32 changed files with 2 additions and 744 deletions
@ -1,2 +0,0 @@ |
|||
admin.pub |
|||
site.retry |
|||
@ -1,21 +0,0 @@ |
|||
The MIT License (MIT) |
|||
|
|||
Copyright (c) 2016 Nicolas MASSE |
|||
|
|||
Permission is hereby granted, free of charge, to any person obtaining a copy |
|||
of this software and associated documentation files (the "Software"), to deal |
|||
in the Software without restriction, including without limitation the rights |
|||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell |
|||
copies of the Software, and to permit persons to whom the Software is |
|||
furnished to do so, subject to the following conditions: |
|||
|
|||
The above copyright notice and this permission notice shall be included in all |
|||
copies or substantial portions of the Software. |
|||
|
|||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |
|||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, |
|||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE |
|||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER |
|||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, |
|||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE |
|||
SOFTWARE. |
|||
@ -1,15 +1,3 @@ |
|||
# OpenShift-Lab-Ansible-Playbook |
|||
This project is the Ansible Playbook to install OpenShift in a Lab Environment. |
|||
= MOVED |
|||
|
|||
## Preparation work |
|||
|
|||
1. Edit group_vars/lab and change all passwords and DNS names (search for "changeme") |
|||
2. Edit hosts-lab to target your Virtual Machines |
|||
|
|||
## Installation |
|||
|
|||
‘‘‘ |
|||
./ansible bootstrap master1.openshift.test node1.openshift.test node2.openshift.test nodeinfra1.openshift.test admin.openshift.test |
|||
./ansible play |
|||
./ansible run nodes "uptime -p" |
|||
’’’ |
|||
The OpenShift Playbooks moved to https://github.com/nmasse-itix/OpenShift-Lab |
|||
|
|||
@ -1,80 +0,0 @@ |
|||
#!/bin/bash |
|||
|
|||
options="" |
|||
ssh_key="$HOME/.ssh/id_rsa" |
|||
user="root" |
|||
inventory="lab" |
|||
|
|||
# Export our base directory so that any script launched localy can refer to it |
|||
BASEDIR="$(dirname $0)" |
|||
BASEDIR="$(python -c 'import os.path; import sys; print os.path.abspath(sys.argv[1])' "$BASEDIR")" |
|||
export BASEDIR |
|||
|
|||
target="$1" |
|||
shift |
|||
case "$target" in |
|||
"") |
|||
echo "No target specified. Please specify an inventory or 'bootstrap' !" |
|||
exit 1 |
|||
;; |
|||
|
|||
"bootstrap") |
|||
if [ -z "$1" ]; then |
|||
echo "Please specify the target host !" |
|||
exit 1 |
|||
fi |
|||
echo "Bootstraping $@..." |
|||
echo |
|||
echo -n "Please enter the initial $user password: " |
|||
read -s password |
|||
echo |
|||
if [ -z "$RHN_LOGIN" ]; then |
|||
echo -n "Please enter your RHN login: " |
|||
read rhn_login |
|||
export RHN_LOGIN="$rhn_login" |
|||
fi |
|||
if [ -z "$RHN_PASSWORD" ]; then |
|||
echo -n "Please enter your RHN password: " |
|||
read -s rhn_password |
|||
export RHN_PASSWORD="$rhn_password" |
|||
fi |
|||
if [ -z "$RHN_POOLID" ]; then |
|||
echo -n "Please enter your RHN Pool ID: " |
|||
read rhn_poolid |
|||
export RHN_POOLID="$rhn_poolid" |
|||
fi |
|||
echo |
|||
echo |
|||
for host; do |
|||
echo "Connecting to $host to register the SSH Host Key !" |
|||
LC_ALL=C sshpass -p "$password" ssh -i $ssh_key -o StrictHostKeyChecking=no "$user@$host" /bin/true |
|||
done |
|||
auth="" |
|||
if [ -n "$password" ]; then |
|||
auth="ansible_ssh_pass=$password" |
|||
else |
|||
auth="ansible_ssh_private_key_file=$ssh_key" |
|||
fi |
|||
echo "[$target]" > "./hosts-$target" |
|||
for host; do |
|||
echo -e "$host ansible_ssh_user=$user $auth" |
|||
done >> "./hosts-$target" |
|||
|
|||
ansible-playbook -i "./hosts-$target" $options site.yml |
|||
|
|||
rm -f "./hosts-$target" |
|||
;; |
|||
"play") |
|||
ansible-playbook -i "./hosts-$inventory" $options "$@" site.yml |
|||
;; |
|||
"run") |
|||
group="$1" |
|||
cmd="$2" |
|||
|
|||
ansible "$group" -i "./hosts-$inventory" -a "$cmd" |
|||
;; |
|||
*) |
|||
echo "Usage: $0 {bootstrap|run} [options]" |
|||
exit 1 |
|||
;; |
|||
esac |
|||
@ -1,7 +0,0 @@ |
|||
--- |
|||
timezone: Europe/Paris |
|||
ansible_python_interpreter: /usr/bin/python2 |
|||
ansible_ssh_user: redhat |
|||
ansible_ssh_private_key_file: "{{ lookup('env','HOME') }}/.ssh/id_rsa" |
|||
ansible_ssh_public_key: "{{ lookup('file', ansible_ssh_private_key_file + '.pub' ) }}" |
|||
ansible_connection: ssh |
|||
@ -1,5 +0,0 @@ |
|||
--- |
|||
openshift_cluster_dns: app.openshift.test |
|||
dns_suffix: openshift.test |
|||
openshift_version: 3.4 |
|||
router_stats_password: redhat |
|||
@ -1,17 +0,0 @@ |
|||
[lab] |
|||
master1.openshift.test |
|||
nodeinfra1.openshift.test |
|||
node1.openshift.test |
|||
node2.openshift.test |
|||
admin.openshift.test |
|||
|
|||
[admin] |
|||
admin.openshift.test |
|||
|
|||
[nodes] |
|||
nodeinfra1.openshift.test onlyforinfra=1 region=infra zone=infranodes |
|||
node1.openshift.test region=primary zone=east |
|||
node2.openshift.test region=primary zone=west |
|||
|
|||
[masters] |
|||
master1.openshift.test region=infra |
|||
@ -1,7 +0,0 @@ |
|||
--- |
|||
|
|||
- name: restart sshd |
|||
service: name=sshd state=reloaded |
|||
|
|||
- name: update hostname |
|||
command: hostname {{ inventory_hostname_short }} |
|||
@ -1,94 +0,0 @@ |
|||
--- |
|||
- name: This module has only been tested on RHEL 7.3 x64 |
|||
assert: |
|||
that: |
|||
- "ansible_userspace_bits == '64'" |
|||
- "ansible_os_family == 'RedHat'" |
|||
- "ansible_distribution_version == '7.3'" |
|||
|
|||
- name: Tell SSHD not to use DNS |
|||
lineinfile: dest=/etc/ssh/sshd_config regexp="^#* *UseDNS +" line="UseDNS no" |
|||
notify: restart sshd |
|||
tags: config |
|||
|
|||
- name: Tell SSHD to forbid root accesses |
|||
lineinfile: dest=/etc/ssh/sshd_config regexp="^#* *PermitRootLogin +" line="PermitRootLogin no" |
|||
notify: restart sshd |
|||
tags: config |
|||
|
|||
- name: Tell SSHD to forbid password accesses |
|||
lineinfile: dest=/etc/ssh/sshd_config regexp="^#* *PasswordAuthentication +" line="PasswordAuthentication no" |
|||
notify: restart sshd |
|||
tags: config |
|||
|
|||
- name: Install VIM |
|||
yum: name=vim-enhanced state=installed |
|||
|
|||
- name: Install Open-VM tools |
|||
yum: name=open-vm-tools state=installed |
|||
|
|||
- name: Install Screen |
|||
yum: name=screen state=installed |
|||
|
|||
- name: Install unzip |
|||
yum: name=unzip state=installed |
|||
|
|||
- name: Install tcpdump |
|||
yum: name=tcpdump state=installed |
|||
|
|||
- name: Install telnet |
|||
yum: name=telnet state=installed |
|||
|
|||
- name: Install strace |
|||
yum: name=strace state=installed |
|||
|
|||
- name: Install man-pages |
|||
yum: name=man-pages state=installed |
|||
|
|||
- name: Install man |
|||
yum: name=man state=installed |
|||
|
|||
- name: Install iptraf |
|||
yum: name=iptraf state=installed |
|||
|
|||
- name: Install wget |
|||
yum: name=wget state=installed |
|||
|
|||
- name: Fix /etc/environment to include PATH |
|||
lineinfile: dest=/etc/environment regexp="^PATH=" line="PATH=/bin:/usr/bin:/sbin:/usr/sbin" |
|||
tags: config |
|||
|
|||
- name: Persist the hostname |
|||
lineinfile: dest=/etc/sysconfig/network regexp="^HOSTNAME=" line="HOSTNAME={{ inventory_hostname_short }}" |
|||
notify: update hostname |
|||
tags: |
|||
- config |
|||
- dns |
|||
|
|||
- name: Set the hostname |
|||
command: hostnamectl set-hostname {{ inventory_hostname_short }} --static |
|||
tags: |
|||
- config |
|||
- dns |
|||
|
|||
- name: Edit /etc/hosts |
|||
template: src=etc_hosts dest=/etc/hosts owner=root group=root mode=0644 |
|||
tags: |
|||
- config |
|||
- dns |
|||
|
|||
- name: Ensure consistent locale across systems (1/2) |
|||
lineinfile: dest=/etc/locale.conf regexp="^LANG=" line="LANG=en_US.utf8" |
|||
|
|||
- name: Ensure consistent locale across systems (2/2) |
|||
lineinfile: dest=/etc/locale.conf line="LC_CTYPE=en_US.utf8" |
|||
|
|||
- name: Install the OpenSSH clients |
|||
yum: name=openssh-clients state=installed |
|||
|
|||
- name: Install the custom banner script |
|||
template: src=rc.local dest=/usr/local/etc/rc.local mode=0755 |
|||
tags: config |
|||
|
|||
- name: Run the custom banner script at startup |
|||
lineinfile: dest=/etc/rc.d/rc.local line="/usr/local/etc/rc.local" state=present insertafter=EOF |
|||
@ -1 +0,0 @@ |
|||
{{ inventory_hostname_short }} |
|||
@ -1,13 +0,0 @@ |
|||
# {{ ansible_managed }} |
|||
# |
|||
# /etc/hosts: static lookup table for host names |
|||
# |
|||
|
|||
#<ip-address> <hostname.domain.org> <hostname> |
|||
127.0.0.1 localhost.localdomain localhost |
|||
|
|||
# This is a requirement from the OpenShift installer |
|||
{{ ansible_default_ipv4['address'] }} {{ inventory_hostname }} {{ inventory_hostname_short }} |
|||
|
|||
|
|||
# End of file |
|||
@ -1,15 +0,0 @@ |
|||
DEVICE={{ item }} |
|||
TYPE=Ethernet |
|||
ONBOOT=yes |
|||
BOOTPROTO=dhcp |
|||
USERCTL=no |
|||
PEERDNS=yes |
|||
IPV6INIT=no |
|||
DHCP_HOSTNAME={{ shortname }} |
|||
|
|||
## Static configuration sample. |
|||
## Gateway to be configured in /etc/sysconfig/network. |
|||
## |
|||
# BOOTPROTO=static |
|||
# IPADDR=192.168.38.179 |
|||
# NETMASK=255.255.255.0 |
|||
@ -1,5 +0,0 @@ |
|||
[localrepo] |
|||
name=Demo Local Repository |
|||
baseurl=file://{{ sources_dir }}/rpms |
|||
enabled=1 |
|||
gpgcheck=0 |
|||
@ -1,6 +0,0 @@ |
|||
#!/bin/bash |
|||
|
|||
sed -ri 's/^(eth[0-9]: .*|)$//g; T; d' /etc/issue |
|||
echo >> /etc/issue |
|||
ip addr show scope global |sed -r 's/^.*inet ([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)\/[0-9]+ brd .* (eth[0-9])$/\2: \1/g; t; d' >> /etc/issue |
|||
echo >> /etc/issue |
|||
@ -1,30 +0,0 @@ |
|||
--- |
|||
|
|||
- name: This module has only been tested on RHEL and CentOS |
|||
assert: |
|||
that: |
|||
- "ansible_os_family == 'RedHat' or ansible_os_family == 'CentOS'" |
|||
|
|||
- name: Create user RedHat |
|||
user: name=redhat group=users groups=users,wheel state=present comment="RedHat privileged user" password="*" |
|||
tags: |
|||
- bootstrap |
|||
- user |
|||
|
|||
- name: Set SSH key for root |
|||
authorized_key: user=root key="{{ ansible_ssh_public_key }}" manage_dir=yes |
|||
tags: |
|||
- bootstrap |
|||
- user |
|||
|
|||
- name: Set SSH key for user RedHat |
|||
authorized_key: user=redhat key="{{ ansible_ssh_public_key }}" manage_dir=yes |
|||
tags: |
|||
- bootstrap |
|||
- user |
|||
|
|||
- name: Configure SUDO |
|||
template: src=sudoers dest=/etc/sudoers owner=root group=root mode=0440 validate="/usr/sbin/visudo -cf %s" |
|||
tags: |
|||
- bootstrap |
|||
- config |
|||
@ -1,3 +0,0 @@ |
|||
# {{ ansible_managed }} |
|||
%wheel ALL=(ALL) NOPASSWD: ALL |
|||
root ALL=(ALL) NOPASSWD: ALL |
|||
@ -1,29 +0,0 @@ |
|||
--- |
|||
|
|||
- name: Install Docker |
|||
yum: name=docker state=installed |
|||
tags: rpm |
|||
|
|||
- name: Enable insecure registries |
|||
lineinfile: state=present dest=/etc/sysconfig/docker regexp="^INSECURE_REGISTRY=" line="INSECURE_REGISTRY='--insecure-registry 172.30.0.0/16'" insertafter="^# INSECURE_REGISTRY=" |
|||
|
|||
# |
|||
# TODO : On the master nodes only ? |
|||
# |
|||
|
|||
- name: Check if sdb is empty |
|||
command: sfdisk -d /dev/sdb |
|||
register: sfdisk |
|||
failed_when: sfdisk.stdout != "" or sfdisk.stderr != "" # sdb is empty |
|||
tags: storage |
|||
|
|||
- name: Configure docker-storage-setup |
|||
template: dest=/etc/sysconfig/docker-storage-setup src=docker-storage-setup |
|||
tags: storage |
|||
|
|||
- name: Run docker-storage-setup |
|||
command: docker-storage-setup |
|||
tags: storage |
|||
|
|||
- name: Start Docker |
|||
service: name=docker state=started enabled=yes |
|||
@ -1,4 +0,0 @@ |
|||
STORAGE_DRIVER=devicemapper |
|||
CONTAINER_THINPOOL=docker-lv1 |
|||
DEVS=/dev/sdb |
|||
VG=docker |
|||
@ -1,7 +0,0 @@ |
|||
label: dos |
|||
unit: sectors |
|||
|
|||
start= 2048, size= 41940992, Id=8e |
|||
start= 0, size= 0, Id= 0 |
|||
start= 0, size= 0, Id= 0 |
|||
start= 0, size= 0, Id= 0 |
|||
@ -1,36 +0,0 @@ |
|||
--- |
|||
|
|||
- name: Install dnsmasq |
|||
yum: name=dnsmasq state=installed |
|||
when: "'admin' in group_names" # Only on admin server |
|||
tags: rpm |
|||
|
|||
- name: Set dnsmasq config |
|||
template: src=dnsmasq.conf dest=/etc/dnsmasq.conf |
|||
when: "'admin' in group_names" # Only on admin server |
|||
tags: config |
|||
|
|||
- name: Generate an /etc/hosts with all hosts |
|||
template: dest=/etc/hosts.dnsmasq src=hosts |
|||
when: "'admin' in group_names" # Only on admin server |
|||
tags: config |
|||
|
|||
- name: Make sure dnsmasq daemon is enabled and started |
|||
service: name=dnsmasq state=started enabled=yes |
|||
when: "'admin' in group_names" # Only on admin server |
|||
tags: config |
|||
|
|||
- name: Add an iptable rule to allow DNS queries from other hosts |
|||
lineinfile: dest=/etc/sysconfig/iptables line="-A INPUT -p udp --dport 53 -j ACCEPT" insertafter="-A INPUT -i lo -j ACCEPT" |
|||
when: "'admin' in group_names" # Only on admin server |
|||
tags: iptables |
|||
|
|||
- name: Restart iptables |
|||
service: name=iptables enabled=yes state=restarted |
|||
when: "'admin' in group_names" # Only on admin server |
|||
tags: iptables |
|||
|
|||
- name: Fix the /etc/resolv.conf of other hosts |
|||
template: dest=/etc/resolv.conf src=resolv.conf |
|||
when: "'admin' not in group_names" # On all other nodes |
|||
tags: config |
|||
@ -1,28 +0,0 @@ |
|||
# {{ ansible_managed }} |
|||
|
|||
domain-needed |
|||
bogus-priv |
|||
expand-hosts |
|||
log-queries |
|||
local-ttl=60 |
|||
|
|||
# Do not read the default /etc/hosts |
|||
no-hosts |
|||
|
|||
# But read this one... |
|||
addn-hosts=/etc/hosts.dnsmasq |
|||
|
|||
# Default suffix for all machines |
|||
domain={{ dns_suffix }} |
|||
|
|||
# |
|||
# Wildcard DNS entries (see openshift_cluster_dns variable) |
|||
# |
|||
# note: will generate something like this : |
|||
# address=/app.openshift.test/192.168.23.20 |
|||
# |
|||
{% for item in groups['nodes'] %} |
|||
{% if 'onlyforinfra' in hostvars[item] %} |
|||
address=/{{openshift_cluster_dns}}/{{ hostvars[item]['ansible_default_ipv4']['address'] }} |
|||
{% endif %} |
|||
{% endfor %} |
|||
@ -1,5 +0,0 @@ |
|||
# {{ ansible_managed }} |
|||
|
|||
{% for item in groups['lab'] %} |
|||
{{ hostvars[item]['ansible_default_ipv4']['address'] }} {{ hostvars[item]['inventory_hostname']}} {{ hostvars[item]['inventory_hostname_short']}} |
|||
{% endfor %} |
|||
@ -1,4 +0,0 @@ |
|||
search {{ dns_suffix }} |
|||
{% for item in groups['admin'] %} |
|||
nameserver {{ hostvars[item]['ansible_default_ipv4']['address'] }} |
|||
{% endfor %} |
|||
@ -1,36 +0,0 @@ |
|||
--- |
|||
|
|||
- name: Make sure nfs-utils is installed |
|||
yum: name=nfs-utils state=installed |
|||
|
|||
- name: set virt_use_nfs to 1 |
|||
command: setsebool -P virt_use_nfs 1 |
|||
|
|||
- name: Create a directory for NFS storage |
|||
file: path=/openshift-storage state=directory owner=nfsnobody group=nfsnobody mode=0777 |
|||
|
|||
- name: Fill /etc/exports |
|||
template: dest=/etc/exports src=exports |
|||
|
|||
- name: Start nfs-server |
|||
service: name=nfs-server state=started enabled=yes |
|||
|
|||
- name: Add an iptable rule to allow port 2049 (tcp) from other hosts |
|||
lineinfile: dest=/etc/sysconfig/iptables regexp="^-A INPUT -p tcp .*--dport 2049" line="-A INPUT -p tcp -m state --state NEW -m tcp --dport 2049 -j ACCEPT" insertafter="-A INPUT -i lo -j ACCEPT" |
|||
tags: iptables |
|||
|
|||
- name: Add an iptable rule to allow port 2049 (udp) from other hosts |
|||
lineinfile: dest=/etc/sysconfig/iptables line="-A INPUT -p udp --dport 2049 -j ACCEPT" insertafter="-A INPUT -i lo -j ACCEPT" |
|||
tags: iptables |
|||
|
|||
- name: Add an iptable rule to allow port 111 (tcp) from other hosts |
|||
lineinfile: dest=/etc/sysconfig/iptables regexp="^-A INPUT -p tcp .*--dport 111" line="-A INPUT -p tcp -m state --state NEW -m tcp --dport 111 -j ACCEPT" insertafter="-A INPUT -i lo -j ACCEPT" |
|||
tags: iptables |
|||
|
|||
- name: Add an iptable rule to allow port 111 (udp) from other hosts |
|||
lineinfile: dest=/etc/sysconfig/iptables line="-A INPUT -p udp --dport 111 -j ACCEPT" insertafter="-A INPUT -i lo -j ACCEPT" |
|||
tags: iptables |
|||
|
|||
- name: Restart iptables |
|||
service: name=iptables enabled=yes state=restarted |
|||
tags: iptables |
|||
@ -1 +0,0 @@ |
|||
/openshift-storage *(rw,all_squash) |
|||
@ -1,7 +0,0 @@ |
|||
--- |
|||
|
|||
- name: Fill-in the ansible inventory file on the admin server |
|||
template: src=ansible-hosts dest=/etc/ansible/hosts |
|||
|
|||
- name: Run the OpenShift installation playbook |
|||
fail: msg="run 'ansible-playbook /usr/share/ansible/openshift-ansible/playbooks/byo/config.yml' on the admin node" |
|||
@ -1,55 +0,0 @@ |
|||
[OSEv3:children] |
|||
masters |
|||
nodes |
|||
nfs |
|||
|
|||
[OSEv3:vars] |
|||
ansible_ssh_user=redhat |
|||
ansible_become=yes # Use SUDO |
|||
deployment_type=openshift-enterprise |
|||
openshift_release={{ openshift_version }} |
|||
|
|||
openshift_master_cluster_method=native |
|||
openshift_master_cluster_hostname={{ hostvars[groups['masters'][0]]['inventory_hostname'] }} |
|||
openshift_master_cluster_public_hostname={{ hostvars[groups['masters'][0]]['inventory_hostname'] }} |
|||
|
|||
os_sdn_network_plugin_name='redhat/openshift-ovs-multitenant' |
|||
|
|||
openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', 'filename': '/etc/origin/master/htpasswd'}] |
|||
#openshift_master_htpasswd_users={'andrew': '$apr1$cHkRDw5u$eU/ENgeCdo/ADmHF7SZhP/', 'marina': '$apr1$cHkRDw5u$eU/ENgeCdo/ADmHF7SZhP/' |
|||
|
|||
# default project node selector |
|||
osm_default_node_selector='region=primary' |
|||
openshift_hosted_router_selector='region=infra' |
|||
openshift_hosted_router_replicas=1 |
|||
#openshift_hosted_router_certificate={"certfile": "/path/to/router.crt", "keyfile": "/path/to/router.key", "cafile": "/path/to/router-ca.crt"} |
|||
openshift_hosted_registry_selector='region=infra' |
|||
openshift_hosted_registry_replicas=1 |
|||
|
|||
openshift_master_default_subdomain={{ openshift_cluster_dns }} |
|||
|
|||
#openshift_use_dnsmasq=False |
|||
#openshift_node_dnsmasq_additional_config_file=/home/bob/ose-dnsmasq.conf |
|||
|
|||
openshift_hosted_registry_storage_kind=nfs |
|||
openshift_hosted_registry_storage_access_modes=['ReadWriteMany'] |
|||
openshift_hosted_registry_storage_host={{ hostvars[groups['admin'][0]]['inventory_hostname'] }} |
|||
openshift_hosted_registry_storage_nfs_directory=/openshift-storage |
|||
openshift_hosted_registry_storage_volume_name=registry |
|||
openshift_hosted_registry_storage_volume_size=5Gi |
|||
|
|||
[nfs] |
|||
{{ hostvars[groups['admin'][0]]['inventory_hostname'] }} |
|||
|
|||
[masters] |
|||
{% for item in groups['masters'] %} |
|||
{{ hostvars[item]['inventory_hostname'] }} openshift_hostname={{ hostvars[item]['inventory_hostname'] }} openshift_public_hostname={{ hostvars[item]['inventory_hostname'] }} |
|||
{% endfor %} |
|||
|
|||
[nodes] |
|||
{% for item in groups['masters'] %} |
|||
{{ hostvars[item]['inventory_hostname'] }} openshift_hostname={{ hostvars[item]['inventory_hostname'] }} openshift_public_hostname={{ hostvars[item]['inventory_hostname'] }} openshift_node_labels="{'region': '{{ hostvars[item]['region'] }}'}" |
|||
{% endfor %} |
|||
{% for item in groups['nodes'] %} |
|||
{{ hostvars[item]['inventory_hostname'] }} openshift_hostname={{ hostvars[item]['inventory_hostname'] }} openshift_public_hostname={{ hostvars[item]['inventory_hostname'] }} openshift_node_labels="{'region': '{{ hostvars[item]['region'] }}', 'zone': '{{ hostvars[item]['zone'] }}'}" |
|||
{% endfor %} |
|||
@ -1,36 +0,0 @@ |
|||
--- |
|||
|
|||
- name: Make sure infra pods runs in the infra region |
|||
become: no |
|||
command: oc annotate namespace default openshift.io/node-selector='region=infra' --overwrite |
|||
|
|||
- name: Make sure the httpd-tools package is installed (we need htpasswd) |
|||
yum: name=httpd-tools state=installed |
|||
|
|||
- name: Create a few test users |
|||
command: htpasswd -b /etc/origin/master/htpasswd {{ item.login }} {{ item.password }} |
|||
with_items: |
|||
- { login: andrew, password: andrew } |
|||
- { login: marina, password: marina } |
|||
|
|||
- name: Recreate the default router certificate |
|||
command: oadm ca create-server-cert --signer-cert=/etc/origin/master/ca.crt --signer-key=/etc/origin/master/ca.key --signer-serial=/etc/origin/master/ca.serial.txt --hostnames='*.{{ openshift_cluster_dns }}' --cert=/home/{{ ansible_ssh_user }}/cloudapps.crt --key=/home/{{ ansible_ssh_user }}/cloudapps.key |
|||
|
|||
- name: Build the certificate + key bundle |
|||
shell: cat /home/{{ ansible_ssh_user }}/cloudapps.crt /home/{{ ansible_ssh_user }}/cloudapps.key /etc/origin/master/ca.crt > /home/{{ ansible_ssh_user }}/cloudapps.pem |
|||
|
|||
- name: Destroy the existing router |
|||
command: oc delete dc/router svc/router |
|||
become: no |
|||
|
|||
- name: Deploy the new router |
|||
command: oadm router customrouter --replicas=1 --default-cert=/home/{{ ansible_ssh_user }}/cloudapps.pem --service-account=router --stats-password='{{ router_stats_password }}' |
|||
become: no |
|||
|
|||
- name: Ship the PV creation script |
|||
template: src=create-pv.sh dest=/home/{{ ansible_ssh_user }}/create-pv.sh mode=0755 |
|||
become: no |
|||
|
|||
- name: Run the PV creation script |
|||
command: /home/{{ ansible_ssh_user }}/create-pv.sh |
|||
become: no |
|||
@ -1,28 +0,0 @@ |
|||
#!/bin/sh |
|||
|
|||
mkdir -p "$HOME/pvs/" |
|||
|
|||
for size in 1Gi 5Gi 10Gi; do |
|||
for volume in pv{1..25} ; do |
|||
cat << EOF > $HOME/pvs/pv-${size}-${volume}.json |
|||
{ |
|||
"apiVersion": "v1", |
|||
"kind": "PersistentVolume", |
|||
"metadata": { |
|||
"name": "${volume}" |
|||
}, |
|||
"spec": { |
|||
"capacity": { |
|||
"storage": "${size}" |
|||
}, |
|||
"accessModes": [ "ReadWriteOnce" ], |
|||
"nfs": { |
|||
"path": "/openshift-storage/pv-${size}-${volume}", |
|||
"server": "{{ hostvars[groups['admin'][0]]['ansible_default_ipv4']['address'] }}" |
|||
}, |
|||
"persistentVolumeReclaimPolicy": "Recycle" |
|||
} |
|||
} |
|||
EOF |
|||
done |
|||
done |
|||
@ -1,103 +0,0 @@ |
|||
--- |
|||
|
|||
- name: This module has only been tested on RHEL 7.3 x64 |
|||
assert: |
|||
that: |
|||
- "ansible_userspace_bits == '64'" |
|||
- "ansible_os_family == 'RedHat'" |
|||
- "ansible_distribution_version == '7.3'" |
|||
|
|||
- name: First, disable any repos (using subscription-manager) |
|||
command: subscription-manager repos --disable="*" |
|||
tags: rpm |
|||
|
|||
- name: Make sure mandatory repos are enabled |
|||
command: subscription-manager repos --enable {{ item }} |
|||
with_items: |
|||
- rhel-7-server-rpms |
|||
- rhel-7-server-optional-rpms |
|||
- rhel-7-server-extras-rpms |
|||
- rhel-7-server-ose-{{ openshift_version }}-rpms |
|||
tags: rpm |
|||
|
|||
- name: Install wget |
|||
yum: name=wget state=installed |
|||
when: "'admin' in group_names" # Only on admin server |
|||
tags: rpm |
|||
|
|||
- name: Install bridge-utils |
|||
yum: name=bridge-utils state=installed |
|||
when: "'admin' in group_names" # Only on admin server |
|||
tags: rpm |
|||
|
|||
- name: Install nfs-utils |
|||
yum: name=nfs-utils state=installed |
|||
tags: rpm |
|||
|
|||
- name: Install bash-completion |
|||
yum: name=bash-completion state=installed |
|||
when: "'admin' in group_names or 'masters' in group_names" # Only on admin or master server |
|||
tags: rpm |
|||
|
|||
- name: Install NetworkManager |
|||
yum: name=NetworkManager state=installed |
|||
tags: rpm |
|||
|
|||
- name: Install GIT |
|||
yum: name=git state=installed |
|||
when: "'admin' in group_names" # Only on admin server |
|||
tags: rpm |
|||
|
|||
- name: Install net-tools |
|||
yum: name=net-tools state=installed |
|||
tags: rpm |
|||
|
|||
- name: Install bind-utils |
|||
yum: name=bind-utils state=installed |
|||
tags: rpm |
|||
|
|||
- name: Install iptables-services |
|||
yum: name=iptables-services state=installed |
|||
tags: rpm |
|||
|
|||
- name: Disable firewalld |
|||
service: name=firewalld state=stopped enabled=no |
|||
|
|||
- name: Enable iptables |
|||
service: name=iptables state=started enabled=yes |
|||
|
|||
- name: Check for existing SSH Private Key on the admin server |
|||
stat: path=/home/{{ ansible_ssh_user }}/.ssh/id_rsa |
|||
register: key |
|||
when: "'admin' in group_names" # Only on admin server |
|||
tags: ssh-key |
|||
|
|||
- name: Generate an SSH Private Key on the admin server |
|||
command: ssh-keygen -t rsa -b 2048 -f /home/{{ ansible_ssh_user }}/.ssh/id_rsa -q -N '' |
|||
become_user: "{{ ansible_ssh_user }}" |
|||
when: "'admin' in group_names and key.stat.exists == False" # Only on admin server and if key does not exists |
|||
tags: ssh-key |
|||
|
|||
- name: Fetch the SSH Public Key of the admin server |
|||
fetch: src=/home/{{ ansible_ssh_user }}/.ssh/id_rsa.pub dest="{{ basedir }}/admin.pub" flat=yes |
|||
when: "'admin' in group_names" # Only on admin server |
|||
tags: ssh-key |
|||
|
|||
- name: Add SSH Public key of the admin server to the authorized_keys of each server (including the admin server) |
|||
authorized_key: |
|||
key: "{{ lookup('file', basedir + '/admin.pub' ) }}" |
|||
user: "{{ ansible_ssh_user }}" |
|||
state: present |
|||
tags: ssh-key |
|||
|
|||
- name: pre-authorize all ssh keys of the other machines |
|||
command: ssh -o StrictHostKeyChecking=no {{ item }} /bin/true |
|||
become: no # need to run the ssh command as user "redhat" |
|||
with_items: "{{ groups['lab'] }}" |
|||
when: "'admin' in group_names" # Only on admin server |
|||
tags: ssh-key |
|||
|
|||
- name: Install atomic-openshift-utils (only on the admin node) |
|||
yum: name=atomic-openshift-utils state=installed |
|||
when: "'admin' in group_names" # Only on admin server |
|||
tags: rpm |
|||
@ -1,23 +0,0 @@ |
|||
--- |
|||
- name: This module should only work on RHEL |
|||
assert: |
|||
that: |
|||
- "ansible_os_family == 'RedHat'" |
|||
|
|||
- name: Register this system on RHN |
|||
redhat_subscription: |
|||
state: present |
|||
username: "{{ lookup('env','RHN_LOGIN') }}" |
|||
password: "{{ lookup('env','RHN_PASSWORD') }}" |
|||
consumer_name: "{{ inventory_hostname }}" |
|||
autosubscribe: false |
|||
tags: rhn |
|||
|
|||
# |
|||
# To know which Pool ID you can use, run the following command on a registered host : |
|||
# |
|||
# sudo subscription-manager list --available --matches '*OpenShift*' |
|||
# |
|||
- name: Attach the correct pool id to the new subscription |
|||
command: subscription-manager attach --pool={{ lookup('env','RHN_POOLID') }} |
|||
tags: rhn |
|||
@ -1,22 +0,0 @@ |
|||
--- |
|||
|
|||
- name: Bootstrap one or more RHEL7 nodes |
|||
hosts: bootstrap |
|||
become: no |
|||
roles: |
|||
- bootstrap |
|||
- register-rhn |
|||
|
|||
- name: Install the required package for an OpenShift Lab |
|||
hosts: lab |
|||
become: yes |
|||
vars: |
|||
- basedir: "{{ lookup('env', 'BASEDIR') }}" |
|||
roles: |
|||
- { role: base } |
|||
- { role: openshift-prereq } |
|||
- { role: name-resolution } |
|||
- { role: docker, when: "'admin' not in group_names" } |
|||
- { role: nfs, when: "'admin' in group_names" } |
|||
- { role: openshift-install, when: "'admin' in group_names" } |
|||
- { role: openshift-postinstall, when: "'masters' in group_names" } |
|||
Loading…
Reference in new issue