mirror of
https://pagure.io/fedora-infra/ansible.git
synced 2026-05-03 00:34:04 +08:00
234 lines
9.1 KiB
YAML
234 lines
9.1 KiB
YAML
---
|
|
- name: Set master facts and determine if external etcd certs need to be generated
|
|
hosts: oo_masters_to_config
|
|
pre_tasks:
|
|
- set_fact:
|
|
openshift_master_etcd_port: "{{ (etcd_client_port | default('2379')) if (groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config) else none }}"
|
|
openshift_master_etcd_hosts: "{{ hostvars
|
|
| oo_select_keys(groups['oo_etcd_to_config']
|
|
| default([]))
|
|
| oo_collect('openshift.common.hostname')
|
|
| default(none, true) }}"
|
|
roles:
|
|
- openshift_facts
|
|
post_tasks:
|
|
- openshift_facts:
|
|
role: "{{ item.role }}"
|
|
local_facts: "{{ item.local_facts }}"
|
|
with_items:
|
|
- role: common
|
|
local_facts:
|
|
hostname: "{{ openshift_hostname | default(None) }}"
|
|
public_hostname: "{{ openshift_public_hostname | default(None) }}"
|
|
deployment_type: "{{ openshift_deployment_type }}"
|
|
- role: master
|
|
local_facts:
|
|
api_port: "{{ openshift_master_api_port | default(None) }}"
|
|
api_url: "{{ openshift_master_api_url | default(None) }}"
|
|
api_use_ssl: "{{ openshift_master_api_use_ssl | default(None) }}"
|
|
public_api_url: "{{ openshift_master_public_api_url | default(None) }}"
|
|
cluster_hostname: "{{ openshift_master_cluster_hostname | default(None) }}"
|
|
cluster_public_hostname: "{{ openshift_master_cluster_public_hostname | default(None) }}"
|
|
cluster_defer_ha: "{{ openshift_master_cluster_defer_ha | default(None) }}"
|
|
console_path: "{{ openshift_master_console_path | default(None) }}"
|
|
console_port: "{{ openshift_master_console_port | default(None) }}"
|
|
console_url: "{{ openshift_master_console_url | default(None) }}"
|
|
console_use_ssl: "{{ openshift_master_console_use_ssl | default(None) }}"
|
|
public_console_url: "{{ openshift_master_public_console_url | default(None) }}"
|
|
- name: Check status of external etcd certificatees
|
|
stat:
|
|
path: "/etc/openshift/master/{{ item }}"
|
|
with_items:
|
|
- master.etcd-client.crt
|
|
- master.etcd-ca.crt
|
|
register: g_external_etcd_cert_stat_result
|
|
- set_fact:
|
|
etcd_client_certs_missing: "{{ g_external_etcd_cert_stat_result.results
|
|
| map(attribute='stat.exists')
|
|
| list | intersect([false])}}"
|
|
etcd_cert_subdir: openshift-master-{{ openshift.common.hostname }}
|
|
etcd_cert_config_dir: /etc/openshift/master
|
|
etcd_cert_prefix: master.etcd-
|
|
when: groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config
|
|
|
|
- name: Create temp directory for syncing certs
|
|
hosts: localhost
|
|
connection: local
|
|
sudo: false
|
|
gather_facts: no
|
|
tasks:
|
|
- name: Create local temp directory for syncing certs
|
|
local_action: command mktemp -d /tmp/openshift-ansible-XXXXXXX
|
|
register: g_master_mktemp
|
|
changed_when: False
|
|
|
|
- name: Configure etcd certificates
|
|
hosts: oo_first_etcd
|
|
vars:
|
|
etcd_generated_certs_dir: /etc/etcd/generated_certs
|
|
etcd_needing_client_certs: "{{ hostvars
|
|
| oo_select_keys(groups['oo_masters_to_config'])
|
|
| oo_filter_list(filter_attr='etcd_client_certs_missing') }}"
|
|
sync_tmpdir: "{{ hostvars.localhost.g_master_mktemp.stdout }}"
|
|
roles:
|
|
- etcd_certificates
|
|
post_tasks:
|
|
- name: Create a tarball of the etcd certs
|
|
command: >
|
|
tar -czvf {{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz
|
|
-C {{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }} .
|
|
args:
|
|
creates: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz"
|
|
with_items: etcd_needing_client_certs
|
|
- name: Retrieve the etcd cert tarballs
|
|
fetch:
|
|
src: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz"
|
|
dest: "{{ sync_tmpdir }}/"
|
|
flat: yes
|
|
fail_on_missing: yes
|
|
validate_checksum: yes
|
|
with_items: etcd_needing_client_certs
|
|
|
|
- name: Copy the external etcd certs to the masters
|
|
hosts: oo_masters_to_config
|
|
vars:
|
|
sync_tmpdir: "{{ hostvars.localhost.g_master_mktemp.stdout }}"
|
|
tasks:
|
|
- name: Ensure certificate directory exists
|
|
file:
|
|
path: /etc/openshift/master
|
|
state: directory
|
|
when: etcd_client_certs_missing is defined and etcd_client_certs_missing
|
|
- name: Unarchive the tarball on the master
|
|
unarchive:
|
|
src: "{{ sync_tmpdir }}/{{ etcd_cert_subdir }}.tgz"
|
|
dest: "{{ etcd_cert_config_dir }}"
|
|
when: etcd_client_certs_missing is defined and etcd_client_certs_missing
|
|
- file:
|
|
path: "{{ etcd_cert_config_dir }}/{{ item }}"
|
|
owner: root
|
|
group: root
|
|
mode: 0600
|
|
with_items:
|
|
- master.etcd-client.crt
|
|
- master.etcd-client.key
|
|
- master.etcd-ca.crt
|
|
when: etcd_client_certs_missing is defined and etcd_client_certs_missing
|
|
|
|
- name: Determine if master certificates need to be generated
|
|
hosts: oo_masters_to_config
|
|
tasks:
|
|
- set_fact:
|
|
openshift_master_certs_no_etcd:
|
|
- admin.crt
|
|
- master.kubelet-client.crt
|
|
- master.server.crt
|
|
- openshift-master.crt
|
|
- openshift-registry.crt
|
|
- openshift-router.crt
|
|
- etcd.server.crt
|
|
openshift_master_certs_etcd:
|
|
- master.etcd-client.crt
|
|
- set_fact:
|
|
openshift_master_certs: "{{ (openshift_master_certs_no_etcd | union(openshift_master_certs_etcd)) if (groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config) else openshift_master_certs_no_etcd }}"
|
|
|
|
- name: Check status of master certificates
|
|
stat:
|
|
path: "/etc/openshift/master/{{ item }}"
|
|
with_items: openshift_master_certs
|
|
register: g_master_cert_stat_result
|
|
- set_fact:
|
|
master_certs_missing: "{{ g_master_cert_stat_result.results
|
|
| map(attribute='stat.exists')
|
|
| list | intersect([false])}}"
|
|
master_cert_subdir: master-{{ openshift.common.hostname }}
|
|
master_cert_config_dir: /etc/openshift/master
|
|
|
|
- name: Configure master certificates
|
|
hosts: oo_first_master
|
|
vars:
|
|
master_generated_certs_dir: /etc/openshift/generated-configs
|
|
masters_needing_certs: "{{ hostvars
|
|
| oo_select_keys(groups['oo_masters_to_config'] | difference(groups['oo_first_master']))
|
|
| oo_filter_list(filter_attr='master_certs_missing') }}"
|
|
sync_tmpdir: "{{ hostvars.localhost.g_master_mktemp.stdout }}"
|
|
roles:
|
|
- openshift_master_certificates
|
|
post_tasks:
|
|
- name: Remove generated etcd client certs when using external etcd
|
|
file:
|
|
path: "{{ master_generated_certs_dir }}/{{ item.0.master_cert_subdir }}/{{ item.1 }}"
|
|
state: absent
|
|
when: groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config
|
|
with_nested:
|
|
- masters_needing_certs
|
|
- - master.etcd-client.crt
|
|
- master.etcd-client.key
|
|
|
|
- name: Create a tarball of the master certs
|
|
command: >
|
|
tar -czvf {{ master_generated_certs_dir }}/{{ item.master_cert_subdir }}.tgz
|
|
-C {{ master_generated_certs_dir }}/{{ item.master_cert_subdir }} .
|
|
args:
|
|
creates: "{{ master_generated_certs_dir }}/{{ item.master_cert_subdir }}.tgz"
|
|
with_items: masters_needing_certs
|
|
- name: Retrieve the master cert tarball from the master
|
|
fetch:
|
|
src: "{{ master_generated_certs_dir }}/{{ item.master_cert_subdir }}.tgz"
|
|
dest: "{{ sync_tmpdir }}/"
|
|
flat: yes
|
|
fail_on_missing: yes
|
|
validate_checksum: yes
|
|
with_items: masters_needing_certs
|
|
|
|
- name: Configure master instances
|
|
hosts: oo_masters_to_config
|
|
vars:
|
|
sync_tmpdir: "{{ hostvars.localhost.g_master_mktemp.stdout }}"
|
|
openshift_master_ha: "{{ groups.oo_masters_to_config | length > 1 }}"
|
|
pre_tasks:
|
|
- name: Ensure certificate directory exists
|
|
file:
|
|
path: /etc/openshift/master
|
|
state: directory
|
|
when: master_certs_missing and 'oo_first_master' not in group_names
|
|
- name: Unarchive the tarball on the master
|
|
unarchive:
|
|
src: "{{ sync_tmpdir }}/{{ master_cert_subdir }}.tgz"
|
|
dest: "{{ master_cert_config_dir }}"
|
|
when: master_certs_missing and 'oo_first_master' not in group_names
|
|
roles:
|
|
- openshift_master
|
|
- role: fluentd_master
|
|
when: openshift.common.use_fluentd | bool
|
|
post_tasks:
|
|
- name: Create group for deployment type
|
|
group_by: key=oo_masters_deployment_type_{{ openshift.common.deployment_type }}
|
|
changed_when: False
|
|
|
|
- name: Additional master configuration
|
|
hosts: oo_first_master
|
|
vars:
|
|
openshift_master_ha: "{{ groups.oo_masters_to_config | length > 1 }}"
|
|
omc_cluster_hosts: "{{ groups.oo_masters_to_config | join(' ')}}"
|
|
roles:
|
|
- role: openshift_master_cluster
|
|
when: openshift_master_ha | bool
|
|
- openshift_examples
|
|
|
|
# Additional instance config for online deployments
|
|
- name: Additional instance config
|
|
hosts: oo_masters_deployment_type_online
|
|
roles:
|
|
- pods
|
|
- os_env_extras
|
|
|
|
- name: Delete temporary directory on localhost
|
|
hosts: localhost
|
|
connection: local
|
|
sudo: false
|
|
gather_facts: no
|
|
tasks:
|
|
- file: name={{ g_master_mktemp.stdout }} state=absent
|
|
changed_when: False
|