Nuage changes for Atomic hosts OSE Integration

roles/nuage_common/defaults/main.yaml

@@ -10,5 +10,8 @@ nuage_ca_serial: "{{ nuage_ca_dir }}/nuageMonCA.serial.txt"
 nuage_master_mon_dir: /usr/share/nuage-openshift-monitor
 nuage_node_plugin_dir: /usr/share/vsp-openshift
 
+nuage_node_cni_bin_dir: /opt/cni/bin
+nuage_node_cni_netconf_dir: /etc/cni/net.d
+
 nuage_mon_rest_server_port: "{{ nuage_openshift_monitor_rest_server_port | default('9443') }}"
 nuage_mon_cert_validity_period: "{{ nuage_cert_validity_period | default('3650') }}"

roles/nuage_common/tasks/main.yml

@@ -0,0 +1,27 @@
+---
+- name: Set the Nuage plugin openshift directory fact to handle Atomic host install
+  set_fact:
+    nuage_node_plugin_dir: /var/usr/share/vsp-openshift
+  when: openshift.common.is_atomic | bool
+
+- name: Set the Nuage CNI network config directory fact to handle Atomic host install
+  set_fact:
+    nuage_node_cni_netconf_dir: /var/etc/cni/net.d/
+  when: openshift.common.is_atomic | bool
+
+- name: Set the Nuage CNI binary directory fact to handle Atomic host install
+  set_fact:
+    nuage_node_cni_bin_dir: /var/opt/cni/bin/
+  when: openshift.common.is_atomic | bool
+
+- name: Assure CNI plugin config dir exists before daemon set install
+  become: yes
+  file: path="{{ nuage_node_plugin_dir }}" state=directory
+
+- name: Assure CNI netconf directory exists before daemon set install
+  become: yes
+  file: path="{{ nuage_node_cni_netconf_dir }}" state=directory
+
+- name: Assure CNI plugin binary directory exists before daemon set install
+  become: yes
+  file: path="{{ nuage_node_cni_bin_dir }}" state=directory

roles/nuage_master/handlers/main.yaml

@@ -1,8 +1,4 @@
 ---
-- name: restart nuage-openshift-monitor
-  become: yes
-  systemd: name=nuage-openshift-monitor state=restarted
-
 - name: restart master api
   systemd: name={{ openshift.common.service_type }}-master-api state=restarted
   when: >

roles/nuage_master/tasks/main.yaml

@@ -3,17 +3,64 @@
   include: firewall.yml
   static: yes
 
+- name: Set the Nuage certificate directory fact for Atomic hosts
+  set_fact:
+    cert_output_dir: /var/usr/share/nuage-openshift-monitor
+  when: openshift.common.is_atomic | bool
+
+- name: Set the Nuage kubeconfig file path fact for Atomic hosts
+  set_fact:
+    kube_config: /var/usr/share/nuage-openshift-monitor/nuage.kubeconfig
+  when: openshift.common.is_atomic | bool
+
+- name: Set the Nuage monitor yaml location fact for Atomic hosts
+  set_fact:
+    kubemon_yaml: /var/usr/share/nuage-openshift-monitor/nuage-openshift-monitor.yaml
+  when: openshift.common.is_atomic | bool
+
+- name: Set the Nuage monitor certs location fact for Atomic hosts
+  set_fact:
+    nuage_master_crt_dir: /var/usr/share/nuage-openshift-monitor/
+  when: openshift.common.is_atomic | bool
+
+- name: Set the Nuage master config directory for daemon sets install
+  set_fact:
+    nuage_master_config_dsets_mount_dir: /var/usr/share/
+  when: master_host_type == "is_atomic"
+
+- name: Set the Nuage node config directory for daemon sets install
+  set_fact:
+    nuage_node_config_dsets_mount_dir: /var/usr/share/
+  when: slave_host_type == "is_atomic"
+
+- name: Set the Nuage CNI plugin binary directory for daemon sets install
+  set_fact:
+    nuage_cni_bin_dsets_mount_dir: /var/opt/cni/bin
+  when: openshift.common.is_atomic | bool
+
 - name: Create directory /usr/share/nuage-openshift-monitor
   become: yes
   file: path=/usr/share/nuage-openshift-monitor state=directory
+  when: not openshift.common.is_atomic | bool
 
-- name: Create the log directory
+- name: Create directory /var/usr/share/nuage-openshift-monitor
   become: yes
-  file: path={{ nuage_mon_rest_server_logdir }} state=directory
+  file: path=/var/usr/share/nuage-openshift-monitor state=directory
+  when: openshift.common.is_atomic | bool
+
+- name: Create directory /var/usr/bin for monitor binary on atomic
+  become: yes
+  file: path=/var/usr/bin state=directory
+  when: openshift.common.is_atomic | bool
 
-- name: Install Nuage Openshift Monitor
+- name: Create CNI bin directory /var/opt/cni/bin
   become: yes
-  yum: name={{ nuage_openshift_rpm }} state=present
+  file: path=/var/opt/cni/bin state=directory
+  when: openshift.common.is_atomic | bool
+
+- name: Create the log directory
+  become: yes
+  file: path={{ nuage_mon_rest_server_logdir }} state=directory
 
 - include: serviceaccount.yml
 
@@ -45,10 +92,32 @@
   become: yes
   copy: src="{{ vsd_user_key_file }}" dest="{{ cert_output_dir }}/{{ vsd_user_key_file | basename }}"
 
-- name: Create nuage-openshift-monitor.yaml
+- name: Create Nuage master daemon set yaml file
+  become: yes
+  template: src=nuage-master-config-daemonset.j2 dest=/etc/nuage-master-config-daemonset.yaml owner=root mode=0644
+
+- name: Create Nuage node daemon set yaml file
   become: yes
-  template: src=nuage-openshift-monitor.j2 dest=/usr/share/nuage-openshift-monitor/nuage-openshift-monitor.yaml owner=root mode=0644
+  template: src=nuage-node-config-daemonset.j2 dest=/etc/nuage-node-config-daemonset.yaml owner=root mode=0644
+
+- name: Add the service account to the privileged scc to have root permissions
+  shell: oc adm policy add-scc-to-user privileged system:serviceaccount:openshift-infra:daemonset-controller
+  ignore_errors: true
+  when: inventory_hostname == groups.oo_first_master.0
+
+- name: Spawn Nuage Master monitor daemon sets pod
+  shell: oc create -f /etc/nuage-master-config-daemonset.yaml
+  ignore_errors: true
+  when: inventory_hostname == groups.oo_first_master.0
+
+- name: Spawn Nuage CNI daemon sets pod
+  shell: oc create -f /etc/nuage-node-config-daemonset.yaml
+  ignore_errors: true
+  when: inventory_hostname == groups.oo_first_master.0
+
+- name: Restart daemons
+  command: /bin/true
   notify:
     - restart master api
     - restart master controllers
-    - restart nuage-openshift-monitor
+  ignore_errors: true

roles/nuage_master/templates/nuage-master-config-daemonset.j2

@@ -0,0 +1,111 @@
+# This ConfigMap is used to configure Nuage VSP configuration on master nodes
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: nuage-master-config
+  namespace: kube-system
+data:
+  # This will generate the required Nuage configuration
+  # on master nodes
+  monitor_yaml_config: |
+
+      # .kubeconfig that includes the nuage service account
+      kubeConfig: {{ nuage_master_crt_dir }}/nuage.kubeconfig
+      # name of the nuage service account, or another account with 'cluster-reader'
+      # permissions
+      # Openshift master config file
+      masterConfig: /etc/origin/master/master-config.yaml
+      # URL of the VSD Architect
+      vsdApiUrl: {{ vsd_api_url }}
+      # API version to query against.  Usually "v3_2"
+      vspVersion: {{ vsp_version }}
+      # Name of the enterprise in which pods will reside
+      enterpriseName: {{ enterprise }}
+      # Name of the domain in which pods will reside
+      domainName: {{ domain }}
+      # VSD generated user certificate file location on master node
+      userCertificateFile: {{ nuage_master_crt_dir }}/{{ vsd_user }}.pem
+      # VSD generated user key file location on master node
+      userKeyFile: {{ nuage_master_crt_dir }}/{{ vsd_user }}-Key.pem
+      # Location where logs should be saved
+      log_dir: /var/log/nuage-openshift-monitor
+      # Monitor rest server parameters
+      # Logging level for the nuage openshift monitor
+      # allowed options are: 0 => INFO, 1 => WARNING, 2 => ERROR, 3 => FATAL
+      logLevel: 0
+      # Parameters related to the nuage monitor REST server
+      nuageMonServer:
+          URL: 0.0.0.0:9443
+          certificateDirectory: {{ nuage_master_crt_dir }}
+      # etcd config required for HA
+      etcdClientConfig:
+          ca: {{ nuage_master_crt_dir }}/nuageMonCA.crt
+          certFile: {{ nuage_master_crt_dir }}/nuageMonServer.crt
+          keyFile: {{ nuage_master_crt_dir }}/master.etcd-client.key
+          urls:
+      {% for etcd_url in openshift.master.etcd_urls %}
+              - {{ etcd_url }}
+      {% endfor %}
+
+---
+
+# This manifest installs Nuage master node configuration on
+# each Nuage master node in a cluster.
+kind: DaemonSet
+apiVersion: extensions/v1beta1
+metadata:
+  name: nuage-master-config
+  namespace: kube-system
+  labels:
+    k8s-app: nuage-master-config
+spec:
+  selector:
+    matchLabels:
+      k8s-app: nuage-master-config
+  template:
+    metadata:
+      labels:
+        k8s-app: nuage-master-config
+    spec:
+      hostNetwork: true
+      tolerations:
+        - key: node-role.kubernetes.io/master
+          effect: NoSchedule
+          operator: Exists
+      nodeSelector:
+        install-monitor: "true"
+      containers:
+        # This container configures Nuage Master node
+        - name: install-nuage-master-config
+          image: nuage/master:{{ nuage_monitor_container_image_version }}
+          ports:
+            - containerPort: 9443
+              hostPort: 9443
+          command: ["/configure-master.sh"]
+          args: ["ose", "{{ master_host_type }}"]
+          securityContext:
+            privileged: true
+          env:
+            # nuage-openshift-monitor.yaml config to install on each slave node.
+            - name: NUAGE_MASTER_VSP_CONFIG
+              valueFrom:
+                configMapKeyRef:
+                  name: nuage-master-config
+                  key: monitor_yaml_config
+          volumeMounts:
+            - mountPath: /var/log
+              name: cni-log-dir
+            - mountPath: {{ nuage_master_config_dsets_mount_dir }}
+              name: usr-share-dir
+            - mountPath: /etc/origin/
+              name: master-config-dir
+      volumes:
+        - name: cni-log-dir
+          hostPath:
+            path: /var/log
+        - name: usr-share-dir
+          hostPath:
+            path: {{ nuage_master_config_dsets_mount_dir }}
+        - name: master-config-dir
+          hostPath:
+            path: /etc/origin/