From 93757c5fbd015faf35e12db4464d51b6acc291de Mon Sep 17 00:00:00 2001 From: Wolfgang Kulhanek <wkulhanek@users.noreply.github.com> Date: Tue, 10 Mar 2020 00:15:41 +0100 Subject: [PATCH] Fix workloads (#1270) --- ansible/roles/ocp4_machineset_config/tasks/machineset-aws.yml | 2 ansible/roles/ocp4_machineset_config/README.adoc | 8 ansible/roles/ocp4-workload-infra-nodes/templates/ingress-controller.j2 | 18 + ansible/roles/ocp4-workload-infra-nodes/templates/machine-config-daemonset.j2 | 29 + ansible/roles/ocp4-workload-infra-nodes/defaults/main.yml | 10 ansible/roles/ocp4_machineset_config/tasks/machineset-group-osp.yml | 64 ++++ ansible/roles/ocp4-workload-logging/templates/logging_subscription.j2 | 11 ansible/roles/ocp4-workload-logging/templates/cluster_logging.j2 | 58 +++ ansible/roles/ocp4-workload-infra-nodes/tasks/remove_workload.yml | 64 +++ ansible/roles/ocp4-workload-logging/files/logging_operatorgroup.yaml | 3 ansible/roles/ocp4_machineset_config/templates/osp-machineset.yml.j2 | 73 ++++ ansible/roles/ocp4-workload-logging/files/eo_rolebinding.yaml | 14 ansible/roles/ocp4-workload-infra-nodes/templates/image-registry.j2 | 14 ansible/roles/ocp4_machineset_config/meta/main.yml | 2 ansible/roles/ocp4_machineset_config/tasks/machineset-osp.yml | 11 ansible/roles/ocp4-workload-logging/tasks/workload.yml | 186 ++++++----- ansible/roles/ocp4-workload-logging/files/eo_namespace.yaml | 8 ansible/roles/ocp4-workload-infra-nodes/templates/node-ca-daemonset.j2 | 29 + ansible/roles/ocp4-workload-logging/files/logging_curator_configmap.yaml | 0 ansible/roles/ocp4-workload-logging/files/eo_operatorgroup.yaml | 6 ansible/roles/ocp4-workload-logging/templates/eo_subscription.j2 | 12 ansible/roles/ocp4_machineset_config/templates/aws-machineset.yml.j2 | 11 ansible/roles/ocp4-workload-logging/tasks/remove_workload.yml | 62 --- ansible/roles/ocp4_machineset_config/vars/main.yml | 11 ansible/roles/ocp4_machineset_config/tasks/main.yml | 4 ansible/roles/ocp4-workload-logging/files/eo_role.yaml | 16 + /dev/null | 15 ansible/roles/ocp4-workload-logging/files/logging_namespace.yaml | 2 ansible/roles/ocp4_machineset_config/tasks/machineset-group-aws.yml | 0 ansible/roles/ocp4-workload-infra-nodes/files/cluster-monitoring-config.yml | 78 ++++ ansible/roles/ocp4-workload-logging/defaults/main.yml | 14 ansible/roles/ocp4_machineset_config/defaults/main.yml | 8 ansible/roles/ocp4-workload-enable-lets-encrypt-certificates/files/router-with-certs.yaml | 2 ansible/roles/ocp4-workload-infra-nodes/tasks/workload.yml | 73 ++++ 34 files changed, 725 insertions(+), 193 deletions(-) diff --git a/ansible/roles/ocp4-workload-enable-lets-encrypt-certificates/files/router-with-certs.yaml b/ansible/roles/ocp4-workload-enable-lets-encrypt-certificates/files/router-with-certs.yaml index 96f5cef..ab79eac 100644 --- a/ansible/roles/ocp4-workload-enable-lets-encrypt-certificates/files/router-with-certs.yaml +++ b/ansible/roles/ocp4-workload-enable-lets-encrypt-certificates/files/router-with-certs.yaml @@ -1,8 +1,6 @@ apiVersion: operator.openshift.io/v1 kind: IngressController metadata: - finalizers: - - ingress.openshift.io/ingress-controller name: default namespace: openshift-ingress-operator spec: diff --git a/ansible/roles/ocp4-workload-infra-nodes/defaults/main.yml b/ansible/roles/ocp4-workload-infra-nodes/defaults/main.yml index ffb99c2..080c9dd 100644 --- a/ansible/roles/ocp4-workload-infra-nodes/defaults/main.yml +++ b/ansible/roles/ocp4-workload-infra-nodes/defaults/main.yml @@ -3,5 +3,11 @@ ocp_username: opentlc-mgr silent: False -_infra_node_replicas: 3 -_infra_node_instance_type: m4.4xlarge \ No newline at end of file +_infra_node_replicas: 1 +_infra_node_instance_type: m5.4xlarge + +# Create separate Elasticsearch Nodes +# When false only Infranodes will be created +_infra_node_elasticsearch_nodes: false +_infra_node_elasticsearch_replicas: 1 +_infra_node_elasticsearch_instance_type: m5.4xlarge \ No newline at end of file diff --git a/ansible/roles/ocp4-workload-infra-nodes/files/cluster-monitoring-config.yml b/ansible/roles/ocp4-workload-infra-nodes/files/cluster-monitoring-config.yml new file mode 100644 index 0000000..f46a209 --- /dev/null +++ b/ansible/roles/ocp4-workload-infra-nodes/files/cluster-monitoring-config.yml @@ -0,0 +1,78 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: cluster-monitoring-config + namespace: openshift-monitoring +data: + config.yaml: | + alertmanagerMain: + nodeSelector: + node-role.kubernetes.io/infra: "" + tolerations: + - key: infra + value: reserved + effect: NoSchedule + - key: infra + value: reserved + effect: NoExecute + prometheusK8s: + retention: 48h + nodeSelector: + node-role.kubernetes.io/infra: "" + tolerations: + - key: infra + value: reserved + effect: NoSchedule + - key: infra + value: reserved + effect: NoExecute + prometheusOperator: + nodeSelector: + node-role.kubernetes.io/infra: "" + tolerations: + - key: infra + value: reserved + effect: NoSchedule + - key: infra + value: reserved + effect: NoExecute + grafana: + nodeSelector: + node-role.kubernetes.io/infra: "" + tolerations: + - key: infra + value: reserved + effect: NoSchedule + - key: infra + value: reserved + effect: NoExecute + k8sPrometheusAdapter: + nodeSelector: + node-role.kubernetes.io/infra: "" + tolerations: + - key: infra + value: reserved + effect: NoSchedule + - key: infra + value: reserved + effect: NoExecute + kubeStateMetrics: + nodeSelector: + node-role.kubernetes.io/infra: "" + tolerations: + - key: infra + value: reserved + effect: NoSchedule + - key: infra + value: reserved + effect: NoExecute + telemeterClient: + nodeSelector: + node-role.kubernetes.io/infra: "" + tolerations: + - key: infra + value: reserved + effect: NoSchedule + - key: infra + value: reserved + effect: NoExecute diff --git a/ansible/roles/ocp4-workload-infra-nodes/tasks/remove_workload.yml b/ansible/roles/ocp4-workload-infra-nodes/tasks/remove_workload.yml index c25031c..65fc383 100644 --- a/ansible/roles/ocp4-workload-infra-nodes/tasks/remove_workload.yml +++ b/ansible/roles/ocp4-workload-infra-nodes/tasks/remove_workload.yml @@ -2,20 +2,76 @@ --- # Implement your Workload removal tasks here -- name: find infra machinesets +- name: Find Infra machinesets k8s_facts: api_version: machine.openshift.io/v1beta1 kind: MachineSet namespace: openshift-machine-api label_selectors: - agnosticd.redhat.com/machineset-group = infra - register: machinesets_out + register: r_infra_machinesets -- name: delete infra machinesets +- name: Find Elasticsearch machinesets + k8s_facts: + api_version: machine.openshift.io/v1beta1 + kind: MachineSet + namespace: openshift-machine-api + label_selectors: + - agnosticd.redhat.com/machineset-group = elasticsearch + register: r_elasticsearch_machinesets + +- name: Delete infra machinesets + when: r_infra_machinesets.resources | length | int > 0 k8s: state: absent definition: "{{ item }}" - with_items: "{{ machinesets_out.resources }}" + with_items: "{{ r_infra_machinesets.resources }}" + +- name: Delete Elasticsearch machinesets + when: r_elasticsearch_machinesets.resources | length | int > 0 + k8s: + state: absent + definition: "{{ item }}" + with_items: "{{ r_elasticsearch_machinesets.resources }}" + +- name: Print Warning + debug: + msg: "WARNING: Make sure to change the node selectors for Ingress Controllers, Image Registry and Monitoring" + +# - name: Move Ingress Controllers to Worker Nodes +# k8s: +# state: present +# definition: +# apiVersion: operator.openshift.io/v1 +# kind: IngressController +# metadata: +# name: default +# namespace: openshift-ingress-operator +# spec: +# nodePlacement: +# nodeSelector: +# matchLabels: +# node-role.kubernetes.io/worker: "" + +# - name: Move Image Registry to Worker Nodes +# k8s: +# state: present +# definition: +# apiVersion: imageregistry.operator.openshift.io/v1 +# kind: Config +# metadata: +# name: cluster +# spec: +# nodeSelector: +# "node-role.kubernetes.io/worker": "" + +# - name: Remove Cluster Monitoring Config Map +# k8s: +# state: absent +# api_version: v1 +# kind: ConfigMap +# name: cluster-monitoring-config +# namespace: openshift-monitoring # Leave this as the last task in the playbook. - name: remove_workload tasks complete diff --git a/ansible/roles/ocp4-workload-infra-nodes/tasks/workload.yml b/ansible/roles/ocp4-workload-infra-nodes/tasks/workload.yml index b43f918..7fec557 100644 --- a/ansible/roles/ocp4-workload-infra-nodes/tasks/workload.yml +++ b/ansible/roles/ocp4-workload-infra-nodes/tasks/workload.yml @@ -1,4 +1,3 @@ -# vim: set ft=ansible --- - name: Configure OCP4 infra machinesets include_role: @@ -7,9 +6,79 @@ ocp4_machineset_config_groups: - name: infra role: infra - aws_instance_type: "{{ _infra_node_instance_type }}" + taint: infra + instance_type: "{{ _infra_node_instance_type }}" total_replicas: "{{ _infra_node_replicas }}" +- name: Configure OCP4 Elasticsearch machinesets + when: _infra_node_elasticsearch_nodes | d(False) | bool + include_role: + name: ocp4_machineset_config + vars: + ocp4_machineset_config_groups: + - name: elasticsearch + role: elasticsearch + taint: elasticsearch + instance_type: "{{ _infra_node_elasticsearch_instance_type }}" + total_replicas: "{{ _infra_node_elasticsearch_replicas }}" + +- name: Wait for Infra Nodes to be available + k8s_facts: + api_version: v1 + kind: Node + label_selectors: + - node-role.kubernetes.io/infra = + register: r_infra_nodes + until: + - r_infra_nodes.resources | length | int == _infra_node_replicas | int + delay: 30 + retries: 15 + +- name: Wait for Elasticsearch Nodes to be available + when: _infra_node_elasticsearch_nodes | d(False) | bool + k8s_facts: + api_version: v1 + kind: Node + label_selectors: + - node-role.kubernetes.io/elasticsearch = + register: r_es_nodes + until: + - r_es_nodes.resources | length | int == _infra_node_elasticsearch_replicas | int + delay: 30 + retries: 15 + +# The Machine Config Daemon DaemonSet does not include +# Universal Tolerations. So by adding taints to Infra +# (and Elasticsearch) nodes the Machine Config Daemon +# pods would be removed from those nodes. +# This adds the necessary tolerations. +# It may be 4.5 before this is fixed. +# See https://bugzilla.redhat.com/show_bug.cgi?id=1780318 +- name: Fix Machine Config and Node CA Daemon Sets (add Tolerations for Infra and Elasticsearch nodes) + k8s: + state: present + merge_type: + - merge + definition: "{{ lookup('template', '{{ item }}') }}" + loop: + - ./templates/machine-config-daemonset.j2 + - ./templates/node-ca-daemonset.j2 + +- name: Configure Ingress Controllers and Image Registry + k8s: + state: present + merge_type: + - merge + definition: "{{ lookup('template', '{{ item }}') }}" + loop: + - ./templates/ingress-controller.j2 + - ./templates/image-registry.j2 + +- name: Create Config Map for Cluster Monitoring + k8s: + state: present + definition: "{{ lookup('file', './files/cluster-monitoring-config.yml') }}" + # Leave this as the last task in the playbook. - name: workload tasks complete debug: diff --git a/ansible/roles/ocp4-workload-infra-nodes/templates/image-registry.j2 b/ansible/roles/ocp4-workload-infra-nodes/templates/image-registry.j2 new file mode 100644 index 0000000..49f9da8 --- /dev/null +++ b/ansible/roles/ocp4-workload-infra-nodes/templates/image-registry.j2 @@ -0,0 +1,14 @@ +apiVersion: imageregistry.operator.openshift.io/v1 +kind: Config +metadata: + name: cluster +spec: + nodeSelector: + "node-role.kubernetes.io/infra": "" + tolerations: + - effect: NoSchedule + key: infra + value: reserved + - effect: NoExecute + key: infra + value: reserved \ No newline at end of file diff --git a/ansible/roles/ocp4-workload-infra-nodes/templates/ingress-controller.j2 b/ansible/roles/ocp4-workload-infra-nodes/templates/ingress-controller.j2 new file mode 100644 index 0000000..2fccffd --- /dev/null +++ b/ansible/roles/ocp4-workload-infra-nodes/templates/ingress-controller.j2 @@ -0,0 +1,18 @@ +apiVersion: operator.openshift.io/v1 +kind: IngressController +metadata: + name: default + namespace: openshift-ingress-operator +spec: + replicas: {{ _infra_node_replicas | int }} + nodePlacement: + nodeSelector: + matchLabels: + node-role.kubernetes.io/infra: "" + tolerations: + - effect: NoSchedule + key: infra + value: reserved + - effect: NoExecute + key: infra + value: reserved \ No newline at end of file diff --git a/ansible/roles/ocp4-workload-infra-nodes/templates/machine-config-daemonset.j2 b/ansible/roles/ocp4-workload-infra-nodes/templates/machine-config-daemonset.j2 new file mode 100644 index 0000000..65954d9 --- /dev/null +++ b/ansible/roles/ocp4-workload-infra-nodes/templates/machine-config-daemonset.j2 @@ -0,0 +1,29 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: machine-config-daemon + namespace: openshift-machine-config-operator +spec: + template: + spec: + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/etcd + operator: Exists + - effect: NoSchedule + key: infra + value: reserved + - effect: NoExecute + key: infra + value: reserved +{% if _infra_node_elasticsearch_nodes | bool %} + - effect: NoSchedule + key: elasticsearch + value: reserved + - effect: NoExecute + key: elasticsearch + value: reserved +{% endif %} \ No newline at end of file diff --git a/ansible/roles/ocp4-workload-infra-nodes/templates/node-ca-daemonset.j2 b/ansible/roles/ocp4-workload-infra-nodes/templates/node-ca-daemonset.j2 new file mode 100644 index 0000000..3812327 --- /dev/null +++ b/ansible/roles/ocp4-workload-infra-nodes/templates/node-ca-daemonset.j2 @@ -0,0 +1,29 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: node-ca + namespace: openshift-image-registry +spec: + template: + spec: + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/etcd + operator: Exists + - effect: NoSchedule + key: infra + value: reserved + - effect: NoExecute + key: infra + value: reserved +{% if _infra_node_elasticsearch_nodes | bool %} + - effect: NoSchedule + key: elasticsearch + value: reserved + - effect: NoExecute + key: elasticsearch + value: reserved +{% endif %} \ No newline at end of file diff --git a/ansible/roles/ocp4-workload-logging/defaults/main.yml b/ansible/roles/ocp4-workload-logging/defaults/main.yml index f607165..1cde41d 100644 --- a/ansible/roles/ocp4-workload-logging/defaults/main.yml +++ b/ansible/roles/ocp4-workload-logging/defaults/main.yml @@ -3,8 +3,14 @@ ocp_username: opentlc-mgr silent: False -_logging_elasticsearch_replicas: 3 -_logging_elasticsearch_memory_request: "4Gi" +_logging_elasticsearch_replicas: 1 +_logging_elasticsearch_memory_request: "8Gi" _logging_elasticsearch_storage_request: "200Gi" -_logging_use_infra_nodes: True -_logging_wait_for_deployment: True \ No newline at end of file + +# Set to true to place pods on nodes with label +# node-role.kubernetes.io/infra: "" +_logging_use_infra_nodes: False +# Set to true to place pods on nodes with label +# node-role.kubernetes.io/elasticsearch: "" +_logging_use_elasticsearch_nodes: True +# If both are false the Logging Components will run on Worker nodes diff --git a/ansible/roles/ocp4-workload-logging/files/elasticsearch_catalog_source.yaml b/ansible/roles/ocp4-workload-logging/files/elasticsearch_catalog_source.yaml deleted file mode 100644 index ae240ad..0000000 --- a/ansible/roles/ocp4-workload-logging/files/elasticsearch_catalog_source.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: operators.coreos.com/v1 -kind: CatalogSourceConfig -metadata: - name: elasticsearch-operator - namespace: openshift-marketplace -spec: - packages: elasticsearch-operator - targetNamespace: openshift-operators diff --git a/ansible/roles/ocp4-workload-logging/files/elasticsearch_subscription.yaml b/ansible/roles/ocp4-workload-logging/files/elasticsearch_subscription.yaml deleted file mode 100644 index f333922..0000000 --- a/ansible/roles/ocp4-workload-logging/files/elasticsearch_subscription.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: operators.coreos.com/v1alpha1 -kind: Subscription -metadata: - name: elasticsearch-operator - namespace: openshift-operators -spec: - channel: preview - installPlanApproval: Automatic - name: elasticsearch-operator - source: elasticsearch-operator - sourceNamespace: openshift-operators -# startingCSV: elasticsearch-operator.v4.1.2 diff --git a/ansible/roles/ocp4-workload-logging/files/eo_namespace.yaml b/ansible/roles/ocp4-workload-logging/files/eo_namespace.yaml new file mode 100644 index 0000000..0f479cd --- /dev/null +++ b/ansible/roles/ocp4-workload-logging/files/eo_namespace.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: openshift-operators-redhat + annotations: + openshift.io/node-selector: "" + labels: + openshift.io/cluster-monitoring: "true" \ No newline at end of file diff --git a/ansible/roles/ocp4-workload-logging/files/eo_operatorgroup.yaml b/ansible/roles/ocp4-workload-logging/files/eo_operatorgroup.yaml new file mode 100644 index 0000000..481ec1e --- /dev/null +++ b/ansible/roles/ocp4-workload-logging/files/eo_operatorgroup.yaml @@ -0,0 +1,6 @@ +apiVersion: operators.coreos.com/v1 +kind: OperatorGroup +metadata: + name: openshift-operators-redhat + namespace: openshift-operators-redhat +spec: {} \ No newline at end of file diff --git a/ansible/roles/ocp4-workload-logging/files/eo_role.yaml b/ansible/roles/ocp4-workload-logging/files/eo_role.yaml new file mode 100644 index 0000000..2f73028 --- /dev/null +++ b/ansible/roles/ocp4-workload-logging/files/eo_role.yaml @@ -0,0 +1,16 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: prometheus-k8s + namespace: openshift-operators-redhat +rules: +- apiGroups: + - "" + resources: + - services + - endpoints + - pods + verbs: + - get + - list + - watch diff --git a/ansible/roles/ocp4-workload-logging/files/eo_rolebinding.yaml b/ansible/roles/ocp4-workload-logging/files/eo_rolebinding.yaml new file mode 100644 index 0000000..e20baa8 --- /dev/null +++ b/ansible/roles/ocp4-workload-logging/files/eo_rolebinding.yaml @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: prometheus-k8s + namespace: openshift-operators-redhat +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: prometheus-k8s +subjects: +- kind: ServiceAccount + name: prometheus-k8s +namespace: openshift-operators-redhat + diff --git a/ansible/roles/ocp4-workload-logging/files/logging_catalog_source.yaml b/ansible/roles/ocp4-workload-logging/files/logging_catalog_source.yaml deleted file mode 100644 index b4ec899..0000000 --- a/ansible/roles/ocp4-workload-logging/files/logging_catalog_source.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: operators.coreos.com/v1 -kind: CatalogSourceConfig -metadata: - name: cluster-logging-operator - namespace: openshift-marketplace -spec: - packages: cluster-logging - targetNamespace: openshift-logging diff --git a/ansible/roles/ocp4-workload-logging/files/curator_configmap.yaml b/ansible/roles/ocp4-workload-logging/files/logging_curator_configmap.yaml similarity index 100% rename from ansible/roles/ocp4-workload-logging/files/curator_configmap.yaml rename to ansible/roles/ocp4-workload-logging/files/logging_curator_configmap.yaml diff --git a/ansible/roles/ocp4-workload-logging/files/namespace.yaml b/ansible/roles/ocp4-workload-logging/files/logging_namespace.yaml similarity index 83% rename from ansible/roles/ocp4-workload-logging/files/namespace.yaml rename to ansible/roles/ocp4-workload-logging/files/logging_namespace.yaml index 4161fb4..08b3aa9 100644 --- a/ansible/roles/ocp4-workload-logging/files/namespace.yaml +++ b/ansible/roles/ocp4-workload-logging/files/logging_namespace.yaml @@ -3,7 +3,7 @@ metadata: name: openshift-logging annotations: - openshift.io/node-selector: "" + openshift.io/node-selector: "" labels: openshift.io/cluster-logging: "true" openshift.io/cluster-monitoring: "true" diff --git a/ansible/roles/ocp4-workload-logging/files/operatorgroup.yaml b/ansible/roles/ocp4-workload-logging/files/logging_operatorgroup.yaml similarity index 80% rename from ansible/roles/ocp4-workload-logging/files/operatorgroup.yaml rename to ansible/roles/ocp4-workload-logging/files/logging_operatorgroup.yaml index 12e1b67..bdcc99b 100644 --- a/ansible/roles/ocp4-workload-logging/files/operatorgroup.yaml +++ b/ansible/roles/ocp4-workload-logging/files/logging_operatorgroup.yaml @@ -5,4 +5,7 @@ namespace: openshift-logging spec: targetNamespaces: + - openshift-logging +status: + namespaces: - openshift-logging \ No newline at end of file diff --git a/ansible/roles/ocp4-workload-logging/files/logging_subscription.yaml b/ansible/roles/ocp4-workload-logging/files/logging_subscription.yaml deleted file mode 100644 index bfc4893..0000000 --- a/ansible/roles/ocp4-workload-logging/files/logging_subscription.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: operators.coreos.com/v1alpha1 -kind: Subscription -metadata: - name: cluster-logging - namespace: openshift-logging - labels: - csc-owner-name: installed-redhat-openshift-logging - csc-owner-namespace: openshift-marketplace -spec: - channel: preview - installPlanApproval: Automatic - name: cluster-logging - source: cluster-logging-operator - sourceNamespace: openshift-logging -# startingCSV: clusterlogging.v4.1.2 diff --git a/ansible/roles/ocp4-workload-logging/tasks/remove_workload.yml b/ansible/roles/ocp4-workload-logging/tasks/remove_workload.yml index 89eaa03..660bd0d 100644 --- a/ansible/roles/ocp4-workload-logging/tasks/remove_workload.yml +++ b/ansible/roles/ocp4-workload-logging/tasks/remove_workload.yml @@ -1,7 +1,7 @@ # vim: set ft=ansible --- # Implement your Workload removal tasks here -- name: Remove Logging CR +- name: Remove OpenShift ClusterLogging k8s: state: absent definition: @@ -13,7 +13,7 @@ # operator nukes all pods once cr is gone # waiting for just one to remain is a bit of a hack -- name: wait for only one pod +- name: Wait for logging pods to be terminated k8s_facts: api_version: v1 kind: Pod @@ -23,51 +23,7 @@ retries: 20 delay: 10 -- name: logging operatorgroup - k8s: - state: absent - definition: - apiVersion: operators.coreos.com/v1 - kind: OperatorGroup - metadata: - name: openshift-logging-operatorgroup - namespace: openshift-logging - -### elastic catalog source config -- name: catalog source config - k8s: - state: absent - definition: - apiVersion: operators.coreos.com/v1 - kind: CatalogSourceConfig - metadata: - name: elasticsearch-operator - namespace: openshift-marketplace - -### elastic subscription -- name: elastic subscription - k8s: - state: absent - definition: - apiVersion: operators.coreos.com/v1alpha1 - kind: Subscription - metadata: - name: elasticsearch-operator - namespace: openshift-operators - -### logging catalog source config -- name: logging catalog source config - k8s: - state: absent - definition: - apiVersion: operators.coreos.com/v1 - kind: CatalogSourceConfig - metadata: - name: cluster-logging-operator - namespace: openshift-marketplace - -### logging subscription -- name: logging subscription +- name: Remove logging subscription k8s: state: absent definition: @@ -77,7 +33,17 @@ name: cluster-logging namespace: openshift-logging -- name: logging project +- name: Remove logging operatorgroup + k8s: + state: absent + definition: + apiVersion: operators.coreos.com/v1 + kind: OperatorGroup + metadata: + name: openshift-logging-operatorgroup + namespace: openshift-logging + +- name: Remove openshift-logging project k8s: state: absent definition: diff --git a/ansible/roles/ocp4-workload-logging/tasks/workload.yml b/ansible/roles/ocp4-workload-logging/tasks/workload.yml index 3b9ecd1..507dde9 100644 --- a/ansible/roles/ocp4-workload-logging/tasks/workload.yml +++ b/ansible/roles/ocp4-workload-logging/tasks/workload.yml @@ -1,104 +1,112 @@ -# vim: set ft=ansible --- -# Implement your Workload deployment tasks here - -- name: Create OpenShift Objects for Logging - ignore_errors: yes - retries: 5 - delay: 10 - until: r_objects is succeeded - register: r_objects - k8s: - state: present - merge_type: - - strategic-merge - - merge - definition: "{{ lookup('file', item ) | from_yaml }}" - loop: - - ./files/namespace.yaml - - ./files/operatorgroup.yaml - - ./files/elasticsearch_catalog_source.yaml - - ./files/elasticsearch_subscription.yaml - - ./files/logging_catalog_source.yaml - - ./files/logging_subscription.yaml - -- name: Wait for Elasticsearch CRD +- name: Check if Elasticsearch Operator is already installed k8s_facts: - api_version: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - name: elasticsearches.logging.openshift.io - register: r_elasticsearch_crd - retries: 20 - delay: 10 - ignore_errors: yes - until: r_elasticsearch_crd.resources | list | length == 1 + api_version: v1 + kind: Deployment + namespace: "openshift-operators-redhat" + name: "elasticsearch-operator" + register: r_eo_deployment_exists -- name: Notify user if Elasticsearch deployment failed - when: not r_elasticsearch_crd.resources | list | length == 1 - debug: - msg: "user.info: *** Elasticsearch operator could not be installed ***" - -- name: Wait for Logging CRD - k8s_facts: - api_version: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - name: clusterloggings.logging.openshift.io - register: r_logging_crd - retries: 20 - delay: 10 - ignore_errors: yes - until: r_logging_crd.resources | list | length == 1 - -- name: Notify user if Logging deployment failed - when: not r_logging_crd.resources | list | length == 1 - debug: - msg: "user.info: *** Logging operator could not be installed ***" - -- name: Deploy Logging - when: - - r_logging_crd.resources | list | length == 1 - - r_elasticsearch_crd.resources | list | length == 1 +- name: Install Elasticsearch Operator if not installed + when: r_eo_deployment_exists.resources | length | int == 0 block: - - name: Create OpenShift Objects for ClusterLogging + - name: Get current stable version of Elasticsearch + shell: "oc get packagemanifest elasticsearch-operator -n openshift-marketplace -o jsonpath='{.status.defaultChannel}'" + register: r_eo_version + + - name: Print Elasticsearch version to be installed + debug: + msg: "Elasticsearch version to be installed: {{ r_eo_version.stdout }}" + + - name: Install Elasticsearch operator prerequisites k8s: state: present - merge_type: - - strategic-merge - - merge - definition: "{{ lookup('template', item ) | from_yaml }}" - ignore_errors: yes + definition: "{{ lookup('file', item ) | from_yaml }}" loop: - - ./templates/cluster_logging.j2 + - ./files/eo_namespace.yaml + - ./files/eo_operatorgroup.yaml + - ./files/eo_role.yaml + - ./files/eo_rolebinding.yaml - - name: Sleep to give the status field a chance to populate - when: _logging_wait_for_deployment | bool - pause: - seconds: 60 - - - name: Wait until Elasticsearch Cluster Status is green - when: _logging_wait_for_deployment| bool + - name: Install Elasticsearch operator + k8s: + state: present + definition: "{{ lookup('template', item ) | from_yaml }}" + loop: + - ./templates/eo_subscription.j2 + + - name: Wait for Elasticsearch operator to be ready k8s_facts: - api_version: logging.openshift.io/v1 - kind: ClusterLogging - name: instance - namespace: openshift-logging - register: r_logging + api_version: v1 + kind: Deployment + namespace: "openshift-operators-redhat" + name: "elasticsearch-operator" + register: r_eo_deployment retries: 30 delay: 10 - ignore_errors: yes - until: - - r_logging.resources[0].status.logStore.elasticsearchStatus[0].clusterHealth == "green" + until: + - r_eo_deployment.resources | length | int > 0 + - r_eo_deployment.resources[0].status.availableReplicas is defined + - r_eo_deployment.resources[0].status.availableReplicas | int == r_eo_deployment.resources[0].spec.replicas | int - - name: Update Logging Curator configuration - k8s: - state: present - merge_type: - - strategic-merge - - merge - definition: "{{ lookup('file', item ) | from_yaml }}" - ignore_errors: yes - loop: - - ./files/curator_configmap.yaml +- name: Get current stable version of Cluster Logging + shell: "oc get packagemanifest cluster-logging -n openshift-marketplace -o jsonpath='{.status.defaultChannel}'" + register: r_logging_version + +- name: Print Cluster Logging version to be installed + debug: + msg: "Cluster Logging version to be installed: {{ r_logging_version.stdout }}" + +- name: Install OpenShift Logging Operator Prerequisites + k8s: + state: present + definition: "{{ lookup('file', item ) | from_yaml }}" + loop: + - ./files/logging_namespace.yaml + - ./files/logging_operatorgroup.yaml + - ./files/logging_curator_configmap.yaml + +- name: Install OpenShift Logging Operator + k8s: + state: present + definition: "{{ lookup('template', item ) | from_yaml }}" + loop: + - ./templates/logging_subscription.j2 + +- name: Wait for Cluster Logging Operator to be ready + k8s_facts: + api_version: v1 + kind: Deployment + namespace: "openshift-logging" + name: "cluster-logging-operator" + register: r_logging_deployment + retries: 30 + delay: 10 + until: + - r_logging_deployment.resources | length | int > 0 + - r_logging_deployment.resources[0].status.availableReplicas is defined + - r_logging_deployment.resources[0].status.availableReplicas | int == r_logging_deployment.resources[0].spec.replicas | int + +- name: Create OpenShift ClusterLogging + k8s: + state: present + definition: "{{ lookup('template', item ) | from_yaml }}" + loop: + - ./templates/cluster_logging.j2 + +- name: Wait until Elasticsearch cluster status is green + k8s_facts: + api_version: logging.openshift.io/v1 + kind: ClusterLogging + name: instance + namespace: openshift-logging + register: r_logging + retries: 30 + delay: 10 + ignore_errors: yes + until: + - r_logging.resources[0].status.logStore.elasticsearchStatus[0].cluster.status is defined + - r_logging.resources[0].status.logStore.elasticsearchStatus[0].cluster.status == "green" # Leave this as the last task in the playbook. - name: workload tasks complete diff --git a/ansible/roles/ocp4-workload-logging/templates/cluster_logging.j2 b/ansible/roles/ocp4-workload-logging/templates/cluster_logging.j2 index cdec16b..be715f0 100644 --- a/ansible/roles/ocp4-workload-logging/templates/cluster_logging.j2 +++ b/ansible/roles/ocp4-workload-logging/templates/cluster_logging.j2 @@ -17,6 +17,22 @@ nodeSelector: {% if _logging_use_infra_nodes|bool %} node-role.kubernetes.io/infra: "" + tolerations: + - key: infra + value: reserved + effect: NoSchedule + - key: infra + value: reserved + effect: NoExecute +{% elif _logging_use_elasticsearch_nodes | bool %} + node-role.kubernetes.io/elasticsearch: "" + tolerations: + - key: elasticsearch + value: reserved + effect: NoSchedule + - key: elasticsearch + value: reserved + effect: NoExecute {% else %} node-role.kubernetes.io/worker: "" {% endif %} @@ -33,6 +49,22 @@ nodeSelector: {% if _logging_use_infra_nodes|bool %} node-role.kubernetes.io/infra: "" + tolerations: + - key: infra + value: reserved + effect: NoSchedule + - key: infra + value: reserved + effect: NoExecute +{% elif _logging_use_elasticsearch_nodes | bool %} + node-role.kubernetes.io/elasticsearch: "" + tolerations: + - key: elasticsearch + value: reserved + effect: NoSchedule + - key: elasticsearch + value: reserved + effect: NoExecute {% else %} node-role.kubernetes.io/worker: "" {% endif %} @@ -43,16 +75,28 @@ nodeSelector: {% if _logging_use_infra_nodes|bool %} node-role.kubernetes.io/infra: "" + tolerations: + - key: infra + value: reserved + effect: NoSchedule + - key: infra + value: reserved + effect: NoExecute +{% elif _logging_use_elasticsearch_nodes | bool %} + node-role.kubernetes.io/elasticsearch: "" + tolerations: + - key: elasticsearch + value: reserved + effect: NoSchedule + - key: elasticsearch + value: reserved + effect: NoExecute {% else %} node-role.kubernetes.io/worker: "" {% endif %} collection: logs: type: "fluentd" - fluentd: {} - nodeSelector: -{% if _logging_use_infra_nodes|bool %} - node-role.kubernetes.io/infra: "" -{% else %} - node-role.kubernetes.io/worker: "" -{% endif %} \ No newline at end of file + fluentd: + tolerations: + - operator: Exists diff --git a/ansible/roles/ocp4-workload-logging/templates/eo_subscription.j2 b/ansible/roles/ocp4-workload-logging/templates/eo_subscription.j2 new file mode 100644 index 0000000..ec6a89d --- /dev/null +++ b/ansible/roles/ocp4-workload-logging/templates/eo_subscription.j2 @@ -0,0 +1,12 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: Subscription +metadata: + name: "elasticsearch-operator-{{ r_eo_version.stdout }}" + namespace: "openshift-operators-redhat" +spec: + channel: "{{ r_eo_version.stdout }}" + installPlanApproval: "Automatic" + source: "redhat-operators" + sourceNamespace: "openshift-marketplace" + name: "elasticsearch-operator" + \ No newline at end of file diff --git a/ansible/roles/ocp4-workload-logging/templates/logging_subscription.j2 b/ansible/roles/ocp4-workload-logging/templates/logging_subscription.j2 new file mode 100644 index 0000000..98a05dc --- /dev/null +++ b/ansible/roles/ocp4-workload-logging/templates/logging_subscription.j2 @@ -0,0 +1,11 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: Subscription +metadata: + name: cluster-logging + namespace: openshift-logging +spec: + channel: "{{ r_logging_version.stdout }}" + installPlanApproval: Automatic + name: cluster-logging + source: redhat-operators + sourceNamespace: openshift-marketplace diff --git a/ansible/roles/ocp4_machineset_config/README.adoc b/ansible/roles/ocp4_machineset_config/README.adoc index 1d4a7f5..d00d63b 100644 --- a/ansible/roles/ocp4_machineset_config/README.adoc +++ b/ansible/roles/ocp4_machineset_config/README.adoc @@ -1,7 +1,7 @@ -# ocp4_machineset_config +# ocp4_machineset_config_aws OpenShift 4 MachineSet management to implement custom machinesets such as to -create dedicated compute and infra nodes. +create dedicated compute and infra nodes on AWS. This Ansible role will query the cluster for the base worker machinesets provisioned by the installer and then manage custom machinesets based on the @@ -31,14 +31,14 @@ ocp4_machineset_config_groups: - name: compute role: compute - aws_instance_type: m4.large + aws_instance_type: m5.4xlarge aws_root_volume_size: 80 autoscale: true total_replicas_min: 3 total_replicas_max: 30 - name: infra role: infra - aws_instance_type: m4.large + aws_instance_type: m5.4xlarge total_replicas: 2 ``` diff --git a/ansible/roles/ocp4_machineset_config/defaults/main.yml b/ansible/roles/ocp4_machineset_config/defaults/main.yml index 31dddc4..e5d2a18 100644 --- a/ansible/roles/ocp4_machineset_config/defaults/main.yml +++ b/ansible/roles/ocp4_machineset_config/defaults/main.yml @@ -2,10 +2,14 @@ ocp4_machineset_config_domain: agnosticd.redhat.com ocp4_machineset_config_group_label: "{{ ocp4_machineset_config_domain }}/machineset-group" ocp4_machineset_config_groups: [] -ocp4_machineset_config_default_aws_instance_type: m4.large -ocp4_machineset_config_default_aws_root_volume_size: 120 ocp4_machineset_config_disable_base_worker_machinesets: false +ocp4_machineset_config_default_aws_instance_type: m5.4xlarge +ocp4_machineset_config_default_aws_root_volume_size: 120 + +ocp4_machineset_config_default_osp_instance_type: "4c12g30d" +ocp4_machineset_config_default_osp_root_volume_size: 120 + ocp4_cluster_autoscaler_spec: scaleDown: enabled: true diff --git a/ansible/roles/ocp4_machineset_config/meta/main.yml b/ansible/roles/ocp4_machineset_config/meta/main.yml index de093b9..2dfafc0 100644 --- a/ansible/roles/ocp4_machineset_config/meta/main.yml +++ b/ansible/roles/ocp4_machineset_config/meta/main.yml @@ -1,7 +1,7 @@ --- galaxy_info: role_name: ocp4_machineset_config - author: Johnathan Kupferer + author: Johnathan Kupferer, Wolfgang Kulhanek description: Configure OpenShift 4 MachineSets license: MIT min_ansible_version: 2.7 diff --git a/ansible/roles/ocp4_machineset_config/tasks/aws.yml b/ansible/roles/ocp4_machineset_config/tasks/machineset-aws.yml similarity index 96% rename from ansible/roles/ocp4_machineset_config/tasks/aws.yml rename to ansible/roles/ocp4_machineset_config/tasks/machineset-aws.yml index 0d4360e..77062c0 100644 --- a/ansible/roles/ocp4_machineset_config/tasks/aws.yml +++ b/ansible/roles/ocp4_machineset_config/tasks/machineset-aws.yml @@ -1,6 +1,6 @@ --- - name: Define custom machinesets - include_tasks: aws-machineset-group.yml + include_tasks: machineset-group-aws.yml loop: "{{ ocp4_machineset_config_groups }}" loop_control: label: "{{ machineset_group.name }}" diff --git a/ansible/roles/ocp4_machineset_config/tasks/aws-machineset-group.yml b/ansible/roles/ocp4_machineset_config/tasks/machineset-group-aws.yml similarity index 100% rename from ansible/roles/ocp4_machineset_config/tasks/aws-machineset-group.yml rename to ansible/roles/ocp4_machineset_config/tasks/machineset-group-aws.yml diff --git a/ansible/roles/ocp4_machineset_config/tasks/machineset-group-osp.yml b/ansible/roles/ocp4_machineset_config/tasks/machineset-group-osp.yml new file mode 100644 index 0000000..dfbcbf5 --- /dev/null +++ b/ansible/roles/ocp4_machineset_config/tasks/machineset-group-osp.yml @@ -0,0 +1,64 @@ +--- +- name: Define {{ machineset_group.name }} machinesets + k8s: + state: present + definition: "{{ lookup('template', 'osp-machineset.yml.j2') | from_yaml }}" + # Iterate through availability zones in reverse order + # as it makes the math easier to scale zone "a" + # before "b" to match expected behavior. + loop: "{{ osp_worker_availability_zones[::-1] }}" + loop_control: + label: "{{ machineset_name }}" + loop_var: osp_worker_availability_zone + index_var: loop_index + vars: + availability_zone: "{{ osp_worker_availability_zone.name }}" + availability_zone_region: "{{ osp_worker_availability_zone.region }}" + availability_zone_subnet: "{{ osp_worker_availability_zone.subnet }}" + osp_instance_type: >- + {{ machineset_group.osp_instance_type | default(default_osp_instance_type) }} + osp_root_volume_size: >- + {{ machineset_group.osp_root_volume_size | default(default_osp_root_volume_size) }} + machineset_name: >- + {{ [cluster_label, machineset_group.name, availability_zone] | join('-') }} + machineset_group_node_labels: >- + {{ machineset_group.node_labels + | default({'node-role.kubernetes.io/' + machineset_group.role: ''} + if machineset_group.role|default(False) else {}) + }} + machineset_group_total_replicas: >- + {{ machineset_group.total_replicas + | default(machineset_group.total_replicas_min) + | default(0) + }} + machineset_replicas: >- + {{ ( + (machineset_group_total_replicas|int + loop_index) / osp_worker_availability_zones|count + ) | int }} + +- name: Define {{ machineset_group.name }} machineautoscalers + k8s: + state: present + definition: "{{ lookup('template', 'machineautoscaler.yml.j2') | from_yaml }}" + # Iterate through availability zones in reverse order as it makes the math + # easier to scale zone "a" before "b" to match expected behavior. + loop: "{{ osp_worker_availability_zones[::-1] }}" + loop_control: + label: "{{ machineset_name }}" + loop_var: osp_worker_availability_zone + index_var: loop_index + vars: + availability_zone: "{{ osp_worker_availability_zone.name }}" + machineset_name: >- + {{ [cluster_label, machineset_group.name, availability_zone] | join('-') }} + machineset_min_replicas: >- + {{ ( + (machineset_group.total_replicas_min|default(0) + loop_index) / + osp_worker_availability_zones|count + ) | int }} + machineset_max_replicas: >- + {{ ( + (machineset_group.total_replicas_max|default(100) + loop_index) / + osp_worker_availability_zones|count + ) | int }} + when: machineset_group.autoscale | default(False) | bool diff --git a/ansible/roles/ocp4_machineset_config/tasks/aws.yml b/ansible/roles/ocp4_machineset_config/tasks/machineset-osp.yml similarity index 85% copy from ansible/roles/ocp4_machineset_config/tasks/aws.yml copy to ansible/roles/ocp4_machineset_config/tasks/machineset-osp.yml index 0d4360e..c96c4e5 100644 --- a/ansible/roles/ocp4_machineset_config/tasks/aws.yml +++ b/ansible/roles/ocp4_machineset_config/tasks/machineset-osp.yml @@ -1,20 +1,21 @@ --- - name: Define custom machinesets - include_tasks: aws-machineset-group.yml + include_tasks: machineset-group-osp.yml loop: "{{ ocp4_machineset_config_groups }}" loop_control: label: "{{ machineset_group.name }}" loop_var: machineset_group vars: - aws_coreos_ami_id: >- + osp_coreos_ami_id: >- {{ reference_provider_spec_value.ami.id }} aws_iam_instance_profile_id: >- {{ reference_provider_spec_value.iamInstanceProfile.id }} - aws_worker_security_groups: >- + osp_worker_security_groups: >- {{ reference_provider_spec_value.securityGroups }} - aws_worker_tags: >- + osp_worker_tags: >- {{ reference_provider_spec_value.tags }} - aws_worker_availability_zones: >- + + osp_worker_availability_zones: >- {{ ocp4_base_worker_machinesets | json_query(availability_zone_json_query) }} diff --git a/ansible/roles/ocp4_machineset_config/tasks/main.yml b/ansible/roles/ocp4_machineset_config/tasks/main.yml index 2be85f6..347445e 100644 --- a/ansible/roles/ocp4_machineset_config/tasks/main.yml +++ b/ansible/roles/ocp4_machineset_config/tasks/main.yml @@ -3,11 +3,11 @@ include_tasks: set-facts.yml - name: Disable base worker machinesets - include_tasks: disable-base-worker-machinesets.yml when: disable_base_worker_machinesets|bool + include_tasks: disable-base-worker-machinesets.yml - name: Configure machinesets for cloud provider - include_tasks: "{{ cloud_provider_platform }}.yml" + include_tasks: "machineset-{{ cloud_provider_platform }}.yml" - name: Enable cluster autoscaler include_tasks: enable-cluster-autoscaler.yml diff --git a/ansible/roles/ocp4_machineset_config/templates/aws-machineset.yml.j2 b/ansible/roles/ocp4_machineset_config/templates/aws-machineset.yml.j2 index 572d570..ae93a89 100644 --- a/ansible/roles/ocp4_machineset_config/templates/aws-machineset.yml.j2 +++ b/ansible/roles/ocp4_machineset_config/templates/aws-machineset.yml.j2 @@ -23,7 +23,6 @@ machine.openshift.io/cluster-api-machineset: {{ machineset_name }} template: metadata: - creationTimestamp: null labels: {{ machineset_group_label }}: {{ machineset_group.name }} machine.openshift.io/cluster-api-cluster: {{ cluster_label }} @@ -34,7 +33,6 @@ machine.openshift.io/cluster-api-machineset: {{ machineset_name }} spec: metadata: - creationTimestamp: null labels: {{ machineset_group_node_labels | to_json }} providerSpec: value: @@ -68,5 +66,14 @@ tags: {{ aws_worker_tags | to_json }} userDataSecret: name: worker-user-data +{% if machineset_group.taint | d('') | length > 0 %} + taints: + - key: "{{ machineset_group.taint }}" + value: "reserved" + effect: "NoSchedule" + - key: "{{ machineset_group.taint }}" + value: "reserved" + effect: "NoExecute" +{% endif %} versions: kubelet: "" diff --git a/ansible/roles/ocp4_machineset_config/templates/osp-machineset.yml.j2 b/ansible/roles/ocp4_machineset_config/templates/osp-machineset.yml.j2 new file mode 100644 index 0000000..400cf22 --- /dev/null +++ b/ansible/roles/ocp4_machineset_config/templates/osp-machineset.yml.j2 @@ -0,0 +1,73 @@ +--- +apiVersion: machine.openshift.io/v1beta1 +kind: MachineSet +metadata: + name: {{ machineset_name }} + namespace: openshift-machine-api + labels: + {{ machineset_group_label }}: {{ machineset_group.name }} + machine.openshift.io/cluster-api-cluster: {{ cluster_label }} +spec: +{% if machineset_name not in ocp4_current_machineset_names + or not machineset_group.autoscale|default(False) +%} + replicas: {{ machineset_replicas }} +{% endif %} + selector: + matchLabels: + machine.openshift.io/cluster-api-cluster: {{ cluster_label }} +{% if 'role' in machineset_group %} + machine.openshift.io/cluster-api-machine-role: {{ machineset_group.role }} + machine.openshift.io/cluster-api-machine-type: {{ machineset_group.role }} +{% endif %} + machine.openshift.io/cluster-api-machineset: {{ machineset_name }} + template: + metadata: + labels: + {{ machineset_group_label }}: {{ machineset_group.name }} + machine.openshift.io/cluster-api-cluster: {{ cluster_label }} +{% if 'role' in machineset_group %} + machine.openshift.io/cluster-api-machine-role: {{ machineset_group.role }} + machine.openshift.io/cluster-api-machine-type: {{ machineset_group.role }} +{% endif %} + machine.openshift.io/cluster-api-machineset: {{ machineset_name }} + spec: + metadata: + labels: {{ machineset_group_node_labels | to_json }} + providerSpec: + value: + apiVersion: openstackproviderconfig.openshift.io/v1alpha1 + cloudName: openstack + cloudsSecret: + name: openstack-cloud-credentials + namespace: openshift-machine-api + flavor: {{ osp_instance_type }} + image: wk-r2kbd-rhcos + kind: OpenstackProviderSpec + metadata: + creationTimestamp: null + networks: + - filter: {} + subnets: + - filter: + name: wk-r2kbd-nodes + tags: openshiftClusterID=wk-r2kbd + securityGroups: {{ osp_worker_security_groups | to_json }} + serverMetadata: + Name: wk-r2kbd-worker + openshiftClusterID: wk-r2kbd + tags: {{ osp_worker_tags | to_json }} + trunk: true + userDataSecret: + name: worker-user-data +{% if machineset_group.taint | d('') | length > 0 %} + taints: + - key: "{{ machineset_group.taint }}" + value: "reserved" + effect: "NoSchedule" + - key: "{{ machineset_group.taint }}" + value: "reserved" + effect: "NoExecute" +{% endif %} + versions: + kubelet: "" diff --git a/ansible/roles/ocp4_machineset_config/vars/main.yml b/ansible/roles/ocp4_machineset_config/vars/main.yml index c1451d3..0bae770 100644 --- a/ansible/roles/ocp4_machineset_config/vars/main.yml +++ b/ansible/roles/ocp4_machineset_config/vars/main.yml @@ -2,9 +2,16 @@ config_domain: "{{ ocp4_machineset_config_annotation_domain }}" machineset_group_label: "{{ ocp4_machineset_config_group_label }}" machineset_groups: "{{ ocp4_machineset_config_groups }}" + +disable_base_worker_machinesets: >- + {{ ocp4_machineset_config_disable_base_worker_machinesets | bool }} + default_aws_instance_type: >- {{ ocp4_machineset_config_default_aws_instance_type }} default_aws_root_volume_size: >- {{ ocp4_machineset_config_default_aws_root_volume_size }} -disable_base_worker_machinesets: >- - {{ ocp4_machineset_config_disable_base_worker_machinesets | bool }} + +default_osp_instance_type: >- + {{ ocp4_machineset_config_default_osp_instance_type }} +default_osp_root_volume_size: >- + {{ ocp4_machineset_config_default_osp_root_volume_size }} -- Gitblit v1.9.3