diff options
Diffstat (limited to 'xci/installer/kubespray')
| -rwxr-xr-x | xci/installer/kubespray/deploy.sh | 6 | ||||
| -rw-r--r-- | xci/installer/kubespray/playbooks/configure-opnfvhost.yml | 27 | ||||
| -rw-r--r-- | xci/installer/kubespray/playbooks/configure-targethosts.yml | 8 |
3 files changed, 13 insertions, 28 deletions
diff --git a/xci/installer/kubespray/deploy.sh b/xci/installer/kubespray/deploy.sh index 364ee2b6..5136f5a8 100755 --- a/xci/installer/kubespray/deploy.sh +++ b/xci/installer/kubespray/deploy.sh @@ -91,10 +91,12 @@ echo "-----------------------------------------------------------------------" echo "Info: Kubernetes installation is successfully completed!" echo "-----------------------------------------------------------------------" -# Configure the kubernetes authentication in opnfv host. +# Configure the kubernetes authentication in opnfv host. In future releases +# kubectl is no longer an artifact so we should not fail if it's not available. +# This needs to be removed in the future ssh root@$OPNFV_HOST_IP "mkdir -p ~/.kube/;\ cp -f ~/admin.conf ~/.kube/config; \ - cp -f ~/kubectl /usr/local/bin" + cp -f ~/kubectl /usr/local/bin || true" echo "Login opnfv host ssh root@$OPNFV_HOST_IP according to the user-guide to create a service diff --git a/xci/installer/kubespray/playbooks/configure-opnfvhost.yml b/xci/installer/kubespray/playbooks/configure-opnfvhost.yml index eed814ba..f4a0602d 100644 --- a/xci/installer/kubespray/playbooks/configure-opnfvhost.yml +++ b/xci/installer/kubespray/playbooks/configure-opnfvhost.yml @@ -30,18 +30,6 @@ recursive: yes delete: yes - - name: generate SSH keys - command: ssh-keygen -b 2048 -t rsa -f /root/.ssh/id_rsa -q -N "" - args: - creates: /root/.ssh/id_rsa - - name: add id_rsa.pub to authorized_keys - shell: cat /root/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys - when: xci_flavor == 'aio' - - name: fetch public key - fetch: - src: "{{ ansible_env.HOME }}/.ssh/id_rsa.pub" - dest: "{{ xci_path }}/xci/files/authorized_keys" - flat: yes - name: delete the opnfv_inventory directory file: path: "{{ remote_xci_path }}/.cache/repos/kubespray/opnfv_inventory" @@ -59,7 +47,7 @@ command: "cp -rf {{ remote_xci_path }}/xci/installer/kubespray/files/k8s-cluster.yml \ {{ remote_xci_path }}/.cache/repos/kubespray/opnfv_inventory/group_vars" args: - creates: "{{ remote_xci_path }}/.cache/repos/kubespray/opnfv_inventory/group_vars" + creates: "{{ remote_xci_path }}/.cache/repos/kubespray/opnfv_inventory/group_vars/k8s-cluster.yml" - name: Install required packages package: name: "{{ kube_require_packages[ansible_pkg_mgr] }}" @@ -78,13 +66,8 @@ name: ansible version: "{{ xci_kube_ansible_pip_version }}" + - name: Configure SSL certificates + include_tasks: "{{ xci_path }}/xci/playbooks/manage-ssl-certs.yml" -- hosts: localhost - remote_user: root - vars_files: - - "{{ xci_path }}/xci/var/opnfv.yml" - tasks: - - name: Append public keys to authorized_keys - shell: "/bin/cat {{ ansible_env.HOME }}/.ssh/id_rsa.pub >> {{ xci_path }}/xci/files/authorized_keys" - args: - creates: "{{ xci_path }}/xci/files/authorized_keys" + - name: Manage SSH keys + include_tasks: "{{ xci_path }}/xci/playbooks/manage-ssh-keys.yml" diff --git a/xci/installer/kubespray/playbooks/configure-targethosts.yml b/xci/installer/kubespray/playbooks/configure-targethosts.yml index d89cd334..dd7024fb 100644 --- a/xci/installer/kubespray/playbooks/configure-targethosts.yml +++ b/xci/installer/kubespray/playbooks/configure-targethosts.yml @@ -2,10 +2,8 @@ - hosts: all remote_user: root tasks: - - name: add public key to host - copy: - src: "{{ xci_path }}/xci/files/authorized_keys" - dest: /root/.ssh/authorized_keys + - name: Manage SSH keys + include_tasks: "{{ xci_path }}/xci/playbooks/manage-ssh-keys.yml" - name: Install required packages package: name: "{{ kube_require_packages[ansible_pkg_mgr] }}" @@ -25,4 +23,6 @@ when: xci_flavor == 'ha' - role: "haproxy_server" haproxy_service_configs: "{{ haproxy_default_services}}" + haproxy_user_ssl_cert: "/etc/ssl/certs/xci.crt" + haproxy_user_ssl_key: "/etc/ssl/private/xci.key" when: xci_flavor == 'ha' |