Update RDO registry playbooks to deploy OpenShift 3.7

This commits allows to deploy the RDO registry with OpenShift 3.7. It currently uses the "rdo-test" branch because there is still one unmerged pull request upstream that hasn't merged yet upstream. Delta from OpenShift 3.5 that is interesting to us: - Significant improvements for registry and image pruning see [1][2][3][4] - docker-registry can now use reencrypt routes [5] - Metrics and logging were deployed by default in 3.5, this is no longer the case in 3.7, avoiding an unnecessary impact on performance. [6] - We're now deploying a persistent volume for the docker-registry service on the local filesystem. [1]: openshift/origin#13671 [2]: openshift/origin#16717 [3]: openshift/origin#16656 [4]: openshift/origin#17020 [5]: openshift/origin#14249 [6]: openshift/openshift-ansible@660bafe Change-Id: I5c364a1aab883b6af061051bf190ce857bf2e1f9
rdo-infra · Nov 3, 2017 · c9daecf · c9daecf
1 parent 6b710a2
commit c9daecf
Show file tree

Hide file tree

Showing 8 changed files with 51 additions and 19 deletions.
diff --git a/doc/source/installing.rst b/doc/source/installing.rst
@@ -63,19 +63,27 @@ Export oauth application credentials for github authentication::
     export RDO_GITHUB_CLIENT_ID=oauth_client_id
     export RDO_GITHUB_CLIENT_SECRET=oauth_client_secret
 
-Retrieve and run rdo-container-registry and openshift-ansible playbooks::
-
-    git clone https://github.com/rdo-infra/rdo-container-registry
-    cd rdo-container-registry
-    tox -e ansible-playbook -- -i hosts -e "host_preparation_docker_disk=/dev/vdb" host-preparation.yml
-    tox -e ansible-playbook -- -i hosts openshift-ansible/playbooks/byo/config.yml -e "ansible_ssh_user=${USER}"
-
 .. note:: /var/lib/docker will be set up on a separate block device with
           docker-storage-setup. If you do not provide the
           ``host_preparation_docker_disk`` variable for the host-preparation
           playbook, a loopback device will be generated with test purposes and
           the playbook will warn you about it.
 
+.. note:: The server stores an OpenShift persistent volume for the Docker
+          registry on the local filesystem in ``/openshift_volumes``.
+          If you expect a high volume of data, you should re-mount this
+          directory on a large partition or volume prior to installation.
+
 .. note:: ansible_ssh_user **MUST** be provided for the openshift-ansible
           playbook, it is required by tasks such as
           ``openshift_master_certificates : Lookup default group for ansible_ssh_user``.
+
+Retrieve and run rdo-container-registry and openshift-ansible playbooks::
+
+    git clone https://github.com/rdo-infra/rdo-container-registry
+    cd rdo-container-registry
+    tox -e ansible-playbook -- -i hosts -e "host_preparation_docker_disk=/dev/vdb" host-preparation.yml
+    # Note: https://github.com/openshift/openshift-ansible/issues/5812
+    #       Glean configures "NM_CONTROLLED=no" in the ifcfg-eth0 file
+    tox -e ansible-playbook -- -i hosts openshift-ansible/playbooks/byo/openshift-node/network_manager.yml -e "ansible_ssh_user=${USER}"
+    tox -e ansible-playbook -- -i hosts openshift-ansible/playbooks/byo/config.yml -e "ansible_ssh_user=${USER}"
diff --git a/group_vars/OSEv3.yml b/group_vars/OSEv3.yml
@@ -12,7 +12,23 @@ openshift_node_sdn_mtu: 1400
 # Version and deployment type
 openshift_deployment_type: origin
 deployment_subtype: registry
-openshift_release: v1.5.1
+openshift_release: v3.7
+openshift_image_tag: v3.7.0-rc.0
+openshift_repos_enable_testing: true
+
+# OpenShift persistent registry volume and claim on local filesystem
+openshift_hosted_registry_storage_kind: hostpath
+openshift_hosted_registry_storage_access_modes:
+  - "ReadWriteOnce"
+openshift_hosted_registry_storage_volume_name: registry
+openshift_hosted_registry_storage_volume_size: 8Gi
+openshift_hosted_registry_storage_hostpath_path: /openshift_volumes/registry
+
+openshift_hosted_registry_persistent_volume_claims:
+- name: registry-claim
+  capacity: 50Gi
+  access_modes:
+    - ReadWriteMany
 
 # Identity: GitHub oauth
 # Application name: "OpenShift Docker Registry Console"
@@ -42,10 +58,11 @@ openshift_master_named_certificates:
 # Note: using passthrough termination because reencrypt does not work
 # https://github.com/openshift/origin/issues/14249
 openshift_hosted_registry_routehost: trunk.registry.rdoproject.org
-openshift_hosted_registry_routetermination: passthrough
+openshift_hosted_registry_routetermination: reencrypt
 openshift_hosted_registry_routecertificates:
-  certfile: "/etc/letsencrypt/live/trunk.registry.rdoproject.org/trunk.registry.rdoproject.org-fullchain.pem"
+  certfile: "/etc/letsencrypt/live/trunk.registry.rdoproject.org/trunk.registry.rdoproject.org-cert.pem"
   keyfile: "/etc/letsencrypt/live/trunk.registry.rdoproject.org/trunk.registry.rdoproject.org-privkey.pem"
+  cafile: "/etc/letsencrypt/live/trunk.registry.rdoproject.org/trunk.registry.rdoproject.org-chain.pem"
 
 openshift_hosted_registry_console_routehost: console.registry.rdoproject.org
 openshift_hosted_registry_console_routetermination: reencrypt

diff --git a/hosts b/hosts
@@ -2,11 +2,16 @@
 [OSEv3:children]
 masters
 nodes
+etcd
 
 # host group for masters
 [masters]
 registry.rdoproject.org
 
+# host group for etcd nodes
+[etcd]
+registry.rdoproject.org
+
 # host group for nodes, includes region info
 [nodes]
 registry.rdoproject.org openshift_node_labels="{'region': 'infra', 'zone': 'default'}" openshift_schedulable=true
diff --git a/requirements.txt b/requirements.txt
@@ -1,2 +1,3 @@
 pbr>=1.6
+ansible==2.3.1.0
 ara>=0.5.0
diff --git a/roles/host-preparation/defaults/main.yml b/roles/host-preparation/defaults/main.yml
@@ -19,7 +19,6 @@ host_preparation_registry: trunk.registry.rdoproject.org
 host_preparation_console: console.registry.rdoproject.org
 
 host_preparation_packages:
-  - centos-release-openshift-origin
   - wget
   - git
   - net-tools
@@ -28,7 +27,6 @@ host_preparation_packages:
   - bridge-utils
   - bash-completion
   - docker
-  - NetworkManager
   - pyOpenSSL
 
 # OpenStack (TripleO) clouds have a default MTU of 1450, we need to override

diff --git a/roles/host-preparation/tasks/main.yml b/roles/host-preparation/tasks/main.yml
@@ -19,12 +19,6 @@
     name: "{{ host_preparation_packages }}"
     state: "present"
 
-- name: Enable and start NetworkManager
-  service:
-    name: "NetworkManager"
-    state: "started"
-    enabled: "yes"
-
 - name: Ensure hostnames properly resolve to localhost
   lineinfile:
     dest: "/etc/hosts"
@@ -124,5 +118,10 @@
     state: "started"
     enabled: "yes"
 
+- name: Ensure the persistent volume path exists
+  file:
+    path: "{{ openshift_hosted_registry_storage_hostpath_path | dirname }}"
+    state: directory
+
 - name: Flush handlers
   meta: flush_handlers
diff --git a/run_tests.sh b/run_tests.sh
@@ -30,6 +30,10 @@ ssh-keyscan -H registry.rdoproject.org >>~/.ssh/known_hosts
 cleanup
 tox -e ansible-playbook -- -b -i hosts host-preparation.yml -e "ansible_ssh_user=${USER}"
 cleanup
+# https://github.com/openshift/openshift-ansible/issues/5812
+# Glean configures "NM_CONTROLLED=no" in the ifcfg-eth0 file
+tox -e ansible-playbook -- -b -i hosts openshift-ansible/playbooks/byo/openshift-node/network_manager.yml -e "ansible_ssh_user=${USER}"
+cleanup
 tox -e ansible-playbook -- -b -i hosts openshift-ansible/playbooks/byo/config.yml -e "ansible_ssh_user=${USER}"
 
 sudo oc get pods

diff --git a/tox.ini b/tox.ini
@@ -23,7 +23,7 @@ whitelist_externals = bash
 [testenv:ansible-playbook]
 commands =
     rm -rf {toxinidir}/openshift-ansible
-    bash -c "git clone https://github.com/dmsimard/openshift-ansible; pushd openshift-ansible; git checkout rdo; popd"
+    bash -c "git clone https://github.com/dmsimard/openshift-ansible; pushd openshift-ansible; git checkout rdo-test; popd"
     pip install -r {toxinidir}/openshift-ansible/requirements.txt
     ansible-playbook {posargs}
     rm -rf {toxinidir}/openshift-ansible