[contrib/terraform/openstack] Backward compatibility changes (#2539)

* [terraform/openstack] Restores ability to use existing public nodes and masters as bastion.

* [terraform/openstack] Uses network_id as output

* [terraform/openstack] Fixes link to inventory/local/group_vars

* [terraform/openstack] Adds supplementary master groups

* [terraform/openstack] Updates documentation avoiding manual setups for bastion (as they are not needed now).

* [terraform/openstack] Supplementary master groups in docs.

* [terraform/openstack] Fixes repeated usage of master fips instead of bastion fips

* [terraform/openstack] Missing change for network_id to subnet_id

* [terraform/openstack] Changes conditional to element( concat ) form to avoid type issues with empty lists.
This commit is contained in:
Pablo Moreno 2018-04-30 16:11:07 +01:00 committed by Matthew Mosesohn
parent 59789ae02a
commit df6c5b28a1
6 changed files with 39 additions and 11 deletions

View file

@ -1 +1 @@
../../inventory/group_vars ../../inventory/local/group_vars

View file

@ -135,7 +135,7 @@ the one you want to use with the environment variable `OS_CLOUD`:
export OS_CLOUD=mycloud export OS_CLOUD=mycloud
``` ```
##### Openrc method (deprecated) ##### Openrc method
When using classic environment variables, Terraform uses default `OS_*` When using classic environment variables, Terraform uses default `OS_*`
environment variables. A script suitable for your environment may be available environment variables. A script suitable for your environment may be available
@ -218,6 +218,7 @@ For your cluster, edit `inventory/$CLUSTER/cluster.tf`.
|`number_of_bastions` | Number of bastion hosts to create. Scripts assume this is really just zero or one | |`number_of_bastions` | Number of bastion hosts to create. Scripts assume this is really just zero or one |
|`number_of_gfs_nodes_no_floating_ip` | Number of gluster servers to provision. | |`number_of_gfs_nodes_no_floating_ip` | Number of gluster servers to provision. |
| `gfs_volume_size_in_gb` | Size of the non-ephemeral volumes to be attached to store the GlusterFS bricks | | `gfs_volume_size_in_gb` | Size of the non-ephemeral volumes to be attached to store the GlusterFS bricks |
|`supplementary_master_groups` | To add ansible groups to the masters, such as `kube-node` for tainting them as nodes, empty by default. |
#### Terraform state files #### Terraform state files
@ -299,11 +300,15 @@ If you have deployed and destroyed a previous iteration of your cluster, you wil
#### Bastion host #### Bastion host
If you are not using a bastion host, but not all of your nodes have floating IPs, create a file `inventory/$CLUSTER/group_vars/no-floating.yml` with the following content. Use one of your nodes with a floating IP (this should have been output at the end of the Terraform step) and the appropriate user for that OS, or if you have another jump host, use that. Bastion access will be determined by:
``` - Your choice on the amount of bastion hosts (set by `number_of_bastions` terraform variable).
ansible_ssh_common_args: '-o ProxyCommand="ssh -o StrictHostKeyChecking=no -W %h:%p -q USER@MASTER_IP"' - The existence of nodes/masters with floating IPs (set by `number_of_k8s_masters`, `number_of_k8s_nodes`, `number_of_k8s_masters_no_etcd` terraform variables).
```
If you have a bastion host, your ssh traffic will be directly routed through it. This is regardless of whether you have masters/nodes with a floating IP assigned.
If you don't have a bastion host, but at least one of your masters/nodes have a floating IP, then ssh traffic will be tunneled by one of these machines.
So, either a bastion host, or at least master/node with a floating IP are required.
#### Test access #### Test access

View file

@ -48,6 +48,7 @@ module "compute" {
k8s_master_fips = "${module.ips.k8s_master_fips}" k8s_master_fips = "${module.ips.k8s_master_fips}"
k8s_node_fips = "${module.ips.k8s_node_fips}" k8s_node_fips = "${module.ips.k8s_node_fips}"
bastion_fips = "${module.ips.bastion_fips}" bastion_fips = "${module.ips.bastion_fips}"
supplementary_master_groups = "${var.supplementary_master_groups}"
network_id = "${module.network.router_id}" network_id = "${module.network.router_id}"
} }

View file

@ -83,7 +83,7 @@ resource "openstack_compute_instance_v2" "bastion" {
} }
provisioner "local-exec" { provisioner "local-exec" {
command = "sed s/USER/${var.ssh_user}/ contrib/terraform/openstack/ansible_bastion_template.txt | sed s/BASTION_ADDRESS/${var.bastion_fips[0]}/ > contrib/terraform/openstack/group_vars/no-floating.yml" command = "sed s/USER/${var.ssh_user}/ contrib/terraform/openstack/ansible_bastion_template.txt | sed s/BASTION_ADDRESS/${var.bastion_fips[0]}/ > contrib/terraform/group_vars/no-floating.yml"
} }
} }
@ -107,10 +107,14 @@ resource "openstack_compute_instance_v2" "k8s_master" {
metadata = { metadata = {
ssh_user = "${var.ssh_user}" ssh_user = "${var.ssh_user}"
kubespray_groups = "etcd,kube-master,k8s-cluster,vault" kubespray_groups = "etcd,kube-master,${var.supplementary_master_groups},k8s-cluster,vault"
depends_on = "${var.network_id}" depends_on = "${var.network_id}"
} }
provisioner "local-exec" {
command = "sed s/USER/${var.ssh_user}/ contrib/terraform/openstack/ansible_bastion_template.txt | sed s/BASTION_ADDRESS/${element( concat(var.bastion_fips, var.k8s_master_fips), 0)}/ > contrib/terraform/group_vars/no-floating.yml"
}
} }
resource "openstack_compute_instance_v2" "k8s_master_no_etcd" { resource "openstack_compute_instance_v2" "k8s_master_no_etcd" {
@ -125,15 +129,20 @@ resource "openstack_compute_instance_v2" "k8s_master_no_etcd" {
} }
security_groups = ["${openstack_compute_secgroup_v2.k8s_master.name}", security_groups = ["${openstack_compute_secgroup_v2.k8s_master.name}",
"${openstack_compute_secgroup_v2.bastion.name}",
"${openstack_compute_secgroup_v2.k8s.name}", "${openstack_compute_secgroup_v2.k8s.name}",
] ]
metadata = { metadata = {
ssh_user = "${var.ssh_user}" ssh_user = "${var.ssh_user}"
kubespray_groups = "kube-master,k8s-cluster,vault" kubespray_groups = "kube-master,${var.supplementary_master_groups},k8s-cluster,vault"
depends_on = "${var.network_id}" depends_on = "${var.network_id}"
} }
provisioner "local-exec" {
command = "sed s/USER/${var.ssh_user}/ contrib/terraform/openstack/ansible_bastion_template.txt | sed s/BASTION_ADDRESS/${element( concat(var.bastion_fips, var.k8s_master_fips), 0)}/ > contrib/terraform/group_vars/no-floating.yml"
}
} }
resource "openstack_compute_instance_v2" "etcd" { resource "openstack_compute_instance_v2" "etcd" {
@ -175,7 +184,7 @@ resource "openstack_compute_instance_v2" "k8s_master_no_floating_ip" {
metadata = { metadata = {
ssh_user = "${var.ssh_user}" ssh_user = "${var.ssh_user}"
kubespray_groups = "etcd,kube-master,k8s-cluster,vault,no-floating" kubespray_groups = "etcd,kube-master,${var.supplementary_master_groups},k8s-cluster,vault,no-floating"
depends_on = "${var.network_id}" depends_on = "${var.network_id}"
} }
@ -198,7 +207,7 @@ resource "openstack_compute_instance_v2" "k8s_master_no_floating_ip_no_etcd" {
metadata = { metadata = {
ssh_user = "${var.ssh_user}" ssh_user = "${var.ssh_user}"
kubespray_groups = "kube-master,k8s-cluster,vault,no-floating" kubespray_groups = "kube-master,${var.supplementary_master_groups},k8s-cluster,vault,no-floating"
depends_on = "${var.network_id}" depends_on = "${var.network_id}"
} }
@ -226,6 +235,10 @@ resource "openstack_compute_instance_v2" "k8s_node" {
depends_on = "${var.network_id}" depends_on = "${var.network_id}"
} }
provisioner "local-exec" {
command = "sed s/USER/${var.ssh_user}/ contrib/terraform/openstack/ansible_bastion_template.txt | sed s/BASTION_ADDRESS/${element( concat(var.bastion_fips, var.k8s_node_fips), 0)}/ > contrib/terraform/group_vars/no-floating.yml"
}
} }
resource "openstack_compute_instance_v2" "k8s_node_no_floating_ip" { resource "openstack_compute_instance_v2" "k8s_node_no_floating_ip" {

View file

@ -55,3 +55,7 @@ variable "k8s_node_fips" {
variable "bastion_fips" { variable "bastion_fips" {
type = "list" type = "list"
} }
variable "supplementary_master_groups" {
default = ""
}

View file

@ -111,3 +111,8 @@ variable "floatingip_pool" {
variable "external_net" { variable "external_net" {
description = "uuid of the external/public network" description = "uuid of the external/public network"
} }
variable "supplementary_master_groups" {
description = "supplementary kubespray ansible groups for masters, such kube-node"
default = ""
}