name: Configure master certificates
    148. 

  148.   hosts: oo_first_master
    149. 

  149.   vars:
    150. 

  150.     master_generated_certs_dir: /etc/openshift/generated-configs
    151. 

  151.     masters_needing_certs: "{{ hostvars
    152. 

  152.                                | oo_select_keys(groups['oo_masters_to_config'] | difference(groups['oo_first_master']))
    153. 

  153.                                | oo_filter_list(filter_attr='master_certs_missing') }}"
    154. 

  154.     sync_tmpdir: "{{ hostvars.localhost.g_master_mktemp.stdout }}"
    155. 

  155.   roles:
    156. 

  156.   - openshift_master_certificates
    157. 

  157.   post_tasks:
    158. 

  158.   - name: Remove generated etcd client certs when using external etcd
    159. 

  159.     file:
    160. 

  160.       path: "{{ master_generated_certs_dir }}/{{ item.0.master_cert_subdir }}/{{ item.1 }}"
    161. 

  161.       state: absent
    162. 

  162.     when: groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config
    163. 

  163.     with_nested:
    164. 

  164.     - masters_needing_certs
    165. 

  165.     - - master.etcd-client.crt
    166. 

  166.       - master.etcd-client.key
    167. 

  167. 

  168.   - name: Create a tarball of the master certs
    169. 

  169.     command: >
    170. 

  170.       tar -czvf {{ master_generated_certs_dir }}/{{ item.master_cert_subdir }}.tgz
    171. 

  171.         -C {{ master_generated_certs_dir }}/{{ item.master_cert_subdir }} .
    172. 

  172.     args:
    173. 

  173.       creates: "{{ master_generated_certs_dir }}/{{ item.master_cert_subdir }}.tgz"
    174. 

  174.     with_items: masters_needing_certs
    175. 

  175.   - name: Retrieve the master cert tarball from the master
    176. 

  176.     fetch:
    177. 

  177.       src: "{{ master_generated_certs_dir }}/{{ item.master_cert_subdir }}.tgz"
    178. 

  178.       dest: "{{ sync_tmpdir }}/"
    179. 

  179.       flat: yes
    180. 

  180.       fail_on_missing: yes
    181. 

  181.       validate_checksum: yes
    182. 

  182.     with_items: masters_needing_certs
    183. 

  183. 

  184. - name: Configure master instances
    185. 

  185.   hosts: oo_masters_to_config
    186. 

  186.   vars:
    187. 

  187.     sync_tmpdir: "{{ hostvars.localhost.g_master_mktemp.stdout }}"
    188. 

  188.     openshift_master_ha: "{{ groups.oo_masters_to_config | length > 1 }}"
    189. 

  189.   pre_tasks:
    190. 

  190.   - name: Ensure certificate directory exists
    191. 

  191.     file:
    192. 

  192.       path: /etc/openshift/master
    193. 

  193.       state: directory
    194. 

  194.     when: master_certs_missing and 'oo_first_master' not in group_names
    195. 

  195.   - name: Unarchive the tarball on the master
    196. 

  196.     unarchive:
    197. 

  197.       src: "{{ sync_tmpdir }}/{{ master_cert_subdir }}.tgz"
    198. 

  198.       dest: "{{ master_cert_config_dir }}"
    199. 

  199.     when: master_certs_missing and 'oo_first_master' not in group_names
    200. 

  200.   roles:
    201. 

  201.   - openshift_master
    202. 

  202.   - role: nickhammond.logrotate
    203. 

  203.   - role: fluentd_master
    204. 

  204.     when: openshift.common.use_fluentd | bool
    205. 

  205.   post_tasks:
    206. 

  206.   - name: Create group for deployment type
    207. 

  207.     group_by: key=oo_masters_deployment_type_{{ openshift.common.deployment_type }}
    208. 

  208.     changed_when: False
    209. 

  209. 

  210. - name: Additional master configuration
    211. 

  211.   hosts: oo_first_master
    212. 

  212.   vars:
    213. 

  213.     openshift_master_ha: "{{ groups.oo_masters_to_config | length > 1 }}"
    214. 

  214.     omc_cluster_hosts: "{{ groups.oo_masters_to_config | join(' ')}}"
    215. 

  215.   roles:
    216. 

  216.   - role: openshift_master_cluster
    217. 

  217.     when: openshift_master_ha | bool
    218. 

  218.   - openshift_examples
    219. 

  219.   - role: openshift_cluster_metrics
    220. 

  220.     when: openshift.common.use_cluster_metrics | bool
    221. 

  221. 

  222. # Additional instance config for online deployments
    223. 

  223. - name: Additional instance config
    224. 

  224.   hosts: oo_masters_deployment_type_online
    225. 

  225.   roles:
    226. 

  226.   - pods
    227. 

  227.   - os_env_extras
    228. 

  228. 

  229. - name: Delete temporary directory on localhost
    230. 

  230.   hosts: localhost
    231. 

  231.   connection: local
    232. 

  232.   sudo: false
    233. 

  233.   gather_facts: no
    234. 

  234.   tasks:
    235. 

  235.   - file: name={{ g_master_mktemp.stdout }} state=absent
    236. 

  236.     changed_when: False
    237.