From 365470f49c85577dc29049c03a1e814b01fb06ad Mon Sep 17 00:00:00 2001 From: Diego Abelenda Date: Fri, 24 Nov 2017 08:26:40 +0100 Subject: [PATCH] Add possibility to enable Persistent Local Storage using Ansible --- inventory/byo/hosts.example | 5 + .../private/create_persistent_volumes.yml | 23 ++++ roles/openshift_master/README.md | 1 + roles/openshift_master/defaults/main.yml | 2 + .../templates/master.yaml.v1.j2 | 8 ++ roles/openshift_node/README.md | 9 +- roles/openshift_node/defaults/main.yml | 3 + .../templates/node-config.yaml.j2 | 4 + roles/openshift_persistent_volumes/README.md | 1 + .../README.md | 44 ++++++ .../defaults/main.yml | 3 + .../meta/main.yml | 13 ++ .../tasks/main.yml | 128 ++++++++++++++++++ .../local-persistent-volume-config.j2 | 10 ++ 14 files changed, 250 insertions(+), 4 deletions(-) create mode 100644 roles/openshift_persistentlocalstorage/README.md create mode 100644 roles/openshift_persistentlocalstorage/defaults/main.yml create mode 100644 roles/openshift_persistentlocalstorage/meta/main.yml create mode 100644 roles/openshift_persistentlocalstorage/tasks/main.yml create mode 100644 roles/openshift_persistentlocalstorage/templates/local-persistent-volume-config.j2 diff --git a/inventory/byo/hosts.example b/inventory/byo/hosts.example index 3a9944ba488..24d5c698b22 100644 --- a/inventory/byo/hosts.example +++ b/inventory/byo/hosts.example @@ -577,6 +577,11 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # openshift_storageclass_name=gp2 # openshift_storageclass_parameters={'type': 'gp2', 'encrypted': 'false'} # +# PersistentLocalStorage +# If Persistent Local Storage is wanted, this boolean can be defined to True. +# This will create all necessary configuration to use persistent storage on nodes. +#openshift_persistentlocalstorage_enabled=False +#openshift_persistentlocalstorage_classes=[] # Logging deployment # diff --git a/playbooks/openshift-hosted/private/create_persistent_volumes.yml b/playbooks/openshift-hosted/private/create_persistent_volumes.yml index 8a60a30b8d0..510232fb62b 100644 --- a/playbooks/openshift-hosted/private/create_persistent_volumes.yml +++ b/playbooks/openshift-hosted/private/create_persistent_volumes.yml @@ -7,3 +7,26 @@ roles: - role: openshift_persistent_volumes when: persistent_volumes | length > 0 or persistent_volume_claims | length > 0 + +- name: Create Hosted Resources - Persistent Local Storage Provider + hosts: oo_first_master + vars: + persistentlocalstorage_project: "{{ openshift_persistentlocalstorage_project | default('local-storage') }}" + persistentlocalstorage_classes: "{{ openshift_persistentlocalstorage_classes | default([]) }}" + roles: + - role: openshift_persistentlocalstorage + when: openshift_persistentlocalstorage_enabled | bool + +- name: Create Hosted Resources - Persistent Local Storage Classes + hosts: nodes + tasks: + - name: Create Persistent Local Storage Classes Directories + file: + path: "/mnt/local-storage/{{ item }}" + owner: root + group: root + mode: 770 + state: directory + setype: svirt_sandbox_file_t + with_items: "{{ openshift_persistentlocalstorage_classes }}" + when: openshift_persistentlocalstorage_classes | default([]) | length > 0 and openshift_persistentlocalstorage_enabled | bool diff --git a/roles/openshift_master/README.md b/roles/openshift_master/README.md index 2dcc56e3fe9..f216b202bb3 100644 --- a/roles/openshift_master/README.md +++ b/roles/openshift_master/README.md @@ -24,6 +24,7 @@ From this role: | openshift_master_console_port | UNDEF | | | openshift_master_api_url | UNDEF | | | openshift_master_console_url | UNDEF | | +| openshift_persistentlocalstorage_enabled | false | Enable the persistent local storage | | openshift_master_public_api_url | UNDEF | | | openshift_master_public_console_url | UNDEF | | | openshift_master_saconfig_limit_secret_references | false | | diff --git a/roles/openshift_master/defaults/main.yml b/roles/openshift_master/defaults/main.yml index 8e4a46ebbcb..8b8f4ebba46 100644 --- a/roles/openshift_master/defaults/main.yml +++ b/roles/openshift_master/defaults/main.yml @@ -73,6 +73,8 @@ r_openshift_master_data_dir: "{{ r_openshift_master_data_dir_default }}" r_openshift_master_sdn_network_plugin_name_default: "{{ os_sdn_network_plugin_name | default('redhat/openshift-ovs-subnet') }}" r_openshift_master_sdn_network_plugin_name: "{{ r_openshift_master_sdn_network_plugin_name_default }}" +openshift_master_use_persistentlocalvolumes: "{{ openshift_persistentlocalstorage_enabled | default(False) }}" + openshift_master_image_config_latest_default: "{{ openshift_image_config_latest | default(False) }}" openshift_master_image_config_latest: "{{ openshift_master_image_config_latest_default }}" diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2 index a0f00e5458e..ac6ff038ea7 100644 --- a/roles/openshift_master/templates/master.yaml.v1.j2 +++ b/roles/openshift_master/templates/master.yaml.v1.j2 @@ -118,8 +118,16 @@ kubernetesMasterConfig: - etcd3 storage-media-type: - application/vnd.kubernetes.protobuf +{% endif %} +{% if openshift_master_use_persistentlocalvolumes | bool %} + feature-gates: + - PersistentLocalVolumes=true {% endif %} controllerArguments: {{ openshift.master.controller_args | default(None) | to_padded_yaml( level=2 ) }} +{% if openshift_master_use_persistentlocalvolumes | bool %} + feature-gates: + - PersistentLocalVolumes=true +{% endif %} masterCount: {{ openshift.master.master_count if openshift.master.cluster_method | default(None) == 'native' else 1 }} masterIP: {{ openshift.common.ip }} podEvictionTimeout: {{ openshift.master.pod_eviction_timeout | default("") }} diff --git a/roles/openshift_node/README.md b/roles/openshift_node/README.md index 67f6979243e..f6f2996b0ed 100644 --- a/roles/openshift_node/README.md +++ b/roles/openshift_node/README.md @@ -15,10 +15,11 @@ Role Variables -------------- From this role: -| Name | Default value | | -|----------------------------|-----------------------|----------------------------------------------------------| -| oreg_url | UNDEF (Optional) | Default docker registry to use | -| oreg_url_node | UNDEF (Optional) | Default docker registry to use, specifically on the node | +| Name | Default value | | +|------------------------------------------|-----------------------|----------------------------------------------------------| +| oreg_url | UNDEF (Optional) | Default docker registry to use | +| oreg_url_node | UNDEF (Optional) | Default docker registry to use, specifically on the node | +| openshift_persistentlocalstorage_enabled | false | Enable the persistent local storage | Dependencies ------------ diff --git a/roles/openshift_node/defaults/main.yml b/roles/openshift_node/defaults/main.yml index 5a0c09f5c5f..d4a86d51ebe 100644 --- a/roles/openshift_node/defaults/main.yml +++ b/roles/openshift_node/defaults/main.yml @@ -133,4 +133,7 @@ openshift_node_config_dir: "{{ openshift_node_config_dir_default }}" openshift_node_image_config_latest_default: "{{ openshift_image_config_latest | default(False) }}" openshift_node_image_config_latest: "{{ openshift_node_image_config_latest_default }}" + openshift_node_use_instance_profiles: False + +openshift_node_use_persistentlocalvolumes: "{{ openshift_persistentlocalstorage_enabled | default(False) }}" diff --git a/roles/openshift_node_group/templates/node-config.yaml.j2 b/roles/openshift_node_group/templates/node-config.yaml.j2 index 3fd16247c83..219de995eb5 100644 --- a/roles/openshift_node_group/templates/node-config.yaml.j2 +++ b/roles/openshift_node_group/templates/node-config.yaml.j2 @@ -26,6 +26,10 @@ kubeletArguments: cloud-provider: - {{ openshift_node_group_cloud_provider }} node-labels: {{ openshift_node_group_labels | to_json }} +{% if openshift_node_use_persistentlocalvolumes | bool %} + feature-gates: + - PersistentLocalVolumes=true +{% endif %} masterClientConnectionOverrides: acceptContentTypes: application/vnd.kubernetes.protobuf,application/json burst: 40 diff --git a/roles/openshift_persistent_volumes/README.md b/roles/openshift_persistent_volumes/README.md index 0407d6ef1e2..027432a76c6 100644 --- a/roles/openshift_persistent_volumes/README.md +++ b/roles/openshift_persistent_volumes/README.md @@ -42,6 +42,7 @@ Example Playbook capacity: "5Gi" access_modes: - "ReadWriteMany" + openshift_persistentlocalstorage_enabled: True roles: - role: openshift_persistent_volumes ``` diff --git a/roles/openshift_persistentlocalstorage/README.md b/roles/openshift_persistentlocalstorage/README.md new file mode 100644 index 00000000000..3c9cd53f369 --- /dev/null +++ b/roles/openshift_persistentlocalstorage/README.md @@ -0,0 +1,44 @@ +OpenShift Persistent Local Volumes +================================== + +OpenShift Persistent Local Volumes + +Requirements +------------ + +Role Variables +-------------- + +| Name | Default value | | +|--------------------------------|---------------|---------------------------------------------------------------------------| +| persistentlocalstorage_project | local-storage | The namespace where the Persistent Local Volume Provider will be deployed | +| persistentlocalstorage_classes | [] | Storage classes that will be created | + +Dependencies +------------ + + +Example Playbook +---------------- + +``` +- name: Create persistent Local Storage Provider + hosts: oo_first_master + vars: + persistentlocalstorage_project: local-storage + persistentlocalstorage_classes: + - ssd + - hdd + roles: + - role: openshift_persistentlocalstorage +``` + +License +------- + +Apache License, Version 2.0 + +Author Information +------------------ + +Diego Abelenda (diego.abelenda@camptocamp.com) diff --git a/roles/openshift_persistentlocalstorage/defaults/main.yml b/roles/openshift_persistentlocalstorage/defaults/main.yml new file mode 100644 index 00000000000..ecb29aeca42 --- /dev/null +++ b/roles/openshift_persistentlocalstorage/defaults/main.yml @@ -0,0 +1,3 @@ +--- +persistentlocalstorage_project: local-storage +persistentlocalstorage_classes: [] diff --git a/roles/openshift_persistentlocalstorage/meta/main.yml b/roles/openshift_persistentlocalstorage/meta/main.yml new file mode 100644 index 00000000000..6b3b6e8d9bb --- /dev/null +++ b/roles/openshift_persistentlocalstorage/meta/main.yml @@ -0,0 +1,13 @@ +--- +galaxy_info: + author: Diego Abelenda + description: OpenShift Persistent Local Volumes + company: Camptocamp + license: Apache License, Version 2.0 + min_ansible_version: 1.9 + platforms: + - name: EL + versions: + - 7 +dependencies: +- role: lib_openshift diff --git a/roles/openshift_persistentlocalstorage/tasks/main.yml b/roles/openshift_persistentlocalstorage/tasks/main.yml new file mode 100644 index 00000000000..f19d9d388ca --- /dev/null +++ b/roles/openshift_persistentlocalstorage/tasks/main.yml @@ -0,0 +1,128 @@ +--- +- name: Create Namespace for Persistent Local Storage + oc_project: + name: "{{ persistentlocalstorage_project }}" + +- name: Create temp directory for template + command: mktemp -d /tmp/openshift-ansible-XXXXXXX + register: g_persistentstorage_mktemp + changed_when: false + +- template: + src: local-persistent-volume-config.j2 + dest: "{{g_persistentstorage_mktemp.stdout}}/local-persistent-volume-config" + changed_when: no + +- slurp: + src: "{{g_persistentstorage_mktemp.stdout}}/local-persistent-volume-config" + register: local_persistent_volume_config + +- name: Create ConfigMap for Persistent Local Storage Provisioner + oc_obj: + name: "local-volume-provisioner-config" + namespace: "{{ persistentlocalstorage_project }}" + kind: ConfigMap + content: + path: /tmp/cmplspout + data: "{{ local_persistent_volume_config.content | b64decode | from_yaml }}" + +- name: Create ServiceAccount for Persistent Local Storage Provisioner + oc_serviceaccount: + name: "local-volume-provisioner" + namespace: "{{ persistentlocalstorage_project }}" + +- name: Add SecurityContextContraint for Local Storage Provisioner + oc_adm_policy_user: + user: "system:serviceaccount:{{ persistentlocalstorage_project }}:local-volume-provisioner" + namespace: "{{ persistentlocalstorage_project }}" + resource_kind: scc + resource_name: hostmount-anyuid + state: present + +- name: Give rights to local-volume-provisioner to manage volumes + oc_obj: + state: present + kind: ClusterRoleBinding + name: local-storage:provisioner-pv-binding + content: + path: /tmp/crblvpout + data: + apiVersion: v1 + kind: ClusterRoleBinding + metadata: + name: local-storage:provisioner-pv-binding + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:persistent-volume-provisioner + subjects: + - kind: ServiceAccount + name: local-volume-provisioner + namespace: "{{ persistentlocalstorage_project }}" + +- name: Give rights to local-volume-provisioner to list nodes + oc_obj: + state: present + kind: ClusterRoleBinding + name: local-storage:provisioner-node-binding + content: + path: /tmp/ls-provnode + data: + apiVersion: v1 + kind: ClusterRoleBinding + metadata: + name: local-storage:provisioner-node-binding + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:node + subjects: + - kind: ServiceAccount + name: local-volume-provisioner + namespace: "{{ persistentlocalstorage_project }}" + +- name: Create Application Persistent Local Storage Provisioner + oc_obj: + kind: DaemonSet + namespace: "{{ persistentlocalstorage_project }}" + state: present + name: local-volume-provisioner + content: + path: /tmp/plsprovout + data: + apiVersion: extensions/v1beta1 + kind: DaemonSet + metadata: + name: local-volume-provisioner + spec: + template: + metadata: + labels: + app: local-volume-provisioner + spec: + containers: + - env: + - name: MY_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: MY_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: VOLUME_CONFIG_NAME + value: local-volume-provisioner-config + image: quay.io/external_storage/local-volume-provisioner:v1.0.1 + name: provisioner + securityContext: + runAsUser: 0 + volumeMounts: + - mountPath: /mnt/local-storage + name: local-storage + serviceAccountName: local-volume-provisioner + volumes: + - hostPath: + path: /mnt/local-storage + name: local-storage diff --git a/roles/openshift_persistentlocalstorage/templates/local-persistent-volume-config.j2 b/roles/openshift_persistentlocalstorage/templates/local-persistent-volume-config.j2 new file mode 100644 index 00000000000..4fe70672c00 --- /dev/null +++ b/roles/openshift_persistentlocalstorage/templates/local-persistent-volume-config.j2 @@ -0,0 +1,10 @@ +--- +apiVersion: v1 +data: +{% for class in persistentlocalstorage_classes %} + {{class}}: '{ "hostDir": "/mnt/local-storage/{{ class }}", "mountDir" : "/mnt/local-storage/{{ class }}" }' +{% endfor %} +kind: ConfigMap +metadata: + creationTimestamp: null + name: local-volume-provisioner-config