Add playbooks to provision AWS VMs for CI

[vrutkovs]

This PR adds several simple playbooks to create AWS VMs, create inventory file from a template and deprovision VMs. See test/ci/README.md update for a suggested workflow.

These playbooks would later on be used on Prow CI similar to GCP. We can't use playbooks/aws/ for this as an average dev account can't create ELBs, launch configs etc.

vars.yml is able to define custom AMIs, so Atomic would be supported - its also able to deploy more complex sets of VMs, e.g. LB - 3 masters - 2 infra nodes - 2 compute nodes.

Cluster config in test/ci/inventory/group_vars/OSEv3 is pretty minimal and requires two env vars to be set:

• RPM_REPO to be set in openshift_additional_repos
• IMAGE_FORMAT for oreg_url

TODO:

• Rework launch.yml to run prerequisites and deprovision automatically
  Currently settings from a temporary inventory are not including test/ci/inventory/group_vars, so a simple include_playbook is insufficient.
• Ensure all deps are present in openshift/origin-ansible docker image to make this work
• Move extravars file to host_vars/localhost
  Reworked this to use test/ci/vars.yml instead
• Rework provision and deprovision to avoid templating the inventory file - remove machines based on clusterid tag
  We still need it to run upgrades until we switch to dynamic enventory
• Set volumes list for each host in the group
• Refactor AMI search

TBD:

• Require unique cluster ID and use it to deprovision instances instead of inventory?
• Add a directory for custom cluster vars?
  This would allow us to run tests with per-PR settings (for instance, enable ASB temporary)

[vrutkovs]

TODO: This needs fixing, as this var doesn't get templated for some reason

[DanyC97]

@vrutkovs i suspect the reason for that is because is not a json. What i ended up doing internally for same thing was:

- name: Set ec2_tags fact for EC2 instances
   set_fact:
     ec2_tags: |
       {
          "kubernetes.io/cluster/{{ openshift_clusterid }}": "true",
          "Name": "{{ name }}"
       }

followed by

- name: Add tags to {{ name }} instance
   ec2_tag:
     region:  "{{ aws_region }}"
     resource: "{{ instance_id }}"
     state: present
     tags: "{{ ec2_tags }}"

hth

[DanyC97]

also i believe you want to change the tag's value to one of the 2 values https://github.com/kubernetes/kubernetes/blob/master/pkg/cloudprovider/providers/aws/tags.go#L43-L51

[vrutkovs]

Yeah, that did the trick, thanks!

Not sure if we care about owned vs. shared, might add this later

[DanyC97]

i suspect you do need to tag your volumes with same kubernetes.io/cluster/ key and value above

[DanyC97]

you want this especially if you planning to use PVs ... just saying

[vrutkovs]

This is a volume for Atomic's docker storage, it doesn't know about clusters and such. In any case it seems the bot on our instance is deleting those correctly without any tags

[DanyC97]

okay, fair point

[DanyC97]

nit: you may want to have a nice generated ini file and as such you could do with a bit of trimming the whitespace - http://jinja.pocoo.org/docs/dev/templates/#whitespace-control

[vrutkovs]

Yeah, I had this initially and it turned into a nightmare :(

This inv is temporary anyway, all it needs is the hostnames and host-specific params (just one actually) so I wouldn't care about it much

[michaelgugino]

aws_instances?

[vrutkovs]

Fixed

[michaelgugino]

I don't think 'node_group' is the correct variable name here. openshift_node_group_name ?

[vrutkovs]

Fixed. This incorrectly set for in-memory inventory, but was correctly rendered in hosts/inventory

[michaelgugino]

This could be better handled by group vars.

Possible inventory groups:

[OSEv3:children]
etcd
nodes

[nodes:children]
masters
compute

[etcd:children]
masters

[masters]
master1.example.com

[master:vars]
openshift_node_group_name: node-config-master-infra

[compute]
node1.example.com

[compute:vars]
openshift_node_group_name: node-config-compute

Obviously, we can define vars sections in appropriate group_vars files and we can adjust groups for different scenarios.

[vrutkovs]

That'd complicate vars.yml - a list of groups to create and assign the instance to the group? In the end I'd still have to set per-instance aws_ip and aws_id, so why not put openshift_node_group_name there too?

[michaelgugino]

That'd complicate vars.yml - a list of groups to create and assign the instance to the group? In the end I'd still have to set per-instance aws_ip and aws_id, so why not put openshift_node_group_name there too?

I'm not sure what you mean. You don't need to 'create' the groups, you just make this the base template of the inventory file (since we're not using dynamic inventory).

[vrutkovs]

That'd limit us in groups choice. Instead of hardcoding the list of those in the template these groups are now being created automagically. So later on we could try scale up tests, by adding hosts in new_nodes group for instance.

[michaelgugino]

I'm not a fan of this implementation, I do think we need to update our group reference architecture to reflect what an actual user should do as far as group hierarchy. I'm against using hostvars where we could use groupvars because the syntax is different between the two in ini files and users never seem to understand what hostvars actually are (you'll see inventories with same host in two groups, eg masters and nodes, and competing values set on each instance of the host).

In any case, we can revisit this later.

[michaelgugino]

Are we saying that there should be a vars.yaml on the host that is running ansible that supplies some variables? This file is provided by CI? Let's add a comment if so.

[michaelgugino]

That'd complicate vars.yml - a list of groups to create and assign the instance to the group? In the end I'd still have to set per-instance aws_ip and aws_id, so why not put openshift_node_group_name there too?

I'm not sure what you mean. You don't need to 'create' the groups, you just make this the base template of the inventory file (since we're not using dynamic inventory).

[michaelgugino]

/lgtm

[michaelgugino]

I'm not a fan of this implementation, I do think we need to update our group reference architecture to reflect what an actual user should do as far as group hierarchy. I'm against using hostvars where we could use groupvars because the syntax is different between the two in ini files and users never seem to understand what hostvars actually are (you'll see inventories with same host in two groups, eg masters and nodes, and competing values set on each instance of the host).

In any case, we can revisit this later.

[openshift-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: michaelgugino, vrutkovs

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [michaelgugino,vrutkovs]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[vrutkovs]

/cherrypick release-3.10

[openshift-cherrypick-robot]

@vrutkovs: new pull request created: #9936

Details

In response to this:

/cherrypick release-3.10

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.