Merge pull request openshift#3549 from kwoodson/router_sharding

Adding support for multiple router shards.

roles/openshift_hosted/defaults/main.yml

@@ -1,2 +1,30 @@
 ---
 registry_volume_claim: 'registry-claim'
+
+openshift_hosted_router_edits:
+- key: spec.strategy.rollingParams.intervalSeconds
+  value: 1
+  action: put
+- key: spec.strategy.rollingParams.updatePeriodSeconds
+  value: 1
+  action: put
+- key: spec.strategy.activeDeadlineSeconds
+  value: 21600
+  action: put
+
+openshift_hosted_routers:
+- name: router
+  replicas: "{{ replicas }}"
+  namespace: default
+  serviceaccount: router
+  selector: "{{ openshift_hosted_router_selector }}"
+  images: "{{ openshift_hosted_router_image }}"
+  edits: "{{ openshift_hosted_router_edits }}"
+  stats_port: 1936
+  ports:
+  - 80:80
+  - 443:443
+  certificates: "{{ openshift_hosted_router_certificate | default({}) }}"
+
+
+openshift_hosted_router_certificates: {}

roles/openshift_hosted/tasks/router/router.yml

@@ -11,69 +11,34 @@
 - name: set_fact replicas
   set_fact:
     replicas: "{{ openshift.hosted.router.replicas|default(None) | get_router_replicas(router_nodes) }}"
+    openshift_hosted_router_selector: "{{ openshift.hosted.router.selector | default(None) }}"
+    openshift_hosted_router_image: "{{ openshift.hosted.router.registryurl }}"
 
-- block:
-
-  - name: Assert that 'certfile', 'keyfile' and 'cafile' keys provided in openshift_hosted_router_certificate
-    assert:
-      that:
-      - "'certfile' in openshift_hosted_router_certificate"
-      - "'keyfile' in openshift_hosted_router_certificate"
-      - "'cafile' in openshift_hosted_router_certificate"
-      msg: "'certfile', 'keyfile' and 'cafile' keys must be specified when supplying the openshift_hosted_router_certificate variable."
-
-  - name: Read router certificate and key
-    become: no
-    local_action:
-      module: slurp
-      src: "{{ item }}"
-    register: openshift_router_certificate_output
-    # Defaulting dictionary keys to none to avoid deprecation warnings
-    # (future fatal errors) during template evaluation. Dictionary keys
-    # won't be accessed unless openshift_hosted_router_certificate is
-    # defined and has all keys (certfile, keyfile, cafile) which we
-    # check above.
-    with_items:
-    - "{{ (openshift_hosted_router_certificate | default({'certfile':none})).certfile }}"
-    - "{{ (openshift_hosted_router_certificate | default({'keyfile':none})).keyfile }}"
-    - "{{ (openshift_hosted_router_certificate | default({'cafile':none})).cafile }}"
-
-  - name: Persist certificate contents
-    openshift_facts:
-      role: hosted
-      openshift_env:
-        openshift_hosted_router_certificate_contents: "{% for certificate in openshift_router_certificate_output.results -%}{{ certificate.content | b64decode }}{% endfor -%}"
-
-  - name: Create PEM certificate
-    copy:
-      content: "{{ openshift.hosted.router.certificate.contents }}"
-      dest: "{{ openshift_master_config_dir }}/openshift-router.pem"
-      mode: 0600
-
-  when: openshift_hosted_router_certificate is defined
+- name: Get the certificate contents for router
+  copy:
+    backup: True
+    dest: "/etc/origin/master/{{ item | basename }}"
+    src: "{{ item }}"
+  with_items: "{{ openshift_hosted_routers | oo_collect(attribute='certificates') |
+                  oo_select_keys_from_list(['keyfile', 'certfile', 'cafile']) }}"
 
 - name: Create OpenShift router
   oc_adm_router:
-    name: "{{ openshift.hosted.router.name | default('router') }}"
-    replicas: "{{ replicas }}"
-    namespace: "{{ openshift.hosted.router.namespace | default('default') }}"
+    name: "{{ item.name }}"
+    replicas: "{{ item.replicas }}"
+    namespace: "{{ item.namespace | default('default') }}"
     # This option is not yet implemented
     # force_subdomain: "{{ openshift.hosted.router.force_subdomain | default(none) }}"
-    service_account: router
-    selector: "{{ openshift.hosted.router.selector | default(none) }}"
-    images: "{{ openshift.hosted.router.registryurl | default(none) }}"
-    default_cert: "{{ openshift_hosted_router_certificate is defined | default(false) | ternary(openshift_master_config_dir + '/openshift-router.pem', omit) }}"
-    # These edits are being specified only to prevent 'changed' on rerun
-    edits:
-    - key: spec.strategy.rollingParams.intervalSeconds
-      value: 1
-      action: put
-    - key: spec.strategy.rollingParams.updatePeriodSeconds
-      value: 1
-      action: put
-    - key: spec.strategy.activeDeadlineSeconds
-      value: 21600
-      action: put
+    service_account: "{{ item.serviceaccount | default('router') }}"
+    selector: "{{ item.selector | default(none) }}"
+    images: "{{ item.images | default(omit) }}"
+    cert_file: "{{ ('/etc/origin/master/' ~ (item.certificates.certfile | basename)) if 'certfile' in item.certificates else omit }}"
+    key_file: "{{ ('/etc/origin/master/' ~ (item.certificates.keyfile | basename)) if 'keyfile' in item.certificates else omit }}"
+    cacert_file: "{{ ('/etc/origin/master/' ~ (item.certificates.cafile | basename)) if 'cafile' in item.certificates else omit }}"
+    edits: "{{ openshift_hosted_router_edits | union(item.edits)  }}"
+    ports: "{{ item.ports }}"
+    stats_port: "{{ item.stats_port }}"
+  with_items: "{{ openshift_hosted_routers }}"
   register: routerout
 
 # This should probably move to module
@@ -85,7 +50,7 @@
 - name: Ensure router replica count matches desired
   oc_scale:
     kind: dc
-    name: "{{ openshift.hosted.router.name | default('router') }}"
-    namespace: "{{ openshift.hosted.router.namespace | default('default') }}"
-    replicas: "{{ replicas }}"
-  when: replicas | int > 0
+    name: "{{ item.name | default('router') }}"
+    namespace: "{{ item.namespace | default('default') }}"
+    replicas: "{{ item.replicas }}"
+  with_items: "{{ openshift_hosted_routers }}"