32 changed files with 2 additions and 744 deletions
@ -1,2 +0,0 @@ |
|||||
admin.pub |
|
||||
site.retry |
|
||||
@ -1,21 +0,0 @@ |
|||||
The MIT License (MIT) |
|
||||
|
|
||||
Copyright (c) 2016 Nicolas MASSE |
|
||||
|
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy |
|
||||
of this software and associated documentation files (the "Software"), to deal |
|
||||
in the Software without restriction, including without limitation the rights |
|
||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell |
|
||||
copies of the Software, and to permit persons to whom the Software is |
|
||||
furnished to do so, subject to the following conditions: |
|
||||
|
|
||||
The above copyright notice and this permission notice shall be included in all |
|
||||
copies or substantial portions of the Software. |
|
||||
|
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, |
|
||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE |
|
||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER |
|
||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, |
|
||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE |
|
||||
SOFTWARE. |
|
||||
@ -1,15 +1,3 @@ |
|||||
# OpenShift-Lab-Ansible-Playbook |
= MOVED |
||||
This project is the Ansible Playbook to install OpenShift in a Lab Environment. |
|
||||
|
|
||||
## Preparation work |
The OpenShift Playbooks moved to https://github.com/nmasse-itix/OpenShift-Lab |
||||
|
|
||||
1. Edit group_vars/lab and change all passwords and DNS names (search for "changeme") |
|
||||
2. Edit hosts-lab to target your Virtual Machines |
|
||||
|
|
||||
## Installation |
|
||||
|
|
||||
‘‘‘ |
|
||||
./ansible bootstrap master1.openshift.test node1.openshift.test node2.openshift.test nodeinfra1.openshift.test admin.openshift.test |
|
||||
./ansible play |
|
||||
./ansible run nodes "uptime -p" |
|
||||
’’’ |
|
||||
|
|||||
@ -1,80 +0,0 @@ |
|||||
#!/bin/bash |
|
||||
|
|
||||
options="" |
|
||||
ssh_key="$HOME/.ssh/id_rsa" |
|
||||
user="root" |
|
||||
inventory="lab" |
|
||||
|
|
||||
# Export our base directory so that any script launched localy can refer to it |
|
||||
BASEDIR="$(dirname $0)" |
|
||||
BASEDIR="$(python -c 'import os.path; import sys; print os.path.abspath(sys.argv[1])' "$BASEDIR")" |
|
||||
export BASEDIR |
|
||||
|
|
||||
target="$1" |
|
||||
shift |
|
||||
case "$target" in |
|
||||
"") |
|
||||
echo "No target specified. Please specify an inventory or 'bootstrap' !" |
|
||||
exit 1 |
|
||||
;; |
|
||||
|
|
||||
"bootstrap") |
|
||||
if [ -z "$1" ]; then |
|
||||
echo "Please specify the target host !" |
|
||||
exit 1 |
|
||||
fi |
|
||||
echo "Bootstraping $@..." |
|
||||
echo |
|
||||
echo -n "Please enter the initial $user password: " |
|
||||
read -s password |
|
||||
echo |
|
||||
if [ -z "$RHN_LOGIN" ]; then |
|
||||
echo -n "Please enter your RHN login: " |
|
||||
read rhn_login |
|
||||
export RHN_LOGIN="$rhn_login" |
|
||||
fi |
|
||||
if [ -z "$RHN_PASSWORD" ]; then |
|
||||
echo -n "Please enter your RHN password: " |
|
||||
read -s rhn_password |
|
||||
export RHN_PASSWORD="$rhn_password" |
|
||||
fi |
|
||||
if [ -z "$RHN_POOLID" ]; then |
|
||||
echo -n "Please enter your RHN Pool ID: " |
|
||||
read rhn_poolid |
|
||||
export RHN_POOLID="$rhn_poolid" |
|
||||
fi |
|
||||
echo |
|
||||
echo |
|
||||
for host; do |
|
||||
echo "Connecting to $host to register the SSH Host Key !" |
|
||||
LC_ALL=C sshpass -p "$password" ssh -i $ssh_key -o StrictHostKeyChecking=no "$user@$host" /bin/true |
|
||||
done |
|
||||
auth="" |
|
||||
if [ -n "$password" ]; then |
|
||||
auth="ansible_ssh_pass=$password" |
|
||||
else |
|
||||
auth="ansible_ssh_private_key_file=$ssh_key" |
|
||||
fi |
|
||||
echo "[$target]" > "./hosts-$target" |
|
||||
for host; do |
|
||||
echo -e "$host ansible_ssh_user=$user $auth" |
|
||||
done >> "./hosts-$target" |
|
||||
|
|
||||
ansible-playbook -i "./hosts-$target" $options site.yml |
|
||||
|
|
||||
rm -f "./hosts-$target" |
|
||||
;; |
|
||||
"play") |
|
||||
ansible-playbook -i "./hosts-$inventory" $options "$@" site.yml |
|
||||
;; |
|
||||
"run") |
|
||||
group="$1" |
|
||||
cmd="$2" |
|
||||
|
|
||||
ansible "$group" -i "./hosts-$inventory" -a "$cmd" |
|
||||
;; |
|
||||
*) |
|
||||
echo "Usage: $0 {bootstrap|run} [options]" |
|
||||
exit 1 |
|
||||
;; |
|
||||
esac |
|
||||
@ -1,7 +0,0 @@ |
|||||
--- |
|
||||
timezone: Europe/Paris |
|
||||
ansible_python_interpreter: /usr/bin/python2 |
|
||||
ansible_ssh_user: redhat |
|
||||
ansible_ssh_private_key_file: "{{ lookup('env','HOME') }}/.ssh/id_rsa" |
|
||||
ansible_ssh_public_key: "{{ lookup('file', ansible_ssh_private_key_file + '.pub' ) }}" |
|
||||
ansible_connection: ssh |
|
||||
@ -1,5 +0,0 @@ |
|||||
--- |
|
||||
openshift_cluster_dns: app.openshift.test |
|
||||
dns_suffix: openshift.test |
|
||||
openshift_version: 3.4 |
|
||||
router_stats_password: redhat |
|
||||
@ -1,17 +0,0 @@ |
|||||
[lab] |
|
||||
master1.openshift.test |
|
||||
nodeinfra1.openshift.test |
|
||||
node1.openshift.test |
|
||||
node2.openshift.test |
|
||||
admin.openshift.test |
|
||||
|
|
||||
[admin] |
|
||||
admin.openshift.test |
|
||||
|
|
||||
[nodes] |
|
||||
nodeinfra1.openshift.test onlyforinfra=1 region=infra zone=infranodes |
|
||||
node1.openshift.test region=primary zone=east |
|
||||
node2.openshift.test region=primary zone=west |
|
||||
|
|
||||
[masters] |
|
||||
master1.openshift.test region=infra |
|
||||
@ -1,7 +0,0 @@ |
|||||
--- |
|
||||
|
|
||||
- name: restart sshd |
|
||||
service: name=sshd state=reloaded |
|
||||
|
|
||||
- name: update hostname |
|
||||
command: hostname {{ inventory_hostname_short }} |
|
||||
@ -1,94 +0,0 @@ |
|||||
--- |
|
||||
- name: This module has only been tested on RHEL 7.3 x64 |
|
||||
assert: |
|
||||
that: |
|
||||
- "ansible_userspace_bits == '64'" |
|
||||
- "ansible_os_family == 'RedHat'" |
|
||||
- "ansible_distribution_version == '7.3'" |
|
||||
|
|
||||
- name: Tell SSHD not to use DNS |
|
||||
lineinfile: dest=/etc/ssh/sshd_config regexp="^#* *UseDNS +" line="UseDNS no" |
|
||||
notify: restart sshd |
|
||||
tags: config |
|
||||
|
|
||||
- name: Tell SSHD to forbid root accesses |
|
||||
lineinfile: dest=/etc/ssh/sshd_config regexp="^#* *PermitRootLogin +" line="PermitRootLogin no" |
|
||||
notify: restart sshd |
|
||||
tags: config |
|
||||
|
|
||||
- name: Tell SSHD to forbid password accesses |
|
||||
lineinfile: dest=/etc/ssh/sshd_config regexp="^#* *PasswordAuthentication +" line="PasswordAuthentication no" |
|
||||
notify: restart sshd |
|
||||
tags: config |
|
||||
|
|
||||
- name: Install VIM |
|
||||
yum: name=vim-enhanced state=installed |
|
||||
|
|
||||
- name: Install Open-VM tools |
|
||||
yum: name=open-vm-tools state=installed |
|
||||
|
|
||||
- name: Install Screen |
|
||||
yum: name=screen state=installed |
|
||||
|
|
||||
- name: Install unzip |
|
||||
yum: name=unzip state=installed |
|
||||
|
|
||||
- name: Install tcpdump |
|
||||
yum: name=tcpdump state=installed |
|
||||
|
|
||||
- name: Install telnet |
|
||||
yum: name=telnet state=installed |
|
||||
|
|
||||
- name: Install strace |
|
||||
yum: name=strace state=installed |
|
||||
|
|
||||
- name: Install man-pages |
|
||||
yum: name=man-pages state=installed |
|
||||
|
|
||||
- name: Install man |
|
||||
yum: name=man state=installed |
|
||||
|
|
||||
- name: Install iptraf |
|
||||
yum: name=iptraf state=installed |
|
||||
|
|
||||
- name: Install wget |
|
||||
yum: name=wget state=installed |
|
||||
|
|
||||
- name: Fix /etc/environment to include PATH |
|
||||
lineinfile: dest=/etc/environment regexp="^PATH=" line="PATH=/bin:/usr/bin:/sbin:/usr/sbin" |
|
||||
tags: config |
|
||||
|
|
||||
- name: Persist the hostname |
|
||||
lineinfile: dest=/etc/sysconfig/network regexp="^HOSTNAME=" line="HOSTNAME={{ inventory_hostname_short }}" |
|
||||
notify: update hostname |
|
||||
tags: |
|
||||
- config |
|
||||
- dns |
|
||||
|
|
||||
- name: Set the hostname |
|
||||
command: hostnamectl set-hostname {{ inventory_hostname_short }} --static |
|
||||
tags: |
|
||||
- config |
|
||||
- dns |
|
||||
|
|
||||
- name: Edit /etc/hosts |
|
||||
template: src=etc_hosts dest=/etc/hosts owner=root group=root mode=0644 |
|
||||
tags: |
|
||||
- config |
|
||||
- dns |
|
||||
|
|
||||
- name: Ensure consistent locale across systems (1/2) |
|
||||
lineinfile: dest=/etc/locale.conf regexp="^LANG=" line="LANG=en_US.utf8" |
|
||||
|
|
||||
- name: Ensure consistent locale across systems (2/2) |
|
||||
lineinfile: dest=/etc/locale.conf line="LC_CTYPE=en_US.utf8" |
|
||||
|
|
||||
- name: Install the OpenSSH clients |
|
||||
yum: name=openssh-clients state=installed |
|
||||
|
|
||||
- name: Install the custom banner script |
|
||||
template: src=rc.local dest=/usr/local/etc/rc.local mode=0755 |
|
||||
tags: config |
|
||||
|
|
||||
- name: Run the custom banner script at startup |
|
||||
lineinfile: dest=/etc/rc.d/rc.local line="/usr/local/etc/rc.local" state=present insertafter=EOF |
|
||||
@ -1 +0,0 @@ |
|||||
{{ inventory_hostname_short }} |
|
||||
@ -1,13 +0,0 @@ |
|||||
# {{ ansible_managed }} |
|
||||
# |
|
||||
# /etc/hosts: static lookup table for host names |
|
||||
# |
|
||||
|
|
||||
#<ip-address> <hostname.domain.org> <hostname> |
|
||||
127.0.0.1 localhost.localdomain localhost |
|
||||
|
|
||||
# This is a requirement from the OpenShift installer |
|
||||
{{ ansible_default_ipv4['address'] }} {{ inventory_hostname }} {{ inventory_hostname_short }} |
|
||||
|
|
||||
|
|
||||
# End of file |
|
||||
@ -1,15 +0,0 @@ |
|||||
DEVICE={{ item }} |
|
||||
TYPE=Ethernet |
|
||||
ONBOOT=yes |
|
||||
BOOTPROTO=dhcp |
|
||||
USERCTL=no |
|
||||
PEERDNS=yes |
|
||||
IPV6INIT=no |
|
||||
DHCP_HOSTNAME={{ shortname }} |
|
||||
|
|
||||
## Static configuration sample. |
|
||||
## Gateway to be configured in /etc/sysconfig/network. |
|
||||
## |
|
||||
# BOOTPROTO=static |
|
||||
# IPADDR=192.168.38.179 |
|
||||
# NETMASK=255.255.255.0 |
|
||||
@ -1,5 +0,0 @@ |
|||||
[localrepo] |
|
||||
name=Demo Local Repository |
|
||||
baseurl=file://{{ sources_dir }}/rpms |
|
||||
enabled=1 |
|
||||
gpgcheck=0 |
|
||||
@ -1,6 +0,0 @@ |
|||||
#!/bin/bash |
|
||||
|
|
||||
sed -ri 's/^(eth[0-9]: .*|)$//g; T; d' /etc/issue |
|
||||
echo >> /etc/issue |
|
||||
ip addr show scope global |sed -r 's/^.*inet ([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)\/[0-9]+ brd .* (eth[0-9])$/\2: \1/g; t; d' >> /etc/issue |
|
||||
echo >> /etc/issue |
|
||||
@ -1,30 +0,0 @@ |
|||||
--- |
|
||||
|
|
||||
- name: This module has only been tested on RHEL and CentOS |
|
||||
assert: |
|
||||
that: |
|
||||
- "ansible_os_family == 'RedHat' or ansible_os_family == 'CentOS'" |
|
||||
|
|
||||
- name: Create user RedHat |
|
||||
user: name=redhat group=users groups=users,wheel state=present comment="RedHat privileged user" password="*" |
|
||||
tags: |
|
||||
- bootstrap |
|
||||
- user |
|
||||
|
|
||||
- name: Set SSH key for root |
|
||||
authorized_key: user=root key="{{ ansible_ssh_public_key }}" manage_dir=yes |
|
||||
tags: |
|
||||
- bootstrap |
|
||||
- user |
|
||||
|
|
||||
- name: Set SSH key for user RedHat |
|
||||
authorized_key: user=redhat key="{{ ansible_ssh_public_key }}" manage_dir=yes |
|
||||
tags: |
|
||||
- bootstrap |
|
||||
- user |
|
||||
|
|
||||
- name: Configure SUDO |
|
||||
template: src=sudoers dest=/etc/sudoers owner=root group=root mode=0440 validate="/usr/sbin/visudo -cf %s" |
|
||||
tags: |
|
||||
- bootstrap |
|
||||
- config |
|
||||
@ -1,3 +0,0 @@ |
|||||
# {{ ansible_managed }} |
|
||||
%wheel ALL=(ALL) NOPASSWD: ALL |
|
||||
root ALL=(ALL) NOPASSWD: ALL |
|
||||
@ -1,29 +0,0 @@ |
|||||
--- |
|
||||
|
|
||||
- name: Install Docker |
|
||||
yum: name=docker state=installed |
|
||||
tags: rpm |
|
||||
|
|
||||
- name: Enable insecure registries |
|
||||
lineinfile: state=present dest=/etc/sysconfig/docker regexp="^INSECURE_REGISTRY=" line="INSECURE_REGISTRY='--insecure-registry 172.30.0.0/16'" insertafter="^# INSECURE_REGISTRY=" |
|
||||
|
|
||||
# |
|
||||
# TODO : On the master nodes only ? |
|
||||
# |
|
||||
|
|
||||
- name: Check if sdb is empty |
|
||||
command: sfdisk -d /dev/sdb |
|
||||
register: sfdisk |
|
||||
failed_when: sfdisk.stdout != "" or sfdisk.stderr != "" # sdb is empty |
|
||||
tags: storage |
|
||||
|
|
||||
- name: Configure docker-storage-setup |
|
||||
template: dest=/etc/sysconfig/docker-storage-setup src=docker-storage-setup |
|
||||
tags: storage |
|
||||
|
|
||||
- name: Run docker-storage-setup |
|
||||
command: docker-storage-setup |
|
||||
tags: storage |
|
||||
|
|
||||
- name: Start Docker |
|
||||
service: name=docker state=started enabled=yes |
|
||||
@ -1,4 +0,0 @@ |
|||||
STORAGE_DRIVER=devicemapper |
|
||||
CONTAINER_THINPOOL=docker-lv1 |
|
||||
DEVS=/dev/sdb |
|
||||
VG=docker |
|
||||
@ -1,7 +0,0 @@ |
|||||
label: dos |
|
||||
unit: sectors |
|
||||
|
|
||||
start= 2048, size= 41940992, Id=8e |
|
||||
start= 0, size= 0, Id= 0 |
|
||||
start= 0, size= 0, Id= 0 |
|
||||
start= 0, size= 0, Id= 0 |
|
||||
@ -1,36 +0,0 @@ |
|||||
--- |
|
||||
|
|
||||
- name: Install dnsmasq |
|
||||
yum: name=dnsmasq state=installed |
|
||||
when: "'admin' in group_names" # Only on admin server |
|
||||
tags: rpm |
|
||||
|
|
||||
- name: Set dnsmasq config |
|
||||
template: src=dnsmasq.conf dest=/etc/dnsmasq.conf |
|
||||
when: "'admin' in group_names" # Only on admin server |
|
||||
tags: config |
|
||||
|
|
||||
- name: Generate an /etc/hosts with all hosts |
|
||||
template: dest=/etc/hosts.dnsmasq src=hosts |
|
||||
when: "'admin' in group_names" # Only on admin server |
|
||||
tags: config |
|
||||
|
|
||||
- name: Make sure dnsmasq daemon is enabled and started |
|
||||
service: name=dnsmasq state=started enabled=yes |
|
||||
when: "'admin' in group_names" # Only on admin server |
|
||||
tags: config |
|
||||
|
|
||||
- name: Add an iptable rule to allow DNS queries from other hosts |
|
||||
lineinfile: dest=/etc/sysconfig/iptables line="-A INPUT -p udp --dport 53 -j ACCEPT" insertafter="-A INPUT -i lo -j ACCEPT" |
|
||||
when: "'admin' in group_names" # Only on admin server |
|
||||
tags: iptables |
|
||||
|
|
||||
- name: Restart iptables |
|
||||
service: name=iptables enabled=yes state=restarted |
|
||||
when: "'admin' in group_names" # Only on admin server |
|
||||
tags: iptables |
|
||||
|
|
||||
- name: Fix the /etc/resolv.conf of other hosts |
|
||||
template: dest=/etc/resolv.conf src=resolv.conf |
|
||||
when: "'admin' not in group_names" # On all other nodes |
|
||||
tags: config |
|
||||
@ -1,28 +0,0 @@ |
|||||
# {{ ansible_managed }} |
|
||||
|
|
||||
domain-needed |
|
||||
bogus-priv |
|
||||
expand-hosts |
|
||||
log-queries |
|
||||
local-ttl=60 |
|
||||
|
|
||||
# Do not read the default /etc/hosts |
|
||||
no-hosts |
|
||||
|
|
||||
# But read this one... |
|
||||
addn-hosts=/etc/hosts.dnsmasq |
|
||||
|
|
||||
# Default suffix for all machines |
|
||||
domain={{ dns_suffix }} |
|
||||
|
|
||||
# |
|
||||
# Wildcard DNS entries (see openshift_cluster_dns variable) |
|
||||
# |
|
||||
# note: will generate something like this : |
|
||||
# address=/app.openshift.test/192.168.23.20 |
|
||||
# |
|
||||
{% for item in groups['nodes'] %} |
|
||||
{% if 'onlyforinfra' in hostvars[item] %} |
|
||||
address=/{{openshift_cluster_dns}}/{{ hostvars[item]['ansible_default_ipv4']['address'] }} |
|
||||
{% endif %} |
|
||||
{% endfor %} |
|
||||
@ -1,5 +0,0 @@ |
|||||
# {{ ansible_managed }} |
|
||||
|
|
||||
{% for item in groups['lab'] %} |
|
||||
{{ hostvars[item]['ansible_default_ipv4']['address'] }} {{ hostvars[item]['inventory_hostname']}} {{ hostvars[item]['inventory_hostname_short']}} |
|
||||
{% endfor %} |
|
||||
@ -1,4 +0,0 @@ |
|||||
search {{ dns_suffix }} |
|
||||
{% for item in groups['admin'] %} |
|
||||
nameserver {{ hostvars[item]['ansible_default_ipv4']['address'] }} |
|
||||
{% endfor %} |
|
||||
@ -1,36 +0,0 @@ |
|||||
--- |
|
||||
|
|
||||
- name: Make sure nfs-utils is installed |
|
||||
yum: name=nfs-utils state=installed |
|
||||
|
|
||||
- name: set virt_use_nfs to 1 |
|
||||
command: setsebool -P virt_use_nfs 1 |
|
||||
|
|
||||
- name: Create a directory for NFS storage |
|
||||
file: path=/openshift-storage state=directory owner=nfsnobody group=nfsnobody mode=0777 |
|
||||
|
|
||||
- name: Fill /etc/exports |
|
||||
template: dest=/etc/exports src=exports |
|
||||
|
|
||||
- name: Start nfs-server |
|
||||
service: name=nfs-server state=started enabled=yes |
|
||||
|
|
||||
- name: Add an iptable rule to allow port 2049 (tcp) from other hosts |
|
||||
lineinfile: dest=/etc/sysconfig/iptables regexp="^-A INPUT -p tcp .*--dport 2049" line="-A INPUT -p tcp -m state --state NEW -m tcp --dport 2049 -j ACCEPT" insertafter="-A INPUT -i lo -j ACCEPT" |
|
||||
tags: iptables |
|
||||
|
|
||||
- name: Add an iptable rule to allow port 2049 (udp) from other hosts |
|
||||
lineinfile: dest=/etc/sysconfig/iptables line="-A INPUT -p udp --dport 2049 -j ACCEPT" insertafter="-A INPUT -i lo -j ACCEPT" |
|
||||
tags: iptables |
|
||||
|
|
||||
- name: Add an iptable rule to allow port 111 (tcp) from other hosts |
|
||||
lineinfile: dest=/etc/sysconfig/iptables regexp="^-A INPUT -p tcp .*--dport 111" line="-A INPUT -p tcp -m state --state NEW -m tcp --dport 111 -j ACCEPT" insertafter="-A INPUT -i lo -j ACCEPT" |
|
||||
tags: iptables |
|
||||
|
|
||||
- name: Add an iptable rule to allow port 111 (udp) from other hosts |
|
||||
lineinfile: dest=/etc/sysconfig/iptables line="-A INPUT -p udp --dport 111 -j ACCEPT" insertafter="-A INPUT -i lo -j ACCEPT" |
|
||||
tags: iptables |
|
||||
|
|
||||
- name: Restart iptables |
|
||||
service: name=iptables enabled=yes state=restarted |
|
||||
tags: iptables |
|
||||
@ -1 +0,0 @@ |
|||||
/openshift-storage *(rw,all_squash) |
|
||||
@ -1,7 +0,0 @@ |
|||||
--- |
|
||||
|
|
||||
- name: Fill-in the ansible inventory file on the admin server |
|
||||
template: src=ansible-hosts dest=/etc/ansible/hosts |
|
||||
|
|
||||
- name: Run the OpenShift installation playbook |
|
||||
fail: msg="run 'ansible-playbook /usr/share/ansible/openshift-ansible/playbooks/byo/config.yml' on the admin node" |
|
||||
@ -1,55 +0,0 @@ |
|||||
[OSEv3:children] |
|
||||
masters |
|
||||
nodes |
|
||||
nfs |
|
||||
|
|
||||
[OSEv3:vars] |
|
||||
ansible_ssh_user=redhat |
|
||||
ansible_become=yes # Use SUDO |
|
||||
deployment_type=openshift-enterprise |
|
||||
openshift_release={{ openshift_version }} |
|
||||
|
|
||||
openshift_master_cluster_method=native |
|
||||
openshift_master_cluster_hostname={{ hostvars[groups['masters'][0]]['inventory_hostname'] }} |
|
||||
openshift_master_cluster_public_hostname={{ hostvars[groups['masters'][0]]['inventory_hostname'] }} |
|
||||
|
|
||||
os_sdn_network_plugin_name='redhat/openshift-ovs-multitenant' |
|
||||
|
|
||||
openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', 'filename': '/etc/origin/master/htpasswd'}] |
|
||||
#openshift_master_htpasswd_users={'andrew': '$apr1$cHkRDw5u$eU/ENgeCdo/ADmHF7SZhP/', 'marina': '$apr1$cHkRDw5u$eU/ENgeCdo/ADmHF7SZhP/' |
|
||||
|
|
||||
# default project node selector |
|
||||
osm_default_node_selector='region=primary' |
|
||||
openshift_hosted_router_selector='region=infra' |
|
||||
openshift_hosted_router_replicas=1 |
|
||||
#openshift_hosted_router_certificate={"certfile": "/path/to/router.crt", "keyfile": "/path/to/router.key", "cafile": "/path/to/router-ca.crt"} |
|
||||
openshift_hosted_registry_selector='region=infra' |
|
||||
openshift_hosted_registry_replicas=1 |
|
||||
|
|
||||
openshift_master_default_subdomain={{ openshift_cluster_dns }} |
|
||||
|
|
||||
#openshift_use_dnsmasq=False |
|
||||
#openshift_node_dnsmasq_additional_config_file=/home/bob/ose-dnsmasq.conf |
|
||||
|
|
||||
openshift_hosted_registry_storage_kind=nfs |
|
||||
openshift_hosted_registry_storage_access_modes=['ReadWriteMany'] |
|
||||
openshift_hosted_registry_storage_host={{ hostvars[groups['admin'][0]]['inventory_hostname'] }} |
|
||||
openshift_hosted_registry_storage_nfs_directory=/openshift-storage |
|
||||
openshift_hosted_registry_storage_volume_name=registry |
|
||||
openshift_hosted_registry_storage_volume_size=5Gi |
|
||||
|
|
||||
[nfs] |
|
||||
{{ hostvars[groups['admin'][0]]['inventory_hostname'] }} |
|
||||
|
|
||||
[masters] |
|
||||
{% for item in groups['masters'] %} |
|
||||
{{ hostvars[item]['inventory_hostname'] }} openshift_hostname={{ hostvars[item]['inventory_hostname'] }} openshift_public_hostname={{ hostvars[item]['inventory_hostname'] }} |
|
||||
{% endfor %} |
|
||||
|
|
||||
[nodes] |
|
||||
{% for item in groups['masters'] %} |
|
||||
{{ hostvars[item]['inventory_hostname'] }} openshift_hostname={{ hostvars[item]['inventory_hostname'] }} openshift_public_hostname={{ hostvars[item]['inventory_hostname'] }} openshift_node_labels="{'region': '{{ hostvars[item]['region'] }}'}" |
|
||||
{% endfor %} |
|
||||
{% for item in groups['nodes'] %} |
|
||||
{{ hostvars[item]['inventory_hostname'] }} openshift_hostname={{ hostvars[item]['inventory_hostname'] }} openshift_public_hostname={{ hostvars[item]['inventory_hostname'] }} openshift_node_labels="{'region': '{{ hostvars[item]['region'] }}', 'zone': '{{ hostvars[item]['zone'] }}'}" |
|
||||
{% endfor %} |
|
||||
@ -1,36 +0,0 @@ |
|||||
--- |
|
||||
|
|
||||
- name: Make sure infra pods runs in the infra region |
|
||||
become: no |
|
||||
command: oc annotate namespace default openshift.io/node-selector='region=infra' --overwrite |
|
||||
|
|
||||
- name: Make sure the httpd-tools package is installed (we need htpasswd) |
|
||||
yum: name=httpd-tools state=installed |
|
||||
|
|
||||
- name: Create a few test users |
|
||||
command: htpasswd -b /etc/origin/master/htpasswd {{ item.login }} {{ item.password }} |
|
||||
with_items: |
|
||||
- { login: andrew, password: andrew } |
|
||||
- { login: marina, password: marina } |
|
||||
|
|
||||
- name: Recreate the default router certificate |
|
||||
command: oadm ca create-server-cert --signer-cert=/etc/origin/master/ca.crt --signer-key=/etc/origin/master/ca.key --signer-serial=/etc/origin/master/ca.serial.txt --hostnames='*.{{ openshift_cluster_dns }}' --cert=/home/{{ ansible_ssh_user }}/cloudapps.crt --key=/home/{{ ansible_ssh_user }}/cloudapps.key |
|
||||
|
|
||||
- name: Build the certificate + key bundle |
|
||||
shell: cat /home/{{ ansible_ssh_user }}/cloudapps.crt /home/{{ ansible_ssh_user }}/cloudapps.key /etc/origin/master/ca.crt > /home/{{ ansible_ssh_user }}/cloudapps.pem |
|
||||
|
|
||||
- name: Destroy the existing router |
|
||||
command: oc delete dc/router svc/router |
|
||||
become: no |
|
||||
|
|
||||
- name: Deploy the new router |
|
||||
command: oadm router customrouter --replicas=1 --default-cert=/home/{{ ansible_ssh_user }}/cloudapps.pem --service-account=router --stats-password='{{ router_stats_password }}' |
|
||||
become: no |
|
||||
|
|
||||
- name: Ship the PV creation script |
|
||||
template: src=create-pv.sh dest=/home/{{ ansible_ssh_user }}/create-pv.sh mode=0755 |
|
||||
become: no |
|
||||
|
|
||||
- name: Run the PV creation script |
|
||||
command: /home/{{ ansible_ssh_user }}/create-pv.sh |
|
||||
become: no |
|
||||
@ -1,28 +0,0 @@ |
|||||
#!/bin/sh |
|
||||
|
|
||||
mkdir -p "$HOME/pvs/" |
|
||||
|
|
||||
for size in 1Gi 5Gi 10Gi; do |
|
||||
for volume in pv{1..25} ; do |
|
||||
cat << EOF > $HOME/pvs/pv-${size}-${volume}.json |
|
||||
{ |
|
||||
"apiVersion": "v1", |
|
||||
"kind": "PersistentVolume", |
|
||||
"metadata": { |
|
||||
"name": "${volume}" |
|
||||
}, |
|
||||
"spec": { |
|
||||
"capacity": { |
|
||||
"storage": "${size}" |
|
||||
}, |
|
||||
"accessModes": [ "ReadWriteOnce" ], |
|
||||
"nfs": { |
|
||||
"path": "/openshift-storage/pv-${size}-${volume}", |
|
||||
"server": "{{ hostvars[groups['admin'][0]]['ansible_default_ipv4']['address'] }}" |
|
||||
}, |
|
||||
"persistentVolumeReclaimPolicy": "Recycle" |
|
||||
} |
|
||||
} |
|
||||
EOF |
|
||||
done |
|
||||
done |
|
||||
@ -1,103 +0,0 @@ |
|||||
--- |
|
||||
|
|
||||
- name: This module has only been tested on RHEL 7.3 x64 |
|
||||
assert: |
|
||||
that: |
|
||||
- "ansible_userspace_bits == '64'" |
|
||||
- "ansible_os_family == 'RedHat'" |
|
||||
- "ansible_distribution_version == '7.3'" |
|
||||
|
|
||||
- name: First, disable any repos (using subscription-manager) |
|
||||
command: subscription-manager repos --disable="*" |
|
||||
tags: rpm |
|
||||
|
|
||||
- name: Make sure mandatory repos are enabled |
|
||||
command: subscription-manager repos --enable {{ item }} |
|
||||
with_items: |
|
||||
- rhel-7-server-rpms |
|
||||
- rhel-7-server-optional-rpms |
|
||||
- rhel-7-server-extras-rpms |
|
||||
- rhel-7-server-ose-{{ openshift_version }}-rpms |
|
||||
tags: rpm |
|
||||
|
|
||||
- name: Install wget |
|
||||
yum: name=wget state=installed |
|
||||
when: "'admin' in group_names" # Only on admin server |
|
||||
tags: rpm |
|
||||
|
|
||||
- name: Install bridge-utils |
|
||||
yum: name=bridge-utils state=installed |
|
||||
when: "'admin' in group_names" # Only on admin server |
|
||||
tags: rpm |
|
||||
|
|
||||
- name: Install nfs-utils |
|
||||
yum: name=nfs-utils state=installed |
|
||||
tags: rpm |
|
||||
|
|
||||
- name: Install bash-completion |
|
||||
yum: name=bash-completion state=installed |
|
||||
when: "'admin' in group_names or 'masters' in group_names" # Only on admin or master server |
|
||||
tags: rpm |
|
||||
|
|
||||
- name: Install NetworkManager |
|
||||
yum: name=NetworkManager state=installed |
|
||||
tags: rpm |
|
||||
|
|
||||
- name: Install GIT |
|
||||
yum: name=git state=installed |
|
||||
when: "'admin' in group_names" # Only on admin server |
|
||||
tags: rpm |
|
||||
|
|
||||
- name: Install net-tools |
|
||||
yum: name=net-tools state=installed |
|
||||
tags: rpm |
|
||||
|
|
||||
- name: Install bind-utils |
|
||||
yum: name=bind-utils state=installed |
|
||||
tags: rpm |
|
||||
|
|
||||
- name: Install iptables-services |
|
||||
yum: name=iptables-services state=installed |
|
||||
tags: rpm |
|
||||
|
|
||||
- name: Disable firewalld |
|
||||
service: name=firewalld state=stopped enabled=no |
|
||||
|
|
||||
- name: Enable iptables |
|
||||
service: name=iptables state=started enabled=yes |
|
||||
|
|
||||
- name: Check for existing SSH Private Key on the admin server |
|
||||
stat: path=/home/{{ ansible_ssh_user }}/.ssh/id_rsa |
|
||||
register: key |
|
||||
when: "'admin' in group_names" # Only on admin server |
|
||||
tags: ssh-key |
|
||||
|
|
||||
- name: Generate an SSH Private Key on the admin server |
|
||||
command: ssh-keygen -t rsa -b 2048 -f /home/{{ ansible_ssh_user }}/.ssh/id_rsa -q -N '' |
|
||||
become_user: "{{ ansible_ssh_user }}" |
|
||||
when: "'admin' in group_names and key.stat.exists == False" # Only on admin server and if key does not exists |
|
||||
tags: ssh-key |
|
||||
|
|
||||
- name: Fetch the SSH Public Key of the admin server |
|
||||
fetch: src=/home/{{ ansible_ssh_user }}/.ssh/id_rsa.pub dest="{{ basedir }}/admin.pub" flat=yes |
|
||||
when: "'admin' in group_names" # Only on admin server |
|
||||
tags: ssh-key |
|
||||
|
|
||||
- name: Add SSH Public key of the admin server to the authorized_keys of each server (including the admin server) |
|
||||
authorized_key: |
|
||||
key: "{{ lookup('file', basedir + '/admin.pub' ) }}" |
|
||||
user: "{{ ansible_ssh_user }}" |
|
||||
state: present |
|
||||
tags: ssh-key |
|
||||
|
|
||||
- name: pre-authorize all ssh keys of the other machines |
|
||||
command: ssh -o StrictHostKeyChecking=no {{ item }} /bin/true |
|
||||
become: no # need to run the ssh command as user "redhat" |
|
||||
with_items: "{{ groups['lab'] }}" |
|
||||
when: "'admin' in group_names" # Only on admin server |
|
||||
tags: ssh-key |
|
||||
|
|
||||
- name: Install atomic-openshift-utils (only on the admin node) |
|
||||
yum: name=atomic-openshift-utils state=installed |
|
||||
when: "'admin' in group_names" # Only on admin server |
|
||||
tags: rpm |
|
||||
@ -1,23 +0,0 @@ |
|||||
--- |
|
||||
- name: This module should only work on RHEL |
|
||||
assert: |
|
||||
that: |
|
||||
- "ansible_os_family == 'RedHat'" |
|
||||
|
|
||||
- name: Register this system on RHN |
|
||||
redhat_subscription: |
|
||||
state: present |
|
||||
username: "{{ lookup('env','RHN_LOGIN') }}" |
|
||||
password: "{{ lookup('env','RHN_PASSWORD') }}" |
|
||||
consumer_name: "{{ inventory_hostname }}" |
|
||||
autosubscribe: false |
|
||||
tags: rhn |
|
||||
|
|
||||
# |
|
||||
# To know which Pool ID you can use, run the following command on a registered host : |
|
||||
# |
|
||||
# sudo subscription-manager list --available --matches '*OpenShift*' |
|
||||
# |
|
||||
- name: Attach the correct pool id to the new subscription |
|
||||
command: subscription-manager attach --pool={{ lookup('env','RHN_POOLID') }} |
|
||||
tags: rhn |
|
||||
@ -1,22 +0,0 @@ |
|||||
--- |
|
||||
|
|
||||
- name: Bootstrap one or more RHEL7 nodes |
|
||||
hosts: bootstrap |
|
||||
become: no |
|
||||
roles: |
|
||||
- bootstrap |
|
||||
- register-rhn |
|
||||
|
|
||||
- name: Install the required package for an OpenShift Lab |
|
||||
hosts: lab |
|
||||
become: yes |
|
||||
vars: |
|
||||
- basedir: "{{ lookup('env', 'BASEDIR') }}" |
|
||||
roles: |
|
||||
- { role: base } |
|
||||
- { role: openshift-prereq } |
|
||||
- { role: name-resolution } |
|
||||
- { role: docker, when: "'admin' not in group_names" } |
|
||||
- { role: nfs, when: "'admin' in group_names" } |
|
||||
- { role: openshift-install, when: "'admin' in group_names" } |
|
||||
- { role: openshift-postinstall, when: "'masters' in group_names" } |
|
||||
Loading…
Reference in new issue