ansible/configs/ocp4-cluster/default_vars.yml
@@ -161,12 +161,12 @@ # Example configuration variables for default workloads. # Set in the configuration that requests workloads # instance types need to be set in default_vars_{{ cloudprovider }} # _infra_node_replicas: 1 # _infra_node_instance_type: "4c16g30d" # _logging_use_infra_nodes: True # _logging_elasticsearch_replicas: "{{ _infra_node_replicas }}" # _logging_wait_for_deployment: False # _opentlc_production_remove_self_provisioner: False # _infra_node_elasticsearch_nodes: true # _infra_node_elasticsearch_replicas: 1 # _logging_use_dedicated_nodes: "elasticsearch" # _logging_elasticsearch_replicas: "{{ _infra_node_elasticsearch_replicas }}" # --------------------------------------------------------------- # Authentication Variables (if workload ocp4-workload-authentication is run) ansible/configs/ocp4-cluster/default_vars_osp.yml
@@ -187,3 +187,6 @@ # Worker Instance Type worker_instance_type: 4c16g30d # Instance Types for Infra Nodes and Elasticsearch Nodes # _infra_node_instance_type: "4c16g30d" # _infra_node_elasticsearch_instance_type: "4c16g30d" ansible/configs/ocp4-cluster/destroy_env.yml
@@ -17,7 +17,7 @@ - name: Remove DNS entry for OpenShift API and ingress nsupdate: server: "{{ osp_cluster_dns_server }}" zone: "{{ cluster_dns_zone }}" zone: "{{ osp_cluster_dns_zone }}" record: "{{ item }}.{{ guid }}" type: A key_name: "{{ ddns_key_name }}" ansible/configs/ocp4-cluster/files/cloud_providers/osp_cloud_template_master.j2
@@ -24,7 +24,7 @@ user: { get_resource: {{ guid }}-project_user } roles: - {project: {{ osp_project_name }}, role: _member_ } {% if ocp4_installer_version | version_compare('4.4.0', '<') %} {% if ocp4_installer_version is version_compare('4.4.0', '<') %} - {project: {{ osp_project_name }}, role: swiftoperator } {% endif %} depends_on: ansible/configs/ocp4-cluster/post_infra.yml
@@ -5,51 +5,44 @@ tags: - step002 - post_infrastructure environment: OS_AUTH_URL: "{{ osp_auth_url }}" OS_USERNAME: "{{ osp_auth_username }}" OS_PASSWORD: "{{ osp_auth_password }}" OS_PROJECT_NAME: "{{ osp_project_name }}" OS_PROJECT_DOMAIN_ID: "{{ osp_auth_project_domain }}" OS_USER_DOMAIN_NAME: "{{ osp_auth_user_domain }}" tasks: - name: OpenShift Floating IPs on OpenStack include_role: name: ocp-infra-osp-fip when: cloud_provider == 'osp' - name: OpenStack Post Infrastructure when: cloud_provider is match("osp") environment: OS_AUTH_URL: "{{ osp_auth_url }}" OS_USERNAME: "{{ osp_auth_username }}" OS_PASSWORD: "{{ osp_auth_password }}" OS_PROJECT_NAME: "{{ osp_project_name }}" OS_PROJECT_DOMAIN_ID: "{{ osp_auth_project_domain }}" OS_USER_DOMAIN_NAME: "{{ osp_auth_user_domain }}" block: - name: OpenShift Floating IPs on OpenStack include_role: name: ocp-infra-osp-fip - name: Step 002.1 hosts: localhost connection: local become: false tags: - step002.1 - post_infrastructure tasks: - name: Set FQDN for the bastion VM set_fact: rhel_remote_host: "{{item.fqdns|d(item.publicIps)|d('')}}" with_items: "{{vm_list}}" when: - cloud_provider == 'azure' - item.name == 'bastion' - name: Set FQDN for each Windows VM set_fact: windows_remote_hosts: "" - name: Set FQDN for each Windows VM set_fact: windows_remote_hosts: "{{item.fqdns|d(item.publicIps)|d('')}},{{windows_remote_hosts}}" with_items: "{{vm_list}}" when: - cloud_provider == 'azure' - item.name is match ('vmwin*') - name: Print Host Information debug: msg: "{{ item }}" with_items: - name: Azure Post Infrastructure when: cloud_provider is match("azure") block: - name: Set FQDN for the bastion VM when: item.name is match('bastion') set_fact: rhel_remote_host: "{{item.fqdns|d(item.publicIps)|d('')}}" with_items: "{{vm_list}}" - name: Set FQDN for each Windows VM set_fact: windows_remote_hosts: "" - name: Set FQDN for each Windows VM when: item.name is match ('vmwin*') set_fact: windows_remote_hosts: "{{item.fqdns|d(item.publicIps)|d('')}},{{windows_remote_hosts}}" with_items: "{{vm_list}}" - name: Print Host Information debug: msg: "{{ item }}" with_items: - "user.info: Remote User: {{ remote_user }}" - "user.info: RHEL Bastion Host: {{ rhel_remote_host }}" - "user.info: Windows Host(s): {{ windows_remote_hosts }}" - "user.info: Windows Password: {{ windows_password }}" when: cloud_provider == 'azure' ansible/configs/ocp4-workshop/env_vars.yml
@@ -129,12 +129,15 @@ # when deleting the software or infrastructure remove_workloads: [] # Variables for default workloads. Ultimately these will be parameters to the workloads but for now they are global _infra_node_replicas: 1 _infra_node_instance_type: "m4.4xlarge" _logging_use_infra_nodes: True _logging_elasticsearch_replicas: "{{ _infra_node_replicas }}" _logging_wait_for_deployment: False # Variables for workloads (like Infra Nodes / Logging / ...) # _infra_node_replicas: 1 # _infra_node_instance_type: "m5.2xlarge" # _infra_node_elasticsearch_nodes: true # _infra_node_elasticsearch_instance_type: "m5.4xlarge" # _infra_node_elasticsearch_replicas: 1 # _logging_use_dedicated_nodes: "elasticsearch" # _logging_elasticsearch_replicas: "{{ _infra_node_elasticsearch_replicas }}" _opentlc_production_remove_self_provisioner: False ansible/roles/host-ocp4-provisioner/tasks/osp_prereqs.yml
@@ -75,7 +75,7 @@ mode: 0744 - name: Set OpenStack Object Store Account when: ocp4_installer_version | version_compare('4.4.0', '<') when: ocp4_installer_version is version_compare('4.4.0', '<') command: >- openstack --os-cloud={{ osp_cloud_name }} object store account set --property Temp-URL-Key=somename ansible/roles/infra-osp-create-inventory/tasks/main.yml
@@ -1,73 +1,77 @@ --- # [DEPRECATION WARNING]: The TRANSFORM_INVALID_GROUP_CHARS settings is set to allow bad characters in group names by default, this will change, but still be user configurable on deprecation. This feature # will be removed in version 2.10. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg. #[WARNING]: Invalid characters were found in group names but not replaced, use -vvvv to see details - set_fact: _name_selector: name - set_fact: stack_tag: "{{env_type | replace('-', '_')}}_{{guid}}" tags: - create_inventory - must - create_inventory - must # Find the bastion - name: Find the bastion in this batch of host set_fact: local_bastion: "{{ server | json_query(_name_selector) | default(server.name) }}" when: - server.status != 'terminated' - '"bastions" in server.metadata.AnsibleGroup | default("")' - server.status != 'terminated' - '"bastions" in server.metadata.AnsibleGroup | default("")' loop: "{{ r_osp_facts.ansible_facts.openstack_servers }}" loop_control: label: "{{ server | json_query(_name_selector) | default(server.name) }}" loop_var: server ignore_errors: yes tags: - create_inventory - must - create_inventory - must - when: server.status != 'terminated' block: - name: Add hosts to inventory add_host: name: "{{ server | json_query(_name_selector) | default(server.name) }}" original_name: "{{ server.name }}" groups: #TODO: remove thos tag_* - "tag_Project_{{stack_tag}}" - "tag_{{ stack_tag}} | default('unknowns') }}" - "{{ server.metadata.ostype | default('unknowns') }}" ansible_user: "{{ ansible_user }}" remote_user: "{{ remote_user }}" # ansible_ssh_private_key_file: "{{item['key_name']}}" # key_name: "{{item['key_name']}}" state: "{{ server.status }}" instance_id: "{{ server.id }}" isolated: "{{ server.metadata.isolated | default(false) }}" # private_dns_name: "{{item['private_dns_name']}}" private_ip_address: "{{ server.private_v4 }}" public_ip_address: "{{ server.public_v4 | default('') }}" image_id: "{{ server.image.id | default('') }}" ansible_ssh_extra_args: "-o StrictHostKeyChecking=no" ansible_python_interpreter: "{{ server.metadata.ansible_python_interpreter | default(omit) }}" bastion: "{{ local_bastion | default('') }}" loop: "{{ r_osp_facts.ansible_facts.openstack_servers }}" loop_control: label: "{{ server | json_query(_name_selector) | default(server.name) }}" loop_var: server tags: - create_inventory - must - name: Add hosts to inventory add_host: name: "{{ server | json_query(_name_selector) | default(server.name) }}" original_name: "{{ server.name }}" groups: #TODO: remove thos tag_* - "tag_Project_{{stack_tag}}" - "tag_{{ stack_tag}} | default('unknowns') }}" - "{{ server.metadata.ostype | default('unknowns') }}" ansible_user: "{{ ansible_user }}" remote_user: "{{ remote_user }}" # ansible_ssh_private_key_file: "{{item['key_name']}}" # key_name: "{{item['key_name']}}" state: "{{ server.status }}" instance_id: "{{ server.id }}" isolated: "{{ server.metadata.isolated | default(false) }}" # private_dns_name: "{{item['private_dns_name']}}" private_ip_address: "{{ server.private_v4 }}" public_ip_address: "{{ server.public_v4 | default('') }}" image_id: "{{ server.image.id | default('') }}" ansible_ssh_extra_args: "-o StrictHostKeyChecking=no" ansible_python_interpreter: "{{ server.metadata.ansible_python_interpreter | default(omit) }}" bastion: "{{ local_bastion | default('') }}" loop: "{{ r_osp_facts.ansible_facts.openstack_servers }}" loop_control: label: "{{ server | json_query(_name_selector) | default(server.name) }}" loop_var: server tags: - create_inventory - must - add_host: name: "{{ server | json_query(_name_selector) | default(server.name) }}" groups: "{{ server.metadata.AnsibleGroup }}" loop: "{{ r_osp_facts.ansible_facts.openstack_servers }}" loop_control: label: "{{ server | json_query(_name_selector) | default(server.name) }}" loop_var: server when: server.metadata.AnsibleGroup | default('') != '' tags: - create_inventory - must - add_host: name: "{{ server | json_query(_name_selector) | default(server.name) }}" groups: "{{ server.metadata.AnsibleGroup }}" loop: "{{ r_osp_facts.ansible_facts.openstack_servers }}" loop_control: label: "{{ server | json_query(_name_selector) | default(server.name) }}" loop_var: server when: server.metadata.AnsibleGroup | default('') != '' tags: - create_inventory - must - name: Make sure bastion has public DNS name defined add_host: ansible/roles/ocp-infra-osp-fip/tasks/main.yml
@@ -1,51 +1,39 @@ --- ## Mapping Floating IPs to DNS for OCP 4 on OSP # Mapping Floating IPs to DNS for OCP 4 on OSP - name: Role which maps fip to DNS for OCP 4 on OSP hosts: localhost connection: local become: false environment: OS_AUTH_URL: "{{ osp_auth_url }}" OS_USERNAME: "{{ osp_auth_username }}" OS_PASSWORD: "{{ osp_auth_password }}" OS_PROJECT_NAME: "{{ osp_project_name }}" OS_PROJECT_DOMAIN_ID: "{{ osp_auth_project_domain }}" OS_USER_DOMAIN_NAME: "{{ osp_auth_user_domain }}" tasks: - name: Create DNS entries for OpenShift FIPs debug: msg: Currently using {{ osp_cluster_dns_zone }} on server {{ osp_cluster_dns_server }} when: openshift_fip_provision - name: Create DNS entries for OpenShift FIPs debug: msg: Currently using {{ osp_cluster_dns_zone }} on server {{ osp_cluster_dns_server }} when: openshift_fip_provision - set_fact: ocp_api_fip: "{{ hot_outputs | json_query(query) }}" vars: query: "outputs[?@.output_key=='ocp_api_fip'].output_value|[0]" when: openshift_fip_provision - set_fact: ocp_api_fip: "{{ hot_outputs | json_query(query) }}" vars: query: "outputs[?@.output_key=='ocp_api_fip'].output_value|[0]" when: openshift_fip_provision - set_fact: ocp_ingress_fip: "{{ hot_outputs | json_query(query) }}" vars: query: "outputs[?@.output_key=='ocp_ingress_fip'].output_value|[0]" when: openshift_fip_provision - set_fact: ocp_ingress_fip: "{{ hot_outputs | json_query(query) }}" vars: query: "outputs[?@.output_key=='ocp_ingress_fip'].output_value|[0]" when: openshift_fip_provision - name: Add DNS entry for OpenShift API and ingress nsupdate: server: "{{ osp_cluster_dns_server }}" zone: "{{ osp_cluster_dns_zone }}" record: "{{ item.dns }}.{{ guid }}" type: A ttl: 5 value: "{{ item.name }}" key_name: "{{ ddns_key_name }}" key_secret: "{{ ddns_key_secret }}" loop: - name: "{{ ocp_api_fip }}" dns: "api" - name: "{{ ocp_ingress_fip }}" dns: "*.apps" loop_control: label: item.name when: openshift_fip_provision - name: Add DNS entry for OpenShift API and ingress nsupdate: server: "{{ osp_cluster_dns_server }}" zone: "{{ osp_cluster_dns_zone }}" record: "{{ item.dns }}.{{ guid }}" type: A ttl: 5 value: "{{ item.name }}" key_name: "{{ ddns_key_name }}" key_secret: "{{ ddns_key_secret }}" loop: - name: "{{ ocp_api_fip }}" dns: "api" - name: "{{ ocp_ingress_fip }}" dns: "*.apps" loop_control: label: item.name when: openshift_fip_provision ansible/roles/ocp4-workload-infra-nodes/defaults/main.yml
@@ -5,9 +5,15 @@ _infra_node_replicas: 1 _infra_node_instance_type: m5.4xlarge _infra_node_autoscale: false _infra_node_replicas_min: 1 _infra_node_replicas_max: 3 # Create separate Elasticsearch Nodes # When false only Infranodes will be created _infra_node_elasticsearch_nodes: false _infra_node_elasticsearch_replicas: 1 _infra_node_elasticsearch_instance_type: m5.4xlarge _infra_node_elasticsearch_instance_type: m5.4xlarge _infra_node_elasticsearch_autoscale: false _infra_node_elasticsearch_replicas_min: 1 _infra_node_elasticsearch_replicas_max: 3 ansible/roles/ocp4-workload-infra-nodes/tasks/workload.yml
@@ -9,6 +9,9 @@ taint: infra instance_type: "{{ _infra_node_instance_type }}" total_replicas: "{{ _infra_node_replicas }}" autoscale: "{{ _infra_node_autoscale }}" total_replicas_min: "{{ _infra_node_replicas_min }}" total_replicas_max: "{{ _infra_node_replicas_max }}" - name: Configure OCP4 Elasticsearch machinesets when: _infra_node_elasticsearch_nodes | d(False) | bool @@ -21,6 +24,9 @@ taint: elasticsearch instance_type: "{{ _infra_node_elasticsearch_instance_type }}" total_replicas: "{{ _infra_node_elasticsearch_replicas }}" autoscale: "{{ _infra_node_elasticsearch_autoscale }}" total_replicas_min: "{{ _infra_node_elasticsearch_replicas_min }}" total_replicas_max: "{{ _infra_node_elasticsearch_replicas_max }}" - name: Wait for Infra Nodes to be available k8s_facts: ansible/roles/ocp4_machineset_config/tasks/machineset-group-aws.yml
@@ -2,7 +2,7 @@ - name: Define {{ machineset_group.name }} machinesets k8s: state: present definition: "{{ lookup('template', 'aws-machineset.yml.j2') | from_yaml }}" definition: "{{ lookup('template', 'machineset-aws.j2') | from_yaml }}" # Iterate through availability zones in reverse order as it makes the math # easier to scale zone "a" before "b" to match expected behavior. loop: "{{ aws_worker_availability_zones[::-1] }}" ansible/roles/ocp4_machineset_config/tasks/machineset-group-openstack.yml
New file @@ -0,0 +1,35 @@ --- # WK Note: The GPTE OpenStack Environments do not have availability Zones or Regions # This means there is only one default MachineSet after an IPI installation # Therefore the whole loop logic that is done in the AWS machineset tasks is # not necessary on OSP. So we create just one Machineset for each MachinesetGroup # NB: The way this role is called there is always just one MachinesetGroup - name: Define {{ machineset_group.name }} MachineSets k8s: state: present definition: "{{ lookup('template', 'machineset-openstack.j2') | from_yaml }}" vars: osp_instance_type: >- {{ machineset_group.instance_type | default(default_osp_instance_type) }} machineset_name: >- {{ [cluster_label, machineset_group.name] | join('-') }} machineset_group_node_labels: >- {{ machineset_group.node_labels | default({'node-role.kubernetes.io/' + machineset_group.role: ''} if machineset_group.role|default(False) else {}) }} machineset_replicas: >- {{ machineset_group.total_replicas }} - name: Define {{ machineset_group.name }} MachineAutoscalers when: machineset_group.autoscale | default(False) | bool k8s: state: present definition: "{{ lookup('template', 'machineautoscaler.yml.j2') | from_yaml }}" vars: machineset_name: >- {{ [cluster_label, machineset_group.name] | join('-') }} machineset_min_replicas: >- {{ machineset_group.total_replicas_min|default(0) | int }} machineset_max_replicas: >- {{ machineset_group.total_replicas_max|default(10) | int }} ansible/roles/ocp4_machineset_config/tasks/machineset-group-osp.yml
File was deleted ansible/roles/ocp4_machineset_config/tasks/machineset-openstack.yml
New file @@ -0,0 +1,20 @@ --- - name: Define custom machinesets include_tasks: machineset-group-openstack.yml loop: "{{ ocp4_machineset_config_groups }}" loop_control: label: "{{ machineset_group.name }}" loop_var: machineset_group vars: osp_image: >- {{ reference_provider_spec_value.image }} osp_worker_security_groups: >- {{ reference_provider_spec_value.securityGroups }} osp_worker_networks: >- {{ reference_provider_spec_value.networks }} osp_worker_tags: >- {{ reference_provider_spec_value.tags }} reference_machineset: >- {{ ocp4_base_worker_machinesets[0] }} reference_provider_spec_value: >- {{ reference_machineset.spec.template.spec.providerSpec.value }} ansible/roles/ocp4_machineset_config/tasks/machineset-osp.yml
File was deleted ansible/roles/ocp4_machineset_config/tasks/main.yml
@@ -1,12 +1,12 @@ --- - name: Set machineset facts - name: Set MachineSet facts include_tasks: set-facts.yml - name: Disable base worker machinesets - name: Disable base worker MachineSets when: disable_base_worker_machinesets|bool include_tasks: disable-base-worker-machinesets.yml - name: Configure machinesets for cloud provider - name: Configure MachineSets for cloud provider include_tasks: "machineset-{{ cloud_provider_platform }}.yml" - name: Enable cluster autoscaler ansible/roles/ocp4_machineset_config/tasks/set-facts.yml
@@ -23,9 +23,11 @@ base_worker_machineset_json_query: >- [?!contains(keys(metadata.labels), '{{ machineset_group_label }}')] - debug: var=ocp4_current_machineset_names - name: Print current Machinesets debug: var=ocp4_current_machineset_names - name: Set cluster facts - name: Set cluster facts for AWS when: cloud_provider == "ec2" set_fact: cluster_label: >- {{ reference_machineset.metadata.labels['machine.openshift.io/cluster-api-cluster'] }} @@ -40,3 +42,28 @@ {{ ocp4_base_worker_machinesets[0] }} reference_provider_spec_value: >- {{ reference_machineset.spec.template.spec.providerSpec.value }} - name: Set cluster facts for OpenStack when: cloud_provider == "osp" set_fact: cluster_label: >- {{ reference_machineset.metadata.labels['machine.openshift.io/cluster-api-cluster'] }} cloud_provider_api_version: >- {{ reference_provider_spec_value.apiVersion }} cloud_provider_platform: >- {{ reference_provider_spec_value.apiVersion | regex_replace('providerconfig\.openshift\.io/v1alpha1', '') }} vars: reference_machineset: >- {{ ocp4_base_worker_machinesets[0] }} reference_provider_spec_value: >- {{ reference_machineset.spec.template.spec.providerSpec.value }} - name: Debug cluster facts debug: msg: "{{ item.label }}: {{ item.value }}" loop: - {label: "Cluster Label", value: "{{cluster_label}}"} - {label: "Cloud Provider API Version", value: "{{cloud_provider_api_version}}"} - {label: "Cloud Provider Platform", value: "{{cloud_provider_platform}}"} ansible/roles/ocp4_machineset_config/templates/machineset-aws.j2
ansible/roles/ocp4_machineset_config/templates/machineset-openstack.j2
File was renamed from ansible/roles/ocp4_machineset_config/templates/osp-machineset.yml.j2 @@ -41,21 +41,16 @@ cloudsSecret: name: openstack-cloud-credentials namespace: openshift-machine-api flavor: {{ osp_instance_type }} image: wk-r2kbd-rhcos flavor: "{{ osp_instance_type }}" image: "{{ osp_image }}" kind: OpenstackProviderSpec metadata: creationTimestamp: null networks: - filter: {} subnets: - filter: name: wk-r2kbd-nodes tags: openshiftClusterID=wk-r2kbd networks: {{ osp_worker_networks | to_json }} securityGroups: {{ osp_worker_security_groups | to_json }} serverMetadata: Name: wk-r2kbd-worker openshiftClusterID: wk-r2kbd Name: "{{ machineset_name }}" openshiftClusterID: "{{ cluster_label }}" tags: {{ osp_worker_tags | to_json }} trunk: true userDataSecret: