/
configure.yaml
81 lines (68 loc) · 2.01 KB
/
configure.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
# This playbook converges the cluster to the desired state
- hosts: localhost
connection: local
roles:
- instance-groups
- hosts: cluster_hosts
roles:
- cluster-variables
- docker-storage-setup
- gce-cloudconfig
- frequent-log-rotation
- hosts: schedulable_nodes
gather_facts: no
roles:
#- openshift-volume-quota
# 3.7 requires std_include in order to invoke os_firewall (for now). Conditionally include it so
# we don't break for older versions. Should be removed when os_firewall becomes a module.
- hosts: localhost
tasks:
- stat: path=/usr/share/ansible/openshift-ansible/playbooks/common/openshift-cluster/std_include.yml
register: std_include
become: no
- include: /usr/share/ansible/openshift-ansible/playbooks/byo/openshift-cluster/initialize_groups.yml
- include: /usr/share/ansible/openshift-ansible/playbooks/common/openshift-cluster/std_include.yml
when: hostvars['localhost']['std_include'].stat.exists
- hosts: masters
gather_facts: no
roles:
- master-http-proxy
- role: /usr/share/ansible/openshift-ansible/roles/os_firewall
os_firewall_allow:
- service: master http proxy
port: 8080/tcp
- include: /usr/share/ansible/openshift-ansible/playbooks/byo/config.yml
- hosts: primary_master
gather_facts: no
tasks:
- name: Retrieve cluster configuration
fetch:
src: "{{ openshift.common.config_base }}/master/admin.kubeconfig"
dest: "/tmp/"
flat: yes
- hosts: infra_nodes
gather_facts: no
roles:
- role: /usr/share/ansible/openshift-ansible/roles/os_firewall
os_firewall_allow:
- service: router liveness probe
port: 1936/tcp
- hosts: app_nodes
gather_facts: no
roles:
- restrict-gce-metadata
- hosts: schedulable_nodes
gather_facts: no
roles:
#- openshift-emptydir-quota
- hosts: primary_master
gather_facts: no
roles:
- openshift-roles
- hosts: masters
gather_facts: no
roles:
- validate-masters
- hosts: localhost
roles:
- validate-public