diff options
author | Kenny Woodson <kwoodson@redhat.com> | 2017-10-28 20:46:44 -0400 |
---|---|---|
committer | Michael Gugino <mgugino@redhat.com> | 2017-11-03 15:12:09 -0400 |
commit | 983fdade31c57654854cce3c5340e8bf5a7838e7 (patch) | |
tree | 5c94d39c8e802a0b88451bd36efd8947be858588 /roles/openshift_master | |
parent | adb5c51666dfe7c6b93c7bd7c87b339ef2a27f5b (diff) | |
download | openshift-983fdade31c57654854cce3c5340e8bf5a7838e7.tar.gz openshift-983fdade31c57654854cce3c5340e8bf5a7838e7.tar.bz2 openshift-983fdade31c57654854cce3c5340e8bf5a7838e7.tar.xz openshift-983fdade31c57654854cce3c5340e8bf5a7838e7.zip |
Bootstrap enhancements.
Diffstat (limited to 'roles/openshift_master')
-rw-r--r-- | roles/openshift_master/defaults/main.yml | 7 | ||||
-rw-r--r-- | roles/openshift_master/tasks/bootstrap.yml | 67 | ||||
-rw-r--r-- | roles/openshift_master/tasks/bootstrap_settings.yml | 14 | ||||
-rw-r--r-- | roles/openshift_master/tasks/main.yml | 13 |
4 files changed, 20 insertions, 81 deletions
diff --git a/roles/openshift_master/defaults/main.yml b/roles/openshift_master/defaults/main.yml index fe78dea66..4acac7923 100644 --- a/roles/openshift_master/defaults/main.yml +++ b/roles/openshift_master/defaults/main.yml @@ -26,7 +26,6 @@ default_r_openshift_master_os_firewall_allow: cond: "{{ groups.oo_etcd_to_config | default([]) | length == 0 }}" r_openshift_master_os_firewall_allow: "{{ default_r_openshift_master_os_firewall_allow | union(openshift_master_open_ports | default([])) }}" - # oreg_url is defined by user input oreg_host: "{{ oreg_url.split('/')[0] if (oreg_url is defined and '.' in oreg_url.split('/')[0]) else '' }}" oreg_auth_credentials_path: "{{ r_openshift_master_data_dir }}/.docker" @@ -60,7 +59,7 @@ r_openshift_master_sdn_network_plugin_name: "{{ r_openshift_master_sdn_network_p openshift_master_image_config_latest_default: "{{ openshift_image_config_latest | default(False) }}" openshift_master_image_config_latest: "{{ openshift_master_image_config_latest_default }}" -openshift_master_config_dir_default: "{{ (openshift.common.config_base | default('/etc/origin/master')) ~ '/master' }}" +openshift_master_config_dir_default: "{{ openshift.common.config_base ~ '/master' if openshift is defined and 'common' in openshift else '/etc/origin/master' }}" openshift_master_config_dir: "{{ openshift_master_config_dir_default }}" openshift_master_cloud_provider: "{{ openshift_cloudprovider_kind | default('aws') }}" @@ -71,8 +70,6 @@ openshift_master_node_config_kubeletargs_mem: 512M openshift_master_bootstrap_enabled: False -openshift_master_client_binary: "{{ openshift.common.client_binary if openshift is defined else 'oc' }}" - openshift_master_config_imageconfig_format: "{{ openshift.node.registry_url }}" # these are for the default settings in a generated node-config.yaml @@ -144,3 +141,5 @@ openshift_master_node_configs: - "{{ openshift_master_node_config_compute }}" openshift_master_bootstrap_namespace: openshift-node +openshift_master_csr_sa: node-bootstrapper +openshift_master_csr_namespace: openshift-infra diff --git a/roles/openshift_master/tasks/bootstrap.yml b/roles/openshift_master/tasks/bootstrap.yml index f837a8bae..ce55e7d0c 100644 --- a/roles/openshift_master/tasks/bootstrap.yml +++ b/roles/openshift_master/tasks/bootstrap.yml @@ -2,7 +2,8 @@ # TODO: create a module for this command. # oc_serviceaccounts_kubeconfig - name: create service account kubeconfig with csr rights - command: "oc serviceaccounts create-kubeconfig node-bootstrapper -n openshift-infra" + command: > + oc serviceaccounts create-kubeconfig {{ openshift_master_csr_sa }} -n {{ openshift_master_csr_namespace }} register: kubeconfig_out until: kubeconfig_out.rc == 0 retries: 24 @@ -12,67 +13,3 @@ copy: content: "{{ kubeconfig_out.stdout }}" dest: "{{ openshift_master_config_dir }}/bootstrap.kubeconfig" - -- name: create a temp dir for this work - command: mktemp -d /tmp/openshift_node_config-XXXXXX - register: mktempout - run_once: true - -# This generate is so that we do not have to maintain -# our own copy of the template. This is generated by -# the product and the following settings will be -# generated by the master -- name: generate a node-config dynamically - command: > - {{ openshift_master_client_binary }} adm create-node-config - --node-dir={{ mktempout.stdout }}/ - --node=CONFIGMAP - --hostnames=test - --dns-ip=0.0.0.0 - --certificate-authority={{ openshift_master_config_dir }}/ca.crt - --signer-cert={{ openshift_master_config_dir }}/ca.crt - --signer-key={{ openshift_master_config_dir }}/ca.key - --signer-serial={{ openshift_master_config_dir }}/ca.serial.txt - --node-client-certificate-authority={{ openshift_master_config_dir }}/ca.crt - register: configgen - run_once: true - -- name: remove the default settings - yedit: - state: "{{ item.state | default('present') }}" - src: "{{ mktempout.stdout }}/node-config.yaml" - key: "{{ item.key }}" - value: "{{ item.value | default(omit) }}" - with_items: "{{ openshift_master_node_config_default_edits }}" - run_once: true - -- name: copy the generated config into each group - copy: - src: "{{ mktempout.stdout }}/node-config.yaml" - remote_src: true - dest: "{{ mktempout.stdout }}/node-config-{{ item.type }}.yaml" - with_items: "{{ openshift_master_node_configs }}" - run_once: true - -- name: "specialize the generated configs for node-config-{{ item.type }}" - yedit: - src: "{{ mktempout.stdout }}/node-config-{{ item.type }}.yaml" - edits: "{{ item.edits }}" - with_items: "{{ openshift_master_node_configs }}" - run_once: true - -- name: create node-config.yaml configmap - oc_configmap: - name: "node-config-{{ item.type }}" - namespace: "{{ openshift_master_bootstrap_namespace }}" - from_file: - node-config.yaml: "{{ mktempout.stdout }}/node-config-{{ item.type }}.yaml" - with_items: "{{ openshift_master_node_configs }}" - run_once: true - -- name: remove templated files - file: - dest: "{{ mktempout.stdout }}/" - state: absent - with_items: "{{ openshift_master_node_configs }}" - run_once: true diff --git a/roles/openshift_master/tasks/bootstrap_settings.yml b/roles/openshift_master/tasks/bootstrap_settings.yml new file mode 100644 index 000000000..cbd7f587b --- /dev/null +++ b/roles/openshift_master/tasks/bootstrap_settings.yml @@ -0,0 +1,14 @@ +--- +- name: modify controller args + yedit: + src: /etc/origin/master/master-config.yaml + edits: + - key: kubernetesMasterConfig.controllerArguments.cluster-signing-cert-file + value: + - /etc/origin/master/ca.crt + - key: kubernetesMasterConfig.controllerArguments.cluster-signing-key-file + value: + - /etc/origin/master/ca.key + notify: + - restart master controllers + when: openshift_master_bootstrap_enabled | default(False) diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 48b34c578..c7c02d49b 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -218,18 +218,7 @@ - restart master api - restart master controllers -- name: modify controller args - yedit: - src: /etc/origin/master/master-config.yaml - edits: - - key: kubernetesMasterConfig.controllerArguments.cluster-signing-cert-file - value: - - /etc/origin/master/ca.crt - - key: kubernetesMasterConfig.controllerArguments.cluster-signing-key-file - value: - - /etc/origin/master/ca.key - notify: - - restart master controllers +- include: bootstrap_settings.yml when: openshift_master_bootstrap_enabled | default(False) - include: set_loopback_context.yml |