diff options
37 files changed, 8 insertions, 812 deletions
diff --git a/playbooks/aws/openshift-master/launch.yml b/playbooks/aws/openshift-master/launch.yml index 6b3751682..51a0258f0 100644 --- a/playbooks/aws/openshift-master/launch.yml +++ b/playbooks/aws/openshift-master/launch.yml @@ -4,10 +4,10 @@ connection: local gather_facts: no -# TODO: modify atomic_ami based on deployment_type +# TODO: modify g_ami based on deployment_type vars: inst_region: us-east-1 - atomic_ami: ami-86781fee + g_ami: ami-86781fee user_data_file: user_data.txt tasks: @@ -18,13 +18,13 @@ keypair: libra group: ['public'] instance_type: m3.large - image: "{{ atomic_ami }}" + image: "{{ g_ami }}" count: "{{ oo_new_inst_names | oo_len }}" user_data: "{{ lookup('file', user_data_file) }}" wait: yes register: ec2 - - name: Add new instances public IPs to the atomic proxy host group + - name: Add new instances public IPs to the host group add_host: "hostname={{ item.public_ip }} groupname=new_ec2_instances" with_items: ec2.instances diff --git a/playbooks/aws/openshift-node/launch.yml b/playbooks/aws/openshift-node/launch.yml index 36aee14ff..d6024a020 100644 --- a/playbooks/aws/openshift-node/launch.yml +++ b/playbooks/aws/openshift-node/launch.yml @@ -4,10 +4,10 @@ connection: local gather_facts: no -# TODO: modify atomic_ami based on deployment_type +# TODO: modify g_ami based on deployment_type vars: inst_region: us-east-1 - atomic_ami: ami-86781fee + g_ami: ami-86781fee user_data_file: user_data.txt tasks: @@ -18,13 +18,13 @@ keypair: libra group: ['public'] instance_type: m3.large - image: "{{ atomic_ami }}" + image: "{{ g_ami }}" count: "{{ oo_new_inst_names | oo_len }}" user_data: "{{ lookup('file', user_data_file) }}" wait: yes register: ec2 - - name: Add new instances public IPs to the atomic proxy host group + - name: Add new instances public IPs to the host group add_host: hostname: "{{ item.public_ip }}" groupname: new_ec2_instances" diff --git a/playbooks/aws/os2-atomic-proxy/config.yml b/playbooks/aws/os2-atomic-proxy/config.yml deleted file mode 100644 index 7d384a665..000000000 --- a/playbooks/aws/os2-atomic-proxy/config.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -- name: "populate oo_hosts_to_config host group if needed" - hosts: localhost - gather_facts: no - tasks: - - name: Evaluate oo_host_group_exp if it's set - add_host: "name={{ item }} groups=oo_hosts_to_config" - with_items: "{{ oo_host_group_exp | default(['']) }}" - when: oo_host_group_exp is defined - -- name: "Configure instances" - hosts: oo_hosts_to_config - connection: ssh - user: root - vars_files: - - vars.yml - - "vars.{{ oo_env }}.yml" - roles: - - atomic_base - - atomic_proxy diff --git a/playbooks/aws/os2-atomic-proxy/filter_plugins b/playbooks/aws/os2-atomic-proxy/filter_plugins deleted file mode 120000 index 99a95e4ca..000000000 --- a/playbooks/aws/os2-atomic-proxy/filter_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../filter_plugins
\ No newline at end of file diff --git a/playbooks/aws/os2-atomic-proxy/launch.yml b/playbooks/aws/os2-atomic-proxy/launch.yml deleted file mode 100644 index fd6b0f39a..000000000 --- a/playbooks/aws/os2-atomic-proxy/launch.yml +++ /dev/null @@ -1,97 +0,0 @@ ---- -- name: Launch instance(s) - hosts: localhost - connection: local - gather_facts: no - - vars: - inst_region: us-east-1 - atomic_ami: ami-8e239fe6 - user_data_file: user_data.txt - oo_vpc_subnet_id: # Purposely left blank, these are here to be overridden in env vars_files - oo_assign_public_ip: # Purposely left blank, these are here to be overridden in env vars_files - - vars_files: - - vars.yml - - "vars.{{ oo_env }}.yml" - - tasks: - - name: Launch instances in VPC - ec2: - state: present - region: "{{ inst_region }}" - keypair: mmcgrath_libra - group_id: "{{ oo_security_group_ids }}" - instance_type: m3.large - image: "{{ atomic_ami }}" - count: "{{ oo_new_inst_names | oo_len }}" - user_data: "{{ lookup('file', user_data_file) }}" - wait: yes - assign_public_ip: "{{ oo_assign_public_ip }}" - vpc_subnet_id: "{{ oo_vpc_subnet_id }}" - when: oo_vpc_subnet_id - register: ec2_vpc - - - set_fact: - ec2: "{{ ec2_vpc }}" - when: oo_vpc_subnet_id - - - name: Launch instances in Classic - ec2: - state: present - region: "{{ inst_region }}" - keypair: mmcgrath_libra - group: ['Libra', '{{ oo_env }}', '{{ oo_env }}_proxy', '{{ oo_env }}_proxy_atomic'] - instance_type: m3.large - image: "{{ atomic_ami }}" - count: "{{ oo_new_inst_names | oo_len }}" - user_data: "{{ lookup('file', user_data_file) }}" - wait: yes - when: not oo_vpc_subnet_id - register: ec2_classic - - - set_fact: - ec2: "{{ ec2_classic }}" - when: not oo_vpc_subnet_id - - - name: Add new instances public IPs to the atomic proxy host group - add_host: "hostname={{ item.public_ip }} groupname=new_ec2_instances" - with_items: ec2.instances - - - name: Add Name and environment tags to instances - ec2_tag: "resource={{ item.1.id }} region={{ inst_region }} state=present" - with_together: - - oo_new_inst_names - - ec2.instances - args: - tags: - Name: "{{ item.0 }}" - - - name: Add other tags to instances - ec2_tag: "resource={{ item.id }} region={{ inst_region }} state=present" - with_items: ec2.instances - args: - tags: "{{ oo_new_inst_tags }}" - - - name: Add new instances public IPs to oo_hosts_to_config - add_host: "hostname={{ item.0 }} ansible_ssh_host={{ item.1.public_ip }} groupname=oo_hosts_to_config" - with_together: - - oo_new_inst_names - - ec2.instances - - - debug: var=ec2 - - - name: Wait for ssh - wait_for: "port=22 host={{ item.public_ip }}" - with_items: ec2.instances - - - name: Wait for root user setup - command: "ssh -o StrictHostKeyChecking=no -o PasswordAuthentication=no -o ConnectTimeout=10 -o UserKnownHostsFile=/dev/null root@{{ item.public_ip }} echo root user is setup" - register: result - until: result.rc == 0 - retries: 20 - delay: 10 - with_items: ec2.instances - -# Apply the configs, seprate so that just the configs can be run by themselves -- include: config.yml diff --git a/playbooks/aws/os2-atomic-proxy/roles b/playbooks/aws/os2-atomic-proxy/roles deleted file mode 120000 index 20c4c58cf..000000000 --- a/playbooks/aws/os2-atomic-proxy/roles +++ /dev/null @@ -1 +0,0 @@ -../../../roles
\ No newline at end of file diff --git a/playbooks/aws/os2-atomic-proxy/user_data.txt b/playbooks/aws/os2-atomic-proxy/user_data.txt deleted file mode 100644 index 643d17c32..000000000 --- a/playbooks/aws/os2-atomic-proxy/user_data.txt +++ /dev/null @@ -1,6 +0,0 @@ -#cloud-config -disable_root: 0 - -system_info: - default_user: - name: root diff --git a/playbooks/aws/os2-atomic-proxy/vars.int.yml b/playbooks/aws/os2-atomic-proxy/vars.int.yml deleted file mode 100644 index 00157cd89..000000000 --- a/playbooks/aws/os2-atomic-proxy/vars.int.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -oo_env_long: integration -oo_zabbix_hostgroups: ['INT Environment'] diff --git a/playbooks/aws/os2-atomic-proxy/vars.prod.yml b/playbooks/aws/os2-atomic-proxy/vars.prod.yml deleted file mode 100644 index 641afc626..000000000 --- a/playbooks/aws/os2-atomic-proxy/vars.prod.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -oo_env_long: production -oo_zabbix_hostgroups: ['PROD Environment'] diff --git a/playbooks/aws/os2-atomic-proxy/vars.stg.yml b/playbooks/aws/os2-atomic-proxy/vars.stg.yml deleted file mode 100644 index 1cecfc9b2..000000000 --- a/playbooks/aws/os2-atomic-proxy/vars.stg.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -oo_env_long: staging -oo_zabbix_hostgroups: ['STG Environment'] -oo_vpc_subnet_id: subnet-700bdd07 -oo_assign_public_ip: yes -oo_security_group_ids: - - sg-02c2f267 # Libra (vpc) - - sg-f0bfbe95 # stg (vpc) - - sg-a3bfbec6 # stg_proxy (vpc) - - sg-d4bfbeb1 # stg_proxy_atomic (vpc) diff --git a/playbooks/aws/os2-atomic-proxy/vars.yml b/playbooks/aws/os2-atomic-proxy/vars.yml deleted file mode 100644 index ed97d539c..000000000 --- a/playbooks/aws/os2-atomic-proxy/vars.yml +++ /dev/null @@ -1 +0,0 @@ ---- diff --git a/roles/atomic_base/README.md b/roles/atomic_base/README.md deleted file mode 100644 index 8fe3faf7d..000000000 --- a/roles/atomic_base/README.md +++ /dev/null @@ -1,56 +0,0 @@ -Role Name -======== - -The purpose of this role is to do common configurations for all RHEL atomic hosts. - - -Requirements ------------- - -None - - -Role Variables --------------- - -None - - -Dependencies ------------- - -None - - -Example Playbook -------------------------- - -From a group playbook: - - hosts: servers - roles: - - ../../roles/atomic_base - - -License -------- - -Copyright 2012-2014 Red Hat, Inc., All rights reserved. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. - - -Author Information ------------------- - -Thomas Wiest <twiest@redhat.com> diff --git a/roles/atomic_base/files/bash/bashrc b/roles/atomic_base/files/bash/bashrc deleted file mode 100644 index 446f18f22..000000000 --- a/roles/atomic_base/files/bash/bashrc +++ /dev/null @@ -1,12 +0,0 @@ -# .bashrc - -# User specific aliases and functions - -alias rm='rm -i' -alias cp='cp -i' -alias mv='mv -i' - -# Source global definitions -if [ -f /etc/bashrc ]; then - . /etc/bashrc -fi diff --git a/roles/atomic_base/files/ostree/repo_config b/roles/atomic_base/files/ostree/repo_config deleted file mode 100644 index 7038158f9..000000000 --- a/roles/atomic_base/files/ostree/repo_config +++ /dev/null @@ -1,10 +0,0 @@ -[core] -repo_version=1 -mode=bare - -[remote "rh-atomic-controller"] -url=https://mirror.openshift.com/libra/ostree/rhel-7-atomic-host -branches=rh-atomic-controller/el7/x86_64/buildmaster/controller/docker; -tls-client-cert-path=/var/lib/yum/client-cert.pem -tls-client-key-path=/var/lib/yum/client-key.pem -gpg-verify=false diff --git a/roles/atomic_base/files/system/90-nofile.conf b/roles/atomic_base/files/system/90-nofile.conf deleted file mode 100644 index 8537a4c5f..000000000 --- a/roles/atomic_base/files/system/90-nofile.conf +++ /dev/null @@ -1,7 +0,0 @@ -# PAM process file descriptor limits -# see limits.conf(5) for details. -#Each line describes a limit for a user in the form: -# -#<domain> <type> <item> <value> -* hard nofile 16384 -root soft nofile 16384 diff --git a/roles/atomic_base/meta/main.yml b/roles/atomic_base/meta/main.yml deleted file mode 100644 index 9578ab809..000000000 --- a/roles/atomic_base/meta/main.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -galaxy_info: - author: Thomas Wiest - description: Common base RHEL atomic configurations - company: Red Hat - # Some suggested licenses: - # - BSD (default) - # - MIT - # - GPLv2 - # - GPLv3 - # - Apache - # - CC-BY - license: Apache - min_ansible_version: 1.2 - platforms: - - name: EL - versions: - - 7 -dependencies: [] diff --git a/roles/atomic_base/tasks/bash.yml b/roles/atomic_base/tasks/bash.yml deleted file mode 100644 index 547ae83c3..000000000 --- a/roles/atomic_base/tasks/bash.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- -- name: Copy .bashrc - copy: src=bash/bashrc dest=/root/.bashrc owner=root group=root mode=0644 - -- name: Link to .profile to .bashrc - file: src=/root/.bashrc dest=/root/.profile owner=root group=root state=link - -- name: "Setup Timezone [{{ oo_timezone }}]" - file: - src: "/usr/share/zoneinfo/{{ oo_timezone }}" - dest: /etc/localtime - owner: root - group: root - state: link diff --git a/roles/atomic_base/tasks/cloud_user.yml b/roles/atomic_base/tasks/cloud_user.yml deleted file mode 100644 index e7347fc3d..000000000 --- a/roles/atomic_base/tasks/cloud_user.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- name: Remove cloud-user account - user: name=cloud-user state=absent remove=yes force=yes - -- name: Remove cloud-user sudo - file: path=/etc/sudoers.d/90-cloud-init-users state=absent diff --git a/roles/atomic_base/tasks/main.yml b/roles/atomic_base/tasks/main.yml deleted file mode 100644 index 5d8e8571a..000000000 --- a/roles/atomic_base/tasks/main.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- include: system.yml -- include: bash.yml -- include: ostree.yml diff --git a/roles/atomic_base/tasks/ostree.yml b/roles/atomic_base/tasks/ostree.yml deleted file mode 100644 index aacaa5efd..000000000 --- a/roles/atomic_base/tasks/ostree.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -- name: Copy ostree repo config - copy: - src: ostree/repo_config - dest: /ostree/repo/config - owner: root - group: root - mode: 0644 - -- name: "WORK AROUND: Stat redhat repo file" - stat: path=/etc/yum.repos.d/redhat.repo - register: redhat_repo - -- name: "WORK AROUND: subscription manager failures" - file: - path: /etc/yum.repos.d/redhat.repo - state: touch - when: redhat_repo.stat.exists == False diff --git a/roles/atomic_base/tasks/system.yml b/roles/atomic_base/tasks/system.yml deleted file mode 100644 index e5cde427d..000000000 --- a/roles/atomic_base/tasks/system.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -- name: Upload nofile limits.d file - copy: src=system/90-nofile.conf dest=/etc/security/limits.d/90-nofile.conf owner=root group=root mode=0644 diff --git a/roles/atomic_base/vars/main.yml b/roles/atomic_base/vars/main.yml deleted file mode 100644 index d4e61175c..000000000 --- a/roles/atomic_base/vars/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -oo_timezone: US/Eastern diff --git a/roles/atomic_proxy/README.md b/roles/atomic_proxy/README.md deleted file mode 100644 index 348eaee1f..000000000 --- a/roles/atomic_proxy/README.md +++ /dev/null @@ -1,56 +0,0 @@ -Role Name -======== - -The purpose of this role is to do common configurations for all RHEL atomic hosts. - - -Requirements ------------- - -None - - -Role Variables --------------- - -None - - -Dependencies ------------- - -None - - -Example Playbook -------------------------- - -From a group playbook: - - hosts: servers - roles: - - ../../roles/atomic_proxy - - -License -------- - -Copyright 2012-2014 Red Hat, Inc., All rights reserved. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. - - -Author Information ------------------- - -Thomas Wiest <twiest@redhat.com> diff --git a/roles/atomic_proxy/files/proxy_containers_deploy_descriptor.json b/roles/atomic_proxy/files/proxy_containers_deploy_descriptor.json deleted file mode 100644 index c15835d48..000000000 --- a/roles/atomic_proxy/files/proxy_containers_deploy_descriptor.json +++ /dev/null @@ -1,29 +0,0 @@ -{ - "Containers":[ - { - "Name":"proxy-puppet", - "Count":1, - "Image":"puppet:latest", - "PublicPorts":[ - ] - }, - { - "Name":"proxy", - "Count":1, - "Image":"proxy:latest", - "PublicPorts":[ - {"Internal":80,"External":80}, - {"Internal":443,"External":443}, - {"Internal":4999,"External":4999} - ] - }, - { - "Name":"proxy-monitoring", - "Count":1, - "Image":"monitoring:latest", - "PublicPorts":[ - ] - } - ], - "RandomizeIds": false -} diff --git a/roles/atomic_proxy/files/puppet/auth.conf b/roles/atomic_proxy/files/puppet/auth.conf deleted file mode 100644 index b31906bae..000000000 --- a/roles/atomic_proxy/files/puppet/auth.conf +++ /dev/null @@ -1,116 +0,0 @@ -# This is the default auth.conf file, which implements the default rules -# used by the puppet master. (That is, the rules below will still apply -# even if this file is deleted.) -# -# The ACLs are evaluated in top-down order. More specific stanzas should -# be towards the top of the file and more general ones at the bottom; -# otherwise, the general rules may "steal" requests that should be -# governed by the specific rules. -# -# See http://docs.puppetlabs.com/guides/rest_auth_conf.html for a more complete -# description of auth.conf's behavior. -# -# Supported syntax: -# Each stanza in auth.conf starts with a path to match, followed -# by optional modifiers, and finally, a series of allow or deny -# directives. -# -# Example Stanza -# --------------------------------- -# path /path/to/resource # simple prefix match -# # path ~ regex # alternately, regex match -# [environment envlist] -# [method methodlist] -# [auth[enthicated] {yes|no|on|off|any}] -# allow [host|backreference|*|regex] -# deny [host|backreference|*|regex] -# allow_ip [ip|cidr|ip_wildcard|*] -# deny_ip [ip|cidr|ip_wildcard|*] -# -# The path match can either be a simple prefix match or a regular -# expression. `path /file` would match both `/file_metadata` and -# `/file_content`. Regex matches allow the use of backreferences -# in the allow/deny directives. -# -# The regex syntax is the same as for Ruby regex, and captures backreferences -# for use in the `allow` and `deny` lines of that stanza -# -# Examples: -# -# path ~ ^/path/to/resource # Equivalent to `path /path/to/resource`. -# allow * # Allow all authenticated nodes (since auth -# # defaults to `yes`). -# -# path ~ ^/catalog/([^/]+)$ # Permit nodes to access their own catalog (by -# allow $1 # certname), but not any other node's catalog. -# -# path ~ ^/file_(metadata|content)/extra_files/ # Only allow certain nodes to -# auth yes # access the "extra_files" -# allow /^(.+)\.example\.com$/ # mount point; note this must -# allow_ip 192.168.100.0/24 # go ABOVE the "/file" rule, -# # since it is more specific. -# -# environment:: restrict an ACL to a comma-separated list of environments -# method:: restrict an ACL to a comma-separated list of HTTP methods -# auth:: restrict an ACL to an authenticated or unauthenticated request -# the default when unspecified is to restrict the ACL to authenticated requests -# (ie exactly as if auth yes was present). -# - -### Authenticated ACLs - these rules apply only when the client -### has a valid certificate and is thus authenticated - -# allow nodes to retrieve their own catalog -path ~ ^/catalog/([^/]+)$ -method find -allow $1 - -# allow nodes to retrieve their own node definition -path ~ ^/node/([^/]+)$ -method find -allow $1 - -# allow all nodes to access the certificates services -path /certificate_revocation_list/ca -method find -allow * - -# allow all nodes to store their own reports -path ~ ^/report/([^/]+)$ -method save -allow $1 - -# Allow all nodes to access all file services; this is necessary for -# pluginsync, file serving from modules, and file serving from custom -# mount points (see fileserver.conf). Note that the `/file` prefix matches -# requests to both the file_metadata and file_content paths. See "Examples" -# above if you need more granular access control for custom mount points. -path /file -allow * - -### Unauthenticated ACLs, for clients without valid certificates; authenticated -### clients can also access these paths, though they rarely need to. - -# allow access to the CA certificate; unauthenticated nodes need this -# in order to validate the puppet master's certificate -path /certificate/ca -auth any -method find -allow * - -# allow nodes to retrieve the certificate they requested earlier -path /certificate/ -auth any -method find -allow * - -# allow nodes to request a new certificate -path /certificate_request -auth any -method find, save -allow * - -# deny everything else; this ACL is not strictly necessary, but -# illustrates the default policy. -path / -auth any diff --git a/roles/atomic_proxy/files/setup-proxy-containers.sh b/roles/atomic_proxy/files/setup-proxy-containers.sh deleted file mode 100755 index d047c96c1..000000000 --- a/roles/atomic_proxy/files/setup-proxy-containers.sh +++ /dev/null @@ -1,43 +0,0 @@ -#!/bin/bash - -function fail { - msg=$1 - echo - echo $msg - echo - exit 5 -} - - -NUM_DATA_CTR=$(docker ps -a | grep -c proxy-shared-data-1) -[ "$NUM_DATA_CTR" -ne 0 ] && fail "ERROR: proxy-shared-data-1 exists" - - -# pre-cache the container images -echo -timeout --signal TERM --kill-after 30 600 docker pull busybox:latest || fail "ERROR: docker pull of busybox failed" - -echo -# WORKAROUND: Setup the shared data container -/usr/bin/docker run --name "proxy-shared-data-1" \ - -v /shared/etc/haproxy \ - -v /shared/etc/httpd \ - -v /shared/etc/openshift \ - -v /shared/etc/pki \ - -v /shared/var/run/ctr-ipc \ - -v /shared/var/lib/haproxy \ - -v /shared/usr/local \ - "busybox:latest" true - -# WORKAROUND: These are because we're not using a pod yet -cp /usr/local/etc/ctr-proxy-1.service /usr/local/etc/ctr-proxy-puppet-1.service /usr/local/etc/ctr-proxy-monitoring-1.service /etc/systemd/system/ - -systemctl daemon-reload - -echo -echo -n "sleeping 10 seconds for systemd reload to take affect..." -sleep 10 -echo " Done." - -# Start the services -systemctl start ctr-proxy-puppet-1 ctr-proxy-1 ctr-proxy-monitoring-1 diff --git a/roles/atomic_proxy/handlers/main.yml b/roles/atomic_proxy/handlers/main.yml deleted file mode 100644 index 8eedec17a..000000000 --- a/roles/atomic_proxy/handlers/main.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -- name: reload systemd - command: systemctl daemon-reload diff --git a/roles/atomic_proxy/meta/main.yml b/roles/atomic_proxy/meta/main.yml deleted file mode 100644 index a92d685b1..000000000 --- a/roles/atomic_proxy/meta/main.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -galaxy_info: - author: Thomas Wiest - description: Common base RHEL atomic configurations - company: Red Hat - # Some suggested licenses: - # - BSD (default) - # - MIT - # - GPLv2 - # - GPLv3 - # - Apache - # - CC-BY - license: Apache - min_ansible_version: 1.2 - platforms: - - name: EL - versions: - - 7 -dependencies: - # This is the role's PRIVATE counterpart, which is used. - - ../../../../../atomic_private/ansible/roles/atomic_proxy diff --git a/roles/atomic_proxy/tasks/main.yml b/roles/atomic_proxy/tasks/main.yml deleted file mode 100644 index 073a1c61e..000000000 --- a/roles/atomic_proxy/tasks/main.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -- include: setup_puppet.yml -- include: setup_containers.yml diff --git a/roles/atomic_proxy/tasks/setup_containers.yml b/roles/atomic_proxy/tasks/setup_containers.yml deleted file mode 100644 index ee971623a..000000000 --- a/roles/atomic_proxy/tasks/setup_containers.yml +++ /dev/null @@ -1,57 +0,0 @@ ---- -- name: "get output of: docker images" - command: docker images - changed_when: False # don't report as changed - register: docker_images - -- name: docker pull busybox ONLY if it's not present - command: "docker pull busybox:latest" - when: "not docker_images.stdout | search('busybox.*latest')" - -- name: docker pull containers ONLY if they're not present (needed otherwise systemd will timeout pulling the containers) - command: "docker pull docker-registry.ops.rhcloud.com/{{ item }}:{{ oo_env }}" - with_items: - - oso-v2-proxy - - oso-v2-puppet - - oso-v2-monitoring - when: "not docker_images.stdout | search('docker-registry.ops.rhcloud.com/{{ item }}.*{{ oo_env }}')" - -- name: "get output of: docker ps -a" - command: docker ps -a - changed_when: False # don't report as changed - register: docker_ps - -- name: run proxy-shared-data-1 - command: /usr/bin/docker run --name "proxy-shared-data-1" \ - -v /shared/etc/haproxy \ - -v /shared/etc/httpd \ - -v /shared/etc/openshift \ - -v /shared/etc/pki \ - -v /shared/var/run/ctr-ipc \ - -v /shared/var/lib/haproxy \ - -v /shared/usr/local \ - "busybox:latest" true - when: "not docker_ps.stdout | search('proxy-shared-data-1')" - -- name: Deploy systemd files for containers - template: - src: "systemd/{{ item }}.j2" - dest: "/etc/systemd/system/{{ item }}" - mode: 0640 - owner: root - group: root - with_items: - - ctr-proxy-1.service - - ctr-proxy-monitoring-1.service - - ctr-proxy-puppet-1.service - notify: reload systemd - -- name: start containers - service: - name: "{{ item }}" - state: started - enabled: yes - with_items: - - ctr-proxy-puppet-1 - - ctr-proxy-1 - - ctr-proxy-monitoring-1 diff --git a/roles/atomic_proxy/tasks/setup_puppet.yml b/roles/atomic_proxy/tasks/setup_puppet.yml deleted file mode 100644 index 7a599f06d..000000000 --- a/roles/atomic_proxy/tasks/setup_puppet.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -- name: make puppet conf dir - file: - dest: "{{ oo_proxy_puppet_volume_dir }}/etc/puppet" - mode: 755 - owner: root - group: root - state: directory - -- name: upload puppet auth config - copy: - src: puppet/auth.conf - dest: "{{ oo_proxy_puppet_volume_dir }}/etc/puppet/auth.conf" - mode: 0644 - owner: root - group: root - -- name: upload puppet config - template: - src: puppet/puppet.conf.j2 - dest: "{{ oo_proxy_puppet_volume_dir }}/etc/puppet/puppet.conf" - mode: 0644 - owner: root - group: root diff --git a/roles/atomic_proxy/templates/puppet/puppet.conf.j2 b/roles/atomic_proxy/templates/puppet/puppet.conf.j2 deleted file mode 100644 index 9731ff168..000000000 --- a/roles/atomic_proxy/templates/puppet/puppet.conf.j2 +++ /dev/null @@ -1,40 +0,0 @@ -[main] - # we need to override the host name of the container - certname = ctr-proxy.{{ oo_env }}.rhcloud.com - - # The Puppet log directory. - # The default value is '$vardir/log'. - logdir = /var/log/puppet - - # Where Puppet PID files are kept. - # The default value is '$vardir/run'. - rundir = /var/run/puppet - - # Where SSL certificates are kept. - # The default value is '$confdir/ssl'. - ssldir = $vardir/ssl - manifest = $manifestdir/site.pp - manifestdir = /var/lib/puppet/environments/pub/$environment/manifests - environment = {{ oo_env_long }} - modulepath = /var/lib/puppet/environments/pub/$environment/modules:/var/lib/puppet/environments/pri/$environment/modules:/var/lib/puppet/environments/pri/production/modules:$confdir/modules:/usr/share/puppet/modules - -[agent] - # The file in which puppetd stores a list of the classes - # associated with the retrieved configuratiion. Can be loaded in - # the separate ``puppet`` executable using the ``--loadclasses`` - # option. - # The default value is '$confdir/classes.txt'. - classfile = $vardir/classes.txt - - # Where puppetd caches the local configuration. An - # extension indicating the cache format is added automatically. - # The default value is '$confdir/localconfig'. - localconfig = $vardir/localconfig - server = puppet.ops.rhcloud.com - environment = {{ oo_env_long }} - pluginsync = true - graph = true - configtimeout = 600 - report = true - runinterval = 3600 - splay = true diff --git a/roles/atomic_proxy/templates/sync/sync-proxy-configs.sh.j2 b/roles/atomic_proxy/templates/sync/sync-proxy-configs.sh.j2 deleted file mode 100755 index d9aa2d811..000000000 --- a/roles/atomic_proxy/templates/sync/sync-proxy-configs.sh.j2 +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/bash - -VOL_DIR=/var/lib/docker/volumes/proxy -SSH_CMD="ssh -o StrictHostKeyChecking=no -o PasswordAuthentication=no -o ConnectTimeout=10 -o UserKnownHostsFile=/dev/null" - -mkdir -p ${VOL_DIR}/etc/haproxy/ -rsync -e "${SSH_CMD}" -va --progress root@proxy1.{{ oo_env }}.rhcloud.com:/etc/haproxy/ ${VOL_DIR}/etc/haproxy/ - -mkdir -p ${VOL_DIR}/etc/httpd/ -rsync -e "${SSH_CMD}" -va --progress root@proxy1.{{ oo_env }}.rhcloud.com:/etc/httpd/ ${VOL_DIR}/etc/httpd/ - -mkdir -p ${VOL_DIR}/etc/pki/tls/ -rsync -e "${SSH_CMD}" -va --progress root@proxy1.{{ oo_env }}.rhcloud.com:/etc/pki/tls/ ${VOL_DIR}/etc/pki/tls/ - -# We need to disable the haproxy chroot -sed -i -re 's/^(\s+)chroot/\1#chroot/' /var/lib/docker/volumes/proxy/etc/haproxy/haproxy.cfg diff --git a/roles/atomic_proxy/templates/systemd/ctr-proxy-1.service.j2 b/roles/atomic_proxy/templates/systemd/ctr-proxy-1.service.j2 deleted file mode 100644 index 988a9f544..000000000 --- a/roles/atomic_proxy/templates/systemd/ctr-proxy-1.service.j2 +++ /dev/null @@ -1,32 +0,0 @@ -[Unit] -Description=Container proxy-1 - - -[Service] -Type=simple -TimeoutStartSec=5m -Slice=container-small.slice - -ExecStartPre=-/usr/bin/docker rm "proxy-1" - -ExecStart=/usr/bin/docker run --rm --name "proxy-1" \ - --volumes-from proxy-shared-data-1 \ - -a stdout -a stderr -p 80:80 -p 443:443 -p 4999:4999 \ - "docker-registry.ops.rhcloud.com/oso-v2-proxy:{{ oo_env }}" - -ExecReload=-/usr/bin/docker stop "proxy-1" -ExecReload=-/usr/bin/docker rm "proxy-1" -ExecStop=-/usr/bin/docker stop "proxy-1" - -[Install] -WantedBy=container.target - -# Container information -X-ContainerId=proxy-1 -X-ContainerImage=docker-registry.ops.rhcloud.com/oso-v2-proxy:{{ oo_env }} -X-ContainerUserId= -X-ContainerRequestId=LwiWtYWaAvSavH6Ze53QJg -X-ContainerType=simple -X-PortMapping=80:80 -X-PortMapping=443:443 -X-PortMapping=4999:4999 diff --git a/roles/atomic_proxy/templates/systemd/ctr-proxy-monitoring-1.service.j2 b/roles/atomic_proxy/templates/systemd/ctr-proxy-monitoring-1.service.j2 deleted file mode 100644 index 975b0061b..000000000 --- a/roles/atomic_proxy/templates/systemd/ctr-proxy-monitoring-1.service.j2 +++ /dev/null @@ -1,36 +0,0 @@ -[Unit] -Description=Container proxy-monitoring-1 - - -[Service] -Type=simple -TimeoutStartSec=5m -Slice=container-small.slice - -ExecStartPre=-/usr/bin/docker rm "proxy-monitoring-1" - -ExecStart=/usr/bin/docker run --rm --name "proxy-monitoring-1" \ - --volumes-from proxy-shared-data-1 \ - -a stdout -a stderr \ - -e "OO_ENV={{ oo_env }}" \ - -e "OO_CTR_TYPE=proxy" \ - -e "OO_ZABBIX_HOSTGROUPS={{ oo_zabbix_hostgroups | join(',') }}" \ - -e "OO_ZABBIX_TEMPLATES=Template OpenShift Proxy Ctr" \ - "docker-registry.ops.rhcloud.com/oso-v2-monitoring:{{ oo_env }}" - -ExecReload=-/usr/bin/docker stop "proxy-monitoring-1" -ExecReload=-/usr/bin/docker rm "proxy-monitoring-1" -ExecStop=-/usr/bin/docker stop "proxy-monitoring-1" - -[Install] -WantedBy=container.target - -# Container information -X-ContainerId=proxy-monitoring-1 -X-ContainerImage=docker-registry.ops.rhcloud.com/oso-v2-monitoring:{{ oo_env }} -X-ContainerUserId= -X-ContainerRequestId=LwiWtYWaAvSavH6Ze53QJg -X-ContainerType=simple -X-PortMapping=80:80 -X-PortMapping=443:443 -X-PortMapping=4999:4999 diff --git a/roles/atomic_proxy/templates/systemd/ctr-proxy-puppet-1.service.j2 b/roles/atomic_proxy/templates/systemd/ctr-proxy-puppet-1.service.j2 deleted file mode 100644 index c3f28f471..000000000 --- a/roles/atomic_proxy/templates/systemd/ctr-proxy-puppet-1.service.j2 +++ /dev/null @@ -1,33 +0,0 @@ -[Unit] -Description=Container proxy-puppet-1 - - -[Service] -Type=simple -TimeoutStartSec=5m -Slice=container-small.slice - - -ExecStartPre=-/usr/bin/docker rm "proxy-puppet-1" - -ExecStart=/usr/bin/docker run --rm --name "proxy-puppet-1" \ - --volumes-from proxy-shared-data-1 \ - -v /var/lib/docker/volumes/proxy_puppet/var/lib/puppet/ssl:/var/lib/puppet/ssl \ - -v /var/lib/docker/volumes/proxy_puppet/etc/puppet:/etc/puppet \ - -a stdout -a stderr \ - "docker-registry.ops.rhcloud.com/oso-v2-puppet:{{ oo_env }}" - -# Set links (requires container have a name) -ExecReload=-/usr/bin/docker stop "proxy-puppet-1" -ExecReload=-/usr/bin/docker rm "proxy-puppet-1" -ExecStop=-/usr/bin/docker stop "proxy-puppet-1" - -[Install] -WantedBy=container.target - -# Container information -X-ContainerId=proxy-puppet-1 -X-ContainerImage=docker-registry.ops.rhcloud.com/oso-v2-puppet:{{ oo_env }} -X-ContainerUserId= -X-ContainerRequestId=Ky0lhw0onwoSDJR4GK6t3g -X-ContainerType=simple diff --git a/roles/atomic_proxy/vars/main.yml b/roles/atomic_proxy/vars/main.yml deleted file mode 100644 index 1f90492fd..000000000 --- a/roles/atomic_proxy/vars/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -oo_proxy_puppet_volume_dir: /var/lib/docker/volumes/proxy_puppet |