Add an Openstack provider

playbooks/provisioning/openstack/README.md

@@ -0,0 +1,132 @@
+# OpenStack Provisioning
+
+This repository contains playbooks and Heat templates to provision
+OpenStack resources (servers, networking, volumes, security groups,
+etc.). The result is an environment ready for openshift-ansible.
+
+
+## Dependencies
+
+* [Ansible 2.3](https://pypi.python.org/pypi/ansible)
+* [shade](https://pypi.python.org/pypi/shade)
+* python-dns
+
+
+## What does it do
+
+* Create Nova servers with floating IP addresses attached
+* Assigns Cinder volumes to the servers
+* Set up an `openshift` user with sudo privileges
+* Optionally attach Red Hat subscriptions
+* Set up a bind-based DNS server
+* When deploying more than one master, set up a HAproxy server
+
+
+## Set up
+
+### Copy the sample inventory
+
+    cp -r openshift-ansible-contrib/playbooks/provisioning/openstack/sample-inventory inventory
+
+### Copy clouds.yaml
+
+    cp openshift-ansible-contrib/playbooks/provisioning/openstack/sample-inventory/clouds.yaml clouds.yaml
+
+### Copy ansible config
+
+    cp openshift-ansible-contrib/playbooks/provisioning/openstack/sample-inventory/ansible.cfg ansible.cfg
+
+### Update `inventory/group_vars/all.yml`
+
+Pay special attention to the values in the first paragraph -- these
+will depend on your OpenStack environment.
+
+The `env_id` and `openstack_dns_domain` will form the DNS domain all
+your servers will be under. With the default values, this will be
+`openshift.example.com`.
+
+`openstack_nameservers` is a list of DNS servers accessible from all
+the created Nova servers. These will be serve as your DNS forwarders.
+
+`openstack_ssh_key` is a Nova keypair -- you can see your keypairs with
+`openstack keypair list`.
+
+`openstack_default_image_name` is the name of the Glance image the
+servers will use. You can
+see your images with `openstack image list`.
+
+`openstack_default_flavor` is the Nova flavor the servers will use.
+You can see your flavors with `openstack flavor list`.
+
+`openstack_external_network_name` is the name of the Neutron network
+providing external connectivity. It is often called `public`,
+`external` or `ext-net`. You can see your networks with `openstack
+network list`.
+
+The `openstack_num_masters`, `openstack_num_infra` and
+`openstack_num_nodes` values specify the number of Master, Infra and
+App nodes to create.
+
+The `openstack_flat_secgrp`, controls Neutron security groups creation for Heat
+stacks. Set it to true, if you experience issues with sec group rules
+quotas. It trades security for number of rules, by sharing the same set
+of firewall rules for master, node, etcd and infra nodes.
+
+### Update the DNS names in `inventory/hosts`
+
+The different server groups are currently grouped by the domain name,
+so if you end up using a different domain than
+`openshift.example.com`, you will need to update the `inventory/hosts`
+file.
+
+For example, if your final domain is `my.cloud.com`, you can run this
+command to fix update the `hosts` file:
+
+    sed -i 's/openshift.example.com/my.cloud.com/' inventory/hosts
+
+### Configure the OpenShift parameters
+
+Finally, you need to update the DNS entry in
+`inventory/group_vars/OSEv3.yml` (look at
+`openshift_master_default_subdomain`).
+
+In addition, this is the place where you can customise your OpenShift
+installation for example by specifying the authentication.
+
+The full list of options is available in this sample inventory:
+
+https://github.com/openshift/openshift-ansible/blob/master/inventory/byo/hosts.ose.example
+
+Note, that in order to deploy OpenShift origin, you should update the following
+variables for the `inventory/group_vars/OSEv3.yml`, `all.yml`:
+
+    deployment_type: origin
+    origin_release: 1.5.1
+    openshift_deployment_type: "{{ deployment_type }}"
+
+## Deployment
+
+### Run the playbook
+
+Assuming your OpenStack (Keystone) credentials are in the `keystonerc`
+file, this is how you stat the provisioning process:
+
+    . keystonerc
+    ansible-playbook -i inventory --timeout 30  --private-key ~/.ssh/openshift openshift-ansible-contrib/playbooks/provisioning/openstack/provision.yaml
+
+### Install OpenShift
+
+Once it succeeds, you can install openshift by running:
+
+    ansible-playbook --become --user openshift --private-key ~/.ssh/openshift -i inventory/ openshift-ansible/playbooks/byo/openshift-node/network_manager.yml
+    ansible-playbook --become --user openshift --private-key ~/.ssh/openshift -i inventory/ openshift-ansible/playbooks/byo/config.yml
+
+Note, the `network_manager.yml` is only required if you're deploying OpenShift
+origin.
+
+## License
+
+As the rest of the openshift-ansible-contrib repository, the code here is
+licensed under Apache 2. However, the openstack.py file under
+`sample-inventory` is GPLv3+. See the INVENTORY-LICENSE.txt file for the full
+text of the license.

playbooks/provisioning/openstack/openstack_dns_records.yml

@@ -0,0 +1,75 @@
+---
+- name: "Generate list of private A records"
+  set_fact:
+    private_records: "{{ private_records | default([]) + [ { 'type': 'A', 'hostname': hostvars[item]['ansible_hostname'], 'ip': hostvars[item]['openstack']['private_v4'] } ] }}"
+  with_items: "{{ groups['cluster_hosts'] }}"
+
+- name: "Set the private DNS server to use the external value (if provided)"
+  set_fact:
+    nsupdate_server_private: "{{ external_nsupdate_keys['private']['server'] }}"
+    nsupdate_key_secret_private: "{{ external_nsupdate_keys['private']['key_secret'] }}"
+    nsupdate_key_algorithm_private: "{{ external_nsupdate_keys['private']['key_algorithm'] }}"
+  when:
+  - external_nsupdate_keys is defined
+  - external_nsupdate_keys['private'] is defined
+
+- name: "Set the private DNS server to use the provisioned value"
+  set_fact:
+    nsupdate_server_private: "{{ hostvars[groups['dns'][0]].openstack.public_v4 }}"
+    nsupdate_key_secret_private: "{{ hostvars[groups['dns'][0]].nsupdate_keys['private-' + full_dns_domain].key_secret }}"
+    nsupdate_key_algorithm_private: "{{ hostvars[groups['dns'][0]].nsupdate_keys['private-' + full_dns_domain].key_algorithm }}"
+  when:
+  - nsupdate_server_private is undefined
+
+- name: "Generate the private Add section for DNS"
+  set_fact:
+    private_named_records:
+    - view: "private"
+      zone: "{{ full_dns_domain }}"
+      server: "{{ nsupdate_server_private }}"
+      key_name: "{{ ( 'private-' + full_dns_domain ) }}"
+      key_secret: "{{ nsupdate_key_secret_private }}"
+      key_algorithm: "{{ nsupdate_key_algorithm_private | lower }}"
+      entries: "{{ private_records }}"
+
+- name: "Generate list of public A records"
+  set_fact:
+    public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': hostvars[item]['ansible_hostname'], 'ip': hostvars[item]['openstack']['public_v4'] } ] }}"
+  with_items: "{{ groups['cluster_hosts'] }}"
+
+- name: "Add wildcard records to the public A records"
+  set_fact:
+    public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': '*.' + openshift_app_domain, 'ip': hostvars[item]['openstack']['public_v4'] } ] }}"
+  with_items: "{{ groups['infra_hosts'] }}"
+
+- name: "Set the public DNS server details to use the external value (if provided)"
+  set_fact:
+    nsupdate_server_public: "{{ external_nsupdate_keys['public']['server'] }}"
+    nsupdate_key_secret_public: "{{ external_nsupdate_keys['public']['key_secret'] }}"
+    nsupdate_key_algorithm_public: "{{ external_nsupdate_keys['public']['key_algorithm'] }}"
+  when:
+  - external_nsupdate_keys is defined
+  - external_nsupdate_keys['public'] is defined
+
+- name: "Set the public DNS server details to use the provisioned value"
+  set_fact:
+    nsupdate_server_public: "{{ hostvars[groups['dns'][0]].openstack.public_v4 }}"
+    nsupdate_key_secret_public: "{{ hostvars[groups['dns'][0]].nsupdate_keys['public-' + full_dns_domain].key_secret }}"
+    nsupdate_key_algorithm_public: "{{ hostvars[groups['dns'][0]].nsupdate_keys['public-' + full_dns_domain].key_algorithm }}"
+  when:
+  - nsupdate_server_public is undefined
+
+- name: "Generate the public Add section for DNS"
+  set_fact:
+    public_named_records:
+    - view: "public"
+      zone: "{{ full_dns_domain }}"
+      server: "{{ nsupdate_server_public }}"
+      key_name: "{{ ( 'public-' + full_dns_domain ) }}"
+      key_secret: "{{ nsupdate_key_secret_public }}"
+      key_algorithm: "{{ nsupdate_key_algorithm_public | lower }}"
+      entries: "{{ public_records }}"
+
+- name: "Generate the final dns_records_add"
+  set_fact:
+    dns_records_add: "{{ private_named_records + public_named_records }}"

playbooks/provisioning/openstack/openstack_dns_views.yml

@@ -0,0 +1,25 @@
+---
+- name: "Generate ACL list for DNS server"
+  set_fact:
+    acl_list: "{{ acl_list | default([]) + [ (hostvars[item]['openstack']['private_v4'] + '/32') ] }}"
+  with_items: "{{ groups['cluster_hosts'] }}"
+
+- name: "Generate the private view"
+  set_fact:
+    private_named_view:
+    - name: "private"
+      acl_entry: "{{ acl_list }}"
+      zone:
+      - dns_domain: "{{ full_dns_domain }}"
+
+- name: "Generate the public view"
+  set_fact:
+    public_named_view:
+    - name: "public"
+      zone:
+      - dns_domain: "{{ full_dns_domain }}"
+      forwarder: "{{ public_dns_nameservers }}"
+
+- name: "Generate the final named_config_views"
+  set_fact:
+    named_config_views: "{{ private_named_view + public_named_view }}"

playbooks/provisioning/openstack/post-provision-openstack.yml

@@ -0,0 +1,58 @@
+---
+# Assign hostnames
+- hosts: cluster_hosts
+  become: true
+  pre_tasks:
+  - include: pre_tasks.yml
+  roles:
+  - role: hostnames
+
+# Subscribe DNS Host to allow for configuration below
+- hosts: dns
+  become: true
+  roles:
+  - role: subscription-manager
+    when: hostvars.localhost.rhsm_register
+    tags: 'subscription-manager'
+
+# Determine which DNS server(s) to use for our generated records
+- hosts: localhost
+  roles:
+  - dns-server-detect
+
+# Build the DNS Server Views and Configure DNS Server(s)
+- hosts: dns
+  become: true
+  pre_tasks:
+  - include: pre_tasks.yml
+  - name: "Generate dns-server views"
+    include: openstack_dns_views.yml
+  roles:
+  - role: dns-server
+
+# Build and process DNS Records
+- hosts: localhost
+  pre_tasks:
+  - include: pre_tasks.yml
+  - name: "Generate dns records"
+    include: openstack_dns_records.yml
+  roles:
+  - role: dns
+
+# OpenShift Pre-Requisites
+- hosts: OSEv3
+  become: true
+  tasks:
+  - name: "Edit /etc/resolv.conf on masters/nodes"
+    lineinfile:
+      state: present
+      dest: /etc/resolv.conf
+      regexp: "nameserver {{ hostvars['localhost'].private_dns_server }}"
+      line: "nameserver {{ hostvars['localhost'].private_dns_server }}"
+      insertafter: search*
+  - name: "Include DNS configuration to ensure proper name resolution"
+    lineinfile:
+      state: present
+      dest: /etc/sysconfig/network
+      regexp: "IP4_NAMESERVERS={{ hostvars['localhost'].private_dns_server }}"
+      line: "IP4_NAMESERVERS={{ hostvars['localhost'].private_dns_server }}"

playbooks/provisioning/openstack/pre-install.yml

@@ -0,0 +1,14 @@
+---
+###############################
+# OpenShift Pre-Requisites
+
+# - subscribe hosts
+# - prepare docker
+# - other prep (install additional packages, etc.)
+#
+- hosts: OSEv3
+  become: true
+  roles:
+    - { role: subscription-manager, when: hostvars.localhost.rhsm_register, tags: 'subscription-manager', ansible_sudo: true }
+    - { role: docker, tags: 'docker' }
+    - { role: openshift-prep, tags: 'openshift-prep' }

playbooks/provisioning/openstack/pre_tasks.yml

@@ -0,0 +1,39 @@
+---
+- name: Generate Environment ID
+  set_fact:
+    env_random_id: "{{ ansible_date_time.epoch }}"
+  run_once: true
+  delegate_to: localhost
+
+- name: Set default Environment ID
+  set_fact:
+    default_env_id: "casl-{{ lookup('env','OS_USERNAME') }}-{{ env_random_id }}"
+  delegate_to: localhost
+
+- name: Setting Common Facts
+  set_fact:
+    env_id: "{{ env_id | default(default_env_id) }}"
+  delegate_to: localhost
+
+- name: Set Dynamic Inventory Filters
+  become: false
+  shell: >
+    export OS_INV_FILTER_KEY=clusterid && export OS_INV_FILTER_VALUE={{ env_id }}
+  delegate_to: localhost
+
+- name: Updating DNS domain to include env_id (if not empty)
+  set_fact:
+    full_dns_domain: "{{ (env_id|trim == '') | ternary(public_dns_domain, env_id + '.' + public_dns_domain) }}"
+  delegate_to: localhost
+
+- name: Set the APP domain for OpenShift use
+  set_fact:
+    openshift_app_domain: "{{ openshift_app_domain | default('apps') }}"
+  delegate_to: localhost
+
+- name: Set the default app domain for routing purposes
+  set_fact:
+    openshift_master_default_subdomain: "{{ openshift_app_domain }}.{{ full_dns_domain }}"
+  delegate_to: localhost
+  when:
+  - openshift_master_default_subdomain is undefined

playbooks/provisioning/openstack/provision-openstack.yml

@@ -0,0 +1,49 @@
+---
+- hosts: localhost
+  gather_facts: True
+  pre_tasks:
+  - include: pre_tasks.yml
+  roles:
+  - role: openstack-stack
+    stack_name: "{{ env_id }}.{{ public_dns_domain }}"
+    dns_domain: "{{ public_dns_domain }}"
+    dns_nameservers: "{{ public_dns_nameservers }}"
+    subnet_prefix: "{{ openstack_subnet_prefix }}"
+    ssh_public_key: "{{ openstack_ssh_public_key }}"
+    openstack_image: "{{ openstack_default_image_name }}"
+    lb_flavor: "{{ openstack_default_flavor | default('m1.small') }}"
+    etcd_flavor: "{{ openstack_default_flavor | default('m1.small') }}"
+    master_flavor: "{{ openstack_default_flavor | default('m1.medium') }}"
+    node_flavor: "{{ openstack_default_flavor | default('m1.medium') }}"
+    infra_flavor: "{{ openstack_default_flavor | default('m1.medium') }}"
+    dns_flavor: "{{ openstack_default_flavor | default('m1.small') }}"
+    external_network: "{{ openstack_external_network_name }}"
+    num_etcd: "{{ openstack_num_etcd | default(0) }}"
+    num_masters: "{{ openstack_num_masters }}"
+    num_nodes: "{{ openstack_num_nodes }}"
+    num_infra: "{{ openstack_num_infra }}"
+    num_dns: "{{ openstack_num_dns | default(1) }}"
+    master_volume_size: "{{ docker_volume_size }}"
+    app_volume_size: "{{ docker_volume_size }}"
+    infra_volume_size: "{{ docker_volume_size }}"
+
+
+- name: Refresh Server inventory
+  hosts: localhost
+  connection: local
+  gather_facts: False
+  tasks:
+  - meta: refresh_inventory
+
+- hosts: cluster_hosts
+  gather_facts: false
+  tasks:
+  - name: Debug hostvar
+    debug:
+      msg: "{{ hostvars[inventory_hostname] }}"
+      verbosity: 2
+  - name: waiting for server to come back
+    local_action: wait_for host={{ hostvars[inventory_hostname]['ansible_ssh_host'] }} port=22 delay=30 timeout=300
+    become: false
+
+- include: post-provision-openstack.yml