├── .gitignore
├── LICENSE
├── README.md
├── ansible.cfg
├── aws
    ├── main.tf
    └── variables.tf
├── digitalocean
    ├── main.tf
    └── variables.tf
├── modules
    ├── inventory_generation
    │   ├── inventory.template.cfg
    │   ├── inventory.tf
    │   └── variables.tf
    ├── openshift_aws
    │   ├── amis.tf
    │   ├── ec2_keypair.tf
    │   ├── main.tf
    │   ├── nodes.tf
    │   ├── outputs.tf
    │   ├── roles.tf
    │   ├── route53.tf
    │   ├── security_groups.tf
    │   ├── variables.tf
    │   └── vpc.tf
    └── openshift_digitalocean
    │   ├── domains.tf
    │   ├── outputs.tf
    │   ├── variables.tf
    │   ├── vms.tf
    │   └── volumes.tf
└── pre-install
    ├── hostsfile.j2
    └── playbook.yml


/.gitignore:
--------------------------------------------------------------------------------
 1 | # Infrastructure ignores.
 2 | .terraform
 3 | terraform.tfvars
 4 | terraform.tfstate
 5 | terraform.tfstate.backup
 6 | 
 7 | # The generated inventory files.
 8 | inventory.cfg
 9 | preinstall-inventory.cfg
10 | 
11 | # Emacs backup files
12 | *~
13 | 
14 | openshift-ansible*
15 | venv
16 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2018 
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | # OpenShift Terraform
  2 | 
  3 | This project sets up an OpenShift Origin cluster (v3.9 currently) on a DigitalOcean infrastructure. The infrastructure creation and generation of inventory files is handled by Terraform. The goal of the project is to eventually add support for various cloud providers.
  4 | 
  5 | 
  6 | ## Overview
  7 | 
  8 | A lot of this setup is insipred by [Get up and running with OpenShift on AWS](http://www.dwmkerr.com/get-up-and-running-with-openshift-on-aws/). Here's a 10k ft view of how the setup looks like.
  9 | 
 10 | **TODO: add diagram**
 11 | 
 12 | ## Prerequisites
 13 | 
 14 | 1. [Terraform](https://www.terraform.io/intro/getting-started/install.html) Download and install terraform for your OS.
 15 | 2. Ansible
 16 | 3. A DigitalOcean account with a ReadWrite Token generated.
 17 | 
 18 | ## Creating the Cluster
 19 | 
 20 | ### Provision the infrastructure
 21 | 
 22 | 
 23 | 
 24 | ```
 25 | $ export TF_VAR_domain=<your-base-domain-name>
 26 | $ export DIGITALOCEAN_TOKEN=<do-token>
 27 | $ terraform init
 28 | $ terraform apply
 29 | ```
 30 | 
 31 | Generate SSH keypair specific to this cluster. It is called `tf` and `tf.pub` by default. If you call it by a different name, change it in `variables.tf`.
 32 | 
 33 | ```
 34 | $ terraform apply
 35 | ```
 36 | 
 37 | This will generate 2 inventory files,
 38 | 
 39 | `preinstall-inventory.cfg` for installing the prerequisites in the Open Shift cluster.
 40 | 
 41 | `inventory.cfg` needed for the Ansible OpenShift installer.
 42 | 
 43 | ### Install prerequisite software
 44 | 
 45 | ```
 46 | $ ansible-playbook -u root --private-key=~/.ssh/tf -i preinstall-inventory.cfg ./pre-install/playbook.yml
 47 | ```
 48 | 
 49 | ### Install OpenShift cluster on provisioned infrastructure
 50 | 
 51 | Clone the playbook for v3.10.
 52 | 
 53 | ```
 54 | $ git clone git@github.com:openshift/openshift-ansible.git --branch release-3.10 --depth 1
 55 | $ cd openshift-ansible
 56 | ```
 57 | 
 58 | Install the verion of Ansible specified in the above repo. To do this, create a virtualenv, and run:
 59 | 
 60 | ```
 61 | $ pip install -r requirements.txt
 62 | ```
 63 | 
 64 | Prerequisite check.
 65 | 
 66 | ```
 67 | $ ansible-playbook -i ../inventory.cfg --private-key=~/.ssh/tf playbooks/prerequisites.yml
 68 | ```
 69 | 
 70 | Provision the cluster.
 71 | 
 72 | ```
 73 | $ ansible-playbook -i ../inventory.cfg --private-key=~/.ssh/tf playbooks/deploy_cluster.yml
 74 | ```
 75 | 
 76 | ### Post install steps
 77 | 
 78 | Login to master node using,
 79 | 
 80 | ```
 81 | $ ssh -i ~/.ssh/tf root@console.example.com
 82 | ````
 83 | 
 84 | And to the nodes using,
 85 | 
 86 | ```
 87 | $ ssh -i ~/.ssh/tf root@node-01.example.com
 88 | ```
 89 | 
 90 | Inside master node,
 91 | 
 92 | Create admin user.
 93 | 
 94 | ```
 95 | $ htpasswd -cb /etc/origin/master/htpasswd admin <password>
 96 | ```
 97 | 
 98 | Set up GlusterFS as the default storageclass.
 99 | 
100 | ```
101 | $ kubectl get storageclass
102 | NAME                PROVISIONER               AGE
103 | glusterfs-storage   kubernetes.io/glusterfs   16m
104 | ```
105 | 
106 | ```
107 | $ oc patch storageclass glusterfs-storage -p '{"metadata":{"annotations":{"storageclass.beta.kubernetes.io/is-default-class":"true"}}}'
108 | ```
109 | 
110 | ### Deploy Drupal s2i image
111 | 
112 | Import the image into the openshift registry.
113 | 
114 | ```
115 | $ oc project openshift # all image streams should belong to this namespace
116 | $ oc import-image lakshminp/openshift-drupal:v11 --confirm
117 | ```
118 | 
119 | Add the template either via UI or via cli.
120 | 
121 | ## Day 2 stuff
122 | 
123 | ### Adding new nodes
124 | 
125 | 
126 | ## Destroying the Cluster
127 | 
128 | ```
129 | $ terraform destroy
130 | ```
131 | 
132 | ## CI
133 | 
134 | ## Contact
135 | 
136 | - [email me](mailto:lakshmi@lakshminp.com?subject=Openshift%20Terraform)
137 | - [lakshminp.com](https://www.lakshminp.com)
138 | - [@lakshminp](https://twitter.com/lakshminp)
139 | 


--------------------------------------------------------------------------------
/ansible.cfg:
--------------------------------------------------------------------------------
1 | [defaults]
2 | host_key_checking = False
3 | 
4 | 


--------------------------------------------------------------------------------
/aws/main.tf:
--------------------------------------------------------------------------------
 1 | //  Create the infra needed for OpenShift cluster in AWS.
 2 | module "openshift_aws" {
 3 |   source               = "../modules/openshift_aws"
 4 | 
 5 |   key_name             = "openshift"
 6 |   public_key_path      = "${var.public_key_path}"
 7 |   region               = "${var.region}"
 8 |   master_size          = "${var.master_size}"
 9 |   node_size            = "${var.node_size}"
10 |   nodes_count          = "${var.nodes_count}"
11 |   domain               = "${var.domain}"
12 |   cluster_name    = "openshift-cluster"
13 |   cluster_id      = "trext_in_aws"
14 | }
15 | 
16 | 
17 | module "inventory_generation" {
18 |   source = "../modules/inventory_generation"
19 | 
20 |   master_domain = "${module.openshift_aws.master_domain}"
21 |   node_domains = "${module.openshift_aws.node_domains}"
22 |   apps_subdomain = "${module.openshift_aws.apps_subdomain}"
23 |   master_ip_address = "${module.openshift_aws.master_ip_address}"
24 |   node_ip_address = "${module.openshift_aws.node_ip_address}"
25 |   private_key_path = "${var.private_key_path}"
26 |   access_key = "${module.openshift_aws.access_key}"
27 |   secret_key = "${module.openshift_aws.secret_key}"
28 |   ansible_ssh_user = "centos"
29 |   use_gluster = false
30 |   provider = "aws"
31 |   cluster_id = "trext_in_aws"
32 | }
33 | 


--------------------------------------------------------------------------------
/aws/variables.tf:
--------------------------------------------------------------------------------
 1 | variable "key_name" {
 2 |   default = "openshift"
 3 |   description = "The name of the key to user for ssh access, e.g: consul-cluster"
 4 | }
 5 | 
 6 | variable "public_key_path" {
 7 |   default = "~/.ssh/tf.pub"
 8 |   description = "The local public key path, e.g. ~/.ssh/id_rsa.pub"
 9 | }
10 | 
11 | variable "private_key_path" {
12 |   default = "~/.ssh/tf"
13 |   description = "The local private key path, e.g. ~/.ssh/id_rsa"
14 | }
15 | 
16 | variable "region" {
17 |   default = "us-east-1"
18 |   description = "The AWS region where the cluster will be spun."
19 | }
20 | 
21 | variable "master_size" {
22 |   default = "m5.xlarge"
23 | }
24 | 
25 | variable "node_size" {
26 |   default = "m5.large"
27 | }
28 | 
29 | variable "nodes_count" {
30 |   default     = 1
31 | }
32 | 
33 | 
34 | variable "domain" {
35 |   default = "example.com"
36 |   description = "Base domain name for the Openshift cluster."
37 | }
38 | 


--------------------------------------------------------------------------------
/digitalocean/main.tf:
--------------------------------------------------------------------------------
 1 | //  Create the infra needed for OpenShift cluster in DO.
 2 | 
 3 | module "openshift_digitalocean" {
 4 |   source               = "../modules/openshift_digitalocean"
 5 | 
 6 |   key_name             = "openshift"
 7 |   public_key_path      = "${var.public_key_path}"
 8 |   region               = "${var.region}"
 9 |   master_size          = "${var.master_size}"
10 |   node_size            = "${var.node_size}"
11 |   nodes_count          = "${var.nodes_count}"
12 |   volume_size          = "${var.volume_size}"
13 |   domain               = "${var.domain}"
14 | }
15 | 
16 | 
17 | module "inventory_generation" {
18 |   source = "../modules/inventory_generation"
19 | 
20 |   master_domain = "${module.openshift_digitalocean.master_domain}",
21 |   node_domains = "${module.openshift_digitalocean.node_domains}",
22 |   apps_subdomain = "${module.openshift_digitalocean.apps_subdomain}",
23 |   master_ip_address = "${module.openshift_digitalocean.master_ip_address}",
24 |   node_ip_address = "${module.openshift_digitalocean.node_ip_address}",
25 |   private_key_path = "${var.private_key_path}"
26 |   use_gluster = true
27 |   provider = "digitalocean"
28 | }
29 | 


--------------------------------------------------------------------------------
/digitalocean/variables.tf:
--------------------------------------------------------------------------------
 1 | variable "public_key_path" {
 2 |   default = "~/.ssh/tf.pub"
 3 |   description = "The local public key path, e.g. ~/.ssh/id_rsa.pub"
 4 | }
 5 | 
 6 | variable "private_key_path" {
 7 |   default = "~/.ssh/tf"
 8 |   description = "The local private key path, e.g. ~/.ssh/id_rsa"
 9 | }
10 | 
11 | variable "region" {
12 |   default = "tor1"
13 |   description = "The digitalOcean region where the cluster will be spun."
14 | }
15 | 
16 | variable "master_size" {
17 |   default = "4gb"
18 |   description = "Size of the master VM"
19 | }
20 | 
21 | variable "node_size" {
22 |   default = "4gb"
23 |   description = "Size of the Node VMs"
24 | }
25 | 
26 | variable "nodes_count" {
27 |   default = 2
28 |   description = "No. of app nodes to create."
29 | }
30 | 
31 | variable "volume_size" {
32 |   default = 50
33 |   description = "Size of DO volumes in GB"
34 | }
35 | 
36 | variable "domain" {
37 |   default = "example.com"
38 |   description = "Base domain name for the Openshift cluster."
39 | }
40 | 


--------------------------------------------------------------------------------
/modules/inventory_generation/inventory.template.cfg:
--------------------------------------------------------------------------------
 1 | [OSEv3:children]
 2 | masters
 3 | nodes
 4 | etcd
 5 | ${gluster_group}
 6 | 
 7 | [masters]
 8 | ${master_ips}
 9 | 
10 | [etcd]
11 | ${etcd_ips}
12 | 
13 | [nodes]
14 | ${master_node_entry}
15 | ${nodes}
16 | 
17 | 
18 | ${glusterfs_master}
19 | ${glusterfs_nodes}
20 | 
21 | [OSEv3:vars]
22 | debug_level=4
23 | ansible_ssh_user=${ansible_ssh_user}
24 | enable_excluders=False
25 | enable_docker_excluder=False
26 | openshift_enable_service_catalog=False
27 | ansible_service_broker_install=False
28 | ansible_ssh_private_key=${private_key_path}
29 | 
30 | containerized=True
31 | os_sdn_network_plugin_name='redhat/openshift-ovs-multitenant'
32 | openshift_disable_check=disk_availability,docker_storage,memory_availability,docker_image_availability
33 | 
34 | openshift_node_kubelet_args={'pods-per-core': ['${pods_per_core}']}
35 | 
36 | deployment_type=origin
37 | openshift_deployment_type=origin
38 | 
39 | openshift_release=v3.10.0
40 | openshift_image_tag=v3.10.0
41 | openshift_service_catalog_image_version=v3.10.0
42 | template_service_broker_image_version=v3.10.0
43 | 
44 | ${aws_keys_block}
45 | 
46 | osm_use_cockpit=true
47 | 
48 | openshift_clusterid=${cluster_id}
49 | 
50 | openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider'}]
51 | 
52 | openshift_public_hostname=${openshift_public_host_name}
53 | openshift_master_default_subdomain=${openshift_master_default_subdomain}
54 | 
55 | # Commented out because of https://github.com/openshift/openshift-ansible/issues/9219
56 | #openshift_master_api_port=443
57 | #openshift_master_console_port=443
58 | 


--------------------------------------------------------------------------------
/modules/inventory_generation/inventory.tf:
--------------------------------------------------------------------------------
 1 | locals {
 2 |   aws_keys_block = <<EOF
 3 | openshift_cloudprovider_kind=aws
 4 | openshift_cloudprovider_aws_access_key=%s
 5 | openshift_cloudprovider_aws_secret_key=%s
 6 | EOF
 7 | }
 8 | 
 9 | // Create openshift's inventory
10 | data "template_file" "inventory" {
11 |   template = "${file("${path.module}/inventory.template.cfg")}"
12 | 
13 |   vars {
14 |     master_ips                         = "${format("%s openshift_ip=%s openshift_schedulable=true", var.master_domain, var.master_ip_address)}"
15 |     etcd_ips                           = "${format("%s openshift_ip=%s", var.master_domain, var.master_ip_address)}"
16 |     master_node_entry                  = "${format("%s openshift_ip=%s openshift_schedulable=true openshift_node_group_name='node-config-all-in-one'", var.master_domain, var.master_ip_address)}"
17 |     nodes                              = "${join("\n", formatlist("%s openshift_ip=%s openshift_schedulable=true openshift_node_group_name='node-config-compute'", var.node_domains, var.node_ip_address))}"
18 |     gluster_group = "${var.use_gluster?"glusterfs":""}"
19 |     glusterfs_master                   = "${var.use_gluster?format("[glusterfs]\n%s glusterfs_devices='[ \"/dev/sda\" ]'", var.master_ip_address):""}"
20 |     glusterfs_nodes                    = "${var.use_gluster?join("\n", formatlist("%s glusterfs_devices='[ \"/dev/sda\" ]'", var.node_ip_address)):""}"
21 |     ansible_ssh_user                   = "${var.ansible_ssh_user}"
22 |     private_key_path                   = "${var.private_key_path}"
23 |     pods_per_core                      = "${var.pods_per_core}"
24 |     openshift_public_host_name         = "${var.master_domain}"
25 |     openshift_master_default_subdomain = "${var.apps_subdomain}"
26 |     cluster_id = "${var.cluster_id}"
27 |     aws_keys_block = "${var.provider == "aws"?format(local.aws_keys_block, var.access_key, var.secret_key):""}"
28 |   }
29 | }
30 | 
31 | resource "local_file" "inventory" {
32 |   content  = "${data.template_file.inventory.rendered}"
33 |   filename = "${path.cwd}/inventory.cfg"
34 | }
35 | 


--------------------------------------------------------------------------------
/modules/inventory_generation/variables.tf:
--------------------------------------------------------------------------------
 1 | variable "master_domain" {}
 2 | 
 3 | variable "node_domains" { type = "list" }
 4 | 
 5 | variable "master_ip_address" {}
 6 | 
 7 | variable "node_ip_address" {type = "list"}
 8 | 
 9 | variable "apps_subdomain" {}
10 | 
11 | variable "access_key" {}
12 | 
13 | variable "secret_key" {}
14 | 
15 | variable "use_gluster" {}
16 | 
17 | variable "provider" {}
18 | 
19 | variable "cluster_id" {}
20 | 
21 | variable "private_key_path" {
22 |   description = "The local private key path, e.g. ~/.ssh/id_rsa"
23 | }
24 | 
25 | variable "ansible_ssh_user" {
26 |   description = "The ssh user for all the infrastructure nodes"
27 |   default     = "root"
28 | }
29 | 
30 | variable "pods_per_core" {
31 |   description = "No. of k8s pods per core"
32 |   default     = "10"
33 | }
34 | 


--------------------------------------------------------------------------------
/modules/openshift_aws/amis.tf:
--------------------------------------------------------------------------------
 1 | data "aws_ami" "centos_7_x64" {
 2 |   most_recent = true
 3 | 
 4 |   owners = ["679593333241"] // Centos account ID
 5 | 
 6 |   filter {
 7 |     name   = "architecture"
 8 |     values = ["x86_64"]
 9 |   }
10 | 
11 |   filter {
12 |     name   = "root-device-type"
13 |     values = ["ebs"]
14 |   }
15 | 
16 |   filter {
17 |     name   = "virtualization-type"
18 |     values = ["hvm"]
19 |   }
20 | 
21 |   filter {
22 |     name   = "name"
23 |     values = ["CentOS Linux 7 x86_64 HVM EBS *"]
24 |   }
25 | }
26 | 


--------------------------------------------------------------------------------
/modules/openshift_aws/ec2_keypair.tf:
--------------------------------------------------------------------------------
1 | resource "aws_key_pair" "keypair" {
2 |   key_name   = "${var.key_name}"
3 |   public_key = "${file(var.public_key_path)}"
4 | }
5 | 


--------------------------------------------------------------------------------
/modules/openshift_aws/main.tf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/badri/openshift-terraform/9a33fd961b7dee439f255575346718bc4bd21722/modules/openshift_aws/main.tf


--------------------------------------------------------------------------------
/modules/openshift_aws/nodes.tf:
--------------------------------------------------------------------------------
 1 | locals {
 2 |   common_tags = "${map(
 3 |     "Project", "openshift",
 4 |     "KubernetesCluster", "${var.cluster_name}",
 5 |     "kubernetes.io/cluster/${var.cluster_name}", "${var.cluster_id}"
 6 |   )}"
 7 | }
 8 | 
 9 | resource "aws_eip" "master_eip" {
10 |   instance = "${aws_instance.master.id}"
11 |   vpc      = true
12 | }
13 | 
14 | resource "aws_instance" "master" {
15 |   ami                  = "${data.aws_ami.centos_7_x64.id}"
16 |   # Master nodes require at least 16GB of memory.
17 |   instance_type        = "${var.master_size}"
18 |   subnet_id            = "${aws_subnet.public-subnet.id}"
19 |   iam_instance_profile = "${aws_iam_instance_profile.openshift-instance-profile.id}"
20 | 
21 |   vpc_security_group_ids = [
22 |     "${aws_security_group.openshift-vpc.id}",
23 |     "${aws_security_group.openshift-public-ingress.id}",
24 |     "${aws_security_group.openshift-public-egress.id}",
25 |   ]
26 | 
27 |   //  We need at least 30GB for OpenShift, let's be greedy...
28 |   root_block_device {
29 |     volume_size = 50
30 |     volume_type = "gp2"
31 |   }
32 | 
33 |   # Storage for Docker, see:
34 |   # https://docs.openshift.org/latest/install_config/install/host_preparation.html#configuring-docker-storage
35 |   ebs_block_device {
36 |     device_name = "/dev/sdf"
37 |     volume_size = 80
38 |     volume_type = "gp2"
39 |   }
40 | 
41 |   key_name = "${aws_key_pair.keypair.key_name}"
42 |   tags = "${merge(
43 |     local.common_tags,
44 |     map(
45 |       "Name", "OpenShift Master"
46 |     )
47 |   )}"
48 | }
49 | 
50 | resource "aws_eip" "node_eips" {
51 |   instance = "${element(aws_instance.nodes.*.id, count.index)}"
52 |   vpc      = true
53 |   count    = "${var.nodes_count}"
54 | }
55 | 
56 | //  Create the two nodes. This would be better as a Launch Configuration and
57 | //  autoscaling group, but I'm keeping it simple...
58 | resource "aws_instance" "nodes" {
59 |   ami                  = "${data.aws_ami.centos_7_x64.id}"
60 |   instance_type        = "${var.node_size}"
61 |   subnet_id            = "${aws_subnet.public-subnet.id}"
62 |   iam_instance_profile = "${aws_iam_instance_profile.openshift-instance-profile.id}"
63 | 
64 |   vpc_security_group_ids = [
65 |     "${aws_security_group.openshift-vpc.id}",
66 |     "${aws_security_group.openshift-public-ingress.id}",
67 |     "${aws_security_group.openshift-public-egress.id}",
68 |   ]
69 | 
70 |   //  We need at least 30GB for OpenShift, let's be greedy...
71 |   root_block_device {
72 |     volume_size = 50
73 |     volume_type = "gp2"
74 |   }
75 | 
76 |   # Storage for Docker, see:
77 |   # https://docs.openshift.org/latest/install_config/install/host_preparation.html#configuring-docker-storage
78 |   ebs_block_device {
79 |     device_name = "/dev/sdf"
80 |     volume_size = 80
81 |     volume_type = "gp2"
82 |   }
83 | 
84 |   key_name = "${aws_key_pair.keypair.key_name}"
85 | 
86 |   count = "${var.nodes_count}"
87 |   tags = "${merge(
88 |     local.common_tags,
89 |     map(
90 |       "Name", "${format("%s%02d", var.node_prefix, count.index + 1)}"
91 |     )
92 |   )}"
93 | }
94 | 


--------------------------------------------------------------------------------
/modules/openshift_aws/outputs.tf:
--------------------------------------------------------------------------------
 1 | output "master_domain" {
 2 |   value = "${var.console_subdomain}.${var.domain}"
 3 | }
 4 | 
 5 | output "node_domains" {
 6 |   value = "${formatlist("%s.%s", aws_instance.nodes.*.tags.Name, var.domain)}"
 7 | }
 8 | 
 9 | output "master_ip_address" {
10 |   value = "${aws_eip.master_eip.private_ip}"
11 | }
12 | 
13 | output "node_ip_address" {
14 |   value = "${aws_eip.node_eips.*.private_ip}"
15 | }
16 | 
17 | output "apps_subdomain" {
18 |   value = "${var.apps_subdomain}.${var.domain}"
19 | }
20 | 
21 | output "access_key" {
22 |   value = "${aws_iam_access_key.openshift-aws-user.id}"
23 | }
24 | 
25 | output "secret_key" {
26 |   value = "${aws_iam_access_key.openshift-aws-user.secret}"
27 | }
28 | 


--------------------------------------------------------------------------------
/modules/openshift_aws/roles.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_iam_role" "openshift-instance-role" {
 2 |   name = "openshift-instance-role"
 3 | 
 4 |   assume_role_policy = <<EOF
 5 | {
 6 |     "Version": "2012-10-17",
 7 |     "Statement": [
 8 |         {
 9 |             "Action": "sts:AssumeRole",
10 |             "Principal": {
11 |                 "Service": "ec2.amazonaws.com"
12 |             },
13 |             "Effect": "Allow",
14 |             "Sid": ""
15 |         }
16 |     ]
17 | }
18 | EOF
19 | }
20 | 
21 | resource "aws_iam_user" "openshift-aws-user" {
22 |   name = "openshift-aws-user"
23 | }
24 | 
25 | resource "aws_iam_user_policy" "openshift-aws-user" {
26 |   name = "openshift-aws-user-policy"
27 |   user = "${aws_iam_user.openshift-aws-user.name}"
28 | 
29 |   policy = <<EOF
30 | {
31 |   "Version": "2012-10-17",
32 |   "Statement": [
33 |     {
34 |       "Effect": "Allow",
35 |       "Action": [
36 |         "ec2:DescribeVolume*",
37 |         "ec2:CreateVolume",
38 |         "ec2:CreateTags",
39 |         "ec2:DescribeInstance*",
40 |         "ec2:AttachVolume",
41 |         "ec2:DetachVolume",
42 |         "ec2:DeleteVolume",
43 |         "ec2:DescribeSubnets",
44 |         "ec2:CreateSecurityGroup",
45 |         "ec2:DescribeSecurityGroups",
46 |         "elasticloadbalancing:DescribeTags",
47 |         "elasticloadbalancing:CreateLoadBalancerListeners",
48 |         "ec2:DescribeRouteTables",
49 |         "elasticloadbalancing:ConfigureHealthCheck",
50 |         "ec2:AuthorizeSecurityGroupIngress",
51 |         "elasticloadbalancing:DeleteLoadBalancerListeners",
52 |         "elasticloadbalancing:RegisterInstancesWithLoadBalancer",
53 |         "elasticloadbalancing:DescribeLoadBalancers",
54 |         "elasticloadbalancing:CreateLoadBalancer",
55 |         "elasticloadbalancing:DeleteLoadBalancer",
56 |         "elasticloadbalancing:ModifyLoadBalancerAttributes",
57 |         "elasticloadbalancing:DescribeLoadBalancerAttributes"
58 |       ],
59 |       "Resource": "*"
60 |     }
61 |   ]
62 | }
63 | EOF
64 | }
65 | 
66 | resource "aws_iam_access_key" "openshift-aws-user" {
67 |   user    = "${aws_iam_user.openshift-aws-user.name}"
68 | }
69 | 
70 | resource "aws_iam_instance_profile" "openshift-instance-profile" {
71 |   name  = "openshift-instance-profile"
72 |   role = "${aws_iam_role.openshift-instance-role.name}"
73 | }
74 | 


--------------------------------------------------------------------------------
/modules/openshift_aws/route53.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_route53_zone" "openshift_route53_zone" {
 2 |   name = "${var.domain}"
 3 | }
 4 | 
 5 | // Master record
 6 | resource "aws_route53_record" "openshift-master-record" {
 7 |     zone_id = "${aws_route53_zone.openshift_route53_zone.zone_id}"
 8 |     name = "console"
 9 |     type = "A"
10 |     ttl  = 300
11 |     records = [
12 |         "${aws_eip.master_eip.public_ip}"
13 |     ]
14 | }
15 | 
16 | // Node records
17 | resource "aws_route53_record" "openshift-node-records" {
18 |   zone_id = "${aws_route53_zone.openshift_route53_zone.zone_id}"
19 |   name   = "${format("%s%02d", var.node_prefix, count.index + 1)}"
20 |   type = "A"
21 |   ttl  = 300
22 |   records = [
23 |     "${element(aws_eip.node_eips.*.public_ip, count.index)}"
24 |   ]
25 |   count  = "${var.nodes_count}"
26 | }
27 | 
28 | // apps subdomain
29 | resource "aws_route53_record" "openshift-app-subdomain" {
30 |   zone_id = "${aws_route53_zone.openshift_route53_zone.zone_id}"
31 |   name   = "*.apps"
32 |   type = "CNAME"
33 |   ttl  = 300
34 |   records = [
35 |     "${var.domain}" # should be console subdomain.domain
36 |   ]
37 | }
38 | /*
39 | output "nameservers" {
40 |   value = "${aws_route53_zone.openshift_route53_zone.name_servers}"
41 | }
42 | */
43 | 


--------------------------------------------------------------------------------
/modules/openshift_aws/security_groups.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_security_group" "openshift-vpc" {
 2 |   name        = "openshift-vpc"
 3 |   description = "Default security group that allows all instances in the VPC to talk to each other over any port and protocol."
 4 |   vpc_id      = "${aws_vpc.openshift.id}"
 5 | 
 6 |   ingress {
 7 |     from_port = "0"
 8 |     to_port   = "0"
 9 |     protocol  = "-1"
10 |     self      = true
11 |   }
12 | 
13 |   egress {
14 |     from_port = "0"
15 |     to_port   = "0"
16 |     protocol  = "-1"
17 |     self      = true
18 |   }
19 | }
20 | 
21 | resource "aws_security_group" "openshift-public-ingress" {
22 |   name        = "openshift-public-ingress"
23 |   description = "Security group that allows public ingress to instances, HTTP, HTTPS and more."
24 |   vpc_id      = "${aws_vpc.openshift.id}"
25 | 
26 |   //  HTTP
27 |   ingress {
28 |     from_port   = 80
29 |     to_port     = 80
30 |     protocol    = "tcp"
31 |     cidr_blocks = ["0.0.0.0/0"]
32 |   }
33 | 
34 |   //  HTTP Proxy
35 |   ingress {
36 |     from_port   = 8080
37 |     to_port     = 8080
38 |     protocol    = "tcp"
39 |     cidr_blocks = ["0.0.0.0/0"]
40 |   }
41 | 
42 |   //  HTTPS
43 |   ingress {
44 |     from_port   = 443
45 |     to_port     = 443
46 |     protocol    = "tcp"
47 |     cidr_blocks = ["0.0.0.0/0"]
48 |   }
49 | 
50 |   //  HTTPS Proxy
51 |   ingress {
52 |     from_port   = 8443
53 |     to_port     = 8443
54 |     protocol    = "tcp"
55 |     cidr_blocks = ["0.0.0.0/0"]
56 |   }
57 | 
58 |   ingress {
59 |     from_port   = 22
60 |     to_port     = 22
61 |     protocol    = "tcp"
62 |     cidr_blocks = ["0.0.0.0/0"]
63 |   }  
64 | }
65 | 
66 | //  This security group allows public egress from the instances for HTTP and
67 | //  HTTPS, which is needed for yum updates, git access etc etc.
68 | resource "aws_security_group" "openshift-public-egress" {
69 |   name        = "openshift-public-egress"
70 |   description = "Security group that allows egress to the internet for instances over HTTP and HTTPS."
71 |   vpc_id      = "${aws_vpc.openshift.id}"
72 | 
73 |   //  HTTP
74 |   egress {
75 |     from_port   = 80
76 |     to_port     = 80
77 |     protocol    = "tcp"
78 |     cidr_blocks = ["0.0.0.0/0"]
79 |   }
80 | 
81 |   //  HTTPS
82 |   egress {
83 |     from_port   = 443
84 |     to_port     = 443
85 |     protocol    = "tcp"
86 |     cidr_blocks = ["0.0.0.0/0"]
87 |   }
88 | }
89 | 


--------------------------------------------------------------------------------
/modules/openshift_aws/variables.tf:
--------------------------------------------------------------------------------
 1 | variable "key_name" {
 2 |   default = "openshift"
 3 |   description = "The name of the key to user for ssh access, e.g: consul-cluster"
 4 | }
 5 | 
 6 | variable "public_key_path" {
 7 |   default = "~/.ssh/tf.pub"
 8 |   description = "The local public key path, e.g. ~/.ssh/id_rsa.pub"
 9 | }
10 | 
11 | variable "private_key_path" {
12 |   default = "~/.ssh/tf"
13 |   description = "The local private key path, e.g. ~/.ssh/id_rsa"
14 | }
15 | 
16 | variable "region" {
17 |   default = "us-east-1"
18 |   description = "The AWS region where the cluster will be spun."
19 | }
20 | 
21 | variable "vpc_cidr" {
22 |   default = "10.0.0.0/16"
23 | }
24 | 
25 | variable "subnet_cidr" {
26 |   default = "10.0.1.0/24"
27 | }
28 | 
29 | variable "subnetaz" {
30 |   type = "map"
31 | 
32 |   default = {
33 |     us-east-1 = "us-east-1a"
34 |     us-east-2 = "us-east-2a"
35 |     us-west-1 = "us-west-1a"
36 |     us-west-2 = "us-west-2a"
37 |     eu-west-1 = "eu-west-1a"
38 |     eu-west-2 = "eu-west-2a"
39 |     eu-central-1 = "eu-central-1a"
40 |     ap-southeast-1 = "ap-southeast-1a"
41 |   }
42 | }
43 | 
44 | 
45 | variable "master_size" {
46 |   default = "m5.xlarge"
47 |   description = "Size of the master VM"
48 | }
49 | 
50 | variable "node_size" {
51 |   default = "m5.large"
52 |   description = "Size of the Node VMs"
53 | }
54 | 
55 | variable "nodes_count" {
56 |   default = 2
57 |   description = "No. of app nodes to create."
58 | }
59 | 
60 | variable "node_prefix" {
61 |   default = "node-"
62 | }
63 | 
64 | variable "domain" {
65 |   default = "example.com"
66 |   description = "Base domain name for the Openshift cluster."
67 | }
68 | 
69 | // console.example.com
70 | variable "console_subdomain" {
71 |   default = "console"
72 | }
73 | 
74 | // *.apps.example.com
75 | variable "apps_subdomain" {
76 |   default = "apps"
77 | }
78 | 
79 | variable "cluster_name" {
80 |   description = "Name of the cluster, e.g: 'openshift-cluster'. Useful when running multiple clusters in the same AWS account."
81 | }
82 | 
83 | variable "cluster_id" {
84 |   description = "ID of the cluster, e.g: 'openshift-cluster-us-east-1'. Useful when running multiple clusters in the same AWS account."
85 | }
86 | 


--------------------------------------------------------------------------------
/modules/openshift_aws/vpc.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_vpc" "openshift" {
 2 |   cidr_block           = "${var.vpc_cidr}"
 3 |   enable_dns_hostnames = true
 4 | }
 5 | 
 6 | resource "aws_internet_gateway" "openshift" {
 7 |   vpc_id = "${aws_vpc.openshift.id}"
 8 | }
 9 | 
10 | resource "aws_subnet" "public-subnet" {
11 |   vpc_id                  = "${aws_vpc.openshift.id}"
12 |   cidr_block              = "${var.subnet_cidr}"
13 |   availability_zone       = "${lookup(var.subnetaz, var.region)}"
14 |   map_public_ip_on_launch = true
15 |   depends_on              = ["aws_internet_gateway.openshift"]
16 | }
17 | 
18 | resource "aws_route_table" "public" {
19 |   vpc_id = "${aws_vpc.openshift.id}"
20 | 
21 |   route {
22 |     cidr_block = "0.0.0.0/0"
23 |     gateway_id = "${aws_internet_gateway.openshift.id}"
24 |   }
25 | }
26 | 
27 | resource "aws_route_table_association" "public-subnet" {
28 |   subnet_id      = "${aws_subnet.public-subnet.id}"
29 |   route_table_id = "${aws_route_table.public.id}"
30 | }
31 | 


--------------------------------------------------------------------------------
/modules/openshift_digitalocean/domains.tf:
--------------------------------------------------------------------------------
 1 | // master domain
 2 | 
 3 | resource "digitalocean_domain" "openshift_base" {
 4 |   name       = "${var.domain}"
 5 |   ip_address = "${digitalocean_droplet.master.ipv4_address}"
 6 | }
 7 | 
 8 | // console url
 9 | resource "digitalocean_record" "openshift_web_console" {
10 |   domain = "${digitalocean_domain.openshift_base.name}"
11 |   type   = "A"
12 |   name   = "console"
13 |   value  = "${digitalocean_droplet.master.ipv4_address}"
14 | }
15 | 
16 | // apps subdomains
17 | resource "digitalocean_record" "openshift_apps" {
18 |   domain = "${digitalocean_domain.openshift_base.name}"
19 |   type   = "CNAME"
20 |   name   = "*.apps"
21 |   value  = "@"
22 | }
23 | 
24 | // node urls
25 | resource "digitalocean_record" "openshift_nodes" {
26 |   count  = "${var.nodes_count}"
27 |   domain = "${digitalocean_domain.openshift_base.name}"
28 |   type   = "A"
29 |   name   = "${format("%s%02d", var.node_prefix, count.index + 1)}"
30 |   value  = "${element(digitalocean_droplet.nodes.*.ipv4_address, count.index)}"
31 | }
32 | 


--------------------------------------------------------------------------------
/modules/openshift_digitalocean/outputs.tf:
--------------------------------------------------------------------------------
 1 | output "master_domain" {
 2 |   value = "${var.console_subdomain}.${var.domain}"
 3 | }
 4 | 
 5 | output "node_domains" {
 6 |   value = "${formatlist("%s.%s", digitalocean_droplet.nodes.*.name, var.domain)}"
 7 | }
 8 | 
 9 | output "master_ip_address" {
10 |   value = "${digitalocean_droplet.master.ipv4_address}"
11 | }
12 | 
13 | output "node_ip_address" {
14 |   value = "${digitalocean_droplet.nodes.*.ipv4_address}"
15 | }
16 | 
17 | output "apps_subdomain" {
18 |   value = "${var.apps_subdomain}.${var.domain}"
19 | }
20 | 


--------------------------------------------------------------------------------
/modules/openshift_digitalocean/variables.tf:
--------------------------------------------------------------------------------
 1 | variable "key_name" {
 2 |   description = "The name of the key to user for ssh access, e.g: consul-cluster"
 3 | }
 4 | 
 5 | variable "public_key_path" {
 6 |   description = "The local public key path, e.g. ~/.ssh/id_rsa.pub"
 7 | }
 8 | 
 9 | variable "image" {
10 |   description = "The base OS used for installation."
11 |   default     = "centos-7-x64"
12 | }
13 | 
14 | variable "master_hostname" {
15 |   description = "Hostname of Master."
16 |   default     = "openshift-master"
17 | }
18 | 
19 | variable "region" {
20 |   description = "The region where the cluster will be spun"
21 |   default     = "blr1"
22 | }
23 | 
24 | variable "master_size" {
25 |   description = "Size of the master"
26 |   default     = "4gb"
27 | }
28 | 
29 | variable "node_size" {
30 |   description = "Size of the nodes"
31 |   default     = "4gb"
32 | }
33 | 
34 | variable "nodes_count" {
35 |   description = "No. of nodes"
36 |   default     = 2
37 | }
38 | 
39 | variable "volume_size" {
40 |   description = "Size of DO volumes in GB"
41 |   default     = 100
42 | }
43 | 
44 | variable "domain" {
45 |   description = "Base domain name for the cluster."
46 |   default     = "trext.in"
47 | }
48 | 
49 | // console.example.com
50 | variable "console_subdomain" {
51 |   default = "console"
52 | }
53 | 
54 | // *.apps.example.com
55 | variable "apps_subdomain" {
56 |   default = "apps"
57 | }
58 | 
59 | variable "node_prefix" {
60 |   default = "node-"
61 | }
62 | 


--------------------------------------------------------------------------------
/modules/openshift_digitalocean/vms.tf:
--------------------------------------------------------------------------------
 1 | //  Create an SSH keypair
 2 | resource "digitalocean_ssh_key" "keypair" {
 3 |   name       = "${var.key_name}"
 4 |   public_key = "${file(var.public_key_path)}"
 5 | }
 6 | 
 7 | resource "digitalocean_droplet" "master" {
 8 |   image      = "${var.image}"
 9 |   name       = "${var.master_hostname}"
10 |   region     = "${var.region}"
11 |   size       = "${var.master_size}"
12 |   ssh_keys   = ["${digitalocean_ssh_key.keypair.id}"]
13 |   count      = 1
14 |   volume_ids = ["${digitalocean_volume.master_volume.id}"]
15 |   private_networking = true
16 | }
17 | 
18 | resource "digitalocean_droplet" "nodes" {
19 |   image      = "${var.image}"
20 |   name       = "${format("%s%02d", var.node_prefix, count.index + 1)}"
21 |   region     = "${var.region}"
22 |   size       = "${var.node_size}"
23 |   ssh_keys   = ["${digitalocean_ssh_key.keypair.id}"]
24 |   count      = "${var.nodes_count}"
25 |   volume_ids = ["${element(digitalocean_volume.node_volumes.*.id, count.index)}"]
26 | }
27 | 


--------------------------------------------------------------------------------
/modules/openshift_digitalocean/volumes.tf:
--------------------------------------------------------------------------------
 1 | // create the GlusterFS volumes associated with the nodes
 2 | 
 3 | resource "digitalocean_volume" "master_volume" {
 4 |   region = "${var.region}"
 5 |   name   = "master-glusterfs"
 6 |   size   = "${var.volume_size}"
 7 | }
 8 | 
 9 | resource "digitalocean_volume" "node_volumes" {
10 |   region = "${var.region}"
11 |   name   = "${format("%s%02d-glusterfs", var.node_prefix, count.index + 1)}"
12 |   size   = "${var.volume_size}"
13 |   count  = "${var.nodes_count}"
14 | }
15 | 


--------------------------------------------------------------------------------
/pre-install/hostsfile.j2:
--------------------------------------------------------------------------------
1 | {% for group in groups %}
2 | {% if groups[group] and group == 'all' %}
3 | {% for host in groups[group] %}
4 | {{hostvars[host].ansible_default_ipv4.address}} {{ hostvars[host].ansible_hostname }} {{ hostvars[host].inventory_hostname }}
5 | {% endfor %}
6 | 
7 | {% endif %}
8 | {% endfor %}
9 | 


--------------------------------------------------------------------------------
/pre-install/playbook.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | - hosts: all
 3 |   vars:
 4 |     packages:
 5 |       - git
 6 |       - nano
 7 |       - net-tools
 8 |       - docker-1.13.1
 9 |       - bind-utils
10 |       - iptables-services
11 |       - bridge-utils
12 |       - bash-completion
13 |       - kexec-tools
14 |       - sos
15 |       - psacct
16 |       - openssl-devel
17 |       - httpd-tools
18 |       - NetworkManager
19 |       - python-cryptography
20 |       - python-devel
21 |       - python-passlib
22 |       - java-1.8.0-openjdk-headless
23 |       - "@Development Tools"
24 | 
25 |   tasks:
26 |     - name: Install required dependencies
27 |       yum:
28 |         update_cache: true
29 |         name: "{{ packages }}"
30 | 
31 |     - name: Install EPEL from a remote repo
32 |       yum:
33 |         name: https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
34 |         state: present
35 | 
36 |     - name: Update EPEL repo details
37 |       replace:
38 |         path: /etc/yum.repos.d/epel.repo
39 |         regexp: '^enabled=1'
40 |         replace: enabled=0
41 | 
42 |     - name: Start Network service
43 |       systemd:
44 |         state: started
45 |         name: NetworkManager
46 | 
47 |     - name: Enable Network service
48 |       systemd:
49 |         enabled: yes
50 |         name: NetworkManager
51 | 
52 |     - name: Update /etc/hosts
53 |       blockinfile:
54 |         block: "{{ lookup('template', 'hostsfile.j2') }}"
55 |         path: /etc/hosts
56 | 
57 |     - name: Restart docker service
58 |       systemd:
59 |         state: restarted
60 |         name: docker
61 | 
62 |     - name: Enable docker service
63 |       systemd:
64 |         enabled: yes
65 |         name: docker
66 | 


--------------------------------------------------------------------------------